From 130f6f2ea6b6e76f30df7d27afdbbb475e12b83f Mon Sep 17 00:00:00 2001
From: Randy McCaskill <randy@mccaskill.us>
Date: Thu, 30 Jan 2020 03:19:45 +0000
Subject: Add ufw package

---
 user/ufw/APKBUILD                       |  42 ++++++++
 user/ufw/ufw-0.36-bash-completion.patch |  16 +++
 user/ufw/ufw-0.36-move-path.patch       | 174 ++++++++++++++++++++++++++++++++
 user/ufw/ufw.confd                      |   5 +
 user/ufw/ufw.initd                      | 136 +++++++++++++++++++++++++
 5 files changed, 373 insertions(+)
 create mode 100644 user/ufw/APKBUILD
 create mode 100644 user/ufw/ufw-0.36-bash-completion.patch
 create mode 100644 user/ufw/ufw-0.36-move-path.patch
 create mode 100644 user/ufw/ufw.confd
 create mode 100644 user/ufw/ufw.initd

(limited to 'user')

diff --git a/user/ufw/APKBUILD b/user/ufw/APKBUILD
new file mode 100644
index 000000000..10ea2ab5e
--- /dev/null
+++ b/user/ufw/APKBUILD
@@ -0,0 +1,42 @@
+# Contributor:
+# Maintainer:
+pkgname=ufw
+pkgver=0.36
+pkgrel=0
+pkgdesc="Uncomplicated Firewall"
+url="https://launchpad.net/ufw"
+arch="noarch"
+options="!check"  # No test suite.
+license="GPL-3.0-only AND GPL-2.0-only"
+depends="python3 iptables"
+makedepends="python3-dev gettext-tiny-dev"
+subpackages="ufw-doc
+	ufw-openrc
+	"
+source="http://launchpad.net/ufw/$pkgver/$pkgver/+download/$pkgname-$pkgver.tar.gz
+	ufw-0.36-bash-completion.patch
+	ufw-0.36-move-path.patch
+
+	ufw.initd
+	ufw.confd
+	"
+
+build() {
+	python3 setup.py build
+}
+
+package() {
+	python3 setup.py install --root="$pkgdir"
+	gzip "$pkgdir"/usr/share/man/man8/ufw.8
+	gzip "$pkgdir"/usr/share/man/man8/ufw-framework.8
+	install -D -m755 "$srcdir"/ufw.initd \
+		"$pkgdir"/etc/init.d/ufw
+	install -D -m644 "$srcdir"/ufw.confd \
+		"$pkgdir"/etc/conf.d/ufw
+}
+
+sha512sums="b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3  ufw-0.36.tar.gz
+11a9cf4906fa0bd677e745615b3c4d663512a1d05f9c21149d09624237a88938b9ed83b8ca876dbcf9bbac41a4bf7155eba76ec32778e025f013e1ffb07e4abb  ufw-0.36-bash-completion.patch
+228ed40f800b8ed4bbc217df9478c1c0be5eb1ec154abd2d3a3cd6c92902632f07ef70c3ca3f2478bfe501735a0f6f0b7fa8d8f4991fdaead4332e4c65bad0c9  ufw-0.36-move-path.patch
+f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80  ufw.initd
+a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7  ufw.confd"
diff --git a/user/ufw/ufw-0.36-bash-completion.patch b/user/ufw/ufw-0.36-bash-completion.patch
new file mode 100644
index 000000000..927af244e
--- /dev/null
+++ b/user/ufw/ufw-0.36-bash-completion.patch
@@ -0,0 +1,16 @@
+--- a/shell-completion/bash	2018-12-14 21:25:55.000000000 +0300
++++ b/shell-completion/bash	2019-03-21 01:26:46.152181981 +0300
+@@ -57,7 +57,6 @@
+     echo "numbered verbose"
+ }
+ 
+-_have ufw &&
+ _ufw()
+ {
+     cur=${COMP_WORDS[COMP_CWORD]}
+@@ -91,4 +90,4 @@
+     fi
+ }
+ 
+-_have ufw && complete -F _ufw ufw
++complete -F _ufw ufw
diff --git a/user/ufw/ufw-0.36-move-path.patch b/user/ufw/ufw-0.36-move-path.patch
new file mode 100644
index 000000000..1ba9d117b
--- /dev/null
+++ b/user/ufw/ufw-0.36-move-path.patch
@@ -0,0 +1,174 @@
+--- a/doc/ufw-framework.8	2018-12-14 21:25:55.000000000 +0300
++++ b/doc/ufw-framework.8	2019-03-21 00:12:37.852104313 +0300
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before.init
+@@ -47,7 +47,7 @@
+ 
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
+ scripts may be used to perform any additional firewall configuration that is
+--- a/README	2018-07-24 16:42:38.000000000 +0300
++++ b/README	2019-03-21 00:18:18.253205303 +0300
+@@ -60,7 +60,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+ 
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+ 
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example and
+@@ -74,10 +74,9 @@
+ /etc/defaults/ufw 		high level configuration
+ /etc/ufw/before[6].rules 	rules evaluated before UI added rules
+ /etc/ufw/after[6].rules 	rules evaluated after UI added rules
+-/lib/ufw/user[6].rules		UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules	UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf 		kernel network tunables
+-/lib/ufw/ufw-init		start script
+-
++/usr/share/ufw/ufw-init		start script
+ 
+ Usage
+ -----
+@@ -152,7 +151,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+ 
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+ 
