| # Copyright 1999-2015 Gentoo Foundation |
| # Distributed under the terms of the GNU General Public License v2 |
| # $Id$ |
| |
| EAPI=5 |
| PYTHON_COMPAT=( python{2_7,3_3,3_4} ) |
| DISTUTILS_IN_SOURCE_BUILD=1 |
| |
| inherit bash-completion-r1 eutils linux-info distutils-r1 systemd |
| |
| DESCRIPTION="A program used to manage a netfilter firewall" |
| HOMEPAGE="https://launchpad.net/ufw" |
| SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" |
| |
| LICENSE="GPL-3" |
| SLOT="0" |
| KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" |
| IUSE="examples ipv6" |
| |
| DEPEND="sys-devel/gettext" |
| RDEPEND=">=net-firewall/iptables-1.4[ipv6?] |
| !<kde-misc/kcm-ufw-0.4.2 |
| !<net-firewall/ufw-frontends-0.3.2 |
| " |
| |
| # tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 |
| RESTRICT="test" |
| |
| PATCHES=( |
| # Remove unnecessary build time dependency on net-firewall/iptables. |
| "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch |
| # Move files away from /lib/ufw. |
| "${FILESDIR}"/${PN}-0.31.1-move-path.patch |
| # Remove shebang modification. |
| "${FILESDIR}"/${P}-shebang.patch |
| ) |
| |
| pkg_pretend() { |
| local CONFIG_CHECK="~PROC_FS |
| ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL |
| ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT |
| ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" |
| |
| if kernel_is -ge 2 6 39; then |
| CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" |
| else |
| CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" |
| fi |
| |
| # https://bugs.launchpad.net/ufw/+bug/1076050 |
| if kernel_is -ge 3 4; then |
| CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" |
| else |
| CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" |
| use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" |
| fi |
| |
| CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" |
| use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" |
| |
| check_extra_config |
| |
| # Check for default, useful optional features. |
| if ! linux_config_exists; then |
| ewarn "Cannot determine configuration of your kernel." |
| return |
| fi |
| |
| local nf_nat_ftp_ok="yes" |
| local nf_conntrack_ftp_ok="yes" |
| local nf_conntrack_netbios_ns_ok="yes" |
| |
| linux_chkconfig_present \ |
| NF_NAT_FTP || nf_nat_ftp_ok="no" |
| linux_chkconfig_present \ |
| NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" |
| linux_chkconfig_present \ |
| NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" |
| |
| # This is better than an essay for each unset option... |
| if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ |
| || [[ ${nf_conntrack_netbios_ns_ok} = no ]] |
| then |
| echo |
| local mod_msg="Kernel options listed below are not set. They are not" |
| mod_msg+=" mandatory, but they are often useful." |
| mod_msg+=" If you don't need some of them, please remove relevant" |
| mod_msg+=" module name(s) from IPT_MODULES in" |
| mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." |
| mod_msg+=" Otherwise ufw may fail to start!" |
| ewarn "${mod_msg}" |
| if [[ ${nf_nat_ftp_ok} = no ]]; then |
| ewarn "NF_NAT_FTP: for better support for active mode FTP." |
| fi |
| if [[ ${nf_conntrack_ftp_ok} = no ]]; then |
| ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." |
| fi |
| if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then |
| ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." |
| fi |
| fi |
| } |
| |
| python_prepare_all() { |
| # Set as enabled by default. User can enable or disable |
| # the service by adding or removing it to/from a runlevel. |
| sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ |
| || die "sed failed (ufw.conf)" |
| |
| sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die |
| |
| # If LINGUAS is set install selected translations only. |
| if [[ -n ${LINGUAS+set} ]]; then |
| _EMPTY_LOCALE_LIST="yes" |
| pushd locales/po > /dev/null || die |
| |
| local lang |
| for lang in *.po; do |
| if ! has "${lang%.po}" ${LINGUAS}; then |
| rm "${lang}" || die |
| else |
| _EMPTY_LOCALE_LIST="no" |
| fi |
| done |
| |
| popd > /dev/null || die |
| else |
| _EMPTY_LOCALE_LIST="no" |
| fi |
| |
| distutils-r1_python_prepare_all |
| } |
| |
| python_install_all() { |
| newconfd "${FILESDIR}"/ufw.confd ufw |
| newinitd "${FILESDIR}"/ufw-2.initd ufw |
| systemd_dounit "${FILESDIR}/ufw.service" |
| |
| exeinto /usr/share/${PN} |
| doexe tests/check-requirements |
| |
| # users normally would want it |
| insinto /usr/share/doc/${PF}/logging/syslog-ng |
| doins "${FILESDIR}"/syslog-ng/* |
| |
| insinto /usr/share/doc/${PF}/logging/rsyslog |
| doins "${FILESDIR}"/rsyslog/* |
| doins doc/rsyslog.example |
| |
| if use examples; then |
| insinto /usr/share/doc/${PF}/examples |
| doins examples/* |
| fi |
| newbashcomp shell-completion/bash ${PN} |
| |
| [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo |
| |
| distutils-r1_python_install_all |
| python_replicate_script "${D}usr/sbin/ufw" |
| } |
| |
| pkg_postinst() { |
| if [[ -z ${REPLACING_VERSIONS} ]]; then |
| echo |
| elog "To enable ufw, add it to boot sequence and activate it:" |
| elog "-- # rc-update add ufw boot" |
| elog "-- # /etc/init.d/ufw start" |
| echo |
| elog "If you want to keep ufw logs in a separate file, take a look at" |
| elog "/usr/share/doc/${PF}/logging." |
| fi |
| if [[ -z ${REPLACING_VERSIONS} ]] \ |
| || [[ ${REPLACING_VERSIONS} < 0.34 ]]; |
| then |
| echo |
| elog "/usr/share/ufw/check-requirements script is installed." |
| elog "It is useful for debugging problems with ufw. However one" |
| elog "should keep in mind that the script assumes IPv6 is enabled" |
| elog "on kernel and net-firewall/iptables, and fails when it's not." |
| fi |
| echo |
| ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" |
| ewarn "default. See README, Remote Management section for more information." |
| } |