From 49410c22f82dc725e6bc813394dc4e598adb16e5 Mon Sep 17 00:00:00 2001
From: Chunmei Xu <xuchunmei@linux.alibaba.com>
Date: Mon, 17 Apr 2023 20:26:46 +0800
Subject: [PATCH] fix iptables-nft post scriptlet fail

Signed-off-by: Chunmei Xu <xuchunmei@linux.alibaba.com>
---
 iptables.spec | 72 +++++++++++++++++++++++----------------------------
 1 file changed, 33 insertions(+), 39 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index a9f793f..39631a4 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,15 +1,14 @@
-%define anolis_release 2
-# install init scripts to %{_prefix}/libexec with systemd
+%define anolis_release 3
+
 %global script_path %{_libexecdir}/iptables
 %global legacy_actions %{_libexecdir}/initscripts/legacy-actions
-%global iptc_so_ver  0
-%global ipXtc_so_ver 2
 
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: https://www.netfilter.org/projects/iptables
 Version: 1.8.9
 Release: %{anolis_release}%{?dist}
+License: GPLv2 and Artistic Licence 2.0 and ISC
 Source: https://www.netfilter.org/pub/iptables/files/%{name}-%{version}.tar.xz
 Source1: iptables.init
 Source2: iptables-config
@@ -21,17 +20,9 @@ Source6: arptables-nft-helper
 # fix mock err -Werror=format-security
 Patch01: 0001-extensions-NAT-Fix-for-Werror-format-security.patch
 
-# pf.os: ISC license
-# iptables-apply: Artistic Licence 2.0
-License: GPLv2 and Artistic Licence 2.0 and ISC
-
-# libnetfilter_conntrack is needed for xt_connlabel
 BuildRequires: pkgconfig(libnetfilter_conntrack)
-# libnfnetlink-devel is requires for nfnl_osf
 BuildRequires: pkgconfig(libnfnetlink) libselinux-devel kernel-headers systemd
-# libmnl, libnftnl, bison, flex for nftables
 BuildRequires: bison flex gcc pkgconfig(libmnl) >= 1.0 pkgconfig(libnftnl) >= 1.1.6
-# libpcap-devel for nfbpf_compile
 BuildRequires: libpcap-devel autoconf automake libtool make
 
 %description
@@ -173,7 +164,7 @@ install -c -m 600 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
 # install systemd service files
 install -d -m 755 %{buildroot}/%{_unitdir}
 install -c -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}
-sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;%{_prefix}/libexec/ip6tables;%{_prefix}/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
+sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
 install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir}
 
 # install legacy actions for service command
@@ -221,12 +212,12 @@ ln -s ../sbin/xtables-legacy-multi %{buildroot}%{_bindir}/iptables-xml
 pfx=%{_sbindir}/iptables
 pfx6=%{_sbindir}/ip6tables
 %{_sbindir}/update-alternatives --install \
-	--slave $pfx6-save ip6tables-save $pfx6-legacy-save \
-	--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
-	--slave $pfx-save iptables-save $pfx-legacy-save \
-	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
-	--slave $pfx6 ip6tables $pfx6-legacy \
-	$pfx iptables $pfx-legacy 10
+        $pfx iptables $pfx-legacy 10 \
+        --slave $pfx6 ip6tables $pfx6-legacy \
+        --slave $pfx-restore iptables-restore $pfx-legacy-restore \
+        --slave $pfx-save iptables-save $pfx-legacy-save \
+        --slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
+        --slave $pfx6-save ip6tables-save $pfx6-legacy-save
 
 %postun legacy
 if [ $1 -eq 0 ]; then
@@ -243,12 +234,12 @@ cp /var/lib/alternatives/iptables /var/tmp/alternatives.iptables.setup
 pfx=%{_sbindir}/iptables
 pfx6=%{_sbindir}/ip6tables
 %{_sbindir}/update-alternatives --install \
-	--slave $pfx6-save ip6tables-save $pfx6-legacy-save \
-	--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
-	--slave $pfx-save iptables-save $pfx-legacy-save \
-	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
-	--slave $pfx6 ip6tables $pfx6-legacy \
-	$pfx iptables $pfx-legacy 10
+        $pfx iptables $pfx-legacy 10 \
+        --slave $pfx6 ip6tables $pfx6-legacy \
+        --slave $pfx-restore iptables-restore $pfx-legacy-restore \
+        --slave $pfx-save iptables-save $pfx-legacy-save \
+        --slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
+        --slave $pfx6-save ip6tables-save $pfx6-legacy-save
 alternatives --set iptables $(</var/tmp/alternatives.iptables.current)
 rm /var/tmp/alternatives.iptables.current
 mv /var/tmp/alternatives.iptables.setup /var/lib/alternatives/iptables
@@ -266,12 +257,12 @@ mv /var/tmp/alternatives.iptables.setup /var/lib/alternatives/iptables
 pfx=%{_sbindir}/iptables
 pfx6=%{_sbindir}/ip6tables
 %{_sbindir}/update-alternatives --install \
-	--slave $pfx6-save ip6tables-save $pfx6-nft-save \
-	--slave $pfx6-restore ip6tables-restore $pfx6-nft-restore \
-	--slave $pfx-save iptables-save $pfx-nft-save \
-	--slave $pfx-restore iptables-restore $pfx-nft-restore \
-	--slave $pfx6 ip6tables $pfx6-nft \
-	$pfx iptables $pfx-nft 10
+        $pfx iptables $pfx-nft 10 \
+        --slave $pfx6 ip6tables $pfx6-nft \
+        --slave $pfx-restore iptables-restore $pfx-nft-restore \
+        --slave $pfx-save iptables-save $pfx-nft-save \
+        --slave $pfx6-restore ip6tables-restore $pfx6-nft-restore \
+        --slave $pfx6-save ip6tables-save $pfx6-nft-save
 
 pfx=%{_sbindir}/ebtables
 manpfx=%{_mandir}/man8/ebtables
@@ -306,13 +297,13 @@ if [ "$(readlink -e $lepfx-helper)" == $lepfx-helper ]; then
 fi
 
 %{_sbindir}/update-alternatives --install \
-	--slave $lepfx-helper arptables-helper $lepfx-nft-helper \
-	--slave $manpfx-restore.8%{_extension} arptables-restore.8%{_extension} $manpfx-nft-restore.8%{_extension} \
-	--slave $manpfx-save.8%{_extension} arptables-save.8%{_extension} $manpfx-nft-save.8%{_extension} \
-	--slave $manpfx.8%{_extension} arptables.8%{_extension} $manpfx-nft.8%{_extension} \
-	--slave $pfx-restore arptables-restore $pfx-nft-restore \
-	--slave $pfx-save arptables-save $pfx-nft-save \
-	$pfx arptables $pfx-nft 10
+        $pfx arptables $pfx-nft 10 \
+        --slave $pfx-save arptables-save $pfx-nft-save \
+        --slave $pfx-restore arptables-restore $pfx-nft-restore \
+        --slave $manpfx.8%{_extension} arptables.8%{_extension} $manpfx-nft.8%{_extension} \
+        --slave $manpfx-save.8%{_extension} arptables-save.8%{_extension} $manpfx-nft-save.8%{_extension} \
+        --slave $manpfx-restore.8%{_extension} arptables-restore.8%{_extension} $manpfx-nft-restore.8%{_extension} \
+        --slave $lepfx-helper arptables-helper $lepfx-nft-helper
 
 %postun nft
 if [ $1 -eq 0 ]; then
@@ -346,7 +337,7 @@ fi
 
 %files legacy-libs
 %license COPYING
-%{_libdir}/libip{4,6}tc.so.%{ipXtc_so_ver}*
+%{_libdir}/libip{4,6}tc.so.2*
 %{abidir}/libip{4,6}tc.dump
 
 %files devel
@@ -404,6 +395,9 @@ fi
 
 
 %changelog
+* Mon Apr 17 2023 Chunmei Xu <xuchunmei@linux.alibaba.com> - 1.8.9-3
+- fix iptables-nft post scriptlet fail
+
 * Thu Apr 13 2023 Zhongling <zhonglingh@linux.alibaba.com> - 1.8.9-2
 - Refactor rpm spec
 
-- 
Gitee