From patchwork Wed Feb  9 23:26:29 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Robin Roevens <robin.roevens@disroot.org>
X-Patchwork-Id: 5136
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNl0Jm3z3wgk
	for <patchwork@web04.haj.ipfire.org>; Wed,  9 Feb 2022 23:31:35 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNg0zl2z4nW;
	Wed,  9 Feb 2022 23:31:31 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JvGNf4JvNz30b1;
	Wed,  9 Feb 2022 23:31:30 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNd1Ly5z2x9p
 for <development@lists.ipfire.org>; Wed,  9 Feb 2022 23:31:29 +0000 (UTC)
Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139])
 (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNc2kh9z3rY
 for <development@lists.ipfire.org>; Wed,  9 Feb 2022 23:31:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id EEA7E8D1C9
 for <development@lists.ipfire.org>; Thu, 10 Feb 2022 00:31:27 +0100 (CET)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from knopi.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 5G_F_GW8fHSF for <development@lists.ipfire.org>;
 Thu, 10 Feb 2022 00:31:26 +0100 (CET)
Received: from chojin.sicho.home (amaterasu.sicho.home [192.168.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (no client certificate requested)	(Authenticated sender)
 by hachiman (MailScanner Milter) with SMTP id 58049EF6D;
 Thu, 10 Feb 2022 00:30:53 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
 t=1644449484; bh=MF+MIm6LOpCX7cESj3L4qnw8bDEiW2BIUYenLK+CD7I=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=LgA2BkKlDpkis1c0+zhT0rmCLF32rEmoQgW0ga4mT+kizd0tdu0AhTDwUka9kvEIf
 CuYUmPoLFYLSkvIV21QckikdW/Ezu7rP6VkG1pGgEkgPo4tyw+HqzCD1tOETfSDGOx
 Y98bJSZfWKoBT+QWTb6LFszfD6YetIM1HkXY5wjVsfG8GRbuUxNCV9C7NmIh7j+Iov
 M5adlyI7ZmaFttNVFQ4riYUeiLOM35csozMJwtfR3FWQb8QCSbVX5xiKli9z6Qvp6k
 OvrtP1NPaEHDZjPI8WUltgNycGeXPLUVFzYuZjkqTrtOKRA+JQcfdmMa3En3jDJIhp
 TmmHVWBvDVZOQ==
From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Subject: [PATCH v3 3/5] zabbix_agentd: Better configfile handling during
 update
Date: Thu, 10 Feb 2022 00:26:29 +0100
Message-Id: <20220209232631.14673-4-robin.roevens@disroot.org>
In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org>
References: <20220209232631.14673-1-robin.roevens@disroot.org>
Mime-Version: 1.0
X-sicho-MailScanner-ID: 58049EF6D.A8A80
X-sicho-MailScanner: Found to be clean
X-sicho-MailScanner-From: robin.roevens@disroot.org
X-sicho-MailScanner-Watermark: 1645054253.64403@28hoeQXxacmjGJYeVhIBwA
ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1644449488; a=rsa-sha256;
 cv=none;
 b=PS+/SREx3RdLp9OjGQPHzFck3XvSBkmTT6XGCJBEswJPD7Lwwmtia4ve2Y5CcB6TORpbMe
 NUYmhdTad257kgBK4r7cv6RyPSR4s+NsrdeqlmGYvJTFL34lv3hzpnPkT0u1uzrjvJcb7T
 sLyN5vwhPwi9gu4YEcph0k6zSVp17GmfRDeWU39xUrBaV8t9agaxXsiDVw7G+savZow/ey
 x7CtYCAj47zG9dRF2Ii5N7iw2z9kUMYGiNB8RyFftp7MKRPaLXwqb3uR33cQBuESurSceP
 Sh55fzcWTBi4Gn1v8zJYfe2TlCn4sYPn8RfkMeCD3/C+Km2evld6tQb2Vg6Mug==
ARC-Authentication-Results: i=1; mail01.ipfire.org;
 dkim=pass header.d=disroot.org header.s=mail header.b=LgA2BkKl;
 spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates
 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org;
 dmarc=pass (policy=quarantine) header.from=disroot.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=lists.ipfire.org;
 s=202003rsa; t=1644449488;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references:dkim-signature;
 bh=VklN5RXBtP0L7RnUNlpujHzb8xkUlntUi+k91wYF8hQ=;
 b=LW0vPhYu1/w6WYR7VM7iUQLV3/lR4RF+L7R+kiOdKBEZZQJ/GVkZMOGNPcRTP0STDjid9i
 f2wJj/IQim0ApnvKyK9Y5RcOqC9dvAjtO3o9AnJvjwasY4ve6jzgfwwqdpzf3X1iTJ8jY7
 s4hTz4ft0x1xm5GO6+BjYS7IvvjgFP/fPNMDCFEt9earpqQqgSJXkwmSuk4/jxAn8rTIdp
 qJY02wkJvb5D2/a1deAXoYTD2l9YJ9Kvb7BHJtJzYgRZ660zRQD7ERhF9VxHLQx+l4PNls
 xxtkttlN0RKlfqwoz+VHhm8IZKBf73Tdo38r7QJYyaomDS31WdV1t4yMFf7M0Q==
Authentication-Results: mail01.ipfire.org;
 dkim=pass header.d=disroot.org header.s=mail header.b=LgA2BkKl;
 spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates
 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org;
 dmarc=pass (policy=quarantine) header.from=disroot.org
X-Rspamd-Server: mail01.haj.ipfire.org
X-Spamd-Result: default: False [-3.72 / 11.00]; BAYES_HAM(-3.00)[99.99%];
 MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.99)[-0.995];
 SPF_REPUTATION_HAM(-0.70)[-0.70437930609794];
 R_MISSING_CHARSET(0.50)[]; MV_CASE(0.50)[];
 DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine];
 R_SPF_ALLOW(-0.20)[+a:c];
 R_DKIM_ALLOW(-0.20)[disroot.org:s=mail];
 MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[];
 IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip:
 178.21.23.139(0.00)];
 ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL];
 FROM_EQ_ENVFROM(0.00)[];
 ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_HAS_DN(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org];
 DKIM_TRACE(0.00)[disroot.org:+]; TO_DN_SOME(0.00)[];
 RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[4];
 ARC_NA(0.00)[]
X-Rspamd-Queue-Id: 4JvGNc2kh9z3rY
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Install user changeable configfiles as .ipfirenew-files to allow
  user to merge their config with the new version.  (warnings
  will be displayed during update when manual review is required).
  If the configfiles are not yet present, the .ipfirenew-files will be
  renamed to the actual configfiles. And if an existing configfile
  does not differ from the new one, the .ipfirenew-file will be removed.
- Make sure .ipfirenew files and userparameter_pakfire.conf are not
  included in backup during uninstall to prevent newer versions
  from being overwritten by backup restore during install.
- Explicitly remove installed sudoers file as it is not removed by
  remove_files due to the renaming from .ipfirenew
- Added comment in userparameter_pakfire.conf not to modify the file
  as it will be overwritten on update

