diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
| commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
| tree | 0625f358789b5e015e49db139cc1dbc9be00428f /net-firewall | |
| parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) | |
gentoo resync : 25.11.2020
Diffstat (limited to 'net-firewall')
26 files changed, 712 insertions, 675 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz Binary files differindex ffc8a86875f9..52c5a571979e 100644 --- a/net-firewall/Manifest.gz +++ b/net-firewall/Manifest.gz diff --git a/net-firewall/arno-iptables-firewall/Manifest b/net-firewall/arno-iptables-firewall/Manifest index 7a0507c5c422..153ea67eee86 100644 --- a/net-firewall/arno-iptables-firewall/Manifest +++ b/net-firewall/arno-iptables-firewall/Manifest @@ -1,6 +1,8 @@ AUX arno-iptables-firewall 404 BLAKE2B 20ae4750d99c8edd3edf4f0e96354aa6a3f0df151bbbfe46f27fa3b1e0c8aaa5bdd7e3292b2e1fc1b5c735ae2b3d512117a5457b42593848829cc2808e7b6ec7 SHA512 3491c556150ac4c39447f17cb48caa2542c42c632d960f604ccdd475cbec239b8fec8523606c146427e644a929b2c5522f3c21a47712fd67880ac3815d3ab983 DIST arno-iptables-firewall-2.0.3.tar.gz 139445 BLAKE2B 57dade49a4aaacb1354129efeb5ca013060d51baa8c23dea1fc326e52a693c7137047883ea7bbca6cc3221f70a83f7283123a345e22ceac4bb99d3b43410b65d SHA512 c88a560d4c0a2644dd1ec35e0a6e2b1883e52dc6c71075207c3b98a59964a4be3787620e9414ad5e926bddb9dbc7c2674fd8687828526c35f0fb4a53a05aa929 DIST arno-iptables-firewall-2.1.0.tar.gz 140015 BLAKE2B 46ff89db6928bd4f86a5b26a06fa1ab2a88ecc5043f6f92543151c3ca6b74d9704c4b7046e1c5e1371e0b5de552e414cbe0524305947b026ec7953f9d779055d SHA512 b59644e78f281dacdd32045254be15dbd31ecb5f2b26d88a3c9bab60aaf19ea879d87127040db5f72292668e22026d982c17d3ad34c83da16720cdbccebdd07f +DIST arno-iptables-firewall-2.1.1.tar.gz 141076 BLAKE2B d3f78767a3ac447841aa01becfd73434cfddc9f56142d5c6ac86072527c17a30449434b8cddba74bb45f8234268ba589ab2ea932db462317a2dfb714f31f2450 SHA512 55494c8a214c0b2dacfef23170ea596bf9ecdfc73d1a6b2bd703183278569f68103eb63580d1b18cae97a9460b95373f0091bbf5decf275c80803a1331555d79 EBUILD arno-iptables-firewall-2.0.3.ebuild 2409 BLAKE2B 6dd74fa4f999915ad4d47731070e0a2d0490fbbdeaa1134d23c55b7b12c95f80cdd3ab9897ed294e0cfb97e033a464cb8948220e30877798df0fca22dadbde8c SHA512 45c09dd36c15dad8b20e28ff20f41504eab837fd72248dd8486382d42d7cafab4ed22a1d4fec4e2eaae6bbf5bbced8ab5c2c5322910c6a9216b8c948de46f467 EBUILD arno-iptables-firewall-2.1.0.ebuild 2418 BLAKE2B 77ce5882577d617dc2187f2144d105301ca11fc0d42ea5f317d08ec9100fe536d450c99b0a9c3fa8dd858b313dab5af64f2c59a928103c603b6ed6c80792e5d5 SHA512 cbe407a4acef1220fcd76117cc4f456f9a30dd729c875803f503baa014fde5f8663f6afe51a7ae2e5be6b39f1b7ab943380a62b86d84814529874ef70bd53ce1 +EBUILD arno-iptables-firewall-2.1.1.ebuild 2667 BLAKE2B 2f45839c98f87165f1a2c92fecb7659ffcdb57e814f8797d6bd64e49f441a3b46dc46430c170e654740f126bf9452f20576ef94c175c76e253d16338045b281e SHA512 ae8df97440895a35c8933a8c67b770be5a3ee7d3b3457d5d77c29d58cffcf1b65dd290b17a0d0391ecc9aa09b9b3cbd4d2b9c27fe34e67a198903d4b8ddd7f7c MISC metadata.xml 515 BLAKE2B c904370936eddef69630141ec61bdfe911a29bdc2425238b2a973ffcb89702183e0e36c42799cfc6cfaae403bdfb5a8fcefa1a576dd6a547a6b161ca9a967464 SHA512 c0d63d340e8fa318e276d3bd2e526dfa2dd5e8d810a75d75301cef8983d5bc851aae90e7f29685f8c2c21c21fadfa1c3d033156d44fb289eb9890465ea49e3bf diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.1.1.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.1.1.ebuild new file mode 100644 index 000000000000..0b622d4894c9 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.1.1.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit readme.gentoo-r1 systemd + +DESCRIPTION="Arno's iptables firewall script" +HOMEPAGE="https://rocky.eld.leidenuniv.nl" + +MY_PV=$(ver_rs 3 -) +MY_PV=${MY_PV/rc/RC} +SRC_URI="https://github.com/${PN}/aif/archive/${MY_PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+plugins rsyslog" + +DEPEND="" +RDEPEND="net-firewall/ipset + net-firewall/iptables + sys-apps/coreutils + sys-apps/iproute2 + plugins? ( net-dns/bind-tools )" + +S="${WORKDIR}/aif-${MY_PV}" + +DISABLE_AUTOFORMATTING="yes" +DOC_CONTENTS="You will need to configure /etc/${PN}/firewall.conf +before using this package. To start the script, run: + +/etc/init.d/${PN} start (for OpenRC) +systemctl start ${PN} (for systemd) + +If you want to start this script at boot, run: + +rc-update add ${PN} default (for OpenRC) +systemctl enable ${PN} (for systemd)" + +src_prepare() { + sed -i -e 's:/usr/local/share/:/usr/libexec/:' \ + bin/"${PN}" share/"${PN}"/environment || die "Sed failed!" + sed -i -e 's:/usr/local/sbin/:/usr/sbin/:' \ + lib/systemd/system/"${PN}.service" || die "Sed failed!" + eapply_user +} + +src_install() { + insinto /etc/"${PN}" + doins etc/"${PN}"/firewall.conf + doins etc/"${PN}"/custom-rules + + doinitd "${FILESDIR}/${PN}" + systemd_dounit