update_firewall-script_ipt-gateway.sh: support (aufs) ro systems.

update_firewall-script_ipt-gateway.sh

@@ -198,7 +198,15 @@ DEFAULT_REPOSITORY_NAME="ipt-gateway"
 DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src"
 DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-gateway"
 DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-gateway"
-DEFAULT_CONFIG_DIR="/etc/ipt-firewall"
+if [[ -d "/ro/etc/ipt-firewall" ]] ; then
+   BIN_DIR="/ro/usr/local/sbin"
+   DEFAULT_CONFIG_DIR="/ro/etc/ipt-firewall"
+   RO_SYSTEM=true
+else
+   BIN_DIR="/usr/local/sbin"
+   DEFAULT_CONFIG_DIR="/etc/ipt-firewall"
+   RO_SYSTEM=false
+fi
 DEFAULT_FIREWALL_CONFIGURATION_FILES="
    include_functions.conf
    load_modules_ipv4.conf
@@ -253,15 +261,27 @@ if $terminal ; then
    echo ""
 fi
 
+if $RO_SYSTEM ; then
+   echononl "Remount '/ro' writable.."
+   remountrw > /dev/null 2> "$log_file"
+   if [[ $? -gt 0 ]]; then
+      echo_failed
+      fatal "$(cat "$log_file")"
+   else
+      echo_ok
+   fi
+   blank_line
+fi
+
 restart_ipv6_firewall=false
 restart_ipv4_firewall=false
 
-echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
+echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to ${BIN_DIR}/ .."
 if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then
-   if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
+   if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "${BIN_DIR}/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
       echo_skipped
    else
-      cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+      cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ${BIN_DIR}/ > "$log_file" 2>&1
       if [[ $? -gt 0 ]]; then
          echo_failed
          error "$(cat "$log_file")"
@@ -275,12 +295,12 @@ else
    warn "No file '$IPV4_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'"
 fi
 
-echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .."
+echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to ${BIN_DIR}/ .."
 if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then
-   if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
+   if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "${BIN_DIR}/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then
       echo_skipped
    else
-      cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1
+      cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ${BIN_DIR}/ > "$log_file" 2>&1
       if [[ $? -gt 0 ]]; then
          echo_failed
          error "$(cat "$log_file")"
@@ -332,7 +352,7 @@ blank_line
 
 echononl "Restart IPv4 Firewall.."
 if $restart_ipv4_firewall ; then
-   /usr/local/sbin/$IPV4_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
+   ${BIN_DIR}/$IPV4_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
    if [[ $? -gt 0 ]]; then
       echo_failed
    else
@@ -345,8 +365,8 @@ fi
 echononl "Restart IPv6 Firewall.."
 if $restart_ipv6_firewall \
       && [[ -f "/etc/ipt-firewall/main_ipv6.conf" ]] \
-      && [[ -f "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" ]]; then
+      && [[ -f "${BIN_DIR}/$IPV6_FIREWALL_SCRIPT" ]]; then
-   /usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
+   ${BIN_DIR}/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file"
    if [[ $? -gt 0 ]]; then
       echo_failed
    else
@@ -356,6 +376,13 @@ else
    echo_skipped
 fi
 
+if $RO_SYSTEM ; then
+   blank_line
+   echononl "Remount '/ro' readonly.."
+   remountro > /dev/null 2> "$log_file"
+   echo_done
+fi
+
 info "Configuration files \033[1mmain_ipv[4|6].conf\033[m are not considered."