summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall/fwknop')
-rw-r--r--net-firewall/fwknop/Manifest2
-rw-r--r--net-firewall/fwknop/fwknop-2.6.7.ebuild (renamed from net-firewall/fwknop/fwknop-2.6.6-r1.ebuild)54
-rw-r--r--net-firewall/fwknop/metadata.xml8
3 files changed, 48 insertions, 16 deletions
diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest
index ae32b6f25adc..69bd5b575744 100644
--- a/net-firewall/fwknop/Manifest
+++ b/net-firewall/fwknop/Manifest
@@ -1 +1 @@
-DIST fwknop-2.6.6.tar.gz 2433846 SHA256 724e986b6bc47d3b6f5ba5c9232e2b411ae8ef4b2e8f7fffd16210c20d3be932 SHA512 ccd25701908a1bc653b59571013f0953ee40c967537b68cfaff48e1eea4fde11402712f70f07db308f7a37cfd49ef8ad11b1535d3012cf32e09cc677673c067f WHIRLPOOL df8025e8a2551e0485473715bc10fef31b373f38293b8f8f678aa7ec03f9fbe353a089cfbdbb783e5972b917313f4a90edfac4557e53bd962df6d8ba0e9fca2e
+DIST fwknop-2.6.7.tar.gz 2849006 SHA256 e96c13f725a4c3829c842743b14aedf591d30570df5c06556862a900b64def86 SHA512 8a8c5e76740c495342fd914309de564576ce5c7fda90dc0f0322782ace5f28ccbb4bcef4c0a3353a564b13ef7298a5cd75dcd4d26986b2fb5ec000b641fbf848 WHIRLPOOL 6de45c31cc39b7b44d0531dc19bd2727bc721cf156a04d830c295573fe40d95296c1591e3bd5ae2b597bea9a6015744061351655f1cf04a5d6a5cae6678d1126
diff --git a/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.7.ebuild
index 7fcc35d6ce5f..2fc149ff0e68 100644
--- a/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild
+++ b/net-firewall/fwknop/fwknop-2.6.7.ebuild
@@ -4,15 +4,15 @@
EAPI=5
-# Does work with python2_7, does not work with python3_3 on my machine
-# More feedback is welcome, since setup.py does not provide any info
+# Python extension supports only Python2
+# See https://github.com/mrash/fwknop/issues/167
PYTHON_COMPAT=( python2_7 )
DISTUTILS_OPTIONAL=1
-DISTUTILS_SINGLE_IMPL=1
AUTOTOOLS_AUTORECONF=1
AUTOTOOLS_IN_SOURCE_BUILD=1
+DISABLE_AUTOFORMATTING=1
-inherit autotools-utils distutils-r1 systemd
+inherit autotools-utils distutils-r1 linux-info readme.gentoo systemd
DESCRIPTION="Single Packet Authorization and Port Knocking application"
HOMEPAGE="http://www.cipherdyne.org/fwknop/"
@@ -21,7 +21,7 @@ SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
-IUSE="client extras gdbm gpg python server udp-server"
+IUSE="client extras firewalld gdbm gpg iptables python server udp-server"
RDEPEND="
client? ( net-misc/wget[ssl] )
@@ -34,23 +34,45 @@ RDEPEND="
DEPEND="${RDEPEND}
gdbm? ( sys-libs/gdbm )
gpg? ( app-crypt/gpgme )
- server? (
- !udp-server? ( net-libs/libpcap )
- net-firewall/iptables
- )
+ firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] )
+ iptables? ( net-firewall/iptables )
+ server? ( !udp-server? ( net-libs/libpcap ) )
"
REQUIRED_USE="
python? ( ${PYTHON_REQUIRED_USE} )
+ firewalld? ( server )
+ iptables? ( server )
+ server? ( ^^ ( firewalld iptables ) )
udp-server? ( server )
"
DOCS=( ChangeLog README.md )
+DOC_CONTENTS="
+Example configuration files were installed in /etc/fwknopd directory.
+Please edit them to fit your needs and then remove the .example suffix.
+
+fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf.
+You can set the desired backend via FIREWALL_EXE option in fwknopd.conf
+instead of the default one chosen at compile time.
+"
+
+pkg_pretend() {
+ if use server; then
+ if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then
+ ewarn "fwknopd uses the iptables 'comment' match to expire SPA rules,"
+ ewarn "which is a major security feature and is enabled by default."
+ ewarn "Please either enable NETFILTER_XT_MATCH_COMMENT support in your"
+ ewarn "kernel, or set the appropriate ENABLE_{FIREWD,IPT}_COMMENT_CHECK"
+ ewarn "to 'N' in your fwknopd.conf file."
+ fi
+ fi
+}
src_prepare() {
# Install example configs with .example suffix
if use server; then
- sed -i 's/conf;/conf.example;/g' "${S}"/Makefile.am || die
+ sed -i -e 's/conf;/conf.example;/g' "${S}"/Makefile.am || die
fi
autotools-utils_src_prepare
@@ -71,6 +93,9 @@ src_configure() {
$(use_enable udp-server)
$(use_with gpg gpgme)
)
+ use firewalld && myeconfargs+=(--with-firewalld=/usr/sbin/firewalld)
+ use iptables && myeconfargs+=(--with-iptables=/sbin/iptables)
+
autotools-utils_src_configure
}
@@ -90,8 +115,9 @@ src_install() {
if use server; then
newinitd "${FILESDIR}/fwknopd.init" fwknopd
newconfd "${FILESDIR}/fwknopd.confd" fwknopd
- systemd_dounit "${FILESDIR}/fwknopd.service"
- systemd_newtmpfilesd "${FILESDIR}/fwknopd.tmpfiles.conf" fwknopd.conf
+ systemd_dounit extras/systemd/fwknopd.service
+ systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf
+ readme.gentoo_create_doc
fi
use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd"
@@ -103,3 +129,7 @@ src_install() {
distutils-r1_src_install
fi
}
+
+pkg_postinst() {
+ use server && readme.gentoo_print_elog
+}
diff --git a/net-firewall/fwknop/metadata.xml b/net-firewall/fwknop/metadata.xml
index 79031c2f7e61..8b1bce7efec2 100644
--- a/net-firewall/fwknop/metadata.xml
+++ b/net-firewall/fwknop/metadata.xml
@@ -8,11 +8,13 @@
</maintainer>
<use>
<flag name="client">Build fwknop client</flag>
- <flag name="gdbm">Replace file digest-cache with gdbm</flag>
+ <flag name="extras">Install example AppArmor policy for fwknopd server</flag>
+ <flag name="firewalld">Use <pkg>net-firewall/firewalld</pkg> as the default server backend</flag>
+ <flag name="gdbm">Replace file-based digest-cache with gdbm one</flag>
<flag name="gpg">Enable GPG support via <pkg>app-crypt/gpgme</pkg></flag>
+ <flag name="iptables">Use <pkg>net-firewall/iptables</pkg> as the default server backend</flag>
<flag name="server">Build fwknopd server</flag>
- <flag name="extras">Install example apparmor policy</flag>
- <flag name="udp-server">Build fwknopd with UDP server mode only</flag>
+ <flag name="udp-server">Enable UDP server mode only (no <pkg>net-libs/libpcap</pkg> dependency)</flag>
</use>
<upstream>
<remote-id type="github">mrash/fwknop</remote-id>