[meta-networking][PATCH] firewalld: add new recipe

[meta-networking][PATCH] firewalld: add new recipe

[Dan Callaghan]

Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
---
 ...a-separate-directory-outside-the-sou.patch | 77 +++++++++++++++++++
 .../firewalld/files/firewalld.init            | 48 ++++++++++++
 .../firewalld/firewalld_0.6.3.bb              | 68 ++++++++++++++++
 3 files changed, 193 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
 create mode 100644 meta-networking/recipes-connectivity/firewalld/files/firewalld.init
 create mode 100644 meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb

diff --git a/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
new file mode 100644
index 000000000..3f34ff2e4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
@@ -0,0 +1,77 @@
+firewalld: fix building in a separate directory outside the source tree
+
+Upstream-Status: Submitted [https://github.com/firewalld/firewalld/pull/456]
+Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
+
+diff --git a/config/Makefile.am b/config/Makefile.am
+index 7048d2ee..5270d408 100644
+--- a/config/Makefile.am
++++ b/config/Makefile.am
+@@ -377,11 +377,11 @@ install-config:
+ 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/zones
+ 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers
+ 	$(MKDIR_P) $(DESTDIR)$(prefixlibdir)
+-	cp -r icmptypes $(DESTDIR)$(prefixlibdir)
+-	cp -r ipsets $(DESTDIR)$(prefixlibdir)
+-	cp -r services $(DESTDIR)$(prefixlibdir)
+-	cp -r zones $(DESTDIR)$(prefixlibdir)
+-	cp -r helpers $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir)
+ 
+ uninstall-config:
+ 	rmdir $(DESTDIR)$(sconfdir)/icmptypes
+diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am
+index 8c93ab9c..d0313e3e 100644
+--- a/doc/xml/Makefile.am
++++ b/doc/xml/Makefile.am
+@@ -69,7 +69,8 @@ edit = sed \
+ 	-e 's|\@PREFIX\@|$(prefix)|' \
+ 	-e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \
+ 	-e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \
+-	-e 's|\@IFCFGDIR\@|$(IFCFGDIR)|'
++	-e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \
++	-e 's|@SRCDIR@|$(srcdir)|'
+ 
+ transform-man.xsl: transform-man.xsl.in
+ 	$(edit) $< >$@
+diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in
+index c2606553..24d77858 100644
+--- a/doc/xml/firewall-cmd.xml.in
++++ b/doc/xml/firewall-cmd.xml.in
+@@ -1,9 +1,9 @@
+ <?xml version="1.0" encoding="utf-8"?>
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [
+-<!ENTITY authors SYSTEM "authors.xml">
+-<!ENTITY seealso SYSTEM "seealso.xml">
+-<!ENTITY notes SYSTEM "notes.xml">
++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
+ <!ENTITY errorcodes SYSTEM "errorcodes.xml">
+ ]>
+ 
+diff --git a/doc/xml/firewalld.xml.in b/doc/xml/firewalld.xml.in
+index de802059..3d319b04 100644
+--- a/doc/xml/firewalld.xml.in
++++ b/doc/xml/firewalld.xml.in
+@@ -1,9 +1,9 @@
+ <?xml version="1.0" encoding="utf-8"?>
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [
+-<!ENTITY authors SYSTEM "authors.xml">
+-<!ENTITY seealso SYSTEM "seealso.xml">
+-<!ENTITY notes SYSTEM "notes.xml">
++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
+ ]>
+ 
+ <!--
+-- 
+2.20.1
+
diff --git a/meta-networking/recipes-connectivity/firewalld/files/firewalld.init b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
new file mode 100644
index 000000000..08e8930b9
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: firewalld
+# Required-Start: $syslog $local_fs messagebus
+# Required-Stop: 
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: 
+# Description: 
+### END INIT INFO
+
+. /etc/init.d/functions
+
+firewalld=/usr/sbin/firewalld
+pidfile=/var/run/firewalld.pid
+
+case "$1" in
+    start)
+        echo -n "Starting firewalld: "
+        start-stop-daemon --start --quiet --exec $firewalld
+        echo "."
+        ;;
+    stop)
+        echo -n "Stopping firewalld: "
+        start-stop-daemon --stop --quiet --pidfile $pidfile
+        echo "."
+        ;;
+    restart)
+        echo -n "Stopping firewalld: "
+        start-stop-daemon --stop --quiet --pidfile $pidfile
+        echo "."
+        echo -n "Starting firewalld: "
+        start-stop-daemon --start --quiet --exec $firewalld
+        echo "."
+        ;;
+    reload)
+        echo -n "Reloading firewalld: "
+        firewall-cmd --reload
+        echo "."
+        ;;
+    status)
+        firewall-cmd --state
+        ;;
+    *)
+        echo "Usage: /etc/init.d/firewalld {start|stop|restart|reload|status}" >&2
+        exit 1
+esac
diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
new file mode 100644
index 000000000..6526b1e91
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
@@ -0,0 +1,68 @@
+SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
+HOMEPAGE = "https://firewalld.org/"
+BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "https://github.com/firewalld/firewalld/archive/v${PV}.tar.gz \
+           file://firewalld.init \
+           file://0001-fix-building-in-a-separate-directory-outside-the-sou.patch \
+"
+SRC_URI[md5sum] = "5ef954d9b6b244ffeabcd226be1867a0"
+SRC_URI[sha256sum] = "039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb"
+
+# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
+# xmlto-native is needed to populate /etc/xml/catalog.xml in the sysroot so that xsltproc finds the docbook xslt
+DEPENDS = "intltool-native glib-2.0-native libxslt-native docbook-xsl-stylesheets-native xmlto-native"
+
+inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--disable-systemd"
+
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which we aren't using, so disable it
+EXTRA_OECONF = "--with-nft=${sbindir}/nft --disable-sysconfig"
+
+INITSCRIPT_NAME = "firewalld"
+
+do_install_append() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        :
+    else
+        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
+        rm -rf ${D}${sysconfdir}/rc.d/
+        install -d ${D}${sysconfdir}/init.d
+        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
+    fi
+
+    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
+    # so now we need to fix up any references to point at the proper path in the image.
+    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
+    if [ ${PN} != "${BPN}-native" ]; then
+        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
+            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+    fi
+    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
+        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+}
+
+FILES_${PN} += "\
+    ${PYTHON_SITEPACKAGES_DIR}/firewall \
+    ${datadir}/polkit-1 \
+    ${datadir}/metainfo \
+"
+
+RDEPENDS_${PN} = "\
+    nftables \
+    python3-core \
+    python3-io \
+    python3-fcntl \
+    python3-shell \
+    python3-syslog \
+    python3-xml \
+    python3-dbus \
+    python3-slip-dbus \
+    python3-decorator \
+    python3-pygobject \
+"
-- 
2.20.1

Re: [meta-networking][PATCH] firewalld: add new recipe

[Khem Raj]

On Mon, Feb 25, 2019 at 8:51 PM Dan Callaghan
<dan.callaghan@opengear.com> wrote:
>

Fails to build for mips
https://errors.yoctoproject.org/Errors/Details/230515/

> Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
> ---
>  ...a-separate-directory-outside-the-sou.patch | 77 +++++++++++++++++++
>  .../firewalld/files/firewalld.init            | 48 ++++++++++++
>  .../firewalld/firewalld_0.6.3.bb              | 68 ++++++++++++++++
>  3 files changed, 193 insertions(+)
>  create mode 100644 meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
>  create mode 100644 meta-networking/recipes-connectivity/firewalld/files/firewalld.init
>  create mode 100644 meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
>
> diff --git a/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
> new file mode 100644
> index 000000000..3f34ff2e4
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
> @@ -0,0 +1,77 @@
> +firewalld: fix building in a separate directory outside the source tree
> +
> +Upstream-Status: Submitted [https://github.com/firewalld/firewalld/pull/456]
> +Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
> +
> +diff --git a/config/Makefile.am b/config/Makefile.am
> +index 7048d2ee..5270d408 100644
> +--- a/config/Makefile.am
> ++++ b/config/Makefile.am
> +@@ -377,11 +377,11 @@ install-config:
> +       $(MKDIR_P) $(DESTDIR)$(sconfdir)/zones
> +       $(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers
> +       $(MKDIR_P) $(DESTDIR)$(prefixlibdir)
> +-      cp -r icmptypes $(DESTDIR)$(prefixlibdir)
> +-      cp -r ipsets $(DESTDIR)$(prefixlibdir)
> +-      cp -r services $(DESTDIR)$(prefixlibdir)
> +-      cp -r zones $(DESTDIR)$(prefixlibdir)
> +-      cp -r helpers $(DESTDIR)$(prefixlibdir)
> ++      cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir)
> ++      cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir)
> ++      cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir)
> ++      cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir)
> ++      cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir)
> +
> + uninstall-config:
> +       rmdir $(DESTDIR)$(sconfdir)/icmptypes
> +diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am
> +index 8c93ab9c..d0313e3e 100644
> +--- a/doc/xml/Makefile.am
> ++++ b/doc/xml/Makefile.am
> +@@ -69,7 +69,8 @@ edit = sed \
> +       -e 's|\@PREFIX\@|$(prefix)|' \
> +       -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \
> +       -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \
> +-      -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|'
> ++      -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \
> ++      -e 's|@SRCDIR@|$(srcdir)|'
> +
> + transform-man.xsl: transform-man.xsl.in
> +       $(edit) $< >$@
> +diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in
> +index c2606553..24d77858 100644
> +--- a/doc/xml/firewall-cmd.xml.in
> ++++ b/doc/xml/firewall-cmd.xml.in
> +@@ -1,9 +1,9 @@
> + <?xml version="1.0" encoding="utf-8"?>
> + <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
> + [
> +-<!ENTITY authors SYSTEM "authors.xml">
> +-<!ENTITY seealso SYSTEM "seealso.xml">
> +-<!ENTITY notes SYSTEM "notes.xml">
> ++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
> ++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
> ++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
> + <!ENTITY errorcodes SYSTEM "errorcodes.xml">
> + ]>
> +
> +diff --git a/doc/xml/firewalld.xml.in b/doc/xml/firewalld.xml.in
> +index de802059..3d319b04 100644
> +--- a/doc/xml/firewalld.xml.in
> ++++ b/doc/xml/firewalld.xml.in
> +@@ -1,9 +1,9 @@
> + <?xml version="1.0" encoding="utf-8"?>
> + <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
> + [
> +-<!ENTITY authors SYSTEM "authors.xml">
> +-<!ENTITY seealso SYSTEM "seealso.xml">
> +-<!ENTITY notes SYSTEM "notes.xml">
> ++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
> ++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
> ++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
> + ]>
> +
> + <!--
> +--
> +2.20.1
> +
> diff --git a/meta-networking/recipes-connectivity/firewalld/files/firewalld.init b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
> new file mode 100644
