Accepting request 394008 from home:posophe:branches:security:netfilter

add systemd support OBS-URL: https://build.opensuse.org/request/show/394008 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ebtables?expand=0&rev=41
2016-06-02 15:28:01 +00:00 · 2016-06-02 15:28:01 +00:00 · 8b3624a4e2
commit 8b3624a4e2
parent ae8fc77414
4 changed files with 144 additions and 1 deletions
--- a/ebtables.changes
+++ b/ebtables.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri May  6 10:43:55 UTC 2016 - p.drouand@gmail.com
+
+- Add systemd support for openSUSE > 12.10
+- Do not depend on fillup when building with sysvinit support; the 
+  package doesn't provide any sysconfig file
+- Change Requires(post) tag for Requires(pre); sysvinit must be
+  available before the package installation, according to the policy
+
 -------------------------------------------------------------------
 Tue Apr 26 12:13:47 UTC 2016 - kstreitova@suse.com

--- a/ebtables.service
+++ b/ebtables.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Ethernet Bridge Filtering tables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/ebtables start
+ExecStop=/usr/libexec/ebtables stop
+
+[Install]
+WantedBy=multi-user.target
--- a/ebtables.spec
+++ b/ebtables.spec
@ -25,6 +25,8 @@ Group:          Productivity/Networking/Security
 Url:            http://ebtables.sf.net/
 #Git-Clone:	git://git.netfilter.org/ebtables
 Source:         %{name}-v2.0.10-4.tar.xz
+Source1:        %{name}.service
+Source2:        %{name}.systemd
 Patch0:         %{name}-v2.0.8-makefile.diff
 Patch1:         %{name}-v2.0.8-initscript.diff
 # PATCH-FIX-UPSTREAM bnc#934680 kstreitova@suse.com -- audit patch for CC certification
@ -36,7 +38,14 @@ Patch4:         include-linux-if.patch
 BuildRequires:  linux-glibc-devel >= 2.6.20
 BuildRequires:  sed
 BuildRequires:  xz
-Requires(post): %insserv_prereq %fillup_prereq
+%if 0%{?suse_version} > 1210
+BuildRequires:  systemd-rpm-macros
+Requires(pre):  %fillup_prereq
+%{?systemd_requires}
+%else
+BuildRequires:  sysvinit
+Requires(pre):  %insserv_prereq
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -88,26 +97,66 @@ make \
    INITDIR="%{_sysconfdir}/init.d" \
    SYSCONFIGDIR="%{_sysconfdir}" \
    install
+%if 0%{?suse_version} > 1210
+mkdir -p %{buildroot}/var/adm/fillup-templates
+mkdir -p %{buildroot}%{_unitdir}
+install -p %{SOURCE1} %{buildroot}%{_unitdir}/
+chmod -x %{buildroot}%{_unitdir}/*.service
+mkdir -p %{buildroot}%{_libexecdir}
+install -m0755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name}
+touch %{buildroot}/var/adm/fillup-templates/sysconfig.%{name}.filter
+touch %{buildroot}/var/adm/fillup-templates/sysconfig.%{name}.nat
+touch %{buildroot}/var/adm/fillup-templates/sysconfig.%{name}.broute
+rm -rf %{buildroot}%{_initrddir}
+%else
 ln -sf "%{_initddir}/ebtables" "%{buildroot}/%{_sbindir}/rcebtables"
+%endif
 # not used
 rm -f "%{buildroot}/%{_sysconfdir}/ebtables-config"

+%if 0%{?suse_version} > 1210
+%pre
+%service_add_pre %{name}.service
+%endif
+
 %post
+%if 0%{?suse_version} > 1210
+%service_add_post %{name}.service
+%fillup_only
+%else
 %fillup_and_insserv ebtables
+%endif

 %preun
+%if 0%{?suse_version} > 1210
+%service_del_preun %{name}.service
+%else
 %stop_on_removal ebtables
+%endif

 %postun
+%if 0%{?suse_version} > 1210
+%service_del_postun %{name}.service
+%else
 %restart_on_update ebtables
 %insserv_cleanup
+%endif

 %files
 %defattr(-,root,root)
 %doc COPYING ChangeLog
 %{_mandir}/man8/ebtables.8*
 %config(noreplace) %{_sysconfdir}/ethertypes
+%if 0%{?suse_version} > 1210
+%{_libexecdir}/%{name}
+%{_unitdir}/%{name}.service
+%ghost /var/adm/fillup-templates/sysconfig.%{name}.filter
+%ghost /var/adm/fillup-templates/sysconfig.%{name}.nat
+%ghost /var/adm/fillup-templates/sysconfig.%{name}.broute
+%else
 %{_initddir}/ebtables
+%endif
 %dir %{_libdir}/%{name}
 %{_libdir}/%{name}/*.so
 %{_sbindir}/ebtables
--- a/ebtables.systemd
+++ b/ebtables.systemd
@ -0,0 +1,74 @@
+#!/bin/bash
+
+RETVAL=0
+
+initialize() {
+  # Initialize $TYPE tables
+  echo -n $"  $TYPE tables: "
+  if [ -r /etc/sysconfig/ebtables.$TYPE ]; then
+    /sbin/ebtables -t $TYPE --atomic-file /etc/sysconfig/ebtables.$TYPE --atomic-commit > /dev/null || RETVAL=1
+  else
+    echo -n "not configured"
+  fi
+  if [ $RETVAL -eq 0 ]; then
+    echo -n $"[  OK  ]"
+    echo -ne "\r"
+  else
+    echo -n $"[FAILED]"
+    echo -ne "\r"
+  fi
+}
+
+case $1 in
+  start)
+   # Initialize	filter tables
+   TYPE=filter
+   initialize
+ 
+   # Initialize NAT tables
+   echo
+   TYPE=nat
+   initialize
+
+   # Initialize broute tables
+   echo
+   TYPE=broute
+   initialize
+  ;;
+  stop)
+    /sbin/ebtables -t filter --init-table || RETVAL=1
+    /sbin/ebtables -t nat --init-table || RETVAL=1
+    /sbin/ebtables -t broute --init-table || RETVAL=1
+
+    for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do
+       /sbin/rmmod $mod || RETVAL=1
+    done
+
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  save)
+    echo -n $"Saving Ethernet bridge filtering (ebtables): "
+    /sbin/ebtables -t filter --atomic-file /etc/sysconfig/ebtables.filter --atomic-save || RETVAL=1
+    /sbin/ebtables -t nat --atomic-file /etc/sysconfig/ebtables.nat --atomic-save || RETVAL=1
+    /sbin/ebtables -t broute --atomic-file /etc/sysconfig/ebtables.broute --atomic-save || RETVAL=1
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  *)
+    echo "usage: ${0##*/} {start|stop|save}" >&2
+    exit 1
+  ;;
+esac
+
+# vim:set ts=2 sw=2 ft=sh et: