diff options
author | Joe MacDonald <joe_macdonald@mentor.com> | 2014-11-10 21:51:46 -0500 |
---|---|---|
committer | Joe MacDonald <joe_macdonald@mentor.com> | 2014-12-03 16:39:50 -0500 |
commit | 2cc1bd9dd060f5002c2fde7aacba86fe230c12af (patch) | |
tree | ba89d45559013688303661d10ddb444ad9fa7cfa /meta-networking/recipes-connectivity | |
parent | 9f925e52370571e1e38ad190f1a5c18473dd87da (diff) | |
download | meta-openembedded-2cc1bd9dd060f5002c2fde7aacba86fe230c12af.tar.gz |
ufw: Uncomplicated Firewall recipe
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'meta-networking/recipes-connectivity')
8 files changed, 464 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0001-optimize-boot.patch b/meta-networking/recipes-connectivity/ufw/ufw/0001-optimize-boot.patch new file mode 100644 index 000000000..a1e56b7ca --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0001-optimize-boot.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | Author: Jamie Strandboge <jamie@canonical.com> | ||
2 | Description: to improve boot speed when disabled, don't source all of | ||
3 | ufw-init-functions (which also sources in other files). | ||
4 | |||
5 | Upstream-Status: Inappropriate [ not author ] | ||
6 | |||
7 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
8 | |||
9 | Index: ufw-0.31/src/ufw-init | ||
10 | =================================================================== | ||
11 | --- ufw-0.31.orig/src/ufw-init 2012-03-09 17:07:11.000000000 -0600 | ||
12 | +++ ufw-0.31/src/ufw-init 2012-03-17 09:37:51.000000000 -0500 | ||
13 | @@ -18,6 +18,12 @@ | ||
14 | # | ||
15 | set -e | ||
16 | |||
17 | +# Debian/Ubuntu: small boot speed improvement | ||
18 | +. "#CONFIG_PREFIX#/ufw/ufw.conf" | ||
19 | +if [ "$1" = "start" ] && [ "$2" = "quiet" ] && [ "$ENABLED" = "no" ]; then | ||
20 | + exit 0 | ||
21 | +fi | ||
22 | + | ||
23 | if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then | ||
24 | . "#STATE_PREFIX#/ufw-init-functions" | ||
25 | else | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0002-lp1044361.patch b/meta-networking/recipes-connectivity/ufw/ufw/0002-lp1044361.patch new file mode 100644 index 000000000..804c18bc9 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0002-lp1044361.patch | |||
@@ -0,0 +1,118 @@ | |||
1 | Origin: r795, r796 | ||
2 | Description: move netfilter capabilities checking into initcaps(), and call | ||
3 | initcaps() only when we need it. | ||
4 | Bug-Ubuntu: https://launchpad.net/bugs/1044361 | ||
5 | |||
6 | Upstream-Status: Inappropriate [ not author ] | ||
7 | |||
8 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
9 | |||
10 | Index: ufw-0.33/src/backend_iptables.py | ||
11 | =================================================================== | ||
12 | --- ufw-0.33.orig/src/backend_iptables.py 2012-09-23 09:58:34.000000000 -0500 | ||
13 | +++ ufw-0.33/src/backend_iptables.py 2012-09-23 09:58:36.000000000 -0500 | ||
14 | @@ -160,6 +160,9 @@ | ||
15 | out += "> " + _("Checking raw ip6tables\n") | ||
16 | return out | ||
17 | |||
18 | + # Initialize the capabilities database | ||
19 | + self.initcaps() | ||
20 | + | ||
21 | args = ['-n', '-v', '-x', '-L'] | ||
22 | items = [] | ||
23 | items6 = [] | ||
24 | @@ -470,6 +473,9 @@ | ||
25 | if self.dryrun: | ||
26 | return False | ||
27 | |||
28 | + # Initialize the capabilities database | ||
29 | + self.initcaps() | ||
30 | + | ||
31 | prefix = "ufw" | ||
32 | exe = self.iptables | ||
33 | if v6: | ||
34 | @@ -684,6 +690,9 @@ | ||
35 | except Exception: | ||
36 | raise | ||
37 | |||
38 | + # Initialize the capabilities database | ||
