forked from extern/shorewall_code
Implement .conf file upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
e5d8be5aa5
commit
6f2cc31dde
@ -516,15 +516,15 @@ EOF
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
#1
|
||||
# The Compiler.
|
||||
#
|
||||
# Arguments are named -- see %parms below.
|
||||
#
|
||||
sub compiler {
|
||||
|
||||
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess ) =
|
||||
( '', '', -1, '', 0, '', '', -1, 0, 0 );
|
||||
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $upgrade , $annotate ) =
|
||||
( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, );
|
||||
|
||||
$export = 0;
|
||||
$test = 0;
|
||||
@ -556,8 +556,10 @@ sub compiler {
|
||||
log => { store => \$log },
|
||||
log_verbosity => { store => \$log_verbosity, validate => \&validate_verbosity } ,
|
||||
test => { store => \$test },
|
||||
preview => { store => \$preview },
|
||||
confess => { store => \$confess },
|
||||
preview => { store => \$preview, validate=> \&validate_boolean } ,
|
||||
confess => { store => \$confess, validate=> \&validate_boolean } ,
|
||||
upgrade => { store => \$upgrade, validate=> \&validate_boolean } ,
|
||||
annotate => { store => \$annotate, validate=> \&validate_boolean } ,
|
||||
);
|
||||
#
|
||||
# P A R A M E T E R P R O C E S S I N G
|
||||
@ -888,6 +890,11 @@ sub compiler {
|
||||
process_routestopped;
|
||||
}
|
||||
|
||||
#
|
||||
# Upgrade the configuration file if requested
|
||||
#
|
||||
upgrade_config_file( $annotate ) if $upgrade;
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
progress_message3 "Shorewall configuration verified";
|
||||
} else {
|
||||
|
@ -121,6 +121,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
||||
run_user_exit1
|
||||
run_user_exit2
|
||||
generate_aux_config
|
||||
upgrade_config_file
|
||||
|
||||
$product
|
||||
$Product
|
||||
@ -196,6 +197,10 @@ my ( $dir, $file );
|
||||
#
|
||||
my $tempfile;
|
||||
#
|
||||
# Fully qualified name of the configuration file
|
||||
#
|
||||
my $configfile;
|
||||
#
|
||||
# Misc Globals exported to other modules
|
||||
#
|
||||
our %globals;
|
||||
@ -203,6 +208,7 @@ our %globals;
|
||||
# From shorewall.conf file - exported to other modules.
|
||||
#
|
||||
our %config;
|
||||
my %rawconfig;
|
||||
#
|
||||
# Config options and global settings that are to be copied to output script
|
||||
#
|
||||
@ -424,7 +430,7 @@ sub initialize( $ ) {
|
||||
EXPORT => 0,
|
||||
STATEMATCH => '-m state --state',
|
||||
UNTRACKED => 0,
|
||||
VERSION => "4.4.21-Beta1",
|
||||
VERSION => "4.4.21-Beta2",
|
||||
CAPVERSION => 40417 ,
|
||||
);
|
||||
#
|
||||
@ -1920,24 +1926,26 @@ sub read_a_line(;$) {
|
||||
#
|
||||
# Expand Shell Variables using %params and %actparms
|
||||
#
|
||||
# $1 $2 $3 - $4
|
||||
while ( $currentline =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
|
||||
unless ( $currentline =~ /^(\w+)='.*'$/ ) {
|
||||
# $1 $2 $3 - $4
|
||||
while ( $currentline =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
|
||||
|
||||
my ( $first, $var, $rest ) = ( $1, $3, $4);
|
||||
|
||||
my ( $first, $var, $rest ) = ( $1, $3, $4);
|
||||
my $val;
|
||||
|
||||
my $val;
|
||||
if ( $var =~ /^\d+$/ ) {
|
||||
fatal_error "Undefined parameter (\$$var)" unless exists $actparms{$var};
|
||||
$val = $actparms{$var};
|
||||
} else {
|
||||
fatal_error "Undefined shell variable (\$$var)" unless exists $params{$var};
|
||||
$val = $params{$var};
|
||||
}
|
||||
|
||||
if ( $var =~ /^\d+$/ ) {
|
||||
fatal_error "Undefined parameter (\$$var)" unless exists $actparms{$var};
|
||||
$val = $actparms{$var};
|
||||
} else {
|
||||
fatal_error "Undefined shell variable (\$$var)" unless exists $params{$var};
|
||||
$val = $params{$var};
|
||||
$val = '' unless defined $val;
|
||||
$currentline = join( '', $first , $val , $rest );
|
||||
fatal_error "Variable Expansion Loop" if ++$count > 100;
|
||||
}
|
||||
|
||||
$val = '' unless defined $val;
|
||||
$currentline = join( '', $first , $val , $rest );
|
||||
fatal_error "Variable Expansion Loop" if ++$count > 100;
|
||||
}
|
||||
|
||||
if ( $currentline =~ /^\s*INCLUDE\s/ ) {
|
||||
@ -2014,7 +2022,7 @@ sub default_yes_no ( $$ ) {
|
||||
if ( $curval eq 'no' ) {
|
||||
$config{$var} = '';
|
||||
} else {
|
||||
fatal_error "Invalid value for $var ($val)" unless $curval eq 'yes';
|
||||
fatal_error "Invalid value for $var ($curval)" unless $curval eq 'yes';
|
||||
}
|
||||
} else {
|
||||
$config{$var} = $val;
|
||||
@ -2838,7 +2846,7 @@ sub process_shorewall_conf() {
|
||||
my $file = find_file "$product.conf";
|
||||
|
||||
if ( -f $file ) {
|
||||
$globals{CONFIGDIR} = $file;
|
||||
$globals{CONFIGDIR} = $configfile = $file;
|
||||
$globals{CONFIGDIR} =~ s/$product.conf//;
|
||||
|
||||
if ( -r _ ) {
|
||||
@ -2865,6 +2873,8 @@ sub process_shorewall_conf() {
|
||||
} else {
|
||||
fatal_error "$file does not exist!";
|
||||
}
|
||||
|
||||
%rawconfig = %config;
|
||||
}
|
||||
|
||||
#
|
||||
@ -3342,7 +3352,7 @@ sub get_configuration( $ ) {
|
||||
default_yes_no 'ACCOUNTING' , 'Yes';
|
||||
default_yes_no 'OPTIMIZE_ACCOUNTING' , '';
|
||||
|
||||
if ( defined $config{ACCOUNTING_TABLE} ) {
|
||||
if ( supplied $config{ACCOUNTING_TABLE} ) {
|
||||
my $value = $config{ACCOUNTING_TABLE};
|
||||
fatal_error "Invalid ACCOUNTING_TABLE setting ($value)" unless $value eq 'filter' || $value eq 'mangle';
|
||||
} else {
|
||||
@ -3384,7 +3394,7 @@ sub get_configuration( $ ) {
|
||||
$globals{USER_MASK} = 0;
|
||||
}
|
||||
|
||||
if ( defined ( $val = $config{ZONE2ZONE} ) ) {
|
||||
if ( supplied ( $val = $config{ZONE2ZONE} ) ) {
|
||||
fatal_error "Invalid ZONE2ZONE value ( $val )" unless $val =~ /^[2-]$/;
|
||||
} else {
|
||||
$config{ZONE2ZONE} = '2';
|
||||
@ -3747,6 +3757,99 @@ sub generate_aux_config() {
|
||||
finalize_aux_config;
|
||||
}
|
||||
|
||||
#
|
||||
# Upgrade the configuration file
|
||||
#
|
||||
sub upgrade_config_file( $ ) {
|
||||
my $annotate = shift;
|
||||
|
||||
my $fn = $annotate ? "$globals{SHAREDIR}/configfiles/${product}.conf.annotated" : "$globals{SHAREDIR}/configfiles/${product}.conf";
|
||||
|
||||
my %deprecated = ( LOGRATE => '' ,
|
||||
LOGBURST => '' ,
|
||||
EXPORTPARAMS => 'no' );
|
||||
|
||||
my @undocumented = ( qw( FAKE_AUDIT ) );
|
||||
|
||||
if ( -f $fn ) {
|
||||
my ( $template, $output );
|
||||
open $template, '<' , $fn or fatal_error "Unable to open $fn: $!";
|
||||
|
||||
unless ( open $output, '>', "$configfile.upgraded" ) {
|
||||
close $template;
|
||||
fatal_error "Unable to open $configfile.upgraded for output: $!";
|
||||
}
|
||||
|
||||
while ( <$template> ) {
|
||||
if ( /^(\w+)=/ ) {
|
||||
my ($var, $val ) = ( $1, $rawconfig{$1} );
|
||||
$val = '' unless defined $val;
|
||||
|
||||
if ( $val =~ /\s/ ) {
|
||||
$val = qq("$val") unless $val =~ /'/;
|
||||
}
|
||||
|
||||
$_ = "$var=$val\n";
|
||||
}
|
||||
|
||||
print $output "$_";
|
||||
}
|
||||
|
||||
close $template;
|
||||
|
||||
my $heading_printed;
|
||||
|
||||
for ( @undocumented ) {
|
||||
if ( $rawconfig{$_} ) {
|
||||
|
||||
unless ( $heading_printed ) {
|
||||
print $output
|
||||
'#################################################################################
|
||||
# U N D O C U M E N T E D
|
||||
# O P T I O N S
|
||||
#################################################################################
|
||||
';
|
||||
$heading_printed = 1;
|
||||
}
|
||||
|
||||
print $output "$_=$rawconfig{$_}\n";
|
||||
}
|
||||
}
|
||||
|
||||
$heading_printed = 0;
|
||||
|
||||
for ( keys %deprecated ) {
|
||||
if ( supplied $rawconfig{$_} ) {
|
||||
if ( lc $rawconfig{$_} ne $deprecated{$_} ) {
|
||||
unless ( $heading_printed ) {
|
||||
print $output
|
||||
'#################################################################################
|
||||
# D E P R E C A T E D
|
||||
# O P T I O N S
|
||||
#################################################################################
|
||||
';
|
||||
$heading_printed = 1;
|
||||
}
|
||||
|
||||
print $output "$_=$rawconfig{$_}\n";
|
||||
|
||||
warning_message "Deprecated option $_ is being set in your $product.conf file";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
close $output;
|
||||
|
||||
fatal_error "Can't rename $configfile to $configfile.bak: $!" unless rename $configfile, "$configfile.bak";
|
||||
fatal_error "Can't rename $configfile.upgraded to $configfile: $!" unless rename "$configfile.upgraded", $configfile;
|
||||
|
||||
|
||||
progress_message3 "Configuration file $configfile upgraded - old file renamed $configfile.bak";
|
||||
} else {
|
||||
fatal_error "$fn does not exist";
|
||||
}
|
||||
}
|
||||
|
||||
END {
|
||||
cleanup;
|
||||
}
|
||||
|
@ -61,6 +61,8 @@ sub usage( $ ) {
|
||||
[ --test ]
|
||||
[ --preview ]
|
||||
[ --family={4|6} ]
|
||||
[ --annotate ]
|
||||
[ --upgrade ]
|
||||
';
|
||||
|
||||
exit shift @_;
|
||||
@ -82,6 +84,8 @@ my $help = 0;
|
||||
my $test = 0;
|
||||
my $family = 4; # F_IPV4
|
||||
my $preview = 0;
|
||||
my $annotate = 0;
|
||||
my $upgrade = 0;
|
||||
|
||||
Getopt::Long::Configure ('bundling');
|
||||
|
||||
@ -107,6 +111,10 @@ my $result = GetOptions('h' => \$help,
|
||||
'family=i' => \$family,
|
||||
'c' => \$confess,
|
||||
'confess' => \$confess,
|
||||
'a' => \$annotate,
|
||||
'annotate' => \$annotate,
|
||||
'u' => \$upgrade,
|
||||
'upgrade' => \$upgrade,
|
||||
);
|
||||
|
||||
usage(1) unless $result && @ARGV < 2;
|
||||
@ -125,4 +133,6 @@ compiler( script => $ARGV[0] || '',
|
||||
preview => $preview,
|
||||
family => $family,
|
||||
confess => $confess,
|
||||
upgrade => $upgrade,
|
||||
annotate => $annotate,
|
||||
);
|
||||
|
@ -1,6 +1,6 @@
|
||||
Changes in Shorewall 4.4.21 Beta 2
|
||||
|
||||
None.
