From f1af93971b7490792d8541bc790e0d8c6d787059 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 6 Sep 2019 10:28:05 +0100 Subject: gentoo resync : 06.08.2019 --- net-firewall/Manifest.gz | Bin 5545 -> 5550 bytes net-firewall/nftables/Manifest | 2 + net-firewall/nftables/nftables-0.9.2.ebuild | 138 +++++++ net-firewall/nufw/Manifest | 3 +- net-firewall/nufw/nufw-2.2.22-r1.ebuild | 102 ----- net-firewall/nufw/nufw-2.2.22-r2.ebuild | 105 ------ net-firewall/nufw/nufw-2.2.22-r3.ebuild | 105 ++++++ net-firewall/shorewall/Manifest | 8 + net-firewall/shorewall/shorewall-5.2.3.4.ebuild | 482 ++++++++++++++++++++++++ 9 files changed, 736 insertions(+), 209 deletions(-) create mode 100644 net-firewall/nftables/nftables-0.9.2.ebuild delete mode 100644 net-firewall/nufw/nufw-2.2.22-r1.ebuild delete mode 100644 net-firewall/nufw/nufw-2.2.22-r2.ebuild create mode 100644 net-firewall/nufw/nufw-2.2.22-r3.ebuild create mode 100644 net-firewall/shorewall/shorewall-5.2.3.4.ebuild (limited to 'net-firewall') diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz index c766b14b5f7b..aa41a306dc84 100644 Binary files a/net-firewall/Manifest.gz and b/net-firewall/Manifest.gz differ diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index f80131a2fde7..f58bed582810 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -9,6 +9,8 @@ AUX nftables.init 3069 BLAKE2B 68c6b2b81995bd909c00cc3527f891f04d0dd30532cd821c8 AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f11a8df6621c3c919e30a1ec1213f6db822c390609c01827fe9fc75c540effa3e3a7b6f93bd24e16ea19841bbfaab796ed SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0 DIST nftables-0.9.0.tar.gz 417981 BLAKE2B 4dfba4d71928f1694ffeb4871353fc373d88e23c5ba716e726e1e6aba0efb2703233528f7a408bfefe47bfe54aa3612cccab9742c2a2208ec8c7a4bcda0e1823 SHA512 78e383bad5440c9414202cf0e4b6749fc5c01071d2fa547208e61cea6e7e179933990e7e538a60696eb0a7cf510d2c4b273a91d50287bb51507d244cd2875aed DIST nftables-0.9.1.tar.bz2 764066 BLAKE2B 26b194d6b3b970c05348c32a3ab21e8c25fcdb0d09d3d6b467198ba23a5bb44e7b6450d3efb86c39a488df4a837885c4a1ab96c197d5449f7de49b7b18ff5f90 SHA512 e14b75197ba3fea2a46c090450bf8b45b39fdc20db67bab1d6919c90128dee8ea8bbe9508e070f86b22ec70bcad8ab584fb89630a2240f09683137471c77d242 +DIST nftables-0.9.2.tar.bz2 779850 BLAKE2B 40bf9ed956a126048f27b343afc7aa4f6e34f35dc91127402cb127903f8150d212c80491fef2b54c18a63ca065608521062b3f6a2dd78969bdbf4d7d8a5a751d SHA512 2d83b104af0d70f99a16c2e40afdb9bf89bd984323810e2895976c5e2e346bf09dd88850a391f295e335279adfdd39d34c13610cf8e6b801499dc0df2a5cecf6 EBUILD nftables-0.9.0-r4.ebuild 2497 BLAKE2B 17916257a8fd7934348d4ceddcbead2c50a24954bff6b50e9f13ec5da2351935c3310be2c6749bfb94141523ca2157e6fe84d89bb7b56914f4f3a0553b7e58b8 SHA512 bf2036978cc0412b677c9117512db14c7344747e19f3fe1b2ef6a7d2b750cf64b33c41bdfaae55f8cfdda19c7f376faadd16a626816672a05b70b11d77231ffc EBUILD nftables-0.9.1.ebuild 3439 BLAKE2B cc4cc8af10d494b52a1b1c1cb826983fbe04bf62d7c11aa25bb7c8b11189feeb6e69b2437276574ff0dd9f41d680fcf3e5b19f4d62e17324a3129eeb4c521594 SHA512 dc05bd17223ad8106259170681b2ca55af02842ea1f1eb9f809b93f829c0930a9cfdd06df8922faf6c5d8e54b2d59ebc5516da1ba7eaa8b264e04aa6466fc4ad +EBUILD nftables-0.9.2.ebuild 3342 BLAKE2B 05e99227df28fcd6b9d7f70e1295b2ca0997e84d15eeabb0cefb2dbcc9c91eae6637f98e08aa7fef98bb541ba620c53c881e729a735e6aff26a1465499b6ebe9 SHA512 c191d5a43ef0bde4f0ac85c9b702d2999744c25ede558103e648b4aa5c8b9c140b1839a0a655e203868dc80e2319948161ebb942bc2c6db4c0bae9dfac7a5a1c MISC metadata.xml 918 BLAKE2B 16404ad621319f8a8e93e39d8586aaadb0f6fc6989ee928605a8e5e00f581c5f84b11b9718958667a2f76722950a893e5d6097ff2f242961998ac7b092901489 SHA512 27413ba6b81e930b13ae55292d1c308b54b173cf120430d5462313cd8052834bd01e272978b3ba1d4b9f1be99215a90446b2e93bd0a502d328182706be40f02d diff --git a/net-firewall/nftables/nftables-0.9.2.ebuild b/net-firewall/nftables/nftables-0.9.2.ebuild new file mode 100644 index 000000000000..112b5f0b9afb --- /dev/null +++ b/net-firewall/nftables/nftables-0.9.2.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{5,6,7} ) + +inherit autotools linux-info python-r1 systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" +#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~sparc ~x86" +IUSE="debug +doc +gmp json +modern_kernel python +readline static-libs xtables" + +RDEPEND=" + >=net-libs/libmnl-1.0.3:0= + gmp? ( dev-libs/gmp:0= ) + json? ( dev-libs/jansson ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0= ) + >=net-libs/libnftnl-1.1.4:0= + xtables? ( >=net-firewall/iptables-1.6.1 ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + doc? ( app-text/asciidoc ) + >=app-text/docbook2X-0.8.8-r4 + sys-devel/bison + sys-devel/flex + virtual/pkgconfig +" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +#S="${WORKDIR}/v${PV}" + +python_make() { + emake \ + -C py \ + abs_builddir="${S}" \ + DESTDIR="${D}" \ + PYTHON_BIN="${PYTHON}" \ + ${@} +} + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern_kernel && kernel_is lt 3 18; then + eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + # fix installation path for doc stuff + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}@' \ + -i files/nftables/Makefile.am || die + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/osf@' \ + -i files/osf/Makefile.am || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with readline cli) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use python ; then + python_foreach_impl python_make + fi +} + +src_install() { + default + + local mksuffix="$(usex modern_kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + python_foreach_impl python_make install + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local save_file + save_file="${EROOT}/var/lib/nftables/rules-save" + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f ${save_file} ]]; then + touch ${save_file} + fi + + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemd_enable_service basic.target ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart " + elog "the nftables-restore service must be manually started in order to " + elog "save those rules on shutdown." +} diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest index ddb4fc5e2e3d..7c9d0f981a1d 100644 --- a/net-firewall/nufw/Manifest +++ b/net-firewall/nufw/Manifest @@ -5,6 +5,5 @@ AUX nufw-2.2.22-var-run.patch 1438 BLAKE2B 259d96d3a7386ac30f4ca7a88ecb0a4714b04 AUX nufw-conf.d 122 BLAKE2B 3263b28a9a783f35920a30cb022fe86b8a0fdc05b45c5a191e53c0b201ca38da9fe9eeda82866cf69dc760e0ff2fcd0264ee17f53f03a6077b63d9fcbd2dd1f0 SHA512 df48fc1843bf07e7ccfacd647caafc43752fdfa76da09a89d9ec0d76b79746c60c70f68c004c7e37899f195ae63adefc7d1c1b2c7b41da27911eb4cdc54212fb AUX nufw-init.d 273 BLAKE2B 00827d4cf93b484c6563b7bccc4020e9de0e8f2652eb29f9b1a64dfb4333b7e04b370f977a43a8f9af4b680d62e658a7779822c6671059e83a5ceea7f1872f5e SHA512 7f8b16532ae74b6aae8a9c7ef4a7509b66253f03a47c8ee521163a35db525e8c25b091289e10337307906a27e0aba558bd2a28dc0b91cbc09ce17ba78002d0e1 DIST nufw-2.2.22.tar.bz2 597491 BLAKE2B 4c3092aeaced237ceb9faa16cff275938de23cdca31d2d6f6406238a0fe75ad15468f91a80b1d6e0bfc6dac520b6331ee19a1d95a006d591b891b91aad6caa8b SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee -EBUILD nufw-2.2.22-r1.ebuild 2631 BLAKE2B 731d7f4c0b9d61809d5e4100fb47c9619d0fdad47b2af596740ff3b4f7cbd94158cdc27a930d4d35ae9029f06a4bfdd5b0d42915fdfa989edca4b784abd613d7 SHA512 45e1cbc6deb24861633753cc268090bb4e21f6cd85aed8f1abae2f6aec1d7523dd1ce92043d60cb4229894577b9f0d34fad4ecbf2b5e7dffd7461a3f0b700bb0 -EBUILD nufw-2.2.22-r2.ebuild 2642 BLAKE2B bb9629295235b2a7cfaf184b67b4122cbedc45ea61e6ef7964c277f579ba3d2e0bf61050f30aa9462c82bad399a49330ea5cbdb504c4762d7128ddc6dacda641 SHA512 8afdeab8d1794994a3f398ea4a741369752c52346cd1693978fc48f98b3798b180bea2fa66a7f94614e23067171742e3a3f10e4cb4edef3fa742825b867560fd +EBUILD nufw-2.2.22-r3.ebuild 2650 BLAKE2B 1a22d6dc4bb32d595d147d8b7f739d9bf21658df7e7befda1157008a0841c25b1f864671d0c4a9662f9aefebafea82cbd445ab98399a016c6522ed361762abb2 SHA512 0593a072ba72284ffdce5c591dda4adb17f24842ff42d2021218140b5fe2e4abf910d707afb8ddd974d67eda856d686e3e6e198ab4b0ca5268866e2aae9ee3a5 MISC metadata.xml 547 BLAKE2B 58719a0151213d5a4f796870fdb9360ae67d7d6b7e3672d9e685149c7561604e92f293391813b502f932c94ea76fc2a3b6fd089725d33471a57318e5978a7e8c SHA512 29dea30db4101530fc810fd162a93aa7f87898f57a955f528a9259918a4a9c1d16dc1b7a790817846482b410a11e98f32987d409165a322fdfc8352bfd5383d5 diff --git a/net-firewall/nufw/nufw-2.2.22-r1.ebuild b/net-firewall/nufw/nufw-2.2.22-r1.ebuild deleted file mode 100644 index 79f0b9290942..000000000000 --- a/net-firewall/nufw/nufw-2.2.22-r1.ebuild +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -SSL_CERT_MANDATORY=1 -inherit autotools eutils multilib pam ssl-cert - -DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" -HOMEPAGE="http://www.nufw.org/" -SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 x86" -IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test" - -REQUIRED_USE="pam_nuauth? ( plaintext )" -DEPEND=" - dev-libs/cyrus-sasl - dev-libs/glib:2 - dev-libs/libgcrypt:0 - dev-python/ipy - net-firewall/iptables - net-libs/gnutls - ldap? ( >=net-nds/openldap-2 ) - mysql? ( virtual/mysql ) - nfconntrack? ( net-libs/libnetfilter_conntrack ) - nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) - pam? ( sys-libs/pam ) - pam_nuauth? ( sys-libs/pam ) - postgres? ( dev-db/postgresql[server] ) - prelude? ( dev-libs/libprelude ) -" -RDEPEND=${DEPEND} - -RESTRICT="test" - -src_prepare() { - epatch "${FILESDIR}"/${P}-var-run.patch - sed -i \ - -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ - -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ - conf/nuauth.conf || die - sed -i \ - -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ - src/clients/pam_nufw/Makefile.am || die - eautoreconf -} - -src_configure() { - econf \ - $(use_enable debug) \ - $(use_enable pam_nuauth pam-nufw) \ - $(use_enable static) \ - $(use_with ldap) \ - $(use_with mysql mysql-auth) \ - $(use_with mysql mysql-log) \ - $(use_with nfconntrack) \ - $(use_with nfqueue) \ - $(use_with pam system-auth) \ - $(use_with plaintext plaintext-auth) \ - $(use_with postgres pgsql-log) \ - $(use_with prelude prelude-log) \ - $(use_with syslog syslog-log) \ - $(use_with unicode utf8) \ - --enable-shared \ - --includedir="/usr/include/nufw" \ - --localstatedir="/var" \ - --sysconfdir="/etc/nufw" \ - --with-mark-group \ - --with-user-mark -} - -src_install() { - default - - newinitd "${FILESDIR}"/nufw-init.d nufw - newconfd "${FILESDIR}"/nufw-conf.d nufw - - newinitd "${FILESDIR}"/nuauth-init.d nuauth - newconfd "${FILESDIR}"/nuauth-conf.d nuauth - - insinto /etc/nufw - doins conf/nuauth.conf - - dodoc AUTHORS ChangeLog NEWS README TODO - docinto scripts - dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} - docinto conf - dodoc conf/*.{nufw,schema,conf,dump,xml} - - if use pam; then - pamd_mimic system-auth nufw auth account password session - fi - - prune_libtool_files -} - -pkg_postinst() { - install_cert /etc/nufw/{nufw,nuauth} -} diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild deleted file mode 100644 index a3c6d2b4f822..000000000000 --- a/net-firewall/nufw/nufw-2.2.22-r2.ebuild +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -SSL_CERT_MANDATORY=1 -inherit autotools eutils multilib pam ssl-cert - -DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" -HOMEPAGE="http://www.nufw.org/" -SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 x86" -IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test" - -REQUIRED_USE="pam_nuauth? ( plaintext )" -DEPEND=" - dev-libs/cyrus-sasl - dev-libs/glib:2 - dev-libs/libgcrypt:0 - dev-python/ipy - net-firewall/iptables - net-libs/gnutls - ldap? ( >=net-nds/openldap-2 ) - mysql? ( virtual/mysql ) - nfconntrack? ( net-libs/libnetfilter_conntrack ) - nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) - pam? ( sys-libs/pam ) - pam_nuauth? ( sys-libs/pam ) - postgres? ( dev-db/postgresql:*[server] ) - prelude? ( dev-libs/libprelude ) -" -RDEPEND=${DEPEND} - -PATCHES=( - "${FILESDIR}/${P}-var-run.patch" - "${FILESDIR}/${P}-gnutls-3.4.patch" -) - -RESTRICT="test" - -src_prepare() { - default - sed -i \ - -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ - -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ - conf/nuauth.conf || die - sed -i \ - -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ - src/clients/pam_nufw/Makefile.am || die - eautoreconf -} - -src_configure() { - econf \ - $(use_enable debug) \ - $(use_enable pam_nuauth pam-nufw) \ - $(use_enable static) \ - $(use_with ldap) \ - $(use_with mysql mysql-auth) \ - $(use_with mysql mysql-log) \ - $(use_with nfconntrack) \ - $(use_with nfqueue) \ - $(use_with pam system-auth) \ - $(use_with plaintext plaintext-auth) \ - $(use_with postgres pgsql-log) \ - $(use_with prelude prelude-log) \ - $(use_with syslog syslog-log) \ - $(use_with unicode utf8) \ - --enable-shared \ - --includedir="/usr/include/nufw" \ - --localstatedir="/var" \ - --sysconfdir="/etc/nufw" \ - --with-mark-group \ - --with-user-mark -} - -src_install() { - default - prune_libtool_files - - newinitd "${FILESDIR}"/nufw-init.d nufw - newconfd "${FILESDIR}"/nufw-conf.d nufw - - newinitd "${FILESDIR}"/nuauth-init.d nuauth - newconfd "${FILESDIR}"/nuauth-conf.d nuauth - - insinto /etc/nufw - doins conf/nuauth.conf - - docinto scripts - dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} - docinto conf - dodoc conf/*.{nufw,schema,conf,dump,xml} - - if use pam; then - pamd_mimic system-auth nufw auth account password session - fi -} - -pkg_postinst() { - install_cert /etc/nufw/{nufw,nuauth} -} diff --git a/net-firewall/nufw/nufw-2.2.22-r3.ebuild b/net-firewall/nufw/nufw-2.2.22-r3.ebuild new file mode 100644 index 000000000000..ec1f263bec86 --- /dev/null +++ b/net-firewall/nufw/nufw-2.2.22-r3.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +SSL_CERT_MANDATORY=1 +inherit autotools eutils multilib pam ssl-cert + +DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" +HOMEPAGE="http://www.nufw.org/" +SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 x86" +IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test" + +REQUIRED_USE="pam_nuauth? ( plaintext )" +DEPEND=" + dev-libs/cyrus-sasl + dev-libs/glib:2 + dev-libs/libgcrypt:0 + dev-python/ipy + net-firewall/iptables + net-libs/gnutls + ldap? ( >=net-nds/openldap-2 ) + mysql? ( dev-db/mysql-connector-c ) + nfconntrack? ( net-libs/libnetfilter_conntrack ) + nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) + pam? ( sys-libs/pam ) + pam_nuauth? ( sys-libs/pam ) + postgres? ( dev-db/postgresql:*[server] ) + prelude? ( dev-libs/libprelude ) +" +RDEPEND=${DEPEND} + +PATCHES=( + "${FILESDIR}/${P}-var-run.patch" + "${FILESDIR}/${P}-gnutls-3.4.patch" +) + +RESTRICT="test" + +src_prepare() { + default + sed -i \ + -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ + -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ + conf/nuauth.conf || die + sed -i \ + -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ + src/clients/pam_nufw/Makefile.am || die + eautoreconf +} + +src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable pam_nuauth pam-nufw) \ + $(use_enable static) \ + $(use_with ldap) \ + $(use_with mysql mysql-auth) \ + $(use_with mysql mysql-log) \ + $(use_with nfconntrack) \ + $(use_with nfqueue) \ + $(use_with pam system-auth) \ + $(use_with plaintext plaintext-auth) \ + $(use_with postgres pgsql-log) \ + $(use_with prelude prelude-log) \ + $(use_with syslog syslog-log) \ + $(use_with unicode utf8) \ + --enable-shared \ + --includedir="/usr/include/nufw" \ + --localstatedir="/var" \ + --sysconfdir="/etc/nufw" \ + --with-mark-group \ + --with-user-mark +} + +src_install() { + default + prune_libtool_files + + newinitd "${FILESDIR}"/nufw-init.d nufw + newconfd "${FILESDIR}"/nufw-conf.d nufw + + newinitd "${FILESDIR}"/nuauth-init.d nuauth + newconfd "${FILESDIR}"/nuauth-conf.d nuauth + + insinto /etc/nufw + doins conf/nuauth.conf + + docinto scripts + dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} + docinto conf + dodoc conf/*.