File _service:download_src_package:iptables.spec of Package iptables

# install init scripts to /usr/libexec with systemd
%define anolis_release 2
%global script_path %{_libexecdir}/iptables
%global legacy_actions %{_libexecdir}/initscripts/legacy-actions
%global iptc_so_ver  0
%global ipXtc_so_ver 2

Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
URL: https://www.netfilter.org/projects/iptables
Version: 1.8.8
Release: %{anolis_release}%{?dist}
Source: %{url}/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
Source3: iptables.service
Source4: sysconfig_iptables
Source5: sysconfig_ip6tables
Source6: arptables-nft-helper

# fix mock err -Werror=format-security
Patch01: 0001-xshared-Fix-build-for-Werror-format-security.patch

# pf.os: ISC license
# iptables-apply: Artistic Licence 2.0
License: GPLv2 and Artistic Licence 2.0 and ISC

# libnetfilter_conntrack is needed for xt_connlabel
BuildRequires: pkgconfig(libnetfilter_conntrack)
# libnfnetlink-devel is requires for nfnl_osf
BuildRequires: pkgconfig(libnfnetlink)
BuildRequires: libselinux-devel
BuildRequires: kernel-headers
BuildRequires: systemd
# libmnl, libnftnl, bison, flex for nftables
BuildRequires: bison
BuildRequires: flex
BuildRequires: gcc
BuildRequires: pkgconfig(libmnl) >= 1.0
BuildRequires: pkgconfig(libnftnl) >= 1.1.6
# libpcap-devel for nfbpf_compile
BuildRequires: libpcap-devel
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: make

%description
The iptables utility controls the network packet filtering code in the
Linux kernel. If you need to set up firewalls and/or IP masquerading,
you should install this package.

%package compat
Summary: Temporary transitioning package
Obsoletes: %{name} < 1.8.7
Requires: %{name}-legacy = %{version}-%{release}
Requires: %{name}-utils = %{version}-%{release}

%description compat
This package only exists to help transition iptables users to the new
package split. It will be removed after one distribution release cycle, please
do not reference it or depend on it in any way.

%package legacy
Summary: Legacy tools for managing Linux kernel packet filtering capabilities
Requires: %{name}-legacy-libs = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}
Conflicts: setup < 2.10.4
Requires(post): %{_sbindir}/update-alternatives
Requires(postun): %{_sbindir}/update-alternatives
Provides:	iptables

%description legacy
The iptables utility controls the network packet filtering code in the
Linux kernel. This package contains the legacy tools which are obsoleted by
nft-variants in iptables-nft package for backwards compatibility reasons.
If you need to set up firewalls and/or IP masquerading, you should not install
this package but either nftables or iptables-nft instead.

%package libs
Summary: libxtables and iptables extensions userspace support

%description libs
libxtables and associated shared object files

Libxtables provides unified access to iptables extensions in userspace. Data
and logic for those is kept in per-extension shared object files.

%package legacy-libs
Summary: iptables legacy libraries

%description legacy-libs
iptables libraries.
Please remember that libip*tc libraries do neither have a stable API nor a real so version.
For more information about this, please have a look at
  http://www.netfilter.org/documentation/FAQ/netfilter-faq-4.html#ss4.5

%package devel
Summary: Development package for iptables
Requires: %{name}-libs = %{version}-%{release}
Requires: %{name}-legacy-devel = %{version}-%{release}
Requires: pkgconfig

%description devel
libxtables development headers and pkgconfig files

%package legacy-devel
Summary: Development package for legacy iptables
Requires: %{name}-legacy-libs = %{version}-%{release}
Requires: pkgconfig

%description legacy-devel
Legacy iptables development headers and pkgconfig files

The iptc libraries are marked as not public by upstream. The interface is not
stable and may change with every new version. It is therefore unsupported.

%package services
Summary: iptables and ip6tables services for iptables
Requires: %{name} = %{version}-%{release}
Requires: %{name}-utils = %{version}-%{release}
%{?systemd_ordering}
Obsoletes: %{name} < 1.4.16.1
Obsoletes: %{name}-ipv6 < 1.4.11.1
BuildArch: noarch

%description services
iptables services for IPv4 and IPv6

This package provides the services iptables and ip6tables that have been split
out of the base package since they are not active by default anymore.

%package utils
Summary: iptables and ip6tables misc utilities
Requires: %{name} = %{version}-%{release}

%description utils
Utils for iptables

This package provides nfnl_osf with the pf.os database and nfbpf_compile,
a bytecode generator for use with xt_bpf. Also included is iptables-apply,
a safer way to update iptables remotely.

%package nft
Summary: nftables compatibility for iptables, arptables and ebtables
Requires: %{name}-libs = %{version}-%{release}
Requires(post): %{_sbindir}/update-alternatives
Requires(post): %{_bindir}/readlink
Requires(postun): %{_sbindir}/update-alternatives
Obsoletes: iptables-compat < 1.6.2
Provides: arptables-helper
Provides: iptables
Provides: arptables
Provides: ebtables

%description nft
nftables compatibility for iptables, arptables and ebtables.

