* Packaging ufw
@ 2018-11-10 16:01 swedebugia
2018-11-10 18:19 ` swedebugia
0 siblings, 1 reply; 7+ messages in thread
From: swedebugia @ 2018-11-10 16:01 UTC (permalink / raw)
To: guix-devel
Hi
I like this firewall, has anybody started packaging it?
If not I'm going to try.
--
Cheers
Swedebugia
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Packaging ufw
2018-11-10 16:01 Packaging ufw swedebugia
@ 2018-11-10 18:19 ` swedebugia
2018-11-10 18:24 ` Brett Gilio
2018-11-10 18:30 ` Pierre Neidhardt
0 siblings, 2 replies; 7+ messages in thread
From: swedebugia @ 2018-11-10 18:19 UTC (permalink / raw)
To: guix-devel
On 2018-11-10 17:01, swedebugia wrote:
> Hi
>
> I like this firewall, has anybody started packaging it?
>
> If not I'm going to try.
>
Where should it be? In networking.scm or python.scm?
We have no other firewall packages judging from my emacs-guix regex search.
--
Cheers
Swedebugia
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Packaging ufw
2018-11-10 18:19 ` swedebugia
@ 2018-11-10 18:24 ` Brett Gilio
2018-11-10 20:42 ` swedebugia
2018-11-10 18:30 ` Pierre Neidhardt
1 sibling, 1 reply; 7+ messages in thread
From: Brett Gilio @ 2018-11-10 18:24 UTC (permalink / raw)
To: swedebugia; +Cc: guix-devel
swedebugia writes:
> On 2018-11-10 17:01, swedebugia wrote:
>> Hi
>>
>> I like this firewall, has anybody started packaging it?
>>
>> If not I'm going to try.
>>
> Where should it be? In networking.scm or python.scm?
>
> We have no other firewall packages judging from my emacs-guix regex search.
Since it is not a python library, I think it would make more sense for
it to be located in the networking module.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Packaging ufw
2018-11-10 18:24 ` Brett Gilio
@ 2018-11-10 20:42 ` swedebugia
2018-11-10 21:25 ` Danny Milosavljevic
0 siblings, 1 reply; 7+ messages in thread
From: swedebugia @ 2018-11-10 20:42 UTC (permalink / raw)
To: Brett Gilio; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1371 bytes --]
Hi
On 2018-11-10 19:24, Brett Gilio wrote:
> swedebugia writes:
>
>> On 2018-11-10 17:01, swedebugia wrote:
>>> Hi
>>>
>>> I like this firewall, has anybody started packaging it?
>>>
>>> If not I'm going to try.
>>>
>> Where should it be? In networking.scm or python.scm?
>>
>> We have no other firewall packages judging from my emacs-guix regex search.
> Since it is not a python library, I think it would make more sense for
> it to be located in the networking module.
Ok.
I need help.
It fails with
starting phase `install'
running "python setup.py" with command "install" and parameters
("--prefix=/gnu/store/v8kzgqs1jdfg7wzqr9c02719ada6x8bm-ufw-0.35"
"--single-version-externally-managed" "--root=/" "--root=/")
Found
'/gnu/store/8assqq8vmmvn09cysg5nm3kf2075hvxd-iptables-1.6.2/sbin/iptables'
version '1.6.2\n''
usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: -c --help [cmd1 cmd2 ...]
or: -c --help-commands
or: -c cmd --help
error: option --single-version-externally-managed not recognized
This option comes from the python-build-system.
Replacing the install phase seems necessary. But I don't know how to do
that and did not find good examples in python.scm.
Logs and patch attached...
(also the tests fail see comment in the patch)
--
Cheers
Swedebugia
[-- Attachment #2: 46z1sp5bnh0j8dli9g2ppinkss6km9-ufw-0.35.drv.bz2 --]
[-- Type: application/x-bzip, Size: 5338 bytes --]
[-- Attachment #3: 0001-gnu-Add-ufw.patch --]
[-- Type: text/x-patch, Size: 2592 bytes --]
From fda52be7de905c3f73f301ac1b218fdd026deece Mon Sep 17 00:00:00 2001
From: swedebugia <swedebugia@riseup.net>
Date: Sat, 10 Nov 2018 21:39:04 +0100
Subject: [PATCH] gnu: Add ufw
* gnu/packages/networking.scm: New variable.
---
gnu/packages/networking.scm | 43 +++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 5504742fa..b630676db 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2262,3 +2262,46 @@ allow all other machines, without direct access to that network, to be relayed
through the machine the Dante server is running on. The external network will
never see any machines other than the one Dante is running on.")
(license (license:non-copyleft "file://LICENSE"))))
+
+(define-public ufw
+ ;; Select the branch named "release/0.35":
+ (let* ((commit "fd93d37a782d4f736201df508fb86e72641874d8"))
+ (package
+ (name "ufw")
+ (version "0.35")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.launchpad.net/ufw")
+ (commit commit)))
+ (sha256
+ (base32
+ "10r2ga1w5vmg8m4z5yim01cd0g8cs6ws2h65vaj6ilg8yp8d90f9"))
+ (file-name (git-file-name name version))))
+ (build-system python-build-system)
+ (inputs `(("iptables" ,iptables)))
+ (arguments
+ ;; FIXME: All tests fail with: ModuleNotFoundError: No module named
+ ;; 'ufw'
+ '(#:tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'build 'fix-iptables-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "setup.py"
+ (("iptables_exe = ''")
+ (string-append "iptables_exe = '"
+ (assoc-ref inputs "iptables")
+ "/sbin/iptables'")))
+ (substitute* "setup.py"
+ (("iptables_dir = ''")
+ (string-append "iptables_dir = '"
+ (assoc-ref inputs "iptables")
+ "/sbin/'"))))))))
+ (home-page "https://launchpad.net/ufw")
+ (synopsis "Uncomplicated firewall")
+ (description "Uncomplicated Firewall (UFW) is a program for managing a
+netfilter firewall designed to be easy to use. It uses a command-line
+interface consisting of a small number of simple commands, and uses iptables
+for configuration.")
+ (license license:gpl3))))
--
2.18.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: Packaging ufw
2018-11-10 20:42 ` swedebugia
@ 2018-11-10 21:25 ` Danny Milosavljevic
0 siblings, 0 replies; 7+ messages in thread
From: Danny Milosavljevic @ 2018-11-10 21:25 UTC (permalink / raw)
To: swedebugia; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 2269 bytes --]
Hi,
On Sat, 10 Nov 2018 21:42:38 +0100
swedebugia <swedebugia@riseup.net> wrote:
> I need help.
>
> It fails with
>
> starting phase `install'
> running "python setup.py" with command "install" and parameters
> ("--prefix=/gnu/store/v8kzgqs1jdfg7wzqr9c02719ada6x8bm-ufw-0.35"
> "--single-version-externally-managed" "--root=/" "--root=/")
> Found
> '/gnu/store/8assqq8vmmvn09cysg5nm3kf2075hvxd-iptables-1.6.2/sbin/iptables'
> version '1.6.2\n''
> usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
> or: -c --help [cmd1 cmd2 ...]
> or: -c --help-commands
> or: -c cmd --help
>
> error: option --single-version-externally-managed not recognized
>
> This option comes from the python-build-system.
Yes, and it elaborates (in guix/guix/build/python-build-system.scm):
>;; Pip behaves a bit different then easy_install: it always executes
>;; "setup.py" with the option "--single-version-externally-managed" set. This
>;; makes setuptools' "install" command run the original "install" command
>;; instead of the "easy_install" command, so no .pth file (and no site.py)
>;; will be created. The "site-packages" directory only contains the package
>;; and the related .egg-info directory.
>;;
>;; This is exactly what we need for Guix and this is what we mimic in the
>;; install phase below.
>(define* (install #:key outputs (configure-flags '()) use-setuptools?
> #:allow-other-keys)
> "Install a given Python package."
> (let* ((out (assoc-ref outputs "out"))
> (params (append (list (string-append "--prefix=" out))
> (if use-setuptools?
^---- Aha!
> ;; distutils does not accept these flags
>
> (list "--single-version-externally-managed"
> "--root=/")
> '())
> configure-flags)))
> (call-setuppy "install" params use-setuptools?)
> #t))
Try specifying
(arguments
`(#:use-setuptools? #f))
in the package.
But if ufw doesn't use "--single-version-externally-managed", that implies
that ufw is not available on PyPI. Weird.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Packaging ufw
2018-11-10 18:19 ` swedebugia
2018-11-10 18:24 ` Brett Gilio
@ 2018-11-10 18:30 ` Pierre Neidhardt
1 sibling, 0 replies; 7+ messages in thread
From: Pierre Neidhardt @ 2018-11-10 18:30 UTC (permalink / raw)
To: swedebugia; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 113 bytes --]
Well, we have iptables, but ufw would probably not fit there :p
--
Pierre Neidhardt
https://ambrevar.xyz/
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Packaging ufw
@ 2018-11-11 1:30 Jeremiah
0 siblings, 0 replies; 7+ messages in thread
From: Jeremiah @ 2018-11-11 1:30 UTC (permalink / raw)
To: guix-devel
> I like this firewall, has anybody started packaging it?
No, possibly because it doesn't add much when one has iptables and a
guix configuration script for it.
> We have no other firewall packages judging from my emacs-guix regex
> search.
We have iptables and ebtables
and I suggest you consider the following iptables/ip6tables rules:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
You could easily lock it down further but one piece of software needed
on servers missing on guix is port knocking software.
-Jeremiah
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-11-11 1:30 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-10 16:01 Packaging ufw swedebugia
2018-11-10 18:19 ` swedebugia
2018-11-10 18:24 ` Brett Gilio
2018-11-10 20:42 ` swedebugia
2018-11-10 21:25 ` Danny Milosavljevic
2018-11-10 18:30 ` Pierre Neidhardt
-- strict thread matches above, loose matches on Subject: below --
2018-11-11 1:30 Jeremiah
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).