diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:28:33 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:31:28 +0300 |
commit | 193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch) | |
tree | e12769d7c76d8b0517d6de3d3c72189753d253ed /meta-openembedded/meta-networking/recipes-connectivity/firewalld | |
parent | bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff) | |
download | openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.xz |
reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-connectivity/firewalld')
3 files changed, 209 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch new file mode 100644 index 000000000..3f34ff2e4 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch @@ -0,0 +1,77 @@ +firewalld: fix building in a separate directory outside the source tree + +Upstream-Status: Submitted [https://github.com/firewalld/firewalld/pull/456] +Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com> + +diff --git a/config/Makefile.am b/config/Makefile.am +index 7048d2ee..5270d408 100644 +--- a/config/Makefile.am ++++ b/config/Makefile.am +@@ -377,11 +377,11 @@ install-config: + $(MKDIR_P) $(DESTDIR)$(sconfdir)/zones + $(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers + $(MKDIR_P) $(DESTDIR)$(prefixlibdir) +- cp -r icmptypes $(DESTDIR)$(prefixlibdir) +- cp -r ipsets $(DESTDIR)$(prefixlibdir) +- cp -r services $(DESTDIR)$(prefixlibdir) +- cp -r zones $(DESTDIR)$(prefixlibdir) +- cp -r helpers $(DESTDIR)$(prefixlibdir) ++ cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir) ++ cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir) ++ cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir) ++ cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir) ++ cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir) + + uninstall-config: + rmdir $(DESTDIR)$(sconfdir)/icmptypes +diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am +index 8c93ab9c..d0313e3e 100644 +--- a/doc/xml/Makefile.am ++++ b/doc/xml/Makefile.am +@@ -69,7 +69,8 @@ edit = sed \ + -e 's|\@PREFIX\@|$(prefix)|' \ + -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \ + -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \ +- -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' ++ -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \ ++ -e 's|@SRCDIR@|$(srcdir)|' + + transform-man.xsl: transform-man.xsl.in + $(edit) $< >$@ +diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in +index c2606553..24d77858 100644 +--- a/doc/xml/firewall-cmd.xml.in ++++ b/doc/xml/firewall-cmd.xml.in +@@ -1,9 +1,9 @@ + <?xml version="1.0" encoding="utf-8"?> + <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" + [ +-<!ENTITY authors SYSTEM "authors.xml"> +-<!ENTITY seealso SYSTEM "seealso.xml"> +-<!ENTITY notes SYSTEM "notes.xml"> ++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml"> ++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml"> ++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml"> + <!ENTITY errorcodes SYSTEM "errorcodes.xml"> + ]> + +diff --git a/doc/xml/firewalld.xml.in b/doc/xml/firewalld.xml.in +index de802059..3d319b04 100644 +--- a/doc/xml/firewalld.xml.in ++++ b/doc/xml/firewalld.xml.in +@@ -1,9 +1,9 @@ + <?xml version="1.0" encoding="utf-8"?> + <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" + [ +-<!ENTITY authors SYSTEM "authors.xml"> +-<!ENTITY seealso SYSTEM "seealso.xml"> +-<!ENTITY notes SYSTEM "notes.xml"> ++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml"> ++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml"> ++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml"> + ]> + + <!-- +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/files/firewalld.init b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/files/firewalld.init new file mode 100644 index 000000000..08e8930b9 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/files/firewalld.init @@ -0,0 +1,48 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: firewalld +# Required-Start: $syslog $local_fs messagebus +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: +# Description: +### END INIT INFO + +. /etc/init.d/functions + +firewalld=/usr/sbin/firewalld +pidfile=/var/run/firewalld.pid + +case "$1" in + start) + echo -n "Starting firewalld: " + start-stop-daemon --start --quiet --exec $firewalld + echo "." + ;; + stop) + echo -n "Stopping firewalld: " + start-stop-daemon --stop --quiet --pidfile $pidfile + echo "." + ;; + restart) + echo -n "Stopping firewalld: " + start-stop-daemon --stop --quiet --pidfile $pidfile + echo "." + echo -n "Starting firewalld: " + start-stop-daemon --start --quiet --exec $firewalld + echo "." + ;; + reload) + echo -n "Reloading firewalld: " + firewall-cmd --reload + echo "." + ;; + status) + firewall-cmd --state + ;; + *) + echo "Usage: /etc/init.d/firewalld {start|stop|restart|reload|status}" >&2 + exit 1 +esac diff --git a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb new file mode 100644 index 000000000..e999fa7a5 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb @@ -0,0 +1,84 @@ +SUMMARY = "Dynamic firewall daemon with a D-Bus interface" +HOMEPAGE = "https://firewalld.org/" +BUGTRACKER = "https://github.com/firewalld/firewalld/issues" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "https://github.com/firewalld/firewalld/archive/v${PV}.tar.gz \ + file://firewalld.init \ + file://0001-fix-building-in-a-separate-directory-outside-the-sou.patch \ +" +SRC_URI[md5sum] = "5ef954d9b6b244ffeabcd226be1867a0" +SRC_URI[sha256sum] = "039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb" + +# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 +# xmlto-native is needed to populate /etc/xml/catalog.xml in the sysroot so that xsltproc finds the docbook xslt +DEPENDS = "intltool-native glib-2.0-native libxslt-native docbook-xsl-stylesheets-native xmlto-native" + +inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_unitdir}/system/,--disable-systemd" + +# iptables, ip6tables, ebtables, and ipset *should* be unnecessary +# when the nftables backend is available, because nftables supersedes all of them. +# However we still need iptables and ip6tables to be available otherwise any +# application relying on "direct passthrough" rules (such as docker) will break. +# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by +# the Red Hat-specific init script which we aren't using, so we disable that. +EXTRA_OECONF = "\ + --with-nft=${sbindir}/nft \ + --without-ipset \ + --with-iptables=${sbindir}/iptables \ + --with-iptables-restore=${sbindir}/iptables-restore \ + --with-ip6tables=${sbindir}/ip6tables \ + --with-ip6tables-restore=${sbindir}/ip6tables-restore \ + --without-ebtables \ + --without-ebtables-restore \ + --disable-sysconfig \ +" + +INITSCRIPT_NAME = "firewalld" +SYSTEMD_SERVICE = "firewalld.service" + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + : + else + # firewalld ships an init script but it contains Red Hat-isms, replace it with our own + rm -rf ${D}${sysconfdir}/rc.d/ + install -d ${D}${sysconfdir}/init.d + install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld + fi + + # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE + # so now we need to fix up any references to point at the proper path in the image. + # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. + if [ ${PN} != "${BPN}-native" ]; then + sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml + fi + sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml +} + +FILES_${PN} += "\ + ${PYTHON_SITEPACKAGES_DIR}/firewall \ + ${datadir}/polkit-1 \ + ${datadir}/metainfo \ +" + +RDEPENDS_${PN} = "\ + nftables \ + iptables \ + python3-core \ + python3-io \ + python3-fcntl \ + python3-shell \ + python3-syslog \ + python3-xml \ + python3-dbus \ + python3-slip-dbus \ + python3-decorator \ + python3-pygobject \ +" |