Initial import, bug #264912, thank Sławomir Nizio for this job.

(Portage version: 2.1.10.6/cvs/Linux x86_64)

7 files changed, 466 insertions, 0 deletions

diff --git a/net-firewall/ufw/ChangeLog b/net-firewall/ufw/ChangeLog
new file mode 100644
index 000000000000..a9840ee2f1ec
--- /dev/null
+++ b/net-firewall/ufw/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for net-firewall/ufw
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ChangeLog,v 1.1 2011/07/24 11:18:22 pva Exp $
+
+*ufw-0.30.1-r2 (24 Jul 2011)
+
+  24 Jul 2011; Peter Volkov <pva@gentoo.org> +ufw-0.30.1-r2.ebuild,
+  +files/ufw-2.initd, +files/ufw.confd, +files/ufw-dont-check-iptables.patch,
+  +files/ufw-move-path.patch, +metadata.xml:
+  Initial import, bug #264912, thank Sławomir Nizio for this job.
+
diff --git a/net-firewall/ufw/files/ufw-2.initd b/net-firewall/ufw/files/ufw-2.initd
new file mode 100644
index 000000000000..79e9fc682289
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-2.initd
@@ -0,0 +1,137 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/files/ufw-2.initd,v 1.1 2011/07/24 11:18:22 pva Exp $
+
+depend() {
+	before net
+	provide firewall
+}
+
+start() {
+	ebegin "Starting ufw"
+	_source_file || { eend $?; return $?; }
+
+	local enabled_in_cfg ret
+	_check_if_enabled_in_cfg
+	enabled_in_cfg=$?
+
+	# Avoid "Firewall already started, use 'force-reload'" message that
+	# appears if `ufw enable' had been run before start().
+	if _status_quiet; then
+		eend 0
+		return
+	fi
+
+	# The ufw_start function does the same: if ufw is disabled using `ufw disable',
+	# ufw_start would not start ufw and return 0, so let's handle this case.
+	case $enabled_in_cfg in
+	0)
+		ufw_start
+		ret=$?
+		eend $ret "Failed to start ufw."
+		;;
+	1)
+		# see /etc/conf.d/<name>
+		if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
+			ret=1
+			eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first."
+		else
+			ret=0
+			eend 0
+		fi
+		;;
+	2)
+		ret=1
+		eend $ret "Failed to start ufw."
+		;;
+	esac
+
+	return $ret
+}
+
+stop() {
+	ebegin "Stopping ufw"
+	_source_file || { eend $?; return $?; }
+	local enabled_in_cfg ret
+	_check_if_enabled_in_cfg
+	enabled_in_cfg=$?
+
+	# Same as above (unless --force is passed to ufw_stop).
+	case $enabled_in_cfg in
+	0)
+		ufw_stop
+		ret=$?
+		;;
+	1)
+		einfo "INFO: ufw is configured to be disabled"
+		ufw_stop --force
+		ret=$?
+		;;
+	2)
+		ret=1
+		;;
+	esac
+
+	eend $ret "Failed to stop ufw."
+	return $ret
+}
+
+_status_quiet() {
+	# return values: 0 - started, 1 - stopped, 2 - error
+	# Does not execute _source_file.
+	local ret
+	ufw_status > /dev/null
+	ret=$?
+	# Return values for ufw_status come from /usr/share/ufw/ufw-init-functions.
+	case $ret in
+	0) return 0 ;;
+	3) return 1 ;;
+	*) return 2 ;;
+	esac
+}
+
+_source_file() {
+	local sourced_f="/usr/share/ufw/ufw-init-functions"
+	if [ ! -f "$sourced_f" ]; then
+		eerror "Cannot find file $sourced_f!"
+		return 1
+	fi
+
+	local _path=$PATH
+	if ! source "$sourced_f"; then
+		# PATH can be broken here, fix it...
+		PATH=$_path
+		eerror "Error sourcing file $sourced_f"
+		return 1
+	fi
+
+	if [ -z "$PATH" ]; then
+		PATH=$_path
+	else
+		PATH="${PATH}:${_path}"
+	fi
+	return 0
+}
+
+_check_if_enabled_in_cfg() {
+	# Check if user has enabled the firewall with "ufw enable".
+	# Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.
+
+	local sourced_f="/etc/ufw/ufw.conf"
+	if [ ! -f "$sourced_f" ]; then
+		eerror "Cannot find file $sourced_f!"
+		return 2
+	fi
+
+	if ! source "$sourced_f"; then
+		eerror "Error sourcing file $sourced_f"
+		return 2
+	fi
+
+	if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
diff --git a/net-firewall/ufw/files/ufw-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-dont-check-iptables.patch
new file mode 100644
index 000000000000..1ce2086d666d
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-dont-check-iptables.patch
@@ -0,0 +1,45 @@
+--- setup.py	2011-03-22 19:00:03.000000000 +0100
++++ setup.py	2011-06-10 19:28:41.798000241 +0200
+@@ -224,41 +224,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+ 
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+-    for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
+-                '/usr/local/bin']:
+-        if e == "iptables":
+-            if os.path.exists(os.path.join(dir, e)):
+-                iptables_dir = dir
+-                iptables_exe = os.path.join(iptables_dir, "iptables")
+-                print "Found '%s'" % iptables_exe
+-            else:
+-                continue
+-
+-        if iptables_exe != "":
+-            break
+-
+-
+-if iptables_exe == '':
+-    print >> sys.stderr, "ERROR: could not find required binary 'iptables'"
+-    sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+-    if not os.path.exists(os.path.join(iptables_dir, e)):
+-        print >> sys.stderr, "ERROR: could not find required binary '%s'" % (e)
+-        sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+-    raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+-                  (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', out)[1])
+-print "Found '%s' version '%s'" % (iptables_exe, version)
+-if version < "1.4":
+-    print >> sys.stderr, "WARN: version '%s' has limited IPv6 support. See README for details." % (version)
++iptables_dir = '/sbin'
+ 
+ setup (name='ufw',
+       version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-move-path.patch b/net-firewall/ufw/files/ufw-move-path.patch
new file mode 100644
index 000000000000..ff5f2b39529d
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-move-path.patch
@@ -0,0 +1,177 @@
+diff -Naur ufw-0.30.1.orig/doc/ufw-framework.8 ufw-0.30.1/doc/ufw-framework.8
+--- ufw-0.30.1.orig/doc/ufw-framework.8	2011-06-10 19:30:18.499000275 +0200
++++ ufw-0.30.1/doc/ufw-framework.8	2011-06-10 21:44:32.990000351 +0200
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before[6].rules
+@@ -41,7 +41,7 @@
+ 
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. It supports the following arguments:
+ .TP
+diff -Naur ufw-0.30.1.orig/README ufw-0.30.1/README
+--- ufw-0.30.1.orig/README	2011-06-10 19:30:18.487000275 +0200
++++ ufw-0.30.1/README	2011-06-10 21:44:32.844000351 +0200
+@@ -58,7 +58,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+ 
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+ 
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example. Consult
+@@ -72,9 +72,9 @@
+ /etc/defaults/ufw 		high level configuration
+ /etc/ufw/before[6].rules 	rules evaluated before UI added rules
+ /etc/ufw/after[6].rules 	rules evaluated after UI added rules
+-/lib/ufw/user[6].rules		UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules		UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf 		kernel network tunables
+-/lib/ufw/ufw-init		start script
++/usr/share/ufw/ufw-init		start script
+ 
+ 
+ Usage
+@@ -149,7 +149,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+ 
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+ 
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -245,7 +245,7 @@
+ 
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -288,7 +288,7 @@
+ 
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+diff -Naur ufw-0.30.1.orig/setup.py ufw-0.30.1/setup.py
+--- ufw-0.30.1.orig/setup.py	2011-06-10 19:30:18.488000275 +0200
++++ ufw-0.30.1/setup.py	2011-06-10 21:44:32.846000351 +0200
+@@ -54,7 +54,8 @@
+             return
+ 
+         real_confdir = os.path.join('/etc')
+-        real_statedir = os.path.join('/lib', 'ufw')
++        # real_statedir = os.path.join('/lib', 'ufw')
++        real_statedir = os.path.join('/etc', 'ufw', 'user')
+         real_prefix = self.prefix
+         if self.home != None:
+             real_confdir = self.home + real_confdir
+@@ -116,7 +117,7 @@
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
+ 
+-        # Install state files and helper scripts
++        # Install state files
+         statedir = real_statedir
+         if self.root != None:
+             statedir = self.root + real_statedir
+@@ -127,8 +128,14 @@
+         self.copy_file('conf/user.rules', user_rules)
+         self.copy_file('conf/user6.rules', user6_rules)
+ 
+-        init_helper = os.path.join(statedir, 'ufw-init')
+-        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++        # Install helper scripts
++        sharedir = real_sharedir
++        if self.root != None:
++            sharedir = self.root + real_sharedir
++        self.mkpath(sharedir)
++
++        init_helper = os.path.join(sharedir, 'ufw-init')
++        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+         self.copy_file('src/ufw-init', init_helper)
+         self.copy_file('src/ufw-init-functions', init_helper_functions)
+ 
+@@ -199,13 +206,18 @@
+ 
+             subprocess.call(["sed",
+                              "-i",
++                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
++                             file])
++
++            subprocess.call(["sed",
++                             "-i",
+                              "s%#VERSION#%" + ufw_version + "%g",
+                              file])
+ 
+         # Install pristine copies of rules files
+-        sharedir = real_sharedir
+-        if self.root != None:
+-            sharedir = self.root + real_sharedir
++        #sharedir = real_sharedir
++        #if self.root != None:
++        #    sharedir = self.root + real_sharedir
+         rulesdir = os.path.join(sharedir, 'iptables')
+         self.mkpath(rulesdir)
+         for file in [ before_rules, after_rules, \
+diff -Naur ufw-0.30.1.orig/src/backend_iptables.py ufw-0.30.1/src/backend_iptables.py
+--- ufw-0.30.1.orig/src/backend_iptables.py	2011-06-10 19:30:18.502000275 +0200
++++ ufw-0.30.1/src/backend_iptables.py	2011-06-10 21:44:33.044000351 +0200
+@@ -24,7 +24,7 @@
+ import tempfile
+ import time
+ 
+-from ufw.common import UFWError, UFWRule, config_dir, state_dir, prefix_dir
++from ufw.common import UFWError, UFWRule, config_dir, share_dir, state_dir, prefix_dir
+ from ufw.util import warn, debug, msg, cmd, cmd_pipe
+ import ufw.backend
+ 
+@@ -40,7 +40,7 @@
+         files['rules6'] = os.path.join(state_dir, 'user6.rules')
+         files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+         files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+-        files['init'] = os.path.join(state_dir, 'ufw-init')
++        files['init'] = os.path.join(share_dir, 'ufw-init')
+ 
+         ufw.backend.UFWBackend.__init__(self, "iptables", d, files)
+ 
+diff -Naur ufw-0.30.1.orig/src/ufw-init ufw-0.30.1/src/ufw-init
+--- ufw-0.30.1.orig/src/ufw-init	2011-06-10 19:30:18.502000275 +0200
++++ ufw-0.30.1/src/ufw-init	2011-06-10 21:44:33.054000351 +0200
+@@ -18,8 +18,8 @@
+ #
+ set -e
+ 
+-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then
+-    . "#STATE_PREFIX#/ufw-init-functions"
++if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then
++    . "#SHARE_DIR#/ufw-init-functions"
+ else
+     echo "Could not find $s (aborting)"
+     exit 1
+@@ -56,7 +56,7 @@
+     flush_builtins || exit "$?"
