summaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild
blob: dd26d5775da82362f7037d568d3b0420e055270a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/bin/sh

# Slackware build script for arno-iptables-firewall

# Copyright 2013-2014 Philip Lacroix <philnx at posteo dot de>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Thanks to Matteo Bernardini and Robby Workman for their valuable remarks
# after the first submission of this SlackBuild.

PRGNAM=arno-iptables-firewall
SRCNAM=aif
VERSION=${VERSION:-2.0.1e}
BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}

CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=${PKG:-$TMP/package-$PRGNAM}
OUTPUT=${OUTPUT:-/tmp}

set -e

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $SRCNAM-$VERSION
tar xvf $CWD/$VERSION.tar.gz

cd $SRCNAM-$VERSION
chown -R root:root .
find -L . \
 \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
  -o -perm 511 \) -exec chmod 755 {} \; -o \
 \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 \
  -o -perm 400 \) -exec chmod 644 {} \;

PRGBIN=$PKG/usr/sbin
PRGETC=$PKG/etc/$PRGNAM
PRGSHR=$PKG/usr/share/$PRGNAM
PRGDOC=$PKG/usr/doc/$PRGNAM-$VERSION
PRGMAN=$PKG/usr/man

# Install configuration, log filter and firewall executables; set
# permissions.
install -m 0755 -D ./configure.sh $PRGBIN/$PRGNAM-configure
install -m 0755 ./bin/arno-fwfilter $PRGBIN/
install -m 0755 ./bin/$PRGNAM $PRGBIN/

# Patch the configuration script. We need this in order to be able to
# run the script from outside the source directory as well. We're going
# to (1) change from relative to absolute the paths to the environment
# file and firewall executable; (2) rename and change the path to the
# startup script (this is for better consistency with Slackware's init
# system); (3) change the path to the unmodified copy of the config
# file, needed to check for existing custom setups. We will NOT create
# a Slackware-compliant /etc/rc.d/rc.firewall symlink to the startup
# script, as this should be done manually by the sysadmin. We won't 
# create any SystemV-style symlinks either. (4) We will allow the script
# to be run correctly more than once, by removing previously set values
# if no value is entered: this is to prevent e.g. ports from remaining
# open, or internal interfaces from remaining enabled with NAT. Finally
# (5) we append the note, picked from the original installation script
# and slightly enhanced, that the user will see when configuration is
# done: this is to inform that an rc.firewall symlink has to be created
# in order to start up the firewall at boot-time in a proper way.
patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff

# Copy and compress man pages.
mkdir -p $PRGMAN
cp -a ./share/man/* $PRGMAN/
find $PRGMAN -type f -exec gzip -9 {} \;

# Copy and rename configuration files; apply patch to main config file
# in order to fix paths; set permissions.
mkdir -p $PRGETC/conf.d
cp -a ./etc/$PRGNAM/* $PRGETC/
cat $CWD/files/conf.d.readme > $PRGETC/conf.d/README
patch $PRGETC/firewall.conf < $CWD/files/patch-configuration-file.diff
for conf in $( find $PRGETC -type f -not -name README ); do
  mv ${conf} ${conf}.new
  chmod 600 ${conf}.new
done

# Copy shared data; include a clean copy of the configuration file, as
# expected by the configuration script for comparison purposes; create
# link to plugin as in the original script.
mkdir -p $PRGSHR
cp -a ./share/$PRGNAM/* $PRGSHR/
cp -a $PRGETC/firewall.conf.new $PRGSHR/firewall.conf.orig
ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/

# Install startup script and set permissions; apply patch to fix path
# to the executable file and make comments more consistent with the
# Slackware system.
install -m 0644 -D ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM
patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff

# Copy documentation, including third-party sample files.
mkdir -p $PRGDOC/contrib
for doc in README CHANGELOG gpl_license.txt ; do
  cp -a ./${doc} $PRGDOC/
done
cp -a ./contrib/adsl-failover $PRGDOC/contrib/
cp -a ./contrib/Slackware/syslog.conf $PRGDOC/contrib/
cat $CWD/$PRGNAM.SlackBuild > $PRGDOC/$PRGNAM.SlackBuild

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-noarch-$BUILD$TAG.${PKGTYPE:-tgz}