From caedbcd5512aa61caa3c62b90581023a1915516f Mon Sep 17 00:00:00 2001 From: Philip Whineray Date: Wed, 23 Mar 2016 07:45:19 +0000 Subject: [PATCH] Use a regular shell file for installed config This simplifies the scripts somewhat and the autoconf system quite a bit. To specify a non-default location for the config, export a directory in FIREHOL_OVERRIDE_PROGRAM_DIR and ensure it has an install.config and functions.common. --- .gitattributes | 3 - .gitignore | 10 +- README.md | 2 +- autogen.sh | 7 - build/subst.inc | 11 + configure.ac | 44 ++-- doc/Makefile.am | 4 +- doc/firehol/Makefile.am | 4 +- doc/firehol/introduction.md | 6 +- doc/fireqos/Makefile.am | 2 - doc/vnetbuild/Makefile.am | 2 - packaging/firehol/detect-cmd.pl | 2 +- packaging/firehol/firehol.functions | 84 +++--- packaging/tar-compare | 6 +- sbin/Makefile.am | 58 ++--- sbin/commands.sed.in | 74 ------ sbin/{firehol.in.in => firehol} | 128 +++------- sbin/{fireqos.in => fireqos} | 61 +---- sbin/functions.common | 99 ++++++++ sbin/functions.common.sh | 239 ------------------ sbin/install.config.in.in | 89 +++++++ sbin/{link-balancer.in => link-balancer} | 71 ++---- sbin/{update-ipsets.in => update-ipsets} | 86 ++----- sbin/{vnetbuild.in => vnetbuild} | 43 +--- .../not-both/ipv4-disable-defaults.pre.sh | 2 +- .../not-both/ipv6-disable-defaults.pre.sh | 2 +- unittest/unittest | 48 ++-- 27 files changed, 434 insertions(+), 753 deletions(-) delete mode 100644 .gitattributes create mode 100644 build/subst.inc delete mode 100644 sbin/commands.sed.in rename sbin/{firehol.in.in => firehol} (99%) rename sbin/{fireqos.in => fireqos} (98%) create mode 100644 sbin/functions.common delete mode 100755 sbin/functions.common.sh create mode 100644 sbin/install.config.in.in rename sbin/{link-balancer.in => link-balancer} (96%) rename sbin/{update-ipsets.in => update-ipsets} (99%) rename sbin/{vnetbuild.in => vnetbuild} (95%) diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 6275357..0000000 --- a/.gitattributes +++ /dev/null @@ -1,3 +0,0 @@ -sbin/*.c ident export-subst -sbin/*.in ident export-subst -packaging/packver ident export-subst diff --git a/.gitignore b/.gitignore index 0ea6937..9ef9cd6 100644 --- a/.gitignore +++ b/.gitignore @@ -29,16 +29,10 @@ doc/apa*.html doc/services-?.xml doc/service-links doc/tools/pandoc-post -sbin/commands.sed -sbin/firehol -sbin/firehol.in -sbin/fireqos -sbin/link-balancer -sbin/vnetbuild -sbin/iprange +sbin/install.config +sbin/install.config.in sbin/*.o sbin/.deps -sbin/update-ipsets unittest/coverage *.xz *.gz diff --git a/README.md b/README.md index 8f39d8c..817ace5 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ Since all components will go under `/usr/local`, you may prefer something like this: ~~~~ -./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib make make install ~~~~ diff --git a/autogen.sh b/autogen.sh index 1bbf74f..ad3600b 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,11 +1,4 @@ #!/bin/sh # Update autoconf scripts after a configure.ac change - -if [ ! -f .gitignore -o ! -f sbin/firehol.in ] -then - echo "Run as ./packaging/autogen.sh from a firehol git repository" - exit 1 -fi - autoreconf -ivf diff --git a/build/subst.inc b/build/subst.inc new file mode 100644 index 0000000..fed0957 --- /dev/null +++ b/build/subst.inc @@ -0,0 +1,11 @@ +.in: + if sed \ + -e 's#[@]datarootdir_POST[@]#$(datarootdir)#g' \ + -e 's#[@]localstatedir_POST[@]#$(localstatedir)#g' \ + -e 's#[@]sysconfdir_POST[@]#$(sysconfdir)#g' \ + $< > $@.tmp; then \ + mv "$@.tmp" "$@"; \ + else \ + rm -f "$@.tmp"; \ + false; \ + fi diff --git a/configure.ac b/configure.ac index defdf2c..fa792b9 100644 --- a/configure.ac +++ b/configure.ac @@ -18,22 +18,27 @@ AC_INIT([firehol],VERSION_NUMBER[]VERSION_SUFFIX,[firehol-devs@lists.firehol.org AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([autotool]) -AC_CONFIG_SRCDIR([sbin/firehol.in]) -AC_CONFIG_SRCDIR([sbin/fireqos.in]) -AC_CONFIG_SRCDIR([sbin/link-balancer.in]) -AC_CONFIG_SRCDIR([sbin/update-ipsets.in]) -AC_CONFIG_SRCDIR([sbin/vnetbuild.in]) +AC_CONFIG_SRCDIR([sbin/firehol]) AM_INIT_AUTOMAKE([gnu]) AM_MAINTAINER_MODE([disable]) dnl Checks for programs. AC_PROG_MAKE_SET +dnl Check for functioning symbolic links +AC_PROG_LN_S + AM_CONDITIONAL([GIT_TREE], [test -f README.md]) AX_FIREHOL_AUTOSAVE() AX_FIREHOL_AUTOSAVE6() +AC_ARG_ENABLE([filename-versions], + [AS_HELP_STRING([--disable-filename-versions], [no versions on executable filenames @<:@enabled@:>@])], + , + [enable_filename_versions="yes"]) +AM_CONDITIONAL([FILENAME_VERSIONS],[test "${enable_filename_versions}" = "yes"]) + AC_ARG_ENABLE([doc], [AS_HELP_STRING([--disable-doc], [disable doc installation @<:@enabled@:>@])], , @@ -147,6 +152,8 @@ if test x"$MAKEDIST_BUILD_ONLY" != xyes; then AX_NEED_EGREP() AX_NEED_GREP() AX_NEED_SED() +AX_NEED_PROG([READLINK], [readlink], []) +AX_NEED_PROG([DIRNAME], [dirname], []) if test x"$enable_firehol" = xyes; then AC_MSG_NOTICE([Detecting commands for firehol]) AX_NEED_PROG([CAT], [cat], []) @@ -154,14 +161,14 @@ AX_NEED_PROG([CHMOD], [chmod], []) AX_NEED_PROG([CHOWN], [chown], []) AX_NEED_PROG([CP], [cp], []) AX_NEED_PROG([CUT], [cut], []) -AX_CHECK_PROG([DATE], [date], []) +AX_NEED_PROG([DATE], [date], []) AX_NEED_PROG([EXPR], [expr], []) AX_NEED_PROG([FIND], [find], []) AX_NEED_PROG([FLOCK], [flock], []) AX_NEED_PROG([FOLD], [fold], []) AX_NEED_PROG([HEAD], [head], []) -AX_CHECK_PROG([HOSTNAMECMD], [hostname], []) -AX_CHECK_PROG([IP], [ip], []) +AX_NEED_PROG([HOSTNAMECMD], [hostname], []) +AX_NEED_PROG([IP], [ip], []) if test x"$enable_ipv6" = xyes; then AX_CHECK_PROG([IP6TABLES], [ip6tables], []) fi @@ -196,11 +203,17 @@ AX_NEED_PROG([MORE], [cat], []) AX_NEED_PROG([MV], [mv], []) AX_CHECK_PROG([NFACCT], [nfacct], []) AX_CHECK_PROG([RENICE], [renice], []) +if test x"$RENICE" = x; then +AC_SUBST([RENICE], [:]) +fi AX_NEED_PROG([RM], [rm], []) AX_NEED_PROG([SLEEP], [sleep], []) AX_NEED_PROG([SORT], [sort], []) -AX_CHECK_PROG([SS], [ss], []) +AX_NEED_PROG([SS], [ss], []) AX_CHECK_PROG([STTY], [stty], []) +if test x"$STTY" = x; then +AC_SUBST([STTY], [:]) +fi AX_NEED_PROG([SYSCTL], [sysctl], []) AX_NEED_PROG([TAIL], [tail], []) AX_NEED_PROG([TOUCH], [touch], []) @@ -211,7 +224,7 @@ AX_NEED_PROG([UNIQ], [uniq], []) AX_NEED_PROG([WC], [wc], []) AX_CHECK_PROG([ZCAT], [zcat], []) AX_CHECK_PROG([ZCAT], [gzcat], []) -AX_CHECK_PROG([ZCAT], [gzip], [-dc]) +AX_NEED_PROG([ZCAT], [gzip], [-dc]) fi if test x"$enable_fireqos" = xyes; then AC_MSG_NOTICE([Detecting commands for fireqos]) @@ -220,7 +233,7 @@ AX_NEED_PROG([CUT], [cut], []) AX_NEED_PROG([DATE], [date], []) AX_NEED_PROG([FLOCK], [flock], []) AX_CHECK_PROG([GAWK], [gawk], []) -AX_CHECK_PROG([GAWK], [awk], []) +AX_NEED_PROG([GAWK], [awk], []) AX_NEED_PROG([IP], [ip], []) AX_NEED_PROG([LOGGER], [logger], []) AX_NEED_PROG([LS], [ls], []) @@ -284,7 +297,6 @@ AX_NEED_PROG([CURL], [curl], []) AX_NEED_PROG([CUT], [cut], []) AX_NEED_PROG([DATE], [date], []) AX_NEED_PROG([DIFF], [diff], []) -AX_NEED_PROG([DIRNAME], [dirname], []) AX_NEED_PROG([FIND], [find], []) AX_NEED_PROG([FLOCK], [flock], []) AX_NEED_PROG([FOLD], [fold], []) @@ -302,6 +314,9 @@ AX_NEED_PROG([MKDIR], [mkdir], []) AX_NEED_PROG([MKTEMP], [mktemp], []) AX_NEED_PROG([MV], [mv], []) AX_CHECK_PROG([RENICE], [renice], []) +if test x"$RENICE" = x; then +AC_SUBST([RENICE], [:]) +fi AX_NEED_PROG([RM], [rm], []) AX_NEED_PROG([SORT], [sort], []) AX_NEED_PROG([TAIL], [tail], []) @@ -343,13 +358,12 @@ AX_CHECK_MINVER([IPRANGE_VERSION], MIN_IPRANGE_VERSION, [$IPRANGE], [], [AC_MSG_ERROR(could not find required version of iprange - check http://firehol.org/download/iprange/)]) fi -AC_SUBST([AUTOCONF_RUN], [Y]) +AC_SUBST([firehollibexecdir], ["\$(libexecdir)/firehol/\$(PACKAGE_VERSION)"]) AC_CONFIG_FILES([ Makefile sbin/Makefile - sbin/commands.sed - sbin/firehol.in + sbin/install.config.in m4/Makefile doc/Makefile doc/firehol/Makefile diff --git a/doc/Makefile.am b/doc/Makefile.am index 7fdc42e..94b01f9 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -42,9 +42,7 @@ all-local: service-links MKSERVICELINKS = ${top_srcdir}/doc/tools/mkservicelinks -FIREHOLIN = $(top_srcdir)/sbin/firehol.in - -service-links: $(FIREHOLIN) services-db.data +service-links: $(top_srcdir)/sbin/firehol services-db.data $(MKSERVICELINKS) service-links $+ endif diff --git a/doc/firehol/Makefile.am b/doc/firehol/Makefile.am index e73b1d9..059b76e 100644 --- a/doc/firehol/Makefile.am +++ b/doc/firehol/Makefile.am @@ -151,9 +151,7 @@ FORMATTABLE = ${top_srcdir}/doc/tools/format-table PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post CHECKLINKS = ${top_srcdir}/doc/tools/check-links -FIREHOLIN = $(top_srcdir)/sbin/firehol.in - -firehol-services.5.md: $(FIREHOLIN) ../services-db.data ../service-links +firehol-services.5.md: $(top_srcdir)/sbin/firehol ../services-db.data ../service-links $(MKSERVICEMAN) firehol-services.5.md $+ contents.md: *.1.md *.5.md contents.tpl diff --git a/doc/firehol/introduction.md b/doc/firehol/introduction.md index da22d9d..830c09a 100644 --- a/doc/firehol/introduction.md +++ b/doc/firehol/introduction.md @@ -46,7 +46,11 @@ To build and install taking the default options: ./configure && make && sudo make install -Alternatively, just copy the `sbin/firehol.in` file to where you want it. +Since all components (including configuration files) will go +under `/usr/local`, you may prefer to configure more like this: + + ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib + All of the common SysVInit command line arguments are recognised which makes it easy to deploy the script as a startup service. diff --git a/doc/fireqos/Makefile.am b/doc/fireqos/Makefile.am index 40784f2..b7488a1 100644 --- a/doc/fireqos/Makefile.am +++ b/doc/fireqos/Makefile.am @@ -127,8 +127,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post CHECKLINKS = ${top_srcdir}/doc/tools/check-links -FIREHOLIN = $(top_srcdir)/sbin/firehol.in - man/man1/%.1: %.1.md $(MKDIR_P) man/man1 $(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc diff --git a/doc/vnetbuild/Makefile.am b/doc/vnetbuild/Makefile.am index 36c24d0..97c18ab 100644 --- a/doc/vnetbuild/Makefile.am +++ b/doc/vnetbuild/Makefile.am @@ -62,8 +62,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post CHECKLINKS = ${top_srcdir}/doc/tools/check-links -FIREHOLIN = $(top_srcdir)/sbin/firehol.in - man/man1/%.1: %.1.md $(MKDIR_P) man/man1 $(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc diff --git a/packaging/firehol/detect-cmd.pl b/packaging/firehol/detect-cmd.pl index ed8d932..5952d4f 100755 --- a/packaging/firehol/detect-cmd.pl +++ b/packaging/firehol/detect-cmd.pl @@ -12,7 +12,7 @@ use File::Basename; if (@ARGV == 0) { print "Usage: ./packaging/firehol/detect-cmd.pl configure.ac sbin/file.in ...\n"; print "\n"; - print "Finds usages of commands which should be converted to \$COMMAND_CMD format\n"; + print "Finds usages of commands which should be converted to \@COMMAND\@ format\n"; exit 0; } diff --git a/packaging/firehol/firehol.functions b/packaging/firehol/firehol.functions index 11ef453..7f5e4ff 100644 --- a/packaging/firehol/firehol.functions +++ b/packaging/firehol/firehol.functions @@ -11,14 +11,15 @@ firehol_check_file() { sbin/Makefile.in) : ;; - configure.ac|sbin/commands.sed.in) - check_commands sbin/firehol.in || status=1 - check_commands sbin/fireqos.in || status=1 - check_commands sbin/link-balancer.in || status=1 - check_commands sbin/update-ipsets.in || status=1 - check_commands sbin/vnetbuild.in || status=1 + configure.ac|sbin/install.config.in.in) + check_commands sbin/firehol || status=1 + check_commands sbin/fireqos || status=1 + check_commands sbin/link-balancer || status=1 + check_commands sbin/update-ipsets || status=1 + check_commands sbin/vnetbuild || status=1 + check_detection_useful sbin/firehol sbin/fireqos sbin/link-balancer sbin/update-ipsets sbin/vnetbuild || status=1 ;; - sbin/*.in) + sbin/firehol|sbin/fireqos|sbin/link-balancer|sbin/update-ipsets|sbin/vnetbuild) check_commands $filename || status=1 ;; doc/services-db.data) @@ -50,8 +51,8 @@ check_commands() { get_staged_file $1 get_staged_file configure.ac - get_staged_file sbin/commands.sed.in - get_staged_file sbin/functions.common.sh + get_staged_file sbin/install.config.in.in + get_staged_file sbin/functions.common # Find commands that have been enclosed in quotes and remove anything after # if nothing matched the substitution, proceed to the next line @@ -98,40 +99,25 @@ check_commands() { cat $MYTMP/errors fi - sed -n -e "s/^ *[YN]|//p" $MYTMP/files/$1 > $MYTMP/commands-defined + sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined + for cmd in $(tr " " "\n" < $MYTMP/files/$1 | - sed -n -e 's/.*\(\<[A-Z0-9_]*\)_CMD.*/\1/p' | sort | uniq) + sed -n -e 's/.*\(\<[A-Z0-9_]*_CMD\).