Gentoo Archives: gentoo-commits

From: Patrice Clement <monsieurp@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/ufw/, net-firewall/ufw/files/
Date: Sat, 30 Mar 2019 18:32:23
Message-Id: 1553970731.13cabfd23b3d793596453e85057789ef14a4faa1.monsieurp@gentoo
1 commit: 13cabfd23b3d793596453e85057789ef14a4faa1
2 Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
3 AuthorDate: Thu Mar 21 01:08:46 2019 +0000
4 Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
5 CommitDate: Sat Mar 30 18:32:11 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13cabfd2
7
8 net-firewall/ufw: version bump to 0.36 && EAPI 7 bump.
9
10 Reported-by: yuLya <gen2xmach1ne <AT> tutanota.com>
11 Tested-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
12 Closes: https://bugs.gentoo.org/680540
13 Closes: https://github.com/gentoo/gentoo/pull/11430
14 Package-Manager: Portage-2.3.62, Repoman-2.3.11
15 Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
16 Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>
17
18 net-firewall/ufw/Manifest | 1 +
19 .../ufw/files/ufw-0.36-bash-completion.patch | 16 ++
20 .../ufw/files/ufw-0.36-dont-check-iptables.patch | 45 +++++
21 net-firewall/ufw/files/ufw-0.36-move-path.patch | 174 ++++++++++++++++++
22 net-firewall/ufw/files/ufw-0.36-shebang.patch | 15 ++
23 net-firewall/ufw/metadata.xml | 15 +-
24 net-firewall/ufw/ufw-0.36.ebuild | 199 +++++++++++++++++++++
25 7 files changed, 463 insertions(+), 2 deletions(-)
26
27 diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
28 index ed396f855b3..ad31ad0661a 100644
29 --- a/net-firewall/ufw/Manifest
30 +++ b/net-firewall/ufw/Manifest
31 @@ -1,2 +1,3 @@
32 DIST ufw-0.34_pre805.tar.gz 335875 BLAKE2B a2b654fe35a299ffd9978ef14a8d5667f799b654b6285bc81756c8081d9f4417b2fa9c05a234351d42709c2c57ff624b4fe7bca8ffe4d13cd12436feead6e4da SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263
33 DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
34 +DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3
35
36 diff --git a/net-firewall/ufw/files/ufw-0.36-bash-completion.patch b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
37 new file mode 100644
38 index 00000000000..927af244eef
39 --- /dev/null
40 +++ b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
41 @@ -0,0 +1,16 @@
42 +--- a/shell-completion/bash 2018-12-14 21:25:55.000000000 +0300
43 ++++ b/shell-completion/bash 2019-03-21 01:26:46.152181981 +0300
44 +@@ -57,7 +57,6 @@
45 + echo "numbered verbose"
46 + }
47 +
48 +-_have ufw &&
49 + _ufw()
50 + {
51 + cur=${COMP_WORDS[COMP_CWORD]}
52 +@@ -91,4 +90,4 @@
53 + fi
54 + }
55 +
56 +-_have ufw && complete -F _ufw ufw
57 ++complete -F _ufw ufw
58
59 diff --git a/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
60 new file mode 100644
61 index 00000000000..11eb1748dd1
62 --- /dev/null
63 +++ b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
64 @@ -0,0 +1,45 @@
65 +--- a/setup.py 2019-03-21 01:32:28.500245586 +0300
66 ++++ b/setup.py 2019-03-21 01:39:17.166095026 +0300
67 +@@ -257,41 +257,7 @@
68 + os.unlink(os.path.join('staging', 'ufw-init'))
69 + os.unlink(os.path.join('staging', 'ufw-init-functions'))
70 +
71 +-iptables_exe = ''
72 +-iptables_dir = ''
73 +-
74 +-for e in ['iptables']:
75 +- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
76 +- '/usr/local/bin']:
77 +- if e == "iptables":
78 +- if os.path.exists(os.path.join(dir, e)):
79 +- iptables_dir = dir
80 +- iptables_exe = os.path.join(iptables_dir, "iptables")
81 +- print("Found '%s'" % iptables_exe)
82 +- else:
83 +- continue
84 +-
85 +- if iptables_exe != "":
86 +- break
87 +-
88 +-
89 +-if iptables_exe == '':
90 +- print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
91 +- sys.exit(1)
92 +-
93 +-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
94 +- if not os.path.exists(os.path.join(iptables_dir, e)):
