From patchwork Tue Mar 30 15:28:29 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Robin Roevens <robin.roevens@disroot.org>
X-Patchwork-Id: 4004
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4F8tfw3VGFz3ws3
	for <patchwork@web04.haj.ipfire.org>; Tue, 30 Mar 2021 15:30:00 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfw0P8Qz1T8;
	Tue, 30 Mar 2021 15:30:00 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4F8tfw01H0z2xWW;
	Tue, 30 Mar 2021 15:30:00 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4F8tft3Nh9z2xVT
 for <development@lists.ipfire.org>; Tue, 30 Mar 2021 15:29:58 +0000 (UTC)
Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139])
 (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tft1TrTz1fq
 for <development@lists.ipfire.org>; Tue, 30 Mar 2021 15:29:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id D029F50D0C
 for <development@lists.ipfire.org>; Tue, 30 Mar 2021 17:29:57 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at disroot.org
Received: from knopi.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id jXd4Jjbktnjt for <development@lists.ipfire.org>;
 Tue, 30 Mar 2021 17:29:56 +0200 (CEST)
Received: from amaterasu.sicho.home ([192.168.0.1] helo=chojin.sicho.home)
 by filekeeper.sicho.home with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <robin.roevens@disroot.org>)
 id 1lRGJ0-00046g-Ql; Tue, 30 Mar 2021 17:29:23 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
 t=1617118194; bh=dAJbyzKa+cxR/MIAEevlSLpHXYJl2hTs26rYJ9sS/fw=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=AS0SsDJSDMhSO6Qa6iljeKIFZAUAR7mIvEUUqimgc7XTOXtvqKQDCYo9sl5tkMtYU
 4KPFdV6/zS/M9GwaQFZApcZB8VjiqMaUJLOt5W/KA3Tb41PA5q7yeGFUh870qD9hLZ
 okBMEMgl5QOSRlTg4V1vprfSdyas0RBut+vAccxOU/87iV/QSBzGxBOFFntHbyUbh1
 L8UpMylGID/I98wtKcOlDa2ZFH3ObcdLBrkwWA4OgAAtc371AH94b9axecAGIPOA+1
 0LozSVKFrra9RJvW3EagThN1Vqj6ORWoGn5eBvvpt9FVAinek0khqAHV08rDNRe5vV
 bg3mCVSJMHv2w==
From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Subject: [PATCH 3/4] zabbix_agentd: Better configfile handling during update
Date: Tue, 30 Mar 2021 17:28:29 +0200
Message-Id: <20210330152830.2859-4-robin.roevens@disroot.org>
In-Reply-To: <20210330152830.2859-1-robin.roevens@disroot.org>
References: <20210330152830.2859-1-robin.roevens@disroot.org>
Mime-Version: 1.0
X-filekeeper-MailScanner-ID: 1lRGJ0-00046g-Ql
X-filekeeper-MailScanner: Found to be clean
X-filekeeper-MailScanner-From: robin.roevens@disroot.org
X-filekeeper-MailScanner-Watermark: 1617722969.3421@MmHJLsTQyraLoq1iRVIAKg
ARC-Authentication-Results: i=1; mail01.ipfire.org;
 dkim=pass header.d=disroot.org header.s=mail header.b=AS0SsDJS;
 dmarc=pass (policy=quarantine) header.from=disroot.org;
 spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates
 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org
ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1617118198; a=rsa-sha256;
 cv=none;
 b=Fvap+qmJISreOfysOg6mxNMElXS/Q1hgxsRP6Q4od1SDHC37eSI5TbchVnu0BaRRSe+poZ
 QmAQWM06JoCxi9vIOxB9V9YzCO52C9VWhKbc35zIjDT1OgjqKHTt97jkM+f1CZijy62B6F
 Am8hj5R4BWdmMyAREQw6cP+VyV6LlsuQAdB9Gnqmtjq4AHqEB1iCleBC7q5mwVVij1jF12
 kDHnMIovZ4GVDlcqBKFqV9+KT0aDsKy7AswQBq8jFjJGeTmd8mqEJkaKXx0S/QYopQ0OI9
 cwsWjvB3LHAEq1y31Li2PH97NDuaZ2omCsEZwXKwKe+MrP8wl9Xxs2oR61yk4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=lists.ipfire.org;
 s=202003rsa; t=1617118198;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references:dkim-signature;
 bh=RKa4PTuD6fv38hXk7OlxFo74Uze2RGhRWLLWorbtxLQ=;
 b=Uobqq+zkWVtKJxeKK2XjZdq/BVSvDGDFAiI4P3PW71FESU2+QGdXdNTk6Q87Gr4OlfdrUV
 7SJgylMvAcHkPYQfxb40NaymwWP2oumZIV+Gdhl85OI6mlJt9mz8rLtbtvyoVemGTNigzh
 i1DVQndREHkwPtk/i5SYdfcS0TanmYUNLvm5Cdn6OYZk8mYHnxdvpaxvdKKIjdiNW3T5A5
 jpsl1qbFwijM4ZdxCl+QE0ufzRzSDOYUwSxZ4LwrtIkHMCC/D6vRWcbrlDGmWGMoqXmHlx
 OZBHmLGroP9xTDnnLe7V8Lpgph2MY7TWxvhHsEK7+v34n6AheSWFH1BGRN0V5A==
Authentication-Results: mail01.ipfire.org;
 dkim=pass header.d=disroot.org header.s=mail header.b=AS0SsDJS;
 dmarc=pass (policy=quarantine) header.from=disroot.org;
 spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates
 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org
X-Rspamd-Server: mail01.haj.ipfire.org
X-Spamd-Result: default: False [-2.51 / 11.00]; ARC_NA(0.00)[];
 R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:c]; MV_CASE(0.50)[];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org];
 REPLY(-4.00)[]; BROKEN_CONTENT_TYPE(1.50)[];
 R_MISSING_CHARSET(2.50)[]; RCVD_COUNT_THREE(0.00)[4];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip:
 178.21.23.139(0.00)]; DKIM_TRACE(0.00)[disroot.org:+];
 RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[];
 DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine];
 ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL];
 BAYES_HAM(-3.00)[99.99%]
X-Rspamd-Queue-Id: 4F8tft1TrTz1fq
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Renamed userparameters_pakfire.conf to template_app_pakfire.conf
  following current Zabbix template naming conventions.
- Install configfiles as .ipfirenew-files to prevent removing possible
  user changed files on uninstall.
  If the configfiles are not yet present, the .ipfirenew-files will be
  renamed to the actual configfiles. And if an existing configfile
  does not differ from the new one, the .ipfirenew-file will be removed.
  This allows the user to manually merge his existing config with the
  new config after update (warnings will be displayed during update
  when manual review is required).

