[iptables] - new sub package services providing the systemd services (RHBZ#862922) - new sub package utils: pro
Thomas Woerner
twoerner at fedoraproject.org
Fri Oct 12 14:24:17 UTC 2012
commit 2fe636d5d4e6153bafe8fc6dd01245bb1706e499
Author: Thomas Woerner <twoerner at redhat.com>
Date: Fri Oct 12 16:23:05 2012 +0200
- new sub package services providing the systemd services (RHBZ#862922)
- new sub package utils: provides nfnl_osf and the pf.os database
- using %{_libexecdir}/iptables as script path for the original init scripts
- added service iptables save funcitonality using the new way provided by
initscripts 9.37.1 (RHBZ#748134)
- added virtual provide for libxtables.so.7
iptables.save-legacy | 2 +
iptables.service | 4 +-
iptables.spec | 114 ++++++++++++++++++++++++++++++++++++++------------
3 files changed, 91 insertions(+), 29 deletions(-)
---
diff --git a/iptables.save-legacy b/iptables.save-legacy
new file mode 100644
index 0000000..accca0e
--- /dev/null
+++ b/iptables.save-legacy
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec /usr/libexec/iptables/iptables.init save
diff --git a/iptables.service b/iptables.service
index d87e306..aa058c2 100644
--- a/iptables.service
+++ b/iptables.service
@@ -6,8 +6,8 @@ ConditionPathExists=/etc/sysconfig/iptables
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=/usr/libexec/iptables.init start
-ExecStop=/usr/libexec/iptables.init stop
+ExecStart=/usr/libexec/iptables/iptables.init start
+ExecStop=/usr/libexec/iptables/iptables.init stop
Environment=BOOTUP=serial
Environment=CONSOLETYPE=serial
StandardOutput=syslog
diff --git a/iptables.spec b/iptables.spec
index 4f398a5..4bf099f 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -7,11 +7,14 @@
# install init scripts to /usr/libexec with systemd
%if %{with systemd}
- %define script_path %{_libexecdir}
+ %define script_path %{_libexecdir}/iptables
%else
%define script_path /etc/rc.d/init.d
%endif
+# service legacy actions (RHBZ#748134)
+%define legacy_actions %{_libexecdir}/initscripts/legacy-actions
+
# default service
%if 0%{?fedora} < 18 && 0%{?rhel} < 7
%bcond_without default_service
@@ -22,38 +25,32 @@
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
Version: 1.4.16.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
Source3: iptables.service
+Source4: iptables.save-legacy
Group: System Environment/Base
URL: http://www.netfilter.org/
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
License: GPLv2
+# libnfnetlink-devel is requires for nfnl_osf
+BuildRequires: libnfnetlink-devel
BuildRequires: libselinux-devel
BuildRequires: kernel-headers
Conflicts: kernel < 2.4.20
%if %{with systemd}
BuildRequires: systemd-units
-Requires(post): systemd-units
-Requires(post): systemd-sysv
-Requires(preun): systemd-units
-Requires(postun): systemd-units
-Conflicts: systemd < 38
-Conflicts: filesystem < 3
-%else
-Requires(post): chkconfig
-Requires(preun): chkconfig
%endif
# provide also ipv6 sub package
Provides: %{name}-ipv6 = %{version}-%{release}
Obsoletes: %{name}-ipv6 < %{version}-%{release}
%ifarch x86_64
-Provides: libxtables.so.6()(64bit)
+Provides: libxtables.so.7()(64bit)
%else
-Provides: libxtables.so.6
+Provides: libxtables.so.7
%endif
@@ -74,12 +71,45 @@ iptables development headers and libraries.
The iptc interface is upstream marked as not public. The interface is not
stable and may change with every new version. It is therefore unsupported.
+%package services
+Summary: iptables and ip6tables services for iptables
+Group: System Environment/Base
+Requires: %{name} = %{version}-%{release}
+%if %{with systemd}
+Requires(post): systemd-units
+Requires(post): systemd-sysv
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+Conflicts: systemd < 38
+Conflicts: filesystem < 3
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+%endif
+
+%description services
+iptables services for IPv4 and IPv6
+
+This package provides the services iptables and ip6tables that have been split
+out of the base package since they are not active by default anymore.
+
+%package utils
+Summary: iptables and ip6tables services for iptables
+Group: System Environment/Base
+Requires: %{name} = %{version}-%{release}
+
+%description utils
+Utils for iptables.