*/\1/p' | sort | uniq) do - if ! grep -q "^${cmd}_CMD|" $MYTMP/commands-defined + autocmd=`grep "^${cmd} " $MYTMP/commands-defined | cut -f2 -d' '` + if [ ! "$autocmd" ] then status=1 - echo "Missing definition of $cmd in $1 detection table." + echo "sbin/install.config.in.in: missing definition of $cmd (for $1)" fi - # Hostname is a special case - configure will expand it to running host, - # overwriting the value we wanted to use. - if [ "$cmd" = "HOSTNAME" ]; then cmd="HOSTNAMECMD"; fi - if ! grep -q "_${cmd}(\|\[$cmd\]" $MYTMP/files/configure.ac + if ! grep -q "_${autocmd}(\|\[$autocmd\]" $MYTMP/files/configure.ac then status=1 - echo "Missing detection of $cmd for $1 in configure.ac" + echo "configure.ac: missing detection of $autocmd (for $1)" fi done - while IFS="|" read cmd subst defaults - do - if ! grep -q "\${*$cmd" $MYTMP/files/$1 $MYTMP/files/sbin/*.sh - then - status=1 - echo "$cmd detected but never used in $1 or function libraries" - fi - if ! grep -q "#$subst#" $MYTMP/files/sbin/commands.sed.in - then - status=1 - echo "$cmd detected but $subst never substituted by sbin/commands.sed.in" - fi - done < $MYTMP/commands-defined - ( a=`pwd` cd $MYTMP/files @@ -141,3 +127,37 @@ check_commands() { return $status } + +check_detection_useful() { + local status=0 + + touch $MYTMP/commands-checked + if grep -q -F -z "$1" $MYTMP/commands-checked + then + # Only check a file once - an edit to some files checks multiple + return 0 + else + echo "$1" >> $MYTMP/commands-checked + fi + + list= + for i in "$@" + do + get_staged_file $1 + list="$list $MYTMP/files/$1" + done + get_staged_file configure.ac + get_staged_file sbin/install.config.in.in + get_staged_file sbin/functions.common + + sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined + + while read cmd subst + do + if ! grep -q "\${*$cmd" $list $MYTMP/files/sbin/functions.* + then + status=1 + echo "$cmd detected but never used in $1 or function libraries" + fi + done < $MYTMP/commands-defined +} diff --git a/packaging/tar-compare b/packaging/tar-compare index 02ec3c2..e280950 100755 --- a/packaging/tar-compare +++ b/packaging/tar-compare @@ -51,11 +51,7 @@ diff -r "$1" $MYTMP/unpack/* | grep "^Only" | sed \ -e '/: tmp-anchor-links$/d' \ -e '/: tmp-manproc$/d' \ -e '/: .*\.tar\.\(gz\|bz2\|xz\)$/d' \ - -e '/: unittest$/d' \ - -e '/: iprange$/d' \ - -e '/: .*\.o$/d' \ - -e '/sbin: \(firehol\|fireqos\|link-balancer\)$/d' \ - -e '/sbin: \(update-ipsets\|vnetbuild\|commands.sed\)$/d' > $MYTMP/out + -e '/: unittest$/d' > $MYTMP/out cat $MYTMP/out test -s $MYTMP/out && exit 1 diff --git a/sbin/Makefile.am b/sbin/Makefile.am index bdbe5a1..f00d4c0 100644 --- a/sbin/Makefile.am +++ b/sbin/Makefile.am @@ -1,38 +1,11 @@ # Process this file with automake to produce Makefile.in -libarchinddir = $(prefix)/lib -scriptsin = \ - firehol.in \ - fireqos.in \ - link-balancer.in \ - update-ipsets.in \ - vnetbuild.in +inclibdir = @firehollibexecdir@ -inclibdir = $(libarchinddir)/firehol +include $(top_srcdir)/build/subst.inc SUFFIXES = .in -.in: - if [ "$@" = "commands.sed.in" ]; then \ - true; \ - elif sed \ - -e '/^# Start defaults before configure/,/^# End/d' \ - -e 's#[$$]prefix_POST#$(prefix)#g' \ - -e 's#[$$]bindir_POST#$(bindir)#g' \ - -e 's#[$$]libdir_POST#$(inclibdir)#g' \ - -e 's#[$$]localstatedir_POST#$(localstatedir)#g' \ - -e 's#[$$]sysconfdir_POST#$(sysconfdir)#g' \ - -f commands.sed \ - $< > $@.tmp; then \ - mv "$@.tmp" "$@"; \ - chmod 755 "$@"; \ - else \ - rm -f "$@.tmp"; \ - false; \ - fi - -inclib_DATA = \ - functions.common.sh scripts = if ENABLE_FIREHOL @@ -55,12 +28,29 @@ if ENABLE_VNETBUILD scripts += vnetbuild endif -sbin_SCRIPTS = $(scripts) +CLEANFILES = install.config + +inclib_DATA = \ + functions.common \ + install.config \ + $(NULL) + +inclib_SCRIPTS = $(scripts) EXTRA_DIST = \ - commands.sed.in \ - $(scriptsin) \ - $(inclib_DATA) + functions.common \ + install.config.in \ + $(scripts) \ + $(NULL) -uninstall-local: +install-exec-hook: + $(MKDIR_P) $(DESTDIR)$(sbindir) + for i in $(scripts); do \ + $(RM) -f $(DESTDIR)$(sbindir)/$$i; \ + $(LN_S) $(DESTDIR)$(inclibdir)/$$i $(DESTDIR)$(sbindir); done + +uninstall-hook: + for i in $(scripts); do \ + $(RM) -f $(DESTDIR)$(sbindir)/$$i; done @-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(inclibdir) + @-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(sbindir) diff --git a/sbin/commands.sed.in b/sbin/commands.sed.in deleted file mode 100644 index 57e9b69..0000000 --- a/sbin/commands.sed.in +++ /dev/null @@ -1,74 +0,0 @@ -/VERSION=/s#'[$]Id.*'#'@PACKAGE_VERSION@'#g -s#[@]BRIDGE@#@BRIDGE@#g -s#[@]CAT@#@CAT@#g -s#[@]CHMOD@#@CHMOD@#g -s#[@]CHOWN@#@CHOWN@#g -s#[@]CP@#@CP@#g -s#[@]CURL@#@CURL@#g -s#[@]CUT@#@CUT@#g -s#[@]DATE@#@DATE@#g -s#[@]DIFF@#@DIFF@#g -s#[@]DIRNAME@#@DIRNAME@#g -s#[@]EGREP@#@EGREP@#g -s#[@]ENV@#@ENV@#g -s#[@]EXPR@#@EXPR@#g -s#[@]FIND@#@FIND@#g -s#[@]FLOCK@#@FLOCK@#g -s#[@]FOLD@#@FOLD@#g -s#[@]FUNZIP@#@FUNZIP@#g -s#[@]JQ@#@JQ@#g -s#[@]GAWK@#@GAWK@#g -s#[@]GIT@#@GIT@#g -s#[@]GREP@#@GREP@#g -s#[@]HEAD@#@HEAD@#g -s#[@]HOSTNAMECMD@#@HOSTNAMECMD@#g -s#[@]IP6TABLES@#@IP6TABLES@#g -s#[@]IP6TABLES_RESTORE@#@IP6TABLES_RESTORE@#g -s#[@]IP6TABLES_SAVE@#@IP6TABLES_SAVE@#g -s#[@]IP@#@IP@#g -s#[@]IPRANGE@#@IPRANGE@#g -s#[@]IPSET@#@IPSET@#g -s#[@]IPTABLES@#@IPTABLES@#g -s#[@]IPTABLES_RESTORE@#@IPTABLES_RESTORE@#g -s#[@]IPTABLES_SAVE@#@IPTABLES_SAVE@#g -s#[@]JQ@#@JQ@#g -s#[@]LN@#@LN@#g -s#[@]LOGGER@#@LOGGER@#g -s#[@]LS@#@LS@#g -s#[@]LSMOD@#@LSMOD@#g -s#[@]MKDIR@#@MKDIR@#g -s#[@]MKTEMP@#@MKTEMP@#g -s#[@]MODPROBE@#@MODPROBE@#g -s#[@]MORE@#@MORE@#g -s#[@]MV@#@MV@#g -s#[@]NEATO@#@NEATO@#g -s#[@]NFACCT@#@NFACCT@#g -s#[@]PING6@#@PING6@#g -s#[@]PING@#@PING@#g -s#[@]RENICE@#@RENICE@#g -s#[@]RMMOD@#@RMMOD@#g -s#[@]RM@#@RM@#g -s#[@]SCREEN@#@SCREEN@#g -s#[@]SED@#@SED@#g -s#[@]SEQ@#@SEQ@#g -s#[@]SH@#@SH@#g -s#[@]SLEEP@#@SLEEP@#g -s#[@]SORT@#@SORT@#g -s#[@]SS@#@SS@#g -s#[@]STTY@#@STTY@#g -s#[@]SYSCTL@#@SYSCTL@#g -s#[@]TAIL@#@TAIL@#g -s#[@]TAR@#@TAR@#g -s#[@]TCPDUMP@#@TCPDUMP@#g -s#[@]TC@#@TC@#g -s#[@]TOUCH@#@TOUCH@#g -s#[@]TPUT@#@TPUT@#g -s#[@]TRACEROUTE@#@TRACEROUTE@#g -s#[@]TR@#@TR@#g -s#[@]UNAME@#@UNAME@#g -s#[@]UNIQ@#@UNIQ@#g -s#[@]UNZIP@#@UNZIP@#g -s#[@]WC@#@WC@#g -s#[@]WGET@#@WGET@#g -s#[@]WHOIS@#@WHOIS@#g -s#[@]ZCAT@#@ZCAT@#g diff --git a/sbin/firehol.in.in b/sbin/firehol similarity index 99% rename from sbin/firehol.in.in rename to sbin/firehol index b10fbce..81c4b83 100755 --- a/sbin/firehol.in.in +++ b/sbin/firehol @@ -25,31 +25,28 @@ # See the file COPYING for details. # -VERSION='$Id$' -PROGRAM_FILE="${0}" -PROGRAM_DIR="${0%/*}" -if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi +PROGRAM_FILE="$(/bin/readlink $0)" +PROGRAM_FILE="${PROGRAM_FILE:-$0}" +if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ] +then + PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}" +else + PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")" +fi PROGRAM_PWD="${PWD}" declare -a PROGRAM_ORIGINAL_ARGS=("${@}") -# Start defaults before configure -prefix_POST=/usr -sysconfdir_POST=/etc -localstatedir_POST=/var -libdir_POST=$PROGRAM_DIR -# End defaults before configure -for functions_file in $libdir_POST/functions.common.sh +for functions_file in install.config functions.common do - if [ -r $functions_file ] + if [ -r "$PROGRAM_DIR/$functions_file" ] then - source $functions_file + source "$PROGRAM_DIR/$functions_file" else - 1>&2 echo "Cannot access $functions_file" + 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file" exit 1 fi done -FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol" common_disable_localization || exit common_private_umask || exit common_require_root || exit @@ -232,16 +229,6 @@ markdef() { # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # ------------------------------------------------------------------------------ -if [ "@AUTOCONF_RUN@" = "Y" ] -then - FIREHOL_AUTOSAVE="@FIREHOL_AUTOSAVE@" - FIREHOL_AUTOSAVE6="@FIREHOL_AUTOSAVE6@" - ENABLE_IPV4="@IPV4_ENABLED@" - ENABLE_IPV6="@IPV6_ENABLED@" -else - FIREHOL_CONFIG_DIR="/etc/firehol" -fi - # --- BEGIN OF FIREHOL DEFAULTS --- # These are the defaults for FireHOL. @@ -252,26 +239,23 @@ fi # FireHOL config directory. # EVEN IF YOU CHANGE THIS, THE firehol-defaults.conf FILE -# SHOULD STILL EXIST IN THE ORIGINAL $FIREHOL_CONFIG_DIR -FIREHOL_CONFIG_DIR="$FIREHOL_CONFIG_DIR" +# SHOULD STILL EXIST IN THE ORIGINAL $SYSCONFDIR/firehol +FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR}" # FireHOL services directory. # FireHOL will look into this directory for service # definition files (*.conf). # Package maintainers may install their service definitions # in this directory. -# Default: /etc/firehol/services -FIREHOL_SERVICES_DIR="${FIREHOL_CONFIG_DIR}/services" +# Default: $SYSCONFDIR/firehol/services +FIREHOL_SERVICES_DIR="${FIREHOL_SERVICES_DIR}" # Where to permanently save state information? -# Default: /var/spool/firehol -FIREHOL_SPOOL_DIR="/var/spool/firehol" +# Default: $LOCALSTATEDIR/spool/firehol +FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR}" # Where temporary files should go? -# /var/run is usualy a ram drive, so we prefer to use -# this for temporary files. -# Default: /var/run/firehol -FIREHOL_RUN_DIR="/var/run/firehol" +FIREHOL_RUN_DIR="${FIREHOL_RUN_DIR}" # show a spinner during processing that shows # number of iptables statements generated @@ -780,7 +764,7 @@ IPTRAP_DEFAULT_IPSET_COUNTERS_OPTIONS="timeout 3600 counters" # FireHOL will overwite these settings with the contents of the files with # the same names in ${FIREHOL_CONFIG_DIR}. # -# For example, RESERVED_IPV4 will be set from /etc/firehol/RESERVED_IPV4 +# For example, RESERVED_IPV4 will be set from $SYSCONFDIR/firehol/RESERVED_IPV4 # IANA reserved address space that should never appear RESERVED_IPV4="0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 " @@ -848,59 +832,6 @@ fi # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # ------------------------------------------------------------------------------ -common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-! -Y|CAT_CMD|@CAT@|cat -Y|CUT_CMD|@CUT@|cut -Y|CHOWN_CMD|@CHOWN@|chown -Y|CHMOD_CMD|@CHMOD@|chmod -Y|EGREP_CMD|@EGREP@|egrep 'grep -E' -Y|EXPR_CMD|@EXPR@|expr -Y|FIND_CMD|@FIND@|find -Y|FOLD_CMD|@FOLD@|fold -Y|GREP_CMD|@GREP@|grep -Y|HEAD_CMD|@HEAD@|head -Y|TAIL_CMD|@TAIL@|tail -Y|LS_CMD|@LS@|ls -Y|LSMOD_CMD|@LSMOD@|lsmod -Y|MKDIR_CMD|@MKDIR@|mkdir -Y|MKTEMP_CMD|@MKTEMP@|mktemp -Y|MV_CMD|@MV@|mv -Y|RM_CMD|@RM@|rm -Y|SED_CMD|@SED@|sed -Y|SORT_CMD|@SORT@|sort -Y|SYSCTL_CMD|@SYSCTL@|sysctl -Y|TOUCH_CMD|@TOUCH@|touch -Y|TR_CMD|@TR@|tr -Y|UNAME_CMD|@UNAME@|uname -Y|UNIQ_CMD|@UNIQ@|uniq -Y|LOGGER_CMD|@LOGGER@|logger -Y|FLOCK_CMD|@FLOCK@|flock -N|NFACCT_CMD|@NFACCT@|nfacct -N|IPRANGE_CMD|@IPRANGE@|iprange -N|IPSET_CMD|@IPSET@|ipset -N|IPTABLES_CMD|@IPTABLES@|iptables -N|IP6TABLES_CMD|@IP6TABLES@|ip6tables -N|IPTABLES_SAVE_CMD|@IPTABLES_SAVE@|iptables-save -N|IP6TABLES_SAVE_CMD|@IP6TABLES_SAVE@|ip6tables-save -N|IPTABLES_RESTORE_CMD|@IPTABLES_RESTORE@|iptables-restore -N|IP6TABLES_RESTORE_CMD|@IP6TABLES_RESTORE@|ip6tables-restore -Y|MORE_CMD|@MORE@|pager less more cat -Y|RENICE_CMD|@RENICE@|renice : -Y|STTY_CMD|@STTY@|stty : -N|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc" -N|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod -N|IP_CMD|@IP@|ip -N|SS_CMD|@SS@|ss -N|DATE_CMD|@DATE@|date -N|HOSTNAME_CMD|@HOSTNAMECMD@|hostname -N|TPUT_CMD|@TPUT@|tput -Y|WC_CMD|@WC@|wc -Y|CP_CMD|@CP@|cp -Y|SLEEP_CMD|@SLEEP@|sleep -! -status=$? -test $status -eq 0 || exit $status - emit_version() { ${CAT_CMD} </dev/null || IPRANGE_CMD= + ${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_REDUCE= fi -if [ -z "${IPRANGE_CMD}" ] +if [ -z "${IPRANGE_CMD}" -o -z "$IPRANGE_REDUCE" ] then FIREHOL_HAVE_IPRANGE=0 IPRANGE_WARNING=1 - IPRANGE_CMD= fi ENABLE_ACCOUNTING=1 @@ -1003,6 +934,15 @@ then fi fi +if [ ! ${FIREHOL_LOAD_KERNEL_MODULES} -eq 0 ] +then + if [ -z "${MODPROBE_CMD}" ] + then + echo >&2 " WARNING: no modprobe command: module loading disabled" + FIREHOL_LOAD_KERNEL_MODULES=0 + fi +fi + firehol_concurrent_run_lock() { exec 200>"${FIREHOL_LOCK_FILE}" if [ $? -ne 0 ]; then exit; fi @@ -12469,7 +12409,7 @@ then then # RedHat FIREHOL_AUTOSAVE="/etc/sysconfig/iptables" - elif [ -d "/var/lib/iptables" ] + elif [ -d "$LOCALSTATEDIR/lib/iptables" ] then if [ -f /etc/conf.d/iptables ] then @@ -12483,7 +12423,7 @@ then if [ -z "${FIREHOL_AUTOSAVE}" ] then # Debian - FIREHOL_AUTOSAVE="/var/lib/iptables/autosave" + FIREHOL_AUTOSAVE="$LOCALSTATEDIR/lib/iptables/autosave" fi else error "Cannot find where to save iptables file. Please set FIREHOL_AUTOSAVE." diff --git a/sbin/fireqos.in b/sbin/fireqos similarity index 98% rename from sbin/fireqos.in rename to sbin/fireqos index 256a792..f6f5885 100755 --- a/sbin/fireqos.in +++ b/sbin/fireqos @@ -25,31 +25,28 @@ # See the file COPYING for details. # -VERSION='$Id$' -PROGRAM_FILE="${0}" -PROGRAM_DIR="${0%/*}" -if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi +PROGRAM_FILE="$(/bin/readlink $0)" +PROGRAM_FILE="${PROGRAM_FILE:-$0}" +if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ] +then + PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}" +else + PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")" +fi PROGRAM_PWD="${PWD}" declare -a PROGRAM_ORIGINAL_ARGS=("${@}") -# Start defaults before configure -prefix_POST=/usr -sysconfdir_POST=/etc -localstatedir_POST=/var -libdir_POST=$PROGRAM_DIR -# End defaults before configure -for functions_file in $libdir_POST/functions.common.sh +for functions_file in install.config functions.common do - if [ -r $functions_file ] + if [ -r "$PROGRAM_DIR/$functions_file" ] then - source $functions_file + source "$PROGRAM_DIR/$functions_file" else - 1>&2 echo "Cannot access $functions_file" + 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file" exit 1 fi done -FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol" common_disable_localization || exit common_public_umask || exit common_require_root || exit @@ -63,9 +60,9 @@ shopt -s extglob FIREQOS_SYSLOG_FACILITY="daemon" FIREQOS_CONFIG="${FIREHOL_CONFIG_DIR}/fireqos.conf" -FIREQOS_LOCK_FILE=/var/run/fireqos.lock +FIREQOS_LOCK_FILE="$LOCALSTATEDIR/run/fireqos.lock" FIREQOS_LOCK_FILE_TIMEOUT=600 -FIREQOS_DIR=/var/run/fireqos +FIREQOS_DIR="$LOCALSTATEDIR/run/fireqos" FIREQOS_SAVE="${FIREQOS_DIR}/.tmp.save.$$.$RANDOM" # Gets set to 1 if this system cannot handle sub-second resolution @@ -111,35 +108,6 @@ then source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1 fi -common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-! -N|TPUT_CMD|@TPUT@|tput -Y|IP_CMD|@IP@|ip -Y|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod -Y|RMMOD_CMD|@RMMOD@|rmmod -Y|FLOCK_CMD|@FLOCK@|flock -Y|GREP_CMD|@GREP@|grep -Y|EGREP_CMD|@EGREP@|egrep 'grep -E' -Y|CAT_CMD|@CAT@|cat -Y|CUT_CMD|@CUT@|cut -Y|SED_CMD|@SED@|sed -Y|TOUCH_CMD|@TOUCH@|touch -Y|TR_CMD|@TR@|tr -Y|MV_CMD|@MV@|mv -Y|LOGGER_CMD|@LOGGER@|logger -Y|MKDIR_CMD|@MKDIR@|mkdir -Y|SLEEP_CMD|@SLEEP@|sleep -Y|RM_CMD|@RM@|rm -Y|TC_CMD|@TC@|tc -N|GAWK_CMD|@GAWK@|gawk awk -N|TCPDUMP_CMD|@TCPDUMP@|tcpdump -Y|SEQ_CMD|@SEQ@|seq -Y|LS_CMD|@LS@|ls -Y|DATE_CMD|@DATE@|date -Y|TAIL_CMD|@TAIL@|tail -! -status=$? -test $status -eq 0 || exit $status - RUNNING_ON_TERMINAL=0 if [ "z$1" = "z-nc" ] then @@ -277,7 +245,6 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )' declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )' declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )' -FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}" if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ] then source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1 diff --git a/sbin/functions.common b/sbin/functions.common new file mode 100644 index 0000000..a086ccb --- /dev/null +++ b/sbin/functions.common @@ -0,0 +1,99 @@ +# +# Copyright +# +# Copyright (C) 2003-2014 Costa Tsaousis +# Copyright (C) 2012-2014 Phil Whineray +# +# See sbin/firehol.in for details +# +# This file contains functions used by the firehol suite. +# To keep the namespace clean, functions defined in functions.x.sh +# should be of the form x_whatever() if they are intended for general +# use or int_x_whatever() if they are intended as helpers to the other +# functions in the file. +# + +common_require_cmd() { + local progname="$1" var="$2" val= + + eval val=\$\{${var}\} + if [ "${val}" ] + then + return 0 + fi + + $CAT_CMD >&2 <<-__EOF__ + ERROR: $progname feature requires $var + + You have invoked the program requesting a feature which uses + a program which was not available when $progname was installed. + + Please re-install $progname with a suitable command available. + __EOF__ + + exit 1 +} + +common_require_root() { + if [ "${UID}" != 0 ] + then + echo >&2 + echo >&2 "ERROR:" + echo >&2 "Only user root can run ${1}" + echo >&2 + return 1 + fi + return 0 +} + +common_disable_localization() { + export LC_ALL=C +} + +common_private_umask() { + # Make sure our generated files cannot be accessed by anyone else. + umask 077 +} + +common_public_umask() { + # let everyone read our status info + umask 022 +} + +common_setup_terminal() { + # Are stdout/stderr on the terminal? If not, then fail + test -t 2 || return 1 + test -t 1 || return 1 + + if [ ! -z "$TPUT_CMD" ] + then + if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ] + then + # Enable colors + COLOR_RESET="\e[0m" + COLOR_BLACK="\e[30m" + COLOR_RED="\e[31m" + COLOR_GREEN="\e[32m" + COLOR_YELLOW="\e[33m" + COLOR_BLUE="\e[34m" + COLOR_PURPLE="\e[35m" + COLOR_CYAN="\e[36m" + COLOR_WHITE="\e[37m" + COLOR_BGBLACK="\e[40m" + COLOR_BGRED="\e[41m" + COLOR_BGGREEN="\e[42m" + COLOR_BGYELLOW="\e[43m" + COLOR_BGBLUE="\e[44m" + COLOR_BGPURPLE="\e[45m" + COLOR_BGCYAN="\e[46m" + COLOR_BGWHITE="\e[47m" + COLOR_BOLD="\e[1m" + COLOR_DIM="\e[2m" + COLOR_UNDERLINED="\e[4m" + COLOR_BLINK="\e[5m" + COLOR_INVERTED="\e[7m" + fi + fi + + return 0 +} diff --git a/sbin/functions.common.sh b/sbin/functions.common.sh deleted file mode 100755 index 6822144..0000000 --- a/sbin/functions.common.sh +++ /dev/null @@ -1,239 +0,0 @@ -# -# Copyright -# -# Copyright (C) 2003-2014 Costa Tsaousis -# Copyright (C) 2012-2014 Phil Whineray -# -# See sbin/firehol.in for details -# -# This file contains functions used by the firehol suite. -# To keep the namespace clean, functions defined in functions.x.sh -# should be of the form x_whatever() if they are intended for general -# use or int_x_whatever() if they are intended as helpers to the other -# functions in the file. -# - -which_cmd() { - local name="$1" - shift - - if [ "$1" = ":" ] - then - eval $name=":" - return 0 - fi - - unalias $1 >/dev/null 2>&1 - local cmd= - IFS= read cmd <<-EOF - $(which $1 2> /dev/null) - EOF - - if [ $? -gt 0 -o ! -x "${cmd}" ] - then - return 1 - fi - shift - - if [ $# -eq 0 ] - then - eval $name="'${cmd}'" - else - eval $name="'${cmd} ${@}'" - fi - return 0 -} - -common_require_cmd() { - local progname= var= val= block=1 - - progname="$1" - shift - - if [ "$1" = "-n" ] - then - block=0 - shift - fi - - var="$1" - shift - - eval val=\$\{${var}\} || return 2 - if [ "${val}" ] - then - local cmd="${val/ */}" - if [ "$cmd" != ":" -a ! -x "$cmd" ] - then - echo >&2 - if [ $block -eq 0 ] - then - echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)" - echo >&2 "please add or correct $var in firehol-defaults.conf" - val="" - else - echo >&2 "ERROR: required command does not exist or is not executable ($cmd)" - echo >&2 "please add or correct $var in firehol-defaults.conf" - return 2 - fi - fi - - # link-balancer calls itself; export our findings so - # we do not repeat all of the lookups - eval export "$var" - return 0 - elif [ $block -eq 0 ] - then - eval set -- "$@" - for cmd in "$@" - do - eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'" - done - return 0 - fi - - if [ $# -eq 0 ] - then - eval set -- "\$NEED_${var}" - fi - - echo >&2 - echo >&2 "ERROR: $progname REQUIRES ONE OF THESE COMMANDS:" - echo >&2 - echo >&2 " ${@}" - echo >&2 - echo >&2 " You have requested the use of a $progname" - echo >&2 " feature that requires certain external programs" - echo >&2 " to be installed in the running system." - echo >&2 - echo >&2 " Please consult your Linux distribution manual to" - echo >&2 " install the package(s) that provide these external" - echo >&2 " programs and retry." - echo >&2 - echo >&2 " Note that you need an operational 'which' command" - echo >&2 " for $progname to find all the external programs it" - echo >&2 " needs. Check it yourself. Run:" - echo >&2 - for x in "${@}" - do - echo >&2 " which $x" - done - - return 2 -} - -int_common_which_all() { - local cmd_var="$1" - - eval set -- "$2" - for cmd in "$@" - do - which_cmd $cmd_var $cmd && break - done -} - -# Where required = Y, if a command is not found, FireHOL will refuse to run. -# Where required = N, the command only required when it is actually used -# -# If a command is specified in /etc/firehol/firehol-defaults.conf it will -# be used. Otherwise, if the script has been configured with ./configure -# the detected versions will be used. If the script has not been configured -# then the list of possible commands is autodetected. -common_load_commands() { - local progname="$1" - shift - local AUTOCONF_RUN="$1" - shift - - while IFS="|" read required cmd_var autoconf possibles - do - if [ "$AUTOCONF_RUN" = "Y" ] - then - case "$autoconf" in - "@"*) autoconf=""; ;; - esac - fi - eval set_in_defaults=\"\$$cmd_var\" - if [ "$set_in_defaults" ] - then - : - elif [ "$AUTOCONF_RUN" = "Y" -a ! -z "$autoconf" ] - then - eval $cmd_var=\"$autoconf\" - else - dirname="${0%/*}" - if [ "$dirname" = "$0" ]; then dirname="."; fi - PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH:$dirname" int_common_which_all $cmd_var "$possibles" - fi - if [ "$required" = "Y" ] - then - common_require_cmd $progname $cmd_var $possibles || return - else - common_require_cmd $progname -n $cmd_var $possibles || return - fi - done -} - -common_require_root() { - if [ "${UID}" != 0 ] - then - echo >&2 - echo >&2 "ERROR:" - echo >&2 "Only user root can run ${1}" - echo >&2 - return 1 - fi - return 0 -} - -common_disable_localization() { - export LC_ALL=C -} - -common_private_umask() { - # Make sure our generated files cannot be accessed by anyone else. - umask 077 -} - -common_public_umask() { - # let everyone read our status info - umask 022 -} - -common_setup_terminal() { - # Are stdout/stderr on the terminal? If not, then fail - test -t 2 || return 1 - test -t 1 || return 1 - - if [ ! -z "$TPUT_CMD" ] - then - if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ] - then - # Enable colors - COLOR_RESET="\e[0m" - COLOR_BLACK="\e[30m" - COLOR_RED="\e[31m" - COLOR_GREEN="\e[32m" - COLOR_YELLOW="\e[33m" - COLOR_BLUE="\e[34m" - COLOR_PURPLE="\e[35m" - COLOR_CYAN="\e[36m" - COLOR_WHITE="\e[37m" - COLOR_BGBLACK="\e[40m" - COLOR_BGRED="\e[41m" - COLOR_BGGREEN="\e[42m" - COLOR_BGYELLOW="\e[43m" - COLOR_BGBLUE="\e[44m" - COLOR_BGPURPLE="\e[45m" - COLOR_BGCYAN="\e[46m" - COLOR_BGWHITE="\e[47m" - COLOR_BOLD="\e[1m" - COLOR_DIM="\e[2m" - COLOR_UNDERLINED="\e[4m" - COLOR_BLINK="\e[5m" - COLOR_INVERTED="\e[7m" - fi - fi - - return 0 -} diff --git a/sbin/install.config.in.in b/sbin/install.config.in.in new file mode 100644 index 0000000..d7b7980 --- /dev/null +++ b/sbin/install.config.in.in @@ -0,0 +1,89 @@ +VERSION=@PACKAGE_VERSION@ + +DATAROOTDIR="@datarootdir_POST@" +SYSCONFDIR="@sysconfdir_POST@" +LOCALSTATEDIR="@localstatedir_POST@" + +# Default directories (file "${FIREHOL_CONFIG_DIR}/firehol.defaults" overrides) +FIREHOL_CONFIG_DIR="$SYSCONFDIR/firehol" +FIREHOL_SERVICES_DIR="$SYSCONFDIR/firehol/services" +FIREHOL_SHARE_DIR="$DATAROOTDIR/firehol" +FIREHOL_SPOOL_DIR="$LOCALSTATEDIR/spool/firehol" +FIREHOL_RUN_DIR="$LOCALSTATEDIR/run/firehol" + +ENABLE_IPV4=@IPV4_ENABLED@ +ENABLE_IPV6=@IPV6_ENABLED@ + +BRIDGE_CMD="@BRIDGE@" +CAT_CMD="@CAT@" +CHMOD_CMD="@CHMOD@" +CHOWN_CMD="@CHOWN@" +CP_CMD="@CP@" +CURL_CMD="@CURL@" +CUT_CMD="@CUT@" +DATE_CMD="@DATE@" +DIFF_CMD="@DIFF@" +DIRNAME_CMD="@DIRNAME@" +EGREP_CMD="@EGREP@" +ENV_CMD="@ENV@" +EXPR_CMD="@EXPR@" +FIND_CMD="@FIND@" +FLOCK_CMD="@FLOCK@" +FOLD_CMD="@FOLD@" +FUNZIP_CMD="@FUNZIP@" +JQ_CMD="@JQ@" +GAWK_CMD="@GAWK@" +GIT_CMD="@GIT@" +GREP_CMD="@GREP@" +HEAD_CMD="@HEAD@" +HOSTNAME_CMD="@HOSTNAMECMD@" +IP6TABLES_CMD="@IP6TABLES@" +IP6TABLES_RESTORE_CMD="@IP6TABLES_RESTORE@" +IP6TABLES_SAVE_CMD="@IP6TABLES_SAVE@" +IP_CMD="@IP@" +IPRANGE_CMD="@IPRANGE@" +IPSET_CMD="@IPSET@" +IPTABLES_CMD="@IPTABLES@" +IPTABLES_RESTORE_CMD="@IPTABLES_RESTORE@" +IPTABLES_SAVE_CMD="@IPTABLES_SAVE@" +JQ_CMD="@JQ@" +LN_CMD="@LN@" +LOGGER_CMD="@LOGGER@" +LS_CMD="@LS@" +LSMOD_CMD="@LSMOD@" +MKDIR_CMD="@MKDIR@" +MKTEMP_CMD="@MKTEMP@" +MODPROBE_CMD="@MODPROBE@" +MORE_CMD="@MORE@" +MV_CMD="@MV@" +NEATO_CMD="@NEATO@" +NFACCT_CMD="@NFACCT@" +PING6_CMD="@PING6@" +PING_CMD="@PING@" +RENICE_CMD="@RENICE@" +RMMOD_CMD="@RMMOD@" +RM_CMD="@RM@" +SCREEN_CMD="@SCREEN@" +SED_CMD="@SED@" +SEQ_CMD="@SEQ@" +SH_CMD="@SH@" +SLEEP_CMD="@SLEEP@" +SORT_CMD="@SORT@" +SS_CMD="@SS@" +STTY_CMD="@STTY@" +SYSCTL_CMD="@SYSCTL@" +TAIL_CMD="@TAIL@" +TAR_CMD="@TAR@" +TCPDUMP_CMD="@TCPDUMP@" +TC_CMD="@TC@" +TOUCH_CMD="@TOUCH@" +TPUT_CMD="@TPUT@" +TRACEROUTE_CMD="@TRACEROUTE@" +TR_CMD="@TR@" +UNAME_CMD="@UNAME@" +UNIQ_CMD="@UNIQ@" +UNZIP_CMD="@UNZIP@" +WC_CMD="@WC@" +WGET_CMD="@WGET@" +WHOIS_CMD="@WHOIS@" +ZCAT_CMD="@ZCAT@" diff --git a/sbin/link-balancer.in b/sbin/link-balancer similarity index 96% rename from sbin/link-balancer.in rename to sbin/link-balancer index ceee876..ba4ac08 100755 --- a/sbin/link-balancer.in +++ b/sbin/link-balancer @@ -25,31 +25,28 @@ # See the file COPYING for details. # -VERSION='$Id$' -PROGRAM_FILE="${0}" -PROGRAM_DIR="${0%/*}" -if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi +PROGRAM_FILE="$(/bin/readlink $0)" +PROGRAM_FILE="${PROGRAM_FILE:-$0}" +if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ] +then + PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}" +else + PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")" +fi PROGRAM_PWD="${PWD}" declare -a PROGRAM_ORIGINAL_ARGS=("${@}") -# Start defaults before configure -prefix_POST=/usr -sysconfdir_POST=/etc -localstatedir_POST=/var -libdir_POST=$PROGRAM_DIR -# End defaults before configure -for functions_file in $libdir_POST/functions.common.sh +for functions_file in install.config functions.common do - if [ -r $functions_file ] + if [ -r "$PROGRAM_DIR/$functions_file" ] then - source $functions_file + source "$PROGRAM_DIR/$functions_file" else - 1>&2 echo "Cannot access $functions_file" + 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file" exit 1 fi done -FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol" common_disable_localization || exit common_private_umask || exit common_require_root || exit @@ -63,7 +60,7 @@ if [ "$LB_DEBUGGING" ]; then set -v; set -x; fi # link-balancer temporary directory. # every instance of link-balancer creates a random directory # within this one. -LB_RUN_DIR="/var/run/link-balancer" +LB_RUN_DIR="$LOCALSTATEDIR/run/link-balancer" # If this is set to 1, no checks will be made if the gateways are available. # All gateways will be assumed active, if their interfaces are found @@ -112,44 +109,6 @@ fi # temporary variable (default LB_DEFAULT_IPV=4) LB_IPV= -# Load commands link-balancer will need. - -common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-! -Y|IP_CMD|@IP@|ip -Y|DIFF_CMD|@DIFF@|diff -Y|FLOCK_CMD|@FLOCK@|flock -Y|GREP_CMD|@GREP@|grep -Y|EGREP_CMD|@EGREP@|egrep 'grep -E' -Y|CUT_CMD|@CUT@|cut -Y|CAT_CMD|@CAT@|cat -Y|SED_CMD|@SED@|sed -Y|TR_CMD|@TR@|tr -Y|LN_CMD|@LN@|ln -Y|LS_CMD|@LS@|ls -Y|SLEEP_CMD|@SLEEP@|sleep -Y|TOUCH_CMD|@TOUCH@|touch -Y|LOGGER_CMD|@LOGGER@|logger -Y|MKDIR_CMD|@MKDIR@|mkdir -Y|CHOWN_CMD|@CHOWN@|chown -Y|CHMOD_CMD|@CHMOD@|chmod -Y|RM_CMD|@RM@|rm -Y|PING_CMD|@PING@|ping -Y|PING6_CMD|@PING6@|ping6 'ping -6' -Y|TRACEROUTE_CMD|@TRACEROUTE@|traceroute -Y|SORT_CMD|@SORT@|sort -Y|MKTEMP_CMD|@MKTEMP@|mktemp -Y|ENV_CMD|@ENV@|env -N|WHOIS_CMD|@WHOIS@|whois -N|JQ_CMD|@JQ@|jq -N|HEAD_CMD|@HEAD@|head -N|TPUT_CMD|@TPUT@|tput -N|WGET_CMD|@WGET@|wget -N|SCREEN_CMD|@SCREEN@|screen -Y|IPRANGE_CMD|@IPRANGE@|iprange -! -status=$? -test $status -eq 0 || exit $status - RUNNING_ON_TERMINAL=0 if [ "z$1" = "z-nc" ] then @@ -209,7 +168,7 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )' declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )' declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )' -FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}" +FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-$LOCALSTATEDIR/spool/firehol}" if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ] then source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1 @@ -1888,7 +1847,7 @@ policy # You can also have all the IPs in separate files: # Run: # -# ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$sysconfdir_POST/firehol/PROVIDER1_IPS +# ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$SYSCONFDIR/firehol/PROVIDER1_IPS # # Then: rules dst loadfile PROVIDER1_IPS table dsl1 diff --git a/sbin/update-ipsets.in b/sbin/update-ipsets similarity index 99% rename from sbin/update-ipsets.in rename to sbin/update-ipsets index 1225fcc..511be15 100755 --- a/sbin/update-ipsets.in +++ b/sbin/update-ipsets @@ -56,7 +56,7 @@ # - update a kernel ipset, having the same name # # 5. It can commit all successfully updated files to a git repository. -# Just do 'git init' in $sysconfdir_POST/firehol/ipsets to enable it. +# Just do 'git init' in $SYSCONFDIR/firehol/ipsets to enable it. # If it is called with -g it will also push the committed changes # to a remote git server (to have this done by cron, please set # git to automatically push changes without human action). @@ -80,31 +80,28 @@ # ----------------------------------------------------------------------------- -VERSION='$Id$' -PROGRAM_FILE="${0}" -PROGRAM_DIR="${0%/*}" -if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi +PROGRAM_FILE="$(/bin/readlink $0)" +PROGRAM_FILE="${PROGRAM_FILE:-$0}" +if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ] +then + PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}" +else + PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")" +fi PROGRAM_PWD="${PWD}" declare -a PROGRAM_ORIGINAL_ARGS=("${@}") -# Start defaults before configure -prefix_POST=/usr -sysconfdir_POST=/etc -localstatedir_POST=/var -libdir_POST=$PROGRAM_DIR -# End defaults before configure -for functions_file in $libdir_POST/functions.common.sh +for functions_file in install.config functions.common do - if [ -r $functions_file ] + if [ -r "$PROGRAM_DIR/$functions_file" ] then - source $functions_file + source "$PROGRAM_DIR/$functions_file" else - 1>&2 echo "Cannot access $functions_file" + 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file" exit 1 fi done -FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol" common_disable_localization || exit common_private_umask || exit @@ -115,49 +112,6 @@ then source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1 fi -common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-! -Y|IPRANGE_CMD|@IPRANGE@|iprange -Y|DIRNAME_CMD|@DIRNAME@|dirname -Y|TAIL_CMD|@TAIL@|tail -Y|RENICE_CMD|@RENICE@|renice : -Y|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc" -Y|DATE_CMD|@DATE@|date -Y|DIFF_CMD|@DIFF@|diff -Y|FLOCK_CMD|@FLOCK@|flock -Y|GREP_CMD|@GREP@|grep -Y|EGREP_CMD|@EGREP@|egrep 'grep -E' -Y|CUT_CMD|@CUT@|cut -Y|CAT_CMD|@CAT@|cat -Y|SED_CMD|@SED@|sed -Y|TR_CMD|@TR@|tr -Y|LN_CMD|@LN@|ln -Y|LS_CMD|@LS@|ls -Y|TOUCH_CMD|@TOUCH@|touch -Y|LOGGER_CMD|@LOGGER@|logger -Y|MKDIR_CMD|@MKDIR@|mkdir -Y|CHOWN_CMD|@CHOWN@|chown -Y|CHMOD_CMD|@CHMOD@|chmod -Y|RM_CMD|@RM@|rm -Y|SORT_CMD|@SORT@|sort -Y|GAWK_CMD|@GAWK@|gawk awk -Y|MKTEMP_CMD|@MKTEMP@|mktemp -N|TPUT_CMD|@TPUT@|tput -Y|FOLD_CMD|@FOLD@|fold -Y|CURL_CMD|@CURL@|curl -Y|FIND_CMD|@FIND@|find -Y|WC_CMD|@WC@|wc -Y|MV_CMD|@MV@|mv -Y|CP_CMD|@CP@|cp -Y|TAR_CMD|@TAR@|tar -Y|IPSET_CMD|@IPSET@|ipset -N|UNZIP_CMD|@UNZIP@|unzip -N|FUNZIP_CMD|@FUNZIP@|funzip -N|JQ_CMD|@JQ@|jq -N|GIT_CMD|@GIT@|git -! -status=$? -test $status -eq 0 || exit $status - RUNNING_ON_TERMINAL=0 if [ "z$1" = "z-nc" ] then @@ -311,12 +265,13 @@ ipset_verbose() { # ----------------------------------------------------------------------------- # find a working iprange command +HAVE_IPRANGE=${IPRANGE_CMD} if [ ! -z "${IPRANGE_CMD}" ] then - ${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD= + ${IPRANGE_CMD} --has-reduce 2>/dev/null || HAVE_IPRANGE= fi -if [ -z "${IPRANGE_CMD}" ] +if [ -z "$HAVE_IPRANGE" ] then error "Cannot find a working iprange command. It should be part of FireHOL but it is not installed." exit 1 @@ -325,16 +280,13 @@ fi # ----------------------------------------------------------------------------- # CONFIGURATION -FIREHOL_SHARE_DIR="${FIREHOL_SHARE_DIR-/usr/share/firehol}" -FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR-$sysconfdir_POST/firehol}" - if [ "${UID}" = "0" -o -z "${UID}" ] then BASE_DIR="${BASE_DIR-${FIREHOL_CONFIG_DIR}/ipsets}" CONFIG_FILE="${CONFIG_FILE-${FIREHOL_CONFIG_DIR}/update-ipsets.conf}" - RUN_PARENT_DIR="${RUN_PARENT_DIR-/var/run}" - CACHE_DIR="${CACHE_DIR-/var/cache/update-ipsets}" - LIB_DIR="${LIB_DIR-/var/lib/update-ipsets}" + RUN_PARENT_DIR="${RUN_PARENT_DIR-$LOCALSTATEDIR/run}" + CACHE_DIR="${CACHE_DIR-$LOCALSTATEDIR/cache/update-ipsets}" + LIB_DIR="${LIB_DIR-$LOCALSTATEDIR/lib/update-ipsets}" IPSETS_APPLY=1 else $MKDIR_CMD -p "${HOME}/.update-ipsets" || exit 1 diff --git a/sbin/vnetbuild.in b/sbin/vnetbuild similarity index 95% rename from sbin/vnetbuild.in rename to sbin/vnetbuild index a5cedc0..7ce3572 100755 --- a/sbin/vnetbuild.in +++ b/sbin/vnetbuild @@ -25,31 +25,28 @@ # See the file COPYING for details. # -VERSION='$Id$' -PROGRAM_FILE="${0}" -PROGRAM_DIR="${0%/*}" -if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi +PROGRAM_FILE="$(/bin/readlink $0)" +PROGRAM_FILE="${PROGRAM_FILE:-$0}" +if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ] +then + PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}" +else + PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")" +fi PROGRAM_PWD="${PWD}" declare -a PROGRAM_ORIGINAL_ARGS=("${@}") -# Start defaults before configure -prefix_POST=/usr -sysconfdir_POST=/etc -localstatedir_POST=/var -libdir_POST=$PROGRAM_DIR -# End defaults before configure -for functions_file in $libdir_POST/functions.common.sh +for functions_file in install.config functions.common do - if [ -r $functions_file ] + if [ -r "$PROGRAM_DIR/$functions_file" ] then - source $functions_file + source "$PROGRAM_DIR/$functions_file" else - 1>&2 echo "Cannot access $functions_file" + 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file" exit 1 fi done -FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol" common_disable_localization || exit marksreset() { :; } @@ -59,22 +56,6 @@ then source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1 fi -common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-! -Y|IP_CMD|@IP@|ip -Y|BRIDGE_CMD|@BRIDGE@|bridge -Y|GREP_CMD|@GREP@|grep -Y|FIND_CMD|@FIND@|find -Y|SH_CMD|@SH@|sh bash ksh -Y|CUT_CMD|@CUT@|cut -Y|CAT_CMD|@CAT@|cat -Y|SED_CMD|@SED@|sed -Y|TR_CMD|@TR@|tr -Y|SLEEP_CMD|@SLEEP@|sleep -Y|MKDIR_CMD|@MKDIR@|mkdir -Y|RM_CMD|@RM@|rm -Y|MKTEMP_CMD|@MKTEMP@|mktemp -N|NEATO_CMD|@NEATO@|neato -! status=$? test $status -eq 0 || exit $status diff --git a/unittest/firehol/not-both/ipv4-disable-defaults.pre.sh b/unittest/firehol/not-both/ipv4-disable-defaults.pre.sh index d1d8fdc..ad27220 100755 --- a/unittest/firehol/not-both/ipv4-disable-defaults.pre.sh +++ b/unittest/firehol/not-both/ipv4-disable-defaults.pre.sh @@ -1,6 +1,6 @@ #!/bin/sh # Disable IPV4 -cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS +cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS ENABLE_IPV4=0 END-DEFAULTS diff --git a/unittest/firehol/not-both/ipv6-disable-defaults.pre.sh b/unittest/firehol/not-both/ipv6-disable-defaults.pre.sh index 1abc0f4..3940dd5 100755 --- a/unittest/firehol/not-both/ipv6-disable-defaults.pre.sh +++ b/unittest/firehol/not-both/ipv6-disable-defaults.pre.sh @@ -1,6 +1,6 @@ #!/bin/sh # Disable IPV6 -cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS +cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS ENABLE_IPV6=0 END-DEFAULTS diff --git a/unittest/unittest b/unittest/unittest index 16e4c1b..e6df0a8 100755 --- a/unittest/unittest +++ b/unittest/unittest @@ -40,6 +40,14 @@ then haderror="Y" fi +if [ ! -f ../sbin/install.config.in ] +then + echo "../sbin/install.config.in missing: run configure" + echo "" + haderror="Y" +fi + + if [ "$haderror" -o $# -lt 1 ] then if [ "$haderror" ] @@ -54,23 +62,6 @@ then exit 1 fi -# First set up our namespace so we can write where we need to -mount -t tmpfs tmpfs /etc/firehol || exit 1 -mkdir /var/run/firehol || exit 1 -mkdir /var/spool/firehol || exit 1 -mkdir /var/run/firehol/webdir || exit 1 - -# Check the files are gone -if [ -f /etc/firehol/firehol.conf \ - -o -f /etc/firehol/firehol-defaults.conf \ - -o -f /etc/firehol/fireqos.conf \ - -o -f /etc/firehol/link-balancer.conf \ - -o -d /etc/firehol/services ] -then - echo "Namespace switch failed! Aborting!" - exit 1 -fi - if [ ! -r /proc/net/ip_tables_names ] then echo "Faking /proc/net/ip_tables_names" @@ -88,8 +79,7 @@ then echo >&2 exit 1 fi - -ETCSAVE=/etc/firehol.save$$ +export MYTMP myexit() { rm -f /var/run/firehol.lck @@ -104,6 +94,12 @@ trap myexit 0 TESTDIR=`pwd`/ export TESTDIR +# Force the programs to find our special configuration +export FIREHOL_OVERRIDE_PROGRAM_DIR=$MYTMP/prog +mkdir -p "$FIREHOL_OVERRIDE_PROGRAM_DIR" +sed -e "s#[@].*POST[@]#$MYTMP#" ../sbin/install.config.in > "$FIREHOL_OVERRIDE_PROGRAM_DIR/install.config" +cp ../sbin/functions.* "$FIREHOL_OVERRIDE_PROGRAM_DIR" + kcov=`which kcov 2> /dev/null` if [ "$kcov" ] then @@ -256,7 +252,7 @@ do then echo "Cannot determine program for $conf" else - script=../sbin/${program}.in + script=../sbin/${program} export script total=$((total + 1)) @@ -266,8 +262,8 @@ do fi # Define our configuration directory exactly as we want it - # note: we are running in a namespace with /etc/firehol as a tmpfs - rm -rf /etc/firehol/* + rm -rf $MYTMP/firehol + mkdir $MYTMP/firehol # Default special cases: # - egrep because /sbin/egrep makes use of PATH to find 'grep -E' @@ -276,7 +272,7 @@ do # - LB_RUN_DIR + FIREQOS_LOCK_FILE + FIREQOS_DIR + RUN_PARENT_DIR etc. # keep within our mounts # - PATH reset to ensure it is off (some programs reset it) - cat > /etc/firehol/firehol-defaults.conf <<-! + cat > $MYTMP/firehol/firehol-defaults.conf <<-! EGREP_CMD='/bin/grep -E' LOGGER_CMD='/bin/echo logger:' LB_RUN_DIR=/var/run/firehol/link-balancer @@ -296,7 +292,7 @@ do "$pre_sh" "$conf" else # Or just take the defaults - mkdir -p /etc/firehol/services + mkdir -p $MYTMP/firehol/services fi # Run the script @@ -313,7 +309,7 @@ do status=$? ;; link-balancer|update-ipsets) - cp "$conf" /etc/firehol/${program}.conf + cp "$conf" $MYTMP/firehol/${program}.conf $kcov "$script" > "$runlog" 2>&1 < /dev/null status=$? ;; @@ -332,7 +328,7 @@ do then errors=$((errors + 1)) echo "Unexpected run error - check $runlog" - elif grep -q '\.in: line [0-9]*:' "$runlog" + elif grep -q ': line [0-9]*:' "$runlog" then errors=$((errors + 1)) echo "Unexpected runtime errors - check $runlog"