diff mbox series

Core Update 179: Only start services if they are enabled

Message ID	80612c05-cb2e-46f8-a1d4-afe135568efc@ipfire.org
State	Accepted
Commit	fb7869feb2c9b8665c2f9e77c2d6e2f0ff9ad832
Headers	Message-ID: <80612c05-cb2e-46f8-a1d4-afe135568efc@ipfire.org> Date: Wed, 23 Aug 2023 14:43:00 +0000 MIME-Version: 1.0 To: "IPFire: Development" <development@lists.ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> Subject: [PATCH] Core Update 179: Only start services if they are enabled Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	Core Update 179: Only start services if they are enabled \| Core Update 179: Only start services if they are enabled

Commit Message

Peter Müller Aug. 23, 2023, 2:43 p.m. UTC

  Doing so avoids situations where a service is started without being
configured to do so, thus reducing the potential for confusion and
exposure of services not intended to be exposed by the user.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/core/179/update.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Comments

Michael Tremer Aug. 24, 2023, 10:33 a.m. UTC | #1

Hello,

> On 23 Aug 2023, at 15:43, Peter Müller <peter.mueller@ipfire.org> wrote:
> 
> Doing so avoids situations where a service is started without being
> configured to do so, thus reducing the potential for confusion and
> exposure of services not intended to be exposed by the user.
> 
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/rootfiles/core/179/update.sh | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/config/rootfiles/core/179/update.sh b/config/rootfiles/core/179/update.sh
> index 636792d82..df89d702e 100644
> --- a/config/rootfiles/core/179/update.sh
> +++ b/config/rootfiles/core/179/update.sh
> @@ -86,9 +86,13 @@ migrate_extrahd
> 
> # Start services
> /etc/init.d/udev restart
> -/etc/init.d/squid restart
> -/usr/local/bin/openvpnctrl -s
> -/usr/local/bin/openvpnctrl -sn2n
> +if [ -f /var/ipfire/proxy/enable ]; then
> + /etc/init.d/squid restart
> +fi
> +if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
> + /usr/local/bin/openvpnctrl -s
> + /usr/local/bin/openvpnctrl -sn2n
> +fi

This is slightly incorrect, because you are checking if the RW service is running. That is not required to use a N2N connection.

I merged this patch and moved the -sn2n command back.

Best,
-Michael

> 
> # This update needs a reboot...
> touch /var/run/need_reboot
> -- 
> 2.35.3
>

diff mbox series

Patch

diff --git a/config/rootfiles/core/179/update.sh b/config/rootfiles/core/179/update.sh
index 636792d82..df89d702e 100644
--- a/config/rootfiles/core/179/update.sh
+++ b/config/rootfiles/core/179/update.sh
@@ -86,9 +86,13 @@  migrate_extrahd
 
 # Start services
 /etc/init.d/udev restart
-/etc/init.d/squid restart
-/usr/local/bin/openvpnctrl -s
-/usr/local/bin/openvpnctrl -sn2n
+if [ -f /var/ipfire/proxy/enable ]; then
+	/etc/init.d/squid restart
+fi
+if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
+	/usr/local/bin/openvpnctrl -s
+	/usr/local/bin/openvpnctrl -sn2n
+fi
 
 # This update needs a reboot...
 touch /var/run/need_reboot