0fd8da62b6
Related commit 8d0ea71486
Fixes QubesOS/qubes-issues#4973 and QubesOS/qubes-issues#4929
129 lines
2.7 KiB
Bash
Executable File
129 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# tinyproxy Startup script for the tinyproxy server as Qubes updates proxy
|
|
#
|
|
# chkconfig: 345 85 15
|
|
# description: small, efficient HTTP/SSL proxy daemon
|
|
#
|
|
# processname: tinyproxy
|
|
# config: /etc/tinyproxy/tinyproxy-updates.conf
|
|
# config: /etc/sysconfig/tinyproxy-updates
|
|
# pidfile: /var/run/tinyproxy/tinyproxy-updates.pid
|
|
#
|
|
# Note: pidfile is created by tinyproxy in its config
|
|
# see PidFile in the configuration file.
|
|
|
|
# Source function library.
|
|
# shellcheck disable=SC1091
|
|
. /etc/rc.d/init.d/functions
|
|
|
|
# Source Qubes library.
|
|
# shellcheck source=init/functions
|
|
. /usr/lib/qubes/init/functions
|
|
|
|
# Source networking configuration.
|
|
# shellcheck disable=SC1091
|
|
. /etc/sysconfig/network
|
|
|
|
# Check that networking is up.
|
|
[ "$NETWORKING" = "no" ] && exit 0
|
|
|
|
exec="$(command -v tinyproxy)"
|
|
prog=$(basename $exec)
|
|
config="/etc/tinyproxy/tinyproxy-updates.conf"
|
|
pidfile="/var/run/tinyproxy-updates/tinyproxy.pid"
|
|
|
|
# shellcheck disable=SC1091
|
|
[ -e /etc/sysconfig/tinyproxy-updates ] && . /etc/sysconfig/tinyproxy-updates
|
|
|
|
lockfile=/var/lock/subsys/tinyproxy-updates
|
|
|
|
start() {
|
|
have_qubesdb || return
|
|
|
|
if qsvc qubes-updates-proxy ; then
|
|
# Yum proxy disabled
|
|
exit 0
|
|
fi
|
|
|
|
[ -x $exec ] || exit 5
|
|
[ -f $config ] || exit 6
|
|
# setup network redirection
|
|
/sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
|
|
/sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
|
|
|
|
echo -n $"Starting $prog (as Qubes updates proxy): "
|
|
daemon $exec -c $config
|
|
retval=$?
|
|
echo
|
|
[ $retval -eq 0 ] && touch $lockfile
|
|
return $retval
|
|
}
|
|
|
|
stop() {
|
|
echo -n $"Stopping $prog: "
|
|
killproc -p $pidfile "$prog"
|
|
retval=$?
|
|
echo
|
|
/sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
|
|
/sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
|
|
[ $retval -eq 0 ] && rm -f "$lockfile"
|
|
return $retval
|
|
}
|
|
|
|
restart() {
|
|
stop
|
|
start
|
|
}
|
|
|
|
reload() {
|
|
echo -n $"Reloading $prog: "
|
|
killproc -p $pidfile "$prog" -HUP
|
|
echo
|
|
}
|
|
|
|
force_reload() {
|
|
restart
|
|
}
|
|
|
|
rh_status() {
|
|
status "$prog"
|
|
}
|
|
|
|
rh_status_q() {
|
|
rh_status >/dev/null 2>&1
|
|
}
|
|
|
|
case "$1" in
|
|
start)
|
|
rh_status_q && exit 0
|
|
$1
|
|
;;
|
|
stop)
|
|
rh_status_q || exit 0
|
|
$1
|
|
;;
|
|
restart)
|
|
$1
|
|
;;
|
|
reload)
|
|
rh_status_q || exit 7
|
|
$1
|
|
;;
|
|
force-reload)
|
|
force_reload
|
|
;;
|
|
status)
|
|
rh_status
|
|
;;
|
|
condrestart|try-restart)
|
|
rh_status_q || exit 0
|
|
restart
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
|
|
exit 2
|
|
esac
|
|
exit $?
|
|
|