From 3d4cde76aa08385407de64cf5781093f7923fef1 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 4 Nov 2015 13:29:59 -0800 Subject: [PATCH] OpenWRT support in the installers Signed-off-by: Tom Eastep --- Shorewall-core/install.sh | 43 ++++++------- Shorewall-core/shorewallrc | 26 ++++++++ Shorewall-core/shorewallrc.openwrt | 26 ++++++++ Shorewall-lite/default.openwrt | 25 ++++++++ Shorewall-lite/init.openwrt.sh | 98 ++++++++++++++++++++++++++++++ Shorewall-lite/install.sh | 78 ++++++++++++++---------- Shorewall6-lite/default.openwrt | 25 ++++++++ Shorewall6-lite/init.openwrt.sh | 98 ++++++++++++++++++++++++++++++ 8 files changed, 364 insertions(+), 55 deletions(-) create mode 100644 Shorewall-core/shorewallrc create mode 100644 Shorewall-core/shorewallrc.openwrt create mode 100644 Shorewall-lite/default.openwrt create mode 100755 Shorewall-lite/init.openwrt.sh create mode 100644 Shorewall6-lite/default.openwrt create mode 100755 Shorewall6-lite/init.openwrt.sh diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh index c40b8a2f8..445136f08 100755 --- a/Shorewall-core/install.sh +++ b/Shorewall-core/install.sh @@ -66,15 +66,6 @@ mywhich() { return 2 } -run_install() -{ - if ! install $*; then - echo - echo "ERROR: Failed to install $*" >&2 - exit 1 - fi -} - cant_autostart() { echo @@ -88,7 +79,20 @@ delete_file() # $1 = file to delete install_file() # $1 = source $2 = target $3 = mode { - run_install $T $OWNERSHIP -m $3 $1 ${2} + if cp -f $1 $2; then + if chmod $3 $2; then + if [ -n "$OWNER" ]; then + if chown $OWNER:$GROUP $2; then + return + fi + else + return 0 + fi + fi + fi + + echo "ERROR: Failed to install $2" >&2 + exit 1 } require() @@ -133,8 +137,6 @@ while [ $finished -eq 0 ]; do esac done -[ -n $(mywhich install) ] || fatal_error "This installer requires the 'install' utility" - # # Read the RC file # @@ -183,10 +185,6 @@ done [ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR -T="-T" - -INSTALLD='-D' - if [ -z "$BUILD" ]; then case $(uname) in cygwin*|CYGWIN*) @@ -228,6 +226,8 @@ if [ -z "$BUILD" ]; then BUILD=suse elif [ -f /etc/arch-release ] ; then BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt-release ] ; then + BUILD=openwrt else BUILD=linux fi @@ -254,17 +254,15 @@ case $BUILD in [ -z "$OWNER" ] && OWNER=root [ -z "$GROUP" ] && GROUP=wheel - INSTALLD= - T= ;; *) - [ -z "$OWNER" ] && OWNER=root - [ -z "$GROUP" ] && GROUP=root + if [ $(id -n) -eq 0 ]; then + [ -z "$OWNER" ] && OWNER=root + [ -z "$GROUP" ] && GROUP=root + fi ;; esac -OWNERSHIP="-o $OWNER -g $GROUP" - # # Determine where to install the firewall script # @@ -307,7 +305,6 @@ if [ -n "$DESTDIR" ]; then if [ $BUILD != cygwin ]; then if [ `id -u` != 0 ] ; then echo "Not setting file owner/group permissions, not running as root." - OWNERSHIP="" fi fi fi diff --git a/Shorewall-core/shorewallrc b/Shorewall-core/shorewallrc new file mode 100644 index 000000000..db2b7c840 --- /dev/null +++ b/Shorewall-core/shorewallrc @@ -0,0 +1,26 @@ +# +# Created by Shorewall Core version 4.6.12 configure - Wed Nov 4 12:18:09 PST 2015 +# +# Input: HOST=openwrt +# +HOST=openwrt +PREFIX=/usr +SHAREDIR=${PREFIX}/share +LIBEXECDIR=${PREFIX}/share +PERLLIBDIR=${PREFIX}/share/shorewall +CONFDIR=/etc +SBINDIR=/sbin +MANDIR=${PREFIX}/man +INITDIR=/etc/init.d +INITSOURCE=init.openwrt.sh +INITFILE=$PRODUCT +AUXINITSOURCE= +AUXINITFILE= +SERVICEDIR= +SERVICEFILE= +SYSCONFFILE=default.openwrt +SYSCONFDIR=${CONFDIR}/sysconfig +SPARSE= +ANNOTATED= +VARLIB=/lib +VARDIR=${VARLIB}/$PRODUCT diff --git a/Shorewall-core/shorewallrc.openwrt b/Shorewall-core/shorewallrc.openwrt new file mode 100644 index 000000000..249862076 --- /dev/null +++ b/Shorewall-core/shorewallrc.openwrt @@ -0,0 +1,26 @@ +# +# Created by Shorewall Core version 5.0.2-Beta2 configure - Mon, Nov 02, 2015 8:13:14 AM +# +# Input: host=default initsource=init.openwrt.sh sysconfdir=${CONFDIR}/sysconfig sysconffile=default.openwrt varlib=/lib +# +HOST=linux +PREFIX=/usr +SHAREDIR=${PREFIX}/share +LIBEXECDIR=${PREFIX}/share +PERLLIBDIR=${PREFIX}/share/shorewall +CONFDIR=/etc +SBINDIR=/sbin +MANDIR=${PREFIX}/man +INITDIR=/etc/init.d +INITSOURCE=init.openwrt.sh +INITFILE=$PRODUCT +AUXINITSOURCE= +AUXINITFILE= +SERVICEDIR= +SERVICEFILE= +SYSCONFFILE=default.openwrt +SYSCONFDIR=${CONFDIR}/sysconfig +SPARSE= +ANNOTATED= +VARLIB=/lib +VARDIR=${VARLIB}/$PRODUCT diff --git a/Shorewall-lite/default.openwrt b/Shorewall-lite/default.openwrt new file mode 100644 index 000000000..df4440bf9 --- /dev/null +++ b/Shorewall-lite/default.openwrt @@ -0,0 +1,25 @@ +# sysV init file script configuration(/etc/sysconfdir/shorewall-lite) + +# startup option(default "-vvv") +OPTIONS= + +# change default start run level(if none empty; /etc/init.d/shorewall-lite enable) +START=50 + +# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable) +STOP= + +# option to pass when shorewall start is executed +STARTOPTIONS= + +# option to pass when shorewall restart is executed +RESTARTOPTIONS= + +# option to pass when shorewall reload is executed +RELOADOPTIONS= + +# option to pass when shorewall stop is executed +STOPOPTIONS= + +# option to pass when shorewall status is executed +STATUSOPTIONS= diff --git a/Shorewall-lite/init.openwrt.sh b/Shorewall-lite/init.openwrt.sh new file mode 100755 index 000000000..68c2c73ab --- /dev/null +++ b/Shorewall-lite/init.openwrt.sh @@ -0,0 +1,98 @@ +#!/bin/sh /etc/rc.common +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net) +# (c) 2015 - Matt Darfeuille - (matdarf@gmail.com) +# +# On most distributions, this file should be called /etc/init.d/shorewall. +# +# Complete documentation is available at http://shorewall.net +# +# This program is part of Shorewall. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 2 of the license or, at your +# option, any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# If an error occurs while starting or restarting the firewall, the +# firewall is automatically stopped. +# +# Commands are: +# +# shorewall-lite start Starts the firewall +# shorewall-lite restart Restarts the firewall +# shorewall-lite reload Reload the firewall +# (same as restart) +# shorewall-lite stop Stops the firewall +# shorewall-lite status Displays firewall status +# + +# description: Packet filtering firewall + +# openwrt stuph +# start and stop runlevel variable +#START=21 +#STOP=91 +# variable to display what the status command do when /etc/init.d/shorewall-lite is invoke without argument +EXTRA_COMMANDS="status" +EXTRA_HELP="Displays shorewall status" + +################################################################################ +# Get startup options (override default) +################################################################################ +OPTIONS="-vvv" + +# +# The installer may alter this +# +. /usr/share/shorewall/shorewallrc + +if [ -f ${SYSCONFDIR}/shorewall-lite ]; then + . ${SYSCONFDIR}/shorewall-lite +fi + +START=${START:-21} +STOP=${STOP:-91} + +SHOREWALL_INIT_SCRIPT=1 + +################################################################################ +# E X E C U T I O N B E G I N S H E R E # +################################################################################ +# arg1 of init script is arg2 when rc.common is sourced; set to action variable +command="$action" + +start() { + exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STARTOPTIONS:-$@} +} + +boot() { +local command="start" +start +} + +restart() { + exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RESTARTOPTIONS:-$@} +} + +reload() { + exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${RELOADOPTION:-$@} +} + +stop() { + exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STOPOPTIONS:-$@} +} + +status() { + exec ${SBINDIR}/shorewall-lite $OPTIONS $command ${STATUSOPTIONS:-$@} +} diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 239a2be0e..291aa79bf 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -67,15 +67,6 @@ mywhich() { return 2 } -run_install() -{ - if ! install $*; then - echo - echo "ERROR: Failed to install $*" >&2 - exit 1 - fi -} - cant_autostart() { echo @@ -89,7 +80,28 @@ delete_file() # $1 = file to delete install_file() # $1 = source $2 = target $3 = mode { - run_install $T $OWNERSHIP -m $3 $1 ${2} + if cp -f $1 $2; then + if chmod $3 $2; then + if [ -n "$OWNER" ]; then + if chown $OWNER:$GROUP $2; then + return + fi + else + return 0 + fi + fi + fi + + echo "ERROR: Failed to install $2" >&2 + exit 1 +} + +make_directory() # $1 = directory , $2 = mode +{ + mkdir -p $1 + chmod 755 $1 + [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1 + } require() @@ -151,8 +163,6 @@ while [ $finished -eq 0 ] ; do esac done -[ -n $(mywhich install) ] || fatal_error "This installer requires the 'install' utility" - # # Read the RC file # @@ -203,8 +213,6 @@ PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR} # Determine where to install the firewall script # cygwin= -INSTALLD='-D' -T='-T' if [ -z "$BUILD" ]; then case $(uname) in @@ -247,6 +255,8 @@ if [ -z "$BUILD" ]; then BUILD=slackware elif [ -f ${CONFDIR}/arch-release ] ; then BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt-release ] ; then + BUILD=openwrt else BUILD=linux fi @@ -262,16 +272,16 @@ case $BUILD in apple) [ -z "$OWNER" ] && OWNER=root [ -z "$GROUP" ] && GROUP=wheel - INSTALLD= - T= ;; *) - [ -z "$OWNER" ] && OWNER=root - [ -z "$GROUP" ] && GROUP=root + if [ $(id -n) -eq 0 ]; then + [ -z "$OWNER" ] && OWNER=root + [ -z "$GROUP" ] && GROUP=root + fi ;; esac -OWNERSHIP="-o $OWNER -g $GROUP" +[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP" [ -n "$HOST" ] || HOST=$BUILD @@ -302,6 +312,9 @@ case "$HOST" in suse) echo "Installing Suse-specific configuration..." ;; + openwrt) + echo "Installing OpenWRT-specific configuration..." + ;; linux) ;; *) @@ -318,8 +331,9 @@ if [ -n "$DESTDIR" ]; then OWNERSHIP="" fi - install -d $OWNERSHIP -m 755 ${DESTDIR}${SBINDIR} - install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR} + make_directory ${DESTDIR}${SBINDIR} 755 + make_directory ${DESTDIR}${INITDIR} 755 + else if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2 @@ -359,7 +373,7 @@ fi delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544 -[ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR} +[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT" @@ -401,7 +415,7 @@ fi if [ -n "$SERVICEDIR" ]; then mkdir -p ${DESTDIR}${SERVICEDIR} [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service - run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service + install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644 [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service" fi @@ -423,7 +437,7 @@ fi # # Install the Makefile # -run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT +install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600 [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile [ $SBINDIR = /sbin ] || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile" @@ -463,17 +477,17 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor # if [ -f modules ]; then - run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT + install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600 echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules" fi if [ -f helpers ]; then - run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT + install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600 echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers" fi for f in modules.*; do - run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f + install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644 echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f" done @@ -484,17 +498,17 @@ done if [ -d manpages ]; then cd manpages - [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/ + mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/ for f in *.5; do gzip -c $f > $f.gz - run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz + install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644 echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz" done for f in *.8; do gzip -c $f > $f.gz - run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz + install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644 echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz" done @@ -504,7 +518,7 @@ if [ -d manpages ]; then fi if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then - run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT + install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644 echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT" fi @@ -535,7 +549,7 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR chmod 755 ${DESTDIR}${SYSCONFDIR} fi - run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} + install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}" fi diff --git a/Shorewall6-lite/default.openwrt b/Shorewall6-lite/default.openwrt new file mode 100644 index 000000000..df4440bf9 --- /dev/null +++ b/Shorewall6-lite/default.openwrt @@ -0,0 +1,25 @@ +# sysV init file script configuration(/etc/sysconfdir/shorewall-lite) + +# startup option(default "-vvv") +OPTIONS= + +# change default start run level(if none empty; /etc/init.d/shorewall-lite enable) +START=50 + +# change default stop run level(if none empty; /etc/init.d/shorewall-lite enable) +STOP= + +# option to pass when shorewall start is executed +STARTOPTIONS= + +# option to pass when shorewall restart is executed +RESTARTOPTIONS= + +# option to pass when shorewall reload is executed +RELOADOPTIONS= + +# option to pass when shorewall stop is executed +STOPOPTIONS= + +# option to pass when shorewall status is executed +STATUSOPTIONS= diff --git a/Shorewall6-lite/init.openwrt.sh b/Shorewall6-lite/init.openwrt.sh new file mode 100755 index 000000000..29c4b1749 --- /dev/null +++ b/Shorewall6-lite/init.openwrt.sh @@ -0,0 +1,98 @@ +#!/bin/sh /etc/rc.common +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net) +# (c) 2015 - Matt Darfeuille - (matdarf@gmail.com) +# +# On most distributions, this file should be called /etc/init.d/shorewall. +# +# Complete documentation is available at http://shorewall.net +# +# This program is part of Shorewall. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 2 of the license or, at your +# option, any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# If an error occurs while starting or restarting the firewall, the +# firewall is automatically stopped. +# +# Commands are: +# +# shorewall6-lite start Starts the firewall +# shorewall6-lite restart Restarts the firewall +# shorewall6-lite reload Reload the firewall +# (same as restart) +# shorewall6-lite stop Stops the firewall +# shorewall6-lite status Displays firewall status +# + +# description: Packet filtering firewall + +# openwrt stuph +# start and stop runlevel variable +#START=21 +#STOP=91 +# variable to display what the status command do when /etc/init.d/shorewall6-lite is invoke without argument +EXTRA_COMMANDS="status" +EXTRA_HELP="Displays shorewall status" + +################################################################################ +# Get startup options (override default) +################################################################################ +OPTIONS="-vvv" + +# +# The installer may alter this +# +. /usr/share/shorewall/shorewallrc + +if [ -f ${SYSCONFDIR}/shorewall6-lite ]; then + . ${SYSCONFDIR}/shorewall6-lite +fi + +START=${START:-21} +STOP=${STOP:-91} + +SHOREWALL_INIT_SCRIPT=1 + +################################################################################ +# E X E C U T I O N B E G I N S H E R E # +################################################################################ +# arg1 of init script is arg2 when rc.common is sourced; set to action variable +command="$action" + +start() { + exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${STARTOPTIONS:-$@} +} + +boot() { +local command="start" +start +} + +restart() { + exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${RESTARTOPTIONS:-$@} +} + +reload() { + exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${RELOADOPTION:-$@} +} + +stop() { + exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${STOPOPTIONS:-$@} +} + +status() { + exec ${SBINDIR}/shorewall6-lite $OPTIONS $command ${STATUSOPTIONS:-$@} +}