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/rootfiles/packages/zabbix_agentd       | 12 ++++----
 ...pakfire.conf => template_app_pakfire.conf} |  0
 lfs/zabbix_agentd                             | 11 ++++---
 src/paks/zabbix_agentd/install.sh             | 29 +++++++++++++++++++
 src/paks/zabbix_agentd/uninstall.sh           |  4 +++
 src/paks/zabbix_agentd/update.sh              | 14 +++++++--
 6 files changed, 57 insertions(+), 13 deletions(-)
 rename config/zabbix_agentd/{userparameter_pakfire.conf => template_app_pakfire.conf} (100%)

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index a938f2605..6945c5ef7 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -1,11 +1,11 @@
 etc/logrotate.d/zabbix_agentd
 etc/rc.d/init.d/zabbix_agentd
-etc/sudoers.d/zabbix
-etc/zabbix_agentd
-etc/zabbix_agentd/scripts
-etc/zabbix_agentd/zabbix_agentd.conf
-etc/zabbix_agentd/zabbix_agentd.d
-etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf
+etc/sudoers.d/zabbix.ipfirenew
+#etc/zabbix_agentd
+#etc/zabbix_agentd/scripts
+etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew
+#etc/zabbix_agentd/zabbix_agentd.d
+etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew
 usr/bin/zabbix_get
 usr/bin/zabbix_sender
 #usr/lib/modules
diff --git a/config/zabbix_agentd/userparameter_pakfire.conf b/config/zabbix_agentd/template_app_pakfire.conf
similarity index 100%
rename from config/zabbix_agentd/userparameter_pakfire.conf
rename to config/zabbix_agentd/template_app_pakfire.conf
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index 3f2af6a40..badfde3ae 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -90,10 +90,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	-rmdir /etc/zabbix_agentd/zabbix_agentd.conf.d
 	-mkdir -pv /etc/zabbix_agentd/zabbix_agentd.d
 	-mkdir -pv /etc/zabbix_agentd/scripts
+	# Remove original config
+	@rm -f /etc/zabbix_agentd/zabbix_agentd.conf
+	# And replace with our own config
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd.conf \
-		/etc/zabbix_agentd/zabbix_agentd.conf
-	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \
-		/etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf
+		/etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew
+	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_app_pakfire.conf \
+		/etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew
 
