Commit 752bf29d authored by Sven Geuer's avatar Sven Geuer

Import Debian changes 2.0.3-1~rc2

arno-iptables-firewall (2.0.3-1~rc2) UNRELEASED; urgency=medium

  * New upstream release.
    (Closes: #824684, #862856, #886991, #898770, #913089)
  * New maintainer.
    (Closes: #886951)
  * Update Standards-Version to 4.2.1; no changes necessary.
  * Update debhelper compatibility level to 11.
  * Clean up Depends.
  * Update debian/copyright.
  * Update debian/watch.
  * Make use of dh_installlogrotate and simulate non-existing
    dh_installrsyslog
    - Move logrotate.d.conf to arno-iptables-firewall.logrotate
    - Move rsyslog.d.conf to arno-iptables-firewall.rsyslog
    - Update debian/rules
  * Add support for systemd as alternate init system in addition to sysvinit.
    - Refactor preinst, postinst, prerm, postrm.
  * Patch documentation and security related directives into systemd unit file.
  * Add lintian-override due to missing uplink pgp signature.
  * Add debian/upstream/metadata.
  * Update debian/templates to provide a valid default configuration.
  * Add debian/tests/* for autopkgtest.
  * Convert debian/po/fr.po and sv.po from latin1 to utf8.
parent b9c78fd0
arno-iptables-firewall (2.0.1.b-1) experimental; urgency=low
* The package now supports a conf.d-style configuration option that
The package now supports a conf.d-style configuration option that
makes it possible to tweak the configuration without editing the default
configuration files. Consequently, the Debconf-based configuration settings
(if enabled) are no longer written into a custom 'debconf.cfg', but use
......@@ -13,7 +13,7 @@ arno-iptables-firewall (2.0.1.b-1) experimental; urgency=low
arno-iptables-firewall (1.9.2.a-1) unstable; urgency=low
* With this release the syntax of the config file is slightly changed. From
With this release the syntax of the config file is slightly changed. From
now on the '#' (hash-character) is used as the new separator for interface
restrictions (i.e. eth0#....).
......@@ -21,7 +21,7 @@ arno-iptables-firewall (1.9.2.a-1) unstable; urgency=low
arno-iptables-firewall (1.9.0.a-1) unstable; urgency=low
* The syntax and layout of the configuration file has been changed. Several
The syntax and layout of the configuration file has been changed. Several
variable names have been modified, but the most notable difference is the
switch from ':' to '~' as port separator string. Although most
installations that exclusively use the debconf-managed configuration
......@@ -29,12 +29,12 @@ arno-iptables-firewall (1.9.0.a-1) unstable; urgency=low
to verify the firewall setup before reenabling the firewall after
upgrading. more information is available in
/usr/share/doc/arno-iptables-firewall/README.gz
* The 1.9 branch now uses a leightweight init.d script without a verbose
The 1.9 branch now uses a leightweight init.d script without a verbose
status dump during startup. The 'old' status report is available when
manually starting the firewall using /usr/sbin/arno-iptables-firewall.
Additionally, this script, as well as the init.d scripti, provides a details
iptables configuration dump via the 'status' command.
* A default rsyslog configuration (and corresponding logrotate setup) for
A default rsyslog configuration (and corresponding logrotate setup) for
firewall-related messages is has been added. Such messages will now be
logged into /var/log/arno-iptables-firewall.
......@@ -42,7 +42,7 @@ arno-iptables-firewall (1.9.0.a-1) unstable; urgency=low
arno-iptables-firewall (1.8.8.l-1) unstable; urgency=low
* The location of the firewall plugins has changed. The plugins itself are
The location of the firewall plugins has changed. The plugins itself are
now placed in /usr/share/arno-iptables-firewall/plugins, while their
configuration files remain in /etc/arno-iptables-firewall/plugins.
Unmodified plugins are silently moved on package upgrade. If any of the
......@@ -55,7 +55,7 @@ arno-iptables-firewall (1.8.8.l-1) unstable; urgency=low
arno-iptables-firewall (1.8.8-1) unstable; urgency=low
* The location of the config files has been changed. All files are now
The location of the config files has been changed. All files are now
located in /etc/arno-iptables-firewall/. Config files of previous package
versions are automatically moved into the new location and any
customizations will be preserved. This includes MAC filter lists and host
......
bin/arno-fwfilter usr/bin
bin/arno-iptables-firewall usr/sbin
etc/arno-iptables-firewall/* etc/arno-iptables-firewall
etc/* etc
share/arno-iptables-firewall/* usr/share/arno-iptables-firewall
lib/* lib
arno-iptables-firewall: init.d-script-possible-missing-stop etc/init.d/arno-iptables-firewall 1
......@@ -8,6 +8,6 @@
delaycompress
sharedscripts
postrotate
systemctl is-active rsyslog.service && systemctl --signal=SIGHUP kill rsyslog.service > /dev/null
[ -x /etc/init.d/rsyslog ] && invoke-rc.d rsyslog rotate > /dev/null
endscript
}
arno-iptables-firewall (2.0.3-1~rc1) UNRELEASED; urgency=medium
arno-iptables-firewall (2.0.3-1~rc2) UNRELEASED; urgency=medium
* New upstream release.
(Closes: #824684, #862856, #886991, #898770, #913089)
......@@ -14,21 +14,16 @@ arno-iptables-firewall (2.0.3-1~rc1) UNRELEASED; urgency=medium
- Move logrotate.d.conf to arno-iptables-firewall.logrotate
- Move rsyslog.d.conf to arno-iptables-firewall.rsyslog
- Update debian/rules
* Switch from System-V style init scripts to systemd
- Suppress installation of /etc/init.d/arno-iptables-firewall
- Introduce debian/prerm
- Update debian/postrm to not use invoke-rc.d or update-rc.d.
- Update debian/preinst to remove System-V style init script links.
- Update debian/postinst to use deb-systemd-invoke instead
of invoke-rc.d or update-rc.d.
- Update debian/arno-iptables-firewall.logrotate to use systemctl
instead of invoke-rc.d.
- Update debian/template and debian/po/* to propose a call to
systemctl instead of invoke-rc.d.
- Update debian/rules
* Bugfix: Convert debian/po/fr.po and sv.po from latin1 to utf8
* Add support for systemd as alternate init system in addition to sysvinit.
- Refactor preinst, postinst, prerm, postrm.
* Patch documentation and security related directives into systemd unit file.
* Add lintian-override due to missing uplink pgp signature.
* Add debian/upstream/metadata.
* Update debian/templates to provide a valid default configuration.
* Add debian/tests/* for autopkgtest.
* Convert debian/po/fr.po and sv.po from latin1 to utf8.
-- Sven Geuer <debmaint@g-e-u-e-r.de> Thu, 06 Dec 2018 11:43:12 +0100
-- Sven Geuer <debmaint@g-e-u-e-r.de> Mon, 10 Dec 2018 23:29:07 +0100
arno-iptables-firewall (2.0.1.f-1.1) unstable; urgency=medium
......@@ -600,6 +595,3 @@ arno-iptables-firewall (1.8.4-1) unstable; urgency=low
* Modified the 'reload' command of the init.d script to 'force-reload'.
-- Michael Hanke <michael.hanke@gmail.com> Tue, 30 Aug 2005 11:12:25 +0200
#!/bin/bash
#!/bin/sh
# config script for arno-iptables-firewall
set -e
......
......@@ -2,7 +2,12 @@ Source: arno-iptables-firewall
Maintainer: Sven Geuer <debmaint@g-e-u-e-r.de>
Section: net
Priority: optional
Build-Depends: debhelper-compat (= 11),
# This (plus a removed debian/compat) is correct according to
# https://manpages.debian.org/unstable/debhelper/debhelper.7.en.html#COMPATIBILITY_LEVELS
# but Lintian on mentors.debian.net complains about it.
#Build-Depends: debhelper-compat (= 11),
# Thus we stay with the traditional approach.
Build-Depends: debhelper (>= 11~),
po-debconf
Standards-Version: 4.2.1
Homepage: http://rocky.eld.leidenuniv.nl/
......@@ -12,7 +17,8 @@ Architecture: all
Depends: ${misc:Depends},
iptables,
iproute2,
gawk
kmod,
procps
Recommends: curl,
dnsutils,
rsyslog (>= 5.8.1-1~)
......@@ -27,3 +33,7 @@ Description: single- and multi-homed firewall script with DSL/ADSL support
of additional features, that can be enabled in the well documented
configuration file are: DSL/ADSL, Port forwarding, DMZ's,
portscan detection, MAC address filtering.
.
Moreover it comes with an extensive set of plugins to cover further
requirements. For example ssh brute force protection, traffic shaping,
traffic accounting, vpn support to just mention a few.
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: arno-iptables-firewall
Source: http://rocky.eld.leidenuniv.nl/
Files: *
Copyright: 2001-2018 Arno van Amersfoort and Lonnie Abelbeck
Copyright: 2001-2017 Arno van Amersfoort and Lonnie Abelbeck
License: GPL-2+
Files: contrib/adsl-failover
......@@ -11,21 +11,27 @@ Copyright: 2007 Mark Cleverdon <mark@lanzarote1.com>
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/50ipsec-vpn.plugin
share/arno-iptables-firewall/plugins/60traffic-shaper.plugin
share/arno-iptables-firewall/plugins/90dmz-dnat.plugin
Copyright: 2006-2010 Philip Prindeville
Copyright: 2006-2016 Philip Prindeville and Arno van Amersfoort
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/50linux-upnp-igd.plugin
Copyright: 2007-2011 Joerg Straube
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/60traffic-shaper.plugin
Copyright: 2008-2010 Philip Prindeville
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/90dmz-dnat.plugin
Copyright: 2010-2016 Philip Prindeville
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/90rpc.plugin
Copyright: 2011-2012 Jared H. Hudson
License: GPL-2+
Files: debian/*
Copyright: 2005-2017 Michael Hanke <michael.hanke@gmail.com>
Copyright: 2005-2014 Michael Hanke <michael.hanke@gmail.com>
2018 Sven Geuer <debmaint@g-e-u-e-r.de>
License: GPL-2+
......
......@@ -3,6 +3,4 @@ etc/arno-iptables-firewall/conf.d
etc/logrotate.d
etc/rsyslog.d
usr/bin
usr/share/arno-iptables-firewall/plugins
usr/share/lintian/overrides
usr/share/arno-iptables-firewall/plugins
[DEFAULT]
# the default branch for upstream sources:
upstream-branch = upstream
# the default branch for the debian patch:
debian-branch = master
hostip_url_fix
lsb_init
debian_paths
unit_file_addons
Description: Add documentation and security related configurations
Provide references to manpage and upstream homepage.
Limit access to system resources in case service is malfunctioning or got
compromised.
Author: Sven Geuer <debmaint@g-e-u-e-r.de>
Last-Update: 2018-12-10
--- a/lib/systemd/system/arno-iptables-firewall.service
+++ b/lib/systemd/system/arno-iptables-firewall.service
@@ -1,5 +1,7 @@
[Unit]
Description=Arno's Iptables Firewall
+Documentation=man:arno-iptables-firewall(8)
+Documentation=http://rocky.eld.leidenuniv.nl/
DefaultDependencies=no
After=local-fs.target network-online.target
Requires=local-fs.target network-online.target
@@ -11,6 +13,11 @@
ExecStop=/usr/sbin/arno-iptables-firewall stop
ExecReload=/usr/sbin/arno-iptables-firewall force-reload
RemainAfterExit=yes
+ProtectSystem=full
+ProtectHome=true
+PrivateTmp=true
+LimitNPROC=1
+DeviceAllow=/dev/null rw
[Install]
WantedBy=multi-user.target
......@@ -198,11 +198,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Abyste později nemuseli s aplikováním nových pravidel firewallu čekat až do "
"příštího restartu počítače, můžete je povolit příkazem 'systemctl restart "
"arno-iptables-firewall.service'."
"příštího restartu počítače, můžete je povolit příkazem 'invoke-rc.d arno-"
"iptables-firewall start'."
#. Type: boolean
#. description
......
......@@ -211,10 +211,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"For senere manuelt at anvende de nye indstillinger for brandmuren før den "
"næste genstart så kør »systemctl restart arno-iptables-firewall.service«."
"næste genstart så kør »invoke-rc.d arno-iptables-firewall start«."
#. Type: boolean
#. description
......
......@@ -224,10 +224,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Wenn Sie die neue Firewall-Konfiguration vor dem nächsten Neustart manuell "
"laden wollen, führen Sie 'systemctl restart arno-iptables-firewall.service' aus."
"laden wollen, führen Sie 'invoke-rc.d arno-iptables-firewall start' aus."
#. Type: boolean
#. description
......
......@@ -233,11 +233,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Para aplicar manualmente las configuraciones nuevas del cortafuegos antes "
"del siguiente reinicio, ejecute «systemctl restart arno-iptables-firewall"
".service»."
"del siguiente reinicio, ejecute «invoke-rc.d arno-iptables-firewall start»."
#. Type: boolean
#. description
......
......@@ -21,7 +21,7 @@ msgstr ""
"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=ISO-8859-15\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: KBabel 1.11.2\n"
......@@ -220,11 +220,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Afin d'appliquer ultérieurement la nouvelle configuration avant le "
"redémarrage, utilisez la commande « systemctl restart arno-iptables-firewall"
".service »."
"redémarrage, utilisez la commande « invoke-rc.d arno-iptables-firewall "
"start »."
#. Type: boolean
#. description
......
......@@ -217,11 +217,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Per applicare manualmente le nuove impostazioni del firewall prima del "
"prossimo riavvio del sistema, puoi eseguire 'systemctl restart arno-iptables-"
"firewall.service'."
"prossimo riavvio del sistema, puoi eseguire 'invoke-rc.d arno-iptables-"
"firewall start'."
#. Type: boolean
#. description
......
......@@ -204,10 +204,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"後ほど手動で、新しいファイアウォール設定を次回の再起動前に適用するには、"
"「systemctl restart arno-iptables-firewall.service」を実行してください。"
"「invoke-rc.d arno-iptables-firewall start」を実行してください。"
#. Type: boolean
#. description
......
......@@ -201,10 +201,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"For å bruke de nye brannmurinnstillingene før neste omstart av systemet, "
"kjør «systemctl restart arno-iptables-firewall.service»."
"kjør «invoke-rc.d arno-iptables-firewall start»."
#. Type: boolean
#. description
......
......@@ -208,10 +208,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Om straks de nieuwe firewall-instellingen handmatig toe te passen voor de "
"volgende herstart voert u 'systemctl restart arno-iptables-firewall.service' uit."
"volgende herstart voert u 'invoke-rc.d arno-iptables-firewall start' uit."
#. Type: boolean
#. description
......
......@@ -210,7 +210,7 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Aby później ręcznie zastosować nowe ustawienia zapory sieciowej jeszcze "
"przed kolejnym, ponownym uruchomieniem komputera, proszę wykonać \"invoke-rc."
......
......@@ -210,11 +210,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Para depois poder aplicar manualmente a nova configuração de firewall antes "
"do próximo reiniciar da máquina, invoque 'systemctl restart arno-iptables-"
"firewall.service'."
"do próximo reiniciar da máquina, invoque 'invoke-rc.d arno-iptables-firewall "
"start'."
#. Type: boolean
#. description
......
......@@ -211,11 +211,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Para posteriormente aplicar manualmente as novas configurações do firewall "
"antes da próxima reinicialização, execute 'systemctl restart arno-iptables-"
"firewall.service'."
"antes da próxima reinicialização, execute 'invoke-rc.d arno-iptables-"
"firewall start'."
#. Type: boolean
#. description
......
......@@ -212,11 +212,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Позднее, чтобы вручную применить новые настройки межсетевого экрана перед "
"следующей перезагрузкой, запустите 'systemctl restart arno-iptables-firewall"
".service'."
"следующей перезагрузкой, запустите 'invoke-rc.d arno-iptables-firewall "
"start'."
#. Type: boolean
#. description
......
......@@ -9,7 +9,7 @@ msgstr ""
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
"Language: sv\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=iso-8859-1\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#. Type: title
......@@ -204,10 +204,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"För att senare manuellt verkställa de nya brandväggsinställningarna före "
"nästa omstart, kör \"systemctl restart arno-iptables-firewall.service\"."
"nästa omstart, kör \"invoke-rc.d arno-iptables-firewall start\"."
#. Type: boolean
#. description
......
......@@ -174,7 +174,7 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
#. Type: boolean
......
......@@ -203,10 +203,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
msgstr ""
"Lúc sau, để tự áp dụng thiết lập bức tường lửa mới trước khi khởi động lại, "
"hãy sử dụng lệnh « systemctl restart arno-iptables-firewall.service »."
"hãy sử dụng lệnh « invoke-rc.d arno-iptables-firewall start »."
#. Type: boolean
#. description
......
This diff is collapsed.
#! /bin/sh
#!/bin/sh
# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
# postrm script for arno-iptables-firewall
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postrm> `remove'
# * <postrm> `purge'
# * <old-postrm> `upgrade' <new-version>
# * <new-postrm> `failed-upgrade' <old-version>
# * <new-postrm> `abort-install'
# * <new-postrm> `abort-install' <old-version>
# * <new-postrm> `abort-upgrade' <old-version>
# * <disappearer's-postrm> `disappear' <overwriter>
# <overwriter-version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# start up debconf here.
# why? see https://manpages.debian.org/testing/debconf-doc/debconf-devel.7.en.html, paragraph HACKS.
# plus automatically inserted code may be using debconf (in fact is does, and loads confmodule a little bit late)
# plus automatically inserted code may be using debconf
# (in fact it does, and loads confmodule a little bit late IMHO)
. /usr/share/debconf/confmodule
db_version 2.0
case "$1" in
purge)
# when purging remove debconf managed config file
if [ -e /etc/arno-iptables-firewall/conf.d/00debconf.conf ]; then
rm -f /etc/arno-iptables-firewall/conf.d/00debconf.conf
fi
;;
remove|abort-install|disappear)
;;
upgrade|failed-upgrade|abort-upgrade)
;;
*)
echo "postrm called with unknown argument '$1'" >&2
exit 1
;;
purge)
# when purging remove debconf managed config file
if [ -e /etc/arno-iptables-firewall/conf.d/00debconf.conf ]; then
rm -f /etc/arno-iptables-firewall/conf.d/00debconf.conf || true
fi
;;
remove|disappear)
update-rc.d -f arno-iptables-firewall remove >/dev/null || true
;;
upgrade|failed-upgrade|abort-install|abort-upgrade)
# we don't stop on upgrades so that the firewall keeps operational.
# this works since there's only a set of iptables rules, no real daemon.
# eventually postinst configure replaces them with a new set of rules.
;;
*)
echo "postrm called with unknown argument '$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
......
#!/bin/sh
# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
# preinst script for arno-iptables-firewall
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <new-preinst> `install'
# * <new-preinst> `install' <old-version>
# * <new-preinst> `upgrade' <old-version>
# * <old-preinst> `abort-upgrade' <new-version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# Move a conffile. In case of an unmodified file simply
# remove it to not trigger dpkg questions.
# However, if the file is modified this question should occur.
mv_conffile()
{
CONFFILE="$1"
NEWLOCATION="$2"
CONFFILE="$1"
NEWLOCATION="$2"
if [ -e "$CONFFILE" ]; then
md5sum="`md5sum \"$CONFFILE\" | sed -e \"s/ .*//\"`"
old_md5sum=$(dpkg-query -W -f='${Conffiles}' arno-iptables-firewall | grep ${CONFFILE} | awk '{ print $2 }')
if [ "$md5sum" = "$old_md5sum" ]; then
rm -f "$CONFFILE"
else
mv "$CONFFILE" "$NEWLOCATION"
fi
fi
if [ -e "$CONFFILE" ]; then
md5sum="`md5sum \"$CONFFILE\" | sed -e \"s/ .*//\"`"
old_md5sum=$(dpkg-query -W -f='${Conffiles}' arno-iptables-firewall | grep ${CONFFILE} | awk '{ print $2 }')
if [ "$md5sum" = "$old_md5sum" ]; then
rm -f "$CONFFILE"
else
mv "$CONFFILE" "$NEWLOCATION"
fi
fi
}
case "$1" in
install|upgrade)
if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.8.6.c-4"; then
if [ -e /etc/default/arno-iptables-firewall ]; then
echo "Moving old firewall configuration to /etc/arno-iptables-firewall/firewall.conf."
install|upgrade)
if dpkg --compare-versions "$2" le-nl "1.8.6.c-4"; then
if [ -e /etc/default/arno-iptables-firewall ]; then
echo "Moving old firewall configuration to /etc/arno-iptables-firewall/firewall.conf."
if [ ! -d /etc/arno-iptables-firewall ]; then
mkdir /etc/arno-iptables-firewall
fi
if [ ! -d /etc/arno-iptables-firewall ]; then
mkdir /etc/arno-iptables-firewall
fi
mv_conffile "/etc/default/arno-iptables-firewall" "/etc/arno-iptables-firewall/firewall.conf"
fi
fi
if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.8.8.l-1"; then
echo "Moving plugins from /etc to /usr/share/arno-iptables-firewall/plugins."
for f in /etc/arno-iptables-firewall/plugins/*.plugin; do
mv_conffile "$f" "$f.dpkg-old"
done
fi
if [ -n "$2" ] && dpkg --compare-versions "$2" le "1.9.2.h-1~"; then
echo "Updating firewall startup behavior -- delayed until network becomes available."