lib/systemd/system/"${PN}.service" + + dobin bin/arno-fwfilter + dosbin bin/"${PN}" + + insinto /usr/libexec/"${PN}" + doins share/"${PN}"/aif-job-execute + doins share/"${PN}"/aif-job-processor + doins share/"${PN}"/environment + + insinto /etc/logrotate.d + doins etc/logrotate.d/"${PN}" + + dodoc CHANGELOG README + readme.gentoo_create_doc + + if use plugins + then + insinto /etc/"${PN}"/plugins + doins etc/"${PN}"/plugins/* + + insinto /usr/libexec/"${PN}"/plugins + doins share/"${PN}"/plugins/*.plugin + + exeinto /usr/libexec/"${PN}"/plugins + doexe share/"${PN}"/plugins/adaptive-ban-helper + doexe share/"${PN}"/plugins/dyndns-host-open-helper + doexe share/"${PN}"/plugins/parasitic-net-helper + doexe share/"${PN}"/plugins/traffic-accounting-helper + doexe share/"${PN}"/plugins/traffic-accounting-log-rotate + doexe share/"${PN}"/plugins/traffic-accounting-show + + docinto plugins + dodoc share/"${PN}"/plugins/*.CHANGELOG + fi + + if use rsyslog + then + insinto /etc/rsyslog.d + newins etc/rsyslog.d/"${PN}".conf 60-"${PN}".conf + fi + + doman share/man/man1/arno-fwfilter.1 \ + share/man/man8/"${PN}".8 +} + +pkg_postinst() { + ewarn "When you stop this script, all firewall rules are flushed!" + ewarn "Make sure to not use multiple firewall scripts simultaneously" + ewarn "unless you know what you are doing!" + readme.gentoo_print_elog +} diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest index 0edcb67e2c5c..7a602d0b8654 100644 --- a/net-firewall/firehol/Manifest +++ b/net-firewall/firehol/Manifest @@ -3,5 +3,5 @@ AUX firehol.initd 1141 BLAKE2B 4bdeb545542780b4544c07ad675a2ab63c80177126841eaea AUX fireqos.confd 65 BLAKE2B 121c8df85e9c110e45633c84f3fd4ba9e006bb70dffbdee1507f92d763c13ae9ce370a5807753d31b0033e23d39004ea147d9fb75bf4f2fbadc6baf070ccaca3 SHA512 4dd394f3d896d8bf782cf1157f5bf420ca0e9b2c6238986f3fb17630ec0e12bfcad4ffc6fe2258a7d257e157fed11e01aef26965f3d97c78643c6467639a822c AUX fireqos.initd 829 BLAKE2B f09905f02189f155455886dd1896a183f2f529d0737939a7065bb52b57870f22805e3e6c029510cc5b57b36e596eb829bcc7651c6a80657ff4e399acc542fa90 SHA512 8364537d3e10c68d309fc40f4b2f88a2a593c38fd6f134b1c09cf937be00f7d96eeba05c83824c9460367bf892a8f79547321784c8f8a4708f856df9a88693f4 DIST firehol-3.1.6.tar.xz 1484424 BLAKE2B aea45aa424b7b43ed0576916f52a785601a21489263c1b5c6abbf3b2b97db80bf2a2420ae8176cd55e335ab93c18a8209a47f467dba80a63cf2c319b3e3e27d8 SHA512 5ffa7e59d3f10a6c7d3f5b5ef9d93f1b2138063374a10cb0c1ac4e75578d6cf7755e154b51febf546563ba003f100af13f89bca3843b66a8d22b8fc2da3fadfe -EBUILD firehol-3.1.6-r2.ebuild 1435 BLAKE2B ae32e1c16b61bb0969ec664342fd703ddcd053aaabc8c659d513ce7298c72267aa21d91b8b3a099c79d868bccafee05be932baf466bb4436f9a30f88b6f1d0be SHA512 488b12c278c0d8f16eeeb2b1bd9387bd6f9989cbd2536098a7c154864629fb407e9d9b4b23842f7dd8427a06ab987ad232ea66ccda010458582acef6e10b9174 +EBUILD firehol-3.1.6-r2.ebuild 1442 BLAKE2B c07be7c78a6c8d66f91a4c867d1358ae63d2c0444e19767d4e13256b82ab012e7f7b8be0c9c8457620520e107480bd8b130510642d388a609b520eddd4a3d78e SHA512 a2ff2a744fc8daa500c7c3cb45a4b92de946d905e58d7553d53b8237963959061d8aa03b18dd2624b59b48aa859eb491624ef9310b44ddd1c1fd2524896ca410 MISC metadata.xml 464 BLAKE2B 67d0dfdaf7651eef96dcc00f6a89faf40593e79fa0885a85f27e3aefbfb4949648c0be652eaab8f1b38b4100e41a037c018677f81d3040dad0909c453fd49052 SHA512 5def437c908d4d5c76729fc8f50bd9a145a0c79d7154535ac9c39df585da4bf175b1b465690dbf05fb5536df97a9cbb2abaa0384fb45ebac5f53482d26a76607 diff --git a/net-firewall/firehol/firehol-3.1.6-r2.ebuild b/net-firewall/firehol/firehol-3.1.6-r2.ebuild index 997336632666..0a6d297bcce3 100644 --- a/net-firewall/firehol/firehol-3.1.6-r2.ebuild +++ b/net-firewall/firehol/firehol-3.1.6-r2.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz LICENSE="GPL-2" SLOT="0" IUSE="doc ipv6 ipset" -KEYWORDS="amd64 arm ~ppc ~x86" +KEYWORDS="amd64 arm ~arm64 ~ppc ~x86" RDEPEND="net-firewall/iptables sys-apps/iproute2[-minimal,ipv6?] diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest index 7a1e62c9c911..707a816f77bc 100644 --- a/net-firewall/ipset/Manifest +++ b/net-firewall/ipset/Manifest @@ -6,8 +6,12 @@ DIST ipset-6.29.tar.bz2 542735 BLAKE2B 2229eb802597b38287f49cc2936a8be1afde2f638 DIST ipset-6.38.tar.bz2 545568 BLAKE2B 14e526ba40f4912cd78d81831d072f9c9c159ac14169ffea8ce7325ee4839b80e28ef76405535e1b2aeaf2d0b7b3dde0f8a1ec42c7489cbc786282700d9d2b0f SHA512 ba8c45fa6b4df1b4af848d8c0c218fb449a50c79c48b1d1550dd3a188f82d320956bc483874730f917249d8650e50c3eedff66c24a68a136246fdbf6e1127d60 DIST ipset-7.5.tar.bz2 675179 BLAKE2B 04d207c4eaed66bf295ebd31a66d4423e68ed7918ef4e7d0b08e7e178216a016e6d454ed4c0f915d36d6266a74ea08c33db69481bf288c6fe7a1cd00c3ed68e5 SHA512 97e2a42bb33dfd2d9c5d258595e4be670d961ce3f5fa537ffb32b748168324f4e572047f026096c142e3a1f5a88caa26da455cbc067121dc9140f79321f272aa DIST ipset-7.6.tar.bz2 676777 BLAKE2B 98b4a0094e4e44dfc8702ad4e61ce3c62de74964afc16ae91d107599fab7f978071693b6e6f57969c35a3dd381fac5b58610fd74a107eebd8af1f8644d819061 SHA512 c4d9c65895335dec8f855fca6c940d2ee19e7b8d2292325778a1608e795e2e35caa787cbcdeb8e2877f3695c641ac348b23ac43f73bdc1a8242e8d04f4944084 +DIST ipset-7.7.tar.bz2 678424 BLAKE2B 330eb82ee3cff8a2b09704e6f90a4a1376f6154753a8e386f52ee934b7e1b402d8b9293962563d50501f31540d651374d7899961739bef50ee2f3096fd1b0bfd SHA512 1c8f969eb402ae56eb4c747d89eb5dcbf068004c3c0ae171eb4eddd948f7d8dd14d6e3dc8b713d2909f220359e6760fce3848a4e12f59a575b747f6c38ad80db +DIST ipset-7.9.tar.bz2 679273 BLAKE2B 0e6d216be5c1f51598f74cce8b1166168644152924354d777fc4a0b5433d68d5e04925bf2c88d4a6abf86d7f707795c3f828bf7d00e6a034326c4c3131768f0a SHA512 53d52aa9c0aba728fd620a7b9e232e5366fa45322d3d23150192b53e311877c61175577b6a0fbde95eaa1fb12deca3251a682fd74c3443558e34a1fe2247309e EBUILD ipset-6.29-r1.ebuild 2966 BLAKE2B ac18e5ee12a7fe97bfa4e8755d3c9d7bdf1fb13380e64bf41f664edffc47c2a96770cbe2e35aea4812ecb6b9699bb719719404f382ef888ea07fddf92e750e10 SHA512 935ff6018aeefcd20aaaa1cdc9662b62fb039ff5066ba33d4d90d81e844d29bded3beb7d7815941ef2b0970b55966647bc6461767380b4641511cd703312ae5f EBUILD ipset-6.38-r1.ebuild 3009 BLAKE2B 259ff825875d9c8218120f696b56b7b32fd3cc1ac094a727065e4a24e4aa4b778181850f7ff96f63bb7e45d176dab217dd867db306ef9023ad31fff45d521162 SHA512 fef053d107dffc78839a35c89c6c25a63b46a60dc04b2493f0be49d17fe96f511f3652c1a5746f0ff71c4b616aaeb09a400ddb9df69659e69ed657e0424b16d0 EBUILD ipset-7.5-r1.ebuild 3242 BLAKE2B 741d3b5448d52fea420e6283f6f1efe15edbdb44078bb74194aac447e0b3115733ee32a29d28d052abe65a0b686517b9f749c44bebefa88369bf853cf755f3e5 SHA512 efae400a718183a41cd0a5df90872532721b1d7730aa87467f50216d8b455e8a359b4dece03fb332766b4da6350e59a54c1f9e5dba1f170a1313c90090df7fb2 EBUILD ipset-7.6-r1.ebuild 3242 BLAKE2B 741d3b5448d52fea420e6283f6f1efe15edbdb44078bb74194aac447e0b3115733ee32a29d28d052abe65a0b686517b9f749c44bebefa88369bf853cf755f3e5 SHA512 efae400a718183a41cd0a5df90872532721b1d7730aa87467f50216d8b455e8a359b4dece03fb332766b4da6350e59a54c1f9e5dba1f170a1313c90090df7fb2 +EBUILD ipset-7.7.ebuild 3242 BLAKE2B 741d3b5448d52fea420e6283f6f1efe15edbdb44078bb74194aac447e0b3115733ee32a29d28d052abe65a0b686517b9f749c44bebefa88369bf853cf755f3e5 SHA512 efae400a718183a41cd0a5df90872532721b1d7730aa87467f50216d8b455e8a359b4dece03fb332766b4da6350e59a54c1f9e5dba1f170a1313c90090df7fb2 +EBUILD ipset-7.9.ebuild 3323 BLAKE2B 091e143637baefc38ef29f59c4a24c0c90f0a173e2289cfb818ccc04646c890dbd01ef9d7da641580893b6393295bc627563d3f6b8c2aaf14c97b0c1ff99e699 SHA512 9222c42ce4bc279f813f797dd5a8f13be92032af025dd63737c37bf6261f5439af62045c0cad4d1f62228e8f839d6320dff99dd22ba5908c4a2412824e5ab982 MISC metadata.xml 436 BLAKE2B 08cc2ac4e8d2b06725d52d46064c36cd2305fdfac6c54d5acfb23637462d02d4612cdfd59655555caf31a2cb48506c0cd371de321abef828f52e8da1958f3cb6 SHA512 e44b21f404cce6acae531e2436124b929473bc2bbaadedbe8465a629242faf491f01682c0ac34579a0b85e0d1fabc7e069d2eb60b988eec1ab65a607236acd0e diff --git a/net-firewall/ipset/ipset-7.7.ebuild b/net-firewall/ipset/ipset-7.7.ebuild new file mode 100644 index 000000000000..b0de78dae51c --- /dev/null +++ b/net-firewall/ipset/ipset-7.7.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod systemd + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" + +BDEPEND="virtual/pkgconfig" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" + ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" + + build_modules=0 + if use modules; then + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + + find "${ED}" -name '*.la' -delete || die + + newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-7.9.ebuild b/net-firewall/ipset/ipset-7.9.ebuild new file mode 100644 index 000000000000..3cdf4582eb76 --- /dev/null +++ b/net-firewall/ipset/ipset-7.9.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod systemd + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" + +BDEPEND="virtual/pkgconfig" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" + ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" + + build_modules=0 + if use modules; then + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + + find "${ED}" -name '*.la' -delete || die + + newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest index af5c56b45ca5..feb7542d320b 100644 --- a/net-firewall/ipt_netflow/Manifest +++ b/net-firewall/ipt_netflow/Manifest @@ -2,13 +2,11 @@ AUX ipt_netflow-2.0-configure.patch 276 BLAKE2B a7c4d51d9c0f5d6d60200cebc74dc022 AUX ipt_netflow-2.3-flags.patch 1743 BLAKE2B 5c2cf2b603aae5017e685fbfcb76bf0a5be29b0e3f1299d2e72a516d80cd5479b92c463d4bb4ab192b9cd7b59ef59eeef673c12696a79d6517ec7346dbbe3b5c SHA512 b8a74b0f9daf0e532a8015b576b59e13948684bee8d22a2a62cd8d2a11e4d8d5a2d4b257842dab4df379c3549bdb39d9814bebe24573714e3bff2d2d765021ad