1
0
forked from jengelh/iptables

Accepting request 926539 from security:netfilter

OBS-URL: https://build.opensuse.org/request/show/926539
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=75
This commit is contained in:
Dominique Leuenberger 2021-11-14 23:06:07 +00:00 committed by Git OBS Bridge
commit 80ab345e92
2 changed files with 111 additions and 8 deletions

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Wed Oct 20 11:15:19 UTC 2021 - Stefan Schubert <schubi@suse.de>
- Added alts requirements for iptables-backend-nft package.
-------------------------------------------------------------------
Thu Sep 16 11:40:45 UTC 2021 - Stefan Schubert <schubi@suse.com>
- Removed update-alternatives dependency in libalternatives mode.
-------------------------------------------------------------------
Tue Aug 3 07:13:19 UTC 2021 - Stefan Schubert <schubi@suse.com>
- Use libalternatives instead of update-alternatives.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 15 22:34:25 UTC 2021 - Jan Engelhardt <jengelh@inai.de> Fri Jan 15 22:34:25 UTC 2021 - Jan Engelhardt <jengelh@inai.de>

View File

@ -16,11 +16,17 @@
# #
%if 0%{?suse_version} > 1500
%bcond_without libalternatives
%else
%bcond_with libalternatives
%endif
Name: iptables Name: iptables
Version: 1.8.7 Version: 1.8.7
Release: 0 Release: 0
Summary: IP packet filter administration utilities Summary: IP packet filter administration utilities
License: GPL-2.0-only AND Artistic-2.0 License: Artistic-2.0 AND GPL-2.0-only
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
URL: https://netfilter.org/projects/iptables/ URL: https://netfilter.org/projects/iptables/
#Git-Clone: git://git.netfilter.org/iptables #Git-Clone: git://git.netfilter.org/iptables
@ -43,8 +49,13 @@ BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
BuildRequires: pkgconfig(libnftnl) >= 1.1.6 BuildRequires: pkgconfig(libnftnl) >= 1.1.6
Requires: netcfg >= 11.6 Requires: netcfg >= 11.6
Requires: xtables-plugins = %version-%release Requires: xtables-plugins = %version-%release
%if %{with libalternatives}
Requires: alts
BuildRequires: alts
%else
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(postun):update-alternatives Requires(postun):update-alternatives
%endif
# During the update to iptables 1.8, ip6tables-restore-translate, ip6tables-translate, # During the update to iptables 1.8, ip6tables-restore-translate, ip6tables-translate,
# iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage # iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage
# (now iptables-backend-nft) to the main package so we need to add a conflict here otherwise # (now iptables-backend-nft) to the main package so we need to add a conflict here otherwise
@ -59,10 +70,15 @@ the various Netfilter packet filter engines inside the Linux kernel.
Summary: Metapackage to make nft the default backend for iptables/arptables/ebtables Summary: Metapackage to make nft the default backend for iptables/arptables/ebtables
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: iptables >= 1.8.0 Requires: iptables >= 1.8.0
%if %{with libalternatives}
Requires: alts
BuildRequires: alts
%else
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(postun):update-alternatives Requires(postun):update-alternatives
Provides: iptables-nft = %{version}-%{release} %endif
Obsoletes: iptables-nft < %{version}-%{release} Provides: iptables-nft = %version-%release
Obsoletes: iptables-nft < %version-%release
%description backend-nft %description backend-nft
Installation of this package adds higher priority alternatives (cf. Installation of this package adds higher priority alternatives (cf.
@ -166,7 +182,7 @@ rm -f extensions/libipt_unclean.man
# includedir is overriden on purpose to detect projects that # includedir is overriden on purpose to detect projects that
# fail to include libxtables_CFLAGS # fail to include libxtables_CFLAGS
%configure --includedir="%_includedir/%name" --enable-libipq %configure --includedir="%_includedir/%name" --enable-libipq
make %{?_smp_mflags} V=1 %make_build V=1
%install %install
%make_install %make_install
@ -176,17 +192,69 @@ rm -f "$b/%_libdir/"libiptc.so*
# iptables-apply is not installed by upstream Makefile # iptables-apply is not installed by upstream Makefile
install -m0755 iptables/iptables-apply "$b/%_sbindir/" install -m0755 iptables/iptables-apply "$b/%_sbindir/"
rm -f "$b/%_libdir"/*.la rm -f "$b/%_libdir"/*.la
rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg rm -f "$b/%_sysconfdir/ethertypes" # provided by netcfg
for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \ for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \
ip6tables-save arptables arptables-restore arptables-save ebtables \ ip6tables-save arptables arptables-restore arptables-save ebtables \
ebtables-restore ebtables-save; do ebtables-restore ebtables-save; do
ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/$i" %if ! %{with libalternatives}