+
+Currently only provides nfnl_osf with the pf.os database.
+
+
%prep
%setup -q
%build
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
-./configure --enable-devel --bindir=%{_bindir} --sbindir=%{_sbindir} --sysconfdir=/etc --libdir=%{_libdir} --libexecdir=%{_libdir} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+./configure --enable-devel --bindir=%{_bindir} --sbindir=%{_sbindir} --sysconfdir=/etc --libdir=%{_libdir} --libexecdir=%{_libdir} --mandir=%{_mandir} --includedir=%{_includedir} --datadir=%{_datadir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
# do not use rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
@@ -123,13 +153,24 @@ sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' < %{SOURCE3} > ip6tables.serv
install -c -m 755 ip6tables.service %{buildroot}/%{_unitdir}
%endif
+# install legacy actions for service command
+install -d %{buildroot}/%{legacy_actions}/iptables
+install -d %{buildroot}/%{legacy_actions}/ip6tables
+install -c -m 755 %{SOURCE4} %{buildroot}/%{legacy_actions}/iptables/save
+sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy
+install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save
+
+
%clean
rm -rf %{buildroot}
%if %{with systemd}
-%post
-/sbin/ldconfig
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%post services
if [ $1 -eq 1 ] ; then # Initial installation
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%if %{with default_service}
@@ -138,7 +179,7 @@ if [ $1 -eq 1 ] ; then # Initial installation
%endif
fi
-%preun
+%preun services
if [ $1 -eq 0 ]; then # Package removal, not upgrade
/bin/systemctl --no-reload disable iptables.service > /dev/null 2>&1 || :
/bin/systemctl --no-reload disable ip6tables.service > /dev/null 2>&1 || :
@@ -146,7 +187,7 @@ if [ $1 -eq 0 ]; then # Package removal, not upgrade
/bin/systemctl stop ip6tables.service > /dev/null 2>&1 || :
fi
-%postun
+%postun services
/sbin/ldconfig
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall
@@ -182,12 +223,13 @@ fi
%else # no systemd
-%post
-/sbin/ldconfig
+%post -p /sbin/ldconfig
+
+%post services
/sbin/chkconfig --add iptables
/sbin/chkconfig --add ip6tables
-%preun
+%preun services
if [ $1 -eq 0 ]; then
/sbin/chkconfig --del iptables
/sbin/chkconfig --del ip6tables
@@ -201,14 +243,8 @@ fi
%files
%defattr(-,root,root)
%doc COPYING INSTALL INCOMPATIBILITIES
-%attr(0755,root,root) %{script_path}/iptables.init
-%attr(0755,root,root) %{script_path}/ip6tables.init
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
-%if %{with systemd}
-%{_unitdir}/iptables.service
-%{_unitdir}/ip6tables.service
-%endif
%{_sbindir}/iptables*
%{_sbindir}/ip6tables*
%{_sbindir}/xtables-multi
@@ -239,7 +275,31 @@ fi
%{_libdir}/pkgconfig/libip6tc.pc
%{_libdir}/pkgconfig/xtables.pc
+%files services
+%attr(0755,root,root) %{script_path}/iptables.init
+%attr(0755,root,root) %{script_path}/ip6tables.init
+%if %{with systemd}
+%{_unitdir}/iptables.service
+%{_unitdir}/ip6tables.service
+%endif
+%{legacy_actions}/iptables/save
+%{legacy_actions}/ip6tables/save
+
+%files utils
+%{_sbindir}/nfnl_osf
+%dir %{_datadir}/xtables
+%{_datadir}/xtables/pf.os
+
+
%changelog
+* Fri Oct 12 2012 Thomas Woerner <twoerner at redhat.com> 1.4.16.2-2
+- new sub package services providing the systemd services (RHBZ#862922)
+- new sub package utils: provides nfnl_osf and the pf.os database
+- using %{_libexecdir}/iptables as script path for the original init scripts
+- added service iptables save funcitonality using the new way provided by
+ initscripts 9.37.1 (RHBZ#748134)
+- added virtual provide for libxtables.so.7
+
* Mon Oct 8 2012 Thomas Woerner <twoerner at redhat.com> 1.4.16.2-1
- new version 1.4.16.2
- build: support for automake-1.12
More information about the scm-commits
mailing list