AUX ipt_netflow-2.4-bridge_netfilter.patch 1785 BLAKE2B 45b3e9124bbf17a3e38da1777951db2516abf18988426920f40d56b8c5083c369f52c36f605849590fef06884a566e1573bd6612b62da8e1333be40a7e913734 SHA512 bae60dd8fe7e50eb8e1061e007f2e603b23e04ca45ce60530b85ed626acaa4eeb44d061d48d2e90cc5409c3d7976030ec0a0683a6bd4723379315c4bf0e09730 AUX ipt_netflow-2.5-gentoo.patch 1944 BLAKE2B 0acb66305cd7f337a271b356f65c2984b445fc245d4de5668ccdff54ef7bb5095fc27148be978f13bc84dfc92be58abda897dacf053a31b10b44caffb5cbabb7 SHA512 781c4286889b2e39f2276de02970306b76f859c87565dff5235cfb1fedd0e7f6cc2a5f1263899f7505317ce22fd73c724a4a1273114adcc6ad2c3cc84069d47d +AUX ipt_netflow-2.5.1-vlan_dev_priv.patch 1182 BLAKE2B f5522a888133b5411cb6b3e43e2cc2d0457b521a46e26b3f3d6826a84dc016dd8b58195317601ebf49de81031faf9100f95dd547adbda81a9b4814a75c3e147b SHA512 d1d23794871237338102ed148b94a6d0f92997675f6e059fc0f1e94b54aed894dd4325721d8427edcaf6747bd063338b7f94b4ab51904bf76bd98c8380d4e5e2 AUX ipt_netflow-9999-gentoo.patch 1956 BLAKE2B 4595118518958c379a33e0fd7b6e3769fe764a633876cb46b76517ccec9fe6430fd4441b5509019699003b07966e1b09b257d302d3a1f29c4b437f90bce1c211 SHA512 bf8a723d0cf5a57b49231d444d6e0926b2aa667a5ac8aebdedd92b8271be30e5cbfd330e03ed63969d37a5fb694038378468ae1d4b2483b087785734214d00bd DIST ipt_netflow-2.4.tar.gz 92580 BLAKE2B 0197e7e5cdd9c94c7b80b38cb4e2879343139592421922bf73aeaac70ac3af54ea25934bb1474ff455a9f58eab2368995591542f46be48b5c8491a3b6a192f56 SHA512 3c80d02cfda996fbde8d258875df8795000fd8390b5a6f8296771a992067e153eca48f7f4602421529948beaf3030e164adfc2ffe5b528042fbdc15ffb56aa74 DIST ipt_netflow-2.5.1.tar.gz 94627 BLAKE2B 440daed1f0c02e4700c6d4a97da08abc7bf51c73cd824a67fd2b7b9394b47d493ca7acfea34467d93cdce6dded2c5b24b4a2600b9f717aa54561d1f88a123dbc SHA512 dd0bde358f788f2d62ace6a0b1529128f0a686f9b776deeae3502d45d06d13971e8ea249d2647d00b00e73625c515bc12a4b7bd8d34fafd5f3b32f290d48cdce -DIST ipt_netflow-2.5.tar.gz 94097 BLAKE2B 5ca8d686e08f6fb0cdb1d502572afc71f146e2633ccf5fc7cb9ad21420fb62e88a2cb393e83ee4f5646200fa964d46a16ef58831958799449a4a59e2da6c9337 SHA512 8cd1bc46ef6e975964e5ddc290ed999f7076b63a9363f1a1f31b5d8db875d4e564ed5f0d5185c29dcf8a86793fe4badf63325b79ba1abbc264088b1ca94a9dad -EBUILD ipt_netflow-2.4-r1.ebuild 2383 BLAKE2B 961e4ef35da8c6bc4111bb9a9ed8e4be4e05c24e9262e6fb6b7b55fc0ea8ce084e7830b3d8ec8b317a4afc89d242cd2f3ecd5a6dd8e9463f2a574aa80bf22b8e SHA512 6da791363ee57e08680722864203134a0fb89bf3079ab12e34ed02bfa2178606f1a65356ec727c615ce105c5ce0fd6fd91ad7c26554792f64abec8b765c2a6ec -EBUILD ipt_netflow-2.5-r1.ebuild 2360 BLAKE2B 2309e1fd12f41326ba0071909ceabd6ccab1f8ae6e70520fdfdc5d239b46b424390b3dae2f34dc6d055d38b7209a77666841e0df73e6530b0100a7ba9eb417fc SHA512 39d13df5d3b49e0dcd941f3429589b8213b998c3edc639f47f579d9f4c639a851fcdab09b61ef57b3b05cffa487d32d36950e9081063decddb66aebb5e269bd9 -EBUILD ipt_netflow-2.5.1-r1.ebuild 2367 BLAKE2B 967715b3ccdbffd2d4ed88c1a6dcf351b7aefc1229c207babfc9dd65578df6cbc366ad0ff9a192200106faebc3916e8633e3c9c1248badf52ca80d5d4c7f4ce1 SHA512 dacad16472e8f700b4fac67c5f592c6fe83e0150cdff0127fae33fcd531170bdfe9ac62ba982e47d8d26761f5e274544965321dec73d471b48dde7ade4e5f3ed -EBUILD ipt_netflow-2.5.1.ebuild 2360 BLAKE2B 2309e1fd12f41326ba0071909ceabd6ccab1f8ae6e70520fdfdc5d239b46b424390b3dae2f34dc6d055d38b7209a77666841e0df73e6530b0100a7ba9eb417fc SHA512 39d13df5d3b49e0dcd941f3429589b8213b998c3edc639f47f579d9f4c639a851fcdab09b61ef57b3b05cffa487d32d36950e9081063decddb66aebb5e269bd9 -EBUILD ipt_netflow-9999.ebuild 2389 BLAKE2B fa2aceaf3a3f47a849a8f67e9b23b95e1b1f212d858ae19ebb2bfaa4bb69619cb845583dd3ee44f1bab2212e0ee12a1db3fce49d083bcaa5d707c04bb6e38e71 SHA512 b0579ddb9303d78bbf5bac6a412497e200f4b190031a362ef2d576eb126deb03c3f9fbed22742d2b503df339dcc9ea6b2a80a3349e0beca68c2293f76d87e24c +EBUILD ipt_netflow-2.4-r1.ebuild 2427 BLAKE2B 38ee77ea29ed5c32ebd13ec4cf4dc956a05441345e97b0ba732a52f8ecc3e85a9bb87290afa9fe4047c3caa60d40138ae2780b28cfc37c153e8d8cac9a48dfd1 SHA512 5f76b3bc90706f990f6cfa86463cf72a69198a525c7ad60805b7d812611dbf3817f72318cdd07ed280ec0f7035c6d5d980148352c905d6475e0f1059424d6950 +EBUILD ipt_netflow-2.5.1-r1.ebuild 2451 BLAKE2B bb93e5dbb140612d2638e5b93c2e2b965214c5a65fc2b5e29854668dfaeb25205c76ff2c07f7b11a4598a0cab42815267249d526789e49e9fade766c42ecb568 SHA512 cad2cf3860d7fe157f5305edb55d663315066f5c7f4dca44ae97f129c7d91774933f514fadd4950b4aee530305260930b9d8052bf12ff329996e2d5216cc7f77 +EBUILD ipt_netflow-9999.ebuild 2433 BLAKE2B 5bc455a234b42e8b53be0f100a0d826cd6092fc037132793d63a46467bed0c42f65683c0d83d1f155662fafc25ba731c3430935867e5efcc8dc2bb8e9f451fe1 SHA512 577a38067db83c0d7c67ba80178b7b6519d8342c61febf9d0bc0de288b6aa94d05bdeaf3fb3d59a20ccfff67efb15cd70bfbcf0a6f1639a19d41147d6a6c1551 MISC metadata.xml 561 BLAKE2B 8b2d48273d5c27a1996089236e3981c7eff8546e73671136baa8a9ed0c18fb26a56be261b3162e4563878bf54487a0b26e389861a9dbc80af35783491564c7d3 SHA512 6cd4feab99315acfcf34f34fccd9ecb6b00b23efecef622cc638902a4ec62240f3d9f87d1f349a84ec7c4985a90f8632ffcfa9f403b42c26ce9d923ca9e01bc5 diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.5.1-vlan_dev_priv.