 	# Create directory for additional agent modules
 	-mkdir -pv /usr/lib/zabbix
@@ -111,7 +114,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 	# Install sudoers include file
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/sudoers \
-		/etc/sudoers.d/zabbix
+		/etc/sudoers.d/zabbix.ipfirenew
 
 	# Install include file for backup
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \
diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh
index b98230ea1..4248a7ec1 100644
--- a/src/paks/zabbix_agentd/install.sh
+++ b/src/paks/zabbix_agentd/install.sh
@@ -23,6 +23,23 @@
 #
 . /opt/pakfire/lib/functions.sh
 
+review_required=false
+
+function setup_configfile() {
+	# Puts configfile in place if it does not already exist or 
+	# remove the shipped version if it does not differ from existing file
+	configfile=$1
+
+	if [ ! -f $configfile ]; then
+		mv $configfile.ipfirenew $configfile
+    elif diff -q $configfile $configfile.ipfirenew >/dev/null; then
+		rm -f $configfile.ipfirenew
+	else
+		echo "WARNING: new $configfile saved as $configfile.ipfirenew for manual review"
+		review_required=true
+	fi
+}
+
 if ! getent group zabbix &>/dev/null; then
 	groupadd -g 118 zabbix
 fi
@@ -45,4 +62,16 @@ mkdir -pv /usr/lib/zabbix
 chown zabbix.zabbix /usr/lib/zabbix
 
 restore_backup ${NAME}
+
+# Put zabbix configfiles in place
+setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf
+setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf
+setup_configfile /etc/sudoers.d/zabbix
+
+if $review_required; then
+	echo "WARNING: New versions of some configfile(s) where provided as .ipfirenew-files."
+	echo "         They may need manual review in order to take advantage of new features"
+	echo "         or even to make this version of ${NAME} work."
+fi
+
 start_service --background ${NAME}
diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh
index b771d1f63..7a13880c5 100644
--- a/src/paks/zabbix_agentd/uninstall.sh
+++ b/src/paks/zabbix_agentd/uninstall.sh
@@ -23,6 +23,10 @@
 #
 . /opt/pakfire/lib/functions.sh
 stop_service ${NAME}
+
+# Remove .ipfirenew files in advance so they won't be included in backup
+rm -rfv /etc/zabbix_agentd/*.ipfirenew /etc/zabbix_agentd/*/*.ipfirenew
+
 make_backup ${NAME}
 remove_files
 
diff --git a/src/paks/zabbix_agentd/update.sh b/src/paks/zabbix_agentd/update.sh
index 68bba4f80..91dd8f723 100644
--- a/src/paks/zabbix_agentd/update.sh
+++ b/src/paks/zabbix_agentd/update.sh
@@ -23,10 +23,18 @@
 #
 . /opt/pakfire/lib/functions.sh
 extract_backup_includes
-./uninstall.sh
-./install.sh
+
+# Ensure /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf is 
+# renamed to /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf
+if [ -f /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf ]; then
+	mv -v /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf \
+	      /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf
+fi
 
 # Ensure /etc/sudoers.d/zabbix.user is renamed to /etc/sudoers.d/zabbix
-if [ -e /etc/sudoers.d/zabbix.user ]; then
+if [ -f /etc/sudoers.d/zabbix.user ]; then
 	mv -v /etc/sudoers.d/zabbix.user /etc/sudoers.d/zabbix
 fi
+
+./uninstall.sh
+./install.sh
\ No newline at end of file