+     ;;
+ *)
+-    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+     exit 1
+     ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw.confd b/net-firewall/ufw/files/ufw.confd
new file mode 100644
index 000000000000..900d3bf67bd4
--- /dev/null
+++ b/net-firewall/ufw/files/ufw.confd
@@ -0,0 +1,5 @@
+# If equals to "yes", warnings that firewall is disabled
+# (using `ufw disable') will be suppressed and the service
+# will be considered started.
+# Default if unset or another value is "no".
+ufw_nonfatal_if_disabled=no
diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
new file mode 100644
index 000000000000..97a6c66a3ba2
--- /dev/null
+++ b/net-firewall/ufw/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<maintainer>
+<email>slawomir.nizio@sabayon.org</email>
+<name>Sławomir Nizio</name>
+</maintainer>
+<maintainer>
+	<email>pva@gentoo.org</email>
+	<name>Peter Volkov</name>
+</maintainer>
+</pkgmetadata>
+
diff --git a/net-firewall/ufw/ufw-0.30.1-r2.ebuild b/net-firewall/ufw/ufw-0.30.1-r2.ebuild
new file mode 100644
index 000000000000..b94775092332
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.30.1-r2.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.30.1-r2.ebuild,v 1.1 2011/07/24 11:18:22 pva Exp $
+
+EAPI=3
+PYTHON_DEPEND="2:2.5"
+
+inherit versionator bash-completion eutils linux-info distutils
+
+MY_PV_12=$(get_version_component_range 1-2)
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="http://launchpad.net/ufw"
+SRC_URI="http://launchpad.net/ufw/${MY_PV_12}/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="examples"
+
+DEPEND=""
+RDEPEND=">=net-firewall/iptables-1.4"
+
+RESTRICT="test"
+
+pkg_setup() {
+	local CONFIG_CHECK="~PROC_FS ~NETFILTER_XT_MATCH_COMMENT ~IP6_NF_MATCH_HL \
+		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT \
+		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+	if kernel_is -ge 2 6 39; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+	else
+		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+	fi
+
+	check_extra_config
+}
+
+src_prepare() {
+	# Allow to remove unnecessary build time dependency
+	# on net-firewall/iptables.
+	epatch "${FILESDIR}"/${PN}-dont-check-iptables.patch
+	# Move files away from /lib/ufw.
+	epatch "${FILESDIR}"/${PN}-move-path.patch
+	# Set as enabled by default. User can enable or disable
+	# the service by adding or removing it to/from a runlevel.
+	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+		|| die "sed failed (ufw.conf)"
+}
+
+src_install() {
+	newconfd "${FILESDIR}"/ufw.confd ufw || die "inserting a file to conf.d failed"
+	newinitd "${FILESDIR}"/ufw-2.initd ufw || die "inserting a file to init.d failed"
+	if use examples; then
+		dodoc doc/rsyslog.example || die "inserting example rsyslog configuration failed"
+		insinto /usr/share/doc/${PF}/examples
+		doins examples/* || die "inserting example files failed"
+	fi
+	distutils_src_install
+	dobashcompletion shell-completion/bash
+}
+
+pkg_postinst() {
+	distutils_pkg_postinst
+	if path_exists -o "${EROOT}"lib/ufw/user{,6}.rules; then
+		ewarn "Attention!"
+		ewarn "User configuration from /lib/ufw is now placed in /etc/ufw/user."
+		ewarn "Please stop ufw, copy .rules files from \"${EROOT}\"lib/ufw" \
+			"to \"${EROOT}\"etc/ufw/user/ and start ufw again."
+	fi
+	echo
+	elog "Remember to enable ufw add it to your boot sequence:"
+	elog "-- # ufw enable"
+	elog "-- # rc-update add ufw boot"
+	echo
+	bash-completion_pkg_postinst
+}