From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/2] wsdd: Install wsdd - fixes bug13445
Date: Wed, 28 Feb 2024 16:45:49 +0000 [thread overview]
Message-ID: <D062661D-882A-46E0-B1C5-180F240B1ECA@ipfire.org> (raw)
In-Reply-To: <0a69afd9-6fe5-4897-8967-cbc12b4f6101@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 23975 bytes --]
Hello Adolf,
> On 16 Feb 2024, at 17:15, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> Hi Michael,
>
> On 16/01/2024 11:30, daniel.weismueller(a)ipfire.org wrote:
>> Hi there.
>> I've installed and testetd the latest / modified version of the wsdd addon on two machines.
>> Nearly everything works as exspected. Also my Winodws PCs see the IPFIRE as a menber of the workgroup and could browse and use the samba shares.
>> If you use the firewall option "Drop all Microsoft ports 135,137,138,139,445,1025" the clients in the blue network see the IPFIRE but aren't able to browse or connect to the shares.
>> I've recogniced only one thing that don't work like I exspected.
>> - If you stop or restart samba the wsdd addon won't stop or restart, too.
>> I think it would be better if the wssd stop too because if you change the workgroup and start the samba again the wsdd won't recognice it.
>
> To make a patch to support this I need to have the wsdd patches that you created merged into next. Then I can work on having samba trigger the start and stop of wsdd so that it does not run independently but is synchronised with samba.
Okay, I have merged the wsdd branch into next.
Please let me know if there is anything else you need from me.
> Regards,
> Adolf.
>
>> -
>> Daniel
>> Am 12. Januar 2024 um 16:09 schrieb "Adolf Belka" <adolf.belka(a)ipfire.org<mailto:adolf.belka(a)ipfire.org?to=%22Adolf%20Belka%22%20%3Cadolf.belka%40ipfire.org%3E>>:
>> Hi Michael,
>> On 12/01/2024 14:40, Michael Tremer wrote:
>> Hello,
>> On 12 Jan 2024, at 11:14, Adolf Belka <adolf.belka(a)ipfire.org
>> <mailto:adolf.belka(a)ipfire.org>> wrote:
>> Hi Daniel,
>> On 11/01/2024 17:11, daniel.weismueller(a)ipfire.org
>> <mailto:daniel.weismueller(a)ipfire.org> wrote:
>> Hi Adolf.
>> We have looked at your work. First of all, thank you very much.
>> Your scripts seems to work fine. I will start tomorrow to test
>> them in whole. However we have made a few changes.
>> In particular, we have adapted the code to the existing code in
>> IPFire.
>> Please take look at Michaels wsdd branch.
>> https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/wsdd <https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/wsdd> <https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/wsdd> <https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/wsdd>>
>> That looks very good. I clearly still have a bit to learn
>> about how to code in a more tidy manner.
>> It worked… I was just in the swing of it :)
>> I also see that Michael fixed the pid fault in the
>> loadproc/statusproc/killproc while I just created a workaround
>> solution for the wsdd initscript alone.
>> loadproc/statusproc/killproc are really difficult to handle.
>> They are supposed to be LSB-conformant functions, but I believe
>> that it never really happened that they because universally used
>> and compatible between distributions. Now with systemd, there is
>> no more need…
>> And it is also because of systemd that daemons behave
>> differently now - actually not even like daemons whatsoever any
>> more. They used to fork themselves into the background which
>> made all the PID processing necessary, because the init script
>> could not know the PID of the process forked in the background.
>> Now, they don’t do this any more because without the fork,
>> things are easier for systemd to manage.
>> The new -b switch that was added some while ago is already
>> helping us to launch such new processes into the background, but
>> we don’t have PID files any more. And since scripts don’t work
>> with statusproc/killproc, I thought it might be a good idea to
>> add this to loadproc as I am expecting us to need this more
>> often in the future.
>> And while I was thinking about the problem, I figured it would
>> be easier to send a patch for those few lines instead of
>> explaining it in words - which probably would have been a little
>> bit longer.
