From 986b59b5c12a8a3d80d1a9a8e255e747c090db98 Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Tue, 6 May 2025 16:51:07 -0400
Subject: [PATCH] minimal: drop exclude on iptables-legacy; add test

In Fedora CoreOS we are still including iptables-legacy for now [1]
and since you can't really overwrite an `exclude-packages` entry it
means we can't update our git submodule.

We are working to get away from using a git submodule [2], but I'd
like to get ours updated in the mean time.

[1] https://github.com/coreos/fedora-coreos-tracker/issues/1818
[2] https://github.com/coreos/fedora-coreos-tracker/issues/1861
---
 minimal/bootc.yaml                    | 4 ----
 tests/rootfs/cases/no-iptables-legacy | 4 ++++
 2 files changed, 4 insertions(+), 4 deletions(-)
 create mode 100755 tests/rootfs/cases/no-iptables-legacy

diff --git a/minimal/bootc.yaml b/minimal/bootc.yaml
index d98497d..a2500ce 100644
--- a/minimal/bootc.yaml
+++ b/minimal/bootc.yaml
@@ -7,10 +7,6 @@ packages:
  - xfsprogs e2fsprogs dosfstools
 
 exclude-packages:
-  # bootc pulls in podman, which pulls in containers-common, which wants
-  # `iptables`. That may pull in iptables-legacy which we don't want;
-  # we want iptables-nft to win the Provides by default
-  - iptables-legacy
   # Exclude kernel-debug-core to make sure that it doesn't somehow get
   # chosen as the package to satisfy the `kernel-core` dependency from
   # the kernel package.
diff --git a/tests/rootfs/cases/no-iptables-legacy b/tests/rootfs/cases/no-iptables-legacy
new file mode 100755
index 0000000..0100c5d
--- /dev/null
+++ b/tests/rootfs/cases/no-iptables-legacy
@@ -0,0 +1,4 @@
+#!/bin/bash
+set -xeuo pipefail
+output=$(rpm -q iptables-legacy || true)
+grep "is not installed" <<< "$output"