Fix Bugs 81313 and 81600 and add patch required for GNAP.

Package-Manager: portage-2.0.51-r15
author: Dominik Stadler <centic@gentoo.org> 2005-02-12 20:40:35 +0000
committer: Dominik Stadler <centic@gentoo.org> 2005-02-12 20:40:35 +0000
commit: 6a666178fb0d068b9a7a7f86822f3a0e5fda646f (patch)
tree: 1b1f5064d93dc46c3933c0c5891e9da2d61e7d0a /net-firewall
parent: Don't try to install setuid (bug #81693) (diff)
download: historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.tar.gz
historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.tar.bz2
historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.zip
6 files changed, 191 insertions, 5 deletions
diff --git a/net-firewall/firehol/ChangeLog b/net-firewall/firehol/ChangeLog
index bad2b76957e8..dd5981573904 100644
--- a/net-firewall/firehol/ChangeLog
+++ b/net-firewall/firehol/ChangeLog
@@ -1,6 +1,21 @@
 # ChangeLog for net-firewall/firehol
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.15 2005/02/02 20:34:54 centic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.16 2005/02/12 20:40:35 centic Exp $
+
+*firehol-1.226-r1 (12 Feb 2005)
+
+  12 Feb 2005; Dominik Stadler <centic@gentoo.org>
+  files/firehol.initrd:
+  Fix firehol.initrd with try-action. Fixes Bug 81313
+
+*firehol-1.226-r1 (12 Feb 2005)
+
+  12 Feb 2005; Dominik Stadler <centic@gentoo.org>
+  +files/firehol-1.226-to-228.patch, +firehol-1.226-r1.ebuild:
+  Add patch to include changes from 1.228 for embedded Gentoo-GNAP.
+  Also add check to make sure that iproute2 is not installed with 
+  USE="minimal", fixes Bug 81600.
+  
 
