From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 1/2] wsdd: Install wsdd - fixes bug13445 Date: Fri, 01 Mar 2024 17:17:37 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4082895445768175298==" List-Id: --===============4082895445768175298== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you for the notice. I merged the initscripts branch, too! -Michael > On 29 Feb 2024, at 14:38, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 28/02/2024 17:45, Michael Tremer wrote: >> Hello Adolf, >>> On 16 Feb 2024, at 17:15, Adolf Belka wrote: >>>=20 >>> Hi Michael, >>>=20 >>> On 16/01/2024 11:30, daniel.weismueller(a)ipfire.org wrote: >>>> Hi there. >>>> I've installed and testetd the latest / modified version of the wsdd add= on on two machines. >>>> Nearly everything works as exspected. Also my Winodws PCs see the IPFIRE= as a menber of the workgroup and could browse and use the samba shares. >>>> If you use the firewall option "Drop all Microsoft ports 135,137,138,139= ,445,1025" the clients in the blue network see the IPFIRE but aren't able to = browse or connect to the shares. >>>> I've recogniced only one thing that don't work like I exspected. >>>> - If you stop or restart samba the wsdd addon won't stop or restart, too. >>>> I think it would be better if the wssd stop too because if you change th= e workgroup and start the samba again the wsdd won't recognice it. >>>=20 >>> To make a patch to support this I need to have the wsdd patches that you = created merged into next. Then I can work on having samba trigger the start a= nd stop of wsdd so that it does not run independently but is synchronised wit= h samba. >> Okay, I have merged the wsdd branch into next. >> Please let me know if there is anything else you need from me. > Thanks for the merge. Ran unstable on a vm system but wsdd failed to start.= After a bit of investigating I realised that it was the same issue I had ori= ginally of pid not being correctly created. >=20 > You also need to merge the two patches in your initscripts branch. I manual= ly added the two patch changes into the functions file in my vm system and th= en wsdd started without any problems. So I can do the work on linking the sta= rt of samba with wsdd but those two patches will be needed for CU185. >=20 > Regards, > Adolf. >>> Regards, >>> Adolf. >>>=20 >>>> - >>>> Daniel >>>> Am 12. Januar 2024 um 16:09 schrieb "Adolf Belka" >: >>>> Hi Michael, >>>> On 12/01/2024 14:40, Michael Tremer wrote: >>>> Hello, >>>> On 12 Jan 2024, at 11:14, Adolf Belka >>> > wrote: >>>> Hi Daniel, >>>> On 11/01/2024 17:11, daniel.weismueller(a)ipfire.org >>>> wrote: >>>> Hi Adolf. >>>> We have looked at your work. First of all, thank you very much. >>>> Your scripts seems to work fine. I will start tomorrow to test >>>> them in whole. However we have made a few changes. >>>> In particular, we have adapted the code to the existing code in >>>> IPFire. >>>> Please take look at Michaels wsdd branch. >>>> https://git.ipfire.org/?p=3Dpeople/ms/ipfire-2.x.git;a=3Dshortlog= ;h=3Drefs/heads/wsdd > >>>> That looks very good. I clearly still have a bit to learn >>>> about how to code in a more tidy manner. >>>> It worked=E2=80=A6 I was just in the swing of it :) >>>> I also see that Michael fixed the pid fault in the >>>> loadproc/statusproc/killproc while I just created a workaround >>>> solution for the wsdd initscript alone. >>>> loadproc/statusproc/killproc are really difficult to handle. >>>> They are supposed to be LSB-conformant functions, but I believe >>>> that it never really happened that they because universally used >>>> and compatible between distributions. Now with systemd, there is >>>> no more need=E2=80=A6 >>>> And it is also because of systemd that daemons behave >>>> differently now - actually not even like daemons whatsoever any >>>> more. They used to fork themselves into the background which >>>> made all the PID processing necessary, because the init script >>>> could not know the PID of the process forked in the background. >>>> Now, they don=E2=80=99t do this any more because without the fork, >>>> things are easier for systemd to manage. >>>> The new -b switch that was added some