>> The only noteworthy thing is that there was a potential security
>> issue in passing around the shell arguments as strings because
>> the workgroup variable could have been almost anything. I am not
>> sure what validation samba would do, but I thought it would be
>> best not to rely on that. A two words (with a space) workgroup
>> would have caused wsdd not to start, because it would have seen
>> a command line like “—-workgroup ABC DEF” with ABC being
>> interpreted as the workgroup and DEF being some garbage that
>> wsdd would not understand. The trick with the array is that it
>> would pass the arguments like this “—-workgroup ‘ABC DEF’” which
>> prevents that “DEF” would be interpreted as an extra parameter.
>> So, everything is fine :) Especially after I added the “restart”
>> command :)
>> I did have a look at the code in the functions file but
>> struggled to understand it enough to be able to figure out what
>> was giving the problem I was experiencing.
>> Which functions?
>> The /src/initscripts/system/functions file from the git repo that
>> has the loadproc, statusproc and killproc functions in it.
>> Regards,
>> Adolf.
>> I am glad that has been sorted and the initscript tidied up in
>> line with IPFire coding style.
>> That is why we are all working together...
>> Will try and remember that in future.
>> If not, we are here to help :)
>> -Michael
>> Regards,
>> Adolf.
>> -
>> Daniel
>> Am 10. Januar 2024 um 14:30 schrieb "Adolf Belka"
>> <adolf.belka(a)ipfire.org <mailto:adolf.belka(a)ipfire.org>
>> <mailto:adolf.belka(a)ipfire.org?to=%22Adolf%20Belka%22%20%3Cadolf
>> <mailto:adolf.belka(a)ipfire.org?to=%22Adolf%20Belka%22%20%3Cadolf>.belka%40ipfire.org%3E>>:
>> - lfs and toorfile created for wsdd
>> - wsdd added to make.sh script
>> - created install/update/uninstall scripts for wsdd that create an
>> unpriveleged user and
>> group.
>> - initscript created for wsdd. As wsdd is a python3 script, when it
>> is run as a daemon the
>> pidof command does not find any pid for wsdd. So a directory/file
>> for a pid file was
>> created. This is then passed to the loadproc and killproc commands.
>> After the loadproc
>> command has been created the pid is extracted from the ps aux
>> command and put into the
>> pid file. This then works when running the killproc command for it
>> to know what to go
>> and stop. The statusproc command does not have the ability to feed
>> in the pid from a
>> pid file and so it fails to find a running wsdd as it uses the pidof
>> command. Code was
>> added to the status section of the initscript to check if the pid
>> file exists and if so
>> to print the same command as used with the statusproc command, and
>> also the same
>> wording if the pid file does not exist because wsdd is not running.
>> - info from the ethernet/settings file is used to identify if only
>> green0 is available or
>> if blue0 is also used and based on this the appropriate interface
>> commands are added to
>> the wsdd command.
>> - wsdd is also set up to run in a chroot
>> - Has been tested on my vm testbed, initially by editing the files
>> on the vm clone. After
>> everything confiremd to be working, the build was successfully
>> carried out and the
>> .ipfire package was copied to a new vm clone installed and shown to
>> perform as expected.
>> This test only confirms that wsdd is correctly installed and
>> started. Shutsdown and
>> restarts on reboot successfully. Confirmed from the ps aux info that
>> wsdd has been
>> started with the correct options. Thge testing can not evaluate if
>> wsdd enables windows
>> systems newer than version 7 top be able to detect the samba shares
>> as I have no
>> windows systems.
