Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: bl...@debian.org
Please unblock package iptables-persistent (Please provide enough (but not too much) information to help the release team to judge the request efficiently. E.g. by filling in the sections below.) [ Reason ] The package is using alternatives to manage (systemd) aliases, this is not recommended by the systemd maintainers. See bug report #1036147 I've added alternatives to this package back in 2019 to solve #926927 as a point of coordination with other firewall managers in Debian (see https://lists.debian.org/debian-firewall/2019/08/msg00000.html) but the initiative never took off [ Impact ] This is (was) the only package in Debian which uses alternatives to manage aliases, which makes it different from what admins expect [ Tests ] This version of the package is clean in lintian and piuparts, I've upgraded my systems and found no problems [ Risks ] I see no risks, if an admin locally have changed the override files, we'll keep them as dpkg-bak [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock iptables-persistent/1.0.20
diff -Nru iptables-persistent-1.0.19/debian/changelog iptables-persistent-1.0.20/debian/changelog --- iptables-persistent-1.0.19/debian/changelog 2023-02-28 08:02:38.000000000 +0100 +++ iptables-persistent-1.0.20/debian/changelog 2023-05-19 13:27:33.000000000 +0200 @@ -1,3 +1,16 @@ +iptables-persistent (1.0.20) unstable; urgency=medium + + [ Luca Boccassi ] + * [3d8a9b] Use aliases instead of overrides for alternative names + (Closes: #1036147) + * [418c74] Install drop-ins in /lib/ instead of /etc/ (Closes: #1036147) + + [ gustavo panizzo ] + * [06509f] Handle obsolete conffile removal + * [633371] Remove obsolete dependency (lsb-base) + + -- gustavo panizzo <g...@zumbi.com.ar> Fri, 19 May 2023 13:27:33 +0200 + iptables-persistent (1.0.19) unstable; urgency=medium * [49d9ca] Debconf templates translation to Romanian. diff -Nru iptables-persistent-1.0.19/debian/control iptables-persistent-1.0.20/debian/control --- iptables-persistent-1.0.19/debian/control 2023-02-28 08:02:01.000000000 +0100 +++ iptables-persistent-1.0.20/debian/control 2023-05-19 13:26:46.000000000 +0200 @@ -7,10 +7,11 @@ Vcs-Browser: https://salsa.debian.org/debian/iptables-persistent Vcs-Git: https://salsa.debian.org/debian/iptables-persistent.git Rules-Requires-Root: no +Pre-Depends: dpkg (>= 1.15.7.2) Package: netfilter-persistent Architecture: all -Depends: lsb-base, ${misc:Depends} +Depends: ${misc:Depends} Suggests: iptables-persistent Pre-Depends: ${misc:Pre-Depends} Description: boot-time loader for netfilter configuration diff -Nru iptables-persistent-1.0.19/debian/ipset.override iptables-persistent-1.0.20/debian/ipset.override --- iptables-persistent-1.0.19/debian/ipset.override 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/ipset.override 2023-05-19 12:12:44.000000000 +0200 @@ -1,2 +1,2 @@ -[Unit] -Conflicts=ipset.service +[Install] +Alias=ipset.service diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.install iptables-persistent-1.0.20/debian/ipset-persistent.install --- iptables-persistent-1.0.19/debian/ipset-persistent.install 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/ipset-persistent.install 2023-05-19 12:12:44.000000000 +0200 @@ -1,4 +1,4 @@ #! /usr/bin/dh-exec plugins/10-ipset usr/share/netfilter-persistent/plugins.d/ plugins/40-ipset usr/share/netfilter-persistent/plugins.d/ -debian/ipset.override => etc/systemd/system/netfilter-persistent.service.d/ipset.conf +debian/ipset.override => lib/systemd/system/netfilter-persistent.service.d/ipset.conf diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.maintscript iptables-persistent-1.0.20/debian/ipset-persistent.maintscript --- iptables-persistent-1.0.19/debian/ipset-persistent.maintscript 1970-01-01 01:00:00.000000000 +0100 +++ iptables-persistent-1.0.20/debian/ipset-persistent.maintscript 2023-05-19 13:26:46.000000000 +0200 @@ -0,0 +1 @@ +rm_conffile /etc/systemd/system/netfilter-persistent.service.d/ipset.conf diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.postinst iptables-persistent-1.0.20/debian/ipset-persistent.postinst --- iptables-persistent-1.0.19/debian/ipset-persistent.postinst 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/ipset-persistent.postinst 2023-05-19 13:26:46.000000000 +0200 @@ -2,8 +2,10 @@ set -e -# Setup alternatives -update-alternatives --install /lib/systemd/system/ipset.service ipset.service /lib/systemd/system/netfilter-persistent.service 40 +# Can be dropped in Trixie +if update-alternatives --query ipset.service 2>/dev/null; then + update-alternatives --remove-all ipset.service +fi # Source debconf library . /usr/share/debconf/confmodule @@ -29,4 +31,11 @@ ;; esac +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then + # Ensure the drop-in is loaded + if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + fi +fi + #DEBHELPER# diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.postrm iptables-persistent-1.0.20/debian/ipset-persistent.postrm --- iptables-persistent-1.0.19/debian/ipset-persistent.postrm 2020-07-02 16:33:46.000000000 +0200 +++ iptables-persistent-1.0.20/debian/ipset-persistent.postrm 2023-05-19 13:26:46.000000000 +0200 @@ -8,4 +8,9 @@ ;; esac +# To register the drop-in's removal +if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi + #DEBHELPER# diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.prerm iptables-persistent-1.0.20/debian/ipset-persistent.prerm --- iptables-persistent-1.0.19/debian/ipset-persistent.prerm 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/ipset-persistent.prerm 1970-01-01 01:00:00.000000000 +0100 @@ -1,8 +0,0 @@ -#!/bin/sh - -set -e - -# Remove alternatives -update-alternatives --remove-all ipset.service - -#DEBHELPER# diff -Nru iptables-persistent-1.0.19/debian/iptables.override iptables-persistent-1.0.20/debian/iptables.override --- iptables-persistent-1.0.19/debian/iptables.override 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/iptables.override 2023-05-19 12:12:44.000000000 +0200 @@ -1,2 +1,2 @@ -[Unit] -Conflicts=iptables.service ip6tables.service +[Install] +Alias=iptables.service ip6tables.service diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.install iptables-persistent-1.0.20/debian/iptables-persistent.install --- iptables-persistent-1.0.19/debian/iptables-persistent.install 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/iptables-persistent.install 2023-05-19 12:12:44.000000000 +0200 @@ -1,4 +1,4 @@ #! /usr/bin/dh-exec plugins/15-ip4tables usr/share/netfilter-persistent/plugins.d/ plugins/25-ip6tables usr/share/netfilter-persistent/plugins.d/ -debian/iptables.override => etc/systemd/system/netfilter-persistent.service.d/iptables.conf +debian/iptables.override => lib/systemd/system/netfilter-persistent.service.d/iptables.conf diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.maintscript iptables-persistent-1.0.20/debian/iptables-persistent.maintscript --- iptables-persistent-1.0.19/debian/iptables-persistent.maintscript 1970-01-01 01:00:00.000000000 +0100 +++ iptables-persistent-1.0.20/debian/iptables-persistent.maintscript 2023-05-19 13:26:46.000000000 +0200 @@ -0,0 +1 @@ +rm_conffile /etc/systemd/system/netfilter-persistent.service.d/iptables.conf diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.postinst iptables-persistent-1.0.20/debian/iptables-persistent.postinst --- iptables-persistent-1.0.19/debian/iptables-persistent.postinst 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/iptables-persistent.postinst 2023-05-19 13:26:46.000000000 +0200 @@ -2,9 +2,10 @@ set -e -# Setup alternatives -update-alternatives --install /lib/systemd/system/iptables.service iptables.service /lib/systemd/system/netfilter-persistent.service 40 \ - --slave /lib/systemd/system/ip6tables.service ip6tables.service /lib/systemd/system/netfilter-persistent.service +# Can be dropped in Trixie +if update-alternatives --query iptables.service 2>/dev/null; then + update-alternatives --remove-all iptables.service +fi # Source debconf library . /usr/share/debconf/confmodule @@ -45,4 +46,11 @@ ;; esac +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then + # Ensure the drop-in is loaded + if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + fi +fi + #DEBHELPER# diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.postrm iptables-persistent-1.0.20/debian/iptables-persistent.postrm --- iptables-persistent-1.0.19/debian/iptables-persistent.postrm 2019-08-22 23:39:03.000000000 +0200 +++ iptables-persistent-1.0.20/debian/iptables-persistent.postrm 2023-05-19 13:26:46.000000000 +0200 @@ -10,4 +10,9 @@ ;; esac +# To register the drop-in's removal +if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi + #DEBHELPER# diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.prerm iptables-persistent-1.0.20/debian/iptables-persistent.prerm --- iptables-persistent-1.0.19/debian/iptables-persistent.prerm 2021-11-17 08:58:54.000000000 +0100 +++ iptables-persistent-1.0.20/debian/iptables-persistent.prerm 1970-01-01 01:00:00.000000000 +0100 @@ -1,8 +0,0 @@ -#!/bin/sh - -set -e - -# Setup alternatives -update-alternatives --remove-all iptables.service - -#DEBHELPER# diff -Nru iptables-persistent-1.0.19/debian/NEWS iptables-persistent-1.0.20/debian/NEWS --- iptables-persistent-1.0.19/debian/NEWS 1970-01-01 01:00:00.000000000 +0100 +++ iptables-persistent-1.0.20/debian/NEWS 2023-05-19 12:12:44.000000000 +0200 @@ -0,0 +1,12 @@ +iptables-persistent (1.0.20) unstable; urgency=medium + + iptables-persistent.service, ip6tables-persistent.service and + ipset-persistent.service are now aliases instead of alternatives, using + native functionality to provide alternative names. Users wishing to use such + names can use 'systemctl enable netfilter-persistent.service' to enable them, + and can override them using the standard systemd configuration mechanisms. + Other packages wishing to provide the same service names simply have to + declare the same aliases in their units, and users can enable the one they + prefer. + + -- Luca Boccassi <bl...@debian.org> Tue, 16 May 2023 01:40:17 +0100
