aboutsummaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild
blob: a3fbecded7588cef7fe4f7c00d3c296d9afa30d5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#!/bin/sh

# Slackware build script for arno-iptables-firewall

# Copyright 2013-2014 Philip Lacroix <philnx at posteo at de>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Thanks to Matteo Bernardini and Robby Workman for their valuable remarks.

PRGNAM=arno-iptables-firewall
VERSION=${VERSION:-2.0.1e}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}

CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=${PKG:-$TMP/package-$PRGNAM}
OUTPUT=${OUTPUT:-/tmp}

set -e

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf aif-$VERSION
tar xvf $CWD/$VERSION.tar.gz

cd aif-$VERSION
chown -R root:root .
find -L . \
 \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
  -o -perm 511 \) -exec chmod 755 {} \; -o \
 \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 \
  -o -perm 400 \) -exec chmod 644 {} \;

PRGBIN=$PKG/usr/sbin
PRGETC=$PKG/etc/$PRGNAM
PRGSHR=$PKG/usr/share/$PRGNAM
PRGDOC=$PKG/usr/doc/$PRGNAM-$VERSION
PRGMAN=$PKG/usr/man

# Copy firewall, log filter and configuration executables
mkdir -p $PRGBIN
cp -a ./bin/$PRGNAM $PRGBIN/
cp -a ./configure.sh $PRGBIN/$PRGNAM-configure
cp -a ./bin/arno-fwfilter $PRGBIN/

# Patch the configuration script. We need this in order to be able to
# run the script from outside the source directory as well. We're going
# to (1) change from relative to absolute the paths to the environment
# file and firewall executable; (2) rename and change the path to the
# startup script (this is for better consistency with Slackware's init
# system); (3) change the path to the unmodified copy of the config
# file, needed to check for existing custom setups. We will NOT create
# a Slackware-compliant /etc/rc.d/rc.firewall symlink to the startup
# script, as this should be done manually by the sysadmin. We won't 
# create any SystemV-style symlinks either. (4) We will allow the script
# to be run correctly more than once, by removing previously set values
# if no value is entered: this is to prevent e.g. ports from remaining
# open, or internal interfaces from remaining enabled with NAT. Finally
# (5) we append the note, picked from the original installation script
# and slightly enhanced, that the user will see when configuration is
# done: this is to inform that an rc.firewall symlink has to be created
# in order to start up the firewall at boot-time in a proper way.
patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff

# Copy and compress man pages
mkdir -p $PRGMAN
cp -a ./share/man/* $PRGMAN/
find $PRGMAN -type f -exec gzip -9 {} \;

# Copy and rename configuration files; apply patch to main config file
# in order to fix paths; set permissions.
mkdir -p $PRGETC/conf.d
cp -a ./etc/$PRGNAM/* $PRGETC/
cat $CWD/files/conf.d.readme > $PRGETC/conf.d/README
patch $PRGETC/firewall.conf < $CWD/files/patch-configuration-file.diff
for conf in $( find $PRGETC -type f -not -name README ); do
  mv ${conf} ${conf}.new
  chmod 600 ${conf}.new
done

# Copy shared data; include a clean copy of the configuration file, as
# expected by the configuration script for comparison purposes; create
# link to plugin as in the original script.
mkdir -p $PRGSHR
cp -a ./share/$PRGNAM/* $PRGSHR/
cp -a $PRGETC/firewall.conf.new $PRGSHR/firewall.conf.orig
ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/

# Install startup script and set permissions; apply patch to fix path
# to the executable file and make comments more consistent with the
# Slackware system.
mkdir -p $PKG/etc/rc.d/
install -m 0644 ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM
patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff

# Copy documentation, include third-party sample files.
mkdir -p $PRGDOC/contrib
for doc in README CHANGELOG gpl_license.txt ; do
  cp -a ./${doc} $PRGDOC/
done
cp -a ./contrib/adsl-failover $PRGDOC/contrib/
cp -a ./contrib/Slackware/syslog.conf $PRGDOC/contrib/
cat $CWD/$PRGNAM.SlackBuild > $PRGDOC/$PRGNAM.SlackBuild

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-noarch-$BUILD$TAG.${PKGTYPE:-tgz}