rpms/shorewall/F-13 shorewall-foo-init.sh, NONE, 1.1 shorewall-init.sh, NONE, 1.1 shorewall.spec, 1.98, 1.99 sources, 1.63, 1.64 init.sh, 1.2, NONE
Jonathan G. Underwood
jgu at fedoraproject.org
Sun Jun 13 17:13:22 UTC 2010
- Previous message: rpms/kernel/devel hdpvr-ir-enable.patch, 1.6, 1.7 kernel.spec, 1.2026, 1.2027
- Next message: rpms/shorewall/F-12 shorewall-foo-init.sh, NONE, 1.1 shorewall-init.sh, NONE, 1.1 shorewall.spec, 1.97, 1.98 sources, 1.63, 1.64 init.sh, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jgu
Update of /cvs/pkgs/rpms/shorewall/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv16392
Modified Files:
shorewall.spec sources
Added Files:
shorewall-foo-init.sh shorewall-init.sh
Removed Files:
init.sh
Log Message:
* Sun Jun 13 2010 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.4.10-1
- Update to version 4.4.10
- Add new shorewall-init subpackage
- Rename init.sh to shorewall-foo-init.sh
- Add shorewall-init.sh for init subpackage
--- NEW FILE shorewall-foo-init.sh ---
#!/bin/sh
#
# Shorewall init script
#
# chkconfig: - 28 90
# description: Packet filtering firewall
### BEGIN INIT INFO
# Provides: shorewall
# Required-Start: $local_fs $remote_fs $syslog $network
# Should-Start: VMware $time $named
# Required-Stop:
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: Packet filtering firewall
# Description: The Shoreline Firewall, more commonly known as "Shorewall", is a
# Netfilter (iptables) based firewall
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
prog="shorewall"
shorewall="/sbin/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
fi
start() {
echo -n $"Starting Shorewall: "
$shorewall $OPTIONS start 2>&1 | $logger
retval=${PIPESTATUS[0]}
if [[ $retval == 0 ]]; then
touch $lockfile
success
else
failure
fi
echo
return $retval
}
stop() {
echo -n $"Stopping Shorewall: "
$shorewall $OPTIONS stop 2>&1 | $logger
retval=${PIPESTATUS[0]}
if [[ $retval == 0 ]]; then
rm -f $lockfile
success
else
failure
fi
echo
return $retval
}
restart() {
# Note that we don't simply stop and start since shorewall has a built in
# restart which stops the firewall if running and then starts it.
echo -n $"Restarting Shorewall: "
$shorewall $OPTIONS restart 2>&1 | $logger
retval=${PIPESTATUS[0]}
if [[ $retval == 0 ]]; then
touch $lockfile
success
else # Failed to start, clean up lock file if present
rm -f $lockfile
failure
fi
echo
return $retval
}
status(){
$shorewall status
return $?
}
status_q() {
status > /dev/null 2>&1
}
case "$1" in
start)
status_q && exit 0
$1
;;
stop)
status_q || exit 0
$1
;;
restart|reload|force-reload)
restart
;;
condrestart|try-restart)
status_q || exit 0
restart
;;
status)
$1
;;
*)
echo "Usage: $0 start|stop|reload|restart|force-reload|status"
exit 1
;;
esac
--- NEW FILE shorewall-init.sh ---
#! /bin/bash
#
# chkconfig: - 09 91
# description: Initialize the shorewall firewall at boot time
#
### BEGIN INIT INFO
# Provides: shorewall-init
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: Initialize the shorewall firewall at boot time
# Description: Place the firewall in a safe state at boot time
# prior to bringing up the network.
### END INIT INFO
prog="shorewall-init"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/shorewall-init"
# Source function library.
. /etc/rc.d/init.d/functions
# Get startup options (override default)
OPTIONS=
# check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]; then
. /etc/sysconfig/shorewall-init
else
echo "/etc/sysconfig/shorewall-init not found"
exit 6
fi
# Initialize the firewall
start () {
local product
local vardir
if [ -z "$PRODUCTS" ]; then
echo "No firewalls configured for shorewall-init"
failure
return 6 #Not configured
fi
echo -n "Initializing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall stop 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break
fi
done
if [ retval -eq 0 ]; then
touch $lockfile
success
else
failure
fi
echo
return $retval
}
# Clear the firewall
stop () {
local product
local vardir
echo -n "Clearing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall clear 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break
fi
done
if [ retval -eq 0 ]; then
rm -f $lockfile
success
else
failure
fi
echo
return $retval
}
status_q() {
status > /dev/null 2>&1
}
case "$1" in
start)
status_q && exit 0
$1
;;
stop)
status_q || exit 0
$1
;;
restart|reload|force-reload)
echo "Not implemented"
exit 3
;;
condrestart|try-restart)
echo "Not implemented"
exit 3
;;
status)
status $prog
;;
*)
echo "Usage: /etc/init.d/shorewall-init {start|stop}"
exit 1
esac
exit 0
Index: shorewall.spec
===================================================================
RCS file: /cvs/pkgs/rpms/shorewall/F-13/shorewall.spec,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -p -r1.98 -r1.99
--- shorewall.spec 1 Apr 2010 17:56:37 -0000 1.98
+++ shorewall.spec 13 Jun 2010 17:13:22 -0000 1.99
@@ -1,11 +1,12 @@
# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
# which is found at http://www.shorewall.net/Anatomy.html
-%global major_ver 4.4.8
+%global major_ver 4.4.10
%global shorewall_ver %{major_ver}
%global lite_ver %{major_ver}
%global shorewall6_ver %{major_ver}
%global lite6_ver %{major_ver}
+%global init_ver %{major_ver}
Name: shorewall
Version: %{shorewall_ver}
@@ -20,9 +21,13 @@ Source0: %{_baseurl}/%{name}-%{sh
Source1: %{_baseurl}/%{name}-lite-%{lite_ver}.tar.bz2
Source2: %{_baseurl}/%{name}6-%{shorewall6_ver}.tar.bz2
Source3: %{_baseurl}/%{name}6-lite-%{lite6_ver}.tar.bz2
+Source4: %{_baseurl}/%{name}-init-%{lite_ver}.tar.bz2
-# Init file for Fedora
-Source10: init.sh
+# Init file for all sub-packages except shorewall-init
+Source10: shorewall-foo-init.sh
+
+# Init file for shorewall-init
+Source11: shorewall-init.sh
BuildRequires: perl
BuildArch: noarch
@@ -89,21 +94,40 @@ firewall script generated by a machine w
compiler. A machine running Shorewall Lite does not need to have a
Shorewall rule compiler installed.
+%package init
+Group: Applications/System
+Summary: Initialization functionality and NetworkManager integration for Shorewall
+Version: %{init_ver}
+Requires: NetworkManager
+Requires(post): /sbin/chkconfig
+Requires(preun): /sbin/chkconfig
+Requires(preun): /sbin/service
+
+%description init
+This package adds additional initialization functionality to Shorewall in two
+ways. It allows the firewall to be closed prior to bringing up network
+devices. This insures that unwanted connections are not allowed between the
+time that the network comes up and when the firewall is started. It also
+integrates with NetworkManager and distribution ifup/ifdown systems to allow
+for 'event-driven' startup and shutdown.
+
%prep
-%setup -q -c -n %{name}-%{major_ver} -T -a0 -a1 -a2 -a3
+%setup -q -c -n %{name}-%{major_ver} -T -a0 -a1 -a2 -a3 -a4
# Overwrite default init files with Fedora specific ones
-cp %{SOURCE10} shorewall-%{shorewall_ver}
+cp %{SOURCE10} shorewall-%{shorewall_ver}/init.sh
-cp %{SOURCE10} shorewall-lite-%{lite_ver}
+cp %{SOURCE10} shorewall-lite-%{lite_ver}/init.sh
sed -i -e 's|prog="shorewall"|prog="shorewall-lite"|' shorewall-lite-%{lite_ver}/init.sh
-cp %{SOURCE10} shorewall6-%{shorewall6_ver}
+cp %{SOURCE10} shorewall6-%{shorewall6_ver}/init.sh
sed -i -e 's|prog="shorewall"|prog="shorewall6"|' shorewall6-%{shorewall6_ver}/init.sh
-cp %{SOURCE10} shorewall6-lite-%{lite6_ver}
+cp %{SOURCE10} shorewall6-lite-%{lite6_ver}/init.sh
sed -i -e 's|prog="shorewall"|prog="shorewall6-lite"|' shorewall6-lite-%{lite6_ver}/init.sh
+cp %{SOURCE11} shorewall-init-%{lite6_ver}/init.sh
+
# Remove hash-bang from files which are not directly executed as shell
# scripts. This silences some rpmlint errors.
find . -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
@@ -114,25 +138,15 @@ find . -name "lib.*" -exec sed -i -e '/\
export PREFIX=$RPM_BUILD_ROOT
export DEST=%{_initrddir}
-#### Build shorewall
-pushd shorewall-%{shorewall_ver}
-./install.sh
-popd
-
-#### Build shorewall-lite
-pushd shorewall-lite-%{lite_ver}
-./install.sh
-popd
-
-#### Build shorewall6
-pushd shorewall6-%{shorewall6_ver}
-./install.sh
-popd
-
-#### Build shorewall6-lite
-pushd shorewall6-lite-%{lite6_ver}
-./install.sh
-popd
+targets="shorewall-%{shorewall_ver} shorewall-lite-%{lite_ver} \
+shorewall6-%{shorewall6_ver} shorewall6-lite-%{lite6_ver} \
+shorewall-init-%{init_ver}"
+
+for i in $targets; do
+ pushd $i
+ ./install.sh
+ popd
+done
%clean
rm -rf $RPM_BUILD_ROOT
@@ -185,6 +199,17 @@ if [ $1 = 0 ]; then
rm -f /var/lib/shorewall6-lite/*
fi
+%post init
+if [ $1 = 1 ]; then
+ /sbin/chkconfig --add shorewall-init
+fi
+
+%preun init
+if [ $1 = 0 ]; then
+ /sbin/service shorewall-init stop >/dev/null 2>&1
+ /sbin/chkconfig --del shorewall-init
+fi
+
%files
%defattr(0644,root,root,0755)
%doc shorewall-%{shorewall_ver}/{COPYING,changelog.txt,releasenotes.txt,Samples}
@@ -341,7 +366,23 @@ fi
%attr(0755,root,root) %{_datadir}/shorewall6-lite/shorecap
%attr(0755,root,root) %{_datadir}/shorewall6-lite/wait4ifup
+%files init
+%defattr(0644,root,root,0755)
+%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
+%attr(0755,root,root) %{_initrddir}/shorewall-init
+%config(noreplace) %{_sysconfdir}/sysconfig/shorewall-init
+%{_mandir}/man8/shorewall-init.8.*
+%dir %{_datadir}/shorewall-init
+%attr(0755,root,root) %{_datadir}/shorewall-init/ifupdown
+%{_datadir}/shorewall-init/version
+
%changelog
+* Sun Jun 13 2010 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.4.10-1
+- Update to version 4.4.10
+- Add new shorewall-init subpackage
+- Rename init.sh to shorewall-foo-init.sh
+- Add shorewall-init.sh for init subpackage
+
* Thu Apr 1 2010 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.4.8-1
- Update to version 4.4.8
- Remove %%buildroot setting
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/shorewall/F-13/sources,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -p -r1.63 -r1.64
--- sources 1 Apr 2010 17:56:37 -0000 1.63
+++ sources 13 Jun 2010 17:13:22 -0000 1.64
@@ -1,4 +1,5 @@
-900a1017bd5696403d1d840fd01d67c0 shorewall-4.4.8.tar.bz2
-aff3cd2d714530870ca5de30e817ff46 shorewall6-4.4.8.tar.bz2
-bce4c06f1ee85c32fb8c81cd35f27da7 shorewall6-lite-4.4.8.tar.bz2
-63e9de907d515932e1146423d1fd708f shorewall-lite-4.4.8.tar.bz2
+44703f454b5825247daf80514c821635 shorewall-4.4.10.tar.bz2
+17f010c3e620ac5298f0b357ed4f9339 shorewall6-4.4.10.tar.bz2
+debe02f63b6d9b27434eb11b765858fc shorewall6-lite-4.4.10.tar.bz2
+212e87418a62cd025e421b69a28410ba shorewall-init-4.4.10.tar.bz2
+70e80abffd9a017b294910eb5946e99b shorewall-lite-4.4.10.tar.bz2
--- init.sh DELETED ---
- Previous message: rpms/kernel/devel hdpvr-ir-enable.patch, 1.6, 1.7 kernel.spec, 1.2026, 1.2027
- Next message: rpms/shorewall/F-12 shorewall-foo-init.sh, NONE, 1.1 shorewall-init.sh, NONE, 1.1 shorewall.spec, 1.97, 1.98 sources, 1.63, 1.64 init.sh, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list