Qubes
/
core-agent-linux


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
							#!/bin/bash
#
# tinyproxy     Startup script for the tinyproxy server as Qubes updates proxy
#
# chkconfig: 345 85 15
# description: small, efficient HTTP/SSL proxy daemon
#
# processname: tinyproxy
# config:      /etc/tinyproxy/tinyproxy-updates.conf
# config:      /etc/sysconfig/tinyproxy-updates
# pidfile:     /var/run/tinyproxy/tinyproxy-updates.pid
#
# Note: pidfile is created by tinyproxy in its config
# see PidFile in the configuration file.

# Source function library.
# shellcheck disable=SC1091
. /etc/rc.d/init.d/functions

# Source Qubes library.
# shellcheck source=init/functions
. /usr/lib/qubes/init/functions

# Source networking configuration.
# shellcheck disable=SC1091
.  /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

exec="$(command -v tinyproxy)"
prog=$(basename "$exec")
config="/etc/tinyproxy/tinyproxy-updates.conf"
pidfile="/var/run/tinyproxy-updates/tinyproxy.pid"

# shellcheck disable=SC1091
[ -e /etc/sysconfig/tinyproxy-updates ] && . /etc/sysconfig/tinyproxy-updates

lockfile=/var/lock/subsys/tinyproxy-updates

start() {
    have_qubesdb || return

    if qsvc qubes-updates-proxy ; then
        # Yum proxy disabled
        exit 0
    fi

    [ -x "$exec" ] || exit 5
    [ -f $config ] || exit 6
    # setup network redirection
    /sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
    /sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT

    echo -n $"Starting $prog (as Qubes updates proxy): "
    daemon "$exec" -c $config
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc -p $pidfile "$prog"
    retval=$?
    echo
    /sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
    /sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
    [ $retval -eq 0 ] && rm -f "$lockfile"
    return $retval
}

restart() {
    stop
    start
}

reload() {
    echo -n $"Reloading $prog: "
    killproc -p $pidfile "$prog" -HUP
    echo
}

force_reload() {
    restart
}

rh_status() {
    status "$prog"
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
esac
exit $?