Re: service iptables save, systemctl, and unhelpful error messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/15/2012 03:45 PM, "Jóhann B. Guðmundsson" wrote:
<snip>

The service iptables save command is documented in a number of places and has been recommended to users for years. See, for example, the security guide: http://docs.fedoraproject.org/en-US/Fedora/16/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html

This breaking with the systemctl move is expected, but the unhelpful error message is a usability bug. Executing services iptables save should print "This is no longer supported. Please execute /usr/libexec/iptables.init save" (See: https://bugzilla.redhat.com/show_bug.cgi?id=748134 )

<snip>

Somehow I doubt that any bugs will be fixed for this in either systemd ( since this is not systemd bug ) or iptables ( since Thomas is working on the new stuff and this does probably not climb high enough in his priority list anyway he probably would not fix this until all the bits for that are in place).

So if you or others want this fixed I'm pretty sure either side ( most notably iptables )  would gladly review and accept patches should they be submitted.

JBG

I propose the following script in /etc/init.d/iptables

#!/bin/sh
# Please use systemctl to manage the iptables service
# The old initscript is in /usr/libexec/iptables.init

case "$1" in
    panic|save)
        [ -c /dev/stderr ] && \
        echo "This is no longer supported with systemd. \
Please use /usr/libexec/iptables.init $1" >/dev/stderr
	exit 2
	;;
    *)
        [ -c /dev/stderr ] && echo $"Redirecting to \
/bin/systemctl $@ iptables.service" >/dev/stderr
        exec /bin/systemctl $@ iptables.service
        ;;
esac
The behavior of this script is the exactly the same as the current situation, except that the error message is much more userfriendly.

The packaging guidelines say this " If present, the SysV initscript(s) must go into an optional subpackage, so as not to confuse sysadmins" at http://fedoraproject.org/wiki/Packaging:Systemd

Can wrapper scripts such as the above be made into an exception for this rule? I am happy Fedora can move forward as fast as it does, but the users have to move forward with us. Providing helpful error messages for deprecated behavior, that point in the right direction, could be a big help to make the transitions as easy as possible for our users.

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux