diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-12-15 18:09:03 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-12-15 18:09:03 +0000 |
commit | 7bc9c63c9da678a7e6fceb095d56c634afd22c56 (patch) | |
tree | 4a67d50a439e9af63947e5f8b6ba3719af98b6c9 /net-firewall | |
parent | b284a3168fa91a038925d2ecf5e4791011ea5e7d (diff) |
gentoo resync : 15.12.2019
Diffstat (limited to 'net-firewall')
26 files changed, 686 insertions, 50 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz Binary files differindex f768f8681bc5..144e30087ba3 100644 --- a/net-firewall/Manifest.gz +++ b/net-firewall/Manifest.gz diff --git a/net-firewall/arptables/Manifest b/net-firewall/arptables/Manifest index d278b4334697..7455c5b7fce4 100644 --- a/net-firewall/arptables/Manifest +++ b/net-firewall/arptables/Manifest @@ -1,3 +1,5 @@ +DIST arptables-0.0.5.tar.gz 52247 BLAKE2B 860aac1af315f188ecb7f17956f9225c2a9ec007882d102be8edc9fecc9400928f4200e95283f0ecc27c4c3ae0b409887445ed79a330cef2e2d00444db83c01f SHA512 fe7f909b45a1bdc435a8307352fe2dc9c292bb7c6cf4a4d13cc2728f447b3da14a07a4dd6dc25b7872895e4e26561681f1fed25ce517102ae762701bcbcbf104 DIST arptables-v0.0.4.tar.gz 45380 BLAKE2B a256aa280aa65fae8c5b17477fedb3fed4973e8d76746d5832184858b77111eb22bec63211a1ddfb74d25bdc23b0f237caf5ac7effa85433d0f63c51e23a3ef1 SHA512 bd84e93ab5e0a038753aa17dae9e1f48364f2d2b1492dce2edac117e21edd5aa912be7b9e21bf4fb3698031d2f765a75fa067fe10ce20a1c8951ae7efcc5dbbd EBUILD arptables-0.0.4.ebuild 767 BLAKE2B 643669923fb19fe90de6eed8acbba68e113cdd8572c025d694c2672fb053f71837980e88bd0991d7bc55376dbc785d72f1c51e8a2603831dfe4484463f8b7d6c SHA512 8e731f2562f779bb89abacb1de3fb7083959ef7b322c81186273f995f07b0cbbc7f30f5cece5118a4510f9a3914d4800f6b167c26e0098203adde3d02dfea557 +EBUILD arptables-0.0.5.ebuild 857 BLAKE2B d21755c0c819e5fe3e2884bfbffd0b9ec3798a23617c44fced54694d1ad554cc8135b3115e4222558f70d678f6dc21138e68d22ccbca11ce44866b9110f919bb SHA512 cc04fcf591915be667f54bf7a79d51c919d8b69cd58d06d819fd963a6195c65093ca7425a8ea08e789778e1750f3cc370cfcaedf8dc6a7dce5afe0e93b542421 MISC metadata.xml 335 BLAKE2B 322b571e61e782fd11e8ddabf27e3c58827d150770bcc7f8c512564012d1cd927c5c518491f8546a64a38432ff0ffd1f06f0d52b54fdcd5f6cd96ef13b702de2 SHA512 840c9d22c1e29b4ddfd6b230e293766fb4b6d5cefc9a5839765629fa33adbddbaa3157d12be851e458030406af95c8e3356577fd20c0f876b43153e89ae298df diff --git a/net-firewall/arptables/arptables-0.0.5.ebuild b/net-firewall/arptables/arptables-0.0.5.ebuild new file mode 100644 index 000000000000..8484f81cf19b --- /dev/null +++ b/net-firewall/arptables/arptables-0.0.5.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs + +DESCRIPTION="set up, maintain, and inspect the tables of ARP rules in the Linux kernel" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +src_compile() { + # -O0 does not work and at least -O2 is required, bug #240752 + emake CC="$(tc-getCC)" COPT_FLAGS="-O2 ${CFLAGS//-O0/-O2}" + sed -e 's:__EXEC_PATH__:/sbin:g' \ + -i arptables-save arptables-restore || die "sed failed" +} + +src_install() { + emake \ + PREFIX="${ED}"/ \ + LIBDIR="${ED}/$(get_libdir)" \ + SYSCONFIGDIR="${ED}"/etc \ + MANDIR="${ED}"/usr/share/man \ + install + + dosym arptables-legacy /sbin/arptables + newman arptables-legacy.8 arptables.8 +} diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest index c47a3fe3d495..e065ec9e42d9 100644 --- a/net-firewall/ebtables/Manifest +++ b/net-firewall/ebtables/Manifest @@ -1,8 +1,13 @@ +AUX ebtables-2.0.11-ebt-save.patch 865 BLAKE2B 39ba29e026ad8f7fa825546cbb106b120a018c7763018ef588968238b09c30040d1d1b11e33fddcfc1e4ff425c4c3928dee0f5a1061e97cc1142c18ce08763e8 SHA512 b059fa5c67e4ec36537e361f0924153fadec482604039f6fd09ab5c1dbd518da0f8e0fd4ccba00d1952cf66136377e357f06a5669746ff42d031f32a211457b5 +AUX ebtables-2.0.11-makefile.patch 495 BLAKE2B 213fe84dcdb82b55e074ba7015b8cf20213fe4ece62a493acf0533c46b70369165d0dd1974a1e14f82e8ce946450e9a3d8968886c93f7c3f9cbcf1386602b52e SHA512 f61d8f07e3276aa6a8d4ae9bb91b4bc227390d25b9822ed3e70e9a07f4da60b7c5262617f291d602c6bb55f5869f090ebe5ee41ba23c19d860260afd1d95d9b2 +AUX ebtables-2.0.11-remove-stray-atsign.patch 1120 BLAKE2B 14bac4aec87d44e5ca166418abf39368f7b7e45922d8371f6dd469a2d1963fef7c9f8d960c78d72153d9b4f307491f8498a0460b4d150468f8848c3dd4b973bf SHA512 8094f6aee009880c79e8476d29dcb90c1682922f27ed7ab0a4ae7175e7efc46f035d228586895f4e6793876f944010abd72ee7102be31962bd832070be7db14e AUX ebtables-2.0.8.1-ebt-save.diff 1089 BLAKE2B bf3c12e0849823dd48aa6cd627ffc463588f6b62c841723f12dd5a7903830fc0e214d18ff74ec7162de23dd7b176b6f875cb7f88153b5200cd876b9ff2d47cd8 SHA512 904cb936ca6fc39dc4fa6e287ef70df9e1dacbd9dc464f839f25213f5525d4020f819dd893b784c5f611f1185c05ffbaa49423afcd6db2ef328950408a07e6a7 AUX ebtables.confd-r1 288 BLAKE2B 72e0ad40f53058f1ede8a4d049badde04e69e307e9c24ffe5cdc7f61d918b0e1b3296f793c4dd46389b2dee69ad4730f563bd3891569612d7f9f8c7b39641a84 SHA512 088308eba077fcec35299c8aaad0492024173504a361c2ba7e29dce106888a78c72818a791f3d3655aed3f6df26a3319c42e2b2c54760cdbad036d46b89b97f3 AUX ebtables.initd-r1 1990 BLAKE2B 04587ed7130a48609815974cb8fa6eff86013cb50d02b944424ebc3c578bb2257241878e7d86b46eba16bdc8a96b2dec1f21a7d80a6e51bafd82cf264824265a SHA512 ceceaf33d6f6bfa89a5d81932e3ec76a26d09d67150efd3de587520ea47984f618d4fc55e799c58a2e5e236caec5bd81e2fde31a7e5aa328e629cdabbd29339b +DIST ebtables-2.0.11.tar.gz 428411 BLAKE2B 62af4c38ad21498e43f41ef96c8abb5704e8d8a48f1327c587b664f36fdfa9849a9a37e59958db56d38019465d8bf1775914f7387fde99a441615913702cf504 SHA512 43a04c6174c8028c501591ef260526297e0f018016f226e2a3bcf80766fddf53d4605c347554d6da7c4ab5e2131584a18da20916ffddcbf2d26ac93b00c5777f