|
||||
1) Add -u option to check.
|
||||
|
||||
Changes in Shorewall 4.4.21 Beta 1
|
||||
|
||||
|
@ -212,5 +212,3 @@ TCP_FLAGS_DISPOSITION=DROP
|
||||
################################################################################
|
||||
|
||||
IPSECFILE=zones
|
||||
|
||||
#LAST LINE -- DO NOT REMOVE
|
||||
|
@ -323,6 +323,9 @@ chmod 755 ${DESTDIR}/etc/shorewall
|
||||
chmod 755 ${DESTDIR}/usr/share/shorewall
|
||||
chmod 755 ${DESTDIR}/usr/share/shorewall/configfiles
|
||||
|
||||
run_install $OWNERSHIP -m 0644 configfiles/shorewall.conf ${DESTDIR}/usr/share/shorewall/configfiles
|
||||
run_install $OWNERSHIP -m 0644 configfiles/shorewall.conf.annotated ${DESTDIR}/usr/share/shorewall/configfiles
|
||||
|
||||
if [ -n "$DESTDIR" ]; then
|
||||
mkdir -p ${DESTDIR}/etc/logrotate.d
|
||||
chmod 755 ${DESTDIR}/etc/logrotate.d
|
||||
@ -342,8 +345,6 @@ fi
|
||||
#
|
||||
# Install the config file
|
||||
#
|
||||
run_install $OWNERSHIP -m 0644 $CONFIGFILES/shorewall.conf ${DESTDIR}/usr/share/shorewall/configfiles
|
||||
|
||||
if [ ! -f ${DESTDIR}/etc/shorewall/shorewall.conf ]; then
|
||||
run_install $OWNERSHIP -m 0644 $CONFIGFILES/shorewall.conf ${DESTDIR}/etc/shorewall
|
||||
|
||||
|
@ -80,6 +80,16 @@ None.
|
||||
|
||||
DROP_DEFAULT=Drop(-,DROP)
|
||||
|
||||
4) The 'check' command now allows a '-u' (upgrade) option that
|
||||
upgrades your /etc/shorewall[6]/shorewall[6].conf file. The
|
||||
upgraded file will set any new options with their default values
|
||||
and will move any deprecated options with non-default values to a
|
||||
'deprecated options' section at the end of the file. Each such
|
||||
deprecated option will generate a warning message.
|
||||
|
||||
Your original shorewall[6].conf file will be saved as
|
||||
shorewall[6].conf.bak.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I V. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||
----------------------------------------------------------------------------
|
||||
|
@ -397,6 +397,8 @@ compiler() {
|
||||
[ "$g_debugging" = trace ] && options="$options --debug"
|
||||
[ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains"
|
||||
[ -n "$g_confess" ] && options="$options --confess"
|
||||
[ -n "$g_upgrade" ] && options="$options --upgrade"
|
||||
[ -n "$g_annotate" ] && options="$options --annotate"
|
||||
|
||||
if [ -n "$PERL" ]; then
|
||||
if [ ! -x "$PERL" ]; then
|
||||
@ -686,6 +688,14 @@ check_command() {
|
||||
g_confess=Yes
|
||||
option=${option#T}
|
||||
;;
|
||||
u*)
|
||||
g_upgrade=Yes
|
||||
option=${option#u}
|
||||
;;
|
||||
a*)
|
||||
g_annotate=Yes
|
||||
option=${option#a}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -1531,6 +1541,8 @@ g_debug=
|
||||
g_export=
|
||||
g_refreshchains=:none:
|
||||
g_confess=
|
||||
g_upgrade=
|
||||
g_annotate=
|
||||
|
||||
#
|
||||
# Make sure that these variables are cleared
|
||||
|
@ -372,6 +372,9 @@ echo "Default config path file installed as ${DESTDIR}/usr/share/shorewall6/conf
|
||||
install_file actions.std ${DESTDIR}/usr/share/shorewall6/actions.std 0644
|
||||
echo "Standard actions file installed as ${DESTDIR}/usr/shared/shorewall6/actions.std"
|
||||
|
||||
run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
|
||||
run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf.annotated ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf.annotated
|
||||
|
||||
if [ -n "$ANNOTATED" ]; then
|
||||
mkdir annotated
|
||||
cp configfiles/* annotated/
|
||||
@ -385,7 +388,6 @@ fi
|
||||
#
|
||||
# Install the config file
|
||||
#
|
||||
run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
