On 02/15/2012 03:45 PM, "Jóhann B. Guðmundsson" wrote:
>> <snip>
>>
>> The service iptables save command is documented in a number of places
>> and has been recommended to users for years. See, for example, the
>> security guide:
>> http://docs.fedoraproject.org/en-US/Fedora/16/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
>>
>> This breaking with the systemctl move is expected, but the unhelpful
>> error message is a usability bug. Executing services iptables save
>> should print "This is no longer supported. Please execute
>> /usr/libexec/iptables.init save" (See:
>> https://bugzilla.redhat.com/show_bug.cgi?id=748134 )
>
> <snip>
>
> Somehow I doubt that any bugs will be fixed for this in either systemd
> ( since this is not systemd bug ) or iptables ( since Thomas is
> working on the new stuff and this does probably not climb high enough
> in his priority list anyway he probably would not fix this until all
> the bits for that are in place).
>
> So if you or others want this fixed I'm pretty sure either side ( most
> notably iptables ) would gladly review and accept patches should they
> be submitted.
>
> JBG
I propose the following script in /etc/init.d/iptables
#!/bin/sh
# Please use systemctl to manage the iptables service
# The old initscript is in /usr/libexec/iptables.init
case "$1" in
panic|save)
[ -c /dev/stderr ] && \
echo "This is no longer supported with systemd. \
Please use /usr/libexec/iptables.init $1" >/dev/stderr
exit 2
;;
*)
[ -c /dev/stderr ] && echo $"Redirecting to \
/bin/systemctl $@ iptables.service" >/dev/stderr
exec /bin/systemctl $@ iptables.service
;;
esac
The behavior of this script is the exactly the same as the current
situation, except that the error message is much more userfriendly.
The packaging guidelines say this " If present, the SysV initscript(s)
must go into an optional subpackage, so as not to confuse sysadmins" at
http://fedoraproject.org/wiki/Packaging:Systemd
Can wrapper scripts such as the above be made into an exception for this
rule? I am happy Fedora can move forward as fast as it does, but the
users have to move forward with us. Providing helpful error messages for
deprecated behavior, that point in the right direction, could be a big
help to make the transitions as easy as possible for our users.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
