From 86e31320cc4dfc61cfcdb2e0638e21e741c87ddd Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 9 Jul 2018 16:14:24 +0200 Subject: [PATCH] iptables-1.8.0-1 - New upstream version 1.8.0. - Replace ldconfig calls with newly introduced macros. - Rename compat subpackage to iptables-nft to clarify its purpose. - Make use of Alternatives system. --- iptables.spec | 126 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 95 insertions(+), 31 deletions(-) diff --git a/iptables.spec b/iptables.spec index 80bbdf5..812764e 100644 --- a/iptables.spec +++ b/iptables.spec @@ -6,8 +6,8 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities -Version: 1.6.2 -Release: 3%{?dist} +Version: 1.8.0 +Release: 1%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -41,6 +41,8 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %if 0%{?fedora} > 24 Conflicts: setup < 2.10.4-1 %endif +Requires(post): %{_sbindir}/update-alternatives +Requires(postun): %{_sbindir}/update-alternatives %description The iptables utility controls the network packet filtering code in the @@ -101,12 +103,13 @@ Utils for iptables. Currently only provides nfnl_osf with the pf.os database. -%package compat +%package nft Summary: nftables compatibility for iptables, arptables and ebtables Group: System Environment/Base Requires: %{name} = %{version}-%{release} +Obsoletes: iptables-compat < 1.6.2-4 -%description compat +%description nft nftables compatibility for iptables, arptables and ebtables. %prep @@ -186,20 +189,33 @@ install -m 644 iptables/iptables-apply.8 %{buildroot}%{_mandir}/man8/ rm -f %{buildroot}%{_sysconfdir}/ethertypes %endif -%if 0%{?rhel} -%pre -for p in %{_sysconfdir}/alternatives/{iptables,ip6tables}.*; do - if [ -h "$p" ]; then - ipt=$(readlink "$p") - echo "Removing alternatives for ${p##*/} with path $ipt" - %{_sbindir}/alternatives --remove "${p##*/}" "$ipt" - fi -done -%endif +# rename ebtables and arptables to avoid conflicts +mv %{buildroot}%{_sbindir}/ebtables %{buildroot}%{_sbindir}/ebtables-nft +mv %{buildroot}%{_sbindir}/arptables %{buildroot}%{_sbindir}/arptables-nft -%post -p /sbin/ldconfig +touch %{buildroot}%{_sbindir}/ebtables +touch %{buildroot}%{_sbindir}/arptables +touch %{buildroot}%{_sbindir}/iptables +touch %{buildroot}%{_sbindir}/ip6tables -%postun -p /sbin/ldconfig +%ldconfig_scriptlets + +%post +pfx=%{_sbindir}/iptables +pfx6=%{_sbindir}/ip6tables +%{_sbindir}/update-alternatives --install \ + $pfx iptables $pfx-legacy 10 \ + --slave $pfx6 ip6tables $pfx6-legacy \ + --slave $pfx-restore iptables-restore $pfx-legacy-restore \ + --slave $pfx-save iptables-save $pfx-legacy-save \ + --slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \ + --slave $pfx6-save ip6tables-save $pfx6-legacy-save + +%postun +if [ $1 -eq 0 ]; then + %{_sbindir}/update-alternatives --remove \ + iptables %{_sbindir}/iptables-legacy +fi %post services %systemd_post iptables.service ip6tables.service @@ -208,9 +224,36 @@ done %systemd_preun iptables.service ip6tables.service %postun services -/sbin/ldconfig +%?ldconfig %systemd_postun iptables.service ip6tables.service +%post nft +pfx=%{_sbindir}/iptables +pfx6=%{_sbindir}/ip6tables +%{_sbindir}/update-alternatives --install \ + $pfx iptables $pfx-nft 5 \ + --slave $pfx6 ip6tables $pfx6-nft \ + --slave $pfx-restore iptables-restore $pfx-nft-restore \ + --slave $pfx-save iptables-save $pfx-nft-save \ + --slave $pfx6-restore ip6tables-restore $pfx6-nft-restore \ + --slave $pfx6-save ip6tables-save $pfx6-nft-save + +for cmd in ebtables arptables; do + if [ "$(readlink -e %{_sbindir}/$cmd)" == %{_sbindir}/$cmd ]; then + rm -f %{_sbindir}/$cmd + fi + %{_sbindir}/update-alternatives --install \ + %{_sbindir}/$cmd $cmd %{_sbindir}/$cmd-nft 5 +done + +%postun nft +if [ $1 -eq 0 ]; then + for cmd in iptables ebtables arptables; do + %{_sbindir}/update-alternatives --remove \ + $cmd %{_sbindir}/$cmd-nft + done +fi + %files %{!?_licensedir:%global license %%doc} %license COPYING @@ -220,26 +263,28 @@ done %if 0%{?fedora} <= 24 %{_sysconfdir}/ethertypes %endif -%{_sbindir}/iptables %{_sbindir}/iptables-apply -%{_sbindir}/iptables-restore -%{_sbindir}/iptables-save -%{_sbindir}/ip6tables -%{_sbindir}/ip6tables-restore -%{_sbindir}/ip6tables-save -%{_sbindir}/xtables-multi -%{_sbindir}/nfbpf_compile +%{_sbindir}/iptables-legacy* +%{_sbindir}/ip6tables-legacy* +%{_sbindir}/xtables-legacy-multi %{_bindir}/iptables-xml %{_mandir}/man1/iptables-xml* %{_mandir}/man8/iptables* %{_mandir}/man8/ip6tables* %{_mandir}/man8/nfnl_osf* +%{_mandir}/man8/xtables-legacy* %dir %{_libdir}/xtables %{_libdir}/xtables/libarpt* %{_libdir}/xtables/libebt* %{_libdir}/xtables/libipt* %{_libdir}/xtables/libip6t* %{_libdir}/xtables/libxt* +%ghost %{_sbindir}/iptables +%ghost %{_sbindir}/iptables-restore +%ghost %{_sbindir}/iptables-save +%ghost %{_sbindir}/ip6tables +%ghost %{_sbindir}/ip6tables-restore +%ghost %{_sbindir}/ip6tables-save %files libs %{_libdir}/libip*tc.so.* @@ -277,21 +322,40 @@ done %files utils %{_sbindir}/nfnl_osf +%{_sbindir}/nfbpf_compile %dir %{_datadir}/xtables %{_datadir}/xtables/pf.os -%files compat -%{_sbindir}/iptables-compat* +%files nft +%{_sbindir}/iptables-nft* %{_sbindir}/iptables-restore-translate %{_sbindir}/iptables-translate -%{_sbindir}/ip6tables-compat* +%{_sbindir}/ip6tables-nft* %{_sbindir}/ip6tables-restore-translate %{_sbindir}/ip6tables-translate -%{_sbindir}/ebtables-compat* -%{_sbindir}/arptables-compat -%{_sbindir}/xtables-compat-multi +%{_sbindir}/ebtables-nft +%{_sbindir}/arptables-nft +%{_sbindir}/xtables-nft-multi +%{_sbindir}/xtables-monitor +%{_mandir}/man8/xtables-monitor* +%{_mandir}/man8/xtables-nft* +%{_mandir}/man8/xtables-translate* +%ghost %{_sbindir}/iptables +%ghost %{_sbindir}/iptables-restore +%ghost %{_sbindir}/iptables-save +%ghost %{_sbindir}/ip6tables +%ghost %{_sbindir}/ip6tables-restore +%ghost %{_sbindir}/ip6tables-save +%ghost %{_sbindir}/ebtables +%ghost %{_sbindir}/arptables %changelog +* Mon Jul 09 2018 Phil Sutter - 1.8.0-1 +- New upstream version 1.8.0. +- Replace ldconfig calls with newly introduced macros. +- Rename compat subpackage to iptables-nft to clarify its purpose. +- Make use of Alternatives system. + * Fri May 04 2018 Phil Sutter - 1.6.2-3 - Fix License: tag in spec-file - Fix separation into compat subpackage