extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 11:41:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement .conf file upgrade

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-18 13:03:55 -07:00
parent e5d8be5aa5
commit 6f2cc31dde
12 changed files with 218 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -516,15 +516,15 @@ EOF
} }
# #1
# The Compiler. # The Compiler.
# #
# Arguments are named -- see %parms below. # Arguments are named -- see %parms below.
# #
sub compiler { sub compiler {
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess ) = my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $upgrade , $annotate ) =
( '', '', -1, '', 0, '', '', -1, 0, 0 ); ( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, );
$export = 0; $export = 0;
$test = 0; $test = 0;
@ -556,8 +556,10 @@ sub compiler {
log => { store => \$log }, log => { store => \$log },
log_verbosity => { store => \$log_verbosity, validate => \&validate_verbosity } , log_verbosity => { store => \$log_verbosity, validate => \&validate_verbosity } ,
test => { store => \$test }, test => { store => \$test },
preview => { store => \$preview }, preview => { store => \$preview, validate=> \&validate_boolean } ,
confess => { store => \$confess }, confess => { store => \$confess, validate=> \&validate_boolean } ,
upgrade => { store => \$upgrade, validate=> \&validate_boolean } ,
annotate => { store => \$annotate, validate=> \&validate_boolean } ,
); );
# #
# P A R A M E T E R P R O C E S S I N G # P A R A M E T E R P R O C E S S I N G
@ -888,6 +890,11 @@ sub compiler {
process_routestopped; process_routestopped;
} }
#
# Upgrade the configuration file if requested
#
upgrade_config_file( $annotate ) if $upgrade;
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
progress_message3 "Shorewall configuration verified"; progress_message3 "Shorewall configuration verified";
} else { } else {

