New Package Request: NetworkManager-libreswan

[yuvalk]

What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc)

[root@jovial-kheiron ~]# rpm-ostree install --dry-run NetworkManager-libreswan
Checking out tree a8d8c30... done
Enabled rpm-md repositories: fedora-cisco-openh264 fedora-modular updates-modular updates fedora updates-archive
Updating metadata for 'fedora-cisco-openh264'... done
Updating metadata for 'fedora-modular'... done
Updating metadata for 'updates-modular'... done
Updating metadata for 'updates'... done
Updating metadata for 'fedora'... done
Updating metadata for 'updates-archive'... done
Importing rpm-md... done
rpm-md repo 'fedora-cisco-openh264'; generated: 2023-03-14T10:56:46Z solvables: 4
rpm-md repo 'fedora-modular'; generated: 2023-04-13T20:30:47Z solvables: 1082
rpm-md repo 'updates-modular'; generated: 2018-02-20T19:18:14Z solvables: 0
rpm-md repo 'updates'; generated: 2023-06-01T03:25:51Z solvables: 13930
rpm-md repo 'fedora'; generated: 2023-04-13T20:37:10Z solvables: 69222
rpm-md repo 'updates-archive'; generated: 2023-06-01T03:49:37Z solvables: 14720
Resolving dependencies... done
Installing 22 packages:
  NetworkManager-libreswan-1.2.16-3.fc38.x86_64 (fedora)
  crypto-policies-scripts-20230301-1.gita12f7b2.fc38.noarch (fedora)
  ldns-1.8.3-6.fc38.x86_64 (fedora)
  libb2-0.98.1-8.fc38.x86_64 (fedora)
  libgomp-13.1.1-2.fc38.x86_64 (updates)
  libreswan-4.11-1.fc38.x86_64 (updates)
  libxcrypt-compat-4.4.33-7.fc38.x86_64 (fedora)
  mpdecimal-2.5.1-6.fc38.x86_64 (fedora)
  nspr-4.35.0-6.fc38.x86_64 (fedora)
  nss-3.89.0-2.fc38.x86_64 (fedora)
  nss-softokn-3.89.0-2.fc38.x86_64 (fedora)
  nss-softokn-freebl-3.89.0-2.fc38.x86_64 (fedora)
  nss-sysinit-3.89.0-2.fc38.x86_64 (fedora)
  nss-tools-3.89.0-2.fc38.x86_64 (fedora)
  nss-util-3.89.0-2.fc38.x86_64 (fedora)
  python-pip-wheel-22.3.1-2.fc38.noarch (fedora)
  python-setuptools-wheel-65.5.1-2.fc38.noarch (fedora)
  python-unversioned-command-3.11.3-2.fc38.noarch (updates)
  python3-3.11.3-2.fc38.x86_64 (updates)
  python3-libs-3.11.3-2.fc38.x86_64 (updates)
  unbound-anchor-1.17.1-2.fc38.x86_64 (fedora)
  unbound-libs-1.17.1-2.fc38.x86_64 (fedora)
Exiting because of '--dry-run' opt

What is the size of the package and its dependencies?

rpm -qi just gives:

[root@jovial-kheiron ~]# rpm -qi NetworkManager-libreswan
package NetworkManager-libreswan is not installed

so you might wanna fix that in the template I've installed dnf and used that as alternative, here' is the list

[root@jovial-kheiron ~]# dnf info NetworkManager-libreswan crypto-policies-scripts ldns libb2 libgomp libreswan libxcrypt-compat mpdecimal nspr nss nss-softokn nss-softokn-freebl nss-sysinit nss-tools nss-util python-pip-wheel python-setuptools-wheel python-unversioned-command python3 python3-libs unbound-anchor unbound-libs
Last metadata expiration check: 0:15:13 ago on Thu Jun  1 13:45:23 2023.
Installed Packages
Name         : libb2
Version      : 0.98.1
Release      : 8.fc38
Architecture : x86_64
Size         : 43 k
Source       : libb2-0.98.1-8.fc38.src.rpm
Repository   : @System
Summary      : C library providing BLAKE2b, BLAKE2s, BLAKE2bp, BLAKE2sp
URL          : https://blake2.net/
License      : CC0
Description  : C library providing BLAKE2b, BLAKE2s, BLAKE2bp, BLAKE2sp.
             : 
             : BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2,
             : and SHA-3, yet is at least as secure as the latest standard SHA-3.

