Looks like this bug isn't completely fixed - the patch provided at http://robin.powdarrmonkey.net/cgi-bin/gitweb.cgi?p=iptables-persistent;a=commitdiff;h=3780d5e5793ec8112bedae3dec95a0e777461a5d 1) doesn't fix postinstall script which still may fail 2) I _personally_ dislike the idea of checking file ( /proc/net/ip_tables_names ) existence, when _command_ will be executed instead of file operations, I think it is better to check command execution before real file read/write
While the second point is arguable, http://robin.powdarrmonkey.net/cgi-bin/gitweb.cgi?p=iptables-persistent;a=blob;f=debian/iptables-persistent.postinst;h=8213fe01d0caf34b32bdba76a0a432e1545d12b0;hb=HEAD may still fail. On Sun, Aug 14, 2011 at 1:36 AM, Debian Bug Tracking System <ow...@bugs.debian.org> wrote: > This is an automatic notification regarding your Bug report > which was filed against the iptables-persistent package: > > #619626: iptables-persistent: configuration may fail if there is no > /proc/net/ip_tables_names entry ( no ip_tables module loaded ) > > It has been closed by Jonathan Wiltshire <j...@debian.org>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Jonathan Wiltshire > <j...@debian.org> by > replying to this email. > > > -- > 619626: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619626 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > > ---------- Forwarded message ---------- > From: Jonathan Wiltshire <j...@debian.org> > To: 619626-cl...@bugs.debian.org > Date: Sat, 13 Aug 2011 21:32:19 +0000 > Subject: Bug#619626: fixed in iptables-persistent 0.5.2 > Source: iptables-persistent > Source-Version: 0.5.2 > > We believe that the bug you reported is fixed in the latest version of > iptables-persistent, which is due to be installed in the Debian FTP archive: > > iptables-persistent_0.5.2.dsc > to main/i/iptables-persistent/iptables-persistent_0.5.2.dsc > iptables-persistent_0.5.2.tar.gz > to main/i/iptables-persistent/iptables-persistent_0.5.2.tar.gz > iptables-persistent_0.5.2_all.deb > to main/i/iptables-persistent/iptables-persistent_0.5.2_all.deb > > > > A summary of the changes between this version and the previous one is > attached. > > Thank you for reporting the bug, which will now be closed. If you > have further comments please address them to 619...@bugs.debian.org, > and the maintainer will reopen the bug report if appropriate. > > Debian distribution maintenance software > pp. > Jonathan Wiltshire <j...@debian.org> (supplier of updated iptables-persistent > package) > > (This message was generated automatically at their request; if you > believe that there is a problem with it please contact the archive > administrators by mailing ftpmas...@debian.org) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Format: 1.8 > Date: Sat, 13 Aug 2011 22:23:46 +0100 > Source: iptables-persistent > Binary: iptables-persistent > Architecture: source all > Version: 0.5.2 > Distribution: unstable > Urgency: low > Maintainer: Jonathan Wiltshire <j...@debian.org> > Changed-By: Jonathan Wiltshire <j...@debian.org> > Description: > iptables-persistent - boot-time loader for iptables rules > Closes: 612278 619626 626385 634368 > Changes: > iptables-persistent (0.5.2) unstable; urgency=low > . > * [1019a3] Debconf translation to Japanese. > Thanks to Hideki Yamane (Closes: #626385) > * [a29b06] debian/po: refresh .po files > * [3780d5] Do not attempt to save or load rules if the appropriate module > is not loaded (Closes: #619626) > * [1c14c5] Do not include blank rules.* files; instead, simply remove them > on purge if they have been created (Closes: #612278) > * [ec6628] Implement 'flush' command to init script (Closes: #634368) > * [428b95] Standards version 3.9.2 (no changes) > Checksums-Sha1: > 555c22e9ca4819c946063e5ed483abfd87fa67ff 1569 iptables-persistent_0.5.2.dsc > 6a884193a1367af12c795bd60ea849a7ef337e83 10617 > iptables-persistent_0.5.2.tar.gz > 11e373df2c4cfb1fcda0a5e90456ea717e4b8d30 8046 > iptables-persistent_0.5.2_all.deb > Checksums-Sha256: > 5d47deca89e89748d864df7dff80fe120ee919fb62bbf03343a26f06031fe040 1569 > iptables-persistent_0.5.2.dsc > 89602104bc2307b4c624068b286990b50b5b18dea33b63ccbf0b0a1f5499da47 10617 > iptables-persistent_0.5.2.tar.gz > c5dd95a953e3958a424eaa8ea6dad9595bf8345965e82049ea534b5210d43f50 8046 > iptables-persistent_0.5.2_all.deb > Files: > abcd29568d3008df59383af50d9eff58 1569 admin optional > iptables-persistent_0.5.2.dsc > 5a5f3439192cc7d69d75598114b15eec 10617 admin optional > iptables-persistent_0.5.2.tar.gz > 252447f7b0059b98d697f39b7f853398 8046 admin optional > iptables-persistent_0.5.2_all.deb > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQIcBAEBAgAGBQJORuwDAAoJEFOUR53TUkxRKDsP/0YsnBiYcGf9kDGGeqRDOuqh > SELWH8mylcgoVQwSY6g+zp01i6mp3MWB1JxSLn4tE1RRVZ8nubx+oeOatLa7GZN1 > qNm3fUZ/mw+/DF/hmpL0/QB1KkkaKMTdQ1oh2d1yfNBNjPXVJQQwVDJuOUvmihel > andJAdB4TYiZWG3jrjZL9kJnAsjx1C/rmmWa4pRsUzW4Wa9bBMLSzfuwg9yCcWKb > oA6JSPFkUNhKK5wLec3OOV8R2w++Kjky098tzfO7SptqVUy+pFQ4nSXPVCBlY6nj > dl5gSH0Bqs7sBTP6bH6MPe65H2zx640yUp4IBhYNlOM3n29MYYY/0lgQ1WiGQ1IF > m/IvmBEmy45L7K0MgH1WC3jlY0gKlUw5jnDJDEGe0Mv4qYVzN2ddDt0ksxwj5biW > vuZ0qHcUjB5riDU4PQ1VH6goSxC98aJvQULaPbDu64QfXpmsT8hUxnIqzxZC804V > 67vFBZQcgs9mDhjTPaBHhRk4HFlyRJzgSWGWZ730ESqNi3ojhH7JZoXRs0ZaxujR > su1DJHQyakhR+cJ4O59fkDZiDYa3SbbXK95MRT1SqYCEMwms1PS4uWPjGjMqLBtQ > XO8fIyp3iQPR37ahFrCMtlo4Eav0GNdT1IWxnfQcyoqnTsrTQe8C9F5qQRjG0riN > +Dmt6PJa09y7r9lH3RbI > =8odN > -----END PGP SIGNATURE----- > > > > > ---------- Forwarded message ---------- > From: Roman Ovchinnikov <coolthec...@gmail.com> > To: Debian Bug Tracking System <sub...@bugs.debian.org> > Date: Fri, 25 Mar 2011 20:34:38 +0300 > Subject: iptables-persistent: configuration may fail if there is no > /proc/net/ip_tables_names entry ( no ip_tables module loaded ) > Package: iptables-persistent > Version: 0.5.1-coolcold-1 > Severity: important > Tags: patch > > > If ip_tables module is not loaded, so there is no /proc/net/ip_tables_names > file and so > iptables-save fails. This is almost okay except for the case where > configuration of > package occurs - installation is broken, like: > > root@epsilon:~# apt-get install iptables-persistent > Reading package lists... Done > Building dependency tree > Reading state information... Done > The following packages were automatically installed and are no longer > required: > libapt-pkg-perl > Use 'apt-get autoremove' to remove them. > The following NEW packages will be installed: > iptables-persistent > 0 upgraded, 1 newly installed, 0 to remove and 56 not upgraded. > Need to get 7202B of archives. > After this operation, 90.1kB of additional disk space will be used. > Get:1 http://repo.coolcold.org lenny-coolcold/main iptables-persistent > 0.5.1-coolcold-1 [7202B] > Fetched 7202B in 0s (183kB/s) > Preconfiguring packages ... > Selecting previously deselected package iptables-persistent. > (Reading database ... 44784 files and directories currently installed.) > Unpacking iptables-persistent (from > .../iptables-persistent_0.5.1-coolcold-1_all.deb) ... > Setting up iptables-persistent (0.5.1-coolcold-1) ... > iptables-save v1.4.2: Unable to open /proc/net/ip_tables_names: No such file > or directory > > dpkg: error processing iptables-persistent (--configure): > subprocess post-installation script returned error exit status 1 > Errors were encountered while processing: > iptables-persistent > E: Sub-process /usr/bin/dpkg returned an error code (1) > root@epsilon:~# iptables-save > iptables-save v1.4.2: Unable to open /proc/net/ip_tables_names: No such file > or directory > > > below is small patch which i believe should help. > Thanks in advance. > > P.S. I've took iptables-persistent from > http://ftp.de.debian.org/debian/pool/main/i/iptables-persistent/iptables-persistent_0.5.1.tar.gz > and did backport to lenny (changed debhelper version dependancy in control > file) > > --- iptables-persistent.postinst 2011-03-05 12:19:23.000000000 +0000 > +++ iptables-persistent.postinst.new 2011-03-25 17:09:35.000000000 +0000 > @@ -16,11 +16,11 @@ > if [ "x$RET" != "xtrue" ]; then > db_get iptables-persistent/autosave_v4 || true > if [ "x$RET" = "xtrue" ]; then > - iptables-save > /etc/iptables/rules.v4 > + iptables-save > /etc/iptables/rules.v4 || true > fi > db_get iptables-persistent/autosave_v6 || true > if [ "x$RET" = "xtrue" ]; then > - ip6tables-save > /etc/iptables/rules.v6 > + ip6tables-save > /etc/iptables/rules.v6 || true > fi > > db_set iptables-persistent/autosave_done true || true > > > -- System Information: > Debian Release: 5.0.7 > APT prefers oldstable > APT policy: (500, 'oldstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/2 CPU cores) > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) > Shell: /bin/sh linked to /bin/bash > > Versions of packages iptables-persistent depends on: > ii debconf [debconf-2.0] 1.5.24 Debian configuration management > sy > ii iptables 1.4.2-6 administration tools for packet > fi > ii lsb-base 3.2-20 Linux Standard Base 3.2 init > scrip > > iptables-persistent recommends no packages. > > iptables-persistent suggests no packages. > > -- debconf information: > * iptables-persistent/autosave_v6: true > * iptables-persistent/autosave_v4: true > > > > -- Best regards, [COOLCOLD-RIPN] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
