diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2020-07-08 13:53:41 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2020-07-08 14:49:47 +0200 |
commit | 8846560953a10ad489b8edd804dbeafe33c5b64b (patch) | |
tree | 8c160eb65425ee2857c3e41d20b51e0c9072e5cb /net-firewall/shorewall | |
parent | dev-python/smmap: Stabilize 3.0.4 ALLARCHES, #731580 (diff) | |
download | gentoo-8846560953a10ad489b8edd804dbeafe33c5b64b.tar.gz gentoo-8846560953a10ad489b8edd804dbeafe33c5b64b.tar.bz2 gentoo-8846560953a10ad489b8edd804dbeafe33c5b64b.zip |
net-firewall/shorewall: bump to v5.2.6
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'net-firewall/shorewall')
-rw-r--r-- | net-firewall/shorewall/Manifest | 7 | ||||
-rw-r--r-- | net-firewall/shorewall/shorewall-5.2.6.ebuild | 482 |
2 files changed, 489 insertions, 0 deletions
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest index 3e08e20ae797..899f62859e49 100644 --- a/net-firewall/shorewall/Manifest +++ b/net-firewall/shorewall/Manifest @@ -1,7 +1,14 @@ DIST shorewall-5.2.5.2.tar.bz2 582902 BLAKE2B 7065133a2995de061912974270a0eabce904dd6950db3086a6381eea4ee86c8da54e948e50e50ff3f26d99403c6626b826bf09d7866c5cd832b3949b3445c304 SHA512 81e2ca66a86a857919e4b9502fde95630ca4109f8c67bbeb97b3a9a66cef734250f472a7b6503c25408ae7e71e96479af6911a75038135a9d5099db1b782ffa4 +DIST shorewall-5.2.6.tar.bz2 584293 BLAKE2B 2efd724fe06da93e31e9c7f146f4cb860118765a9decbbde8ca4b54832fa97f0152eeee3e4d82c171ae6bf11c4541404935bba5597b293b454bb8dceb976b977 SHA512 fe769c3ee8b3800bd7a55e2296e7ddeef2682653352e7b06bf3fe26238a8791eb1bdb93c96dde8a06fa4485149679429135d9bc838e7a94c3cf4b07530590a36 DIST shorewall-core-5.2.5.2.tar.bz2 74903 BLAKE2B 12fb7f3912a315eb18c17d74d60edaf764c62a80e568bc4ddd25f6dbb3cb7b7dae1694897d11bce6d2c848c4aa71843003d0880998a7686944752748b9b59707 SHA512 78941ddbf73dd26be12383bf95c43a520bfcbfbeb88bb5fce04eacf223038edb39405c7a0d37a2cfc4eeb60bb9516903220c82a0fdf4ba4501ffd5c8a6201a06 +DIST shorewall-core-5.2.6.tar.bz2 75731 BLAKE2B aef68badb12dcb3c7e7a30b2aae7b0e2dda02c1449fbe71eec7cf513889653d8f026f29f62be39d45c6db61abbadc97c3e24fd8d211cc2773d915c4740e6fa27 SHA512 63448cbd6e7b6444ab11d0dc412469237818717f3e6847c8857c1bf4bc9079b1abfd5cf33d30826252bb990abf611d3a14427dd3e228ea1f97919de6ee10a36e DIST shorewall-docs-html-5.2.5.2.tar.bz2 4310164 BLAKE2B e02def5b187e66aa55125123d6e532e9f4c8bd442b590b5cf6aba41bb6da96146dbda41743341682a07d425ca46fe2ee4b6f6334b47c4ee5a75781ffb8788478 SHA512 78b35e58ad1517477c5210d2df230279f9bf6b3f6a904ee2fd3f7b354dcdb0d0f685d28868a0a9f7b0b78b8f8f4e00aa171e1f181b45836f7c45876270d0c09c +DIST shorewall-docs-html-5.2.6.tar.bz2 4310351 BLAKE2B 6ad3e461657d78c937c80968a5a3404359c6a86b16b2965997f2a37a8d0883b83b285cbb9bb824993d174203e31ccbd0aca811c9948649a438aedbc192bbf038 SHA512 123c84033fc0f470250be7f3cba19d371b658c8e9ec39f382827e5cb6218b3b5c0a730cddec13a3fd41dd3bb0ff94da24543452f59ce3119b2e161c1d9ed4151 DIST shorewall-init-5.2.5.2.tar.bz2 39779 BLAKE2B b8857e93120bf435419744a277bafdec5b4652ed8009aa915c170b5a1bf385b9b1d8fbc2a884791940304b76316c0e43ee38c2cf4fb2c2c80feca11ecf55426a SHA512 7363752b363d3fc94f51524a730c94dffadad65be39bb258e0b50ff11a880cae25e99975e8abc85394616afa09c29213578861d6723d70f7c87a80b57cabe14b +DIST shorewall-init-5.2.6.tar.bz2 40640 BLAKE2B 746d72ba6c4d8fae116cef5180286f19f2ace7baa84a027a5f29305cd5a18323dcae316651fd066b71fe6bc9636c016856820215f306e0db1388394bfd15812c SHA512 e5e4e3f2ed24789c0483c93437b6cd41cabd8d3a7940f0c3f7d0b57c52b8a1fac43e073b09d18f5263f00dcd72912778c3230db93136c5cffd67cdbf63e57647 DIST shorewall-lite-5.2.5.2.tar.bz2 44483 BLAKE2B 7c6c8a96efa1591738f5eea027ddc2614a03c77cd0f7500e9ba3e40402afabc77a0814834c05e2a9943bc8f72a9b6115cf20fd02b04376d52e6ef644d90fbef8 SHA512 6a9a78085665911e1a88f7befcc1b667e4c60c5f0139b6d489fa78612cb17637806dcbfd141b15a83e7ea87ff69eb0af0a833cba8c7934993e101061b6cb8ca9 +DIST shorewall-lite-5.2.6.tar.bz2 45245 BLAKE2B 6b5b16b41ed8eaf3cfe4eeaa831e5a320b57579c072d5d64c051bf099c7e519bd7e8f659b483843e866ae39301284a13a45a257d284aac46bc921dea0bd043d5 SHA512 9c1f3c5729afa5bef6329b797530e2f428992eb235aec7213685b6568af81c5ff93e53182b5d5ef90ec3ba2c8ff8470c9a47b3f1988c90ef1ba125594a6d04c4 DIST shorewall6-5.2.5.2.tar.bz2 202054 BLAKE2B ef7c5f7230ecb3f1961285a15c73ee08fcb4a79e1f55c62862e84fad1be711146b0ee9be1f7a41e5646817a080f654d3f1c2ee55ffa4a055c22ba14ad8f42211 SHA512 f54410bc2f299327a16f66039575c6c3a42fdbc0f2c51b881012f07a122228ee13029380c2f401d0873fae3dc51173cc759e6680353356e60c95c18cf87490fc +DIST shorewall6-5.2.6.tar.bz2 202933 BLAKE2B 66cd897e6ae12a5efa5f857020a00f9455123bc767551072b9d6a7f48442c72bdb0bc7c323a9238a8adbf67f9360d14cf777036ba634e809c6103b3a0f1e7ced SHA512 0b64a0d709c8a621b9983b50dfb64d0374c545e59a08b46997be3249826c802b38e06be0248ee7d4ca1c2c207c21640a7152bec2df46f97ab301676237c48063 DIST shorewall6-lite-5.2.5.2.tar.bz2 44447 BLAKE2B f216cbad432e589c7bfb0b68396c7a0ff8a711dc273910c0657b343202be08910b5d176c769f7fd0da22c4bcaabdb008f73ef9baa4681247fb8c9e0d0932bfe4 SHA512 ab00c53086cca681112603ad73fd8393e4b0b29e6997d6c85fe736481b05305f94af58a6dca31c715d064fc6daf6743b2a13abd7f78ea629158ec142062fb7e5 +DIST shorewall6-lite-5.2.6.tar.bz2 45249 BLAKE2B 0498ae556d2b7f475f40fa0013df3ecea5ca5928b4df582419d2252f6f3e6500657731c687fced47584b3857c138a66eb0d8d90e552a3baf71411bc58510ad70 SHA512 7590765ae943567bc7b18dc18aedcc81ea5737f4a7992f33abdd6cf95dd893c6e2666a2d24e6692b6f531b0e62e5dadd98969b2344dcbf75ba26c650f345b823 diff --git a/net-firewall/shorewall/shorewall-5.2.6.ebuild b/net-firewall/shorewall/shorewall-5.2.6.ebuild new file mode 100644 index 000000000000..95a3c0906eab --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.2.6.ebuild @@ -0,0 +1,482 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit linux-info prefix systemd + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="https://shorewall.org/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(ver_cut 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(ver_cut 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + if [[ ${MY_PV} = *-Beta* ]] ; then + MY_URL_SUFFIX="-Beta${MY_PV##*-Beta}" + elif [[ ${MY_PV} = *-RC* ]] ; then + MY_URL_SUFFIX="-RC${MY_PV##*-RC}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See https://shorewall.org/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + # kernel >=4.19 has unified NF_CONNTRACK module, bug 671176 + if kernel_is -lt 4 19; then + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + sed -i \ + -e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \ + "${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc" + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + pushd "${S}"/${MY_PN_CORE} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + pushd "${S}"/${MY_PN_INIT} &>/dev/null || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r2.patch + popd &>/dev/null || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${ED}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + DESTDIR="${ED}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + keepdir /var/lib/shorewall + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + DESTDIR="${ED}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + keepdir /var/lib/shorewall6 + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + DESTDIR="${ED}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + keepdir /var/lib/shorewall-lite + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + DESTDIR="${ED}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + keepdir /var/lib/shorewall6-lite + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${ED}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${ED}/etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${ED}/etc/logrotate.d/shorewall-init\" ..." + rm -rf "${ED}"/etc/logrotate.d/shorewall-init || die "Removing \"${ED}/etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${ED}/etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${ED}/etc/NetworkManager\" ..." + rm -rf "${ED}"/etc/NetworkManager || die "Removing \"${ED}/etc/NetworkManager\" failed" + fi + + if [[ -f "${ED}/usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${ED}"/usr/share/shorewall-init/ifupdown || die "Removing \"${ED}/usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " https://shorewall.org/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - https://shorewall.org/Shorewall-5.html#idm214" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " https://shorewall.org/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} |