On 1/13/2019 12:05 PM, Bruno Friedmann wrote: > Hello there, refreshing our openSUSE package > from 5.1.12.3 to 5.2.1.4 I've hit a case that worry me a bit. > > Work in progress here : > https://build.opensuse.org/package/show/ > home:bruno_friedmann:branches:security:netfilter/shorewall > > After the package update, shorewall(4,6) got error and have been stopped and > not restarted. Of course running manually a shorewall(6) update -A /etc/ > shorewall(6) fixed everything and work afterwards. > > As packager in the rpm world we try to avoid action that should be review by > administrator (quite the inverse of Debian way of doing things). > To be sure that users of the openSUSE rpm make changes and review of their > configuration I've a automatic message that appear after the zypper > operations. > > Basically something like. > > %posttrans -n %{name}6 > if [ -f /run/%{name}6_upgrade ]; then > cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}- > something << EOF > Warning: Shorewall6 %{dmaj} has just been installed > Warning: You have to check and upgrade your configuration > %{name}6 update -a %{_sysconfdir}/%{name}6 > Warning: Adjust changes and try the new configuration > %{name}6 try %{_sysconfdir}/%{name}6 > EOF > rm -f /run/%{name}6_upgrade > fi > > But perhaps instead of just warn the user, and perhaps got people stuck out > of > their boxes I should propose to run the update in any case ? > > Is it safe to consider this, I doubt as the changes for example in nat -> > snat > can't be automated and safe in all kind of configuration people can have. > > Anyway a loop feedback is welcomed to best serve the product and its > packaging. >
I guess that behavior could be desirable for point release and mayby for minor release. http://shorewall.org/NewRelease.html -Matt -- Matt Darfeuille _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
