Closed jenssegers closed 9 years ago
That was weird; I ran an apt-update
and it got fixed. Maybe I had a bad apt cache?
Thanks for reporting!
Which version of Debian are you using? I checked stable/ oldstable/ testing/ unstable and in all releases the package is available (https://packages.debian.org/jessie/ufw).
Does the problem persist after running apt-get update
?
I'm seeing this issue as well.
Interestingly, it only occurs on a packer chef-client run (aws). It does not happen locally within test-kitchen. Both are Ubuntu 12. Further, it only happens in packer on the second converge (packer making use of a previous packer image). I've tried apt-get update to no avail.
for me it happens every time on a fresh install (Debian 8.7) after running manually apt-get update it goes away
It looks like i've found the root cause: on a fresh install apt cache is not knowing about all packages. When iptables-ng tryes to remove ufw asks apt to do it, but apt doesn't know such a package - error raised. The simple fix will be to set "ignore falure true" when deleting ufw.
Mmh, to me, this looks like an issue of the underlying system - an uninitialized apt. My current thought is, that this should be either fixed on the OS level, or in an initializing-and-configuring-apt-wrapper-cookbook. Ignoring the error here might have other implications.. What are your thoughts?
Well, about apt I think it's doing all well: if package is not known it's surely an error whether you want to add it or remove.
Fixing on the OS level? I think on distribution level, but problematic because of a large variety of distributions... Moreover if I'll be a maintainer I'll surely will regret it: base system should be small enough.
In my special case I surely may run apt-get update just before iptables-ng and all will be OK, but to me it's a kind of a kludge: why I must do it? I never used and don't plan to use UFW, all packages that I need are known to apt. And if somebody will add UFW after iptables-ng? And this is quite logical to add UFW after iptables-ng (well, a stupid case maybe...).
To my mind in this case looking into comments I see that ufw may cause problems (maybe not?). So failure to remove UFW package should be a warning, not a fatal error. The other point of view: if I try to remove a package just for safety and remove fails I usually don't bother much.
On a "normal" system, apt-cache should be up-to-date. I'd be interessted in knowning the use-case where a partial-up-to-date apt cache is beneficial (small systems, containers)? Especially, since this cookbook relies on apt to install iptables
and iptables-restore
on Debian and Ubuntu.
ufw
is removed, because it's incompatible to this cookbook and firewall rules would be messed up severly in case you use both at the same time.
I'm considering ignoring the failure of purging ufw
if:
iptables-ng
. I don't want people's firewall-rules to be in an inconsistent state.Money question here could be: When ufw is installed, can it be removed with apt-get purge
correctly, even if the apt-cache is not up-to-date?
Hi I'm currently getting the following error message on debian: