From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: [PATCH 1/2] wsdd: Install wsdd - fixes bug13445 Date: Fri, 12 Jan 2024 16:09:53 +0100 Message-ID: <0db13412-5633-4978-a87e-069678389239@ipfire.org> In-Reply-To: <638C4CD5-D9CD-466A-8C4E-37C4DF0E9F0C@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7876674122445081532==" List-Id: --===============7876674122445081532== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, On 12/01/2024 14:40, Michael Tremer wrote: > Hello, >=20 >> On 12 Jan 2024, at 11:14, Adolf Belka wrote: >> >> Hi Daniel, >> >> On 11/01/2024 17:11, daniel.weismueller(a)ipfire.org wrote: >>> Hi Adolf. >>> We have looked at your work. First of all, thank you very much. >>> Your scripts seems to work fine. I will start tomorrow to test them in wh= ole. However we have made a few changes. >>> In particular, we have adapted the code to the existing code in IPFire. >>> Please take look at Michaels wsdd branch. >>> https://git.ipfire.org/?p=3Dpeople/ms/ipfire-2.x.git;a=3Dshortlog;h=3Dref= s/heads/wsdd >> >> That looks very good. I clearly still have a bit to learn about how to cod= e in a more tidy manner. >=20 > It worked=E2=80=A6 I was just in the swing of it :) >=20 >> I also see that Michael fixed the pid fault in the loadproc/statusproc/kil= lproc while I just created a workaround solution for the wsdd initscript alon= e. >=20 > loadproc/statusproc/killproc are really difficult to handle. They are suppo= sed to be LSB-conformant functions, but I believe that it never really happen= ed that they because universally used and compatible between distributions. N= ow with systemd, there is no more need=E2=80=A6 >=20 > And it is also because of systemd that daemons behave differently now - act= ually not even like daemons whatsoever any more. They used to fork themselves= into the background which made all the PID processing necessary, because the= init script could not know the PID of the process forked in the background. = Now, they don=E2=80=99t do this any more because without the fork, things are= easier for systemd to manage. >=20 > The new -b switch that was added some while ago is already helping us to la= unch such new processes into the background, but we don=E2=80=99t have PID fi= les any more. And since scripts don=E2=80=99t work with statusproc/killproc, = I thought it might be a good idea to add this to loadproc as I am expecting u= s to need this more often in the future. >=20 > And while I was thinking about the problem, I figured it would be easier to= send a patch for those few lines instead of explaining it in words - which p= robably would have been a little bit longer. >=20 > The only noteworthy thing is that there was a potential security issue in p= assing around the shell arguments as strings because the workgroup variable c= ould have been almost anything. I am not sure what validation samba would do,= but I thought it would be best not to rely on that. A two words (with a spac= e) workgroup would have caused wsdd not to start, because it would have seen = a command line like =E2=80=9C=E2=80=94-workgroup ABC DEF=E2=80=9D with ABC be= ing interpreted as the workgroup and DEF being some garbage that wsdd would n= ot understand. The trick with the array is that it would pass the arguments l= ike this =E2=80=9C=E2=80=94-workgroup =E2=80=98ABC DEF=E2=80=99=E2=80=9D whic= h prevents that =E2=80=9CDEF=E2=80=9D would be interpreted as an extra parame= ter. >=20 > So, everything is fine :) Especially after I added the =E2=80=9Crestart=E2= =80=9D command :) >=20 >> I did have a look at the code in the functions file but struggled to under= stand it enough to be able to figure out what was giving the problem I was ex= periencing. >=20 > Which functions? The /src/initscripts/system/functions file from the git repo that has=20 the loadproc, statusproc and killproc functions in it. Regards, Adolf. >=20 >> I am glad that has been sorted and the initscript tidied up in line with I= PFire coding style. >=20 > That is why we are all working together... >=20 >> Will try and remember that in future. >=20 > If not, we are here to help :) >=20 > -Michael >=20 >> Regards, >> Adolf. >> >>> - >>> Daniel >>> Am 10. Januar 2024 um 14:30 schrieb "Adolf Belka" >: >>> - lfs and toorfile created for wsdd >>> - wsdd added to make.sh script >>> - created install/update/uninstall scripts for wsdd that create an >>> unpriveleged user and >>> group. >>> - initscript created for wsdd. As wsdd is a python3 script, when it >>> is run as a daemon the >>> pidof command does not find any pid for wsdd. So a directory/file >>> for a pid file was >>> created. This is then passed to the loadproc and killproc commands. >>> After the loadproc >>> command has been created the pid is extracted from the ps aux >>> command and put into the >>> pid file. This then works when running the killproc command for it >>> to know what to go >>> and stop. The statusproc command does not have the ability to feed >>> in the pid from a >>> pid file and so it fails to find a running wsdd as it uses the pidof >>> command. Code was >>> added to the status section of the initscript to check if the pid >>> file exists and if so >>> to print the same command as used with the statusproc command, and >>> also the same >>> wording if the pid file does not exist because wsdd is not running. >>> - info from the ethernet/settings file is used to identify if only >>> green0 is available or >>> if blue0 is also used and based on this the appropriate interface >>> commands are added to >>> the wsdd command. >>> - wsdd is also set up to run in a chroot >>> - Has been tested on my vm testbed, initially by editing the files >>> on the vm clone. After >>> everything confiremd to be working, the build was successfully >>> carried out and the >>> .ipfire package was copied to a new vm clone installed and shown to >>> perform as expected. >>> This test only confirms that wsdd is correctly installed and >>> started. Shutsdown and >>> restarts on reboot successfully. Confirmed from the ps aux info that >>> wsdd has been >>> started with the correct options. Thge testing can not evaluate if >>> wsdd enables windows >>> systems newer than version 7 top be able to detect the samba shares >>> as I have no >>> windows systems. >>> Fixes: Bug13445 >>> Tested-by: Adolf Belka >>> Signed-off-by: Adolf Belka >>> --- >>> config/rootfiles/packages/wsdd | 2 + >>> lfs/wsdd | 89 ++++++++++++++++++++++++++++++++++ >>> make.sh | 1 + >>> src/initscripts/packages/wsdd | 63 ++++++++++++++++++++++++ >>> src/paks/wsdd/install.sh | 40 +++++++++++++++ >>> src/paks/wsdd/uninstall.sh | 30 ++++++++++++ >>> src/paks/wsdd/update.sh | 27 +++++++++++ >>> 7 files changed, 252 insertions(+) >>> create mode 100644 config/rootfiles/packages/wsdd >>> create mode 100644 lfs/wsdd >>> create mode 100644 src/initscripts/packages/wsdd >>> create mode 100644 src/paks/wsdd/install.sh >>> create mode 100644 src/paks/wsdd/uninstall.sh >>> create mode 100644 src/paks/wsdd/update.sh >>> diff --git a/config/rootfiles/packages/wsdd >>> b/config/rootfiles/packages/wsdd >>> new file mode 100644 >>> index 000000000..ce225043a >>> --- /dev/null >>> +++ b/config/rootfiles/packages/wsdd >>> @@ -0,0 +1,2 @@ >>> +etc/rc.d/init.d/wsdd >>> +usr/bin/wsdd >>> diff --git a/lfs/wsdd b/lfs/wsdd >>> new file mode 100644 >>> index 000000000..aa65e47ef >>> --- /dev/null >>> +++ b/lfs/wsdd >>> @@ -0,0 +1,89 @@ >>> +####################################################################= ########### >>> +# # >>> +# IPFire.org - A linux based firewall # >>> +# Copyright (C) 2007-2024 IPFire Team # >>> +# # >>> +# This program is free software: you can redistribute it and/or >>> modify # >>> +# it under the terms of the GNU General Public License as published >>> by # >>> +# the Free Software Foundation, either version 3 of the License, or # >>> +# (at your option) any later version. # >>> +# # >>> +# This program is distributed in the hope that it will be useful, # >>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>> +# GNU General Public License for more details. # >>> +# # >>> +# You should have received a copy of the GNU General Public License # >>> +# along with this program. If not, see >>> >. # >>> +# # >>> +####################################################################= ########### >>> + >>> +####################################################################= ########### >>> +# Definitions >>> +####################################################################= ########### >>> + >>> +include Config >>> + >>> +VER =3D 0.7.1 >>> +SUMMARY =3D A Web Service Discovery host daemon. >>> + >>> +THISAPP =3D wsdd-$(VER) >>> +DL_FILE =3D $(THISAPP).tar.gz >>> +DL_FROM =3D $(URL_IPFIRE) >>> +DIR_APP =3D $(DIR_SRC)/$(THISAPP) >>> +TARGET =3D $(DIR_INFO)/$(THISAPP) >>> +PROG =3D wsdd >>> +PAK_VER =3D 1 >>> + >>> +DEPS =3D >>> + >>> +SERVICES =3D wsdd >>> + >>> +####################################################################= ########### >>> +# Top-level Rules >>> +####################################################################= ########### >>> + >>> +objects =3D $(DL_FILE) >>> + >>> +$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>> + >>> +$(DL_FILE)_BLAKE2 =3D >>> ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563ab2ac= a571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26 >>> + >>> +install : $(TARGET) >>> + >>> +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) >>> + >>> +download :$(patsubst %,$(DIR_DL)/%,$(objects)) >>> + >>> +b2 : $(subst %,%_BLAKE2,$(objects)) >>> + >>> +dist: >>> + @$(PAK) >>> + >>> +####################################################################= ########### >>> +# Downloading, checking, b2sum >>> +####################################################################= ########### >>> + >>> +$(patsubst %,$(DIR_CHK)/%,$(objects)) : >>> + @$(CHECK) >>> + >>> +$(patsubst %,$(DIR_DL)/%,$(objects)) : >>> + @$(LOAD) >>> + >>> +$(subst %,%_BLAKE2,$(objects)) : >>> + @$(B2SUM) >>> + >>> +####################################################################= ########### >>> +# Installation Details >>> +####################################################################= ########### >>> + >>> +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>> + @$(PREBUILD) >>> + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) >>> + cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd >>> + >>> + #install initscripts >>> + $(call INSTALL_INITSCRIPTS,$(SERVICES)) >>> + >>> + @rm -rf $(DIR_APP) >>> + @$(POSTBUILD) >>> diff --git a/make.sh b/make.sh >>> index 06e09c9a3..5af3dedc3 100755 >>> --- a/make.sh >>> +++ b/make.sh >>> @@ -1699,6 +1699,7 @@ buildipfire() { >>> lfsmake2 perl-MIME-Base32 >>> lfsmake2 perl-URI-Encode >>> lfsmake2 rsnapshot >>> + lfsmake2 wsdd >>> # Kernelbuild ... current we have no platform that need >>> # multi kernel builds so KCFG is empty >>> diff --git a/src/initscripts/packages/wsdd >>> b/src/initscripts/packages/wsdd >>> new file mode 100644 >>> index 000000000..c5207f872 >>> --- /dev/null >>> +++ b/src/initscripts/packages/wsdd >>> @@ -0,0 +1,63 @@ >>> +#!/bin/sh >>> +####################################################################= ########### >>> +# # >>> +# IPFire.org - A linux based firewall # >>> +# Copyright (C) 2007-2024 IPFire Team # >>> +# # >>> +# This program is free software: you can redistribute it and/or >>> modify # >>> +# it under the terms of the GNU General Public License as published >>> by # >>> +# the Free Software Foundation, either version 3 of the License, or # >>> +# (at your option) any later version. # >>> +# # >>> +# This program is distributed in the hope that it will be useful, # >>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>> +# GNU General Public License for more details. # >>> +# # >>> +# You should have received a copy of the GNU General Public License # >>> +# along with this program. If not, see >>> >. # >>> +# # >>> +####################################################################= ########### >>> + >>> +. /etc/sysconfig/rc >>> +. $rc_functions >>> + >>> +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) >>> + >>> +# Create chroot directory for wsdd >>> +mkdir -p /var/run/wsdd >>> + >>> +INTERFACES=3D"-i ${GREEN_DEV}" >>> + if [ -n "${BLUE_DEV}" ]; then >>> + INTERFACES=3D"${INTERFACES} -i ${BLUE_DEV}" >>> + fi >>> +WSDD_WORKGROUP=3D"-w $(/usr/bin/testparm -s --parameter-name >>> workgroup 2>/dev/null)" >>> +WSDD_USER=3D"-u wsdd:wsdd" >>> +WSDD_CHROOT=3D"-c /var/run/wsdd" >>> + >>> +case "$1" in >>> + start) >>> + boot_mesg "Starting wsdd daemon..." >>> + loadproc -b /usr/bin/wsdd -4 ${WSDD_USER} ${INTERFACES} >>> ${WSDD_WORKGROUP} ${WSDD_CHROOT} >>> + sleep 1 >>> + echo $(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk '{print >>> $2}') > /var/run/wsdd/pid >>> + ;; >>> + stop) >>> + boot_mesg "Stopping wsdd daemon..." >>> + killproc -p /var/run/wsdd/pid /usr/bin/wsdd >>> + ;; >>> + status) >>> + WSDD_PID=3D$(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk >>> '{print $2}') >>> + if [ -n "${WSDD_PID}" ]; then >>> + echo -e "\\033[1;36m /usr/bin/wsdd is running with Process"\ >>> + "ID(s) $WSDD_PID.\\033[0;39m" >>> + else >>> + echo -e "\\033[1;36m /usr/bin/wsdd is not running.\\033[0;39m" >>> + fi >>> + ;; >>> + *) >>> + echo "Usage: $0 (start|stop|status)" >>> + exit 1 >>> + ;; >>> +esac >>> + >>> diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh >>> new file mode 100644 >>> index 000000000..181b84eb9 >>> --- /dev/null >>> +++ b/src/paks/wsdd/install.sh >>> @@ -0,0 +1,40 @@ >>> +#!