public
/
bootc-base-images
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'pr/iptables-nft' into 'main' 

Drop iptables-legacy from tier-0, drop iptables-legacy alternatives hack from tier-1

See merge request fedora/bootc/base-images!46
This commit is contained in:
Colin Walters (Red Hat) 2024-09-17 18:14:41 +00:00
parent e6c505b14a f4eba96aef
commit 39240d2848
2 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tier-0/bootc.yaml
View File

@ -2,6 +2,10 @@
packages: packages:
- systemd - systemd
- bootc - bootc
# bootc pulls in podman, which pulls in containers-common, which wants
# `iptables`. Currently that pulls in iptables-legacy. Let's explicitly name
# iptables-nft instead to satisfy it.
- iptables-nft
# Required by bootc install today, though we'll likely switch bootc to use a Rust crate instead of sgdisk # Required by bootc install today, though we'll likely switch bootc to use a Rust crate instead of sgdisk
- gdisk xfsprogs e2fsprogs dosfstools - gdisk xfsprogs e2fsprogs dosfstools

16
tier-1/manifest.yaml
View File

@ -68,19 +68,6 @@ postprocess:
systemctl preset-all systemctl preset-all
rm -rf /etc/systemd/user/* rm -rf /etc/systemd/user/*
systemctl --user --global preset-all systemctl --user --global preset-all
# Default to iptables-nft. Otherwise, legacy wins. We can drop this once/if we
# remove iptables-legacy. This is needed because alternatives don't work
# https://github.com/coreos/fedora-coreos-tracker/issues/677
# https://github.com/coreos/fedora-coreos-tracker/issues/676
- |
#!/usr/bin/env bash
set -xeuo pipefail
ln -sf /usr/sbin/ip6tables-nft /etc/alternatives/ip6tables
ln -sf /usr/sbin/ip6tables-nft-restore /etc/alternatives/ip6tables-restore
ln -sf /usr/sbin/ip6tables-nft-save /etc/alternatives/ip6tables-save
ln -sf /usr/sbin/iptables-nft /etc/alternatives/iptables
ln -sf /usr/sbin/iptables-nft-restore /etc/alternatives/iptables-restore
ln -sf /usr/sbin/iptables-nft-save /etc/alternatives/iptables-save
# See: https://github.com/coreos/fedora-coreos-tracker/issues/1253 # See: https://github.com/coreos/fedora-coreos-tracker/issues/1253
# https://bugzilla.redhat.com/show_bug.cgi?id=2112857 # https://bugzilla.redhat.com/show_bug.cgi?id=2112857
# https://github.com/coreos/rpm-ostree/issues/3918 # https://github.com/coreos/rpm-ostree/issues/3918
@ -109,3 +96,6 @@ exclude-packages:
# Do not use legacy ifcfg config format in NetworkManager # Do not use legacy ifcfg config format in NetworkManager
# See https://github.com/coreos/fedora-coreos-config/pull/1991 # See https://github.com/coreos/fedora-coreos-config/pull/1991
- NetworkManager-initscripts-ifcfg-rh - NetworkManager-initscripts-ifcfg-rh
# Let's not have both legacy and nft versions in the image. Users are free to
# also layer legacy themselves if they want.
- iptables-legacy