commit: 6c1e5a81ed729a304bbbfe6eadc76798a68f6e55
Author: Nicholas Vinson <nvinson234 <AT> gmail <DOT> com>
AuthorDate: Thu Mar 10 18:54:09 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Mar 14 04:29:27 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c1e5a81
net-firewall/ufw: version bump to 0.35
Updates ufw to version 0.35. The ebuild has also been updated to use EAPI
6. Patches were updated to address EAPI and upstream code changes.
Gentoo-Bug: 563168
Package-Manager: portage-2.2.28
net-firewall/ufw/Manifest | 1 +
.../ufw/files/ufw-0.35-bash-completion.patch | 17 ++
net-firewall/ufw/files/ufw-0.35-move-path.patch | 179 ++++++++++++++++++++
net-firewall/ufw/ufw-0.35.ebuild | 186 +++++++++++++++++++++
4 files changed, 383 insertions(+)
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 6380dd5..d8f8b5e 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -1 +1,2 @@
DIST ufw-0.34_pre805.tar.gz 335875 SHA256
a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512
b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263
WHIRLPOOL
5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829
+DIST ufw-0.35.tar.gz 375310 SHA256
662f865bc83bf8aa1a40a6fe578bc2ce796ff60a1be2c1103def7db1b91f8509 SHA512
b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
WHIRLPOOL
789b163bf9cc3b27f231024f33a68d3637ca26cf71f202b438abbf16a2725485ba787b811a040d03d4f99fb8c510f8f9a25154e03d2387d3fb0f03a7c4624de7
diff --git a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
new file mode 100644
index 0000000..fde635d
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
@@ -0,0 +1,17 @@
+--- a/shell-completion/bash
++++ b/shell-completion/bash
+@@ -52,7 +52,6 @@
+ echo "numbered verbose"
+ }
+
+-have ufw &&
+ _ufw()
+ {
+ cur=${COMP_WORDS[COMP_CWORD]}
+@@ -83,5 +82,5 @@
+ fi
+ }
+
+-[ "$have" ] && complete -F _ufw ufw
++complete -F _ufw ufw
+
diff --git a/net-firewall/ufw/files/ufw-0.35-move-path.patch
b/net-firewall/ufw/files/ufw-0.35-move-path.patch
new file mode 100644
index 0000000..58af7721
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.35-move-path.patch
@@ -0,0 +1,179 @@
+diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8
+--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before[6].rules
+@@ -41,7 +41,7 @@
+
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. It supports the following arguments:
+ .TP
+diff -Naur ufw-0.31.orig/README ufw-0.31/README
+--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100
+@@ -58,7 +58,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example.
Consult
+@@ -72,9 +72,9 @@
+ /etc/defaults/ufw high level configuration
+ /etc/ufw/before[6].rules rules evaluated before UI added rules
+ /etc/ufw/after[6].rules rules evaluated after UI added rules
+-/lib/ufw/user[6].rules UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf kernel network tunables
+-/lib/ufw/ufw-init start script
++/usr/share/ufw/ufw-init start script
+
+
+ Usage
+@@ -149,7 +149,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -247,7 +247,7 @@
+
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -290,7 +290,7 @@
+
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py
+--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100
+@@ -54,7 +54,8 @@
+ return
+
+ real_confdir = os.path.join('/etc')
+- real_statedir = os.path.join('/lib', 'ufw')
++ # real_statedir = os.path.join('/lib', 'ufw')
++ real_statedir = os.path.join('/etc', 'ufw', 'user')
+ real_prefix = self.prefix
+ if self.home != None:
+ real_confdir = self.home + real_confdir
+@@ -116,7 +117,7 @@
+ self.copy_file('doc/ufw.8', manpage)
+ self.copy_file('doc/ufw-framework.8', manpage_f)
+
+- # Install state files and helper scripts
++ # Install state files
+ statedir = real_statedir
+ if self.root != None:
+ statedir = self.root + real_statedir
+@@ -127,8 +128,14 @@
+ self.copy_file('conf/user.rules', user_rules)
+ self.copy_file('conf/user6.rules', user6_rules)
+
+- init_helper = os.path.join(statedir, 'ufw-init')
+- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++ # Install helper scripts
++ sharedir = real_sharedir
++ if self.root != None:
++ sharedir = self.root + real_sharedir
++ self.mkpath(sharedir)
++
