bump versions on old config package obsoletes (f21 is on 0.3.14)

The versions being too low meant that on upgrade from F21 to
F22 or F23 you didn't get the obsolete kicking in as it should.

firewalld-0.3.14.2-pid_file_RHBZ#1233232.patch

@@ -0,0 +1,58 @@
+commit 3a1f22c95bb5723456533de5aa821143682b8e3d
+Author: Thomas Woerner <twoerner@redhat.com>
+Date:   Thu Jun 18 16:55:40 2015 +0200
+
+    firewalld: Fixed 'pid_file' referenced before assignment (RHBZ#1233232)
+
+diff --git a/src/firewalld b/src/firewalld
+index 2db71a8..bd81316 100755
+--- a/src/firewalld
++++ b/src/firewalld
+@@ -82,6 +82,7 @@ def setup_logging(args):
+             log.addDebugLogging("*", log.stdout)
+ 
+ def startup(args):
++    pid_file = "/var/run/firewalld.pid"
+     try:
+         if not args.nofork:
+             # do the UNIX double-fork magic, see Stevens' "Advanced
+@@ -119,7 +120,6 @@ def startup(args):
+ 
+         if not args.nopid:
+             # write the pid file
+-            pid_file = "/var/run/firewalld.pid"
+             with open(pid_file, "w") as f:
+                 f.write(str(os.getpid()))
+ 
+@@ -128,27 +128,27 @@ def startup(args):
+         server.run_server(args.debug_gc)
+ 
+         # Clean up on exit
+-        if os.path.exists(pid_file) and not args.nopid:
++        if not args.nopid and os.path.exists(pid_file):
+             os.remove(pid_file)
+ 
+     except OSError as e:
+         log.fatal(_("Fork #1 failed: %d (%s)") % (e.errno, e.strerror))
+         log.error(traceback.format_exc())
+-        if os.path.exists(pid_file) and not args.nopid:
++        if not args.nopid and os.path.exists(pid_file):
+             os.remove(pid_file)
+         sys.exit(1)
+ 
+     except dbus.exceptions.DBusException as e:
+         log.fatal(str(e))
+         log.error(traceback.format_exc())
+-        if os.path.exists(pid_file) and not args.nopid:
++        if not args.nopid and os.path.exists(pid_file):
+             os.remove(pid_file)
+         sys.exit(1)
+ 
+     except IOError as e:
+         log.fatal(str(e))
+         log.error(traceback.format_exc())
+-        if os.path.exists(pid_file) and not args.nopid:
++        if not args.nopid and os.path.exists(pid_file):
+             os.remove(pid_file)
+         sys.exit(1)
+ 

firewalld.spec

@@ -1,4 +1,4 @@
-%if (0%{?fedora} >= 13 || 0%{?rhel} >= 7)
+%if (0%{?fedora} >= 13 || 0%{?rhel} > 7)
 %global with_python3 1
 %if (0%{?fedora} >= 23 || 0%{?rhel} >= 8)
 %global use_python3 1
@@ -7,8 +7,8 @@
 
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.3.14.1
-Release: 1%{?dist}
+Version: 0.3.14.2
+Release: 4%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
@@ -19,6 +19,7 @@ Source2: FedoraWorkstation.xml
 %if 0%{?fedora}
 Patch0: firewalld-0.2.6-MDNS-default.patch
 %endif
+Patch1: firewalld-0.3.14.2-pid_file_RHBZ#1233232.patch
 BuildArch: noarch
 BuildRequires: desktop-file-utils
 BuildRequires: gettext
@@ -41,15 +42,20 @@ Requires: python3-firewall  = %{version}-%{release}
 %else #0%{?use_python3}
 Requires: python-firewall  = %{version}-%{release}
 %endif #0%{?use_python3}
+%if 0%{?fedora} == 21
+Requires: firewalld-config
+%endif
 
+%if 0%{?fedora} > 21
 Provides: variant_config(Server)
 Provides: variant_config(Workstation)
 
 # Remove old config subpackages
-Obsoletes: firewalld-config-standard <= 0.3.13
-Obsoletes: firewalld-config-cloud <= 0.3.13
-Obsoletes: firewalld-config-server <= 0.3.13
-Obsoletes: firewalld-config-workstation <= 0.3.13
+Obsoletes: firewalld-config-standard <= 0.3.15
+Obsoletes: firewalld-config-cloud <= 0.3.15
+Obsoletes: firewalld-config-server <= 0.3.15
+Obsoletes: firewalld-config-workstation <= 0.3.15
+%endif
 
