> On 10/6/20 8:50 AM, Matt Darfeuille wrote:
>> On 10/6/2020 5:11 PM, Tom Eastep wrote:
>>> On 10/6/20 7:33 AM, Simon Matter wrote:
>>>>> On Tue, Oct 06, 2020 at 03:59:06PM +0200, Simon Matter wrote:
>>>>>>>> Compilation will only happen when '/etc/shorewall' is modified.
>>>>>>>> So if I'm not mistaking, updating the firewall will not trigger a
>>>>>>>> recompilation.
>>>>>>>>
>>>>>>>
>>>>>>> Recompilation should occur if ANY file in ANY directory in
>>>>>> $CONFIG_PATH
>>>>>>> changes. Given that installing a new version updates
>>>>>>> /usr/share/shorewall/, 'reload' after an update should force
>>>>>>> re-compilation.
>>>>>>>
>>>>>>> I reproduced this problem using the tarball installers.
>>>>>>>
>>>>>>> Simon -- How did you upgrade?
>>>>>>
>>>>>> Dear Tom and all,
>>>>>>
>>>>>> For a test I've downgraded to shorewall-5.2.6.1 and saw the same
>>>>>> behavior.
>>>>>
>>>>> Tom is asking *how* you upgraded/downgraded.
>>>>
>>>> As I said with my own RPMs, they are mentioned on
>>>> https://shorewall.org/download.htm
>>>>
>>>
>>> After 'reload' didn't recompile, I found that the mtime of
>>> /var/lib/shorewall/firewall had been mysteriously updated to a time
>>> after the upgrade. Have others noticed the same behavior?
>>>
>>
>> I just installed SW 5.2.8 (core, shorewall, init) followed by 'shorewall
>> update' and 'shorewall reload'.
>> The below is after multiple 'shorewall update followed by reload'.
>>
>> /var/lib/shorewall# ls -l firewall && shorewall reload && ls -l firewall
>> -rwx------ 1 root root 76618 Oct 6 17:33 firewall
>> Reloading Shorewall....
>> Initializing...
>> Processing /etc/shorewall/init ...
>> [snip]
>> Setting up Route Filtering...
>> Setting up Martian Logging...
>> Preparing iptables-restore input...
>> Running /sbin/iptables-restore --wait 60...
>> IPv4 Forwarding Enabled
>> done.
>> -rwx------ 1 root root 76618 Oct 6 17:33 firewall
>>
>>
>> Do you want other test?
>>
>
> What was the current time? Or, what was the output of 'ls -l
> /usr/share/shorewall/?
OK, found it in my case, it's coming from here:
elif [ -z "$AUTOMAKE" ]; then
if [ -n "$(${find} ${dir} -maxdepth 1 -type f -newer $1 -print -quit)"
]; then
return 1;
fi
I had 5.2.7 installed and made some configuration changes, say in October.
Then I upgraded to 5.2.8 with the RPM, which was built in September.
So, the content in /usr/share/shorewall/ has mtimes in September, but my
/var/lib/shorewall/firewall was created in October.
Result: the 'find' above doesn't show anything newer than my
/var/lib/shorewall/firewall and nothing is recompiled on reload.
This affects my own RPMs but I guess the same is true for others too.
I'm thinking about what the best fix is here. Maybe simply add a %post
install script which does:
mv -f /var/lib/shorewall[6]/firewall /var/lib/shorewall[6]/firewall.old
Maybe we can discuss this here so all packages can use the same approach.
Regards,
Simon
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
