From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 9 Oct 2017 18:53:29 +0100
Subject: reinit the tree, so we can have metadata

---
 net-firewall/nufw/Manifest                         |  12 +++
 net-firewall/nufw/files/nuauth-conf.d              |   2 +
 net-firewall/nufw/files/nuauth-init.d              |  27 ++++++
 .../nufw/files/nufw-2.2.22-gnutls-3.4.patch        | 103 ++++++++++++++++++++
 net-firewall/nufw/files/nufw-2.2.22-var-run.patch  |  45 +++++++++
 net-firewall/nufw/files/nufw-conf.d                |   2 +
 net-firewall/nufw/files/nufw-init.d                |  17 ++++
 net-firewall/nufw/metadata.xml                     |  14 +++
 net-firewall/nufw/nufw-2.2.22-r1.ebuild            | 102 ++++++++++++++++++++
 net-firewall/nufw/nufw-2.2.22-r2.ebuild            | 105 +++++++++++++++++++++
 10 files changed, 429 insertions(+)
 create mode 100644 net-firewall/nufw/Manifest
 create mode 100644 net-firewall/nufw/files/nuauth-conf.d
 create mode 100644 net-firewall/nufw/files/nuauth-init.d
 create mode 100644 net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
 create mode 100644 net-firewall/nufw/files/nufw-2.2.22-var-run.patch
 create mode 100644 net-firewall/nufw/files/nufw-conf.d
 create mode 100644 net-firewall/nufw/files/nufw-init.d
 create mode 100644 net-firewall/nufw/metadata.xml
 create mode 100644 net-firewall/nufw/nufw-2.2.22-r1.ebuild
 create mode 100644 net-firewall/nufw/nufw-2.2.22-r2.ebuild

(limited to 'net-firewall/nufw')

diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest
new file mode 100644
index 000000000000..58d6afec99c9
--- /dev/null
+++ b/net-firewall/nufw/Manifest
@@ -0,0 +1,12 @@
+AUX nuauth-conf.d 62 SHA256 0ab7686ef414e37fb1cae532134ffda6958f0a492fcdc4e28245f70b7366ec2c SHA512 2304d60917eab68c8268205d006dddbacfc68c876ee6a36d90f5f21eceb6f5ba6b9bc82a3173b55dde825df44dee766e300848936f0629e650730f16112f2558 WHIRLPOOL 6f43825a5dc5c6a6720b04f5cebc8aca11487a9f4bc4db05a37c78985731e1c67cf87f48448164c5a5bd330c8b6f39b781d61e6a84e15ba6369aea55e26eb6ef
+AUX nuauth-init.d 545 SHA256 19e59c030ea314a46d3651622e08b2f23c24326990a5aeb90997df104827cc78 SHA512 f46646466cd33f09c27d4621d249b21b50362c802db059ffe57b80c4f97a3c50aa5d6a89fc2866caf57f2d9a4d4a6726ccf37be84185488f2e165aded29350a8 WHIRLPOOL 63fdd1c60277d5598797a3a533c347a6e53a4e777e3cda07531ace6d16dc43859aa1bf03ac7b22e1caab7a73d9af0c7e1e7a11242de53d1ccc21d1ab25fceb7c
+AUX nufw-2.2.22-gnutls-3.4.patch 3240 SHA256 faa93c5058d8b34dac575e8f0cd6ebf37a5c3cda793cab6087df935f43356bb6 SHA512 b0d426c2e42f49565c5520c63ea5501103ca131d339a356f0dee3eac065bd069b6e5366dee617f26e5d88ed38d60e91bdcb661da080ba5a70b5a4e8aadfe402b WHIRLPOOL 26d15f70cec65cb04edb6e8ecd1846017dee52a9ab6b20218c09c0a2b77a98722b5dd3a8eb51c4d1e41eafdc524c281b70dbb7d5946d3aac76ea247f8c1ee73c
