Revert "Remove SUBSYSLOCK"

This reverts commit 386b137e9b.
2017-01-06 09:49:40 -08:00 · 2017-01-06 09:49:40 -08:00 · f68d3fd9fa
commit f68d3fd9fa
parent 386b137e9b
20 changed files with 108 additions and 11 deletions
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -426,6 +426,9 @@ fi

 if [ $HOST = archlinux ] ; then
   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
+elif [ $HOST = gentoo ]; then
+    # Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
+    perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
 fi
 #
 # Install the default config path file
@ -560,7 +563,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	    if [ $HOST = debian ]; then
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
@ -579,7 +582,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
-	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	update-rc.d $PRODUCT enable
    elif mywhich rc-update ; then
 	if rc-update add $PRODUCT default; then
@ -587,7 +590,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	    if [ $HOST = debian ]; then
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
--- a/Shorewall-lite/manpages/shorewall-lite.conf.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.conf.xml
@ -133,6 +133,20 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">SUBSYSLOCK=</emphasis>[<emphasis>pathname</emphasis>]</term>
+
+        <listitem>
+          <para>This parameter should be set to the name of a file that the
+          firewall should create if it starts successfully and remove when it
+          stops. Creating and removing this file allows Shorewall to work with
+          your distribution's initscripts. For RedHat, this should be set to
+          /var/lock/subsys/shorewall. For Debian, the value is
+          /var/state/shorewall and in LEAF it is /var/run/shorewall.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>VERBOSITY=[<emphasis role="bold">number</emphasis>]</term>

--- a/Shorewall-lite/shorewall-lite.conf
+++ b/Shorewall-lite/shorewall-lite.conf
@ -40,6 +40,8 @@ PATH=

 SHOREWALL_SHELL=

+SUBSYSLOCK=
+
 RESTOREFILE=

 #LAST LINE -- DO NOT REMOVE
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -315,7 +315,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
 #
 # Config options and global settings that are to be copied to output script
 #
-our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE LOG_VERBOSITY RESTART/;
+our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
 #
 # From parsing the capabilities file or detecting capabilities
 #
@ -636,15 +636,14 @@ our %converted = (
 # Eliminated options
 #
 our %eliminated = ( LOGRATE          => 1,
-		    LOGBURST	     => 1,
+		    LOGBURST         => 1,
 		    EXPORTPARAMS     => 1,
 		    LEGACY_FASTSTART => 1,
-		    IPSECFILE	     => 1,
+		    IPSECFILE        => 1,
 		    WIDE_TC_MARKS    => 1,
 		    HIGH_ROUTE_MARKS => 1,
 		    BLACKLISTNEWONLY => 1,
 		    CHAIN_SCRIPTS    => 1,
-		    SUBSYSLOCK	     => 1,
 		  );
 #
 # Variables involved in ?IF, ?ELSE ?ENDIF processing
@ -802,6 +801,7 @@ sub initialize( $;$$) {
 	  PERL => undef,
 	  PATH => undef,
 	  SHOREWALL_SHELL => undef,
+	  SUBSYSLOCK => undef,
 	  MODULESDIR => undef,
 	  CONFIG_PATH => undef,
 	  RESTOREFILE => undef,
@ -6805,7 +6805,7 @@ sub generate_aux_config() {

    emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#";

-    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL LOCKFILE RESTOREFILE WORKAROUNDS RESTART DYNAMIC_BLACKLIST) ) {
+    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS RESTART DYNAMIC_BLACKLIST) ) {
 	conditionally_add_option $option;
    }

--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@ -49,6 +49,7 @@ start_command() {
 	define_firewall
 	status=$?
 	if [ $status -eq 0 ]; then
+	    [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
 	    progress_message3 "done."
 	fi
    fi
@ -60,6 +61,7 @@ stop_command() {
    progress_message3 "Stopping $g_product...."
    detect_configuration
    stop_firewall
+    [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
    progress_message3 "done."
    return 0
 }
@ -76,6 +78,9 @@ reload_command() {
    detect_configuration
    define_firewall
    status=$?
+    if [ -n "$SUBSYSLOCK" ]; then
+ 	[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
+    fi

    [ $status -eq 0 ] && progress_message3 "done."
 }
@ -334,6 +339,9 @@ case "$COMMAND" in
 	detect_configuration
 	define_firewall
 	status=$?
+	if [ -n "$SUBSYSLOCK" ]; then
+ 	    [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
+        fi
 	[ $status -eq 0 ] && progress_message3 "done."
 	;;
    clear)
@ -341,6 +349,9 @@ case "$COMMAND" in
 	progress_message3 "Clearing $g_product...."
 	clear_firewall
 	status=0
+	if [ -n "$SUBSYSLOCK" ]; then
+	    rm -f $SUBSYSLOCK
+	fi
 	progress_message3 "done."
 	;;
    status)
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@ -99,6 +99,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@ -110,6 +110,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@ -107,6 +107,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@ -110,6 +110,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -99,6 +99,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=/var/lock/subsys/shorewall
+
 TC=

 ###############################################################################
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -540,6 +540,9 @@ if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
 	sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
    elif [ $HOST = debian ]; then
 	perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf${suffix}
+    elif [ $HOST = gentoo ]; then
+	# Adjust SUBSYSLOCK path (see https://bugs.gentoo.org/show_bug.cgi?id=459316)
+	perl -p -w -i -e "s|^SUBSYSLOCK=.*|SUBSYSLOCK=/run/lock/$PRODUCT|;" ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf${suffix}
    fi

    echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
@ -1219,7 +1222,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	    if [ $HOST = debian ]; then
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
@ -1238,7 +1241,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	echo "$PRODUCT will start automatically at boot"
 	echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 	touch /var/log/$PRODUCT-init.log
-	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+	perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	update-rc.d $PRODUCT enable
    elif mywhich rc-update ; then
 	if rc-update add $PRODUCT default; then
@ -1246,7 +1249,7 @@ if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${
 	    if [ $HOST = debian ]; then
 		echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
 		touch /var/log/$PRODUCT-init.log
-		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
+		perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/$PRODUCT/$PRODUCT.conf
 	    else
 		echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
 	    fi
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -2562,6 +2562,20 @@ INLINE          -       -       -       ;; -j REJECT
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">SUBSYSLOCK=</emphasis>[<emphasis>pathname</emphasis>]</term>
+
+        <listitem>
+          <para>This parameter should be set to the name of a file that the
+          firewall should create if it starts successfully and remove when it
+          stops. Creating and removing this file allows Shorewall to work with
+          your distribution's initscripts. For RedHat and OpenSuSE, this
+          should be set to /var/lock/subsys/shorewall. For Debian, the value
+          is /var/lock/shorewall and in LEAF it is /var/run/shorewall.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">TC</emphasis>=[<emphasis>pathname</emphasis>]</term>
--- a/Shorewall6-lite/manpages/shorewall6-lite.conf.xml
+++ b/Shorewall6-lite/manpages/shorewall6-lite.conf.xml
@ -133,6 +133,20 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">SUBSYSLOCK=</emphasis>[<emphasis>pathname</emphasis>]</term>
+
+        <listitem>
+          <para>This parameter should be set to the name of a file that the
+          firewall should create if it starts successfully and remove when it
+          stops. Creating and removing this file allows Shorewall6 to work
+          with your distribution's initscripts. For RedHat, this should be set
+          to /var/lock/subsys/shorewall6. For Debian, the value is
+          /var/state/shorewall6 and in LEAF it is /var/run/shorewall.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis role="bold">VERBOSITY=</emphasis>[<emphasis
        role="bold"><emphasis>number</emphasis></emphasis>]</term>
--- a/Shorewall6-lite/shorewall6-lite.conf
+++ b/Shorewall6-lite/shorewall6-lite.conf
@ -40,6 +40,8 @@ PATH=

 SHOREWALL_SHELL=

+SUBSYSLOCK=
+
 RESTOREFILE=

 #LAST LINE -- DO NOT REMOVE
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@ -96,6 +96,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@ -97,6 +97,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@ -96,6 +96,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@ -96,6 +96,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=
+
 TC=

 ###############################################################################
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@ -96,6 +96,8 @@ RESTOREFILE=restore

 SHOREWALL_SHELL=/bin/sh

+SUBSYSLOCK=/var/lock/subsys/shorewall6
+
 TC=

 ###############################################################################
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -2197,6 +2197,20 @@ INLINE          -       -       -       ;; -j REJECT
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">SUBSYSLOCK=</emphasis>[<emphasis>pathname</emphasis>]</term>
+
+        <listitem>
+          <para>This parameter should be set to the name of a file that the
+          firewall should create if it starts successfully and remove when it
+          stops. Creating and removing this file allows Shorewall6 to work
+          with your distribution's initscripts. For RedHat, this should be set
+          to /var/lock/subsys/shorewall6. For Debian, the value is
+          /var/lock/shorewall6 and in LEAF it is /var/run/shorewall.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">TC</emphasis>=[<emphasis>pathname</emphasis>]</term>