summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkos Chandras <hwoarang@gentoo.org>2012-12-17 19:20:54 +0000
committerMarkos Chandras <hwoarang@gentoo.org>2012-12-17 19:20:54 +0000
commitb03a0de908f85161dea9cecda01292fc49322bbe (patch)
tree1d027f9e613a21aff2b4a7750684c671c0ca0f03 /net-firewall
parentOld. (diff)
downloadgentoo-2-b03a0de908f85161dea9cecda01292fc49322bbe.tar.gz
gentoo-2-b03a0de908f85161dea9cecda01292fc49322bbe.tar.bz2
gentoo-2-b03a0de908f85161dea9cecda01292fc49322bbe.zip
Version bump. Fixes bug #437266. Thanks to slawomir.nizio@sabayon.org
(Portage version: 2.1.11.37/cvs/Linux x86_64, signed Manifest commit with key B4AFF2C2)
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/ufw/ChangeLog9
-rw-r--r--net-firewall/ufw/metadata.xml5
-rw-r--r--net-firewall/ufw/ufw-0.34_pre805.ebuild180
3 files changed, 188 insertions, 6 deletions
diff --git a/net-firewall/ufw/ChangeLog b/net-firewall/ufw/ChangeLog
index 79bdf9097552..a0e5e652233c 100644
--- a/net-firewall/ufw/ChangeLog
+++ b/net-firewall/ufw/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-firewall/ufw
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ChangeLog,v 1.11 2012/12/06 09:00:53 thev00d00 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ChangeLog,v 1.12 2012/12/17 19:20:54 hwoarang Exp $
+
+*ufw-0.34_pre805 (17 Dec 2012)
+
+ 17 Dec 2012; Markos Chandras <hwoarang@gentoo.org> +ufw-0.34_pre805.ebuild,
+ metadata.xml:
+ Version bump. Fixes bug #437266. Thanks to slawomir.nizio@sabayon.org
*ufw-0.33-r2 (06 Dec 2012)
*ufw-0.31.1-r2 (06 Dec 2012)
@@ -70,4 +76,3 @@
+files/ufw-2.initd, +files/ufw.confd, +files/ufw-dont-check-iptables.patch,
+files/ufw-move-path.patch, +metadata.xml:
Initial import, bug #264912, thank Sławomir Nizio for this job.
-
diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
index e6ee386430af..ba895f72e300 100644
--- a/net-firewall/ufw/metadata.xml
+++ b/net-firewall/ufw/metadata.xml
@@ -1,14 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
+<herd>proxy-maintainers</herd>
<maintainer>
<email>slawomir.nizio@sabayon.org</email>
<name>Sławomir Nizio</name>
</maintainer>
-<maintainer>
- <email>pva@gentoo.org</email>
- <name>Peter Volkov</name>
-</maintainer>
<longdescription lang="en">
The Uncomplicated Firewall (ufw) is a frontend for iptables and is
particularly well-suited for host-based firewalls. It provides a framework
diff --git a/net-firewall/ufw/ufw-0.34_pre805.ebuild b/net-firewall/ufw/ufw-0.34_pre805.ebuild
new file mode 100644
index 000000000000..d60d6b67af3b
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.34_pre805.ebuild
@@ -0,0 +1,180 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.34_pre805.ebuild,v 1.1 2012/12/17 19:20:54 hwoarang Exp $
+
+EAPI=4
+PYTHON_DEPEND="2:2.6 3:3.1"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="2.5 *-jython"
+
+inherit bash-completion-r1 eutils linux-info distutils
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="http://launchpad.net/ufw"
+SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="examples ipv6"
+
+DEPEND="sys-devel/gettext"
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+ !<kde-misc/kcm-ufw-0.4.2
+ !<net-firewall/ufw-frontends-0.3.2
+"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+pkg_pretend() {
+ local CONFIG_CHECK="~PROC_FS
+ ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+ ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+ ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+ if kernel_is -ge 2 6 39; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+ else
+ CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+ fi
+
+ # https://bugs.launchpad.net/ufw/+bug/1076050
+ if kernel_is -ge 3 4; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+ else
+ CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+ fi
+
+ CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+ check_extra_config
+
+ # Check for default, useful optional features.