   02 Feb 2005; Dominik Stadler <centic@gentoo.org> -firehol-1.191-r2.ebuild,
   -firehol-1.214.ebuild:
diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest
index ba21a426e5e1..f97628b966ba 100644
--- a/net-firewall/firehol/Manifest
+++ b/net-firewall/firehol/Manifest
@@ -1,14 +1,17 @@
-MD5 7fa194265f94d3c4b1f017c2a654771a ChangeLog 2879
+MD5 c97375dae6305fced37c5ebdbca8e568 ChangeLog 3362
 MD5 354dc2b953dae45ec818e9493f5f46a1 firehol-1.120.ebuild 1111
 MD5 9e95e869b12d85696a6faf1b1106daf1 firehol-1.224.ebuild 1637
 MD5 cd64ad4c0a154cfdde7e36757d61e758 firehol-1.226.ebuild 1494
 MD5 4086491e8b7c76b8138dc140f7742978 metadata.xml 232
 MD5 4efca5574b9f1e90a16df17797ef557c firehol-1.159-r1.ebuild 1101
-MD5 338cc56b7140f4ccd56377488a6aebf5 files/firehol.initrd 1196
+MD5 8d533d1ed355f3ec64c82e2ef4232146 firehol-1.226-r1.ebuild 2014
+MD5 9217f80319c21b460ace2c676d2a8430 files/firehol.initrd 1212
 MD5 900023a168850621684489055919f9ed files/digest-firehol-1.120 65
 MD5 b1fe20f99ed0e74e40f3b11f1261b50b files/digest-firehol-1.224 66
 MD5 c38742ecf1870604915679223db730fd files/digest-firehol-1.226 66
 MD5 5bbd5e937bfbca1a18412642dd122eb6 files/digest-firehol-1.159-r1 65
 MD5 32a409eeb7b55602f5a83b77a8f1662b files/firehol-1.191-bash-3.0.patch 5663
+MD5 0d4eceaa49f1a12171145a685e42c015 files/firehol-1.226-to-228.patch 2311
+MD5 c38742ecf1870604915679223db730fd files/digest-firehol-1.226-r1 66
 MD5 76b78f59bdc0f07399dd54e1b756c3cb files/firehol.conf.d 70
 MD5 90281f0915d86f29b50587c1ff726b01 files/firehol-1.224-to-226.patch 2339
diff --git a/net-firewall/firehol/files/digest-firehol-1.226-r1 b/net-firewall/firehol/files/digest-firehol-1.226-r1
new file mode 100644
index 000000000000..65582f9c48c3
--- /dev/null
+++ b/net-firewall/firehol/files/digest-firehol-1.226-r1
@@ -0,0 +1 @@
+MD5 958f6e95bad37013e544da587f55c8b7 firehol-1.226.tar.bz2 118113
diff --git a/net-firewall/firehol/files/firehol-1.226-to-228.patch b/net-firewall/firehol/files/firehol-1.226-to-228.patch
new file mode 100644
index 000000000000..a94dcfed4e23
--- /dev/null
+++ b/net-firewall/firehol/files/firehol-1.226-to-228.patch
@@ -0,0 +1,92 @@
+===================================================================
+RCS file: /cvsroot/firehol/firehol/firehol.sh,v
+retrieving revision 1.226
+retrieving revision 1.228
+diff -u -r1.226 -r1.228
+--- firehol/firehol/firehol.sh	2005/01/25 21:28:19	1.226
++++ firehol/firehol/firehol.sh	2005/02/09 22:36:24	1.228
+@@ -74,6 +74,27 @@
+ 	return 0
+ }
+ 
++# Check for a command during runtime.
++# Currently the following commands are required only when needed:
++#
++# wget or curl (either is fine)
++# gzcat
++#
++require_cmd() {
++	for x in $1
++	do
++		eval var=`echo ${x} | tr 'a-z' 'A-Z'`_CMD
++		eval val=\$\{${var}\}
++		if [ -z "${val}" ]
++		then
++			which_cmd -n "${var}" "${x}"
++			test $? -eq 0 && return 0
++		fi
++	done
++	
++	return 1
++}
++
+ which_cmd CAT_CMD cat
+ which_cmd CUT_CMD cut
+ which_cmd CHOWN_CMD chown
+@@ -103,7 +124,6 @@
+ which_cmd TR_CMD tr
+ which_cmd UNAME_CMD uname
+ which_cmd UNIQ_CMD uniq
+-which_cmd -n WGET_CMD wget || which_cmd CURL_CMD curl
+ 
+ # Make sure our generated files cannot be accessed by anyone else.
+ umask 077
+@@ -1778,6 +1798,8 @@
+ firehol_wget() {
+ 	local url="${1}"
+ 	
++	require_cmd wget curl || error "Cannot find 'wget' or 'curl' in the path."
++	
+ 	if [ ! -z "${WGET_CMD}" ]
+ 	then
+ 		${WGET_CMD} -O - "${url}" 2>/dev/null
+@@ -1828,6 +1850,9 @@
+ 		done
+ 		
+ 		test ${count} -eq 0 && softwarning "No ECN SHAME IPs found." && return 1
++	else
++		softwarning "TCP_ECN is not enabled in the kernel. ECN_SHAME helper is ignored."
++		return 0
+ 	fi
+ 	return 0
+ }
+@@ -2563,12 +2588,21 @@
+ # new firewall has been activated. Here we just keep a list of the required
+ # kernel modules.
+ 
++# optionaly require command gzcat
++require_cmd gzcat
++
+ KERNEL_CONFIG=
+ if [ -f "/proc/config" ]
+ then
+ 	KERNEL_CONFIG="/proc/config"
+ 	${CAT_CMD} /proc/config >${FIREHOL_DIR}/kcfg
+ 	source ${FIREHOL_DIR}/kcfg
++	${RM_CMD} -f ${FIREHOL_DIR}/kcfg	
++elif [ -f "/proc/config.gz" -a ! -z "${GZCAT_CMD}" ]
++then
++	KERNEL_CONFIG="/proc/config.gz"
++	${GZCAT_CMD} /proc/config.gz >${FIREHOL_DIR}/kcfg
++	source ${FIREHOL_DIR}/kcfg
+ 	${RM_CMD} -f ${FIREHOL_DIR}/kcfg
+ 	
+ elif [ -f "/lib/modules/`${UNAME_CMD} -r`/build/.config" ]
+@@ -2600,7 +2634,6 @@
+ 	echo >&2 " "
+ fi
+ 
+-
+ # activation-phase command to check for the existance of
+ # a kernel configuration directive. It returns:
+ # 0 = module is already in the kernel
diff --git a/net-firewall/firehol/files/firehol.initrd b/net-firewall/firehol/files/firehol.initrd
index 9080f44a2b4b..2ba0041cca98 100644
--- a/net-firewall/firehol/files/firehol.initrd
+++ b/net-firewall/firehol/files/firehol.initrd
@@ -1,7 +1,7 @@
 #!/sbin/runscript
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/files/firehol.initrd,v 1.4 2004/11/09 13:59:59 centic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/files/firehol.initrd,v 1.5 2005/02/12 20:40:35 centic Exp $
 
 
 opts="start stop restart try status panic save"
@@ -43,7 +43,7 @@ restart() {
 
 try() {
 	ebegin "Trying FireHOL configuration"
-	/usr/sbin/firehol try
+	/usr/sbin/firehol ${FIREHOL_CONF} try
 	eend $?
 }
 
diff --git a/net-firewall/firehol/firehol-1.226-r1.ebuild b/net-firewall/firehol/firehol-1.226-r1.ebuild
new file mode 100644
index 000000000000..09110188ce9b
--- /dev/null
+++ b/net-firewall/firehol/firehol-1.226-r1.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.226-r1.ebuild,v 1.1 2005/02/12 20:40:35 centic Exp $
+
+inherit eutils
+
+DESCRIPTION="iptables firewall generator"
+HOMEPAGE="http://firehol.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE=""
+KEYWORDS="~x86 ~amd64"
+
+RDEPEND="net-firewall/iptables
+	sys-apps/iproute2
+	virtual/modutils
+	|| (
+		net-misc/wget
+		net-misc/curl
+	)"
+
+pkg_setup() {
+	# Bug 81600 fail if iproute2 is built without minimal
+	if built_with_use sys-apps/iproute2 minimal; then
+		eerror "Firehol requires iproute2 to be emerged without"
+		eerror "the USE-Flag \"minimal\"."
+		eerror "Re-emerge iproute2 with"
+		eerror "USE=\"-minimal\" emerge sys-apps/iproute2"
+		die "sys-apps/iproute2 without USE=\"minimal\" needed"
+	fi
+}
+
+# patch for embedded Gentoo - GNAP
+# backport from firehol-CVS.
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${P}-to-228.patch || die
+}
+
+src_install() {
+	newsbin firehol.sh firehol
+
+	dodir /etc/firehol /etc/firehol/examples /etc/firehol/services
+	insinto /etc/firehol/examples
+	doins examples/* || die
+
+	insinto /etc/conf.d
+	newins ${FILESDIR}/firehol.conf.d firehol || die
+
+	dodoc ChangeLog COPYING README TODO WhatIsNew || die
+	dohtml doc/*.html doc/*.css  || die
+
+	docinto scripts
+	dodoc get-iana.sh adblock.sh || die
+
+	doman man/*.1 man/*.5 || die
+
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/firehol.initrd firehol || die
+}
+
+pkg_postinst() {
+	einfo "The default path to firehol's configuration file is /etc/firehol/firehol.conf"
+	einfo "See /etc/firehol/examples for configuration examples."
+	#
+	# Install a default configuration if none is available yet
+	if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then
+		einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf"
+		cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf"
+	fi
+}
+
author	Dominik Stadler <centic@gentoo.org>	2005-02-12 20:40:35 +0000
committer	Dominik Stadler <centic@gentoo.org>	2005-02-12 20:40:35 +0000
commit	6a666178fb0d068b9a7a7f86822f3a0e5fda646f (patch)
tree	1b1f5064d93dc46c3933c0c5891e9da2d61e7d0a /net-firewall
parent	Don't try to install setuid (bug #81693) (diff)
download	historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.tar.gz historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.tar.bz2 historical-6a666178fb0d068b9a7a7f86822f3a0e5fda646f.zip