>> Fixes: Bug13445
>> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org
>> <mailto:adolf.belka(a)ipfire.org>>
>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org
>> <mailto:adolf.belka(a)ipfire.org>>
>> ---
>> config/rootfiles/packages/wsdd | 2 +
>> lfs/wsdd | 89 ++++++++++++++++++++++++++++++++++
>> make.sh | 1 +
>> src/initscripts/packages/wsdd | 63 ++++++++++++++++++++++++
>> src/paks/wsdd/install.sh | 40 +++++++++++++++
>> src/paks/wsdd/uninstall.sh | 30 ++++++++++++
>> src/paks/wsdd/update.sh | 27 +++++++++++
>> 7 files changed, 252 insertions(+)
>> create mode 100644 config/rootfiles/packages/wsdd
>> create mode 100644 lfs/wsdd
>> create mode 100644 src/initscripts/packages/wsdd
>> create mode 100644 src/paks/wsdd/install.sh
>> create mode 100644 src/paks/wsdd/uninstall.sh
>> create mode 100644 src/paks/wsdd/update.sh
>> diff --git a/config/rootfiles/packages/wsdd
>> b/config/rootfiles/packages/wsdd
>> new file mode 100644
>> index 000000000..ce225043a
>> --- /dev/null
>> +++ b/config/rootfiles/packages/wsdd
>> @@ -0,0 +1,2 @@
>> +etc/rc.d/init.d/wsdd
>> +usr/bin/wsdd
>> diff --git a/lfs/wsdd b/lfs/wsdd
>> new file mode 100644
>> index 000000000..aa65e47ef
>> --- /dev/null
>> +++ b/lfs/wsdd
>> @@ -0,0 +1,89 @@
>> +###############################################################################
>> +# #
>> +# IPFire.org - A linux based firewall #
>> +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org
>> <mailto:info(a)ipfire.org>> #
>> +# #
>> +# This program is free software: you can redistribute it and/or
>> modify #
>> +# it under the terms of the GNU General Public License as published
>> by #
>> +# the Free Software Foundation, either version 3 of the
>> License, or #
>> +# (at your option) any later version. #
>> +# #
>> +# This program is distributed in the hope that it will be useful, #
>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of #
>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
>> +# GNU General Public License for more details. #
>> +# #
>> +# You should have received a copy of the GNU General Public
>> License #
>> +# along with this program. If not, see
>> <http://www.gnu.org/licenses/> <http://www.gnu.org/licenses/>>
>> <http://www.gnu.org/licenses/>> <http://www.gnu.org/licenses/>>>. #
>> +# #
>> +###############################################################################
>> +
>> +###############################################################################
>> +# Definitions
>> +###############################################################################
>> +
>> +include Config
>> +
>> +VER = 0.7.1
>> +SUMMARY = A Web Service Discovery host daemon.
>> +
>> +THISAPP = wsdd-$(VER)
>> +DL_FILE = $(THISAPP).tar.gz
>> +DL_FROM = $(URL_IPFIRE)
>> +DIR_APP = $(DIR_SRC)/$(THISAPP)
>> +TARGET = $(DIR_INFO)/$(THISAPP)
>> +PROG = wsdd
>> +PAK_VER = 1
>> +
>> +DEPS =
>> +
>> +SERVICES = wsdd
>> +
>> +###############################################################################
>> +# Top-level Rules
>> +###############################################################################
>> +
>> +objects = $(DL_FILE)
>> +
>> +$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>> +
>> +$(DL_FILE)_BLAKE2 =
>> ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563ab2aca571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26
>> +
>> +install : $(TARGET)
>> +
>> +check : $(patsubst %,$(DIR_CHK)/%,$(objects))
>> +
>> +download :$(patsubst %,$(DIR_DL)/%,$(objects))
>> +
>> +b2 : $(subst %,%_BLAKE2,$(objects))
>> +
>> +dist:
>> + @$(PAK)
>> +
>> +###############################################################################
>> +# Downloading, checking, b2sum
>> +###############################################################################
>> +
>> +$(patsubst %,$(DIR_CHK)/%,$(objects)) :
>> + @$(CHECK)
>> +
>> +$(patsubst %,$(DIR_DL)/%,$(objects)) :
>> + @$(LOAD)
>> +
>> +$(subst %,%_BLAKE2,$(objects)) :
>> + @$(B2SUM)
>> +
>> +###############################################################################
>> +# Installation Details
>> +###############################################################################
>> +
>> +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> + @$(PREBUILD)
>> + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf
>> $(DIR_DL)/$(DL_FILE)
>> + cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd
>> +
>> + #install initscripts
>> + $(call INSTALL_INITSCRIPTS,$(SERVICES))