95 +- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
96 +- sys.exit(1)
97 +-
98 +-(rc, out) = cmd([iptables_exe, '-V'])
99 +-if rc != 0:
100 +- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
101 +- (iptables_exe))
102 +-version = re.sub('^v', '', re.split('\s', str(out))[1])
103 +-print("Found '%s' version '%s'" % (iptables_exe, version))
104 +-if version < "1.4":
105 +- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
106 ++iptables_dir = '/sbin'
107 +
108 + setup (name='ufw',
109 + version=ufw_version,
110
111 diff --git a/net-firewall/ufw/files/ufw-0.36-move-path.patch b/net-firewall/ufw/files/ufw-0.36-move-path.patch
112 new file mode 100644
113 index 00000000000..1ba9d117be5
114 --- /dev/null
115 +++ b/net-firewall/ufw/files/ufw-0.36-move-path.patch
116 @@ -0,0 +1,174 @@
117 +--- a/doc/ufw-framework.8 2018-12-14 21:25:55.000000000 +0300
118 ++++ b/doc/ufw-framework.8 2019-03-21 00:12:37.852104313 +0300
119 +@@ -18,7 +18,7 @@
120 + parameters and configuration of IPv6. The framework consists of the following
121 + files:
122 + .TP
123 +-#STATE_PREFIX#/ufw\-init
124 ++#SHARE_DIR#/ufw\-init
125 + initialization script
126 + .TP
127 + #CONFIG_PREFIX#/ufw/before.init
128 +@@ -47,7 +47,7 @@
129 +
130 + .SH "BOOT INITIALIZATION"
131 + .PP
132 +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
133 ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
134 + standard SysV style initscript used by the \fBufw\fR command and should not be
135 + modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
136 + scripts may be used to perform any additional firewall configuration that is
137 +--- a/README 2018-07-24 16:42:38.000000000 +0300
138 ++++ b/README 2019-03-21 00:18:18.253205303 +0300
139 +@@ -60,7 +60,7 @@
140 + on your needs, this can be as simple as adding the following to a startup
141 + script (eg rc.local for systems that use it):
142 +
143 +-# /lib/ufw/ufw-init start
144 ++# /usr/share/ufw/ufw-init start
145 +
146 + For systems that use SysV initscripts, an example script is provided in
147 + doc/initscript.example. See doc/upstart.example for an Upstart example and
148 +@@ -74,10 +74,9 @@
149 + /etc/defaults/ufw high level configuration
150 + /etc/ufw/before[6].rules rules evaluated before UI added rules
151 + /etc/ufw/after[6].rules rules evaluated after UI added rules
152 +-/lib/ufw/user[6].rules UI added rules (not to be modified)
153 ++/etc/ufw/user/user[6].rules UI added rules (not to be modified)
154 + /etc/ufw/sysctl.conf kernel network tunables
155 +-/lib/ufw/ufw-init start script
156 +-
157 ++/usr/share/ufw/ufw-init start script
158 +
159 + Usage
160 + -----
161 +@@ -152,7 +151,7 @@
162 + that the primary chains don't move around other non-ufw rules and chains. To
163 + completely flush the built-in chains with this configuration, you can use:
164 +
165 +-# /lib/ufw/ufw-init flush-all
166 ++# /usr/share/ufw/ufw-init flush-all
167 +
168 + Alternately, ufw may also take full control of the firewall by setting
169 + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
170 +@@ -260,7 +259,7 @@
171 +
172 + Remote Management
173 + -----------------
174 +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
175 ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
176 + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
177 + 'enabled' it will insert rules into the existing chains, and therefore not
178 + flush the chains (but will when modifying a rule or changing the default
179 +@@ -303,7 +302,7 @@
180 +
181 + Distributions
182 + -------------
183 +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
184 ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
185 + ufw, this script is meant to be used by ufw itself, and therefore not
186 + particularly user friendly. See doc/initscript.example for a simple
187 + implementation that can be adapted to your distribution.
