summaryrefslogtreecommitdiff
path: root/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
diff options
context:
space:
mode:
authorAndrew Geissler <geissonator@yahoo.com>2022-07-15 22:00:58 +0300
committerAndrew Geissler <andrew@geissonator.com>2022-07-20 22:59:28 +0300
commit615f2f11d3f46e3eae642475495a7ca4cfddc49e (patch)
treed88ca73415c1690f5cc8deb783e45499aabccd3c /meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
parentbef0021cfe167ccb6ae2e71f546ecb21ccf1c204 (diff)
downloadopenbmc-615f2f11d3f46e3eae642475495a7ca4cfddc49e.tar.xz
subtree updates
poky: ee0d001b81..4161dbbbd6: Aatir Manzur (1): docs: add CONVERSION_CMD definition Ahmed Hossam (1): insane.bbclass: host-user-contaminated: Correct per package home path Alejandro Hernandez Samaniego (1): package.bbclass: Fix base directory for debugsource files when using externalsrc Alex Kiernan (1): python3-cryptography: Cleanup DEPENDS/RDEPENDS Alexander Kanavin (53): mesa: update 22.0.3 -> 22.1.2 python3-numpy: update 1.22.3 -> 1.22.4 python3-setuptools: update 62.3.2 -> 62.5.0 vulkan: upgrade 1.3.211.0 -> 1.3.216.0 lttng-modules: update 2.13.3 -> 2.13.4 go: update 1.18.2 -> 1.18.3 ell: update 0.50 -> 0.51 libdrm: update 2.4.110 -> 2.4.111 diffoscope: upgrade 215 -> 216 dos2unix: upgrade 7.4.2 -> 7.4.3 librsvg: upgrade 2.54.3 -> 2.54.4 puzzles: upgrade to latest revision sudo: upgrade 1.9.10 -> 1.9.11p2 wireless-regdb: upgrade 2022.04.08 -> 2022.06.06 x264: upgrade to latest revision python3-requests: upgrade 2.27.1 -> 2.28.0 oeqa/sdk: drop the nativesdk-python 2.x test python3-hatch-vcs: fix upstream version check at: take tarballs from debian pango: exclude 1.9x versions which are 2.x pre-releases. adwaita-icon-theme: upgrade 41.0 -> 42.0 rust: update 1.60.0 -> 1.62.0 weston: update 10.0.0 -> 10.0.1 python3-setuptools-scm: upgrade 6.4.2 -> 7.0.3 waffle: correctly request wayland-scanner executable openssl: update 3.0.4 -> 3.0.5 diffoscope: upgrade 216 -> 217 glib-2.0: upgrade 2.72.2 -> 2.72.3 glib-networking: upgrade 2.72.0 -> 2.72.1 gstreamer1.0: upgrade 1.20.2 -> 1.20.3 harfbuzz: upgrade 4.3.0 -> 4.4.1 kmod: upgrade 29 -> 30 libsoup: upgrade 3.0.6 -> 3.0.7 mesa: upgrade 22.1.2 -> 22.1.3 mpg123: upgrade 1.29.3 -> 1.30.0 nghttp2: upgrade 1.47.0 -> 1.48.0 piglit: upgrade to latest revision pulseaudio: upgrade 16.0 -> 16.1 python3-cffi: upgrade 1.15.0 -> 1.15.1 python3-cryptography: upgrade 37.0.2 -> 37.0.3 python3-cryptography-vectors: upgrade 37.0.2 -> 37.0.3 python3-hatchling: upgrade 1.3.0 -> 1.3.1 python3-hypothesis: upgrade 6.46.11 -> 6.48.2 python3-jsonschema: upgrade 4.6.0 -> 4.6.1 python3-mako: upgrade 1.2.0 -> 1.2.1 python3-pycryptodomex: upgrade 3.14.1 -> 3.15.0 python3-requests: upgrade 2.28.0 -> 2.28.1 python3-setuptools: upgrade 62.5.0 -> 62.6.0 python3-sphinx: upgrade 5.0.0 -> 5.0.2 xcb-proto: upgrade 1.15 -> 1.15.2 procps: restrict version check to 3.x ncurses: mark upstream version as unknown wayland: update 1.20.0 -> 1.21.0 Alexandre Belloni (1): oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail Aryaman Gupta (5): buildstats.py: enable collection of /proc/pressure data pybootchartgui: render cpu and io pressure buildstats.bbclass: correct sampling of system stats buildstats.py: close /proc/pressure/cpu file descriptor buildperf/base.py: skip reduced_proc_pressure directory Bruce Ashfield (29): perf: fix reproducibility in 5.19+ linux-yocto/5.10: update to v5.10.121 linux-yocto/5.15: update to v5.15.46 linux-yocto/5.15: update to v5.15.48 linux-yocto/5.10: update to v5.10.123 linux-yocto-dev: bump to v5.19-rc linux-yocto/5.15: drop obselete GPIO sysfs ABI lttng-modules: fix 5.19+ build kernel-devsrc: fix reproducibility and buildpaths QA warning linux-yocto/5.15: update to v5.15.52 linux-yocto/5.10: update to v5.10.128 kernel-devsrc: ppc32: fix reproducibility linux-yocto/5.15: fix qemuppc buildpaths warning linux-yocto/5.15: fix build_OID_registry buildpaths warning yocto-bsps: update to v5.10.128 and buildpaths fixes yocto-bsps: update to v5.15.52 and buildpaths fixes linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning linux-yocto/5.10: fix buildpaths issue with gen-mach-types linux-yocto/5.15: fix buildpaths issue with gen-mach-types yocto-bsps/5.10: fix buildpaths issue with gen-mach-types yocto-bsps/5.15: fix buildpaths issue with gen-mach-types linux-yocto/5.15: update to v5.15.54 linux-yocto/5.15: fix buildpaths issue with pnmtologo linux-yocto/5.10: update to v5.10.130 linux-yocto/5.10: fix buildpaths issue with pnmtologo yocto-bsps/5.10: fix buildpaths issue with pnmtologo yocto-bsps/5.15: fix buildpaths issue with pnmtologo yocto-bsps: update to v5.15.54 yocto-bsps: update to v5.10.130 Christoph Lauer (1): package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo David Bagonyi (1): sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity Dmitry Baryshkov (1): linux-firmware: upgrade 20220509 -> 20220610 Enrico Scholz (6): npm: replace 'npm pack' call by 'tar czf' npm: return content of 'package.json' in 'npm_pack' npm: take 'version' directly from 'package.json' npm: disable 'audit' + 'fund' lib:npm_registry: initial checkin npm: use npm_registry to cache package Federico Pellegrin (1): signing-keys: fix RDEPENDS to signing-keys-dev Gennaro Iorio (1): bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls He Zhe (1): curl: Fix build failure for qemuriscv64 Jacob Kroon (1): bitbake: bitbake-user-manual: Correct description of the ??= operator Jose Quaresma (3): archiver: don't use machine variables in shared recipes sstate: Use the python3 ThreadPoolExecutor instead of the OE ThreadedPool oe/utils: remove the ThreadedPool Joshua Watt (1): classes/create-spdx: Add SPDX_PRETTY option Kai Kang (1): glibc-tests: not clear BBCLASSEXTEND Khem Raj (2): libmodule-build-perl: Use env utility to find perl interpreter ltp: Remove -mfpmath=sse on x86 Luca Ceresoli (1): llvm: add PACKAGECONFIG[optviewer] Lucas Stach (1): perf: sort-pmuevents: really keep array terminators Marius Kriegerowski (1): scriptutils: fix style to be more PEP8 compliant Marta Rybczynska (2): cve-check: add support for Ignored CVEs oeqa/selftest/cve_check: add tests for Ignored and partial reports Martin Jansa (3): mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again wic: fix WicError message bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV Maxime Roussin-Bélanger (1): libffi: fix native build being not portable Michael Halstead (2): releases: include 3.1.17 releases: include 4.0.2 Michael Opdenacker (18): rootfs-postcommands.bbclass: correct comments dev-manual: mention the new CVE patch metrics page dev-manual: fix references to BitBake user manual docs: standards.md: add more rules: line wrapping and variables doc: standard for bulleted lists ref-manual: add description for the "sysroot" term manuals: update host tool requirements ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT ref-manual: document SYSTEMD_DEFAULT_TARGET ref-manual: IMAGE_FEATURES: add allow-root-login and correct allow-empty-password ref-manual: correct description of empty-root-passwd in IMAGE_FEATURES bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers dev-manual: NPM packages: minor grammar fix manuals: switch to the sstate mirror shared between all versions manuals: replace hyphens with em dashes dev-manual: update section about creating NPM packages dev-manual: improve screenshot resolution Ming Liu (3): udev-extraconf: fix some systemd automount issues meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE udev-extraconf:mount.sh: fix path mismatching issues Mingli Yu (1): vim: not adjust script pathnames for native scripts either Muhammad Hamza (6): initramfs-framework: move storage mounts to actual rootfs udev-extraconf/mount.sh: add LABELs to mountpoints udev-extraconf/mount.sh: save mount name in our tmp filecache udev-extraconf/mount.sh: only mount devices on hotplug udev-extraconf: force systemd-udevd to use shared MountFlags udev-extraconf/mount.sh: ignore lvm in automount Nick Potenski (1): systemd: systemd-systemctl: Support instance conf files during enable Ola x Nilsson (1): bitbake: ConfHandler: Remove lingering close Pascal Bach (1): bin_package: install into base_prefix Paul Eggleton (4): devtool: ignore pn- overrides when determining SRC_URI overrides patch: handle if S points to a subdirectory of a git repo devtool: finish: handle patching when S points to subdir of a git repo oe-selftest: devtool: test modify git recipe building from a subdir Paulo Neves (14): python: Avoid shebang overflow on python-config.py gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2 ref-manual: SYSTEMD_SERVICE allows multiple services ref-manual: SYSTEMD_SERVICE overrides depend on SYSTEMD_PACKAGES insane.bbclass: Make do_qa_staging check shebangs oeqa/selftest: Add test for shebang overflow oeqa/selftest: Test staged .la and .pc files utils: Add cmdline_shebang_wrapper util. libcheck: Fix too long shebang for native case. utils: create_cmdline_shebang_wrapper whitespace and sed refactor utils: create_cmdline_shebang_wrapper preserve permission and ownership oeqa/sysroot.py: Check bitbake return status bitbake: fetch: bb.fatal when trying to checksum non-existing files oeqa: test_invalid_recipe_src_uri expect parse time error Pavel Zhukov (4): systemd: Add missed sys/file.h includes for musl systemd: Rebase patches on v251 bitbake: tests/fetch: Add test for broken mirror tarball systemd: update upstream status of merged patches Peter Bergin (2): systemd: add packageconfig for sysext rust: fix issue building cross-canadian tools for aarch64 on x86_64 Peter Kjellerstedt (2): ref-manual: Add documentation for INCOMPATIBLE_LICENSE_EXCEPTIONS base.bbclass: Correct the test for obsolete license exceptions Peter Marko (1): alsa-state: correct license Pgowda (1): binutils : CVE-2019-1010204 Quentin Schulz (3): docs: releases: move hardknott and honister to outdated section docs: conf.py: bump minimum Sphinx version requirement Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0" Raju Kumar Pothuraju (2): runqemu: add QB_KERNEL_CMDLINE kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set Richard Purdie (42): gcc-source: Fix incorrect task dependencies from ${B} vim: Upgrade 8.2.5034 -> 8.2.5083 local.conf.sample: Update sstate url to new 'all' path ref/dev-manual: Update multiconfig documentation oeqa/runtime/scp: Disable scp test for dropbear unzip: Port debian fixes for two CVEs elfutils/flex: Disable parallel make ptest compile bitbake: server/process: Fix logging issues where only the first message was displayed coreutils: Tweak packaging variable names for coreutils-dev packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation bitbake.conf/recipes: Introduce add DEV_PKG_DEPENDENCY to change RDEPENDS:${PN}-dev bitbake.conf: Change -dev RDEPENDS to RRECOMMENDS vim: 8.2.5083 -> 9.0.0005 ncurses: 6.3 -> 6.3+20220423 oe-selftest-image: Ensure the image has sftp as well as dropbear cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) openssl: Upgrade 3.0.3 -> 3.0.4 insane: Fix buildpaths test to work with special devices go: Filter build paths on staticly linked arches glibc-tests: Avoid reproducibility issues gperf: Add a patch to work around reproducibility issues bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests icon-naming-utils: Resurrect for sato-icon-theme sato-icon-theme: Add back with support for scalable icons lua: Fix multilib buildpath reproducibility issues vala: Fix on target wrapper buildpaths issue gtk-doc: Remove hardcoded buildpath gperf: Switch to upstream patch qemu: Avoid accidental librdmacm linkage kernel-arch: Fix buildpaths leaking into external module compiles qemu: Fix slirp determinism issue qemu: Add PACKAGECONFIG for brlapi gcc-runtime: Fix build when using gold insane: Add buildpaths to WARN_QA by default insane: Reword staging to refer to populate_sysroot bitbake: fetch2: Ensure directory exists before creating symlink bitbake: fetch2: Drop DL_DIR fallback for local file fetcher oeqa/selftest/sstatetests: Update test to work with bitbake changes gcc-runtime: Fix missing MLPREFIX in debug mappings insane: Drop debug exclusion from buildpaths test selftest/runtime_test/virgl: Disable for all almalinux local.conf.sample: Mention other MACHINE options may exist Robert Joslyn (1): curl: Update to 7.84.0 Ross Burton (24): python3: fix a race condition in the test_socket.testSockName test Add python3-editables (from meta-python) Add python3-pathspec (from meta-python) Add python3-hatchling (from meta-oe) python3-hatch-vcs: add new recipe python3-jsonschema: upgrade 4.5.1 -> 4.6.0 package_manager: Change complementary package handling to not include soft dependencies cups: ignore CVE-2022-26691 cve-check: hook cleanup to the BuildCompleted event, not CookerExit busybox: fix CVE-2022-30065 ncurses: use GitHub mirror, not Debian's packaging ltp: remove open-posix-testsuite build logs tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058 perl: don't install Makefile.old into perl-ptest vim: upgrade to 9.0.0021 ltp: fix builds when host ld doesn't know about target ELF formats python3-setuptools-scm: add missing python3-typing-extensions dependency python3-flit-core: bootstrap explicitly python3-installer: bootstrap by installing installer with installer python3-picobuild: add new recipe python_pep517: use picobuild instead of manually calling the API classes: remove obsolete PEP517_BUILD_API python3-hatchling: remove PEP517_BUILD_API documentation: remove obsolete PEP517_BUILD_API Steve Sakoman (3): qemu: add PACKAGECONFIG for capstone qemu: Avoid accidental libvdeplug linkage ruby: add PACKAGECONFIG for capstone Sundeep KOKKONDA (2): glibc: stable 2.35 branch updates binutils : stable 2.38 branch updates Thomas Perrot (1): opensbi: Update to v1.1 Thomas Roos (1): recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG Xu Huan (2): python3: upgrade 3.10.4 -> 3.10.5 python3-magic: upgrade 0.4.26 -> 0.4.27 Yi Zhao (2): popt: fix override syntax in RDEPENDS git: fix override syntax in RDEPENDS Yogesh Tyagi (2): testimage : remove curl-ptest from rpm index curl : Add ptest Yue Tao (1): gnupg: upgrade to 2.3.7 to fix CVE-2022-34903 Yulong (Kevin) Liu (1): python3-pyasn1: Eliminated ptest deprecation warnings aatir (1): docs: make DISTRO_FEATURES description more explicit niko.mauno@vaisala.com (3): ptest.bbclass: Honor PARALLEL_MAKE, PARALLEL_MAKEINST valgrind: Drop redundant oe_runmake parameter strace: Drop redundant oe_runmake parameter pgowda (1): gcc: Backport a fix for gcc bug 105039 ssuesens (3): weston.py: added xwayland test weston.init: enabled xwayland xwayland.weston-start: adaption of X11-unix folder wangmy (57): btrfs-tools: upgrade 5.18 -> 5.18.1 ethtool: upgrade 5.17 -> 5.18 file: upgrade 5.41 -> 5.42 libx11: upgrade 1.8 -> 1.8.1 lighttpd: upgrade 1.4.64 -> 1.4.65 gnu-config: update to latest version musl-obstack: upgrade 1.1 -> 1.2 piglit: upgrade to latest revision stress-ng: upgrade 0.14.01 -> 0.14.02 erofs-utils: upgrade 1.4 -> 1.5 alsa-lib: upgrade 1.2.7 -> 1.2.7.1 alsa-plugins: upgrade 1.2.6 -> 1.2.7.1 alsa-ucm-conf: upgrade 1.2.7 -> 1.2.7.1 bind: upgrade 9.18.3 -> 9.18.4 kbd: upgrade 2.5.0 -> 2.5.1 libproxy: upgrade 0.4.17 -> 0.4.18 python3-dbusmock: upgrade 0.27.5 -> 0.28.0 sbc: upgrade 1.5 -> 2.0 strace: upgrade 5.17 -> 5.18 python3-chardet: upgrade 4.0.0 -> 5.0.0 python3-importlib-metadata: upgrade 4.11.4 -> 4.12.0 python3-babel: upgrade 2.10.1 -> 2.10.3 python3-certifi: upgrade 2022.5.18.1 -> 2022.6.15 python3-dbusmock: upgrade 0.28.0 -> 0.28.1 python3-numpy: upgrade 1.22.4 -> 1.23.0 python3-pycryptodome: upgrade 3.14.1 -> 3.15.0 dmidecode: upgrade 3.3 -> 3.4 git: upgrade 2.36.1 -> 2.37.0 harfbuzz: upgrade 4.3.0 -> 4.4.0 speexdsp: upgrade 1.2.0 -> 1.2.1 speex: upgrade 1.2.0 -> 1.2.1 repo: upgrade 2.26 -> 2.27 sqlite3: upgrade 3.38.5 -> 3.39.0 sudo: upgrade 1.9.11p2 -> 1.9.11p3 createrepo-c: upgrade 0.20.0 -> 0.20.1 gst-devtools: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3 inetutils: upgrade 2.2 -> 2.3 python3-atomicwrites: upgrade 1.4.0 -> 1.4.1 python3-cryptography: upgrade 37.0.3 -> 37.0.4 python3-cryptography-vectors: upgrade 37.0.3 -> 37.0.4 python3-hatchling: upgrade 1.3.1 -> 1.5.0 python3-imagesize: upgrade 1.3.0 -> 1.4.1 python3-jsonschema: upgrade 4.6.1 -> 4.7.1 python3-numpy: upgrade 1.23.0 -> 1.23.1 python3-typing-extensions: upgrade 4.2.0 -> 4.3.0 python3-urllib3: upgrade 1.26.9 -> 1.26.10 init-system-helpers: upgrade 1.63 -> 1.64 dpkg: upgrade 1.21.8 -> 1.21.9 meta-security: 8c6fe006a1..7ad5f6a9da: Armin Kuster (32): apparmor: fix ownership issues sssd:move to dynamic networking-layer layer.conf:add meta-netorking to BBFILES_DYNAMIC packagegroup-core-security: drop sssd packagegroup-core-security.bbappend: add sssd oeqa: fix checksec runtime test sssd: use example conf file oeqa: sssd.py fix tests sssd: update to 2.7.1 security-test-image: auto include layers if present. smack-test: more py3 covertion oeqa: update smack runtime test aide: add a few more config options oeqa: add aide test libmhash: add native pkg support classes: add aide routines aide: add native support for build time db creation aide.conf: adjust to allow for build time db creation firejail: Add new package oeqa: Add a very basic firejail test packagegroup-core-security: add firejail security-test-image: add firejail and aide test suites oeqa/clamav drop depricated --list-mirror test oeqa: meta-tpm shut swtpm down before and after testing oeqa: shut done swtpm before and after testing ccs-tools: update to 1.8.9 lynis: update to 3.0.8 README: update email address packagegroup-core-security: skip mips firejail chipsec: update to 1.8.5 security-build-image: add lkrg-module to build image lkrg: update to 0.9.3 Jeremy A. Puhlman (2): clamav: make install owner match the added user name python3-privacyidea: add correct path to lib/privacyidea Jose Quaresma (1): meta-integrity: kernel-modsign: prevents splitting out debug symbols Yi Zhao (1): aide: fix typo meta-openembedded: 11df15765c..31c10bd3e6: Adrian Freihofer (3): firewalld: update to 1.1.1 fixes ptest firewalld: upgrade 1.1.1 -> 1.2.0 libqmi: upgrade 1.30.4 -> 1.30.8 Akash Hadke (2): ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g" iperf: Set CVE_PRODUCT to "iperf_project:iperf" Alex Kiernan (2): jansson: Upgrade 2.13.1 -> 2.14 nftables: Upgrade 1.0.2 -> 1.0.4 Alex Stewart (1): openvpn: distribute sample-config-files Andreas Müller (1): glmark2: Build with meson Andrej Valek (1): poco: upgrade 1.11.3 -> 1.12.0 Andrew Davis (1): libsdl: The libsdl and libsdl2 are not virtual Ashish Sharma (1): netserver: don't change permissions on /dev/null Aurélien Bertron (1): fix(syslog-ng): warning about conf version Bartosz Golaszewski (1): python3-pybluez: fix a runtime issue with python 3.10 Ben Powell (1): python3-can: Add typing-extensions dependency Changqing Li (3): chrony: create /var/lib/chrony by systemd-tmpfiles redis: upgrade 6.2.6 -> 6.2.7 redis: upgrade 7.0.0 to 7.0.2 Chen Qi (2): apache2: split out a new package apache2-utils ntfs-3g-ntfsprogs: upgrade to 2022.5.17 Daide Li (1): python3-iperf: initial add 0.1.11 Davide Gardenal (9): usrsctp: add CVE_VERSION to correctly check for CVEs ntp: ignore many CVEs openflow: ignore CVE-2018-1078 emlog: ignore unrelated CVEs imagemagick: upgrade 7.0.10-25 -> 7.0.10-62 wireshark: upgrade 3.4.11 -> 3.4.12 thrift: add CVE_PRODUCT to fix CVE reporting spice: ignore patched CVEs quagga: ignore CVE-2016-4049 Fabien Parent (1): gpsd-machine-conf: allow creation of an empty package Harshal (1): lldpd: upgrade 1.0.8 -> 1.0.14 Hitendra Prajapati (1): cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands Jan Vermaete (1): netdata: version bump 1.34.1 -> 1.35.0 Javier Viguera (1): networkmanager: fix build with enabled ppp Jeremy Puhlman (1): freeradius: mutlilib fixes Jonas Gorski (1): abseil-cpp: do not enforce -mfpu=neon on arm Kai Kang (4): libdbi-perl: fix interpreter on shebang line libdev-checklib-perl: fix interpreter of script use-devel-checklib libparse-yapp-perl: update interpreter of yapp python3-flatbuffer: enable native Khem Raj (8): libxml++: Disable parallel make in ptest compile geos: Disable inlining php: Fix absolute paths to php in phar.phar scripts libspiro: Add recipe fontforge: Upgrade to 20220308 opencv: Link with libatomic on mips fontforge: Use alternate way to detect libm opencv: Link with libatomic on rv32 Leon Anavi (19): python3-traitlets: Upgrade 5.2.1 -> 5.3.0 python3-humanize: Upgrade 4.1.0 -> 4.2.0 python3-autobahn: Upgrade 22.4.2 -> 22.5.1 python3-elementpath: Upgrade 2.5.0 -> 2.5.3 python3-eth-hash: Upgrade 0.3.2 -> 0.3.3 python3-serpent: Upgrade 1.40 -> 1.41 python3-web3: Upgrade 5.29.1 -> 5.29.2 python3-pika: Upgrade 1.2.1 -> 1.3.0 python3-tabulate: Upgrade 0.8.9 -> 0.8.10 python3-marshmallow: Upgrade 3.15.0 -> 3.17.0 python3-pychromecast: Upgrade 12.1.3 -> 12.1.4 python3-humanize: Upgrade 4.2.0 -> 4.2.3 python3-tornado: Upgrade 6.1 -> 6.2 python3-coverage: Upgrade 6.3.2 -> 6.4.1 python3-email-validator: Upgrade 1.1.3 -> 1.2.1 python3-networkx: Upgrade 2.7.1 -> 2.8.4 python3-unidiff: Upgrade 0.7.3 -> 0.7.4 python3-toolz: Upgrade 0.11.2 -> 0.12.0 python3-ansi2html: Upgrade 1.7.0 -> 1.8.0 Marcus Flyckt (1): python3-pyconnman: Add 'future' runtime dependency Markus Volk (1): flatbuffers: update to 2.0.6 Martin Jansa (3): glmark2: fix compatibility with python-3.11 leveldb: switch from master branch to main tesseract-lang: switch from master branch to main Mikko Rapeli (1): polkit: switch back to mozjs but leave duktape as PACKAGECONFIG option Mingli Yu (3): kronosnet: Fix build with gcc-12 s-nail: Fix build with gcc-12 mariadb: Upgrade to 10.8.3 Pascal Bach (1): python3-pybind11: upgrade 2.8.1 -> 2.9.2 Peter Kjellerstedt (1): cryptsetup: Add support for building without SSH tokens Ross Burton (5): python3-cbor2: upgrade 5.4.2 to 5.4.3 cppzmq: fix -dev RDEPENDS python3-hatchling: remove (now in oe-core) python3-pathspec: remove (now in oe-core) python3-editables: remove (now in oe-core) Sakib Sajal (1): minicoredumper: retry elf parsing as long as needed Theodore A. Roth (1): crda: Depend on correct wireless-regdb package Wentao Zhang (1): protobuf-c: update to 1.4.1 fix CVE-2022-33070 Xu Huan (20): python3-lxml: upgrade 4.8.0 -> 4.9.0 python3-msgpack: upgrade 1.0.3 -> 1.0.4 python3-protobuf: upgrade 3.20.1 -> 4.21.1 python3-mypy: upgrade 0.960 -> 0.961 python3-pylint: upgrade 2.13.9 -> 2.14.1 python3-smbus2: upgrade 0.4.1 -> 0.4.2 python3-pillow: upgrade 9.0.1 -> 9.1.1 python3-pychromecast: upgrade 12.1.2 -> 12.1.3 python3-pylint: upgrade 2.14.1 -> 2.14.3 python3-pyscaffold: upgrade 4.2.2 -> 4.2.3 python3-redis: upgrade 4.3.1 -> 4.3.3 python3-aiohue: upgrade 4.4.1 -> 4.4.2 python3-astroid: upgrade 2.11.5 -> 2.11.6 python3-charset-normalizer: upgrade 2.0.12 -> 2.1.0 python3-colorama: upgrade 0.4.4 -> 0.4.5 python3-eth-typing: upgrade 3.0.0 -> 3.1.0 python3-autobahn: upgrade 22.5.1 -> 22.6.1 python3-awesomeversion: upgrade 22.5.2 -> 22.6.0 python3-grpcio: upgrade 1.45.0 -> 1.47.0 python3-lxml: upgrade 4.9.0 -> 4.9.1 Yi Zhao (12): openldap: pass correct URANDOM_DEVICE to CPPFLAGS openvpn: eliminate build path from openvpn --version option grubby: fix syntax for ALTERNATIVE duktape: fix override syntax in RDEPENDS polkit-group-rule-udisks2: fix override syntax in RDEPENDS libcrypt-openssl-guess-perl: fix syntax for PROVIDES evince: fix typo for RRECOMMENDS blueman: fix typo for RRECOMMENDS dnsmasq: Security fix CVE-2022-0934 strongswan: upgrade 5.9.5 -> 5.9.6 openvpn: add PACKAGECONFIG for systemd openvpn: add PACKAGECONFIG for selinux Yue Tao (2): exo: upgrade 4.16.3 -> 4.16.4 dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291 Zoltán Böszörményi (5): opencv: Upgrade to version 4.6.0 proj: Upgrade to 8.2.1 python3-pyproj: New recipe for pyproj version 3.3.1 geos: Upgrade to 3.9.3 libspatialite: Upgrade to 5.0.1 jybros (1): clinfo: use virtual opencl loader provider wangmy (72): python3-cantools: upgrade 37.0.7 -> 37.1.0 python3-regex: upgrade 2022.4.24 -> 2022.6.2 python3-sqlalchemy: upgrade 1.4.36 -> 1.4.37 python3-twine: upgrade 4.0.0 -> 4.0.1 python3-waitress: upgrade 2.1.1 -> 2.1.2 python3-xmlschema: upgrade 1.11.0 -> 1.11.1 gspell: upgrade 1.10.0 -> 1.11.1 ctags: upgrade 5.9.20220529.0 -> 5.9.20220605.0 feh: upgrade 3.8 -> 3.9 inotify-tools: upgrade 3.22.1.0 -> 3.22.6.0 apache2: upgrade 2.4.53 -> 2.4.54 libnftnl: upgrade 1.2.1 -> 1.2.2 nbdkit: upgrade 1.31.7 -> 1.31.8 irssi: upgrade 1.2.3 -> 1.4.1 musl-nscd: upgrade 1.0.2 -> 1.1.0 rdma-core: upgrade 40.0 -> 41.0 snort: upgrade 2.9.19 -> 2.9.20 php: upgrade 8.1.6 -> 8.1.7 poco: upgrade 1.11.2 -> 1.11.3 pyxdg: upgrade 0.27 -> 0.28 syslog-ng: upgrade 3.36.1 -> 3.37.1 dnf-plugin-tui: Added postatinstall python3-dill: upgrade 0.3.4 -> 0.3.5.1 python3-robotframework-seriallibrary: upgrade 0.3.1 -> 0.4.3 python3-ujson: upgrade 5.1.0 -> 5.3.0 python3-watchdog: upgrade 2.1.8 -> 2.1.9 python3-websocket-client: upgrade 1.3.2 -> 1.3.3 gnome-commander: upgrade 1.14.2 -> 1.14.3 libwacom: upgrade 2.2.0 -> 2.3.0 nbdkit: upgrade 1.31.8 -> 1.31.9 googletest: upgrade 1.11.0 -> 1.12.0 gperftools: upgrade 2.9.1 -> 2.10 iwd: upgrade 1.27 -> 1.28 libzip: upgrade 1.8.0 -> 1.9.0 postgresql: upgrade 14.3 -> 14.4 uftrace: upgrade 0.11 -> 0.12 python3-googleapis-common-protos: upgrade 1.56.2 -> 1.56.3 python3-ifaddr: upgrade 0.1.7 -> 0.2.0 python3-jmespath: upgrade 1.0.0 -> 1.0.1 python3-pandas: upgrade 1.4.2 -> 1.4.3 python3-zeroconf: upgrade 0.38.6 -> 0.38.7 geocode-glib: upgrade 3.26.2 -> 3.26.3 gnome-bluetooth: upgrade 42.0 -> 42.1 gnome-calculator: upgrade 42.0 -> 42.2 gnome-text-editor: upgrade 42.1 -> 42.2 gtk4: upgrade 4.6.4 -> 4.6.6 gtksourceview5: upgrade 5.4.1 -> 5.4.2 gvfs: upgrade 1.50.0 -> 1.50.2 abseil-cpp: upgrade 20211102 -> 20220623 capnproto: upgrade 0.9.1 -> 0.10.2 ctags: upgrade 5.9.20220605.0 -> 5.9.20220703.0 fwupd: upgrade 1.7.6 -> 1.8.1 googletest: upgrade 1.12.0 -> 1.12.1 nautilus: upgrade 42.1.1 -> 42.2 nbdkit: upgrade 1.31.9 -> 1.31.10 openconnect: upgrade 8.20 -> 9.01 bats: upgrade 1.6.1 -> 1.7.0 cloc: upgrade 1.92 -> 1.94 hwdata: upgrade 0.360 -> 0.361 libvpx: upgrade 1.11.0 -> 1.12.0 libzip: upgrade 1.9.0 -> 1.9.2 pegtl: upgrade 3.2.5 -> 3.2.6 phoronix-test-suite: upgrade 10.8.3 -> 10.8.4 poppler: upgrade 22.06.0 -> 22.07.0 netdata: upgrade 1.35.0 -> 1.35.1 evince: upgrade 42.2 -> 42.3 gjs: upgrade 1.72.0 -> 1.72.1 gnome-bluetooth: upgrade 42.1 -> 42.2 libadwaita: upgrade 1.1.1 -> 1.1.2 liburing: upgrade 2.1 -> 2.2 libcrypt-openssl-rsa-perl: upgrade 0.32 -> 0.33 libencode-perl: upgrade 3.17 -> 3.18 zhengruoqin (23): python3-absl: upgrade 1.0.0 -> 1.1.0 python3-alembic: upgrade 1.7.7 -> 1.8.0 python3-asyncinotify: upgrade 2.0.3 -> 2.0.4 python3-crc32c: upgrade 2.2.post0 -> 2.3 python3-msk: upgrade 0.3.16 -> 0.4.0 python3-bitstruct: upgrade 8.14.1 -> 8.15.1 python3-google-api-python-client: upgrade 2.49.0 -> 2.50.0 python3-google-auth: upgrade 2.6.6 -> 2.7.0 python3-xmlschema: upgrade 1.11.1 -> 1.11.2 python3-flask-wtf: upgrade 0.15.1 -> 1.0.1 python3-gnupg: upgrade 0.4.8 -> 0.4.9 python3-google-api-python-client: upgrade 2.50.0 -> 2.51.0 python3-kiwisolver: upgrade 1.4.2 -> 1.4.3 python3-nmap: upgrade 1.5.1 -> 1.5.4 python3-asyncinotify: upgrade 2.0.4 -> 2.0.5 python3-google-auth: upgrade 2.7.0 -> 2.8.0 python3-protobuf: upgrade 4.21.1 -> 4.21.2 python3-sqlalchemy: upgrade 1.4.37 -> 1.4.39 python3-xmlschema: upgrade 1.11.2 -> 1.11.3 python3-engineio: upgrade 4.3.2 -> 4.3.3 python3-google-api-core: upgrade 2.8.0 -> 2.8.2 python3-google-auth: upgrade 2.8.0 -> 2.9.0 python3-grpcio-tools: upgrade 1.46.3 -> 1.47.0 Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I22f0dab7f3253d77cc99fd462c6be45ddeb333cd
Diffstat (limited to 'meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb')
-rw-r--r--meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb310
1 files changed, 310 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
new file mode 100644
index 0000000000..987cc640e1
--- /dev/null
+++ b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/firewalld_1.2.0.bb
@@ -0,0 +1,310 @@
+SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
+HOMEPAGE = "https://firewalld.org/"
+BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
+UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "\
+ https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
+ file://firewalld.init \
+ file://run-ptest \
+"
+SRC_URI[sha256sum] = "28fd90e88bda0dfd460f370f353474811b2e295d7eb27f0d7d18ffa3d786eeb7"
+
+# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
+DEPENDS = "intltool-native glib-2.0-native nftables"
+
+inherit gettext autotools-brokensep bash-completion pkgconfig python3native python3-dir gsettings systemd update-rc.d ptest
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
+PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
+PACKAGECONFIG[ipset] = "--with-ipset=${sbindir}/ipset,--without-ipset,,ipset"
+PACKAGECONFIG[ebtables] = "--with-ebtables=${base_sbindir}/ebtables --with-ebtables-restore=${sbindir}/ebtables-legacy-restore,--without-ebtables --without-ebtables-restore,,ebtables"
+
+# Default logging configuration: mixed syslog file console
+FIREWALLD_DEFAULT_LOG_TARGET ??= "syslog"
+
+# The UIs are not yet tested and the dependencies are probably not quite correct yet.
+# Splitting into separate packages is beneficial so that no dead code is transferred
+# to the target device.
+# Without enabling qt5, the firewalld-config package is not usable.
+# Without enabling qt5 and gtk, the firewalld-applet package is not usable.
+PACKAGECONFIG[qt5] = ""
+PACKAGECONFIG[gtk] = ""
+
+PACKAGES =+ "python3-firewall ${PN}-applet ${PN}-config ${PN}-offline-cmd ${PN}-zsh-completion ${PN}-log-rotate"
+
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of them.
+# However we still need iptables and ip6tables to be available otherwise any
+# application relying on "direct passthrough" rules (such as docker) will break.
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which we aren't using, so we disable that.
+EXTRA_OECONF = "\
+ --with-iptables=${sbindir}/iptables \
+ --with-iptables-restore=${sbindir}/iptables-restore \
+ --with-ip6tables=${sbindir}/ip6tables \
+ --with-ip6tables-restore=${sbindir}/ip6tables-restore \
+ --disable-sysconfig \
+"
+
+INITSCRIPT_NAME = "firewalld"
+SYSTEMD_SERVICE:${PN} = "firewalld.service"
+
+# kernel modules loaded after ptest execution (linux-yocto 5.15)
+FIREWALLD_KERNEL_MODULES ?= "\
+ xt_tcpudp \
+ xt_TCPMSS \
+ xt_set \
+ xt_sctp \
+ xt_REDIRECT \
+ xt_pkttype \
+ xt_NFLOG \
+ xt_nat \
+ xt_MASQUERADE \
+ xt_mark \
+ xt_mac \
+ xt_LOG \
+ xt_limit \
+ xt_dccp \
+ xt_CT \
+ xt_conntrack \
+ xt_CHECKSUM \
+ nft_redir \
+ nft_objref \
+ nft_nat \
+ nft_masq \
+ nft_log \
+ nfnetlink_log \
+ nf_nat_tftp \
+ nf_nat_sip \
+ nf_nat_ftp \
+ nf_log_syslog \
+ nf_conntrack_tftp \
+ nf_conntrack_sip \
+ nf_conntrack_netbios_ns \
+ nf_conntrack_ftp \
+ nf_conntrack_broadcast \
+ ipt_REJECT \
+ ip6t_rpfilter \
+ ip6t_REJECT \
+ ip_set_hash_netport \
+ ip_set_hash_netnet \
+ ip_set_hash_netiface \
+ ip_set_hash_net \
+ ip_set_hash_mac \
+ ip_set_hash_ipportnet \
+ ip_set_hash_ipport \
+ ip_set_hash_ipmark \
+ ip_set_hash_ip \
+ ebt_ip6 \
+ nft_fib_inet \
+ nft_fib_ipv4 \
+ nft_fib_ipv6 \
+ nft_fib \
+ nft_reject_inet \
+ nf_reject_ipv4 \
+ nf_reject_ipv6 \
+ nft_reject \
+ nft_ct \
+ nft_chain_nat \
+ ebtable_nat \
+ ebtable_broute \
+ ip6table_nat \
+ ip6table_mangle \
+ ip6table_raw \
+ ip6table_security \
+ iptable_nat \
+ nf_nat \
+ nf_conntrack \
+ nf_defrag_ipv6 \
+ nf_defrag_ipv4 \
+ iptable_mangle \
+ iptable_raw \
+ iptable_security \
+ ip_set \
+ ebtable_filter \
+ ebtables \
+ ip6table_filter \
+ ip6_tables \
+ iptable_filter \
+ ip_tables \
+ x_tables \
+ sch_fq_codel \
+"
+
+do_configure:prepend() {
+ export DEFAULT_LOG_TARGET=${FIREWALLD_DEFAULT_LOG_TARGET}
+}
+
+do_install:append() {
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then
+ # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
+ rm -rf ${D}${sysconfdir}/rc.d/
+ install -d ${D}${sysconfdir}/init.d
+ install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'polkit', 'false', 'true', d)}; then
+ # Delete polkit profiles if polkit is not available
+ rm -rf ${D}${datadir}/polkit-1
+ fi
+
+ # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
+ # so now we need to fix up any references to point at the proper path in the image.
+ # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
+ if [ ${PN} != "${BPN}-native" ]; then
+ sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
+ ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+ fi
+ sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
+ ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+
+ # This file contains Red Hat-isms. Modules get loaded without it.
+ rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
+}
+
+do_install_ptest:append() {
+ # Add kernel modules to the ptest script
+ if [ ${PTEST_ENABLED} = "1" ]; then
+ sed -i -e 's:@@FIREWALLD_KERNEL_MODULES@@:${FIREWALLD_KERNEL_MODULES}:g' \
+ ${D}${PTEST_PATH}/run-ptest
+ fi
+}
+
+SUMMARY:python3-firewall = "${SUMMARY} (Python3 bindings)"
+FILES:python3-firewall = "\
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/config/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/config/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/core/io/__pycache__/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/server/*.py* \
+ ${PYTHON_SITEPACKAGES_DIR}/firewall/server/__pycache__/*.py* \
+"
+RDEPENDS:python3-firewall = "\
+ python3-dbus \
+ nftables-python \
+ python3-pygobject \
+"
+
+# Do not depend on QT5 layer and GTK deps if not explicitely required.
+FIREWALLD_QT5_RDEPENDS = "\
+ ${PN}-config \
+ hicolor-icon-theme \
+ python3-pyqt5 \
+ python3-pygobject \
+ libnotify \
+ networkmanager \
+"
+FIREWALLD_GTK_RDEPENDS = "\
+ gtk3 \
+"
+
+# A QT5 based UI
+SUMMARY:${PN}-config = "${SUMMARY} (configuration application)"
+FILES:${PN}-config = "\
+ ${bindir}/firewall-config \
+ ${datadir}/firewalld/firewall-config.glade \
+ ${datadir}/firewalld/gtk3_chooserbutton.py* \
+ ${datadir}/firewalld/gtk3_niceexpander.py* \
+ ${datadir}/applications/firewall-config.desktop \
+ ${datadir}/metainfo/firewall-config.appdata.xml \
+ ${datadir}/icons/hicolor/*/apps/firewall-config*.* \
+"
+RDEPENDS:${PN}-config += "\
+ python3-core \
+ python3-ctypes \
+ ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+"
+
+# A GTK3 applet depending on the QT5 firewall-config UI
+SUMMARY:${PN}-applet = "${SUMMARY} (panel applet)"
+FILES:${PN}-applet += "\
+ ${bindir}/firewall-applet \
+ ${sysconfdir}/xdg/autostart/firewall-applet.desktop \
+ ${sysconfdir}/firewall/applet.conf \
+ ${datadir}/icons/hicolor/*/apps/firewall-applet*.* \
+"
+RDEPENDS:${PN}-applet += "\
+ python3-core \
+ python3-ctypes \
+ ${@bb.utils.contains('PACKAGECONFIG', 'qt5', '${FIREWALLD_QT5_RDEPENDS}', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'gtk', '${FIREWALLD_GTK_RDEPENDS}', '', d)} \
+"
+
+SUMMARY:${PN}-offline-cmd = "${SUMMARY} (offline configuration utility)"
+FILES:${PN}-offline-cmd += " \
+ ${bindir}/firewall-offline-cmd \
+"
+RDEPENDS:${PN}-offline-cmd += "python3-core"
+
+SUMMARY:${PN}-log-rotate = "${SUMMARY} (log-rotate configuration)"
+FILES:${PN}-log-rotate += "${sysconfdir}/logrotate.d"
+
+# To get allmost all tests passing
+# - Enable PACKAGECONFIG ipset, ebtable
+# - Enough RAM QB_MEM = "-m 8192" (used für fancy ipset tests)
+FILES:${PN}-ptest += "\
+ ${datadir}/firewalld/testsuite \
+"
+RDEPENDS:${PN}-ptest += "\
+ python3-unittest \
+ ${PN}-offline-cmd \
+ procps-ps \
+ iproute2 \
+"
+RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-localedata-en-us"
+
+FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
+
+FILES:${PN} += "\
+ ${PYTHON_SITEPACKAGES_DIR}/firewall \
+ ${nonarch_libdir}/firewalld \
+ ${datadir}/dbus-1 \
+ ${datadir}/polkit-1 \
+ ${datadir}/metainfo \
+ ${datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml \
+"
+RDEPENDS:${PN} += "\
+ python3-firewall \
+ iptables \
+ python3-core \
+ python3-io \
+ python3-fcntl \
+ python3-syslog \
+ python3-xml \
+ python3-json \
+ python3-ctypes \
+ python3-pprint \
+"
+# If firewalld writes a log file rotation is needed
+RRECOMMENDS:${PN} += "${@bb.utils.contains_any('FIREWALLD_DEFAULT_LOG_TARGET', [ 'mixed', 'file' ], '${PN}-log-rotate', '', d)}"
+
+# Add required kernel modules. With Yocto kernel 5.15 this currently means:
+# - features/nf_tables/nf_tables.scc
+# - features/netfilter/netfilter.scc
+# - cgl/features/audit/audit.scc
+# - cfg/net/ip6_nf.scc
+# - Plus:
+# - ebtables
+# - ipset
+# - CONFIG_IP6_NF_SECURITY=m
+# - CONFIG_IP6_NF_MATCH_RPFILTER=m
+# - CONFIG_IP6_NF_TARGET_REJECT=m
+# - CONFIG_NFT_OBJREF=m
+# - CONFIG_NFT_FIB=m
+# - CONFIG_NFT_FIB_INET=m
+# - CONFIG_NFT_FIB_IPV4=m
+# - CONFIG_NFT_FIB_IPV6=m
+# - CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
+# - CONFIG_NETFILTER_XT_SET=m
+def get_kernel_deps(d):
+ kmodules = (d.getVar('FIREWALLD_KERNEL_MODULES') or "").split()
+ return ' '.join([ 'kernel-module-' + mod.replace('_', '-').lower() for mod in kmodules ])
+RRECOMMENDS:${PN} += "${@get_kernel_deps(d)}"
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-02 05:52:38 +0300