diff options
author | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2009-09-20 15:05:35 +0000 |
---|---|---|
committer | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2009-09-20 15:05:35 +0000 |
commit | da54a35be17ef4846797cdd824fba3f8e7443216 (patch) | |
tree | b5bcc381270387bcc6ad8fcc482d14cf6fafea85 /net/firewall/arno-iptables-firewall | |
parent | 61d099994c5ba0b1a79e2fca5c5100603f97b56e (diff) | |
download | slackbuilds-da54a35be17ef4846797cdd824fba3f8e7443216.tar.gz slackbuilds-da54a35be17ef4846797cdd824fba3f8e7443216.tar.bz2 |
gwhere: adding gwhere; avahi: updating; arno-iptables-firewall: adding arno-iptables-firewall; glib2: updating; orbit: updating; afterstep: updating
git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2243 370017ae-e619-0410-ac65-c121f96126d4
Diffstat (limited to 'net/firewall/arno-iptables-firewall')
-rw-r--r-- | net/firewall/arno-iptables-firewall/Manifest | 24 | ||||
-rwxr-xr-x | net/firewall/arno-iptables-firewall/arno-iptables-firewall.SlackBuild | 235 |
2 files changed, 183 insertions, 76 deletions
diff --git a/net/firewall/arno-iptables-firewall/Manifest b/net/firewall/arno-iptables-firewall/Manifest new file mode 100644 index 00000000..fc03ff28 --- /dev/null +++ b/net/firewall/arno-iptables-firewall/Manifest @@ -0,0 +1,24 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +DIST arno-iptables-firewall_1.9.2d.tar.gz 97797 MD5 f6a3f1fbc3dac2790fe95f36587d14d8 RMD160 a3fa3d54b71788458e5000c68c6de73879dd3c4f SHA1 aac2853f07c9711701ba3f2ec48921a6bbcf93bc SHA256 2644299bffbf035bce28e5360a08941ce3fc773906fd7300e94cdf948cffd469 SHA512 ce7c55a767f2acac72dae23f6fa02f8774750a8f627fb42eac2662087e01973309a15a0f4cefef8a2c046e2e0e16e74ca4d9fc1d8f19abb431647928f503b964 +MKBUILD arno-iptables-firewall.mkbuild 7626 MD5 8f008e40f0b2b4f538d426dc7cf14606 RMD160 fd5499b0f8930d99a522d97cafa24cab23c07d9d SHA1 67c9d4798b0c70c952c9a46a0049682123fa9735 SHA256 66b14c8d5d3cbf8403f3bc2aec8f91e00d2b543a2cfb44cfbc6cbe79dd32696e SHA512 2baeec0f9449873d15cdb73b8ad5b075a4607ab4a7049d81c6a27aa74b33c8175a77858112644011afd79aa3723570db4f5b38dada8b00cedaf1ed2ca3a9ae25 +SLACKBUILD arno-iptables-firewall.SlackBuild 9424 MD5 1c8bb81ba0e9f1acb52a39fcfef1e0e3 RMD160 6174300215be9ff236f32c5b5432960de6d81dd2 SHA1 928bcec4f68a332422f54a9e6fc78f0cc5021be6 SHA256 217394cd1a6f8d912309213c3eaafd4bb01be2a6fd94de1e78ef00939baeda10 SHA512 01bd8e52041c96c41d3204dd3e818a100ee4a1cdaea09076e855886fef86726349ee7f6e01fd07f9db0ea26fcec71aca194a77f9dec78d501c21f029309fc144 +SLACKBUILD arno-iptables.SlackBuild 9307 MD5 94a34cc7bd82f6fdb0cbb9ddbaf02837 RMD160 47325300b57cfa6560c9dec7e8285f5a87777ada SHA1 45e62d098d36282b0b0cf8c431d61423dab26f01 SHA256 6c27ebbcf8a0073fd8339bebfdefdd8ba864fa4fab5b2de03c7f46a69e299de9 SHA512 bd61efb62b48245f3f4d738ce838312c8966f1fb645542c4299ee6ac4e3e40a13a5c199347f6d5502d20134a0d49075d6e14ff6292496cce64159c7082f7e12d +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iQIcBAEBCAAGBQJKtj3FAAoJEEHL93ESzgeibdoP/1Hca9kaXc9JMLU4Ff6XSotz +uyfleB3e4HJ15cE5XnDUAAAUsN0htSk6ZdF3wGTkXoFNKD8ydNMvPQdNJx3q6r1m +N607o+SOlG49NmOJKa+VrBpIOSm0lUre3CM2cX1YGw/L5DWYlC0zgM5awSoWBmRD +/rAPDoRS6gXy7EBhQZEN1tdKbIo4ZsH9pr0V49a+L5cZ5aG/EPiGVNtwKLmN/pNF +ImcHABqHFE3i0nzDvkuHmT5czrdnk5Kp2f6472T3FWxdknaEtJp7OYgulJS04/fQ +Rh+nYI7NDusuBwr8uvDa9ZSsHevp70O8x7dZL2K9iFH6tKhDjqdwXUro8v4ydJkh +QbJ9Xg4sqLX4sZEEDTpeeAwAxj211i93nk/PNBXxhaoY6n1tw8dfkbnKPz1OCGy0 +MJhmpc9c8w6ZGm8kXJGtQWD7xgDNOy7vA8tdqBBNrbLbZp+iFqOKdsLgxdeJ77iV +UpHCv82Ojq4jmTtgr4b8f4db9s9Lt8PwIXUhO4XdxrJjHtrCfkqPxpFqPSdflz0u +09Cpu31lI+aXMdpu4+GVQ/Ca2BZSPobr0efvj/I/k8Nl6zH9hGxpdcvksu4w7dHw +QyIyrhjdYh3pqhXWbHfzrlaTjKzJkk/OqvYpF5h7cJug5k+iuN72GFIH4sn2MODj +lxe5nI3o7JauAecFumUv +=j4Nf +-----END PGP SIGNATURE----- diff --git a/net/firewall/arno-iptables-firewall/arno-iptables-firewall.SlackBuild b/net/firewall/arno-iptables-firewall/arno-iptables-firewall.SlackBuild index a4f3f3eb..f48bc053 100755 --- a/net/firewall/arno-iptables-firewall/arno-iptables-firewall.SlackBuild +++ b/net/firewall/arno-iptables-firewall/arno-iptables-firewall.SlackBuild @@ -1,24 +1,23 @@ #!/bin/bash # # arno-iptables-firewall.SlackBuild is free software; you can redistribute -# it and/or modify it under the terms of the GNU General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or any later version. +# it and/or modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the License, +# or any later version. # -# arno-iptables-firewall.SlackBuild is distributed in the hope that it -# will be useful, but WITHOUT ANY WARRANTY; without even the -# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. +# arno-iptables-firewall.SlackBuild is distributed in the hope that it will +# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. # -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -# MA 02111-1307, USA +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA # -# SlackBuild for arno-iptables-firewall -# http://rocky.eld.leidenuniv.nl/page/iptables/iptframe.htm -# -# Author: Luis ( luis at riseup d0t net ) +# slackbuild for arno-iptables-firewall, by Luis +# requires: +# tested: arno-iptables-firewall-1.9.2d +# model: generic.mkSlackBuild $Rev: 808 $ # # Look for slackbuildrc @@ -32,24 +31,43 @@ fi CWD="$(pwd)" SRC_NAME="arno-iptables-firewall" PKG_NAME="arno-iptables-firewall" -ARCH="noarch" -SRC_VERSION=${VERSION:=1.8.8o} +ARCH=${ARCH:=i486} +SRC_VERSION=${VERSION:=1.9.2d} PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')" BUILD=${BUILD:=1ls} SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME TMP=${TMP:=/tmp} PKG=${PKG:=$TMP/package-$PKG_NAME} REPOS=${REPOS:=$TMP} +SLACKBUILD_PATH=${SLACKBUILD_PATH:="net/firewall/arno-iptables-firewall"} PREFIX=${PREFIX:=/usr} PKG_WORK="$TMP/$SRC_NAME" -CONF_OPTIONS=${CONF_OPTIONS:=} -NUMJOBS=${NUMJOBS:=} +CONF_OPTIONS=${CONF_OPTIONS:=""} +NUMJOBS=${NUMJOBS:=""} + +# Set system libraries' path and optmization flags based on $ARCH +LIBDIR="$PREFIX/lib" + +if [ "$ARCH" = "i386" ]; then + SLKCFLAGS="-O2 -march=i386 -mtune=i686" +elif [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIR="$PREFIX/lib64" + LDFLAGS="-L/lib64 -L/usr/lib64" +fi # Set error codes (used by createpkg) ERROR_WGET=31; ERROR_MAKE=32; ERROR_INSTALL=33 ERROR_MD5=34; ERROR_CONF=35; ERROR_HELP=36 ERROR_TAR=37; ERROR_MKPKG=38; ERROR_GPG=39 ERROR_PATCH=40; ERROR_VCS=41; ERROR_MKDIR=42 +ERROR_MANIFEST=43; # Clean up any leftovers of previous builds rm -rf "$PKG_WORK" 2> /dev/null @@ -62,17 +80,83 @@ mkdir -p "$REPOS" || exit $ERROR_MKDIR mkdir -p "$PKG_WORK" || exit $ERROR_MKDIR # Dowload source if necessary -SRC="${SRC_NAME}_$SRC_VERSION.tar.gz" -URL="http://rocky.eld.leidenuniv.nl/iptables-firewall/$SRC" +SRC="$SRC_NAME"_"$VERSION.tar.gz" +URL="http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/$SRC" -if [ ! -s "$SRC_DIR/$SRC" ] || ! gzip -t "$SRC_DIR/$SRC" 