On 1/13/2019 12:05 PM, Bruno Friedmann wrote:
> Hello there, refreshing our openSUSE package 
> from 5.1.12.3 to 5.2.1.4 I've hit a case that worry me a bit.
> 
> Work in progress here : 
> https://build.opensuse.org/package/show/
> home:bruno_friedmann:branches:security:netfilter/shorewall
> 
> After the package update, shorewall(4,6) got error and have been stopped and 
> not restarted. Of course running manually a shorewall(6) update -A /etc/
> shorewall(6) fixed everything and work afterwards.
> 
> As packager in the rpm world we try to avoid action that should be review by 
> administrator (quite the inverse of Debian way of doing things).
> To be sure that users of the openSUSE rpm make changes and review of their 
> configuration I've a automatic message that appear after the zypper 
> operations.
> 
> Basically something like.
> 
> %posttrans -n %{name}6
> if [ -f /run/%{name}6_upgrade ]; then
> cat > %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-
> something << EOF
> Warning: Shorewall6 %{dmaj} has just been installed
> Warning: You have to check and upgrade your configuration
> %{name}6 update -a %{_sysconfdir}/%{name}6
> Warning: Adjust changes and try the new configuration
> %{name}6 try %{_sysconfdir}/%{name}6
> EOF
> rm -f /run/%{name}6_upgrade
> fi
> 
> But perhaps instead of just warn the user, and perhaps got people stuck out 
> of 
> their boxes I should propose to run the update in any case ?
> 
> Is it safe to consider this, I doubt as the changes for example in nat -> 
> snat 
> can't be automated and safe in all kind of configuration people can have.
> 
> Anyway a loop feedback is welcomed to best serve the product and its 
> packaging.
> 

I guess that behavior could be desirable for point release and mayby for
minor release.

http://shorewall.org/NewRelease.html

-Matt
-- 
Matt Darfeuille


_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to