-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/07/2014 01:03 PM, Thomas Woerner wrote: > On 07/07/2014 02:55 PM, Stephen Gallagher wrote: On 07/04/2014 > 07:36 AM, Thomas Woerner wrote: >>>> On 07/03/2014 09:32 PM, Stef Walter wrote: >>>>> On 03.07.2014 15:39, Rex Dieter wrote: >>>>>> I'm looking into providing a predefined firewalld >>>>>> service definition for kde-connect, per >>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1115547 >>>>>> >>>>>> Looks like it's as easy as dropping an xml snippet into >>>>>> /usr/lib/firewalld/services/ >>>>>> >>>>>> I'm also noticing currently that the only package >>>>>> besides fallwalld itself doing this is cockpit, which >>>>>> includes a %post scriptlet: >>>>>> >>>>>> # firewalld only partially picks up changes to its >>>>>> services files # without this test -f >>>>>> %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet >>>>>> || true >>>>>> >>>>>> >>>>>> Is this the recommended approach? If so, I'll follow >>>>>> this lead, and maybe start work on drafting some >>>>>> packaging guidelines. >>>>> >>>>> Thomas Woerner would be the one to work out those >>>>> guidelines. >>>>> >>>> Yes. >>>> >>>>> But to explain ... apparently there are two firewalld >>>>> "environments". When you install a service file it only >>>>> affects the installed environment (used after a reboot) and >>>>> not the current "runtime environment". >>>>> >>>>> This means that a user can't immediately use your service >>>>> definition in a command like: >>>>> >>>>> $ firewall-cmd --add-service=cockpit >>>>> >>>>> The command: >>>>> >>>>> $ firewall-cmd --reload >>>>> >>>>> ... makes newly installed service files available in the >>>>> runtime environment. I guess this is sorta analogous to >>>>> 'systemctl daemon-reload'. >>>>> >>>> Newly added services and zones are available in the >>>> permanent environment of firewalld, where they can be used >>>> with the UI and command line tools. >>>> >>>> To have a newly added service or zone in the runtime >>>> environment it is needed to reload firewalld: firewall-cmd >>>> --reload or systemctl reload firewalld.service. >>>> > > > Thomas, the real question here is this: If a package wants to > install (and maintain) its own set of firewalld service > definitions, is the approach Stef took the best one? If so, we > should submit a Packaging Guidelines edit to the FPC and get this > codified where others can find it. > >> Yes, this is the best approach right now. > >> I can write some documentatoin for this. What is the proper way >> to get it in the Packaging guidelines? > Create a draft with an example on the Wiki and then send an email to packaging@xxxxxxxxxxxxxxxxxxxxxxx to ask them to review it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlO63GAACgkQeiVVYja6o6OF9QCffdDLUE2dUtaQU7vQjGVvVZsx xKQAoIaUi5ym7iRpxF4eBkx16BqGCrqn =xVgQ -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
