From 2dd901f8a9838a269dfb187e93f1a02ba8c1e995610639f36d8a42890cb2b942 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 16 Sep 2021 08:52:43 +0000 Subject: [PATCH] Accepting request 919462 from home:schubi2 - Use libalternatives instead of update-alternatives. OBS-URL: https://build.opensuse.org/request/show/919462 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=144 --- iptables.changes | 5 ++ iptables.spec | 129 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+) diff --git a/iptables.changes b/iptables.changes index 2a6e4c4..6518b77 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Aug 3 07:13:19 UTC 2021 - Stefan Schubert + +- Use libalternatives instead of update-alternatives. + ------------------------------------------------------------------- Fri Jan 15 22:34:25 UTC 2021 - Jan Engelhardt diff --git a/iptables.spec b/iptables.spec index d250b5a..a3bb209 100644 --- a/iptables.spec +++ b/iptables.spec @@ -16,6 +16,12 @@ # +%if 0%{?suse_version} > 1500 +%bcond_without libalternatives +%else +%bcond_with libalternatives +%endif + Name: iptables Version: 1.8.7 Release: 0 @@ -43,8 +49,14 @@ BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 BuildRequires: pkgconfig(libnftnl) >= 1.1.6 Requires: netcfg >= 11.6 Requires: xtables-plugins = %version-%release +%if %{with libalternatives} +Requires: alts +Requires: libalternatives >= 1.2 +Requires(pre): update-alternatives +%else Requires(post): update-alternatives Requires(postun): update-alternatives +%endif # During the update to iptables 1.8, ip6tables-restore-translate, ip6tables-translate, # iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage # (now iptables-backend-nft) to the main package so we need to add a conflict here otherwise @@ -181,12 +193,74 @@ rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \ ip6tables-save arptables arptables-restore arptables-save ebtables \ ebtables-restore ebtables-save; do +%if ! %{with libalternatives} ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/$i" +%else + ln -fsv %{_bindir}/alts "$b/%_sbindir/$i" +%endif done + %if 0%{?suse_version} %fdupes %buildroot/%_prefix %endif +%if %{with libalternatives} +mkdir -p %{buildroot}%{_datadir}/libalternatives/iptables +cat > %{buildroot}%{_datadir}/libalternatives/iptables/1.conf < %{buildroot}%{_datadir}/libalternatives/iptables/2.conf < %{buildroot}%{_datadir}/libalternatives/arptables/2.conf < %{buildroot}%{_datadir}/libalternatives/ebtables/2.conf < 0 ] ; then + update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi" +fi +%else %post update-alternatives \ --install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \ @@ -200,7 +274,17 @@ update-alternatives \ if test "$1" = 0; then update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi" fi +%endif +%if %{with libalternatives} +%pre backend-nft +# removing old update-alternatives entries +if test "$1" = 0; then + update-alternatives --remove iptables "%_sbindir/xtables-nft-multi" + update-alternatives --remove arptables "%_sbindir/xtables-nft-multi" + update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi" +fi +%else %post backend-nft update-alternatives \ --install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \ @@ -222,6 +306,7 @@ if test "$1" = 0; then update-alternatives --remove arptables "%_sbindir/xtables-nft-multi" update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi" fi +%endif %post -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig @@ -249,12 +334,28 @@ fi %_mandir/man1/*tables* %_mandir/man8/*tables* # backend-legacy (implicit) +%if ! %{with libalternatives} %ghost %_sysconfdir/alternatives/iptables %ghost %_sysconfdir/alternatives/iptables-restore %ghost %_sysconfdir/alternatives/iptables-save %ghost %_sysconfdir/alternatives/ip6tables %ghost %_sysconfdir/alternatives/ip6tables-restore %ghost %_sysconfdir/alternatives/ip6tables-save +%else +%dir %{_datadir}/libalternatives +%dir %{_datadir}/libalternatives/iptables +%dir %{_datadir}/libalternatives/iptables-restore +%dir %{_datadir}/libalternatives/iptables-save +%dir %{_datadir}/libalternatives/ip6tables +%dir %{_datadir}/libalternatives/ip6tables-restore +%dir %{_datadir}/libalternatives/ip6tables-save +%{_datadir}/libalternatives/iptables/1.conf +%{_datadir}/libalternatives/iptables-restore/1.conf +%{_datadir}/libalternatives/iptables-save/1.conf +%{_datadir}/libalternatives/ip6tables/1.conf +%{_datadir}/libalternatives/ip6tables-restore/1.conf +%{_datadir}/libalternatives/ip6tables-save/1.conf +%endif %_sbindir/iptables %_sbindir/iptables-restore %_sbindir/iptables-save @@ -263,6 +364,7 @@ fi %_sbindir/ip6tables-save %files backend-nft +%if ! %{with libalternatives} %ghost %_sysconfdir/alternatives/iptables %ghost %_sysconfdir/alternatives/iptables-restore %ghost %_sysconfdir/alternatives/iptables-save @@ -275,6 +377,33 @@ fi %ghost %_sysconfdir/alternatives/ebtables %ghost %_sysconfdir/alternatives/ebtables-restore %ghost %_sysconfdir/alternatives/ebtables-save +%else +%dir %{_datadir}/libalternatives +%dir %{_datadir}/libalternatives/iptables +%dir %{_datadir}/libalternatives/iptables-restore +%dir %{_datadir}/libalternatives/iptables-save +%dir %{_datadir}/libalternatives/ip6tables +%dir %{_datadir}/libalternatives/ip6tables-restore +%dir %{_datadir}/libalternatives/ip6tables-save +%dir %{_datadir}/libalternatives/arptables +%dir %{_datadir}/libalternatives/arptables-restore +%dir %{_datadir}/libalternatives/arptables-save +%dir %{_datadir}/libalternatives/ebtables +%dir %{_datadir}/libalternatives/ebtables-restore +%dir %{_datadir}/libalternatives/ebtables-save +%{_datadir}/libalternatives/iptables/2.conf +%{_datadir}/libalternatives/iptables-restore/2.conf +%{_datadir}/libalternatives/iptables-save/2.conf +%{_datadir}/libalternatives/ip6tables/2.conf +%{_datadir}/libalternatives/ip6tables-restore/2.conf +%{_datadir}/libalternatives/ip6tables-save/2.conf +%{_datadir}/libalternatives/arptables/2.conf +%{_datadir}/libalternatives/arptables-restore/2.conf +%{_datadir}/libalternatives/arptables-save/2.conf +%{_datadir}/libalternatives/ebtables/2.conf +%{_datadir}/libalternatives/ebtables-restore/2.conf +%{_datadir}/libalternatives/ebtables-save/2.conf +%endif %_sbindir/iptables %_sbindir/iptables-restore %_sbindir/iptables-save