141
Shorewall/Perl/Shorewall/Config.pm
View File

@ -121,6 +121,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
run_user_exit1 run_user_exit1
run_user_exit2 run_user_exit2
generate_aux_config generate_aux_config
upgrade_config_file
$product $product
$Product $Product
@ -196,6 +197,10 @@ my ( $dir, $file );
# #
my $tempfile; my $tempfile;
# #
# Fully qualified name of the configuration file
#
my $configfile;
#
# Misc Globals exported to other modules # Misc Globals exported to other modules
# #
our %globals; our %globals;
@ -203,6 +208,7 @@ our %globals;
# From shorewall.conf file - exported to other modules. # From shorewall.conf file - exported to other modules.
# #
our %config; our %config;
my %rawconfig;
# #
# Config options and global settings that are to be copied to output script # Config options and global settings that are to be copied to output script
# #
@ -424,7 +430,7 @@ sub initialize( $ ) {
EXPORT => 0, EXPORT => 0,
STATEMATCH => '-m state --state', STATEMATCH => '-m state --state',
UNTRACKED => 0, UNTRACKED => 0,
VERSION => "4.4.21-Beta1", VERSION => "4.4.21-Beta2",
CAPVERSION => 40417 , CAPVERSION => 40417 ,
); );
# #
@ -1920,24 +1926,26 @@ sub read_a_line(;$) {
# #
# Expand Shell Variables using %params and %actparms # Expand Shell Variables using %params and %actparms
# #
# $1 $2 $3 - $4 unless ( $currentline =~ /^(\w+)='.*'$/ ) {
while ( $currentline =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) { # $1 $2 $3 - $4
while ( $currentline =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
my ( $first, $var, $rest ) = ( $1, $3, $4); my ( $first, $var, $rest ) = ( $1, $3, $4);
my $val; my $val;
if ( $var =~ /^\d+$/ ) { if ( $var =~ /^\d+$/ ) {
fatal_error "Undefined parameter (\$$var)" unless exists $actparms{$var}; fatal_error "Undefined parameter (\$$var)" unless exists $actparms{$var};
$val = $actparms{$var}; $val = $actparms{$var};
} else { } else {
fatal_error "Undefined shell variable (\$$var)" unless exists $params{$var}; fatal_error "Undefined shell variable (\$$var)" unless exists $params{$var};
$val = $params{$var}; $val = $params{$var};
}
$val = '' unless defined $val;
$currentline = join( '', $first , $val , $rest );
fatal_error "Variable Expansion Loop" if ++$count > 100;
} }
$val = '' unless defined $val;
$currentline = join( '', $first , $val , $rest );
fatal_error "Variable Expansion Loop" if ++$count > 100;
} }
if ( $currentline =~ /^\s*INCLUDE\s/ ) { if ( $currentline =~ /^\s*INCLUDE\s/ ) {
@ -2014,7 +2022,7 @@ sub default_yes_no ( $$ ) {
if ( $curval eq 'no' ) { if ( $curval eq 'no' ) {
$config{$var} = ''; $config{$var} = '';
} else { } else {
fatal_error "Invalid value for $var ($val)" unless $curval eq 'yes'; fatal_error "Invalid value for $var ($curval)" unless $curval eq 'yes';
} }
} else { } else {
$config{$var} = $val; $config{$var} = $val;
@ -2838,7 +2846,7 @@ sub process_shorewall_conf() {
my $file = find_file "$product.conf"; my $file = find_file "$product.conf";
if ( -f $file ) { if ( -f $file ) {
$globals{CONFIGDIR} = $file; $globals{CONFIGDIR} = $configfile = $file;
$globals{CONFIGDIR} =~ s/$product.conf//; $globals{CONFIGDIR} =~ s/$product.conf//;
if ( -r _ ) { if ( -r _ ) {
@ -2865,6 +2873,8 @@ sub process_shorewall_conf() {
} else { } else {
fatal_error "$file does not exist!"; fatal_error "$file does not exist!";
} }
%rawconfig = %config;
} }
# #
@ -3342,7 +3352,7 @@ sub get_configuration( $ ) {
default_yes_no 'ACCOUNTING' , 'Yes'; default_yes_no 'ACCOUNTING' , 'Yes';
default_yes_no 'OPTIMIZE_ACCOUNTING' , ''; default_yes_no 'OPTIMIZE_ACCOUNTING' , '';
if ( defined $config{ACCOUNTING_TABLE} ) { if ( supplied $config{ACCOUNTING_TABLE} ) {
my $value = $config{ACCOUNTING_TABLE}; my $value = $config{ACCOUNTING_TABLE};
fatal_error "Invalid ACCOUNTING_TABLE setting ($value)" unless $value eq 'filter' || $value eq 'mangle'; fatal_error "Invalid ACCOUNTING_TABLE setting ($value)" unless $value eq 'filter' || $value eq 'mangle';
} else { } else {
@ -3384,7 +3394,7 @@ sub get_configuration( $ ) {
$globals{USER_MASK} = 0; $globals{USER_MASK} = 0;
} }
if ( defined ( $val = $config{ZONE2ZONE} ) ) { if ( supplied ( $val = $config{ZONE2ZONE} ) ) {
fatal_error "Invalid ZONE2ZONE value ( $val )" unless $val =~ /^[2-]$/; fatal_error "Invalid ZONE2ZONE value ( $val )" unless $val =~ /^[2-]$/;
} else { } else {
$config{ZONE2ZONE} = '2'; $config{ZONE2ZONE} = '2';
@ -3747,6 +3757,99 @@ sub generate_aux_config() {
finalize_aux_config; finalize_aux_config;
} }
#
# Upgrade the configuration file
#
sub upgrade_config_file( $ ) {
my $annotate = shift;
my $fn = $annotate ? "$globals{SHAREDIR}/configfiles/${product}.conf.annotated" : "$globals{SHAREDIR}/configfiles/${product}.conf";
my %deprecated = ( LOGRATE => '' ,
LOGBURST => '' ,
EXPORTPARAMS => 'no' );
my @undocumented = ( qw( FAKE_AUDIT ) );
if ( -f $fn ) {
my ( $template, $output );
open $template, '<' , $fn or fatal_error "Unable to open $fn: $!";
unless ( open $output, '>', "$configfile.upgraded" ) {
close $template;
fatal_error "Unable to open $configfile.upgraded for output: $!";
}
while ( <$template> ) {
if ( /^(\w+)=/ ) {
my ($var, $val ) = ( $1, $rawconfig{$1} );
$val = '' unless defined $val;
if ( $val =~ /\s/ ) {
$val = qq("$val") unless $val =~ /'/;
}
$_ = "$var=$val\n";
}
print $output "$_";
}
close $template;
my $heading_printed;
for ( @undocumented ) {
if ( $rawconfig{$_} ) {
unless ( $heading_printed ) {
print $output
'#################################################################################
# U N D O C U M E N T E D
# O P T I O N S
#################################################################################
';
$heading_printed = 1;
}
print $output "$_=$rawconfig{$_}\n";
}
}
$heading_printed = 0;
for ( keys %deprecated ) {
if ( supplied $rawconfig{$_} ) {
if ( lc $rawconfig{$_} ne $deprecated{$_} ) {
unless ( $heading_printed ) {
print $output
'#################################################################################
# D E P R E C A T E D
# O P T I O N S
#################################################################################
';
$heading_printed = 1;
}
print $output "$_=$rawconfig{$_}\n";
warning_message "Deprecated option $_ is being set in your $product.conf file";
}
}
}
close $output;
fatal_error "Can't rename $configfile to $configfile.bak: $!" unless rename $configfile, "$configfile.bak";
fatal_error "Can't rename $configfile.upgraded to $configfile: $!" unless rename "$configfile.upgraded", $configfile;
progress_message3 "Configuration file $configfile upgraded - old file renamed $configfile.bak";
} else {
fatal_error "$fn does not exist";
}
}
END { END {
cleanup; cleanup;
} }

