Beta 4 is now available for testing.
In this version:
1) Problems reported against Beta 3 have been corrected, including:
- Installing the RPM fails to install ~/.shorewallrc
- Syntax error in the default /etc/init.d/shorewall
4) TEMPDIR has been added as a configuration option in .shorewallrc.
When specified, it causes the generated script to export TMPDIR
with the specified value.
Note: The different spelling in the option is intentional
to avoid overwriting the TMPDIR setting of shell programs
that source .shorewallrc.
3) A configure script has been added to each package. The arguments to
the script are the usual list of <option>=<value> assignments.
The
supported options are the same as those listed in the release
notes, although they may be in lower case and may be optionally
preceded by ''--''.
The configure script uses the setting of --host to select the
appropriate rc file. It reads that file to establish default
settings and then applies the values specified in the argument
list. To allow use with the %configure RPM macro, only the last
occurrence of a particular option setting is applied. The resulting
settings are written to a file named ''shorewallrc'' in the
current
working directory and are also written to standard out.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
> The configure script uses the setting of --host to select the > appropriate rc file. It reads that file to establish default > settings and then applies the values specified in the argument > list. To allow use with the %configure RPM macro, only the last > occurrence of a particular option setting is applied. The resulting > settings are written to a file named ''shorewallrc'' in the current > working directory and are also written to standard out. >So, you''ve dropped the notion of %{_vendor} then, is that right? Also, %configure usually passes "--host" as a tuple, which contains not just the vendor (provided you use %configure, that is) - I hope your modified configure script accounts for that too. I''ll look into the latest beta more closely when I have more time. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
Hello,> Beta 4 is now available for testing.Is there any whenabouts of a 4.5.2 release ? Thanks. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 03/28/2012 08:52 AM, Fred Maillou wrote:> Hello, > >> Beta 4 is now available for testing. > > > Is there any whenabouts of a 4.5.2 release ?When it''s ready, but not for two weeks or so. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 03/28/2012 04:13 PM, Tom Eastep wrote:> Beta 4 is now available for testing. > > In this version: > > 1) Problems reported against Beta 3 have been corrected, including: > > - Installing the RPM fails to install ~/.shorewallrc > - Syntax error in the default /etc/init.d/shorewall > > 4) TEMPDIR has been added as a configuration option in .shorewallrc. > When specified, it causes the generated script to export TMPDIR > with the specified value. > > Note: The different spelling in the option is intentional > to avoid overwriting the TMPDIR setting of shell programs > that source .shorewallrc. > > 3) A configure script has been added to each package. The arguments to > the script are the usual list of <option>=<value> assignments. The > supported options are the same as those listed in the release > notes, although they may be in lower case and may be optionally > preceded by ''--''. > > The configure script uses the setting of --host to select the > appropriate rc file. It reads that file to establish default > settings and then applies the values specified in the argument > list. To allow use with the %configure RPM macro, only the last > occurrence of a particular option setting is applied. The resulting > settings are written to a file named ''shorewallrc'' in the current > working directory and are also written to standard out. >As the official opensuse maintainer of your shorewall packages I urge you to to fix your shorewallrc.suse as a courtesy to follow distribution packaging guidelines LIBEXECDIR=/usr/lib PERLLIBDIR= /usr/lib/perl5/vendor_perl/5.14.2 The above is what translates %perl_vendorlib at least for opensuse 12.1 and later The issue is not if I as the opensuse package maintainer can suit the configuration to my distro requirements but you follow debian and fedora guidelines and this is no different