while ago is already >>>> helping us to launch such new processes into the background, but >>>> we don=E2=80=99t have PID files any more. And since scripts don= =E2=80=99t work >>>> with statusproc/killproc, I thought it might be a good idea to >>>> add this to loadproc as I am expecting us to need this more >>>> often in the future. >>>> And while I was thinking about the problem, I figured it would >>>> be easier to send a patch for those few lines instead of >>>> explaining it in words - which probably would have been a little >>>> bit longer. >>>> The only noteworthy thing is that there was a potential security >>>> issue in passing around the shell arguments as strings because >>>> the workgroup variable could have been almost anything. I am not >>>> sure what validation samba would do, but I thought it would be >>>> best not to rely on that. A two words (with a space) workgroup >>>> would have caused wsdd not to start, because it would have seen >>>> a command line like =E2=80=9C=E2=80=94-workgroup ABC DEF=E2=80=9D= with ABC being >>>> interpreted as the workgroup and DEF being some garbage that >>>> wsdd would not understand. The trick with the array is that it >>>> would pass the arguments like this =E2=80=9C=E2=80=94-workgroup = =E2=80=98ABC DEF=E2=80=99=E2=80=9D which >>>> prevents that =E2=80=9CDEF=E2=80=9D would be interpreted as an ex= tra parameter. >>>> So, everything is fine :) Especially after I added the =E2=80=9Cr= estart=E2=80=9D >>>> command :) >>>> I did have a look at the code in the functions file but >>>> struggled to understand it enough to be able to figure out what >>>> was giving the problem I was experiencing. >>>> Which functions? >>>> The /src/initscripts/system/functions file from the git repo that >>>> has the loadproc, statusproc and killproc functions in it. >>>> Regards, >>>> Adolf. >>>> I am glad that has been sorted and the initscript tidied up in >>>> line with IPFire coding style. >>>> That is why we are all working together... >>>> Will try and remember that in future. >>>> If not, we are here to help :) >>>> -Michael >>>> Regards, >>>> Adolf. >>>> - >>>> Daniel >>>> Am 10. Januar 2024 um 14:30 schrieb "Adolf Belka" >>>> >>>> >>> .belka%40ipfire.org%3E>>: >>>> - lfs and toorfile created for wsdd >>>> - wsdd added to make.sh script >>>> - created install/update/uninstall scripts for wsdd that create an >>>> unpriveleged user and >>>> group. >>>> - initscript created for wsdd. As wsdd is a python3 script, when = it >>>> is run as a daemon the >>>> pidof command does not find any pid for wsdd. So a directory/file >>>> for a pid file was >>>> created. This is then passed to the loadproc and killproc command= s. >>>> After the loadproc >>>> command has been created the pid is extracted from the ps aux >>>> command and put into the >>>> pid file. This then works when running the killproc command for it >>>> to know what to go >>>> and stop. The statusproc command does not have the ability to feed >>>> in the pid from a >>>> pid file and so it fails to find a running wsdd as it uses the pi= dof >>>> command. Code was >>>> added to the status section of the initscript to check if the pid >>>> file exists and if so >>>> to print the same command as used with the statusproc command, and >>>> also the same >>>> wording if the pid file does not exist because wsdd is not runnin= g. >>>> - info from the ethernet/settings file is used to identify if only >>>> green0 is available or >>>> if blue0 is also used and based on this the appropriate interface >>>> commands are added to >>>> the wsdd command. >>>> - wsdd is also set up to run in a chroot >>>> - Has been tested on my vm testbed, initially by editing the files >>>> on the vm clone. After >>>> everything confiremd to be working, the build was successfully >>>> carried out and the >>>> .ipfire package was copied to a new vm clone installed and shown = to >>>> perform as expected. >>>> This test only confirms that wsdd is correctly installed and >>>> started. Shutsdown and >>>> restarts on reboot successfully. Confirmed from the ps aux info t= hat >>>> wsdd has been >>>> started with the correct options. Thge testing can not evaluate if >>>> wsdd enables windows >>>> systems newer than version 7 top be able to detect the samba shar= es >>>> as I have no >>>> windows systems. >>>> Fixes: Bug13445 >>>> Tested-by: Adolf Belka >>> > >>>> Signed-off-by: Adolf Belka >>> > >>>> --- >>>> config/rootfiles/packages/wsdd | 2 + >>>> lfs/wsdd | 89 ++++++++++++++++++++++++++++++++++ >>>> make.sh | 1 + >>>> src/initscripts/packages/wsdd | 63 ++++++++++++++++++++++++ >>>> src/paks/wsdd/install.sh | 40 +++++++++++++++ >>>> src/paks/wsdd/uninstall.sh | 30 ++++++++++++ >>>> src/paks/wsdd/update.sh | 27 +++++++++++ >>>> 7 files changed, 252 insertions(+) >>>> create mode 100644 config/rootfiles/packages/wsdd >>>> create mode 100644 lfs/wsdd >>>> create mode 100644 src/initscripts/packages/wsdd >>>> create mode 100644 src/paks/wsdd/install.sh >>>> create mode 100644 src/paks/wsdd/uninstall.sh >>>> create mode 100644 src/paks/wsdd/update.sh >>>> diff --git a/config/rootfiles/packages/wsdd >>>> b/config/rootfiles/packages/wsdd >>>> new file mode 100644 >>>> index 000000000..ce225043a >>>> --- /dev/null >>>> +++ b/config/rootfiles/packages/wsdd >>>> @@ -0,0 +1,2 @@ >>>> +etc/rc.d/init.d/wsdd >>>> +usr/bin/wsdd >>>> diff --git a/lfs/wsdd b/lfs/wsdd >>>> new file mode 100644 >>>> index 000000000..aa65e47ef >>>> --- /dev/null >>>> +++ b/lfs/wsdd >>>> @@ -0,0 +1,89 @@ >>>> +################################################################= ############### >>>> +# # >>>> +# IPFire.org - A linux based firewall # >>>> +# Copyright (C) 2007-2024 IPFire Team >>> > # >>>> +# # >>>> +# This program is free software: you can redistribute it and/or >>>> modify # >>>> +# it under the terms of the GNU General Public License as publis= hed >>>> by # >>>> +# the Free Software Foundation, either version 3 of the >>>> License, or # >>>> +# (at your option) any later version. # >>>> +# # >>>> +# This program is distributed in the hope that it will be useful= , # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of= # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>>> +# GNU General Public License for more details. # >>>> +# # >>>> +# You should have received a copy of the GNU General Public >>>> License # >>>> +# along with this program. If not, see >>>> > >>>> > >>.= # >>>> +# # >>>> +################################################################= ############### >>>> + >>>> +################################################################= ############### >>>> +# Definitions >>>> +################################################################= ############### >>>> + >>>> +include Config >>>> + >>>> +VER =3D 0.7.1 >>>> +SUMMARY =3D A Web Service Discovery host daemon. >>>> + >>>> +THISAPP =3D wsdd-$(VER) >>>> +DL_FILE =3D $(THISAPP).tar.gz >>>> +DL_FROM =3D $(URL_IPFIRE) >>>> +DIR_APP =3D $(DIR_SRC)/$(THISAPP) >>>> +TARGET =3D $(DIR_INFO)/$(THISAPP) >>>> +PROG =3D wsdd >>>> +PAK_VER =3D 1 >>>> + >>>> +DEPS =3D >>>> + >>>> +SERVICES =3D wsdd >>>> + >>>> +################################################################= ############### >>>> +# Top-level Rules >>>> +################################################################= ############### >>>> + >>>> +objects =3D $(DL_FILE) >>>> + >>>> +$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>>> + >>>> +$(DL_FILE)_BLAKE2 =3D >>>> ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563a= b2aca571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26 >>>> + >>>> +install : $(TARGET) >>>> + >>>> +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) >>>> + >>>> +download :$(patsubst %,$(DIR_DL)/%,$(objects)) >>>> + >>>> +b2 : $(subst %,%_BLAKE2,$(objects)) >>>> + >>>> +dist: >>>> + @$(PAK) >>>> + >>>> +################################################################= ############### >>>> +# Downloading, checking, b2sum >>>> +################################################################= ############### >>>> + >>>> +$(patsubst %,$(DIR_CHK)/%,$(objects)) : >>>> + @$(CHECK) >>>> + >>>> +$(patsubst %,$(DIR_DL)/%,$(objects)) : >>>> + @$(LOAD) >>>> + >>>> +$(subst %,%_BLAKE2,$(objects)) : >>>> + @$(B2SUM) >>>> + >>>> +################################################################= ############### >>>> +# Installation Details >>>> +################################################################= ############### >>>> + >>>> +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>>> + @$(PREBUILD) >>>> + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf >>>> $(DIR_DL)/$(DL_FILE) >>>> + cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd >>>> + >>>> + #install initscripts >>>> + $(call INSTALL_INITSCRIPTS,$(SERVICES)) >>>> + >>>> + @rm -rf $(DIR_APP) >>>> + @$(POSTBUILD) >>>> diff --git a/make.sh b/make.sh >>>> index 06e09c9a3..5af3dedc3 100755 >>>> --- a/make.sh >>>> +++ b/make.sh >>>> @@ -1699,6 +1699,7 @@ buildipfire() { >>>> lfsmake2 perl-MIME-Base32 >>>> lfsmake2 perl-URI-Encode >>>> lfsmake2 rsnapshot >>>> + lfsmake2 wsdd >>>> # Kernelbuild ... current we have no platform that need >>>> # multi kernel builds so KCFG is empty >>>> diff --git a/src/initscripts/packages/wsdd >>>> b/src/initscripts/packages/wsdd >>>> new file mode 100644 >>>> index 000000000..c5207f872 >>>> --- /dev/null >>>> +++ b/src/initscripts/packages/wsdd >>>> @@ -0,0 +1,63 @@ >>>> +#!/bin/sh >>>> +################################################################= ############### >>>> +# # >>>> +# IPFire.org - A linux based firewall # >>>> +# Copyright (C) 2007-2024 IPFire Team >>> > # >>>> +# # >>>> +# This program is free software: you can redistribute it and/or >>>> modify # >>>> +# it under the terms of the GNU General Public License as publis= hed >>>> by # >>>> +# the Free Software Foundation, either version 3 of the >>>> License, or # >>>> +# (at your option) any later version. # >>>> +# # >>>> +# This program is distributed in the hope that it will be useful= , # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of= # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>>> +# GNU General Public License for more details. # >>>> +# # >>>> +# You should have received a copy of the GNU General Public >>>> License # >>>> +# along with this program. If not, see >>>> > >>>> > >>.= # >>>> +# # >>>> +################################################################= ############### >>>> + >>>> +. /etc/sysconfig/rc >>>> +. $rc_functions >>>> + >>>> +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) >>>> + >>>> +# Create chroot directory for wsdd >>>> +mkdir -p /var/run/wsdd >>>> + >>>> +INTERFACES=3D"-i ${GREEN_DEV}" >>>> + if [ -n "${BLUE_DEV}" ]; then >>>> + INTERFACES=3D"${INTERFACES} -i ${BLUE_DEV}" >>>> + fi >>>> +WSDD_WORKGROUP=3D"-w $(/usr/bin/testparm -s --parameter-name >>>> workgroup 2>/dev/null)" >>>> +WSDD_USER=3D"-u wsdd:wsdd" >>>> +WSDD_CHROOT=3D"-c /var/run/wsdd" >>>> + >>>> +case "$1" in >>>> + start) >>>> + boot_mesg "Starting wsdd daemon..." >>>> + loadproc -b /usr/bin/wsdd -4 ${WSDD_USER} ${INTERFACES} >>>> ${WSDD_WORKGROUP} ${WSDD_CHROOT} >>>> + sleep 1 >>>> + echo $(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk '{pri= nt >>>> $2}') > /var/run/wsdd/pid >>>> + ;; >>>> + stop) >>>> + boot_mesg "Stopping wsdd daemon..." >>>> + killproc -p /var/run/wsdd/pid /usr/bin/wsdd >>>> + ;; >>>> + status) >>>> + WSDD_PID=3D$(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk >>>> '{print $2}') >>>> + if [ -n "${WSDD_PID}" ]; then >>>> + echo -e "\\033[1;36m /usr/bin/wsdd is running with Process"\ >>>> + "ID(s) $WSDD_PID.\\033[0;39m" >>>> + else >>>> + echo -e "\\033[1;36m /usr/bin/wsdd is not running.\\033[0;39m" >>>> + fi >>>> + ;; >>>> + *) >>>> + echo "Usage: $0 (start|stop|status)" >>>> + exit 1 >>>> + ;; >>>> +esac >>>> + >>>> diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh >>>> new file mode 100644 >>>> index 000000000..181b84eb9 >>>> --- /dev/null >>>> +++ b/src/paks/wsdd/install.sh >>>> @@ -0,0 +1,40 @@ >>>> +#!/bin/bash >>>> +################################################################= ############ >>>> +# # >>>> +# This file is part of the IPFire Firewall. # >>>> +# # >>>> +# IPFire is free software; you can redistribute it and/or modify= # >>>> +# it under the terms of the GNU General Public License as publis= hed >>>> by # >>>> +# the Free Software Foundation; either version 2 of the >>>> License, or # >>>> +# (at your option) any later version. # >>>> +# # >>>> +# IPFire is distributed in the hope that it will be useful, # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of= # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>>> +# GNU General Public License for more details. # >>>> +# # >>>> +# You should have received a copy of the GNU General Public >>>> License # >>>> +# along with IPFire; if not, write to the Free Software # >>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >>>> 02111-1307 USA # >>>> +# # >>>> +# Copyright (C) 2007 IPFire-Team >>> >. # >>>> +# # >>>> +################################################################= ############ >>>> +# >>>> +. /opt/pakfire/lib/functions.sh >>>> + >>>> +# If the wsdd user does not exist yet, then create it and add to >>>> wsdd group. >>>> +if ! getent user wsdd >/dev/null; then >>>> + useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd >>>> + usermod -a -G wsdd wsdd >>>> +fi >>>> + >>>> +extract_files >>>> +restore_backup ${NAME} >>>> + >>>> +# Create startlinks >>>> +ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd >>>> +ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd >>>> +ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd >>>> +start_service ${NAME} >>>> +exit 0 >>>> diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall= .sh >>>> new file mode 100644 >>>> index 000000000..4c52ee281 >>>> --- /dev/null >>>> +++ b/src/paks/wsdd/uninstall.sh >>>> @@ -0,0 +1,30 @@ >>>> +#!/bin/bash >>>> +################################################################= ############ >>>> +# # >>>> +# This file is part of the IPFire Firewall. # >>>> +# # >>>> +# IPFire is free software; you can redistribute it and/or modify= # >>>> +# it under the terms of the GNU General Public License as publis= hed >>>> by # >>>> +# the Free Software Foundation; either version 2 of the >>>> License, or # >>>> +# (at your option) any later version. # >>>> +# # >>>> +# IPFire is distributed in the hope that it will be useful, # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of= # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>>> +# GNU General Public License for more details. # >>>> +# # >>>> +# You should have received a copy of the GNU General Public >>>> License # >>>> +# along with IPFire; if not, write to the Free Software # >>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >>>> 02111-1307 USA # >>>> +# # >>>> +# Copyright (C) 2007 IPFire-Team >>> >. # >>>> +# # >>>> +################################################################= ############ >>>> +# >>>> +. /opt/pakfire/lib/functions.sh >>>> +stop_service ${NAME} >>>> +make_backup ${NAME} >>>> +remove_files >>>> +# Remove all start links. >>>> +rm -rf /etc/rc.d/rc*.d/*wsdd >>>> +exit 0 >>>> diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh >>>> new file mode 100644 >>>> index 000000000..99776659c >>>> --- /dev/null >>>> +++ b/src/paks/wsdd/update.sh >>>> @@ -0,0 +1,27 @@ >>>> +#!/bin/bash >>>> +################################################################= ############ >>>> +# # >>>> +# This file is part of the IPFire Firewall. # >>>> +# # >>>> +# IPFire is free software; you can redistribute it and/or modify= # >>>> +# it under the terms of the GNU General Public License as publis= hed >>>> by # >>>> +# the Free Software Foundation; either version 2 of the >>>> License, or # >>>> +# (at your option) any later version. # >>>> +# # >>>> +# IPFire is distributed in the hope that it will be useful, # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of= # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # >>>> +# GNU General Public License for more details. # >>>> +# # >>>> +# You should have received a copy of the GNU General Public >>>> License # >>>> +# along with IPFire; if not, write to the Free Software # >>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA >>>> 02111-1307 USA # >>>> +# # >>>> +# Copyright (C) 2007-2020 IPFire-Team >>> >. # >>>> +# # >>>> +################################################################= ############ >>>> +# >>>> +. /opt/pakfire/lib/functions.sh >>>> +extract_backup_includes >>>> +./uninstall.sh >>>> +./install.sh >>>> -- 2.43.0 >>>> -- >> Sent from my laptop >>>> -- Sent from my laptop >>>=20 >>> --=20 >>> Sent from my laptop --===============4082895445768175298==--