fix firewalld.conf when upgrading from old versions that had a symlink

firewalld.spec

@@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 2.2.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL:     http://www.firewalld.org
 License: GPL-2.0-or-later
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2
@@ -129,6 +129,26 @@ install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
 %postun
 %systemd_postun_with_restart firewalld.service
 
+%pretrans -p <lua>
+-- HACK: Old rpm versions had an untracked (%ghost) symlink for
+-- /etc/firewalld/firewalld.conf. RPM won't handle replacing the symlink due to
+-- "%config(noreplace)". As such, we remove the symlink here before attempting
+-- to install the new version which is a real file. Only replace the symlink if
+-- the target matches one of the previous package's expected targets.
+--
+-- Unfortunately this must be done in pretrans in order to occur before RPM
+-- makes decisions about file replacement.
+--
+local old_package_symlinks = {"firewalld-standard.conf", "firewalld-server.conf",
+                              "firewalld-workstation.conf"}
+local symlink_target = posix.readlink("%{_sysconfdir}/firewalld/firewalld.conf")
+for k,v in ipairs(old_package_symlinks) do
+  if symlink_target == v then
+    posix.unlink("%{_sysconfdir}/firewalld/firewalld.conf")
+    break
+  end
+end
+
 %files -f %{name}.lang
 %doc COPYING README.md
 %{_sbindir}/firewalld
@@ -233,6 +253,9 @@ install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Fri Jul 12 2024 Eric Garver <egarver@redhat.com> - 2.2.0-2
+- fix firewalld.conf when upgrading from old versions that had a symlink
+
 * Fri Jul 12 2024 Eric Garver <egarver@redhat.com> - 2.2.0-1
 - rebase package to v2.2.0