diff --git a/ebtables-config b/ebtables-config deleted file mode 100644 index 69d9289..0000000 --- a/ebtables-config +++ /dev/null @@ -1,11 +0,0 @@ -# Save current firewall rules on stop. -# Value: yes|no, default: no -# Saves all firewall rules if firewall gets stopped -# (e.g. on system shutdown). -EBTABLES_SAVE_ON_STOP="no" - -# Save (and restore) rule counters. -# Value: yes|no, default: no -# Save rule counters when saving a kernel table to a file. If the -# rule counters were saved, they will be restored when restoring the table. -EBTABLES_SAVE_COUNTER="no" diff --git a/ebtables-helper b/ebtables-helper deleted file mode 100644 index f1dee08..0000000 --- a/ebtables-helper +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/bash - -# compat for removed initscripts dependency - -success() { - echo "[ OK ]" - return 0 -} - -failure() { - echo "[FAILED]" - return 1 -} - -# internal variables -EBTABLES_CONFIG=/etc/sysconfig/ebtables-config -EBTABLES_DATA=/etc/sysconfig/ebtables -EBTABLES_TABLES="filter nat" -if ebtables --version | grep -q '(legacy)'; then - EBTABLES_TABLES+=" broute" -fi -VAR_SUBSYS_EBTABLES=/var/lock/subsys/ebtables - -# ebtables-config defaults -EBTABLES_SAVE_ON_STOP="no" -EBTABLES_SAVE_ON_RESTART="no" -EBTABLES_SAVE_COUNTER="no" - -# load config if existing -[ -f "$EBTABLES_CONFIG" ] && . "$EBTABLES_CONFIG" - -initialize() { - local ret=0 - for table in $EBTABLES_TABLES; do - ebtables -t $table --init-table || ret=1 - done - return $ret -} - -sanitize_dump() { - local drop=false - - export EBTABLES_TABLES - - cat $1 | while read line; do - case $line in - \**) - drop=false - local table="${line#\*}" - local found=false - for t in $EBTABLES_TABLES; do - if [[ $t == $table ]]; then - found=true - break - fi - done - $found || drop=true - ;; - esac - $drop || echo "$line" - done -} - -start() { - if [ -f $EBTABLES_DATA ]; then - echo -n $"ebtables: loading ruleset from $EBTABLES_DATA: " - sanitize_dump $EBTABLES_DATA | ebtables-restore - else - echo -n $"ebtables: no stored ruleset, initializing empty tables: " - initialize - fi - local ret=$? - touch $VAR_SUBSYS_EBTABLES - return $ret -} - -save() { - echo -n $"ebtables: saving active ruleset to $EBTABLES_DATA: " - export EBTABLES_SAVE_COUNTER - ebtables-save >$EBTABLES_DATA && success || failure -} - -case $1 in - start) - [ -f "$VAR_SUBSYS_EBTABLES" ] && exit 0 - start && success || failure - RETVAL=$? - ;; - stop) - [ "x$EBTABLES_SAVE_ON_STOP" = "xyes" ] && save - echo -n $"ebtables: stopping firewall: " - initialize && success || failure - RETVAL=$? - rm -f $VAR_SUBSYS_EBTABLES - ;; - save) - save - ;; - *) - echo "usage: ${0##*/} {start|stop|save}" >&2 - RETVAL=2 - ;; -esac - -exit $RETVAL diff --git a/ebtables.service b/ebtables.service deleted file mode 100644 index b096f1d..0000000 --- a/ebtables.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Ethernet Bridge Filtering tables - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/libexec/ebtables-helper start -ExecStop=/usr/libexec/ebtables-helper stop - -[Install] -WantedBy=multi-user.target diff --git a/ebtables.spec b/ebtables.spec index b4f10e6..87b84e2 100644 --- a/ebtables.spec +++ b/ebtables.spec @@ -2,23 +2,20 @@ Name: ebtables Version: 2.0.11 -Release: 14%{?dist} +Release: 21%{?dist} Summary: Ethernet Bridge frame table administration tool -License: GPLv2+ +# Automatically converted from old format: GPLv2+ - review is highly recommended. +License: GPL-2.0-or-later URL: http://ebtables.sourceforge.net/ Source0: ftp://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.bz2 Source1: ebtables-legacy-save -Source2: ebtables-helper -Source3: ebtables.service -Source4: ebtables-config BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: gcc -BuildRequires: systemd -BuildRequires: make +BuildRequires: make %description Ethernet bridge tables is a firewalling tool to transparently filter network @@ -33,9 +30,9 @@ like iptables. There are no known incompatibility issues. %package legacy Summary: Legacy user space tool to configure bridge netfilter rules in kernel -Requires(post): %{_sbindir}/update-alternatives +Requires(post): /usr/sbin/update-alternatives Requires(post): %{_bindir}/readlink -Requires(postun): %{_sbindir}/update-alternatives +Requires(postun): /usr/sbin/update-alternatives Conflicts: setup < 2.10.4-1 %if 0%{?rhel} >= 9 # RHEL-9 provides ebtables via iptables-nft, but doesn't support ebtables @@ -45,6 +42,8 @@ Conflicts: setup < 2.10.4-1 Provides: ebtables %endif +%sbin_merge_compat %{_prefix}/sbin/ebtables + %description legacy Ethernet bridge tables is a firewalling tool to transparently filter network traffic passing a bridge. The filtering possibilities are limited to link @@ -61,17 +60,6 @@ functionality in a much newer code-base. To aid in migration, there is ebtables-nft utility, a drop-in replacement for the legacy one which uses nftables internally. It is provided by iptables-nft package. -%package services -Summary: ebtables systemd services -%{?systemd_ordering} -Obsoletes: ebtables-compat < 2.0.10-39 - -%description services -ebtables systemd services - -This package provides the systemd ebtables service that has been split -out of the base package for better integration with alternatives. - %prep %autosetup -p1 -n ebtables-%{version} # Convert to UTF-8 @@ -84,10 +72,6 @@ f=THANKS; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f %install %make_install -install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/ebtables.service -install -D -m 755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables-helper -install -D -m 600 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/ebtables-config -touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables # install ebtables-legacy-save bash script install -m 755 %{SOURCE1} %{buildroot}%{_sbindir}/ebtables-legacy-save @@ -101,14 +85,8 @@ rm -f %{buildroot}%{_sysconfdir}/ethertypes # Drop these binaries (for now at least) rm %{buildroot}/%{_sbindir}/ebtables{d,u} -# Prepare for Alternatives system -touch %{buildroot}%{_sbindir}/ebtables -touch %{buildroot}%{_sbindir}/ebtables-save -touch %{buildroot}%{_sbindir}/ebtables-restore -touch %{buildroot}%{_mandir}/man8/ebtables.8 - %post legacy -pfx=%{_sbindir}/ebtables +pfx=%{_prefix}/sbin/ebtables manpfx=%{_mandir}/man8/ebtables for sfx in "" "-restore" "-save"; do if [ "$(readlink -e $pfx$sfx)" == $pfx$sfx ]; then @@ -118,7 +96,9 @@ done if [ "$(readlink -e $manpfx.8.gz)" == $manpfx.8.gz ]; then rm -f $manpfx.8.gz fi -%{_sbindir}/update-alternatives --install \ +# drop the extra entry linking to /usr/bin which previous version installed +update-alternatives --remove ebtables /usr/bin/ebtables-legacy 2>/dev/null +update-alternatives --install \ $pfx ebtables $pfx-legacy 10 \ --slave $pfx-save ebtables-save $pfx-legacy-save \ --slave $pfx-restore ebtables-restore $pfx-legacy-restore \ @@ -127,49 +107,56 @@ fi %postun legacy if [ $1 -eq 0 ]; then %{_sbindir}/update-alternatives --remove \ - ebtables %{_sbindir}/ebtables-legacy + ebtables %{_prefix}/sbin/ebtables-legacy fi # When upgrading ebtables to ebtables-{legacy,services}, # postun in ebtables thinks it is uninstalled and removes alternatives. # Counter this with a trigger here to have it installed again. %triggerpostun legacy -- ebtables -pfx=%{_sbindir}/ebtables +pfx=%{_prefix}/sbin/ebtables manpfx=%{_mandir}/man8/ebtables -%{_sbindir}/update-alternatives --install \ +update-alternatives --install \ $pfx ebtables $pfx-legacy 10 \ --slave $pfx-save ebtables-save $pfx-legacy-save \ --slave $pfx-restore ebtables-restore $pfx-legacy-restore \ --slave $manpfx.8.gz ebtables-man $manpfx-legacy.8.gz -%post services -%systemd_post ebtables.service - -%preun services -%systemd_preun ebtables.service - -%postun services -%systemd_postun ebtables.service - %files legacy %license COPYING %doc ChangeLog THANKS %{_sbindir}/ebtables-legacy* %{_mandir}/*/ebtables-legacy* %{_libdir}/libebtc.so* -%ghost %{_sbindir}/ebtables -%ghost %{_sbindir}/ebtables-save -%ghost %{_sbindir}/ebtables-restore -%ghost %{_mandir}/man8/ebtables.8.gz - -%files services -%{_unitdir}/ebtables.service -%{_libexecdir}/ebtables-helper -%config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config -%ghost %{_sysconfdir}/sysconfig/ebtables +%ghost %attr(0755,root,root) %{_prefix}/sbin/ebtables +%ghost %attr(0755,root,root) %{_prefix}/sbin/ebtables-save +%ghost %attr(0755,root,root) %{_prefix}/sbin/ebtables-restore +%ghost %attr(0644,root,root) %{_mandir}/man8/ebtables.8.gz %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 2.0.11-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Apr 03 2025 Phil Sutter - 2.0.11-20 +- Drop ebtables-services package +- Add fixes/hooks for bin-sbin merge, analogous to iptables.spec + +* Thu Jan 16 2025 Fedora Release Engineering - 2.0.11-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Thu Jul 25 2024 Miroslav Suchý - 2.0.11-18 +- convert license to SPDX + +* Wed Jul 17 2024 Fedora Release Engineering - 2.0.11-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Wed Jan 24 2024 Fedora Release Engineering - 2.0.11-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 2.0.11-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Wed Jul 19 2023 Fedora Release Engineering - 2.0.11-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild