1158723 – nftables should be build with python and json enabled

Bug 1158723 - nftables should be build with python and json enabled

Summary: nftables should be build with python and json enabled

Status:	RESOLVED FIXED

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Current
Hardware:	Other openSUSE Factory

Priority:	P5 - None Severity: Enhancement (vote)
Target Milestone:	---
Assignee:	Jan Engelhardt
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:	security

Depends on:
Blocks:

Clone This Bug

Reported:	2019-12-07 22:21 UTC by Niels Abspoel
Modified:	2021-02-17 14:25 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Niels Abspoel 2019-12-07 22:21:23 UTC

With firewalld moving to libnftables JSON
see: https://firewalld.org/2019/09/libnftables-JSON

The package nftables should be build with --with-python and --with-json.
This way opensuse/suse could support the newer versions of firewalld right
out of the box.

Answer from Upstream:

With this change firewalld has new dependencies; libnftables, and python-nftables. Currently both libnftables and python-nftables are shipped with the standard nftables package. Distribution packagers shouldn’t have to change much. It really amounts to calling the nftables configure script with --with-python --with-json.

libnftables has been around for awhile, but due to bug fixes and other changes the firewalld developers are claiming the libnftables backend only works with nftables >= 0.9.3.

Comment 1 Matthias Gerstner 2019-12-09 08:47:42 UTC

Assigning this to the nftables maintainer. This is nothing security specific.

Comment 2 Jan Engelhardt 2019-12-09 09:41:06 UTC

Well it lives in security:netfilter/, so I can understand why someone chose Component:Security. If that is incorrect, the bugzilla groups should be removed. (You have experience with that from the specfile massacre.)

Comment 3 Swamp Workflow Management 2019-12-09 10:20:05 UTC

This is an autogenerated message for OBS integration:
This bug (1158723) was mentioned in
https://build.opensuse.org/request/show/755181 Factory / nftables

Comment 4 Matthias Gerstner 2019-12-09 10:59:16 UTC

(In reply to jengelh@inai.de from comment #2)
> Well it lives in security:netfilter/, so I can understand why someone chose
> Component:Security.

I didn't mean to accuse the bug creator. It was only an assessment.

> If that is incorrect, the bugzilla groups should be removed.

I don't even know exactly how these groups work and why bugs are sometimes
assigned to security without any obvious reason. IMO it would be best to
assign bugs to the package maintainer, if there is one, adding a possible
group like security only as CC.

>(You have experience with that from the specfile massacre.)

I'm not quite sure which massacre you're referring to. There are many
massacres we're involved with ;-)

Comment 5 Jan Engelhardt 2020-01-12 20:26:38 UTC

done in req 1158723