Merge remote-tracking branch 'origin' into staging-next

5 files changed, 148 insertions, 6 deletions

diff --git a/pkgs/applications/virtualization/bochs/default.nix b/pkgs/applications/virtualization/bochs/default.nix
index 48ff2d3cf49..f6e202ac499 100644
--- a/pkgs/applications/virtualization/bochs/default.nix
+++ b/pkgs/applications/virtualization/bochs/default.nix
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./bochs-2.6.10-glibc-2.26.patch ];
 
-  buildInputs = with stdenv.lib;
+  buildInputs =
   [ pkgconfig libtool gtk2 libGLU libGL readline libX11 libXpm docbook_xml_dtd_45 docbook_xsl ]
   ++ optionals termSupport [ ncurses ]
   ++ optionals sdlSupport [ SDL2 ]
@@ -118,7 +118,7 @@ stdenv.mkDerivation rec {
       in C++, that runs on most popular platforms. It includes emulation of the
       Intel x86 CPU, common I/O devices, and a custom BIOS.
     '';
-    homepage = http://bochs.sourceforge.net/;
+    homepage = "http://bochs.sourceforge.net/";
     license = licenses.lgpl2Plus;
     maintainers = with maintainers; [ AndersonTorres ];
     platforms = platforms.unix;
diff --git a/pkgs/development/tools/build-managers/gradle/default.nix b/pkgs/development/tools/build-managers/gradle/default.nix
index 5e01438844c..a15eb275231 100644
--- a/pkgs/development/tools/build-managers/gradle/default.nix
+++ b/pkgs/development/tools/build-managers/gradle/default.nix
@@ -54,12 +54,12 @@ rec {
   gradle_latest = gradle_5_6;
 
   gradle_5_6 = gradleGen rec {
-    name = "gradle-5.6.1";
+    name = "gradle-5.6.4";
     nativeVersion = "0.18";
 
     src = fetchurl {
       url = "http://services.gradle.org/distributions/${name}-bin.zip";
-      sha256 = "04pccfcry5c59xwm6rr4r3baanwbfr5yrwhxv4r5v8z4414291h9";
+      sha256 = "1f3067073041bc44554d0efe5d402a33bc3d3c93cc39ab684f308586d732a80d";
     };
   };
 
diff --git a/pkgs/servers/monitoring/nagios/default.nix b/pkgs/servers/monitoring/nagios/default.nix
index 8df30645725..006d91ef74e 100644
--- a/pkgs/servers/monitoring/nagios/default.nix
+++ b/pkgs/servers/monitoring/nagios/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, perl, php, gd, libpng, zlib, unzip }:
+{ stdenv, fetchurl, perl, php, gd, libpng, zlib, unzip, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "nagios";
@@ -19,7 +19,17 @@ stdenv.mkDerivation rec {
   preInstall = ''
     substituteInPlace Makefile --replace '$(MAKE) install-basic' ""
   '';
-  installTargets = [ "install" "install-config" ];
+  installTargets = "install install-config";
+  postInstall = ''
+    # don't make default files use hardcoded paths to commands
+    sed -i 's@command_line *[^ ]*/\([^/]*\) @command_line \1 @'  $out/etc/objects/commands.cfg
+    sed -i 's@/usr/bin/@@g' $out/etc/objects/commands.cfg
+    sed -i 's@/bin/@@g' $out/etc/objects/commands.cfg
+  '';
+
+  passthru.tests = {
+    inherit (nixosTests) nagios;
+  };
 