%prep
%autosetup -p1

%build
./autogen.sh
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr

rm -f include/linux/types.h

%make_build

%install
%make_install
# remove la file(s)
rm -f %{buildroot}%{_libdir}/*.la

# install init scripts and configuration files
install -d -m 755 %{buildroot}%{script_path}
install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
install -c -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
install -c -m 600 ip6tables-config %{buildroot}%{_sysconfdir}/sysconfig/ip6tables-config
install -c -m 600 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/iptables
install -c -m 600 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables

# install systemd service files
install -d -m 755 %{buildroot}/%{_unitdir}
install -c -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}
sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir}

# install legacy actions for service command
install -d %{buildroot}/%{legacy_actions}/iptables
install -d %{buildroot}/%{legacy_actions}/ip6tables

cat << EOF > %{buildroot}/%{legacy_actions}/iptables/save
#!/bin/bash
exec %{script_path}/iptables.init save
EOF
chmod 755 %{buildroot}/%{legacy_actions}/iptables/save
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy
install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save

cat << EOF > %{buildroot}/%{legacy_actions}/iptables/panic
#!/bin/bash
exec %{script_path}/iptables.init panic
EOF
chmod 755 %{buildroot}/%{legacy_actions}/iptables/panic
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/panic > ip6tabes.panic-legacy
install -c -m 755 ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic

# Remove /etc/ethertypes (now part of setup)
rm -f %{buildroot}%{_sysconfdir}/ethertypes

install -p -D -m 755 %{SOURCE6} %{buildroot}%{_libexecdir}/
touch %{buildroot}%{_libexecdir}/arptables-helper

# prepare for alternatives
touch %{buildroot}%{_mandir}/man8/arptables.8
touch %{buildroot}%{_mandir}/man8/arptables-save.8
touch %{buildroot}%{_mandir}/man8/arptables-restore.8
touch %{buildroot}%{_mandir}/man8/ebtables.8

%generate_compatibility_deps

%ldconfig_scriptlets

%post legacy
pfx=%{_sbindir}/iptables
pfx6=%{_sbindir}/ip6tables
%{_sbindir}/update-alternatives --install \
	$pfx iptables $pfx-legacy 10 \
	--slave $pfx6 ip6tables $pfx6-legacy \
	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
	--slave $pfx-save iptables-save $pfx-legacy-save \
	--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
	--slave $pfx6-save ip6tables-save $pfx6-legacy-save

%postun legacy
if [ $1 -eq 0 ]; then
	%{_sbindir}/update-alternatives --remove \
		iptables %{_sbindir}/iptables-legacy
fi

%triggerun legacy -- iptables > 1.8.0
alternatives --list | awk '/^iptables/{print $3; exit}' \
		>/var/tmp/alternatives.iptables.current
cp /var/lib/alternatives/iptables /var/tmp/alternatives.iptables.setup

%triggerpostun legacy -- iptables > 1.8.0
pfx=%{_sbindir}/iptables
pfx6=%{_sbindir}/ip6tables
%{_sbindir}/update-alternatives --install \
	$pfx iptables $pfx-legacy 10 \
	--slave $pfx6 ip6tables $pfx6-legacy \
	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
	--slave $pfx-save iptables-save $pfx-legacy-save \
	--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
	--slave $pfx6-save ip6tables-save $pfx6-legacy-save
alternatives --set iptables $(</var/tmp/alternatives.iptables.current)
rm /var/tmp/alternatives.iptables.current
mv /var/tmp/alternatives.iptables.setup /var/lib/alternatives/iptables

%post services
%systemd_post iptables.service ip6tables.service

%preun services
%systemd_preun iptables.service ip6tables.service

%postun services
%?ldconfig
%systemd_postun iptables.service ip6tables.service

%post nft
pfx=%{_sbindir}/iptables
pfx6=%{_sbindir}/ip6tables
%{_sbindir}/update-alternatives --install \
	$pfx iptables $pfx-nft 10 \
	--slave $pfx6 ip6tables $pfx6-nft \
	--slave $pfx-restore iptables-restore $pfx-nft-restore \
	--slave $pfx-save iptables-save $pfx-nft-save \
	--slave $pfx6-restore ip6tables-restore $pfx6-nft-restore \
	--slave $pfx6-save ip6tables-save $pfx6-nft-save

pfx=%{_sbindir}/ebtables
manpfx=%{_mandir}/man8/ebtables
for sfx in "" "-restore" "-save"; do
	if [ "$(readlink -e $pfx$sfx)" == $pfx$sfx ]; then
		rm -f $pfx$sfx
	fi
done
if [ "$(readlink -e $manpfx.8.gz)" == $manpfx.8.gz ]; then
	rm -f $manpfx.8.gz
fi
%{_sbindir}/update-alternatives --install \
	$pfx ebtables $pfx-nft 10 \
	--slave $pfx-save ebtables-save $pfx-nft-save \
	--slave $pfx-restore ebtables-restore $pfx-nft-restore \
	--slave $manpfx.8.gz ebtables-man $manpfx-nft.8.gz

pfx=%{_sbindir}/arptables
manpfx=%{_mandir}/man8/arptables
lepfx=%{_libexecdir}/arptables
for sfx in "" "-restore" "-save"; do
	if [ "$(readlink -e $pfx$sfx)" == $pfx$sfx ]; then
		rm -f $pfx$sfx
	fi
	if [ "$(readlink -e $manpfx$sfx.8.gz)" == $manpfx$sfx.8.gz ]; then
		rm -f $manpfx$sfx.8.gz
	fi
done
if [ "$(readlink -e $lepfx-helper)" == $lepfx-helper ]; then
	rm -f $lepfx-helper
fi
%{_sbindir}/update-alternatives --install \
	$pfx arptables $pfx-nft 10 \
	--slave $pfx-save arptables-save $pfx-nft-save \
	--slave $pfx-restore arptables-restore $pfx-nft-restore \
	--slave $manpfx.8.gz arptables-man $manpfx-nft.8.gz \
	--slave $manpfx-save.8.gz arptables-save-man $manpfx-nft-save.8.gz \
	--slave $manpfx-restore.8.gz arptables-restore-man $manpfx-nft-restore.8.gz \
	--slave $lepfx-helper arptables-helper $lepfx-nft-helper

%postun nft
if [ $1 -eq 0 ]; then
	for cmd in iptables ebtables arptables; do
		%{_sbindir}/update-alternatives --remove \
			$cmd %{_sbindir}/$cmd-nft
	done
fi

%files compat

%files legacy
%doc INCOMPATIBILITIES
%{_sbindir}/ip{,6}tables-legacy*
%{_sbindir}/xtables-legacy-multi
%{_bindir}/iptables-xml
%{_mandir}/man1/iptables-xml*
%{_mandir}/man8/xtables-legacy*
%ghost %{_sbindir}/ip{,6}tables{,-save,-restore}

%files libs
%dir %{abidir}
%license COPYING
%{_libdir}/libxtables.so.12*
%{abidir}/libxtables.dump
%dir %{_libdir}/xtables
%{_libdir}/xtables/lib{ip,ip6,x}t*
%{abidir}/lib{ip,ip6,x}t*.dump
%{_mandir}/man8/ip{,6}tables.8.gz
%{_mandir}/man8/ip{,6}tables-{extensions,save,restore}.8.gz

%files legacy-libs
%license COPYING
%{_libdir}/libip{4,6}tc.so.%{ipXtc_so_ver}*
%{abidir}/libip{4,6}tc.dump

%files devel
%{_includedir}/xtables{,-version}.h
%{_libdir}/libxtables.so
%{_libdir}/pkgconfig/xtables.pc

%files legacy-devel
%dir %{_includedir}/libiptc
%{_includedir}/libiptc/*.h
%{_libdir}/libip*tc.so
%{_libdir}/pkgconfig/libip{,4,6}tc.pc

%files services
%dir %{script_path}
%{script_path}/ip{,6}tables.init
%config(noreplace) %{_sysconfdir}/sysconfig/ip{,6}tables{,-config}
%{_unitdir}/ip{,6}tables.service
%dir %{legacy_actions}/ip{,6}tables
%{legacy_actions}/ip{,6}tables/{save,panic}

%files utils
%license COPYING
%{_sbindir}/nfnl_osf
%{_sbindir}/nfbpf_compile
%{_sbindir}/ip{,6}tables-apply
%{abidir}/ip{,6}tables-apply-option.list
%dir %{_datadir}/xtables
%{_datadir}/xtables/pf.os
%{_mandir}/man8/nfnl_osf*
%{_mandir}/man8/nfbpf_compile*
%{_mandir}/man8/ip{,6}tables-apply*

%files nft
%{_sbindir}/ip{,6}tables-nft*
%{_sbindir}/ip{,6}tables{,-restore}-translate
%{_sbindir}/{eb,arp}tables-nft*
%{_sbindir}/xtables-nft-multi
%{_sbindir}/xtables-monitor
%dir %{_libdir}/xtables
%{_libdir}/xtables/lib{arp,eb}t*
%{abidir}/lib{arp,eb}t*.dump
%{_libexecdir}/arptables-nft-helper
%{_mandir}/man8/xtables-monitor*
%{_mandir}/man8/xtables-translate*
%{_mandir}/man8/*-nft*
%{_mandir}/man8/ip{,6}tables{,-restore}-translate*
%ghost %{_sbindir}/ip{,6}tables{,-save,-restore}
%ghost %{_sbindir}/{eb,arp}tables{,-save,-restore}
%ghost %{_libexecdir}/arptables-helper
%ghost %{_mandir}/man8/arptables{,-save,-restore}.8.gz
%ghost %{_mandir}/man8/ebtables.8.gz

%changelog
* Wed Oct 26 2022 mgb01105731 <mgb01105731@alibaba-inc.com> - 1.8.8-2
- optimise spec file

* Wed Sep 21 2022 mgb01105731 <mgb01105731@alibaba-inc.com> - 1.8.8-1
- update to 1.8.8

* Thu Mar 10 2022 zhang xianting <zhangxianting@uniontech.com> - 1.8.7-1
- Initial build for Anolis v23