Added pcr/openrc-security

9 files changed, 116 insertions, 192 deletions

diff --git a/pcr/apparmor-openrc/PKGBUILD b/pcr/apparmor-openrc/PKGBUILD
deleted file mode 100644
index 90200d530..000000000
--- a/pcr/apparmor-openrc/PKGBUILD
+++ /dev/null
@@ -1,32 +0,0 @@
-# Maintainer: David P. <megver83@parabola.nu>
-
-pkgname=apparmor-openrc
-pkgver=20160816
-pkgrel=2
-pkgdesc="OpenRC apparmor init script"
-arch=('any')
-url="http://apparmor.net/"
-license=('GPL2')
-depends=('apparmor' 'openrc')
-install='apparmor.install'
-_filename='apparmor-init'
-source=("https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-apps/apparmor/files/$_filename")
-sha256sums=('fb8d7b46e682b452ba3061cca6eaf32b6a8f542208e35ea823e8c9c3bc89f764')
-
-#pkgver() {
-#   date +%Y%m%d
-#}
-
-_inst_initd(){
-   install -Dm755 ${srcdir}/$1.initd ${pkgdir}/etc/init.d/$1
-
-   sed -e 's|#!/sbin/runscript|#!/usr/bin/openrc-run|' \
-	 -e 's|/var/run|/run|g' \
-	 -i "${pkgdir}/etc/init.d/$1"
-   # ^^--- should work without this, but actually does not (at boot)
-}
-
-package() {
-   mv "$_filename" -v apparmor.initd
-   _inst_initd 'apparmor'
-}
diff --git a/pcr/apparmor-openrc/apparmor-init b/pcr/apparmor-openrc/apparmor-init
deleted file mode 100644
index 2c7836b48..000000000
--- a/pcr/apparmor-openrc/apparmor-init
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-description="Load all configured profiles for the AppArmor security module."
-description_reload="Reload all profiles"
-
-extra_started_commands="reload"
-
-aa_action() {
-	local arg=$1
-	local return
-
-	shift
-	$*
-	return=$?
-
-	if [ ${return} -eq 0 ]; then
-		aa_log_success_msg $arg
-	else
-		aa_log_failure_msg arg
-	fi
-
-	return $return
-}
-
-aa_log_action_start() {
-	ebegin $1
-}
-
-aa_log_action_end() {
-	eend $1
-}
-
-aa_log_success_msg() {
-	einfo $1
-}
-
-aa_log_warning_msg() {
-	ewarn $1
-}
-
-aa_log_failure_msg() {
-	eerror $1
-}
-
-aa_log_skipped_msg() {
-	einfo $1
-}
-
-aa_log_daemon_msg() {
-	einfo $1
-}
-
-aa_log_end_msg() {
-	eend $1
-}
-
-. /usr/lib/apparmor/rc.apparmor.functions
-
-start() {
-	ebegin "Starting AppArmor"
-	eindent
-
-	if ! is_apparmor_loaded ; then
-		load_module
-		if [ $? -ne 0 ]; then
-			eerror "AppArmor kernel support is not present"
-			eend 1
-			return 1
-		fi
-	fi
-
-	parse_profiles load
-
-	eoutdent
-}
-
-stop() {
-	ebegin "Stopping AppArmor"
-	eindent
-	apparmor_stop
-	eoutdent
-}
-
-reload() {
-	# todo: split out clean_profiles into its own function upstream
-	# so we can do parse_profiles reload && clean_profiles
-	# and do a proper reload instead of restart
-	apparmor_restart
-}
diff --git a/pcr/apparmor/PKGBUILD b/pcr/apparmor/PKGBUILD
index def30d3e4..e537fcd3b 100644
--- a/pcr/apparmor/PKGBUILD
+++ b/pcr/apparmor/PKGBUILD
@@ -95,7 +95,8 @@ build() {
 package_apparmor() {
   pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)'
   depends=(apparmor-parser apparmor-libapparmor apparmor-utils apparmor-profiles apparmor-pam apparmor-vim)
-  optdepends=('linux-apparmor: an arch kernel with AppArmor patches')
+  optdepends=('linux-libre-apparmor: a kernel with AppArmor patches'
+              'linux-libre-lts-apparmor: a LTS kernel with AppArmor patches')
   install='apparmor.install'
 }
 
diff --git a/pcr/firewalld-openrc/PKGBUILD b/pcr/firewalld-openrc/PKGBUILD
deleted file mode 100644
index d90d71b95..000000000
--- a/pcr/firewalld-openrc/PKGBUILD
+++ /dev/null
@@ -1,32 +0,0 @@
-# Maintainer (Arch): Chris Cromer <chris@cromer.cl>
-# Maintainer: Omar Vega Ramos <ovruni@gnu.org.pe>
-
-pkgname=firewalld-openrc
-pkgver=1.0
-pkgrel=2.2
-pkgdesc="OpenRC scripts for firewalld."
