Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2012-12-17 09:39:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "SuSEfirewall2", Maintainer is "meissner@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-09-11 11:38:06.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2012-12-17 09:39:49.000000000 +0100 @@ -1,0 +2,12 @@ +Thu Dec 13 12:23:01 UTC 2012 - lnussel@suse.de + +- move to /usr, remove init scripts + +------------------------------------------------------------------- +Wed Dec 12 15:31:58 UTC 2012 - lnussel@suse.de + +- adjust for starting via systemd service files +- move lock files to /run +- just CT instead of NOTRACK (bnc#793459) + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6.295.tar.bz2 New: ---- SuSEfirewall2-3.6.299.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.19U1x2/_old 2012-12-17 09:39:51.000000000 +0100 +++ /var/tmp/diff_new_pack.19U1x2/_new 2012-12-17 09:39:51.000000000 +0100 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version: 3.6.295 +Version: 3.6.299 Release: 0 Url: http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem @@ -32,6 +32,9 @@ Source: SuSEfirewall2-%{version}.tar.bz2 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build +# for the service_* macros +%{?systemd_requires} +BuildRequires: pkgconfig(systemd) %description SuSEfirewall2 implements a packet filter that protects hosts and @@ -57,6 +60,10 @@ install -m 644 doc/SuSEfirewall2-doc.desktop \ %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop # +# compat symlink +mkdir -p %{buildroot}/sbin +ln -s /usr/sbin/SuSEfirewall2 %{buildroot}/sbin/SuSEfirewall2 +ln -s /usr/sbin/rcSuSEfirewall2 %{buildroot}/sbin/rcSuSEfirewall2 %files %defattr(-, root, root) @@ -64,8 +71,6 @@ %doc %{_datadir}/susehelp %config(noreplace) /etc/sysconfig/scripts/SuSEfirewall2-custom %config(noreplace) /etc/sysconfig/SuSEfirewall2 -%config /etc/init.d/SuSEfirewall2_init -%config /etc/init.d/SuSEfirewall2_setup /etc/sysconfig/SuSEfirewall2.d/services/* /etc/sysconfig/scripts/SuSEfirewall2-rpcinfo /etc/sysconfig/scripts/SuSEfirewall2-showlog @@ -76,38 +81,28 @@ /etc/sysconfig/network/scripts/SuSEfirewall2 /etc/sysconfig/network/scripts/firewall /etc/sysconfig/network/if-up.d/SuSEfirewall2 -/sbin/rcSuSEfirewall2 /sbin/SuSEfirewall2 +/sbin/rcSuSEfirewall2 +/usr/sbin/rcSuSEfirewall2 +/usr/sbin/SuSEfirewall2 %dir /usr/share/SuSEfirewall2 %dir /usr/share/SuSEfirewall2/defaults +/usr/lib/systemd/system/SuSEfirewall2.service +/usr/lib/systemd/system/SuSEfirewall2_init.service /usr/share/SuSEfirewall2/defaults/50-default.cfg /usr/share/SuSEfirewall2/rpcusers /var/adm/fillup-templates/sysconfig.SuSEfirewall2 -%postun -%insserv_cleanup +%pre +%service_add_pre SuSEfirewall2.service %post -# SuSEfirewall2_init is no longer a boot.d script, need to remove -# and add it again -for i in etc/init.d/boot.d/S??SuSEfirewall2_init; do - if [ -e "$i" ]; then - /sbin/insserv -r -f SuSEfirewall2_init - /sbin/insserv -f SuSEfirewall2_init - break - fi -done -if [ -e etc/sysconfig/SuSEfirewall2 ] \ - && grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' etc/sysconfig/SuSEfirewall2; then - sed 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' \ - < etc/sysconfig/SuSEfirewall2 \ - > etc/sysconfig/SuSEfirewall2.new \ - && mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2 \ - && echo "FW_MASQ_DEV converted" -fi -# -%insserv_cleanup -# -exit 0 +%service_add_post SuSEfirewall2.service + +%preun +%service_del_preun SuSEfirewall2.service + +%postun +%service_del_postun SuSEfirewall2.service %changelog ++++++ SuSEfirewall2-3.6.295.tar.bz2 -> SuSEfirewall2-3.6.299.