2> /dev/null; then +if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET fi +# Check Manifest file +if [ -e "$CWD/Manifest" ]; then + + # Manifest signature checking + if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then + echo "Checking Manifest signature..." + gpg --verify $CWD/Manifest + if [ "$?" != "0" ]; then + exit $ERROR_MANIFEST + fi + fi + + MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`" + + for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do + + MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`" + MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`" + MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`" + + if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then + MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE" + else + MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`" + fi + + if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then + continue + fi + + echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..." + + SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`" + SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`" + + # Check source code size + if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then + echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC" + exit $ERROR_MANIFEST + else + echo "Size match." + fi + + # Check source code integrity + for ALGO in md5 rmd160 sha1 sha256 sha512; do + if [ $ALGO = "rmd160" ]; then + ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`" + else + ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`" + fi + ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`" + ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }') + if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then + echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC" + exit $ERROR_MANIFEST + else + echo "$ALGO match." + fi + done + + done + +else + exit $ERROR_MANIFEST +fi + # Untar cd "$PKG_WORK" tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR -PKG_SRC=`ls -l | awk '/^d/ { print $8 }'` +PKG_SRC="$PWD/`ls -l | awk '/^d/ { print $NF }'`" cd "$PKG_SRC" # Install @@ -81,13 +165,13 @@ mkdir -p "$PKG/etc/logrotate.d" || exit $ERROR_MKDIR mkdir -p "$PKG/$PREFIX/bin" || exit $ERROR_MKDIR mkdir -p "$PKG/$PREFIX/man/man1" || exit $ERROR_MKDIR mkdir -p "$PKG/$PREFIX/man/man8" || exit $ERROR_MKDIR -cp -a arno-iptables-firewall "$PKG/etc/rc.d/rc.firewall.new" -cp -a etc/arno-iptables-firewall "$PKG/etc" -cp -a Slackware/syslog.conf "$PKG/etc/syslog.conf.new" -cp -a "$CWD/syslog.new" "$PKG/etc/logrotate.d" -cp -a arno-fwfilter "$PKG/$PREFIX/bin" -cp -a man/arno-fwfilter.1 "$PKG/$PREFIX/man/man1" -cp -a man/arno-iptables-firewall.8 "$PKG/$PREFIX/man/man8" +cp -r "etc/init.d/arno-iptables-firewall" "$PKG/etc/rc.d/rc.firewall.new" +cp -r "etc/arno-iptables-firewall" "$PKG/etc" +cp -r "contrib/Slackware/syslog.conf" "$PKG/etc/syslog.conf.new" +cp -r "$CWD/syslog.new" "$PKG/etc/logrotate.d" +cp -r "bin/arno-fwfilter" "$PKG/$PREFIX/bin" +cp -r "share/man/man1/arno-fwfilter.1" "$PKG/$PREFIX/man/man1" +cp -r "share/man/man8/arno-iptables-firewall.8" "$PKG/$PREFIX/man/man8" mv -f "$PKG/etc/arno-iptables-firewall/firewall.conf" \ "$PKG/etc/arno-iptables-firewall/firewall.conf.new" mv -f "$PKG/etc/arno-iptables-firewall/custom-rules" \ @@ -96,51 +180,8 @@ for file in $('ls' -1 "$PKG/etc/arno-iptables-firewall/plugins/"*.conf); do mv -f "$file" "${file}.new" done -# Compress and link manpages -if [ -d "$PKG/$PREFIX/man" ]; then - ( cd "$PKG/$PREFIX/man" - for manpagedir in $(find . -type d -name "man*") ; do - ( cd $manpagedir - for eachpage in $(find . -type l -maxdepth 1) ; do - ln -s $(readlink $eachpage).gz $eachpage.gz - rm $eachpage - done - gzip -9 *.? - ) - done - ) -fi - -# Install documentation -DOCS="CHANGELOG README gpl_license.txt" -mkdir -p "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" || exit $ERROR_MKDIR -cp -a $DOCS "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" 2> /dev/null - -# Add package description (slack-desc) -mkdir -p "$PKG/install" || exit $ERROR_MKDIR -cat << EODESC > "$PKG/install/slack-desc" -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':'. - - |-----handy-ruler----------------------------------------| -arno-iptables-firewall: arno-iptables-firewall (Arno's iptables firewall) -arno-iptables-firewall: -arno-iptables-firewall: A highly customizable iptables firewall script, -arno-iptables-firewall: featuring stealth scan detection, extensive user- -arno-iptables-firewall: definable logging, masquerading and port forwarding -arno-iptables-firewall: (NAT), protection against SYN/ICMP flooding, etc. -arno-iptables-firewall: It also includes a filter script (arno-fwfilter) to -arno-iptables-firewall: make its logs more easily readable. -arno-iptables-firewall: -arno-iptables-firewall: For more information, http://rocky.eld.leidenuniv.nl/ -arno-iptables-firewall: -EODESC - # Add a post-installation script (doinst.sh) +mkdir -p $PKG/install cat << EOSCRIPT > "$PKG/install/doinst.sh" config() { NEW="\$1" @@ -178,11 +219,53 @@ echo " this firewall to work." echo EOSCRIPT +# Strip binaries +( cd "$PKG" + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null +) + +# Install documentation +DOCS="NEWS TODO README AUTHORS INSTALL ChangeLog MAINTAINERS COPYING LICENSE SIGNATURE readme.*" +mkdir -p "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" || exit $ERROR_MKDIR +for doc in $DOCS; do + if [ -f "$doc" ]; then + cp -a $doc "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" + fi +done + +# Add package description (slack-desc) +mkdir -p "$PKG/install" || exit $ERROR_MKDIR +cat << EODESC > "$PKG/install/slack-desc" +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler---------------------------------------| +arno-iptables-firewall: arno-iptables-firewall (Arno's iptables firewall) +arno-iptables-firewall: +arno-iptables-firewall: A highly customizable iptables firewall script, +arno-iptables-firewall: featuring stealth scan detection, extensive user- +arno-iptables-firewall: definable logging, masquerading and port forwarding +arno-iptables-firewall: (NAT), protection against SYN/ICMP flooding, etc. +arno-iptables-firewall: It also includes a filter script (arno-fwfilter) to +arno-iptables-firewall: make its logs more easily readable. +arno-iptables-firewall: +arno-iptables-firewall: For more information, http://rocky.eld.leidenuniv.nl/ +arno-iptables-firewall: +EODESC + # Build the package cd "$PKG" -makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG +mkdir -p $REPOS/$SLACKBUILD_PATH +makepkg -l y -c n "$REPOS/$SLACKBUILD_PATH/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG # Delete source and build directories if requested -if [ "$CLEANUP" == "yes" ]; then +if [ "$CLEANUP" == "yes" ] || [ "$1" = "--cleanup" ]; then rm -rf "$PKG_WORK" "$PKG" fi |