Merge remote-tracking branch 'ms/next-dns-ng' into next

src/scripts/convert-dns-settings

@@ -0,0 +1,95 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A Linux-based firewall                                         #
+# Copyright (C) 2020 IPFire Team <info@ipfire.org>                            #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+main() {
+	# Do not convert anything if we already have some servers set
+	if [ ! -s "/var/ipfire/dns/servers" ]; then
+		local DNS0 DNS1 DNS2
+		eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+		if [ -s "/var/ipfire/ppp/settings" ]; then
+			eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
+
+			# Remove DNS, DNS1 and DNS2
+			sed -i "/^DNS[12]?=/d" /var/ipfire/ppp/settings
+		elif [ -s "/var/ipfire/dns/settings" ]; then
+			eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
+		fi
+
+		local var
+		local i=3
+		for var in DNS0 DNS1 DNS2; do
+			if [ -n "${!var}" ]; then
+				echo "${i},${!var},,enabled,"
+				(( i++ ))
+			fi
+		done > /var/ipfire/dns/servers
+
+		# Empty the old settings file
+		: > /var/ipfire/dns/settings
+
+		# Disable using ISP name servers when we already have some configured
+		if [ ${i} -gt 3 ]; then
+			echo "USE_ISP_NAMESERVERS=off" \
+				>> /var/ipfire/dns/settings
+		fi
+	fi
+
+	# Set correct ownership.
+	chown nobody:nobody /var/ipfire/dns/settings
+
+	# Convert old unbound settings file
+	if [ -e "/etc/sysconfig/unbound" ]; then
+		local USE_FORWARDERS
+		local ENABLE_SAFE_SEARCH
+		local FORCE_TCP
+
+		# Read settings
+		eval $(/usr/local/bin/readhash /etc/sysconfig/unbound)
+
+		# Safe Search
+		if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then
+			echo "ENABLE_SAFE_SEARCH=${ENABLE_SAFE_SEARCH}" \
+				>> /var/ipfire/dns/settings
+		fi
+
+		# Force TCP
+		if [ "${FORCE_TCP}" = "on" ]; then
+			echo "PROTO=TCP" >> /var/ipfire/dns/settings
+		fi
+	
+		# Run in recursor mode
+		if [ "${USE_FORWARDERS}" = "0" ]; then
+			# Remove all servers
+			: > /var/ipfire/dns/servers
+		fi
+
+		rm -f "/etc/sysconfig/unbound"
+	fi
+
+	# Set correct ownership.
+	chown nobody:nobody /var/ipfire/dns/servers
+
+	# Make DHCP leases readable for nobody
+	chown 644 /etc/unbound/dhcp-leases.conf
+}
+
+main "$@" || exit $?

src/scripts/update-location-database

@@ -0,0 +1,45 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2019 IPFire Development Team <info@ipfire.org>                #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
+
+# Proxy settings.
+# Check if a proxy should be used.
+if [[ $UPSTREAM_PROXY ]]; then
+	PROXYSETTINGS="https_proxy=http://"
+
+	# Check if authentication against the proxy is configured.
+	if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
+		PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
+	fi
+
+	# Add proxy server.
+	PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
+
+	# Export proxy settings.
+	export HTTPS_PROXY="$PROXYSETTINGS"
+fi
+
+# Get the latest location database from server.
+/usr/bin/location-downloader update
+
+# Call initscript to reload the firewall.
+/etc/init.d/firewall reload

src/scripts/xt_geoip_update

@@ -1,138 +0,0 @@
-#!/bin/bash
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2019 IPFire Development Team <info@ipfire.org>                #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-TMP_PATH=$(mktemp -dp /var/tmp)
-TMP_FILE=$(mktemp -p $TMP_PATH)
-
-SCRIPT_PATH=/usr/local/bin
-DEST_PATH=/usr/share/xt_geoip
-DB_PATH=/var/lib/GeoIP
-DB1_PATH=/usr/share/GeoIP
-
-DL_URL=https://geolite.maxmind.com/download/geoip/database
-DL_FILE=GeoLite2-Country-CSV.zip
-
-eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
-
-function download() {
-	echo "Downloading latest GeoIP ruleset..."
-
-	# Proxy settings.
-	# Check if a proxy should be used.
-	if [[ $UPSTREAM_PROXY ]]; then
-		PROXYSETTINGS="-e https_proxy=http://"
-
-		# Check if authentication against the proxy is configured.
-		if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
-			PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
-		fi
-
-		# Add proxy server.
-		PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
-	fi
-
-	# Get the latest GeoIP database from server.
-	wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
-
-	# Extract files to database path.
-	unzip $TMP_FILE -d $TMP_PATH
-
-	return 0
-}
-
-function install() {
-	echo "Install CSV database..."
-
-	# Check if the database dir exists.
-	if [ ! -e "$DB_PATH" ]; then
-		mkdir -p $DB_PATH &>/dev/null
-	fi
-
-	# Check if the directory for binary databases exists.
-        if [ ! -e "$DEST_PATH" ]; then
-                mkdir -p $DEST_PATH &>/dev/null
-        fi
-
-	# Install CSV databases.
-	if ! cp -af $TMP_PATH/*/* $DB_PATH &>/dev/null; then
-		echo "Could not copy files. Aborting." >&2
-		return 1
-	fi
-
-	return 0
-}
-
-function build_legacy() {
-	echo "Convert database to legacy GeoIP.dat ..."
-	cat $DB_PATH/GeoLite2-Country-Blocks-IPv4.csv | \
-	    $DB1_PATH/bin/geolite2-to-legacy-csv.sh $DB1_PATH/bin/countryInfo.txt > \
-	    $TMP_FILE
-	$DB1_PATH/bin/geoip-generator -v -4 --info="$(date -u +'GEO-106FREE %Y%m%d Build -IPFire-' \
-	    -r $DB_PATH/GeoLite2-Country-Blocks-IPv4.csv) $(<$DB_PATH/COPYRIGHT.txt)" -o \
-	    $DB1_PATH/GeoIP.dat $TMP_FILE
-
-	return 0
-}
-
-
-function build() {
-	echo "Convert database..."
-
-	# Run script to convert the CSV file into several xtables
-	# compatible binary files.
-	if ! $SCRIPT_PATH/xt_geoip_build -S $DB_PATH -D $DEST_PATH; then
-		echo "Could not convert ruleset. Aborting." >&2
-		return 1
-	fi
-
-	return 0
-}
-
-function cleanup() {
-	echo "Cleaning up temporary files..."
-	if ! rm -rf $TMP_PATH &>/dev/null; then
-		echo "Could not remove files. Aborting." >&2
-		return 1
-	fi
-
-	return 0
-}
-
-function main() {
-	local func
-	for func in download install build build_legacy; do
-		if ! ${func}; then
-			# Cleanup any temporary data
-			cleanup
-
-			return 1
-		fi
-	done
-
-	# Cleanup
-	cleanup || return $?
-
-	# All done
-	return 0
-}
-
-# Run the main function.
-main || exit $?