diff options
6 files changed, 250 insertions, 1 deletions
diff --git a/net-firewall/shorewall6/ChangeLog b/net-firewall/shorewall6/ChangeLog index fca009f1ac1b..9aee7989ab39 100644 --- a/net-firewall/shorewall6/ChangeLog +++ b/net-firewall/shorewall6/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-firewall/shorewall6 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall6/ChangeLog,v 1.85 2013/08/29 19:03:41 constanze Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall6/ChangeLog,v 1.86 2013/09/22 13:18:09 constanze Exp $ + +*shorewall6-4.5.18-r1 (22 Sep 2013) + + 22 Sep 2013; Constanze Hausner <constanze@gentoo.org> + +files/4.5.18-r1/shorewall6.conf-SUBSYSLOCK.patch, + +files/4.5.18-r1/shorewall6.initd, +files/4.5.18-r1/shorewallrc_new, + +shorewall6-4.5.18-r1.ebuild, +files/4.5.18-r1/shorewall6.systemd: + Bugfix 459316 for 4.5.18; Thanks to Thomas D. 29 Aug 2013; Constanze Hausner <constanze@gentoo.org> metadata.xml: Added Thomas D. as new maintainer diff --git a/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.conf-SUBSYSLOCK.patch b/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.conf-SUBSYSLOCK.patch new file mode 100644 index 000000000000..9f3742a83568 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.conf-SUBSYSLOCK.patch @@ -0,0 +1,22 @@ +--- configfiles/shorewall6.conf 2013-06-24 22:07:38.000000000 +0200 ++++ configfiles/shorewall6.conf.new 2013-07-01 15:50:54.747711444 +0200 +@@ -85,7 +85,7 @@ + + SHOREWALL_SHELL=/bin/sh + +-SUBSYSLOCK=/var/lock/subsys/shorewall6 ++SUBSYSLOCK=/run/lock/shorewall6 + + TC= + +--- configfiles/shorewall6.conf.annotated 2013-06-27 20:32:22.000000000 +0200 ++++ configfiles/shorewall6.conf.annotated.new 2013-07-01 15:51:38.448332964 +0200 +@@ -444,7 +444,7 @@ + # or specified as a null value, /bin/sh is assumed. Using a light-weight + # shell such as ash or dash can significantly improve performance. + # +-SUBSYSLOCK=/var/lock/subsys/shorewall6 ++SUBSYSLOCK=/run/lock/shorewall6 + # + # SUBSYSLOCK=[pathname] + # diff --git a/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.initd b/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.initd new file mode 100644 index 000000000000..5bb6f434d122 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.initd @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.initd,v 1.1 2013/09/22 13:18:09 constanze Exp $ + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall6 status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + /sbin/shorewall6 start 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + /sbin/shorewall6 stop 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + /sbin/shorewall6 status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall6 restart 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + /sbin/shorewall6 clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + /sbin/shorewall6 reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + /sbin/shorewall6 refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + /sbin/shorewall6 check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.systemd b/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.systemd new file mode 100644 index 000000000000..1c6e95374a80 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.18-r1/shorewall6.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4 +# +# Copyright 2011 Jonathan Underwood (jonathan.underwood@gmail.com) +# +[Unit] +Description=Shorewall IPv6 firewall +After=syslog.target +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/shorewall6 +StandardOutput=syslog +ExecStart=/sbin/shorewall6 $OPTIONS start +ExecStop=/sbin/shorewall6 $OPTIONS stop + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall6/files/4.5.18-r1/shorewallrc_new b/net-firewall/shorewall6/files/4.5.18-r1/shorewallrc_new new file mode 100644 index 000000000000..0f9301cfeb49 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.18-r1/shorewallrc_new @@ -0,0 +1,22 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=linux #Generic Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall6/shorewall6-4.5.18-r1.ebuild b/net-firewall/shorewall6/shorewall6-4.5.18-r1.ebuild new file mode 100644 index 000000000000..dcb552f02bc4 --- /dev/null +++ b/net-firewall/shorewall6/shorewall6-4.5.18-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall6/shorewall6-4.5.18-r1.ebuild,v 1.1 2013/09/22 13:18:09 constanze Exp $ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +# Select version (stable, RC, Beta, upstream patched): +MY_PV_TREE=$(get_version_component_range 1-2) # for devel versions use "development/$(get_version_component_range 1-2)" +MY_PV_BASE=$(get_version_component_range 1-3) # which shorewall-common to use + +MY_PN="${PN/6/}" +MY_P="${MY_PN}-${MY_PV_BASE}" +MY_P_DOCS="${MY_PN}-docs-html-${PV}" + +DESCRIPTION="Shoreline Firewall with IPv6 support." +HOMEPAGE="http://www.shorewall.net/" +SRC_URI="http://www1.shorewall.net/pub/${MY_PN}/${MY_PV_TREE}/${MY_P}/${P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/${PN}/${MY_PV_TREE}/${MY_P}/${MY_P_DOCS}.tar.bz2 )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" + +IUSE="doc" + +RDEPEND=">=net-firewall/iptables-1.4.0 + sys-apps/iproute2 + >=net-firewall/shorewall-${PVR} + dev-perl/Socket6" + +pkg_pretend() { + if kernel_is lt 2 6 25 ; then + die "${PN} requires at least kernel 2.6.25." + fi +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc_new "${S}"/shorewallrc.gentoo || die "Copying shorewallrc_new failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying shorewall.initd failed" + + epatch "${FILESDIR}"/${PVR}/shorewall6.conf-SUBSYSLOCK.patch + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + cd "${WORKDIR}/${P}" + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + systemd_newunit "${FILESDIR}"/${PVR}/shorewall6.systemd 'shorewall6.service' + + dodoc changelog.txt releasenotes.txt + if use doc; then + dodoc -r Samples6 + cd "${WORKDIR}/${MY_P_DOCS}" + dohtml -r * + fi +} |