> On 10/7/20 1:41 PM, Roberto C. Sánchez wrote: >> On Wed, Oct 07, 2020 at 01:38:15PM -0700, Tom Eastep wrote: >>> On 10/7/20 12:20 PM, Simon Matter wrote: >>>>> On Wed, 7 Oct 2020 18:26:36 +0200 >>>>> Matt Darfeuille <m...@shorewall.org> wrote: >>>>> >>>>>> -------- Forwarded Message -------- >>>>>> Subject: Re: [Shorewall-users] Shorewall reload doesn't reload? >>>>>> Date: Wed, 7 Oct 2020 08:49:47 -0700 >>>>>> From: Tom Eastep <teas...@shorewall.net> >>>>>> Reply-To: Shorewall Users <shorewall-us...@lists.sourceforge.net> >>>>>> To: shorewall-us...@lists.sourceforge.net >>>>>> >>>>> >>>>> Hmh. shorewall6 part of patch has a typo, easy to fix, just add >>>>> missing >>>>> / char. >>>>> >>>>> I don't like this work-around. It is not a real solution, it is just >>>>> work-around. >>>>> >>>>> Better solution would be to do compile after package upgrade. >>>>> >>>> >>>> I don't understand why you think of it as a work-around? It's a fix >>>> for >>>> the problem that in some cases, shorewall reload doesn't reload >>>> because >>>> the logic to detect changes fails on package updates which don't set >>>> current timestamps. >>>> >>>> I'd never want to have automatic recompilation on package upgrade - >>>> not >>>> for firewall code which may cut my line I'm using while doing the >>>> upgrade. >>>> >>>> On package upgrade, you don't see any error messages (with rpm, deb is >>>> different). How do you handle cases where compilaton fails? >>>> >>>> For me that's too dangerous. I do package upgrade, merge config files, >>>> reload, diff generated firewall and be happy. >>>> >>> >>> Another approach would be to simply 'touch' a file in >>> /usr/share/shorewall (/usr/share/shorewall/version, for example). >>> >>> That would allow 'reload' to force recompilation. >>> >> I'm not sure if that would work for RPM, but I am fairly certain that it >> would be considered a policy violation to do that from a Debian package >> maintainer script. Would touching a file in /var/lib/shorewall work?
Touching /usr/share/shorewall/version would work but then the RPM package would fail verification, as long as you don't exclude timestamp checking of the /usr/share/shorewall/version file in the RPM. Touching anything in /var/lib/shorewall[6]/ won't work as this directory is not checked when finding out if something has changed. Therefore I thought making a copy of the firewall file is the easiest thing which also has the benefit to have a backup of the currently running configuration in case something fail with the upgrade. Regards, Simon _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
