Update the .conf file before validating ('update' command)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-09 01:04:06 +01:00 · 2011-06-22 12:31:58 -07:00 · 2011-06-22 12:31:58 -07:00 · 1b3d7947b8
commit 1b3d7947b8
parent ba7d5fd720
5 changed files with 32 additions and 31 deletions
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -593,7 +593,7 @@ sub compiler {
    #
    #                      S H O R E W A L L . C O N F  A N D  C A P A B I L I T I E S
    #
-    get_configuration( $export , $update );
+    get_configuration( $export , $update , $annotate );
    report_capabilities unless $config{LOAD_HELPERS_ONLY};
@ -890,11 +890,6 @@ sub compiler {
 	    process_routestopped;
 	}
 	#
 	# Update the configuration file if requested
 	#
 	update_config_file( $annotate ) if $update;
 	if ( $family == F_IPV4 ) {
 	    progress_message3 "Shorewall configuration verified";
 	} else {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -121,7 +121,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       run_user_exit1
 				       run_user_exit2
 				       generate_aux_config
 				       update_config_file
 				       $product
 				       $Product
@ -2853,8 +2852,10 @@ sub set_shorewall_dir( $ ) {
 #
 # Small functions called by get_configuration. We separate them so profiling is more useful
 #
-sub process_shorewall_conf( $ ) {
+sub update_config_file( $ );
-    my $update = shift;
+
 sub process_shorewall_conf( $$ ) {
    my ( $update, $annotate ) = @_;
    my $file   = find_file "$product.conf";
    my $config = $update ? \%rawconfig : \%config;
@ -2921,6 +2922,10 @@ sub process_shorewall_conf( $ ) {
 	    $config{$opt} = $v;
 	}
    }
    #
    # Now update the config file if asked
    #
    update_config_file( $annotate) if $update;
 }
 #
@ -3181,9 +3186,9 @@ sub export_params() {
 # - Read the capabilities file, if any
 # - establish global hashes %config , %globals and %capabilities
 #
-sub get_configuration( $$ ) {
+sub get_configuration( $$$ ) {
-    my ( $export, $update ) = @_;
+    my ( $export, $update, $annotate ) = @_;
    $globals{EXPORT} = $export;
@ -3195,7 +3200,7 @@ sub get_configuration( $$ ) {
    get_params;
-    process_shorewall_conf( $update );
+    process_shorewall_conf( $update, $annotate );
    ensure_config_path;
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -107,19 +107,20 @@ None.
 	DROP_DEFAULT=Drop(-,DROP)
 5)  An 'update' command has been added to /sbin/shorewall and
-    /sbin/shorewall6. The command validates the configuration and then
+    /sbin/shorewall6. The command updates he shorewall.conf
-    updates the shorewall.conf (shorewall6.conf) file. The updated file
+    (shorewall6.conf) file then validates the configuration. The
-    will set any new options with their default values and will move
+    updated file will set any options not specified in the old file
-    any deprecated options with non-default values to a 'deprecated
+    with their default values, and will move any deprecated options
-    options' section at the end of the file. Each such deprecated
+    with non-default values to a 'deprecated options' section at the
-    option will generate a warning message.
+    end of the file. Each such deprecated option will generate a
    warning message.
    Your original shorewall.conf (shorewall6.conf) file will be saved as
    shorewall.conf.bak (shorewall6.conf.bak).
-    The 'update' command accepts the same options as 'check' plus an
+    The 'update' command accepts the same options as the 'check'
-    '-a' option that causes the updated file to be annotated with
+    command plus a '-a' option that causes the updated file to be
-    documentation.
+    annotated with documentation.
 6)  Shorewall6 now supports ipsets. 
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@ -1551,10 +1551,10 @@
        <term><emphasis role="bold">update</emphasis></term>
        <listitem>
-          <para>Added in Shorewall 4.4.21 and causes the compiler to validate
+          <para>Added in Shorewall 4.4.21 and causes the compiler to update
-          the configuration and then update
+          <filename>/etc/shorewall/shorewall.conf then validate the
-          <filename>/etc/shorewall/shorewall.conf</filename>. The update will
+          configuration</filename>. The update will add options not present in
-          add new options with their default values and will move deprecated
+          the old file with their default values, and will move deprecated
          options with non-defaults to a deprecated options section at the
          bottom of the file. Your existing
          <filename>shorewall.conf</filename> file is renamed
--- a/manpages6/shorewall6.xml
+++ b/manpages6/shorewall6.xml
@ -1360,12 +1360,12 @@
        <term><emphasis role="bold">update</emphasis></term>
        <listitem>
-          <para>Added in Shorewall 4.4.21 and causes the compiler to validate
+          <para>Added in Shorewall 4.4.21 and causes the compiler to update
-          the configuration and then update
+          <filename>/etc/shorewall6/shorewall6.conf</filename> then validate
-          <filename>/etc/shorewall6/shorewall6.conf</filename>. The update
+          the configuration. The update will add options not present in the
-          will add new options with their default values and will move
+          existing file with their default values, and will move deprecated
-          deprecated options with non-defaults to a deprecated options section
+          options with non-defaults to a deprecated options section at the
-          at the bottom of the file. Your existing
+          bottom of the file. Your existing
          <filename>shorewall6.conf</filename> file is renamed
          <filename>shorewall6.conf.bak.</filename></para>