Bug#1036354: marked as done (unblock: iptables-persistent/1.0.20)

To: Sebastian Ramacher <sramacher@respighi.debian.org>
Subject: Bug#1036354: marked as done (unblock: iptables-persistent/1.0.20)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 23 May 2023 10:39:06 +0000
Message-id: <[🔎] handler.1036354.D1036354.16848381622737653.ackdone@bugs.debian.org>
Reply-to: 1036354@bugs.debian.org
References: <E1q1PMy-00C4mQ-U3@respighi.debian.org> <[🔎] 168450706981.952718.16558459137606858473.reportbug@enceladus>

Your message dated Tue, 23 May 2023 10:35:56 +0000
with message-id <E1q1PMy-00C4mQ-U3@respighi.debian.org>
and subject line unblock iptables-persistent
has caused the Debian Bug report #1036354,
regarding unblock: iptables-persistent/1.0.20
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036354: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036354
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: iptables-persistent/1.0.20
From: gustavo panizzo <gfa@debian.org>
Date: Fri, 19 May 2023 16:37:49 +0200
Message-id: <[🔎] 168450706981.952718.16558459137606858473.reportbug@enceladus>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: bluca@debian.org

Please unblock package iptables-persistent

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]
The package is using alternatives to manage (systemd) aliases,
this is not recommended by the systemd maintainers.

See bug report #1036147


I've added alternatives to this package back in 2019 to solve #926927
as a point of coordination with other firewall managers in Debian
(see https://lists.debian.org/debian-firewall/2019/08/msg00000.html) but
the initiative never took off


[ Impact ]
This is (was) the only package in Debian which uses alternatives to
manage aliases, which makes it different from what admins expect

[ Tests ]
This version of the package is clean in lintian and piuparts,
I've upgraded my systems and found no problems


[ Risks ]
I see no risks, if an admin locally have changed the override files,
we'll keep them as dpkg-bak


[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock iptables-persistent/1.0.20

diff -Nru iptables-persistent-1.0.19/debian/changelog iptables-persistent-1.0.20/debian/changelog
--- iptables-persistent-1.0.19/debian/changelog	2023-02-28 08:02:38.000000000 +0100
+++ iptables-persistent-1.0.20/debian/changelog	2023-05-19 13:27:33.000000000 +0200
@@ -1,3 +1,16 @@
+iptables-persistent (1.0.20) unstable; urgency=medium
+
+  [ Luca Boccassi ]
+  * [3d8a9b] Use aliases instead of overrides for alternative names
+    (Closes: #1036147)
+  * [418c74] Install drop-ins in /lib/ instead of /etc/ (Closes: #1036147)
+
+  [ gustavo panizzo ]
+  * [06509f] Handle obsolete conffile removal
+  * [633371] Remove obsolete dependency (lsb-base)
+
+ -- gustavo panizzo <gfa@zumbi.com.ar>  Fri, 19 May 2023 13:27:33 +0200
+
 iptables-persistent (1.0.19) unstable; urgency=medium
 
   * [49d9ca] Debconf templates translation to Romanian.
diff -Nru iptables-persistent-1.0.19/debian/control iptables-persistent-1.0.20/debian/control
--- iptables-persistent-1.0.19/debian/control	2023-02-28 08:02:01.000000000 +0100
+++ iptables-persistent-1.0.20/debian/control	2023-05-19 13:26:46.000000000 +0200
@@ -7,10 +7,11 @@
 Vcs-Browser: https://salsa.debian.org/debian/iptables-persistent
 Vcs-Git: https://salsa.debian.org/debian/iptables-persistent.git
 Rules-Requires-Root: no
+Pre-Depends: dpkg (>= 1.15.7.2)
 
 Package: netfilter-persistent
 Architecture: all
-Depends: lsb-base, ${misc:Depends}
+Depends: ${misc:Depends}
 Suggests: iptables-persistent
 Pre-Depends: ${misc:Pre-Depends}
 Description: boot-time loader for netfilter configuration
diff -Nru iptables-persistent-1.0.19/debian/ipset.override iptables-persistent-1.0.20/debian/ipset.override
--- iptables-persistent-1.0.19/debian/ipset.override	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset.override	2023-05-19 12:12:44.000000000 +0200
@@ -1,2 +1,2 @@
-[Unit]
-Conflicts=ipset.service
+[Install]
+Alias=ipset.service
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.install iptables-persistent-1.0.20/debian/ipset-persistent.install
--- iptables-persistent-1.0.19/debian/ipset-persistent.install	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.install	2023-05-19 12:12:44.000000000 +0200
@@ -1,4 +1,4 @@
 #! /usr/bin/dh-exec
 plugins/10-ipset         usr/share/netfilter-persistent/plugins.d/
 plugins/40-ipset         usr/share/netfilter-persistent/plugins.d/
-debian/ipset.override => etc/systemd/system/netfilter-persistent.service.d/ipset.conf
+debian/ipset.override => lib/systemd/system/netfilter-persistent.service.d/ipset.conf
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.maintscript iptables-persistent-1.0.20/debian/ipset-persistent.maintscript
--- iptables-persistent-1.0.19/debian/ipset-persistent.maintscript	1970-01-01 01:00:00.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.maintscript	2023-05-19 13:26:46.000000000 +0200
@@ -0,0 +1 @@
+rm_conffile /etc/systemd/system/netfilter-persistent.service.d/ipset.conf
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.postinst iptables-persistent-1.0.20/debian/ipset-persistent.postinst
--- iptables-persistent-1.0.19/debian/ipset-persistent.postinst	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.postinst	2023-05-19 13:26:46.000000000 +0200
@@ -2,8 +2,10 @@
 
 set -e
 
-# Setup alternatives
-update-alternatives --install /lib/systemd/system/ipset.service ipset.service /lib/systemd/system/netfilter-persistent.service 40
+# Can be dropped in Trixie
+if update-alternatives --query ipset.service 2>/dev/null; then
+    update-alternatives --remove-all ipset.service
+fi
 
 # Source debconf library
 . /usr/share/debconf/confmodule
@@ -29,4 +31,11 @@
 ;;
 esac
 
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+    # Ensure the drop-in is loaded
+    if [ -d /run/systemd/system ]; then
+        systemctl --system daemon-reload >/dev/null || true
+    fi
+fi
+
 #DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.postrm iptables-persistent-1.0.20/debian/ipset-persistent.postrm
--- iptables-persistent-1.0.19/debian/ipset-persistent.postrm	2020-07-02 16:33:46.000000000 +0200
+++ iptables-persistent-1.0.20/debian/ipset-persistent.postrm	2023-05-19 13:26:46.000000000 +0200
@@ -8,4 +8,9 @@
 ;;
 esac
 
+# To register the drop-in's removal
+if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then
+	systemctl --system daemon-reload >/dev/null || true
+fi
+
 #DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/ipset-persistent.prerm iptables-persistent-1.0.20/debian/ipset-persistent.prerm
--- iptables-persistent-1.0.19/debian/ipset-persistent.prerm	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/ipset-persistent.prerm	1970-01-01 01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Remove alternatives
-update-alternatives --remove-all ipset.service
-
-#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/iptables.override iptables-persistent-1.0.20/debian/iptables.override
--- iptables-persistent-1.0.19/debian/iptables.override	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables.override	2023-05-19 12:12:44.000000000 +0200
@@ -1,2 +1,2 @@
-[Unit]
-Conflicts=iptables.service ip6tables.service
+[Install]
+Alias=iptables.service ip6tables.service
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.install iptables-persistent-1.0.20/debian/iptables-persistent.install
--- iptables-persistent-1.0.19/debian/iptables-persistent.install	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.install	2023-05-19 12:12:44.000000000 +0200
@@ -1,4 +1,4 @@
 #! /usr/bin/dh-exec
 plugins/15-ip4tables        usr/share/netfilter-persistent/plugins.d/
 plugins/25-ip6tables        usr/share/netfilter-persistent/plugins.d/
-debian/iptables.override => etc/systemd/system/netfilter-persistent.service.d/iptables.conf
+debian/iptables.override => lib/systemd/system/netfilter-persistent.service.d/iptables.conf
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.maintscript iptables-persistent-1.0.20/debian/iptables-persistent.maintscript
--- iptables-persistent-1.0.19/debian/iptables-persistent.maintscript	1970-01-01 01:00:00.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.maintscript	2023-05-19 13:26:46.000000000 +0200
@@ -0,0 +1 @@
+rm_conffile /etc/systemd/system/netfilter-persistent.service.d/iptables.conf
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.postinst iptables-persistent-1.0.20/debian/iptables-persistent.postinst
--- iptables-persistent-1.0.19/debian/iptables-persistent.postinst	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.postinst	2023-05-19 13:26:46.000000000 +0200
@@ -2,9 +2,10 @@
 
 set -e
 
-# Setup alternatives
-update-alternatives --install /lib/systemd/system/iptables.service iptables.service /lib/systemd/system/netfilter-persistent.service 40 \
-    --slave /lib/systemd/system/ip6tables.service ip6tables.service /lib/systemd/system/netfilter-persistent.service
+# Can be dropped in Trixie
+if update-alternatives --query iptables.service 2>/dev/null; then
+    update-alternatives --remove-all iptables.service
+fi
 
 # Source debconf library
 . /usr/share/debconf/confmodule
@@ -45,4 +46,11 @@
 ;;
 esac
 
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+    # Ensure the drop-in is loaded
+    if [ -d /run/systemd/system ]; then
+        systemctl --system daemon-reload >/dev/null || true
+    fi
+fi
+
 #DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.postrm iptables-persistent-1.0.20/debian/iptables-persistent.postrm
--- iptables-persistent-1.0.19/debian/iptables-persistent.postrm	2019-08-22 23:39:03.000000000 +0200
+++ iptables-persistent-1.0.20/debian/iptables-persistent.postrm	2023-05-19 13:26:46.000000000 +0200
@@ -10,4 +10,9 @@
 ;;
 esac
 
+# To register the drop-in's removal
+if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then
+	systemctl --system daemon-reload >/dev/null || true
+fi
+
 #DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/iptables-persistent.prerm iptables-persistent-1.0.20/debian/iptables-persistent.prerm
--- iptables-persistent-1.0.19/debian/iptables-persistent.prerm	2021-11-17 08:58:54.000000000 +0100
+++ iptables-persistent-1.0.20/debian/iptables-persistent.prerm	1970-01-01 01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Setup alternatives
-update-alternatives --remove-all iptables.service
-
-#DEBHELPER#
diff -Nru iptables-persistent-1.0.19/debian/NEWS iptables-persistent-1.0.20/debian/NEWS
--- iptables-persistent-1.0.19/debian/NEWS	1970-01-01 01:00:00.000000000 +0100
+++ iptables-persistent-1.0.20/debian/NEWS	2023-05-19 12:12:44.000000000 +0200
@@ -0,0 +1,12 @@
+iptables-persistent (1.0.20) unstable; urgency=medium
+
+  iptables-persistent.service, ip6tables-persistent.service and
+  ipset-persistent.service are now aliases instead of alternatives, using
+  native functionality to provide alternative names. Users wishing to use such
+  names can use 'systemctl enable netfilter-persistent.service' to enable them,
+  and can override them using the standard systemd configuration mechanisms.
+  Other packages wishing to provide the same service names simply have to
+  declare the same aliases in their units, and users can enable the one they
+  prefer.
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 16 May 2023 01:40:17 +0100

--- End Message ---

--- Begin Message ---

To: 1036354-done@bugs.debian.org

Subject: unblock iptables-persistent

From: Sebastian Ramacher <sramacher@respighi.debian.org>

Date: Tue, 23 May 2023 10:35:56 +0000

Message-id: <E1q1PMy-00C4mQ-U3@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#1036354: unblock: iptables-persistent/1.0.20
  - From: gustavo panizzo <gfa@debian.org>

Prev by Date: Bug#1036553: marked as done (unblock: qtsvg-opensource-src/5.15.8-3)
Next by Date: Bug#1036560: marked as done (unblock: libraw/0.20.2-2.1)
Previous by thread: Processed: Re: Bug#1036354: unblock: iptables-persistent/1.0.20
Next by thread: Bug#1036355: unblock: adduser/3.133
Index(es):
- Date
- Thread