diff --git a/iptables.save-legacy b/iptables.save-legacy new file mode 100644 index 0000000..accca0e --- /dev/null +++ b/iptables.save-legacy @@ -0,0 +1,2 @@ +#!/bin/bash +exec /usr/libexec/iptables/iptables.init save diff --git a/iptables.service b/iptables.service index d87e306..aa058c2 100644 --- a/iptables.service +++ b/iptables.service @@ -6,8 +6,8 @@ ConditionPathExists=/etc/sysconfig/iptables [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/libexec/iptables.init start -ExecStop=/usr/libexec/iptables.init stop +ExecStart=/usr/libexec/iptables/iptables.init start +ExecStop=/usr/libexec/iptables/iptables.init stop Environment=BOOTUP=serial Environment=CONSOLETYPE=serial StandardOutput=syslog diff --git a/iptables.spec b/iptables.spec index 4f398a5..4bf099f 100644 --- a/iptables.spec +++ b/iptables.spec @@ -7,11 +7,14 @@ # install init scripts to /usr/libexec with systemd %if %{with systemd} - %define script_path %{_libexecdir} + %define script_path %{_libexecdir}/iptables %else %define script_path /etc/rc.d/init.d %endif +# service legacy actions (RHBZ#748134) +%define legacy_actions %{_libexecdir}/initscripts/legacy-actions + # default service %if 0%{?fedora} < 18 && 0%{?rhel} < 7 %bcond_without default_service @@ -22,38 +25,32 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities Version: 1.4.16.2 -Release: 1%{?dist} +Release: 2%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config Source3: iptables.service +Source4: iptables.save-legacy Group: System Environment/Base URL: http://www.netfilter.org/ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) License: GPLv2 +# libnfnetlink-devel is requires for nfnl_osf +BuildRequires: libnfnetlink-devel BuildRequires: libselinux-devel BuildRequires: kernel-headers Conflicts: kernel < 2.4.20 %if %{with systemd} BuildRequires: systemd-units -Requires(post): systemd-units -Requires(post): systemd-sysv -Requires(preun): systemd-units -Requires(postun): systemd-units -Conflicts: systemd < 38 -Conflicts: filesystem < 3 -%else -Requires(post): chkconfig -Requires(preun): chkconfig %endif # provide also ipv6 sub package Provides: %{name}-ipv6 = %{version}-%{release} Obsoletes: %{name}-ipv6 < %{version}-%{release} %ifarch x86_64 -Provides: libxtables.so.6()(64bit) +Provides: libxtables.so.7()(64bit) %else -Provides: libxtables.so.6 +Provides: libxtables.so.7 %endif @@ -74,12 +71,45 @@ iptables development headers and libraries. The iptc interface is upstream marked as not public. The interface is not stable and may change with every new version. It is therefore unsupported. +%package services +Summary: iptables and ip6tables services for iptables +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} +%if %{with systemd} +Requires(post): systemd-units +Requires(post): systemd-sysv +Requires(preun): systemd-units +Requires(postun): systemd-units +Conflicts: systemd < 38 +Conflicts: filesystem < 3 +%else +Requires(post): chkconfig +Requires(preun): chkconfig +%endif + +%description services +iptables services for IPv4 and IPv6 + +This package provides the services iptables and ip6tables that have been split +out of the base package since they are not active by default anymore. + +%package utils +Summary: iptables and ip6tables services for iptables +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} + +%description utils +Utils for iptables. + +Currently only provides nfnl_osf with the pf.os database. + + %prep %setup -q %build CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \ -./configure --enable-devel --bindir=%{_bindir} --sbindir=%{_sbindir} --sysconfdir=/etc --libdir=%{_libdir} --libexecdir=%{_libdir} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr +./configure --enable-devel --bindir=%{_bindir} --sbindir=%{_sbindir} --sysconfdir=/etc --libdir=%{_libdir} --libexecdir=%{_libdir} --mandir=%{_mandir} --includedir=%{_includedir} --datadir=%{_datadir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr # do not use rpath sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool @@ -123,13 +153,24 @@ sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' < %{SOURCE3} > ip6tables.serv install -c -m 755 ip6tables.service %{buildroot}/%{_unitdir} %endif +# install legacy actions for service command +install -d %{buildroot}/%{legacy_actions}/iptables +install -d %{buildroot}/%{legacy_actions}/ip6tables +install -c -m 755 %{SOURCE4} %{buildroot}/%{legacy_actions}/iptables/save +sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy +install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save + + %clean rm -rf %{buildroot} %if %{with systemd} -%post -/sbin/ldconfig +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%post services if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl daemon-reload >/dev/null 2>&1 || : %if %{with default_service} @@ -138,7 +179,7 @@ if [ $1 -eq 1 ] ; then # Initial installation %endif fi -%preun +%preun services if [ $1 -eq 0 ]; then # Package removal, not upgrade /bin/systemctl --no-reload disable iptables.service > /dev/null 2>&1 || : /bin/systemctl --no-reload disable ip6tables.service > /dev/null 2>&1 || : @@ -146,7 +187,7 @@ if [ $1 -eq 0 ]; then # Package removal, not upgrade /bin/systemctl stop ip6tables.service > /dev/null 2>&1 || : fi -%postun +%postun services /sbin/ldconfig /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall @@ -182,12 +223,13 @@ fi %else # no systemd -%post -/sbin/ldconfig +%post -p /sbin/ldconfig + +%post services /sbin/chkconfig --add iptables /sbin/chkconfig --add ip6tables -%preun +%preun services if [ $1 -eq 0 ]; then /sbin/chkconfig --del iptables /sbin/chkconfig --del ip6tables @@ -201,14 +243,8 @@ fi %files %defattr(-,root,root) %doc COPYING INSTALL INCOMPATIBILITIES -%attr(0755,root,root) %{script_path}/iptables.init -%attr(0755,root,root) %{script_path}/ip6tables.init %config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config %config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config -%if %{with systemd} -%{_unitdir}/iptables.service -%{_unitdir}/ip6tables.service -%endif %{_sbindir}/iptables* %{_sbindir}/ip6tables* %{_sbindir}/xtables-multi @@ -239,7 +275,31 @@ fi %{_libdir}/pkgconfig/libip6tc.pc %{_libdir}/pkgconfig/xtables.pc +%files services +%attr(0755,root,root) %{script_path}/iptables.init +%attr(0755,root,root) %{script_path}/ip6tables.init +%if %{with systemd} +%{_unitdir}/iptables.service +%{_unitdir}/ip6tables.service +%endif +%{legacy_actions}/iptables/save +%{legacy_actions}/ip6tables/save + +%files utils +%{_sbindir}/nfnl_osf +%dir %{_datadir}/xtables +%{_datadir}/xtables/pf.os + + %changelog +* Fri Oct 12 2012 Thomas Woerner 1.4.16.2-2 +- new sub package services providing the systemd services (RHBZ#862922) +- new sub package utils: provides nfnl_osf and the pf.os database +- using %{_libexecdir}/iptables as script path for the original init scripts +- added service iptables save funcitonality using the new way provided by + initscripts 9.37.1 (RHBZ#748134) +- added virtual provide for libxtables.so.7 + * Mon Oct 8 2012 Thomas Woerner 1.4.16.2-1 - new version 1.4.16.2 - build: support for automake-1.12