Development March 2024

development@lists.ipfire.org

11 participants
55 discussions

Patches from a couple of bug fixes not yet merged
by Adolf Belka 03 Mar '24

03 Mar '24

Hi All, Several bug fix patches of mine have been merged recently but there are a couple that are not yet merged. Not sure if these need further work or have just been missed so I thought I would flag them just in case. https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/threa… https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/threa… Regards, Adolf -- Sent from my laptop

2 1

Can the firewall interface be simplified
by Nick Howitt 02 Mar '24

02 Mar '24

Hi, I posted this to the forums but this may be a better place for discussion. I am a new user of IPFire had have just transitioned from ClearOS which is going end of life this year and I believe some of the firewalling could be a lot easier. Full disclosure - I used to be a basic maintainer of ClearOS (and sole maintainer for about 20 months) and I have good understanding of iptables. I have found the firewall complicated to use as it is trying to do everything in one screen and I can only really get it to work with my knowledge of iptables and using the help screens. It is not something any family member could easily take over if I ever pass on. Many domestic routers have a very simple Port Forwarding menu. At its simplest, it has a destination (LAN) IP, protocol and port/port range which applies to the external interface. ClearOS also allows you to switch ports, so, for example incoming tcp:2222 can be switched to tcp:22. There is no mention of NAT, of source ports (which are irrelevant) or interfaces. It would greatly help unknowledgeable users to have a simple port forwarding menu something like that, with maybe a source IP field as well. I have a /29 block of static IP’s, Really using one of them should need a screen little more complicated than a Port Forwarding screen, but should also allow you to specify which of your external IPs to use. Then it should set up the Alias for you and do the port forwarding with the option of any protocol. At the same time it should set up an SNAT rule so outbound traffic is seen to originate from your designated external IP rather than the default interface IP, and a hairpin rule should be set up so the external IP can be accessed from the LAN (it is only needed for the LAN that the target device is on and not the other LANs). As you have in ClearOS, you could then have a separate menu to open the incoming firewall e.g. for OpenVPN. I like the Service groups concept but, at the same time, it could be made largely redundant. If the use of “-m multiport” is made use of for all port based rules, including a single port, then the destination port selector in the Protocol section could be opened up to allow up to 15 ports to be specified, like you can in the Services section. Then I think service groups are only relevant for when you have more than 1 protocol that you want to apply the rule to. I would also need to think about it more, but it may be good if Static Routes also created their own hairpin firewall rule. Regards, Nick

4 6

Request for Home directory
by jon 01 Mar '24

01 Mar '24

Hello, How do I enable a Home directory <https://www.ipfire.org/docs/community/people/home-directories>for me? Best regards, Jon

3 8

[PATCH] samba: wsdd started and stopped when samba started or stopped
by Adolf Belka 01 Mar '24

01 Mar '24

- Add wsdd as a dependency to samba so it will be installed together with samba - Add the starting and stopping of wsdd into the samba initscript Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/samba | 4 ++-- src/initscripts/packages/samba | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lfs/samba b/lfs/samba index 76088abfa..df7811313 100644 --- a/lfs/samba +++ b/lfs/samba @@ -33,9 +33,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 99 +PAK_VER = 100 -DEPS = avahi cups perl-Parse-Yapp perl-JSON +DEPS = avahi cups perl-Parse-Yapp perl-JSON wsdd SERVICES = samba diff --git a/src/initscripts/packages/samba b/src/initscripts/packages/samba index 93f14cd29..99b9929cf 100644 --- a/src/initscripts/packages/samba +++ b/src/initscripts/packages/samba @@ -42,6 +42,8 @@ case "$1" in boot_mesg "Starting winbind..." loadproc /usr/sbin/winbindd + + /etc/rc.d/init.d/wsdd start ;; stop) @@ -53,7 +55,9 @@ case "$1" in boot_mesg "Stopping winbind..." killproc /usr/sbin/winbindd - ;; + + /etc/rc.d/init.d/wsdd stop + ;; reload) boot_mesg "Reloading smbd..." -- 2.44.0