10
Shorewall/Perl/compiler.pl
View File

@ -61,6 +61,8 @@ sub usage( $ ) {
[ --test ] [ --test ]
[ --preview ] [ --preview ]
[ --family={4|6} ] [ --family={4|6} ]
[ --annotate ]
[ --upgrade ]
'; ';
exit shift @_; exit shift @_;
@ -82,6 +84,8 @@ my $help = 0;
my $test = 0; my $test = 0;
my $family = 4; # F_IPV4 my $family = 4; # F_IPV4
my $preview = 0; my $preview = 0;
my $annotate = 0;
my $upgrade = 0;
Getopt::Long::Configure ('bundling'); Getopt::Long::Configure ('bundling');
@ -107,6 +111,10 @@ my $result = GetOptions('h' => \$help,
'family=i' => \$family, 'family=i' => \$family,
'c' => \$confess, 'c' => \$confess,
'confess' => \$confess, 'confess' => \$confess,
'a' => \$annotate,
'annotate' => \$annotate,
'u' => \$upgrade,
'upgrade' => \$upgrade,
); );
usage(1) unless $result && @ARGV < 2; usage(1) unless $result && @ARGV < 2;
@ -125,4 +133,6 @@ compiler( script => $ARGV[0] || '',
preview => $preview, preview => $preview,
family => $family, family => $family,
confess => $confess, confess => $confess,
upgrade => $upgrade,
annotate => $annotate,
); );

2
Shorewall/changelog.txt
View File

@ -1,6 +1,6 @@
Changes in Shorewall 4.4.21 Beta 2 Changes in Shorewall 4.4.21 Beta 2
None. 1) Add -u option to check.
Changes in Shorewall 4.4.21 Beta 1 Changes in Shorewall 4.4.21 Beta 1

2
Shorewall/configfiles/shorewall.conf
View File

@ -212,5 +212,3 @@ TCP_FLAGS_DISPOSITION=DROP
################################################################################ ################################################################################
IPSECFILE=zones IPSECFILE=zones
#LAST LINE -- DO NOT REMOVE

