Okay here goes…I think I almost have this but it’s not working…what am I missing? Please help!
-- Check to see if DHCP fix has been applied
set current_grep_item to "00050 allow"
set path_to_grep to "/usr/local/etc/ipfw.conf"
try
set x to do shell script "/usr/bin/grep --count " & quoted form of current_grep_item & " " & quoted form of POSIX path of path_to_grep
on error theErr
set x to "no search string"
return x
end try
-- if DHCP fix has been applied, script will now quit
if x = "4" then
display alert "The DHCP fix has already been applied to this Mac.
Please click Exit to end this installer." buttons {"Exit"} default button {"Exit"}
if button returned of the result is "Exit" then
quit
end if
-- if DHCP fix has not been applied, the required change will now take place.
-- This change requires a restart.
else if x = "no search string" then
do shell script "echo '
add 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf" with administrator privileges
display alert "The DHCP fix has been applied to this Mac.
Please click Restart for changes to take place." buttons {"Restart"} default button {"Restart"}
if button returned of the result is "Restart" then
do shell script "shutdown -r now"
end if
end if
Where does it went wrong. I mean there is no ipfw configuration file on my machine, there is no folder /usr/local/etc on my machine either. So it would be more useful to declare that out than just posting some code.
There are some comments and no special things you’re doing wrong (i can say right now)
where is the check if the file exists?
why do you let grep count four lines instead of 1?
Why else if x = “no string…” then? This will never be executed.
Something like this would make much more sense to me:
set ipfwConfigFile to "/usr/local/etc/ipfw.conf"
if (((do shell script "test -e " & quoted form of ipfwConfigFile & " ; echo $?") as integer) as boolean) then
return false --file doesnt exists
end if
if (do shell script "cat " & quoted form of ipfwConfigFile & " | grep --count '^00050'") as integer > 0 then
--the rule exists
else
--the rule doesn't exists
do shell script "echo -en '\\nadd 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf" with administrator privileges
end if
Thank you for pointing me in the right direction.
A few notes: The ipfw.conf file is basically a file which contains custom firewall information that is passed to ipfw on login. We don’t want to push out a new ipfw.conf file as it may have been customized by a user. Adding the single line of text adds improved DHCP connectivity in our environment.
This is what I have now and I’m pretty comfortable with it but would love a second opinion?
-- search to see if there is an ipfw.conf file
if (do shell script "test -e /usr/local/etc/ipfw.conf ; echo $?; exit 0") as integer > 0 then
-- search to see if the 00050 modification has been made
if (do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0") as integer > 0 then
-- Add the 00050 modification
do shell script "sudo echo -ne '\\nadd 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf"
end if
end if
code looks nice but still have a question about:
(do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0") as integer > 0
It gives me an error, so I’m not sure if that works when you run the code twice.
I prefer (i’m not saying you have to) the following line if you don’t like my count example.
--returns true if there is no line containing 00050 and false when there is.
(do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0")'s length = 0
Thanks for the great addition and all your help…I’m down to the very last bit and have finally got it to run without error! I thought I’d share in case someone somewhere needs to do something similar…
if (do shell script "test -e /usr/local/etc/ipfw.conf ; echo $?; exit 0") as integer = 0 then
set ipfw_exists to "true"
else
set ipfw_exists to "false"
end if
if ipfw_exists = "true" then
display dialog "The ipfw.conf file has been located.
Let's check if the 00050 fix has been added.
Please click Continue." buttons {"Continue"} default button {"Continue"}
if (do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0")'s length = 0 then
set run_ipfw_fix to "true"
else
set run_ipfw_fix to "false"
end if
else
if ipfw_exists = "false" then
display dialog "The 00050 fix is not required on this Mac.
Please click Quit." buttons {"Quit"} default button {"Quit"}
quit
end if
end if
if run_ipfw_fix = "true" then
display dialog "The 00050 fix will now be applied.
Please click Continue." buttons {"Continue"} default button {"Continue"}
do shell script "echo 'add 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf" with administrator privileges
display alert "Your Mac has been updated.
Please Restart now." buttons {"Restart"} default button {"Restart"}
tell application "Finder"
restart
end tell
else
if run_ipfw_fix = "false" then
display dialog "The 00050 fix is not required on this Mac.
Please click Quit." buttons {"Quit"} default button {"Quit"}
quit
end if
end if