Line 0
Link Here
|
|
|
1 |
# Copyright 1999-2012 Gentoo Foundation |
2 |
# Distributed under the terms of the GNU General Public License v2 |
3 |
# $Header: $ |
4 |
|
5 |
EAPI=4 |
6 |
PYTHON_DEPEND="2:2.6 3:3.1" |
7 |
SUPPORT_PYTHON_ABIS="1" |
8 |
RESTRICT_PYTHON_ABIS="2.5 *-jython" |
9 |
|
10 |
inherit bash-completion-r1 eutils linux-info distutils |
11 |
|
12 |
DESCRIPTION="A program used to manage a netfilter firewall" |
13 |
HOMEPAGE="http://launchpad.net/ufw" |
14 |
SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" |
15 |
|
16 |
LICENSE="GPL-3" |
17 |
SLOT="0" |
18 |
KEYWORDS="~amd64 ~x86" |
19 |
IUSE="examples ipv6" |
20 |
|
21 |
DEPEND="sys-devel/gettext" |
22 |
RDEPEND=">=net-firewall/iptables-1.4[ipv6?] |
23 |
!<kde-misc/kcm-ufw-0.4.2 |
24 |
!<net-firewall/ufw-frontends-0.3.2 |
25 |
" |
26 |
|
27 |
# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 |
28 |
RESTRICT="test" |
29 |
|
30 |
pkg_pretend() { |
31 |
local CONFIG_CHECK="~PROC_FS |
32 |
~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL |
33 |
~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT |
34 |
~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" |
35 |
|
36 |
if kernel_is -ge 2 6 39; then |
37 |
CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" |
38 |
else |
39 |
CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" |
40 |
fi |
41 |
|
42 |
# https://bugs.launchpad.net/ufw/+bug/1076050 |
43 |
if kernel_is -ge 3 4; then |
44 |
CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" |
45 |
else |
46 |
CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" |
47 |
use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" |
48 |
fi |
49 |
|
50 |
CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" |
51 |
use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" |
52 |
|
53 |
check_extra_config |
54 |
|
55 |
# Check for default, useful optional features. |
56 |
if ! linux_config_exists; then |
57 |
ewarn "Cannot determine configuration of your kernel." |
58 |
return |
59 |
fi |
60 |
|
61 |
local nf_nat_ftp_ok="yes" |
62 |
local nf_conntrack_ftp_ok="yes" |
63 |
local nf_conntrack_netbios_ns_ok="yes" |
64 |
|
65 |
linux_chkconfig_present \ |
66 |
NF_NAT_FTP || nf_nat_ftp_ok="no" |
67 |
linux_chkconfig_present \ |
68 |
NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" |
69 |
linux_chkconfig_present \ |
70 |
NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" |
71 |
|
72 |
# This is better than an essay for each unset option... |
73 |
if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ |
74 |
|| [[ ${nf_conntrack_netbios_ns_ok} = no ]] |
75 |
then |
76 |
echo |
77 |
local mod_msg="Kernel options listed below are not set. They are not" |
78 |
mod_msg+=" mandatory, but they are often useful." |
79 |
mod_msg+=" If you don't need some of them, please remove relevant" |
80 |
mod_msg+=" module name(s) from IPT_MODULES in" |
81 |
mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." |
82 |
mod_msg+=" Otherwise ufw may fail to start!" |
83 |
ewarn "${mod_msg}" |
84 |
if [[ ${nf_nat_ftp_ok} = no ]]; then |
85 |
ewarn "NF_NAT_FTP: for better support for active mode FTP." |
86 |
fi |
87 |
if [[ ${nf_conntrack_ftp_ok} = no ]]; then |
88 |
ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." |
89 |
fi |
90 |
if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then |
91 |
ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." |
92 |
fi |
93 |
fi |
94 |
} |
95 |
|
96 |
src_prepare() { |
97 |
# Allow to remove unnecessary build time dependency |
98 |
# on net-firewall/iptables. |
99 |
epatch "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch |
100 |
# Move files away from /lib/ufw. |
101 |
epatch "${FILESDIR}"/${PN}-0.31.1-move-path.patch |
102 |
# Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the |
103 |
# file). |
104 |
epatch "${FILESDIR}"/${PN}-0.31.1-python-abis.patch |
105 |
|
106 |
# Set as enabled by default. User can enable or disable |
107 |
# the service by adding or removing it to/from a runlevel. |
108 |
sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ |
109 |
|| die "sed failed (ufw.conf)" |
110 |
|
111 |
sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die |
112 |
|
113 |
# If LINGUAS is set install selected translations only. |
114 |
if [[ -n ${LINGUAS+set} ]]; then |
115 |
_EMPTY_LOCALE_LIST="yes" |
116 |
pushd locales/po > /dev/null || die |
117 |
|
118 |
local lang |
119 |
for lang in *.po; do |
120 |
if ! has "${lang%.po}" ${LINGUAS}; then |
121 |
rm "${lang}" || die |
122 |
else |
123 |
_EMPTY_LOCALE_LIST="no" |
124 |
fi |
125 |
done |
126 |
|
127 |
popd > /dev/null || die |
128 |
else |
129 |
_EMPTY_LOCALE_LIST="no" |
130 |
fi |
131 |
} |
132 |
|
133 |
src_install() { |
134 |
newconfd "${FILESDIR}"/ufw.confd ufw |
135 |
newinitd "${FILESDIR}"/ufw-2.initd ufw |
136 |
|
137 |
exeinto /usr/share/${PN} |
138 |
doexe tests/check-requirements |
139 |
|
140 |
# users normally would want it |
141 |
insinto /usr/share/doc/${PF}/logging/syslog-ng |
142 |
doins "${FILESDIR}"/syslog-ng/* |
143 |
|
144 |
insinto /usr/share/doc/${PF}/logging/rsyslog |
145 |
doins "${FILESDIR}"/rsyslog/* |
146 |
doins doc/rsyslog.example |
147 |
|
148 |
if use examples; then |
149 |
insinto /usr/share/doc/${PF}/examples |
150 |
doins examples/* |
151 |
fi |
152 |
distutils_src_install |
153 |
[[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo |
154 |
newbashcomp shell-completion/bash ${PN} |
155 |
} |
156 |
|
157 |
pkg_postinst() { |
158 |
distutils_pkg_postinst |
159 |
if [[ -z ${REPLACING_VERSIONS} ]]; then |
160 |
echo |
161 |
elog "To enable ufw, add it to boot sequence and activate it:" |
162 |
elog "-- # rc-update add ufw boot" |
163 |
elog "-- # /etc/init.d/ufw start" |
164 |
echo |
165 |
elog "If you want to keep ufw logs in a separate file, take a look at" |
166 |
elog "/usr/share/doc/${PF}/logging." |
167 |
fi |
168 |
if [[ -z ${REPLACING_VERSIONS} ]] \ |
169 |
|| [[ ${REPLACING_VERSIONS} < 0.34 ]]; |
170 |
then |
171 |
echo |
172 |
elog "/usr/share/ufw/check-requirements script is installed." |
173 |
elog "It is useful for debugging problems with ufw. However one" |
174 |
elog "should keep in mind that the script assumes IPv6 is enabled" |
175 |
elog "on kernel and net-firewall/iptables, and fails when it's not." |
176 |
fi |
177 |
echo |
178 |
ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" |
179 |
ewarn "default. See README, Remote Management section for more information." |
180 |
} |