Created attachment 162854 [details] Patch file for the Port Hi, I added options to Makefile to be able to actually choose the firewall implementation that should be used by fwknop. Currently only IPFW and PF are possible. Regards, Jens
*** Bug 204335 has been marked as a duplicate of this bug. ***
Comment on attachment 162854 [details] Patch file for the Port should +PW_CONFIGURE_WITH= pf=/sbin/pfctl not read +PF_CONFIGURE_WITH= pf=/sbin/pfctl ?
Yes, you're correct. :-)
Created attachment 162924 [details] Updated patch file. The options for PF were wrong (PW instead of PF).
Patch Applies cleanly.
@Jens, please mark "Obsolete" the patch you don't want to be referenced. You can do by clicking "Attachment Details -> Edit Details -> [X] Obsolete" Please also confirm this port passes QA (portlint/poudriere) @Sean, if/when you're happy with the change, please set maintainer-approval to + on the attachment you approve, or add a comment "Approved attachment <id>" Thanks!
I have the patched port running on two servers using a PF firewall without problems. :-)
Portlint gives one warning: WARN: Makefile: PF is listed in OPTIONS_DEFINE, but no PORT_OPTIONS:MPF appears. 0 fatal errors and 1 warning found. But according to the porters handbook PORT_OPTIONS is deprecated / not recommended?
(In reply to Jens Grassel from comment #8) Deprecated/Undesirable only where a relevant options "helper" can be made to replace it. If the porters handbook needs updating to be a bit less ambiguous/unequivocal, let us know in a new documentation issue :) For Example: .if ${PORT_OPTIONS:MFOO} CONFIGURE_ARGS+=--enable-foo .endif Can be turned in into: FOO_CONFIGURE_ENABLE=foo If you already have some FOO_* options helpers, that's fine, an portlint may need to be taught to detect <OPT>_* options helpers to avoid the false positive (portlint maintainer cc'd). Regarding run-time test/QA confirmation, that's great, but there can also be subtle packaging issues that don't show up until deinstall/upgrade/etc time :) If you don't have poudriere available (highly preferable), you may include (as an attachment), the output of the following instead: make stage && make check-plist && make stage-qa && make package
Thanks for the info. I have the appropriate options helpers. =) Here is the output of the make commands: ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist ===> Checking for items in pkg-plist which are not in STAGEDIR ===> No pkg-plist issues found (check-plist) ====> Running Q/A tests (stage-qa) Although I've come to the conclusion that the config files should be moved from foo.conf to foo.conf.sample to avoid overriding custom stuff. But that'll be another patch.
Great work Sean!
Comment on attachment 162924 [details] Updated patch file. Approved attachmen
No MFH, since PORTVERSION has changed on head since 2015Q4 was branched.
A commit references this bug: Author: riggs Date: Mon Nov 23 06:20:46 UTC 2015 New revision: 402259 URL: https://svnweb.freebsd.org/changeset/ports/402259 Log: Allow to select pf instead of default ipfw for firewall backend PR: 204334 Submitted by: jan0sch@mykolab.com Reviewed by: sean.greven@gmail.com (maintainer) Changes: head/security/fwknop/Makefile