871747 – net-firewall/ufw-0.36-r1 requires pip

Bug 871747 - net-firewall/ufw-0.36-r1 requires pip

Summary: net-firewall/ufw-0.36-r1 requires pip

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-09-19 16:57 UTC by immolo
Modified:	2023-02-12 22:47 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ebuild.diff (ebuild.diff,296 bytes, patch) 2022-09-19 16:57 UTC, immolo	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description immolo 2022-09-19 16:57:32 UTC

Created attachment 812884 [details, diff]
ebuild.diff

Trying to get UFW to run on a new install I was unable to start ufw without it erroring out.

Searching around the forums I've seen some new users have this issue since Python 3.9 and later found installing pip fixes the issue on some Ubuntu forum.

Before installing pip:

user # ufw allow ssh 
ERROR: problem running

After installing pip:

user # ufw allow ssh
Skipping adding existing rule
Skipping adding existing rule (v6)

I've included the fix for the ebuild but unsure if this requires an r2 release or not for this situation.

Comment 1 Emily Rowlands 2022-09-23 09:25:19 UTC

I can reproduce this with pip installed as below.

Setup:
# emerge --info pip | grep dev-python/pip -A1
dev-python/pip-22.2.2::gentoo was built with the following:
USE="-test -vanilla" ABI_X86="(64)" PYTHON_TARGETS="python3_10 (-pypy3) (-python3_11) -python3_8 -python3_9"

# find /etc/ufw      
find: ‘/etc/ufw’: No such file or directory

# emerge -1 ufw
These are the packages that would be merged, in reverse order:

Calculating dependencies... done!
[ebuild  N     ] net-firewall/ufw-0.36-r1::gentoo  USE="ipv6 -examples" PYTHON_TARGETS="python3_10 -python3_8 -python3_9" 0 KiB

Test:
# ufw allow ssh
ERROR: problem running
# ufw allow ssh
ERROR: problem running
# ufw allow ssh
Skipping adding existing rule
Skipping adding existing rule (v6)

Alternatively (after a clean setup):
# ufw allow ssh
ERROR: problem running
# ufw enable
Firewall is active and enabled on system startup
# ufw status sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere

#  ufw allow ssh      
Skipping adding existing rule
Rule added (v6)

# ufw status 
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

If you want to re-test you must (in this order):
1. ufw disable
2. Unmerge ufw
3. rm -rf /etc/ufw
4. Repeat the setup
5. Verify that ufw is inactive with `ufw status`

In all cases, after ufw is enabled, the rules appear in IPTables, even if the original command caused an error.

I think it occurs any time a rule is added for the first time for each of IPv4 and IPv6.

Comment 2 immolo 2022-11-09 13:57:45 UTC

Looks you could be right and installing pip was unnecessary.

I'll try this on a fresh machine to confirm as it might just need a wiki update rather than an ebuild update.

Comment 3 immolo 2023-02-12 21:14:16 UTC

This now works fully with the instructions on the wiki article so closing as fixed.