/bin/bash >>> +####################################################################= ######## >>> +# # >>> +# This file is part of the IPFire Firewall. # >>> +# # >>> +# IPFire is free software; you can redistribute it and/or modify # >>> +# it under the terms of the GNU General Public License as published >>> by # >>> +# the Free Software Foundation; either version 2 of the License, or # >>> +# (at your option) any later version. # >>> +# # >>> +# IPFire is distributed in the hope that it will be useful, # >>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>> +# GNU General Public License for more details. # >>> +# # >>> +# You should have received a copy of the GNU General Public License # >>> +# along with IPFire; if not, write to the Free Software # >>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >>> 02111-1307 USA # >>> +# # >>> +# Copyright (C) 2007 IPFire-Team . # >>> +# # >>> +####################################################################= ######## >>> +# >>> +. /opt/pakfire/lib/functions.sh >>> + >>> +# If the wsdd user does not exist yet, then create it and add to >>> wsdd group. >>> +if ! getent user wsdd >/dev/null; then >>> + useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd >>> + usermod -a -G wsdd wsdd >>> +fi >>> + >>> +extract_files >>> +restore_backup ${NAME} >>> + >>> +# Create startlinks >>> +ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd >>> +ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd >>> +ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd >>> +start_service ${NAME} >>> +exit 0 >>> diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall.sh >>> new file mode 100644 >>> index 000000000..4c52ee281 >>> --- /dev/null >>> +++ b/src/paks/wsdd/uninstall.sh >>> @@ -0,0 +1,30 @@ >>> +#!/bin/bash >>> +####################################################################= ######## >>> +# # >>> +# This file is part of the IPFire Firewall. # >>> +# # >>> +# IPFire is free software; you can redistribute it and/or modify # >>> +# it under the terms of the GNU General Public License as published >>> by # >>> +# the Free Software Foundation; either version 2 of the License, or # >>> +# (at your option) any later version. # >>> +# # >>> +# IPFire is distributed in the hope that it will be useful, # >>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>> +# GNU General Public License for more details. # >>> +# # >>> +# You should have received a copy of the GNU General Public License # >>> +# along with IPFire; if not, write to the Free Software # >>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >>> 02111-1307 USA # >>> +# # >>> +# Copyright (C) 2007 IPFire-Team . # >>> +# # >>> +####################################################################= ######## >>> +# >>> +. /opt/pakfire/lib/functions.sh >>> +stop_service ${NAME} >>> +make_backup ${NAME} >>> +remove_files >>> +# Remove all start links. >>> +rm -rf /etc/rc.d/rc*.d/*wsdd >>> +exit 0 >>> diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh >>> new file mode 100644 >>> index 000000000..99776659c >>> --- /dev/null >>> +++ b/src/paks/wsdd/update.sh >>> @@ -0,0 +1,27 @@ >>> +#!/bin/bash >>> +####################################################################= ######## >>> +# # >>> +# This file is part of the IPFire Firewall. # >>> +# # >>> +# IPFire is free software; you can redistribute it and/or modify # >>> +# it under the terms of the GNU General Public License as published >>> by # >>> +# the Free Software Foundation; either version 2 of the License, or # >>> +# (at your option) any later version. # >>> +# # >>> +# IPFire is distributed in the hope that it will be useful, # >>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of # >>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>> +# GNU General Public License for more details. # >>> +# # >>> +# You should have received a copy of the GNU General Public License # >>> +# along with IPFire; if not, write to the Free Software # >>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >>> 02111-1307 USA # >>> +# # >>> +# Copyright (C) 2007-2020 IPFire-Team . # >>> +# # >>> +####################################################################= ######## >>> +# >>> +. /opt/pakfire/lib/functions.sh >>> +extract_backup_includes >>> +./uninstall.sh >>> +./install.sh >>> -- 2.43.0 >> >> --=20 >> Sent from my laptop >=20 >=20 --=20 Sent from my laptop --===============7876674122445081532==--