DIST ebtables-v2.0.10-4.tar.gz 103764 BLAKE2B 01995c701c6dbc7495bdf1f0fce61dce51a379dd1a304d2a5174e0190c040ee958833c65be9fd9d6a7601a2f81461ce1f2e9db989081b4fe7dabc5bfcecd57d6 SHA512 a6832453812eaede3fcbb5b4cab5902ea1ea752a80a259eed276a01b61e2afaa6cf07d3d023d86a883f9a02505aecc44a1c6e0d27b3a61f341002e4c051cd60a EBUILD ebtables-2.0.10.4-r1.ebuild 1914 BLAKE2B 799fe8c074cb8ad34821007296c192345925f66645bcf52f584aabcbac9099f98214a6cf80b1f31e8d55f58ab894d2ba4bd975ff4f710848afa88ade2817749e SHA512 a57f925dae0e290422cd79944963510de853b19b81eacc219aacfdd00f5a456f6b5f18c4cbf71c8d7129f317f33d71709fb6d5d3c5712f11115acd3c1eff93fa EBUILD ebtables-2.0.10.4-r2.ebuild 1888 BLAKE2B 59fb0004f531ea9a19e3fd6fcb6d4b11c9345d04e3c5692a8a6028f343e8a4d02b4b9f4a3a0d5bdda280519218b80dfb97726f91c6eb78387521538784f28dc9 SHA512 f3464a20c8b33fb55931efd5fb86e4edece9f3c8243f6b15c008c0d100953385fb6f915073055e9d481b6ba8e12d6a67c96d378783474178aaff112f0f5b3675 EBUILD ebtables-2.0.10.4.ebuild 1755 BLAKE2B 4801b2df1f8dfa4db9c9ea4fe5fea274487b999247ec48c0c2da6123883dc50b60c85738f4a1fda5d164e05018eafb9b5cc78123a3761c5adcefb729633dc188 SHA512 b4b9dada0a1179c7e3df58fefb49a34f85fcc05b184c003c261f58e6394b5006633bf5a7e9ae7a94fc0b49df82569999e0f59178296e38f6856fa1e72f5d52fa +EBUILD ebtables-2.0.11.ebuild 2079 BLAKE2B 7cc66b495b80ce0c8558ce572b2a91eda992a3e824fc83775e0ce560e6a3e28fdc5db5215de13677fba546f80bc1207d3aa9c8fe0270b06a6ea423caec490854 SHA512 984657371347bd80238ba4ec68dc4538baa901a7919206a65e29f084297f0726b1490ee110e75f0e6fdaba80bc3677cc2f212fb8e5f34093292ba2f9bceaae18 MISC metadata.xml 426 BLAKE2B 24e49caa32476577c848484c9b0749742b3eed3dfb80b67a6c595abcce49081bfa2d50d37a22624754fa06e76cc9bc4af2ac755a0b9c562d696a32e8dbcf4a2f SHA512 77ff48216c32448cf2e2aa580f0b3afd6de7aa9bda2c2379c89f77282c417d385bb8c3d3218cf6d30021e472163bc8f2b450f0e43d944adb336f49fb695ba231 diff --git a/net-firewall/ebtables/ebtables-2.0.11.ebuild b/net-firewall/ebtables/ebtables-2.0.11.ebuild new file mode 100644 index 000000000000..fc30080735cc --- /dev/null +++ b/net-firewall/ebtables/ebtables-2.0.11.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs autotools + +MY_PV="$(ver_rs 3 '-' )" +MY_P="${PN}-${MY_PV}" + +DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" +IUSE="+perl static" + +# The ebtables-save script is written in perl. +RDEPEND="perl? ( dev-lang/perl ) + net-misc/ethertypes" + +PATCHES=( + "${FILESDIR}/${PN}-2.0.11-makefile.patch" + + # Enhance ebtables-save to take table names as parameters bug #189315 + "${FILESDIR}/${PN}-2.0.11-ebt-save.patch" + + # from upstream git + "${FILESDIR}/ebtables-2.0.11-remove-stray-atsign.patch" +) + +pkg_setup() { + if use static; then + ewarn "You've chosen static build which is useful for embedded devices." + ewarn "It has no init script. Make sure that's really what you want." + fi +} + +src_prepare() { + default + + # don't install perl scripts if USE=perl is disabled + if ! use perl; then + sed -e '/sbin_SCRIPTS/ d' -i Makefile.am || die + fi + + eautoreconf +} + +src_configure() { + econf \ + --bindir="/bin" \ + --sbindir="/sbin" \ + --libdir=/$(get_libdir)/${PN} \ + --sysconfdir="/usr/share/doc/${PF}" \ + $(use_enable static) +} + +src_compile() { + emake $(usex static 'static ebtables-legacy.8' '') +} + +src_install() { + local -a DOCS=( ChangeLog THANKS ) + + if ! use static; then + emake DESTDIR="${D}" install + keepdir /var/lib/ebtables/ + newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables + newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables + + # symlink -legacy binaries to original names + local ext + for ext in '' -{save,restore}; do + local prog="${PN}-legacy${ext}" + [[ -f ${ED}/sbin/${prog} ]] && dosym ${prog} /sbin/${PN}${ext} + done + + find "${D}" -name '*.la' -type f -delete || die + else + into / + newsbin static ebtables + insinto /etc + doins ethertypes + fi + + newman ebtables-legacy.8 ebtables.8 + einstalldocs +} diff --git a/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch b/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch new file mode 100644 index 000000000000..7cfe128babf4 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch @@ -0,0 +1,26 @@ +diff --git a/ebtables-save.in b/ebtables-save.in +index 17924a2..c7a64c3 100644 +--- a/ebtables-save.in ++++ b/ebtables-save.in +@@ -12,6 +12,7 @@ my $ebtables = "@sbindir@/ebtables"; + my $cnt = ""; + my $version = "1.0"; + my $table_name; ++my @table_names; + + # ======================================================== + # Process filter table +@@ -49,6 +50,13 @@ sub process_table { + } + # ======================================================== + ++if ($#ARGV + 1 == 0) { ++ @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`); ++} ++else { ++ @table_names = @ARGV; ++} ++# ======================================================== + unless (-x $ebtables) { exit -1 }; + print "# Generated by ebtables-save v$version (legacy) on " . `date`; + if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") { diff --git a/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch b/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch new file mode 100644 index 000000000000..dc9be9e7d6c4 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile.am b/Makefile.am +index 6181003..de01139 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -50,7 +50,7 @@ ebtables_legacy_LDADD = libebtc.la + ebtablesd_LDADD = libebtc.la + ebtables_legacy_restore_SOURCES = ebtables-restore.c + ebtables_legacy_restore_LDADD = libebtc.la +-static_SOURCES = ebtables.c ++static_SOURCES = ebtables.c ebtables-standalone.c + static_LDFLAGS = -static + static_LDADD = libebtc.la + examples_ulog_test_ulog_SOURCES = examples/ulog/test_ulog.c getethertype.c diff --git a/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch b/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch new file mode 100644 index 000000000000..88f1d7296529 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch @@ -0,0 +1,32 @@ +From 7d00e58157bc61168a057cde91a6e5b54dca573b Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt <jengelh@inai.de> +Date: Mon, 2 Dec 2019 20:52:04 +0100 +Subject: build: remove stray @ sign in manpage + +Because the sed command was not matching the trailing @, it +was left in the manpage, leading to + +NAME + ebtables-legacy (2.0.11@) - Ethernet bridge frame table administration (legacy) + +Signed-off-by: Jan Engelhardt <jengelh@inai.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index b879941..6181003 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -64,6 +64,6 @@ ebtables-legacy-save: ebtables-save.in ${top_builddir}/config.status + ${AM_V_GEN}sed -e 's![@]sbindir@!${sbindir}!g' <$< >$@ + + ebtables-legacy.8: ebtables-legacy.8.in ${top_builddir}/config.status +- ${AM_V_GEN}sed -e 's![@]PACKAGE_VERSION!${PACKAGE_VERSION}!g' \ ++ ${AM_V_GEN}sed -e 's![@]PACKAGE_VERSION@!${PACKAGE_VERSION}!g' \ + -e 's![@]PACKAGE_DATE@!${PROGDATE}!g' \ + -e 's![@]LOCKFILE@!${LOCKFILE}!g' <$< >$@ +-- +cgit v1.2.1 + diff --git a/net-firewall/ferm/Manifest b/net-firewall/ferm/Manifest index c2b6ca40539c..5a56d386d4cc 100644 --- a/net-firewall/ferm/Manifest +++ b/net-firewall/ferm/Manifest @@ -1,5 +1,5 @@ DIST ferm-2.4.1.tar.xz 71324 BLAKE2B 290cd2f6fbb1ca1c1f060f998d84eaed2ba2a6ec8f736375a460a3ae81c6f5e67c174774065a09fbe155347f6dc1b7977321d65ac753f4c28f8a47cda8409dd8 SHA512 beea4b8dd04e00662ef380442f8249c2d2dadf6d35b90e415038df807c8d08295d2575efbf3265f48f5e92afa174135a9c662f74d52545dd3e1c55a1436aa5bb -DIST ferm-2.4.tar.gz 128776 BLAKE2B 0b7df0c38ed5d311c4cbeba7da02dd9a366161f542f24bcecb88584ea081e2815bcdaeaa9dd2731d12d7e3982cd4f2caad38def41a087451b783e1c7853f66c8 SHA512 0b36b95a5ebb4cd306f9ab84ea12ce16c15d56ecc70c895261c74310f2474946ec1e73d63e7cda5becbfa875091c1362c715226776793c5b6ed179bf543ab27e +DIST ferm-2.5.tar.xz 74052 BLAKE2B daaf7ca8d132fe03b61fdc36aeb4ebe21076928fddf08b7e5be78df80a5759b1947a1c0ee1eff2e92c739b3af64978883bcbb21c4ad0cca9c8556bf9ea2ed6ca SHA512 f456141c939aaac390b27893d88eb5d532139cbe7bc33dd794f6b09b31ff218990c6ba76f2817c531cefeb948d6ee51e4b7ee092492cd9e5e711f794e4005399 EBUILD ferm-2.4.1.ebuild 799 BLAKE2B 083bb55bc9a5d36c93ad542075115e0102354569917e647843a156fb416da6c3a5b46e64b855c83ecba42e7229e5979359484ae101ffd817ea46080cb8869b49 SHA512 b92cf64e621a7cfe7e4bb47b8016f30e34da39c62db1bc4087a5d0198a07c9f4c1add681724d9ec671317d3be3dcc9e23f18aa9895825613459f720f22ca4d35 -EBUILD ferm-2.4.ebuild 760 BLAKE2B 82735e1a66814888b5268c33a30e4a49da6fb6276bef089f2643765d8d04e31f86bd0b127a74e47fff53652ee615ee491b2b756847f3af366631da6364e3112e SHA512 b27bc01b9c69a416f26b9a4282e8d8602de4f3a2b2b596f5a675bddb6e85d7ed00a9c92fb0572dcd411fbfdda61db070b83de3b5e4846a70cb0e56ed350a1364 +EBUILD ferm-2.5.ebuild 802 BLAKE2B 62279cd71da030044ff6fbff6778b1805dbdee96513c507588e651142535ec60b9cc53dd81674722b750ee49d45179bd76cb75fe49b43a9a41605c9b9c04a39d SHA512 9f4405324bde7dd217294de973e58e1d7c36e3cfb9bd60af7163c01e8721f56852ec6a6df38f0e24a37b225237f5de238e5a529faafd22a234606afcb381a274 MISC metadata.xml 450 BLAKE2B a42e7896b2269a0fbb904ced374899d3a3b87d38cb08c0c6f55f570ff476d42ede3b9316b69a86a5d46b64c5d7050348efdb72c2e9b68440c4a991078ae56e42 SHA512 23ffc755aba9f3ce1acb92f3de86ec1f788bd868227b7ace77b3b7accfe891036da7e3e87254fc0bd693d7777e4c932b663e0b1118a8804b0ac2d63624a4ecac diff --git a/net-firewall/ferm/ferm-2.4.ebuild b/net-firewall/ferm/ferm-2.5.ebuild index 0bc4883a5218..532055e4fd1b 100644 --- a/net-firewall/ferm/ferm-2.4.ebuild +++ b/net-firewall/ferm/ferm-2.5.ebuild @@ -1,28 +1,29 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=7 inherit systemd DESCRIPTION="Command line util for managing firewall rules" HOMEPAGE="http://ferm.foo-projects.org/" -SRC_URI="http://ferm.foo-projects.org/download/${PV}/${P}.tar.gz" +SRC_URI="http://ferm.foo-projects.org/download/${PV}/${P}.tar.xz" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ppc x86" +KEYWORDS="~amd64 ~ppc ~x86" + +# Uses Internet connection while testing. +RESTRICT="test" # does not install any perl libs RDEPEND="dev-lang/perl:* net-firewall/iptables virtual/perl-File-Spec" -DOCS=( AUTHORS NEWS README TODO doc/ferm.txt examples/ ) +DOCS=( AUTHORS NEWS README.rst TODO doc/ferm.txt examples/ ) HTML_DOCS=( doc/ferm.html ) -src_compile() { :; } - src_install() { dosbin src/{,import-}ferm systemd_dounit ferm.service @@ -32,5 +33,5 @@ src_install() { } pkg_postinst() { - elog "See ${EROOT}usr/share/doc/${PF}/examples for sample configs" + elog "See ${EROOT}/usr/share/doc/${PF}/examples for sample configs" } diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest index 0830e59704f1..a56ce88032b8 100644 --- a/net-firewall/firehol/Manifest +++ b/net-firewall/firehol/Manifest @@ -4,4 +4,4 @@ AUX fireqos.confd 65 BLAKE2B 121c8df85e9c110e45633c84f3fd4ba9e006bb70dffbdee1507 AUX fireqos.initd 829 BLAKE2B f09905f02189f155455886dd1896a183f2f529d0737939a7065bb52b57870f22805e3e6c029510cc5b57b36e596eb829bcc7651c6a80657ff4e399acc542fa90 SHA512 8364537d3e10c68d309fc40f4b2f88a2a593c38fd6f134b1c09cf937be00f7d96eeba05c83824c9460367bf892a8f79547321784c8f8a4708f856df9a88693f4 DIST firehol-3.1.6.tar.xz 1484424 BLAKE2B aea45aa424b7b43ed0576916f52a785601a21489263c1b5c6abbf3b2b97db80bf2a2420ae8176cd55e335ab93c18a8209a47f467dba80a63cf2c319b3e3e27d8 