for opensuse to expect and request same equal treatment the install files of the following have these errors Shorewall-core install.sh: line 136: local: can only be used in a function Shorewall-lite install.sh: line 145: local: can only be used in a function Shorewall6-lite install.sh: line 145: local: can only be used in a function Shorewall-init install.sh: line 132: local: can only be used in a function Thanks Togan ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On Wed, Mar 28, 2012 at 08:49:43PM +0200, Togan Muftuoglu wrote:> On 03/28/2012 04:13 PM, Tom Eastep wrote: > > Beta 4 is now available for testing. > > > > In this version: > > > > 1) Problems reported against Beta 3 have been corrected, including: > > > > - Installing the RPM fails to install ~/.shorewallrc > > - Syntax error in the default /etc/init.d/shorewall > > > > 4) TEMPDIR has been added as a configuration option in .shorewallrc. > > When specified, it causes the generated script to export TMPDIR > > with the specified value. > > > > Note: The different spelling in the option is intentional > > to avoid overwriting the TMPDIR setting of shell programs > > that source .shorewallrc. > > > > 3) A configure script has been added to each package. The arguments to > > the script are the usual list of <option>=<value> assignments. The > > supported options are the same as those listed in the release > > notes, although they may be in lower case and may be optionally > > preceded by ''--''. > > > > The configure script uses the setting of --host to select the > > appropriate rc file. It reads that file to establish default > > settings and then applies the values specified in the argument > > list. To allow use with the %configure RPM macro, only the last > > occurrence of a particular option setting is applied. The resulting > > settings are written to a file named ''shorewallrc'' in the current > > working directory and are also written to standard out. > > > > As the official opensuse maintainer of your shorewall packages I urge > you to to fix your shorewallrc.suse as a courtesy to follow distribution > packaging guidelines > > > LIBEXECDIR=/usr/lib > PERLLIBDIR= /usr/lib/perl5/vendor_perl/5.14.2 > > The above is what translates %perl_vendorlib at least for opensuse 12.1 > and later > > > The issue is not if I as the opensuse package maintainer can suit the > configuration to my distro requirements but you follow debian and fedora > guidelines and this is no different for opensuse to expect and request > same equal treatment > > the install files of the following have these errors > Shorewall-core > install.sh: line 136: local: can only be used in a function > > Shorewall-lite > install.sh: line 145: local: can only be used in a function > > Shorewall6-lite > install.sh: line 145: local: can only be used in a function > > Shorewall-init > install.sh: line 132: local: can only be used in a functionDebian has issues with install.sh using local like that too. Is that a bash thing or something? -- Len Sorensen ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 3/28/12 12:33 PM, "Lennart Sorensen" <lsorense@csclub.uwaterloo.ca> wrote:> >Debian has issues with install.sh using local like that too. Is that >a bash thing or something?No -- just a bug. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 3/28/12 11:49 AM, "Togan Muftuoglu" <toganm@users.sourceforge.net> wrote:>On 03/28/2012 04:13 PM, Tom Eastep wrote: >> Beta 4 is now available for testing. >> >> In this version: >> >> 1) Problems reported against Beta 3 have been corrected, including: >> >> - Installing the RPM fails to install ~/.shorewallrc >> - Syntax error in the default /etc/init.d/shorewall >> >> 4) TEMPDIR has been added as a configuration option in .shorewallrc. >> When specified, it causes the generated script to export TMPDIR >> with the specified value. >> >> Note: The different spelling in the option is intentional >> to avoid overwriting the TMPDIR setting of shell programs >> that source .shorewallrc. >> >> 3) A configure script has been added to each package. The arguments to >> the script are the usual list of <option>=<value> assignments. The >> supported options are the same as those listed in the release >> notes, although they may be in lower case and may be optionally >> preceded by ''--''. >> >> The configure script uses the setting of --host