From 7ab6dab432bcd7249d3f660320c0724d95bbb333 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 7 Jul 2014 18:47:24 +0200
Subject: [PATCH] - New support for Fedora per-product configuration settings
 for Fedora.next  
 https://fedoraproject.org/wiki/Per-Product_Configuration_Packaging_Draft

---
 firewalld.spec | 127 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 125 insertions(+), 2 deletions(-)

diff --git a/firewalld.spec b/firewalld.spec
index 5e329c2..1759d6f 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.3.10
-Release: 2%{?dist}
+Release: 3%{?dist}
 URL: http://fedorahosted.org/firewalld
 License: GPLv2+
 Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
@@ -24,6 +24,7 @@ Requires: iptables, ebtables
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
+Requires: firewalld-config
 
 %description
 firewalld is a firewall service daemon that provides a dynamic customizable 
@@ -52,6 +53,42 @@ Requires: pygobject3-base
 The firewall configuration application provides an configuration interface for 
 firewalld.
 
+%if 0%{?fedora} > 20
+%package config-standard
+Summary: Firewalld standard configuration settings
+Requires: firewalld = %{version}-%{release}
+Provides: firewalld-config
+Conflicts: system-release-server
+Conflicts: firewalld-config-server
+Conflicts: system-release-workstation
+Conflicts: firewalld-config-workstation
+
+%description config-standard
+Standard product firewalld configuration settings.
+
+%package config-server
+Summary: Firewalld server configuration settings
+Provides: firewalld-config
+Requires: firewalld = %{version}-%{release}
+Requires: system-release-server
+Conflicts: firewalld-config-workstation
+Conflicts: firewalld-config-standard
+
+%description config-server
+Server product specific firewalld configuration settings.
+
+%package config-workstation
+Summary: Firewalld workstation configuration settings
+Provides: firewalld-config
+Requires: firewalld = %{version}-%{release}
+Requires: system-release-workstation
+Conflicts: firewalld-config-server
+Conflicts: firewalld-config-standard
+
+%description config-workstation
+Workstation product specific firewalld configuration settings.
+%endif
+
 %prep
 %setup -q
 %if 0%{?fedora}
@@ -71,6 +108,26 @@ desktop-file-install --delete-original \
   --dir %{buildroot}%{_datadir}/applications \
   %{buildroot}%{_datadir}/applications/firewall-config.desktop
 
+%if 0%{?fedora} > 20
+# standard firewalld.conf
+mv %{buildroot}%{_sysconfdir}/firewalld/firewalld.conf \
+    %{buildroot}%{_sysconfdir}/firewalld/firewalld-standard.conf
+
+# server firewalld.conf
+cp -a %{buildroot}%{_sysconfdir}/firewalld/firewalld-standard.conf \
+    %{buildroot}%{_sysconfdir}/firewalld/firewalld-server.conf
+sed -i 's|^DefaultZone=*|DefaultZone=fedora-server|g' \
+    %{buildroot}%{_sysconfdir}/firewalld/firewalld-server.conf
+
+# workstation firewalld.conf
+cp -a %{buildroot}%{_sysconfdir}/firewalld/firewalld-standard.conf \
+    %{buildroot}%{_sysconfdir}/firewalld/firewalld-workstation.conf
+sed -i 's|^DefaultZone=*|DefaultZone=fedora-workstation|g' \
+    %{buildroot}%{_sysconfdir}/firewalld/firewalld-workstation.conf
+
+rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+%endif
+
 %find_lang %{name} --all-name
 
 %post
@@ -112,6 +169,50 @@ fi
 /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 
+%if 0%{?fedora} > 20
+%post config-standard
+if [ $1 -eq 1 ]; then # Initial installation
+    # link standard config
+    rm -f %{_sysconfdir}/firewalld/firewalld.conf
+    ln -sf firewalld-standard.conf %{_sysconfdir}/firewalld/firewalld.conf || :
+fi
+
+%triggerin config-standard -- firewalld
+if [ $1 -eq 1 ]; then
+    # link server policy
+    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+fi
+
+%post config-server
+if [ $1 -eq 1 ]; then # Initial installation
+    # link server config
+    rm -f %{_sysconfdir}/firewalld/firewalld.conf
+    ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || :
+fi
+
+%triggerin config-server -- firewalld
+if [ $1 -eq 1 ]; then
+    # link server policy
+    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+fi
+
+%post config-workstation
+if [ $1 -eq 1 ]; then # Initial installation
+    # link workstation config
+    rm -f %{_sysconfdir}/firewalld/firewalld.conf
+    ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || :
+fi
+
+%triggerin config-workstation -- firewalld
+if [ $1 -eq 1 ]; then
+    # link desktop policy
+    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+    ln -sf org.fedoraproject.FirewallD1.desktop.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+fi
+%endif
+
 %files -f %{name}.lang
 %doc COPYING README
 %{_sbindir}/firewalld
@@ -128,7 +229,9 @@ fi
 %{_prefix}/lib/firewalld/services/*.xml
 %{_prefix}/lib/firewalld/zones/*.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld
+%if 0%{?fedora} <= 20
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%endif
 %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services
@@ -140,7 +243,6 @@ fi
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy
-%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
 %attr(0755,root,root) %dir %{python_sitelib}/firewall
 %attr(0755,root,root) %dir %{python_sitelib}/firewall/config
 %attr(0755,root,root) %dir %{python_sitelib}/firewall/core
@@ -174,7 +276,28 @@ fi
 %{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
 %{_mandir}/man1/firewall-config*.1*
 
+%if 0%{?fedora} > 20
+%files config-standard
+%config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
+%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+
+%files config-server
+%config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
+%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+
+%files config-workstation
+%config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
+%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+%endif
+
 %changelog
+* Mon Jul  7 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-3
+- New support for Fedora per-product configuration settings for Fedora.next
+  https://fedoraproject.org/wiki/Per-Product_Configuration_Packaging_Draft
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.10-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild