Refactor and prep for Debian package

.payload/blacklist/disabled/node.def

@@ -0,0 +1,11 @@
+type: bool
+default: false
+
+syntax:expression: $VAR(@) in true, false; "Must be true or false!"
+
+help: Option to disable blacklisting
+
+val_help: true; Schedules blacklist with system task scheduler
+val_help: false; Removes blacklist from system task scheduler
+
+commit:expression: $VAR(@) in true, false; "Must be true or false!"

.payload/blacklist/dns-redirect-ip/node.def

@@ -0,0 +1,8 @@
+type: ipv4, ipv6
+help: Global redirect IP address for hosts and domains (zones)
+
+val_help: ipv4net; IP address
+val_help: ipv6net; IPv6 address
+
+default: 0.0.0.0
+

.payload/blacklist/domains/dns-redirect-ip/node.def

@@ -0,0 +1,6 @@
+type: ipv4, ipv6
+help: Blackhole IP address for domains
+
+val_help: ipv4net; IP address
+val_help: ipv6net; IPv6 address
+

.payload/blacklist/domains/exclude/node.def

@@ -0,0 +1,7 @@
+multi:
+type: txt
+help: Domains to EXCLUDE from DNS forwarding blacklist
+
+syntax:expression: pattern $VAR(@) "^[[:alnum:]][-.[:alnum:]]*[[:alnum:]]$"
+                   ; "invalid host name $VAR(@)"
+

.payload/blacklist/domains/include/node.def

@@ -0,0 +1,7 @@
+multi:
+type: txt
+help: Domains to INCLUDE in the DNS forwarding blacklist
+
+syntax:expression: pattern $VAR(@) "^[[:alnum:]][-.[:alnum:]]*[[:alnum:]]$"
+                   ; "invalid host name $VAR(@)"
+

.payload/blacklist/domains/node.def

@@ -0,0 +1 @@
+help: Configure DNS forwarding blacklist DOMAINS

.payload/blacklist/domains/source/node.def

@@ -0,0 +1,4 @@
+tag:
+type: txt
+help: Blacklisted domains source name
+comp_help: Type any unique name, use quotes if spaces or special characters are used

.payload/blacklist/domains/source/node.tag/description/node.def

@@ -0,0 +1,2 @@
+type: txt
+help: Blacklist domain source description

.payload/blacklist/domains/source/node.tag/dns-redirect-ip/node.def

@@ -0,0 +1,7 @@
+type: ipv4, ipv6
+help: Blackhole IP address for a domain source - overrides global blackhole IP
+
+val_help: ipv4net; IP address
+val_help: ipv6net; IPv6 address
+
+

.payload/blacklist/domains/source/node.tag/file/node.def

@@ -0,0 +1,9 @@
+type: txt
+syntax:expression: exec
+    "if [ ! -f $VAR(@) ]; then \
+        echo \"File $VAR(@) does not exist or is not readable\"; \
+        exit 1; \
+    fi; "
+syntax:expression: exec "/opt/vyatta/sbin/check_file_in_config_dir $VAR(@) '/config/scripts'"
+commit:expression: $VAR(../url) == ""; "file and url are mutually exclusive, only set one or the other as a source."
+help: A path and filename that provides a list of domains to blacklist, e.g. /config/user-data/hacked_domains.txt

.payload/blacklist/domains/source/node.tag/prefix/node.def

@@ -0,0 +1,6 @@
+type: txt
+help: Prefix string must include all text before the domain name
+comp_help: prefix; Example: "zone" - will remove 'zone ' from a line with: 'zones animp.org'
+
+commit:expression: ($VAR(../url) == "" && $VAR(../file) != "") || ($VAR(../url) != "" && $VAR(../file) == ""); \
+"Either a source url or file must be set"

.payload/blacklist/domains/source/node.tag/url/node.def

@@ -0,0 +1,11 @@
+type: txt
+help: A blacklist source url that provides a list of domain names to block
+
+# need to prohibit '!' in url (sed delimiter)
+syntax:expression: pattern $VAR(@) "^[^!]+$" ; "URL must not be null and must not contain '!'"
+
+val_help: http; Example: http://malc0de.com/bl/ZONES
+comp_help: Check that the url works in a browser and is plain text only, use CTRL-V before typing a question mark
+
+commit:expression: $VAR(../file) == ""; "file and url are mutually exclusive, only set one or the other as a source."
+

.payload/blacklist/exclude/node.def

@@ -0,0 +1,7 @@
+multi:
+type: txt
+help: domains to GLOBALLY EXCLUDE from DNS forwarding domains and hosts blacklist
+
+syntax:expression: pattern $VAR(@) "^[[:alnum:]][-.[:alnum:]]*[[:alnum:]]$"
+                   ; "invalid domain name $VAR(@)"
+

.payload/blacklist/hosts/dns-redirect-ip/node.def

@@ -0,0 +1,7 @@
+type: ipv4, ipv6
+help: Blackhole IP address for hosts - overrides global blackhole IP
+
+val_help: ipv4net; IP address
+val_help: ipv6net; IPv6 address
+
+

.payload/blacklist/hosts/exclude/node.def

@@ -0,0 +1,7 @@
+multi:
+type: txt
+help: Hosts to EXCLUDE from DNS forwarding blacklist
+
+syntax:expression: pattern $VAR(@) "^[[:alnum:]][-.[:alnum:]]*[[:alnum:]]$"
+                   ; "invalid host name $VAR(@)"
+

.payload/blacklist/hosts/include/node.def

@@ -0,0 +1,8 @@
+multi:
+type: txt
+help: Hosts to INCLUDE in the DNS forwarding blacklist
+comp_help: Wildcard all hosts for a domain by using a "." in place of the host name, i.e.: .domain.tld
+
+syntax:expression: pattern $VAR(@) "^[.[:alnum:]][-.[:alnum:]]*[[:alnum:]]$"
+                   ; "invalid host name $VAR(@)"
+

.payload/blacklist/hosts/node.def

@@ -0,0 +1,2 @@
+help: Configure DNS forwarding blacklist hosts (must be fully qualified domain names)
+

.payload/blacklist/hosts/source/node.def

@@ -0,0 +1,5 @@
+tag:
+type: txt
+help: Blacklisted hosts source name
+
+comp_help: Type any unique name, use quotes if spaces or special characters are used

.payload/blacklist/hosts/source/node.tag/description/node.def

@@ -0,0 +1,2 @@
+type: txt
+help: Blacklisted hosts source description

.payload/blacklist/hosts/source/node.tag/dns-redirect-ip/node.def

@@ -0,0 +1,7 @@
+type: ipv4, ipv6
+help: Blackhole IP address for a host source - overrides global blackhole IP
+
+val_help: ipv4net; IP address
+val_help: ipv6net; IPv6 address
+
+

.payload/blacklist/hosts/source/node.tag/file/node.def

@@ -0,0 +1,9 @@
+type: txt
+syntax:expression: exec
+    "if [ ! -f $VAR(@) ]; then \
+        echo \"File $VAR(@) does not exist or is not readable\"; \
+        exit 1; \
+    fi; "
+syntax:expression: exec "/opt/vyatta/sbin/check_file_in_config_dir $VAR(@) '/config/scripts'"
+commit:expression: $VAR(../url) == ""; "file and url are mutually exclusive, only set one or the other as a source."
+help: A path and filename that provides a list of fully qualified hostnames to blacklist, e.g. /config/user-data/internal_servers_hosts.txt

.payload/blacklist/hosts/source/node.tag/prefix/node.def

@@ -0,0 +1,6 @@
+type: txt
+help: Prefix string must include all text before the fully qualified domain name
+val_help: prefix; Example: "0.0.0.0" - will remove '0.0.0.0 ' from a line with: '0.0.0.0 animp.org'
+
+commit:expression: ($VAR(../url) == "" && $VAR(../file) != "") || ($VAR(../url) != "" && $VAR(../file) == ""); \
+"Either a source url or file must be set"

.payload/blacklist/hosts/source/node.tag/url/node.def

@@ -0,0 +1,9 @@
+type: txt
+help: A blacklist source url that provides a list of hostnames
+
+# need to prohibit '!' in url (sed delimiter)
+syntax:expression: pattern $VAR(@) "^[^!]+$" ; "URL must not be null and must not contain '!'"
+
+val_help: http; Example: http://someonewhocares.org/hosts/zero/
+comp_help: Check that the url works in a browser and is plain text only, use CTRL-V before typing a question mark
+commit:expression: $VAR(../file) == ""; "file and url are mutually exclusive, only set one or the other as a source."

