diff options
author | Dominik Stadler <centic@gentoo.org> | 2005-02-12 20:40:35 +0000 |
---|---|---|
committer | Dominik Stadler <centic@gentoo.org> | 2005-02-12 20:40:35 +0000 |
commit | 6a666178fb0d068b9a7a7f86822f3a0e5fda646f (patch) | |
tree | 1b1f5064d93dc46c3933c0c5891e9da2d61e7d0a /net-firewall/firehol | |
parent | Don't try to install setuid (bug #81693) (diff) | |
download | historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.tar.gz historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.tar.bz2 historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.zip |
Fix Bugs 81313 and 81600 and add patch required for GNAP.
Package-Manager: portage-2.0.51-r15
Diffstat (limited to 'net-firewall/firehol')
-rw-r--r-- | net-firewall/firehol/ChangeLog | 17 | ||||
-rw-r--r-- | net-firewall/firehol/Manifest | 7 | ||||
-rw-r--r-- | net-firewall/firehol/files/digest-firehol-1.226-r1 | 1 | ||||
-rw-r--r-- | net-firewall/firehol/files/firehol-1.226-to-228.patch | 92 | ||||
-rw-r--r-- | net-firewall/firehol/files/firehol.initrd | 4 | ||||
-rw-r--r-- | net-firewall/firehol/firehol-1.226-r1.ebuild | 75 |
6 files changed, 191 insertions, 5 deletions
diff --git a/net-firewall/firehol/ChangeLog b/net-firewall/firehol/ChangeLog index bad2b76957e8..dd5981573904 100644 --- a/net-firewall/firehol/ChangeLog +++ b/net-firewall/firehol/ChangeLog @@ -1,6 +1,21 @@ # ChangeLog for net-firewall/firehol # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.15 2005/02/02 20:34:54 centic Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.16 2005/02/12 20:40:35 centic Exp $ + +*firehol-1.226-r1 (12 Feb 2005) + + 12 Feb 2005; Dominik Stadler <centic@gentoo.org> + files/firehol.initrd: + Fix firehol.initrd with try-action. Fixes Bug 81313 + +*firehol-1.226-r1 (12 Feb 2005) + + 12 Feb 2005; Dominik Stadler <centic@gentoo.org> + +files/firehol-1.226-to-228.patch, +firehol-1.226-r1.ebuild: + Add patch to include changes from 1.228 for embedded Gentoo-GNAP. + Also add check to make sure that iproute2 is not installed with + USE="minimal", fixes Bug 81600. + 02 Feb 2005; Dominik Stadler <centic@gentoo.org> -firehol-1.191-r2.ebuild, -firehol-1.214.ebuild: diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest index ba21a426e5e1..f97628b966ba 100644 --- a/net-firewall/firehol/Manifest +++ b/net-firewall/firehol/Manifest @@ -1,14 +1,17 @@ -MD5 7fa194265f94d3c4b1f017c2a654771a ChangeLog 2879 +MD5 c97375dae6305fced37c5ebdbca8e568 ChangeLog 3362 MD5 354dc2b953dae45ec818e9493f5f46a1 firehol-1.120.ebuild 1111 MD5 9e95e869b12d85696a6faf1b1106daf1 firehol-1.224.ebuild 1637 MD5 cd64ad4c0a154cfdde7e36757d61e758 firehol-1.226.ebuild 1494 MD5 4086491e8b7c76b8138dc140f7742978 metadata.xml 232 MD5 4efca5574b9f1e90a16df17797ef557c firehol-1.159-r1.ebuild 1101 -MD5 338cc56b7140f4ccd56377488a6aebf5 files/firehol.initrd 1196 +MD5 8d533d1ed355f3ec64c82e2ef4232146 firehol-1.226-r1.ebuild 2014 +MD5 9217f80319c21b460ace2c676d2a8430 files/firehol.initrd 1212 MD5 900023a168850621684489055919f9ed files/digest-firehol-1.120 65 MD5 b1fe20f99ed0e74e40f3b11f1261b50b files/digest-firehol-1.224 66 MD5 c38742ecf1870604915679223db730fd files/digest-firehol-1.226 66 MD5 5bbd5e937bfbca1a18412642dd122eb6 files/digest-firehol-1.159-r1 65 MD5 32a409eeb7b55602f5a83b77a8f1662b files/firehol-1.191-bash-3.0.patch 5663 +MD5 0d4eceaa49f1a12171145a685e42c015 files/firehol-1.226-to-228.patch 2311 +MD5 c38742ecf1870604915679223db730fd files/digest-firehol-1.226-r1 66 MD5 76b78f59bdc0f07399dd54e1b756c3cb files/firehol.conf.d 70 MD5 90281f0915d86f29b50587c1ff726b01 files/firehol-1.224-to-226.patch 2339 diff --git a/net-firewall/firehol/files/digest-firehol-1.226-r1 b/net-firewall/firehol/files/digest-firehol-1.226-r1 new file mode 100644 index 000000000000..65582f9c48c3 --- /dev/null +++ b/net-firewall/firehol/files/digest-firehol-1.226-r1 @@ -0,0 +1 @@ +MD5 958f6e95bad37013e544da587f55c8b7 firehol-1.226.tar.bz2 118113 diff --git a/net-firewall/firehol/files/firehol-1.226-to-228.patch b/net-firewall/firehol/files/firehol-1.226-to-228.patch new file mode 100644 index 000000000000..a94dcfed4e23 --- /dev/null +++ b/net-firewall/firehol/files/firehol-1.226-to-228.patch @@ -0,0 +1,92 @@ +=================================================================== +RCS file: /cvsroot/firehol/firehol/firehol.sh,v +retrieving revision 1.226 +retrieving revision 1.228 +diff -u -r1.226 -r1.228 +--- firehol/firehol/firehol.sh 2005/01/25 21:28:19 1.226 ++++ firehol/firehol/firehol.sh 2005/02/09 22:36:24 1.228 +@@ -74,6 +74,27 @@ + return 0 + } + ++# Check for a command during runtime. ++# Currently the following commands are required only when needed: ++# ++# wget or curl (either is fine) ++# gzcat ++# ++require_cmd() { ++ for x in $1 ++ do ++ eval var=`echo ${x} | tr 'a-z' 'A-Z'`_CMD ++ eval val=\$\{${var}\} ++ if [ -z "${val}" ] ++ then ++ which_cmd -n "${var}" "${x}" ++ test $? -eq 0 && return 0 ++ fi ++ done ++ ++ return 1 ++} ++ + which_cmd CAT_CMD cat + which_cmd CUT_CMD cut + which_cmd CHOWN_CMD chown +@@ -103,7 +124,6 @@ + which_cmd TR_CMD tr + which_cmd UNAME_CMD uname + which_cmd UNIQ_CMD uniq +-which_cmd -n WGET_CMD wget || which_cmd CURL_CMD curl + + # Make sure our generated files cannot be accessed by anyone else. + umask 077 +@@ -1778,6 +1798,8 @@ + firehol_wget() { + local url="${1}" + ++ require_cmd wget curl || error "Cannot find 'wget' or 'curl' in the path." ++ + if [ ! -z "${WGET_CMD}" ] + then + ${WGET_CMD} -O - "${url}" 2>/dev/null +@@ -1828,6 +1850,9 @@ + done + + test ${count} -eq 0 && softwarning "No ECN SHAME IPs found." && return 1 ++ else ++ softwarning "TCP_ECN is not enabled in the kernel. ECN_SHAME helper is ignored." ++ return 0 + fi + return 0 + } +@@ -2563,12 +2588,21 @@ + # new firewall has been activated. Here we just keep a list of the required + # kernel modules. + ++# optionaly require command gzcat ++require_cmd gzcat ++ + KERNEL_CONFIG= + if [ -f "/proc/config" ] + then + KERNEL_CONFIG="/proc/config" + ${CAT_CMD} /proc/config >${FIREHOL_DIR}/kcfg + source ${FIREHOL_DIR}/kcfg ++ ${RM_CMD} -f ${FIREHOL_DIR}/kcfg ++elif [ -f "/proc/config.gz" -a ! -z "${GZCAT_CMD}" ] ++then ++ KERNEL_CONFIG="/proc/config.gz" ++ ${GZCAT_CMD} /proc/config.gz >${FIREHOL_DIR}/kcfg ++ source ${FIREHOL_DIR}/kcfg + ${RM_CMD} -f ${FIREHOL_DIR}/kcfg + + elif [ -f "/lib/modules/`${UNAME_CMD} -r`/build/.config" ] +@@ -2600,7 +2634,6 @@ + echo >&2 " " + fi + +- + # activation-phase command to check for the existance of + # a kernel configuration directive. It returns: + # 0 = module is already in the kernel diff --git a/net-firewall/firehol/files/firehol.initrd b/net-firewall/firehol/files/firehol.initrd index 9080f44a2b4b..2ba0041cca98 100644 --- a/net-firewall/firehol/files/firehol.initrd +++ b/net-firewall/firehol/files/firehol.initrd @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/files/firehol.initrd,v 1.4 2004/11/09 13:59:59 centic Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/files/firehol.initrd,v 1.5 2005/02/12 20:40:35 centic Exp $ opts="start stop restart try status panic save" @@ -43,7 +43,7 @@ restart() { try() { ebegin "Trying FireHOL configuration" - /usr/sbin/firehol try + /usr/sbin/firehol ${FIREHOL_CONF} try eend $? } diff --git a/net-firewall/firehol/firehol-1.226-r1.ebuild b/net-firewall/firehol/firehol-1.226-r1.ebuild new file mode 100644 index 000000000000..09110188ce9b --- /dev/null +++ b/net-firewall/firehol/firehol-1.226-r1.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.226-r1.ebuild,v 1.1 2005/02/12 20:40:35 centic Exp $ + +inherit eutils + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="http://firehol.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +IUSE="" +KEYWORDS="~x86 ~amd64" + +RDEPEND="net-firewall/iptables + sys-apps/iproute2 + virtual/modutils + || ( + net-misc/wget + net-misc/curl + )" + +pkg_setup() { + # Bug 81600 fail if iproute2 is built without minimal + if built_with_use sys-apps/iproute2 minimal; then + eerror "Firehol requires iproute2 to be emerged without" + eerror "the USE-Flag \"minimal\"." + eerror "Re-emerge iproute2 with" + eerror "USE=\"-minimal\" emerge sys-apps/iproute2" + die "sys-apps/iproute2 without USE=\"minimal\" needed" + fi +} + +# patch for embedded Gentoo - GNAP +# backport from firehol-CVS. +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/${P}-to-228.patch || die +} + +src_install() { + newsbin firehol.sh firehol + + dodir /etc/firehol /etc/firehol/examples /etc/firehol/services + insinto /etc/firehol/examples + doins examples/* || die + + insinto /etc/conf.d + newins ${FILESDIR}/firehol.conf.d firehol || die + + dodoc ChangeLog COPYING README TODO WhatIsNew || die + dohtml doc/*.html doc/*.css || die + + docinto scripts + dodoc get-iana.sh adblock.sh || die + + doman man/*.1 man/*.5 || die + + exeinto /etc/init.d + newexe ${FILESDIR}/firehol.initrd firehol || die +} + +pkg_postinst() { + einfo "The default path to firehol's configuration file is /etc/firehol/firehol.conf" + einfo "See /etc/firehol/examples for configuration examples." + # + # Install a default configuration if none is available yet + if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then + einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf" + cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf" + fi +} + |