* [gentoo-commits] gentoo-x86 commit in net-firewall/ufw/files: ufw.confd ufw-dont-check-iptables.patch ufw-2.initd ufw-move-path.patch
@ 2011-07-24 11:18 Peter Volkov (pva)
0 siblings, 0 replies; only message in thread
From: Peter Volkov (pva) @ 2011-07-24 11:18 UTC (permalink / raw
To: gentoo-commits
pva 11/07/24 11:18:22
Added: ufw.confd ufw-dont-check-iptables.patch ufw-2.initd
ufw-move-path.patch
Log:
Initial import, bug #264912, thank Sławomir Nizio for this job.
(Portage version: 2.1.10.6/cvs/Linux x86_64)
Revision Changes Path
1.1 net-firewall/ufw/files/ufw.confd
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw.confd?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw.confd?rev=1.1&content-type=text/plain
Index: ufw.confd
===================================================================
# If equals to "yes", warnings that firewall is disabled
# (using `ufw disable') will be suppressed and the service
# will be considered started.
# Default if unset or another value is "no".
ufw_nonfatal_if_disabled=no
1.1 net-firewall/ufw/files/ufw-dont-check-iptables.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw-dont-check-iptables.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw-dont-check-iptables.patch?rev=1.1&content-type=text/plain
Index: ufw-dont-check-iptables.patch
===================================================================
--- setup.py 2011-03-22 19:00:03.000000000 +0100
+++ setup.py 2011-06-10 19:28:41.798000241 +0200
@@ -224,41 +224,7 @@
os.unlink(os.path.join('staging', 'ufw-init'))
os.unlink(os.path.join('staging', 'ufw-init-functions'))
-iptables_exe = ''
-iptables_dir = ''
-
-for e in ['iptables']:
- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
- '/usr/local/bin']:
- if e == "iptables":
- if os.path.exists(os.path.join(dir, e)):
- iptables_dir = dir
- iptables_exe = os.path.join(iptables_dir, "iptables")
- print "Found '%s'" % iptables_exe
- else:
- continue
-
- if iptables_exe != "":
- break
-
-
-if iptables_exe == '':
- print >> sys.stderr, "ERROR: could not find required binary 'iptables'"
- sys.exit(1)
-
-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
- if not os.path.exists(os.path.join(iptables_dir, e)):
- print >> sys.stderr, "ERROR: could not find required binary '%s'" % (e)
- sys.exit(1)
-
-(rc, out) = cmd([iptables_exe, '-V'])
-if rc != 0:
- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
- (iptables_exe))
-version = re.sub('^v', '', re.split('\s', out)[1])
-print "Found '%s' version '%s'" % (iptables_exe, version)
-if version < "1.4":
- print >> sys.stderr, "WARN: version '%s' has limited IPv6 support. See README for details." % (version)
+iptables_dir = '/sbin'
setup (name='ufw',
version=ufw_version,
1.1 net-firewall/ufw/files/ufw-2.initd
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw-2.initd?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw-2.initd?rev=1.1&content-type=text/plain
Index: ufw-2.initd
===================================================================
#!/sbin/runscript
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/files/ufw-2.initd,v 1.1 2011/07/24 11:18:22 pva Exp $
depend() {
before net
provide firewall
}
start() {
ebegin "Starting ufw"
_source_file || { eend $?; return $?; }
local enabled_in_cfg ret
_check_if_enabled_in_cfg
enabled_in_cfg=$?
# Avoid "Firewall already started, use 'force-reload'" message that
# appears if `ufw enable' had been run before start().
if _status_quiet; then
eend 0
return
fi
# The ufw_start function does the same: if ufw is disabled using `ufw disable',
# ufw_start would not start ufw and return 0, so let's handle this case.
case $enabled_in_cfg in
0)
ufw_start
ret=$?
eend $ret "Failed to start ufw."
;;
1)
# see /etc/conf.d/<name>
if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
ret=1
eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first."
else
ret=0
eend 0
fi
;;
2)
ret=1
eend $ret "Failed to start ufw."
;;
esac
return $ret
}
stop() {
ebegin "Stopping ufw"
_source_file || { eend $?; return $?; }
local enabled_in_cfg ret
_check_if_enabled_in_cfg
enabled_in_cfg=$?
# Same as above (unless --force is passed to ufw_stop).
case $enabled_in_cfg in
0)
ufw_stop
ret=$?
