Bug 960645

New Upstream Version:

New SPEC URL:http://cicku.me/sanewall.spec

New SRPM URL:http://cicku.me/sanewall-1.1.2-1.fc20.src.rpm

Note this RPM currently is not for EPEL(thus RHEL).

IMO this package could replace firehol in Fedora; the last release of Firehol was 5 years ago and it needs systemd support and so on. If this package gains EPEL support, I'll be happy to review it and mark firehol dead.

**

The
 Conflicts: firehol
is incorrect - the packages can peacefully coexist on a system.

**

What's the source for SOURCE1? Has the file been sent upstream?

**

The list in the %description should IMHO be written in the form

Sanewall can be used for almost any firewall need, including:
* control of any number of internal/external/virtual interfaces
* control of any combination of routed traffic
* setting up DMZ routers and servers
* all kinds of NAT
* providing strong protection (flooding, spoofing, etc.)
* transparent caches
* source MAC verification
* blacklists, whitelists

Thanks Susi, you can reset the assignee to you, I've contacted Douglas. I think he is willing to someone can help do a review. 

It's too late today, I'll update the package to the latest version and check the issues you've mentioned tomorrow. 

Just a thought before sleep, you mean I can add obsolete tag to replace the original firehol? If so I think it's great. (like mariadb and mysql?)

(In reply to Christopher Meng from comment #4)
> Just a thought before sleep, you mean I can add obsolete tag to replace the
> original firehol? If so I think it's great. (like mariadb and mysql?)

Yes. But you'll also need to add a Provides, because sanewall really is a replacement for FireHOL.

Actually, the Obsoletes is out of the question, since sanewall isn't a drop-in replacement; e.g. the config file is in a different place.

Source1 is written by myself, sent to upstream, but upstream hasn't decided to support this new toy.

I've fixed all your suggestions.

Spec URL: http://cicku.me/sanewall.spec
SRPM URL: http://cicku.me/sanewall-1.1.4-1.fc20.src.rpm

EPEL support is still missing.

And the package doesn't compile.

Any progress?

Second ping Christopher.

In that days 31/07~02/08, SSH connection was disturbed.

I'm not sure if you found the SRPM was corrupt or whatever other reasons, all packages submitted can be built on my Rawhide machine without problems.

I've reuploaded the same revision to the URL mentioned in comment 7.

I don't maintain one spec for various OS, I always create a new one for the el branch.

(In reply to Christopher Meng from comment #12)
> I'm not sure if you found the SRPM was corrupt or whatever other reasons,
> all packages submitted can be built on my Rawhide machine without problems.

Still does not build in mock.

(In reply to Susi Lehtola from comment #13)
> (In reply to Christopher Meng from comment #12)
> > I'm not sure if you found the SRPM was corrupt or whatever other reasons,
> > all packages submitted can be built on my Rawhide machine without problems.
> 
> Still does not build in mock.

Hi Susi, any logs available? 

This will help us. 

I'm outside now, the next time I can use computer is 15 hrs later...

(In reply to Christopher Meng from comment #14)
> > Still does not build in mock.
> 
> Hi Susi, any logs available? 
> 
> This will help us. 

I'm pretty sure there is more than a single problem. Now it fails due to a missing BR: hostname.

Before submitting a review *do* check that the package builds in koji, or at least for one architecture and distribution in mock.

Not doing so just incurs that the reviewer needs to be spending time to waste.

(In reply to Susi Lehtola from comment #15)
> (In reply to Christopher Meng from comment #14)
> > > Still does not build in mock.
> > 
> > Hi Susi, any logs available? 
> > 
> > This will help us. 
> 
> I'm pretty sure there is more than a single problem. Now it fails due to a
> missing BR: hostname.
> 
> Before submitting a review *do* check that the package builds in koji, or at
> least for one architecture and distribution in mock.
> 
> Not doing so just incurs that the reviewer needs to be spending time to
> waste.

Sorry, added missing hostname/kmod/iptables/iproute/procps-ng BRs.

New SPEC URL:http://cicku.me/sanewall.spec
New SRPM URL:http://cicku.me/sanewall-1.1.4-2.fc20.src.rpm

Koji success: http://koji.fedoraproject.org/koji/taskinfo?taskID=5818302

Fails to build in F19.

error: Installed (but unpackaged) file(s) found:
   /usr/share/doc/sanewall/examples/adblock.sh
   /usr/share/doc/sanewall/examples/client-all.conf
   /usr/share/doc/sanewall/examples/lan-gateway.conf
   /usr/share/doc/sanewall/examples/office.conf
   /usr/share/doc/sanewall/examples/server-dmz.conf
   /usr/share/doc/sanewall/html/sanewall-manual.css
   /usr/share/doc/sanewall/html/sanewall-manual.html
   /usr/share/doc/sanewall/html/sanewall-services.html
   /usr/share/doc/sanewall/sanewall-manual.pdf
    Installed (but unpackaged) file(s) found:
   /usr/share/doc/sanewall/examples/adblock.sh
   /usr/share/doc/sanewall/examples/client-all.conf
   /usr/share/doc/sanewall/examples/lan-gateway.conf
   /usr/share/doc/sanewall/examples/office.conf
   /usr/share/doc/sanewall/examples/server-dmz.conf
   /usr/share/doc/sanewall/html/sanewall-manual.css
   /usr/share/doc/sanewall/html/sanewall-manual.html
   /usr/share/doc/sanewall/html/sanewall-services.html
   /usr/share/doc/sanewall/sanewall-manual.pdf
Child return code was: 1

**

I still would like to see the EL spec files as well, since SysV init scripts are handled in a different way. I have no idea why you wouldn't want to use a unified spec file, since the differences can be handled with a few lines of %if's.

Ping Christopher.

Hi Susi I'm busy these days. 

Actually I just need to write a init file now, but it takes time.

So maintaining hundreds of packages is not a walk in the park eh?


There should be an init file already. And you can always adapt the one from firehol.

(In reply to Susi Lehtola from comment #20)
> So maintaining hundreds of packages is not a walk in the park eh?


No, you're thinking too overhead. 

> 
> There should be an init file already. And you can always adapt the one from
> firehol.

The reason why I can't go ahead is that this init file included is designed for Debian systems, in order to follow the guideline I have to rewrite a Fedora one. 

BTW there also have bugs in upstream's init file.

taken  ;)

Any news on this, yet?

Both links give me 404...

(In reply to Björn "besser82" Esser from comment #23)
> Both links give me 404...

DO NOT DISTURB ME NOW.

(In reply to Christopher Meng from comment #24)
> (In reply to Björn "besser82" Esser from comment #23)
> > Both links give me 404...
> 
> DO NOT DISTURB ME NOW.

WTF???  I just wanted to review this and the links to psec/srpm gave me a 404.  What's your f*****g problem?  What did I do wrong?

Ping.

I will finish this soon.

BTW, I found that firehol is not dead:

http://firehol.org/download/latest/

Maybe you need to update it and I remove the provides line in sanewall spec?

(In reply to Christopher Meng from comment #27)
> BTW, I found that firehol is not dead:
> http://firehol.org/download/latest/

Well they sure took a long hiatus. And also changed the location of the tarball, so it was not picked up by release monitoring.

> Maybe you need to update it and I remove the provides line in sanewall spec?

OK.

Firehol just released 2.0.0-RC1, largely based on the Sanewall fork. 

I would suggest to upgrade Firehol to version 2 and abandon Sanewall. I added a seperate bugreport for this, see https://bugzilla.redhat.com/show_bug.cgi?id=1128387

Upstream will stop the development and merge the changes back to the firehol.

Glad to see the resurrection of the firehol.