Hello,
While working on the packaging of shorewall 4.0.4 for Fedora[1], a few
issues have arisen related to the shorewall-perl compiler, and the
file Ports.pm, the file which is essentially a hash of
/etc/{services,protocols}.
Firstly, since this is an application file representing local machine
state, I think it should be kept under /var/lib/shorewall-perl rather
than /usr/share/shorewall-perl/Shorewall. This is particularly
pertinent for machines which have /usr mounted read only.
Secondly, the generation of Ports.pm presents a few challenges from a
packaging perspective. The simple approach is to generate it at
package build time against the default /etc/{services,protocols}.
However this is only useful if the user has made no local
modifications to/etc/{services,protocols}. The user who modifies these
files may not know to run buildports again. Also, another package may
(silently) modify /etc/{services,protocols} on installation, again
causing a problem.
One half-way house to fixing this is to generate Ports.pm at install
time. But this still breaks for the user under the above conditions.
So this led me to think it would be better if the compiler employed
some sort of logic like this:
Check if mtime of /etc/{services,protocols} is greater than mtime of
Ports.pm. If it is, regenerate Ports.pm before continuing. Otherwise
use the current Ports.pm.
(It might also be nice to have a shorewall.conf file flag to disable
this behaviour and always use Ports.pm)
What do you think? I think this would be a helpful change in favour of
usability, and would greatly simplify packaging for distributions.
If this would be an acceptable change, I could look at working up a
patch (which will push me to learn some Perl), unless someone beats me
to it :)
Best wishes, and thanks for a great tool,
Jonathan.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=321731
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
