Combine lib.base with prog.header in Shorewall.perl

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6755 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 15:43:30 +01:00 · 2007-07-02 23:23:35 +00:00 · 2007-07-02 23:23:35 +00:00 · 8d657cb691
commit 8d657cb691
parent 6692a6623e
8 changed files with 1654 additions and 30 deletions
--- a/Shorewall-perl/Shorewall/Compiler.pm
+++ b/Shorewall-perl/Shorewall/Compiler.pm
@ -104,13 +104,6 @@ sub generate_script_1() {
 		);
    }

-    copy "$globals{SHAREDIRPL}lib.base";
-
-    emitj ( '################################################################################',
-	    '# End of /usr/share/shorewall-perl/lib.base',
-	    '################################################################################'
-	  );
-    
    emit "TEMPFILE=\n";

    for my $exit qw/init start tcclear started stop stopped clear/ {
--- a/Shorewall-perl/diff-4.0-lib.base
+++ b/Shorewall-perl/diff-4.0-lib.base
@ -0,0 +1,552 @@
+--- ../Shorewall-common/lib.base	2007-07-02 15:50:32.000000000 -0700
+++ prog.header	2007-07-02 16:17:48.000000000 -0700
+@@ -1,48 +1,29 @@
+ #!/bin/sh
+ #
+-# Shorewall 4.0 -- /usr/share/shorewall/lib.base
+#     Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.4
+ #
+ #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
+ #
+-#     (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2006 - Tom Eastep (teastep@shorewall.net)
+ #
+-#	Complete documentation is available at http://shorewall.net
+ #
+-#	This program is free software; you can redistribute it and/or modify
+-#	it under the terms of Version 2 of the GNU General Public License
+-#	as published by the Free Software Foundation.
+-#
+-#	This program is distributed in the hope that it will be useful,
+-#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+-#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-#	GNU General Public License for more details.
+-#
+-#	You should have received a copy of the GNU General Public License
+-#	along with this program; if not, write to the Free Software
+-#	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
+-#
+-# This library contains the code common to all Shorewall components.
+-#
+-# - It is copied into the compiled script with the -e compiler flag is specified to
+-#   shorewall-shell.
+-# - It is loaded by /sbin/shorewall.
+-# - It is loaded by /usr/share/shorewall/firewall.
+-# - It is loaded by /usr/share/shorewall-shell/compiler.
+-# - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
+-#   and /usr/share/shorewall-lite/shorecap.
+-# - It is released as part of Shorewall Perl where it is copied into the compiled script
+-#   by the compiler.
+-#
+-
+-SHOREWALL_LIBVERSION=40000
+-SHOREWALL_CAPVERSION=30405
+-
+-[ -n "${VARDIR:=/var/lib/shorewall}" ]
+-[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
+-[ -n "${CONFDIR:=/etc/shorewall}" ]
+-SHELLSHAREDIR=/usr/share/shorewall-shell
+-PERLSHAREDIR=/usr/share/shorewall-perl
+-
+#	Options are:
+#
+#	    -n				  Don't alter Routing
+#	    -v and -q			  Standard Shorewall Verbosity control
+#
+#	Commands are:
+#
+#	   start			  Starts the firewall
+#          refresh                        Refresh the firewall
+#	   restart			  Restarts the firewall
+#	   reload			  Reload the firewall
+#	   clear			  Removes all firewall rules
+#	   stop				  Stops the firewall
+#	   status			  Displays firewall status
+#	   version			  Displays the version of Shorewall that
+#	   				  generated this program
+#
+ #
+ # Message to stderr
+ #
+@@ -85,46 +66,6 @@
+ }
+ 
+ #
+-# Split a colon-separated list into a space-separated list
+-#
+-split() {
+-    local ifs=$IFS
+-    IFS=:
+-    echo $*
+-    IFS=$ifs
+-}
+-
+-#
+-# Search a list looking for a match -- returns zero if a match found
+-# 1 otherwise
+-#
+-list_search() # $1 = element to search for , $2-$n = list
+-{
+-    local e=$1
+-
+-    while [ $# -gt 1 ]; do
+-	shift
+-	[ "x$e" = "x$1" ] && return 0
+-    done
+-
+-    return 1
+-}
+-
+-#
+-# Undo the effect of 'separate_list()'
+-#
+-combine_list()
+-{
+-    local f o=
+-
+-    for f in $* ; do
+-        o="${o:+$o,}$f"
+-    done
+-
+-    echo $o
+-}
+-
+-#
+ # Suppress all output for a command
+ #
+ qt()
+@@ -148,19 +89,6 @@
+ }
+ 
+ #
+-# Source a user exit file if it exists
+-#
+-run_user_exit() # $1 = file name
+-{
+-    local user_exit=$(find_file $1)
+-
+-    if [ -f $user_exit ]; then
+-	progress_message "Processing $user_exit ..."
+-	. $user_exit
+-    fi
+-}
+-
+-#
+ # Set a standard chain's policy
+ #
+ setpolicy() # $1 = name of chain, $2 = policy
+@@ -310,83 +238,6 @@
+ }
+ 
+ #
+-# Call this function to assert mutual exclusion with Shorewall. If you invoke the
+-# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
+-# the first argument. Example "shorewall nolock refresh"
+-#
+-# This function uses the lockfile utility from procmail if it exists.
+-# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
+-# behavior of lockfile.
+-#
+-mutex_on()
+-{
+-    local try=0
+-    local lockf=${LOCKFILE:=${VARDIR}/lock}
+-
+-    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
+-
+-    if [ $MUTEX_TIMEOUT -gt 0 ]; then
+-
+-	[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
+-
+-	if qt mywhich lockfile; then
+-	    lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
+-	else
+-	    while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
+-		sleep 1
+-		try=$((${try} + 1))
+-	    done
+-
+-	    if  [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
+-	        # Create the lockfile
+-		echo $$ > ${lockf}
+-	    else
+-		echo "Giving up on lock file ${lockf}" >&2
+-	    fi
+-	fi
+-    fi
+-}
+-
+-#
+-# Call this function to release mutual exclusion
+-#
+-mutex_off()
+-{
+-    rm -f ${LOCKFILE:=${VARDIR}/lock}
+-}
+-
+-#
+-# Load an optional library
+-#
+-lib_load() # $1 = Name of the Library, $2 = Error Message heading if the library cannot be found
+-{
+-    local lib=${SHAREDIR}/lib.$1
+-    local loaded
+-
+-    eval loaded=\$LIB_${1}_LOADED
+-
+-    if [ -z "$loaded" ]; then
+-	[ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1
+-	
+-	if [ -f $lib ]; then
+-	    progress_message "Loading library $lib..."
+-	    . $lib
+-	    eval LIB_${1}_LOADED=Yes
+-	else
+-	    startup_error "$2 requires the Shorewall library $1 ($lib) which is not installed"
+-	fi
+-    fi
+-}
+-
+-#
+-# Determine if an optional library is available
+-#
+-lib_avail() # $1 = Name of the Library
+-{
+-    [ -f ${SHAREDIR}/lib.$1 ]
+-}
+-
+-#
+ #  Note: The following set of IP address manipulation functions have anomalous
+ #        behavior when the shell only supports 32-bit signed arithmatic and
+ #        the IP address is 128.0.0.0 or 128.0.0.1.
+@@ -607,40 +458,6 @@
+     fi
+ }
+ 
+-
+-#
+-# Chain name base for an interface -- replace all periods with underscores in the passed name.
+-#                                     The result is echoed (less trailing "+").
