From 13cabfd23b3d793596453e85057789ef14a4faa1 Mon Sep 17 00:00:00 2001 From: Hasan ÇALIŞIR Date: Thu, 21 Mar 2019 04:08:46 +0300 Subject: net-firewall/ufw: version bump to 0.36 && EAPI 7 bump. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported-by: yuLya Tested-by: Hasan ÇALIŞIR Closes: https://bugs.gentoo.org/680540 Closes: https://github.com/gentoo/gentoo/pull/11430 Package-Manager: Portage-2.3.62, Repoman-2.3.11 Signed-off-by: Hasan ÇALIŞIR Signed-off-by: Patrice Clement --- net-firewall/ufw/Manifest | 1 + .../ufw/files/ufw-0.36-bash-completion.patch | 16 ++ .../ufw/files/ufw-0.36-dont-check-iptables.patch | 45 +++++ net-firewall/ufw/files/ufw-0.36-move-path.patch | 174 ++++++++++++++++++ net-firewall/ufw/files/ufw-0.36-shebang.patch | 15 ++ net-firewall/ufw/metadata.xml | 15 +- net-firewall/ufw/ufw-0.36.ebuild | 199 +++++++++++++++++++++ 7 files changed, 463 insertions(+), 2 deletions(-) create mode 100644 net-firewall/ufw/files/ufw-0.36-bash-completion.patch create mode 100644 net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch create mode 100644 net-firewall/ufw/files/ufw-0.36-move-path.patch create mode 100644 net-firewall/ufw/files/ufw-0.36-shebang.patch create mode 100644 net-firewall/ufw/ufw-0.36.ebuild (limited to 'net-firewall') diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest index ed396f855b33..ad31ad0661ae 100644 --- a/net-firewall/ufw/Manifest +++ b/net-firewall/ufw/Manifest @@ -1,2 +1,3 @@ DIST ufw-0.34_pre805.tar.gz 335875 BLAKE2B a2b654fe35a299ffd9978ef14a8d5667f799b654b6285bc81756c8081d9f4417b2fa9c05a234351d42709c2c57ff624b4fe7bca8ffe4d13cd12436feead6e4da SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc +DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3 diff --git a/net-firewall/ufw/files/ufw-0.36-bash-completion.patch b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch new file mode 100644 index 000000000000..927af244eef1 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch @@ -0,0 +1,16 @@ +--- a/shell-completion/bash 2018-12-14 21:25:55.000000000 +0300 ++++ b/shell-completion/bash 2019-03-21 01:26:46.152181981 +0300 +@@ -57,7 +57,6 @@ + echo "numbered verbose" + } + +-_have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -91,4 +90,4 @@ + fi + } + +-_have ufw && complete -F _ufw ufw ++complete -F _ufw ufw diff --git a/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch new file mode 100644 index 000000000000..11eb1748dd1d --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch @@ -0,0 +1,45 @@ +--- a/setup.py 2019-03-21 01:32:28.500245586 +0300 ++++ b/setup.py 2019-03-21 01:39:17.166095026 +0300 +@@ -257,41 +257,7 @@ + os.unlink(os.path.join('staging', 'ufw-init')) + os.unlink(os.path.join('staging', 'ufw-init-functions')) + +-iptables_exe = '' +-iptables_dir = '' +- +-for e in ['iptables']: +- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ +- '/usr/local/bin']: +- if e == "iptables": +- if os.path.exists(os.path.join(dir, e)): +- iptables_dir = dir +- iptables_exe = os.path.join(iptables_dir, "iptables") +- print("Found '%s'" % iptables_exe) +- else: +- continue +- +- if iptables_exe != "": +- break +- +- +-if iptables_exe == '': +- print("ERROR: could not find required binary 'iptables'", file=sys.stderr) +- sys.exit(1) +- +-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: +- if not os.path.exists(os.path.join(iptables_dir, e)): +- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) +- sys.exit(1) +- +-(rc, out) = cmd([iptables_exe, '-V']) +-if rc != 0: +- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ +- (iptables_exe)) +-version = re.sub('^v', '', re.split('\s', str(out))[1]) +-print("Found '%s' version '%s'" % (iptables_exe, version)) +-if version < "1.4": +- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) ++iptables_dir = '/sbin' + + setup (name='ufw', + version=ufw_version, diff --git a/net-firewall/ufw/files/ufw-0.36-move-path.patch b/net-firewall/ufw/files/ufw-0.36-move-path.patch new file mode 100644 index 000000000000..1ba9d117be50 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.36-move-path.patch @@ -0,0 +1,174 @@ +--- a/doc/ufw-framework.8 2018-12-14 21:25:55.000000000 +0300 ++++ b/doc/ufw-framework.8 2019-03-21 00:12:37.852104313 +0300 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before.init +@@ -47,7 +47,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init + scripts may be used to perform any additional firewall configuration that is +--- a/README 2018-07-24 16:42:38.000000000 +0300 ++++ b/README 2019-03-21 00:18:18.253205303 +0300 +@@ -60,7 +60,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example and +@@ -74,10 +74,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script +- ++/usr/share/ufw/ufw-init start script + + Usage + ----- +@@ -152,7 +151,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -260,7 +259,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -303,7 +302,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +--- a/setup.py 2018-12-14 21:25:55.000000000 +0300 ++++ b/setup.py 2019-03-21 00:44:49.603002503 +0300 +@@ -55,7 +55,7 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -132,14 +132,20 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir + self.mkpath(statedir) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -220,14 +226,19 @@ + f]) + + subprocess.call(["sed", ++ "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ f]) ++ ++ subprocess.call(["sed", + "-i", + "s%#VERSION#%" + ufw_version + "%g", + f]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for f in [ before_rules, after_rules, \ +--- a/src/backend_iptables.py 2018-12-14 21:25:55.000000000 +0300 ++++ b/src/backend_iptables.py 2019-03-21 00:52:10.416829220 +0300 +@@ -38,6 +38,7 @@ + files = {} + config_dir = _findpath(ufw.common.config_dir, datadir) + state_dir = _findpath(ufw.common.state_dir, datadir) ++ share_dir = _findpath(ufw.common.share_dir, datadir) + + files['rules'] = os.path.join(config_dir, 'ufw/user.rules') + files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules') +@@ -45,7 +46,7 @@ + files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(state_dir, 'ufw-init') ++ files['init'] = os.path.join(share_dir, 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files, + rootdir=rootdir, datadir=datadir) +--- a/src/ufw-init 2018-03-30 22:45:52.000000000 +0300 ++++ b/src/ufw-init 2019-03-21 01:06:32.720483789 +0300 +@@ -31,10 +31,11 @@ + fi + export DATA_DIR="$datadir" + +-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then +- . "${rootdir}#STATE_PREFIX#/ufw-init-functions" ++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then ++ . "${rootdir}#SHARE_DIR#/ufw-init-functions" ++ + else +- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)" ++ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)" + exit 1 + fi + +@@ -83,7 +84,7 @@ + fi + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/net-firewall/ufw/files/ufw-0.36-shebang.patch b/net-firewall/ufw/files/ufw-0.36-shebang.patch new file mode 100644 index 000000000000..8c2b8fe2392e --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.36-shebang.patch @@ -0,0 +1,15 @@ +--- a/setup.py 2019-03-21 01:51:55.751971770 +0300 ++++ b/setup.py 2019-03-21 01:54:40.142513567 +0300 +@@ -122,12 +122,6 @@ + for f in [ script, manpage, manpage_f ]: + self.mkpath(os.path.dirname(f)) + +- # update the interpreter to that of the one the user specified for setup +- print("Updating staging/ufw to use %s" % (sys.executable)) +- subprocess.call(["sed", +- "-i", +- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", +- 'staging/ufw']) + self.copy_file('staging/ufw', script) + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml index b8103d2da1af..a35eb64d103a 100644 --- a/net-firewall/ufw/metadata.xml +++ b/net-firewall/ufw/metadata.xml @@ -1,13 +1,24 @@ - + + hasan.calisir@psauxit.com + Hasan ÇALIŞIR + + + proxy-maint@gentoo.org + Proxy Maintainers + + + Example ufw config files + IPv6 support for iptables + The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. It provides a framework for managing netfilter, as well as an easy to use command-line interface for manipulating the firewall. - + ufw diff --git a/net-firewall/ufw/ufw-0.36.ebuild b/net-firewall/ufw/ufw-0.36.ebuild new file mode 100644 index 000000000000..a625741775a7 --- /dev/null +++ b/net-firewall/ufw/ufw-0.36.ebuild @@ -0,0 +1,199 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 distutils-r1 eutils linux-info systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="https://launchpad.net/ufw" +SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="examples ipv6" + +DEPEND="" + +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + ! /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + docinto "/usr/share/doc/${PF}/logging/syslog-ng" + doins -r "${FILESDIR}"/syslog-ng/* + + docinto "/usr/share/doc/${PF}/logging/rsyslog" + doins -r "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + docinto "/usr/share/doc/${PF}/examples" + doins -r examples/* + fi + newbashcomp shell-completion/bash "${PN}" + + [[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}/usr/sbin/ufw" +} + +pkg_postinst() { + local print_check_req_warn + print_check_req_warn=false + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + print_check_req_warn=true + else + local rv + for rv in "${REPLACING_VERSIONS}"; do + local major=${rv%%.*} + local minor=${rv#${major}.} + if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then + print_check_req_warn=true + fi + done + fi + if [[ "${print_check_req_warn}" == "true" ]]; then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} -- cgit v1.2.3-65-gdbad