From 450b890fb1194027b7852bfe8d7678eead9482d9 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Wed, 4 Apr 2018 00:49:28 -0400
Subject: [PATCH] BF: remove all non-existing services from PartOf of
 fail2ban.service.

Should resolve inability to restart firewalld (its .service is
left in PartOf) upon upgrades.
---
 debian/changelog                       |  8 +++++++-
 debian/patches/deb_no_iptables_service | 28 ++++++++++++++++++++++++++
 debian/patches/series                  |  1 +
 3 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 debian/patches/deb_no_iptables_service

diff --git a/debian/changelog b/debian/changelog
index ef0b16c8..795f2b20 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,14 @@ fail2ban (0.10.2-2) unstable; urgency=medium
 
   [ Arturo Borrero Gonzalez ]
   * Recommend nftables as an alternative to iptables (Closes: #892472)
+  
+  [ Yaroslav Halchenko ]
+  * debian/patches/deb_no_iptables_service (Closes: #871993)
+    - remove all non-existing services from PartOf of fail2ban.service.
+      Should resolve inability to restart firewalld (its .service is
+      left in PartOf) upon upgrades.
 
- -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 10 Mar 2018 08:32:43 -0500
+ -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 04 Apr 2018 00:47:53 -0400
 
 fail2ban (0.10.2-1) unstable; urgency=medium
 
diff --git a/debian/patches/deb_no_iptables_service b/debian/patches/deb_no_iptables_service
new file mode 100644
index 00000000..253cf7cf
--- /dev/null
+++ b/debian/patches/deb_no_iptables_service
@@ -0,0 +1,28 @@
+From: Yaroslav Halchenko <debian@onerussian.com>
+Subject: Remove all non-provided .service's within PartOf of fail2ban.service
+
+  As reported and corroborated in the bug report, this causes inability
+  of firewalld to restart.
+  Correct solution would involve making systemd smarter and tune up
+  of involved .service files.
+  Since Debian ATM doesn't provide any of those ({ip{,6}tables,ipset}.service)
+  files, it should be safe and generic enough to just prune them from PartOf
+
+  Thanks  Joe Cooper <swelljoe@gmail.com> and Sunil Mohan Adapa <sunil@medhas.org>
+  for the reports and nagging ;)
+
+Origin: Fedora, Debian
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871993
+Last-Update: 2018-04-04
+
+--- a/files/fail2ban.service.in
++++ b/files/fail2ban.service.in
+@@ -2,7 +2,7 @@
+ Description=Fail2Ban Service
+ Documentation=man:fail2ban(1)
+ After=network.target iptables.service firewalld.service ip6tables.service ipset.service
+-PartOf=iptables.service firewalld.service ip6tables.service ipset.service
++PartOf=firewalld.service
+ 
+ [Service]
+ Type=simple
diff --git a/debian/patches/series b/debian/patches/series
index 3435f5f7..3ae3ca98 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ deb_manpages_reportbug
 0003-BF-look-for-system.journal-also-under-system-state-l.patch
 0004-BF-use-build_-_2to3-if-in-_2to3.patch
 0001-BF-RF-test-for-being-a-root-to-check-if-actually-can.patch
+deb_no_iptables_service