From d8a4e098f6af2934f6d3c575a8c10d95059a3c58 Mon Sep 17 00:00:00 2001 From: xeji Date: Sun, 18 Feb 2018 15:58:13 +0100 Subject: [PATCH 1/3] firehol: 3.1.5: search for config files in /etc/firehol to fix error when running firehol command, see issue #35114 --- pkgs/applications/networking/firehol/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkgs/applications/networking/firehol/default.nix b/pkgs/applications/networking/firehol/default.nix index cf41ca1b0b3b..2435b2dcc98d 100644 --- a/pkgs/applications/networking/firehol/default.nix +++ b/pkgs/applications/networking/firehol/default.nix @@ -52,6 +52,17 @@ stdenv.mkDerivation rec { AS_IF([test "x$ac_cv_ping_6_opt" = "xyes"],[ '') + + # put firehol config files in /etc/firehol (not $out/etc/firehol) + # to avoid error on startup, see #35114 + (pkgs.writeText "firehol-sysconfdir.patch" + '' + --- a/sbin/install.config.in.in + +++ b/sbin/install.config.in.in + @@ -4 +4 @@ + -SYSCONFDIR="@sysconfdir_POST@" + +SYSCONFDIR="/etc" + '') ]; nativeBuildInputs = [ autoconf automake ]; From dce83f0b7971714737a3e67a63537ebdc960125f Mon Sep 17 00:00:00 2001 From: xeji Date: Sun, 18 Feb 2018 16:12:06 +0100 Subject: [PATCH 2/3] firehol: 3.1.5: fix uname command path quoting bug Missing quotes of $UNAME_CMD in the firehol bash script result in an error if the path to uname contains a dash, as in /nix/store/...-coreutils-.../bin/uname. Might be considered an upstream bug but only appears in this special case, unlikely to occur in other distros. --- .../networking/firehol/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/pkgs/applications/networking/firehol/default.nix b/pkgs/applications/networking/firehol/default.nix index 2435b2dcc98d..6c0d43b1c129 100644 --- a/pkgs/applications/networking/firehol/default.nix +++ b/pkgs/applications/networking/firehol/default.nix @@ -63,6 +63,24 @@ stdenv.mkDerivation rec { -SYSCONFDIR="@sysconfdir_POST@" +SYSCONFDIR="/etc" '') + + # we must quote "$UNAME_CMD", or the dash in /nix/store/...-coreutils-.../bin/uname + # will be interpreted as IFS -> error. this might be considered an upstream bug + # but only appears when there are dashes in the command path + (pkgs.writeText "firehol-uname-command.patch" + '' + --- a/sbin/firehol + +++ b/sbin/firehol + @@ -10295,7 +10295,7 @@ + kmaj=$1 + kmin=$2 + + - set -- $($UNAME_CMD -r) + + set -- $("$UNAME_CMD" -r) + eval $kmaj=\$1 $kmin=\$2 + } + kernel_maj_min KERNELMAJ KERNELMIN + '') ]; nativeBuildInputs = [ autoconf automake ]; From b91fc28db0ee9204b404e611a965ea52360e9467 Mon Sep 17 00:00:00 2001 From: xeji Date: Wed, 7 Mar 2018 00:40:27 +0100 Subject: [PATCH 3/3] firehol: build firehol command by default fixes #35139 --- pkgs/applications/networking/firehol/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/firehol/default.nix b/pkgs/applications/networking/firehol/default.nix index 6c0d43b1c129..5bb7159149c4 100644 --- a/pkgs/applications/networking/firehol/default.nix +++ b/pkgs/applications/networking/firehol/default.nix @@ -2,8 +2,8 @@ , autoconf, automake, curl, iprange, iproute, ipset, iptables, iputils , kmod, nettools, procps, tcpdump, traceroute, utillinux, whois -# Just install FireQOS without FireHOL -, onlyQOS ? true +# If true, just install FireQOS without FireHOL +, onlyQOS ? false }: stdenv.mkDerivation rec {