From 90a4a51a0eeaac4854297b68f1c9fcb18402d8b3 Mon Sep 17 00:00:00 2001 From: Vincent Li Date: Wed, 2 Jul 2025 19:15:57 +0000 Subject: [PATCH] initscripts: sync functions from ipfire MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit readhash is added in functions, but it appears not used in initscripts except for testing, assume no impact to bpfire initscripts. commit 1c1ff05cdc37fe9ccabda9413c270935c3a45478 Author: Michael Tremer Date: Mon Mar 31 16:35:26 2025 +0200 firewall: Explicitely don't NAT any aliases It seems that there is a problem with local connections that have preselected an outgoing interface. That will work just fine, but ultimately the packet will be NATed back to the primary RED IP address. To prevent this, we are adding some extra rules that skip the MASQUERADE target. Signed-off-by: Michael Tremer commit ff4ff2cfe0c8565a431bf499708dcb6e5c2fb3dc Author: Michael Tremer Date: Fri Dec 6 16:42:17 2024 +0000 initscripts: readhash: Fix handling = signs The function expected that a line only contains exactly one equals sign (=) which is not fit for purpose. In the WireGuard code we hold key material that is encoded in base64 and therefore contains padding that uses =. This patch fixes that we expect exactly one equals sign immediately after the key and we will then accept more = in the value - which was already permitted. Furthermore, this patch fixes the splitting if the key and value at the first =. Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 73661e5ee1acc30e40e41493c8dfca10aa1097d0 Author: Michael Tremer Date: Fri Dec 6 16:42:16 2024 +0000 initscripts: readhash: Only strip quotes if they exist Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 80c1cb5a0a2f9c13612a5a43c92d4657e0d06717 Author: Jonatan Schlag Date: Sun Jun 16 18:02:44 2024 +0200 initscripts fkt: Fix shebang We use features only available in bash. So we should state correctly that the script should be executed in bash. As sh is a symlink to bash this makes not differences on a ipfire system. But my linter is less chatty with this change. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 14ecdd86f1e57949858b47aa2a449e051bf3ee3a Author: Jonatan Schlag Date: Sun Jun 16 18:02:43 2024 +0200 initscripts fkt: keep readhash compatible with older implementation With the use of eval BLUE_DEV='blue0 net0' stored "blue0 net0" in the variable BLUE_DEV not "'blue0 net0'" Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit f1d94e7457a3d497d8c65acd9be606291a5ac6f6 Author: Jonatan Schlag Date: Sun Jun 16 18:02:42 2024 +0200 initscripts fkt: readhash should only parse lines with a = A line without a = is clearly invalid. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 9f72b7bc5f566e3fc81218154d748cd84c15f0bb Author: Jonatan Schlag Date: Sun Jun 16 18:02:41 2024 +0200 initscripts fkt: Check for invalid values in readhash Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 02254f55438a47b94b5be763fb9d96e48983000a Author: Jonatan Schlag Date: Sun Jun 16 18:02:40 2024 +0200 initscripts fkt: ignore invalid keys in readhash Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit d289bc28beb65a937aba335501a86102d0455cec Author: Jonatan Schlag Date: Sun Jun 16 18:02:39 2024 +0200 initscripts fkt: Ignore comments in readhash As '#Another Comment' is a valid key we test this change by checking if the comments do not end up as keys in our array. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 59e3c2a217e7b219c62fe07f702ead9594b1ac24 Author: Jonatan Schlag Date: Sun Jun 16 18:02:38 2024 +0200 initscript fkt: ignore blank lines in readhash Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 96bb3ba8b81eb7344213f9be58c031e15f7b7899 Author: Jonatan Schlag Date: Sun Jun 16 18:02:37 2024 +0200 initscript functions: add readhash To avoid the usage of eval and to store the config in an key value array, we introduce an new function. The tests only check if we read the correct value to the correct variable. One comment on the implementation as this has created some headache: >From https://www.gnu.org/software/bash/manual/bash.html#Bourne-Shell-Builtins "When used in a function, declare makes each name local, as with the local command, unless the -g option is used." So we need to use -g here Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit db09ea9e5c39d2449e6897f1c2aca5c1f2b9ba74 Author: Michael Tremer Date: Sat Mar 23 14:35:39 2024 +0100 initscripts: Don't overwrite the PID file Signed-off-by: Michael Tremer commit 5900a9505968700c8634e2dd6d597c31c24e70d0 Author: Michael Tremer Date: Sat Mar 23 14:31:49 2024 +0100 initscripts: Fix reading PIDs An incorrect variable has been used. Signed-off-by: Michael Tremer commit 6e47a143c9068b3bdad4b2cdb82ed080f65b9961 Author: Michael Tremer Date: Sat Mar 23 14:30:33 2024 +0100 initscripts: Handle command arguments as array For some reason, the function is refusing to launch a command that has extra arguments. Signed-off-by: Michael Tremer commit ed91103e229b128288a9799a9bbbbe6cd1d7f32d Author: Stefan Schantl Date: Wed Mar 27 20:39:17 2024 +0100 initscripts: Add generic function to get the filesystem type of a volume Signed-off-by: Stefan Schantl Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit c3019331df2bb393c96def62a56d33abdec72e8c Author: Michael Tremer Date: Thu Jan 11 15:59:34 2024 +0100 initscripts: Implement storing PIDs in loadproc Some programs do not write their own PID files any more, but since our initscripts heavily rely on those, this extension allows to store it easily. Signed-off-by: Daniel Weismüller commit dd8ef8cc107a867d4b2a739913b399f6966b34ff Author: Michael Tremer Date: Thu Jan 11 15:57:50 2024 +0100 initscripts: Fix wrong variable check for $PIDFILE in getpids getpids() checked whether it needed to pass a pid file to pidofproc, but the check was inverted. Signed-off-by: Daniel Weismüller Signed-off-by: Vincent Li --- src/initscripts/system/functions | 85 ++++++++++++++++++++++++++++++-- 1 file changed, 80 insertions(+), 5 deletions(-) diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 6f53a941b..94c9236d3 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ############################################################################### # # # IPFire.org - A linux based firewall # @@ -407,7 +407,7 @@ pidofproc() # This will ensure compatibility with previous LFS Bootscripts getpids() { - if [ -z "${PIDFILE}" ]; then + if [ -n "${PIDFILE}" ]; then pidofproc -s -p "${PIDFILE}" $@ else pidofproc -s $@ @@ -446,6 +446,7 @@ loadproc() local pidfile="" local forcestart="" local nicelevel="" + local pid # This will ensure compatibility with previous LFS Bootscripts if [ -n "${PIDFILE}" ]; then @@ -511,7 +512,7 @@ loadproc() esac fi - local cmd="${@}" + local cmd=( "${@}" ) if [ -n "${nicelevel}" ]; then cmd="nice -n "${nicelevel}" ${cmd}" @@ -519,14 +520,20 @@ loadproc() if [ -n "${background}" ]; then ( - ${cmd} &>/dev/null + ${cmd[@]} &>/dev/null ) & + pid="$!" evaluate_retval else - ${cmd} + ${cmd[@]} evaluate_retval # This is "Probably" not LSB compliant, but required to be compatible with older bootscripts fi + # Write the pidfile + if [ -n "${pid}" -a -n "${pidfile}" ]; then + echo "${pid}" > "${pidfile}" + fi + return 0 } @@ -875,3 +882,71 @@ running_on_oci() { # We are not running on OCI return 1 } + +volume_fs_type() { + if [ ! -d "${1}" ]; then + return + fi + + stat -f --format="%T" ${1} +} + +readhash() { + local array="${1}" + local file="${2}" + + declare -A -g "${array}" + + local line + while read -r line; do + # Skip Blank Lines + if [[ ${line} =~ ^[[:space:]]*$ ]]; then + continue + fi + + # Skip Comments + if [[ ${line} =~ ^#.*$ ]]; then + continue + fi + + # Check for a valid key followed by = + if ! [[ ${line} =~ ^[A-Za-z_][A-Za-z0-9_]*= ]]; then + echo "Invalid line '${line}'" >&2 + continue + fi + + local key="${line%%=*}" + local val="${line#*=}" + + # Skip lines with invalid values + if ! [[ ${val} =~ ^[\'][\ A-Za-z0-9=/,.:%_@#+-]*[\']$ ]] && ! [[ ${val} =~ ^[A-Za-z0-9=/,.:%_@#+-]*$ ]]; then + echo "Invalid value '${val}' for key '${key}'" >&2 + continue + fi + + # strip leading and trailing single quotes + case "${val}" in + '*') + val="${val#\'}" + val="${val%\'}" + ;; + esac + + printf -v "${array}[${key}]" "%s" "${val}" + done < "${file}" +} + +# Returns all enabled aliases +get_aliases() { + local address + local enabled + local rest + + local IFS=, + + while read -r address enabled rest; do + if [ "${enabled}" = "on" ]; then + echo "${address}" + fi + done < /var/ipfire/ethernet/aliases +}