From 8be2500f35f2edb3db51f6f48ce70d6cfcee24df Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 21 Aug 2019 16:54:10 +0200
Subject: Call iptables binaries from /usr/sbin not /sbin.

As of Buster this is the case, and the maintainer plans to drop
compatibility symlinks once Bullseye is released.

See /usr/share/doc/iptables/NEWS.Debian.gz .
---
 Changelog |  3 +++
 lacme     | 12 ++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/Changelog b/Changelog
index 43265ce..27b93de 100644
--- a/Changelog
+++ b/Changelog
@@ -3,6 +3,9 @@ lacme (0.6) UNRELEASED
  + client: poll order URL instead of each authz URL successively.
  - lacme, client: new dependency Date::Parse, don't parse RFC 3339
    datetime strings from X.509 certs manually.
+ - lacme: assume that the iptables(1) binaries are under /usr/sbin not
+   /sbin.  As of Buster this is the case, and the maintainer plans to
+   drop compatibility symlinks once Bullseye is released.
 
  -- Guilhem Moulin <guilhem@fripost.org>  Mon, 21 Jan 2019 02:07:58 +0100
 
diff --git a/lacme b/lacme
index cc94149..1c5761c 100755
--- a/lacme
+++ b/lacme
@@ -399,10 +399,10 @@ sub iptables_save($@) {
         open STDIN,  '<',  '/dev/null'   or die "Can't open /dev/null: $!";
         open STDOUT, '>&', $iptables_tmp or die "Can't dup: $!";
         $| = 1; # turn off buffering for STDOUT
-        exec "/sbin/$iptables_bin-save", "-c" or die;
+        exec "/usr/sbin/$iptables_bin-save", "-c" or die;
     }
     waitpid $pid => 0;
-    die "Error: /sbin/$iptables_bin-save exited with value ".($? >> 8) if $? > 0;
+    die "Error: /usr/sbin/$iptables_bin-save exited with value ".($? >> 8) if $? > 0;
 
     # seek back to the begining, as we'll restore directly from the
     # handle and not from the file.  XXX if there was a way in Perl to
@@ -416,10 +416,10 @@ sub iptables_save($@) {
         unless ($pid) {
             open STDIN, '<&', $iptables_tmp or die "Can't dup: $!";
             open STDOUT, '>', '/dev/null'   or die "Can't open /dev/null: $!";
-            exec "/sbin/$iptables_bin-restore", "-c" or die;
+            exec "/usr/sbin/$iptables_bin-restore", "-c" or die;
         }
         waitpid $pid => 0;
-        warn "Warning: /sbin/$iptables_bin-restore exited with value ".($? >> 8) if $? > 0;
+        warn "Warning: /usr/sbin/$iptables_bin-restore exited with value ".($? >> 8) if $? > 0;
     };
 
 
@@ -437,10 +437,10 @@ sub iptables_save($@) {
         }
 
         my $dest = Socket::inet_ntop($domain, $addr) .'/'. $mask;
-        system ("/sbin/$iptables_bin", qw/-I INPUT  -p tcp -m tcp -m state/,
+        system ("/usr/sbin/$iptables_bin", qw/-I INPUT  -p tcp -m tcp -m state/,
                 '-d', $dest, '--dport', $port,
                 '--state', 'NEW,ESTABLISHED', '-j', 'ACCEPT') == 0 or die;
-        system ("/sbin/$iptables_bin", qw/-I OUTPUT -p tcp -m tcp -m state/,
+        system ("/usr/sbin/$iptables_bin", qw/-I OUTPUT -p tcp -m tcp -m state/,
                 '-s', $dest, '--sport', $port,
                 '--state',     'ESTABLISHED', '-j', 'ACCEPT') == 0 or die;
     }
-- 
cgit v1.2.3