SHA512 5ffa7e59d3f10a6c7d3f5b5ef9d93f1b2138063374a10cb0c1ac4e75578d6cf7755e154b51febf546563ba003f100af13f89bca3843b66a8d22b8fc2da3fadfe EBUILD firehol-3.1.6.ebuild 1431 BLAKE2B 914416fa6cc1a66da86a6e984d73296279bb7457bd39b1714e2a3633d123d734d52eb3367fa5b07f318d2ffa5714879fbec530b1268ee2b233985154651b94ce SHA512 c20b6f70f9c290acc2412cdeaeb6a69012558435bb52e1d6ec3c9aadc3017a6c06c1dd91a9d0bc7c1fed08155b88ba67c726691811a285215d8ddc86097aea6a -MISC metadata.xml 434 BLAKE2B 43111da215ea3d6d6af807ee1b629a3ff72dfefe15fa429a6ea5b112cbfb881d1bf848b50a266c32b820a7aec3e14e419c64657cc0a205c1e759c77b64a17b52 SHA512 9ab3275ada67cf2da92f07d9a332f098330caa81b0a7f5d17a321a03cf6b441e029efab9a8f3eaaff7d7181eb503721aa954c14e0a7982e4f35e16c8eaa57898 +MISC metadata.xml 464 BLAKE2B 67d0dfdaf7651eef96dcc00f6a89faf40593e79fa0885a85f27e3aefbfb4949648c0be652eaab8f1b38b4100e41a037c018677f81d3040dad0909c453fd49052 SHA512 5def437c908d4d5c76729fc8f50bd9a145a0c79d7154535ac9c39df585da4bf175b1b465690dbf05fb5536df97a9cbb2abaa0384fb45ebac5f53482d26a76607 diff --git a/net-firewall/firehol/metadata.xml b/net-firewall/firehol/metadata.xml index 1e8e9bca98d8..7a5ef45d7d60 100644 --- a/net-firewall/firehol/metadata.xml +++ b/net-firewall/firehol/metadata.xml @@ -1,8 +1,9 @@ -<?xml version='1.0' encoding='UTF-8'?> +<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person"> - <email>alonbl@gentoo.org</email> + <email>chewi@gentoo.org</email> + <name>James Le Cuirot</name> </maintainer> <upstream> <remote-id type="sourceforge">firehol</remote-id> diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest index 22272008b5bd..f49923886b40 100644 --- a/net-firewall/ipset/Manifest +++ b/net-firewall/ipset/Manifest @@ -1,5 +1,7 @@ +AUX ipset-7.4-fix-pkgconfig-dir.patch 287 BLAKE2B b12f88e3743e815f4f9af79674998f21d9c5428d5c6d78fa4a8b3eb21195ad52f4b544590a1bda5ec8a39bcb3c4e6b6a4920db481257c10ff572727954bbb960 SHA512 eb9d13725889f746098b549a1c18c5756edef5f0437a7a94bb746db7d9d98bb29bb4ae764a731aa5895660423a9ebb42d361b14f9c88879f9f48b78b45f684a3 AUX ipset.confd 588 BLAKE2B fb1b728c12953cb6d5009469eaeeb9e58e01dd76b6849ad554d545bab417e8614d6417be52c2079b961bc66e355cf27c697ac3b2e0fcd823f978c39d14c66264 SHA512 93e01873c3fb8ff5f4f78e04118a666a650e604a1ba2908309faab08aa140e0ca7a2e24fc5114a9e809d3dbe81e801fc9ad59d53e174014cae1f23719a2a8e3e AUX ipset.initd-r4 2997 BLAKE2B 9c376e1a5083829a1fc40bfcca192cad19644c8ba585c29018a55837c0788127963071de2a94a251288ee19a7308ba4d7d80f48f3bc1aba497489872f9810479 SHA512 0e674308ae51b5d65e8aba913ffece7e9233ff69b15086d5f35cd8b4e23e6ee08d6c233ed21b647a033039a9e268ee2cb01718ac9ebb548734c5996a8acb3961 +AUX ipset.systemd 476 BLAKE2B 6d536142066ab60fdec24bcb138976709f186c575a7958ad9e8f0762c5b473de6882dcbdb7fbe16c79840096806fb8472308647aaa5b26dec192f91f4a541174 SHA512 c537c8c1bacbf9f3eeedfa123b666ac4f3d71cca9e44e89c9dc0f95328e1ec6be9480927272bd69d06a59f1d22bf4dc117c092d187d950c3f72e31608ab27a08 DIST ipset-6.29.tar.bz2 542735 BLAKE2B 2229eb802597b38287f49cc2936a8be1afde2f638bd7212f86a52bc07d4121b7ff6b334ced2e1354bfdb652bcac81957b5204ac545a081dddfce07958c858fe4 SHA512 ce62c72c4cea1b52f069602a90fbffe9bcb12bf70f5b42d93cacb48e4b5d1192a13b18be45391c66a65421f41968e73416e16af25ae6ef19ba92bdbb2cd45ff3 DIST ipset-6.30.tar.bz2 544054 BLAKE2B eb9a6368436f0c4a813a6733b2122be975c752aee4d8ac9a2e7a02ebd2da372351c318cf1b0c06c1b389c523cd9572dfe1bff813e23a4e924391f9c7a946b75b SHA512 6299a6905fbbcc2dd7c2f07862af184fd3b63b586f7bf3af2de5a0cc692f4ec6ef57db64c3435c1acedd6c293570602dca8cfedcb197a00ec18517ced92dc903 DIST ipset-6.32.tar.bz2 544635 BLAKE2B 684354b0b24b15a657b21d44fa58b2cf7823f78d78ccd2b3f1c2d50b9e1396db6ed1414edb69102e3f82810d844ccd5eb738d1a968921b76b20e5d15c6ae5fb1 SHA512 7b0f5e7ef1a777ab70872aa52f658ff9516cb5de4c67c56d7f596eb88db03467d39b10ffc098441b4bfa4bb21a15f3c5f7f7f825300ce8efbacd767369ad43c7 @@ -7,6 +9,7 @@ DIST ipset-6.34.tar.bz2 547940 BLAKE2B a42ad1b0af07250ecae645424d6a9564f16a388da DIST ipset-6.38.tar.bz2 545568 BLAKE2B 14e526ba40f4912cd78d81831d072f9c9c159ac14169ffea8ce7325ee4839b80e28ef76405535e1b2aeaf2d0b7b3dde0f8a1ec42c7489cbc786282700d9d2b0f SHA512 ba8c45fa6b4df1b4af848d8c0c218fb449a50c79c48b1d1550dd3a188f82d320956bc483874730f917249d8650e50c3eedff66c24a68a136246fdbf6e1127d60 DIST ipset-7.0.tar.bz2 552144 BLAKE2B 722559409e0a617bc2e47a05023ff225a6c422d2847534ff8511611cf1e02451f0fde293eac3a1a6e49547b3e6d5f82dc130b08b7e42f8f9fad9d5908e3c29f4 SHA512 4d63351cd7c98a5662963d3301522c18644e14aeebf93ea15fb5f4e600e7ccc2040a0640fb6d776aa90ef296905d75630ec5f06e46f8521275befecf9705e669 DIST ipset-7.1.tar.bz2 669520 BLAKE2B 0737c4cd780f072dd6fcf67c58ebc8d5afefb33081240c25a972708185771cfad9f746b8ed5135b1e7fca4ce510ed707a7cfd641afc864210184a9998360e699 SHA512 eae9bd83f6675754af8ca443a82e0a1c9d47f60f6bf2a7a405a695223cc17063d5d4eb79428fe21a1f0a867109dfaf8ad8071b45e92191ec108b2cd2382fa854 +DIST ipset-7.4.tar.bz2 670906 BLAKE2B 46875264a4939294f2698149c5aa5793b5a3579da679db06041b702d2eb06b6060082e1d35bb98f54ffb25e77343ab39373c87d32de416db119b506083fa7391 SHA512 b155ced6be88aabd38c2402604bac37ba898aeae50c2d5a7d888d1b33b536b4551387826a4f76878ebb10e97ffaca08245b5ed8a5e3c431cc224b23cbb86a196 EBUILD ipset-6.29.ebuild 2961 BLAKE2B 0dc2faad4795f837c731bfb80a2925c0d7a6e4415130291330a042f0e5d7aa3ccfd0b553bd5ef838405d617d875623202b53b86e5da0d55da3f69dab923ee371 SHA512 c11c5a7b9c56b00d1ae60328d31c6415238b680329d2d1b7be591cd0d6c383029fe07e4305e6bb6e2780205bc4525c2f39bb106a6d3a8c542cf4ea8c00839ccd EBUILD ipset-6.30.ebuild 2888 BLAKE2B 05654ce7430037c17fd9ea5fd42804397750a9091bfdea063001001370c6264de3006af3853d60eca5a6ffa90cf509f83c8721d141b4f604cc45c25f29f27d52 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd EBUILD ipset-6.32.ebuild 2888 BLAKE2B 05654ce7430037c17fd9ea5fd42804397750a9091bfdea063001001370c6264de3006af3853d60eca5a6ffa90cf509f83c8721d141b4f604cc45c25f29f27d52 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd @@ -14,4 +17,5 @@ EBUILD ipset-6.34.ebuild 3007 BLAKE2B e39e4e2e8d31d333364ed22ba11db1e8dfac476716 EBUILD ipset-6.38.ebuild 3002 BLAKE2B 49d85c8124e1db1c32849fa056a89092f4f9c78472d8d9056910f40d511d5d8c8f78d4a41425c97ab984d522b2e159d5c40ef955a93e594ba7106bd36b63aa4c SHA512 4c7334ebcf925969cb58ed60365da59a48d32432519d82c812c6dbf613abfd408ec9f1f23b6e19cb2aa88c9e9ea5ca18befdf7bedf5ed8b2ec23ae6994875df6 EBUILD ipset-7.0.ebuild 3004 BLAKE2B a40d7f6bced82e0e5013ac9efc4c97c699e6190897991202b3f836537bbc84213b417a822a73f9ec405dbaed417874b3a4012c3d08c329b6d1b68e44d3b2cdeb SHA512 666ffa27fe1bcc6ddf674e3c72e922b72d4153c47d5d8a1d238f59e495d05111bfb795f32493256950bf3dff4a6856559039f77fc7d9a6fa6054298da7393f26 EBUILD ipset-7.1.ebuild 3004 BLAKE2B a40d7f6bced82e0e5013ac9efc4c97c699e6190897991202b3f836537bbc84213b417a822a73f9ec405dbaed417874b3a4012c3d08c329b6d1b68e44d3b2cdeb SHA512 666ffa27fe1bcc6ddf674e3c72e922b72d4153c47d5d8a1d238f59e495d05111bfb795f32493256950bf3dff4a6856559039f77fc7d9a6fa6054298da7393f26 -MISC metadata.xml 216 BLAKE2B 20531789dc11e43feee7ec315a0c1c7249fdf73764e29cb7d6db439826e9ff72f24a5cdb8eb7f1ab99bbb41fb6e4226874a1d1fa4185de52598602bb3b0479a3 SHA512 e881b59fe49746eb25ad66c258b41aba501e4eb563129093a3898ea970a20506e7898f7c355cfcf99605234962bf2c77c1309c258b9a2b84ee4302ccb71c9dbd +EBUILD ipset-7.4.ebuild 3235 BLAKE2B 3d0cef6220d8328bc84dc428c9adfb671f10537dc826220a9b59046af966dc682c25e041aeac1653dd961a31765a537a7e29dbc5976a2f1b092fe7278a9db5a2 SHA512 6d43f411ed4649d00911e81d4e0118f3a07871b688faae5b86294e8a03fa23cfbcbf4d58b81952c2b7468e66710ab5e8ff4e083bf31d0fcdf1b963cffdbce0fd +MISC metadata.xml 436 BLAKE2B 08cc2ac4e8d2b06725d52d46064c36cd2305fdfac6c54d5acfb23637462d02d4612cdfd59655555caf31a2cb48506c0cd371de321abef828f52e8da1958f3cb6 SHA512 e44b21f404cce6acae531e2436124b929473bc2bbaadedbe8465a629242faf491f01682c0ac34579a0b85e0d1fabc7e069d2eb60b988eec1ab65a607236acd0e diff --git a/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch new file mode 100644 index 000000000000..b10ddbd4fae0 --- /dev/null +++ b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch @@ -0,0 +1,11 @@ +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -46,7 +46,7 @@ EXTRA_libipset_la_SOURCES = \ + + EXTRA_DIST = $(IPSET_SETTYPE_LIST) libipset.map + +-pkgconfigdir = $(libdir)/pkgconfig ++pkgconfigdir = $(prefix)/$(libdir)/pkgconfig + pkgconfig_DATA = libipset.pc + + dist_man_MANS = libipset.3 diff --git a/net-firewall/ipset/files/ipset.systemd b/net-firewall/ipset/files/ipset.systemd new file mode 100644 index 000000000000..f7a5eb510a0a --- /dev/null +++ b/net-firewall/ipset/files/ipset.systemd @@ -0,0 +1,15 @@ +[Unit] +Description=ipset service +Before=network-pre.target iptables.service ip6tables.service firewalld.service +Wants=network-pre.target +ConditionFileNotEmpty=/var/lib/ipset/rules-save + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore +ExecReload=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore +ExecStop=/usr/sbin/ipset -file /var/lib/ipset/rules-save save + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/ipset/ipset-7.4.ebuild b/net-firewall/ipset/ipset-7.4.ebuild new file mode 100644 index 000000000000..dbc327ccc298 --- /dev/null +++ b/net-firewall/ipset/ipset-7.4.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod systemd + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" + +BDEPEND="virtual/pkgconfig" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" + ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" + + build_modules=0 + if use modules; then + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + + find "${ED}" -name '*.la' -delete || die + + newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/metadata.xml b/net-firewall/ipset/metadata.xml index 79d462e85571..879b385bee96 100644 --- a/net-firewall/ipset/metadata.xml +++ b/net-firewall/ipset/metadata.xml @@ -1,7 +1,13 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> -<maintainer type="person"> - <email>robbat2@gentoo.org</email> -</maintainer> + <maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> + <description>Please assign bugs to this mail alias.</description> + </maintainer> + <maintainer type="person"> + <email>robbat2@gentoo.org</email> + <name>Robin H. Johnson</name> + </maintainer> </pkgmetadata> diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 917e3dcdcd98..ea13edd1edeb 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -14,8 +14,10 @@ DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5 DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0 DIST iptables-1.8.2.tar.bz2 679858 BLAKE2B 2004d85c89ecbc37ef0d571ac8ece680fd2e11a51b074f6387d6e9c4892da524c785d6bf3f30e26af4e7c2cb1f401d51bf8bcb21a91e380e24945374553139cb SHA512 8cf0f515764e1dc6e03284581d682d1949b33e8f25fea29c27ae856f1089fe8ca7b1814524b85f4378fd1fc7c7c7d002f06557b257ae2bbc945f8555bad0dc76 DIST iptables-1.8.3.tar.bz2 716257 BLAKE2B 58c606a5753ae2cb8ada9039e4653d2abe03c7c9b6aeef1e458baa3e10e818893f35e8f2aed5221e692415115e618aa673c8fcd33d172f85e9d1b609ed79c7b8 SHA512 84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d +DIST iptables-1.8.4.tar.bz2 704312 BLAKE2B f677bb9ed2c86e6a39953c0565766991e9647224effdc7db2b563f3f491f6ace2f9073ecc8e865d489101a9f80cf964d9775ab81536412dbd4ca85937432de94 SHA512 