- new sub package services providing the systemd services (RHBZ#862922)

- new sub package utils: provides nfnl_osf and the pf.os database - using %{_libexecdir}/iptables as script path for the original init scripts - added service iptables save funcitonality using the new way provided by initscripts 9.37.1 (RHBZ#748134) - added virtual provide for libxtables.so.7
2012-10-12 16:23:05 +02:00 · 2012-10-12 16:23:05 +02:00 · 2fe636d5d4
commit 2fe636d5d4
parent 79f3fa812b
3 changed files with 91 additions and 29 deletions
--- a/iptables.save-legacy
+++ b/iptables.save-legacy
@ -0,0 +1,2 @@
+#!/bin/bash
+exec /usr/libexec/iptables/iptables.init save
--- a/iptables.service
+++ b/iptables.service
@ -6,8 +6,8 @@ ConditionPathExists=/etc/sysconfig/iptables
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/usr/libexec/iptables.init start
-ExecStop=/usr/libexec/iptables.init stop
+ExecStart=/usr/libexec/iptables/iptables.init start
+ExecStop=/usr/libexec/iptables/iptables.init stop
 Environment=BOOTUP=serial
 Environment=CONSOLETYPE=serial
 StandardOutput=syslog
--- a/iptables.spec
+++ b/iptables.spec
@ -7,11 +7,14 @@

 # install init scripts to /usr/libexec with systemd
 %if %{with systemd}
-    %define script_path %{_libexecdir}
+    %define script_path %{_libexecdir}/iptables
 %else
    %define script_path /etc/rc.d/init.d
 %endif

+# service legacy actions (RHBZ#748134)
+%define legacy_actions %{_libexecdir}/initscripts/legacy-actions
+
 # default service
 %if 0%{?fedora} < 18 && 0%{?rhel} < 7
    %bcond_without default_service
@ -22,38 +25,32 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 Version: 1.4.16.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
 Source3: iptables.service
+Source4: iptables.save-legacy
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 License: GPLv2
+# libnfnetlink-devel is requires for nfnl_osf
+BuildRequires: libnfnetlink-devel
 BuildRequires: libselinux-devel
 BuildRequires: kernel-headers
 Conflicts: kernel < 2.4.20
 %if %{with systemd}
 BuildRequires: systemd-units
-Requires(post): systemd-units
-Requires(post): systemd-sysv
-Requires(preun): systemd-units
-Requires(postun): systemd-units
-Conflicts: systemd < 38
-Conflicts: filesystem < 3
-%else
-Requires(post): chkconfig
-Requires(preun): chkconfig
 %endif
 # provide also ipv6 sub package
 Provides: %{name}-ipv6 = %{version}-%{release}
 Obsoletes: %{name}-ipv6 < %{version}-%{release}

 %ifarch x86_64
-Provides: libxtables.so.6()(64bit)
+Provides: libxtables.so.7()(64bit)
 %else
-Provides: libxtables.so.6
+Provides: libxtables.so.7
 %endif


@ -74,12 +71,45 @@ iptables development headers and libraries.
 The iptc interface is upstream marked as not public. The interface is not 
 stable and may change with every new version. It is therefore unsupported.

+%package services
+Summary: iptables and ip6tables services for iptables
+Group: System Environment/Base
+Requires: %{name} = %{version}-%{release}
+%if %{with systemd}
+Requires(post): systemd-units
+Requires(post): systemd-sysv
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+Conflicts: systemd < 38
+Conflicts: filesystem < 3
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+%endif
+
+%description services
+iptables services for IPv4 and IPv6
+
+This package provides the services iptables and ip6tables that have been split
+out of the base package since they are not active by default anymore.
+
+%package utils
+Summary: iptables and ip6tables services for iptables
+Group: System Environment/Base
+Requires: %{name} = %{version}-%{release}
+
+%description utils
+Utils for iptables.
+
+Currently only provides nfnl_osf with the pf.os database.
+
+
 %prep
 %setup -q

