this will not work since if a systemd-unit is present systemd no longer is interested in anything from /etc/init.d/ so there is no solution except patch systemd if iptables.service is called which will not happen because it would be unmaintainable ober the long and doing it for iptables would bring a lot of of other people complaining "but why not XXX whateverservice" too Am 16.02.2012 00:09, schrieb Emanuel Rietveld: > On 02/15/2012 03:45 PM, "Jóhann B. Guðmundsson" wrote: >>> <snip> >>> >>> The service iptables save command is documented in a number of places and has been recommended to users for >>> years. See, for example, the security guide: >>> http://docs.fedoraproject.org/en-US/Fedora/16/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html >>> >>> This breaking with the systemctl move is expected, but the unhelpful error message is a usability bug. Executing >>> services iptables save should print "This is no longer supported. Please execute /usr/libexec/iptables.init >>> save" (See: https://bugzilla.redhat.com/show_bug.cgi?id=748134 ) >> >> <snip> >> >> Somehow I doubt that any bugs will be fixed for this in either systemd ( since this is not systemd bug ) or >> iptables ( since Thomas is working on the new stuff and this does probably not climb high enough in his priority >> list anyway he probably would not fix this until all the bits for that are in place). >> >> So if you or others want this fixed I'm pretty sure either side ( most notably iptables ) would gladly review >> and accept patches should they be submitted. >> >> JBG > > I propose the following script in /etc/init.d/iptables > > #!/bin/sh > # Please use systemctl to manage the iptables service > # The old initscript is in /usr/libexec/iptables.init > > case "$1" in > panic|save) > [ -c /dev/stderr ] && \ > echo "This is no longer supported with systemd. \ > Please use /usr/libexec/iptables.init $1" >/dev/stderr > exit 2 > ;; > *) > [ -c /dev/stderr ] && echo $"Redirecting to \ > /bin/systemctl $@ iptables.service" >/dev/stderr > exec /bin/systemctl $@ iptables.service > ;; > esac > > The behavior of this script is the exactly the same as the current situation, except that the error message is much > more userfriendly. > > The packaging guidelines say this " If present, the SysV initscript(s) must go into an optional subpackage, so as > not to confuse sysadmins" at http://fedoraproject.org/wiki/Packaging:Systemd > > Can wrapper scripts such as the above be made into an exception for this rule? I am happy Fedora can move forward > as fast as it does, but the users have to move forward with us. Providing helpful error messages for deprecated > behavior, that point in the right direction, could be a big help to make the transitions as easy as possible for > our users. > > > -- Mit besten Grüßen, Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / software-development / cms-solutions p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
