From 0a1a9dab8f9a1101ef7338e2ea42f6b8355d0087 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Tue, 18 Feb 2020 12:55:15 -0500
Subject: [PATCH 147/154] fix: add logrotate policy

Fixes: rhbz 1754117
(cherry picked from commit bd17df59bc340c59fe0e9b864ac9a1fedafbdca0)
(cherry picked from commit 8832bed2cebdab86d09a83cb9a3599731445168d)
---
 .gitignore                    |  1 +
 config/Makefile.am            | 18 +++++++++++++++++-
 config/firewalld.logrotate.in |  7 +++++++
 firewalld.spec                |  1 +
 4 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 config/firewalld.logrotate.in

diff --git a/.gitignore b/.gitignore
index 11e257f5f0b0..b312003f6fa5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@
 /config/firewall-config.appdata.xml
 /config/firewall-config.desktop
 /config/firewalld.service
+/config/firewalld.logrotate
 /config/firewalld-sysctls.conf
 /config/lockdown-whitelist.xml
 /config/org.fedoraproject.FirewallConfig.gschema.valid
diff --git a/config/Makefile.am b/config/Makefile.am
index 0a3e228bff74..d16f87c9c092 100644
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -35,6 +35,7 @@ BUILT_SOURCES = \
 	$(polkit1_action_DATA) \
 	$(gsettings_SCHEMAS) \
 	firewalld-sysctls.conf \
+	firewalld.logrotate \
 	firewalld.service
 
 @INTLTOOL_DESKTOP_RULE@
@@ -44,7 +45,7 @@ BUILT_SOURCES = \
 
 all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS)
 
-CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf
+CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf firewalld.logrotate
 
 DISTCLEANFILES = \
 	$(desktop_DATA) \
@@ -285,6 +286,7 @@ EXTRA_DIST = \
 	$(CONFIG_FILES) \
 	lockdown-whitelist.xml.in \
 	firewalld.init \
+	firewalld.logrotate.in \
 	firewalld-sysctls.conf.in \
 	firewalld.service.in \
 	firewalld.sysconfig \
@@ -296,6 +298,9 @@ UNINSTALL_TARGETS = uninstall-config
 INSTALL_TARGETS += install-modprobe.d
 UNINSTALL_TARGETS += uninstall-modprobe.d
 
+INSTALL_TARGETS += install-logrotate.d
+UNINSTALL_TARGETS += uninstall-logrotate.d
+
 if USE_SYSTEMD
 INSTALL_TARGETS += install-service
 UNINSTALL_TARGETS += uninstall-service
@@ -328,6 +333,9 @@ firewalld.service: firewalld.service.in
 firewalld-sysctls.conf: firewalld-sysctls.conf.in
 	$(edit) $< >$@
 
+firewalld.logrotate: firewalld.logrotate.in
+	$(edit) $< >$@
+
 install-sysconfig:
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
 	$(INSTALL_DATA) $(srcdir)/firewalld.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/firewalld
@@ -368,6 +376,14 @@ uninstall-modprobe.d:
 	rm -f $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf
 	rmdir $(DESTDIR)$(sysconfdir)/modprobe.d || :
 
+install-logrotate.d:
+	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/logrotate.d
+	$(INSTALL_DATA) firewalld.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld
+
+uninstall-logrotate.d:
+	rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld
+	rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || :
+
 install-config:
 	$(MKDIR_P) $(DESTDIR)$(sconfdir)
 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/icmptypes
diff --git a/config/firewalld.logrotate.in b/config/firewalld.logrotate.in
new file mode 100644
index 000000000000..8dba63b765e6
--- /dev/null
+++ b/config/firewalld.logrotate.in
@@ -0,0 +1,7 @@
+@localstatedir@/log/firewalld {
+    weekly
+    missingok
+    rotate 4
+    copytruncate
+    minsize 1M
+}
diff --git a/firewalld.spec b/firewalld.spec
index 65e84849e2fc..cade59891cd7 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -243,6 +243,7 @@ fi
 %{_mandir}/man1/firewalld*.1*
 %{_mandir}/man5/firewall*.5*
 %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
+%{_sysconfdir}/logrotate.d/firewalld
 
 %files -n python-firewall
 %attr(0755,root,root) %dir %{python2_sitelib}/firewall
-- 
2.25.2