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.5.1-vlan_dev_priv.patch new file mode 100644 index 000000000000..49721e547fd7 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.5.1-vlan_dev_priv.patch @@ -0,0 +1,32 @@ +commit 1153f73f038205dc17303e6e6c455bbbb56191f7 +Author: ABC <abc@openwall.com> +Date: Wed Oct 14 15:35:57 2020 +0300 + + gen_compat_def: Check for vlan_dev_priv instead of version if + +diff --git a/gen_compat_def b/gen_compat_def +index c0f20f6..3965e94 100755 +--- a/gen_compat_def ++++ b/gen_compat_def +@@ -85,6 +85,8 @@ kbuild_test_struct proc_ops linux/proc_fs.h + kbuild_test_struct proc_ops linux/proc_fs.h + # No since v5.1, but present in CentOS-8's 4.18.0-227 + kbuild_test_symbol synchronize_sched linux/rcupdate.h ++# Stumbled on 5.9 ++kbuild_test_struct vlan_dev_priv linux/if_vlan.h + + echo "// End of compat_def.h" + +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index 01055df..6f95166 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -4874,7 +4874,7 @@ static void parse_l2_header(const struct sk_buff *skb, struct ipt_netflow_tuple + tuple->tag[tag_num++] = htons(vlan_tx_tag_get(skb)); + else if (skb->dev && is_vlan_dev(skb->dev)) { + struct net_device *vlan_dev = skb->dev; +-# if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) ++# ifdef HAVE_VLAN_DEV_PRIV + struct vlan_dev_priv *vlan = vlan_dev_priv(vlan_dev); + + /* `if` condition is `#if`ed intentionally, and this is diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild index c3bec366b466..e36de51a30c8 100644 --- a/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild +++ b/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild @@ -92,7 +92,7 @@ src_configure() { } src_compile() { - emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all + emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" LD="$(tc-getLD)" OBJDUMP="$(tc-getOBJDUMP)" all } src_install() { diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.5-r1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.5-r1.ebuild deleted file mode 100644 index 2c7d537f291b..000000000000 --- a/net-firewall/ipt_netflow/ipt_netflow-2.5-r1.ebuild +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit linux-info linux-mod toolchain-funcs - -DESCRIPTION="Netflow iptables module" -HOMEPAGE=" - https://sourceforge.net/projects/ipt-netflow - https://github.com/aabc/ipt-netflow -" -SRC_URI="https://github.com/aabc/ipt-netflow/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" - -IUSE="debug natevents snmp" - -RDEPEND=" - net-firewall/iptables:0= - snmp? ( net-analyzer/net-snmp ) -" -DEPEND="${RDEPEND} - virtual/linux-sources - virtual/pkgconfig -" -PATCHES=( - "${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984 - "${FILESDIR}/${PN}-2.5-gentoo.patch" -) - -pkg_setup() { - linux-info_pkg_setup - - local CONFIG_CHECK="BRIDGE_NETFILTER ~IP_NF_IPTABLES VLAN_8021Q" - use debug && CONFIG_CHECK+=" ~DEBUG_FS" - if use natevents; then - CONFIG_CHECK+=" NF_CONNTRACK_EVENTS" - if kernel_is lt 5 2; then - CONFIG_CHECK+=" NF_NAT_NEEDED" - else - CONFIG_CHECK+=" NF_NAT" - fi - fi - - BUILD_TARGETS="all" - MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})" - IPT_LIB="/usr/$(get_libdir)/xtables" - - linux-mod_pkg_setup -} - -src_unpack() { - default - - mv "${WORKDIR}"/${PN/_/-}-* "${WORKDIR}"/${P} || die -} - -src_prepare() { - default - - # Checking for directory is enough - sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die -} - -do_conf() { - tc-export CC - echo ./configure $* - ./configure $* ${EXTRA_ECONF} || die 'configure failed' -} - -src_configure() { - local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)" - # this configure script is not based on autotools - # ipt-src need to be defined, see bug #455984 - do_conf \ - --disable-dkms \ - --enable-aggregation \ - --enable-direction \ - --enable-macaddress \ - --enable-vlan \ - --ipt-lib="${IPT_LIB}" \ - --ipt-src="/usr/" \ - --ipt-ver="${IPT_VERSION}" \ - --kdir="${KV_DIR}" \ - --kver="${KV_FULL}" \ - $(use debug && echo '--enable-debugfs') \ - $(use natevents && echo '--enable-natevents') \ - $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent') -} - -src_compile() { - emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all -} - -src_install() { - linux-mod_src_install - exeinto "${IPT_LIB}" - doexe libipt_NETFLOW.so - use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall - doheader ipt_NETFLOW.h - dodoc README* -} diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.5.1-r1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.5.1-r1.ebuild index 637824868f6f..8fa83402adaa 