|
||||
|
||||
if [ ! -f ${DESTDIR}/etc/shorewall6/shorewall6.conf ]; then
|
||||
run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/etc/shorewall6/shorewall6.conf
|
||||
|
@ -397,6 +397,8 @@ compiler() {
|
||||
[ "$g_debugging" = trace ] && options="$options --debug"
|
||||
[ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains"
|
||||
[ -n "$g_confess" ] && options="$options --confess"
|
||||
[ -n "$g_upgrade" ] && options="$options --upgrade"
|
||||
[ -n "$g_annotate" ] && options="$options --annotate"
|
||||
[ -x $pc ] || startup_error "Shorewall6 requires the shorewall package which is not installed"
|
||||
|
||||
if [ -n "$PERL" ]; then
|
||||
@ -687,6 +689,14 @@ check_command() {
|
||||
g_confess=Yes
|
||||
option=${option#T}
|
||||
;;
|
||||
u*)
|
||||
g_upgrade=Yes
|
||||
option=${option#u}
|
||||
;;
|
||||
a*)
|
||||
g_annotate=Yes
|
||||
option=${option#a}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -1527,6 +1537,8 @@ g_debug=
|
||||
g_export=
|
||||
g_refreshchains=:none:
|
||||
g_confess=
|
||||
g_upgrade=
|
||||
g_annotate=
|
||||
|
||||
#
|
||||
# Make sure that these variables are cleared
|
||||
|
@ -64,6 +64,10 @@
|
||||
|
||||
<arg><option>-T</option></arg>
|
||||
|
||||
<arg><option>-u</option></arg>
|
||||
|
||||
<arg><option>-a</option></arg>
|
||||
|
||||
<arg><replaceable>directory</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
@ -738,6 +742,19 @@
|
||||
<para>The <option>-T</option> option was added in Shorewall 4.4.20
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The <option>-u</option> option was added in Shorewall 4.4.21
|
||||
and causes the compiler to upgrade
|
||||
<filename>/etc/shorewall/shorewall.conf</filename>. The upgrade will
|
||||
add new options with their default values and will move deprecated
|
||||
options with non-defaults to a deprecated options section at the
|
||||
bottom of the file.Your existing <filename>shorewall.conf</filename>
|
||||
file is renamed <filename>shorewall.conf.bak.</filename></para>
|
||||
|
||||
<para>The <option>-a</option> option was added in Shorewall 4.4.21
|
||||
and is only meaningful when used with <option>-u</option>. It causes
|
||||
the upgraded <filename>shorewall.conf</filename> file to be
|
||||
annotated with documentation.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -48,6 +48,8 @@
|
||||
|
||||
<arg><option>-T</option></arg>
|
||||
|
||||
<arg><option>-u</option><arg><option>-a</option></arg></arg>
|
||||
|
||||
<arg><replaceable>directory</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
@ -600,6 +602,20 @@
|
||||
<para>The <option>-T</option> option was added in Shorewall 4.4.20
|
||||
and causes a Perl stack trace to be included with each
|
||||
compiler-generated error and warning message.</para>
|
||||
|
||||
<para>The <option>-u</option> option was added in Shorewall 4.4.21
|
||||
and causes the compiler to upgrade
|
||||
<filename>/etc/shorewall6/shorewall6.conf</filename>. The upgrade
|
||||
will add new options with their default values and will move
|
||||
deprecated options with non-defaults to a deprecated options section
|
||||
at the bottom of the file. Your existing
|
||||
<filename>shorewall6.conf</filename> file is renamed
|
||||
<filename>shorewall6.conf.bak.</filename></para>
|
||||
|
||||
<para>The <option>-a</option> option was added in Shorewall 4.4.21
|
||||
and is only meaningful when used with <option>-u</option>. It causes
|
||||
the upgraded <filename>shorewall6.conf</filename> file to be
|
||||
annotated with documentation.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user