update-rc.d -f arno-iptables-firewall remove
fi
if [ -n "$2" ] && dpkg --compare-versions "$2" le "2.0.1.f-1.1"; then
echo "Updating firewall startup behavior -- rely on systemd from now on."
mv_conffile /etc/init.d/arno-iptables-firewall /etc/init.d/arno-iptables-firewall.dpkg-old
update-rc.d -f arno-iptables-firewall remove
if [ -e /etc/logrotate.d/arno-iptables-firewall.conf ]; then
mv_conffile /etc/logrotate.d/arno-iptables-firewall.conf /etc/logrotate.d/arno-iptables-firewall.conf.dpkg-old
if [ -e /etc/logrotate.d/arno-iptables-firewall.conf.dpkg-old ]; then
echo "Moving and commenting old logrotate configuration to /etc/logrotate.d/arno-iptables-firewall.conf.dpkg-old"
sed --in-place -e 's/^/#/' /etc/logrotate.d/arno-iptables-firewall.conf.dpkg-old
fi
fi
fi
# Move the old pre-conf.d debconf settings into the new location and format
if [ -e /etc/arno-iptables-firewall/debconf.cfg ]; then
mkdir -p /etc/arno-iptables-firewall/conf.d/
sed -e 's/^DC_//' </etc/arno-iptables-firewall/debconf.cfg >/etc/arno-iptables-firewall/conf.d/00debconf.conf
rm -f /etc/arno-iptables-firewall/debconf.cfg
fi
;;
mv_conffile "/etc/default/arno-iptables-firewall" "/etc/arno-iptables-firewall/firewall.conf"
fi
fi
if dpkg --compare-versions "$2" le-nl "1.8.8.l-1"; then
echo "Moving plugins from /etc to /usr/share/arno-iptables-firewall/plugins."
for f in /etc/arno-iptables-firewall/plugins/*.plugin; do
mv_conffile "$f" "$f.dpkg-old"
done
fi
if dpkg --compare-versions "$2" le-nl "1.9.2.h-1~"; then
echo "Updating firewall startup behavior -- delayed until network becomes available."
update-rc.d -f arno-iptables-firewall remove
fi
if dpkg --compare-versions "$2" le-nl "2.0.1-1"; then
if [ -e /etc/arno-iptables-firewall/debconf.cfg ]; then
echo "Moving pre-conf.d debconf settings into the new location and format."
mkdir -p /etc/arno-iptables-firewall/conf.d/
sed -e 's/^DC_//' </etc/arno-iptables-firewall/debconf.cfg >/etc/arno-iptables-firewall/conf.d/00debconf.conf
rm -f /etc/arno-iptables-firewall/debconf.cfg
fi
fi
if dpkg --compare-versions "$2" le-nl "2.0.1.f-1.1"; then
if [ -e /etc/logrotate.d/arno-iptables-firewall.conf ]; then
echo "Renaming old logrotate configuration to a new name."
mv_conffile /etc/logrotate.d/arno-iptables-firewall.conf /etc/logrotate.d/arno-iptables-firewall
fi
fi
;;
abort-upgrade)
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
......@@ -79,5 +87,4 @@ esac
#DEBHELPER#
exit 0
exit 0
#!/bin/sh
# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
# prerm script for arno-iptables-firewall
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <prerm> `remove'
# * <old-prerm> `upgrade' <new-version>
# * <new-prerm> `failed-upgrade' <old-version>
# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
# * <deconfigured's-prerm> `deconfigure' `in-favour'
# <package-being-installed> <version> `removing'
# <conflicting-package> <version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# start up debconf here.
# why? see https://manpages.debian.org/testing/debconf-doc/debconf-devel.7.en.html, paragraph HACKS.
# plus automatically inserted code may be using debconf
# (in fact it does, and loads confmodule a little bit late IMHO)
. /usr/share/debconf/confmodule
db_version 2.0
# stop the firewall via systemd or sysvinit
aif_stop () {
if [ -d /run/systemd/system ]; then
deb-systemd-invoke stop arno-iptables-firewall.service >/dev/null || true
else
invoke-rc.d arno-iptables-firewall stop >/dev/null || true
fi
}
case "$1" in
remove|deconfigure)
aif_stop
;;
upgrade)
# we don't stop on upgrades so that the firewalls keep operational.
# this works since there's only a set of iptables rules, no real daemon.
;;