Name         : libgomp
Version      : 13.1.1
Release      : 2.fc38
Architecture : x86_64
Size         : 482 k
Source       : gcc-13.1.1-2.fc38.src.rpm
Repository   : @System
Summary      : GCC OpenMP v4.5 shared support library
URL          : http://gcc.gnu.org
License      : GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD
Description  : This package contains GCC shared support library which is needed
             : for OpenMP v4.5 support.

Name         : libxcrypt-compat
Version      : 4.4.33
Release      : 7.fc38
Architecture : x86_64
Size         : 198 k
Source       : libxcrypt-4.4.33-7.fc38.src.rpm
Repository   : @System
Summary      : Compatibility library providing legacy API functions
URL          : https://github.com/besser82/libxcrypt
License      : LGPL-2.1-or-later AND BSD-3-Clause AND BSD-2-Clause AND BSD-2-Clause-FreeBSD AND 0BSD AND CC0-1.0 AND
             : LicenseRef-Fedora-Public-Domain
Description  : This package contains the library providing the compatibility API
             : for applications that are linked against glibc's libxcrypt, or that
             : are still using the unsafe and deprecated, encrypt, encrypt_r,
             : setkey, setkey_r, and fcrypt functions, which are still required by
             : recent versions of POSIX, the Single UNIX Specification, and various
             : other standards.
             : 
             : All existing binary executables linked against glibc's libcrypt should
             : work unmodified with the library supplied by this package.

Name         : mpdecimal
Version      : 2.5.1
Release      : 6.fc38
Architecture : x86_64
Size         : 202 k
Source       : mpdecimal-2.5.1-6.fc38.src.rpm
Repository   : @System
Summary      : Library for general decimal arithmetic
URL          : http://www.bytereef.org/mpdecimal/index.html
License      : BSD-2-Clause
Description  : The package contains a library libmpdec implementing General Decimal
             : Arithmetic Specification. The specification, written by Mike Cowlishaw from
             : IBM, defines a general purpose arbitrary precision data type together with
             : rigorously specified functions and rounding behavior.

Name         : python-pip-wheel
Version      : 22.3.1
Release      : 2.fc38
Architecture : noarch
Size         : 1.5 M
Source       : python-pip-22.3.1-2.fc38.src.rpm
Repository   : @System
Summary      : The pip wheel
URL          : https://pip.pypa.io/
License      : MIT AND Python-2.0.1 AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND LGPL-2.1-only AND MPL-2.0 AND
             : (Apache-2.0 OR BSD-2-Clause)
Description  : A Python wheel of pip to use with venv.

Name         : python-setuptools-wheel
Version      : 65.5.1
Release      : 2.fc38
Architecture : noarch
Size         : 860 k
Source       : python-setuptools-65.5.1-2.fc38.src.rpm
Repository   : @System
Summary      : The setuptools wheel
URL          : https://pypi.python.org/pypi/setuptools
License      : MIT AND Apache-2.0 AND (BSD-2-Clause OR Apache-2.0) AND Python-2.0.1
Description  : A Python wheel of setuptools to use with venv.

Name         : python-unversioned-command
Version      : 3.11.3
Release      : 2.fc38
Architecture : noarch
Size         : 23  
Source       : python3.11-3.11.3-2.fc38.src.rpm
Repository   : @System
Summary      : The "python" command that runs Python 3
URL          : https://www.python.org/
License      : Python-2.0.1
Description  : This package contains /usr/bin/python - the "python" command that runs Python 3.

Name         : python3
Version      : 3.11.3
Release      : 2.fc38
Architecture : x86_64
Size         : 33 k
Source       : python3.11-3.11.3-2.fc38.src.rpm
Repository   : @System
Summary      : Python 3.11 interpreter
URL          : https://www.python.org/
License      : Python-2.0.1
Description  : Python 3.11 is an accessible, high-level, dynamically typed, interpreted
             : programming language, designed with an emphasis on code readability.
             : It includes an extensive standard library, and has a vast ecosystem of
             : third-party libraries.
             : 
             : The python3 package provides the "python3" executable: the reference
             : interpreter for the Python language, version 3.
             : The majority of its standard library is provided in the python3-libs package,
             : which should be installed automatically along with python3.
             : The remaining parts of the Python standard library are broken out into the
             : python3-tkinter and python3-test packages, which may need to be installed
             : separately.
             : 
             : Documentation for Python is provided in the python3-docs package.
             : 
             : Packages containing additional libraries for Python are generally named with
             : the "python3-" prefix.

Name         : python3-libs
Version      : 3.11.3
Release      : 2.fc38
Architecture : x86_64
Size         : 44 M
Source       : python3.11-3.11.3-2.fc38.src.rpm
Repository   : @System
Summary      : Python runtime libraries
URL          : https://www.python.org/
License      : Python-2.0.1
Description  : This package contains runtime libraries for use by Python:
             : - the majority of the Python standard library
             : - a dynamically linked library for use by applications that embed Python as
             :   a scripting language, and by the main "python3" executable

Name         : unbound-anchor
Version      : 1.17.1
Release      : 2.fc38
Architecture : x86_64
Size         : 58 k
Source       : unbound-1.17.1-2.fc38.src.rpm
Repository   : @System
Summary      : DNSSEC trust anchor maintaining tool
URL          : https://nlnetlabs.nl/projects/unbound/
License      : BSD-3-Clause
Description  : Contains tool maintaining trust anchor using RFC 5011 key rollover algorithm.

Name         : unbound-libs
Version      : 1.17.1
Release      : 2.fc38
Architecture : x86_64
Size         : 1.4 M
Source       : unbound-1.17.1-2.fc38.src.rpm
Repository   : @System
Summary      : Libraries used by the unbound server and client applications
URL          : https://nlnetlabs.nl/projects/unbound/
License      : BSD-3-Clause
Description  : Contains libraries used by the unbound server and client applications.

Available Packages
Name         : NetworkManager-libreswan
Version      : 1.2.16
Release      : 3.fc38
Architecture : x86_64
Size         : 138 k
Source       : NetworkManager-libreswan-1.2.16-3.fc38.src.rpm
Repository   : fedora
Summary      : NetworkManager VPN plug-in for IPsec VPN
URL          : http://www.gnome.org/projects/NetworkManager/
License      : GPLv2+
Description  : This package contains software for integrating the libreswan VPN software
             : with NetworkManager and the GNOME desktop

Name         : crypto-policies-scripts
Version      : 20230301
Release      : 1.gita12f7b2.fc38
Architecture : noarch
Size         : 116 k
Source       : crypto-policies-20230301-1.gita12f7b2.fc38.src.rpm
Repository   : fedora
Summary      : Tool to switch between crypto policies
URL          : https://gitlab.com/redhat-crypto/fedora-crypto-policies
License      : LGPL-2.1-or-later
Description  : This package provides a tool update-crypto-policies, which applies
             : the policies provided by the crypto-policies package. These can be
             : either the pre-built policies from the base package or custom policies
             : defined in simple policy definition files.
             : 
             : The package also provides a tool fips-mode-setup, which can be used
             : to enable or disable the system FIPS mode.

Name         : ldns
Version      : 1.8.3
Release      : 6.fc38
Architecture : i686
Size         : 197 k
Source       : ldns-1.8.3-6.fc38.src.rpm
Repository   : fedora
Summary      : Low-level DNS(SEC) library with API
URL          : https://www.nlnetlabs.nl/ldns/
License      : BSD-3-Clause
Description  : ldns is a library with the aim to simplify DNS programming in C. All
             : low-level DNS/DNSSEC operations are supported. We also define a higher
             : level API which allows a programmer to (for instance) create or sign
             : packets.

Name         : ldns
Version      : 1.8.3
Release      : 6.fc38
Architecture : x86_64
Size         : 176 k
Source       : ldns-1.8.3-6.fc38.src.rpm
Repository   : fedora
Summary      : Low-level DNS(SEC) library with API
URL          : https://www.nlnetlabs.nl/ldns/
License      : BSD-3-Clause
Description  : ldns is a library with the aim to simplify DNS programming in C. All
             : low-level DNS/DNSSEC operations are supported. We also define a higher
             : level API which allows a programmer to (for instance) create or sign
             : packets.

Name         : libb2
Version      : 0.98.1
Release      : 8.fc38
Architecture : i686
Size         : 29 k
Source       : libb2-0.98.1-8.fc38.src.rpm
Repository   : fedora
Summary      : C library providing BLAKE2b, BLAKE2s, BLAKE2bp, BLAKE2sp
URL          : https://blake2.net/
License      : CC0
Description  : C library providing BLAKE2b, BLAKE2s, BLAKE2bp, BLAKE2sp.
             : 
             : BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2,
             : and SHA-3, yet is at least as secure as the latest standard SHA-3.

Name         : libgomp
Version      : 13.1.1
Release      : 2.fc38
Architecture : i686
Size         : 319 k
Source       : gcc-13.1.1-2.fc38.src.rpm
Repository   : updates
Summary      : GCC OpenMP v4.5 shared support library
URL          : http://gcc.gnu.org
License      : GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD
Description  : This package contains GCC shared support library which is needed
             : for OpenMP v4.5 support.

Name         : libreswan
Version      : 4.11
Release      : 1.fc38
Architecture : x86_64
Size         : 1.3 M
Source       : libreswan-4.11-1.fc38.src.rpm
Repository   : updates
Summary      : Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
URL          : https://libreswan.org/
License      : GPLv2
Description  : Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is
             : the Internet Protocol Security and uses strong cryptography to provide
             : both authentication and encryption services.  These services allow you
             : to build secure tunnels through untrusted networks.  Everything passing
             : through the untrusted net is encrypted by the ipsec gateway machine and
             : decrypted by the gateway at the other end of the tunnel.  The resulting
             : tunnel is a virtual private network or VPN.
             : 
             : This package contains the daemons and userland tools for setting up
             : Libreswan.
             : 
             : Libreswan also supports IKEv2 (RFC7296) and Secure Labeling
             : 
             : Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Name         : libreswan
Version      : 4.11
Release      : 1.fc38
Architecture : x86_64
Size         : 1.3 M
Source       : libreswan-4.11-1.fc38.src.rpm
Repository   : updates-archive
Summary      : Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
URL          : https://libreswan.org/
License      : GPLv2
Description  : Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is
             : the Internet Protocol Security and uses strong cryptography to provide
             : both authentication and encryption services.  These services allow you
             : to build secure tunnels through untrusted networks.  Everything passing
             : through the untrusted net is encrypted by the ipsec gateway machine and
             : decrypted by the gateway at the other end of the tunnel.  The resulting
             : tunnel is a virtual private network or VPN.
             : 
             : This package contains the daemons and userland tools for setting up
             : Libreswan.
             : 
             : Libreswan also supports IKEv2 (RFC7296) and Secure Labeling
             : 
             : Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Name         : libxcrypt-compat
Version      : 4.4.33
Release      : 7.fc38
Architecture : i686
Size         : 95 k
Source       : libxcrypt-4.4.33-7.fc38.src.rpm
Repository   : fedora
Summary      : Compatibility library providing legacy API functions
URL          : https://github.com/besser82/libxcrypt
License      : LGPL-2.1-or-later AND BSD-3-Clause AND BSD-2-Clause AND BSD-2-Clause-FreeBSD AND 0BSD AND CC0-1.0 AND
             : LicenseRef-Fedora-Public-Domain
Description  : This package contains the library providing the compatibility API
             : for applications that are linked against glibc's libxcrypt, or that
             : are still using the unsafe and deprecated, encrypt, encrypt_r,
             : setkey, setkey_r, and fcrypt functions, which are still required by
             : recent versions of POSIX, the Single UNIX Specification, and various
             : other standards.
             : 
             : All existing binary executables linked against glibc's libcrypt should
             : work unmodified with the library supplied by this package.

Name         : mpdecimal
Version      : 2.5.1
Release      : 6.fc38
Architecture : i686
Size         : 91 k
Source       : mpdecimal-2.5.1-6.fc38.src.rpm
Repository   : fedora
Summary      : Library for general decimal arithmetic
URL          : http://www.bytereef.org/mpdecimal/index.html
License      : BSD-2-Clause
Description  : The package contains a library libmpdec implementing General Decimal
             : Arithmetic Specification. The specification, written by Mike Cowlishaw from
             : IBM, defines a general purpose arbitrary precision data type together with
             : rigorously specified functions and rounding behavior.

Name         : nspr
Version      : 4.35.0
Release      : 6.fc38
Architecture : i686
Size         : 147 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Netscape Portable Runtime
URL          : http://www.mozilla.org/projects/nspr/
License      : MPLv2.0
Description  : NSPR provides platform independence for non-GUI operating system
             : facilities. These facilities include threads, thread synchronization,
             : normal file and network I/O, interval timing and calendar time, basic
             : memory management (malloc and free) and shared library linking.

Name         : nspr
Version      : 4.35.0
Release      : 6.fc38
Architecture : x86_64
Size         : 136 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Netscape Portable Runtime
URL          : http://www.mozilla.org/projects/nspr/
License      : MPLv2.0
Description  : NSPR provides platform independence for non-GUI operating system
             : facilities. These facilities include threads, thread synchronization,
             : normal file and network I/O, interval timing and calendar time, basic
             : memory management (malloc and free) and shared library linking.

Name         : nss
Version      : 3.89.0
Release      : 2.fc38
Architecture : i686
Size         : 749 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Network Security Services
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Network Security Services (NSS) is a set of libraries designed to
             : support cross-platform development of security-enabled client and
             : server applications. Applications built with NSS can support SSL v2
             : and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
             : v3 certificates, and other security standards.

Name         : nss
Version      : 3.89.0
Release      : 2.fc38
Architecture : x86_64
Size         : 693 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Network Security Services
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Network Security Services (NSS) is a set of libraries designed to
             : support cross-platform development of security-enabled client and
             : server applications. Applications built with NSS can support SSL v2
             : and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
             : v3 certificates, and other security standards.

Name         : nss-softokn
Version      : 3.89.0
Release      : 2.fc38
Architecture : i686
Size         : 1.1 M
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Network Security Services Softoken Module
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Network Security Services Softoken Cryptographic Module

Name         : nss-softokn
Version      : 3.89.0
Release      : 2.fc38
Architecture : x86_64
Size         : 1.0 M
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Network Security Services Softoken Module
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Network Security Services Softoken Cryptographic Module

Name         : nss-softokn-freebl
Version      : 3.89.0
Release      : 2.fc38
Architecture : i686
Size         : 333 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Freebl library for the Network Security Services
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : NSS Softoken Cryptographic Module Freebl Library
             : 
             : Install the nss-softokn-freebl package if you need the freebl library.

Name         : nss-softokn-freebl
Version      : 3.89.0
Release      : 2.fc38
Architecture : x86_64
Size         : 325 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Freebl library for the Network Security Services
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : NSS Softoken Cryptographic Module Freebl Library
             : 
             : Install the nss-softokn-freebl package if you need the freebl library.

Name         : nss-sysinit
Version      : 3.89.0
Release      : 2.fc38
Architecture : x86_64
Size         : 18 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : System NSS Initialization
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Default Operating System module that manages applications loading
             : NSS globally on the system. This module loads the system defined
             : PKCS #11 modules for NSS and chains with other NSS modules to load
             : any system or user configured modules.

Name         : nss-tools
Version      : 3.89.0
Release      : 2.fc38
Architecture : x86_64
Size         : 537 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Tools for the Network Security Services
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Network Security Services (NSS) is a set of libraries designed to
             : support cross-platform development of security-enabled client and
             : server applications. Applications built with NSS can support SSL v2
             : and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
             : v3 certificates, and other security standards.
             : 
             : Install the nss-tools package if you need command-line tools to
             : manipulate the NSS certificate and key database.

Name         : nss-util
Version      : 3.89.0
Release      : 2.fc38
Architecture : i686
Size         : 88 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Network Security Services Utilities Library
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Utilities for Network Security Services and the Softoken module

Name         : nss-util
Version      : 3.89.0
Release      : 2.fc38
Architecture : x86_64
Size         : 86 k
Source       : nss-3.89.0-2.fc38.src.rpm
Repository   : fedora
Summary      : Network Security Services Utilities Library
URL          : http://www.mozilla.org/projects/security/pki/nss/
License      : MPLv2.0
Description  : Utilities for Network Security Services and the Softoken module

Name         : python3
Version      : 3.11.3
Release      : 2.fc38
Architecture : i686
Size         : 28 k
Source       : python3.11-3.11.3-2.fc38.src.rpm
Repository   : updates
Summary      : Python 3.11 interpreter
URL          : https://www.python.org/
License      : Python-2.0.1
Description  : Python 3.11 is an accessible, high-level, dynamically typed, interpreted
             : programming language, designed with an emphasis on code readability.
             : It includes an extensive standard library, and has a vast ecosystem of
             : third-party libraries.
             : 
             : The python3 package provides the "python3" executable: the reference
             : interpreter for the Python language, version 3.
             : The majority of its standard library is provided in the python3-libs package,
             : which should be installed automatically along with python3.
             : The remaining parts of the Python standard library are broken out into the
             : python3-tkinter and python3-test packages, which may need to be installed
             : separately.
             : 
             : Documentation for Python is provided in the python3-docs package.
             : 
             : Packages containing additional libraries for Python are generally named with
             : the "python3-" prefix.

Name         : python3-libs
Version      : 3.11.3
Release      : 2.fc38
Architecture : i686
Size         : 9.7 M
Source       : python3.11-3.11.3-2.fc38.src.rpm
Repository   : updates
Summary      : Python runtime libraries
URL          : https://www.python.org/
License      : Python-2.0.1
Description  : This package contains runtime libraries for use by Python:
             : - the majority of the Python standard library
             : - a dynamically linked library for use by applications that embed Python as
             :   a scripting language, and by the main "python3" executable

Name         : unbound-libs
Version      : 1.17.1
Release      : 2.fc38
Architecture : i686
Size         : 544 k
Source       : unbound-1.17.1-2.fc38.src.rpm
Repository   : fedora
Summary      : Libraries used by the unbound server and client applications
URL          : https://nlnetlabs.nl/projects/unbound/
License      : BSD-3-Clause
Description  : Contains libraries used by the unbound server and client applications.

What problem are you trying to solve with this package? Or what functionality does the package provide?

enable host ipsec VPN tunnels

Can the software provided by the package be run from a container? Explain why or why not.

might be possible from container for some use cases but really cumbersome for cases where the VPN tunnel is the only network channel to the host. one of the main problem of that is with extra mechanisms needed to provide updates to that container (cause it have to be up and running to receive such updates)

so IMHO it'll be much nicer, easier and better UX, if it was included in the base OS.

Can the tool(s) provided by the package be helpful in debugging container runtime issues?

well not directly, but indirectly, again for said use cases where VPN is the only way to access the host, yes, it is helpful

Can the tool(s) provided by the package be helpful in debugging networking issues?

well not directly, but indirectly, again for said use cases where VPN is the only way to access the host, yes, it is helpful :-)

Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not.

Normally I'd say, yes it can. but much more problematic in disconnected environments.. (when installing in networks without internet access)

In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries?

the libreswan package include a service, but it's not enabled (nor need to be enabled to be useful)

Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS?

I dont think so

Does the software provided by the package have a history of CVEs?

no :-)

[travier]

python3-3.11.3-2.fc38.x86_64 (updates)

Well, we're trying to keep Python out of the image. Why is it pulling it?

[travier]

If we include LibreSwan, then why not strongSwan? Should we have both, only one or none? (Partial answer is that only Libreswan is in RHEL and strongSwan is in EPEL).

Should we include other VPN plugins for NetworkManager? We already have the tools for Wireguard in the image.

Does the software provided by the package have a history of CVEs?

no :-)

There certainly are CVEs for Libreswan: https://libreswan.org/security/

[travier]

CC @LorbusChris for OKD-FCOS if we end up not including it.

[yuvalk]

There certainly are CVEs for Libreswan: https://libreswan.org/security/

obviously you are right, sorry I had the NM plugin in mind :-)

[yuvalk]

If we include LibreSwan, then why not strongSwan? Should we have both, only one or none? (Partial answer is that only Libreswan is in RHEL and strongSwan is in EPEL).

not entirely an expert here, but I think they also differ in certifications (FIPS etal)

[yuvalk]

python3-3.11.3-2.fc38.x86_64 (updates)

Well, we're trying to keep Python out of the image. Why is it pulling it?

seems like it's used by some of the ipsec utils in libreswan: /usr/libexec/ipsec/show /usr/libexec/ipsec/verify

[travier]

Reference for why we don't want Python: https://github.com/coreos/fedora-coreos-tracker/blob/main/Design.md#approach-towards-shipping-python

[cgwalters]

My inclination is to make this a RHCOS extension. For FCOS, we have container layering and client side layering (the latter of which currently is how RHCOS extensions work, but hopefully soon the MCO will switch to doing this via containers).

[prestist]

We discussed this in the community meeting today

17:35:44 <bgilbert> #agreed We will not add Libreswan support to FCOS for now. It pulls in several additional packages, including Python, and we'd also need to decide whether to add strongSwan. We can revisit this in the future if demand is high.

[travier]

See https://issues.redhat.com/browse/OCPBU-633, https://github.com/openshift/os/pull/1308 & https://github.com/openshift/machine-config-operator/pull/3726 for RHCOS/OCP side of things.

[paulwouters]

I think a better way is to add a spec file flag to not install "ipsec show" and "ipsec verify". These tools are not commonly used at all. I would prefer to do that upstream, than to create a sub package

[paulwouters]

After internal discussion, we decided to remove these two old ipsec subcommands using python. They were not adding much and hadnt aged well anyway. So libreswan core package should no longer pull in python (in libreswan 5.0 and later)