1 |
commit: abf34ce024c176aa0bc10c0d84b0b33bc51a4c3e |
2 |
Author: Ilya Tumaykin <itumaykin <AT> gmail <DOT> com> |
3 |
AuthorDate: Mon Nov 23 14:26:19 2015 +0000 |
4 |
Commit: Ian Delaney <idella4 <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Nov 24 23:27:57 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abf34ce0 |
7 |
|
8 |
net-firewall/fwknop: revbump to fix depend() and update regexps in initscript |
9 |
|
10 |
FWKNOPD_CONFIG file should be parsed only if it exists, which is not the |
11 |
case if the user has not configured fwknopd yet. See Gentoo bug #565864. |
12 |
|
13 |
Regexps that are used to parse FWKNOPD_CONFIG file now allow spaces |
14 |
before statements in order to handle possible indentation properly. |
15 |
|
16 |
Gentoo-Bug: 565864 |
17 |
|
18 |
net-firewall/fwknop/files/fwknopd.init-r1 | 92 ++++++++++++++++++++ |
19 |
net-firewall/fwknop/fwknop-2.6.7-r1.ebuild | 135 +++++++++++++++++++++++++++++ |
20 |
2 files changed, 227 insertions(+) |
21 |
|
22 |
diff --git a/net-firewall/fwknop/files/fwknopd.init-r1 b/net-firewall/fwknop/files/fwknopd.init-r1 |
23 |
new file mode 100644 |
24 |
index 0000000..9e8ecdc |
25 |
--- /dev/null |
26 |
+++ b/net-firewall/fwknop/files/fwknopd.init-r1 |
27 |
@@ -0,0 +1,92 @@ |
28 |
+#!/sbin/runscript |
29 |
+# Copyright 1999-2015 Gentoo Foundation |
30 |
+# Distributed under the terms of the GNU General Public License v2 |
31 |
+# $Id$ |
32 |
+ |
33 |
+extra_commands="checkconfig" |
34 |
+extra_started_commands="reload" |
35 |
+ |
36 |
+: ${FWKNOPD_BINARY:=/usr/sbin/fwknopd} |
37 |
+: ${FWKNOPD_CONFDIR:=/etc/fwknop} |
38 |
+: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf} |
39 |
+: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid} |
40 |
+ |
41 |
+depend() { |
42 |
+ after iptables ip6tables ebtables firewall |
43 |
+ use logger |
44 |
+ if [ "${rc_need+set}" = "set" ]; then |
45 |
+ : # Do nothing, the user has explicitly set rc_need |
46 |
+ elif [ -f "${FWKNOPD_CONFIG}" ]; then |
47 |
+ local x warn_intf |
48 |
+ for x in $(awk '/^[[:blank:]]*PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do |
49 |
+ warn_intf="${warn_intf} ${x}" |
50 |
+ done |
51 |
+ if [ -n "${warn_intf}" ]; then |
52 |
+ need net |
53 |
+ ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!" |
54 |
+ ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME}," |
55 |
+ ewarn "where FOO is the following interface(s):" |
56 |
+ ewarn "${warn_intf}" |
57 |
+ else |
58 |
+ # If PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0 |
59 |
+ if ! grep -q '^[[:blank:]]*PCAP_FILE' "${FWKNOPD_CONFIG}"; then |
60 |
+ need net |
61 |
+ ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf," |
62 |
+ ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0." |
63 |
+ ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}." |
64 |
+ fi |
65 |
+ fi |
66 |
+ fi |
67 |
+} |
68 |
+ |
69 |
+checkconfig() { |
70 |
+ if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then |
71 |
+ eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd" |
72 |
+ eerror "Example is located at /etc/fwknop/fwknopd.conf.example" |
73 |
+ return 1 |
