diff options
Diffstat (limited to 'net-firewall')
-rw-r--r-- | net-firewall/nufw/Manifest | 1 | ||||
-rw-r--r-- | net-firewall/nufw/files/nuauth-conf.d | 2 | ||||
-rw-r--r-- | net-firewall/nufw/files/nuauth-init.d | 27 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch | 103 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-2.2.22-var-run.patch | 45 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-conf.d | 2 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-init.d | 17 | ||||
-rw-r--r-- | net-firewall/nufw/metadata.xml | 14 | ||||
-rw-r--r-- | net-firewall/nufw/nufw-2.2.22-r4.ebuild | 105 |
9 files changed, 0 insertions, 316 deletions
diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest deleted file mode 100644 index 3f76ce7b2ea1..000000000000 --- a/net-firewall/nufw/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST nufw-2.2.22.tar.bz2 597491 BLAKE2B 4c3092aeaced237ceb9faa16cff275938de23cdca31d2d6f6406238a0fe75ad15468f91a80b1d6e0bfc6dac520b6331ee19a1d95a006d591b891b91aad6caa8b SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee diff --git a/net-firewall/nufw/files/nuauth-conf.d b/net-firewall/nufw/files/nuauth-conf.d deleted file mode 100644 index 1ac750cf49fd..000000000000 --- a/net-firewall/nufw/files/nuauth-conf.d +++ /dev/null @@ -1,2 +0,0 @@ -# configuration file for /etc/init.d/nuauth -NUAUTH_OPTIONS="" diff --git a/net-firewall/nufw/files/nuauth-init.d b/net-firewall/nufw/files/nuauth-init.d deleted file mode 100644 index db9c10b8a0d5..000000000000 --- a/net-firewall/nufw/files/nuauth-init.d +++ /dev/null @@ -1,27 +0,0 @@ -#!/sbin/openrc-run - -depend() { - before net -} - -checkconfig() { - if [ ! -e /etc/nufw/nuauth.conf ]; then - eerror "You need a /etc/nufw/nuauth.conf file to run nuauth" - eerror "There is sample file in /usr/share/doc/nufw-version/" - return 1 - fi -} - -start() { - checkpath -d /run/nuauth - checkconfig || return 1 - ebegin "Starting nuauth" - start-stop-daemon --start --quiet --exec /usr/sbin/nuauth -- -D ${NUAUTH_OPTIONS} - eend $? -} - -stop() { - ebegin "Stopping nuauth" - start-stop-daemon --stop --quiet --pidfile /run/nuauth/nuauth.pid - eend $? -} diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch deleted file mode 100644 index e75d2b3fd61d..000000000000 --- a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch +++ /dev/null @@ -1,103 +0,0 @@ -From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001 -From: Alon Bar-Lev <alon.barlev@gmail.com> -Date: Sat, 4 Mar 2017 01:00:40 +0200 -Subject: [PATCH] ssl: drop call of deprecated - gnutls_certificate_type_set_priority() - -CTYPE-X.509 is the default value. Closes: #624077 - -Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> ---- - src/clients/lib/libnuclient.c | 15 ++------------- - src/nufw/tls.c | 14 -------------- - 2 files changed, 2 insertions(+), 27 deletions(-) - -diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c -index 917e75a..6e78c96 100644 ---- a/src/clients/lib/libnuclient.c -+++ b/src/clients/lib/libnuclient.c -@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; - # define DH_BITS 1024 - #endif - --static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; -- -- - void nu_exit_clean(nuauth_session_t * session) - { - if (session->ct) { -@@ -270,7 +267,7 @@ int check_key_perms(const char* filename) - return 1; - } - --static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st) -+static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st) - { - printf("TLS error: server requests certificate, none configured\n"); - return 0; -@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session, - SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR); - return 0; - } -- gnutls_certificate_client_set_retrieve_function(session->cred, -+ gnutls_certificate_set_retrieve_function(session->cred, - &_cb_request_cert); - } - -@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session) - return 0; - } - -- ret = -- gnutls_certificate_type_set_priority(session->tls, -- cert_type_priority); -- if (ret < 0) { -- return 0; -- } - return 1; - } - -@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session) - gnutls_deinit(session->tls); - gnutls_init(&session->tls, GNUTLS_CLIENT); - gnutls_set_default_priority(session->tls); -- gnutls_certificate_type_set_priority(session->tls, -- cert_type_priority); - session->need_set_cred = 1; - - /* close socket */ -diff --git a/src/nufw/tls.c b/src/nufw/tls.c -index e7223eb..2d46820 100644 ---- a/src/nufw/tls.c -+++ b/src/nufw/tls.c -@@ -506,8 +506,6 @@ void tls_connect() - gnutls_session *tls_session; - int tls_socket, ret; - #if USE_X509 -- const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; -- - tls.session = NULL; - - /* compute patch key_file */ -@@ -655,18 +653,6 @@ void tls_connect() - return; - } - #if USE_X509 -- ret = gnutls_certificate_type_set_priority(*(tls_session), -- cert_type_priority); -- if (ret < 0) { -- log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, -- "TLS: gnutls_certificate_type_set_priority() failed: %s", -- gnutls_strerror(ret)); -- gnutls_certificate_free_credentials(tls.xcred); -- gnutls_deinit(*tls_session); -- free(tls_session); -- return; -- } -- - /* put the x509 credentials to the current session */ - ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE, - tls.xcred); --- -2.10.2 - diff --git a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch deleted file mode 100644 index f6bcc95e0006..000000000000 --- a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- a/src/nuauth/auth_srv.h -+++ b/src/nuauth/auth_srv.h -@@ -162,7 +162,7 @@ - #ifdef S_SPLINT_S - # define NUAUTH_PID_FILE "/usr/local/var/run/nuauth/nuauth.pid" - #else --# define NUAUTH_PID_FILE LOCAL_STATE_DIR "/run/nuauth/nuauth.pid" -+# define NUAUTH_PID_FILE "/run/nuauth/nuauth.pid" - #endif - - /* define the number of threads that will do user check */ ---- a/src/nuauth/command.c -+++ b/src/nuauth/command.c -@@ -26,7 +26,7 @@ - #include <sys/un.h> /* unix socket */ - #include <sys/stat.h> /* fchmod() */ - --#define SOCKET_FILENAME LOCAL_STATE_DIR "/run/nuauth/nuauth-command.socket" -+#define SOCKET_FILENAME "/run/nuauth/nuauth-command.socket" - - const char* COMMAND_HELP = - "version: display nuauth version\n" ---- a/src/nufw/main.c -+++ b/src/nufw/main.c -@@ -54,7 +54,7 @@ - - /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined - * during compilation/installation) */ --#define NUFW_PID_FILE LOCAL_STATE_DIR "/run/nufw.pid" -+#define NUFW_PID_FILE "/run/nufw.pid" - - /** - * Stop threads and then wait until threads exit. ---- a/src/nuauth/Makefile.am -+++ b/src/nuauth/Makefile.am -@@ -26,9 +26,6 @@ - - nuauth_LDADD = $(GLIB_LIBS) -lm -lgnutls -lsasl2 -lnufw -L$(top_builddir)/src/include/ - --install-exec-local: -- install -d "$(DESTDIR)$(localstatedir)/run/nuauth/" -- - nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES) - @rm -f nuauth$(EXEEXT) - $(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD) diff --git a/net-firewall/nufw/files/nufw-conf.d b/net-firewall/nufw/files/nufw-conf.d deleted file mode 100644 index b2ea527744ec..000000000000 --- a/net-firewall/nufw/files/nufw-conf.d +++ /dev/null @@ -1,2 +0,0 @@ -# configuration file for /etc/init.d/nufw -NUFW_OPTIONS="-k /etc/nufw/nufw.key -c /etc/nufw/nufw.pem -d 127.0.0.1 -p 4129" diff --git a/net-firewall/nufw/files/nufw-init.d b/net-firewall/nufw/files/nufw-init.d deleted file mode 100644 index fd97dd408c7b..000000000000 --- a/net-firewall/nufw/files/nufw-init.d +++ /dev/null @@ -1,17 +0,0 @@ -#!