100644 --- a/net-firewall/ipt_netflow/ipt_netflow-2.5.1-r1.ebuild +++ b/net-firewall/ipt_netflow/ipt_netflow-2.5.1-r1.ebuild @@ -28,6 +28,7 @@ DEPEND="${RDEPEND} PATCHES=( "${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984 "${FILESDIR}/${PN}-2.5-gentoo.patch" + "${FILESDIR}/${P}-vlan_dev_priv.patch" ) pkg_setup() { @@ -91,7 +92,7 @@ src_configure() { } src_compile() { - emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all + emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" LD="$(tc-getLD)" OBJDUMP="$(tc-getOBJDUMP)" all } src_install() { diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.5.1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.5.1.ebuild deleted file mode 100644 index 2c7d537f291b..000000000000 --- a/net-firewall/ipt_netflow/ipt_netflow-2.5.1.ebuild +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit linux-info linux-mod toolchain-funcs - -DESCRIPTION="Netflow iptables module" -HOMEPAGE=" - https://sourceforge.net/projects/ipt-netflow - https://github.com/aabc/ipt-netflow -" -SRC_URI="https://github.com/aabc/ipt-netflow/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" - -IUSE="debug natevents snmp" - -RDEPEND=" - net-firewall/iptables:0= - snmp? ( net-analyzer/net-snmp ) -" -DEPEND="${RDEPEND} - virtual/linux-sources - virtual/pkgconfig -" -PATCHES=( - "${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984 - "${FILESDIR}/${PN}-2.5-gentoo.patch" -) - -pkg_setup() { - linux-info_pkg_setup - - local CONFIG_CHECK="BRIDGE_NETFILTER ~IP_NF_IPTABLES VLAN_8021Q" - use debug && CONFIG_CHECK+=" ~DEBUG_FS" - if use natevents; then - CONFIG_CHECK+=" NF_CONNTRACK_EVENTS" - if kernel_is lt 5 2; then - CONFIG_CHECK+=" NF_NAT_NEEDED" - else - CONFIG_CHECK+=" NF_NAT" - fi - fi - - BUILD_TARGETS="all" - MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})" - IPT_LIB="/usr/$(get_libdir)/xtables" - - linux-mod_pkg_setup -} - -src_unpack() { - default - - mv "${WORKDIR}"/${PN/_/-}-* "${WORKDIR}"/${P} || die -} - -src_prepare() { - default - - # Checking for directory is enough - sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die -} - -do_conf() { - tc-export CC - echo ./configure $* - ./configure $* ${EXTRA_ECONF} || die 'configure failed' -} - -src_configure() { - local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)" - # this configure script is not based on autotools - # ipt-src need to be defined, see bug #455984 - do_conf \ - --disable-dkms \ - --enable-aggregation \ - --enable-direction \ - --enable-macaddress \ - --enable-vlan \ - --ipt-lib="${IPT_LIB}" \ - --ipt-src="/usr/" \ - --ipt-ver="${IPT_VERSION}" \ - --kdir="${KV_DIR}" \ - --kver="${KV_FULL}" \ - $(use debug && echo '--enable-debugfs') \ - $(use natevents && echo '--enable-natevents') \ - $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent') -} - -src_compile() { - emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all -} - -src_install() { - linux-mod_src_install - exeinto "${IPT_LIB}" - doexe libipt_NETFLOW.so - use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall - doheader ipt_NETFLOW.h - dodoc README* -} diff --git a/net-firewall/ipt_netflow/ipt_netflow-9999.ebuild b/net-firewall/ipt_netflow/ipt_netflow-9999.ebuild index 74ad5f1c71d8..d4305e2fc5c5 100644 --- a/net-firewall/ipt_netflow/ipt_netflow-9999.ebuild +++ b/net-firewall/ipt_netflow/ipt_netflow-9999.ebuild @@ -92,7 +92,7 @@ src_configure() { } src_compile() { - emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all + emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" LD="$(tc-getLD)" OBJDUMP="$(tc-getOBJDUMP)" all } src_install() { diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 679d1efa4c55..3032061d49f3 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -16,8 +16,10 @@ DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5 DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0 DIST iptables-1.8.4.tar.bz2 704312 BLAKE2B f677bb9ed2c86e6a39953c0565766991e9647224effdc7db2b563f3f491f6ace2f9073ecc8e865d489101a9f80cf964d9775ab81536412dbd4ca85937432de94 SHA512 a7faaab58608ffaa51e26e8056551c0e91a49187439d30fcf5cce2800274cc3c0515db6cfba0f4c85613fb80779cf96089b8915db0e89161e9980a6384faebdb DIST iptables-1.8.5.tar.bz2 713769 BLAKE2B 49659fc2f1f284f31637048fa1e6edb4853e9bf6ac0b6ada5599a7af34a4449205b5eb6b85b630ce4757b49cf3f8ac9ad6220e07c2c22abb688a3aeb5cf99cd2 SHA512 6a6baa541bb7aa331b176e0a91894e0766859814b59e77c71351ac34d6ebd337487981db48c70e476a48c67bcf891cfc663221a7582feb1496ad1df56eb28da8 +DIST iptables-1.8.6.tar.bz2 715744 BLAKE2B 72167610b396054fe18c495d7a9e23051d217116074ee39198af989a3e50b9908cb75f42b9172d3cfd76343835386a78a2c51d1153ed5d219a6d68209e11dc9c SHA512 d06e4cddb69822c4618664a35877fc5811992936cade2040bb0e4eb25a4d879eadc7c84401c40fb39ffac7888568505adcb1cfe995cd166a15c702237daf6acf EBUILD iptables-1.6.1-r3.ebuild 3269 BLAKE2B e4718479b62cc529f17a5f407409053b9cdc8e08d5b72ead86fe447d1fdd96cc31447ed354d4fcbc8005a2d3fa37ef50cebbd454283fc3a0ed1d9abe375412d5 SHA512 9721db9b6c0f908119d19b6b1e3f592810a64e5aa4f3ca7879fa62622e9f34864ecb3f8a0d56f5c61a449b9b9d1545837cbf07c3d05c3d3896a600d79aee7d87 EBUILD iptables-1.6.2-r2.ebuild 3333 BLAKE2B 21d4bd596b61da1409a797c9883d612f5688ec15e144621028ba11872a184493440d636d998795b74be7f8856b39a184a24f25ac6ff56ff756fe66e3eaefc041 SHA512 6153c18419f192db0b9fccd7827ad41da201d3c25a298f0e2b823a97dd0b3d9bd6fa4dc9987ff62a0b8a0c1265b10ee71170385c2b5c5272c6183c0e21ae41bd EBUILD iptables-1.8.4-r2.ebuild 4650 BLAKE2B be3da4097de99e04dd3f684db117e592a0e810e5e6cc3a774ea44f23319c13aa6718f1401f93ba2f5c310c84e1ebc04c8863802152bcd1a59460a97cdab618f5 SHA512 1f07a463a5ee2f3cf8a8cdbdb7f63e312475d9eae3eba3f2874d9cb8e7e26f264b385f95e82fbc3e202e9330b2efb1ea61011b26549583cd4ae6574f02d929fa EBUILD iptables-1.8.5.ebuild 4641 BLAKE2B b5c2c268977571044129ee80fed8355aaa9d7e4ff0997470e74a333dc99e9268c77c75e22c9e284c226219fb0ff322d7f266b5d6a80b8a97ba5ee3a82668d8da SHA512 b72156cfd180c11ebef86b189082296c216cc727cffe1404884a0b0d1d7620d4ec688c0162d5dabf4e697343d9d4a2bbb4199a1f48efbda9044c84a1b1fd5d72 +EBUILD iptables-1.8.6.ebuild 4650 BLAKE2B 0fc25d74924b729fe9cf892946f0df8c495617e419b16d3c8c491c718493df891044ef4b0b4c6ebf47affdaccf8037ff51687eea571503b59890d5d978f1c3d3 SHA512 2f4e7e2ec09a069f969db5f5e8c9e4d383073a6796bccddad59ce5ca3fdfca2321920ba5ebdac33e93a377cc698830900af2cdace15819728464e33121806dbc MISC metadata.xml 1465 BLAKE2B c60f98672fb6153499b700a436b26b63c0f271c8f8519a3391e486b761ba673c362a7dc5e23b86e3af887270596a1682ea993e643a08215f670f7e3804f095bd SHA512 26bf7e3008dfd705995b15eccaaaa8c79fd488be191570a874b76571a2f9d4648a7c19eb576399ca7bbe849336d7d193f5b6b58a3ff83f87f3c157c53333e987 diff --git a/net-firewall/iptables/iptables-1.8.6.ebuild b/net-firewall/iptables/iptables-1.8.6.ebuild new file mode 100644 index 000000000000..b496e8ccd7eb --- /dev/null +++ b/net-firewall/iptables/iptables-1.8.6.ebuild @@ -0,0 +1,179 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +# Subslot reflects PV when libxtables and/or libip*tc was changed +# the last time. +SLOT="0/1.8.3" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="conntrack ipv6 netlink nftables pcap static-libs" + +BUILD_DEPEND=" + >=app-eselect/eselect-iptables-20200508 +" +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:0= + >=net-libs/libnftnl-1.1.6:0= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND="${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 +" +BDEPEND="${BUILD_DEPEND} + app-eselect/eselect-iptables + virtual/pkgconfig + nftables? ( + sys-devel/flex + virtual/yacc + ) +" +RDEPEND="${COMMON_DEPEND} + ${BUILD_DEPEND} + nftables? ( net-misc/ethertypes ) + !<net-firewall/ebtables-2.0.11-r1 + !<net-firewall/arptables-0.0.5-r1 +" + +PATCHES=( + "${FILESDIR}/iptables-1.8.4-no-symlinks.patch" + "${FILESDIR}/iptables-1.8.2-link.patch" +) + +src_prepare() { + # use the saner headers from the kernel + rm include/linux/{kernel,types}.h || die + + default + eautoreconf +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + local myeconfargs=( + --sbindir="${EPREFIX}/sbin" + --libexecdir="${EPREFIX}/$(get_libdir)" + --enable-devel + --enable-shared + $(use_enable nftables) + $(use_enable pcap bpf-compiler) + $(use_enable pcap nfsynproxy) + $(use_enable static-libs static) + $(use_enable ipv6) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-r2.init iptables + newconfd "${FILESDIR}"/${PN}-r1.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + dosym iptables /etc/init.d/ip6tables + newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables + fi + + if use nftables; then + # Bug 647458 + rm "${ED}"/etc/ethertypes || die + + # Bugs 660886 and 669894 + rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc xtables + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local default_iptables="xtables-legacy-multi" + if ! eselect iptables show &>/dev/null; then + elog "Current iptables implementation is unset, setting to ${default_iptables}" + eselect iptables set "${default_iptables}" + fi + + if use nftables; then + local tables + for tables in {arp,eb}tables; do + if ! eselect ${tables} show &>/dev/null; then + elog "Current ${tables} implementation is unset, setting to ${default_iptables}" + eselect ${tables} set xtables-nft-multi + fi + done + fi + + eselect iptables show +} + +pkg_prerm() { + elog "Unsetting iptables symlinks before removal" + eselect iptables unset + + if ! has_version 'net-firewall/ebtables'; then + elog "Unsetting ebtables symlinks before removal" + eselect ebtables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting ebtables symlinks to ebtables-legacy" + eselect ebtables set ebtables-legacy + fi + + if ! has_version 