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.295/Makefile new/SuSEfirewall2-3.6.299/Makefile --- old/SuSEfirewall2-3.6.295/Makefile 2012-09-11 10:29:29.000000000 +0200 +++ new/SuSEfirewall2-3.6.299/Makefile 2012-12-13 13:22:03.000000000 +0100 @@ -8,8 +8,8 @@ DESTDIR= allfiles= \ - SuSEfirewall2_init \ - SuSEfirewall2_setup \ + SuSEfirewall2_init.service \ + SuSEfirewall2.service \ $(SCRIPTS) \ SuSEfirewall2_ifup \ SuSEfirewall2-custom.sysconfig \ @@ -24,7 +24,7 @@ all: install: - install -d -m 755 $(DESTDIR)/sbin + install -d -m 755 $(DESTDIR)/usr/sbin install -d -m 755 $(DESTDIR)/etc/init.d install -d -m 755 $(DESTDIR)/etc/sysconfig/scripts install -d -m 755 $(DESTDIR)/etc/sysconfig/network/scripts @@ -32,11 +32,12 @@ install -d -m 755 $(DESTDIR)/etc/sysconfig/SuSEfirewall2.d/services install -d -m 755 $(DESTDIR)/etc/sysconfig/SuSEfirewall2.d/defaults install -d -m 755 $(DESTDIR)/usr/share/SuSEfirewall2/defaults - install -m 755 SuSEfirewall2 $(DESTDIR)/sbin - install -m 755 SuSEfirewall2_init $(DESTDIR)/etc/init.d - install -m 755 SuSEfirewall2_setup $(DESTDIR)/etc/init.d - rm -f $(DESTDIR)/sbin/rcSuSEfirewall2 - ln -s /etc/init.d/SuSEfirewall2_setup $(DESTDIR)/sbin/rcSuSEfirewall2 + install -m 755 -d $(DESTDIR)/usr/lib/systemd/system + install -m 755 SuSEfirewall2 $(DESTDIR)/usr/sbin + install -m 644 SuSEfirewall2_init.service $(DESTDIR)/usr/lib/systemd/system + install -m 644 SuSEfirewall2.service $(DESTDIR)/usr/lib/systemd/system + rm -f $(DESTDIR)/usr/sbin/rcSuSEfirewall2 + ln -s /usr/sbin/service $(DESTDIR)/usr/sbin/rcSuSEfirewall2 for i in $(SCRIPTS); do \ install -m 644 $$i $(DESTDIR)/etc/sysconfig/scripts; \ done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.295/SuSEfirewall2 new/SuSEfirewall2-3.6.299/SuSEfirewall2 --- old/SuSEfirewall2-3.6.295/SuSEfirewall2 2012-09-11 10:29:29.000000000 +0200 +++ new/SuSEfirewall2-3.6.299/SuSEfirewall2 2012-12-13 13:22:03.000000000 +0100 @@ -179,8 +179,8 @@ DEFAULTSDIR=("/etc/sysconfig/SuSEfirewall2.d/defaults" "/usr/share/SuSEfirewall2/defaults") SCRIPTSDIR="/etc/sysconfig/scripts" FWCONFIG="/etc/sysconfig/SuSEfirewall2" -LOCKFILE="/var/lock/SuSEfirewall2.pid" -BOOTLOCKFILE="/var/lock/SuSEfirewall2.booting" +LOCKFILE="/run/SuSEfirewall2.pid" +BOOTLOCKFILE="/run/SuSEfirewall2.booting" STATUSDIR="/var/run/SuSEfirewall2" FW_CUSTOMRULES="" @@ -245,10 +245,23 @@ help) help ;; off) ACTION="stop"; needconfig=1; INITSCRIPTS="off" ;; on) ACTION="start"; needconfig=1; INITSCRIPTS="on" ;; + boot_init) ACTION="init"; create_bootlock=1 ;; + boot_setup) ACTION="start"; remove_bootlock=1 ;; + systemd_stop) ACTION="$1"; needconfig=1 ;; *) help ;; esac shift +if [ "$ACTION" = "systemd_stop" ]; then + # XXX: find a better way to check whether shutdown is in progress + if systemctl --no-pager --full --all list-units | grep -q 'basic\.target.*active.*stop'; then + die 0 "Not unloading firewall rules at system shutdown" + else + ACTION="stop" + fi +fi + + case "$ACTION" in start|stop) while [ $# -gt 0 ]; do @@ -269,6 +282,14 @@ die 6 " Can not read $FWCONFIG" fi +if [ "$ACTION" = "init" ]; then + if [ "$FW_BOOT_FULL_INIT" = 'yes' ]; then + ACTION='start' + else + ACTION='close' + fi +fi + set_defaults if [ -z "$USE_IPTABLES_BATCH" ]; then @@ -721,8 +742,8 @@ $iptables -A INPUT -j "$ACCEPT" -i lo $iptables -A OUTPUT -j "$ACCEPT" -o lo if [ "$FW_LO_NOTRACK" != 'no' ]; then - $iptables -t raw -A PREROUTING -j NOTRACK -i lo - $iptables -t raw -A OUTPUT -j NOTRACK -o lo + $iptables -t raw -A PREROUTING -j CT --notrack -i lo + $iptables -t raw -A OUTPUT -j CT --notrack -o lo fi done @@ -786,13 +807,13 @@ local i case "$INITSCRIPTS" in on) - for i in SuSEfirewall2_init SuSEfirewall2_setup; do - /sbin/insserv -f $i + for i in SuSEfirewall2_init SuSEfirewall2; do + /bin/systemctl enable $i.service done ;; off) - for i in SuSEfirewall2_setup SuSEfirewall2_init; do - /sbin/insserv -r -f $i + for i in SuSEfirewall2 SuSEfirewall2_init; do + /bin/systemctl disable $i.service done ;; esac @@ -1480,8 +1501,8 @@ eval devs="\$FW_DEV_$zone" for dev in $devs; do for iptables in "$IPTABLES" "$IP6TABLES"; do - $iptables -t raw -i $dev -I PREROUTING -j NOTRACK - $iptables -t raw -o $dev -I OUTPUT -j NOTRACK + $iptables -t raw -i $dev -I PREROUTING -j CT --notrack + $iptables -t raw -o $dev -I OUTPUT -j CT --notrack $iptables -i $dev -I INPUT -j ACCEPT $iptables -o $dev -I OUTPUT -j ACCEPT done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.295/SuSEfirewall2.service new/SuSEfirewall2-3.6.299/SuSEfirewall2.service --- old/SuSEfirewall2-3.6.295/SuSEfirewall2.service 1970-01-01 01:00:00.000000000 +0100 +++ new/SuSEfirewall2-3.6.299/SuSEfirewall2.service 2012-12-13 13:22:03.000000000 +0100 @@ -0,0 +1,14 @@ +[Unit] +Description=SuSEfirewall2 phase 2 +After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service +Wants=SuSEfirewall2_init.service + +[Service] +ExecStart=/usr/sbin/SuSEfirewall2 boot_setup +ExecStop=/usr/sbin/SuSEfirewall2 systemd_stop +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target +Alias=SuSEfirewall2_setup.service +Also=SuSEfirewall2_init.service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.295/SuSEfirewall2_init new/SuSEfirewall2-3.6.299/SuSEfirewall2_init --- old/SuSEfirewall2-3.6.295/SuSEfirewall2_init 2012-09-11 10:29:29.000000000 +0200 +++ new/SuSEfirewall2-3.6.299/SuSEfirewall2_init 1970-01-01 01:00:00.000000000 +0100 @@ -1,75 +0,0 @@ -#! /bin/bash -# Copyright (c) 2000-2002 SuSE GmbH Nuernberg, Germany. -# Copyright (C) 2003,2004 SUSE Linux AG -# Copyright (C) 2005-2008 SUSE LINUX Products GmbH -# -# Author: Marc Heuse -# Maintainer: Ludwig Nussel -# -# /etc/init.d/SuSEfirewall2_init -# -### BEGIN INIT INFO -# Provides: SuSEfirewall2_init -# Required-Start: $local_fs -# Required-Stop: $local_fs -# Default-Start: 3 5 -# Default-Stop: 0 1 2 6 -# Short-Description: SuSEfirewall2 phase 1 -# Description: SuSEfirewall2_init does some basic setup and is the -# phase 1 of 2 of the SuSEfirewall initialization -### END INIT INFO - -SUSEFWALL="/sbin/SuSEfirewall2" -BOOTLOCKFILE="/var/lock/SuSEfirewall2.booting" - -test -x $SUSEFWALL || exit 5 -test -r /etc/sysconfig/SuSEfirewall2 || exit 6 - -startmode=close -if (. /etc/sysconfig/SuSEfirewall2; test "$FW_BOOT_FULL_INIT" = yes); then - startmode=start -fi >/dev/null 2>&1 - -. /etc/rc.status - -rc_reset - -case "$1" in - start) - echo -n "Loading basic firewall rules " - if test -x /usr/sbin/iptables; then - /bin/rm -rf /var/run/SuSEfirewall2 - $SUSEFWALL --bootlock -q $startmode - else - echo -n "${extd}iptables not available (yet)${norm}" - rc_failed 5 - fi - rc_status -v - ;; - stop) - rc_failed 0 - rc_status - ;; - restart|force-reload) - $0 start - ;; - try-restart|reload) - if ($0 