Is there any way that nethserver-blacklist can be re-packaged to accept git216 as a suitable prerequisite if it already is installed instead of trying to force git-1.8.3.1.
That way, by installing git216 before nethserver-blacklist it would be possible to configure the same NS instance to also serve up the blacklists instead of having to use another server.
Cheers.
Would you explain please a bit more which should be the scenario you are looking for?
The instructions at the bottom of this page document how to set up your own git repository to distribute blacklists. This requires setting up on a server other than the NS where Threat shield is running. After playing around with this, the only reason (I have been able to find) is that the version of git required to run update-ipsets is different from the version of git that is tagged as a prerequisite for nethserver-blacklist, which is the sole reason forcing it to be run on a different server.
If I install nethserver-blacklist first, it pulls in git-1.8.3.1 as a prerequisite. Subsequently tying to install git216 results in:
Resolving Dependencies
--> Running transaction check
---> Package git216-core.x86_64 0:2.16.6-2.el7.ius will be installed
--> Processing Conflict: git216-core-2.16.6-2.el7.ius.x86_64 conflicts git-core < 2.16.6-2.el7.ius
--> Finished Dependency Resolution
Error: git216-core conflicts with git-1.8.3.1-21.el7_7.x86_64
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Flipping the order around and installing git216 first, results in the following when trying to install nethserver-blacklist:
Resolving Dependencies
→ Running transaction check
—> Package nethserver-blacklist.noarch 0:1.0.2-1.ns7 will be installed
→ Processing Dependency: git for package: nethserver-blacklist-1.0.2-1.ns7.noarch
→ Running transaction check
—> Package git.x86_64 0:1.8.3.1-21.el7_7 will be installed
→ Processing Dependency: perl-Git = 1.8.3.1-21.el7_7 for package: git-1.8.3.1-21.el7_7.x86_64
→ Processing Dependency: perl(Git) for package: git-1.8.3.1-21.el7_7.x86_64
→ Running transaction check
—> Package perl-Git.noarch 0:1.8.3.1-21.el7_7 will be installed
→ Processing Conflict: git216-core-2.16.6-2.el7.ius.x86_64 conflicts git-core < 2.16.6-2.el7.ius
→ Finished Dependency Resolution
Error: git216-core conflicts with git-1.8.3.1-21.el7_7.x86_64
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
In this second scenario, I would like nethserver-blacklist to recognise that there is a higher version of git installed, which (as far as I’ve been able to check) is suitable for it’s use and continue to install. Unless, of course there is something I have missed.
Then, under this second scenario, I can configure the same NS instance to host the blacklist repository.
Cheers.
Had a further thought, that after installing nethserver-blacklist I could just remove git (and perl-Git) to replace with the ius versions. But no go:
Resolving Dependencies
→ Running transaction check
—> Package git.x86_64 0:1.8.3.1-21.el7_7 will be erased
→ Processing Dependency: git for package: nethserver-blacklist-1.0.2-1.ns7.noarch
→ Processing Dependency: git = 1.8.3.1-21.el7_7 for package: perl-Git-1.8.3.1-21.el7_7.noarch
→ Running transaction check
—> Package nethserver-blacklist.noarch 0:1.0.2-1.ns7 will be erased
—> Package perl-Git.noarch 0:1.8.3.1-21.el7_7 will be erased
→ Finished Dependency Resolution
Cheers.
Hi
Would using rpm instead of yum with a --nodeps help?
See here:
You could also try the “SHIM” RPM bit…
My 2 cents
Andy
Looks like that worked. 
But poking around after, I came across a very specific way designed to replace packages with the updated ius versions.
Cheers.
We can’t change the requirements for the nethserver-blacklist package because its dependencies should be available in a normal NethServer.
If you want to install the update-ipsets command, you need a different machine.
Our blacklist git server instance, has a custom implementation which uses also update-ipsetsbut is hosted on a plain CentOS 7.
Ha, turns out to be my bad. 
I didn’t (initially) spot that there was also a git216 version of perl-Git.
So, if before installing nethserver-blacklist, you install git216 and git216-perl-Git from the upstream repository, you can then install nethserver-blacklist without any problems.
At that point, you can now follow the instructions (fixing a couple of commands ) to set up the blacklist git server on the same NS instance. No second server needed. 
Cheers.