firewalld: init at 1.1.1

2 files changed, 117 insertions, 0 deletions

diff --git a/pkgs/applications/networking/firewalld/default.nix b/pkgs/applications/networking/firewalld/default.nix
new file mode 100644
index 0000000000000..825222783e34e
--- /dev/null
+++ b/pkgs/applications/networking/firewalld/default.nix
@@ -0,0 +1,104 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, autoreconfHook
+, bash
+, docbook_xml_dtd_42
+, docbook-xsl-nons
+, glib
+, gobject-introspection
+, gtk3
+, intltool
+, libnotify
+, libxml2
+, libxslt
+, networkmanager-applet
+, pkg-config
+, python3
+, wrapGAppsNoGuiHook
+, withGui ? false
+}:
+
+let
+  pythonPath = python3.withPackages (ps: with ps; [
+    dbus-python
+    nftables
+    pygobject3
+  ] ++ lib.optionals withGui [
+    pyqt5
+    pyqt5_sip
+  ]);
+in
+stdenv.mkDerivation rec {
+  pname = "firewalld";
+  version = "1.1.1";
+
+  src = fetchFromGitHub {
+    owner = "firewalld";
+    repo = "firewalld";
+    rev = "v${version}";
+    sha256 = "sha256-w8TbovIhOhJAUZWbKdBd/+db8Hro/ttlxWZDcrCXX4Q=";
+  };
+
+  patches = [
+    ./respect-xml-catalog-files-var.patch
+  ];
+
+  postPatch = ''
+    substituteInPlace src/firewall/config/__init__.py.in \
+      --replace "/usr/share" "$out/share"
+
+    for file in config/firewall-{applet,config}.desktop.in; do
+      substituteInPlace $file \
+        --replace "/usr/bin/" "$out/bin/"
+    done
+  '' + lib.optionalString withGui ''
+    substituteInPlace src/firewall-applet.in \
+      --replace "/usr/bin/nm-connection-editor" "${networkmanager-applet}/bin/nm-conenction-editor"
+  '';
+
+  nativeBuildInputs = [
+    autoreconfHook
+    docbook_xml_dtd_42
+    docbook-xsl-nons
+    glib
+    intltool
+    libxml2
+    libxslt
+    pkg-config
+    python3
+    python3.pkgs.wrapPython
+  ] ++ lib.optionals withGui [
+    gobject-introspection
+    wrapGAppsNoGuiHook
+  ];
+
+  buildInputs = [
+    bash
+    glib
+  ] ++ lib.optionals withGui [
+    gtk3
+    libnotify
+    pythonPath
+  ];
+
+  dontWrapGApps = true;
+
+  preFixup = lib.optionalString withGui ''
+    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
+  '';
+
+  postFixup = ''
+    chmod +x $out/share/firewalld/*.py $out/share/firewalld/testsuite/python/*.py $out/share/firewalld/testsuite/{,integration/}testsuite
+    patchShebangs --host $out/share/firewalld/testsuite/{,integration/}testsuite $out/share/firewalld/*.py
+    wrapPythonProgramsIn "$out/bin" "$out ${pythonPath}"
+    wrapPythonProgramsIn "$out/share/firewalld/testsuite/python" "$out ${pythonPath}"
+  '';
+
+  meta = with lib; {
+    description = "Firewall daemon with D-Bus interface";
+    homepage = "https://github.com/firewalld/firewalld";
+    license = licenses.gpl2Plus;
+    maintainers = with maintainers; [ SuperSandro2000 ];
+  };
+}
diff --git a/pkgs/applications/networking/firewalld/respect-xml-catalog-files-var.patch b/pkgs/applications/networking/firewalld/respect-xml-catalog-files-var.patch
new file mode 100644
index 0000000000000..03a10121c6be1
--- /dev/null
+++ b/pkgs/applications/networking/firewalld/respect-xml-catalog-files-var.patch
@@ -0,0 +1,13 @@
+--- a/m4/jh_path_xml_catalog.m4
++++ b/m4/jh_path_xml_catalog.m4
+@@ -40,8 +40,8 @@ AC_DEFUN([JH_CHECK_XML_CATALOG],
+ [
+   AC_REQUIRE([JH_PATH_XML_CATALOG],[JH_PATH_XML_CATALOG(,[:])])dnl
+   AC_MSG_CHECKING([for ifelse([$2],,[$1],[$2]) in XML catalog])
+-  if $jh_found_xmlcatalog && \
+-     AC_RUN_LOG([$XMLCATALOG --noout "$XML_CATALOG_FILE" "$1" >&2]); then
++  # empty argument forces libxml to use XML_CATALOG_FILES variable
++  if AC_RUN_LOG([$XMLCATALOG --noout "" "$1" >&2]); then
+     AC_MSG_RESULT([found])
+     ifelse([$3],,,[$3
+ ])dnl