to select the >> appropriate rc file. It reads that file to establish default >> settings and then applies the values specified in the argument >> list. To allow use with the %configure RPM macro, only the last >> occurrence of a particular option setting is applied. The resulting >> settings are written to a file named ''shorewallrc'' in the current >> working directory and are also written to standard out. >> > >As the official opensuse maintainer of your shorewall packages I urge >you to to fix your shorewallrc.suse as a courtesy to follow distribution >packaging guidelines > > >LIBEXECDIR=/usr/lib >PERLLIBDIR= /usr/lib/perl5/vendor_perl/5.14.2 > >The above is what translates %perl_vendorlib at least for opensuse 12.1 >and laterI''m happy with the first recommended change but question the second. If a user installs on an OpenSuSE version earlier than 12.1, then I suspect that Shorewall won''t work at all. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 03/29/2012 02:22 AM, Tom Eastep wrote:>> >> >> LIBEXECDIR=/usr/lib >> PERLLIBDIR= /usr/lib/perl5/vendor_perl/5.14.2 >> >> The above is what translates %perl_vendorlib at least for opensuse 12.1 >> and later > > I''m happy with the first recommended change but question the second. If a > user installs on an OpenSuSE version earlier than 12.1, then I suspect > that Shorewall won''t work at all.That is why the macros are used in rpm. I am currently providing rpms for openSUSE 11.4 12.1 Factory(the next coming version) with one spec file. The official rpms being provided by openSUSE does not have a problem with the location of the perl location and therefore do work. But if some one installs yours and then switches to the official openSUSE rpms comes the problem Togan ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
> That is why the macros are used in rpm. I am currently providing rpms > for openSUSE 11.4 12.1 Factory(the next coming version) with one spec > file. The official rpms being provided by openSUSE does not have a > problem with the location of the perl location and therefore do work. >And it is precisely why %configure should be used instead of just "configure" or "./configure" - that way all distro-specific directories are pulled in as parameters and don''t need to be specified. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On Wed, Mar 28, 2012 at 05:10:52PM -0700, Tom Eastep wrote:> No -- just a bug.Well commenting out ''local file'' seems to fix it for now. -- Len Sorensen ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On Wed, 28 Mar 2012 07:13:55 -0700
I must very stongly disagree how shorewallrc is now implemented.
Problem number one:
Code snippet:
if [ -z "$g_readrc" ]; then
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
LIBEXECDIR=/usr/share
fi
Security software like shorewall can NEVER include files from random
location like current directory or user home dir.
Installer MUST hardcode the shorewallrc location into shorewall runtime
programs when installing. That is:
if SHAREDIR is set to /usr/share - all files needing to read
shorewallrc must be generated so they
have /usr/share/shorewall/shorewallrc hardcoded in for reading the file.
Currently shorewall-4.5.2-Beta4 totally breaks if there is
no /root/.shorewallrc or ~/.shorewallrc.
Software can not rely on file in user root home directory.
Problem 2:
Shorewall doesn''t work at all without ~/.shorewallrc - that
is /usr/share/shorewall/shorewallrc which is installed is not used at
all by runtime shorewall - so shorewall try to find compiler.pl
from /usr/share/shorewall/compiler.pl when it''s isntalled on different
path.
Problem 3:
the configire which was imho total waste of programming time to
generate is not able to unset any value.
shorewallrc.redhat has SYSTEMD set.
On rhel systems there is no SYSTEMD but installer still try to install
system files.
This gives two possibilities: Either Only required options can be set
in default shorewallrc.<hosttype>.
That means both INITDDIR and SYSTEMD must be unset so that one can be
selected, either install of INITDDIR file or SYSTEMD service.
Or there must be possibility to unset config value with configure.
Problem 4:
Now, when systemd service is installed, shorewall doesn''t create path
if it''s missing so installing service to DESTDIR fails because there is
no directory to intall systemd service file to.