5
Shorewall/install.sh
View File

@ -323,6 +323,9 @@ chmod 755 ${DESTDIR}/etc/shorewall
chmod 755 ${DESTDIR}/usr/share/shorewall chmod 755 ${DESTDIR}/usr/share/shorewall
chmod 755 ${DESTDIR}/usr/share/shorewall/configfiles chmod 755 ${DESTDIR}/usr/share/shorewall/configfiles
run_install $OWNERSHIP -m 0644 configfiles/shorewall.conf ${DESTDIR}/usr/share/shorewall/configfiles
run_install $OWNERSHIP -m 0644 configfiles/shorewall.conf.annotated ${DESTDIR}/usr/share/shorewall/configfiles
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/etc/logrotate.d mkdir -p ${DESTDIR}/etc/logrotate.d
chmod 755 ${DESTDIR}/etc/logrotate.d chmod 755 ${DESTDIR}/etc/logrotate.d
@ -342,8 +345,6 @@ fi
# #
# Install the config file # Install the config file
# #
run_install $OWNERSHIP -m 0644 $CONFIGFILES/shorewall.conf ${DESTDIR}/usr/share/shorewall/configfiles
if [ ! -f ${DESTDIR}/etc/shorewall/shorewall.conf ]; then if [ ! -f ${DESTDIR}/etc/shorewall/shorewall.conf ]; then
run_install $OWNERSHIP -m 0644 $CONFIGFILES/shorewall.conf ${DESTDIR}/etc/shorewall run_install $OWNERSHIP -m 0644 $CONFIGFILES/shorewall.conf ${DESTDIR}/etc/shorewall

10
Shorewall/releasenotes.txt
View File

@ -80,6 +80,16 @@ None.
DROP_DEFAULT=Drop(-,DROP) DROP_DEFAULT=Drop(-,DROP)
4) The 'check' command now allows a '-u' (upgrade) option that
upgrades your /etc/shorewall[6]/shorewall[6].conf file. The
upgraded file will set any new options with their default values
and will move any deprecated options with non-default values to a
'deprecated options' section at the end of the file. Each such
deprecated option will generate a warning message.
Your original shorewall[6].conf file will be saved as
shorewall[6].conf.bak.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

12
Shorewall/shorewall
View File

@ -397,6 +397,8 @@ compiler() {
[ "$g_debugging" = trace ] && options="$options --debug" [ "$g_debugging" = trace ] && options="$options --debug"
[ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains" [ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains"
[ -n "$g_confess" ] && options="$options --confess" [ -n "$g_confess" ] && options="$options --confess"
[ -n "$g_upgrade" ] && options="$options --upgrade"
[ -n "$g_annotate" ] && options="$options --annotate"
if [ -n "$PERL" ]; then if [ -n "$PERL" ]; then
if [ ! -x "$PERL" ]; then if [ ! -x "$PERL" ]; then
@ -686,6 +688,14 @@ check_command() {
g_confess=Yes g_confess=Yes
option=${option#T} option=${option#T}
;; ;;
u*)
g_upgrade=Yes
option=${option#u}
;;
a*)
g_annotate=Yes
option=${option#a}
;;
*) *)
usage 1 usage 1
;; ;;
@ -1531,6 +1541,8 @@ g_debug=
g_export= g_export=
g_refreshchains=:none: g_refreshchains=:none:
g_confess= g_confess=
g_upgrade=
g_annotate=
# #
# Make sure that these variables are cleared # Make sure that these variables are cleared

4
Shorewall6/install.sh
View File

@ -372,6 +372,9 @@ echo "Default config path file installed as ${DESTDIR}/usr/share/shorewall6/conf
install_file actions.std ${DESTDIR}/usr/share/shorewall6/actions.std 0644 install_file actions.std ${DESTDIR}/usr/share/shorewall6/actions.std 0644
echo "Standard actions file installed as ${DESTDIR}/usr/shared/shorewall6/actions.std" echo "Standard actions file installed as ${DESTDIR}/usr/shared/shorewall6/actions.std"
run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf.annotated ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf.annotated
if [ -n "$ANNOTATED" ]; then if [ -n "$ANNOTATED" ]; then
mkdir annotated mkdir annotated
cp configfiles/* annotated/ cp configfiles/* annotated/
@ -385,7 +388,6 @@ fi
# #
# Install the config file # Install the config file
# #
run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
if [ ! -f ${DESTDIR}/etc/shorewall6/shorewall6.conf ]; then if [ ! -f ${DESTDIR}/etc/shorewall6/shorewall6.conf ]; then
run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/etc/shorewall6/shorewall6.conf run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/etc/shorewall6/shorewall6.conf