74 |
+ fi |
75 |
+ |
76 |
+ if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then |
77 |
+ eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd" |
78 |
+ eerror "Example is located at /etc/fwknop/access.conf.example" |
79 |
+ return 1 |
80 |
+ fi |
81 |
+ |
82 |
+ [ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \ |
83 |
+ && FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}" |
84 |
+ |
85 |
+ [ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \ |
86 |
+ && FWKNOPD_OPTS="${FWKNOPD_OPTS} \ |
87 |
+ --config=${FWKNOPD_CONFDIR}/fwknopd.conf \ |
88 |
+ --access-file=${FWKNOPD_CONFDIR}/access.conf" |
89 |
+ |
90 |
+ return 0 |
91 |
+} |
92 |
+ |
93 |
+start() { |
94 |
+ checkconfig || return 1 |
95 |
+ |
96 |
+ ebegin "Starting ${SVCNAME}" |
97 |
+ start-stop-daemon --start \ |
98 |
+ --exec ${FWKNOPD_BINARY} --pidfile ${FWKNOPD_PIDFILE} \ |
99 |
+ -- ${FWKNOPD_OPTS} |
100 |
+ eend $? |
101 |
+} |
102 |
+ |
103 |
+stop() { |
104 |
+ if [ "${RC_CMD}" = "restart" ]; then |
105 |
+ checkconfig || return 1 |
106 |
+ fi |
107 |
+ |
108 |
+ ebegin "Stopping ${SVCNAME}" |
109 |
+ start-stop-daemon --stop --pidfile ${FWKNOPD_PIDFILE} |
110 |
+ eend $? |
111 |
+} |
112 |
+ |
113 |
+reload() { |
114 |
+ checkconfig || return 1 |
115 |
+ |
116 |
+ ebegin "Reloading ${SVCNAME} configuration" |
117 |
+ start-stop-daemon --signal HUP --pidfile ${FWKNOPD_PIDFILE} |
118 |
+ eend $? |
119 |
+} |
120 |
|
121 |
diff --git a/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild |
122 |
new file mode 100644 |
123 |
index 0000000..1a798bd |
124 |
--- /dev/null |
125 |
+++ b/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild |
126 |
@@ -0,0 +1,135 @@ |
127 |
+# Copyright 1999-2015 Gentoo Foundation |
128 |
+# Distributed under the terms of the GNU General Public License v2 |
129 |
+# $Id$ |
130 |
+ |
131 |
+EAPI=5 |
132 |
+ |
133 |
+AUTOTOOLS_AUTORECONF=1 |
134 |
+DISABLE_AUTOFORMATTING=1 |
135 |
+ |
136 |
+DISTUTILS_OPTIONAL=1 |
137 |
+# Python extension supports only Python2 |
138 |
+# See https://github.com/mrash/fwknop/issues/167 |
139 |
+PYTHON_COMPAT=( python2_7 ) |
140 |
+ |
141 |
+inherit autotools-utils distutils-r1 linux-info readme.gentoo systemd |
142 |
+ |
143 |
+DESCRIPTION="Single Packet Authorization and Port Knocking application" |
144 |
+HOMEPAGE="http://www.cipherdyne.org/fwknop/" |
145 |
+SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" |
146 |
+ |
147 |
+LICENSE="GPL-2" |
148 |
+SLOT="0" |
149 |
+KEYWORDS="~amd64 ~x86" |
150 |
+IUSE="client extras firewalld gdbm gpg iptables python server udp-server" |
151 |
+ |
152 |
+RDEPEND=" |
153 |
+ client? ( net-misc/wget[ssl] ) |
154 |
+ gpg? ( |
155 |
+ dev-libs/libassuan |
156 |
+ dev-libs/libgpg-error |
157 |
+ ) |
158 |
+ python? ( ${PYTHON_DEPS} ) |
159 |
+" |
160 |
+DEPEND="${RDEPEND} |
161 |
+ gdbm? ( sys-libs/gdbm ) |
162 |
+ gpg? ( app-crypt/gpgme ) |
163 |
+ firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] ) |
164 |
+ iptables? ( net-firewall/iptables ) |
165 |
+ server? ( !udp-server? ( net-libs/libpcap ) ) |
166 |
+" |
167 |
+ |
168 |
+REQUIRED_USE=" |
169 |
+ python? ( ${PYTHON_REQUIRED_USE} ) |
