From 004b59425208a2d633f7659d44a65a509052f973 Mon Sep 17 00:00:00 2001
From: "Vitor Brandão (noisebleed)" <vitorbrandao.pt@gmail.com>
Date: Fri, 18 Sep 2009 21:50:23 +0000
Subject: net-wireless/coova-chilli: New Ebuild for bug 217141
 (net-wireless/coova-chilli). Thanks to Laurento Frittella.

svn path=/sunrise/; revision=9244
---
 net-wireless/coova-chilli/ChangeLog                |  9 ++++
 net-wireless/coova-chilli/Manifest                 |  6 +++
 .../coova-chilli/coova-chilli-1.0.11.ebuild        | 33 ++++++++++++
 net-wireless/coova-chilli/files/chilli             | 44 +++++++++++++++
 net-wireless/coova-chilli/files/firewall.iptables  | 63 ++++++++++++++++++++++
 net-wireless/coova-chilli/metadata.xml             | 14 +++++
 6 files changed, 169 insertions(+)
 create mode 100644 net-wireless/coova-chilli/ChangeLog
 create mode 100644 net-wireless/coova-chilli/Manifest
 create mode 100644 net-wireless/coova-chilli/coova-chilli-1.0.11.ebuild
 create mode 100644 net-wireless/coova-chilli/files/chilli
 create mode 100644 net-wireless/coova-chilli/files/firewall.iptables
 create mode 100644 net-wireless/coova-chilli/metadata.xml

diff --git a/net-wireless/coova-chilli/ChangeLog b/net-wireless/coova-chilli/ChangeLog
new file mode 100644
index 000000000..4bbf9dc1a
--- /dev/null
+++ b/net-wireless/coova-chilli/ChangeLog
@@ -0,0 +1,9 @@
+# ChangeLog for net-wireless/coova-chilli
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+  18 Sep 2009; Vitor Brandão (noisebleed) <vitorbrandao.pt@gmail.com>
+  +coova-chilli-1.0.11.ebuild, +files/chilli, +files/firewall.iptables,
+  +metadata.xml:
+  New Ebuild for bug 217141. Thanks to Laurento Frittella
+
diff --git a/net-wireless/coova-chilli/Manifest b/net-wireless/coova-chilli/Manifest
new file mode 100644
index 000000000..cfc96ac58
--- /dev/null
+++ b/net-wireless/coova-chilli/Manifest
@@ -0,0 +1,6 @@
+AUX chilli 939 RMD160 3bb2924863360826b80969e84841ff67aba2ccd7 SHA1 21b36ddf83938412b63019c9a44f8e889b29da22 SHA256 4be8d1393e466bdc06cf37675cad11857ff96e8f4be7e9dbc50a6136ecd50f24
+AUX firewall.iptables 2013 RMD160 6c81c9f92414b8e846d179917ff5323199564eaa SHA1 b3e2a75b7f37661849e691911a72697b57fb12bf SHA256 484d7d1a8e27c4909088367c66818ccb47057eaeaa2f1e8c205d883528160e4e
+DIST coova-chilli-1.0.11.tar.gz 542862 RMD160 49bc11313f6b3a516485c555442368e40dc6479c SHA1 60fe535bcbd85d4484241e56ed084095b1704945 SHA256 f50ee950c1a248909f785b8f80bc0a5efa8cfc2120ddeb5060cab1d4e2d001f3
+EBUILD coova-chilli-1.0.11.ebuild 986 RMD160 4bf2ddbe72e2b06c79179cd53e8bea33cd16a03c SHA1 2a95c737676b41e5ba5ca91668970073d36eb21f SHA256 d61a3873213b337f4ddc947ba49296c3620fa7b798c7fdcded9b9e4d7031fcc5
+MISC ChangeLog 345 RMD160 f487213fb1492fe9469c71ce7948805c50e7c8f7 SHA1 17f9b30a486374ac5ee47957fd59f7050f319fc3 SHA256 f4d1d8eb8fcbf46338f0cad8502d20b25987d538f115c6e30c717a8e4e7c46c7
+MISC metadata.xml 556 RMD160 ac9a080e2c6b855f8336c6ba8da4eb76f9cae989 SHA1 a016043367fa4febaffbab8239bfbb91c8642da9 SHA256 f79ba6b4f87272d9978cd9335dcf3622af1979b6d668f32ed8e3d3b7dc919eec
diff --git a/net-wireless/coova-chilli/coova-chilli-1.0.11.ebuild b/net-wireless/coova-chilli/coova-chilli-1.0.11.ebuild
new file mode 100644
index 000000000..1552d040e
--- /dev/null
+++ b/net-wireless/coova-chilli/coova-chilli-1.0.11.ebuild
@@ -0,0 +1,33 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils
+
+MY_PN="CoovaChilli"
+DESCRIPTION="CoovaChilli is an open-source software access controller, based on
+the ChilliSpot project."
+HOMEPAGE="http://www.coova.org/CoovaChilli"
+SRC_URI="http://ap.coova.org/chilli/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+
+src_install() {
+	emake DESTDIR="${D}" install || die "Install failed"
+
+	# We need to overwrite the provided init script
+	doinitd "${FILESDIR}"/chilli || die "doinitd failed"
+
+	dodoc doc/hotspotlogin.cgi "${FILESDIR}"/firewall.iptables || die "dodoc
+	failed"
+}
+
+pkg_postinst() {
+	elog "$MY_PN uses RADIUS for access provisioning and accounting so be sure"
+	elog "to install and configure a RADIUS server before using ${MY_PN}."
+	elog "Gentoo-wiki has a nice guide regarding this (uses Freeradius):"
+	elog "  http://en.gentoo-wiki.com/wiki/Chillispot_with_FreeRadius_and_MySQL"
+}
diff --git a/net-wireless/coova-chilli/files/chilli b/net-wireless/coova-chilli/files/chilli
new file mode 100644
index 000000000..090851eab
--- /dev/null
+++ b/net-wireless/coova-chilli/files/chilli
@@ -0,0 +1,44 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+# Import chilli specific functions
+. /etc/chilli/functions
+
+depend() {
+        use net logger
+}
+
+
+checkconfig() {
+	check_required
+
+        if [ -f /etc/chilli.conf ]; then
+                return 0;
+        else
+                eerror "Error starting CoovaChilli. Please create /etc/chilli.conf before."
+                return 1;
+        fi
+}
+
+start() {
+        checkconfig || return 1
+        ebegin "Starting CoovaChilli"
+
+	# TODO: check for tun module and ip_forward
+
+	writeconfig
+	radiusconfig
+
+        start-stop-daemon --start --pidfile /var/run/chilli.pid --quiet \
+                --exec /usr/sbin/chilli -- --pidfile=/var/run/chilli.pid
+        eend $?
+}
+
+stop() {
+        ebegin "Stopping Chillispot"
+        start-stop-daemon --stop --pidfile /var/run/chilli.pid --quiet
+        eend $?
+}
+
diff --git a/net-wireless/coova-chilli/files/firewall.iptables b/net-wireless/coova-chilli/files/firewall.iptables
new file mode 100644
index 000000000..f1c856fd1
--- /dev/null
+++ b/net-wireless/coova-chilli/files/firewall.iptables
@@ -0,0 +1,63 @@
+#!/bin/sh
+#
+# Firewall script for ChilliSpot
+# A Wireless LAN Access Point Controller
+#
+# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
+# $INTIF (eth1) as the internal interface (access points).
+#
+#
+# SUMMARY
+# * All connections originating from chilli are allowed.
+# * Only ssh is allowed in on external interface.
+# * Nothing is allowed in on internal interface.
+# * Forwarding is allowed to and from the external interface, but disallowed
+#   to and from the internal interface.
+# * NAT is enabled on the external interface.
+
+IPTABLES="/sbin/iptables"
+EXTIF="eth0"
+INTIF="eth1"
+
+#Flush all rules
+$IPTABLES -F 
+$IPTABLES -F -t nat
+$IPTABLES -F -t mangle
+
+#Set default behaviour
+$IPTABLES -P INPUT DROP
+$IPTABLES -P FORWARD ACCEPT
+$IPTABLES -P OUTPUT ACCEPT
+
+#Allow related and established on all interfaces (input)
+$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+#Allow releated, established and ssh on $EXTIF. Reject everything else.
+$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
+$IPTABLES -A INPUT -i $EXTIF -j REJECT
+
+#Allow related and established from $INTIF. Drop everything else.
+$IPTABLES -A INPUT -i $INTIF -j DROP
+
+#Allow http and https on other interfaces (input).
+#This is only needed if authentication server is on same server as chilli
+$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
+$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
+
+#Allow 3990 on other interfaces (input).
+$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
+
+#Allow ICMP echo on other interfaces (input).
+$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+
+#Allow everything on loopback interface.
+$IPTABLES -A INPUT -i lo -j ACCEPT
+
+# Drop everything to and from $INTIF (forward)
+# This means that access points can only be managed from ChilliSpot
+$IPTABLES -A FORWARD -i $INTIF -j DROP
+$IPTABLES -A FORWARD -o $INTIF -j DROP
+
+#Enable NAT on output device
+$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
+
diff --git a/net-wireless/coova-chilli/metadata.xml b/net-wireless/coova-chilli/metadata.xml
new file mode 100644
index 000000000..889f41b9a
--- /dev/null
+++ b/net-wireless/coova-chilli/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<longdescription>
+CoovaChilli is an open-source software access controller, based on the 
+popular (but now defunct) ChilliSpot project, and is actively maintained 
+by an original ChilliSpot contributor.
+
+CoovaChilli is a feature rich software access controller that provides a 
+captive portal / walled-garden environment and uses RADIUS for access 
+provisioning and accounting
+</longdescription>
+</pkgmetadata>
-- 
cgit v1.2.3-65-gdbad