Move towards custom packages.

Change the build image process in a way that custom-built packages
can be utilized.  This means a simpler `Makefile` since every
modification is implemented on the level of packages.  Include the
sources for every customized package.

5 files changed, 235 insertions, 0 deletions

diff --git a/aports/iptables/APKBUILD b/aports/iptables/APKBUILD
new file mode 100644
index 0000000..b5428a5
--- /dev/null
+++ b/aports/iptables/APKBUILD
@@ -0,0 +1,68 @@
+# Maintainer: Gabor Pali <pali.gabor@gmail.com>
+
+pkgname=iptables
+pkgver=1.8.7
+pkgrel=1
+pkgdesc="Linux kernel firewall, NAT and packet mangling tools"
+url="https://www.netfilter.org/projects/iptables/index.html"
+arch="all"
+license="GPL-2.0-or-later"
+makedepends="libnftnl-dev bison flex autoconf automake"
+source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.bz2
+	iptables.initd
+	iptables.confd
+	iptables.rules-save
+	ip6tables.confd
+	"
+
+build() {
+	export CFLAGS="$CFLAGS -D_GNU_SOURCE"
+	./configure \
+		--build="$CBUILD" \
+		--host="$CHOST" \
+		--prefix=/usr \
+		--sbindir=/sbin \
+		--sysconfdir=/etc \
+		--mandir=/tmp \
+		--without-kernel \
+		--without-pkgconfig \
+		--enable-libipq \
+		--enable-shared
+
+	# do not use rpath
+	sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+	sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+	make
+}
+
+package() {
+	make -j1 install DESTDIR="$pkgdir"
+
+	rm -rf "$pkgdir"/tmp \
+		"$pkgdir"/usr/bin \
+		"$pkgdir"/usr/include \
+		"$pkgdir"/sbin/ebtables* \
+		"$pkgdir"/sbin/arptables* \
+		"$pkgdir"/usr/lib/pkgconfig
+
+	mkdir -p "$pkgdir"/usr/lib \
+		"$pkgdir"/var/lib/iptables \
+		"$pkgdir"/etc/iptables
+
+	install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables
+	install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables
+
+	install -D -m644 "$srcdir"/iptables.rules-save "$pkgdir"/etc/iptables/rules-save
+
+	install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/ip6tables
+	install -D -m644 "$srcdir"/ip6tables.confd "$pkgdir"/etc/conf.d/ip6tables
+}
+
+sha512sums="
+c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75  iptables-1.8.7.tar.bz2
+a37c17a5382c756fcfb183af73af2283f0d09932c5a767241cbab5d784738f6f587f287a0cdf13b4fa74724ecd3a2063a9689ccee84c1bda02e730f63480f74d  iptables.initd
+258ad0341381f251ef9b278c09d8a794c6e4bfc067950d5770539d3beabf8702a5be9a8a3418c849b9707f4b33a55eabef5594ccc290c9b9c7dc5fcad1ed80a5  iptables.confd
+382e1ce634aca598891b8f7cf8d1a91bb485a845cc65a92f85ff29f953b629c2f001c3d38bd18928ae89d53b4877eb993236a538e82a94e0089483e50fbda66f  iptables.rules-save
+0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4  ip6tables.confd
+"
diff --git a/aports/iptables/ip6tables.confd b/aports/iptables/ip6tables.confd
new file mode 100644
index 0000000..1fa63f3
--- /dev/null
+++ b/aports/iptables/ip6tables.confd
@@ -0,0 +1,14 @@
+# /etc/conf.d/ip6tables
+
+# Location in which ip6tables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/etc/iptables/rules6-save"
+
+# Options to pass to ip6tables-save and ip6tables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# Enable/disable IPv6 forwarding with the rules
+IPFORWARD="no"
diff --git a/aports/iptables/iptables.confd b/aports/iptables/iptables.confd
new file mode 100644
index 0000000..6e356ef
--- /dev/null
+++ b/aports/iptables/iptables.confd
@@ -0,0 +1,4 @@
+IPTABLES_SAVE="/etc/iptables/rules-save"
+SAVE_RESTORE_OPTIONS="-c"
+SAVE_ON_STOP="no"
+IPFORWARD="yes"
diff --git a/aports/iptables/iptables.initd b/aports/iptables/iptables.initd
new file mode 100644
index 0000000..0f906ee
--- /dev/null
+++ b/aports/iptables/iptables.initd
@@ -0,0 +1,135 @@
+#!/sbin/openrc-run
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.11.init,v 1.2 2011/12/04 10:15:59 swegener Exp $
+
+description="IPv4/IPv6 packet filtering and NAT"
+description_save="Save firewall state"
+description_panic="Drop all packets"
+description_reload="Reload configuration"
+
+extra_commands="save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
+	iptables_name="iptables"
+fi
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE}
+		   sysctl_ipfwd=net.ipv4.ip_forward;;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE}
+		   sysctl_ipfwd=net.ipv6.conf.all.forwarding;;
+esac
+
+depend() {
+	before net
+	after sysctl
+	use logger
+	provide firewall
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -w 5 -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+	if yesno "${IPFORWARD}"; then
+		ebegin "Enabling forwarding"
+		/sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null
+		eend $?
+	fi
+}
+
+stop() {
+	if yesno "${IPFORWARD}"; then
+		ebegin "Disabling forwarding"
+		/sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null
+		eend $?
+	fi
+	if yesno "${SAVE_ON_STOP}"; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -w 5 -F -t $a
+		${iptables_bin} -w 5 -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -w 5 -F -t $a
+		${iptables_bin} -w 5 -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	checkpath -fm 0600 "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	if service_started ${iptables_name}; then
+		rc-service ${iptables_name} stop
+	fi
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -w 5 -F -t $a
+		${iptables_bin} -w 5 -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/aports/iptables/iptables.rules-save b/aports/iptables/iptables.rules-save
new file mode 100644
index 0000000..326a7a8
--- /dev/null
+++ b/aports/iptables/iptables.rules-save
@@ -0,0 +1,14 @@
+*filter
+:INPUT ACCEPT [24:1728]
+:FORWARD ACCEPT [480:181212]
+:OUTPUT ACCEPT [27:2041]
+[377:71090] -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+[51:4670] -A FORWARD -i eth0 -o wlan0 -j ACCEPT
+COMMIT
+*nat
+:PREROUTING ACCEPT [64:6167]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [3:174]
+:POSTROUTING ACCEPT [3:174]
+[51:4670] -A POSTROUTING -o wlan0 -j MASQUERADE
+COMMIT