Dear Maintainer, firewalld is being used in FreedomBox, but currently is confusing to upgrade due to a conffile prompt. This was reported here: http://lists.alioth.debian.org/pipermail/freedombox-discuss/2016-November/007694.html FreedomBox uses this script to configure firewalld: https://github.com/freedombox/Plinth/blob/master/data/usr/lib/freedombox/first-run.d/90_firewall When we run "firewall-cmd --set-default-zone=external", firewalld modifies /etc/firewalld/firewalld.conf. However, /etc/firewalld/firewalld.conf is a conffile, and if there are any changes to this file in a new firewalld package, then it causes the conffile prompt during upgrade, with no easy way to merge our configuration with the changes in the new package. This also prevents unattended-upgrades from upgrading the package automatically. Please consider using ucf or a similar tool to merge the configuration during upgrade.
I'm attaching a patch that implements this change. With this change, firewalld.conf is installed into /usr/share/firewalld. Then in postinst, ucf will merge the file into /etc/firewalld. During an interactive upgrade (assuming default settings), if both files are changed, there will be a ucf prompt that allows three-way diff and merge. It also won't block unattended-upgrade of this package.
Hello, Just wanted to check, could you consider this patch? Or is there another approach we could try? Regards, James
Hi James! I have to be honest: I'm not a very huge fan of ucf. It feels like something bolted on to work around a deficiency in dpkg or the upstream configuration system. So, I'm very reluctant to merge anything that adds a dependency on ucf. Regards, Michael