From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8B9FB1584AD for ; Mon, 21 Apr 2025 07:01:37 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 7559D343144 for ; Mon, 21 Apr 2025 07:01:37 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 67D1E1104B1; Mon, 21 Apr 2025 07:01:33 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 5E9C81104B1 for ; Mon, 21 Apr 2025 07:01:33 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0D31D343136 for ; Mon, 21 Apr 2025 07:01:32 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 98C7619B9 for ; Mon, 21 Apr 2025 07:01:30 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1745218839.20e9a962aeda2405fc08ef907fa28737561bb4cc.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/ufw/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-firewall/ufw/Manifest net-firewall/ufw/ufw-0.36.2.ebuild X-VCS-Directories: net-firewall/ufw/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 20e9a962aeda2405fc08ef907fa28737561bb4cc X-VCS-Branch: master Date: Mon, 21 Apr 2025 07:01:30 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 00dfd064-f8c5-45d6-a884-2302db8cf4c0 X-Archives-Hash: 2b80db258437c7391896bf1af0ac8b42 commit: 20e9a962aeda2405fc08ef907fa28737561bb4cc Author: Dennis Eisele dennis-eisele de> AuthorDate: Sun Apr 20 22:54:12 2025 +0000 Commit: Sam James gentoo org> CommitDate: Mon Apr 21 07:00:39 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20e9a962 net-firewall/ufw: add 0.36.2 Closes: https://bugs.gentoo.org/924310 Signed-off-by: Dennis Eisele dennis-eisele.de> Closes: https://github.com/gentoo/gentoo/pull/41678 Signed-off-by: Sam James gentoo.org> net-firewall/ufw/Manifest | 1 + net-firewall/ufw/ufw-0.36.2.ebuild | 218 +++++++++++++++++++++++++++++++++++++ 2 files changed, 219 insertions(+) diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest index 2bec9e6be29e..1e6ccc0f60e8 100644 --- a/net-firewall/ufw/Manifest +++ b/net-firewall/ufw/Manifest @@ -1 +1,2 @@ DIST ufw-0.36.1.tar.gz 583123 BLAKE2B 16e1ee67493d5db10a04667b646a019aa3aeb06345d0facc334fb07eeff4d4f6674a4699b2bd7bd6ed29de1c05c4e14812e9e8ec55c4bfb8579b8e3e2e577f6a SHA512 77d01fef661083eac041be6d6eabffb1d8aedb215f73e44e18a9a63a48da96414b3c0166e3ffd9402c22c72a6de5d774ba14b15368b02997aae8e08d1c5dd4c0 +DIST ufw-0.36.2.tar.gz 592562 BLAKE2B 630f80a18fdc462fbd91e61f4af496ad613b52ae6eef3e16558db9affcbcaedb5077e5d84fc6580175ec7358563cbb98612176fe570e0d03fdc1683766729e90 SHA512 43c5f31c98681e006b821f30e3d729eec0bbe21eeea833916b6ab18899201e5e243e5077ace32480b2a222b69b2c383ff95b7a50241053d025d68f34c25cd60b diff --git a/net-firewall/ufw/ufw-0.36.2.ebuild b/net-firewall/ufw/ufw-0.36.2.ebuild new file mode 100644 index 000000000000..75709e29ad4f --- /dev/null +++ b/net-firewall/ufw/ufw-0.36.2.ebuild @@ -0,0 +1,218 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit bash-completion-r1 eapi9-ver edo linux-info python-single-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="https://launchpad.net/ufw" +SRC_URI="https://launchpad.net/ufw/${PV%.*}/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="examples ipv6" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND=" + ${PYTHON_DEPS} + net-firewall/iptables[ipv6(+)?] +" +BDEPEND=" + $(python_gen_cond_dep ' + dev-python/setuptools[${PYTHON_USEDEP}] + ') + sys-devel/gettext +" + +PATCHES=( + # Move files away from /lib/ufw. + "${FILESDIR}/${PN}-0.36.1-move-path.patch" + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}/${PN}-0.36.1-dont-check-iptables.patch" + # Remove shebang modification. + "${FILESDIR}/${PN}-0.36.1-shebang.patch" + # Fix bash completions, bug #526300 + "${FILESDIR}/${PN}-0.36-bash-completion.patch" + # Strip distutils use + "${FILESDIR}/${PN}-0.36.1-distutils.patch" +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ "${nf_nat_ftp_ok}" == "no" ]] || \ + [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \ + [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}/etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ "${nf_nat_ftp_ok}" == "no" ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +src_prepare() { + default + + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi +} + +src_compile() { + edo ${EPYTHON} setup.py build +} + +src_install() { + edo ${EPYTHON} setup.py install --prefix="${EPREFIX}/usr" --root="${D}" + python_fix_shebang "${ED}" + python_optimize + einstalldocs + + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + pushd "${ED}" || die + chmod -R 0644 etc/ufw/*.rules || die + popd || die + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto "/usr/share/doc/${PF}/logging/syslog-ng" + doins -r "${FILESDIR}"/syslog-ng/* + + insinto "/usr/share/doc/${PF}/logging/rsyslog" + doins -r "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto "/usr/share/doc/${PF}/examples" + doins -r examples/* + fi + newbashcomp shell-completion/bash "${PN}" + + [[ ${_EMPTY_LOCALE_LIST} != "yes" ]] && domo locales/mo/*.mo +} + +pkg_postinst() { + local found=() + local apps=( "net-firewall/arno-iptables-firewall" + "net-firewall/ferm" + "net-firewall/firehol" + "net-firewall/firewalld" + "net-firewall/ipkungfu" ) + + for exe in "${apps[@]}" + do + if has_version "${exe}"; then + found+=( "${exe}" ) + fi + done + + if [[ -n ${found} ]]; then + echo "" + ewarn "WARNING: Detected other firewall applications:" + ewarn "${found[@]}" + ewarn "If enabled, these applications may interfere with ufw!" + fi + + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo "" + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] || ver_replacing -lt 0.34; then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +}