diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-firewall/ufw | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-firewall/ufw')
-rw-r--r-- | net-firewall/ufw/Manifest | 1 | ||||
-rw-r--r-- | net-firewall/ufw/files/rsyslog/ufw.logrotate | 13 | ||||
-rw-r--r-- | net-firewall/ufw/files/syslog-ng/syslog-ng.example | 13 | ||||
-rw-r--r-- | net-firewall/ufw/files/syslog-ng/ufw.logrotate | 12 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw-0.31.1-move-path.patch | 177 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw-0.31.1-python-abis.patch | 42 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch | 46 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch | 17 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch | 15 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw-2.initd | 137 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw.confd | 5 | ||||
-rw-r--r-- | net-firewall/ufw/files/ufw.service | 15 | ||||
-rw-r--r-- | net-firewall/ufw/metadata.xml | 18 | ||||
-rw-r--r-- | net-firewall/ufw/ufw-0.34_pre805-r1.ebuild | 184 | ||||
-rw-r--r-- | net-firewall/ufw/ufw-0.34_pre805-r2.ebuild | 186 |
15 files changed, 881 insertions, 0 deletions
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest new file mode 100644 index 000000000000..6380dd51df0b --- /dev/null +++ b/net-firewall/ufw/Manifest @@ -0,0 +1 @@ +DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829 diff --git a/net-firewall/ufw/files/rsyslog/ufw.logrotate b/net-firewall/ufw/files/rsyslog/ufw.logrotate new file mode 100644 index 000000000000..f88ca8265bea --- /dev/null +++ b/net-firewall/ufw/files/rsyslog/ufw.logrotate @@ -0,0 +1,13 @@ +/var/log/ufw.log +{ + rotate 5 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/rsyslog reload >/dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/syslog-ng/syslog-ng.example b/net-firewall/ufw/files/syslog-ng/syslog-ng.example new file mode 100644 index 000000000000..41f7ce39cef7 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/syslog-ng.example @@ -0,0 +1,13 @@ +# This is an example rule for app-admin/syslog-ng to separate ufw logs +# from /var/log/messages. +# Place those lines before "log" entries in /etc/syslog-ng/syslog-ng.conf. + +filter f_ufw { match("\\[UFW " value("MESSAGE")); }; +destination ufwfile { file("/var/log/ufw.log"); }; +log { + source(src); + filter(f_ufw); + destination(ufwfile); + destination(console_all); + flags(final); +}; diff --git a/net-firewall/ufw/files/syslog-ng/ufw.logrotate b/net-firewall/ufw/files/syslog-ng/ufw.logrotate new file mode 100644 index 000000000000..5080aa1bfa38 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/ufw.logrotate @@ -0,0 +1,12 @@ +# logrotate snippet for ufw +# requires app-admin/syslog-ng +# copy the file into /etc/logrotate.d +/var/log/ufw.log { + missingok + rotate 5 + notifempty + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/ufw-0.31.1-move-path.patch b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch new file mode 100644 index 000000000000..24d00ea68ccd --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch @@ -0,0 +1,177 @@ +diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8 +--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before[6].rules +@@ -41,7 +41,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. It supports the following arguments: + .TP +diff -Naur ufw-0.31.orig/README ufw-0.31/README +--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100 +@@ -58,7 +58,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example. Consult +@@ -72,9 +72,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script ++/usr/share/ufw/ufw-init start script + + + Usage +@@ -149,7 +149,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -247,7 +247,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -290,7 +290,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py +--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100 +@@ -54,7 +54,8 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ # real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -116,7 +117,7 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir +@@ -127,8 +128,14 @@ + self.copy_file('conf/user.rules', user_rules) + self.copy_file('conf/user6.rules', user6_rules) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -199,13 +206,18 @@ + + subprocess.call(["sed", + "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ file]) ++ ++ subprocess.call(["sed", ++ "-i", + "s%#VERSION#%" + ufw_version + "%g", + file]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for file in [ before_rules, after_rules, \ +diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py +--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100 +@@ -22,7 +22,7 @@ + import sys + import time + +-from ufw.common import UFWError, UFWRule, config_dir, state_dir ++from ufw.common import UFWError, UFWRule, config_dir, state_dir, share_dir + from ufw.util import warn, debug, msg, cmd, cmd_pipe + import ufw.backend + +@@ -40,7 +40,7 @@ + files['rules6'] = os.path.join(state_dir, 'user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(state_dir, 'ufw-init') ++ files['init'] = os.path.join(share_dir, 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files) + +diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init +--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100 +@@ -18,8 +18,8 @@ + # + set -e + +-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then +- . "#STATE_PREFIX#/ufw-init-functions" ++if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then ++ . "#SHARE_DIR#/ufw-init-functions" + else + echo "Could not find $s (aborting)" + exit 1 +@@ -56,7 +56,7 @@ + flush_builtins || exit "$?" + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch b/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch new file mode 100644 index 000000000000..2c04284ad50c --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch @@ -0,0 +1,42 @@ +This patch fixes issues during package build with ebuild supporting +installation for Python versions: sed substitutions in common.py and location +of ufw script in Python ABIs which have prefix different than /usr. +Also makes .mo files not to be installed in wrong paths. + +More info about the first issue: +with support for multiple Python versions in the ebuild, seems the +file isn't copied from staging/ to build-*/lib/ufw/ after being +modified. That's why the copy needs to be done "manually" here. +The issue occurs with "setup.py build -b build-XXX" followed by +"setup.py build -b build-XXX install". + +probably related: https://bugs.launchpad.net/ufw/+bug/819600 +--- setup.py ++++ setup.py +@@ -90,6 +90,8 @@ + "-i", + "s%#SHARE_DIR#%" + real_sharedir + "%g", + os.path.join('staging', file)]) ++ self.copy_file(os.path.join('staging', file), ++ os.path.join(self.build_base, "lib", "ufw")) + + # Now byte-compile everything + super(Install, self).run() +@@ -99,7 +101,8 @@ + if self.root != None: + prefix = self.root + real_prefix + +- script = os.path.join(prefix, 'sbin', 'ufw') ++ # PyPy (and Jython?) has different prefix. Without the change the binary would end up in a wrong path. ++ script = os.path.join(self.root, 'usr', 'sbin', 'ufw') + manpage = os.path.join(prefix, 'share', 'man', 'man8', 'ufw.8') + manpage_f = os.path.join(prefix, 'share', 'man', 'man8', \ + 'ufw-framework.8') +@@ -147,7 +150,6 @@ + self.mkpath(i18ndir) + if len(os.listdir('locales/mo')) == 0: + subprocess.call(["make", "mo"]) +- self.copy_tree('locales/mo', i18ndir) + + # Install configuration files + confdir = real_confdir diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch new file mode 100644 index 000000000000..b7eae3595cb5 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch @@ -0,0 +1,46 @@ +diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py +--- ufw-0.32/setup.py 2012-07-06 17:46:29.000000000 +0200 ++++ ufw-0.32.new/setup.py 2012-07-30 15:28:31.874547818 +0200 +@@ -225,41 +225,7 @@ + os.unlink(os.path.join('staging', 'ufw-init')) + os.unlink(os.path.join('staging', 'ufw-init-functions')) + +-iptables_exe = '' +-iptables_dir = '' +- +-for e in ['iptables']: +- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ +- '/usr/local/bin']: +- if e == "iptables": +- if os.path.exists(os.path.join(dir, e)): +- iptables_dir = dir +- iptables_exe = os.path.join(iptables_dir, "iptables") +- print("Found '%s'" % iptables_exe) +- else: +- continue +- +- if iptables_exe != "": +- break +- +- +-if iptables_exe == '': +- print("ERROR: could not find required binary 'iptables'", file=sys.stderr) +- sys.exit(1) +- +-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: +- if not os.path.exists(os.path.join(iptables_dir, e)): +- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) +- sys.exit(1) +- +-(rc, out) = cmd([iptables_exe, '-V']) +-if rc != 0: +- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ +- (iptables_exe)) +-version = re.sub('^v', '', re.split('\s', str(out))[1]) +-print("Found '%s' version '%s'" % (iptables_exe, version)) +-if version < "1.4": +- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) ++iptables_dir = '/sbin' + + setup (name='ufw', + version=ufw_version, diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch new file mode 100644 index 000000000000..dc922435de10 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch @@ -0,0 +1,17 @@ +--- shell-completion/bash ++++ shell-completion/bash +@@ -52,7 +52,6 @@ + echo "numbered verbose" + } + +-have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -83,5 +82,5 @@ + fi + } + +-[ "$have" ] && complete -F _ufw ufw ++complete -F _ufw ufw + diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch new file mode 100644 index 000000000000..991f4c826ece --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch @@ -0,0 +1,15 @@ +--- a/setup.py ++++ b/setup.py +@@ -107,12 +107,6 @@ class Install(_install, object): + for f in [ script, manpage, manpage_f ]: + self.mkpath(os.path.dirname(f)) + +- # update the interpreter to that of the one the user specified for setup +- print("Updating staging/ufw to use %s" % (sys.executable)) +- subprocess.call(["sed", +- "-i", +- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", +- 'staging/ufw']) + self.copy_file('staging/ufw', script) + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) diff --git a/net-firewall/ufw/files/ufw-2.initd b/net-firewall/ufw/files/ufw-2.initd new file mode 100644 index 000000000000..f8f03fa2ffcc --- /dev/null +++ b/net-firewall/ufw/files/ufw-2.initd @@ -0,0 +1,137 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + before net + provide firewall +} + +start() { + ebegin "Starting ufw" + _source_file || { eend $?; return $?; } + + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Avoid "Firewall already started, use 'force-reload'" message that + # appears if `ufw enable' had been run before start(). + if _status_quiet; then + eend 0 + return + fi + + # The ufw_start function does the same: if ufw is disabled using `ufw disable', + # ufw_start would not start ufw and return 0, so let's handle this case. + case $enabled_in_cfg in + 0) + ufw_start + ret=$? + eend $ret "Failed to start ufw." + ;; + 1) + # see /etc/conf.d/<name> + if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then + ret=1 + eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first." + else + ret=0 + eend 0 + fi + ;; + 2) + ret=1 + eend $ret "Failed to start ufw." + ;; + esac + + return $ret +} + +stop() { + ebegin "Stopping ufw" + _source_file || { eend $?; return $?; } + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Same as above (unless --force is passed to ufw_stop). + case $enabled_in_cfg in + 0) + ufw_stop + ret=$? + ;; + 1) + einfo "INFO: ufw is configured to be disabled" + ufw_stop --force + ret=$? + ;; + 2) + ret=1 + ;; + esac + + eend $ret "Failed to stop ufw." + return $ret +} + +_status_quiet() { + # return values: 0 - started, 1 - stopped, 2 - error + # Does not execute _source_file. + local ret + ufw_status > /dev/null + ret=$? + # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions. + case $ret in + 0) return 0 ;; + 3) return 1 ;; + *) return 2 ;; + esac +} + +_source_file() { + local sourced_f="/usr/share/ufw/ufw-init-functions" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 1 + fi + + local _path=$PATH + if ! . "$sourced_f"; then + # PATH can be broken here, fix it... + PATH=$_path + eerror "Error sourcing file $sourced_f" + return 1 + fi + + if [ -z "$PATH" ]; then + PATH=$_path + else + PATH="${PATH}:${_path}" + fi + return 0 +} + +_check_if_enabled_in_cfg() { + # Check if user has enabled the firewall with "ufw enable". + # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error. + + local sourced_f="/etc/ufw/ufw.conf" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 2 + fi + + if ! . "$sourced_f"; then + eerror "Error sourcing file $sourced_f" + return 2 + fi + + if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then + return 0 + else + return 1 + fi +} diff --git a/net-firewall/ufw/files/ufw.confd b/net-firewall/ufw/files/ufw.confd new file mode 100644 index 000000000000..900d3bf67bd4 --- /dev/null +++ b/net-firewall/ufw/files/ufw.confd @@ -0,0 +1,5 @@ +# If equals to "yes", warnings that firewall is disabled +# (using `ufw disable') will be suppressed and the service +# will be considered started. +# Default if unset or another value is "no". +ufw_nonfatal_if_disabled=no diff --git a/net-firewall/ufw/files/ufw.service b/net-firewall/ufw/files/ufw.service new file mode 100644 index 000000000000..9d6972036a05 --- /dev/null +++ b/net-firewall/ufw/files/ufw.service @@ -0,0 +1,15 @@ +[Unit] +Description=Uncomplicated Firewall +DefaultDependencies=no +Before=network.target sysinit.target +After=systemd-sysctl.service +ConditionPathExists=|/etc/ufw/ufw.conf + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/share/ufw/ufw-init start +ExecStop=/usr/share/ufw/ufw-init stop + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml new file mode 100644 index 000000000000..afc7f7197388 --- /dev/null +++ b/net-firewall/ufw/metadata.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>proxy-maintainers</herd> + <maintainer> + <email>slawomir.nizio@sabayon.org</email> + <name>Sławomir Nizio</name> + </maintainer> + <longdescription lang="en"> + The Uncomplicated Firewall (ufw) is a frontend for iptables and is + particularly well-suited for host-based firewalls. It provides a framework + for managing netfilter, as well as an easy to use command-line interface for + manipulating the firewall. +</longdescription> + <upstream> + <remote-id type="launchpad">ufw</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild new file mode 100644 index 000000000000..865dbdb5a07e --- /dev/null +++ b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="http://launchpad.net/ufw" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${P}-shebang.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] \ + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; + then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} diff --git a/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild new file mode 100644 index 000000000000..2d694f6e1b12 --- /dev/null +++ b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="http://launchpad.net/ufw" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ia64 ppc ppc64 sparc ~x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${P}-shebang.patch + # Fix bash completions, bug #526300 + "${FILESDIR}"/${P}-bash-completion.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] \ + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; + then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} |