Update the .conf file before validating ('update' command)

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Compiler.pm

@@ -593,7 +593,7 @@ sub compiler {
     #
     #                      S H O R E W A L L . C O N F  A N D  C A P A B I L I T I E S
     #
-    get_configuration( $export , $update );
+    get_configuration( $export , $update , $annotate );
 
     report_capabilities unless $config{LOAD_HELPERS_ONLY};
 
@@ -890,11 +890,6 @@ sub compiler {
 	    process_routestopped;
 	}
 
-	#
-	# Update the configuration file if requested
-	#
-	update_config_file( $annotate ) if $update;
-
 	if ( $family == F_IPV4 ) {
 	    progress_message3 "Shorewall configuration verified";
 	} else {

Shorewall/Perl/Shorewall/Config.pm

@@ -121,7 +121,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       run_user_exit1
 				       run_user_exit2
 				       generate_aux_config
-				       update_config_file
 
 				       $product
 				       $Product
@@ -2853,8 +2852,10 @@ sub set_shorewall_dir( $ ) {
 #
 # Small functions called by get_configuration. We separate them so profiling is more useful
 #
-sub process_shorewall_conf( $ ) {
-    my $update = shift;
+sub update_config_file( $ );
+
+sub process_shorewall_conf( $$ ) {
+    my ( $update, $annotate ) = @_;
     my $file   = find_file "$product.conf";
     my $config = $update ? \%rawconfig : \%config;
 
@@ -2921,6 +2922,10 @@ sub process_shorewall_conf( $ ) {
 	    $config{$opt} = $v;
 	}
     }
+    #
+    # Now update the config file if asked
+    #
+    update_config_file( $annotate) if $update;
 }
 
 #
@@ -3181,9 +3186,9 @@ sub export_params() {
 # - Read the capabilities file, if any
 # - establish global hashes %config , %globals and %capabilities
 #
-sub get_configuration( $$ ) {
+sub get_configuration( $$$ ) {
 
-    my ( $export, $update ) = @_;
+    my ( $export, $update, $annotate ) = @_;
 
     $globals{EXPORT} = $export;
 
@@ -3195,7 +3200,7 @@ sub get_configuration( $$ ) {
 
     get_params;
 
-    process_shorewall_conf( $update );
+    process_shorewall_conf( $update, $annotate );
 
     ensure_config_path;
 

Shorewall/releasenotes.txt

@@ -107,19 +107,20 @@ None.
 	DROP_DEFAULT=Drop(-,DROP)
 
 5)  An 'update' command has been added to /sbin/shorewall and
-    /sbin/shorewall6. The command validates the configuration and then
-    updates the shorewall.conf (shorewall6.conf) file. The updated file
-    will set any new options with their default values and will move
-    any deprecated options with non-default values to a 'deprecated
-    options' section at the end of the file. Each such deprecated
-    option will generate a warning message.
+    /sbin/shorewall6. The command updates he shorewall.conf
+    (shorewall6.conf) file then validates the configuration. The
+    updated file will set any options not specified in the old file
+    with their default values, and will move any deprecated options
+    with non-default values to a 'deprecated options' section at the
+    end of the file. Each such deprecated option will generate a
+    warning message.
 
     Your original shorewall.conf (shorewall6.conf) file will be saved as
     shorewall.conf.bak (shorewall6.conf.bak).
 
-    The 'update' command accepts the same options as 'check' plus an
-    '-a' option that causes the updated file to be annotated with
-    documentation.
+    The 'update' command accepts the same options as the 'check'
+    command plus a '-a' option that causes the updated file to be
+    annotated with documentation.
 
 6)  Shorewall6 now supports ipsets. 
 

manpages/shorewall.xml

@@ -1551,10 +1551,10 @@
         <term><emphasis role="bold">update</emphasis></term>
 
         <listitem>
-          <para>Added in Shorewall 4.4.21 and causes the compiler to validate
-          the configuration and then update
-          <filename>/etc/shorewall/shorewall.conf</filename>. The update will
-          add new options with their default values and will move deprecated
+          <para>Added in Shorewall 4.4.21 and causes the compiler to update
+          <filename>/etc/shorewall/shorewall.conf then validate the
+          configuration</filename>. The update will add options not present in
+          the old file with their default values, and will move deprecated
           options with non-defaults to a deprecated options section at the
           bottom of the file. Your existing
           <filename>shorewall.conf</filename> file is renamed

manpages6/shorewall6.xml

@@ -1360,12 +1360,12 @@
         <term><emphasis role="bold">update</emphasis></term>
 
         <listitem>
-          <para>Added in Shorewall 4.4.21 and causes the compiler to validate
-          the configuration and then update
-          <filename>/etc/shorewall6/shorewall6.conf</filename>. The update
-          will add new options with their default values and will move
-          deprecated options with non-defaults to a deprecated options section
-          at the bottom of the file. Your existing
+          <para>Added in Shorewall 4.4.21 and causes the compiler to update
+          <filename>/etc/shorewall6/shorewall6.conf</filename> then validate
+          the configuration. The update will add options not present in the
+          existing file with their default values, and will move deprecated
+          options with non-defaults to a deprecated options section at the
+          bottom of the file. Your existing
           <filename>shorewall6.conf</filename> file is renamed
           <filename>shorewall6.conf.bak.</filename></para>