+-#
+-chain_base() #$1 = interface
+-{
+-    local c=${1%%+}
+-
+-    while true; do
+-	case $c in
+-	    @*)
+-               c=at_${c#@}
+-	       ;;               
+-	    *.*)
+-		c="${c%.*}_${c##*.}"
+-		;;
+-	    *-*)
+-		c="${c%-*}_${c##*-}"
+-		;;
+-	    *%*)
+-		c="${c%\%*}_${c##*%}"
+-		;;
+-	    *@*)
+-		c="${c%@*}_${c##*@}"
+-		;;
+-	    *)
+-		echo ${c:=common}
+-		return
+-		;;
+-	esac
+-    done
+-}
+-
+ #
+ # Query NetFilter about the existence of a filter chain
+ #
+@@ -879,93 +696,6 @@
+ }
+ 
+ #
+-# Set default config path
+-#
+-ensure_config_path() {
+-    local F=${SHAREDIR}/configpath
+-    if [ -z "$CONFIG_PATH" ]; then
+-	[ -f $F ] || { echo "   ERROR: $F does not exist"; exit 2; }
+-	. $F
+-    fi
+-
+-    if [ -n "$SHOREWALL_DIR" ]; then
+-	[ "${CONFIG_PATH%%:*}" = "$SHOREWALL_DIR" ] || CONFIG_PATH=$SHOREWALL_DIR:$CONFIG_PATH
+-    fi
+-}
+-
+-#
+-# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
+-#
+-find_file()
+-{
+-    local saveifs= directory
+-
+-    case $1 in
+-	/*)
+-	    echo $1
+-	    ;;
+-	*)
+-	    for directory in $(split $CONFIG_PATH); do
+-		if [ -f $directory/$1 ]; then
+-		    echo $directory/$1
+-		    return
+-		fi
+-	    done
+-
+-	    echo ${CONFDIR}/$1
+-	    ;;
+-    esac
+-}
+-
+-#
+-# Get fully-qualified name of file
+-#
+-resolve_file() # $1 = file name
+-{
+-    local pwd=$PWD
+-
+-    case $1 in
+-	/*)
+-	    echo $1
+-	    ;;
+-	.)
+-	    echo $pwd
+-	    ;;
+-	./*)
+-	    echo ${pwd}${1#.}
+-	    ;;
+-	..)
+-	    cd ..
+-	    echo $PWD
+-	    cd $pwd
+-	    ;;
+-	../*)
+-	    cd ..
+-	    resolve_file ${1#../}
+-	    cd $pwd
+-	    ;;
+-	*)
+-	    echo $pwd/$1
+-	    ;;
+-    esac
+-}
+-
+-#
+-# Perform variable substitution on the passed argument and echo the result
+-#
+-expand() # $@ = contents of variable which may be the name of another variable
+-{
+-    eval echo \"$@\"
+-}
+-
+-#
+-# Function for including one file into another
+-#
+-INCLUDE() {
+-    . $(find_file $(expand $@))
+-}
+-
+-#
+ # Set the Shorewall state
+ #
+ set_state () # $1 = state
+@@ -1127,46 +857,6 @@
+ 
+ }
+ 
+-report_capabilities1() {
+-    report_capability1() # $1 = Capability
+-    {
+-	eval echo $1=\$$1
+-    }
+-
+-    echo "#"
+-    echo "# Shorewall $VERSION detected the following iptables/netfilter capabilities - $(date)"
+-    echo "#"
+-    report_capability1 NAT_ENABLED
+-    report_capability1 MANGLE_ENABLED
+-    report_capability1 MULTIPORT
+-    report_capability1 XMULTIPORT
+-    report_capability1 CONNTRACK_MATCH
+-    report_capability1 USEPKTTYPE
+-    report_capability1 POLICY_MATCH
+-    report_capability1 PHYSDEV_MATCH
+-    report_capability1 LENGTH_MATCH
+-    report_capability1 IPRANGE_MATCH
+-    report_capability1 RECENT_MATCH
+-    report_capability1 OWNER_MATCH
+-    report_capability1 IPSET_MATCH
+-    report_capability1 CONNMARK
+-    report_capability1 XCONNMARK
+-    report_capability1 CONNMARK_MATCH
+-    report_capability1 XCONNMARK_MATCH
+-    report_capability1 RAW_TABLE
+-    report_capability1 IPP2P_MATCH
+-    report_capability1 CLASSIFY_TARGET
+-    report_capability1 ENHANCED_REJECT
+-    report_capability1 KLUDGEFREE
+-    report_capability1 MARK
+-    report_capability1 XMARK
+-    report_capability1 MANGLE_FORWARD
+-    report_capability1 COMMENTS
+-    report_capability1 ADDRTYPE
+-    
+-    echo CAPVERSION=$SHOREWALL_CAPVERSION
+-}
+-
+ #
+ # Delete IP address
+ #
+@@ -1286,82 +976,6 @@
+     cut -b -${1}
+ }
+ 
+-#
+-# Add a logging rule.
