1SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
2HOMEPAGE = "https://firewalld.org/"
3BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
4UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
5LICENSE = "GPL-2.0-or-later"
6LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
7
8SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
9           file://firewalld.init \
10"
11SRC_URI[sha256sum] = "52c5e3d5b1e2efc0e86c22b2bc1f7fd80908cc2d8130157dc2a3517a59b0a760"
12
13# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
14DEPENDS = "intltool-native glib-2.0-native nftables"
15
16inherit gettext autotools bash-completion pkgconfig python3native gsettings systemd update-rc.d
17
18PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
19PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
20PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
21
22PACKAGES += "${PN}-zsh-completion"
23
24# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
25# when the nftables backend is available, because nftables supersedes all of them.
26# However we still need iptables and ip6tables to be available otherwise any
27# application relying on "direct passthrough" rules (such as docker) will break.
28# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
29# the Red Hat-specific init script which we aren't using, so we disable that.
30EXTRA_OECONF = "\
31    --without-ipset \
32    --with-iptables=${sbindir}/iptables \
33    --with-iptables-restore=${sbindir}/iptables-restore \
34    --with-ip6tables=${sbindir}/ip6tables \
35    --with-ip6tables-restore=${sbindir}/ip6tables-restore \
36    --without-ebtables \
37    --without-ebtables-restore \
38    --disable-sysconfig \
39"
40
41INITSCRIPT_NAME = "firewalld"
42SYSTEMD_SERVICE:${PN} = "firewalld.service"
43
44do_install:append() {
45    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
46        :
47    else
48        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
49        rm -rf ${D}${sysconfdir}/rc.d/
50        install -d ${D}${sysconfdir}/init.d
51        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
52    fi
53
54    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
55    # so now we need to fix up any references to point at the proper path in the image.
56    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
57    if [ ${PN} != "${BPN}-native" ]; then
58        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
59            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
60    fi
61    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
62        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
63
64    # This file contains Red Hat-isms. Modules get loaded without it.
65    rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
66}
67
68FILES:${PN} += "\
69    ${PYTHON_SITEPACKAGES_DIR}/firewall \
70    ${nonarch_libdir}/firewalld \
71    ${datadir}/dbus-1 \
72    ${datadir}/polkit-1 \
73    ${datadir}/metainfo \
74"
75FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
76
77RDEPENDS:${PN} = "\
78    nftables-python \
79    iptables \
80    python3-core \
81    python3-io \
82    python3-fcntl \
83    python3-shell \
84    python3-syslog \
85    python3-xml \
86    python3-dbus \
87    python3-slip-dbus \
88    python3-decorator \
89    python3-pygobject \
90    python3-json \
91    python3-ctypes \
92"
93