From e6ab1ec84bb581deb5c0078b7029a0d80fb5a772 Mon Sep 17 00:00:00 2001 From: Adrian Freihofer Date: Mon, 25 Jan 2021 11:14:12 +0100 Subject: firewalld: upgrade 0.9.2 -> 0.9.3 Fix new dependencies to nftables-python. Firewalld has been changed to use python bindings instead of calling the nftables cli utility. (Has this firewalld recipe been used with firewalld's default configuration which defaults to nftables backend?) Signed-off-by: Adrian Freihofer Signed-off-by: Khem Raj --- .../firewalld/firewalld_0.9.2.bb | 91 --------------------- .../firewalld/firewalld_0.9.3.bb | 92 ++++++++++++++++++++++ 2 files changed, 92 insertions(+), 91 deletions(-) delete mode 100644 meta-networking/recipes-connectivity/firewalld/firewalld_0.9.2.bb create mode 100644 meta-networking/recipes-connectivity/firewalld/firewalld_0.9.3.bb (limited to 'meta-networking/recipes-connectivity/firewalld') diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.2.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.2.bb deleted file mode 100644 index 792c7ad617..0000000000 --- a/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.2.bb +++ /dev/null @@ -1,91 +0,0 @@ -SUMMARY = "Dynamic firewall daemon with a D-Bus interface" -HOMEPAGE = "https://firewalld.org/" -BUGTRACKER = "https://github.com/firewalld/firewalld/issues" -UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ - file://firewalld.init \ -" -SRC_URI[sha256sum] = "f982c72d640b0677d510b73d9b05d377b4615c5ef36a3710c62350b39fb62efe" - -# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 -DEPENDS = "intltool-native glib-2.0-native" - -inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd" -PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native" - -PACKAGES += "${PN}-zsh-completion" - -# iptables, ip6tables, ebtables, and ipset *should* be unnecessary -# when the nftables backend is available, because nftables supersedes all of them. -# However we still need iptables and ip6tables to be available otherwise any -# application relying on "direct passthrough" rules (such as docker) will break. -# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by -# the Red Hat-specific init script which we aren't using, so we disable that. -EXTRA_OECONF = "\ - --without-ipset \ - --with-iptables=${sbindir}/iptables \ - --with-iptables-restore=${sbindir}/iptables-restore \ - --with-ip6tables=${sbindir}/ip6tables \ - --with-ip6tables-restore=${sbindir}/ip6tables-restore \ - --without-ebtables \ - --without-ebtables-restore \ - --disable-sysconfig \ -" - -INITSCRIPT_NAME = "firewalld" -SYSTEMD_SERVICE_${PN} = "firewalld.service" - -do_install_append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - : - else - # firewalld ships an init script but it contains Red Hat-isms, replace it with our own - rm -rf ${D}${sysconfdir}/rc.d/ - install -d ${D}${sysconfdir}/init.d - install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld - fi - - # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE - # so now we need to fix up any references to point at the proper path in the image. - # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. - if [ ${PN} != "${BPN}-native" ]; then - sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - fi - sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - - # This file contains Red Hat-isms. Modules get loaded without it. - rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf -} - -FILES_${PN} += "\ - ${PYTHON_SITEPACKAGES_DIR}/firewall \ - ${nonarch_libdir}/firewalld \ - ${datadir}/dbus-1 \ - ${datadir}/polkit-1 \ - ${datadir}/metainfo \ -" -FILES_${PN}-zsh-completion = "${datadir}/zsh/site-functions" - -RDEPENDS_${PN} = "\ - nftables \ - iptables \ - python3-core \ - python3-io \ - python3-fcntl \ - python3-shell \ - python3-syslog \ - python3-xml \ - python3-dbus \ - python3-slip-dbus \ - python3-decorator \ - python3-pygobject \ - nftables-python \ -" diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.3.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.3.bb new file mode 100644 index 0000000000..9aad510b4e --- /dev/null +++ b/meta-networking/recipes-connectivity/firewalld/firewalld_0.9.3.bb @@ -0,0 +1,92 @@ +SUMMARY = "Dynamic firewall daemon with a D-Bus interface" +HOMEPAGE = "https://firewalld.org/" +BUGTRACKER = "https://github.com/firewalld/firewalld/issues" +UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ + file://firewalld.init \ +" +SRC_URI[sha256sum] = "5998894db976d77996ca0a6b700a2f4125b9f283465fb255da9bddfb1640cb27" + +# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 +DEPENDS = "intltool-native glib-2.0-native nftables" + +inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd" +PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native" + +PACKAGES += "${PN}-zsh-completion" + +# iptables, ip6tables, ebtables, and ipset *should* be unnecessary +# when the nftables backend is available, because nftables supersedes all of them. +# However we still need iptables and ip6tables to be available otherwise any +# application relying on "direct passthrough" rules (such as docker) will break. +# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by +# the Red Hat-specific init script which we aren't using, so we disable that. +EXTRA_OECONF = "\ + --without-ipset \ + --with-iptables=${sbindir}/iptables \ + --with-iptables-restore=${sbindir}/iptables-restore \ + --with-ip6tables=${sbindir}/ip6tables \ + --with-ip6tables-restore=${sbindir}/ip6tables-restore \ + --without-ebtables \ + --without-ebtables-restore \ + --disable-sysconfig \ +" + +INITSCRIPT_NAME = "firewalld" +SYSTEMD_SERVICE_${PN} = "firewalld.service" + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + : + else + # firewalld ships an init script but it contains Red Hat-isms, replace it with our own + rm -rf ${D}${sysconfdir}/rc.d/ + install -d ${D}${sysconfdir}/init.d + install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld + fi + + # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE + # so now we need to fix up any references to point at the proper path in the image. + # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. + if [ ${PN} != "${BPN}-native" ]; then + sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml + fi + sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml + + # This file contains Red Hat-isms. Modules get loaded without it. + rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf +} + +FILES_${PN} += "\ + ${PYTHON_SITEPACKAGES_DIR}/firewall \ + ${nonarch_libdir}/firewalld \ + ${datadir}/dbus-1 \ + ${datadir}/polkit-1 \ + ${datadir}/metainfo \ +" +FILES_${PN}-zsh-completion = "${datadir}/zsh/site-functions" + +RDEPENDS_${PN} = "\ + nftables-python \ + iptables \ + python3-core \ + python3-io \ + python3-fcntl \ + python3-shell \ + python3-syslog \ + python3-xml \ + python3-dbus \ + python3-slip-dbus \ + python3-decorator \ + python3-pygobject \ + python3-json \ + python3-ctypes \ +" -- cgit v1.2.3-54-g00ecf