gentoo auto-resync : 02:02:2024 - 17:45:32

8 files changed, 116 insertions, 126 deletions

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index d30e52940ff0..f5741e8598e0 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index 9b62ccd6be07..7ab00d236d06 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -2,5 +2,7 @@ AUX ipset.confd-r1 666 BLAKE2B 852963fd27d11f58305f33cc9be84d5eabde73f5af4924d97
 AUX ipset.initd-r5 3375 BLAKE2B e548d1fecdb7785eacd7611881db589488c15871b9ba28bf6a6c3ba2cacddb0428b7a29426cdbefe23d3c060c5431155d9e75c14ea4e3cde889979aa111e745b SHA512 d6162f713609df66f9b30c179045fe96dfe6f85e6b13f53eaaba5d9d09bd082bf74749ef0ff5e97039658036370dfb49f16071765d3f7c3901fae540264ccf96
 AUX ipset.systemd-r1 492 BLAKE2B 78fd7b122e0fe08b36d36e736d18b7a5f0bf1aa78802f1bdc7abf69ad2ef9c0bcfb22ae84f8f6489aee6c147ee3c0be7ebfa600712bf6169940802466daf68ba SHA512 6574e48ce6b3c4f45122a8b387746793ceda62f68ec8b0f3f6f949f5650ab557f3f7eb75699e36d5bf04efbf39dc17e030cc44ea9d97891578d4c909669e6eb7
 DIST ipset-7.19.tar.bz2 686712 BLAKE2B 04290b94be471aedd732601e1dc147a066933606152beb76ba1a21283aa2e3f8b891fd9575db73f2af67b446fb77a0ca6b2432ae606440ac9e9bf80e41d1f640 SHA512 0f4252e6d967b0f130a2c7a0307b17c6b7d48336e86b2f838ea176f5faaa0c9bbbf273060906b43d91e9b38a9f33c18918e33d02292839a6bc321181d5d7f84e
+DIST ipset-7.20.tar.bz2 687123 BLAKE2B 24f44c887ba90379015d15d58351aedb80cc1d53638d0f4a868b1b6debec18e4c5336b626946bc7b3eb56c1b80d83ab236f287598f71e27bf44b9873dbb7eddf SHA512 d0b87ab889987a3febeaf3d73099a262aca86160878258b3bd1be064e52b55baa90601804b30ad3bbb363066c9fc1bbdfe8bc100414f801729215a892e186fc6
 EBUILD ipset-7.19-r1.ebuild 3379 BLAKE2B 4dd28ea10c1aa885af34b2892498dea9a4fc3a534d66455ae6b708fa2e144849be836a8ffe1906e137dc6e7fc438862a726612b056d72f7163575515007c9c1d SHA512 9266874bbc29d0806c4e49e2238541e6659db19ee950b81703a2a66ad1623e2f367034e67b731a654673ec7717abc495f969eef83cd3c26527606e7c6228562c
+EBUILD ipset-7.20.ebuild 3385 BLAKE2B f250967ad6bbdff6e45b79cdf82f6060fba71161b30c4f7cfac15aa9e000bbe02c6bdc75c939cb21b07331dc9f5a315064d79ed68edf59e777561db0d89db277 SHA512 afcfce175a75eb1264e21ca213b5ed64984ef27a3f0497367c725ebc6784b4ca2a0426e679068c49bf65e40093db38e726ccd26f8ed3018c83feebd2dc2dfc35
 MISC metadata.xml 475 BLAKE2B e1e06003a410249ed76d39b74ccbcd64b8572ff05f1c818729d787cecfb19cfa9c7e3463473688abc7a398efb908b0c7145bad88bbb7259e69f1b7d985584bcc SHA512 d0a3dca6593e8a62cbf5c325eb59b620137af8d8f5a463702c4d6ec102fd03b8adbbdcd9358777d0461f57a98d892d359d80b8f722d3f322f3d4766d762f6585
diff --git a/net-firewall/ipset/ipset-7.20.ebuild b/net-firewall/ipset/ipset-7.20.ebuild
new file mode 100644
index 000000000000..f1a25f936d47
--- /dev/null
+++ b/net-firewall/ipset/ipset-7.20.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MODULES_OPTIONAL_IUSE=modules
+inherit autotools bash-completion-r1 linux-mod-r1 systemd
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/"
+SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+
+RDEPEND="
+	net-firewall/iptables
+	net-libs/libmnl:=
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+pkg_setup() {
+	get_version
+	CONFIG_CHECK="NETFILTER"
+	ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+	CONFIG_CHECK+=" NETFILTER_NETLINK"
+	ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
+	# It does still build without NET_NS, but it may be needed in future.