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -260,7 +259,7 @@
+ 
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -303,7 +302,7 @@
+ 
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+--- a/setup.py	2018-12-14 21:25:55.000000000 +0300
++++ b/setup.py	2019-03-21 00:44:49.603002503 +0300
+@@ -55,7 +55,7 @@
+             return
+ 
+         real_confdir = os.path.join('/etc')
+-        real_statedir = os.path.join('/lib', 'ufw')
++        real_statedir = os.path.join('/etc', 'ufw', 'user')
+         real_prefix = self.prefix
+         if self.home != None:
+             real_confdir = self.home + real_confdir
+@@ -132,14 +132,20 @@
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
+ 
+-        # Install state files and helper scripts
++        # Install state files
+         statedir = real_statedir
+         if self.root != None:
+             statedir = self.root + real_statedir
+         self.mkpath(statedir)
+ 
+-        init_helper = os.path.join(statedir, 'ufw-init')
+-        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++        # Install helper scripts
++        sharedir = real_sharedir
++        if self.root != None:
++            sharedir = self.root + real_sharedir
++        self.mkpath(sharedir)
++
++        init_helper = os.path.join(sharedir, 'ufw-init')
++        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+         self.copy_file('src/ufw-init', init_helper)
+         self.copy_file('src/ufw-init-functions', init_helper_functions)
+ 
+@@ -220,14 +226,19 @@
+                              f])
+ 
+             subprocess.call(["sed",
++                              "-i",
++                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
++                             f])
++
++            subprocess.call(["sed",
+                              "-i",
+                              "s%#VERSION#%" + ufw_version + "%g",
+                              f])
+ 
+         # Install pristine copies of rules files
+-        sharedir = real_sharedir
+-        if self.root != None:
+-            sharedir = self.root + real_sharedir
++        #sharedir = real_sharedir
++        #if self.root != None:
++        #    sharedir = self.root + real_sharedir
+         rulesdir = os.path.join(sharedir, 'iptables')
+         self.mkpath(rulesdir)
+         for f in [ before_rules, after_rules, \
+--- a/src/backend_iptables.py	2018-12-14 21:25:55.000000000 +0300
++++ b/src/backend_iptables.py	2019-03-21 00:52:10.416829220 +0300
+@@ -38,6 +38,7 @@
+         files = {}
+         config_dir = _findpath(ufw.common.config_dir, datadir)
+         state_dir = _findpath(ufw.common.state_dir, datadir)
++        share_dir = _findpath(ufw.common.share_dir, datadir)
+ 
+         files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+         files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
+@@ -45,7 +46,7 @@
+         files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules')
+         files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+         files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+-        files['init'] = os.path.join(state_dir, 'ufw-init')
++        files['init'] = os.path.join(share_dir, 'ufw-init')
+ 
+         ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
+                                         rootdir=rootdir, datadir=datadir)
+--- a/src/ufw-init	2018-03-30 22:45:52.000000000 +0300
++++ b/src/ufw-init	2019-03-21 01:06:32.720483789 +0300
+@@ -31,10 +31,11 @@
+ fi
+ export DATA_DIR="$datadir"
+ 
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+-    . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++    . "${rootdir}#SHARE_DIR#/ufw-init-functions"
++
+ else
+-    echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
++    echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+     exit 1
+ fi
+ 
+@@ -83,7 +84,7 @@
+     fi
+     ;;
+ *)
+-    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+     exit 1
+     ;;
+ esac
diff --git a/user/ufw/ufw.confd b/user/ufw/ufw.confd
new file mode 100644
index 000000000..900d3bf67
--- /dev/null
+++ b/user/ufw/ufw.confd
@@ -0,0 +1,5 @@
+# If equals to "yes", warnings that firewall is disabled
+# (using `ufw disable') will be suppressed and the service
+# will be considered started.
+# Default if unset or another value is "no".
+ufw_nonfatal_if_disabled=no
diff --git a/user/ufw/ufw.initd b/user/ufw/ufw.initd
new file mode 100644
index 000000000..bccd83ddb
--- /dev/null
+++ b/user/ufw/ufw.initd
@@ -0,0 +1,136 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	before net
+	provide firewall
+}
+
+start() {
+	ebegin "Starting ufw"
+	_source_file || { eend $?; return $?; }
+
+	local enabled_in_cfg ret
+	_check_if_enabled_in_cfg
+	enabled_in_cfg=$?
+
+	# Avoid "Firewall already started, use 'force-reload'" message that
+	# appears if `ufw enable' had been run before start().
+	if _status_quiet; then
+		eend 0
+		return
+	fi
+
+	# The ufw_start function does the same: if ufw is disabled using `ufw disable',
+	# ufw_start would not start ufw and return 0, so let's handle this case.
+	case $enabled_in_cfg in
+	0)
+		ufw_start
+		ret=$?
+		eend $ret "Failed to start ufw."
+		;;
+	1)
+		# see /etc/conf.d/<name>
+		if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
+			ret=1
+			eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first."
+		else
+			ret=0
+			eend 0
+		fi
+		;;
+	2)
+		ret=1
+		eend $ret "Failed to start ufw."
+		;;
+	esac
+
+	return $ret
+}
+
+stop() {
+	ebegin "Stopping ufw"
+	_source_file || { eend $?; return $?; }
+	local enabled_in_cfg ret
+	_check_if_enabled_in_cfg
+	enabled_in_cfg=$?
+
+	# Same as above (unless --force is passed to ufw_stop).
+	case $enabled_in_cfg in
+	0)
+		ufw_stop
+		ret=$?
+		;;
+	1)
+		einfo "INFO: ufw is configured to be disabled"
+		ufw_stop --force
+		ret=$?
+		;;
+	2)
+		ret=1
+		;;
+	esac
+
+	eend $ret "Failed to stop ufw."
+	return $ret
+}
+
+_status_quiet() {
+	# return values: 0 - started, 1 - stopped, 2 - error
+	# Does not execute _source_file.
+	local ret
+	ufw_status > /dev/null
+	ret=$?
+	# Return values for ufw_status come from /usr/share/ufw/ufw-init-functions.
+	case $ret in
+	0) return 0 ;;
+	3) return 1 ;;
+	*) return 2 ;;
+	esac
+}
+
+_source_file() {
+	local sourced_f="/usr/share/ufw/ufw-init-functions"
+	if [ ! -f "$sourced_f" ]; then
+		eerror "Cannot find file $sourced_f!"
+		return 1
+	fi
+
+	local _path=$PATH
+	if ! . "$sourced_f"; then
+		# PATH can be broken here, fix it...
+		PATH=$_path
+		eerror "Error sourcing file $sourced_f"
+		return 1
+	fi
+
+	if [ -z "$PATH" ]; then
+		PATH=$_path
+	else
+		PATH="${PATH}:${_path}"
+	fi
+	return 0
+}
+
+_check_if_enabled_in_cfg() {
+	# Check if user has enabled the firewall with "ufw enable".
+	# Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.
+
+	local sourced_f="/etc/ufw/ufw.conf"
+	if [ ! -f "$sourced_f" ]; then
+		eerror "Cannot find file $sourced_f!"
+		return 2
+	fi
+
+	if ! . "$sourced_f"; then
+		eerror "Error sourcing file $sourced_f"
+		return 2
+	fi
+
+	if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
-- 
cgit v1.2.3-60-g2f50