{nufw,schema,conf,dump,xml} + + if use pam; then + pamd_mimic system-auth nufw auth account password session + fi +} + +pkg_postinst() { + install_cert /etc/nufw/{nufw,nuauth} +} diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest index c5b81dd8a4d2..16104f2f6076 100644 --- a/net-firewall/shorewall/Manifest +++ b/net-firewall/shorewall/Manifest @@ -16,11 +16,19 @@ AUX shorewall6-lite.systemd 612 BLAKE2B e658af2b6d399fe527a58201b80997651954df67 AUX shorewall6.systemd 577 BLAKE2B 5c755c0105954a34e39e077af0e012d9d6e647715a4b12fbae4fc47f4ae19afd6a63266b3684ddead689b2d4f7450b7a12906258fc86ef33fc36a4dac3771274 SHA512 96b69df246a18e8b7dbfdbe78959da1baa8f2a97eb290853d4040a895f2ae91b97addd2ab4e4e19345960ffe8f1b099442f40ce319b27f0d4d8d7d4780d2e78d AUX shorewallrc-r3 2035 BLAKE2B 6f4e4c93cee1f25405cc3ac76958064f1241a325c8b530c30f6dbd94423577d592e88613f463c4b41c1af1db22c7e53512fd8509931bb6527a8da669f2dbe773 SHA512 eaa32bf6baca0d3555db918d6221c7678f5ba67e78bf9dcdc1bf96deded8f64838d3a332226fa6605f0c1ae82e51e0f2c1540fa6188fd9bced22460a631f48a8 DIST shorewall-5.2.3.3.tar.bz2 556424 BLAKE2B 0a172f0e70449af91421308c5308420a8de7af405eb74107201966b10df2fa7a0fd6042337c182bfa30a92cce3e611e46f8f5b910fb1bbc282513e3fc2d77d0c SHA512 d4166332160cbbc9e36f0c7f8fb6db8573dda17f80bbfb062465bba42f748c4f6815c9467da8a072b9eb01f3745fad67e00eea657ef61d9f90b49ad3a4668300 +DIST shorewall-5.2.3.4.tar.bz2 554090 BLAKE2B b7c5305a23c661d73dcce0d0b2edacbf7dcad911fe8cd7bb11dc34f860505aab5290f0ac9c3902ee5bba826335ec0b656a44b3580250dc6b546436addaad18c1 SHA512 e73fd31d4242823ad592b453af2ad47c28f0b2bfa6fe357f7b0f40f6facd20a293800ae48a8f9db4be68937eb957f24902966710ae1ca649204489f6269cc780 DIST shorewall-core-5.2.3.3.tar.bz2 69043 BLAKE2B 6e84490258bc5cff88ef081bae11520463ff63a079fa8884d5976fa8c812d85e029636abe1092f2fd97a8529e935dc16f877cb75d7f9a3c0aa2236b2a9636d22 SHA512 c8c03273f686a8fa4151686b2426e437b3169ec78831e2d2f4a5bb20bb5265f4ede4a701bca5d21d0d8cafb4bb1e2c460c1b7ebb72ff042ec47221304dfbddd5 +DIST shorewall-core-5.2.3.4.tar.bz2 69744 BLAKE2B 14305bbd73f7f8fd5156a89bf986cbd5a1f4a3f511e8246659a132bc04d3f9ec3b3c6df4f4ced8e29b6034e690751c0dcd1ff8d28d6694528d704ed8ceedd33f SHA512 9fcc55d6eef1456cf3d45b87c29bdfc311e366837a91776519a158605ca2c012779851e94462acbe56868b8549d906f68d36b517b18e99a344cbb39f7127c649 DIST shorewall-docs-html-5.2.3.3.tar.bz2 4303296 BLAKE2B 26fa00d1226fee0a60c5c352bb6d625a365641837a3e7cc9b0a9ec249f45926bb5230e53052597cda098e8bcbc171c9909b98436af75a3ceff6407bab3cbc8ad SHA512 e43c48cad4abb4e8455ff5f012af8cc466737b0c0ff130cadeb5860cee7f3fc38a7d6eacde5fa49c8afbbb6c49cc9df310eb9bcf992bb12422ade26ae003740e +DIST shorewall-docs-html-5.2.3.4.tar.bz2 4292826 BLAKE2B ad5430fac374caeb00cab6edf0f5e9c7d72a5f60c39d43efb57013987eecc029283f698c51b82b577f708f64c39257f679c0c63c4d1879b95aa06e081c4275b0 SHA512 7c3fdc0603c4a8395a86234b982f984c01e131d6ab32a290477fc2ca081f5417dc943dd749da8f1ab76e0f5c0745ca99a6e5d3c3f03f4aa56720e7bf12f430c6 DIST shorewall-init-5.2.3.3.tar.bz2 34456 BLAKE2B 5e7bf650de96973cfe211e4cbb9927c78a9cbae4a4436b8d556ac3df679a999294205f61532906dcbd0fa1027608dfa087b35c31bf64065cb0ccd6d5689905d0 SHA512 6c7017a6ac2df5611910132d9e5d2281b3210dda5e31ce26b15eed9ccd302ca9e1ddfbf92c093e6a751080e6f5a745516db2110bf30154f077d078b607087485 +DIST shorewall-init-5.2.3.4.tar.bz2 34827 BLAKE2B c57fed92734aa9f2e82b9f232568c7181c7ed2dd85257efd1a903747bc6c15951f1ca5521019bc7afa8b1e3e135359e6fa8162ae2ca732a45f03e035a3d0251b SHA512 f22e1a06ee47feacd49add0f0d9cfd7746ed4db626e863c1d8bf0287a33e4a39f6579deb3af29d38c299e8adc35fa5c4b930ba07cad449b1dab87054780109db DIST shorewall-lite-5.2.3.3.tar.bz2 39290 BLAKE2B f499ead6ee21323847b314793cd3250c08eda5e66c335effd72d9df92629e041377cbace0a6a647f5f791489a50663570d79eca7b4c59e1b75d017e47af82706 SHA512 12e87dc80fc347dd8077c9de9d87435bfe689c9115a5e88460f46f58a406ed66ce67f9b9847960bc50bee09eba7f1fe526a871f4852c2978392e7c10929f6617 +DIST shorewall-lite-5.2.3.4.tar.bz2 39642 BLAKE2B 83181e5bedc92d0f7bc6854aa7efe49c05caf3de310a3d3fb5d24eac312f957e3ebaf092a9cf4fa4eb19b9e1b853ececd8b1f3ce64ce47e5b475669920f5464e SHA512 4f73c05f1163051a30c46e4c898622a41c623b8d895c5c819f06ab7d81612cb1d396cdc2dceb816c65a67a1a11642f2bc20f6a510c71f11fc11b4057af837d62 DIST shorewall6-5.2.3.3.tar.bz2 190274 BLAKE2B be44782454dff686a769e0f84298d5bb6217a85953e67acc7d2df16bcb4ebafc0867c62fc308f24690ba1d3b71444779fd5df1c6bce6545e3f269b0efbe49bd3 SHA512 ceb887f479841ed4998e488019bf3ec6874585c552f67be60af39f6414b40d24e2f6595812241d2f5fdf021beed2e0e2af8d98b03cdc66e72c7aedecbad8d3b1 +DIST shorewall6-5.2.3.4.tar.bz2 190759 BLAKE2B ad4a8530341700c475f6fadc840968c7c11fe1841a3c68a1145de457092dadce9a6c6b8df7ca6cb39343d248b1b9c5f267641a62193a76dc41b2bf93d0fe6b01 SHA512 d9c73ac388b794a1714e4487ef805121cef5743c04f48980bad74fd805bd923aae35c678e47a605532634ef156c4ba983f0f63672ee704634bef636505bb7c55 DIST shorewall6-lite-5.2.3.3.tar.bz2 39210 BLAKE2B de02932cfc5315f1db0a21b6ec2f20e393ab041c3634a2bfee3bb309de73614f5da0e8e60ced697d16f82ff19f8257e7fff943fdae983bf64e8b7a18d43811be SHA512 044d793bfd98c0698713adf2aea8837fac970f39956db6f44c9e5b68c4435c65ebf594f5c3091f58dbd3e4d34c2d178052c5af28b568f591c290359cc1418e61 +DIST shorewall6-lite-5.2.3.4.tar.bz2 39623 BLAKE2B fc7ee2d7eee5a4f50b53882ad0ced13893b5f3c4348214529791e7aeffc6662ec5a6e9cead676287be028a8575ccb083570606f12b5e6880848c7476ca90a382 SHA512 3acb0a11c175ec8fd18b48a164c53aedb9e65347e0ca985307624ea892e3609ef645e8b2659319e00757a42efc161a219691027163387da70c6db624d0d6739d EBUILD shorewall-5.2.3.3.ebuild 17106 BLAKE2B aa979e5dec0e76a93db5bb2a4671158e792bb76e23e0fc05460f3ddcda9d2638c5608eacd18822aaf8e0dd5ff314925494ead63b39060b131be5ab454b3bb2ce SHA512 8c881b26cb893c6f1660481334440225b7cbce5012f2fcf20e8cce8403baab12fa21ee489b287eb1604b0d85a05d05c1120fc51617a6001cd35fcaab61e09b43 +EBUILD shorewall-5.2.3.4.ebuild 16979 BLAKE2B