+AUX nufw-2.2.22-var-run.patch 1438 SHA256 e68591a7b780ff514d7f5a66c8ee12e299d58fd96777491488960d75d61cb5f1 SHA512 f299a373e67f910fd816037fb916d1c116a98b6a8d1487e0e9e4c35713839d7f6f7189b31390a9616bb0cf77bcc2abb9077d9dc60c8b83571aa07291981c3383 WHIRLPOOL 131550c94e02c2650e01fd9f89437c968b6cd9a67f2f1d1bc09ccf202f71942d8475043f49b286fddeb71e63ec453924bb0acf157cef83634d1ac7acb9aaea9b
+AUX nufw-conf.d 122 SHA256 65df231f179c64d007efc1bb3dc09b6220af8c2793eb7fc11dc29e2631e687e8 SHA512 df48fc1843bf07e7ccfacd647caafc43752fdfa76da09a89d9ec0d76b79746c60c70f68c004c7e37899f195ae63adefc7d1c1b2c7b41da27911eb4cdc54212fb WHIRLPOOL a710ca94b0d942f8976b6a6fd5bf9fa971466581c439729357254b590dcd8b20dd4b62a5d59afacccf5e3fd4be9d044f34ff604e16998ef8cb32cdfd865e0bb9
+AUX nufw-init.d 273 SHA256 ce62222003235455cb9b4ba33d1fac953dd2a07eea5e78f382ea06bf4e03edcf SHA512 7f8b16532ae74b6aae8a9c7ef4a7509b66253f03a47c8ee521163a35db525e8c25b091289e10337307906a27e0aba558bd2a28dc0b91cbc09ce17ba78002d0e1 WHIRLPOOL 43549b3dbd47e61424bd4f4061963594d0c51e959d41b73b21d0a07bf9c69b21a77353fa0b896b7bae3d9b35fa9701fc451a06c3f89488276c7fb81e6f4617c3
+DIST nufw-2.2.22.tar.bz2 597491 SHA256 92603813b4138bfd52b5873c68d7c6e43f78885a414067e57bd2c1e8eba66b8c SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee WHIRLPOOL 5e493d2aa2c661dd9766670bb805f98849c82f1962d39ff3692481f7049740cc73455e6aa45b7ca20632b2e254be8bb953f9aebdeb7a46c525578fc7a9d007ba
+EBUILD nufw-2.2.22-r1.ebuild 2631 SHA256 cb904b423f3067f05a23c70546e61d46625e925d481f9c733fc88b851fc390cd SHA512 45e1cbc6deb24861633753cc268090bb4e21f6cd85aed8f1abae2f6aec1d7523dd1ce92043d60cb4229894577b9f0d34fad4ecbf2b5e7dffd7461a3f0b700bb0 WHIRLPOOL 9d3c1a40984ea8c2c10ad4531136070f6aecd0eff675d8eddbbe62616996b6e2f9c7650682179a89d2637e33c6b5902698d393320b60d1ba177397ce4cec7645
+EBUILD nufw-2.2.22-r2.ebuild 2642 SHA256 a3313d764b08261ab253a5c58546f7840de6bbc889cdf62c80ac900a36bb810b SHA512 8afdeab8d1794994a3f398ea4a741369752c52346cd1693978fc48f98b3798b180bea2fa66a7f94614e23067171742e3a3f10e4cb4edef3fa742825b867560fd WHIRLPOOL 14baded768af8ee708c20e15e0cfe846cb17d7eb65572bf27015854a00ef938b69e04f5cc4be932531f3b9891880af36e0f25cbbbca3d8b41086775d590298c0
+MISC ChangeLog 3133 SHA256 8c3e7753db2103309a989787111a8910d212c223c74aead0bb20957c0a1ddf71 SHA512 7fbb5a01a741fa8acdecf3adfb80f7981bd60dbf3068c47a7bdae04479526d7120916e77bdfeaffa6357a0e8016ab4f6dd846febb715370f461d342ec5f8151a WHIRLPOOL ce1f2919df66d4a757dd51cffe7a7297c2dd61730f7911fec81f1dbe0edc8a7ee53b164c5c597b556d321445b5039bda99348a814a9597efc29c02117c44d058
+MISC ChangeLog-2015 6478 SHA256 f79a1f8ac82776b02cca81f1912425cacb20a80add32c2f9a26445d444127907 SHA512 d518079ed50b77206bb4edfd9b029393309bd1ec6d8960ea9314ffa2cbb26a788c5931bcbab1b5e9fd22f7faec27471eb3d77967f053f19d76d8489aefe63389 WHIRLPOOL eb11a571f01b1f20c1510f5fada9b6a889c17125b50036628c721ddf96208e516f6c9ab316c843e1bf83efe9abc67d00319b9a83a5b391f346309b334aa2be87