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/rootfiles/packages/zabbix_agentd       |  4 +--
 .../zabbix_agentd/userparameter_pakfire.conf  |  7 +++++
 lfs/zabbix_agentd                             |  7 +++--
 src/paks/zabbix_agentd/install.sh             | 29 +++++++++++++++++++
 src/paks/zabbix_agentd/uninstall.sh           |  8 +++++
 5 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index d9bbc3ccf..6f7090fe7 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -1,9 +1,9 @@
 etc/logrotate.d/zabbix_agentd
 etc/rc.d/init.d/zabbix_agentd
-etc/sudoers.d/zabbix
+etc/sudoers.d/zabbix.ipfirenew
 etc/zabbix_agentd
 etc/zabbix_agentd/scripts
-etc/zabbix_agentd/zabbix_agentd.conf
+etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew
 etc/zabbix_agentd/zabbix_agentd.d
 etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf
 usr/bin/zabbix_get
diff --git a/config/zabbix_agentd/userparameter_pakfire.conf b/config/zabbix_agentd/userparameter_pakfire.conf
index aa2e80f5c..09ddf61c9 100644
--- a/config/zabbix_agentd/userparameter_pakfire.conf
+++ b/config/zabbix_agentd/userparameter_pakfire.conf
@@ -1,2 +1,9 @@
+#
+# IPFire specific configuration file 
+#
+#
+# DO NOT MODIFY - Changes will be overwritten when zabbix_agentd addon is
+#                 updated.
+#
 ### Parameter for monitoring pakfire status
 UserParameter=pakfire.status,sudo /opt/pakfire/pakfire status
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index 28fe97b4f..dae59fe48 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -90,8 +90,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	-rmdir /etc/zabbix_agentd/zabbix_agentd.conf.d
 	-mkdir -pv /etc/zabbix_agentd/zabbix_agentd.d
 	-mkdir -pv /etc/zabbix_agentd/scripts
+	# Remove original config
+	@rm -f /etc/zabbix_agentd/zabbix_agentd.conf
+	# And replace with our own config
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd.conf \
-		/etc/zabbix_agentd/zabbix_agentd.conf
+		/etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \
 		/etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf
 
@@ -111,7 +114,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 	# Install sudoers include file
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/sudoers \
-		/etc/sudoers.d/zabbix
+		/etc/sudoers.d/zabbix.ipfirenew
 
 	# Install include file for backup
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \
diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh
index cf435918d..4ef4b5be6 100644
--- a/src/paks/zabbix_agentd/install.sh
+++ b/src/paks/zabbix_agentd/install.sh
@@ -23,6 +23,23 @@
 #
 . /opt/pakfire/lib/functions.sh
 
+review_required=false
+
+function setup_configfile() {
+	# Puts configfile in place if it does not already exist or 
+	# remove the shipped version if it does not differ from existing file
+	configfile=$1
+
+	if [ ! -f $configfile ]; then
+		mv $configfile.ipfirenew $configfile
+    elif diff -q $configfile $configfile.ipfirenew >/dev/null; then
+		rm -f $configfile.ipfirenew
+	else
+		echo "WARNING: new $configfile saved as $configfile.ipfirenew for manual review"
+		review_required=true
+	fi
+}
+
 if ! getent group zabbix &>/dev/null; then
 	groupadd -g 118 zabbix
 fi
@@ -41,6 +58,18 @@ ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd
 # Create additonal directories and set permissions
 [ -d /var/log/zabbix ] || ( mkdir -pv /var/log/zabbix && chown zabbix.zabbix /var/log/zabbix )
 [ -d /usr/lib/zabbix ] || ( mkdir -pv /usr/lib/zabbix && chown zabbix.zabbix /usr/lib/zabbix )
+[ -d /etc/zabbix_agentd/scripts ] || ( mkdir -pv /etc/zabbix_agentd/scripts && chown zabbix.zabbix /etc/zabbix_agentd/scripts )
 
 restore_backup ${NAME}
+
+# Put zabbix configfiles in place
+setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf
+setup_configfile /etc/sudoers.d/zabbix
+
+if $review_required; then
+	echo "WARNING: New versions of some configfile(s) where provided as .ipfirenew-files."
+	echo "         They may need manual review in order to take advantage of new features"
+	echo "         or even to make this version of ${NAME} work."
+fi
+
 start_service --background ${NAME}
diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh
index edff3b818..0770b40f1 100644
--- a/src/paks/zabbix_agentd/uninstall.sh
+++ b/src/paks/zabbix_agentd/uninstall.sh
@@ -23,8 +23,16 @@
 #
 . /opt/pakfire/lib/functions.sh
 stop_service ${NAME}
+
+# Remove .ipfirenew files in advance so they won't be included in backup
+rm -rfv /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew /etc/sudoers.d/zabbix.ipfirenew
+# Remove IPFire provided userparameter config files in advance
+rm -rfv /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf
+
 make_backup ${NAME}
 remove_files
 
+# Remove sudoers file
+rm -rvf /etc/sudoers.d/zabbix
 # Remove init-scripts and symlinks
 rm -rfv /etc/rc.d/rc*.d/*zabbix_agentd