 %build
 CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
-./configure --enable-devel --bindir=%{_bindir} --sbindir=%{_sbindir} --sysconfdir=/etc --libdir=%{_libdir} --libexecdir=%{_libdir} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+./configure --enable-devel --bindir=%{_bindir} --sbindir=%{_sbindir} --sysconfdir=/etc --libdir=%{_libdir} --libexecdir=%{_libdir} --mandir=%{_mandir} --includedir=%{_includedir} --datadir=%{_datadir}  --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr

 # do not use rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
@ -123,13 +153,24 @@ sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' < %{SOURCE3} > ip6tables.serv
 install -c -m 755 ip6tables.service %{buildroot}/%{_unitdir}
 %endif

+# install legacy actions for service command
+install -d %{buildroot}/%{legacy_actions}/iptables
+install -d %{buildroot}/%{legacy_actions}/ip6tables
+install -c -m 755 %{SOURCE4} %{buildroot}/%{legacy_actions}/iptables/save
+sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy
+install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save
+
+
 %clean
 rm -rf %{buildroot}

 %if %{with systemd}

-%post
-/sbin/ldconfig
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%post services
 if [ $1 -eq 1 ] ; then # Initial installation
   /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 %if %{with default_service}
@ -138,7 +179,7 @@ if [ $1 -eq 1 ] ; then # Initial installation
 %endif
 fi

-%preun
+%preun services
 if [ $1 -eq 0 ]; then # Package removal, not upgrade
   /bin/systemctl --no-reload disable iptables.service > /dev/null 2>&1 || :
   /bin/systemctl --no-reload disable ip6tables.service > /dev/null 2>&1 || :
@ -146,7 +187,7 @@ if [ $1 -eq 0 ]; then # Package removal, not upgrade
   /bin/systemctl stop ip6tables.service > /dev/null 2>&1 || :
 fi

-%postun
+%postun services
 /sbin/ldconfig
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall
@ -182,12 +223,13 @@ fi

 %else # no systemd

-%post
-/sbin/ldconfig
+%post -p /sbin/ldconfig
+
+%post services
 /sbin/chkconfig --add iptables
 /sbin/chkconfig --add ip6tables

-%preun
+%preun services
 if [ $1 -eq 0 ]; then
   /sbin/chkconfig --del iptables
   /sbin/chkconfig --del ip6tables
@ -201,14 +243,8 @@ fi
 %files
 %defattr(-,root,root)
 %doc COPYING INSTALL INCOMPATIBILITIES
-%attr(0755,root,root) %{script_path}/iptables.init
-%attr(0755,root,root) %{script_path}/ip6tables.init
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
-%if %{with systemd}
-%{_unitdir}/iptables.service
-%{_unitdir}/ip6tables.service
-%endif
 %{_sbindir}/iptables*
 %{_sbindir}/ip6tables*
 %{_sbindir}/xtables-multi
@ -239,7 +275,31 @@ fi
 %{_libdir}/pkgconfig/libip6tc.pc
 %{_libdir}/pkgconfig/xtables.pc

+%files services
+%attr(0755,root,root) %{script_path}/iptables.init
+%attr(0755,root,root) %{script_path}/ip6tables.init
+%if %{with systemd}
+%{_unitdir}/iptables.service
+%{_unitdir}/ip6tables.service
+%endif
+%{legacy_actions}/iptables/save
+%{legacy_actions}/ip6tables/save
+
+%files utils
+%{_sbindir}/nfnl_osf
+%dir %{_datadir}/xtables
+%{_datadir}/xtables/pf.os
+
+
 %changelog
+* Fri Oct 12 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-2
+- new sub package services providing the systemd services (RHBZ#862922)
+- new sub package utils: provides nfnl_osf and the pf.os database
+- using %{_libexecdir}/iptables as script path for the original init scripts
+- added service iptables save funcitonality using the new way provided by 
+  initscripts 9.37.1 (RHBZ#748134)
+- added virtual provide for libxtables.so.7
+
 * Mon Oct  8 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-1
 - new version 1.4.16.2
  - build: support for automake-1.12