 %description
 firewalld is a firewall service daemon that provides a dynamic customizable 
@@ -73,7 +79,11 @@ Summary: Python3 bindings for firewalld
 Requires: python3-dbus
 Requires: python3-slip-dbus
 Requires: python3-decorator
+%if (0%{?fedora} >= 23 || 0%{?rhel} >= 8)
+Requires: python3-gobject-base
+%else
 Requires: python3-gobject
+%endif
 
 %description -n python3-firewall
 Python3 bindings for firewalld.
@@ -91,7 +101,7 @@ Summary: Firewall panel applet
 Requires: %{name} = %{version}-%{release}
 Requires: firewall-config = %{version}-%{release}
 Requires: hicolor-icon-theme
-%if 0%{?with_python3}
+%if 0%{?use_python3}
 Requires: python3-PyQt4
 Requires: python3-gobject
 %else
@@ -110,7 +120,7 @@ Summary: Firewall configuration application
 Requires: %{name} = %{version}-%{release}
 Requires: hicolor-icon-theme
 Requires: gtk3
-%if 0%{?with_python3}
+%if 0%{?use_python3}
 Requires: python3-gobject
 %else
 Requires: pygobject3-base
@@ -121,11 +131,48 @@ Requires: NetworkManager-glib
 The firewall configuration application provides an configuration interface for 
 firewalld.
 
+%if 0%{?fedora} == 21
+%package config-standard
+Summary: Firewalld standard configuration settings
+Requires: firewalld = %{version}-%{release}
+Provides: firewalld-config
+Conflicts: system-release-server
+Conflicts: firewalld-config-server
+Conflicts: system-release-workstation
+Conflicts: firewalld-config-workstation
+
+%description config-standard
+Standard product firewalld configuration settings.
+
+%package config-server
+Summary: Firewalld server configuration settings
+Provides: firewalld-config
+Requires: firewalld = %{version}-%{release}
+Requires: system-release-server
+Conflicts: firewalld-config-workstation
+Conflicts: firewalld-config-standard
+
+%description config-server
+Server product specific firewalld configuration settings.
+
+%package config-workstation
+Summary: Firewalld workstation configuration settings
+Provides: firewalld-config
+Requires: firewalld = %{version}-%{release}
+Requires: system-release-workstation
+Conflicts: firewalld-config-server
+Conflicts: firewalld-config-standard
+
+%description config-workstation
+Workstation product specific firewalld configuration settings.
+%endif
+
 %prep
 %setup -q
 %if 0%{?fedora}
 %patch0 -p1
 %endif
+%patch1 -p1
 
 %if 0%{?with_python3}
 rm -rf %{py3dir}
@@ -204,31 +251,41 @@ rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.poli
 %postun
 %systemd_postun_with_restart firewalld.service 
 
+%if 0%{?fedora} > 21
 %posttrans
 # If we don't yet have a symlink or existing file for firewalld.conf,
 # create it. Note: this will intentionally reset the policykit policy
 # at the same time, so they are in sync.
-if [ ! -e %{_sysconfdir}/firewalld/firewalld.conf ]; then
-    # Import /etc/os-release to get the variant definition
-    . /etc/os-release || :
 
+# Import /etc/os-release to get the variant definition
+. /etc/os-release || :
+
+if [ ! -e %{_sysconfdir}/firewalld/firewalld.conf ]; then
     case "$VARIANT_ID" in
         server)
             ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || :
-            ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
             ;;
         workstation)
             ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || :
-            ln -sf org.fedoraproject.FirewallD1.desktop.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
             ;;
         *)
             ln -sf firewalld-standard.conf %{_sysconfdir}/firewalld/firewalld.conf
-            # The standard firewall policy will be the same as Server
-            ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
             ;;
-        esac
+    esac
 fi
 
+if [ ! -e %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy ]; then
+    case "$VARIANT_ID" in
+        workstation)
+            ln -sf org.fedoraproject.FirewallD1.desktop.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+            ;;
+        *)
+            # For all other editions, we'll use the Server polkit policy
+            ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+    esac
+fi
+%endif
+
 %post -n firewall-applet
 /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
 
@@ -258,6 +315,50 @@ fi
 /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 
+%if 0%{?fedora} == 21
+%post config-standard
+if [ $1 -eq 1 ]; then # Initial installation
+    # link standard config
+    rm -f %{_sysconfdir}/firewalld/firewalld.conf
+    ln -sf firewalld-standard.conf %{_sysconfdir}/firewalld/firewalld.conf || :
+fi
+
+%triggerin config-standard -- firewalld
+if [ $1 -eq 1 ]; then
+    # link server policy
+    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+fi
+
+%post config-server
+if [ $1 -eq 1 ]; then # Initial installation
+    # link server config
+    rm -f %{_sysconfdir}/firewalld/firewalld.conf
+    ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || :
+fi
+
+%triggerin config-server -- firewalld
+if [ $1 -eq 1 ]; then
+    # link server policy
+    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+fi
+
+%post config-workstation
+if [ $1 -eq 1 ]; then # Initial installation
+    # link workstation config
+    rm -f %{_sysconfdir}/firewalld/firewalld.conf
+    ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || :
+fi
+
+%triggerin config-workstation -- firewalld
+if [ $1 -eq 1 ]; then
+    # link desktop policy
+    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+    ln -sf org.fedoraproject.FirewallD1.desktop.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
+fi
+%endif
+
 %files -f %{name}.lang
 %doc COPYING README
 %{_sbindir}/firewalld
@@ -270,23 +371,31 @@ fi
 %{_prefix}/lib/firewalld/zones/*.xml
 %{_prefix}/lib/firewalld/xmlschema/*.xsd
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld
+%if 0%{?fedora} <= 20
+%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%endif
+%if 0%{?fedora} > 21
 %ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
-
+%endif
 %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones
 %defattr(0644,root,root)
 %config(noreplace) %{_sysconfdir}/sysconfig/firewalld
-#%attr(0755,root,root) %{_initrddir}/firewalld
 %{_unitdir}/firewalld.service
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy
+%if 0%{?fedora} <= 20
+%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+%endif
+%if 0%{?fedora} > 21
 %ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+%endif
 %{_mandir}/man1/firewall*cmd*.1*
 %{_mandir}/man1/firewalld*.1*
 %{_mandir}/man5/firewall*.5*
@@ -353,7 +462,57 @@ fi
 %{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
 %{_mandir}/man1/firewall-config*.1*
 
+%if 0%{?fedora} == 21
+%files config-standard
+%config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
+%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+
+%files config-server
+%config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
+%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+
+%files config-workstation
+%config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
+%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
+%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
+%endif
+
 %changelog
+* Wed Jul 22 2015 Adam Williamson <awilliam@redhat.com> - 0.3.14.2-4
+- bump versions on old config package obsoletes (f21 is on 0.3.14 now)
+
+* Mon Jul 13 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.2-3
+- Require python3-gobject-base for fedora >= 23 and rhel >= 8 (RHBZ#1242076)
+- Fix rhel defines: No python3 for rhel-7
+
+* Thu Jun 18 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.2-2
+- Fixed 'pid_file' referenced before assignment (RHBZ#1233232)
+
+* Wed Jun 17 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.2-1
+- reunification of the firewalld spec files for all Fedora releases
+- firewalld.spec:
+  - fixed requirements for -applet and -config
+- man pages:
+  - adapted firewall-applet man page to new version
+- firewall-applet:
+  - Only honour active connections for zone changes
+  - Change QSettings path and file names
+- firewall-config:
+  - Only honour active connections for zone changes in the “Change Zones of Connections” menu
+- Translations:
+  - updated translations
+  - marked translations for “Connections” for review
+
+* Tue Jun 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.3.14.1-2
+- Fix issue with missing polkit policy when installing firewalld on
+  Cloud Edition.
+
+* Mon Jun 15 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.1-1.1
+- fix dependencies for -applet and -config: use_python3 is the proper switch
+  not with_python3 (RHBZ#1232493)
+
 * Fri Jun 12 2015 Thomas Woerner <twoerner@redhat.com> - 0.3.14.1-1
 - firewall-applet
   - do not use isSystemTrayAvailable check to fix KDE5 startup

sources

@@ -1 +1 @@
-c00ed0ea081bccbcf8b450c771e95b42  firewalld-0.3.14.1.tar.bz2
+5984690845a7be38dff3cedff273b73a  firewalld-0.3.14.2.tar.bz2