summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2020-07-08 13:53:41 +0200
committerThomas Deutschmann <whissi@gentoo.org>2020-07-08 14:49:47 +0200
commit8846560953a10ad489b8edd804dbeafe33c5b64b (patch)
tree8c160eb65425ee2857c3e41d20b51e0c9072e5cb /net-firewall/shorewall
parentdev-python/smmap: Stabilize 3.0.4 ALLARCHES, #731580 (diff)
downloadgentoo-8846560953a10ad489b8edd804dbeafe33c5b64b.tar.gz
gentoo-8846560953a10ad489b8edd804dbeafe33c5b64b.tar.bz2
gentoo-8846560953a10ad489b8edd804dbeafe33c5b64b.zip
net-firewall/shorewall: bump to v5.2.6
Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'net-firewall/shorewall')
-rw-r--r--net-firewall/shorewall/Manifest7
-rw-r--r--net-firewall/shorewall/shorewall-5.2.6.ebuild482
2 files changed, 489 insertions, 0 deletions
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest
index 3e08e20ae797..899f62859e49 100644
--- a/net-firewall/shorewall/Manifest
+++ b/net-firewall/shorewall/Manifest
@@ -1,7 +1,14 @@
DIST shorewall-5.2.5.2.tar.bz2 582902 BLAKE2B 7065133a2995de061912974270a0eabce904dd6950db3086a6381eea4ee86c8da54e948e50e50ff3f26d99403c6626b826bf09d7866c5cd832b3949b3445c304 SHA512 81e2ca66a86a857919e4b9502fde95630ca4109f8c67bbeb97b3a9a66cef734250f472a7b6503c25408ae7e71e96479af6911a75038135a9d5099db1b782ffa4
+DIST shorewall-5.2.6.tar.bz2 584293 BLAKE2B 2efd724fe06da93e31e9c7f146f4cb860118765a9decbbde8ca4b54832fa97f0152eeee3e4d82c171ae6bf11c4541404935bba5597b293b454bb8dceb976b977 SHA512 fe769c3ee8b3800bd7a55e2296e7ddeef2682653352e7b06bf3fe26238a8791eb1bdb93c96dde8a06fa4485149679429135d9bc838e7a94c3cf4b07530590a36
DIST shorewall-core-5.2.5.2.tar.bz2 74903 BLAKE2B 12fb7f3912a315eb18c17d74d60edaf764c62a80e568bc4ddd25f6dbb3cb7b7dae1694897d11bce6d2c848c4aa71843003d0880998a7686944752748b9b59707 SHA512 78941ddbf73dd26be12383bf95c43a520bfcbfbeb88bb5fce04eacf223038edb39405c7a0d37a2cfc4eeb60bb9516903220c82a0fdf4ba4501ffd5c8a6201a06
+DIST shorewall-core-5.2.6.tar.bz2 75731 BLAKE2B aef68badb12dcb3c7e7a30b2aae7b0e2dda02c1449fbe71eec7cf513889653d8f026f29f62be39d45c6db61abbadc97c3e24fd8d211cc2773d915c4740e6fa27 SHA512 63448cbd6e7b6444ab11d0dc412469237818717f3e6847c8857c1bf4bc9079b1abfd5cf33d30826252bb990abf611d3a14427dd3e228ea1f97919de6ee10a36e
DIST shorewall-docs-html-5.2.5.2.tar.bz2 4310164 BLAKE2B e02def5b187e66aa55125123d6e532e9f4c8bd442b590b5cf6aba41bb6da96146dbda41743341682a07d425ca46fe2ee4b6f6334b47c4ee5a75781ffb8788478 SHA512 78b35e58ad1517477c5210d2df230279f9bf6b3f6a904ee2fd3f7b354dcdb0d0f685d28868a0a9f7b0b78b8f8f4e00aa171e1f181b45836f7c45876270d0c09c
+DIST shorewall-docs-html-5.2.6.tar.bz2 4310351 BLAKE2B 6ad3e461657d78c937c80968a5a3404359c6a86b16b2965997f2a37a8d0883b83b285cbb9bb824993d174203e31ccbd0aca811c9948649a438aedbc192bbf038 SHA512 123c84033fc0f470250be7f3cba19d371b658c8e9ec39f382827e5cb6218b3b5c0a730cddec13a3fd41dd3bb0ff94da24543452f59ce3119b2e161c1d9ed4151
DIST shorewall-init-5.2.5.2.tar.bz2 39779 BLAKE2B b8857e93120bf435419744a277bafdec5b4652ed8009aa915c170b5a1bf385b9b1d8fbc2a884791940304b76316c0e43ee38c2cf4fb2c2c80feca11ecf55426a SHA512 7363752b363d3fc94f51524a730c94dffadad65be39bb258e0b50ff11a880cae25e99975e8abc85394616afa09c29213578861d6723d70f7c87a80b57cabe14b
+DIST shorewall-init-5.2.6.tar.bz2 40640 BLAKE2B 746d72ba6c4d8fae116cef5180286f19f2ace7baa84a027a5f29305cd5a18323dcae316651fd066b71fe6bc9636c016856820215f306e0db1388394bfd15812c SHA512 e5e4e3f2ed24789c0483c93437b6cd41cabd8d3a7940f0c3f7d0b57c52b8a1fac43e073b09d18f5263f00dcd72912778c3230db93136c5cffd67cdbf63e57647
DIST shorewall-lite-5.2.5.2.tar.bz2 44483 BLAKE2B 7c6c8a96efa1591738f5eea027ddc2614a03c77cd0f7500e9ba3e40402afabc77a0814834c05e2a9943bc8f72a9b6115cf20fd02b04376d52e6ef644d90fbef8 SHA512 6a9a78085665911e1a88f7befcc1b667e4c60c5f0139b6d489fa78612cb17637806dcbfd141b15a83e7ea87ff69eb0af0a833cba8c7934993e101061b6cb8ca9
+DIST shorewall-lite-5.2.6.tar.bz2 45245 BLAKE2B 6b5b16b41ed8eaf3cfe4eeaa831e5a320b57579c072d5d64c051bf099c7e519bd7e8f659b483843e866ae39301284a13a45a257d284aac46bc921dea0bd043d5 SHA512 9c1f3c5729afa5bef6329b797530e2f428992eb235aec7213685b6568af81c5ff93e53182b5d5ef90ec3ba2c8ff8470c9a47b3f1988c90ef1ba125594a6d04c4
DIST shorewall6-5.2.5.2.tar.bz2 202054 BLAKE2B ef7c5f7230ecb3f1961285a15c73ee08fcb4a79e1f55c62862e84fad1be711146b0ee9be1f7a41e5646817a080f654d3f1c2ee55ffa4a055c22ba14ad8f42211 SHA512 f54410bc2f299327a16f66039575c6c3a42fdbc0f2c51b881012f07a122228ee13029380c2f401d0873fae3dc51173cc759e6680353356e60c95c18cf87490fc
+DIST shorewall6-5.2.6.tar.bz2 202933 BLAKE2B 66cd897e6ae12a5efa5f857020a00f9455123bc767551072b9d6a7f48442c72bdb0bc7c323a9238a8adbf67f9360d14cf777036ba634e809c6103b3a0f1e7ced SHA512 0b64a0d709c8a621b9983b50dfb64d0374c545e59a08b46997be3249826c802b38e06be0248ee7d4ca1c2c207c21640a7152bec2df46f97ab301676237c48063
DIST shorewall6-lite-5.2.5.2.tar.bz2 44447 BLAKE2B f216cbad432e589c7bfb0b68396c7a0ff8a711dc273910c0657b343202be08910b5d176c769f7fd0da22c4bcaabdb008f73ef9baa4681247fb8c9e0d0932bfe4 SHA512 ab00c53086cca681112603ad73fd8393e4b0b29e6997d6c85fe736481b05305f94af58a6dca31c715d064fc6daf6743b2a13abd7f78ea629158ec142062fb7e5
+DIST shorewall6-lite-5.2.6.tar.bz2 45249 BLAKE2B 0498ae556d2b7f475f40fa0013df3ecea5ca5928b4df582419d2252f6f3e6500657731c687fced47584b3857c138a66eb0d8d90e552a3baf71411bc58510ad70 SHA512 7590765ae943567bc7b18dc18aedcc81ea5737f4a7992f33abdd6cf95dd893c6e2666a2d24e6692b6f531b0e62e5dadd98969b2344dcbf75ba26c650f345b823
diff --git a/net-firewall/shorewall/shorewall-5.2.6.ebuild b/net-firewall/shorewall/shorewall-5.2.6.ebuild
new file mode 100644
index 000000000000..95a3c0906eab
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.2.6.ebuild
@@ -0,0 +1,482 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info prefix systemd
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="https://shorewall.org/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(ver_cut 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(ver_cut 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+ MY_URL_PREFIX='development/'
+
+ if [[ ${MY_PV} = *-Beta* ]] ; then
+ MY_URL_SUFFIX="-Beta${MY_PV##*-Beta}"
+ elif [[ ${MY_PV} = *-RC* ]] ; then
+ MY_URL_SUFFIX="-RC${MY_PV##*-RC}"
+ fi
+
+ # Cleaning up temporary variables
+ unset _tmp_last_index
+ unset _tmp_suffix
+else
+ KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+SRC_URI="
+ https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+ ipv4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+ ipv6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+ lite4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+ lite6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+ init? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+ doc? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+# that's why we force the user to select at least one "real" Shorewall product
+#
+# See https://shorewall.org/download.htm#Which
+REQUIRED_USE="
+ ipv6? ( ipv4 )
+ || ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.20
+ >=sys-apps/iproute2-3.8.0[-minimal]
+ >=sys-devel/bc-1.06.95
+ ipv4? (
+ >=dev-lang/perl-5.16
+ virtual/perl-Digest-SHA
+ )
+ ipv6? (
+ >=dev-perl/Socket6-0.230.0
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ lite6? (
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ init? ( >=sys-apps/coreutils-8.20 )
+ selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+ !net-firewall/shorewall-core
+ !net-firewall/shorewall6
+ !net-firewall/shorewall-lite
+ !net-firewall/shorewall6-lite
+ !net-firewall/shorewall-init
+ !<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+ local CONFIG_CHECK="~NF_CONNTRACK"
+
+ local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+ local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+ # kernel >=4.19 has unified NF_CONNTRACK module, bug 671176
+ if kernel_is -lt 4 19; then
+ if use ipv4 || use lite4; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+ local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+ local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+ fi
+
+ if use ipv6 || use lite6; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+ local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+ local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+ fi
+ fi
+
+ check_extra_config
+}
+
+pkg_setup() {
+ if [[ -n "${DIGEST}" ]]; then
+ einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+ unset DIGEST
+ fi
+}
+
+src_prepare() {
+ # We are moving each unpacked source from MY_P_* to MY_PN_*.
+ # This allows us to use patches from upstream and keeps epatch_user working
+
+ einfo "Preparing shorewallrc ..."
+ cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+ eprefixify "${S}"/shorewallrc.gentoo
+ sed -i \
+ -e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \
+ "${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc"
+
+ # shorewall-core
+ mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+ ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ eend 0
+
+ pushd "${S}"/${MY_PN_CORE} &>/dev/null || die
+ eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch
+ popd &>/dev/null || die
+
+ # shorewall
+ if use ipv4; then
+ mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+ eend 0
+
+ pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die
+ eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+ popd &>/dev/null || die
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+ eend 0
+
+ pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die
+ eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+ popd &>/dev/null || die
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+ eend 0
+
+ pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die
+ eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+ popd &>/dev/null || die
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+ eend 0
+
+ pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die
+ eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+ popd &>/dev/null || die
+ fi
+
+ # shorewall-init
+ if use init; then
+ mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+ cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+ cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+ cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+ eend 0
+
+ eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+ pushd "${S}"/${MY_PN_INIT} &>/dev/null || die
+ eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r2.patch
+ popd &>/dev/null || die
+ fi
+
+ # shorewall-docs-html
+ if use doc; then
+ mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+ fi
+
+ eapply_user
+}
+
+src_configure() {
+ :;
+}
+
+src_compile() {
+ :;
+}
+
+src_install() {
+ # shorewall-core
+ einfo "Installing ${MY_P_CORE} ..."
+ DESTDIR="${ED}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+ dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+ # shorewall
+ if use ipv4; then
+ einfo "Installing ${MY_P_IPV4} ..."
+ DESTDIR="${ED}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+ keepdir /var/lib/shorewall
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+ fi
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ einfo "Installing ${MY_P_IPV6} ..."
+ DESTDIR="${ED}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+ keepdir /var/lib/shorewall6
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+ fi
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ einfo "Installing ${MY_P_LITE4} ..."
+ DESTDIR="${ED}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+ keepdir /var/lib/shorewall-lite
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ einfo "Installing ${MY_P_LITE6} ..."
+ DESTDIR="${ED}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+ keepdir /var/lib/shorewall6-lite
+ fi
+
+ # shorewall-init
+ if use init; then
+ einfo "Installing ${MY_P_INIT} ..."
+ DESTDIR="${ED}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+ dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+ if [[ -f "${ED}/etc/logrotate.d/shorewall-init" ]]; then
+ # On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+ # so we don't need a logrotate configuration file for shorewall-init
+ einfo "Removing unused \"${ED}/etc/logrotate.d/shorewall-init\" ..."
+ rm -rf "${ED}"/etc/logrotate.d/shorewall-init || die "Removing \"${ED}/etc/logrotate.d/shorewall-init\" failed"
+ fi
+
+ if [[ -d "${ED}/etc/NetworkManager" ]]; then
+ # On Gentoo, we don't support NetworkManager
+ # so we don't need this folder at all
+ einfo "Removing unused \"${ED}/etc/NetworkManager\" ..."
+ rm -rf "${ED}"/etc/NetworkManager || die "Removing \"${ED}/etc/NetworkManager\" failed"
+ fi
+
+ if [[ -f "${ED}/usr/share/shorewall-init/ifupdown" ]]; then
+ # This script isn't supported on Gentoo
+ rm -rf "${ED}"/usr/share/shorewall-init/ifupdown || die "Removing \"${ED}/usr/share/shorewall-init/ifupdown\" failed"
+ fi
+ fi
+
+ if use doc; then
+ einfo "Installing ${MY_P_DOCS} ..."
+ docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+ fi
+}
+
+pkg_postinst() {
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+
+ # Show first steps for shorewall/shorewall6
+ local _PRODUCTS=""
+ if use ipv4; then
+ _PRODUCTS="shorewall"
+
+ if use ipv6; then
+ _PRODUCTS="${_PRODUCTS}/shorewall6"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+ elog ""
+ elog " /etc/shorewall/shorewall.conf"
+
+ if use ipv6; then
+ elog " /etc/shorewall6/shorewall6.conf"
+ fi
+
+ elog ""
+ elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+ elog ""
+ elog " # rc-update add shorewall default"
+
+ if use ipv6; then
+ elog " # rc-update add shorewall6 default"
+ fi
+ fi
+
+ # Show first steps for shorewall-lite/shorewall6-lite
+ _PRODUCTS=""
+ if use lite4; then
+ _PRODUCTS="shorewall-lite"
+ fi
+
+ if use lite6; then
+ if [[ -z "${_PRODUCTS}" ]]; then
+ _PRODUCTS="shorewall6-lite"
+ else
+ _PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ if use ipv4; then
+ elog ""
+ fi
+
+ elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+ elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+ elog ""
+ elog "To read more about ${_PRODUCTS}, please visit"
+ elog " https://shorewall.org/CompiledPrograms.html"
+ elog ""
+ elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+ elog ""
+
+ if use lite4; then
+ elog " # rc-update add shorewall-lite default"
+ fi
+
+ if use lite6; then
+ elog " # rc-update add shorewall6-lite default"
+ fi
+ fi
+
+ if use init; then
+ elog ""
+ elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+ elog ""
+ elog " # rc-update add shorewall-init boot"
+ elog ""
+ elog "and review \$PRODUCTS in"
+ elog ""
+ elog " /etc/conf.d/shorewall-init"
+ fi
+
+ fi
+
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+ # This is an upgrade
+
+ elog "You are upgrading from a previous major version. It is highly recommended that you read"
+ elog ""
+ elog " - /usr/share/doc/shorewall*/releasenotes.tx*"
+ elog " - https://shorewall.org/Shorewall-5.html#idm214"
+
+ if use ipv4; then
+ elog ""
+ elog "You can auto-migrate your configuration using"
+ elog ""
+ elog " # shorewall update -A"
+
+ if use ipv6; then
+ elog " # shorewall6 update -A"
+ fi
+
+ elog ""
+ elog "*after* you have merged the changed files using one of the configuration"
+ elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+ elog ""
+ elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+ elog "please read the shorewall[6] man page first."
+ fi
+
+ # Show this elog only once
+ break
+ fi
+ done
+
+ if ! use init; then
+ elog ""
+ elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+ elog "before your shorewall-based firewall is ready to start."
+ elog ""
+ elog "To read more about shorewall-init, please visit"
+ elog " https://shorewall.org/Shorewall-init.html"
+ fi
+
+ if ! has_version "net-firewall/conntrack-tools"; then
+ elog ""
+ elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+ elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+ fi
+
+ if ! has_version "dev-perl/Devel-NYTProf"; then
+ elog ""
+ elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+ fi
+}