1
0
forked from jengelh/iptables

Accepting request 919462 from home:schubi2

- Use libalternatives instead of update-alternatives.

OBS-URL: https://build.opensuse.org/request/show/919462
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=144
This commit is contained in:
Jan Engelhardt 2021-09-16 08:52:43 +00:00 committed by Git OBS Bridge
parent 60f05617fa
commit 2dd901f8a9
2 changed files with 134 additions and 0 deletions

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Aug 3 07:13:19 UTC 2021 - Stefan Schubert <schubi@suse.com>
- Use libalternatives instead of update-alternatives.
-------------------------------------------------------------------
Fri Jan 15 22:34:25 UTC 2021 - Jan Engelhardt <jengelh@inai.de>

View File

@ -16,6 +16,12 @@
#
%if 0%{?suse_version} > 1500
%bcond_without libalternatives
%else
%bcond_with libalternatives
%endif
Name: iptables
Version: 1.8.7
Release: 0
@ -43,8 +49,14 @@ BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
BuildRequires: pkgconfig(libnftnl) >= 1.1.6
Requires: netcfg >= 11.6
Requires: xtables-plugins = %version-%release
%if %{with libalternatives}
Requires: alts
Requires: libalternatives >= 1.2
Requires(pre): update-alternatives
%else
Requires(post): update-alternatives
Requires(postun): update-alternatives
%endif
# During the update to iptables 1.8, ip6tables-restore-translate, ip6tables-translate,
# iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage
# (now iptables-backend-nft) to the main package so we need to add a conflict here otherwise
@ -181,12 +193,74 @@ rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \
ip6tables-save arptables arptables-restore arptables-save ebtables \
ebtables-restore ebtables-save; do
%if ! %{with libalternatives}
ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/$i"
%else
ln -fsv %{_bindir}/alts "$b/%_sbindir/$i"
%endif
done
%if 0%{?suse_version}
%fdupes %buildroot/%_prefix
%endif
%if %{with libalternatives}
mkdir -p %{buildroot}%{_datadir}/libalternatives/iptables
cat > %{buildroot}%{_datadir}/libalternatives/iptables/1.conf <<EOF
binary=%{_sbindir}/xtables-legacy-multi
group=iptables, ip6tables, ip6tables-restore, ip6tables-save, iptables-restore, iptables-save
options=KeepArgv0
EOF
cat > %{buildroot}%{_datadir}/libalternatives/iptables/2.conf <<EOF
binary=%{_sbindir}/xtables-nft-multi
group=iptables, ip6tables, ip6tables-restore, ip6tables-save, iptables-restore, iptables-save
options=KeepArgv0
EOF
mkdir -p %{buildroot}%{_datadir}/libalternatives/ip6tables
cp %{buildroot}%{_datadir}/libalternatives/iptables/1.conf %{buildroot}%{_datadir}/libalternatives/ip6tables/1.conf
cp %{buildroot}%{_datadir}/libalternatives/iptables/2.conf %{buildroot}%{_datadir}/libalternatives/ip6tables/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/ip6tables-restore
cp %{buildroot}%{_datadir}/libalternatives/iptables/1.conf %{buildroot}%{_datadir}/libalternatives/ip6tables-restore/1.conf
cp %{buildroot}%{_datadir}/libalternatives/iptables/2.conf %{buildroot}%{_datadir}/libalternatives/ip6tables-restore/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/ip6tables-save
cp %{buildroot}%{_datadir}/libalternatives/iptables/1.conf %{buildroot}%{_datadir}/libalternatives/ip6tables-save/1.conf
cp %{buildroot}%{_datadir}/libalternatives/iptables/2.conf %{buildroot}%{_datadir}/libalternatives/ip6tables-save/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/iptables-restore
cp %{buildroot}%{_datadir}/libalternatives/iptables/1.conf %{buildroot}%{_datadir}/libalternatives/iptables-restore/1.conf
cp %{buildroot}%{_datadir}/libalternatives/iptables/2.conf %{buildroot}%{_datadir}/libalternatives/iptables-restore/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/iptables-save
cp %{buildroot}%{_datadir}/libalternatives/iptables/1.conf %{buildroot}%{_datadir}/libalternatives/iptables-save/1.conf
cp %{buildroot}%{_datadir}/libalternatives/iptables/2.conf %{buildroot}%{_datadir}/libalternatives/iptables-save/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/arptables
cat > %{buildroot}%{_datadir}/libalternatives/arptables/2.conf <<EOF
binary=%{_sbindir}/xtables-nft-multi
group=arptables, arptables-restore, arptables-save
EOF
mkdir -p %{buildroot}%{_datadir}/libalternatives/arptables-restore
cp %{buildroot}%{_datadir}/libalternatives/arptables/2.conf %{buildroot}%{_datadir}/libalternatives/arptables-restore/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/arptables-save
