From 09256369956fbf010bfa3edd93235105b6915064 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Wed, 8 Jun 2016 21:17:15 +0200
Subject: [PATCH] (Fwd) [Shorewall-users] Shorewall-lite on OpenWRT

On 7 Jun 2016 at 8:21, Tom Eastep wrote:

> On 06/07/2016 06:40 AM, Matt Darfeuille wrote:
> > On 5 Jun 2016 at 12:53, Tom Eastep wrote:
> >
> >> On 06/05/2016 12:33 PM, Matt Darfeuille wrote:
> >>> On 5 Jun 2016 at 7:57, Tom Eastep wrote:
> >>>
> >>>> On 05/29/2016 02:00 AM, Matt Darfeuille wrote:
> >>>>
> >>>> Hi Matt,
> >>>>
> >>>>>
> >>>>> -------------- Enclosure number 1 ----------------
> >>>>> >From 6ff651108df33ab8be4562caef03a8582e9eac5e Mon Sep 17 00:00:00 2001
> >>>>> From: Matt Darfeuille <matdarf@gmail.com>
> >>>>> Date: Tue, 24 May 2016 13:10:28 +0200
> >>>>> Subject: [PATCH 1/8] Emulate 'ps -p' using grep to work on openwrt
> >>>>>
> >>>>> Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
> >>>>> ---
> >>>>>  Shorewall-core/lib.common | 2 +-
> >>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>>>>
> >>>>> diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common
> >>>>> index 03ecb2a..fcb02ee 100644
> >>>>> --- a/Shorewall-core/lib.common
> >>>>> +++ b/Shorewall-core/lib.common
> >>>>> @@ -776,7 +776,7 @@ mutex_on()
> >>>>>  		error_message "WARNING: Stale lockfile ${lockf} removed"
> >>>>>  	    elif [ $lockpid -eq $$ ]; then
> >>>>>                  return 0
> >>>>> -	    elif ! qt ps p ${lockpid}; then
> >>>>> +	    elif ! qt ps | grep -v grep | grep ${lockpid}; then
> >>>>
> >>>> I don't see how this can work -- 'qt ps' will produce no output yet the
> >>>> code pipes into tandem greps.
> >>>>
> >>>> Do you really want this instead?
> >>>>
> >>>> elif ! ps | grep -v grep | qt grep ${lockpid}; then
> >>>>
> >>>
> >>> Oops sorry Tom, that's what I meant(do you want the corrected
> >>> patch?)!
> >>
> >> Yes, please.
> >>
> >
> > Tom, along with correcting this faulty commit I realize, after some
> > more testing, that I've also sent unnecessary commits.
> >
> > Should I revert these 3 commits(git revert ...):
> > Set proper permissions for the LOCKFILE on openwrt
> > 2ded346cb557212389212fd5adcd4c6800edbb62
> > Create lockfile before using openwrt's lock utility
> > 08e8796ff1abc3b24b8bbd40bf5e0a2b36464d61
> > Emulate 'ps -p' using grep to work on openwrt
> > 6ff651108df33ab8be4562caef03a8582e9eac5e
> >
> > or should I simply create new commits that will correct these faulty
> > commits?
> >
> > In other words what's the best way to correct submited commits.
> >
>
> Matt,
>
> Either way is fine.
>

Hopefully these 3 commits will do it(code-fixes.patch):

Patch 1 will correct the error you have point out!
On OpenWRT the lock utility doesn't allow to append the pid of the
currently running script to the LOCKFILE that's why I've simply
deleted that line(patch 2).
I've also reordered the permissions line to be added after the line
that will lock the file specified by the LOCKFILE variable(patch 3).

and two other patches:
While installing shorewall-init using the DESTDIR variable on debian,
'mkdir' would complain if the directory ${DESTDIR}/${etc}/default
already exist; corrected using 'mkdir -p ...'(patch 4).
The last patch will correct a typo in the blacklisting_support
article.

-Matt

-------------- Enclosure number 1 ----------------
>From 1a2ff15c8dc994030e819d2882570d188b99c501 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Wed, 8 Jun 2016 09:09:46 +0200
Subject: [PATCH 1/5] Correct pid detection mutex_on()

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.common     | 5 ++---
 Shorewall-init/install.sh     | 2 +-
 docs/blacklisting_support.xml | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common
index 3d0bacb1d..8570b1247 100644
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -776,7 +776,7 @@ mutex_on()
 		error_message "WARNING: Stale lockfile ${lockf} removed"
 	    elif [ $lockpid -eq $$ ]; then
                 return 0
-	    elif ! qt ps | grep -v grep | grep ${lockpid}; then
+	    elif ! ps | grep -v grep | qt grep ${lockpid}; then
 		rm -f ${lockf}
 		error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
 	    fi
@@ -788,9 +788,8 @@ mutex_on()
 	    echo $$ > ${lockf}
 	    chmod u-w ${lockf}
 	elif qt mywhich lock; then
-            echo $$ > ${lockf}
-            chmod u=r ${lockf}
             lock ${lockf}
+            chmod u=r ${lockf}
 	else
 	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
 		sleep 1
diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh
index 2d1a044e3..f4e4a3a9c 100755
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -412,7 +412,7 @@ if [ $HOST = debian ]; then
 
     if [ ! -f ${DESTDIR}${CONFDIR}/default/shorewall-init ]; then
 	if [ -n "${DESTDIR}" ]; then
-	    mkdir ${DESTDIR}${ETC}/default
+	    mkdir -p ${DESTDIR}${ETC}/default
 	fi
 
 	[ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default
diff --git a/docs/blacklisting_support.xml b/docs/blacklisting_support.xml
index d611197be..5d50ee244 100644
--- a/docs/blacklisting_support.xml
+++ b/docs/blacklisting_support.xml
@@ -48,7 +48,7 @@
   <section id="Intro">
     <title>Introduction</title>
 
-    <para>Shorewall supports two different types of blackliisting; rule-based,
+    <para>Shorewall supports two different types of blacklisting; rule-based,
     static and dynamic. The BLACKLIST option in /etc/shorewall/shorewall.conf
     controls the degree of blacklist filtering.</para>