39 | + self.initcaps() | ||
40 | + | ||
41 | chain_prefix = "ufw" | ||
42 | rules = self.rules | ||
43 | if v6: | ||
44 | @@ -830,6 +839,10 @@ | ||
45 | * updating user rules file | ||
46 | * reloading the user rules file if rule is modified | ||
47 | ''' | ||
48 | + | ||
49 | + # Initialize the capabilities database | ||
50 | + self.initcaps() | ||
51 | + | ||
52 | rstr = "" | ||
53 | |||
54 | if rule.v6: | ||
55 | @@ -1073,6 +1086,9 @@ | ||
56 | if self.dryrun: | ||
57 | return | ||
58 | |||
59 | + # Initialize the capabilities database | ||
60 | + self.initcaps() | ||
61 | + | ||
62 | rules_t = [] | ||
63 | try: | ||
64 | rules_t = self._get_logging_rules(level) | ||
65 | Index: ufw-0.33/src/backend.py | ||
66 | =================================================================== | ||
67 | --- ufw-0.33.orig/src/backend.py 2012-09-23 09:58:34.000000000 -0500 | ||
68 | +++ ufw-0.33/src/backend.py 2012-09-23 09:59:03.000000000 -0500 | ||
69 | @@ -21,7 +21,7 @@ | ||
70 | import stat | ||
71 | import sys | ||
72 | import ufw.util | ||
73 | -from ufw.util import warn, debug | ||
74 | +from ufw.util import error, warn, debug | ||
75 | from ufw.common import UFWError, config_dir, iptables_dir, UFWRule | ||
76 | import ufw.applications | ||
77 | |||
78 | @@ -68,6 +68,17 @@ | ||
79 | err_msg = _("Couldn't determine iptables version") | ||
80 | raise UFWError(err_msg) | ||
81 | |||
82 | + # Initialize via initcaps only when we need it (LP: #1044361) | ||
83 | + self.caps = None | ||
84 | + | ||
85 | + def initcaps(self): | ||
86 | + '''Initialize the capabilities database. This needs to be called | ||
87 | + before accessing the database.''' | ||
88 | + | ||
89 | + # Only initialize if not initialized already | ||
90 | + if self.caps != None: | ||
91 | + return | ||
92 | + | ||
93 | self.caps = {} | ||
94 | self.caps['limit'] = {} | ||
95 | |||
96 | @@ -78,14 +89,20 @@ | ||
97 | # Try to get capabilities from the running system if root | ||
98 | if self.do_checks and os.getuid() == 0 and not self.dryrun: | ||
99 | # v4 | ||
100 | - nf_caps = ufw.util.get_netfilter_capabilities(self.iptables) | ||
101 | + try: | ||
102 | + nf_caps = ufw.util.get_netfilter_capabilities(self.iptables) | ||
103 | + except OSError as e: | ||
104 | + error("initcaps\n%s" % e) | ||
105 | if 'recent-set' in nf_caps and 'recent-update' in nf_caps: | ||
106 | self.caps['limit']['4'] = True | ||
107 | else: | ||
108 | self.caps['limit']['4'] = False | ||
109 | |||
110 | # v6 | ||
111 | - nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) | ||
112 | + try: | ||
113 | + nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) | ||
114 | + except OSError as e: | ||
115 | + error("initcaps\n%s" % e) | ||
116 | if 'recent-set' in nf_caps and 'recent-update' in nf_caps: | ||
117 | self.caps['limit']['6'] = True | ||
118 | else: | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0003-fix-typeerror-on-error.patch b/meta-networking/recipes-connectivity/ufw/ufw/0003-fix-typeerror-on-error.patch new file mode 100644 index 000000000..b259fdf78 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0003-fix-typeerror-on-error.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | Origin: r797 | ||
2 | Description: src/backend_iptables.py: fix misplaced parenthesis | ||
3 | |||
4 | Upstream-Status: Inappropriate [ not author ] | ||
5 | |||
6 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
7 | |||
8 | Index: ufw-0.33/src/backend_iptables.py | ||
9 | =================================================================== | ||
10 | --- ufw-0.33.orig/src/backend_iptables.py 2012-09-24 08:51:13.000000000 -0500 | ||
11 | +++ ufw-0.33/src/backend_iptables.py 2012-09-24 08:52:00.000000000 -0500 | ||
12 | @@ -1075,7 +1075,7 @@ | ||
13 | exe = self.ip6tables | ||
14 | (rc, out) = cmd([exe] + args) | ||
15 | if rc != 0: | ||
16 | - err_msg = _("Could not perform '%s'") % (args) | ||
17 | + err_msg = _("Could not perform '%s'" % (args)) | ||
18 | if fail_ok: | ||
19 | debug("FAILOK: " + err_msg) | ||
20 | else: | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0004-lp1039729.patch b/meta-networking/recipes-connectivity/ufw/ufw/0004-lp1039729.patch new file mode 100644 index 000000000..695b26567 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0004-lp1039729.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | Origin: r803, r804 | ||
2 | Description: Don't call get_netfilter_capabilities() with ipv6 if ipv6 is | ||
3 | disabled. | ||
4 | Bug-Ubuntu: https://launchpad.net/ufw/bugs/1039729 | ||
5 | |||
6 | Upstream-Status: Inappropriate [ not author ] | ||
7 | |||
8 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
9 | |||
10 | Index: ufw-0.33/src/backend.py | ||
11 | =================================================================== | ||
12 | --- ufw-0.33.orig/src/backend.py 2012-12-04 09:21:57.000000000 -0600 | ||
13 | +++ ufw-0.33/src/backend.py 2012-12-04 09:22:40.000000000 -0600 | ||
14 | @@ -98,15 +98,17 @@ | ||
15 | else: | ||
16 | self.caps['limit']['4'] = False | ||
17 | |||
18 | - # v6 | ||
19 | - try: | ||
20 | - nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) | ||
21 | - except OSError as e: | ||
22 | - error("initcaps\n%s" % e) | ||
23 | - if 'recent-set' in nf_caps and 'recent-update' in nf_caps: | ||
24 | - self.caps['limit']['6'] = True | ||
25 | - else: | ||
26 | - self.caps['limit']['6'] = False | ||
27 | + # v6 (skip capabilities check for ipv6 if ipv6 is disabled in ufw | ||
28 | + # because the system may not have ipv6 support (LP: #1039729) | ||
29 | + if self.use_ipv6(): | ||
30 | + try: | ||
31 | + nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) | ||
32 | + except OSError as e: | ||
33 | + error("initcaps\n%s" % e) | ||
34 | + if 'recent-set' in nf_caps and 'recent-update' in nf_caps: | ||
35 | + self.caps['limit']['6'] = True | ||
36 | + else: | ||
37 | + self.caps['limit']['6'] = False | ||
38 | |||
39 | def is_enabled(self): | ||
40 | '''Is firewall configured as enabled''' | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0005-lp1191197.patch b/meta-networking/recipes-connectivity/ufw/ufw/0005-lp1191197.patch new file mode 100644 index 000000000..b760d3fd3 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0005-lp1191197.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | Origin: r816 | ||
2 | Description: add check for -m rt --rt-type 0 | ||
3 | Bug-Ubuntu: https://launchpad.net/bugs/1191197 | ||
4 | Forwarded: yes | ||
5 | |||
6 | Upstream-Status: Inappropriate [ not author ] | ||
7 | |||
8 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
9 | |||
10 | Index: ufw-0.33/tests/check-requirements | ||
11 | =================================================================== | ||
12 | --- ufw-0.33.orig/tests/check-requirements 2012-08-17 16:12:49.000000000 -0500 | ||
13 | +++ ufw-0.33/tests/check-requirements 2013-06-15 07:47:00.000000000 -0500 | ||
14 | @@ -3,7 +3,7 @@ | ||
15 | # check-requirements: verify all the required iptables functionality is | ||
16 | # available | ||
17 | # | ||
18 | -# Copyright 2008-2012 Canonical Ltd. | ||
19 | +# Copyright 2008-2013 Canonical Ltd. | ||
20 | # | ||