+MISC metadata.xml 547 SHA256 5fa6d204f97c6a78e4444a3ec9d7bf82b357700316d8d8cf0c7e1f2e19da44a6 SHA512 29dea30db4101530fc810fd162a93aa7f87898f57a955f528a9259918a4a9c1d16dc1b7a790817846482b410a11e98f32987d409165a322fdfc8352bfd5383d5 WHIRLPOOL b983b968463071c98e7b009af91cfd1badddc46d230c736407aacfc2e938c0ec90079d8e0854b4eaeb833b8a9cdd92eb16b848298f01233fa9115862daec01e0
diff --git a/net-firewall/nufw/files/nuauth-conf.d b/net-firewall/nufw/files/nuauth-conf.d
new file mode 100644
index 000000000000..1ac750cf49fd
--- /dev/null
+++ b/net-firewall/nufw/files/nuauth-conf.d
@@ -0,0 +1,2 @@
+# configuration file for /etc/init.d/nuauth
+NUAUTH_OPTIONS=""
diff --git a/net-firewall/nufw/files/nuauth-init.d b/net-firewall/nufw/files/nuauth-init.d
new file mode 100644
index 000000000000..db9c10b8a0d5
--- /dev/null
+++ b/net-firewall/nufw/files/nuauth-init.d
@@ -0,0 +1,27 @@
+#!/sbin/openrc-run
+
+depend() {
+	before net
+}
+
+checkconfig() {
+	if [ ! -e /etc/nufw/nuauth.conf ]; then
+		eerror "You need a /etc/nufw/nuauth.conf file to run nuauth"
+		eerror "There is sample file in /usr/share/doc/nufw-version/"
+		return 1
+	fi
+}
+
+start() {
+	checkpath -d /run/nuauth
+	checkconfig || return 1
+	ebegin "Starting nuauth"
+		start-stop-daemon --start --quiet --exec /usr/sbin/nuauth -- -D ${NUAUTH_OPTIONS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping nuauth"
+		start-stop-daemon --stop --quiet --pidfile /run/nuauth/nuauth.pid
+	eend $?
+}
diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
new file mode 100644
index 000000000000..e75d2b3fd61d
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
@@ -0,0 +1,103 @@
+From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Sat, 4 Mar 2017 01:00:40 +0200
+Subject: [PATCH] ssl: drop call of deprecated
+ gnutls_certificate_type_set_priority()
+
+CTYPE-X.509 is the default value. Closes: #624077
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ src/clients/lib/libnuclient.c | 15 ++-------------
+ src/nufw/tls.c                | 14 --------------
+ 2 files changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c
+index 917e75a..6e78c96 100644
+--- a/src/clients/lib/libnuclient.c
++++ b/src/clients/lib/libnuclient.c
+@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+ #  define DH_BITS 1024
+ #endif
+ 
+-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+-
+ void nu_exit_clean(nuauth_session_t * session)
+ {
+ 	if (session->ct) {
+@@ -270,7 +267,7 @@ int check_key_perms(const char* filename)
+ 	return 1;
+ }
+ 
+-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st)
++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st)
+ {
+ 	printf("TLS error: server requests certificate, none configured\n");
+ 	return 0;
+@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session,
+ 			SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR);
+ 			return 0;
+ 		}
+-		gnutls_certificate_client_set_retrieve_function(session->cred,
