[Buildroot] [PATCH v2 1/2] package/python-slip-dbus: new package

[Buildroot] [PATCH v2 1/2] package/python-slip-dbus: new package

[aduskett at gmail.com]

From: Adam Duskett <Aduskett@gmail.com>

This package provides a dbus.service.Object derivative that ends
itself after a certain time without being used and/or if there
are no clients anymore on the message bus.

The package also provides a set of convenience functions and decorators for
integrating a dbus service with PolicyKit.

Firewalld depends on this package.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
Changes v1 -> v2:
  - Combine dependency comment (Yann)
  - Add a more detailed commit message. (Yann)
  - Add an explination for the PYTHON_SLIP_DBUS_APPEND_VERSION hook. (Yann)

 DEVELOPERS                                    |  1 +
 package/Config.in                             |  1 +
 package/python-slip-dbus/Config.in            | 27 +++++++++++++++++++
 .../python-slip-dbus/python-slip-dbus.hash    |  3 +++
 package/python-slip-dbus/python-slip-dbus.mk  | 23 ++++++++++++++++
 5 files changed, 55 insertions(+)
 create mode 100644 package/python-slip-dbus/Config.in
 create mode 100644 package/python-slip-dbus/python-slip-dbus.hash
 create mode 100644 package/python-slip-dbus/python-slip-dbus.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 56178ba100..e0ab2f61bf 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -74,6 +74,7 @@ F:	package/python-nested-dict/
 F:	package/python-pbr/
 F:	package/python-pip/
 F:	package/python-psycopg2/
+F:	package/python-slip-dbus/
 F:	package/python-smmap2/
 F:	package/python-sqlalchemy/
 F:	package/python-sqlparse/
diff --git a/package/Config.in b/package/Config.in
index a9c6f6fcbc..918052bc38 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1149,6 +1149,7 @@ menu "External python modules"
 	source "package/python-singledispatch/Config.in"
 	source "package/python-sip/Config.in"
 	source "package/python-six/Config.in"
+	source "package/python-slip-dbus/Config.in"
 	source "package/python-slob/Config.in"
 	source "package/python-smbus-cffi/Config.in"
 	source "package/python-smmap2/Config.in"
diff --git a/package/python-slip-dbus/Config.in b/package/python-slip-dbus/Config.in
new file mode 100644
index 0000000000..3e1c8adc03
--- /dev/null
+++ b/package/python-slip-dbus/Config.in
@@ -0,0 +1,27 @@
+config BR2_PACKAGE_PYTHON_SLIP_DBUS
+	bool "python-slip-dbus"
+	depends on BR2_USE_MMU # libglib2, gobject-introspection
+	depends on BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS # gobject-introspection
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # gobject-introspection
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_TOOLCHAIN_USES_GLIBC # gobject-introspection
+	depends on BR2_PACKAGE_PYTHON3 # gobject-introspection
+	select BR2_PACKAGE_DBUS # runtime
+	select BR2_PACKAGE_DBUS_PYTHON # runtime
+	select BR2_PACKAGE_PYTHON_DECORATOR  # runtime
+	select BR2_PACKAGE_PYTHON_GOBJECT  # runtime
+	select BR2_PACKAGE_PYTHON_SIX # runtime
+	help
+	  A dbus.service.Object derivative that ends
+	  itself after a certain time without being used and/or if there
+	  are no clients anymore on the message bus, as well as
+	  convenience functions and decorators for integrating a dbus
+	  service with PolicyKit.
+
+	  https://github.com/nphilipp/python-slip
+
+comment "python-slip-dbus needs python3, and a glibc toolchain w/ gcc >= 4.9, threads"
+	depends on BR2_USE_MMU
+	depends on BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS
+	depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || !BR2_TOOLCHAIN_USES_GLIBC \
+		|| !BR2_TOOLCHAIN_HAS_THREADS || !BR2_PACKAGE_PYTHON3
diff --git a/package/python-slip-dbus/python-slip-dbus.hash b/package/python-slip-dbus/python-slip-dbus.hash
new file mode 100644
index 0000000000..8a88533169
--- /dev/null
+++ b/package/python-slip-dbus/python-slip-dbus.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  7a52ebe49945cd27d06a1172042a55eb5c79cfda49b742153fa076d1d9bd99a1  python-slip-0.6.5.tar.gz
+sha256  1ca3e8f71b7de618968e7ea9fe47822d9e704dc476aef8544033abedec355225  COPYING
diff --git a/package/python-slip-dbus/python-slip-dbus.mk b/package/python-slip-dbus/python-slip-dbus.mk
new file mode 100644
index 0000000000..5c2f416f5d
--- /dev/null
+++ b/package/python-slip-dbus/python-slip-dbus.mk
@@ -0,0 +1,23 @@
+################################################################################
+#
+# python-slip-dbus
+#
+################################################################################
+
+PYTHON_SLIP_DBUS_VERSION = 0.6.5
+PYTHON_SLIP_DBUS_SOURCE = python-slip-$(PYTHON_SLIP_DBUS_VERSION).tar.gz
+PYTHON_SLIP_DBUS_SITE = https://github.com/nphilipp/python-slip/archive
+PYTHON_SLIP_DBUS_LICENSE = GPL-2.0+
+PYTHON_SLIP_DBUS_LICENSE_FILES = COPYING
+PYTHON_SLIP_DBUS_SETUP_TYPE = distutils
+PYTHON_SLIP_DBUS_DEPENDENCIES = python-gobject
+
+# Python-slip-dbus only packages a setup.py.in file with a @VERSION@ variable,
+# so we must create the file ourselves and sed the appropriate version number.
+define PYTHON_SLIP_DBUS_APPEND_VERSION
+	cd $(@D) && \
+		sed -e 's/@VERSION@/$(PYTHON_SLIP_DBUS_VERSION)/g' setup.py.in > setup.py
+endef
+PYTHON_SLIP_DBUS_PRE_CONFIGURE_HOOKS += PYTHON_SLIP_DBUS_APPEND_VERSION
+
+$(eval $(python-package))
-- 
2.25.3

[Buildroot] [PATCH v2 2/2] Firewalld provides a dynamically managed firewall with support for network or firewall zones to define the trust level of network connections or interfaces.

[aduskett at gmail.com]

From: Adam Duskett <Aduskett@gmail.com>

Items of note:

 - Iptables is set as a requirement because many applications such as Docker
   require direct-passthrough rules which firewalld does not support.

 - Setting FIREWALLD_AUTORECONF=YES results in the following error:
   "error: cannot find input file: `po/Makefile.in.in'" As such, a manual call
   to autogen.sh is necessary with PATH=$(BR_PATH) set to ensure the script
   uses the host intltoolize binary.

 - Setting PYTHON="/usr/bin/env python$(PYTHON3_VERSION_MAJOR)" prevents
   Firewalld from setting the shebang in the installed python files to the full
   path to the python interpreter used when building.

 - The bundled provided SYSV init file has several bashisms and requires
   /etc/init.d/functions which buildroot doesn't provide. So instead, we
   provide a more simple init.d file in the package directory, which does not
   require bash.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
Changes v1 -> v2:
  - Select DBUS (Yann)
  - Add some extra comments in the Makefile (Yann)
  - Add a more detailed commit message. (Yann)
  - Move dependency lines (Yann)
  - Combine dependency message (Yann)
  - Cleanup init file (Yann)
  - Install the systemd file.
  - Bump version from 0.8.1 to 0.8.2.
  - Drop upstream patch.

 DEVELOPERS                       |  1 +
 package/Config.in                |  1 +
 package/firewalld/Config.in      | 39 +++++++++++++++
 package/firewalld/S41firewalld   | 40 +++++++++++++++
 package/firewalld/firewalld.hash |  3 ++
 package/firewalld/firewalld.mk   | 85 ++++++++++++++++++++++++++++++++
 6 files changed, 169 insertions(+)
 create mode 100644 package/firewalld/Config.in
 create mode 100644 package/firewalld/S41firewalld
 create mode 100644 package/firewalld/firewalld.hash
 create mode 100644 package/firewalld/firewalld.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index e0ab2f61bf..58d9a6200d 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -31,6 +31,7 @@ F:	package/audit/
 F:	package/busybox/
 F:	package/checkpolicy/
 F:	package/cppdb/
+F:	package/firewalld/
 F:	package/gobject-introspection/
 F:	package/gstreamer1/gstreamer1/
 F:	package/gstreamer1/gstreamer1-mm/
diff --git a/package/Config.in b/package/Config.in
index 918052bc38..07b4b5d863 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2029,6 +2029,7 @@ menu "Networking applications"
 	source "package/fail2ban/Config.in"
 	source "package/fastd/Config.in"
 	source "package/fcgiwrap/Config.in"
+	source "package/firewalld/Config.in"
 	source "package/flannel/Config.in"
 	source "package/fmc/Config.in"
 	source "package/fping/Config.in"
diff --git a/package/firewalld/Config.in b/package/firewalld/Config.in
new file mode 100644
index 0000000000..517bca7822
--- /dev/null
+++ b/package/firewalld/Config.in
@@ -0,0 +1,39 @@
+config BR2_PACKAGE_FIREWALLD
+	bool "firewalld"
+	depends on BR2_USE_MMU # ebtables, gobject-introspection
+	depends on BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS # gobject-introspection
+	depends on BR2_USE_WCHAR # dbus-python, gettext
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 # nftables
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # gobject-introspection
+	depends on BR2_TOOLCHAIN_HAS_THREADS # dbus-python
+	depends on BR2_TOOLCHAIN_USES_GLIBC # gobject-introspection
+	depends on BR2_PACKAGE_PYTHON3 # gobject-introspection
+	select BR2_PACKAGE_DBUS # dbus-python
+	select BR2_PACKAGE_DBUS_PYTHON
+	select BR2_PACKAGE_EBTABLES
+	select BR2_PACKAGE_GETTEXT
+	select BR2_PACKAGE_GOBJECT_INTROSPECTION
+	select BR2_PACKAGE_IPSET
+	select BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_JANSSON # Runtime
+	select BR2_PACKAGE_NFTABLES
+	select BR2_PACKAGE_PYTHON_DECORATOR
+	select BR2_PACKAGE_PYTHON_GOBJECT
+	select BR2_PACKAGE_PYTHON_SIX
+	select BR2_PACKAGE_PYTHON_SLIP_DBUS
+	help
+	  Firewalld provides a dynamically managed firewall with
+	  support for network or firewall zones to define the trust
+	  level of network connections or interfaces. It has support
+	  for IPv4, IPv6 firewall settings and for ethernet bridges and
+	  a separation of runtime and permanent configuration options.
+	  It also provides an interface for services or applications to
+	  add ip*tables and ebtables rules directly.
+
+	  https://github.com/firewalld/firewalld
+
+comment "firewalld needs python3, and a glibc toolchain w/ gcc >= 4.9, threads"
+	depends on BR2_USE_MMU
+	depends on BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS
+	depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || !BR2_TOOLCHAIN_USES_GLIBC \
+		|| !BR2_TOOLCHAIN_HAS_THREADS || !BR2_PACKAGE_PYTHON3
diff --git a/package/firewalld/S41firewalld b/package/firewalld/S41firewalld
new file mode 100644
index 0000000000..270435f1f8
--- /dev/null
+++ b/package/firewalld/S41firewalld
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+firewalld=/usr/sbin/firewalld
+pidfile=/var/run/firewalld.pid
+
+start() {
+  printf "Starting firewalld: "
+  start-stop-daemon -S -q --exec ${firewalld}
+  [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+stop() {
+  printf "Stopping firewalld: "
+  start-stop-daemon --stop --quiet --pidfile ${pidfile}
+  [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+reload(){
+  printf "Reloading firewalld: "
+  firewall-cmd --reload
+  [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+restart() {
+  stop
+  start
+}
+
+status(){
+  firewall-cmd --state
+}
+
+case "${1}" in
+    start|stop|restart|reload|status)
+      ${1}
+      ;;
+    *)
+      echo "Usage: $0 {start|stop|restart|reload|status}"
+      exit 1
+esac
diff --git a/package/firewalld/firewalld.hash b/package/firewalld/firewalld.hash
new file mode 100644
index 0000000000..93cf67ccea
--- /dev/null
+++ b/package/firewalld/firewalld.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  769c57d5c49218821ad30639a3f802831f9618899e403a811802c56e30f93c79  firewalld-v0.8.2.tar.gz
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/firewalld/firewalld.mk b/package/firewalld/firewalld.mk
new file mode 100644
index 0000000000..aedc250be1
--- /dev/null
+++ b/package/firewalld/firewalld.mk
@@ -0,0 +1,84 @@
+################################################################################
+#
+# firewalld
+#
+################################################################################
+
+FIREWALLD_VERSION = v0.8.2
+FIREWALLD_SITE = $(call github,firewalld,firewalld,$(FIREWALLD_VERSION))
+FIREWALLD_LICENSE = GPL-2.0
+FIREWALLD_LICENSE_FILES = COPYING
+
+FIREWALLD_DEPENDENCIES = \
+	host-intltool \
+	host-libglib2 \
+	host-libxml2 \
+	host-libxslt \
+	dbus-python \
+	ebtables \
+	gettext \
+	gobject-introspection \
+	ipset \
+	iptables \
+	jansson \
+	nftables \
+	python3 \
+	python-decorator \
+	python-gobject \
+	python-six \
+	python-slip-dbus
+
+# configure is missing but firewalld is not compatible with our autoreconf
+# mechanism so we have to do it manually instead of using
+# FIREWALLD_AUTORECONF = YES
+define FIREWALLD_RUN_AUTOGEN
+	cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
+endef
+FIREWALLD_PRE_CONFIGURE_HOOKS += FIREWALLD_RUN_AUTOGEN
+
+# Firewalld hard codes the python shebangs to the full path of the
+# python-interpreter. IE: #!/home/buildroot/output/host/bin/python.
+# Force the proper python path.
+FIREWALLD_CONF_ENV += PYTHON="/usr/bin/env python$(PYTHON3_VERSION_MAJOR)"
+
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of
+# them. However we still need to build and install iptables and ip6tables
+# because application relying on direct passthrough rules (IE docker) will
+# break.
+# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by
+# the Red Hat-specific init script which isn't used, so we set
+# --disable-sysconfig.
+FIREWALLD_CONF_OPTS += \
+	--disable-rpmmacros \
+	--disable-sysconfig \
+	--with-ip6tables-restore=/usr/sbin/ip6tables-restore \
+	--with-ip6tables=/usr/sbin/ip6tables \
+	--with-iptables-restore=/usr/sbin/iptables-restore \
+	--with-iptables=/usr/sbin/iptables \
+	--with-nft=/usr/sbin/nft \
+	--without-ebtables \
+	--without-ebtables-restore \
+	--without-ipset \
+	--without-xml-catalog
+
+ifeq ($(BR2_PACKAGE_SYSTEMD),y)
+FIREWALLD_DEPENDENCIES += systemd
+FIREWALLD_CONF_OPTS += --with-systemd-unitdir=/usr/lib/systemd/system
+else
+FIREWALLD_CONF_OPTS += --disable-systemd
+endif
+
+define FIREWALLD_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 0644 $(@D)/config/firewalld.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/firewalld.service
+endef
+
+# The bundled sysvinit file requires /etc/init.d/functions which is not
+# provided by buildroot. As such, we provide our own firewalld init file.
+define FIREWALLD_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 0755 $(FIREWALLD_PKGDIR)/S41firewalld \
+		$(TARGET_DIR)/etc/init.d/S41firewalld
+endef
+
+$(eval $(autotools-package))
-- 
2.25.3