>> +
>> + @rm -rf $(DIR_APP)
>> + @$(POSTBUILD)
>> diff --git a/make.sh b/make.sh
>> index 06e09c9a3..5af3dedc3 100755
>> --- a/make.sh
>> +++ b/make.sh
>> @@ -1699,6 +1699,7 @@ buildipfire() {
>> lfsmake2 perl-MIME-Base32
>> lfsmake2 perl-URI-Encode
>> lfsmake2 rsnapshot
>> + lfsmake2 wsdd
>> # Kernelbuild ... current we have no platform that need
>> # multi kernel builds so KCFG is empty
>> diff --git a/src/initscripts/packages/wsdd
>> b/src/initscripts/packages/wsdd
>> new file mode 100644
>> index 000000000..c5207f872
>> --- /dev/null
>> +++ b/src/initscripts/packages/wsdd
>> @@ -0,0 +1,63 @@
>> +#!/bin/sh
>> +###############################################################################
>> +# #
>> +# IPFire.org - A linux based firewall #
>> +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org
>> <mailto:info(a)ipfire.org>> #
>> +# #
>> +# This program is free software: you can redistribute it and/or
>> modify #
>> +# it under the terms of the GNU General Public License as published
>> by #
>> +# the Free Software Foundation, either version 3 of the
>> License, or #
>> +# (at your option) any later version. #
>> +# #
>> +# This program is distributed in the hope that it will be useful, #
>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of #
>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
>> +# GNU General Public License for more details. #
>> +# #
>> +# You should have received a copy of the GNU General Public
>> License #
>> +# along with this program. If not, see
>> <http://www.gnu.org/licenses/> <http://www.gnu.org/licenses/>>
>> <http://www.gnu.org/licenses/>> <http://www.gnu.org/licenses/>>>. #
>> +# #
>> +###############################################################################
>> +
>> +. /etc/sysconfig/rc
>> +. $rc_functions
>> +
>> +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
>> +
>> +# Create chroot directory for wsdd
>> +mkdir -p /var/run/wsdd
>> +
>> +INTERFACES="-i ${GREEN_DEV}"
>> + if [ -n "${BLUE_DEV}" ]; then
>> + INTERFACES="${INTERFACES} -i ${BLUE_DEV}"
>> + fi
>> +WSDD_WORKGROUP="-w $(/usr/bin/testparm -s --parameter-name
>> workgroup 2>/dev/null)"
>> +WSDD_USER="-u wsdd:wsdd"
>> +WSDD_CHROOT="-c /var/run/wsdd"
>> +
>> +case "$1" in
>> + start)
>> + boot_mesg "Starting wsdd daemon..."
>> + loadproc -b /usr/bin/wsdd -4 ${WSDD_USER} ${INTERFACES}
>> ${WSDD_WORKGROUP} ${WSDD_CHROOT}
>> + sleep 1
>> + echo $(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk '{print
>> $2}') > /var/run/wsdd/pid
>> + ;;
>> + stop)
>> + boot_mesg "Stopping wsdd daemon..."
>> + killproc -p /var/run/wsdd/pid /usr/bin/wsdd
>> + ;;
>> + status)
>> + WSDD_PID=$(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk
>> '{print $2}')
>> + if [ -n "${WSDD_PID}" ]; then
>> + echo -e "\\033[1;36m /usr/bin/wsdd is running with Process"\
>> + "ID(s) $WSDD_PID.\\033[0;39m"
>> + else
>> + echo -e "\\033[1;36m /usr/bin/wsdd is not running.\\033[0;39m"
>> + fi
>> + ;;
>> + *)
>> + echo "Usage: $0 (start|stop|status)"
>> + exit 1
>> + ;;
>> +esac
>> +
>> diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh
>> new file mode 100644
>> index 000000000..181b84eb9
>> --- /dev/null
>> +++ b/src/paks/wsdd/install.sh
>> @@ -0,0 +1,40 @@
>> +#!/bin/bash
>> +############################################################################
>> +# #
>> +# This file is part of the IPFire Firewall. #
>> +# #
>> +# IPFire is free software; you can redistribute it and/or modify #
>> +# it under the terms of the GNU General Public License as published
>> by #
>> +# the Free Software Foundation; either version 2 of the
>> License, or #
>> +# (at your option) any later version. #
>> +# #
>> +# IPFire is distributed in the hope that it will be useful, #
>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of #
>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
>> +# GNU General Public License for more details. #
>> +# #
>> +# You should have received a copy of the GNU General Public
>> License #
>> +# along with IPFire; if not, write to the Free Software #
>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
>> 02111-1307 USA #
>> +# #
>> +# Copyright (C) 2007 IPFire-Team <info(a)ipfire.org
>> <mailto:info(a)ipfire.org>>. #
>> +# #
>> +############################################################################
>> +#
>> +. /opt/pakfire/lib/functions.sh
>> +
>> +# If the wsdd user does not exist yet, then create it and add to
>> wsdd group.