170 |
+ firewalld? ( server ) |
171 |
+ iptables? ( server ) |
172 |
+ server? ( ^^ ( firewalld iptables ) ) |
173 |
+ udp-server? ( server ) |
174 |
+" |
175 |
+ |
176 |
+DOCS=( ChangeLog README.md ) |
177 |
+DOC_CONTENTS=" |
178 |
+Example configuration files were installed in /etc/fwknopd directory. |
179 |
+Please edit them to fit your needs and then remove the .example suffix. |
180 |
+ |
181 |
+fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf. |
182 |
+You can set the desired backend via FIREWALL_EXE option in fwknopd.conf |
183 |
+instead of the default one chosen at compile time. |
184 |
+" |
185 |
+ |
186 |
+pkg_pretend() { |
187 |
+ if use server; then |
188 |
+ if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then |
189 |
+ ewarn "fwknopd uses the iptables 'comment' match to expire SPA rules," |
190 |
+ ewarn "which is a major security feature and is enabled by default." |
191 |
+ ewarn "Please either enable NETFILTER_XT_MATCH_COMMENT support in your" |
192 |
+ ewarn "kernel, or set the appropriate ENABLE_{FIREWD,IPT}_COMMENT_CHECK" |
193 |
+ ewarn "to 'N' in your fwknopd.conf file." |
194 |
+ fi |
195 |
+ fi |
196 |
+} |
197 |
+ |
198 |
+src_prepare() { |
199 |
+ # Install example configs with .example suffix |
200 |
+ if use server; then |
201 |
+ sed -i -e 's/conf;/conf.example;/g' "${S}"/Makefile.am || die |
202 |
+ fi |
203 |
+ |
204 |
+ autotools-utils_src_prepare |
205 |
+ |
206 |
+ if use python; then |
207 |
+ cd "${S}"/python || die |
208 |
+ distutils-r1_src_prepare |
209 |
+ fi |
210 |
+} |
211 |
+ |
212 |
+src_configure() { |
213 |
+ local myeconfargs=( |
214 |
+ --localstatedir=/run |
215 |
+ --enable-digest-cache |
216 |
+ $(use_enable client) |
217 |
+ $(use_enable !gdbm file-cache) |
218 |
+ $(use_enable server) |
219 |
+ $(use_enable udp-server) |
220 |
+ $(use_with gpg gpgme) |
221 |
+ ) |
222 |
+ use firewalld && myeconfargs+=(--with-firewalld=/usr/sbin/firewalld) |
223 |
+ use iptables && myeconfargs+=(--with-iptables=/sbin/iptables) |
224 |
+ |
225 |
+ autotools-utils_src_configure |
226 |
+} |
227 |
+ |
228 |
+src_compile() { |
229 |
+ autotools-utils_src_compile |
230 |
+ |
231 |
+ if use python; then |
232 |
+ cd "${S}"/python || die |
233 |
+ distutils-r1_src_compile |
234 |
+ fi |
235 |
+} |
236 |
+ |
237 |
+src_install() { |
238 |
+ autotools-utils_src_install |
239 |
+ prune_libtool_files --modules |
240 |
+ |
241 |
+ if use server; then |
242 |
+ newinitd "${FILESDIR}/fwknopd.init-r1" fwknopd |
243 |
+ newconfd "${FILESDIR}/fwknopd.confd" fwknopd |
244 |
+ systemd_dounit extras/systemd/fwknopd.service |
245 |
+ systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf |
246 |
+ readme.gentoo_create_doc |
247 |
+ fi |
248 |
+ |
249 |
+ use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd" |
250 |
+ |
251 |
+ if use python; then |
252 |
+ # Unset DOCS since distutils-r1.eclass interferes |
253 |
+ local DOCS=() |
254 |
+ cd "${S}"/python || die |
255 |
+ distutils-r1_src_install |
256 |
+ fi |
257 |
+} |
258 |
+ |
259 |
+pkg_postinst() { |
260 |
+ use server && readme.gentoo_print_elog |
261 |
+} |