+-#
+-do_log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = disposition , $5 = rate limit $6=log tag $7=command $... = predicates for the rule
+-{
+-    local level=$1
+-    local chain=$2
+-    local displayChain=$3
+-    local disposition=$4
+-    local rulenum=
+-    local limit=
+-    local tag=
+-    local command=
+-    local prefix
+-    local base=$(chain_base $displayChain)
+-    local pf
+-
+-    limit="${5:-$LOGLIMIT}" # Do this here rather than in the declaration above to appease /bin/ash.
+-    tag=${6:+$6 }
+-    command=${7:--A}
+-
+-    shift 7
+-
+-    if [ -n "$tag" -a -n "$LOGTAGONLY" ]; then
+-	displayChain=$tag
+-	tag=
+-    fi
+-
+-    if [ -n "$LOGRULENUMBERS" ]; then
+-	#
+-	# Hack for broken printf on some lightweight shells
+-	#
+-	[ $(printf "%d" 1) = "1" ] && pf=printf || pf=$(mywhich printf)
+-
+-	eval rulenum=\$${base}_logrules
+-
+-	rulenum=${rulenum:-1}
+-
+-	prefix="$($pf "$LOGFORMAT" $displayChain $rulenum $disposition)${tag}"
+-
+-	rulenum=$(($rulenum + 1))
+-	eval ${base}_logrules=$rulenum
+-    else
+-	prefix="$(printf "$LOGFORMAT" $displayChain $disposition)${tag}"
+-    fi
+-
+-    if [ ${#prefix} -gt 29 ]; then
+-	prefix=`echo "$prefix" | truncate 29`
+-	error_message "WARNING: Log Prefix shortened to \"$prefix\""
+-    fi
+-
+-    case $level in
+-	ULOG)
+-	    $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix"
+-	    ;;
+-	*)
+-	    $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"
+-	    ;;
+-    esac
+-
+-    if [ $? -ne 0 ] ; then
+-	[ -z "$STOPPING" ] && { stop_firewall; exit 2; }
+-    fi
+-}
+-
+-do_log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates for the rule
+-{
+-    local level=$1
+-    local chain=$2
+-    local disposition=$3
+-
+-    shift 3
+-
+-    do_log_rule_limit $level $chain $chain $disposition "$LOGLIMIT" "" -A $@
+-}
+-
+ delete_tc1()
+ {
+     clear_one_tc() {
+@@ -1496,65 +1110,3 @@
+ 
+     echo echo 
+ }
+-
+-# Determine which version of mktemp is present (if any) and set MKTEMP accortingly:
+-#
+-#     None - No mktemp
+-#     BSD  - BSD mktemp (Mandrake)
+-#     STD  - mktemp.org mktemp
+-#
+-find_mktemp() {
+-    local mktemp=`mywhich mktemp 2> /dev/null`
+-
+-    if [ -n "$mktemp" ]; then
+-	if qt mktemp -V ; then
+-	    MKTEMP=STD
+-	else
+-	    MKTEMP=BSD
+-	fi
+-    else
+-	MKTEMP=None
+-    fi
+-}
+-
+-#
+-# create a temporary file. If a directory name is passed, the file will be created in
+-# that directory. Otherwise, it will be created in a temporary directory.
+-#
+-mktempfile() {
+-
+-    [ -z "$MKTEMP" ] && find_mktemp
+-
+-    if [ $# -gt 0 ]; then
+-	case "$MKTEMP" in
+-	    BSD)
+-		mktemp $1/shorewall.XXXXXX
+-		;;
+-	    STD)
+-		mktemp -p $1 shorewall.XXXXXX
+-		;;
+-	    None)
+-		> $1/shorewall-$$ && echo $1/shorewall-$$
+-		;;
+-	    *)
+-		error_message "ERROR:Internal error in mktempfile"
+-		;;
+-	esac
+-    else
+-	case "$MKTEMP" in
+-	    BSD)
+-		mktemp /tmp/shorewall.XXXXXX
+-		;;
+-	    STD)
+-		mktemp -t shorewall.XXXXXX
+-		;;
+-	    None)
+-		rm -f /tmp/shorewall-$$
+-		> /tmp/shorewall-$$ && echo /tmp/shorewall-$$
+-		;;
+-	    *)
+-		error_message "ERROR:Internal error in mktempfile"
+-		;;
+-	esac
+-    fi
+-}
--- a/Shorewall-perl/install.sh
+++ b/Shorewall-perl/install.sh
@ -182,9 +182,6 @@ for f in Shorewall/*.pm ; do
    echo "Module ${f%.*} installed as ${PREFIX}/usr/share/shorewall-perl/$f"
 done

-install_file lib.base ${PREFIX}/usr/share/shorewall-perl/lib.base 0644
-echo "Shell library lib.base installed as ${PREFIX}/usr/share/shorewall-perl/lib.base";
-
 #
 # Install the program skeleton files
 #
--- a/Shorewall-perl/prog.header
+++ b/Shorewall-perl/prog.header
--- a/Shorewall-perl/shorewall-perl.spec
+++ b/Shorewall-perl/shorewall-perl.spec
@ -63,7 +63,6 @@ fi

 %attr(755,root,root) /usr/share/shorewall-perl/buildports.pl
 %attr(755,root,root) /usr/share/shorewall-perl/compiler.pl
-%attr(0644,root,root) /usr/share/shorewall-perl/lib.base
 %attr(0644,root,root) /usr/share/shorewall-perl/prog.header
 %attr(0644,root,root) /usr/share/shorewall-perl/prog.functions
 %attr(0644,root,root) /usr/share/shorewall-perl/prog.footer
--- a/docs/Shorewall-4.xml
+++ b/docs/Shorewall-4.xml
@ -243,14 +243,13 @@
      </simplelist>The -C option overrides the setting in
    shorewall.conf.</para>

-    <para>Example:<programlisting><command>shorewall restart -C perl</command></programlisting>Regardless
-    of the setting of SHOREWALL_COMPILER, there is one change in Shorewall
-    operation that is triggered simply by installing shorewall-perl. Your
-    params file will be processed during compilation with the shell's '-a'
-    option which causes any variables that you set or create in that file to
-    be automatically exported. Since the params file is processed before
-    shorewall.conf, using -a insures that the settings of your params
-    variables are available to the new compiler should its use be specified in
-    shorewall.conf.</para>
+    <para>Example:<programlisting><command>shorewall restart -C perl</command></programlisting></para>
+
+    <para>When the Shorewall-perl compiler has been selected, the
+    <filename>params</filename> file is processed using the
+    <option>-a</option> option which causes all variables set within the file
+    to be exported automatically by the shell. The Shorewall-perl compiler
+    uses the current environmental variables to perform variable expansion
+    within the other Shorewall configuration files.</para>
  </section>
 </article>
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -595,15 +595,14 @@ eth0             eth1:!192.168.4.9       ...</programlisting></para>
        </simplelist>The -C option overrides the setting in
      shorewall.conf.</para>

-      <para>Example:<programlisting><command>shorewall restart -C perl</command></programlisting>Regardless
-      of the setting of SHOREWALL_COMPILER, there is one change in Shorewall
-      operation that is triggered simply by installing shorewall-perl. Your
-      params file will be processed during compilation with the shell's '-a'
-      option which causes any variables that you set or create in that file to
-      be automatically exported. Since the params file is processed before
-      shorewall.conf, using -a insures that the settings of your params
-      variables are available to the new compiler should its use be specified
-      in shorewall.conf.</para>
+      <para>Example:<programlisting><command>shorewall restart -C perl</command></programlisting></para>
+
+      <para>When the Shorewall-perl compiler has been selected, the
+      <filename>params</filename> file is processed using the
+      <option>-a</option> option which causes all variables set within the
+      file to be exported automatically by the shell. The Shorewall-perl
+      compiler uses the current environmental variables to perform variable
+      expansion within the other Shorewall configuration files.</para>
    </section>
  </section>
 </article>
--- a/tools/build/buildshorewall
+++ b/tools/build/buildshorewall
@ -346,7 +346,6 @@ if [ -n "${BUILDTARBALL}${BUILDRPM}" ]; then
    do_or_die "cp $SHOREWALLDIR/modules $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
    if [ -f $SHOREWALLDIR/lib.base ]; then
 	do_or_die "cp $SHOREWALLDIR/lib.base $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
-	do_or_die "cp $SHOREWALLDIR/lib.base $PERLDIR >> $LOGFILE 2>&1"
 	if [ -f $SHOREWALLDIR/lib.cli ]; then
 	    do_or_die "cp $SHOREWALLDIR/lib.cli $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
 	fi