+	#CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+	#ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+	CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+	ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
+
+	build_modules=0
+	if use modules; then
+		if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+			if linux_chkconfig_present "IP_NF_SET" || \
+				linux_chkconfig_present "IP_SET"; then #274577
+				eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+				eerror "Please either build ipset with modules USE flag disabled"
+				eerror "or rebuild kernel without IP_SET support and make sure"
+				eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+				die "USE=modules and in-kernel ipset support detected."
+			else
+				einfo "Modular kernel detected. Gonna build kernel modules..."
+				build_modules=1
+			fi
+		else
+			eerror "Nonmodular kernel detected, but USE=modules. Either build"
+			eerror "modular kernel (without IP_SET) or disable USE=modules"
+			die "Nonmodular kernel detected, will not build kernel modules"
+		fi
+	fi
+
+	[[ ${build_modules} -eq 1 ]] && linux-mod-r1_pkg_setup
+}
+
+src_configure() {
+	export bashcompdir="$(get_bashcompdir)"
+
+	econf \
+		--enable-bashcompl \
+		$(use_with modules kmod) \
+		--with-maxsets=${IP_NF_SET_MAX} \
+		--with-ksource="${KV_DIR}" \
+		--with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+	einfo "Building userspace"
+
+	local modlist=( xt_set=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/:
+					em_ipset=kernel/net/sched:"${S}":kernel/net/sched/:modules )
+
+	for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
+		modlist+=( ${i}=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/ipset )
+	done
+
+	emake
+
+	if [[ ${build_modules} -eq 1 ]]; then
+		einfo "Building kernel modules"
+		linux-mod-r1_src_compile
+	fi
+}
+
+src_install() {
+	einfo "Installing userspace"
+	default
+
+	find "${ED}" -name '*.la' -delete || die
+
+	newinitd "${FILESDIR}"/ipset.initd-r5 ${PN}
+	newconfd "${FILESDIR}"/ipset.confd-r1 ${PN}
+	systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service
+	keepdir /var/lib/ipset
+
+	if [[ ${build_modules} -eq 1 ]]; then
+		einfo "Installing kernel modules"
+		linux-mod-r1_src_install
+	fi
+}
diff --git a/net-firewall/sanewall/Manifest b/net-firewall/sanewall/Manifest
deleted file mode 100644
index a4a00faa9e9b..000000000000
--- a/net-firewall/sanewall/Manifest
+++ /dev/null
@@ -1,5 +0,0 @@
-AUX sanewall.confd 120 BLAKE2B e2b3da4e1b3106641d8bab89ee61597e25b4a3f8f87fc6586de77d46eaed8bb108044c0f32c1f079a6068a94ed496c02cf9368433261f6b6755a277fce613f6c SHA512 5b8468d6e167ab00e37481618650f4844cb186465097a3cbca8a462940f324d50447d464d8db58666c77909231c3d664022bd7979501d3496ad627bf726cfa7e
-AUX sanewall.initd 1051 BLAKE2B 3b5523d5c0b779aa76154ab0ab14f5c43bb742df68ea3bee6649c9fa3a7b089dbf7ffcea60cc27e8f2d80262197107f630ed0dec3862cd084ba75431f11a44d5 SHA512 2272e7ee2a7d2c0bf97d1fdfb0cfd2b271626d8934545fca20c1c3757b4b90f5f715417c0e2d48e900a12a4d72a5fb0005294ef753b3c1b1ed8d5f217da7f571
-DIST sanewall-1.1.6.tar.xz 585316 BLAKE2B 027454da387d251af8268e38a97a7a1c7ee82a95429059ecdae23453a7c31676c5afb0b0f9bbdc4ed60f879479070fb8a057b3a5914290d768736abd1f46cadd SHA512 73260197b88816e90b15fc244a5940c290ec99c82eb8e50338b4f0f88710900c8cd18920c6f319205e527859c0696da28798428ab04b03c7f355c1d8ba6f7ca0
-EBUILD sanewall-1.1.6-r4.ebuild 1446 BLAKE2B 222a29899c98a16b1190e1ecfc16d1bc11df69c041df941d0c99fbc4126f1626db87898a6707fac83e98622bdb4c26a7beebbb058065b9bddb8a63c06bedd189 SHA512 39773032845206c36786df2dd65a996a506cf752baf6717777334f55a35c9028962e9737aa958e941fd612d7620b2a2af210dd82959a3ba99d3f0411a561b733
-MISC metadata.xml 167 BLAKE2B 868e3b584722eaacf68273db062bb773d8c7e5d7ab2b81ca7e8397643bf7cc106c3a1033594401c99c54f667bb45d6b73f9048fc335580bbd44b4589ad26a832 SHA512 30caadd1496c3b9969136038239a1d8e01f236726b4022c2d7e19ca7575f25f735e556835e581afbf44fbd3e4104c40f2b5ef5fa70118d75c881fdf871962d0a
diff --git a/net-firewall/sanewall/files/sanewall.confd b/net-firewall/sanewall/files/sanewall.confd
deleted file mode 100644
index 2193b04d49bf..000000000000
--- a/net-firewall/sanewall/files/sanewall.confd
+++ /dev/null
@@ -1,5 +0,0 @@
-# location of sanewall config
-SANEWALL_CONFIG="/etc/sanewall/sanewall.conf"
-
-# arguments for sanewall
-#SANEWALL_OPTS=""
diff --git a/net-firewall/sanewall/files/sanewall.initd b/net-firewall/sanewall/files/sanewall.initd
deleted file mode 100644
index c13d2df106ad..000000000000
--- a/net-firewall/sanewall/files/sanewall.initd
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="save panic try"
-extra_started_commands="reload"
-
-depend() {
-	need localmount
-	after bootmisc
-	before net
-	provide firewall
-}
-
-start_pre() {
-	if [ ! -f ${SANEWALL_CONFIG} ]; then
-		eerror "Not starting sanewall, missing config file ${SANEWALL_CONFIG}."
-		return 1
-	fi
-}
-
-start() {
-	ebegin "Starting sanewall"
-	/usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} start >/dev/null
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping sanewall"
-	/usr/sbin/sanewall ${SANEWALL_OPTS} stop >/dev/null
-	eend $?
-}
-
-try() {
-	ebegin "Trying sanewall configuration"
-	/usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} try
-	eend $?
-}
-
-status() {
-	ebegin "Showing sanewall status"
-	/usr/sbin/sanewall ${SANEWALL_OPTS} status
-	eend $?
-}
-
-panic() {
-	ebegin "sanewall panic"
-	/usr/sbin/sanewall ${SANEWALL_OPTS} panic
-	eend $?
-}
-
-save() {
-	ebegin "Saving sanewall configuration"
-	/usr/sbin/sanewall ${SANEWALL_OPTS} save
-	eend $?
-}
diff --git a/net-firewall/sanewall/metadata.xml b/net-firewall/sanewall/metadata.xml
deleted file mode 100644
index 85e4ed814fa2..000000000000
--- a/net-firewall/sanewall/metadata.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<!-- maintainer-needed -->
-</pkgmetadata>
diff --git a/net-firewall/sanewall/sanewall-1.1.6-r4.ebuild b/net-firewall/sanewall/sanewall-1.1.6-r4.ebuild
deleted file mode 100644
index 3381cbed5e8b..000000000000
--- a/net-firewall/sanewall/sanewall-1.1.6-r4.ebuild
+++ /dev/null
@@ -1,55 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit linux-info
-
-DESCRIPTION="iptables firewall generator (fork of firehol)"
-HOMEPAGE="https://www.sanewall.org"
-SRC_URI="https://download.sanewall.org/releases/${PV}/${P}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-
-RDEPEND="
-	net-firewall/iptables[ipv6(+)]
-	sys-apps/iproute2[-minimal]
-	sys-apps/kmod[tools]
-	sys-apps/net-tools
-	|| (
-		net-misc/wget
-		net-misc/curl
-	)
-"
-DEPEND=""
-
-pkg_setup() {
-	local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \
-		~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \
-		~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \
-		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER"
-
-	get_version
-	if [[ ${KV_PATCH} -ge 25 ]] ; then
-		CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}"
-	else
-		CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}"
-	fi
-	linux-info_pkg_setup
-}
-
-src_install() {
-	default
-	newconfd "${FILESDIR}"/${PN}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}.initd ${PN}
-}
-
-pkg_postinst() {
-	# install default configuration if it doesn't exist
-	if [[ ! -e "${ROOT}"/etc/${PN}/${PN}.conf ]] ; then
-		einfo "Installing a sample configuration to ${ROOT}/etc/${PN}/${PN}.conf"
-		cp "${ROOT}"/etc/${PN}/${PN}.conf.example "${ROOT}"/etc/${PN}/${PN}.conf || die
-	fi
-}