diff options
Diffstat (limited to 'net-firewall/fwknop')
-rw-r--r-- | net-firewall/fwknop/Manifest | 2 | ||||
-rw-r--r-- | net-firewall/fwknop/fwknop-2.6.7.ebuild (renamed from net-firewall/fwknop/fwknop-2.6.6-r1.ebuild) | 54 | ||||
-rw-r--r-- | net-firewall/fwknop/metadata.xml | 8 |
3 files changed, 48 insertions, 16 deletions
diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest index ae32b6f25adc..69bd5b575744 100644 --- a/net-firewall/fwknop/Manifest +++ b/net-firewall/fwknop/Manifest @@ -1 +1 @@ -DIST fwknop-2.6.6.tar.gz 2433846 SHA256 724e986b6bc47d3b6f5ba5c9232e2b411ae8ef4b2e8f7fffd16210c20d3be932 SHA512 ccd25701908a1bc653b59571013f0953ee40c967537b68cfaff48e1eea4fde11402712f70f07db308f7a37cfd49ef8ad11b1535d3012cf32e09cc677673c067f WHIRLPOOL df8025e8a2551e0485473715bc10fef31b373f38293b8f8f678aa7ec03f9fbe353a089cfbdbb783e5972b917313f4a90edfac4557e53bd962df6d8ba0e9fca2e +DIST fwknop-2.6.7.tar.gz 2849006 SHA256 e96c13f725a4c3829c842743b14aedf591d30570df5c06556862a900b64def86 SHA512 8a8c5e76740c495342fd914309de564576ce5c7fda90dc0f0322782ace5f28ccbb4bcef4c0a3353a564b13ef7298a5cd75dcd4d26986b2fb5ec000b641fbf848 WHIRLPOOL 6de45c31cc39b7b44d0531dc19bd2727bc721cf156a04d830c295573fe40d95296c1591e3bd5ae2b597bea9a6015744061351655f1cf04a5d6a5cae6678d1126 diff --git a/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.7.ebuild index 7fcc35d6ce5f..2fc149ff0e68 100644 --- a/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild +++ b/net-firewall/fwknop/fwknop-2.6.7.ebuild @@ -4,15 +4,15 @@ EAPI=5 -# Does work with python2_7, does not work with python3_3 on my machine -# More feedback is welcome, since setup.py does not provide any info +# Python extension supports only Python2 +# See https://github.com/mrash/fwknop/issues/167 PYTHON_COMPAT=( python2_7 ) DISTUTILS_OPTIONAL=1 -DISTUTILS_SINGLE_IMPL=1 AUTOTOOLS_AUTORECONF=1 AUTOTOOLS_IN_SOURCE_BUILD=1 +DISABLE_AUTOFORMATTING=1 -inherit autotools-utils distutils-r1 systemd +inherit autotools-utils distutils-r1 linux-info readme.gentoo systemd DESCRIPTION="Single Packet Authorization and Port Knocking application" HOMEPAGE="http://www.cipherdyne.org/fwknop/" @@ -21,7 +21,7 @@ SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="client extras gdbm gpg python server udp-server" +IUSE="client extras firewalld gdbm gpg iptables python server udp-server" RDEPEND=" client? ( net-misc/wget[ssl] ) @@ -34,23 +34,45 @@ RDEPEND=" DEPEND="${RDEPEND} gdbm? ( sys-libs/gdbm ) gpg? ( app-crypt/gpgme ) - server? ( - !udp-server? ( net-libs/libpcap ) - net-firewall/iptables - ) + firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] ) + iptables? ( net-firewall/iptables ) + server? ( !udp-server? ( net-libs/libpcap ) ) " REQUIRED_USE=" python? ( ${PYTHON_REQUIRED_USE} ) + firewalld? ( server ) + iptables? ( server ) + server? ( ^^ ( firewalld iptables ) ) udp-server? ( server ) " DOCS=( ChangeLog README.md ) +DOC_CONTENTS=" +Example configuration files were installed in /etc/fwknopd directory. +Please edit them to fit your needs and then remove the .example suffix. + +fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf. +You can set the desired backend via FIREWALL_EXE option in fwknopd.conf +instead of the default one chosen at compile time. +" + +pkg_pretend() { + if use server; then + if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then + ewarn "fwknopd uses the iptables 'comment' match to expire SPA rules," + ewarn "which is a major security feature and is enabled by default." + ewarn "Please either enable NETFILTER_XT_MATCH_COMMENT support in your" + ewarn "kernel, or set the appropriate ENABLE_{FIREWD,IPT}_COMMENT_CHECK" + ewarn "to 'N' in your fwknopd.conf file." + fi + fi +} src_prepare() { # Install example configs with .example suffix if use server; then - sed -i 's/conf;/conf.example;/g' "${S}"/Makefile.am || die + sed -i -e 's/conf;/conf.example;/g' "${S}"/Makefile.am || die fi autotools-utils_src_prepare @@ -71,6 +93,9 @@ src_configure() { $(use_enable udp-server) $(use_with gpg gpgme) ) + use firewalld && myeconfargs+=(--with-firewalld=/usr/sbin/firewalld) + use iptables && myeconfargs+=(--with-iptables=/sbin/iptables) + autotools-utils_src_configure } @@ -90,8 +115,9 @@ src_install() { if use server; then newinitd "${FILESDIR}/fwknopd.init" fwknopd newconfd "${FILESDIR}/fwknopd.confd" fwknopd - systemd_dounit "${FILESDIR}/fwknopd.service" - systemd_newtmpfilesd "${FILESDIR}/fwknopd.tmpfiles.conf" fwknopd.conf + systemd_dounit extras/systemd/fwknopd.service + systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf + readme.gentoo_create_doc fi use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd" @@ -103,3 +129,7 @@ src_install() { distutils-r1_src_install fi } + +pkg_postinst() { + use server && readme.gentoo_print_elog +} diff --git a/net-firewall/fwknop/metadata.xml b/net-firewall/fwknop/metadata.xml index 79031c2f7e61..8b1bce7efec2 100644 --- a/net-firewall/fwknop/metadata.xml +++ b/net-firewall/fwknop/metadata.xml @@ -8,11 +8,13 @@ </maintainer> <use> <flag name="client">Build fwknop client</flag> - <flag name="gdbm">Replace file digest-cache with gdbm</flag> + <flag name="extras">Install example AppArmor policy for fwknopd server</flag> + <flag name="firewalld">Use <pkg>net-firewall/firewalld</pkg> as the default server backend</flag> + <flag name="gdbm">Replace file-based digest-cache with gdbm one</flag> <flag name="gpg">Enable GPG support via <pkg>app-crypt/gpgme</pkg></flag> + <flag name="iptables">Use <pkg>net-firewall/iptables</pkg> as the default server backend</flag> <flag name="server">Build fwknopd server</flag> - <flag name="extras">Install example apparmor policy</flag> - <flag name="udp-server">Build fwknopd with UDP server mode only</flag> + <flag name="udp-server">Enable UDP server mode only (no <pkg>net-libs/libpcap</pkg> dependency)</flag> </use> <upstream> <remote-id type="github">mrash/fwknop</remote-id> |