diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-03-20 00:35:55 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-03-20 00:35:55 +0000 |
commit | 84be07a71d5002585ac714a892bbfd57f3091b4e (patch) | |
tree | 0fe24d663efe493f7c44c5dea33b63bb2364e706 /net-firewall/nftables/nftables-9999.ebuild | |
parent | 810f2cdadf662a6bfaaed425b6ecd216a301cd3d (diff) |
gentoo auto-resync : 20:03:2023 - 00:35:55
Diffstat (limited to 'net-firewall/nftables/nftables-9999.ebuild')
-rw-r--r-- | net-firewall/nftables/nftables-9999.ebuild | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild index f9713c4a95f6..13ecec61248b 100644 --- a/net-firewall/nftables/nftables-9999.ebuild +++ b/net-firewall/nftables/nftables-9999.ebuild @@ -34,7 +34,7 @@ RESTRICT="!test? ( test )" RDEPEND=" >=net-libs/libmnl-1.0.4:= - >=net-libs/libnftnl-1.2.4:= + >=net-libs/libnftnl-1.2.5:= gmp? ( dev-libs/gmp:= ) json? ( dev-libs/jansson:= ) python? ( ${PYTHON_DEPS} ) @@ -170,28 +170,28 @@ src_install() { pkg_preinst() { local stderr - # There's a history of regressions with nftables upgrades. Add a safety - # check to help us spot them earlier. - if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then - # Check the current loaded ruleset, if any, using the newly - # built instance of nft(8). - if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then - # Report errors induced by trying to list the ruleset - # but don't treat them as being fatal. - printf '%s\n' "${stderr}" >&2 - elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then - # Rulesets generated by iptables-nft are special in - # nature and will not always be printed in a way that - # constitutes a valid syntax for ntf(8). Ignore them. - return - elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then - eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" - eerror "nft. This probably means that there is a regression introduced by v${PV}." - eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" - - if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then - die "Aborting because of failed nft reload!" - fi + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" fi fi } |