On Wed, 28 Mar 2012 07:13:55 -0700 I must very stongly disagree how shorewallrc is now implemented.
Problem number one:
Code snippet:
if [ -z "$g_readrc" ]; then
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
LIBEXECDIR=/usr/share
fi
Security software like shorewall can NEVER include files from random
location like current directory or user home dir.
Installer MUST hardcode the shorewallrc location into shorewall runtime
programs when installing. That is:
if SHAREDIR is set to /usr/share - all files needing to read
shorewallrc must be generated so they
have /usr/share/shorewall/shorewallrc hardcoded in for reading the file.
Currently shorewall-4.5.2-Beta4 totally breaks if there is
no /root/.shorewallrc or ~/.shorewallrc.
Software can not rely on file in user root home directory.
Problem 2:
Shorewall doesn't work at all without ~/.shorewallrc - that
is /usr/share/shorewall/shorewallrc which is installed is not used at
all by runtime shorewall - so shorewall try to find compiler.pl
from /usr/share/shorewall/compiler.pl when it's isntalled on different
path.
Problem 3:
the configire which was imho total waste of programming time to
generate is not able to unset any value.
shorewallrc.redhat has SYSTEMD set.
On rhel systems there is no SYSTEMD but installer still try to install
system files.
This gives two possibilities: Either Only required options can be set
in default shorewallrc.<hosttype>.
That means both INITDDIR and SYSTEMD must be unset so that one can be
selected, either install of INITDDIR file or SYSTEMD service.
Or there must be possibility to unset config value with configure.
Problem 4:
Now, when systemd service is installed, shorewall doesn't create path
if it's missing so installing service to DESTDIR fails because there is
no directory to intall systemd service file to.
--
Tuomo Soini <[email protected]>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