;;
1)
einfo "INFO: ufw is configured to be disabled"
ufw_stop --force
ret=$?
;;
2)
ret=1
;;
esac
eend $ret "Failed to stop ufw."
return $ret
}
_status_quiet() {
# return values: 0 - started, 1 - stopped, 2 - error
# Does not execute _source_file.
local ret
ufw_status > /dev/null
ret=$?
# Return values for ufw_status come from /usr/share/ufw/ufw-init-functions.
case $ret in
0) return 0 ;;
3) return 1 ;;
*) return 2 ;;
esac
}
_source_file() {
local sourced_f="/usr/share/ufw/ufw-init-functions"
if [ ! -f "$sourced_f" ]; then
eerror "Cannot find file $sourced_f!"
return 1
fi
local _path=$PATH
if ! source "$sourced_f"; then
# PATH can be broken here, fix it...
PATH=$_path
eerror "Error sourcing file $sourced_f"
return 1
fi
if [ -z "$PATH" ]; then
PATH=$_path
else
PATH="${PATH}:${_path}"
fi
return 0
}
_check_if_enabled_in_cfg() {
# Check if user has enabled the firewall with "ufw enable".
# Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.
local sourced_f="/etc/ufw/ufw.conf"
if [ ! -f "$sourced_f" ]; then
eerror "Cannot find file $sourced_f!"
return 2
fi
if ! source "$sourced_f"; then
eerror "Error sourcing file $sourced_f"
return 2
fi
if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
return 0
else
return 1
fi
}
1.1 net-firewall/ufw/files/ufw-move-path.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw-move-path.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ufw/files/ufw-move-path.patch?rev=1.1&content-type=text/plain
Index: ufw-move-path.patch
===================================================================
diff -Naur ufw-0.30.1.orig/doc/ufw-framework.8 ufw-0.30.1/doc/ufw-framework.8
--- ufw-0.30.1.orig/doc/ufw-framework.8 2011-06-10 19:30:18.499000275 +0200
+++ ufw-0.30.1/doc/ufw-framework.8 2011-06-10 21:44:32.990000351 +0200
@@ -18,7 +18,7 @@
parameters and configuration of IPv6. The framework consists of the following
files:
.TP
-#STATE_PREFIX#/ufw\-init
+#SHARE_DIR#/ufw\-init
initialization script
.TP
#CONFIG_PREFIX#/ufw/before[6].rules
@@ -41,7 +41,7 @@
.SH "BOOT INITIALIZATION"
.PP
-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
+\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
standard SysV style initscript used by the \fBufw\fR command and should not be
modified. It supports the following arguments:
.TP
diff -Naur ufw-0.30.1.orig/README ufw-0.30.1/README
--- ufw-0.30.1.orig/README 2011-06-10 19:30:18.487000275 +0200
+++ ufw-0.30.1/README 2011-06-10 21:44:32.844000351 +0200
@@ -58,7 +58,7 @@
on your needs, this can be as simple as adding the following to a startup
script (eg rc.local for systems that use it):
-# /lib/ufw/ufw-init start
+# /usr/share/ufw/ufw-init start
For systems that use SysV initscripts, an example script is provided in
doc/initscript.example. See doc/upstart.example for an Upstart example. Consult
@@ -72,9 +72,9 @@
/etc/defaults/ufw high level configuration
/etc/ufw/before[6].rules rules evaluated before UI added rules
/etc/ufw/after[6].rules rules evaluated after UI added rules
-/lib/ufw/user[6].rules UI added rules (not to be modified)
+/etc/ufw/user/user[6].rules UI added rules (not to be modified)
/etc/ufw/sysctl.conf kernel network tunables
-/lib/ufw/ufw-init start script
+/usr/share/ufw/ufw-init start script
Usage
@@ -149,7 +149,7 @@
that the primary chains don't move around other non-ufw rules and chains. To
completely flush the built-in chains with this configuration, you can use:
-# /lib/ufw/ufw-init flush-all
+# /usr/share/ufw/ufw-init flush-all
Alternately, ufw may also take full control of the firewall by setting
MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
@@ -245,7 +245,7 @@
Remote Management
-----------------
-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
'enabled' it will insert rules into the existing chains, and therefore not
flush the chains (but will when modifying a rule or changing the default
@@ -288,7 +288,7 @@
Distributions
-------------
-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
+While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
ufw, this script is meant to be used by ufw itself, and therefore not
particularly user friendly. See doc/initscript.example for a simple
implementation that can be adapted to your distribution.
diff -Naur ufw-0.30.1.orig/setup.py ufw-0.30.1/setup.py
--- ufw-0.30.1.orig/setup.py 2011-06-10 19:30:18.488000275 +0200
+++ ufw-0.30.1/setup.py 2011-06-10 21:44:32.846000351 +0200
@@ -54,7 +54,8 @@
return
real_confdir = os.path.join('/etc')
- real_statedir = os.path.join('/lib', 'ufw')
+ # real_statedir = os.path.join('/lib', 'ufw')
+ real_statedir = os.path.join('/etc', 'ufw', 'user')
real_prefix = self.prefix
if self.home != None:
real_confdir = self.home + real_confdir
@@ -116,7 +117,7 @@
self.copy_file('doc/ufw.8', manpage)
self.copy_file('doc/ufw-framework.8', manpage_f)
- # Install state files and helper scripts
+ # Install state files
statedir = real_statedir
if self.root != None:
statedir = self.root + real_statedir
@@ -127,8 +128,14 @@
self.copy_file('conf/user.rules', user_rules)
self.copy_file('conf/user6.rules', user6_rules)
- init_helper = os.path.join(statedir, 'ufw-init')
- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
+ # Install helper scripts
+ sharedir = real_sharedir
+ if self.root != None:
+ sharedir = self.root + real_sharedir
+ self.mkpath(sharedir)
+
+ init_helper = os.path.join(sharedir, 'ufw-init')
+ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
self.copy_file('src/ufw-init', init_helper)
self.copy_file('src/ufw-init-functions', init_helper_functions)
@@ -199,13 +206,18 @@
subprocess.call(["sed",
"-i",
+ "s%#SHARE_DIR#%" + real_sharedir + "%g",
+ file])
+
+ subprocess.call(["sed",
+ "-i",
"s%#VERSION#%" + ufw_version + "%g",
file])
# Install pristine copies of rules files
- sharedir = real_sharedir
- if self.root != None:
- sharedir = self.root + real_sharedir
+ #sharedir = real_sharedir
+ #if self.root != None:
+ # sharedir = self.root + real_sharedir
rulesdir = os.path.join(sharedir, 'iptables')
self.mkpath(rulesdir)
for file in [ before_rules, after_rules, \
diff -Naur ufw-0.30.1.orig/src/backend_iptables.py ufw-0.30.1/src/backend_iptables.py
--- ufw-0.30.1.orig/src/backend_iptables.py 2011-06-10 19:30:18.502000275 +0200
+++ ufw-0.30.1/src/backend_iptables.py 2011-06-10 21:44:33.044000351 +0200
@@ -24,7 +24,7 @@
import tempfile
import time
-from ufw.common import UFWError, UFWRule, config_dir, state_dir, prefix_dir
+from ufw.common import UFWError, UFWRule, config_dir, share_dir, state_dir, prefix_dir
from ufw.util import warn, debug, msg, cmd, cmd_pipe
import ufw.backend
@@ -40,7 +40,7 @@
files['rules6'] = os.path.join(state_dir, 'user6.rules')
files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
- files['init'] = os.path.join(state_dir, 'ufw-init')
+ files['init'] = os.path.join(share_dir, 'ufw-init')
ufw.backend.UFWBackend.__init__(self, "iptables", d, files)
diff -Naur ufw-0.30.1.orig/src/ufw-init ufw-0.30.1/src/ufw-init
--- ufw-0.30.1.orig/src/ufw-init 2011-06-10 19:30:18.502000275 +0200
+++ ufw-0.30.1/src/ufw-init 2011-06-10 21:44:33.054000351 +0200
@@ -18,8 +18,8 @@
#
set -e
-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then
- . "#STATE_PREFIX#/ufw-init-functions"
+if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then
+ . "#SHARE_DIR#/ufw-init-functions"
else
echo "Could not find $s (aborting)"
exit 1
@@ -56,7 +56,7 @@
flush_builtins || exit "$?"
;;
*)
- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
exit 1
;;
esac
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-07-24 11:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-24 11:18 [gentoo-commits] gentoo-x86 commit in net-firewall/ufw/files: ufw.confd ufw-dont-check-iptables.patch ufw-2.initd ufw-move-path.patch Peter Volkov (pva)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox