I have a rpm package that adds a new firewall service and during install wants to enable this service. However this fails with "Error: INVALID_SERVICE":
$ dnf localinstall -y firewall-spec-test-0.0.1-1.fc35.x86_64.rpm
Last metadata expiration check: 1:29:06 ago on Fri 27 May 2022 01:20:48 CEST.
Dependencies resolved.
==============================================================================
Package Arch Version Repository Size
==============================================================================
Installing:
firewall-spec-test x86_64 0.0.1-1.fc35 @commandline 7.2 k
Transaction Summary
==============================================================================
Install 1 Package
Total size: 7.2 k
Installed size: 164
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : firewall-spec-test-0.0.1-1.fc35.x86_64 1/1
Running scriptlet: firewall-spec-test-0.0.1-1.fc35.x86_64 1/1
Error: INVALID_SERVICE: 'dummy' not among existing services
Verifying : firewall-spec-test-0.0.1-1.fc35.x86_64 1/1
Installed:
firewall-spec-test-0.0.1-1.fc35.x86_64
Complete!
The dummy.xml file is
<?xml version="1.0" encoding="utf-8"?>
<service>
<description>dummy service</description>
<short>dummy</short>
<port port="1234" protocol="udp"/>
</service>
and the spec file I have trimmed down to for testing is:
Name: firewall-spec-test
Version: 0.0.1
Release: 1%{?dist}
Summary: ...
License: GPLv3
URL: https://stackoverflow.com/q/...
Source0: dummy.xml
BuildRequires: systemd-rpm-macros
Requires: firewalld
%description
...
%prep
cp %{SOURCE0} .
%build
%install
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/firewalld/services
cp -a dummy.xml ${RPM_BUILD_ROOT}%{_sysconfdir}/firewalld/services
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%post
if [ $1 == 1 ]
then
# First time install
firewall-cmd --permanent --zone=public --add-service=dummy
firewall-cmd --reload --quiet
fi
exit 0
%preun
if [ $1 == 0 ]
then
# Complete uninstall
firewall-cmd --permanent --zone=public --remove-service=dummy
firewall-cmd --reload --quiet
fi
exit 0
%files
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/firewalld/services/*
%changelog
...
So how do I get firewall to use the new service?
So apparently firewalld needs an initial reload first in order for it to pick up the added service definition.
--- firewall-spec-test.spec.fail 2022-05-27 02:58:34.747351419 +0200
+++ firewall-spec-test.spec 2022-05-27 02:59:13.925280222 +0200
@@ -25,6 +25,7 @@
if [ $1 == 1 ]
then
# First time install
+ firewall-cmd --reload --quiet # In order for firewall-cmd to pick up the added service file
firewall-cmd --permanent --zone=public --add-service=dummy
firewall-cmd --reload --quiet
fi