[gentoo-commits] repo/gentoo:master commit in: net-firewall/fwknop/files/, net-firewall/fwknop/ - gentoo-commits

From:	Ian Delaney <idella4@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-firewall/fwknop/files/, net-firewall/fwknop/
Date:	Tue, 24 Nov 2015 23:28:31
Message-Id:	`1448407677.abf34ce024c176aa0bc10c0d84b0b33bc51a4c3e.idella4@gentoo`

1

commit:     abf34ce024c176aa0bc10c0d84b0b33bc51a4c3e

2

Author:     Ilya Tumaykin <itumaykin <AT> gmail <DOT> com>

3

AuthorDate: Mon Nov 23 14:26:19 2015 +0000

4

Commit:     Ian Delaney <idella4 <AT> gentoo <DOT> org>

5

CommitDate: Tue Nov 24 23:27:57 2015 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abf34ce0

7

8

net-firewall/fwknop: revbump to fix depend() and update regexps in initscript

9

10

FWKNOPD_CONFIG file should be parsed only if it exists, which is not the

11

case if the user has not configured fwknopd yet. See Gentoo bug #565864.

12

13

Regexps that are used to parse FWKNOPD_CONFIG file now allow spaces

14

before statements in order to handle possible indentation properly.

15

16

Gentoo-Bug: 565864

17

18

 net-firewall/fwknop/files/fwknopd.init-r1  |  92 ++++++++++++++++++++

19

 net-firewall/fwknop/fwknop-2.6.7-r1.ebuild | 135 +++++++++++++++++++++++++++++

20

 2 files changed, 227 insertions(+)

21

22

diff --git a/net-firewall/fwknop/files/fwknopd.init-r1 b/net-firewall/fwknop/files/fwknopd.init-r1

23

new file mode 100644

24

index 0000000..9e8ecdc

25

--- /dev/null

26

+++ b/net-firewall/fwknop/files/fwknopd.init-r1

27

@@ -0,0 +1,92 @@

28

+#!/sbin/runscript

29

+# Copyright 1999-2015 Gentoo Foundation

30

+# Distributed under the terms of the GNU General Public License v2

31

+# $Id$

32

+

33

+extra_commands="checkconfig"

34

+extra_started_commands="reload"

35

+

36

+: ${FWKNOPD_BINARY:=/usr/sbin/fwknopd}

37

+: ${FWKNOPD_CONFDIR:=/etc/fwknop}

38

+: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf}

39

+: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid}

40

+

41

+depend() {

42

+	after iptables ip6tables ebtables firewall

43

+	use logger

44

+	if [ "${rc_need+set}" = "set" ]; then

45

+		: # Do nothing, the user has explicitly set rc_need

46

+	elif [ -f "${FWKNOPD_CONFIG}" ]; then

47

+		local x warn_intf

48

+		for x in $(awk '/^[[:blank:]]*PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do

49

+			warn_intf="${warn_intf} ${x}"

50

+		done

51

+		if [ -n "${warn_intf}" ]; then

52

+			need net

53

+			ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!"

54

+			ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME},"

55

+			ewarn "where FOO is the following interface(s):"

56

+			ewarn "${warn_intf}"

57

+		else

58

+			# If PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0

59

+			if ! grep -q '^[[:blank:]]*PCAP_FILE' "${FWKNOPD_CONFIG}"; then

60

+				need net

61

+				ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf,"

62

+				ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0."

63

+				ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}."

64

+			fi

65

+		fi

66

+	fi

67

+}

68

+

69

+checkconfig() {

70

+	if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then

71

+		eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd"

72

+		eerror "Example is located at /etc/fwknop/fwknopd.conf.example"

73

+		return 1

74

+	fi

75

+

76

+	if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then

77

+		eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd"

78

+		eerror "Example is located at /etc/fwknop/access.conf.example"

79

+		return 1

80

+	fi

81

+

82

+	[ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \

83

+		&& FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}"

84

+

85

+	[ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \

86

+		&& FWKNOPD_OPTS="${FWKNOPD_OPTS} \

87

+			--config=${FWKNOPD_CONFDIR}/fwknopd.conf \

88

+			--access-file=${FWKNOPD_CONFDIR}/access.conf"

89

+

90

+	return 0

91

+}

92

+

93

+start() {

94

+	checkconfig || return 1

95

+

96

+	ebegin "Starting ${SVCNAME}"

97

+	start-stop-daemon --start \

98

+		--exec ${FWKNOPD_BINARY} --pidfile ${FWKNOPD_PIDFILE} \

99

+		-- ${FWKNOPD_OPTS}

100

+	eend $?