188 +--- a/setup.py 2018-12-14 21:25:55.000000000 +0300
189 ++++ b/setup.py 2019-03-21 00:44:49.603002503 +0300
190 +@@ -55,7 +55,7 @@
191 + return
192 +
193 + real_confdir = os.path.join('/etc')
194 +- real_statedir = os.path.join('/lib', 'ufw')
195 ++ real_statedir = os.path.join('/etc', 'ufw', 'user')
196 + real_prefix = self.prefix
197 + if self.home != None:
198 + real_confdir = self.home + real_confdir
199 +@@ -132,14 +132,20 @@
200 + self.copy_file('doc/ufw.8', manpage)
201 + self.copy_file('doc/ufw-framework.8', manpage_f)
202 +
203 +- # Install state files and helper scripts
204 ++ # Install state files
205 + statedir = real_statedir
206 + if self.root != None:
207 + statedir = self.root + real_statedir
208 + self.mkpath(statedir)
209 +
210 +- init_helper = os.path.join(statedir, 'ufw-init')
211 +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
212 ++ # Install helper scripts
213 ++ sharedir = real_sharedir
214 ++ if self.root != None:
215 ++ sharedir = self.root + real_sharedir
216 ++ self.mkpath(sharedir)
217 ++
218 ++ init_helper = os.path.join(sharedir, 'ufw-init')
219 ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
220 + self.copy_file('src/ufw-init', init_helper)
221 + self.copy_file('src/ufw-init-functions', init_helper_functions)
222 +
223 +@@ -220,14 +226,19 @@
224 + f])
225 +
226 + subprocess.call(["sed",
227 ++ "-i",
228 ++ "s%#SHARE_DIR#%" + real_sharedir + "%g",
229 ++ f])
230 ++
231 ++ subprocess.call(["sed",
232 + "-i",
233 + "s%#VERSION#%" + ufw_version + "%g",
234 + f])
235 +
236 + # Install pristine copies of rules files
237 +- sharedir = real_sharedir
238 +- if self.root != None:
239 +- sharedir = self.root + real_sharedir
240 ++ #sharedir = real_sharedir
241 ++ #if self.root != None:
242 ++ # sharedir = self.root + real_sharedir
243 + rulesdir = os.path.join(sharedir, 'iptables')
244 + self.mkpath(rulesdir)
245 + for f in [ before_rules, after_rules, \
246 +--- a/src/backend_iptables.py 2018-12-14 21:25:55.000000000 +0300
247 ++++ b/src/backend_iptables.py 2019-03-21 00:52:10.416829220 +0300
248 +@@ -38,6 +38,7 @@
249 + files = {}
250 + config_dir = _findpath(ufw.common.config_dir, datadir)
251 + state_dir = _findpath(ufw.common.state_dir, datadir)
252 ++ share_dir = _findpath(ufw.common.share_dir, datadir)
253 +
254 + files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
255 + files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
256 +@@ -45,7 +46,7 @@
257 + files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules')
258 + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
259 + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
260 +- files['init'] = os.path.join(state_dir, 'ufw-init')
261 ++ files['init'] = os.path.join(share_dir, 'ufw-init')
262 +
263 + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
264 + rootdir=rootdir, datadir=datadir)
265 +--- a/src/ufw-init 2018-03-30 22:45:52.000000000 +0300
266 ++++ b/src/ufw-init 2019-03-21 01:06:32.720483789 +0300
267 +@@ -31,10 +31,11 @@
268 + fi
269 + export DATA_DIR="$datadir"
270 +
271 +-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
272 +- . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
273 ++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
274 ++ . "${rootdir}#SHARE_DIR#/ufw-init-functions"
275 ++
276 + else
277 +- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
278 ++ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
279 + exit 1
280 + fi
281 +
282 +@@ -83,7 +84,7 @@
283 + fi
284 + ;;
285 + *)
286 +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
287 ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
288 + exit 1
289 + ;;
290 + esac
291
292 diff --git a/net-firewall/ufw/files/ufw-0.36-shebang.patch b/net-firewall/ufw/files/ufw-0.36-shebang.patch
293 new file mode 100644
294 index 00000000000..8c2b8fe2392
295 --- /dev/null
296 +++ b/net-firewall/ufw/files/ufw-0.36-shebang.patch
297 @@ -0,0 +1,15 @@
298 +--- a/setup.py 2019-03-21 01:51:55.751971770 +0300
299 ++++ b/setup.py 2019-03-21 01:54:40.142513567 +0300
300 +@@ -122,12 +122,6 @@
301 + for f in [ script, manpage, manpage_f ]:
302 + self.mkpath(os.path.dirname(f))
303 +
304 +- # update the interpreter to that of the one the user specified for setup
305 +- print("Updating staging/ufw to use %s" % (sys.executable))
306 +- subprocess.call(["sed",
307 +- "-i",
308 +- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
309 +- 'staging/ufw'])
310 + self.copy_file('staging/ufw', script)
311 + self.copy_file('doc/ufw.8', manpage)
312 + self.copy_file('doc/ufw-framework.8', manpage_f)
313
314 diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
315 index b8103d2da1a..a35eb64d103 100644
316 --- a/net-firewall/ufw/metadata.xml
317 +++ b/net-firewall/ufw/metadata.xml
318 @@ -1,13 +1,24 @@
319 <?xml version="1.0" encoding="UTF-8"?>
320 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
321 <pkgmetadata>
322 - <!-- maintainer-needed -->
323 + <maintainer type="person">
324 + <email>hasan.calisir@×××××××.com</email>
325 + <name>Hasan ÇALIŞIR</name>
326 + </maintainer>
327 + <maintainer type="project">
328 + <email>proxy-maint@g.o</email>
329 + <name>Proxy Maintainers</name>
330 + </maintainer>
331 + <use>
332 + <flag name="examples">Example ufw config files</flag>
333 + <flag name="ipv6">IPv6 support for iptables</flag>
334 + </use>
335 <longdescription lang="en">
336 The Uncomplicated Firewall (ufw) is a frontend for iptables and is
337 particularly well-suited for host-based firewalls. It provides a framework
338 for managing netfilter, as well as an easy to use command-line interface for
339 manipulating the firewall.
340 -</longdescription>
341 + </longdescription>
342 <upstream>
343 <remote-id type="launchpad">ufw</remote-id>
344 </upstream>
345
346 diff --git a/net-firewall/ufw/ufw-0.36.ebuild b/net-firewall/ufw/ufw-0.36.ebuild
347 new file mode 100644
348 index 00000000000..a625741775a
349 --- /dev/null
350 +++ b/net-firewall/ufw/ufw-0.36.ebuild
351 @@ -0,0 +1,199 @@
352 +# Copyright 1999-2019 Gentoo Authors
353 +# Distributed under the terms of the GNU General Public License v2
354 +
355 +EAPI=7
356 +
357 +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
358 +DISTUTILS_IN_SOURCE_BUILD=1
359 +
360 +inherit bash-completion-r1 distutils-r1 eutils linux-info systemd
361 +
362 +DESCRIPTION="A program used to manage a netfilter firewall"
363 +HOMEPAGE="https://launchpad.net/ufw"
364 +SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
365 +
366 +LICENSE="GPL-3"
367 +SLOT="0"
368 +KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
369 +IUSE="examples ipv6"
370 +
371 +DEPEND=""
372 +
373 +RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
374 + !<kde-misc/kcm-ufw-0.4.2
375 + !<net-firewall/ufw-frontends-0.3.2"
376 +
377 +BDEPEND="sys-devel/gettext"
378 +
379 +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
380 +RESTRICT="test"
381 +
382 +PATCHES=(
383 + # Move files away from /lib/ufw.
384 + "${FILESDIR}/${P}-move-path.patch"
385 + # Remove unnecessary build time dependency on net-firewall/iptables.
386 + "${FILESDIR}/${P}-dont-check-iptables.patch"
387 + # Remove shebang modification.
388 + "${FILESDIR}/${P}-shebang.patch"
389 + # Fix bash completions, bug #526300
390 + "${FILESDIR}/${P}-bash-completion.patch"
391 +)
392 +
393 +pkg_pretend() {
394 + local CONFIG_CHECK="~PROC_FS
395 + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
396 + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
397 + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
398 +
399 + if kernel_is -ge 2 6 39; then
400 + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
401 + else
402 + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
403 + fi
404 +
405 + # https://bugs.launchpad.net/ufw/+bug/1076050
406 + if kernel_is -ge 3 4; then
407 + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
408 + else
409 + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
410 + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
411 + fi
412 +
413 + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
414 + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
415 +
416 + check_extra_config
417 +
418 + # Check for default, useful optional features.
419 + if ! linux_config_exists; then
420 + ewarn "Cannot determine configuration of your kernel."
