diff options
author | Markos Chandras <hwoarang@gentoo.org> | 2012-12-17 19:20:54 +0000 |
---|---|---|
committer | Markos Chandras <hwoarang@gentoo.org> | 2012-12-17 19:20:54 +0000 |
commit | b03a0de908f85161dea9cecda01292fc49322bbe (patch) | |
tree | 1d027f9e613a21aff2b4a7750684c671c0ca0f03 /net-firewall | |
parent | Old. (diff) | |
download | gentoo-2-b03a0de908f85161dea9cecda01292fc49322bbe.tar.gz gentoo-2-b03a0de908f85161dea9cecda01292fc49322bbe.tar.bz2 gentoo-2-b03a0de908f85161dea9cecda01292fc49322bbe.zip |
Version bump. Fixes bug #437266. Thanks to slawomir.nizio@sabayon.org
(Portage version: 2.1.11.37/cvs/Linux x86_64, signed Manifest commit with key B4AFF2C2)
Diffstat (limited to 'net-firewall')
-rw-r--r-- | net-firewall/ufw/ChangeLog | 9 | ||||
-rw-r--r-- | net-firewall/ufw/metadata.xml | 5 | ||||
-rw-r--r-- | net-firewall/ufw/ufw-0.34_pre805.ebuild | 180 |
3 files changed, 188 insertions, 6 deletions
diff --git a/net-firewall/ufw/ChangeLog b/net-firewall/ufw/ChangeLog index 79bdf9097552..a0e5e652233c 100644 --- a/net-firewall/ufw/ChangeLog +++ b/net-firewall/ufw/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-firewall/ufw # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ChangeLog,v 1.11 2012/12/06 09:00:53 thev00d00 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ChangeLog,v 1.12 2012/12/17 19:20:54 hwoarang Exp $ + +*ufw-0.34_pre805 (17 Dec 2012) + + 17 Dec 2012; Markos Chandras <hwoarang@gentoo.org> +ufw-0.34_pre805.ebuild, + metadata.xml: + Version bump. Fixes bug #437266. Thanks to slawomir.nizio@sabayon.org *ufw-0.33-r2 (06 Dec 2012) *ufw-0.31.1-r2 (06 Dec 2012) @@ -70,4 +76,3 @@ +files/ufw-2.initd, +files/ufw.confd, +files/ufw-dont-check-iptables.patch, +files/ufw-move-path.patch, +metadata.xml: Initial import, bug #264912, thank Sławomir Nizio for this job. - diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml index e6ee386430af..ba895f72e300 100644 --- a/net-firewall/ufw/metadata.xml +++ b/net-firewall/ufw/metadata.xml @@ -1,14 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> +<herd>proxy-maintainers</herd> <maintainer> <email>slawomir.nizio@sabayon.org</email> <name>Sławomir Nizio</name> </maintainer> -<maintainer> - <email>pva@gentoo.org</email> - <name>Peter Volkov</name> -</maintainer> <longdescription lang="en"> The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. It provides a framework diff --git a/net-firewall/ufw/ufw-0.34_pre805.ebuild b/net-firewall/ufw/ufw-0.34_pre805.ebuild new file mode 100644 index 000000000000..d60d6b67af3b --- /dev/null +++ b/net-firewall/ufw/ufw-0.34_pre805.ebuild @@ -0,0 +1,180 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.34_pre805.ebuild,v 1.1 2012/12/17 19:20:54 hwoarang Exp $ + +EAPI=4 +PYTHON_DEPEND="2:2.6 3:3.1" +SUPPORT_PYTHON_ABIS="1" +RESTRICT_PYTHON_ABIS="2.5 *-jython" + +inherit bash-completion-r1 eutils linux-info distutils + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="http://launchpad.net/ufw" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +src_prepare() { + # Allow to remove unnecessary build time dependency + # on net-firewall/iptables. + epatch "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + epatch "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the + # file). + epatch "${FILESDIR}"/${PN}-0.31.1-python-abis.patch + + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi +} + +src_install() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + distutils_src_install + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + newbashcomp shell-completion/bash ${PN} +} + +pkg_postinst() { + distutils_pkg_postinst + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] \ + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; + then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} |