ln -fsv "%_sysconfdir/alternatives/$i" "$b/%_sbindir/$i"
%else
ln -fsv %_bindir/alts "$b/%_sbindir/$i"
%endif
done done
%if 0%{?suse_version} %if 0%{?suse_version}
%fdupes %buildroot/%_prefix %fdupes %buildroot/%_prefix
%endif %endif
%if %{with libalternatives}
mkdir -pv "$b/%_datadir/libalternatives/iptables"
cat >"$b/%_datadir/libalternatives/iptables/1.conf" <<-EOF
binary=%_sbindir/xtables-legacy-multi
group=iptables, ip6tables, ip6tables-restore, ip6tables-save, iptables-restore, iptables-save
options=KeepArgv0
EOF
cat >"$b/%_datadir/libalternatives/iptables/2.conf" <<-EOF
binary=%_sbindir/xtables-nft-multi
group=iptables, ip6tables, ip6tables-restore, ip6tables-save, iptables-restore, iptables-save
options=KeepArgv0
EOF
for i in ip6tables ip6tables-restore ip6tables-save iptables-restore iptables-save; do
mkdir -pv "$b/%_datadir/libalternatives/$i"
cp -av "$b/%_datadir/libalternatives/iptables/"*.conf "$b/%_datadir/libalternatives/$i/"
done
mkdir -pv $b/%_datadir/libalternatives/arptables
cat >"$b/%_datadir/libalternatives/arptables/2.conf" <<-EOF
binary=%_sbindir/xtables-nft-multi
group=arptables, arptables-restore, arptables-save
EOF
for i in arptables-restore arptables-save; do
mkdir -pv "$b/%_datadir/libalternatives/$i"
cp -av "$b/%_datadir/libalternatives/arptables/2.conf" "$b/%_datadir/libalternatives/$i/"
done
mkdir -p "$b/%_datadir/libalternatives/ebtables"
cat >"$b/%_datadir/libalternatives/ebtables/2.conf" <<-EOF
binary=%_sbindir/xtables-nft-multi
group=ebtables, ebtables-restore, ebtables-save
EOF
for i in ebtables-restore ebtables-save; do
mkdir -pv "$b/%_datadir/libalternatives/$i"
cp -av "$b/%_datadir/libalternatives/ebtables/2.conf" "$b/%_datadir/libalternatives/$i/"
done
%endif
%if %{with libalternatives}
%pre
# removing old update-alternatives entries
if [ "$1" -gt 0 ] && [ -f "%_sbindir/update-alternatives" ]; then
update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
fi
%else
%post %post
update-alternatives \ update-alternatives \
--install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \ --install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \
@ -200,6 +268,17 @@ update-alternatives \
if test "$1" = 0; then if test "$1" = 0; then
update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi" update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
fi fi
%endif
%if %{with libalternatives}
%pre backend-nft
# removing old update-alternatives entries
if [ "$1" -gt 0 ] && [ -f "%_sbindir/update-alternatives" ]; then
update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
fi
%else
%post backend-nft %post backend-nft
update-alternatives \ update-alternatives \
@ -222,6 +301,7 @@ if test "$1" = 0; then
update-alternatives --remove arptables "%_sbindir/xtables-nft-multi" update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi" update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
fi fi
%endif
%post -n libipq0 -p /sbin/ldconfig %post -n libipq0 -p /sbin/ldconfig
%postun -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig
@ -249,12 +329,16 @@ fi
%_mandir/man1/*tables* %_mandir/man1/*tables*
%_mandir/man8/*tables* %_mandir/man8/*tables*
# backend-legacy (implicit) # backend-legacy (implicit)
%if ! %{with libalternatives}
%ghost %_sysconfdir/alternatives/iptables %ghost %_sysconfdir/alternatives/iptables
%ghost %_sysconfdir/alternatives/iptables-restore %ghost %_sysconfdir/alternatives/iptables-restore
%ghost %_sysconfdir/alternatives/iptables-save %ghost %_sysconfdir/alternatives/iptables-save
%ghost %_sysconfdir/alternatives/ip6tables %ghost %_sysconfdir/alternatives/ip6tables
%ghost %_sysconfdir/alternatives/ip6tables-restore %ghost %_sysconfdir/alternatives/ip6tables-restore
%ghost %_sysconfdir/alternatives/ip6tables-save %ghost %_sysconfdir/alternatives/ip6tables-save
%else
%_datadir/libalternatives/
%endif
%_sbindir/iptables %_sbindir/iptables
%_sbindir/iptables-restore %_sbindir/iptables-restore
%_sbindir/iptables-save %_sbindir/iptables-save
@ -263,6 +347,7 @@ fi
%_sbindir/ip6tables-save %_sbindir/ip6tables-save
%files backend-nft %files backend-nft
%if ! %{with libalternatives}
%ghost %_sysconfdir/alternatives/iptables %ghost %_sysconfdir/alternatives/iptables
%ghost %_sysconfdir/alternatives/iptables-restore %ghost %_sysconfdir/alternatives/iptables-restore
%ghost %_sysconfdir/alternatives/iptables-save %ghost %_sysconfdir/alternatives/iptables-save
@ -275,6 +360,9 @@ fi
%ghost %_sysconfdir/alternatives/ebtables %ghost %_sysconfdir/alternatives/ebtables
%ghost %_sysconfdir/alternatives/ebtables-restore %ghost %_sysconfdir/alternatives/ebtables-restore
%ghost %_sysconfdir/alternatives/ebtables-save %ghost %_sysconfdir/alternatives/ebtables-save
%else
%_datadir/libalternatives/
%endif
%_sbindir/iptables %_sbindir/iptables
%_sbindir/iptables-restore %_sbindir/iptables-restore
%_sbindir/iptables-save %_sbindir/iptables-save