summaryrefslogtreecommitdiff
blob: d5607a7b2b8013ffe4d4717e76c95f15bcbd139f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=6

SSL_CERT_MANDATORY=1
inherit autotools flag-o-matic pam ssl-cert

DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"
HOMEPAGE="http://www.nufw.org/"
SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 x86"
IUSE="debug ldap mysql pam pam_nuauth plaintext postgres unicode nfqueue nfconntrack static syslog test"

REQUIRED_USE="pam_nuauth? ( plaintext )"
DEPEND="
	dev-libs/cyrus-sasl
	dev-libs/glib:2
	dev-libs/libgcrypt:=
	dev-python/IPy
	net-firewall/iptables
	net-libs/gnutls:=
	ldap? ( >=net-nds/openldap-2:= )
	mysql? ( dev-db/mysql-connector-c:= )
	nfconntrack? ( net-libs/libnetfilter_conntrack )
	nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )
	pam? ( sys-libs/pam )
	pam_nuauth? ( sys-libs/pam )
	postgres? ( dev-db/postgresql:*[server] )
"
RDEPEND=${DEPEND}

PATCHES=(
	"${FILESDIR}/${P}-var-run.patch"
	"${FILESDIR}/${P}-gnutls-3.4.patch"
)

RESTRICT="test"

src_prepare() {
	default
	sed -i \
		-e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \
		-e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \
		conf/nuauth.conf || die
	sed -i \
		-e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \
		src/clients/pam_nufw/Makefile.am || die
	eautoreconf
}

src_configure() {
	append-cflags -fcommon
	econf \
		$(use_enable debug) \
		$(use_enable pam_nuauth pam-nufw) \
		$(use_enable static) \
		$(use_with ldap) \
		$(use_with mysql mysql-auth) \
		$(use_with mysql mysql-log) \
		$(use_with nfconntrack) \
		$(use_with nfqueue) \
		$(use_with pam system-auth) \
		$(use_with plaintext plaintext-auth) \
		$(use_with postgres pgsql-log) \
		$(use_with syslog syslog-log) \
		$(use_with unicode utf8) \
		--without-prelude-log \
		--enable-shared \
		--includedir="/usr/include/nufw" \
		--localstatedir="/var" \
		--sysconfdir="/etc/nufw" \
		--with-mark-group \
		--with-user-mark
}

src_install() {
	default
	find "${ED}" -name '*.la' -delete || die

	newinitd "${FILESDIR}"/nufw-init.d nufw
	newconfd "${FILESDIR}"/nufw-conf.d nufw

	newinitd "${FILESDIR}"/nuauth-init.d nuauth
	newconfd "${FILESDIR}"/nuauth-conf.d nuauth

	insinto /etc/nufw
	doins conf/nuauth.conf

	docinto scripts
	dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}
	docinto conf
	dodoc conf/*.{nufw,schema,conf,dump,xml}

	if use pam; then
		pamd_mimic system-auth nufw auth account password session
	fi
}

pkg_postinst() {
	install_cert /etc/nufw/{nufw,nuauth}
}