Hello there, refreshing our openSUSE package from 5.1.12.3 to 5.2.1.4 I've hit a case that worry me a bit.
Work in progress here : https://build.opensuse.org/package/show/ home:bruno_friedmann:branches:security:netfilter/shorewall After the package update, shorewall(4,6) got error and have been stopped and not restarted. Of course running manually a shorewall(6) update -A /etc/ shorewall(6) fixed everything and work afterwards. As packager in the rpm world we try to avoid action that should be review by administrator (quite the inverse of Debian way of doing things). To be sure that users of the openSUSE rpm make changes and review of their configuration I've a automatic message that appear after the zypper operations. Basically something like. %posttrans -n %{name}6 if [ -f /run/%{name}6_upgrade ]; then cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}- something << EOF Warning: Shorewall6 %{dmaj} has just been installed Warning: You have to check and upgrade your configuration %{name}6 update -a %{_sysconfdir}/%{name}6 Warning: Adjust changes and try the new configuration %{name}6 try %{_sysconfdir}/%{name}6 EOF rm -f /run/%{name}6_upgrade fi But perhaps instead of just warn the user, and perhaps got people stuck out of their boxes I should propose to run the update in any case ? Is it safe to consider this, I doubt as the changes for example in nat -> snat can't be automated and safe in all kind of configuration people can have. Anyway a loop feedback is welcomed to best serve the product and its packaging. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe supporter GPG KEY : D5C9B751C4653227 irc: tigerfoot _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