> index 000000000..08e8930b9
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
> @@ -0,0 +1,48 @@
> +#!/bin/sh
> +
> +### BEGIN INIT INFO
> +# Provides: firewalld
> +# Required-Start: $syslog $local_fs messagebus
> +# Required-Stop:
> +# Default-Start: 2 3 4 5
> +# Default-Stop: 0 1 6
> +# Short-Description:
> +# Description:
> +### END INIT INFO
> +
> +. /etc/init.d/functions
> +
> +firewalld=/usr/sbin/firewalld
> +pidfile=/var/run/firewalld.pid
> +
> +case "$1" in
> +    start)
> +        echo -n "Starting firewalld: "
> +        start-stop-daemon --start --quiet --exec $firewalld
> +        echo "."
> +        ;;
> +    stop)
> +        echo -n "Stopping firewalld: "
> +        start-stop-daemon --stop --quiet --pidfile $pidfile
> +        echo "."
> +        ;;
> +    restart)
> +        echo -n "Stopping firewalld: "
> +        start-stop-daemon --stop --quiet --pidfile $pidfile
> +        echo "."
> +        echo -n "Starting firewalld: "
> +        start-stop-daemon --start --quiet --exec $firewalld
> +        echo "."
> +        ;;
> +    reload)
> +        echo -n "Reloading firewalld: "
> +        firewall-cmd --reload
> +        echo "."
> +        ;;
> +    status)
> +        firewall-cmd --state
> +        ;;
> +    *)
> +        echo "Usage: /etc/init.d/firewalld {start|stop|restart|reload|status}" >&2
> +        exit 1
> +esac
> diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
> new file mode 100644
> index 000000000..6526b1e91
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
> @@ -0,0 +1,68 @@
> +SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
> +HOMEPAGE = "https://firewalld.org/"
> +BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
> +LICENSE = "GPLv2+"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
> +
> +SRC_URI = "https://github.com/firewalld/firewalld/archive/v${PV}.tar.gz \
> +           file://firewalld.init \
> +           file://0001-fix-building-in-a-separate-directory-outside-the-sou.patch \
> +"
> +SRC_URI[md5sum] = "5ef954d9b6b244ffeabcd226be1867a0"
> +SRC_URI[sha256sum] = "039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb"
> +
> +# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
> +# xmlto-native is needed to populate /etc/xml/catalog.xml in the sysroot so that xsltproc finds the docbook xslt
> +DEPENDS = "intltool-native glib-2.0-native libxslt-native docbook-xsl-stylesheets-native xmlto-native"
> +
> +inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d
> +
> +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
> +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--disable-systemd"
> +
> +# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
> +# the Red Hat-specific init script which we aren't using, so disable it
> +EXTRA_OECONF = "--with-nft=${sbindir}/nft --disable-sysconfig"
> +
> +INITSCRIPT_NAME = "firewalld"
> +
> +do_install_append() {
> +    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
> +        :
> +    else
> +        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
> +        rm -rf ${D}${sysconfdir}/rc.d/
> +        install -d ${D}${sysconfdir}/init.d
> +        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
> +    fi
> +
> +    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
> +    # so now we need to fix up any references to point at the proper path in the image.
> +    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
> +    if [ ${PN} != "${BPN}-native" ]; then
> +        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
> +            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
> +    fi
> +    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
> +        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
> +}
> +
> +FILES_${PN} += "\
> +    ${PYTHON_SITEPACKAGES_DIR}/firewall \
> +    ${datadir}/polkit-1 \
> +    ${datadir}/metainfo \
> +"
> +
> +RDEPENDS_${PN} = "\
> +    nftables \
> +    python3-core \
> +    python3-io \
> +    python3-fcntl \
> +    python3-shell \
> +    python3-syslog \
> +    python3-xml \
> +    python3-dbus \
> +    python3-slip-dbus \
> +    python3-decorator \
> +    python3-pygobject \
> +"
> --
> 2.20.1
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [meta-networking][PATCH] firewalld: add new recipe