12
Shorewall6/shorewall6
View File

@ -397,6 +397,8 @@ compiler() {
[ "$g_debugging" = trace ] && options="$options --debug" [ "$g_debugging" = trace ] && options="$options --debug"
[ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains" [ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains"
[ -n "$g_confess" ] && options="$options --confess" [ -n "$g_confess" ] && options="$options --confess"
[ -n "$g_upgrade" ] && options="$options --upgrade"
[ -n "$g_annotate" ] && options="$options --annotate"
[ -x $pc ] || startup_error "Shorewall6 requires the shorewall package which is not installed" [ -x $pc ] || startup_error "Shorewall6 requires the shorewall package which is not installed"
if [ -n "$PERL" ]; then if [ -n "$PERL" ]; then
@ -687,6 +689,14 @@ check_command() {
g_confess=Yes g_confess=Yes
option=${option#T} option=${option#T}
;; ;;
u*)
g_upgrade=Yes
option=${option#u}
;;
a*)
g_annotate=Yes
option=${option#a}
;;
*) *)
usage 1 usage 1
;; ;;
@ -1527,6 +1537,8 @@ g_debug=
g_export= g_export=
g_refreshchains=:none: g_refreshchains=:none:
g_confess= g_confess=
g_upgrade=
g_annotate=
# #
# Make sure that these variables are cleared # Make sure that these variables are cleared

17
manpages/shorewall.xml
View File

@ -64,6 +64,10 @@
<arg><option>-T</option></arg> <arg><option>-T</option></arg>
<arg><option>-u</option></arg>
<arg><option>-a</option></arg>
<arg><replaceable>directory</replaceable></arg> <arg><replaceable>directory</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
@ -738,6 +742,19 @@
<para>The <option>-T</option> option was added in Shorewall 4.4.20 <para>The <option>-T</option> option was added in Shorewall 4.4.20
and causes a Perl stack trace to be included with each and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para> compiler-generated error and warning message.</para>
<para>The <option>-u</option> option was added in Shorewall 4.4.21
and causes the compiler to upgrade
<filename>/etc/shorewall/shorewall.conf</filename>. The upgrade will
add new options with their default values and will move deprecated
options with non-defaults to a deprecated options section at the
bottom of the file.Your existing <filename>shorewall.conf</filename>
file is renamed <filename>shorewall.conf.bak.</filename></para>
<para>The <option>-a</option> option was added in Shorewall 4.4.21
and is only meaningful when used with <option>-u</option>. It causes
the upgraded <filename>shorewall.conf</filename> file to be
annotated with documentation.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

16
manpages6/shorewall6.xml
View File

@ -48,6 +48,8 @@
<arg><option>-T</option></arg> <arg><option>-T</option></arg>
<arg><option>-u</option><arg><option>-a</option></arg></arg>
<arg><replaceable>directory</replaceable></arg> <arg><replaceable>directory</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
@ -600,6 +602,20 @@
<para>The <option>-T</option> option was added in Shorewall 4.4.20 <para>The <option>-T</option> option was added in Shorewall 4.4.20
and causes a Perl stack trace to be included with each and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para> compiler-generated error and warning message.</para>
<para>The <option>-u</option> option was added in Shorewall 4.4.21
and causes the compiler to upgrade
<filename>/etc/shorewall6/shorewall6.conf</filename>. The upgrade
will add new options with their default values and will move
deprecated options with non-defaults to a deprecated options section
at the bottom of the file. Your existing
<filename>shorewall6.conf</filename> file is renamed
<filename>shorewall6.conf.bak.</filename></para>
<para>The <option>-a</option> option was added in Shorewall 4.4.21
and is only meaningful when used with <option>-u</option>. It causes
the upgraded <filename>shorewall6.conf</filename> file to be
annotated with documentation.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>