1 files changed, 313 insertions, 0 deletions
diff --git a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_2.2.1.bb b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_2.2.1.bb
new file mode 100644
index 0000000000..0c670a2caa
--- /dev/null
+++ b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_2.2.1.bb
@@ -0,0 +1,313 @@
+SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
+HOMEPAGE = "https://firewalld.org/"
+BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
+UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+SRC_URI = "\
+    https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.bz2 \
+    file://firewalld.init \
+    file://run-ptest \
+"
+SRC_URI[sha256sum] = "5215ba30236ee1e3df2c2292465a9ff605b9c445dcab2e37da4961cb27c7f36e"
+# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
+DEPENDS = "intltool-native glib-2.0-native nftables"
+inherit gettext autotools-brokensep bash-completion pkgconfig python3native python3-dir gsettings systemd update-rc.d ptest features_check
+REQUIRED_DISTRO_FEATURES = "gobject-introspection-data"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
+PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
+PACKAGECONFIG[ipset] = "--with-ipset=${sbindir}/ipset,--without-ipset,,ipset"
+PACKAGECONFIG[ebtables] = "--with-ebtables=${base_sbindir}/ebtables --with-ebtables-restore=${sbindir}/ebtables-legacy-restore,--without-ebtables --without-ebtables-restore,,ebtables"
+# Default logging configuration: mixed syslog file console
+FIREWALLD_DEFAULT_LOG_TARGET ??= "syslog"
+# The UIs are not yet tested and the dependencies are probably not quite correct yet.
+# Splitting into separate packages is beneficial so that no dead code is transferred
+# to the target device.
+# Without enabling qt5, the firewalld-config package is not usable.
+# Without enabling qt5 and gtk, the firewalld-applet package is not usable.
+PACKAGECONFIG[qt5] = ""
+PACKAGECONFIG[gtk] = ""
+PACKAGES =+ "python3-firewall ${PN}-applet ${PN}-config ${PN}-offline-cmd ${PN}-zsh-completion ${PN}-log-rotate"
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of them.
+# However we still need iptables and ip6tables to be available otherwise any
+# application relying on "direct passthrough" rules (such as docker) will break.
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which we aren't using, so we disable that.
+EXTRA_OECONF = "\
+    --with-iptables=${sbindir}/iptables \
+    --with-iptables-restore=${sbindir}/iptables-restore \
+    --with-ip6tables=${sbindir}/ip6tables \
+    --with-ip6tables-restore=${sbindir}/ip6tables-restore \
+    --disable-sysconfig \
+"
+INITSCRIPT_NAME = "firewalld"
+SYSTEMD_SERVICE:${PN} = "firewalld.service"
+# kernel modules loaded after ptest execution (linux-yocto 5.15)
+FIREWALLD_KERNEL_MODULES ?= "\
+    xt_tcpudp \
+    xt_TCPMSS \
+    xt_set \
+    xt_sctp \
+    xt_REDIRECT \
+    xt_pkttype \
+    xt_NFLOG \
+    xt_nat \
+    xt_MASQUERADE \
+    xt_mark \
+    xt_mac \
+    xt_LOG \
+    xt_limit \
+    xt_dccp \
+    xt_CT \
+    xt_conntrack \
+    xt_CHECKSUM \
+    nft_redir \
+    nft_objref \
+    nft_nat \
+    nft_masq \
+    nft_log \
+    nfnetlink_log \
+    nf_nat_tftp \
+    nf_nat_sip \
+    nf_nat_ftp \
+    nf_log_syslog \
+    nf_conntrack_tftp \
+    nf_conntrack_sip \
+    nf_conntrack_netbios_ns \
+    nf_conntrack_ftp \
+    nf_conntrack_broadcast \
+    ipt_REJECT \
+    ip6t_rpfilter \
+    ip6t_REJECT \
+    ip_set_hash_netport \
+    ip_set_hash_netnet \
+    ip_set_hash_netiface \
+    ip_set_hash_net \
+    ip_set_hash_mac \
+    ip_set_hash_ipportnet \
+    ip_set_hash_ipport \
+    ip_set_hash_ipmark \
+    ip_set_hash_ip \
+    ebt_ip6 \
+    nft_fib_inet \
+    nft_fib_ipv4 \
+    nft_fib_ipv6 \
+    nft_fib \
+    nft_reject_inet \
+    nf_reject_ipv4 \
+    nf_reject_ipv6 \
+    nft_reject \
+    nft_ct \
+    nft_chain_nat \
+    ebtable_nat \
+    ebtable_broute \
+    ip6table_nat \
+    ip6table_mangle \
+    ip6table_raw \
+    ip6table_security \
+    iptable_nat \
+    nf_nat \
+    nf_conntrack \
+    nf_defrag_ipv6 \
+    nf_defrag_ipv4 \
+    iptable_mangle \
+    iptable_raw \
+    iptable_security \
+    ip_set \
+    ebtable_filter \
+    ebtables \
+    ip6table_filter \
+    ip6_tables \
+    iptable_filter \
+    ip_tables \
+    x_tables \
+    sch_fq_codel \
+"
+do_configure:prepend() {
+    export DEFAULT_LOG_TARGET=${FIREWALLD_DEFAULT_LOG_TARGET}
+}
+do_install:append() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then
+        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
+        rm -rf ${D}${sysconfdir}/rc.d/
+        install -d ${D}${sysconfdir}/init.d
+        install -m0755 ${UNPACKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
+    fi
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'false', 'true', d)}; then
+        # Delete polkit profiles if polkit is not available
+        rm -rf ${D}${datadir}/polkit-1
+    fi
+    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
+    # so now we need to fix up any references to point at the proper path in the image.
+    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
+    if [ ${PN} != "${BPN}-native" ]; then
+        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
+            ${D}${bindir}/* ${D}${sbindir}/*
+    fi
+    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
+        ${D}${bindir}/* ${D}${sbindir}/*
+    # This file contains Red Hat-isms. Modules get loaded without it.
+    rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
+}
+do_install_ptest:append() {
+    # Add kernel modules to the ptest script
+    if [ ${PTEST_ENABLED} = "1" ]; then
+        sed -i -e 's:@@FIREWALLD_KERNEL_MODULES@@:${FIREWALLD_KERNEL_MODULES}:g' \
+            ${D}${PTEST_PATH}/run-ptest
+    fi
+}
+SUMMARY:python3-firewall = "${SUMMARY} (Python3 bindings)"
+FILES:python3-firewall = "\
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/config/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/config/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/__pycache__/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/server/*.py* \
+    ${PYTHON_SITEPACKAGES_DIR}/firewall/server/__pycache__/*.py* \
+"
+RDEPENDS:python3-firewall = "\
+    python3-dbus \
+    nftables-python \
+    python3-pygobject \
+"
+# Do not depend on QT5 layer and GTK deps if not explicitely required.
+FIREWALLD_QT5_RDEPENDS = "\
+    ${PN}-config \
+    hicolor-icon-theme \
+    python3-pyqt5 \
+    python3-pygobject \
+    libnotify \
+    networkmanager \
+"
+FIREWALLD_GTK_RDEPENDS = "\
+    gtk3 \
+"
+# A QT5 based UI
+SUMMARY:${PN}-config = "${SUMMARY} (configuration application)"
+FILES:${PN}-config = "\
+    ${bindir}/firewall-config \
+    ${datadir}/firewalld/firewall-config.glade \
+    ${datadir}/firewalld/gtk3_chooserbutton.py* \
+    ${datadir}/firewalld/gtk3_niceexpander.py* \
+    ${datadir}/applications/firewall-config.desktop \
+    ${datadir}/metainfo/firewall-config.appdata.xml \
+    ${datadir}/icons/hicolor/*/apps/firewall-config*.* \
+"
+RDEPENDS:${PN}-config += "\
+    python3-core \
+    python3-ctypes \
+    ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+"
+# A GTK3 applet depending on the QT5 firewall-config UI
+SUMMARY:${PN}-applet = "${SUMMARY} (panel applet)"
+FILES:${PN}-applet += "\
+    ${bindir}/firewall-applet \
+    ${sysconfdir}/xdg/autostart/firewall-applet.desktop \
+    ${sysconfdir}/firewall/applet.conf \
+    ${datadir}/icons/hicolor/*/apps/firewall-applet*.* \
+"
+RDEPENDS:${PN}-applet += "\
+    python3-core \
+    python3-ctypes \
+    ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'gtk', '${FIREWALLD_GTK_RDEPENDS}', '', d)} \
+"
+SUMMARY:${PN}-offline-cmd = "${SUMMARY} (offline configuration utility)"
+FILES:${PN}-offline-cmd += " \
+    ${bindir}/firewall-offline-cmd \