+ if ! linux_config_exists; then
+ ewarn "Cannot determine configuration of your kernel."
+ return
+ fi
+
+ local nf_nat_ftp_ok="yes"
+ local nf_conntrack_ftp_ok="yes"
+ local nf_conntrack_netbios_ns_ok="yes"
+
+ linux_chkconfig_present \
+ NF_NAT_FTP || nf_nat_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+ # This is better than an essay for each unset option...
+ if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
+ || [[ ${nf_conntrack_netbios_ns_ok} = no ]]
+ then
+ echo
+ local mod_msg="Kernel options listed below are not set. They are not"
+ mod_msg+=" mandatory, but they are often useful."
+ mod_msg+=" If you don't need some of them, please remove relevant"
+ mod_msg+=" module name(s) from IPT_MODULES in"
+ mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+ mod_msg+=" Otherwise ufw may fail to start!"
+ ewarn "${mod_msg}"
+ if [[ ${nf_nat_ftp_ok} = no ]]; then
+ ewarn "NF_NAT_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_ftp_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+ fi
+ fi
+}
+
+src_prepare() {
+ # Allow to remove unnecessary build time dependency
+ # on net-firewall/iptables.
+ epatch "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
+ # Move files away from /lib/ufw.
+ epatch "${FILESDIR}"/${PN}-0.31.1-move-path.patch
+ # Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the
+ # file).
+ epatch "${FILESDIR}"/${PN}-0.31.1-python-abis.patch
+
+ # Set as enabled by default. User can enable or disable
+ # the service by adding or removing it to/from a runlevel.
+ sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+ || die "sed failed (ufw.conf)"
+
+ sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+ # If LINGUAS is set install selected translations only.
+ if [[ -n ${LINGUAS+set} ]]; then
+ _EMPTY_LOCALE_LIST="yes"
+ pushd locales/po > /dev/null || die
+
+ local lang
+ for lang in *.po; do
+ if ! has "${lang%.po}" ${LINGUAS}; then
+ rm "${lang}" || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+ done
+
+ popd > /dev/null || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+}
+
+src_install() {
+ newconfd "${FILESDIR}"/ufw.confd ufw
+ newinitd "${FILESDIR}"/ufw-2.initd ufw
+
+ exeinto /usr/share/${PN}
+ doexe tests/check-requirements
+
+ # users normally would want it
+ insinto /usr/share/doc/${PF}/logging/syslog-ng
+ doins "${FILESDIR}"/syslog-ng/*
+
+ insinto /usr/share/doc/${PF}/logging/rsyslog
+ doins "${FILESDIR}"/rsyslog/*
+ doins doc/rsyslog.example
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins examples/*
+ fi
+ distutils_src_install
+ [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
+ newbashcomp shell-completion/bash ${PN}
+}
+
+pkg_postinst() {
+ distutils_pkg_postinst
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ echo
+ elog "To enable ufw, add it to boot sequence and activate it:"
+ elog "-- # rc-update add ufw boot"
+ elog "-- # /etc/init.d/ufw start"
+ echo
+ elog "If you want to keep ufw logs in a separate file, take a look at"
+ elog "/usr/share/doc/${PF}/logging."
+ fi
+ if [[ -z ${REPLACING_VERSIONS} ]] \
+ || [[ ${REPLACING_VERSIONS} < 0.34 ]];
+ then
+ echo
+ elog "/usr/share/ufw/check-requirements script is installed."
+ elog "It is useful for debugging problems with ufw. However one"
+ elog "should keep in mind that the script assumes IPv6 is enabled"
+ elog "on kernel and net-firewall/iptables, and fails when it's not."
+ fi
+ echo
+ ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+ ewarn "default. See README, Remote Management section for more information."
+}