[gentoo-commits] repo/gentoo:master commit in: net-firewall/ufw/, net-firewall/ufw/files/

["Patrice Clement" <monsieurp@gentoo.org>]

commit:     13cabfd23b3d793596453e85057789ef14a4faa1
Author:     Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
AuthorDate: Thu Mar 21 01:08:46 2019 +0000
Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Sat Mar 30 18:32:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13cabfd2

net-firewall/ufw: version bump to 0.36 && EAPI 7 bump.

Reported-by: yuLya <gen2xmach1ne <AT> tutanota.com>
Tested-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Closes: https://bugs.gentoo.org/680540
Closes: https://github.com/gentoo/gentoo/pull/11430
Package-Manager: Portage-2.3.62, Repoman-2.3.11
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>

 net-firewall/ufw/Manifest                          |   1 +
 .../ufw/files/ufw-0.36-bash-completion.patch       |  16 ++
 .../ufw/files/ufw-0.36-dont-check-iptables.patch   |  45 +++++
 net-firewall/ufw/files/ufw-0.36-move-path.patch    | 174 ++++++++++++++++++
 net-firewall/ufw/files/ufw-0.36-shebang.patch      |  15 ++
 net-firewall/ufw/metadata.xml                      |  15 +-
 net-firewall/ufw/ufw-0.36.ebuild                   | 199 +++++++++++++++++++++
 7 files changed, 463 insertions(+), 2 deletions(-)

diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index ed396f855b3..ad31ad0661a 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -1,2 +1,3 @@
 DIST ufw-0.34_pre805.tar.gz 335875 BLAKE2B a2b654fe35a299ffd9978ef14a8d5667f799b654b6285bc81756c8081d9f4417b2fa9c05a234351d42709c2c57ff624b4fe7bca8ffe4d13cd12436feead6e4da SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263
 DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
+DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3

diff --git a/net-firewall/ufw/files/ufw-0.36-bash-completion.patch b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
new file mode 100644
index 00000000000..927af244eef
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
@@ -0,0 +1,16 @@
+--- a/shell-completion/bash	2018-12-14 21:25:55.000000000 +0300
++++ b/shell-completion/bash	2019-03-21 01:26:46.152181981 +0300
+@@ -57,7 +57,6 @@
+     echo "numbered verbose"
+ }
+ 
+-_have ufw &&
+ _ufw()
+ {
+     cur=${COMP_WORDS[COMP_CWORD]}
+@@ -91,4 +90,4 @@
+     fi
+ }
+ 
+-_have ufw && complete -F _ufw ufw
++complete -F _ufw ufw

diff --git a/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
new file mode 100644
index 00000000000..11eb1748dd1
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
@@ -0,0 +1,45 @@
+--- a/setup.py	2019-03-21 01:32:28.500245586 +0300
++++ b/setup.py	2019-03-21 01:39:17.166095026 +0300
+@@ -257,41 +257,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+ 
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+-    for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
+-                '/usr/local/bin']:
+-        if e == "iptables":
+-            if os.path.exists(os.path.join(dir, e)):
+-                iptables_dir = dir
+-                iptables_exe = os.path.join(iptables_dir, "iptables")
+-                print("Found '%s'" % iptables_exe)
+-            else:
+-                continue
+-
+-        if iptables_exe != "":
+-            break
+-
+-
+-if iptables_exe == '':
+-    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+-    sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+-    if not os.path.exists(os.path.join(iptables_dir, e)):
+-        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
+-        sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+-    raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+-                  (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', str(out))[1])
+-print("Found '%s' version '%s'" % (iptables_exe, version))
+-if version < "1.4":
+-    print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
++iptables_dir = '/sbin'
+ 
+ setup (name='ufw',
+       version=ufw_version,