>> +if ! getent user wsdd >/dev/null; then
>> + useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd
>> + usermod -a -G wsdd wsdd
>> +fi
>> +
>> +extract_files
>> +restore_backup ${NAME}
>> +
>> +# Create startlinks
>> +ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd
>> +ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd
>> +ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd
>> +start_service ${NAME}
>> +exit 0
>> diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall.sh
>> new file mode 100644
>> index 000000000..4c52ee281
>> --- /dev/null
>> +++ b/src/paks/wsdd/uninstall.sh
>> @@ -0,0 +1,30 @@
>> +#!/bin/bash
>> +############################################################################
>> +# #
>> +# This file is part of the IPFire Firewall. #
>> +# #
>> +# IPFire is free software; you can redistribute it and/or modify #
>> +# it under the terms of the GNU General Public License as published
>> by #
>> +# the Free Software Foundation; either version 2 of the
>> License, or #
>> +# (at your option) any later version. #
>> +# #
>> +# IPFire is distributed in the hope that it will be useful, #
>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of #
>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
>> +# GNU General Public License for more details. #
>> +# #
>> +# You should have received a copy of the GNU General Public
>> License #
>> +# along with IPFire; if not, write to the Free Software #
>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
>> 02111-1307 USA #
>> +# #
>> +# Copyright (C) 2007 IPFire-Team <info(a)ipfire.org
>> <mailto:info(a)ipfire.org>>. #
>> +# #
>> +############################################################################
>> +#
>> +. /opt/pakfire/lib/functions.sh
>> +stop_service ${NAME}
>> +make_backup ${NAME}
>> +remove_files
>> +# Remove all start links.
>> +rm -rf /etc/rc.d/rc*.d/*wsdd
>> +exit 0
>> diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh
>> new file mode 100644
>> index 000000000..99776659c
>> --- /dev/null
>> +++ b/src/paks/wsdd/update.sh
>> @@ -0,0 +1,27 @@
>> +#!/bin/bash
>> +############################################################################
>> +# #
>> +# This file is part of the IPFire Firewall. #
>> +# #
>> +# IPFire is free software; you can redistribute it and/or modify #
>> +# it under the terms of the GNU General Public License as published
>> by #
>> +# the Free Software Foundation; either version 2 of the
>> License, or #
>> +# (at your option) any later version. #
>> +# #
>> +# IPFire is distributed in the hope that it will be useful, #
>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of #
>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
>> +# GNU General Public License for more details. #
>> +# #
>> +# You should have received a copy of the GNU General Public
>> License #
>> +# along with IPFire; if not, write to the Free Software #
>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
>> 02111-1307 USA #
>> +# #
>> +# Copyright (C) 2007-2020 IPFire-Team <info(a)ipfire.org
>> <mailto:info(a)ipfire.org>>. #
>> +# #
>> +############################################################################
>> +#
>> +. /opt/pakfire/lib/functions.sh
>> +extract_backup_includes
>> +./uninstall.sh
>> +./install.sh
>> -- 2.43.0
>> -- >> Sent from my laptop
>> -- Sent from my laptop
>
> --
> Sent from my laptop
next prev parent reply other threads:[~2024-02-28 16:45 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <14d2e2fe07dfcbad2fc01a7ab62025b0c2e3cf61@ipfire.org>
2024-02-16 17:15 ` Adolf Belka
2024-02-28 16:45 ` Michael Tremer [this message]
[not found] <f5b3cf46-97d8-4e7e-824b-9f294feea88e@ipfire.org>
2024-03-01 16:17 ` Michael Tremer
[not found] <31ed55928f921d6f36c4559a2e41b4a9e1c53e1c@ipfire.org>
2024-01-12 11:14 ` Adolf Belka
2024-01-12 13:40 ` Michael Tremer
2024-01-12 15:09 ` Adolf Belka
2024-01-10 13:30 Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D062661D-882A-46E0-B1C5-180F240B1ECA@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox