From: Ian Delaney Date: Sat, 5 Sep 2015 14:42:38 +0000 (+0800) Subject: net-firewall/fwknop: bump: new optional deps with use flags X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=048d03cc31f4f5c326384bbb6920b1491a179539;p=gentoo.git net-firewall/fwknop: bump: new optional deps with use flags dep net-firewall/firewalld is masked under profiles for SElinux, the use flag firewalld has been masked accordingly under profiles, patches and ebuild supplied by maintainer via bug #558754, prior version dropped, closes said bug Package-Manager: portage-2.2.20 --- diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest index ae32b6f25adc..69bd5b575744 100644 --- a/net-firewall/fwknop/Manifest +++ b/net-firewall/fwknop/Manifest @@ -1 +1 @@ -DIST fwknop-2.6.6.tar.gz 2433846 SHA256 724e986b6bc47d3b6f5ba5c9232e2b411ae8ef4b2e8f7fffd16210c20d3be932 SHA512 ccd25701908a1bc653b59571013f0953ee40c967537b68cfaff48e1eea4fde11402712f70f07db308f7a37cfd49ef8ad11b1535d3012cf32e09cc677673c067f WHIRLPOOL df8025e8a2551e0485473715bc10fef31b373f38293b8f8f678aa7ec03f9fbe353a089cfbdbb783e5972b917313f4a90edfac4557e53bd962df6d8ba0e9fca2e +DIST fwknop-2.6.7.tar.gz 2849006 SHA256 e96c13f725a4c3829c842743b14aedf591d30570df5c06556862a900b64def86 SHA512 8a8c5e76740c495342fd914309de564576ce5c7fda90dc0f0322782ace5f28ccbb4bcef4c0a3353a564b13ef7298a5cd75dcd4d26986b2fb5ec000b641fbf848 WHIRLPOOL 6de45c31cc39b7b44d0531dc19bd2727bc721cf156a04d830c295573fe40d95296c1591e3bd5ae2b597bea9a6015744061351655f1cf04a5d6a5cae6678d1126 diff --git a/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.7.ebuild similarity index 50% rename from net-firewall/fwknop/fwknop-2.6.6-r1.ebuild rename to net-firewall/fwknop/fwknop-2.6.7.ebuild index 7fcc35d6ce5f..2fc149ff0e68 100644 --- a/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild +++ b/net-firewall/fwknop/fwknop-2.6.7.ebuild @@ -4,15 +4,15 @@ EAPI=5 -# Does work with python2_7, does not work with python3_3 on my machine -# More feedback is welcome, since setup.py does not provide any info +# Python extension supports only Python2 +# See https://github.com/mrash/fwknop/issues/167 PYTHON_COMPAT=( python2_7 ) DISTUTILS_OPTIONAL=1 -DISTUTILS_SINGLE_IMPL=1 AUTOTOOLS_AUTORECONF=1 AUTOTOOLS_IN_SOURCE_BUILD=1 +DISABLE_AUTOFORMATTING=1 -inherit autotools-utils distutils-r1 systemd +inherit autotools-utils distutils-r1 linux-info readme.gentoo systemd DESCRIPTION="Single Packet Authorization and Port Knocking application" HOMEPAGE="http://www.cipherdyne.org/fwknop/" @@ -21,7 +21,7 @@ SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="client extras gdbm gpg python server udp-server" +IUSE="client extras firewalld gdbm gpg iptables python server udp-server" RDEPEND=" client? ( net-misc/wget[ssl] ) @@ -34,23 +34,45 @@ RDEPEND=" DEPEND="${RDEPEND} gdbm? ( sys-libs/gdbm ) gpg? ( app-crypt/gpgme ) - server? ( - !udp-server? ( net-libs/libpcap ) - net-firewall/iptables - ) + firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] ) + iptables? ( net-firewall/iptables ) + server? ( !udp-server? ( net-libs/libpcap ) ) " REQUIRED_USE=" python? ( ${PYTHON_REQUIRED_USE} ) + firewalld? ( server ) + iptables? ( server ) + server? ( ^^ ( firewalld iptables ) ) udp-server? ( server ) " DOCS=( ChangeLog README.md ) +DOC_CONTENTS=" +Example configuration files were installed in /etc/fwknopd directory. +Please edit them to fit your needs and then remove the .example suffix. + +fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf. +You can set the desired backend via FIREWALL_EXE option in fwknopd.conf +instead of the default one chosen at compile time. +" + +pkg_pretend() { + if use server; then + if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then + ewarn "fwknopd uses the iptables 'comment' match to expire SPA rules," + ewarn "which is a major security feature and is enabled by default." + ewarn "Please either enable NETFILTER_XT_MATCH_COMMENT support in your" + ewarn "kernel, or set the appropriate ENABLE_{FIREWD,IPT}_COMMENT_CHECK" + ewarn "to 'N' in your fwknopd.conf file." + fi + fi +} src_prepare() { # Install example configs with .example suffix if use server; then - sed -i 's/conf;/conf.example;/g' "${S}"/Makefile.am || die + sed -i -e 's/conf;/conf.example;/g' "${S}"/Makefile.am || die fi autotools-utils_src_prepare @@ -71,6 +93,9 @@ src_configure() { $(use_enable udp-server) $(use_with gpg gpgme) ) + use firewalld && myeconfargs+=(--with-firewalld=/usr/sbin/firewalld) + use iptables && myeconfargs+=(--with-iptables=/sbin/iptables) + autotools-utils_src_configure } @@ -90,8 +115,9 @@ src_install() { if use server; then newinitd "${FILESDIR}/fwknopd.init" fwknopd newconfd "${FILESDIR}/fwknopd.confd" fwknopd - systemd_dounit "${FILESDIR}/fwknopd.service" - systemd_newtmpfilesd "${FILESDIR}/fwknopd.tmpfiles.conf" fwknopd.conf + systemd_dounit extras/systemd/fwknopd.service + systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf + readme.gentoo_create_doc fi use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd" @@ -103,3 +129,7 @@ src_install() { distutils-r1_src_install fi } + +pkg_postinst() { + use server && readme.gentoo_print_elog +} diff --git a/net-firewall/fwknop/metadata.xml b/net-firewall/fwknop/metadata.xml index 79031c2f7e61..8b1bce7efec2 100644 --- a/net-firewall/fwknop/metadata.xml +++ b/net-firewall/fwknop/metadata.xml @@ -8,11 +8,13 @@ Build fwknop client - Replace file digest-cache with gdbm + Install example AppArmor policy for fwknopd server + Use net-firewall/firewalld as the default server backend + Replace file-based digest-cache with gdbm one Enable GPG support via app-crypt/gpgme + Use net-firewall/iptables as the default server backend Build fwknopd server - Install example apparmor policy - Build fwknopd with UDP server mode only + Enable UDP server mode only (no net-libs/libpcap dependency) mrash/fwknop