++		gnutls_certificate_set_retrieve_function(session->cred,
+ 				&_cb_request_cert);
+ 	}
+ 
+@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session)
+ 		return 0;
+ 	}
+ 
+-	ret =
+-	    gnutls_certificate_type_set_priority(session->tls,
+-						 cert_type_priority);
+-	if (ret < 0) {
+-		return 0;
+-	}
+ 	return 1;
+ }
+ 
+@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session)
+ 	gnutls_deinit(session->tls);
+ 	gnutls_init(&session->tls, GNUTLS_CLIENT);
+ 	gnutls_set_default_priority(session->tls);
+-	gnutls_certificate_type_set_priority(session->tls,
+-					     cert_type_priority);
+ 	session->need_set_cred = 1;
+ 
+ 	/* close socket */
+diff --git a/src/nufw/tls.c b/src/nufw/tls.c
+index e7223eb..2d46820 100644
+--- a/src/nufw/tls.c
++++ b/src/nufw/tls.c
+@@ -506,8 +506,6 @@ void tls_connect()
+ 	gnutls_session *tls_session;
+ 	int tls_socket, ret;
+ #if USE_X509
+-	const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+ 	tls.session = NULL;
+ 
+ 	/* compute patch key_file */
+@@ -655,18 +653,6 @@ void tls_connect()
+ 		return;
+ 	}
+ #if USE_X509
+-	ret = gnutls_certificate_type_set_priority(*(tls_session),
+-						   cert_type_priority);
+-	if (ret < 0) {
+-		log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
+-				"TLS: gnutls_certificate_type_set_priority() failed: %s",
+-				gnutls_strerror(ret));
+-		gnutls_certificate_free_credentials(tls.xcred);
+-		gnutls_deinit(*tls_session);
+-		free(tls_session);
+-		return;
+-	}
+-
+ 	/* put the x509 credentials to the current session */
+ 	ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE,
+ 				   tls.xcred);
+-- 
+2.10.2
+
diff --git a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch
new file mode 100644
index 000000000000..f6bcc95e0006
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch
@@ -0,0 +1,45 @@
+--- a/src/nuauth/auth_srv.h
++++ b/src/nuauth/auth_srv.h
+@@ -162,7 +162,7 @@
+ #ifdef S_SPLINT_S
+ #  define NUAUTH_PID_FILE  "/usr/local/var/run/nuauth/nuauth.pid"
+ #else
+-#  define NUAUTH_PID_FILE  LOCAL_STATE_DIR "/run/nuauth/nuauth.pid"
++#  define NUAUTH_PID_FILE  "/run/nuauth/nuauth.pid"
+ #endif
+ 
+ /* define the number of threads that will do user check */
+--- a/src/nuauth/command.c
++++ b/src/nuauth/command.c
+@@ -26,7 +26,7 @@
+ #include <sys/un.h>		/* unix socket */
+ #include <sys/stat.h>		/* fchmod() */
+ 
+-#define SOCKET_FILENAME LOCAL_STATE_DIR "/run/nuauth/nuauth-command.socket"
++#define SOCKET_FILENAME "/run/nuauth/nuauth-command.socket"
+ 
+ const char* COMMAND_HELP =
+ "version: display nuauth version\n"
+--- a/src/nufw/main.c
++++ b/src/nufw/main.c
+@@ -54,7 +54,7 @@
+ 
+ /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined
+  * during compilation/installation) */
+-#define NUFW_PID_FILE  LOCAL_STATE_DIR "/run/nufw.pid"
++#define NUFW_PID_FILE   "/run/nufw.pid"
+ 
+ /**
+  * Stop threads and then wait until threads exit.
