[gentoo-commits] repo/gentoo:master commit in: net-firewall/ufw/

["Sam James" <sam@gentoo.org>]

commit:     20e9a962aeda2405fc08ef907fa28737561bb4cc
Author:     Dennis Eisele <kernlpanic <AT> dennis-eisele <DOT> de>
AuthorDate: Sun Apr 20 22:54:12 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 21 07:00:39 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20e9a962

net-firewall/ufw: add 0.36.2

Closes: https://bugs.gentoo.org/924310
Signed-off-by: Dennis Eisele <kernlpanic <AT> dennis-eisele.de>
Closes: https://github.com/gentoo/gentoo/pull/41678
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-firewall/ufw/Manifest          |   1 +
 net-firewall/ufw/ufw-0.36.2.ebuild | 218 +++++++++++++++++++++++++++++++++++++
 2 files changed, 219 insertions(+)

diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 2bec9e6be29e..1e6ccc0f60e8 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -1 +1,2 @@
 DIST ufw-0.36.1.tar.gz 583123 BLAKE2B 16e1ee67493d5db10a04667b646a019aa3aeb06345d0facc334fb07eeff4d4f6674a4699b2bd7bd6ed29de1c05c4e14812e9e8ec55c4bfb8579b8e3e2e577f6a SHA512 77d01fef661083eac041be6d6eabffb1d8aedb215f73e44e18a9a63a48da96414b3c0166e3ffd9402c22c72a6de5d774ba14b15368b02997aae8e08d1c5dd4c0
+DIST ufw-0.36.2.tar.gz 592562 BLAKE2B 630f80a18fdc462fbd91e61f4af496ad613b52ae6eef3e16558db9affcbcaedb5077e5d84fc6580175ec7358563cbb98612176fe570e0d03fdc1683766729e90 SHA512 43c5f31c98681e006b821f30e3d729eec0bbe21eeea833916b6ab18899201e5e243e5077ace32480b2a222b69b2c383ff95b7a50241053d025d68f34c25cd60b

diff --git a/net-firewall/ufw/ufw-0.36.2.ebuild b/net-firewall/ufw/ufw-0.36.2.ebuild
new file mode 100644
index 000000000000..75709e29ad4f
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.36.2.ebuild
@@ -0,0 +1,218 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..13} )
+inherit bash-completion-r1 eapi9-ver edo linux-info python-single-r1 systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw"
+SRC_URI="https://launchpad.net/ufw/${PV%.*}/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="examples ipv6"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="
+	${PYTHON_DEPS}
+	net-firewall/iptables[ipv6(+)?]
+"
+BDEPEND="
+	$(python_gen_cond_dep '
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	')
+	sys-devel/gettext
+"
+
+PATCHES=(
+	# Move files away from /lib/ufw.
+	"${FILESDIR}/${PN}-0.36.1-move-path.patch"
+	# Remove unnecessary build time dependency on net-firewall/iptables.
+	"${FILESDIR}/${PN}-0.36.1-dont-check-iptables.patch"
+	# Remove shebang modification.
+	"${FILESDIR}/${PN}-0.36.1-shebang.patch"
+	# Fix bash completions, bug #526300
+	"${FILESDIR}/${PN}-0.36-bash-completion.patch"
+	# Strip distutils use
+	"${FILESDIR}/${PN}-0.36.1-distutils.patch"
+)
+
+pkg_pretend() {
+	local CONFIG_CHECK="~PROC_FS
+		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+	if kernel_is -ge 2 6 39; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+	else
+		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+	fi
+
+	# https://bugs.launchpad.net/ufw/+bug/1076050
+	if kernel_is -ge 3 4; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+	else
+		CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+		use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+	fi
+
+	CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+	use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+	check_extra_config
+
+	# Check for default, useful optional features.
+	if ! linux_config_exists; then
+		ewarn "Cannot determine configuration of your kernel."
+		return
+	fi
+
+	local nf_nat_ftp_ok="yes"
+	local nf_conntrack_ftp_ok="yes"
+	local nf_conntrack_netbios_ns_ok="yes"
+
+	linux_chkconfig_present \
+		NF_NAT_FTP || nf_nat_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+	# This is better than an essay for each unset option...
+	if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+		echo
+		local mod_msg="Kernel options listed below are not set. They are not"
+		mod_msg+=" mandatory, but they are often useful."
+		mod_msg+=" If you don't need some of them, please remove relevant"
+		mod_msg+=" module name(s) from IPT_MODULES in"
+		mod_msg+=" '${EROOT}/etc/default/ufw' before (re)starting ufw."
+		mod_msg+=" Otherwise ufw may fail to start!"
+		ewarn "${mod_msg}"
+		if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
+			ewarn "NF_NAT_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	# Set as enabled by default. User can enable or disable
+	# the service by adding or removing it to/from a runlevel.
+	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+		|| die "sed failed (ufw.conf)"
+
+	sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+	# If LINGUAS is set install selected translations only.
+	if [[ -n ${LINGUAS+set} ]]; then
+		_EMPTY_LOCALE_LIST="yes"
+		pushd locales/po > /dev/null || die
+
+		local lang
+		for lang in *.po; do
+			if ! has "${lang%.po}" ${LINGUAS}; then
+				rm "${lang}" || die
+			else
+				_EMPTY_LOCALE_LIST="no"
+			fi
+		done
+
+		popd > /dev/null || die
+	else
+		_EMPTY_LOCALE_LIST="no"
+	fi
+}
+
+src_compile() {
+	edo ${EPYTHON} setup.py build
+}
+
+src_install() {
+	edo ${EPYTHON} setup.py install --prefix="${EPREFIX}/usr" --root="${D}"
+	python_fix_shebang "${ED}"
+	python_optimize
+	einstalldocs
+
+	newconfd "${FILESDIR}"/ufw.confd ufw
+	newinitd "${FILESDIR}"/ufw-2.initd ufw
+	systemd_dounit "${FILESDIR}/ufw.service"
+
+	pushd "${ED}" || die
+	chmod -R 0644 etc/ufw/*.rules || die
+	popd || die
+
+	exeinto /usr/share/${PN}
+	doexe tests/check-requirements
+
+	# users normally would want it
+	insinto "/usr/share/doc/${PF}/logging/syslog-ng"
+	doins -r "${FILESDIR}"/syslog-ng/*
+
+	insinto "/usr/share/doc/${PF}/logging/rsyslog"
+	doins -r "${FILESDIR}"/rsyslog/*
+	doins doc/rsyslog.example
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r examples/*
+	fi
+	newbashcomp shell-completion/bash "${PN}"
+
+	[[ ${_EMPTY_LOCALE_LIST} != "yes" ]] && domo locales/mo/*.mo
+}
+
+pkg_postinst() {
+	local found=()
+	local apps=( "net-firewall/arno-iptables-firewall"
+		"net-firewall/ferm"
+		"net-firewall/firehol"
+		"net-firewall/firewalld"
+		"net-firewall/ipkungfu" )
+
+	for exe in "${apps[@]}"
+	do
+		if has_version "${exe}"; then
+			found+=( "${exe}" )
+		fi
+	done
+
+	if [[ -n ${found} ]]; then
+		echo ""
+		ewarn "WARNING: Detected other firewall applications:"
+		ewarn "${found[@]}"
+		ewarn "If enabled, these applications may interfere with ufw!"
+	fi
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		echo ""
+		elog "To enable ufw, add it to boot sequence and activate it:"
+		elog "-- # rc-update add ufw boot"
+		elog "-- # /etc/init.d/ufw start"
+		echo
+		elog "If you want to keep ufw logs in a separate file, take a look at"
+		elog "/usr/share/doc/${PF}/logging."
+	fi
+	if [[ -z ${REPLACING_VERSIONS} ]] || ver_replacing -lt 0.34; then
+		echo
+		elog "/usr/share/ufw/check-requirements script is installed."
+		elog "It is useful for debugging problems with ufw. However one"
+		elog "should keep in mind that the script assumes IPv6 is enabled"
+		elog "on kernel and net-firewall/iptables, and fails when it's not."
+	fi
+	echo
+	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+	ewarn "default. See README, Remote Management section for more information."
+}