-arch=('any')
-provides=('firewalld-openrc')
-conflicts=('iptables-openrc')
-pkgname=('firewalld-openrc')
-depends=('firewalld' 'openrc')
-url="https://github.com/cromerc/arch-openrc"
-license=("GPL2")
-source=("firewalld.init")
-sha256sums=('96593cc0e8efcb60b0aa6b9e994dae31ec31cd812aca1145b7829b0a40e0dfa6')
-
-_inst_initd(){
-	install -Dm755 firewalld.init ${pkgdir}/etc/init.d/firewalld
-
-	sed -e 's|/var/run|/run|g' \
-		-e 's|/usr/sbin|/usr/bin|g' \
-		-i ${pkgdir}/etc/init.d/$1
-}
-
-package_firewalld-openrc() {
-	pkgdesc="OpenRC scripts for firewalld."
-	depends=('firewalld' 'openrc')
-	install=firewalld-openrc.install
-
-	_inst_initd 'firewalld'
-}
diff --git a/pcr/firewalld-openrc/firewalld.init b/pcr/firewalld-openrc/firewalld.init
deleted file mode 100644
index b1d7d15d9..000000000
--- a/pcr/firewalld-openrc/firewalld.init
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-description="FirewallD"
-command=/usr/sbin/firewalld
-pidfile=/var/run/firewalld.pid
-
-depend() {
-	need dbus
-	provide iptables ip6tables ebtables
-}
diff --git a/pcr/openrc-net/PKGBUILD b/pcr/openrc-net/PKGBUILD
index e37e1db79..f6fcc7922 100644
--- a/pcr/openrc-net/PKGBUILD
+++ b/pcr/openrc-net/PKGBUILD
@@ -14,7 +14,6 @@ pkgname=('autofs-openrc'
         'cyrus-sasl-openrc'
         'dhcp-openrc'
         'hostapd-openrc'
-        'iptables-openrc'
         'krb5-openrc'
         'lighttpd-openrc'
         'nfs-utils-openrc'
@@ -63,9 +62,6 @@ source=("${_dev_url}/gentoo-apache-${_apver}-${_aprel}.tar.bz2"
         "dhcrelay.initd::${_url}/net-misc/dhcp/files/dhcrelay.init3"
         "hostapd.confd::${_url}/net-wireless/hostapd/files/hostapd-conf.d"
         "hostapd.initd::${_url}/net-wireless/hostapd/files/hostapd-init.d"
-        "iptables.confd::${_url}/net-firewall/iptables/files/iptables-1.4.13.confd"
-        "ip6tables.confd::${_url}/net-firewall/iptables/files/ip6tables-1.4.13.confd"
-        "iptables.initd::${_url}/net-firewall/iptables/files/iptables-1.4.13-r1.init"
         "krb5kadmind.initd::${_url}/app-crypt/mit-krb5/files/mit-krb5kadmind.initd-r2"
         "krb5kdc.initd::${_url}/app-crypt/mit-krb5/files/mit-krb5kdc.initd-r2"
         "krb5kpropd.initd::${_url}/app-crypt/mit-krb5/files/mit-krb5kpropd.initd-r2"
@@ -324,25 +320,6 @@ package_hostapd-openrc() {
 	sed -e 's|/usr/sbin|/usr/bin|g' -i "${pkgdir}/etc/init.d/hostapd"
 }
 
-package_iptables-openrc() {
-	pkgdesc="OpenRC iptables init script"
-	depends=('openrc' 'iptables')
-	backup=('etc/conf.d/iptables'
-		'etc/conf.d/ip6tables')
-
-	_inst_confd 'iptables'
-	_inst_initd 'iptables'
-
-	_inst_confd 'ip6tables'
