I'm attaching a patch that implements this change. With this change, firewalld.conf is installed into /usr/share/firewalld. Then in postinst, ucf will merge the file into /etc/firewalld.
During an interactive upgrade (assuming default settings), if both files are changed, there will be a ucf prompt that allows three-way diff and merge. It also won't block unattended-upgrade of this package.
From e8d1ed14c9b221811ec8e93c0efa821490c195aa Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalle...@mailbox.org>
Date: Mon, 12 Dec 2016 22:01:14 -0500
Subject: [PATCH] Use ucf to handle config file
---
debian/control | 1 +
debian/firewalld.postinst | 5 +++++
debian/firewalld.postrm | 20 ++++++++++++++++++++
debian/rules | 2 ++
4 files changed, 28 insertions(+)
create mode 100644 debian/firewalld.postrm
diff --git a/debian/control b/debian/control
index 17915e3..ffa16a6 100644
--- a/debian/control
+++ b/debian/control
@@ -29,6 +29,7 @@ Depends: dbus,
python3-dbus,
python3-gi,
python3-slip-dbus,
+ ucf,
${misc:Depends},
${python3:Depends}
Recommends: ebtables (>= 2.0.10.4-3.1~),
diff --git a/debian/firewalld.postinst b/debian/firewalld.postinst
index cc7b96d..ffd1e1c 100644
--- a/debian/firewalld.postinst
+++ b/debian/firewalld.postinst
@@ -5,8 +5,13 @@
set -e
+CONF=/etc/firewalld/firewalld.conf
+
case "$1" in
configure)
+ ucf --three-way /usr/share/firewalld/firewalld.conf $CONF
+ ucfr firewalld $CONF
+
if dpkg --compare-versions "$2" lt-nl "0.3.14.2-2~"; then
if ! dpkg-statoverride --list /etc/firewalld >/dev/null 2>&1; then
chmod 0750 /etc/firewalld
diff --git a/debian/firewalld.postrm b/debian/firewalld.postrm
new file mode 100644
index 0000000..f93eb5e
--- /dev/null
+++ b/debian/firewalld.postrm
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+CONF=/etc/firewalld/firewalld.conf
+
+case "$1" in
+ purge)
+ if [ -x "$(which ucf 2>/dev/null)" ]; then
+ ucf --purge $CONF
+ fi
+ if [ -x "$(which ucfr 2>/dev/null)" ]; then
+ ucfr --purge firewalld $CONF
+ fi
+ rm -f /etc/firewalld/firewalld.conf
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/rules b/debian/rules
index c88990e..2bb4991 100755
--- a/debian/rules
+++ b/debian/rules
@@ -18,6 +18,8 @@ override_dh_auto_configure:
override_dh_install:
dh_install --list-missing
+ mkdir -p debian/firewalld/usr/share/firewalld/
+ mv debian/firewalld/etc/firewalld/firewalld.conf debian/firewalld/usr/share/firewalld/
override_dh_fixperms:
dh_fixperms
--
2.10.2
signature.asc
Description: OpenPGP digital signature
