I'm trying to create a Dockerfile for an Arch Linux image with iptables-nft installed. If I run the archlinux Docker image interactively and then pacman -Syu iptables-nft, I get asked iptables-nft-1:1.8.10-2 and iptables-1:1.8.10-2 are in conflict. Remove iptables? [y/N] and Proceed with installation? [Y/n]. Answering yes to both of those questions does what I want.
The problem comes when I try to script that in the Dockerfile, where I can't interactively answer those questions. My first attempt was RUN pacman --noconfirm -Syu iptables-nft, but this doesn't work because --noconfirm means to go with the default answer, and the default answer to the first question is no. Then I tried removing iptables first before installing iptables-nft, but iproute2 depends on either iptables or iptables-nft, and base depends on iproute2.
This leaves me with a few approaches which technically work, but all of which leave me with concerns:
RUN yes | pacman -Syu iptables-nftworks, but blindly sayingyto any question pacman ever asks would break if it ever asks a non-yes-no question, and if it ever asks any default-no questions other than "Remove iptables?", it would probably be bad to blindly answer yes to them too.RUN pacman --noconfirm -Rdd iptables && pacman --noconfirm -Syu iptables-nftworks, but ifiptablesever gets any dependencies thatiptables-nftdoesn't also satisfy, it would leave me with a broken system, and if there are any packages that were only installed because the oldiptablesneeded them, they'll get left behind indefinitely.RUN pacman --noconfirm -Rsdd iptables && pacman --noconfirm -Syu iptables-nftworks, but it has the same broken system risk as #2 does, and it also uninstalls a bunch of other packages only to immediately reinstall them.
Is there a better solution than any of the above? Ideally, I'd like just a pacman equivalent of dnf swap, but I can't find any such thing.