++ init_helper = os.path.join(sharedir, 'ufw-init')
++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+ self.copy_file('src/ufw-init', init_helper)
+ self.copy_file('src/ufw-init-functions', init_helper_functions)
+
+@@ -199,13 +206,18 @@
+
+ subprocess.call(["sed",
+ "-i",
++ "s%#SHARE_DIR#%" + real_sharedir + "%g",
++ f])
++
++ subprocess.call(["sed",
++ "-i",
+ "s%#VERSION#%" + ufw_version + "%g",
+ f])
+
+ # Install pristine copies of rules files
+- sharedir = real_sharedir
+- if self.root != None:
+- sharedir = self.root + real_sharedir
++ #sharedir = real_sharedir
++ #if self.root != None:
++ # sharedir = self.root + real_sharedir
+ rulesdir = os.path.join(sharedir, 'iptables')
+ self.mkpath(rulesdir)
+ for file in [ before_rules, after_rules, \
+diff -Naur ufw-0.31.orig/src/backend_iptables.py
ufw-0.31/src/backend_iptables.py
+--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000
+0100
++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100
+@@ -38,6 +38,7 @@
+ files = {}
+ config_dir = _findpath(ufw.common.config_dir, datadir)
+ state_dir = _findpath(ufw.common.state_dir, datadir)
++ share_dir = _findpath(ufw.common.share_dir, datadir)
+
+ files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+ files['before_rules'] = os.ppath.join(config_dir, 'ufw/before.rules')
+@@ -45,7 +46,7 @@
+ files['rules6'] = os.path.join(state_dir, 'user6.rules')
+ files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+ files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+- files['init'] = os.path.join(_findpath(state_dir, rootdir),
'ufw-init')
++ files['init'] = os.path.join(_findpath(share_dir, rootdir),
'ufw-init')
+
+ ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
+
+diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init
+--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100
+@@ -18,10 +18,10 @@
+ #
+ set -e
+
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+- . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++ . "${rootdir}#SHARE_DIR#/ufw-init-functions"
+ else
+- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions
(aborting)"
++ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+ exit 1
+ fi
+
+@@ -56,7 +56,7 @@
+ flush_builtins || exit "$?"
+ ;;
+ *)
+- echo "Usage: #STATE_PREFIX#/ufw-init
{start|stop|restart|force-reload|force-stop|flush-all|status}"
++ echo "Usage: #SHARE_DIR#/ufw-init
{start|stop|restart|force-reload|force-stop|flush-all|status}"
+ exit 1
+ ;;
+ esac
diff --git a/net-firewall/ufw/ufw-0.35.ebuild b/net-firewall/ufw/ufw-0.35.ebuild
new file mode 100644
index 0000000..8fec635
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.35.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 eutils linux-info distutils-r1 systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw";
+SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz";
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="examples ipv6"
+
+DEPEND="sys-devel/gettext"
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+ !<kde-misc/kcm-ufw-0.4.2
+ !<net-firewall/ufw-frontends-0.3.2
+"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+ # Remove unnecessary build time dependency on net-firewall/iptables.
+ "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
+ # Move files away from /lib/ufw.
+ "${FILESDIR}"/${PN}-0.35-move-path.patch
+ # Remove shebang modification.
+ "${FILESDIR}"/${PN}-0.34_pre805-shebang.patch
+ # Fix bash completions, bug #526300
+ "${FILESDIR}"/${P}-bash-completion.patch
+)
+
+pkg_pretend() {
+ local CONFIG_CHECK="~PROC_FS
+ ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+ ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+ ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+ if kernel_is -ge 2 6 39; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+ else
+ CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+ fi
+
+ # https://bugs.launchpad.net/ufw/+bug/1076050
+ if kernel_is -ge 3 4; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+ else
+ CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+ fi
+
+ CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+ check_extra_config
+
+ # Check for default, useful optional features.
+ if ! linux_config_exists; then
+ ewarn "Cannot determine configuration of your kernel."
+ return
+ fi
+
+ local nf_nat_ftp_ok="yes"
+ local nf_conntrack_ftp_ok="yes"
+ local nf_conntrack_netbios_ns_ok="yes"
+
+ linux_chkconfig_present \
+ NF_NAT_FTP || nf_nat_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+ # This is better than an essay for each unset option...
+ if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
+ || [[ ${nf_conntrack_netbios_ns_ok} = no ]]
+ then
+ echo
+ local mod_msg="Kernel options listed below are not set. They
are not"
+ mod_msg+=" mandatory, but they are often useful."
+ mod_msg+=" If you don't need some of them, please remove
relevant"
+ mod_msg+=" module name(s) from IPT_MODULES in"
+ mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+ mod_msg+=" Otherwise ufw may fail to start!"
+ ewarn "${mod_msg}"
+ if [[ ${nf_nat_ftp_ok} = no ]]; then
+ ewarn "NF_NAT_FTP: for better support for active mode
FTP."
+ fi
+ if [[ ${nf_conntrack_ftp_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_FTP: for better support for active
mode FTP."
+ fi
+ if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba
support."
+ fi
+ fi
+}
+
+python_prepare_all() {
+ # Set as enabled by default. User can enable or disable
+ # the service by adding or removing it to/from a runlevel.
+ sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+ || die "sed failed (ufw.conf)"
+
+ sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+ # If LINGUAS is set install selected translations only.
+ if [[ -n ${LINGUAS+set} ]]; then
+ _EMPTY_LOCALE_LIST="yes"
+ pushd locales/po > /dev/null || die
+
+ local lang
+ for lang in *.po; do
+ if ! has "${lang%.po}" ${LINGUAS}; then
+ rm "${lang}" || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+ done
+
+ popd > /dev/null || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+
+ distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+ newconfd "${FILESDIR}"/ufw.confd ufw
+ newinitd "${FILESDIR}"/ufw-2.initd ufw
+ systemd_dounit "${FILESDIR}/ufw.service"
+
+ exeinto /usr/share/${PN}
+ doexe tests/check-requirements
+
+ # users normally would want it
+ insinto /usr/share/doc/${PF}/logging/syslog-ng
+ doins "${FILESDIR}"/syslog-ng/*
+
+ insinto /usr/share/doc/${PF}/logging/rsyslog
+ doins "${FILESDIR}"/rsyslog/*
+ doins doc/rsyslog.example
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins examples/*
+ fi
+ newbashcomp shell-completion/bash ${PN}
+
+ [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
+
+ distutils-r1_python_install_all
+ python_replicate_script "${D}usr/sbin/ufw"
+}
+
+pkg_postinst() {
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ echo
+ elog "To enable ufw, add it to boot sequence and activate it:"
+ elog "-- # rc-update add ufw boot"
+ elog "-- # /etc/init.d/ufw start"
+ echo
+ elog "If you want to keep ufw logs in a separate file, take a
look at"
+ elog "/usr/share/doc/${PF}/logging."
+ fi
+ if [[ -z ${REPLACING_VERSIONS} ]] \
+ || [[ ${REPLACING_VERSIONS} < 0.34 ]];
+ then
+ echo
+ elog "/usr/share/ufw/check-requirements script is installed."
+ elog "It is useful for debugging problems with ufw. However one"
+ elog "should keep in mind that the script assumes IPv6 is
enabled"
+ elog "on kernel and net-firewall/iptables, and fails when it's
not."
+ fi
+ echo
+ ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+ ewarn "default. See README, Remote Management section for more
information."
+}
