Hi dev-folks, I need shorewall on freewrt and have backported shorewall from trunk to freewrt 1.0 for me own use. After installing it on the freewrt device I noticed some issues regarding the shorewall package.
1) It's a bit outdated. 3.2.6 is in trunk but the most recent shorewall version is 3.2.8. 2) It ships with a not working shorewall.conf. Shorewall tries to create a lock file in the /var/lock/subsys directory, which is not existing on freewrt at all. 3) It had no execute-bit set on the init.d script 4) it only ships with empty config files without any help for the user (this helpfull comments in the config files all gets downstripped at package build-time)... 5) ... but at the same time it ships the unstripped config files in /usr/share/shorewall/configfiles (where the user doesn't expect it and using just a lot of space on the device) I have fixed all this problems and at the same time I also splitted shorewall in 3 packages to be more flexible: - shorewall -- the main shorewall stuff - shorewall-conffiles - the minimal (stripped) config files - shorewall-full-conffiles - the full set of config files (about 40k) Because shorewall-conffiles and shorewall-full-conffiles supply the same files, both packages conflict with each other. Additionally both conffiles-packages depend on shorewall. The main shorewall package on the other hand can be installed without a conffile package. Please let me know if there is something else that needs to be done to get this into svn... Ah, please be aware that this patch adds some new files in the ipkg and patches directory and removes some old patches that have been already applied in upstream in the meantime. Hmmm, but I think the patch is self-explaining anyway :) thx, Ralph
diff -Naur freewrt.orig/package/shorewall/Config.in freewrt/package/shorewall/Config.in --- freewrt.orig/package/shorewall/Config.in 2007-01-10 02:11:49.000000000 +0100 +++ freewrt/package/shorewall/Config.in 2007-01-18 01:10:57.000000000 +0100 @@ -14,4 +14,21 @@ http://www.shorewall.net/ +config FWRT_PACKAGE_SHOREWALL_CONFFILES + prompt " shorewall-conffiles........... minimal set of shorewall config files" + tristate + default n + depends FWRT_PACKAGE_SHOREWALL + help + A minimal set of config files for shorewall + +config FWRT_PACKAGE_SHOREWALL_FULL_CONFFILES + prompt "shorewall-full-conffiles...... full (large) set of shorewall config files" + tristate + default n + depends FWRT_PACKAGE_SHOREWALL + depends ! FWRT_PACKAGE_SHOREWALL_CONFFILES + help + The full set of config files shipped with shorewall (large) + diff -Naur freewrt.orig/package/shorewall/files/shorewall.init freewrt/package/shorewall/files/shorewall.init --- freewrt.orig/package/shorewall/files/shorewall.init 2007-01-10 02:11:49.000000000 +0100 +++ freewrt/package/shorewall/files/shorewall.init 2007-01-18 01:19:39.000000000 +0100 @@ -4,7 +4,7 @@ case $1 in autostart) - test x"$shorewall" = x"NO" && exit 0 + test x"$shorewall" != x"YES" && exit 0 exec $0 start ;; start) diff -Naur freewrt.orig/package/shorewall/ipkg/shorewall-conffiles.conffiles freewrt/package/shorewall/ipkg/shorewall-conffiles.conffiles --- freewrt.orig/package/shorewall/ipkg/shorewall-conffiles.conffiles 1970-01-01 01:00:00.000000000 +0100 +++ freewrt/package/shorewall/ipkg/shorewall-conffiles.conffiles 2007-01-18 01:06:58.000000000 +0100 @@ -0,0 +1,33 @@ +/etc/shorewall/accounting +/etc/shorewall/actions +/etc/shorewall/blacklist +/etc/shorewall/continue +/etc/shorewall/ecn +/etc/shorewall/hosts +/etc/shorewall/init +/etc/shorewall/initdone +/etc/shorewall/interfaces +/etc/shorewall/ipsec +/etc/shorewall/maclist +/etc/shorewall/Makefile +/etc/shorewall/masq +/etc/shorewall/nat +/etc/shorewall/netmap +/etc/shorewall/params +/etc/shorewall/policy +/etc/shorewall/providers +/etc/shorewall/proxyarp +/etc/shorewall/route_rules +/etc/shorewall/routestopped +/etc/shorewall/rules +/etc/shorewall/shorewall.conf +/etc/shorewall/start +/etc/shorewall/started +/etc/shorewall/stop +/etc/shorewall/stopped +/etc/shorewall/tcclasses +/etc/shorewall/tcdevices +/etc/shorewall/tcrules +/etc/shorewall/tos +/etc/shorewall/tunnels +/etc/shorewall/zones diff -Naur freewrt.orig/package/shorewall/ipkg/shorewall-conffiles.control freewrt/package/shorewall/ipkg/shorewall-conffiles.control --- freewrt.orig/package/shorewall/ipkg/shorewall-conffiles.control 1970-01-01 01:00:00.000000000 +0100 +++ freewrt/package/shorewall/ipkg/shorewall-conffiles.control 2007-01-18 01:20:41.000000000 +0100 @@ -0,0 +1,6 @@ +Package: shorewall-conffiles +Priority: optional +Section: net +Depends: shorewall +Conflicts: shorewall-full-conffiles +Description: minimal set of config files for shorewall diff -Naur freewrt.orig/package/shorewall/ipkg/shorewall-full-conffiles.conffiles freewrt/package/shorewall/ipkg/shorewall-full-conffiles.conffiles --- freewrt.orig/package/shorewall/ipkg/shorewall-full-conffiles.conffiles 1970-01-01 01:00:00.000000000 +0100 +++ freewrt/package/shorewall/ipkg/shorewall-full-conffiles.conffiles 2007-01-18 01:07:40.000000000 +0100 @@ -0,0 +1,33 @@ +/etc/shorewall/accounting +/etc/shorewall/actions +/etc/shorewall/blacklist +/etc/shorewall/continue +/etc/shorewall/ecn +/etc/shorewall/hosts +/etc/shorewall/init +/etc/shorewall/initdone +/etc/shorewall/interfaces +/etc/shorewall/ipsec +/etc/shorewall/maclist +/etc/shorewall/Makefile +/etc/shorewall/masq +/etc/shorewall/nat +/etc/shorewall/netmap +/etc/shorewall/params +/etc/shorewall/policy +/etc/shorewall/providers +/etc/shorewall/proxyarp +/etc/shorewall/route_rules +/etc/shorewall/routestopped +/etc/shorewall/rules +/etc/shorewall/shorewall.conf +/etc/shorewall/start +/etc/shorewall/started +/etc/shorewall/stop +/etc/shorewall/stopped +/etc/shorewall/tcclasses +/etc/shorewall/tcdevices +/etc/shorewall/tcrules +/etc/shorewall/tos +/etc/shorewall/tunnels +/etc/shorewall/zones diff -Naur freewrt.orig/package/shorewall/ipkg/shorewall-full-conffiles.control freewrt/package/shorewall/ipkg/shorewall-full-conffiles.control --- freewrt.orig/package/shorewall/ipkg/shorewall-full-conffiles.control 1970-01-01 01:00:00.000000000 +0100 +++ freewrt/package/shorewall/ipkg/shorewall-full-conffiles.control 2007-01-18 01:20:19.000000000 +0100 @@ -0,0 +1,6 @@ +Package: shorewall-full-conffiles +Priority: optional +Section: net +Depends: shorewall +Conflicts: shorewall-conffiles +Description: complete shorewall config files (large!) diff -Naur freewrt.orig/package/shorewall/Makefile freewrt/package/shorewall/Makefile --- freewrt.orig/package/shorewall/Makefile 2007-01-10 02:11:49.000000000 +0100 +++ freewrt/package/shorewall/Makefile 2007-01-18 01:03:13.000000000 +0100 @@ -7,9 +7,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:= shorewall -PKG_VERSION:= 3.2.6 +PKG_VERSION:= 3.2.8 PKG_RELEASE:= 1 -PKG_MD5SUM:= 4be5e3af5180252492dcaf48f699404f +PKG_MD5SUM:= d9e354b3f2670ceb021eea51419ff0e9 PKG_INIT:= 45 PKG_SOURCE_URL:= http://www1.shorewall.net/pub/$(PKG_NAME)/3.2/$(PKG_NAME)-$(PKG_VERSION) @@ -17,20 +17,41 @@ include $(TOPDIR)/mk/package.mk -$(eval $(call PKG_template,SHOREWALL,$(PKG_NAME),$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,SHOREWALL,shorewall,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,SHOREWALL_CONFFILES,shorewall-conffiles,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,SHOREWALL_FULL_CONFFILES,shorewall-full-conffiles,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) $(IPKG_SHOREWALL): # make use of shorewalls install script PREFIX="$(IDIR_SHOREWALL)" $(WRKBUILD)/install.sh -n - - # down strip everything - sh ./downstrip $(IDIR_SHOREWALL)/etc/shorewall + mkdir -p $(WRKBUILD)/etc/ + mv $(IDIR_SHOREWALL)/etc/shorewall $(WRKBUILD)/etc/ + sh ./downstrip $(IDIR_SHOREWALL)/usr/share/shorewall - # use our own init script install -d -m0755 $(IDIR_SHOREWALL)/etc/init.d cp ./files/shorewall.init $(IDIR_SHOREWALL)/etc/init.d/S${PKG_INIT}shorewall + chmod +x $(IDIR_SHOREWALL)/etc/init.d/S${PKG_INIT}shorewall rm -f $(IDIR_SHOREWALL)/etc/init.d/shorewall + rm -rf $(IDIR_SHOREWALL)/var + rm -rf $(IDIR_SHOREWALL)/usr/share/shorewall/configfiles $(RSTRIP) $(IDIR_SHOREWALL) $(IPKG_BUILD) $(IDIR_SHOREWALL) $(PACKAGE_DIR) + +$(IPKG_SHOREWALL_CONFFILES): + ${INSTALL_DIR} ${IDIR_SHOREWALL_CONFFILES}/etc/shorewall/ + ${INSTALL_DATA} ${WRKBUILD}/etc/shorewall/* ${IDIR_SHOREWALL_CONFFILES}/etc/shorewall/ + + # down strip everything + sh ./downstrip $(IDIR_SHOREWALL_CONFFILES)/etc/shorewall + + $(RSTRIP) $(IDIR_SHOREWALL_CONFFILES) + $(IPKG_BUILD) $(IDIR_SHOREWALL_CONFFILES) $(PACKAGE_DIR) + +$(IPKG_SHOREWALL_FULL_CONFFILES): + ${INSTALL_DIR} ${IDIR_SHOREWALL_FULL_CONFFILES}/etc/shorewall/ + ${INSTALL_DATA} ${WRKBUILD}/etc/shorewall/* ${IDIR_SHOREWALL_FULL_CONFFILES}/etc/shorewall/ + + $(RSTRIP) $(IDIR_SHOREWALL_FULL_CONFFILES) + $(IPKG_BUILD) $(IDIR_SHOREWALL_FULL_CONFFILES) $(PACKAGE_DIR) diff -Naur freewrt.orig/package/shorewall/patches/01-whoami.patch freewrt/package/shorewall/patches/01-whoami.patch --- freewrt.orig/package/shorewall/patches/01-whoami.patch 2007-01-10 02:11:49.000000000 +0100 +++ freewrt/package/shorewall/patches/01-whoami.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,24 +0,0 @@ -diff -Nur shorewall-3.2.6_org/functions shorewall-3.2.6/functions ---- shorewall-3.2.6_org/functions 2006-11-18 18:40:07.000000000 +0100 -+++ shorewall-3.2.6/functions 2006-11-27 16:03:30.000000000 +0100 -@@ -2985,7 +2985,7 @@ - - [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ] - -- if [ -z "$EXPORT" -a "$(whoami)" = root ]; then -+ if [ -z "$EXPORT" -a $( id -u ) = "0" ]; then - - load_kernel_modules - -diff -Nur shorewall-3.2.6_org/shorewall shorewall-3.2.6/shorewall ---- shorewall-3.2.6_org/shorewall 2006-11-15 17:42:07.000000000 +0100 -+++ shorewall-3.2.6/shorewall 2006-11-27 16:04:03.000000000 +0100 -@@ -194,7 +194,7 @@ - # - get_config() { - -- if [ -z "$EXPORT" -a "$(whoami)" = root ]; then -+ if [ -z "$EXPORT" -a $( id -u ) = "0" ]; then - # - # This block is avoided for compile for export and when the user isn't root - # diff -Naur freewrt.orig/package/shorewall/patches/03-installscript.patch freewrt/package/shorewall/patches/03-installscript.patch --- freewrt.orig/package/shorewall/patches/03-installscript.patch 2007-01-10 02:11:49.000000000 +0100 +++ freewrt/package/shorewall/patches/03-installscript.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,98 +0,0 @@ -diff -Nur shorewall-3.2.6_org/install.sh shorewall-3.2.6/install.sh ---- shorewall-3.2.6_org/install.sh 2006-11-12 16:50:09.000000000 +0100 -+++ shorewall-3.2.6/install.sh 2006-11-29 18:20:35.000000000 +0100 -@@ -180,23 +180,8 @@ - - PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin - --# --# Determine where to install the firewall script --# --DEBIAN= -- - OWNERSHIP="-o $OWNER -g $GROUP" - --if [ -d /etc/apt -a -e /usr/bin/dpkg ]; then -- DEBIAN=yes --elif [ -f /etc/slackware-version ] ; then -- DEST="/etc/rc.d" -- INIT="rc.firewall" --elif [ -f /etc/arch-release ] ; then -- DEST="/etc/rc.d" -- INIT="shorewall" -- ARCHLINUX=yes --fi - if [ -n "$PREFIX" ]; then - if [ `id -u` != 0 ] ; then - echo "Not setting file owner/group permissions, not running as root." -@@ -239,14 +224,7 @@ - # - # Install the Firewall Script - # --if [ -n "$DEBIAN" ]; then -- install_file_with_backup init.debian.sh /etc/init.d/shorewall 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout --elif [ -n "$ARCHLINUX" ]; then -- install_file_with_backup init.archlinux.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout -- --else -- install_file_with_backup init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout --fi -+install_file_with_backup init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout - - echo "Shorewall script installed in ${PREFIX}${DEST}/$INIT" - -@@ -274,10 +252,6 @@ - echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf" - fi - -- --if [ -n "$ARCHLINUX" ] ; then -- sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall/shorewall.conf --fi - # - # Install the zones file - # -@@ -676,43 +650,6 @@ - # - install_file firewall ${PREFIX}/usr/share/shorewall/firewall 0555 - --if [ -z "$PREFIX" -a -n "$first_install" ]; then -- if [ -n "$DEBIAN" ]; then -- run_install $OWNERSHIP -m 0644 default.debian /etc/default/shorewall -- ln -s ../init.d/shorewall /etc/rcS.d/S40shorewall -- echo "shorewall will start automatically at boot" -- echo "Set startup=1 in /etc/default/shorewall to enable" -- touch /var/log/shorewall-init.log -- qt mywhich perl && perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' /etc/shorewall/shorewall.conf -- else -- if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then -- if insserv /etc/init.d/shorewall ; then -- echo "shorewall will start automatically at boot" -- echo "Set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf to enable" -- else -- cant_autostart -- fi -- elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then -- if chkconfig --add shorewall ; then -- echo "shorewall will start automatically in run levels as follows:" -- echo "Set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf to enable" -- chkconfig --list shorewall -- else -- cant_autostart -- fi -- elif [ -x /sbin/rc-update ]; then -- if rc-update add shorewall default; then -- echo "shorewall will start automatically at boot" -- echo "Set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf to enable" -- else -- cant_autostart -- fi -- elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically -- cant_autostart -- fi -- fi --fi -- - # - # Report Success - # diff -Naur freewrt.orig/package/shorewall/patches/04-autocreatelogfile.patch freewrt/package/shorewall/patches/04-autocreatelogfile.patch --- freewrt.orig/package/shorewall/patches/04-autocreatelogfile.patch 2007-01-10 02:11:49.000000000 +0100 +++ freewrt/package/shorewall/patches/04-autocreatelogfile.patch 2007-01-17 22:04:05.000000000 +0100 @@ -1,16 +1,10 @@ -diff -Nur shorewall-3.2.6_org/shorewall shorewall-3.2.6/shorewall ---- shorewall-3.2.6_org/shorewall 2006-12-03 14:43:53.000000000 +0100 -+++ shorewall-3.2.6/shorewall 2006-12-03 14:46:12.000000000 +0100 -@@ -202,9 +202,13 @@ - - [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages - -+ LOGFILEPATH=${LOGFILE%/*} -+ if [ ! -f $LOGFILEPATH ]; then -+ mkdir -p $LOGFILEPATH -+ fi -+ - if [ ! -f $LOGFILE ]; then +diff -Naur shorewall-3.2.8.orig/shorewall shorewall-3.2.8/shorewall +--- shorewall-3.2.8.orig/shorewall 2007-01-17 22:01:12.000000000 +0100 ++++ shorewall-3.2.8/shorewall 2007-01-17 22:03:40.000000000 +0100 +@@ -207,8 +207,7 @@ + elif [ -f $LOGFILE ]; then + LOGREAD="cat $LOGFILE" + else - echo "LOGFILE ($LOGFILE) does not exist!" >&2 - exit 2 + touch $LOGFILE diff -Naur freewrt.orig/package/shorewall/patches/05-shorewall-lockfile-fix.patch freewrt/package/shorewall/patches/05-shorewall-lockfile-fix.patch --- freewrt.orig/package/shorewall/patches/05-shorewall-lockfile-fix.patch 1970-01-01 01:00:00.000000000 +0100 +++ freewrt/package/shorewall/patches/05-shorewall-lockfile-fix.patch 2007-01-17 21:28:15.000000000 +0100 @@ -0,0 +1,12 @@ +diff -Naur shorewall-3.2.6.orig/shorewall.conf shorewall-3.2.6/shorewall.conf +--- shorewall-3.2.6.orig/shorewall.conf 2007-01-17 20:55:25.000000000 +0100 ++++ shorewall-3.2.6/shorewall.conf 2007-01-17 21:27:43.000000000 +0100 +@@ -329,7 +329,7 @@ + # use lock files, set this to "". + # + +-SUBSYSLOCK=/var/lock/subsys/shorewall ++SUBSYSLOCK=/var/run/shorewall + + # + # KERNEL MODULE DIRECTORY
_______________________________________________ freewrt-developers mailing list [email protected] https://www.freewrt.org/lists/listinfo/freewrt-developers