status) >/dev/null 2>&1; then - $0 start - else - rc_reset - fi - ;; - status) - echo -n "Checking the status of SuSEfirewall2 " - { test -e /proc/net/ip_tables_names && iptables -nL reject_func >/dev/null 2>&1; } || rc_failed 3 - rc_status -v - ;; - *) - echo "Usage: $0 {start|stop|status|restart|reload|force-reload}" - exit 1 - ;; -esac - -# Set exit status -rc_exit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.295/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.299/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.295/SuSEfirewall2_init.service 1970-01-01 01:00:00.000000000 +0100 +++ new/SuSEfirewall2-3.6.299/SuSEfirewall2_init.service 2012-12-13 13:22:03.000000000 +0100 @@ -0,0 +1,14 @@ +[Unit] +Description=SuSEfirewall2 phase 1 +After=YaST2-Second-Stage.service +Before=network.service +Before=basic.service + +[Service] +ExecStart=/usr/sbin/SuSEfirewall2 boot_init +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target +Also=SuSEfirewall2.service + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.295/SuSEfirewall2_setup new/SuSEfirewall2-3.6.299/SuSEfirewall2_setup --- old/SuSEfirewall2-3.6.295/SuSEfirewall2_setup 2012-09-11 10:29:29.000000000 +0200 +++ new/SuSEfirewall2-3.6.299/SuSEfirewall2_setup 1970-01-01 01:00:00.000000000 +0100 @@ -1,86 +0,0 @@ -#! /bin/bash -# Copyright (c) 2000-2002 SuSE GmbH Nuernberg, Germany. -# Copyright (C) 2003,2004 SUSE Linux AG -# Copyright (C) 2005-2008 SUSE LINUX Products GmbH -# -# Author: Marc Heuse -# Maintainer: Ludwig Nussel -# -# /etc/init.d/SuSEfirewall2_setup -# -### BEGIN INIT INFO -# Provides: SuSEfirewall2_setup -# Required-Start: SuSEfirewall2_init $network $remote_fs -# Should-Start: $ALL network-remotefs ypbind nfs nfsserver rpcbind -# Required-Stop: $remote_fs -# Should-Stop: $null -# Default-Start: 3 5 -# Default-Stop: 0 1 2 6 -# Short-Description: SuSEfirewall2 phase 2 -# Description: SuSEfirewall2_setup does some basic setup and is the -# phase 2 of 2 of the SuSEfirewall initialization. -### END INIT INFO -# X-SuSE-Dep-Only - -SUSEFWALL="/sbin/SuSEfirewall2" - -test -x $SUSEFWALL || exit 5 - -test "$1" != 'status' || SYSTEMD_NO_WRAP=1 # bnc#727445 -. /etc/rc.status -rc_reset - -case "$1" in - start) - echo -n "Loading firewall rules " - $SUSEFWALL -q --bootunlock start - rc_status -v - ;; - stop) - called_manually='' - if [ -e /sys/fs/cgroup/systemd ]; then - # XXX: find a better way to check whether shutdown is in progress - if ! systemctl --no-pager --full --all list-units | grep -q 'basic\.target.*active.*stop'; then - called_manually=yes - fi - elif [ -z "$REDIRECT" ]; then - called_manually=yes - fi - if [ "$called_manually" = yes ]; then - echo -n "Unloading firewall rules" - $SUSEFWALL -q stop - rc_status -v - else - echo -n "Not unloading firewall rules at system shutdown" - rc_status -s - fi - ;; - restart|force-reload) - $0 start - ;; - try-restart|reload) - if ($0 status) >/dev/null 2>&1; then - $0 start - else - rc_reset - fi - ;; - long-status) - echo "Checking the status of SuSEfirewall2 " - if ! $SUSEFWALL status; then - rc_failed 3 - fi - ;; - status) - echo -n "Checking the status of SuSEfirewall2 " - { test -e /proc/net/ip_tables_names && iptables -nL reject_func >/dev/null 2>&1; } || rc_failed 3 - rc_status -v - ;; - *) - echo "Usage: $0 {start|stop|status|restart|reload|force-reload}" - exit 1 - ;; -esac - -# Set exit status -rc_exit -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org