[Dan Callaghan]

[-- Attachment #1: Type: text/plain, Size: 426 bytes --]

Excerpts from Khem Raj's message of 2019-02-26 17:36:17 -08:00:
> Fails to build for mips
> https://errors.yoctoproject.org/Errors/Details/230515/

Ah yes. I realised that firewalld needs to be explicitly told the path 
of all the helper programs it wants to use (or told not to use them). 
I will post a v2 patch.

-- 
Dan Callaghan <dan.callaghan@opengear.com>
Software Engineer
Opengear <https://opengear.com/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 849 bytes --]

[meta-networking][PATCH v2] firewalld: add new recipe

[Dan Callaghan]

Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
---
 ...a-separate-directory-outside-the-sou.patch | 77 +++++++++++++++++
 .../firewalld/files/firewalld.init            | 48 +++++++++++
 .../firewalld/firewalld_0.6.3.bb              | 83 +++++++++++++++++++
 3 files changed, 208 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
 create mode 100644 meta-networking/recipes-connectivity/firewalld/files/firewalld.init
 create mode 100644 meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb

diff --git a/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
new file mode 100644
index 000000000..3f34ff2e4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
@@ -0,0 +1,77 @@
+firewalld: fix building in a separate directory outside the source tree
+
+Upstream-Status: Submitted [https://github.com/firewalld/firewalld/pull/456]
+Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
+
+diff --git a/config/Makefile.am b/config/Makefile.am
+index 7048d2ee..5270d408 100644
+--- a/config/Makefile.am
++++ b/config/Makefile.am
+@@ -377,11 +377,11 @@ install-config:
+ 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/zones
+ 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers
+ 	$(MKDIR_P) $(DESTDIR)$(prefixlibdir)
+-	cp -r icmptypes $(DESTDIR)$(prefixlibdir)
+-	cp -r ipsets $(DESTDIR)$(prefixlibdir)
+-	cp -r services $(DESTDIR)$(prefixlibdir)
+-	cp -r zones $(DESTDIR)$(prefixlibdir)
+-	cp -r helpers $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir)
+ 
+ uninstall-config:
+ 	rmdir $(DESTDIR)$(sconfdir)/icmptypes
+diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am
+index 8c93ab9c..d0313e3e 100644
+--- a/doc/xml/Makefile.am
++++ b/doc/xml/Makefile.am
+@@ -69,7 +69,8 @@ edit = sed \
+ 	-e 's|\@PREFIX\@|$(prefix)|' \
+ 	-e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \
+ 	-e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \
+-	-e 's|\@IFCFGDIR\@|$(IFCFGDIR)|'
++	-e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \
++	-e 's|@SRCDIR@|$(srcdir)|'
+ 
+ transform-man.xsl: transform-man.xsl.in
+ 	$(edit) $< >$@
+diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in
+index c2606553..24d77858 100644
+--- a/doc/xml/firewall-cmd.xml.in
++++ b/doc/xml/firewall-cmd.xml.in
+@@ -1,9 +1,9 @@
+ <?xml version="1.0" encoding="utf-8"?>
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [
+-<!ENTITY authors SYSTEM "authors.xml">
+-<!ENTITY seealso SYSTEM "seealso.xml">
+-<!ENTITY notes SYSTEM "notes.xml">
++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
+ <!ENTITY errorcodes SYSTEM "errorcodes.xml">
+ ]>
+ 
+diff --git a/doc/xml/firewalld.xml.in b/doc/xml/firewalld.xml.in
+index de802059..3d319b04 100644
+--- a/doc/xml/firewalld.xml.in
++++ b/doc/xml/firewalld.xml.in
+@@ -1,9 +1,9 @@
+ <?xml version="1.0" encoding="utf-8"?>
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [
+-<!ENTITY authors SYSTEM "authors.xml">
+-<!ENTITY seealso SYSTEM "seealso.xml">
+-<!ENTITY notes SYSTEM "notes.xml">
++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
+ ]>
+ 
+ <!--
+-- 
+2.20.1
+
diff --git a/meta-networking/recipes-connectivity/firewalld/files/firewalld.init b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
new file mode 100644
index 000000000..08e8930b9
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: firewalld
+# Required-Start: $syslog $local_fs messagebus
+# Required-Stop: 