421 + return
422 + fi
423 +
424 + local nf_nat_ftp_ok="yes"
425 + local nf_conntrack_ftp_ok="yes"
426 + local nf_conntrack_netbios_ns_ok="yes"
427 +
428 + linux_chkconfig_present \
429 + NF_NAT_FTP || nf_nat_ftp_ok="no"
430 + linux_chkconfig_present \
431 + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
432 + linux_chkconfig_present \
433 + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
434 +
435 + # This is better than an essay for each unset option...
436 + if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
437 + [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
438 + [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
439 + echo
440 + local mod_msg="Kernel options listed below are not set. They are not"
441 + mod_msg+=" mandatory, but they are often useful."
442 + mod_msg+=" If you don't need some of them, please remove relevant"
443 + mod_msg+=" module name(s) from IPT_MODULES in"
444 + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
445 + mod_msg+=" Otherwise ufw may fail to start!"
446 + ewarn "${mod_msg}"
447 + if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
448 + ewarn "NF_NAT_FTP: for better support for active mode FTP."
449 + fi
450 + if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
451 + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
452 + fi
453 + if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
454 + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
455 + fi
456 + fi
457 +}
458 +
459 +python_prepare_all() {
460 + # Set as enabled by default. User can enable or disable
461 + # the service by adding or removing it to/from a runlevel.
462 + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
463 + || die "sed failed (ufw.conf)"
464 +
465 + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
466 +
467 + # If LINGUAS is set install selected translations only.
468 + if [[ -n ${LINGUAS+set} ]]; then
469 + _EMPTY_LOCALE_LIST="yes"
470 + pushd locales/po > /dev/null || die
471 +
472 + local lang
473 + for lang in *.po; do
474 + if ! has "${lang%.po}" ${LINGUAS}; then
475 + rm "${lang}" || die
476 + else
477 + _EMPTY_LOCALE_LIST="no"
478 + fi
479 + done
480 +
481 + popd > /dev/null || die
482 + else
483 + _EMPTY_LOCALE_LIST="no"
484 + fi
485 +
486 + distutils-r1_python_prepare_all
487 +}
488 +
489 +python_install_all() {
490 + newconfd "${FILESDIR}"/ufw.confd ufw
491 + newinitd "${FILESDIR}"/ufw-2.initd ufw
492 + systemd_dounit "${FILESDIR}/ufw.service"
493 +
494 + exeinto /usr/share/${PN}
495 + doexe tests/check-requirements
496 +
497 + # users normally would want it
498 + docinto "/usr/share/doc/${PF}/logging/syslog-ng"
499 + doins -r "${FILESDIR}"/syslog-ng/*
500 +
501 + docinto "/usr/share/doc/${PF}/logging/rsyslog"
502 + doins -r "${FILESDIR}"/rsyslog/*
503 + doins doc/rsyslog.example
504 +
505 + if use examples; then
506 + docinto "/usr/share/doc/${PF}/examples"
507 + doins -r examples/*
508 + fi
509 + newbashcomp shell-completion/bash "${PN}"
510 +
511 + [[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo
512 +
513 + distutils-r1_python_install_all
514 + python_replicate_script "${D}/usr/sbin/ufw"
515 +}
516 +
517 +pkg_postinst() {
518 + local print_check_req_warn
519 + print_check_req_warn=false
520 +
521 + if [[ -z "${REPLACING_VERSIONS}" ]]; then
522 + echo
523 + elog "To enable ufw, add it to boot sequence and activate it:"
524 + elog "-- # rc-update add ufw boot"
525 + elog "-- # /etc/init.d/ufw start"
526 + echo
527 + elog "If you want to keep ufw logs in a separate file, take a look at"
528 + elog "/usr/share/doc/${PF}/logging."
529 + print_check_req_warn=true
530 + else
531 + local rv
532 + for rv in "${REPLACING_VERSIONS}"; do
533 + local major=${rv%%.*}
534 + local minor=${rv#${major}.}
535 + if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then
536 + print_check_req_warn=true
537 + fi
538 + done
539 + fi
540 + if [[ "${print_check_req_warn}" == "true" ]]; then
541 + echo
542 + elog "/usr/share/ufw/check-requirements script is installed."
543 + elog "It is useful for debugging problems with ufw. However one"
544 + elog "should keep in mind that the script assumes IPv6 is enabled"
545 + elog "on kernel and net-firewall/iptables, and fails when it's not."
546 + fi
547 + echo
548 + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
549 + ewarn "default. See README, Remote Management section for more information."
550 +}