blob: f55d709a1f936e91e0653007257d273d01b6e4ad (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
AUTOTOOLS_AUTORECONF=1
AUTOTOOLS_IN_SOURCE_BUILD=1
DISABLE_AUTOFORMATTING=1
DISTUTILS_OPTIONAL=1
# Python extension supports only Python2
# See https://github.com/mrash/fwknop/issues/167
PYTHON_COMPAT=( python2_7 )
inherit autotools-utils eutils distutils-r1 linux-info readme.gentoo-r1 systemd
DESCRIPTION="Single Packet Authorization and Port Knocking application"
HOMEPAGE="http://www.cipherdyne.org/fwknop/ https://github.com/mrash/fwknop"
SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="client extras firewalld gdbm gpg iptables python server udp-server"
DEPEND="
client? ( net-misc/wget[ssl] )
firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] )
gdbm? ( sys-libs/gdbm )
gpg? (
app-crypt/gpgme
dev-libs/libassuan
dev-libs/libgpg-error
)
iptables? ( net-firewall/iptables )
python? ( ${PYTHON_DEPS} )
server? ( !udp-server? ( net-libs/libpcap ) )
"
RDEPEND="${DEPEND}"
REQUIRED_USE="
python? ( ${PYTHON_REQUIRED_USE} )
firewalld? ( server )
iptables? ( server )
server? ( ^^ ( firewalld iptables ) )
udp-server? ( server )
"
DOCS=( ChangeLog README.md )
DOC_CONTENTS="
Example configuration files were installed in /etc/fwknopd directory.
Please edit them to fit your needs and then remove the .example suffix.
fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf.
You can set the desired backend via FIREWALL_EXE option in fwknopd.conf
instead of the default one chosen at compile time.
"
pkg_pretend() {
if use server; then
if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then
ewarn "fwknopd uses the iptables 'comment' match to expire SPA rules,"
ewarn "which is a major security feature and is enabled by default."
ewarn "Please either enable NETFILTER_XT_MATCH_COMMENT support in your"
ewarn "kernel, or set the appropriate ENABLE_{FIREWD,IPT}_COMMENT_CHECK"
ewarn "to 'N' in your fwknopd.conf file."
fi
fi
}
src_prepare() {
# Install example configs with .example suffix
if use server; then
sed -i -e 's/conf;/conf.example;/g' "${S}"/Makefile.am || die
fi
autotools-utils_src_prepare
}
src_configure() {
local myeconfargs=(
--localstatedir=/run
--enable-digest-cache
$(use_enable client)
$(use_enable !gdbm file-cache)
$(use_enable server)
$(use_enable udp-server)
$(use_with gpg gpgme)
)
use firewalld && myeconfargs+=(--with-firewalld=/usr/sbin/firewalld)
use iptables && myeconfargs+=(--with-iptables=/sbin/iptables)
autotools-utils_src_configure
}
src_compile() {
autotools-utils_src_compile
if use python; then
cd "${S}"/python || die
distutils-r1_src_compile
fi
}
src_install() {
autotools-utils_src_install
prune_libtool_files --modules
if use server; then
newinitd "${FILESDIR}/fwknopd.init" fwknopd
newconfd "${FILESDIR}/fwknopd.confd" fwknopd
systemd_dounit extras/systemd/fwknopd.service
systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf
readme.gentoo_create_doc
fi
use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd"
if use python; then
# Unset DOCS since distutils-r1.eclass interferes
local DOCS=()
cd "${S}"/python || die
distutils-r1_src_install
fi
}
pkg_postinst() {
use server && readme.gentoo_print_elog
}
|
GitWeb