   meta = {
     description = "A host, service and network monitoring program";
diff --git a/pkgs/tools/networking/shorewall/default.nix b/pkgs/tools/networking/shorewall/default.nix
new file mode 100644
index 00000000000..8e62aa735a4
--- /dev/null
+++ b/pkgs/tools/networking/shorewall/default.nix
@@ -0,0 +1,130 @@
+{ coreutils
+, ebtables
+, fetchurl
+, gnugrep
+, gnused
+, iproute
+, ipset
+, iptables
+, perl
+, perlPackages
+, stdenv
+, tree
+, utillinux
+}:
+let
+  PATH = stdenv.lib.concatStringsSep ":"
+           [ "${coreutils}/bin"
+             "${iproute}/bin"
+             "${iptables}/bin"
+             "${ipset}/bin"
+             "${ebtables}/bin"
+             "${utillinux}/bin"
+             "${gnugrep}/bin"
+             "${gnused}/bin"
+           ];
+in
+stdenv.mkDerivation rec {
+  pname = "shorewall";
+  version = "5.2.3.3";
+
+  srcs = [
+    (fetchurl {
+      url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-core-${version}.tar.bz2";
+      sha256 = "1gg2yfxzm3y9qqjrrg5nq2ggi1c6yfxx0s7fvwjw70b185mwa5p5";
+    })
+    (fetchurl {
+      url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-${version}.tar.bz2";
+      sha256 = "1ka70pa3s0cnvc83rlm57r05cdv9idnxnq0vmxi6nr7razak5f3b";
+    })
+    (fetchurl {
+      url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall6-${version}.tar.bz2";
+      sha256 = "0mhs4m6agwk082h1n69gnyfsjpycdd8215r4r9rzb3czs5xi087n";
+    })
+  ];
+  sourceRoot = ".";
+
+  buildInputs = [
+    coreutils
+    iproute
+    ipset
+    iptables
+    ebtables
+    utillinux
+    gnugrep
+    gnused
+    perl
+  ] ++ (with perlPackages; [
+    DigestSHA1
+  ]);
+  prePatch = ''
+    # Patch configure and install.sh files
+    patchShebangs .
+
+    # Remove hardcoded PATH
+    sed -i shorewall-core-${version}/lib.cli \
+        -e '/^ *PATH=.*/d'
+  '';
+  configurePhase = ''
+    shorewall-core-${version}/configure \
+      HOST=linux \
+      PREFIX=$out \
+      CONFDIR=\$PREFIX/etc-example \
+      SBINDIR=\$PREFIX/sbin \
+      SYSCONFDIR= \
+      SHAREDIR=\$PREFIX/share \
+      LIBEXECDIR=\$SHAREDIR \
+      PERLLIBDIR=\$SHAREDIR/shorewall \
+      MANDIR=$out/man \
+      VARLIB=/var/lib \
+      INITSOURCE= \
+      INITDIR= \
+      INITFILE= \
+      DEFAULT_PAGER=
+  '';
+  installPhase = ''
+    export DESTDIR=/
+    shorewall-core-${version}/install.sh
+
+    ln -s ../shorewall-core-${version}/shorewallrc shorewall-${version}/
+    shorewall-${version}/install.sh
+
+    ln -s ../shorewall-core-${version}/shorewallrc shorewall6-${version}/
+    shorewall6-${version}/install.sh
+
+    # Patch the example shorewall{,6}.conf in case it is included
+    # in services.shorewall{,6}.configs
+    sed -i $out/etc-example/shorewall/shorewall.conf \
+           $out/etc-example/shorewall6/shorewall6.conf \
+        -e 's|^LOGFILE=.*|LOGFILE=/var/log/shorewall.log|' \
+        -e 's|^PATH=.*|PATH=${PATH}|' \
+        -e 's|^PERL=.*|PERL=${perl}/bin/perl|' \
+        -e 's|^SHOREWALL_SHELL=.*|SHOREWALL_SHELL=${stdenv.shell}|'
+    sed -i $out/etc-example/shorewall6/shorewall6.conf \
+        -e 's|^CONFIG_PATH=.*|CONFIG_PATH=:''${CONFDIR}/shorewall6:''${SHAREDIR}/shorewall6:''${SHAREDIR}/shorewall|'
+    # FIXME: the default GEOIPDIR=/usr/share/xt_geoip/LE may require attention.
+
+    # Redirect CONFDIR to /etc where services.shorewall{,6}.configs
+    # will generate the config files.
+    sed -i $out/share/shorewall/shorewallrc \
+        -e 's~^CONFDIR=.*~CONFDIR=/etc~'
+  '';
+
+  meta = {
+    homepage = http://www.shorewall.net/;
+    description = "An IP gateway/firewall configuration tool for GNU/Linux";
+    longDescription = ''
+      Shorewall is a high-level tool for configuring Netfilter. You describe your
+      firewall/gateway requirements using entries in a set of configuration
+      files. Shorewall reads those configuration files and with the help of the
+      iptables, iptables-restore, ip and tc utilities, Shorewall configures
+      Netfilter and the Linux networking subsystem to match your requirements.
+      Shorewall can be used on a dedicated firewall system, a multi-function
+      gateway/router/server or on a standalone GNU/Linux system. Shorewall does
+      not use Netfilter's ipchains compatibility mode and can thus take
+      advantage of Netfilter's connection state tracking capabilities.
+    '';
+    license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2194fcbc56c..8c19ab0e8d0 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6285,6 +6285,8 @@ in
 
   shocco = callPackage ../tools/text/shocco { };
 
+  shorewall = callPackage ../tools/networking/shorewall { };
+
   shotwell = callPackage ../applications/graphics/shotwell { };
 
   shout = nodePackages.shout;