diff options
-rw-r--r-- | user/ufw/APKBUILD | 42 | ||||
-rw-r--r-- | user/ufw/ufw-0.36-bash-completion.patch | 16 | ||||
-rw-r--r-- | user/ufw/ufw-0.36-move-path.patch | 174 | ||||
-rw-r--r-- | user/ufw/ufw.confd | 5 | ||||
-rw-r--r-- | user/ufw/ufw.initd | 136 |
5 files changed, 373 insertions, 0 deletions
diff --git a/user/ufw/APKBUILD b/user/ufw/APKBUILD new file mode 100644 index 000000000..10ea2ab5e --- /dev/null +++ b/user/ufw/APKBUILD @@ -0,0 +1,42 @@ +# Contributor: +# Maintainer: +pkgname=ufw +pkgver=0.36 +pkgrel=0 +pkgdesc="Uncomplicated Firewall" +url="https://launchpad.net/ufw" +arch="noarch" +options="!check" # No test suite. +license="GPL-3.0-only AND GPL-2.0-only" +depends="python3 iptables" +makedepends="python3-dev gettext-tiny-dev" +subpackages="ufw-doc + ufw-openrc + " +source="http://launchpad.net/ufw/$pkgver/$pkgver/+download/$pkgname-$pkgver.tar.gz + ufw-0.36-bash-completion.patch + ufw-0.36-move-path.patch + + ufw.initd + ufw.confd + " + +build() { + python3 setup.py build +} + +package() { + python3 setup.py install --root="$pkgdir" + gzip "$pkgdir"/usr/share/man/man8/ufw.8 + gzip "$pkgdir"/usr/share/man/man8/ufw-framework.8 + install -D -m755 "$srcdir"/ufw.initd \ + "$pkgdir"/etc/init.d/ufw + install -D -m644 "$srcdir"/ufw.confd \ + "$pkgdir"/etc/conf.d/ufw +} + +sha512sums="b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3 ufw-0.36.tar.gz +11a9cf4906fa0bd677e745615b3c4d663512a1d05f9c21149d09624237a88938b9ed83b8ca876dbcf9bbac41a4bf7155eba76ec32778e025f013e1ffb07e4abb ufw-0.36-bash-completion.patch +228ed40f800b8ed4bbc217df9478c1c0be5eb1ec154abd2d3a3cd6c92902632f07ef70c3ca3f2478bfe501735a0f6f0b7fa8d8f4991fdaead4332e4c65bad0c9 ufw-0.36-move-path.patch +f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80 ufw.initd +a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 ufw.confd" diff --git a/user/ufw/ufw-0.36-bash-completion.patch b/user/ufw/ufw-0.36-bash-completion.patch new file mode 100644 index 000000000..927af244e --- /dev/null +++ b/user/ufw/ufw-0.36-bash-completion.patch @@ -0,0 +1,16 @@ +--- a/shell-completion/bash 2018-12-14 21:25:55.000000000 +0300 ++++ b/shell-completion/bash 2019-03-21 01:26:46.152181981 +0300 +@@ -57,7 +57,6 @@ + echo "numbered verbose" + } + +-_have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -91,4 +90,4 @@ + fi + } + +-_have ufw && complete -F _ufw ufw ++complete -F _ufw ufw diff --git a/user/ufw/ufw-0.36-move-path.patch b/user/ufw/ufw-0.36-move-path.patch new file mode 100644 index 000000000..1ba9d117b --- /dev/null +++ b/user/ufw/ufw-0.36-move-path.patch @@ -0,0 +1,174 @@ +--- a/doc/ufw-framework.8 2018-12-14 21:25:55.000000000 +0300 ++++ b/doc/ufw-framework.8 2019-03-21 00:12:37.852104313 +0300 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before.init +@@ -47,7 +47,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init + scripts may be used to perform any additional firewall configuration that is +--- a/README 2018-07-24 16:42:38.000000000 +0300 ++++ b/README 2019-03-21 00:18:18.253205303 +0300 +@@ -60,7 +60,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example and +@@ -74,10 +74,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script +- ++/usr/share/ufw/ufw-init start script + + Usage + ----- +@@ -152,7 +151,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -260,7 +259,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -303,7 +302,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +--- a/setup.py 2018-12-14 21:25:55.000000000 +0300 ++++ b/setup.py 2019-03-21 00:44:49.603002503 +0300 +@@ -55,7 +55,7 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -132,14 +132,20 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir + self.mkpath(statedir) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -220,14 +226,19 @@ + f]) + + subprocess.call(["sed", ++ "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ f]) ++ ++ subprocess.call(["sed", + "-i", + "s%#VERSION#%" + ufw_version + "%g", + f]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for f in [ before_rules, after_rules, \ +--- a/src/backend_iptables.py 2018-12-14 21:25:55.000000000 +0300 ++++ b/src/backend_iptables.py 2019-03-21 00:52:10.416829220 +0300 +@@ -38,6 +38,7 @@ + files = {} + config_dir = _findpath(ufw.common.config_dir, datadir) + state_dir = _findpath(ufw.common.state_dir, datadir) ++ share_dir = _findpath(ufw.common.share_dir, datadir) + + files['rules'] = os.path.join(config_dir, 'ufw/user.rules') + files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules') +@@ -45,7 +46,7 @@ + files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(state_dir, 'ufw-init') ++ files['init'] = os.path.join(share_dir, 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files, + rootdir=rootdir, datadir=datadir) +--- a/src/ufw-init 2018-03-30 22:45:52.000000000 +0300 ++++ b/src/ufw-init 2019-03-21 01:06:32.720483789 +0300 +@@ -31,10 +31,11 @@ + fi + export DATA_DIR="$datadir" + +-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then +- . "${rootdir}#STATE_PREFIX#/ufw-init-functions" ++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then ++ . "${rootdir}#SHARE_DIR#/ufw-init-functions" ++ + else +- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)" ++ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)" + exit 1 + fi + +@@ -83,7 +84,7 @@ + fi + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/user/ufw/ufw.confd b/user/ufw/ufw.confd new file mode 100644 index 000000000..900d3bf67 --- /dev/null +++ b/user/ufw/ufw.confd @@ -0,0 +1,5 @@ +# If equals to "yes", warnings that firewall is disabled +# (using `ufw disable') will be suppressed and the service +# will be considered started. +# Default if unset or another value is "no". +ufw_nonfatal_if_disabled=no diff --git a/user/ufw/ufw.initd b/user/ufw/ufw.initd new file mode 100644 index 000000000..bccd83ddb --- /dev/null +++ b/user/ufw/ufw.initd @@ -0,0 +1,136 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before net + provide firewall +} + +start() { + ebegin "Starting ufw" + _source_file || { eend $?; return $?; } + + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Avoid "Firewall already started, use 'force-reload'" message that + # appears if `ufw enable' had been run before start(). + if _status_quiet; then + eend 0 + return + fi + + # The ufw_start function does the same: if ufw is disabled using `ufw disable', + # ufw_start would not start ufw and return 0, so let's handle this case. + case $enabled_in_cfg in + 0) + ufw_start + ret=$? + eend $ret "Failed to start ufw." + ;; + 1) + # see /etc/conf.d/<name> + if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then + ret=1 + eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first." + else + ret=0 + eend 0 + fi + ;; + 2) + ret=1 + eend $ret "Failed to start ufw." + ;; + esac + + return $ret +} + +stop() { + ebegin "Stopping ufw" + _source_file || { eend $?; return $?; } + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Same as above (unless --force is passed to ufw_stop). + case $enabled_in_cfg in + 0) + ufw_stop + ret=$? + ;; + 1) + einfo "INFO: ufw is configured to be disabled" + ufw_stop --force + ret=$? + ;; + 2) + ret=1 + ;; + esac + + eend $ret "Failed to stop ufw." + return $ret +} + +_status_quiet() { + # return values: 0 - started, 1 - stopped, 2 - error + # Does not execute _source_file. + local ret + ufw_status > /dev/null + ret=$? + # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions. + case $ret in + 0) return 0 ;; + 3) return 1 ;; + *) return 2 ;; + esac +} + +_source_file() { + local sourced_f="/usr/share/ufw/ufw-init-functions" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 1 + fi + + local _path=$PATH + if ! . "$sourced_f"; then + # PATH can be broken here, fix it... + PATH=$_path + eerror "Error sourcing file $sourced_f" + return 1 + fi + + if [ -z "$PATH" ]; then + PATH=$_path + else + PATH="${PATH}:${_path}" + fi + return 0 +} + +_check_if_enabled_in_cfg() { + # Check if user has enabled the firewall with "ufw enable". + # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error. + + local sourced_f="/etc/ufw/ufw.conf" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 2 + fi + + if ! . "$sourced_f"; then + eerror "Error sourcing file $sourced_f" + return 2 + fi + + if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then + return 0 + else + return 1 + fi +} |