diff --git a/net-firewall/ufw/files/ufw-0.36-move-path.patch b/net-firewall/ufw/files/ufw-0.36-move-path.patch
new file mode 100644
index 00000000000..1ba9d117be5
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-move-path.patch
@@ -0,0 +1,174 @@
+--- a/doc/ufw-framework.8	2018-12-14 21:25:55.000000000 +0300
++++ b/doc/ufw-framework.8	2019-03-21 00:12:37.852104313 +0300
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before.init
+@@ -47,7 +47,7 @@
+ 
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
+ scripts may be used to perform any additional firewall configuration that is
+--- a/README	2018-07-24 16:42:38.000000000 +0300
++++ b/README	2019-03-21 00:18:18.253205303 +0300
+@@ -60,7 +60,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+ 
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+ 
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example and
+@@ -74,10 +74,9 @@
+ /etc/defaults/ufw 		high level configuration
+ /etc/ufw/before[6].rules 	rules evaluated before UI added rules
+ /etc/ufw/after[6].rules 	rules evaluated after UI added rules
+-/lib/ufw/user[6].rules		UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules	UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf 		kernel network tunables
+-/lib/ufw/ufw-init		start script
+-
++/usr/share/ufw/ufw-init		start script
+ 
+ Usage
+ -----
+@@ -152,7 +151,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+ 
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+ 
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -260,7 +259,7 @@
+ 
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -303,7 +302,7 @@
+ 
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+--- a/setup.py	2018-12-14 21:25:55.000000000 +0300
++++ b/setup.py	2019-03-21 00:44:49.603002503 +0300
+@@ -55,7 +55,7 @@
+             return
+ 
+         real_confdir = os.path.join('/etc')
+-        real_statedir = os.path.join('/lib', 'ufw')
++        real_statedir = os.path.join('/etc', 'ufw', 'user')
+         real_prefix = self.prefix
+         if self.home != None:
+             real_confdir = self.home + real_confdir
+@@ -132,14 +132,20 @@
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
+ 
+-        # Install state files and helper scripts
++        # Install state files
+         statedir = real_statedir
+         if self.root != None:
+             statedir = self.root + real_statedir
+         self.mkpath(statedir)
+ 
+-        init_helper = os.path.join(statedir, 'ufw-init')
+-        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++        # Install helper scripts
++        sharedir = real_sharedir
++        if self.root != None:
++            sharedir = self.root + real_sharedir
++        self.mkpath(sharedir)
++
++        init_helper = os.path.join(sharedir, 'ufw-init')
++        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+         self.copy_file('src/ufw-init', init_helper)
+         self.copy_file('src/ufw-init-functions', init_helper_functions)
+ 
+@@ -220,14 +226,19 @@
+                              f])
+ 
+             subprocess.call(["sed",
++                              "-i",
++                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
++                             f])
++
++            subprocess.call(["sed",
+                              "-i",
+                              "s%#VERSION#%" + ufw_version + "%g",
+                              f])
+ 
+         # Install pristine copies of rules files
+-        sharedir = real_sharedir
+-        if self.root != None:
+-            sharedir = self.root + real_sharedir
++        #sharedir = real_sharedir
++        #if self.root != None:
++        #    sharedir = self.root + real_sharedir
+         rulesdir = os.path.join(sharedir, 'iptables')
+         self.mkpath(rulesdir)
+         for f in [ before_rules, after_rules, \
+--- a/src/backend_iptables.py	2018-12-14 21:25:55.000000000 +0300
++++ b/src/backend_iptables.py	2019-03-21 00:52:10.416829220 +0300
+@@ -38,6 +38,7 @@
+         files = {}
+         config_dir = _findpath(ufw.common.config_dir, datadir)
+         state_dir = _findpath(ufw.common.state_dir, datadir)
++        share_dir = _findpath(ufw.common.share_dir, datadir)
+ 
+         files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+         files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
+@@ -45,7 +46,7 @@
+         files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules')
+         files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+         files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+-        files['init'] = os.path.join(state_dir, 'ufw-init')
++        files['init'] = os.path.join(share_dir, 'ufw-init')
+ 
+         ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
+                                         rootdir=rootdir, datadir=datadir)
+--- a/src/ufw-init	2018-03-30 22:45:52.000000000 +0300
++++ b/src/ufw-init	2019-03-21 01:06:32.720483789 +0300
+@@ -31,10 +31,11 @@
+ fi
+ export DATA_DIR="$datadir"
+ 
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+-    . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++    . "${rootdir}#SHARE_DIR#/ufw-init-functions"
++
+ else
+-    echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
++    echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+     exit 1
+ fi
+ 
+@@ -83,7 +84,7 @@
+     fi
+     ;;
+ *)
+-    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+     exit 1
+     ;;
+ esac

diff --git a/net-firewall/ufw/files/ufw-0.36-shebang.patch b/net-firewall/ufw/files/ufw-0.36-shebang.patch
new file mode 100644
index 00000000000..8c2b8fe2392
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-shebang.patch
@@ -0,0 +1,15 @@
+--- a/setup.py	2019-03-21 01:51:55.751971770 +0300
++++ b/setup.py	2019-03-21 01:54:40.142513567 +0300
+@@ -122,12 +122,6 @@
+         for f in [ script, manpage, manpage_f ]:
+             self.mkpath(os.path.dirname(f))
+ 
+-        # update the interpreter to that of the one the user specified for setup
+-        print("Updating staging/ufw to use %s" % (sys.executable))
+-        subprocess.call(["sed",
+-                         "-i",
+-                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+-                         'staging/ufw'])
+         self.copy_file('staging/ufw', script)
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)

diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
index b8103d2da1a..a35eb64d103 100644
--- a/net-firewall/ufw/metadata.xml
+++ b/net-firewall/ufw/metadata.xml
@@ -1,13 +1,24 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<!-- maintainer-needed -->	
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="examples">Example ufw config files</flag>
+		<flag name="ipv6">IPv6 support for iptables</flag>
+	</use>
 	<longdescription lang="en">
 	The Uncomplicated Firewall (ufw) is a frontend for iptables and is
 	particularly well-suited for host-based firewalls. It provides a framework
 	for managing netfilter, as well as an easy to use command-line interface for
 	manipulating the firewall.
-</longdescription>
+	</longdescription>
 	<upstream>
 		<remote-id type="launchpad">ufw</remote-id>
 	</upstream>

diff --git a/net-firewall/ufw/ufw-0.36.ebuild b/net-firewall/ufw/ufw-0.36.ebuild
new file mode 100644
index 00000000000..a625741775a
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.36.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 distutils-r1 eutils linux-info systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw"
+SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="examples ipv6"
+
+DEPEND=""
+
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+	!<kde-misc/kcm-ufw-0.4.2
+	!<net-firewall/ufw-frontends-0.3.2"
+
+BDEPEND="sys-devel/gettext"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+	# Move files away from /lib/ufw.
+	"${FILESDIR}/${P}-move-path.patch"
+	# Remove unnecessary build time dependency on net-firewall/iptables.
+	"${FILESDIR}/${P}-dont-check-iptables.patch"
+	# Remove shebang modification.
+	"${FILESDIR}/${P}-shebang.patch"
+	# Fix bash completions, bug #526300
+	"${FILESDIR}/${P}-bash-completion.patch"
+)
+
+pkg_pretend() {
+	local CONFIG_CHECK="~PROC_FS
+		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+	if kernel_is -ge 2 6 39; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+	else
+		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+	fi
+
+	# https://bugs.launchpad.net/ufw/+bug/1076050
+	if kernel_is -ge 3 4; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+	else
+		CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+		use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+	fi
+
+	CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+	use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+	check_extra_config
+
+	# Check for default, useful optional features.
+	if ! linux_config_exists; then
+		ewarn "Cannot determine configuration of your kernel."
+		return
+	fi
+
+	local nf_nat_ftp_ok="yes"
+	local nf_conntrack_ftp_ok="yes"
+	local nf_conntrack_netbios_ns_ok="yes"
+
+	linux_chkconfig_present \
+		NF_NAT_FTP || nf_nat_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+	# This is better than an essay for each unset option...
+	if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+		echo
+		local mod_msg="Kernel options listed below are not set. They are not"
+		mod_msg+=" mandatory, but they are often useful."
+		mod_msg+=" If you don't need some of them, please remove relevant"
+		mod_msg+=" module name(s) from IPT_MODULES in"
+		mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+		mod_msg+=" Otherwise ufw may fail to start!"
+		ewarn "${mod_msg}"
+		if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
+			ewarn "NF_NAT_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+		fi
+	fi
+}
+
+python_prepare_all() {
+	# Set as enabled by default. User can enable or disable
+	# the service by adding or removing it to/from a runlevel.
+	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+		|| die "sed failed (ufw.conf)"
+
+	sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+	# If LINGUAS is set install selected translations only.
+	if [[ -n ${LINGUAS+set} ]]; then
+		_EMPTY_LOCALE_LIST="yes"
+		pushd locales/po > /dev/null || die
+
+		local lang
+		for lang in *.po; do
+			if ! has "${lang%.po}" ${LINGUAS}; then
+				rm "${lang}" || die
+			else
+				_EMPTY_LOCALE_LIST="no"
+			fi
+		done
+
+		popd > /dev/null || die
+	else
+		_EMPTY_LOCALE_LIST="no"
+	fi
+
+	distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+	newconfd "${FILESDIR}"/ufw.confd ufw
+	newinitd "${FILESDIR}"/ufw-2.initd ufw
+	systemd_dounit "${FILESDIR}/ufw.service"
+
+	exeinto /usr/share/${PN}
+	doexe tests/check-requirements
+
+	# users normally would want it
+	docinto "/usr/share/doc/${PF}/logging/syslog-ng"
+	doins -r "${FILESDIR}"/syslog-ng/*
+
+	docinto "/usr/share/doc/${PF}/logging/rsyslog"
+	doins -r "${FILESDIR}"/rsyslog/*
+	doins doc/rsyslog.example
+
+	if use examples; then
+		docinto "/usr/share/doc/${PF}/examples"
+		doins -r examples/*
+	fi
+	newbashcomp shell-completion/bash "${PN}"
+
+	[[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo
+
+	distutils-r1_python_install_all
+	python_replicate_script "${D}/usr/sbin/ufw"
+}
+
+pkg_postinst() {
+	local print_check_req_warn
+	print_check_req_warn=false
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		echo
+		elog "To enable ufw, add it to boot sequence and activate it:"
+		elog "-- # rc-update add ufw boot"
+		elog "-- # /etc/init.d/ufw start"
+		echo
+		elog "If you want to keep ufw logs in a separate file, take a look at"
+		elog "/usr/share/doc/${PF}/logging."
+		print_check_req_warn=true
+	else
+		local rv
+		for rv in "${REPLACING_VERSIONS}"; do
+			local major=${rv%%.*}
+			local minor=${rv#${major}.}
+			if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then
+				print_check_req_warn=true
+			fi
+		done
+	fi
+	if [[ "${print_check_req_warn}" == "true" ]]; then
+		echo
+		elog "/usr/share/ufw/check-requirements script is installed."
+		elog "It is useful for debugging problems with ufw. However one"
+		elog "should keep in mind that the script assumes IPv6 is enabled"
+		elog "on kernel and net-firewall/iptables, and fails when it's not."
+	fi
+	echo
+	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+	ewarn "default. See README, Remote Management section for more information."
+}