rpms / tcpcrypt

Clone
Source Code
GIT

#2 Remove broken firewalld integration (f38)
Closed 10 months ago by adamwill. Opened a year ago by erig0.
rpms/ erig0/tcpcrypt rhbz2159838-f38  into  f38

file removed
-12 
@@ -1,12 +0,0 @@ 
 

- <?xml version="1.0" encoding="utf-8"?>
 

- <direct>
 

-   <chain ipv="ipv4" table="raw" chain="tcpcrypt"/>
 

-   <rule ipv="ipv4" table="raw" chain="tcpcrypt" priority="0">
 

-     -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
 

-   <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-j tcpcrypt</rule>
 

- 

-   <chain ipv="ipv4" table="mangle" chain="tcpcrypt"/>
 

-   <rule ipv="ipv4" table="mangle" chain="tcpcrypt" priority="0">
 

-     -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
 

-   <rule ipv="ipv4" table="mangle" chain="POSTROUTING" priority="0">-j tcpcrypt</rule>
 

- </direct>

file modified
+7 -7 
@@ -4,14 +4,13 @@ 
 

  Summary: Opportunistically encrypt TCP connections
 

  Name: tcpcrypt
 

  Version: 0.5
 

- Release: 10%{?dist}
 

+ Release: 12%{?dist}
 

  License: BSD
 

  Url: http://tcpcrypt.org/
 

  Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz
 

  SOURCE1: tmpfiles-tcpcrypt.conf
 

  SOURCE2: tcpcryptd.service
 

  SOURCE3: tcpcryptd-firewall
 

- SOURCE4: tcpcrypt-firewalld.xml
 

  Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 

  BuildRequires: make
 

  BuildRequires:  gcc
 
@@ -23,8 +22,6 @@ 
 

  Requires(preun): systemd
 

  Requires(postun): systemd
 

  Requires(pre): shadow-utils
 

- # we need to require it to install our file
 

- Requires: firewalld
 

  

  %description
 

  Provides a protocol that attempts to encrypt (almost) all of your
 
@@ -62,8 +59,6 @@ 
 

  install -D -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/tcpcrypt.conf
 

  mkdir -p %{buildroot}%{_unitdir}
 

  install -m 0755 %{SOURCE2} %{buildroot}/%{_unitdir}/tcpcryptd.service
 

- # install firewalld policy needed for tracking and marking packets
 

- install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcpcryptd.xml
 

  

  %files libs
 

  %doc README.markdown
 
@@ -80,7 +75,6 @@ 
 

  %{_mandir}/man8/*
 

  %attr(0644,root,root) %{_tmpfilesdir}/tcpcrypt.conf
 

  %attr(0644,root,root) %{_unitdir}/tcpcryptd.service
 

- %attr(0644,root,root) %{_prefix}/lib/firewalld/services/tcpcryptd.xml
 

  %attr(0755,tcpcryptd,tcpcryptd) %dir /run/tcpcryptd
 

  

  %files devel
 
@@ -106,6 +100,12 @@ 
 

  %systemd_postun_with_restart tcpcryptd.service
 

  

  %changelog
 

+ * Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-12
 

+ - remove bash-isms from tcpcryptd-firewall
 

+ 

+ * Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-11
 

+ - remove broken firewalld service definition
 

+ 

  * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-10
 

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

file modified
+3 -18 
@@ -1,20 +1,7 @@ 
 

  #!/bin/sh
 

  

- # Check if we need to use firewalld or will handle rules directly with iptables
 

- 

- 

- systemctl status firewalld.service >/dev/null
 

- RETVAL=$?
 

- if [ $RETVAL  -eq 0 ]
 

- then
 

-    # use firewalld
 

-    firewall-cmd --reload
 

-    firewall-cmd --direct --get-rules ipv4 raw tcpcrypt
 

-    firewall-cmd --direct --get-rules ipv4 mangle tcpcrypt
 

- else
 

-    # use iptables manually
 

- 

- if [ "$1" == "start" ]
 

+ # use iptables manually
 

+ if [ "$1" = "start" ]
 

  then
 

  	iptables -t raw -N tcpcrypt
 

  	iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
 
@@ -26,7 +13,7 @@ 
 

   

  	# launch `tcpcryptd` with `-x 0x10`
 

  fi
 

- if [ "$1" == "stop" ]
 

+ if [ "$1" = "stop" ]
 

  then
 

  	iptables -t raw -F tcpcrypt
 

  	iptables -t raw -D PREROUTING -j tcpcrypt
 
@@ -34,5 +21,3 @@ 
 

  	iptables -t mangle -F tcpcrypt
 

  	iptables -t mangle -D PREROUTING -j tcpcrypt
 

  fi
 

- 

- fi

f38 cherry pick of the below rawhide

https://src.fedoraproject.org/rpms/tcpcrypt/pull-request/1

I merged current Rawhide and rebuilt instead (to also get the bashisms fix).

Pull-Request has been closed by adamwill
10 months ago
Metadata
None
No Tags
Changes Summary 3
-12
file removed
tcpcrypt-firewalld.xml
+7 -7
file changed
tcpcrypt.spec
+3 -18
file changed
tcpcryptd-firewall
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.