2 2

[PATCH 1/2] wsdd: Install wsdd - fixes bug13445
by Adolf Belka 01 Mar '24

01 Mar '24

- lfs and toorfile created for wsdd - wsdd added to make.sh script - created install/update/uninstall scripts for wsdd that create an unpriveleged user and group. - initscript created for wsdd. As wsdd is a python3 script, when it is run as a daemon the pidof command does not find any pid for wsdd. So a directory/file for a pid file was created. This is then passed to the loadproc and killproc commands. After the loadproc command has been created the pid is extracted from the ps aux command and put into the pid file. This then works when running the killproc command for it to know what to go and stop. The statusproc command does not have the ability to feed in the pid from a pid file and so it fails to find a running wsdd as it uses the pidof command. Code was added to the status section of the initscript to check if the pid file exists and if so to print the same command as used with the statusproc command, and also the same wording if the pid file does not exist because wsdd is not running. - info from the ethernet/settings file is used to identify if only green0 is available or if blue0 is also used and based on this the appropriate interface commands are added to the wsdd command. - wsdd is also set up to run in a chroot - Has been tested on my vm testbed, initially by editing the files on the vm clone. After everything confiremd to be working, the build was successfully carried out and the .ipfire package was copied to a new vm clone installed and shown to perform as expected. This test only confirms that wsdd is correctly installed and started. Shutsdown and restarts on reboot successfully. Confirmed from the ps aux info that wsdd has been started with the correct options. Thge testing can not evaluate if wsdd enables windows systems newer than version 7 top be able to detect the samba shares as I have no windows systems. Fixes: Bug13445 Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/packages/wsdd | 2 + lfs/wsdd | 89 ++++++++++++++++++++++++++++++++++ make.sh | 1 + src/initscripts/packages/wsdd | 63 ++++++++++++++++++++++++ src/paks/wsdd/install.sh | 40 +++++++++++++++ src/paks/wsdd/uninstall.sh | 30 ++++++++++++ src/paks/wsdd/update.sh | 27 +++++++++++ 7 files changed, 252 insertions(+) create mode 100644 config/rootfiles/packages/wsdd create mode 100644 lfs/wsdd create mode 100644 src/initscripts/packages/wsdd create mode 100644 src/paks/wsdd/install.sh create mode 100644 src/paks/wsdd/uninstall.sh create mode 100644 src/paks/wsdd/update.sh diff --git a/config/rootfiles/packages/wsdd b/config/rootfiles/packages/wsdd new file mode 100644 index 000000000..ce225043a --- /dev/null +++ b/config/rootfiles/packages/wsdd @@ -0,0 +1,2 @@ +etc/rc.d/init.d/wsdd +usr/bin/wsdd diff --git a/lfs/wsdd b/lfs/wsdd new file mode 100644 index 000000000..aa65e47ef --- /dev/null +++ b/lfs/wsdd @@ -0,0 +1,89 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <http://www.gnu.org/licenses/>. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.7.1 +SUMMARY = A Web Service Discovery host daemon. + +THISAPP = wsdd-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = wsdd +PAK_VER = 1 + +DEPS = + +SERVICES = wsdd + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563ab2aca571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd + + #install initscripts + $(call INSTALL_INITSCRIPTS,$(SERVICES)) + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 06e09c9a3..5af3dedc3 100755 --- a/make.sh +++ b/make.sh @@ -1699,6 +1699,7 @@ buildipfire() { lfsmake2 perl-MIME-Base32 lfsmake2 perl-URI-Encode lfsmake2 rsnapshot + lfsmake2 wsdd # Kernelbuild ... current we have no platform that need # multi kernel builds so KCFG is empty diff --git a/src/initscripts/packages/wsdd b/src/initscripts/packages/wsdd new file mode 100644 index 000000000..c5207f872 --- /dev/null +++ b/src/initscripts/packages/wsdd @@ -0,0 +1,63 @@ +#!/bin/sh +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <http://www.gnu.org/licenses/>. # +# # +############################################################################### + +. /etc/sysconfig/rc +. $rc_functions + +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) + +# Create chroot directory for wsdd +mkdir -p /var/run/wsdd + +INTERFACES="-i ${GREEN_DEV}" + if [ -n "${BLUE_DEV}" ]; then + INTERFACES="${INTERFACES} -i ${BLUE_DEV}" + fi +WSDD_WORKGROUP="-w $(/usr/bin/testparm -s --parameter-name workgroup 2>/dev/null)" +WSDD_USER="-u wsdd:wsdd" +WSDD_CHROOT="-c /var/run/wsdd" + +case "$1" in + start) + boot_mesg "Starting wsdd daemon..." + loadproc -b /usr/bin/wsdd -4 ${WSDD_USER} ${INTERFACES} ${WSDD_WORKGROUP} ${WSDD_CHROOT} + sleep 1 + echo $(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk '{print $2}') > /var/run/wsdd/pid + ;; + stop) + boot_mesg "Stopping wsdd daemon..." + killproc -p /var/run/wsdd/pid /usr/bin/wsdd + ;; + status) + WSDD_PID=$(ps aux | grep "/usr/bin/wsdd" | grep -v grep | awk '{print $2}') + if [ -n "${WSDD_PID}" ]; then + echo -e "\\033[1;36m /usr/bin/wsdd is running with Process"\ + "ID(s) $WSDD_PID.\\033[0;39m" + else + echo -e "\\033[1;36m /usr/bin/wsdd is not running.\\033[0;39m" + fi + ;; + *) + echo "Usage: $0 (start|stop|status)" + exit 1 + ;; +esac + diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh new file mode 100644 index 000000000..181b84eb9 --- /dev/null +++ b/src/paks/wsdd/install.sh @@ -0,0 +1,40 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team <info(a)ipfire.org>. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh + +# If the wsdd user does not exist yet, then create it and add to wsdd group. +if ! getent user wsdd >/dev/null; then + useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd + usermod -a -G wsdd wsdd +fi + +extract_files +restore_backup ${NAME} + +# Create startlinks +ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd +ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd +ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd +start_service ${NAME} +exit 0 diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall.sh new file mode 100644 index 000000000..4c52ee281 --- /dev/null +++ b/src/paks/wsdd/uninstall.sh @@ -0,0 +1,30 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team <info(a)ipfire.org>. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +stop_service ${NAME} +make_backup ${NAME} +remove_files +# Remove all start links. +rm -rf /etc/rc.d/rc*.d/*wsdd +exit 0 diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh new file mode 100644 index 000000000..99776659c --- /dev/null +++ b/src/paks/wsdd/update.sh @@ -0,0 +1,27 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2020 IPFire-Team <info(a)ipfire.org>. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_backup_includes +./uninstall.sh +./install.sh -- 2.43.0

3 13

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development March 2024