aboutsummaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild
blob: 7a88ba769a68159080b0f0762e3fbad88e47a860 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash

# Slackware build script for arno-iptables-firewall

# Copyright 2013-2020 Philip Lacroix <slackph at posteo dot de>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Thanks to Matteo Bernardini and Robby Workman for their valuable remarks
# after the first submission of this SlackBuild.

PRGNAM=arno-iptables-firewall
SRCNAM=aif
VERSION=${VERSION:-2.1.0}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}

CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=${PKG:-$TMP/package-$PRGNAM}
OUTPUT=${OUTPUT:-/tmp}

set -e

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $SRCNAM-$VERSION

# The upstream tarball will be named differently, depending on
# the file being downloaded manually (web browser) or with wget.
if [ -e $CWD/$VERSION.tar.gz ]; then
  tar xvzf $CWD/$VERSION.tar.gz
else
  tar xvzf $CWD/$SRCNAM-$VERSION.tar.gz
fi

cd $SRCNAM-$VERSION
chown -R root:root .
find -L . \
 \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
  -o -perm 511 \) -exec chmod 755 {} \; -o \
 \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;

PRGBIN=$PKG/usr/sbin
PRGETC=$PKG/etc/$PRGNAM
PRGSHR=$PKG/usr/share/$PRGNAM
PRGDOC=$PKG/usr/doc/$PRGNAM-$VERSION
PRGMAN=$PKG/usr/man

# Install configuration, log filter and firewall executables; set
# permissions.
install -m 0755 -D ./configure.sh $PRGBIN/$PRGNAM-configure
install -m 0755 ./bin/arno-fwfilter $PRGBIN/
install -m 0755 ./bin/$PRGNAM $PRGBIN/

# Patch the configuration script. We need this to be able to run the
# script from outside the source directory as well. We're going to:
#
# 1) Change from relative to absolute the paths to the environment file
#    and the firewall executable.
# 2) Rename and change the path to the startup script, for consistency with
#    Slackware's init system.
# 3) Change the path to the unmodified copy of the config file, needed to
#    check for already existing setups.
# 4) Allow the script to be run correctly more than once, by removing
#    previously set values if no values are entered: this is to prevent,
#    for example, ports from remaining open, or NAT from remaining enabled.
# 5) Append the note, copied from the original install script and adapted
#    to the Slackware system, that users read when configuration is done:
#    this is mainly to inform that the "rc.firewall" symlink has to be
#    manually created in order to start up the firewall at boot-time. We
#    will NOT create the symlink automatically, as this should be done by
#    the system administrator.

patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff

# Copy and compress man pages.
mkdir -p $PRGMAN
cp -a ./share/man/* $PRGMAN/
find $PRGMAN -type f -exec gzip -9 {} \;

# Copy and rename configuration files; apply patch to main config file
# in order to fix paths; set permissions.
mkdir -p $PRGETC/conf.d
cp -a ./etc/$PRGNAM/* $PRGETC/
cat $CWD/files/conf.d.readme > $PRGETC/conf.d/README
patch $PRGETC/firewall.conf < $CWD/files/patch-configuration-file.diff
for conf in $( find $PRGETC -type f -not -name README ); do
  mv ${conf} ${conf}.new
  chmod 600 ${conf}.new
done

# Copy shared data; include a clean copy of the configuration file, as
# expected by the configuration script for comparison purposes; create
# link to plugin as in the original script.
mkdir -p $PRGSHR
cp -a ./share/$PRGNAM/{environment,plugins} $PRGSHR/
cp -a $PRGETC/firewall.conf.new $PRGSHR/firewall.conf.orig
ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/

# Install startup script and set permissions; apply patch to fix the
# path to the executable file and make comments more consistent with
# the Slackware system.
install -m 0644 -D ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM
patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff

# Copy documentation, including third-party sample files.
mkdir -p $PRGDOC/contrib
for doc in README CHANGELOG gpl_license.txt ; do
  cp -a ./${doc} $PRGDOC/
done
cp -a ./contrib/adsl-failover $PRGDOC/contrib/
cp -a ./contrib/Slackware/syslog.conf $PRGDOC/contrib/
cat $CWD/$PRGNAM.SlackBuild > $PRGDOC/$PRGNAM.SlackBuild

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-noarch-$BUILD$TAG.${PKGTYPE:-tgz}