101

+}

102

+

103

+stop() {

104

+	if [ "${RC_CMD}" = "restart" ]; then

105

+		checkconfig || return 1

106

+	fi

107

+

108

+	ebegin "Stopping ${SVCNAME}"

109

+	start-stop-daemon --stop --pidfile ${FWKNOPD_PIDFILE}

110

+	eend $?

111

+}

112

+

113

+reload() {

114

+	checkconfig || return 1

115

+

116

+	ebegin "Reloading ${SVCNAME} configuration"

117

+	start-stop-daemon --signal HUP --pidfile ${FWKNOPD_PIDFILE}

118

+	eend $?

119

+}

120

121

diff --git a/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild

122

new file mode 100644

123

index 0000000..1a798bd

124

--- /dev/null

125

+++ b/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild

126

@@ -0,0 +1,135 @@

127

+# Copyright 1999-2015 Gentoo Foundation

128

+# Distributed under the terms of the GNU General Public License v2

129

+# $Id$

130

+

131

+EAPI=5

132

+

133

+AUTOTOOLS_AUTORECONF=1

134

+DISABLE_AUTOFORMATTING=1

135

+

136

+DISTUTILS_OPTIONAL=1

137

+# Python extension supports only Python2

138

+# See https://github.com/mrash/fwknop/issues/167

139

+PYTHON_COMPAT=( python2_7 )

140

+

141

+inherit autotools-utils distutils-r1 linux-info readme.gentoo systemd

142

+

143

+DESCRIPTION="Single Packet Authorization and Port Knocking application"

144

+HOMEPAGE="http://www.cipherdyne.org/fwknop/"

145

+SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"

146

+

147

+LICENSE="GPL-2"

148

+SLOT="0"

149

+KEYWORDS="~amd64 ~x86"

150

+IUSE="client extras firewalld gdbm gpg iptables python server udp-server"

151

+

152

+RDEPEND="

153

+	client? ( net-misc/wget[ssl] )

154

+	gpg? (

155

+		dev-libs/libassuan

156

+		dev-libs/libgpg-error

157

+	)

158

+	python? ( ${PYTHON_DEPS} )

159

+"

160

+DEPEND="${RDEPEND}

161

+	gdbm? ( sys-libs/gdbm )

162

+	gpg? ( app-crypt/gpgme )

163

+	firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] )

164

+	iptables? ( net-firewall/iptables )

165

+	server? ( !udp-server? ( net-libs/libpcap ) )

166

+"

167

+

168

+REQUIRED_USE="

169

+	python? ( ${PYTHON_REQUIRED_USE} )

170

+	firewalld? ( server )

171

+	iptables? ( server )

172

+	server? ( ^^ ( firewalld iptables ) )

173

+	udp-server? ( server )

174

+"

175

+

176

+DOCS=( ChangeLog README.md )

177

+DOC_CONTENTS="

178

+Example configuration files were installed in /etc/fwknopd directory.

179

+Please edit them to fit your needs and then remove the .example suffix.

180

+

181

+fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf.

182

+You can set the desired backend via FIREWALL_EXE option in fwknopd.conf

183

+instead of the default one chosen at compile time.

184

+"

185

+

186

+pkg_pretend() {

187

+	if use server; then

188

+		if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then

189

+			ewarn "fwknopd uses the iptables 'comment' match to expire SPA rules,"

190

+			ewarn "which is a major security feature and is enabled by default."

191

+			ewarn "Please either enable NETFILTER_XT_MATCH_COMMENT support in your"

192

+			ewarn "kernel, or set the appropriate ENABLE_{FIREWD,IPT}_COMMENT_CHECK"

193

+			ewarn "to 'N' in your fwknopd.conf file."

194

+		fi

195

+	fi

196

+}

197

+

198

+src_prepare() {

199

+	# Install example configs with .example suffix

200

+	if use server; then

201

+		sed -i -e 's/conf;/conf.example;/g' "${S}"/Makefile.am || die

202

+	fi

203

+

204

+	autotools-utils_src_prepare

205

+

206

+	if use python; then

207

+		cd "${S}"/python || die

208

+		distutils-r1_src_prepare

209

+	fi

210

+}

211

+

212

+src_configure() {

213

+	local myeconfargs=(

214

+		--localstatedir=/run

215

+		--enable-digest-cache

216

+		$(use_enable client)

217

+		$(use_enable !gdbm file-cache)

218

+		$(use_enable server)

219

+		$(use_enable udp-server)

220

+		$(use_with gpg gpgme)

221

+	)

222

+	use firewalld && myeconfargs+=(--with-firewalld=/usr/sbin/firewalld)

223

+	use iptables && myeconfargs+=(--with-iptables=/sbin/iptables)

224

+

225

+	autotools-utils_src_configure

226

+}

227

+

228

+src_compile() {

229

+	autotools-utils_src_compile

230

+

231

+	if use python; then

232

+		cd "${S}"/python || die

233

+		distutils-r1_src_compile

234

+	fi

235

+}

236

+

237

+src_install() {

238

+	autotools-utils_src_install

239

+	prune_libtool_files --modules

240

+

241

+	if use server; then

242

+		newinitd "${FILESDIR}/fwknopd.init-r1" fwknopd

243

+		newconfd "${FILESDIR}/fwknopd.confd" fwknopd

244

+		systemd_dounit extras/systemd/fwknopd.service

245

+		systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf

246

+		readme.gentoo_create_doc

247

+	fi

248

+

249

+	use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd"

250

+

251

+	if use python; then

252

+		# Unset DOCS since distutils-r1.eclass interferes

253

+		local DOCS=()

254

+		cd "${S}"/python || die

255

+		distutils-r1_src_install

256

+	fi

257

+}

258

+

259

+pkg_postinst() {

260

+	use server && readme.gentoo_print_elog

261

+}

1	commit: abf34ce024c176aa0bc10c0d84b0b33bc51a4c3e
2	Author: Ilya Tumaykin <itumaykin <AT> gmail <DOT> com>
3	AuthorDate: Mon Nov 23 14:26:19 2015 +0000
4	Commit: Ian Delaney <idella4 <AT> gentoo <DOT> org>
5	CommitDate: Tue Nov 24 23:27:57 2015 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abf34ce0
7
8	net-firewall/fwknop: revbump to fix depend() and update regexps in initscript
9
10	FWKNOPD_CONFIG file should be parsed only if it exists, which is not the
11	case if the user has not configured fwknopd yet. See Gentoo bug #565864.
12
13	Regexps that are used to parse FWKNOPD_CONFIG file now allow spaces
14	before statements in order to handle possible indentation properly.
15
16	Gentoo-Bug: 565864
17
18	net-firewall/fwknop/files/fwknopd.init-r1 \| 92 ++++++++++++++++++++
19	net-firewall/fwknop/fwknop-2.6.7-r1.ebuild \| 135 +++++++++++++++++++++++++++++
20	2 files changed, 227 insertions(+)
21
22	diff --git a/net-firewall/fwknop/files/fwknopd.init-r1 b/net-firewall/fwknop/files/fwknopd.init-r1
23	new file mode 100644
24	index 0000000..9e8ecdc
25	--- /dev/null
26	+++ b/net-firewall/fwknop/files/fwknopd.init-r1
27	@@ -0,0 +1,92 @@
28	+#!/sbin/runscript
29	+# Copyright 1999-2015 Gentoo Foundation
30	+# Distributed under the terms of the GNU General Public License v2
31	+# $Id$
32	+
33	+extra_commands="checkconfig"
34	+extra_started_commands="reload"
35	+
36	+: ${FWKNOPD_BINARY:=/usr/sbin/fwknopd}
37	+: ${FWKNOPD_CONFDIR:=/etc/fwknop}
38	+: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf}
39	+: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid}
40	+
41	+depend() {
42	+ after iptables ip6tables ebtables firewall
43	+ use logger
44	+ if [ "${rc_need+set}" = "set" ]; then
45	+ : # Do nothing, the user has explicitly set rc_need
46	+ elif [ -f "${FWKNOPD_CONFIG}" ]; then
47	+ local x warn_intf
48	+ for x in $(awk '/^[[:blank:]]*PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do
49	+ warn_intf="${warn_intf} ${x}"
50	+ done
51	+ if [ -n "${warn_intf}" ]; then
52	+ need net
53	+ ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!"
54	+ ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME},"
55	+ ewarn "where FOO is the following interface(s):"
56	+ ewarn "${warn_intf}"
57	+ else
58	+ # If PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0
59	+ if ! grep -q '^[[:blank:]]*PCAP_FILE' "${FWKNOPD_CONFIG}"; then
60	+ need net
61	+ ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf,"
62	+ ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0."
63	+ ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}."
64	+ fi
65	+ fi
66	+ fi
67	+}
68	+
69	+checkconfig() {
70	+ if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then
71	+ eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd"
72	+ eerror "Example is located at /etc/fwknop/fwknopd.conf.example"
73	+ return 1
74	+ fi
75	+
76	+ if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then
77	+ eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd"
78	+ eerror "Example is located at /etc/fwknop/access.conf.example"
79	+ return 1
80	+ fi
81	+
82	+ [ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \
83	+ && FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}"
84	+
85	+ [ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \
86	+ && FWKNOPD_OPTS="${FWKNOPD_OPTS} \
87	+ --config=${FWKNOPD_CONFDIR}/fwknopd.conf \
88	+ --access-file=${FWKNOPD_CONFDIR}/access.conf"
89	+
90	+ return 0
91	+}
92	+
93	+start() {
94	+ checkconfig \|\| return 1
95	+
96	+ ebegin "Starting ${SVCNAME}"
97	+ start-stop-daemon --start \
98	+ --exec ${FWKNOPD_BINARY} --pidfile ${FWKNOPD_PIDFILE} \
99	+ -- ${FWKNOPD_OPTS}
100	+ eend $?
101	+}
102	+
103	+stop() {
104	+ if [ "${RC_CMD}" = "restart" ]; then
105	+ checkconfig \|\| return 1
106	+ fi
107	+
108	+ ebegin "Stopping ${SVCNAME}"
109	+ start-stop-daemon --stop --pidfile ${FWKNOPD_PIDFILE}
110	+ eend $?
111	+}
112	+
113	+reload() {
114	+ checkconfig \|\| return 1
115	+
116	+ ebegin "Reloading ${SVCNAME} configuration"
117	+ start-stop-daemon --signal HUP --pidfile ${FWKNOPD_PIDFILE}
118	+ eend $?
119	+}
120
121	diff --git a/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild
122	new file mode 100644
123	index 0000000..1a798bd
124	--- /dev/null
125	+++ b/net-firewall/fwknop/fwknop-2.6.7-r1.ebuild
126	@@ -0,0 +1,135 @@
127	+# Copyright 1999-2015 Gentoo Foundation
128	+# Distributed under the terms of the GNU General Public License v2
129	+# $Id$
130	+
131	+EAPI=5
132	+
133	+AUTOTOOLS_AUTORECONF=1
134	+DISABLE_AUTOFORMATTING=1
135	+
136	+DISTUTILS_OPTIONAL=1
137	+# Python extension supports only Python2
138	+# See https://github.com/mrash/fwknop/issues/167
139	+PYTHON_COMPAT=( python2_7 )
140	+
141	+inherit autotools-utils distutils-r1 linux-info readme.gentoo systemd
142	+
143	+DESCRIPTION="Single Packet Authorization and Port Knocking application"
144	+HOMEPAGE="http://www.cipherdyne.org/fwknop/"
145	+SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
146	+
147	+LICENSE="GPL-2"
148	+SLOT="0"
149	+KEYWORDS="~amd64 ~x86"
150	+IUSE="client extras firewalld gdbm gpg iptables python server udp-server"
151	+
152	+RDEPEND="
153	+ client? ( net-misc/wget[ssl] )
154	+ gpg? (
155	+ dev-libs/libassuan
156	+ dev-libs/libgpg-error
157	+ )
158	+ python? ( ${PYTHON_DEPS} )
159	+"
160	+DEPEND="${RDEPEND}
161	+ gdbm? ( sys-libs/gdbm )
162	+ gpg? ( app-crypt/gpgme )
163	+ firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] )
164	+ iptables? ( net-firewall/iptables )
165	+ server? ( !udp-server? ( net-libs/libpcap ) )
166	+"
167	+
168	+REQUIRED_USE="
169	+ python? ( ${PYTHON_REQUIRED_USE} )
170	+ firewalld? ( server )
171	+ iptables? ( server )
172	+ server? ( ^^ ( firewalld iptables ) )
173	+ udp-server? ( server )
174	+"
175	+
176	+DOCS=( ChangeLog README.md )
177	+DOC_CONTENTS="
178	+Example configuration files were installed in /etc/fwknopd directory.
179	+Please edit them to fit your needs and then remove the .example suffix.
180	+
181	+fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf.
182	+You can set the desired backend via FIREWALL_EXE option in fwknopd.conf
183	+instead of the default one chosen at compile time.
184	+"
185	+
186	+pkg_pretend() {
187	+ if use server; then
188	+ if ! linux_config_exists \|\| ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then
189	+ ewarn "fwknopd uses the iptables 'comment' match to expire SPA rules,"
190	+ ewarn "which is a major security feature and is enabled by default."
191	+ ewarn "Please either enable NETFILTER_XT_MATCH_COMMENT support in your"
192	+ ewarn "kernel, or set the appropriate ENABLE_{FIREWD,IPT}_COMMENT_CHECK"
193	+ ewarn "to 'N' in your fwknopd.conf file."
194	+ fi
195	+ fi
196	+}
197	+
198	+src_prepare() {
199	+ # Install example configs with .example suffix
200	+ if use server; then
201	+ sed -i -e 's/conf;/conf.example;/g' "${S}"/Makefile.am \|\| die
202	+ fi
203	+
204	+ autotools-utils_src_prepare
205	+
206	+ if use python; then
207	+ cd "${S}"/python \|\| die
208	+ distutils-r1_src_prepare
209	+ fi
210	+}
211	+
212	+src_configure() {
213	+ local myeconfargs=(
214	+ --localstatedir=/run
215	+ --enable-digest-cache
216	+ $(use_enable client)
217	+ $(use_enable !gdbm file-cache)
218	+ $(use_enable server)
219	+ $(use_enable udp-server)
220	+ $(use_with gpg gpgme)
221	+ )
222	+ use firewalld && myeconfargs+=(--with-firewalld=/usr/sbin/firewalld)
223	+ use iptables && myeconfargs+=(--with-iptables=/sbin/iptables)
224	+
225	+ autotools-utils_src_configure
226	+}
227	+
228	+src_compile() {
229	+ autotools-utils_src_compile
230	+
231	+ if use python; then
232	+ cd "${S}"/python \|\| die
233	+ distutils-r1_src_compile
234	+ fi
235	+}
236	+
237	+src_install() {
238	+ autotools-utils_src_install
239	+ prune_libtool_files --modules
240	+
241	+ if use server; then
242	+ newinitd "${FILESDIR}/fwknopd.init-r1" fwknopd
243	+ newconfd "${FILESDIR}/fwknopd.confd" fwknopd
244	+ systemd_dounit extras/systemd/fwknopd.service
245	+ systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf
246	+ readme.gentoo_create_doc
247	+ fi
248	+
249	+ use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd"
250	+
251	+ if use python; then
252	+ # Unset DOCS since distutils-r1.eclass interferes
253	+ local DOCS=()
254	+ cd "${S}"/python \|\| die
255	+ distutils-r1_src_install
256	+ fi
257	+}
258	+
259	+pkg_postinst() {
260	+ use server && readme.gentoo_print_elog
261	+}

Gentoo Archives: gentoo-commits