a7faaab58608ffaa51e26e8056551c0e91a49187439d30fcf5cce2800274cc3c0515db6cfba0f4c85613fb80779cf96089b8915db0e89161e9980a6384faebdb EBUILD iptables-1.6.1-r3.ebuild 3264 BLAKE2B f63b279cc34c5bae77bf29173e20e959d769e9caa7487d7a5d9d2777d70a944a2af4d6a6ee0c4360ad018b625b3b9d2e849b8e6021b97eb1dd505646a6962253 SHA512 4d78e90b73f46fcbfa87bef6d6c5fc1ebed6d19a01b6aadaf55549d897c45e6763470cf1d5e02c381844072a6c7380d4f35ff9b8c33efda0711c7afdfe1c228e EBUILD iptables-1.6.2-r2.ebuild 3340 BLAKE2B aad99bac62ba2ec4754e93a211ef82672ad2639011009ade87ead6062221900ec32dcc5bd732fecf3017fd53e22e45d51343e8e6b656768d5d97403ee11daa59 SHA512 744bff7edd5b33d18d8cc28b7f8fba70f692975f2f8f36143524abcd7edec827bf5d7b21b2127ffcb155f542b9520787776968e158af71b1611b1cfad11d463a EBUILD iptables-1.8.2-r2.ebuild 3473 BLAKE2B c2132e008bfef0937fe15dc509cc2cc5fcd071229a78ad56b77739ed1350326e19e21057d3f12a2f21076633ae64335b772efd9ac6d29bb38be26caeb93a47b4 SHA512 8e8cc152121f0727cbccfc93abe8738c7ef58a3cb08326322680afe7554d0f4330a32ba03041ddafd08a0a096ea21a94cea2fb76b2efa4a4ebb3bc53e459a43b EBUILD iptables-1.8.3-r1.ebuild 3422 BLAKE2B f502fa3cae58d61d1adf102ad65e68c0debb7761070b2bf5a6d51a2dfd34f68736de74e48637e2ee142bd18b7835be4547fef3136bbdcbb949941a645971060f SHA512 95c4b0bafd83fabc8952d80e093a5e90ef65d9ed756f10a88a4b664f43875abc133ec66a95444e92c5cc8e1d9a86a8decefda29227498ef9d7b8b09d1870be39 +EBUILD iptables-1.8.4.ebuild 3322 BLAKE2B 9bd03747b5375f6c234b6ed22833060434fffcd604efc6eac72961a6b280f07d440edbdbb069361dc7de52da789353f874f359ff37503be1dd9a2c6bf5494af1 SHA512 423b929f018d686843851880464e90057a80cdb6b428a7644ef40d5011b776cf1cdaba337c31502ee68aa52438a57646d6cb9533aa65790cd46ae99df651e5f0 MISC metadata.xml 1465 BLAKE2B c60f98672fb6153499b700a436b26b63c0f271c8f8519a3391e486b761ba673c362a7dc5e23b86e3af887270596a1682ea993e643a08215f670f7e3804f095bd SHA512 26bf7e3008dfd705995b15eccaaaa8c79fd488be191570a874b76571a2f9d4648a7c19eb576399ca7bbe849336d7d193f5b6b58a3ff83f87f3c157c53333e987 diff --git a/net-firewall/iptables/iptables-1.8.4.ebuild b/net-firewall/iptables/iptables-1.8.4.ebuild new file mode 100644 index 000000000000..890475e4e57d --- /dev/null +++ b/net-firewall/iptables/iptables-1.8.4.ebuild @@ -0,0 +1,129 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +# Subslot reflects PV when libxtables and/or libip*tc was changed +# the last time. +SLOT="0/1.8.3" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86" +IUSE="conntrack ipv6 netlink nftables pcap static-libs" + +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:0= + >=net-libs/libnftnl-1.1.5:0= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND="${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 +" +BDEPEND=" + virtual/pkgconfig + nftables? ( + sys-devel/flex + virtual/yacc + ) +" +RDEPEND="${COMMON_DEPEND} + nftables? ( net-misc/ethertypes ) +" + +src_prepare() { + # use the saner headers from the kernel + rm include/linux/{kernel,types}.h || die + + # Only run autotools if user patched something + eapply_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + local myeconfargs=( + --sbindir="${EPREFIX}/sbin" + --libexecdir="${EPREFIX}/$(get_libdir)" + --enable-devel + --enable-shared + $(use_enable nftables) + $(use_enable pcap bpf-compiler) + $(use_enable pcap nfsynproxy) + $(use_enable static-libs static) + $(use_enable ipv6) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-r2.init iptables + newconfd "${FILESDIR}"/${PN}-r1.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + dosym iptables /etc/init.d/ip6tables + newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables + fi + + if use nftables; then + # Bug 647458 + rm "${ED}"/etc/ethertypes || die + + # Bug 660886 + rm "${ED}"/sbin/{arptables,ebtables} || die + + # Bug 669894 + rm "${ED}"/sbin/ebtables-{save,restore} || die + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc xtables + + find "${ED}" -type f -name "*.la" -delete || die +} diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index 4e29ada8236b..54925b9d4067 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -10,8 +10,10 @@ AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f DIST nftables-0.9.0.tar.gz 417981 BLAKE2B 4dfba4d71928f1694ffeb4871353fc373d88e23c5ba716e726e1e6aba0efb2703233528f7a408bfefe47bfe54aa3612cccab9742c2a2208ec8c7a4bcda0e1823 SHA512 78e383bad5440c9414202cf0e4b6749fc5c01071d2fa547208e61cea6e7e179933990e7e538a60696eb0a7cf510d2c4b273a91d50287bb51507d244cd2875aed DIST nftables-0.9.1.tar.bz2 764066 BLAKE2B 26b194d6b3b970c05348c32a3ab21e8c25fcdb0d09d3d6b467198ba23a5bb44e7b6450d3efb86c39a488df4a837885c4a1ab96c197d5449f7de49b7b18ff5f90 SHA512 e14b75197ba3fea2a46c090450bf8b45b39fdc20db67bab1d6919c90128dee8ea8bbe9508e070f86b22ec70bcad8ab584fb89630a2240f09683137471c77d242 DIST nftables-0.9.2.tar.bz2 779850 BLAKE2B 40bf9ed956a126048f27b343afc7aa4f6e34f35dc91127402cb127903f8150d212c80491fef2b54c18a63ca065608521062b3f6a2dd78969bdbf4d7d8a5a751d SHA512 2d83b104af0d70f99a16c2e40afdb9bf89bd984323810e2895976c5e2e346bf09dd88850a391f295e335279adfdd39d34c13610cf8e6b801499dc0df2a5cecf6 -EBUILD nftables-0.9.0-r4.ebuild 2497 BLAKE2B 17916257a8fd7934348d4ceddcbead2c50a24954bff6b50e9f13ec5da2351935c3310be2c6749bfb94141523ca2157e6fe84d89bb7b56914f4f3a0553b7e58b8 SHA512 bf2036978cc0412b677c9117512db14c7344747e19f3fe1b2ef6a7d2b750cf64b33c41bdfaae55f8cfdda19c7f376faadd16a626816672a05b70b11d77231ffc -EBUILD nftables-0.9.0-r5.ebuild 2871 BLAKE2B 043bd133d04a8d21f5b9444100e07b5b9331b40de3658477842b604d2caf6bed6b69aeb56dc1ff976174c5645801a46d4de95db7c7d050c1f0bb02e940733d05 SHA512 a109e15ddfc0f54684b568c4cd1c663ee1d801104553b8cfb2e6d1fb1071039e2ad95d0653d61d6e3b4a2fa6739cc101918bd1848698928f0589ca66112dc96b -EBUILD nftables-0.9.1-r1.ebuild 3813 BLAKE2B 3f9a5e868ec743ad2fb702d8fe07b2bb4e0bb5da6a34a4daf2b3ae69ea2bcb799c0093b2ced4884e4904cd032cdd50738db8b8167fefa3e8d5cf27d8942c7d8d SHA512 b3cd2e1acb1cfb01b9ef74ff37230c5b4762453639c06ddeba889d6b832a5adcc7b587143f02e20388afd989811243d504a603c5dcc99d1a068e34a7ef5d9e60 -EBUILD nftables-0.9.2-r1.ebuild 3716 BLAKE2B 89a0ad3d4adfab23299b1908d80aee7469e73f90ab3360524e7636f4f2025afc3bceefdd21d56568f2b4e00b9ff36d5c68c62999495aab5bfc0ba1344fe5e8b3 SHA512 638f9b38806ccd4279ce9038ccbd45925d10adf7311b52d555c4ba70ec29d97eb4f3d76a0afac2f22529940efc21264e68005ecf7cc0fffc2923c8a1a6f2cc69 -MISC metadata.xml 918 BLAKE2B 16404ad621319f8a8e93e39d8586aaadb0f6fc6989ee928605a8e5e00f581c5f84b11b9718958667a2f76722950a893e5d6097ff2f242961998ac7b092901489 SHA512 27413ba6b81e930b13ae55292d1c308b54b173cf120430d5462313cd8052834bd01e272978b3ba1d4b9f1be99215a90446b2e93bd0a502d328182706be40f02d +DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43 +EBUILD nftables-0.9.0-r5.ebuild 2886 BLAKE2B bea596aa70ac2317ad61e3ee2bd27e904c3004124e7a79fa91cd4177e0fc09fc82e9181e97766079c6005de2f0f5c04ccabdddd376865884b05f1660a049360f SHA512 44aa02207ec3db7ca91b9969847b82ed7d417b4ae7cdcd5a0fb54bb99d492be7ed3f56321d6d12757289912030016e0a1a2c6be8b4b93f40983d012c02f0e4f3 +EBUILD nftables-0.9.0-r6.ebuild 2869 BLAKE2B af739ee33b4666216d4bc049b3c5f274a90a3f906ef72a60ce433848cc4cf2801c5ccc9fe19945fd36f3da821ddbcfbccb7af510dbc4df2b0b35c38c39529ba7 SHA512 50bb9e432f6b4de5aaac7010799a915841b870ab49fe6b1636fe1e0ce8dc0bf60a1fb1bc412c24af9b66f886bc41d9a7f77ffa092db2b8d84d83213d79c896fd +EBUILD nftables-0.9.1-r2.ebuild 3840 BLAKE2B b7b25df46be1b669c74f4d20fb66fb0d703c8961d4802c637b594e1480a2fe6acbeb54fbe6d0da762e969e80952b7b10f366997ea0e8e80947d6035ce82870d5 SHA512 adfaaf35014f398710fdfcb4c0f572a8f5a964d1d044d1b3f88d21de400d5789fde8bc7b7e0a51dd17fb8cd29d2b8852b7a1fd708f4187c1d236d44a874aa7bd +EBUILD nftables-0.9.2-r2.ebuild 3743 BLAKE2B d8ec11d829b812dbd829b966d2578d207b0a9d21963bfc2764394abba6175157bf0980b51690731cbf0581558cd902aeb0797d5aa0bac60a9cdef6699f99ff6e SHA512 9751e9d562e677c3927ce3cc19d86b978b5dfd5502ee0a31e5d8d10031e994751f97bb53152ac1ccbc1fc030e57851edc14fa33e6bd0a0240fa540217e8b8840 +EBUILD nftables-0.9.3-r1.ebuild 3752 BLAKE2B f963feb1307a691b4735feefd0ea07f2beedb87663197e22c090918dab51c836760264cb5fc1df1244d362bc4c286a5c50b9eefa3e087a06c31b84a018f27ecf SHA512 5846aaa9cabde88d0b7bbacc3383c849eb666537796ba0a1dae1b0e42979c76d8a8050f55c351954d52815bdc93aaad58637213dccceb5d6bbe426f452907744 +MISC metadata.xml 918 BLAKE2B 8c2c39f04e2c5591ea06788788d244bddc1cdc25780810b2a19e131d43d0bdf964d2129c01605fc536451cb9a3354420a1c2f656dad45c56dec4f360a95fe473 SHA512 08de9d11f48dcb132eb5423de56b458dd4c4122329b84b56c252436c882b7670233f2217cc01755649f27e14ff9346cf99e3a742224567e712f5cb3678165dcf diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml index 0984d13e0f03..0380331d5106 100644 --- a/net-firewall/nftables/metadata.xml +++ b/net-firewall/nftables/metadata.xml @@ -16,7 +16,7 @@ <use> <flag name="doc">Create man pages for the package (requires <pkg>app-text/asciidoc</pkg>)</flag> <flag name="json">Enable JSON support via <pkg>dev-libs/jansson</pkg></flag> - <flag name="modern_kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag> + <flag name="modern-kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag> <flag name="xtables">Add libxtables support to try to automatically translate rules added by iptables-compat</flag> </use> </pkgmetadata> diff --git a/net-firewall/nftables/nftables-0.9.0-r5.ebuild b/net-firewall/nftables/nftables-0.9.0-r5.ebuild index 24530d29291c..dc29d33b649e 100644 --- a/net-firewall/nftables/nftables-0.9.0-r5.ebuild +++ b/net-firewall/nftables/nftables-0.9.0-r5.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.g LICENSE="GPL-2" SLOT="0" KEYWORDS="amd64 arm ~arm64 ia64 x86" -IUSE="debug doc +gmp json +modern_kernel +readline" +IUSE="debug doc +gmp json +modern-kernel +readline" RDEPEND=">=net-libs/libmnl-1.0.3:0= gmp? ( dev-libs/gmp:0= ) @@ -31,8 +31,8 @@ S="${WORKDIR}/v${PV}" pkg_setup() { if kernel_is ge 3 13; then - if use modern_kernel && kernel_is lt 3 18; then - eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly." + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." fi CONFIG_CHECK="~NF_TABLES" linux-info_pkg_setup @@ -62,7 +62,7 @@ src_install() { default local mksuffix="" - use modern_kernel && mksuffix="-mk" + use modern-kernel && mksuffix="-mk" exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh @@ -84,7 +84,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326." diff --git a/net-firewall/nftables/nftables-0.9.0-r4.ebuild b/net-firewall/nftables/nftables-0.9.0-r6.ebuild index e56ff112a6b7..90884e99c1c3 100644 --- a/net-firewall/nftables/nftables-0.9.0-r4.ebuild +++ b/net-firewall/nftables/nftables-0.9.0-r6.ebuild @@ -11,8 +11,8 @@ SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.g LICENSE="GPL-2" SLOT="0" -KEYWORDS="amd64 arm ~arm64 ia64 x86" -IUSE="debug doc +gmp json +modern_kernel +readline" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86" +IUSE="debug doc +gmp json +modern-kernel +readline" RDEPEND=">=net-libs/libmnl-1.0.3:0= gmp? ( dev-libs/gmp:0= ) @@ -31,8 +31,8 @@ S="${WORKDIR}/v${PV}" pkg_setup() { if kernel_is ge 3 13; then - if use modern_kernel && kernel_is lt 3 18; then - eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly." + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." fi CONFIG_CHECK="~NF_TABLES" linux-info_pkg_setup @@ -62,7 +62,7 @@ src_install() { default local mksuffix="" - use modern_kernel && mksuffix="-mk" + use modern-kernel && mksuffix="-mk" exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh @@ -72,7 +72,7 @@ src_install() { systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - docinto /usr/share/doc/${PF}/skels + docinto skels dodoc "${D}"/etc/nftables/* rm -R "${D}"/etc/nftables } @@ -83,8 +83,14 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. - if [[ ! -f ${save_file} ]]; then - touch ${save_file} + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" fi elog "If you wish to enable the firewall rules on boot (on systemd) you" diff --git a/net-firewall/nftables/nftables-0.9.1-r1.ebuild b/net-firewall/nftables/nftables-0.9.1-r2.ebuild index 5752d73a1b96..fab18474325d 100644 --- a/net-firewall/nftables/nftables-0.9.1-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.1-r2.