cp %{buildroot}%{_datadir}/libalternatives/arptables/2.conf %{buildroot}%{_datadir}/libalternatives/arptables-save/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables
cat > %{buildroot}%{_datadir}/libalternatives/ebtables/2.conf <<EOF
binary=%{_sbindir}/xtables-nft-multi
group=ebtables, ebtables-restore, ebtables-save
EOF
mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables-restore
cp %{buildroot}%{_datadir}/libalternatives/ebtables/2.conf %{buildroot}%{_datadir}/libalternatives/ebtables-restore/2.conf
mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables-save
cp %{buildroot}%{_datadir}/libalternatives/ebtables/2.conf %{buildroot}%{_datadir}/libalternatives/ebtables-save/2.conf
%endif
%if %{with libalternatives}
%pre
# removing old update-alternatives entries
if [ "$1" > 0 ] ; then
update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
fi
%else
%post
update-alternatives \
--install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \
@ -200,7 +274,17 @@ update-alternatives \
if test "$1" = 0; then
update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
fi
%endif
%if %{with libalternatives}
%pre backend-nft
# removing old update-alternatives entries
if test "$1" = 0; then
update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
fi
%else
%post backend-nft
update-alternatives \
--install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \
@ -222,6 +306,7 @@ if test "$1" = 0; then
update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
fi
%endif
%post -n libipq0 -p /sbin/ldconfig
%postun -n libipq0 -p /sbin/ldconfig
@ -249,12 +334,28 @@ fi
%_mandir/man1/*tables*
%_mandir/man8/*tables*
# backend-legacy (implicit)
%if ! %{with libalternatives}
%ghost %_sysconfdir/alternatives/iptables
%ghost %_sysconfdir/alternatives/iptables-restore
%ghost %_sysconfdir/alternatives/iptables-save
%ghost %_sysconfdir/alternatives/ip6tables
%ghost %_sysconfdir/alternatives/ip6tables-restore
%ghost %_sysconfdir/alternatives/ip6tables-save
%else
%dir %{_datadir}/libalternatives
%dir %{_datadir}/libalternatives/iptables
%dir %{_datadir}/libalternatives/iptables-restore
%dir %{_datadir}/libalternatives/iptables-save
%dir %{_datadir}/libalternatives/ip6tables
%dir %{_datadir}/libalternatives/ip6tables-restore
%dir %{_datadir}/libalternatives/ip6tables-save
%{_datadir}/libalternatives/iptables/1.conf
%{_datadir}/libalternatives/iptables-restore/1.conf
%{_datadir}/libalternatives/iptables-save/1.conf
%{_datadir}/libalternatives/ip6tables/1.conf
%{_datadir}/libalternatives/ip6tables-restore/1.conf
%{_datadir}/libalternatives/ip6tables-save/1.conf
%endif
%_sbindir/iptables
%_sbindir/iptables-restore
%_sbindir/iptables-save
@ -263,6 +364,7 @@ fi
%_sbindir/ip6tables-save
%files backend-nft
%if ! %{with libalternatives}
%ghost %_sysconfdir/alternatives/iptables
%ghost %_sysconfdir/alternatives/iptables-restore
%ghost %_sysconfdir/alternatives/iptables-save
@ -275,6 +377,33 @@ fi
%ghost %_sysconfdir/alternatives/ebtables
%ghost %_sysconfdir/alternatives/ebtables-restore
%ghost %_sysconfdir/alternatives/ebtables-save
%else
%dir %{_datadir}/libalternatives
%dir %{_datadir}/libalternatives/iptables
%dir %{_datadir}/libalternatives/iptables-restore
%dir %{_datadir}/libalternatives/iptables-save
%dir %{_datadir}/libalternatives/ip6tables
%dir %{_datadir}/libalternatives/ip6tables-restore
%dir %{_datadir}/libalternatives/ip6tables-save
%dir %{_datadir}/libalternatives/arptables
%dir %{_datadir}/libalternatives/arptables-restore
%dir %{_datadir}/libalternatives/arptables-save
%dir %{_datadir}/libalternatives/ebtables
%dir %{_datadir}/libalternatives/ebtables-restore
%dir %{_datadir}/libalternatives/ebtables-save
%{_datadir}/libalternatives/iptables/2.conf
%{_datadir}/libalternatives/iptables-restore/2.conf
%{_datadir}/libalternatives/iptables-save/2.conf
%{_datadir}/libalternatives/ip6tables/2.conf
%{_datadir}/libalternatives/ip6tables-restore/2.conf
%{_datadir}/libalternatives/ip6tables-save/2.conf
%{_datadir}/libalternatives/arptables/2.conf
%{_datadir}/libalternatives/arptables-restore/2.conf
%{_datadir}/libalternatives/arptables-save/2.conf
%{_datadir}/libalternatives/ebtables/2.conf
%{_datadir}/libalternatives/ebtables-restore/2.conf
%{_datadir}/libalternatives/ebtables-save/2.conf
%endif
%_sbindir/iptables
%_sbindir/iptables-restore
%_sbindir/iptables-save