You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
213 lines
5.1 KiB
213 lines
5.1 KiB
# Copyright 1999-2023 Gentoo Authors
|
|
# Distributed under the terms of the GNU General Public License v2
|
|
|
|
EAPI=8
|
|
|
|
PYTHON_COMPAT=( python3_{8..10} )
|
|
inherit bash-completion-r1 gnome2-utils linux-info optfeature plocale python-single-r1 systemd xdg-utils
|
|
|
|
DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall"
|
|
HOMEPAGE="https://firewalld.org/"
|
|
SRC_URI="https://github.com/firewalld/firewalld/releases/download/v${PV}/${P}.tar.gz"
|
|
|
|
LICENSE="GPL-2+"
|
|
SLOT="0"
|
|
KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86"
|
|
IUSE="gui +nftables +iptables test"
|
|
# Tests previously restricted for bug #650760
|
|
RESTRICT="!test? ( test ) test? ( userpriv ) test"
|
|
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
|
|
|
|
RDEPEND="${PYTHON_DEPS}
|
|
iptables? (
|
|
net-firewall/iptables[ipv6(+)]
|
|
net-firewall/ebtables
|
|
net-firewall/ipset
|
|
nftables? ( net-firewall/nftables[xtables(+)] )
|
|
)
|
|
|| ( >=sys-apps/openrc-0.11.5 sys-apps/systemd )
|
|
$(python_gen_cond_dep '
|
|
dev-python/dbus-python[${PYTHON_USEDEP}]
|
|
dev-python/pygobject:3[${PYTHON_USEDEP}]
|
|
gui? (
|
|
x11-libs/gtk+:3
|
|
dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}]
|
|
)
|
|
nftables? ( >=net-firewall/nftables-0.9.4[python,json] )
|
|
')"
|
|
DEPEND="${RDEPEND}
|
|
dev-libs/glib:2"
|
|
BDEPEND="app-text/docbook-xml-dtd
|
|
>=dev-util/intltool-0.35
|
|
sys-devel/gettext"
|
|
|
|
# Testsuite's Makefile.am calls missing(!)
|
|
# ... but this seems to be consistent with the autoconf docs?
|
|
# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html
|
|
QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*"
|
|
|
|
PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hr hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW"
|
|
|
|
pkg_setup() {
|
|
# See bug #830132 for the huge list
|
|
# We can probably narrow it down a bit but it's rather fragile
|
|
local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK
|
|
~NETFILTER
|
|
~NETFILTER_ADVANCED
|
|
~NETFILTER_INGRESS
|
|
~NF_NAT_MASQUERADE
|
|
~NF_NAT_REDIRECT
|
|
~NF_TABLES_INET
|
|
~NF_TABLES_IPV4
|
|
~NF_TABLES_IPV6
|
|
~NF_CONNTRACK
|
|
~NF_CONNTRACK_BROADCAST
|
|
~NF_CONNTRACK_NETBIOS_NS
|
|
~NF_CONNTRACK_TFTP
|
|
~NF_CT_NETLINK
|
|
~NF_CT_NETLINK_HELPER
|
|
~NF_DEFRAG_IPV4
|
|
~NF_DEFRAG_IPV6
|
|
~NF_NAT
|
|
~NF_NAT_TFTP
|
|
~NF_REJECT_IPV4
|
|
~NF_REJECT_IPV6
|
|
~NF_SOCKET_IPV4
|
|
~NF_SOCKET_IPV6
|
|
~NF_TABLES
|
|
~NF_TPROXY_IPV4
|
|
~NF_TPROXY_IPV6
|
|
~IP_NF_FILTER
|
|
~IP_NF_IPTABLES
|
|
~IP_NF_MANGLE
|
|
~IP_NF_NAT
|
|
~IP_NF_RAW
|
|
~IP_NF_SECURITY
|
|
~IP_NF_TARGET_MASQUERADE
|
|
~IP_NF_TARGET_REJECT
|
|
~IP6_NF_FILTER
|
|
~IP6_NF_IPTABLES
|
|
~IP6_NF_MANGLE
|
|
~IP6_NF_NAT
|
|
~IP6_NF_RAW
|
|
~IP6_NF_SECURITY
|
|
~IP6_NF_TARGET_MASQUERADE
|
|
