diff options
Diffstat (limited to 'meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb')
| -rw-r--r-- | meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb | 310 |
1 files changed, 0 insertions, 310 deletions
diff --git a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb b/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb deleted file mode 100644 index 987cc640e1..0000000000 --- a/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb +++ /dev/null @@ -1,310 +0,0 @@ -SUMMARY = "Dynamic firewall daemon with a D-Bus interface" -HOMEPAGE = "https://firewalld.org/" -BUGTRACKER = "https://github.com/firewalld/firewalld/issues" -UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases" -LICENSE = "GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "\ - https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ - file://firewalld.init \ - file://run-ptest \ -" -SRC_URI[sha256sum] = "28fd90e88bda0dfd460f370f353474811b2e295d7eb27f0d7d18ffa3d786eeb7" - -# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 -DEPENDS = "intltool-native glib-2.0-native nftables" - -inherit gettext autotools-brokensep bash-completion pkgconfig python3native python3-dir gsettings systemd update-rc.d ptest - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd" -PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native" -PACKAGECONFIG[ipset] = "--with-ipset=${sbindir}/ipset,--without-ipset,,ipset" -PACKAGECONFIG[ebtables] = "--with-ebtables=${base_sbindir}/ebtables --with-ebtables-restore=${sbindir}/ebtables-legacy-restore,--without-ebtables --without-ebtables-restore,,ebtables" - -# Default logging configuration: mixed syslog file console -FIREWALLD_DEFAULT_LOG_TARGET ??= "syslog" - -# The UIs are not yet tested and the dependencies are probably not quite correct yet. -# Splitting into separate packages is beneficial so that no dead code is transferred -# to the target device. -# Without enabling qt5, the firewalld-config package is not usable. -# Without enabling qt5 and gtk, the firewalld-applet package is not usable. -PACKAGECONFIG[qt5] = "" -PACKAGECONFIG[gtk] = "" - -PACKAGES =+ "python3-firewall ${PN}-applet ${PN}-config ${PN}-offline-cmd ${PN}-zsh-completion ${PN}-log-rotate" - -# iptables, ip6tables, ebtables, and ipset *should* be unnecessary -# when the nftables backend is available, because nftables supersedes all of them. -# However we still need iptables and ip6tables to be available otherwise any -# application relying on "direct passthrough" rules (such as docker) will break. -# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by -# the Red Hat-specific init script which we aren't using, so we disable that. -EXTRA_OECONF = "\ - --with-iptables=${sbindir}/iptables \ - --with-iptables-restore=${sbindir}/iptables-restore \ - --with-ip6tables=${sbindir}/ip6tables \ - --with-ip6tables-restore=${sbindir}/ip6tables-restore \ - --disable-sysconfig \ -" - -INITSCRIPT_NAME = "firewalld" -SYSTEMD_SERVICE:${PN} = "firewalld.service" - -# kernel modules loaded after ptest execution (linux-yocto 5.15) -FIREWALLD_KERNEL_MODULES ?= "\ - xt_tcpudp \ - xt_TCPMSS \ - xt_set \ - xt_sctp \ - xt_REDIRECT \ - xt_pkttype \ - xt_NFLOG \ - xt_nat \ - xt_MASQUERADE \ - xt_mark \ - xt_mac \ - xt_LOG \ - xt_limit \ - xt_dccp \ - xt_CT \ - xt_conntrack \ - xt_CHECKSUM \ - nft_redir \ - nft_objref \ - nft_nat \ - nft_masq \ - nft_log \ - nfnetlink_log \ - nf_nat_tftp \ - nf_nat_sip \ - nf_nat_ftp \ - nf_log_syslog \ - nf_conntrack_tftp \ - nf_conntrack_sip \ - nf_conntrack_netbios_ns \ - nf_conntrack_ftp \ - nf_conntrack_broadcast \ - ipt_REJECT \ - ip6t_rpfilter \ - ip6t_REJECT \ - ip_set_hash_netport \ - ip_set_hash_netnet \ - ip_set_hash_netiface \ - ip_set_hash_net \ - ip_set_hash_mac \ - ip_set_hash_ipportnet \ - ip_set_hash_ipport \ - ip_set_hash_ipmark \ - ip_set_hash_ip \ - ebt_ip6 \ - nft_fib_inet \ - nft_fib_ipv4 \ - nft_fib_ipv6 \ - nft_fib \ - nft_reject_inet \ - nf_reject_ipv4 \ - nf_reject_ipv6 \ - nft_reject \ - nft_ct \ - nft_chain_nat \ - ebtable_nat \ - ebtable_broute \ - ip6table_nat \ - ip6table_mangle \ - ip6table_raw \ - ip6table_security \ - iptable_nat \ - nf_nat \ - nf_conntrack \ - nf_defrag_ipv6 \ - nf_defrag_ipv4 \ - iptable_mangle \ - iptable_raw \ - iptable_security \ - ip_set \ - ebtable_filter \ - ebtables \ - ip6table_filter \ - ip6_tables \ - iptable_filter \ - ip_tables \ - x_tables \ - sch_fq_codel \ -" - -do_configure:prepend() { - export DEFAULT_LOG_TARGET=${FIREWALLD_DEFAULT_LOG_TARGET} -} - -do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then - # firewalld ships an init script but it contains Red Hat-isms, replace it with our own - rm -rf ${D}${sysconfdir}/rc.d/ - install -d ${D}${sysconfdir}/init.d - install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'false', 'true', d)}; then - # Delete polkit profiles if polkit is not available - rm -rf ${D}${datadir}/polkit-1 - fi - - # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE - # so now we need to fix up any references to point at the proper path in the image. - # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. - if [ ${PN} != "${BPN}-native" ]; then - sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - fi - sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - - # This file contains Red Hat-isms. Modules get loaded without it. - rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf -} - -do_install_ptest:append() { - # Add kernel modules to the ptest script - if [ ${PTEST_ENABLED} = "1" ]; then - sed -i -e 's:@@FIREWALLD_KERNEL_MODULES@@:${FIREWALLD_KERNEL_MODULES}:g' \ - ${D}${PTEST_PATH}/run-ptest - fi -} - -SUMMARY:python3-firewall = "${SUMMARY} (Python3 bindings)" -FILES:python3-firewall = "\ - ${PYTHON_SITEPACKAGES_DIR}/firewall/__pycache__/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/config/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/config/__pycache__/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/core/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/core/__pycache__/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/__pycache__/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/server/*.py* \ - ${PYTHON_SITEPACKAGES_DIR}/firewall/server/__pycache__/*.py* \ -" -RDEPENDS:python3-firewall = "\ - python3-dbus \ - nftables-python \ - python3-pygobject \ -" - -# Do not depend on QT5 layer and GTK deps if not explicitely required. -FIREWALLD_QT5_RDEPENDS = "\ - ${PN}-config \ - hicolor-icon-theme \ - python3-pyqt5 \ - python3-pygobject \ - libnotify \ - networkmanager \ -" -FIREWALLD_GTK_RDEPENDS = "\ - gtk3 \ -" - -# A QT5 based UI -SUMMARY:${PN}-config = "${SUMMARY} (configuration application)" -FILES:${PN}-config = "\ - ${bindir}/firewall-config \ - ${datadir}/firewalld/firewall-config.glade \ - ${datadir}/firewalld/gtk3_chooserbutton.py* \ - ${datadir}/firewalld/gtk3_niceexpander.py* \ - ${datadir}/applications/firewall-config.desktop \ - ${datadir}/metainfo/firewall-config.appdata.xml \ - ${datadir}/icons/hicolor/*/apps/firewall-config*.* \ -" -RDEPENDS:${PN}-config += "\ - python3-core \ - python3-ctypes \ - ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \ -" - -# A GTK3 applet depending on the QT5 firewall-config UI -SUMMARY:${PN}-applet = "${SUMMARY} (panel applet)" -FILES:${PN}-applet += "\ - ${bindir}/firewall-applet \ - ${sysconfdir}/xdg/autostart/firewall-applet.desktop \ - ${sysconfdir}/firewall/applet.conf \ - ${datadir}/icons/hicolor/*/apps/firewall-applet*.* \ -" -RDEPENDS:${PN}-applet += "\ - python3-core \ - python3-ctypes \ - ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'gtk', '${FIREWALLD_GTK_RDEPENDS}', '', d)} \ -" - -SUMMARY:${PN}-offline-cmd = "${SUMMARY} (offline configuration utility)" -FILES:${PN}-offline-cmd += " \ - ${bindir}/firewall-offline-cmd \ -" -RDEPENDS:${PN}-offline-cmd += "python3-core" - -SUMMARY:${PN}-log-rotate = "${SUMMARY} (log-rotate configuration)" -FILES:${PN}-log-rotate += "${sysconfdir}/logrotate.d" - -# To get allmost all tests passing -# - Enable PACKAGECONFIG ipset, ebtable -# - Enough RAM QB_MEM = "-m 8192" (used für fancy ipset tests) -FILES:${PN}-ptest += "\ - ${datadir}/firewalld/testsuite \ -" -RDEPENDS:${PN}-ptest += "\ - python3-unittest \ - ${PN}-offline-cmd \ - procps-ps \ - iproute2 \ -" -RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us" - -FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" - -FILES:${PN} += "\ - ${PYTHON_SITEPACKAGES_DIR}/firewall \ - ${nonarch_libdir}/firewalld \ - ${datadir}/dbus-1 \ - ${datadir}/polkit-1 \ - ${datadir}/metainfo \ - ${datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml \ -" -RDEPENDS:${PN} += "\ - python3-firewall \ - iptables \ - python3-core \ - python3-io \ - python3-fcntl \ - python3-syslog \ - python3-xml \ - python3-json \ - python3-ctypes \ - python3-pprint \ -" -# If firewalld writes a log file rotation is needed -RRECOMMENDS:${PN} += "${@bb.utils.contains_any('FIREWALLD_DEFAULT_LOG_TARGET', [ 'mixed', 'file' ], '${PN}-log-rotate', '', d)}" - -# Add required kernel modules. With Yocto kernel 5.15 this currently means: -# - features/nf_tables/nf_tables.scc -# - features/netfilter/netfilter.scc -# - cgl/features/audit/audit.scc -# - cfg/net/ip6_nf.scc -# - Plus: -# - ebtables -# - ipset -# - CONFIG_IP6_NF_SECURITY=m -# - CONFIG_IP6_NF_MATCH_RPFILTER=m -# - CONFIG_IP6_NF_TARGET_REJECT=m -# - CONFIG_NFT_OBJREF=m -# - CONFIG_NFT_FIB=m -# - CONFIG_NFT_FIB_INET=m -# - CONFIG_NFT_FIB_IPV4=m -# - CONFIG_NFT_FIB_IPV6=m -# - CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m -# - CONFIG_NETFILTER_XT_SET=m -def get_kernel_deps(d): - kmodules = (d.getVar('FIREWALLD_KERNEL_MODULES') or "").split() - return ' '.join([ 'kernel-module-' + mod.replace('_', '-').lower() for mod in kmodules ]) -RRECOMMENDS:${PN} += "${@get_kernel_deps(d)}" |