+"
+RDEPENDS:${PN}-offline-cmd += "python3-core"
+SUMMARY:${PN}-log-rotate = "${SUMMARY} (log-rotate configuration)"
+FILES:${PN}-log-rotate += "${sysconfdir}/logrotate.d"
+# To get allmost all tests passing
+# - Enable PACKAGECONFIG ipset, ebtable
+# - Enough RAM QB_MEM = "-m 8192" (used für fancy ipset tests)
+FILES:${PN}-ptest += "\
+    ${datadir}/firewalld/testsuite \
+"
+RDEPENDS:${PN}-ptest += "\
+    python3-unittest \
+    ${PN}-offline-cmd \
+    procps-ps \
+    iproute2 \
+"
+RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us"
+FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
+FILES:${PN} += "\
+    ${PYTHON_SITEPACKAGES_DIR}/firewall \
+    ${nonarch_libdir}/firewalld \
+    ${datadir}/dbus-1 \
+    ${datadir}/polkit-1 \
+    ${datadir}/metainfo \
+    ${datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml \
+"
+RDEPENDS:${PN} += "\
+    bash \
+    python3-firewall \
+    iptables \
+    python3-core \
+    python3-io \
+    python3-fcntl \
+    python3-syslog \
+    python3-xml \
+    python3-json \
+    python3-ctypes \
+    python3-pprint \
+"
+# If firewalld writes a log file rotation is needed
+RRECOMMENDS:${PN} += "${@bb.utils.contains_any('FIREWALLD_DEFAULT_LOG_TARGET', [ 'mixed', 'file' ], '${PN}-log-rotate', '', d)}"
+# Add required kernel modules. With Yocto kernel 5.15 this currently means:
+# - features/nf_tables/nf_tables.scc
+# - features/netfilter/netfilter.scc
+# - cgl/features/audit/audit.scc
+# - cfg/net/ip6_nf.scc
+# - Plus:
+#   - ebtables
+#   - ipset
+#   - CONFIG_IP6_NF_SECURITY=m
+#   - CONFIG_IP6_NF_MATCH_RPFILTER=m
+#   - CONFIG_IP6_NF_TARGET_REJECT=m
+#   - CONFIG_NFT_OBJREF=m
+#   - CONFIG_NFT_FIB=m
+#   - CONFIG_NFT_FIB_INET=m
+#   - CONFIG_NFT_FIB_IPV4=m
+#   - CONFIG_NFT_FIB_IPV6=m
+#   - CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
+#   - CONFIG_NETFILTER_XT_SET=m
+def get_kernel_deps(d):
+    kmodules = (d.getVar('FIREWALLD_KERNEL_MODULES') or "").split()
+    return ' '.join([ 'kernel-module-' + mod.replace('_', '-').lower() for mod in kmodules ])
+RRECOMMENDS:${PN} += "${@get_kernel_deps(d)}"

diff --git a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_2.2.1.bb b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_2.2.1.bb new file mode 100644 index 0000000000..0c670a2caa --- /dev/null +++ b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_2.2.1.bb
@@ -0,0 +1,313 @@
	1	SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
	2	HOMEPAGE = "https://firewalld.org/"
	3	BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
	4	UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
	5	LICENSE = "GPL-2.0-or-later"
	6	LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
	7
	8	SRC_URI = "\
	9	https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.bz2 \
	10	file://firewalld.init \
	11	file://run-ptest \
	12	"
	13	SRC_URI[sha256sum] = "5215ba30236ee1e3df2c2292465a9ff605b9c445dcab2e37da4961cb27c7f36e"
	14
	15	# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
	16	DEPENDS = "intltool-native glib-2.0-native nftables"
	17
	18	inherit gettext autotools-brokensep bash-completion pkgconfig python3native python3-dir gsettings systemd update-rc.d ptest features_check
	19
	20	REQUIRED_DISTRO_FEATURES = "gobject-introspection-data"
	21
	22	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
	23	PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
	24	PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
	25	PACKAGECONFIG[ipset] = "--with-ipset=${sbindir}/ipset,--without-ipset,,ipset"
	26	PACKAGECONFIG[ebtables] = "--with-ebtables=${base_sbindir}/ebtables --with-ebtables-restore=${sbindir}/ebtables-legacy-restore,--without-ebtables --without-ebtables-restore,,ebtables"
	27
	28	# Default logging configuration: mixed syslog file console
	29	FIREWALLD_DEFAULT_LOG_TARGET ??= "syslog"
	30
	31	# The UIs are not yet tested and the dependencies are probably not quite correct yet.
	32	# Splitting into separate packages is beneficial so that no dead code is transferred
	33	# to the target device.
	34	# Without enabling qt5, the firewalld-config package is not usable.
	35	# Without enabling qt5 and gtk, the firewalld-applet package is not usable.
	36	PACKAGECONFIG[qt5] = ""
	37	PACKAGECONFIG[gtk] = ""
	38
	39	PACKAGES =+ "python3-firewall ${PN}-applet ${PN}-config ${PN}-offline-cmd ${PN}-zsh-completion ${PN}-log-rotate"
	40
	41	# iptables, ip6tables, ebtables, and ipset should be unnecessary
	42	# when the nftables backend is available, because nftables supersedes all of them.
	43	# However we still need iptables and ip6tables to be available otherwise any
	44	# application relying on "direct passthrough" rules (such as docker) will break.
	45	# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
	46	# the Red Hat-specific init script which we aren't using, so we disable that.
	47	EXTRA_OECONF = "\
	48	--with-iptables=${sbindir}/iptables \
	49	--with-iptables-restore=${sbindir}/iptables-restore \
	50	--with-ip6tables=${sbindir}/ip6tables \
	51	--with-ip6tables-restore=${sbindir}/ip6tables-restore \
	52	--disable-sysconfig \
	53	"
	54
	55	INITSCRIPT_NAME = "firewalld"
	56	SYSTEMD_SERVICE:${PN} = "firewalld.service"
	57
	58	# kernel modules loaded after ptest execution (linux-yocto 5.15)
	59	FIREWALLD_KERNEL_MODULES ?= "\
	60	xt_tcpudp \
	61	xt_TCPMSS \
	62	xt_set \
	63	xt_sctp \
	64	xt_REDIRECT \
	65	xt_pkttype \
	66	xt_NFLOG \
	67	xt_nat \
	68	xt_MASQUERADE \
	69	xt_mark \
	70	xt_mac \
	71	xt_LOG \
	72	xt_limit \
	73	xt_dccp \
	74	xt_CT \
	75	xt_conntrack \
	76	xt_CHECKSUM \
	77	nft_redir \
	78	nft_objref \
	79	nft_nat \
	80	nft_masq \
	81	nft_log \
	82	nfnetlink_log \
	83	nf_nat_tftp \
	84	nf_nat_sip \
	85	nf_nat_ftp \
	86	nf_log_syslog \
	87	nf_conntrack_tftp \
	88	nf_conntrack_sip \
	89	nf_conntrack_netbios_ns \
	90	nf_conntrack_ftp \
	91	nf_conntrack_broadcast \
	92	ipt_REJECT \
	93	ip6t_rpfilter \
	94	ip6t_REJECT \
	95	ip_set_hash_netport \
	96	ip_set_hash_netnet \
	97	ip_set_hash_netiface \
	98	ip_set_hash_net \
	99	ip_set_hash_mac \
	100	ip_set_hash_ipportnet \
	101	ip_set_hash_ipport \
	102	ip_set_hash_ipmark \
	103	ip_set_hash_ip \
	104	ebt_ip6 \
	105	nft_fib_inet \
	106	nft_fib_ipv4 \
	107	nft_fib_ipv6 \
	108	nft_fib \
	109	nft_reject_inet \
	110	nf_reject_ipv4 \
	111	nf_reject_ipv6 \
	112	nft_reject \
	113	nft_ct \
	114	nft_chain_nat \
	115	ebtable_nat \
	116	ebtable_broute \
	117	ip6table_nat \
	118	ip6table_mangle \
	119	ip6table_raw \
	120	ip6table_security \
	121	iptable_nat \
	122	nf_nat \
	123	nf_conntrack \
	124	nf_defrag_ipv6 \
	125	nf_defrag_ipv4 \
	126	iptable_mangle \
	127	iptable_raw \
	128	iptable_security \
	129	ip_set \
	130	ebtable_filter \
	131	ebtables \
	132	ip6table_filter \
	133	ip6_tables \
	134	iptable_filter \
	135	ip_tables \
	136	x_tables \
	137	sch_fq_codel \
	138	"
	139
	140	do_configure:prepend() {
	141	export DEFAULT_LOG_TARGET=${FIREWALLD_DEFAULT_LOG_TARGET}
	142	}
	143
	144	do_install:append() {
	145	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then
	146	# firewalld ships an init script but it contains Red Hat-isms, replace it with our own
	147	rm -rf ${D}${sysconfdir}/rc.d/
	148	install -d ${D}${sysconfdir}/init.d
	149	install -m0755 ${UNPACKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
	150	fi
	151
	152	if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'false', 'true', d)}; then
	153	# Delete polkit profiles if polkit is not available
	154	rm -rf ${D}${datadir}/polkit-1
	155	fi
	156
	157	# We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
	158	# so now we need to fix up any references to point at the proper path in the image.
	159	# This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
	160	if [ ${PN} != "${BPN}-native" ]; then
	161	sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
	162	${D}${bindir}/* ${D}${sbindir}/*
	163	fi
	164	sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
	165	${D}${bindir}/* ${D}${sbindir}/*
	166
	167	# This file contains Red Hat-isms. Modules get loaded without it.
	168	rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
	169	}
	170
	171	do_install_ptest:append() {
	172	# Add kernel modules to the ptest script
	173	if [ ${PTEST_ENABLED} = "1" ]; then
	174	sed -i -e 's:@@FIREWALLD_KERNEL_MODULES@@:${FIREWALLD_KERNEL_MODULES}:g' \
	175	${D}${PTEST_PATH}/run-ptest
	176	fi
	177	}
	178
	179	SUMMARY:python3-firewall = "${SUMMARY} (Python3 bindings)"
	180	FILES:python3-firewall = "\
	181	${PYTHON_SITEPACKAGES_DIR}/firewall/__pycache__/.py \
	182	${PYTHON_SITEPACKAGES_DIR}/firewall/.py \
	183	${PYTHON_SITEPACKAGES_DIR}/firewall/config/.py \
	184	${PYTHON_SITEPACKAGES_DIR}/firewall/config/__pycache__/.py \
	185	${PYTHON_SITEPACKAGES_DIR}/firewall/core/.py \
	186	${PYTHON_SITEPACKAGES_DIR}/firewall/core/__pycache__/.py \
	187	${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/.py \
	188	${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/__pycache__/.py \
	189	${PYTHON_SITEPACKAGES_DIR}/firewall/server/.py \
	190	${PYTHON_SITEPACKAGES_DIR}/firewall/server/__pycache__/.py \
	191	"
	192	RDEPENDS:python3-firewall = "\
	193	python3-dbus \
	194	nftables-python \
	195	python3-pygobject \
	196	"
	197
	198	# Do not depend on QT5 layer and GTK deps if not explicitely required.
	199	FIREWALLD_QT5_RDEPENDS = "\
	200	${PN}-config \
	201	hicolor-icon-theme \
	202	python3-pyqt5 \
	203	python3-pygobject \
	204	libnotify \
	205	networkmanager \
	206	"
	207	FIREWALLD_GTK_RDEPENDS = "\
	208	gtk3 \
	209	"
	210
	211	# A QT5 based UI
	212	SUMMARY:${PN}-config = "${SUMMARY} (configuration application)"
	213	FILES:${PN}-config = "\
	214	${bindir}/firewall-config \
	215	${datadir}/firewalld/firewall-config.glade \
	216	${datadir}/firewalld/gtk3_chooserbutton.py* \
	217	${datadir}/firewalld/gtk3_niceexpander.py* \
	218	${datadir}/applications/firewall-config.desktop \
	219	${datadir}/metainfo/firewall-config.appdata.xml \
	220	${datadir}/icons/hicolor//apps/firewall-config.* \
	221	"
	222	RDEPENDS:${PN}-config += "\
	223	python3-core \
	224	python3-ctypes \
	225	${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
	226	"
	227
	228	# A GTK3 applet depending on the QT5 firewall-config UI
	229	SUMMARY:${PN}-applet = "${SUMMARY} (panel applet)"
	230	FILES:${PN}-applet += "\
	231	${bindir}/firewall-applet \
	232	${sysconfdir}/xdg/autostart/firewall-applet.desktop \
	233	${sysconfdir}/firewall/applet.conf \
	234	${datadir}/icons/hicolor//apps/firewall-applet.* \
	235	"
	236	RDEPENDS:${PN}-applet += "\
	237	python3-core \
	238	python3-ctypes \
	239	${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
	240	${@bb.utils.contains('PACKAGECONFIG', 'gtk', '${FIREWALLD_GTK_RDEPENDS}', '', d)} \
	241	"
	242
	243	SUMMARY:${PN}-offline-cmd = "${SUMMARY} (offline configuration utility)"
	244	FILES:${PN}-offline-cmd += " \
	245	${bindir}/firewall-offline-cmd \
	246	"
	247	RDEPENDS:${PN}-offline-cmd += "python3-core"
	248
	249	SUMMARY:${PN}-log-rotate = "${SUMMARY} (log-rotate configuration)"
	250	FILES:${PN}-log-rotate += "${sysconfdir}/logrotate.d"
	251
	252	# To get allmost all tests passing
	253	# - Enable PACKAGECONFIG ipset, ebtable
	254	# - Enough RAM QB_MEM = "-m 8192" (used für fancy ipset tests)
	255	FILES:${PN}-ptest += "\
	256	${datadir}/firewalld/testsuite \
	257	"
	258	RDEPENDS:${PN}-ptest += "\
	259	python3-unittest \
	260	${PN}-offline-cmd \
	261	procps-ps \
	262	iproute2 \
	263	"
	264	RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us"
	265
	266	FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
	267
	268	FILES:${PN} += "\
	269	${PYTHON_SITEPACKAGES_DIR}/firewall \
	270	${nonarch_libdir}/firewalld \
	271	${datadir}/dbus-1 \
	272	${datadir}/polkit-1 \
	273	${datadir}/metainfo \
	274	${datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml \
	275	"
	276	RDEPENDS:${PN} += "\
	277	bash \
	278	python3-firewall \
	279	iptables \
	280	python3-core \
	281	python3-io \
	282	python3-fcntl \
	283	python3-syslog \
	284	python3-xml \
	285	python3-json \
	286	python3-ctypes \
	287	python3-pprint \
	288	"
	289	# If firewalld writes a log file rotation is needed
	290	RRECOMMENDS:${PN} += "${@bb.utils.contains_any('FIREWALLD_DEFAULT_LOG_TARGET', [ 'mixed', 'file' ], '${PN}-log-rotate', '', d)}"
	291
	292	# Add required kernel modules. With Yocto kernel 5.15 this currently means:
	293	# - features/nf_tables/nf_tables.scc
	294	# - features/netfilter/netfilter.scc
	295	# - cgl/features/audit/audit.scc
	296	# - cfg/net/ip6_nf.scc
	297	# - Plus:
	298	# - ebtables
	299	# - ipset
	300	# - CONFIG_IP6_NF_SECURITY=m
	301	# - CONFIG_IP6_NF_MATCH_RPFILTER=m
	302	# - CONFIG_IP6_NF_TARGET_REJECT=m
	303	# - CONFIG_NFT_OBJREF=m
	304	# - CONFIG_NFT_FIB=m
	305	# - CONFIG_NFT_FIB_INET=m
	306	# - CONFIG_NFT_FIB_IPV4=m
	307	# - CONFIG_NFT_FIB_IPV6=m
	308	# - CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
	309	# - CONFIG_NETFILTER_XT_SET=m
	310	def get_kernel_deps(d):
	311	kmodules = (d.getVar('FIREWALLD_KERNEL_MODULES') or "").split()
	312	return ' '.join([ 'kernel-module-' + mod.replace('_', '-').lower() for mod in kmodules ])
	313	RRECOMMENDS:${PN} += "${@get_kernel_deps(d)}"