.payload/blacklist/node.def

@@ -0,0 +1,10 @@
+priority: 1999 # Run after DNS forwarding is configured
+help: Add and delete blacklist blackhole IP, exclusions and URL sources
+
+end: if [[ "$COMMIT_ACTION" != "DELETE" ]]; then
+        arg='-v'
+        [[ -f /etc/nologin ]] && arg=''
+        sudo /config/scripts/update-dnsmasq.pl ${arg};
+     else
+        sudo /config/scripts/update-dnsmasq.pl -v
+     fi

.payload/ubnt-cln-cfg-orphans.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+#
+# **** License ****
+#
+# Copyright (C) 2018 by Helm Rock Consulting
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# **** End License ****
+#
+# Author: Neil Beadle
+# Description: This script cleans up orphaned configure sessions and releases
+# disk space
+
+VERSION='0.7'
+ME=$(basename ${0})
+
+# Comment/uncomment line below for debug
+# DEBUG="echo Dry run, this command would be executed: "
+
+# Make sure script runs as root
+if [[ ${EUID} != 0 ]]
+then
+  echo "${ME} version ${VERSION} must be run as root, use: [sudo $(pwd)/${ME}]"
+  exit 1
+fi
+
+if [[ $(ps -a | grep -e 'newgrp$') ]]
+then
+    echo "Configure session running - exit 'configure' before running this script!"
+    exit 1
+else
+    for i in /opt/vyatta/config/tmp/new*
+    do
+        if [[ -d "${i}" ]]
+        then
+            echo "Unmounting ${i}..."
+            ${DEBUG} umount "${i}"
+            if [[ ${?} == 0 ]]
+            then
+                echo "${i} unmounted."
+            else
+                echo "Error: Couldn't unmount ${i}!"
+            fi
+            if [[ -d "${i}" ]]
+            then
+                echo "Removing directory ${i}..."
+                ${DEBUG} rm -rf "${i}"
+            fi
+        fi
+    done
+    for i in /opt/vyatta/config/tmp/*
+    do
+        if [[ -d "${i}" ]]
+        then
+            echo "Removing directory ${i}..."
+            ${DEBUG} rm -rf "${i}"
+        fi
+    done
+    for i in /tmp/changes_only_*
+    do
+        if [[ -d "${i}" ]]
+        then
+            echo "Removing directory ${i}..."
+            ${DEBUG} rm -rf "${i}"
+        fi
+    done
+    for i in /tmp/config.new.boot.*
+    do
+        if [[ ! -s "${i}" ]]
+        then
+            echo "Removing file ${i}..."
+            ${DEBUG} rm -rf "${i}"
+        fi
+    done
+fi

VERSION

@@ -1 +1 @@
-0.0.6a1
+0.0.6

ignore.goconvey

@@ -0,0 +1,10 @@
+// Uncomment the next line to disable the package when running the GoConvey UI:
+//IGNORE
+
+// Uncomment the next line to limit testing to the specified test function name pattern:
+//-run=TestAssertionsAreAvailableFromConveyPackage
+
+// Uncomment the next line to limit testing to those tests that don't bail when testing.Short() is true:
+//-short
+
+// include any additional `go test` flags or application-specific flags below:

internal/edgeos/config.go

@@ -41,17 +41,17 @@ const (
 	agent     = `Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7`
 	all       = "all"
 	blackhole = "dns-redirect-ip"
-	dbg       = false
-	disabled  = "disabled"
-	domains   = "domains"
-	files     = "file"
-	hosts     = "hosts"
-	notknown  = "unknown"
-	preNoun   = "pre-configured"
-	rootNode  = "blacklist"
-	src       = "source"
-	urls      = "url"
-	zones     = "zones"
+	// dbg       = false
+	disabled = "disabled"
+	domains  = "domains"
+	files    = "file"
+	hosts    = "hosts"
+	notknown = "unknown"
+	preNoun  = "pre-configured"
+	rootNode = "blacklist"
+	src      = "source"
+	urls     = "url"
+	zones    = "zones"
 
 	// ExcDomns labels domain exclusions
 	ExcDomns = "domn-excludes"

internal/edgeos/config_test.go

@@ -164,7 +164,7 @@ func TestExcludes(t *testing.T) {
 		tests := []struct {
 			get  list
 			list list
-			raw  []string
+			// raw  []string
 			name string
 			node string
 		}{