[iptables] - added support for native systemd file (rhbz#694738) - new iptables.service file - additional r
Thomas Woerner
twoerner at fedoraproject.org
Fri Jul 15 14:21:36 UTC 2011
commit 48928b097dd9fb9cdabef79982e07064b9f3922b
Author: Thomas Woerner <twoerner at redhat.com>
Date: Fri Jul 15 16:21:02 2011 +0200
- added support for native systemd file (rhbz#694738)
- new iptables.service file
- additional requires
- moved sysv init scripts to /usr/libexec
- added new post, preun and postun scripts and triggers
iptables.service | 17 +++++++
iptables.spec | 135 +++++++++++++++++++++++++++++++++++++++++++++++++-----
2 files changed, 140 insertions(+), 12 deletions(-)
---
diff --git a/iptables.service b/iptables.service
new file mode 100644
index 0000000..8730556
--- /dev/null
+++ b/iptables.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=iptables Firewall for IPv4
+After=syslog.target
+ConditionPathExists=/etc/sysconfig/iptables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/iptables start
+ExecStop=/usr/libexec/iptables stop
+Environment=BOOTUP=serial
+Environment=CONSOLETYPE=serial
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=basic.target
diff --git a/iptables.spec b/iptables.spec
index 50d384f..43d7756 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,10 +1,25 @@
+# enable systemd for Fedora-16 and RHEL-7
+%if 0%{?fedora} > 15 || 0%{?rhel} > 6
+ %bcond_without systemd
+%else
+ %bcond_with systemd
+%endif
+
+# install init scripts to /usr/libexec with systemd
+%if %{with systemd}
+ %define script_path %{_libexecdir}
+%else
+ %define script_path /etc/rc.d/init.d
+%endif
+
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
Version: 1.4.11.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
+Source3: iptables.service
Patch5: iptables-1.4.11-cloexec.patch
Group: System Environment/Base
URL: http://www.netfilter.org/
@@ -13,8 +28,16 @@ License: GPLv2
BuildRequires: libselinux-devel
BuildRequires: kernel-headers
Conflicts: kernel < 2.4.20
+%if %{with systemd}
+BuildRequires: systemd-units
+Requires(post): systemd-units
+Requires(post): systemd-sysv
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
+%endif
%description
The iptables utility controls the network packet filtering code in the
@@ -89,42 +112,120 @@ done
mv %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}/
# install init scripts and configuration files
-install -d -m 755 %{buildroot}/etc/rc.d/init.d
-install -c -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/iptables
+install -d -m 755 %{buildroot}%{script_path}
+install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m 755 ip6tables.init %{buildroot}/etc/rc.d/init.d/ip6tables
+install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables
install -d -m 755 %{buildroot}/etc/sysconfig
install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config
+%if %{with systemd}
+# install systemd service files
+install -d -m 755 %{buildroot}/lib/systemd/system
+install -c -m 755 %{SOURCE3} %{buildroot}/lib/systemd/system/
+sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' < %{SOURCE3} > ip6tables.service
+install -c -m 755 ip6tables.service %{buildroot}/lib/systemd/system/
+%endif
+
%clean
rm -rf %{buildroot}
+%if %{with systemd}
+
%post
/sbin/ldconfig
-/sbin/chkconfig --add iptables
+if [ $1 -eq 1 ] ; then # Initial installation
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl enable iptables.service >/dev/null 2>&1 || :
+fi
-%postun -p /sbin/ldconfig
+%preun
+if [ $1 -eq 0 ]; then # Package removal, not upgrade
+ /bin/systemctl --no-reload disable iptables.service > /dev/null 2>&1 || :
+ /bin/systemctl stop iptables.service > /dev/null 2>&1 || :
+fi
+
+%postun
+/sbin/ldconfig
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall
+ /bin/systemctl try-restart iptables.service >/dev/null 2>&1 || :
+fi
+
+%triggerun -- iptables < 1.4.11.1-3
+# To apply saved runlevel, use systemd-sysv-convert --apply iptables
+%{_bindir}/systemd-sysv-convert --save iptables >/dev/null 2>&1 ||:
+
+# Autostart
+/bin/systemctl --no-reload enable iptables.service >/dev/null 2>&1 ||:
+
+# Delete from sysv management, try to restart service
+/sbin/chkconfig --del iptables >/dev/null 2>&1 || :
+/bin/systemctl try-restart iptables.service >/dev/null 2>&1 || :
+
+%post ipv6
+if [ $1 -eq 1 ] ; then # Initial installation
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl enable ip6tables.service >/dev/null 2>&1 || :
+fi
+
+%preun ipv6
+if [ $1 -eq 0 ]; then # Package removal, not upgrade
+ /bin/systemctl --no-reload disable ip6tables.service > /dev/null 2>&1 || :
+ /bin/systemctl stop ip6tables.service > /dev/null 2>&1 || :
+fi
+
+%postun ipv6
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall
+ /bin/systemctl try-restart ip6tables.service >/dev/null 2>&1 || :
+fi
+
+%triggerun ipv6 -- ip6tables-ipv6 < 1.4.11.1-3
+# To apply saved runlevel, use systemd-sysv-convert --apply ip6tables
+%{_bindir}/systemd-sysv-convert --save ip6tables >/dev/null 2>&1 ||:
+
+# Autostart
+/bin/systemctl --no-reload enable ip6tables.service >/dev/null 2>&1 ||:
+
+# Delete from sysv management, try to restart service
+/sbin/chkconfig --del ip6tables >/dev/null 2>&1 || :
+/bin/systemctl try-restart ip6tables.service >/dev/null 2>&1 || :
+
+%else # no systemd
+
+%post
+/sbin/ldconfig
+/sbin/chkconfig --add iptables
%preun
-if [ "$1" = 0 ]; then
- /sbin/chkconfig --del iptables
+if [ $1 -eq 0 ]; then
+ /sbin/chkconfig --del iptables
fi
%post ipv6
/sbin/chkconfig --add ip6tables
%preun ipv6
-if [ "$1" = 0 ]; then
- /sbin/chkconfig --del ip6tables
+if [ $1 -eq 0 ]; then
+ /sbin/chkconfig --del ip6tables
fi
+%postun -p /sbin/ldconfig
+
+%endif # systemd
+
+
%files
%defattr(-,root,root)
%doc COPYING INSTALL INCOMPATIBILITIES
-%attr(0755,root,root) /etc/rc.d/init.d/iptables
+%attr(0755,root,root) %{script_path}/iptables
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
+%if %{with systemd}
+/lib/systemd/system/iptables.service
+%endif
/sbin/iptables*
/sbin/xtables-multi
/bin/iptables-xml
@@ -139,8 +240,11 @@ fi
%files ipv6
%defattr(-,root,root)
-%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
+%attr(0755,root,root) %{script_path}/ip6tables
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
+%if %{with systemd}
+/lib/systemd/system/ip6tables.service
+%endif
/sbin/ip6tables*
%{_mandir}/man8/ip6tables*
/%{_lib}/xtables/libip6t*
@@ -165,6 +269,13 @@ fi
%{_libdir}/pkgconfig/xtables.pc
%changelog
+* Fri Jul 15 2011 Thomas Woerner <twoerner at redhat.com> 1.4.11.1-3
+- added support for native systemd file (rhbz#694738)
+ - new iptables.service file
+ - additional requires
+ - moved sysv init scripts to /usr/libexec
+ - added new post, preun and postun scripts and triggers
+
* Tue Jul 12 2011 Thomas Woerner <twoerner at redhat.com> 1.4.11.1-2
- dropped temporary provide again
- enabled smp build
More information about the scm-commits
mailing list