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: 
+# Description: 
+### END INIT INFO
+
+. /etc/init.d/functions
+
+firewalld=/usr/sbin/firewalld
+pidfile=/var/run/firewalld.pid
+
+case "$1" in
+    start)
+        echo -n "Starting firewalld: "
+        start-stop-daemon --start --quiet --exec $firewalld
+        echo "."
+        ;;
+    stop)
+        echo -n "Stopping firewalld: "
+        start-stop-daemon --stop --quiet --pidfile $pidfile
+        echo "."
+        ;;
+    restart)
+        echo -n "Stopping firewalld: "
+        start-stop-daemon --stop --quiet --pidfile $pidfile
+        echo "."
+        echo -n "Starting firewalld: "
+        start-stop-daemon --start --quiet --exec $firewalld
+        echo "."
+        ;;
+    reload)
+        echo -n "Reloading firewalld: "
+        firewall-cmd --reload
+        echo "."
+        ;;
+    status)
+        firewall-cmd --state
+        ;;
+    *)
+        echo "Usage: /etc/init.d/firewalld {start|stop|restart|reload|status}" >&2
+        exit 1
+esac
diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
new file mode 100644
index 000000000..b31543470
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
@@ -0,0 +1,83 @@
+SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
+HOMEPAGE = "https://firewalld.org/"
+BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "https://github.com/firewalld/firewalld/archive/v${PV}.tar.gz \
+           file://firewalld.init \
+           file://0001-fix-building-in-a-separate-directory-outside-the-sou.patch \
+"
+SRC_URI[md5sum] = "5ef954d9b6b244ffeabcd226be1867a0"
+SRC_URI[sha256sum] = "039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb"
+
+# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
+# xmlto-native is needed to populate /etc/xml/catalog.xml in the sysroot so that xsltproc finds the docbook xslt
+DEPENDS = "intltool-native glib-2.0-native libxslt-native docbook-xsl-stylesheets-native xmlto-native"
+
+inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--disable-systemd"
+
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of them.
+# However we still need iptables and ip6tables to be available otherwise any
+# application relying on "direct passthrough" rules (such as docker) will break.
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which we aren't using, so we disable that.
+EXTRA_OECONF = "\
+    --with-nft=${sbindir}/nft \
+    --without-ipset \
+    --with-iptables=${sbindir}/iptables \
+    --with-iptables-restore=${sbindir}/iptables-restore \
+    --with-ip6tables=${sbindir}/ip6tables \
+    --with-ip6tables-restore=${sbindir}/ip6tables-restore \
+    --without-ebtables \
+    --without-ebtables-restore \
+    --disable-sysconfig \
+"
+
+INITSCRIPT_NAME = "firewalld"
+
+do_install_append() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        :
+    else
+        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
+        rm -rf ${D}${sysconfdir}/rc.d/
+        install -d ${D}${sysconfdir}/init.d
+        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
+    fi
+
+    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
+    # so now we need to fix up any references to point at the proper path in the image.
+    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
+    if [ ${PN} != "${BPN}-native" ]; then
+        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
+            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+    fi
+    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
+        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+}
+
+FILES_${PN} += "\
+    ${PYTHON_SITEPACKAGES_DIR}/firewall \
+    ${datadir}/polkit-1 \
+    ${datadir}/metainfo \
+"
+
+RDEPENDS_${PN} = "\
+    nftables \
+    iptables \
+    python3-core \
+    python3-io \
+    python3-fcntl \
+    python3-shell \
+    python3-syslog \
+    python3-xml \
+    python3-dbus \
+    python3-slip-dbus \
+    python3-decorator \
+    python3-pygobject \
+"
-- 
2.20.1

Re: [meta-networking][PATCH] firewalld: add new recipe

[Khem Raj]

fails to configure

https://errors.yoctoproject.org/Errors/Details/230627/

On Wed, Feb 27, 2019 at 11:10 AM Dan Callaghan
<dan.callaghan@opengear.com> wrote:
>
> Excerpts from Khem Raj's message of 2019-02-26 17:36:17 -08:00:
> > Fails to build for mips
> > https://errors.yoctoproject.org/Errors/Details/230515/
>
> Ah yes. I realised that firewalld needs to be explicitly told the path
> of all the helper programs it wants to use (or told not to use them).
> I will post a v2 patch.
>
> --
> Dan Callaghan <dan.callaghan@opengear.com>
> Software Engineer
> Opengear <https://opengear.com/>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [meta-networking][PATCH] firewalld: add new recipe

[Dan Callaghan]

Excerpts from Khem Raj's message of 2019-02-28 09:41:39 -08:00:
> fails to configure
> 
> https://errors.yoctoproject.org/Errors/Details/230627/

Ah sorry, we don't use systemd in our distro so I hadn't properly tested 
that configuration. Will post a v3.

-- 
Dan Callaghan <dan.callaghan@opengear.com>
Software Engineer
Opengear <https://opengear.com/>

[meta-networking][PATCH v3] firewalld: add new recipe

[Dan Callaghan]

Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
---
 ...a-separate-directory-outside-the-sou.patch | 77 +++++++++++++++++
 .../firewalld/files/firewalld.init            | 48 +++++++++++
 .../firewalld/firewalld_0.6.3.bb              | 84 +++++++++++++++++++
 3 files changed, 209 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
 create mode 100644 meta-networking/recipes-connectivity/firewalld/files/firewalld.init
 create mode 100644 meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb

diff --git a/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
new file mode 100644
index 000000000..3f34ff2e4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
@@ -0,0 +1,77 @@
+firewalld: fix building in a separate directory outside the source tree
+
+Upstream-Status: Submitted [https://github.com/firewalld/firewalld/pull/456]
+Signed-off-by: Dan Callaghan <dan.callaghan@opengear.com>
+
+diff --git a/config/Makefile.am b/config/Makefile.am
+index 7048d2ee..5270d408 100644
+--- a/config/Makefile.am
++++ b/config/Makefile.am
+@@ -377,11 +377,11 @@ install-config:
+ 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/zones
+ 	$(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers
+ 	$(MKDIR_P) $(DESTDIR)$(prefixlibdir)
+-	cp -r icmptypes $(DESTDIR)$(prefixlibdir)
+-	cp -r ipsets $(DESTDIR)$(prefixlibdir)
+-	cp -r services $(DESTDIR)$(prefixlibdir)
+-	cp -r zones $(DESTDIR)$(prefixlibdir)
+-	cp -r helpers $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir)
++	cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir)
+ 
+ uninstall-config:
+ 	rmdir $(DESTDIR)$(sconfdir)/icmptypes
+diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am
+index 8c93ab9c..d0313e3e 100644
+--- a/doc/xml/Makefile.am
++++ b/doc/xml/Makefile.am
+@@ -69,7 +69,8 @@ edit = sed \
+ 	-e 's|\@PREFIX\@|$(prefix)|' \
+ 	-e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \
+ 	-e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \
+-	-e 's|\@IFCFGDIR\@|$(IFCFGDIR)|'
++	-e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \
++	-e 's|@SRCDIR@|$(srcdir)|'
+ 
+ transform-man.xsl: transform-man.xsl.in
+ 	$(edit) $< >$@
+diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in
+index c2606553..24d77858 100644
+--- a/doc/xml/firewall-cmd.xml.in
++++ b/doc/xml/firewall-cmd.xml.in
+@@ -1,9 +1,9 @@
+ <?xml version="1.0" encoding="utf-8"?>
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [
+-<!ENTITY authors SYSTEM "authors.xml">
+-<!ENTITY seealso SYSTEM "seealso.xml">
+-<!ENTITY notes SYSTEM "notes.xml">
++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
+ <!ENTITY errorcodes SYSTEM "errorcodes.xml">
+ ]>
+ 
+diff --git a/doc/xml/firewalld.xml.in b/doc/xml/firewalld.xml.in
+index de802059..3d319b04 100644
+--- a/doc/xml/firewalld.xml.in
++++ b/doc/xml/firewalld.xml.in
+@@ -1,9 +1,9 @@
+ <?xml version="1.0" encoding="utf-8"?>
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [
+-<!ENTITY authors SYSTEM "authors.xml">
+-<!ENTITY seealso SYSTEM "seealso.xml">
+-<!ENTITY notes SYSTEM "notes.xml">
++<!ENTITY authors SYSTEM "@SRCDIR@/authors.xml">
++<!ENTITY seealso SYSTEM "@SRCDIR@/seealso.xml">
++<!ENTITY notes SYSTEM "@SRCDIR@/notes.xml">
+ ]>
+ 
+ <!--
+-- 
+2.20.1
+
diff --git a/meta-networking/recipes-connectivity/firewalld/files/firewalld.init b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
new file mode 100644
index 000000000..08e8930b9
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/files/firewalld.init
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: firewalld
+# Required-Start: $syslog $local_fs messagebus
+# Required-Stop: 
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: 
+# Description: 
+### END INIT INFO
+
+. /etc/init.d/functions
+
+firewalld=/usr/sbin/firewalld
+pidfile=/var/run/firewalld.pid
+
+case "$1" in
+    start)
+        echo -n "Starting firewalld: "
+        start-stop-daemon --start --quiet --exec $firewalld
+        echo "."
+        ;;
+    stop)
+        echo -n "Stopping firewalld: "
+        start-stop-daemon --stop --quiet --pidfile $pidfile
+        echo "."
+        ;;
+    restart)
+        echo -n "Stopping firewalld: "
+        start-stop-daemon --stop --quiet --pidfile $pidfile
+        echo "."
+        echo -n "Starting firewalld: "
+        start-stop-daemon --start --quiet --exec $firewalld
+        echo "."
+        ;;
+    reload)
+        echo -n "Reloading firewalld: "
+        firewall-cmd --reload
+        echo "."
+        ;;
+    status)
+        firewall-cmd --state
+        ;;
+    *)
+        echo "Usage: /etc/init.d/firewalld {start|stop|restart|reload|status}" >&2
+        exit 1
+esac
diff --git a/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
new file mode 100644
index 000000000..e999fa7a5
--- /dev/null
+++ b/meta-networking/recipes-connectivity/firewalld/firewalld_0.6.3.bb
@@ -0,0 +1,84 @@
+SUMMARY = "Dynamic firewall daemon with a D-Bus interface"
+HOMEPAGE = "https://firewalld.org/"
+BUGTRACKER = "https://github.com/firewalld/firewalld/issues"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "https://github.com/firewalld/firewalld/archive/v${PV}.tar.gz \
+           file://firewalld.init \
+           file://0001-fix-building-in-a-separate-directory-outside-the-sou.patch \
+"
+SRC_URI[md5sum] = "5ef954d9b6b244ffeabcd226be1867a0"
+SRC_URI[sha256sum] = "039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb"
+
+# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
+# xmlto-native is needed to populate /etc/xml/catalog.xml in the sysroot so that xsltproc finds the docbook xslt
+DEPENDS = "intltool-native glib-2.0-native libxslt-native docbook-xsl-stylesheets-native xmlto-native"
+
+inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_unitdir}/system/,--disable-systemd"
+
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of them.
+# However we still need iptables and ip6tables to be available otherwise any
+# application relying on "direct passthrough" rules (such as docker) will break.
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which we aren't using, so we disable that.
+EXTRA_OECONF = "\
+    --with-nft=${sbindir}/nft \
+    --without-ipset \
+    --with-iptables=${sbindir}/iptables \
+    --with-iptables-restore=${sbindir}/iptables-restore \
+    --with-ip6tables=${sbindir}/ip6tables \
+    --with-ip6tables-restore=${sbindir}/ip6tables-restore \
+    --without-ebtables \
+    --without-ebtables-restore \
+    --disable-sysconfig \
+"
+
+INITSCRIPT_NAME = "firewalld"
+SYSTEMD_SERVICE = "firewalld.service"
+
+do_install_append() {
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        :
+    else
+        # firewalld ships an init script but it contains Red Hat-isms, replace it with our own
+        rm -rf ${D}${sysconfdir}/rc.d/
+        install -d ${D}${sysconfdir}/init.d
+        install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld
+    fi
+
+    # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE
+    # so now we need to fix up any references to point at the proper path in the image.
+    # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools.
+    if [ ${PN} != "${BPN}-native" ]; then
+        sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \
+            ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+    fi
+    sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \
+        ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml
+}
+
+FILES_${PN} += "\
+    ${PYTHON_SITEPACKAGES_DIR}/firewall \
+    ${datadir}/polkit-1 \
+    ${datadir}/metainfo \
+"
+
+RDEPENDS_${PN} = "\
+    nftables \
+    iptables \
+    python3-core \
+    python3-io \
+    python3-fcntl \
+    python3-shell \
+    python3-syslog \
+    python3-xml \
+    python3-dbus \
+    python3-slip-dbus \
+    python3-decorator \
+    python3-pygobject \
+"
-- 
2.20.1