/sbin/openrc-run - -depend() { - before net -} - -start() { - ebegin "Starting nufw" - start-stop-daemon --start --quiet --exec /usr/sbin/nufw -- -D ${NUFW_OPTIONS} - eend $? -} - -stop() { - ebegin "Stopping nufw" - start-stop-daemon --stop --quiet --pidfile /run/nufw.pid - eend $? -} diff --git a/net-firewall/nufw/metadata.xml b/net-firewall/nufw/metadata.xml deleted file mode 100644 index 2187d537f3cb..000000000000 --- a/net-firewall/nufw/metadata.xml +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> -<maintainer type="project"> -<email>netmon@gentoo.org</email> -<name>Gentoo network monitoring and analysis project</name> -</maintainer> -<use> -<flag name="nfconntrack">Use netfilter_conntrack</flag> -<flag name="nfqueue">Use NFQUEUE instead of QUEUE</flag> -<flag name="pam_nuauth">Add support for pam nufw from PAM</flag> -<flag name="plaintext">Add support for authentication with plaintext files</flag> -</use> -</pkgmetadata> diff --git a/net-firewall/nufw/nufw-2.2.22-r4.ebuild b/net-firewall/nufw/nufw-2.2.22-r4.ebuild deleted file mode 100644 index d5607a7b2b80..000000000000 --- a/net-firewall/nufw/nufw-2.2.22-r4.ebuild +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -SSL_CERT_MANDATORY=1 -inherit autotools flag-o-matic pam ssl-cert - -DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" -HOMEPAGE="http://www.nufw.org/" -SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 x86" -IUSE="debug ldap mysql pam pam_nuauth plaintext postgres unicode nfqueue nfconntrack static syslog test" - -REQUIRED_USE="pam_nuauth? ( plaintext )" -DEPEND=" - dev-libs/cyrus-sasl - dev-libs/glib:2 - dev-libs/libgcrypt:= - dev-python/IPy - net-firewall/iptables - net-libs/gnutls:= - ldap? ( >=net-nds/openldap-2:= ) - mysql? ( dev-db/mysql-connector-c:= ) - nfconntrack? ( net-libs/libnetfilter_conntrack ) - nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) - pam? ( sys-libs/pam ) - pam_nuauth? ( sys-libs/pam ) - postgres? ( dev-db/postgresql:*[server] ) -" -RDEPEND=${DEPEND} - -PATCHES=( - "${FILESDIR}/${P}-var-run.patch" - "${FILESDIR}/${P}-gnutls-3.4.patch" -) - -RESTRICT="test" - -src_prepare() { - default - sed -i \ - -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ - -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ - conf/nuauth.conf || die - sed -i \ - -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ - src/clients/pam_nufw/Makefile.am || die - eautoreconf -} - -src_configure() { - append-cflags -fcommon - econf \ - $(use_enable debug) \ - $(use_enable pam_nuauth pam-nufw) \ - $(use_enable static) \ - $(use_with ldap) \ - $(use_with mysql mysql-auth) \ - $(use_with mysql mysql-log) \ - $(use_with nfconntrack) \ - $(use_with nfqueue) \ - $(use_with pam system-auth) \ - $(use_with plaintext plaintext-auth) \ - $(use_with postgres pgsql-log) \ - $(use_with syslog syslog-log) \ - $(use_with unicode utf8) \ - --without-prelude-log \ - --enable-shared \ - --includedir="/usr/include/nufw" \ - --localstatedir="/var" \ - --sysconfdir="/etc/nufw" \ - --with-mark-group \ - --with-user-mark -} - -src_install() { - default - find "${ED}" -name '*.la' -delete || die - - newinitd "${FILESDIR}"/nufw-init.d nufw - newconfd "${FILESDIR}"/nufw-conf.d nufw - - newinitd "${FILESDIR}"/nuauth-init.d nuauth - newconfd "${FILESDIR}"/nuauth-conf.d nuauth - - insinto /etc/nufw - doins conf/nuauth.conf - - docinto scripts - dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} - docinto conf - dodoc conf/*.{nufw,schema,conf,dump,xml} - - if use pam; then - pamd_mimic system-auth nufw auth account password session - fi -} - -pkg_postinst() { - install_cert /etc/nufw/{nufw,nuauth} -} |