pacnew for initscripts in /etc/rc.d?

tazmanian · 2010-01-05 16:45:13

I just updated iptables today and was surprised to find that my extensively customized /etc/rc.d/iptables initscript was silently overwritten. I had expected pacman to create a .pacnew, as it does for anything that's modified in /etc, but this didn't happen. (I also expected the .pacnew from my years as a Gentoo user. Gentoo protects initscripts just like everything else in /etc.)

Is this intentional behaviour or is it a bug? If intentional, is there any way I can force pacman to create .pacnew files instead?

ataraxia · 2010-01-05 18:45:39

pacman only creates .pacnew files for things listed in "backup" of a PKGBUILD. Do "pacman -Qii" on a package to see this list.

If you put files in NoUpgrade in pacman.conf it will force pacman to do what you want here. (Do not include the leading slash for these files.) See man pacman.conf.

tazmanian · 2010-01-05 21:57:11

Ah, okay, thanks. The wiki was misleading and implied that every file in a package underwent the ".pacnew" treatment. I've fixed the wiki to be more accurate now.

tomk · 2010-01-05 23:08:44

As a general rule, it is assumed that users will not alter the supplied init scripts. Where modifications are required, /etc/conf.d/foo is provided, which is sourced by /etc/rc.d/foo. The conf.d file is then listed in the package's backup array to preserve user customisation.

The above applies to iptables, so you should see if your changes can be implemented that way.

tazmanian · 2010-01-06 02:13:25

My iptables script is significantly different from the default script. The script supplied by the package assumes that the rules are static -- that they can be simply saved when the network goes down and restored when the network comes back up.

In my setup, I can't use the default script to achieve what I want, since my rules depend on my IP address. (Explanation below if you're curious.) I guess I just use iptables in a very non-standard way that's not quite supported.

I'd be happy to hear any suggestions for a better (more standard?) way of achieving what I'm doing.

Here's why my iptables rules depend on my IP address. I have an OpenVPN tunnel to my office at the university. To get access to university resources on my laptop while off campus, I route some of my traffic through my office. For performance, when I'm on campus, I don't want this routing to happen (the OpenVPN server is out of town). I route my traffic using a combination of iptables and iproute2: packets are marked using iptables's mangle table and conntrack capabilities, and iproute2 routes the marked packets over the VPN. So, depending on my location (as determined by IP), my iptables mangle table is either empty or populated.

tomk · 2010-01-06 11:27:22

OK - short-term workaround is to rename your script. it doesn't have to be called/etc/rc.d/iptables, after all.
Long-term solution is to modify /etc/rc.d/iptables and /etc/conf.d/iptables to accommodate your needs without adversely affecting other users. You can then submit your changes as a feature request with a patch attached.

Arch Linux

#1 2010-01-05 16:45:13

pacnew for initscripts in /etc/rc.d?

#2 2010-01-05 18:45:39

Re: pacnew for initscripts in /etc/rc.d?

#3 2010-01-05 21:57:11

Re: pacnew for initscripts in /etc/rc.d?

#4 2010-01-05 23:08:44

Re: pacnew for initscripts in /etc/rc.d?

#5 2010-01-06 02:13:25

Re: pacnew for initscripts in /etc/rc.d?

#6 2010-01-06 11:27:22

Re: pacnew for initscripts in /etc/rc.d?

Board footer