~IP6_NF_TARGET_REJECT
|
|
~IP_SET
|
|
~NETFILTER_CONNCOUNT
|
|
~NETFILTER_NETLINK
|
|
~NETFILTER_NETLINK_OSF
|
|
~NETFILTER_NETLINK_QUEUE
|
|
~NETFILTER_SYNPROXY
|
|
~NETFILTER_XTABLES
|
|
~NETFILTER_XT_CONNMARK
|
|
~NETFILTER_XT_MATCH_CONNTRACK
|
|
~NETFILTER_XT_MATCH_MULTIPORT
|
|
~NETFILTER_XT_MATCH_STATE
|
|
~NETFILTER_XT_NAT
|
|
~NETFILTER_XT_TARGET_MASQUERADE
|
|
~NFT_COMPAT
|
|
~NFT_COUNTER
|
|
~NFT_CT
|
|
~NFT_FIB
|
|
~NFT_FIB_INET
|
|
~NFT_FIB_IPV4
|
|
~NFT_FIB_IPV6
|
|
~NFT_HASH
|
|
~NFT_LIMIT
|
|
~NFT_LOG
|
|
~NFT_MASQ
|
|
~NFT_NAT
|
|
~NFT_OBJREF
|
|
~NFT_QUEUE
|
|
~NFT_QUOTA
|
|
~NFT_REDIR
|
|
~NFT_REJECT
|
|
~NFT_REJECT_INET
|
|
~NFT_REJECT_IPV4
|
|
~NFT_REJECT_IPV6
|
|
~NFT_SOCKET
|
|
~NFT_SYNPROXY
|
|
~NFT_TPROXY
|
|
~NFT_TUNNEL
|
|
~NFT_XFRM"
|
|
|
|
# kernel >= 4.19 has unified a NF_CONNTRACK module, bug #692944
|
|
if kernel_is -lt 4 19; then
|
|
CONFIG_CHECK+=" ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6"
|
|
fi
|
|
|
|
# bug #831259
|
|
if kernel_is -le 5 4 ; then
|
|
CONFIG_CHECK+=" ~NF_TABLES_SET"
|
|
fi
|
|
|
|
linux-info_pkg_setup
|
|
}
|
|
|
|
src_prepare() {
|
|
default
|
|
|
|
plocale_find_changes "po" "" ".po" || die
|
|
plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS
|
|
}
|
|
|
|
src_configure() {
|
|
python_setup
|
|
|
|
local myeconfargs=(
|
|
--enable-systemd
|
|
$(use_with iptables iptables "${EPREFIX}/sbin/iptables")
|
|
$(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore")
|
|
$(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables")
|
|
$(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore")
|
|
$(use_with iptables ebtables "${EPREFIX}/sbin/ebtables")
|
|
$(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore")
|
|
$(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset")
|
|
--with-systemd-unitdir="$(systemd_get_systemunitdir)"
|
|
--with-bashcompletiondir="$(get_bashcompdir)"
|
|
)
|
|
|
|
econf "${myeconfargs[@]}"
|
|
}
|
|
|
|
src_install() {
|
|
default
|
|
python_optimize
|
|
|
|
# Get rid of junk
|
|
rm -rf "${D}/etc/sysconfig/" || die
|
|
|
|
# For non-gui installs we need to remove GUI bits
|
|
if ! use gui; then
|
|
rm -rf "${D}/etc/xdg/autostart" || die
|
|
rm -f "${D}/usr/bin/firewall-applet" || die
|
|
rm -f "${D}/usr/bin/firewall-config" || die
|
|
rm -rf "${D}/usr/share/applications" || die
|
|
rm -rf "${D}/usr/share/icons" || die
|
|
fi
|
|
|
|
newinitd "${FILESDIR}"/firewalld.init firewalld
|
|
|
|
# Our version drops the/an obsolete 'conflicts' line with old iptables services
|
|
# bug #833506
|
|
systemd_dounit "${FILESDIR}"/firewalld.service
|
|
}
|
|
|
|
pkg_preinst() {
|
|
gnome2_schemas_savelist
|
|
}
|
|
|
|
pkg_postinst() {
|
|
xdg_icon_cache_update
|
|
gnome2_schemas_update
|
|
|
|
# bug #833569
|
|
optfeature "changing zones with NetworkManager" gnome-extra/nm-applet
|
|
}
|
|
|
|
pkg_postrm() {
|
|
xdg_icon_cache_update
|
|
gnome2_schemas_update
|
|
}
|