DNS: Add converter to migrate settings

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index b1dd1d2978f926dadc24fe281af8dfd6b7a028df..aae31098a0b080617731156880d6b39c0f16e8de 100644 (file)
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -143,6 +143,9 @@ restore_backup() {
                rm -rf "/var/ipfire/snort"
        fi
 
+       # Convert DNS settings
+       convert-dns-settings
+
        return 0
 }
 

diff --git a/config/rootfiles/common/aarch64/stage2 b/config/rootfiles/common/aarch64/stage2
index 366ab2bb0da6ec262aff356727b6871b254bdbc6..167e7096eed617f933a7cb413731eadb80720c5b 100644 (file)
--- a/config/rootfiles/common/aarch64/stage2
+++ b/config/rootfiles/common/aarch64/stage2
@@ -91,6 +91,7 @@ usr/lib64
 usr/local/bin/backupiso
 usr/local/bin/connscheduler
 usr/local/bin/consort.sh
+usr/local/bin/convert-dns-settings
 usr/local/bin/convert-ovpn
 usr/local/bin/hddshutdown
 usr/local/bin/ipsec-interfaces

diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index d9068415bac480f890c9e15641a9d6d71ba2e822..fcdfb41eb5fdae2a2251ae43ed756fc29d5f07d5 100644 (file)
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -90,6 +90,7 @@ usr/lib/libstdc++.so.6
 usr/local/bin/backupiso
 usr/local/bin/connscheduler
 usr/local/bin/consort.sh
+usr/local/bin/convert-dns-settings
 usr/local/bin/convert-ovpn
 usr/local/bin/hddshutdown
 usr/local/bin/ipsec-interfaces

diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2
index d90e3d70a68a690b22b6c0785db0c866f7213cf0..6cc918a92edbaf27ec411bbeb77176b70a3959c8 100644 (file)
--- a/config/rootfiles/common/x86_64/stage2
+++ b/config/rootfiles/common/x86_64/stage2
@@ -92,6 +92,7 @@ usr/lib64
 usr/local/bin/backupiso
 usr/local/bin/connscheduler
 usr/local/bin/consort.sh
+usr/local/bin/convert-dns-settings
 usr/local/bin/convert-ovpn
 usr/local/bin/hddshutdown
 usr/local/bin/ipsec-interfaces

diff --git a/src/scripts/convert-dns-settings b/src/scripts/convert-dns-settings
new file mode 100644 (file)
index 0000000..82e471a
--- /dev/null
+++ b/src/scripts/convert-dns-settings
@@ -0,0 +1,83 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A Linux-based firewall                                         #
+# Copyright (C) 2020 IPFire Team <info@ipfire.org>                            #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+main() {
+       # Do not convert anything if we already have some servers set
+       if [ ! -s "/var/ipfire/dns/servers" ]; then
+               local DNS0 DNS1 DNS2
+               eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+               if [ -s "/var/ipfire/ppp/settings" ]; then
+                       eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
+               elif [ -s "/var/ipfire/dns/settings" ]; then
+                       eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
+               fi
+
+               local var
+               local i=3
+               for var in DNS0 DNS1 DNS2; do
+                       if [ -n "${!var}" ]; then
+                               echo "${i},${!var},,enabled,"
+                               (( i++ ))
+                       fi
+               done > /var/ipfire/dns/servers
+
+               # Empty the old settings file
+               : > /var/ipfire/dns/settings
+
+               # Disable using ISP name servers when we already have some configured
+               if [ ${i} -gt 3 ]; then
+                       echo "USE_ISP_NAMESERVERS=off" \
+                               >> /var/ipfire/dns/settings
+               fi
+       fi
+
+       # Convert old unbound settings file
+       if [ -e "/etc/sysconfig/unbound" ]; then
+               local USE_FORWARDERS
+               local ENABLE_SAFE_SEARCH
+               local FORCE_TCP
+
+               # Read settings
+               eval $(/usr/local/bin/readhash /etc/sysconfig/unbound)
+
+               # Safe Search
+               if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then
+                       echo "ENABLE_SAFE_SEARCH=${ENABLE_SAFE_SEARCH}" \
+                               >> /var/ipfire/dns/settings
+               fi
+
+               # Force TCP
+               if [ "${FORCE_TCP}" = "on" ]; then
+                       echo "PROTO=TCP" >> /var/ipfire/dns/settings
+               fi
+       
+               # Run in recursor mode
+               if [ "${USE_FORWARDERS}" = "0" ]; then
+                       # Remove all servers
+                       : > /var/ipfire/dns/servers
+               fi
+
+               rm -f "/etc/sysconfig/unbound"
+       fi
+}
+
+main "$@" || exit $?