+--- a/src/nuauth/Makefile.am
++++ b/src/nuauth/Makefile.am
+@@ -26,9 +26,6 @@
+ 
+ nuauth_LDADD = $(GLIB_LIBS) -lm  -lgnutls -lsasl2 -lnufw -L$(top_builddir)/src/include/
+ 
+-install-exec-local:
+-	install -d "$(DESTDIR)$(localstatedir)/run/nuauth/"
+-
+ nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES)
+ 	@rm -f nuauth$(EXEEXT)
+ 	$(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD)
diff --git a/net-firewall/nufw/files/nufw-conf.d b/net-firewall/nufw/files/nufw-conf.d
new file mode 100644
index 000000000000..b2ea527744ec
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-conf.d
@@ -0,0 +1,2 @@
+# configuration file for /etc/init.d/nufw
+NUFW_OPTIONS="-k /etc/nufw/nufw.key -c /etc/nufw/nufw.pem -d 127.0.0.1 -p 4129"
diff --git a/net-firewall/nufw/files/nufw-init.d b/net-firewall/nufw/files/nufw-init.d
new file mode 100644
index 000000000000..fd97dd408c7b
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-init.d
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+
+depend() {
+	before net
+}
+
+start() {
+	ebegin "Starting nufw"
+	start-stop-daemon --start --quiet --exec /usr/sbin/nufw -- -D ${NUFW_OPTIONS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping nufw"
+	start-stop-daemon --stop --quiet --pidfile /run/nufw.pid
+	eend $?
+}
diff --git a/net-firewall/nufw/metadata.xml b/net-firewall/nufw/metadata.xml
new file mode 100644
index 000000000000..2d3a5a832ef3
--- /dev/null
+++ b/net-firewall/nufw/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+<email>netmon@gentoo.org</email>
+<name>Gentoo network monitoring and analysis project</name>
+</maintainer>
+<use>
+<flag name="nfconntrack">Use netfilter_conntrack</flag>
+<flag name="nfqueue">Use NFQUEUE instead of QUEUE</flag>
+<flag name="pam_nuauth">Add support for pam nufw from PAM</flag>
+<flag name="plaintext">Add support for authentication with plaintext files</flag>
+</use>
+</pkgmetadata>
diff --git a/net-firewall/nufw/nufw-2.2.22-r1.ebuild b/net-firewall/nufw/nufw-2.2.22-r1.ebuild
new file mode 100644
index 000000000000..79f0b9290942
--- /dev/null
+++ b/net-firewall/nufw/nufw-2.2.22-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+SSL_CERT_MANDATORY=1
+inherit autotools eutils multilib pam ssl-cert
+
+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"
+HOMEPAGE="http://www.nufw.org/"
+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 x86"
+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test"
+
+REQUIRED_USE="pam_nuauth? ( plaintext )"
+DEPEND="
+	dev-libs/cyrus-sasl
+	dev-libs/glib:2
+	dev-libs/libgcrypt:0
+	dev-python/ipy
+	net-firewall/iptables
+	net-libs/gnutls
+	ldap? ( >=net-nds/openldap-2 )
+	mysql? ( virtual/mysql )
+	nfconntrack? ( net-libs/libnetfilter_conntrack )
+	nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )
+	pam? ( sys-libs/pam )
+	pam_nuauth? ( sys-libs/pam )
+	postgres? ( dev-db/postgresql[server] )
+	prelude? ( dev-libs/libprelude )
+"
+RDEPEND=${DEPEND}
+
+RESTRICT="test"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-var-run.patch
+	sed -i \
+		-e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \
+		-e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \
+		conf/nuauth.conf || die
+	sed -i \
+		-e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \
+		src/clients/pam_nufw/Makefile.am || die
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable pam_nuauth pam-nufw) \
+		$(use_enable static) \
+		$(use_with ldap) \
+		$(use_with mysql mysql-auth) \
+		$(use_with mysql mysql-log) \
+		$(use_with nfconntrack) \
+		$(use_with nfqueue) \
+		$(use_with pam system-auth) \
+		$(use_with plaintext plaintext-auth) \
+		$(use_with postgres pgsql-log) \
+		$(use_with prelude prelude-log) \
+		$(use_with syslog syslog-log) \
+		$(use_with unicode utf8) \
+		--enable-shared \
+		--includedir="/usr/include/nufw" \
+		--localstatedir="/var" \
+		--sysconfdir="/etc/nufw" \
+		--with-mark-group \
+		--with-user-mark
+}
+
+src_install() {
+	default
+
+	newinitd "${FILESDIR}"/nufw-init.d nufw
+	newconfd "${FILESDIR}"/nufw-conf.d nufw
+
+	newinitd "${FILESDIR}"/nuauth-init.d nuauth
+	newconfd "${FILESDIR}"/nuauth-conf.d nuauth
+
+	insinto /etc/nufw
+	doins conf/nuauth.conf
+
+	dodoc AUTHORS ChangeLog NEWS README TODO
+	docinto scripts
+	dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}
+	docinto conf
+	dodoc conf/*.{nufw,schema,conf,dump,xml}
+
+	if use pam; then
+		pamd_mimic system-auth nufw auth account password session
+	fi
+
+	prune_libtool_files
+}
+
+pkg_postinst() {
+	install_cert /etc/nufw/{nufw,nuauth}
+}
diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
new file mode 100644
index 000000000000..a3c6d2b4f822
--- /dev/null
+++ b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+SSL_CERT_MANDATORY=1
+inherit autotools eutils multilib pam ssl-cert
+
+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"
+HOMEPAGE="http://www.nufw.org/"
+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 x86"
+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test"
+
+REQUIRED_USE="pam_nuauth? ( plaintext )"
+DEPEND="
+	dev-libs/cyrus-sasl
+	dev-libs/glib:2
+	dev-libs/libgcrypt:0
+	dev-python/ipy
+	net-firewall/iptables
+	net-libs/gnutls
+	ldap? ( >=net-nds/openldap-2 )
+	mysql? ( virtual/mysql )
+	nfconntrack? ( net-libs/libnetfilter_conntrack )
+	nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )
+	pam? ( sys-libs/pam )
+	pam_nuauth? ( sys-libs/pam )
+	postgres? ( dev-db/postgresql:*[server] )
+	prelude? ( dev-libs/libprelude )
+"
+RDEPEND=${DEPEND}
+
+PATCHES=(
+	"${FILESDIR}/${P}-var-run.patch"
+	"${FILESDIR}/${P}-gnutls-3.4.patch"
+)
+
+RESTRICT="test"
+
+src_prepare() {
+	default
+	sed -i \
+		-e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \
+		-e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \
+		conf/nuauth.conf || die
+	sed -i \
+		-e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \
+		src/clients/pam_nufw/Makefile.am || die
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable pam_nuauth pam-nufw) \
+		$(use_enable static) \
+		$(use_with ldap) \
+		$(use_with mysql mysql-auth) \
+		$(use_with mysql mysql-log) \
+		$(use_with nfconntrack) \
+		$(use_with nfqueue) \
+		$(use_with pam system-auth) \
+		$(use_with plaintext plaintext-auth) \
+		$(use_with postgres pgsql-log) \
+		$(use_with prelude prelude-log) \
+		$(use_with syslog syslog-log) \
+		$(use_with unicode utf8) \
+		--enable-shared \
+		--includedir="/usr/include/nufw" \
+		--localstatedir="/var" \
+		--sysconfdir="/etc/nufw" \
+		--with-mark-group \
+		--with-user-mark
+}
+
+src_install() {
+	default
+	prune_libtool_files
+
+	newinitd "${FILESDIR}"/nufw-init.d nufw
+	newconfd "${FILESDIR}"/nufw-conf.d nufw
+
+	newinitd "${FILESDIR}"/nuauth-init.d nuauth
+	newconfd "${FILESDIR}"/nuauth-conf.d nuauth
+
+	insinto /etc/nufw
+	doins conf/nuauth.conf
+
+	docinto scripts
+	dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}
+	docinto conf
+	dodoc conf/*.{nufw,schema,conf,dump,xml}
+
+	if use pam; then
+		pamd_mimic system-auth nufw auth account password session
+	fi
+}
+
+pkg_postinst() {
+	install_cert /etc/nufw/{nufw,nuauth}
+}
-- 
cgit v1.2.3