-# 	_inst_initd 'iptables'
-
-	install -Dm755 "${srcdir}/iptables.initd" "${pkgdir}/etc/init.d/ip6tables"
-
-	for f in ${pkgdir}/etc/init.d/*;do
-            sed -e 's|/sbin|/usr/bin|g' -i $f
-	done
-}
-
 package_krb5-openrc() {
 	pkgdesc="OpenRC krb5 init script"
 	depends=('openrc' 'krb5')
diff --git a/pcr/openrc-security/PKGBUILD b/pcr/openrc-security/PKGBUILD
new file mode 100644
index 000000000..2a13cd700
--- /dev/null
+++ b/pcr/openrc-security/PKGBUILD
@@ -0,0 +1,114 @@
+# Maintainer: David P. <megver83@parabola.nu>
+# Maintainer: Omar Vega Ramos <ovruni@gnu.org.pe>
+
+_url="https://raw.githubusercontent.com/gentoo/gentoo/master"
+
+_sed_args=(-e 's|/var/run|/run|g')
+prefix=true
+
+$_prefix && _sed_args+=(-e 's|#!/sbin/openrc-run|#!/usr/bin/openrc-run|g')
+
+pkgbase=openrc-base
+pkgname=('apparmor-openrc'
+         'iptables-openrc'
+         'shorewall-openrc'
+         'shorewall6-openrc'
+         'firewalld-openrc')
+pkgver=20170505
+pkgrel=1.1
+pkgdesc="OpenRC init scripts"
+arch=('any')
+url="https://github.com/manjaro/packages-openrc"
+license=('GPL2')
+# groups=('openrc-base' 'base-nosystemd')
+groups=('base-openrc' 'openrc-base')
+conflicts=('systemd-sysvcompat')
+source=("iptables.confd::${_url}/net-firewall/iptables/files/iptables-1.4.13.confd"
+        "ip6tables.confd::${_url}/net-firewall/iptables/files/ip6tables-1.4.13.confd"
+        "iptables.initd::${_url}/net-firewall/iptables/files/iptables-1.4.13-r1.init"
+        "firewalld.initd::${_url}/net-firewall/firewalld/files/firewalld.init"
+        "apparmor.initd::${_url}/sys-apps/apparmor/files/apparmor-init"
+        "shorewall.initd::${_url}/net-firewall/shorewall/files/shorewall-init.initd"
+        "shorewall.confd::${_url}/net-firewall/shorewall/files/shorewall-init.confd"
+        "shorewall6.initd::${_url}/net-firewall/shorewall/files/shorewall6.initd-r1"
+        "shorewall6.confd::${_url}/net-firewall/shorewall/files/shorewall6.confd-r1"
+        "shorewallrc::${_url}/net-firewall/shorewall/files/shorewallrc-r1")
+sha512sums=('bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70'
+            '8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e'
+            '9b74344043f48ce2a4691f09199cfa752bd7ee360d912d412fe1cf51de54821b0d082c9585a11b84020454f9759af78ff097d7dfc8f5148ef9e987e6d990edde'
+            'ed71564d92f4235bb1209cf1141e28f825e4b0e3d84e7214456399e1ac0a787c02d06fecd38eaa7643b4c571b90bfe2e3c93d9826ea448ebd480c0794b62265d'
+            '4ee4747ec98a0828beb690bf5e01bc112d958bff4c68d60fc0cbb9f0707bd8daecc011dba3916aa6e6368f460eedce7f2ce42aad9ccea49a5d898dcae3d01148'