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86" -IUSE="debug +doc +gmp json +modern_kernel python +readline static-libs xtables" +IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" >=net-libs/libmnl-1.0.3:0= @@ -57,8 +57,8 @@ python_make() { pkg_setup() { if kernel_is ge 3 13; then - if use modern_kernel && kernel_is lt 3 18; then - eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly." + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." fi CONFIG_CHECK="~NF_TABLES" linux-info_pkg_setup @@ -71,9 +71,9 @@ src_prepare() { default # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}@' \ + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/osf@' \ + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ -i files/osf/Makefile.am || die eautoreconf @@ -106,7 +106,7 @@ src_compile() { src_install() { default - local mksuffix="$(usex modern_kernel '-mk' '')" + local mksuffix="$(usex modern-kernel '-mk' '')" exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh @@ -130,7 +130,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326." diff --git a/net-firewall/nftables/nftables-0.9.2-r1.ebuild b/net-firewall/nftables/nftables-0.9.2-r2.ebuild index d35797947814..a6478ad1215c 100644 --- a/net-firewall/nftables/nftables-0.9.2-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.2-r2.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~sparc ~x86" -IUSE="debug +doc +gmp json +modern_kernel python +readline static-libs xtables" +IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" >=net-libs/libmnl-1.0.3:0= @@ -52,8 +52,8 @@ python_make() { pkg_setup() { if kernel_is ge 3 13; then - if use modern_kernel && kernel_is lt 3 18; then - eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly." + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." fi CONFIG_CHECK="~NF_TABLES" linux-info_pkg_setup @@ -66,9 +66,9 @@ src_prepare() { default # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}@' \ + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/osf@' \ + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ -i files/osf/Makefile.am || die eautoreconf @@ -101,7 +101,7 @@ src_compile() { src_install() { default - local mksuffix="$(usex modern_kernel '-mk' '')" + local mksuffix="$(usex modern-kernel '-mk' '')" exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh @@ -125,7 +125,7 @@ pkg_postinst() { # In order for the nftables-restore systemd service to start # the save_file must exist. if [[ ! -f "${save_file}" ]]; then - touch "${save_file}" + ( umask 177; touch "${save_file}" ) elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then ewarn "Your system has dangerous permissions for ${save_file}" ewarn "It is probably affected by bug #691326." diff --git a/net-firewall/nftables/nftables-0.9.3-r1.ebuild b/net-firewall/nftables/nftables-0.9.3-r1.ebuild new file mode 100644 index 000000000000..7f18d19e3468 --- /dev/null +++ b/net-firewall/nftables/nftables-0.9.3-r1.ebuild @@ -0,0 +1,144 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{5,6,7} ) + +inherit autotools linux-info python-r1 systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" +#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~sparc ~x86" +IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables" + +RDEPEND=" + >=net-libs/libmnl-1.0.3:0= + gmp? ( dev-libs/gmp:0= ) + json? ( dev-libs/jansson ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0= ) + >=net-libs/libnftnl-1.1.5:0= + xtables? ( >=net-firewall/iptables-1.6.1 ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + doc? ( app-text/asciidoc ) + >=app-text/docbook2X-0.8.8-r4 + sys-devel/bison + sys-devel/flex + virtual/pkgconfig +" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +#S="${WORKDIR}/v${PV}" + +python_make() { + emake \ + -C py \ + abs_builddir="${S}" \ + DESTDIR="${D}" \ + PYTHON_BIN="${PYTHON}" \ + ${@} +} + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + # fix installation path for doc stuff + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ + -i files/nftables/Makefile.am || die + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ + -i files/osf/Makefile.am || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use python ; then + python_foreach_impl python_make + fi +} + +src_install() { + default + + local mksuffix="$(usex modern-kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + python_foreach_impl python_make install + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local save_file + save_file="${EROOT}/var/lib/nftables/rules-save" + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemd_enable_service basic.target ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart " + elog "the nftables-restore service must be manually started in order to " + elog "save those rules on shutdown." +} |