projects / gentoo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
*/*: Clean PYTHON_COMPAT of obsolete impls
[gentoo.git] / net-firewall / ufw / ufw-0.36.ebuild
1 # Copyright 1999-2020 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
3
4 EAPI=7
5
6 PYTHON_COMPAT=( python{2_7,3_6} )
7 DISTUTILS_IN_SOURCE_BUILD=1
8
9 inherit bash-completion-r1 distutils-r1 eutils linux-info systemd
10
11 DESCRIPTION="A program used to manage a netfilter firewall"
12 HOMEPAGE="https://launchpad.net/ufw"
13 SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
14
15 LICENSE="GPL-3"
16 SLOT="0"
17 KEYWORDS="amd64 ia64 ppc ppc64 sparc x86"
18 IUSE="examples ipv6"
19
20 DEPEND=""
21
22 RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
23         !<kde-misc/kcm-ufw-0.4.2
24         !<net-firewall/ufw-frontends-0.3.2"
25
26 BDEPEND="sys-devel/gettext"
27
28 # tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
29 RESTRICT="test"
30
31 PATCHES=(
32         # Move files away from /lib/ufw.
33         "${FILESDIR}/${P}-move-path.patch"
34         # Remove unnecessary build time dependency on net-firewall/iptables.
35         "${FILESDIR}/${P}-dont-check-iptables.patch"
36         # Remove shebang modification.
37         "${FILESDIR}/${P}-shebang.patch"
38         # Fix bash completions, bug #526300
39         "${FILESDIR}/${P}-bash-completion.patch"
40 )
41
42 pkg_pretend() {
43         local CONFIG_CHECK="~PROC_FS
44                 ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
45                 ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
46                 ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
47
48         if kernel_is -ge 2 6 39; then
49                 CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
50         else
51                 CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
52         fi
53
54         # https://bugs.launchpad.net/ufw/+bug/1076050
55         if kernel_is -ge 3 4; then
56                 CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
57         else
58                 CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
59                 use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
60         fi
61
62         CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
63         use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
64
65         check_extra_config
66
67         # Check for default, useful optional features.
68         if ! linux_config_exists; then
69                 ewarn "Cannot determine configuration of your kernel."
70                 return
71         fi
72
73         local nf_nat_ftp_ok="yes"
74         local nf_conntrack_ftp_ok="yes"
75         local nf_conntrack_netbios_ns_ok="yes"
76
77         linux_chkconfig_present \
78                 NF_NAT_FTP || nf_nat_ftp_ok="no"
79         linux_chkconfig_present \
80                 NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
81         linux_chkconfig_present \
82                 NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
83
84         # This is better than an essay for each unset option...
85         if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
86            [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
87            [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
88                 echo
89                 local mod_msg="Kernel options listed below are not set. They are not"
90                 mod_msg+=" mandatory, but they are often useful."
91                 mod_msg+=" If you don't need some of them, please remove relevant"
92                 mod_msg+=" module name(s) from IPT_MODULES in"
93                 mod_msg+=" '${EROOT}/etc/default/ufw' before (re)starting ufw."
94                 mod_msg+=" Otherwise ufw may fail to start!"
95                 ewarn "${mod_msg}"
96                 if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
97                         ewarn "NF_NAT_FTP: for better support for active mode FTP."
98                 fi
99                 if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
100                         ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
101                 fi
102                 if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
103                         ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
104                 fi
105         fi
106 }
107
108 python_prepare_all() {
109         # Set as enabled by default. User can enable or disable
110         # the service by adding or removing it to/from a runlevel.
111         sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
112                 || die "sed failed (ufw.conf)"
113
114         sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
115
116         # If LINGUAS is set install selected translations only.
117         if [[ -n ${LINGUAS+set} ]]; then
118                 _EMPTY_LOCALE_LIST="yes"
119                 pushd locales/po > /dev/null || die
120
121                 local lang
122                 for lang in *.po; do
123                         if ! has "${lang%.po}" ${LINGUAS}; then
124                                 rm "${lang}" || die
125                         else
126                                 _EMPTY_LOCALE_LIST="no"
127                         fi
128                 done
129
130                 popd > /dev/null || die
131         else
132                 _EMPTY_LOCALE_LIST="no"
133         fi
134
135         distutils-r1_python_prepare_all
136 }
137
138 python_install_all() {
139         newconfd "${FILESDIR}"/ufw.confd ufw
140         newinitd "${FILESDIR}"/ufw-2.initd ufw
141         systemd_dounit "${FILESDIR}/ufw.service"
142
143         exeinto /usr/share/${PN}
144         doexe tests/check-requirements
145
146         # users normally would want it
147         insinto "/usr/share/doc/${PF}/logging/syslog-ng"
148         doins -r "${FILESDIR}"/syslog-ng/*
149
150         insinto "/usr/share/doc/${PF}/logging/rsyslog"
151         doins -r "${FILESDIR}"/rsyslog/*
152         doins doc/rsyslog.example
153
154         if use examples; then
155                 insinto "/usr/share/doc/${PF}/examples"
156                 doins -r examples/*
157         fi
158         newbashcomp shell-completion/bash "${PN}"
159
160         [[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo
161
162         distutils-r1_python_install_all
163         python_replicate_script "${D}/usr/sbin/ufw"
164 }
165
166 pkg_postinst() {
167         local print_check_req_warn
168         print_check_req_warn=false
169
170         if [[ -z "${REPLACING_VERSIONS}" ]]; then
171                 echo
172                 elog "To enable ufw, add it to boot sequence and activate it:"
173                 elog "-- # rc-update add ufw boot"
174                 elog "-- # /etc/init.d/ufw start"
175                 echo
176                 elog "If you want to keep ufw logs in a separate file, take a look at"
177                 elog "/usr/share/doc/${PF}/logging."
178                 print_check_req_warn=true
179         else
180                 local rv
181                 for rv in "${REPLACING_VERSIONS}"; do
182                         local major=${rv%%.*}
183                         local minor=${rv#${major}.}
184                         if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then
185                                 print_check_req_warn=true
186                         fi
187                 done
188         fi
189         if [[ "${print_check_req_warn}" == "true" ]]; then
190                 echo
191                 elog "/usr/share/ufw/check-requirements script is installed."
192                 elog "It is useful for debugging problems with ufw. However one"
193                 elog "should keep in mind that the script assumes IPv6 is enabled"
194                 elog "on kernel and net-firewall/iptables, and fails when it's not."
195         fi
196         echo
197         ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
198         ewarn "default. See README, Remote Management section for more information."
199 }
Unnamed repository; edit this file 'description' to name the repository.