--
Tuomo Soini <tis@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
On 03/30/2012 02:07 AM, Tuomo Soini wrote:> On Wed, 28 Mar 2012 07:13:55 -0700 > > I must very stongly disagree how shorewallrc is now implemented. > > Problem number one: > > Code snippet: > > if [ -z "$g_readrc" ]; then > > if [ -f ./.shorewallrc ]; then > . ./.shorewallrc || exit 1 > elif [ -r /root/.shorewallrc ]; then > . /root/.shorewallrc || exit 1 > elif [ -r /.shorewallrc ]; then > . /root/.shorewallrc || exit 1 > elif [ -f ~/.shorewallrc ]; then > . ~/.shorewallrc || exit 1 > elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then > . ${SHOREWALLRC_HOME}/.shorewallrc || exit 1 > else > SHAREDIR=/usr/share > CONFDIR=/etc > SBINDIR=/sbin > LIBEXECDIR=/usr/share > fi > > Security software like shorewall can NEVER include files from random > location like current directory or user home dir. > > Installer MUST hardcode the shorewallrc location into shorewall runtime > programs when installing. That is: > > if SHAREDIR is set to /usr/share - all files needing to read > shorewallrc must be generated so they > have /usr/share/shorewall/shorewallrc hardcoded in for reading the file. > > Currently shorewall-4.5.2-Beta4 totally breaks if there is > no /root/.shorewallrc or ~/.shorewallrc. > > Software can not rely on file in user root home directory. > > Problem 2: > > Shorewall doesn''t work at all without ~/.shorewallrc - that > is /usr/share/shorewall/shorewallrc which is installed is not used at > all by runtime shorewall - so shorewall try to find compiler.pl > from /usr/share/shorewall/compiler.pl when it''s isntalled on different > path.The above two problems can be corrected by modifying the CLI programs ( and lib.base) to read the correct rc file. I''ll include that in Beta 5.> > Problem 3: > > the configire which was imho total waste of programming time to > generate is not able to unset any value. > > shorewallrc.redhat has SYSTEMD set. > > On rhel systems there is no SYSTEMD but installer still try to install > system files. > > This gives two possibilities: Either Only required options can be set > in default shorewallrc.<hosttype>. > > That means both INITDDIR and SYSTEMD must be unset so that one can be > selected, either install of INITDDIR file or SYSTEMD service. > > Or there must be possibility to unset config value with configure.teastep@ubuntu:$ ./configure --host=redhat --systemdHOST=redhat PREFIX=/usr SHAREDIR=${PREFIX}/share LIBEXECDIR=${PREFIX}/share PERLLIBDIR=/usr/share/shorewall CONFDIR=/etc SBINDIR=/sbin MANDIR=${SHAREDIR}/man INITDIR=/etc/rc.d/init.d INITSOURCE=init.fedora.sh INITFILE=$PRODUCT AUXINITSOURCEAUXINITFILESYSTEMDSYSCONFILESYSCONFDIR=/etc/sysconfig/ ANNOTATEDVARDIR=/var/lib teastep@ubuntu:$> > Problem 4: > > Now, when systemd service is installed, shorewall doesn''t create path > if it''s missing so installing service to DESTDIR fails because there is > no directory to intall systemd service file to. >I''ll fix that in Beta5. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On Fri, 30 Mar 2012 08:12:27 -0700 Tom Eastep <teastep@shorewall.net> wrote:> The above two problems can be corrected by modifying the CLI programs > ( and lib.base) to read the correct rc file. I''ll include that in > Beta 5.Thank you. Btw. I don''t have anything against ./install.sh using ~/.shorewallrc is that was what you were thinking about. or .shorewallrc from same dir install.sh is located at... installdir=$(dirname $0) if [ -f ${installdir}/.shorewallrc ]; then . ${installdir}/.shorewallrc || exit 1 elif [ -f ~/.shorewallrc ]; then etc.> > > > > Problem 3: > > > > the configire which was imho total waste of programming time to > > generate is not able to unset any value. > > > > shorewallrc.redhat has SYSTEMD set. > > > > On rhel systems there is no SYSTEMD but installer still try to > > install system files. > > > > This gives two possibilities: Either Only required options can be > > set in default shorewallrc.<hosttype>. > > > > That means both INITDDIR and SYSTEMD must be unset so that one can > > be selected, either install of INITDDIR file or SYSTEMD service. > > > > Or there must be possibility to unset config value with configure. > > teastep@ubuntu:$ ./configure --host=redhat --systemdExellent - if that works my testing was not good enough :-(> > Problem 4: > > > > Now, when systemd service is installed, shorewall doesn''t create > > path if it''s missing so installing service to DESTDIR fails because > > there is no directory to intall systemd service file to. > > > > I''ll fix that in Beta5.Good - I can generate a patch for this if you want? -- Tuomo Soini <tis@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure