add ebtables systemd support

2013-08-21 10:36:14 -04:00 · 2013-08-21 10:36:14 -04:00 · f7251e7e3a
parent e25de9bafe
commit f7251e7e3a
3 changed files with 115 additions and 20 deletions
--- a/ebtables.service
+++ b/ebtables.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Ethernet Bridge Filtering tables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/ebtables start
+ExecStop=/usr/libexec/ebtables stop
+
+[Install]
+WantedBy=multi-user.target
--- a/ebtables.spec
+++ b/ebtables.spec
@ -2,19 +2,23 @@

 Name:			ebtables
 Version:		2.0.10
-Release:		9%{?dist}
+Release:		11%{?dist}
 Summary:		Ethernet Bridge frame table administration tool
 License:		GPLv2+
 Group:			System Environment/Base
 URL:			http://ebtables.sourceforge.net/
 Source0:		http://downloads.sourceforge.net/ebtables/ebtables-v%{version}-%{ebminor}.tar.gz
 Source1:		ebtables-save
-Requires(pre):		/sbin/chkconfig
-Requires(postun):	/sbin/service
+Source2:		ebtables.systemd
+Source3:		ebtables.service
 Patch0:			ebtables-2.0.10-norootinst.patch
 Patch3:			ebtables-2.0.9-lsb.patch
 Patch4:			ebtables-2.0.10-linkfix.patch
 Patch5:			ebtables-2.0.0-audit.patch
+BuildRequires:		systemd-units
+Requires(post):		systemd
+Requires(preun):	systemd
+Requires(postun):	systemd

 %description
 Ethernet bridge tables is a firewalling tool to transparently filter network
@ -43,34 +47,36 @@ MY_CFLAGS=`echo $RPM_OPT_FLAGS -fPIC | sed -e 's/-fstack-protector//g'`
 make %{?_smp_mflags} CFLAGS="$MY_CFLAGS" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}"

 %install
-mkdir -p $RPM_BUILD_ROOT%{_initrddir}
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
-make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}" install
-touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ebtables.filter
-touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ebtables.nat
-touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ebtables.broute
+mkdir -p %{buildroot}%{_initrddir}
+mkdir -p %{buildroot}%{_unitdir}
+install -p %{SOURCE3} %{buildroot}%{_unitdir}/
+mkdir -p %{buildroot}%{_libexecdir}
+install -m0755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables
+mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
+make DESTDIR="%{buildroot}" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}" install
+touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.filter
+touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.nat
+touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.broute
+
+# Do not need the sysvinit
+rm -rf %{buildroot}%{_initrddir}

 # install ebtables-save bash script
-rm -f $RPM_BUILD_ROOT/sbin/ebtables-save
-install %{SOURCE1} $RPM_BUILD_ROOT/sbin/ebtables-save
+rm -f %{buildroot}/sbin/ebtables-save
+install %{SOURCE1} %{buildroot}/sbin/ebtables-save

 # move libebtc.so into the ldpath
 mv %{buildroot}/%{_lib}/ebtables/libebtc.so %{buildroot}/%{_lib}/

 %post
-/sbin/chkconfig --add ebtables
+%systemd_post ebtables.service
 /sbin/ldconfig

 %preun
-if [ $1 -eq 0 ]; then
-	/sbin/service ebtables stop &>/dev/null || :
-	/sbin/chkconfig --del ebtables
-fi
+%systemd_preun ebtables.service

 %postun
-if [ $1 -ge 1 ]; then
-	/sbin/service ebtables condrestart &> /dev/null || :
-fi
+%systemd_postun_with_restart ebtables.service
 /sbin/ldconfig

 %files
@ -79,7 +85,8 @@ fi
 %doc %{_mandir}/man8/ebtables.8*
 %config(noreplace) %{_sysconfdir}/ethertypes
 %config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config
-%{_initrddir}/ebtables
+%{_unitdir}/ebtables.service
+%{_libexecdir}/ebtables
 /%{_lib}/libebtc.so
 /%{_lib}/ebtables/
 /sbin/ebtables*
@ -88,6 +95,9 @@ fi
 %ghost %{_sysconfdir}/sysconfig/ebtables.broute

 %changelog
+* Wed Aug 21 2013 Tom Callaway <spot@fedoraproject.org> - 2.0.10-11
+- convert to systemd
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.10-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

--- a/ebtables.systemd
+++ b/ebtables.systemd
@ -0,0 +1,74 @@
+#!/bin/bash
+
+RETVAL=0
+
+initialize() {
+  # Initialize $TYPE tables
+  echo -n $"  $TYPE tables: "
+  if [ -r /etc/sysconfig/ebtables.$TYPE ]; then
+    /sbin/ebtables -t $TYPE --atomic-file /etc/sysconfig/ebtables.$TYPE --atomic-commit > /dev/null || RETVAL=1
+  else
+    echo -n "not configured"
+  fi
+  if [ $RETVAL -eq 0 ]; then
+    echo -n $"[  OK  ]"
+    echo -ne "\r"
+  else
+    echo -n $"[FAILED]"
+    echo -ne "\r"
+  fi
+}
+
+case $1 in
+  start)
+   # Initialize	filter tables
+   TYPE=filter
+   initialize
+ 
+   # Initialize NAT tables
+   echo
+   TYPE=nat
+   initialize
+
+   # Initialize broute tables
+   echo
+   TYPE=broute
+   initialize
+  ;;
+  stop)
+    /sbin/ebtables -t filter --init-table || RETVAL=1
+    /sbin/ebtables -t nat --init-table || RETVAL=1
+    /sbin/ebtables -t broute --init-table || RETVAL=1
+
+    for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do
+       /sbin/rmmod $mod || RETVAL=1
+    done
+
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  save)
+    echo -n $"Saving Ethernet bridge filtering (ebtables): "
+    /sbin/ebtables -t filter --atomic-file /etc/sysconfig/ebtables.filter --atomic-save || RETVAL=1
+    /sbin/ebtables -t nat --atomic-file /etc/sysconfig/ebtables.nat --atomic-save || RETVAL=1
+    /sbin/ebtables -t broute --atomic-file /etc/sysconfig/ebtables.broute --atomic-save || RETVAL=1
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  *)
+    echo "usage: ${0##*/} {start|stop|save}" >&2
+    exit 1
+  ;;
+esac
+
+# vim:set ts=2 sw=2 ft=sh et: