1*4882a593SmuzhiyunSUMMARY = "Dynamic firewall daemon with a D-Bus interface"
2*4882a593SmuzhiyunHOMEPAGE = "https://firewalld.org/"
3*4882a593SmuzhiyunBUGTRACKER = "https://github.com/firewalld/firewalld/issues"
4*4882a593SmuzhiyunUPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases"
5*4882a593SmuzhiyunLICENSE = "GPL-2.0-or-later"
6*4882a593SmuzhiyunLIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
7*4882a593Smuzhiyun
8*4882a593SmuzhiyunSRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
9*4882a593Smuzhiyun           file://firewalld.init \
10*4882a593Smuzhiyun"
11*4882a593SmuzhiyunSRC_URI[sha256sum] = "52c5e3d5b1e2efc0e86c22b2bc1f7fd80908cc2d8130157dc2a3517a59b0a760"
12*4882a593Smuzhiyun
13*4882a593Smuzhiyun# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
14*4882a593SmuzhiyunDEPENDS = "intltool-native glib-2.0-native nftables"
15*4882a593Smuzhiyun
16*4882a593Smuzhiyuninherit gettext autotools bash-completion pkgconfig python3native gsettings systemd update-rc.d
17*4882a593Smuzhiyun
18*4882a593SmuzhiyunPACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
19*4882a593SmuzhiyunPACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd"
20*4882a593SmuzhiyunPACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native"
21*4882a593Smuzhiyun
22*4882a593SmuzhiyunPACKAGES += "${PN}-zsh-completion"
23*4882a593Smuzhiyun
24*4882a593Smuzhiyun# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
25*4882a593Smuzhiyun# when the nftables backend is available, because nftables supersedes all of them.
26*4882a593Smuzhiyun# However we still need iptables and ip6tables to be available otherwise any
27*4882a593Smuzhiyun# application relying on "direct passthrough" rules (such as docker) will break.
28*4882a593Smuzhiyun# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
29*4882a593Smuzhiyun# the Red Hat-specific init script which we aren't using, so we disable that.
30*4882a593SmuzhiyunEXTRA_OECONF = "\
31*4882a593Smuzhiyun    --without-ipset \
32*4882a593Smuzhiyun    --with-iptables=${sbindir}/iptables \
33*4882a593Smuzhiyun    --with-iptables-restore=${sbindir}/iptables-restore \
34*4882a593Smuzhiyun    --with-ip6tables=${sbindir}/ip6tables \
35*4882a593Smuzhiyun    --with-ip6tables-restore=${sbindir}/ip6tables-restore \
36*4882a593Smuzhiyun    --without-ebtables \
37*4882a593Smuzhiyun    --without-ebtables-restore \
38*4882a593Smuzhiyun    --disable-sysconfig \
39*4882a593Smuzhiyun"
40*4882a593Smuzhiyun
41*4882a593SmuzhiyunINITSCRIPT_NAME = "firewalld"
42*4882a593SmuzhiyunSYSTEMD_SERVICE:${PN} = "firewalld.service"
43*4882a593Smuzhiyun
44*4882a593Smuzhiyundo_install:append() {
45*4882a593Smuzhiyun    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
46*4882a593Smuzhiyun        :
47*4882a593Smuzhiyun    else
48*4882a593Smuzhiyun        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
49*4882a593Smuzhiyun        rm -rf ${D}${sysconfdir}/rc.d/
50*4882a593Smuzhiyun        install -d ${D}${sysconfdir}/init.d
51*4882a593Smuzhiyun        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
52*4882a593Smuzhiyun    fi
53*4882a593Smuzhiyun
54*4882a593Smuzhiyun    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
55*4882a593Smuzhiyun    # so now we need to fix up any references to point at the proper path in the image.
56*4882a593Smuzhiyun    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
57*4882a593Smuzhiyun    if [ ${PN} != "${BPN}-native" ]; then
58*4882a593Smuzhiyun        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
59*4882a593Smuzhiyun            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
60*4882a593Smuzhiyun    fi
61*4882a593Smuzhiyun    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
62*4882a593Smuzhiyun        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun    # This file contains Red Hat-isms. Modules get loaded without it.
65*4882a593Smuzhiyun    rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf
66*4882a593Smuzhiyun}
67*4882a593Smuzhiyun
68*4882a593SmuzhiyunFILES:${PN} += "\
69*4882a593Smuzhiyun    ${PYTHON_SITEPACKAGES_DIR}/firewall \
70*4882a593Smuzhiyun    ${nonarch_libdir}/firewalld \
71*4882a593Smuzhiyun    ${datadir}/dbus-1 \
72*4882a593Smuzhiyun    ${datadir}/polkit-1 \
73*4882a593Smuzhiyun    ${datadir}/metainfo \
74*4882a593Smuzhiyun"
75*4882a593SmuzhiyunFILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"
76*4882a593Smuzhiyun
77*4882a593SmuzhiyunRDEPENDS:${PN} = "\
78*4882a593Smuzhiyun    nftables-python \
79*4882a593Smuzhiyun    iptables \
80*4882a593Smuzhiyun    python3-core \
81*4882a593Smuzhiyun    python3-io \
82*4882a593Smuzhiyun    python3-fcntl \
83*4882a593Smuzhiyun    python3-shell \
84*4882a593Smuzhiyun    python3-syslog \
85*4882a593Smuzhiyun    python3-xml \
86*4882a593Smuzhiyun    python3-dbus \
87*4882a593Smuzhiyun    python3-slip-dbus \
88*4882a593Smuzhiyun    python3-decorator \
89*4882a593Smuzhiyun    python3-pygobject \
90*4882a593Smuzhiyun    python3-json \
91*4882a593Smuzhiyun    python3-ctypes \
92*4882a593Smuzhiyun"
93