2a589f2c20
And also use systemd-tmpfiles for that directory creation. Fixes QubesOS/qubes-issues#1401
122 lines
2.7 KiB
Bash
Executable File
122 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# tinyproxy Startup script for the tinyproxy server as Qubes updates proxy
|
|
#
|
|
# chkconfig: - 85 15
|
|
# description: small, efficient HTTP/SSL proxy daemon
|
|
#
|
|
# processname: tinyproxy
|
|
# config: /etc/tinyproxy/tinyproxy-updates.conf
|
|
# config: /etc/sysconfig/tinyproxy-updates
|
|
# pidfile: /var/run/tinyproxy/tinyproxy-updates.pid
|
|
#
|
|
# Note: pidfile is created by tinyproxy in its config
|
|
# see PidFile in the configuration file.
|
|
|
|
# Source function library.
|
|
. /etc/rc.d/init.d/functions
|
|
|
|
# Source networking configuration.
|
|
. /etc/sysconfig/network
|
|
|
|
# Check that networking is up.
|
|
[ "$NETWORKING" = "no" ] && exit 0
|
|
|
|
exec="/usr/sbin/tinyproxy"
|
|
prog=$(basename $exec)
|
|
config="/etc/tinyproxy/tinyproxy-updates.conf"
|
|
pidfile="/var/run/tinyproxy-updates/tinyproxy.pid"
|
|
|
|
[ -e /etc/sysconfig/tinyproxy-updates ] && . /etc/sysconfig/tinyproxy-updates
|
|
|
|
lockfile=/var/lock/subsys/tinyproxy-updates
|
|
|
|
start() {
|
|
type=`/usr/bin/qubesdb-read /qubes-vm-type`
|
|
start_updates_proxy=`/usr/bin/qubesdb-read /qubes-service/qubes-updates-proxy 2>/dev/null`
|
|
if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then
|
|
# Yum proxy disabled
|
|
exit 0
|
|
fi
|
|
|
|
[ -x $exec ] || exit 5
|
|
[ -f $config ] || exit 6
|
|
# setup network redirection
|
|
/sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
|
|
/sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
|
|
|
|
echo -n $"Starting $prog (as Qubes updates proxy): "
|
|
daemon $exec -c $config
|
|
retval=$?
|
|
echo
|
|
[ $retval -eq 0 ] && touch $lockfile
|
|
return $retval
|
|
}
|
|
|
|
stop() {
|
|
echo -n $"Stopping $prog: "
|
|
killproc -p $pidfile $prog
|
|
retval=$?
|
|
echo
|
|
/sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
|
|
/sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
|
|
[ $retval -eq 0 ] && rm -f $lockfile
|
|
return $retval
|
|
}
|
|
|
|
restart() {
|
|
stop
|
|
start
|
|
}
|
|
|
|
reload() {
|
|
echo -n $"Reloading $prog: "
|
|
killproc -p $pidfile $prog -HUP
|
|
echo
|
|
}
|
|
|
|
force_reload() {
|
|
restart
|
|
}
|
|
|
|
rh_status() {
|
|
status $prog
|
|
}
|
|
|
|
rh_status_q() {
|
|
rh_status >/dev/null 2>&1
|
|
}
|
|
|
|
case "$1" in
|
|
start)
|
|
rh_status_q && exit 0
|
|
$1
|
|
;;
|
|
stop)
|
|
rh_status_q || exit 0
|
|
$1
|
|
;;
|
|
restart)
|
|
$1
|
|
;;
|
|
reload)
|
|
rh_status_q || exit 7
|
|
$1
|
|
;;
|
|
force-reload)
|
|
force_reload
|
|
;;
|
|
status)
|
|
rh_status
|
|
;;
|
|
condrestart|try-restart)
|
|
rh_status_q || exit 0
|
|
restart
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
|
|
exit 2
|
|
esac
|
|
exit $?
|
|
|