+            '5cb410e0fe0391fd467f212b3e1cf3ec4c7fa3289de2341edbf301ce9087e7cba05a36999a8203d7bce28ac35a429c10bc017a96b750aec1bf257987aec23245'
+            '105393c3cbdd1820066e41ed941b6a79cafde3196eb723c06ca984fc663370d6902757467339b6b4ebfb8d00167b9f85311b6842dadc564029313eb36f1a389b'
+            '3149b1848ed76b1d04466195810572c96cf1a68ffce6005c8c6cca08df7d7c8914f3c185ed80a357cf30cef23f076559ccb1df3236f443abf089133eeffe42b3'
+            'fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b'
+            '9cf87d5b5807b224a325c9d038f159e55d277ad3eca62a1fd82d06d9ec1d0f71e58b239c57532b9b081271c7ab6f90b281cea1dca0bb9ea26e1e1c8ddaf3a691')
+
+pkgver() {
+    date +%Y%m%d
+}
+
+_inst_initd(){
+    install -Dm755 ${srcdir}/$1.initd ${pkgdir}/etc/init.d/$1
+
+    sed ${_sed_args[@]} -i ${pkgdir}/etc/init.d/$1
+}
+
+_inst_confd(){
+    install -Dm755 ${srcdir}/$1.confd ${pkgdir}/etc/conf.d/$1
+}
+
+package_iptables-openrc() {
+	pkgdesc="OpenRC iptables init script"
+	depends=('openrc' 'iptables')
+	backup=('etc/conf.d/iptables'
+		'etc/conf.d/ip6tables')
+
+	_inst_confd 'iptables'
+	_inst_initd 'iptables'
+
+	_inst_confd 'ip6tables'
+# 	_inst_initd 'iptables'
+
+	install -Dm755 "${srcdir}/iptables.initd" "${pkgdir}/etc/init.d/ip6tables"
+
+	for f in ${pkgdir}/etc/init.d/*;do
+            sed -e 's|/sbin|/usr/bin|g' -i $f
+	done
+}
+
+package_firewalld-openrc() {
+	pkgdesc="OpenRC firewalld init script"
+	depends=('firewalld' 'openrc')
+	install=firewalld.install
+
+	_inst_initd 'firewalld'
+	sed -e 's|/usr/sbin|/usr/bin|g'
+}
+
+package_apparmor-openrc() {
+    pkgdesc="OpenRC apparmor init script"
+    depends=('apparmor' 'openrc')
+    install='apparmor.install'
+   
+   _inst_initd 'apparmor'   
+}
+
+package_shorewall-openrc() {
+    pkgdes="OpenRC shorewall init script"
+    depends=('shorewall' 'openrc')
+    
+    _inst_initd 'shorewall'
+    _inst_confd 'shorewall'
+    
+    install -Dm644 ${srcdir}/shorewallrc ${pkgdir}/usr/share/shorewall/shorewallrc
+}
+
+package_shorewall6-openrc() {
+    pkgdes="OpenRC shorewall6 init script"
+    depends=('shorewall6' 'openrc')
+    
+    _inst_initd 'shorewall6'
+    _inst_confd 'shorewall6'
+    sed -e 's|/usr/sbin|/usr/bin|g'
+}
diff --git a/pcr/apparmor-openrc/apparmor.install b/pcr/openrc-security/apparmor.install
index a59542111..a59542111 100644
--- a/pcr/apparmor-openrc/apparmor.install
+++ b/pcr/openrc-security/apparmor.install
diff --git a/pcr/firewalld-openrc/firewalld-openrc.install b/pcr/openrc-security/firewalld.install
index ddab9e43a..ddab9e43a 100644
--- a/pcr/firewalld-openrc/firewalld-openrc.install
+++ b/pcr/openrc-security/firewalld.install