21 | # This program is free software: you can redistribute it and/or modify | ||
22 | # it under the terms of the GNU General Public License version 3, | ||
23 | @@ -218,6 +218,9 @@ | ||
24 | echo -n "icmpv6 with hl ($j): " | ||
25 | runcmd $exe -A $c -p icmpv6 --icmpv6-type $j -m hl --hl-eq 255 -j ACCEPT | ||
26 | done | ||
27 | + | ||
28 | + echo -n "ipv6 rt: " | ||
29 | + runcmd $exe -A $c -m rt --rt-type 0 -j ACCEPT | ||
30 | fi | ||
31 | |||
32 | echo "" | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/setup-add-an-option-to-specify-iptables-location.patch b/meta-networking/recipes-connectivity/ufw/ufw/setup-add-an-option-to-specify-iptables-location.patch new file mode 100644 index 000000000..511742338 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/setup-add-an-option-to-specify-iptables-location.patch | |||
@@ -0,0 +1,107 @@ | |||
1 | From c54d36d0582a60fd281cd9287077cea205fd849d Mon Sep 17 00:00:00 2001 | ||
2 | From: Joe MacDonald <joe_macdonald@mentor.com> | ||
3 | Date: Thu, 27 Nov 2014 15:20:34 -0500 | ||
4 | Subject: [PATCH] setup: add an option to specify iptables location | ||
5 | |||
6 | When cross-compiling it isn't certain that the location of iptables on the | ||
7 | target will be the same as on the host. It also doesn't make sense the | ||
8 | test the version of the host during setup. We provide an option to | ||
9 | specify an alternate iptables directory. This is assumed to be a | ||
10 | cross-compile environment and therefore no attempt is made to verify the | ||
11 | version of iptables to be used. | ||
12 | |||
13 | Upstream-Status: Pending | ||
14 | |||
15 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
16 | --- | ||
17 | setup.py | 69 ++++++++++++++++++++++++++++++++++++---------------------------- | ||
18 | 1 file changed, 39 insertions(+), 30 deletions(-) | ||
19 | |||
20 | diff --git a/setup.py b/setup.py | ||
21 | index 6fb3751..b13d11c 100644 | ||
22 | --- a/setup.py | ||
23 | +++ b/setup.py | ||
24 | @@ -225,41 +225,50 @@ shutil.copytree('src', 'staging') | ||
25 | os.unlink(os.path.join('staging', 'ufw-init')) | ||
26 | os.unlink(os.path.join('staging', 'ufw-init-functions')) | ||
27 | |||
28 | +iptables_set = 0 | ||
29 | iptables_exe = '' | ||
30 | iptables_dir = '' | ||
31 | |||
32 | -for e in ['iptables']: | ||
33 | - for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ | ||
34 | - '/usr/local/bin']: | ||
35 | - if e == "iptables": | ||
36 | - if os.path.exists(os.path.join(dir, e)): | ||
37 | - iptables_dir = dir | ||
38 | - iptables_exe = os.path.join(iptables_dir, "iptables") | ||
39 | - print("Found '%s'" % iptables_exe) | ||
40 | - else: | ||
41 | - continue | ||
42 | - | ||
43 | - if iptables_exe != "": | ||
44 | - break | ||
45 | - | ||
46 | - | ||
47 | -if iptables_exe == '': | ||
48 | - print("ERROR: could not find required binary 'iptables'", file=sys.stderr) | ||
49 | - sys.exit(1) | ||
50 | - | ||
51 | -for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: | ||
52 | - if not os.path.exists(os.path.join(iptables_dir, e)): | ||
53 | - print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) | ||
54 | +if "--iptables-dir" in sys.argv: | ||
55 | + iptables_dir = sys.argv[sys.argv.index("--iptables-dir") + 1] | ||
56 | + iptables_exe = os.path.join(iptables_dir, "iptables") | ||
57 | + iptables_set = 1 | ||
58 | + print("INFO: iptables manually set: '%s'" % (iptables_exe)) | ||
59 | + sys.argv.remove(iptables_dir) | ||
60 | + sys.argv.remove("--iptables-dir") | ||
61 | + | ||
62 | +if not iptables_set: | ||
63 | + for e in ['iptables']: | ||
64 | + for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ | ||
65 | + '/usr/local/bin']: | ||
66 | + if e == "iptables": | ||
67 | + if os.path.exists(os.path.join(dir, e)): | ||
68 | + iptables_dir = dir | ||
69 | + iptables_exe = os.path.join(iptables_dir, "iptables") | ||
70 | + print("Found '%s'" % iptables_exe) | ||
71 | + else: | ||
72 | + continue | ||
73 | + | ||
74 | + if iptables_exe != "": | ||
75 | + break | ||
76 | + | ||
77 | + if iptables_exe == '': | ||
78 | + print("ERROR: could not find required binary 'iptables'", file=sys.stderr) | ||
79 | sys.exit(1) | ||
80 | |||
81 | -(rc, out) = cmd([iptables_exe, '-V']) | ||
82 | -if rc != 0: | ||
83 | - raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ | ||
84 | - (iptables_exe)) | ||
85 | -version = re.sub('^v', '', re.split('\s', str(out))[1]) | ||
86 | -print("Found '%s' version '%s'" % (iptables_exe, version)) | ||
87 | -if version < "1.4": | ||
88 | - print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) | ||
89 | + for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: | ||
90 | + if not os.path.exists(os.path.join(iptables_dir, e)): | ||
91 | + print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) | ||
92 | + sys.exit(1) | ||
93 | + | ||
94 | + (rc, out) = cmd([iptables_exe, '-V']) | ||
95 | + if rc != 0: | ||
96 | + raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ | ||
97 | + (iptables_exe)) | ||
98 | + version = re.sub('^v', '', re.split('\s', str(out))[1]) | ||
99 | + print("Found '%s' version '%s'" % (iptables_exe, version)) | ||
100 | + if version < "1.4": | ||
101 | + print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) | ||
102 | |||
103 | setup (name='ufw', | ||
104 | version=ufw_version, | ||
105 | -- | ||
106 | 1.9.1 | ||
107 | |||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch b/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch new file mode 100644 index 000000000..ff704b5a4 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch | |||
@@ -0,0 +1,77 @@ | |||
1 | From be53eea06a5655fdc98f47a73be8277b65bb42ed Mon Sep 17 00:00:00 2001 | ||
2 | From: Joe MacDonald <joe_macdonald@mentor.com> | ||
3 | Date: Tue, 11 Nov 2014 21:41:14 -0500 | ||
4 | Subject: [PATCH] setup: only make one reference to env | ||
5 | |||
6 | If sys.executable happens to be '/usr/bin/env python' or something | ||
7 | similar, the setup script will result in 'ufw' getting /usr/bin/env | ||
8 | repeated on the top line. This causes an error at runtime. Perform a | ||
9 | quick sanity check on sys.executable before doing the substitution. | ||
10 | |||
11 | While we're at it, change the default value of 'exe' to the one we either | ||
12 | detected or specified on the build line. | ||
13 | |||
14 | Upstream-Status: Inappropriate [ embedded specific ] | ||
15 | |||
16 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
17 | --- | ||
18 | setup.py | 34 ++++++++++++++++++++++++++++------ | ||
19 | 1 file changed, 28 insertions(+), 6 deletions(-) | ||
20 | |||
21 | diff --git a/setup.py b/setup.py | ||
22 | index b13d11c..73acdef 100644 | ||
23 | --- a/setup.py | ||
24 | +++ b/setup.py | ||
25 | @@ -64,7 +64,7 @@ class Install(_install, object): | ||
26 | real_sharedir = os.path.join(real_prefix, 'share', 'ufw') | ||
27 | |||
28 | # Update the modules' paths | ||
29 | - for file in [ 'common.py' ]: | ||
30 | + for file in [ 'common.py', 'util.py' ]: | ||
31 | print("Updating " + file) | ||
32 | subprocess.call(["sed", | ||
33 | "-i", | ||
34 | @@ -91,6 +91,11 @@ class Install(_install, object): | ||
35 | "s%#SHARE_DIR#%" + real_sharedir + "%g", | ||
36 | os.path.join('staging', file)]) | ||
37 | |||
38 | + subprocess.call(["sed", | ||
39 | + "-i.jjm", | ||
40 | + "s%/sbin/iptables%" + iptables_exe + "%g", | ||
41 | + os.path.join('staging', file)]) | ||
42 | + | ||
43 | # Now byte-compile everything | ||
44 | super(Install, self).run() | ||
45 | |||
46 | @@ -107,12 +112,23 @@ class Install(_install, object): | ||
47 | for f in [ script, manpage, manpage_f ]: | ||
48 | self.mkpath(os.path.dirname(f)) | ||
49 | |||
50 | + # if sys.executable == /usr/bin/env python* the result will be the top | ||
51 | + # of ufw getting: | ||
52 | + # | ||
53 | + # #! /usr/bin/env /usr/bin/env python | ||
54 | + # | ||
55 | + # which is not ideal | ||
56 | + # | ||
57 | # update the interpreter to that of the one the user specified for setup | ||
58 | - print("Updating staging/ufw to use %s" % (sys.executable)) | ||
59 | - subprocess.call(["sed", | ||
60 | - "-i", | ||
61 | - "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", | ||
62 | - 'staging/ufw']) | ||
63 | + print("Updating staging/ufw to use (%s)" % (sys.executable)) | ||
64 | + | ||
65 | + if re.search("(/usr/bin/env)", sys.executable): | ||
66 | + print("found 'env' in sys.executable (%s)" % (sys.executable)) | ||
67 | + subprocess.call(["sed", | ||
68 | + "-i.jjm", | ||
69 | + "1s%^#.*python.*%#! " + sys.executable + "%g", | ||
70 | + 'staging/ufw']) | ||
71 | + | ||
72 | self.copy_file('staging/ufw', script) | ||
73 | self.copy_file('doc/ufw.8', manpage) | ||
74 | self.copy_file('doc/ufw-framework.8', manpage_f) | ||
75 | -- | ||
76 | 1.9.1 | ||
77 | |||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb b/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb new file mode 100644 index 000000000..467f2a81f --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb | |||
@@ -0,0 +1,45 @@ | |||
1 | SUMMARY = "Uncomplicated Firewall" | ||
2 | DESCRIPTION = "UFW stands for Uncomplicated Firewall, and is program for \ | ||
3 | managing a netfilter firewall. It provides a command line interface and aims \ | ||
4 | to be uncomplicated and easy to use." | ||
5 | HOMEPAGE = "https://launchpad.net/ufw" | ||
6 | LICENSE = "GPLv3" | ||
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" | ||
8 | |||
9 | SRC_URI = " \ | ||
10 | https://launchpad.net/ufw/0.33/0.33/+download/ufw-0.33.tar.gz \ | ||
11 | file://setup-add-an-option-to-specify-iptables-location.patch \ | ||
12 | file://setup-only-make-one-reference-to-env.patch \ | ||
13 | file://0001-optimize-boot.patch \ | ||
14 | file://0002-lp1044361.patch \ | ||
15 | file://0003-fix-typeerror-on-error.patch \ | ||
16 | file://0004-lp1039729.patch \ | ||
17 | file://0005-lp1191197.patch \ | ||
18 | " | ||
19 | SRC_URI[md5sum] = "3747b453d76709e5a99da209fc0bb5f5" | ||
20 | SRC_URI[sha256sum] = "5f85a8084ad3539b547bec097286948233188c971f498890316dec170bdd1da8" | ||
21 | |||
22 | inherit setuptools distro_features_check | ||
23 | |||
24 | RDEPENDS_${PN} = " \ | ||
25 | iptables \ | ||
26 | python \ | ||
27 | python-modules \ | ||
28 | " | ||
29 | |||
30 | RRECOMMENDS_${PN} = " \ | ||
31 | kernel-module-ipv6 \ | ||
32 | " | ||
33 | |||
34 | FILES_${PN} += " \ | ||
35 | ${sbindir}/* \ | ||
36 | ${datadir}/ufw/* \ | ||
37 | ${base_libdir}/ufw/* \ | ||
38 | ${sysconfdir}/ufw/* \ | ||
39 | ${sysconfdir}/default/ufw \ | ||
40 | " | ||
41 | |||
42 | REQUIRED_DISTRO_FEATURES = "ipv6" | ||
43 | |||
44 | DISTUTILS_BUILD_ARGS_append = " --iptables-dir /usr/sbin" | ||
45 | DISTUTILS_INSTALL_ARGS_append = " --iptables-dir /usr/sbin" | ||