Your message dated Tue, 23 May 2023 10:35:56 +0000
with message-id <[email protected]>
and subject line unblock iptables-persistent
has caused the Debian Bug report #1036354,
regarding unblock: iptables-persistent/1.0.20
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1036354: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036354
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
X-Debbugs-Cc: [email protected]
Please unblock package iptables-persistent
(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)
[ Reason ]
The package is using alternatives to manage (systemd) aliases,
this is not recommended by the systemd maintainers.
See bug report #1036147
I've added alternatives to this package back in 2019 to solve #926927
as a point of coordination with other firewall managers in Debian
(see https://lists.debian.org/debian-firewall/2019/08/msg00000.html) but
the initiative never took off
[ Impact ]
This is (was) the only package in Debian which uses alternatives to
manage aliases, which makes it different from what admins expect
[ Tests ]
This version of the package is clean in lintian and piuparts,
I've upgraded my systems and found no problems
[ Risks ]
I see no risks, if an admin locally have changed the override files,
we'll keep them as dpkg-bak
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock iptables-persistent/1.0.20
diff -Nru iptables-persistent-1.0.19/debian/changelog
iptables-persistent-1.0.20/debian/changelog
--- iptables-persistent-1.0.19/debian/changelog 2023-02-28 08:02:38.000000000
+0100
+++ iptables-persistent-1.0.20/debian/changelog 2023-05-19 13:27:33.000000000
+0200
@@ -1,3 +1,16 @@
+iptables-persistent (1.0.20) unstable; urgency=medium
+
+ [ Luca Boccassi ]
+ * [3d8a9b] Use aliases instead of overrides for alternative names
+ (Closes: #1036147)
+ * [418c74] Install drop-ins in /lib/ instead of /etc/ (Closes: #1036147)
+
+ [ gustavo panizzo ]
+ * [06509f] Handle obsolete conffile removal
+ * [633371] Remove obsolete dependency (lsb-base)
+
+ -- gustavo panizzo <[email protected]> Fri, 19 May 2023 13:27:33 +0200
+
iptables-persistent (1.0.19) unstable; urgency=medium
* [49d9ca] Debconf templates translation to Romanian.
diff -Nru iptables-persistent-1.0.19/debian/control
iptables-persistent-1.0.20/debian/control
--- iptables-persistent-1.0.19/debian/control 2023-02-28 08:02:01.000000000
+0100
+++ iptables-persistent-1.0.20/debian/control 2023-05-19 13:26:46.000000000
+0200
@@ -7,10 +7,11 @@
Vcs-Browser: https://salsa.debian.org/debian/iptables-persistent
Vcs-Git: https://salsa.debian.org/debian/iptables-persistent.git
Rules-Requires-Root: no
+Pre-Depends: dpkg (>= 1.15.7.2)
Package: netfilter-persistent
Architecture: all
-Depends: lsb-base, ${misc:Depends}
+Depends: ${misc:Depends}
Suggests: iptables-persistent
Pre-Depends: ${misc:Pre-Depends}
Description: boot-time loader for netfilter configuration
diff -Nru iptables-persistent-1.0.19/debian/ipset.override
iptables-persistent-1.0.20/debian/ipset.override
--- iptables-persistent-1.0.19/debian/ipset.override 2021-11-17
08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset.override 2023-05-19
12:12:44.000000000 +0200
@@ -1,2 +1,2 @@
-[Unit]
-Conflicts=ipset.service
+[Install]
+Alias=ipset.service
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.install
iptables-persistent-1.0.20/debian/ipset-persistent.install
--- iptables-persistent-1.0.19/debian/ipset-persistent.install 2021-11-17
08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.install 2023-05-19
12:12:44.000000000 +0200
@@ -1,4 +1,4 @@
#! /usr/bin/dh-exec
plugins/10-ipset usr/share/netfilter-persistent/plugins.d/
plugins/40-ipset usr/share/netfilter-persistent/plugins.d/
-debian/ipset.override =>
etc/systemd/system/netfilter-persistent.service.d/ipset.conf
+debian/ipset.override =>
lib/systemd/system/netfilter-persistent.service.d/ipset.conf
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.maintscript
iptables-persistent-1.0.20/debian/ipset-persistent.maintscript
--- iptables-persistent-1.0.19/debian/ipset-persistent.maintscript
1970-01-01 01:00:00.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.maintscript
2023-05-19 13:26:46.000000000 +0200
@@ -0,0 +1 @@
+rm_conffile /etc/systemd/system/netfilter-persistent.service.d/ipset.conf
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.postinst
iptables-persistent-1.0.20/debian/ipset-persistent.postinst
--- iptables-persistent-1.0.19/debian/ipset-persistent.postinst 2021-11-17
08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.postinst 2023-05-19
13:26:46.000000000 +0200
@@ -2,8 +2,10 @@
set -e
-# Setup alternatives
-update-alternatives --install /lib/systemd/system/ipset.service ipset.service
/lib/systemd/system/netfilter-persistent.service 40
+# Can be dropped in Trixie
+if update-alternatives --query ipset.service 2>/dev/null; then
+ update-alternatives --remove-all ipset.service
+fi
# Source debconf library
. /usr/share/debconf/confmodule
@@ -29,4 +31,11 @@
;;
esac
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" =
"abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+ # Ensure the drop-in is loaded
+ if [ -d /run/systemd/system ]; then
+ systemctl --system daemon-reload >/dev/null || true
+ fi
+fi
+
#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.postrm
iptables-persistent-1.0.20/debian/ipset-persistent.postrm
--- iptables-persistent-1.0.19/debian/ipset-persistent.postrm 2020-07-02
16:33:46.000000000 +0200
+++ iptables-persistent-1.0.20/debian/ipset-persistent.postrm 2023-05-19
13:26:46.000000000 +0200
@@ -8,4 +8,9 @@
;;
esac
+# To register the drop-in's removal
+if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then
+ systemctl --system daemon-reload >/dev/null || true
+fi
+
#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.prerm
iptables-persistent-1.0.20/debian/ipset-persistent.prerm
--- iptables-persistent-1.0.19/debian/ipset-persistent.prerm 2021-11-17
08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.prerm 1970-01-01
01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Remove alternatives
-update-alternatives --remove-all ipset.service
-
-#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/iptables.override
iptables-persistent-1.0.20/debian/iptables.override
--- iptables-persistent-1.0.19/debian/iptables.override 2021-11-17
08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables.override 2023-05-19
12:12:44.000000000 +0200
@@ -1,2 +1,2 @@
-[Unit]
-Conflicts=iptables.service ip6tables.service
+[Install]
+Alias=iptables.service ip6tables.service
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.install
iptables-persistent-1.0.20/debian/iptables-persistent.install
--- iptables-persistent-1.0.19/debian/iptables-persistent.install
2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.install
2023-05-19 12:12:44.000000000 +0200
@@ -1,4 +1,4 @@
#! /usr/bin/dh-exec
plugins/15-ip4tables usr/share/netfilter-persistent/plugins.d/
plugins/25-ip6tables usr/share/netfilter-persistent/plugins.d/
-debian/iptables.override =>
etc/systemd/system/netfilter-persistent.service.d/iptables.conf
+debian/iptables.override =>
lib/systemd/system/netfilter-persistent.service.d/iptables.conf
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.maintscript
iptables-persistent-1.0.20/debian/iptables-persistent.maintscript
--- iptables-persistent-1.0.19/debian/iptables-persistent.maintscript
1970-01-01 01:00:00.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.maintscript
2023-05-19 13:26:46.000000000 +0200
@@ -0,0 +1 @@
+rm_conffile /etc/systemd/system/netfilter-persistent.service.d/iptables.conf
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.postinst
iptables-persistent-1.0.20/debian/iptables-persistent.postinst
--- iptables-persistent-1.0.19/debian/iptables-persistent.postinst
2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.postinst
2023-05-19 13:26:46.000000000 +0200
@@ -2,9 +2,10 @@
set -e
-# Setup alternatives
-update-alternatives --install /lib/systemd/system/iptables.service
iptables.service /lib/systemd/system/netfilter-persistent.service 40 \
- --slave /lib/systemd/system/ip6tables.service ip6tables.service
/lib/systemd/system/netfilter-persistent.service
+# Can be dropped in Trixie
+if update-alternatives --query iptables.service 2>/dev/null; then
+ update-alternatives --remove-all iptables.service
+fi
# Source debconf library
. /usr/share/debconf/confmodule
@@ -45,4 +46,11 @@
;;
esac
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" =
"abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+ # Ensure the drop-in is loaded
+ if [ -d /run/systemd/system ]; then
+ systemctl --system daemon-reload >/dev/null || true
+ fi
+fi
+
#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.postrm
iptables-persistent-1.0.20/debian/iptables-persistent.postrm
--- iptables-persistent-1.0.19/debian/iptables-persistent.postrm
2019-08-22 23:39:03.000000000 +0200
+++ iptables-persistent-1.0.20/debian/iptables-persistent.postrm
2023-05-19 13:26:46.000000000 +0200
@@ -10,4 +10,9 @@
;;
esac
+# To register the drop-in's removal
+if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then
+ systemctl --system daemon-reload >/dev/null || true
+fi
+
#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.prerm
iptables-persistent-1.0.20/debian/iptables-persistent.prerm
--- iptables-persistent-1.0.19/debian/iptables-persistent.prerm 2021-11-17
08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.prerm 1970-01-01
01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Setup alternatives
-update-alternatives --remove-all iptables.service
-
-#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/NEWS
iptables-persistent-1.0.20/debian/NEWS
--- iptables-persistent-1.0.19/debian/NEWS 1970-01-01 01:00:00.000000000
+0100
+++ iptables-persistent-1.0.20/debian/NEWS 2023-05-19 12:12:44.000000000
+0200
@@ -0,0 +1,12 @@
+iptables-persistent (1.0.20) unstable; urgency=medium
+
+ iptables-persistent.service, ip6tables-persistent.service and
+ ipset-persistent.service are now aliases instead of alternatives, using
+ native functionality to provide alternative names. Users wishing to use such
+ names can use 'systemctl enable netfilter-persistent.service' to enable them,
+ and can override them using the standard systemd configuration mechanisms.
+ Other packages wishing to provide the same service names simply have to
+ declare the same aliases in their units, and users can enable the one they
+ prefer.
+
+ -- Luca Boccassi <[email protected]> Tue, 16 May 2023 01:40:17 +0100
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