be07687a0184b7c790fba59dfb2a1212503d7748e5772b5a959a04a0376c3fc89d827fdf5fd0666b066bc6d0f0add984955ccf6631f605ffff5c1fcd276e952a SHA512 ac4af4eee2c1d7bf44ed265d9541713f2cca27975f7be93cd302ff9f5a8c8b8c2b91ead699d4cf8b8c661801b6dea9e5f40e5d074835b7fc90a431dc1d7b69c0 MISC metadata.xml 2254 BLAKE2B e9d48407a0f055415070f5b0266ed9f534768f6d17d52b7070de30a037b89dbd08daac40b0ec313b8dfc65ba40ff38dae96c9758b78ec66d100ac8fa6b870d5f SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33 diff --git a/net-firewall/shorewall/shorewall-5.2.3.4.ebuild b/net-firewall/shorewall/shorewall-5.2.3.4.ebuild new file mode 100644 index 000000000000..6effdd7a417a --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.2.3.4.ebuild @@ -0,0 +1,482 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit linux-info prefix systemd + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(ver_cut 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(ver_cut 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + if [[ ${MY_PV} = *-Beta* ]] ; then + MY_URL_SUFFIX="-Beta${MY_PV##*-Beta}" + elif [[ ${MY_PV} = *-RC* ]] ; then + MY_URL_SUFFIX="-RC${MY_PV##*-RC}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !=4.19 has unified NF_CONNTRACK module, bug 671176 + if kernel_is -lt 4 19; then + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + sed -i \ + -e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \ + "${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc" + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + pushd "${S}"/${MY_PN_CORE} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + pushd "${S}"/${MY_PN_INIT} &>/dev/null || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch + popd &>/dev/null || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${ED}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + DESTDIR="${ED}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + keepdir /var/lib/shorewall + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + DESTDIR="${ED}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + keepdir /var/lib/shorewall6 + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + DESTDIR="${ED}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + keepdir /var/lib/shorewall-lite + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + DESTDIR="${ED}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + keepdir /var/lib/shorewall6-lite + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${ED}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${ED}/etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${ED}/etc/logrotate.d/shorewall-init\" ..." + rm -rf "${ED}"/etc/logrotate.d/shorewall-init || die "Removing \"${ED}/etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${ED}/etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${ED}/etc/NetworkManager\" ..." + rm -rf "${ED}"/etc/NetworkManager || die "Removing \"${ED}/etc/NetworkManager\" failed" + fi + + if [[ -f "${ED}/usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${ED}"/usr/share/shorewall-init/ifupdown || die "Removing \"${ED}/usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idm214" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} -- cgit v1.2.3