'net-firewall/arptables'; then + elog "Unsetting arptables symlinks before removal" + eselect arptables unset + elif [[ -z ${REPLACED_BY_VERSION} ]]; then + elog "Resetting arptables symlinks to arptables-legacy" + eselect arptables set arptables-legacy + fi + + # the eselect module failing should not be fatal + return 0 +} diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index 49e887338b11..77a0f4f3c18c 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -1,22 +1,17 @@ AUX libexec/nftables-mk.sh 1070 BLAKE2B 30d8109d74e7d8c4f51c753f676f91a1902ad42f6d68662f1191ff73d2a43a1bf49fb795f3763705f8aeb0a4f22cab0006a943e01adb188f1ef9eb05125dfdbd SHA512 a14e48f014f75c7e611bf2a653d9760804754febd1ae4543f78abbfbe60c79f5aa07c5fd53fe26bb74b48fcb8cb8aa78274771212e41c42db031e8c8ba7e81d2 AUX libexec/nftables.sh 3665 BLAKE2B 74362a4425e974e74e7b895980002f0ded2ecbb4731bbf956edb56ffb9f1ad394802c4eeab3af3735eba4d8e71572a5663e564ce4e7fad76c9715043b90c1b43 SHA512 6cb1ac0928ae2da5c69764d45c52a661a6d72698bb9edd6a603580d2f9bd82b59f2a2661e7569ade3a3b729459d115004f251ad6a5eac8cdf1d38c65bfa9349e AUX man-pages/gen-manpages.bash 1797 BLAKE2B c93cc311570abd674a12eb88711cf01664f437b8dc0fb4de36194f36671d92c35e04fcff6c56adcb0e642f089169f63ef063736398584e5e7ce799bf55acf2ff SHA512 ea3291412ce13d9dd463403fcc11c665c9de63edaabdecaf55e051b52b0ff845c9c7d63a6c4c08e4d2d94428815fe11daf9b7390081b4e9de4774e188b9ea677 -AUX nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch 1132 BLAKE2B 49d938450bd0e7b09266c2e49ac09aa2bde5f4ab945478a1c973cc05368a9338a5aee222c9638bd44a27f6e81233f3843e672ef3177e25f8e851a2c10edfda36 SHA512 31dce9d6508f36d8411ea834cbb35989067a93b0af2366f278d12aaf30b6fd9b70995e6ad21836e4b44ba009a77900057139d292053533330826ec496009de24 AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602 AUX nftables-mk.init 2090 BLAKE2B 62f56586ca4ba0acbd3ac41f4904041d625388771bbafc32833055a5f3c00f251e1d9a04bb41dd672f33d13a0825f7e4470a30d7e874df1abd41508148ef42b0 SHA512 819b2d60b42207cb70d95b700557e873fe18c5f6e8437683240beb317f773cf8e18755086e24652a9bcff49c6f96af8cd9e3f3b62c9f433779eff4e3f3935197 -AUX nftables-mk.init-r1 2125 BLAKE2B 2c7af02866a36de3e4312005eb139805bf3a6100e1825d05232436fa206b2961e02b47ab71d9f94300c151b561b5ac00c919cd84db76df0ab6bcf618b2fbf8c8 SHA512 97b9a154c35a088a9c866e2be7689448439490f4cb26fe50ef49ab6900564ea231cba137f3585bcb51cb2344d6f7d3e8ca8a7ed2e06d144a8359fb9564361d24 +AUX nftables-mk.init-r1 1970 BLAKE2B 9ece7da364eac76ef2ac401f4cc3ed558e926e8f07ab43f084de819098e9543bda0a9a8d40375e4e01dd6e53b92d744acf8f3caaeab1c3678ca84b1f48d59685 SHA512 9f1e491ba5fd8a1173eb055bfa5a0de3c040c158e7d54848fcd373a5f4c4041df6fb9ddc5b0e8fdfd78243665c627b8767816bcf94dd142b441b21227206fef3 AUX nftables.confd 655 BLAKE2B 5512be1edd43e270941de3d9b66fda69e4afd7c7e6e970b232a044c2fd64f8e50b9b55a4fe670174c3eabf3d176ee0158c1043baec4b76b0802e7e97bc862fcf SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 AUX nftables.init 3069 BLAKE2B 68c6b2b81995bd909c00cc3527f891f04d0dd30532cd821c89b59fc7e3ea0dff0e98d767cee2c00a5462023fdf6f59e813dec7063768a34187f2404377e498f7 SHA512 ca761be0440945b21d5b002468baffb3299d0a3ac244aa895734dfdfaf442e7a73b757bcda99d958582064411d1b80b2cbcb4eb532bb219b4df407c9ed892661 -AUX nftables.init-r1 2125 BLAKE2B 2c7af02866a36de3e4312005eb139805bf3a6100e1825d05232436fa206b2961e02b47ab71d9f94300c151b561b5ac00c919cd84db76df0ab6bcf618b2fbf8c8 SHA512 97b9a154c35a088a9c866e2be7689448439490f4cb26fe50ef49ab6900564ea231cba137f3585bcb51cb2344d6f7d3e8ca8a7ed2e06d144a8359fb9564361d24 +AUX nftables.init-r1 2279 BLAKE2B 1c4c28ea5b6a22905b3ec7de8e54726933b579352ecd799b7641384a138ffa2d4a2deb87d84ef5d75a43ae30759f1550d611c2560096bb5083cae9bb834be2bb SHA512 2165223bfd4f300b9cc01f604347fc5167f68515174b0d116b667bd05f4baf8c2f931e482f632975a8be371c2147951d9407f397ea4dbcbac79a6738cbd23015 AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f11a8df6621c3c919e30a1ec1213f6db822c390609c01827fe9fc75c540effa3e3a7b6f93bd24e16ea19841bbfaab796ed SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0 -DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43 -DIST nftables-0.9.4-manpages.tar.xz 38580 BLAKE2B bb561c7824d032ecfff5c98af10c95af6f5188377f43de8398be7e503adff0441d49fa3e2cefcb646927cc1a4222957f0cc75d5ad4c770ef3a3f8cb8a677c5ce SHA512 1b94ff06ceccf75bbefbf64496d5fa0b492907d7ec5fe41f7808c6e239b2a0a42e88d61e35e22485abee7e4bd382178e962a7c5b113433247ca329cbfa408bca -DIST nftables-0.9.4.tar.bz2 792788 BLAKE2B 3f2d8ff3bcfe3ab815ee369c4937adef5e5730edee8ea59b32031732802e608bcb47ddd3e55303ad6c295158aff51b2f2c069d98600db83d732ff78836c7abb5 SHA512 cef5b5f26f3a2893a3eb1323f1f0ecfd6e2865e0eb040e9b7da5824e5be2274b888e661abe96e828add9e951f47303e30cb7c9238d267a031c0f99b5f3b6e2c0 DIST nftables-0.9.6.tar.bz2 859481 BLAKE2B 0ede36370d9f8b75d0179f8f28077124d47132413417382b737508c7ef81c7d2891e1934e69c1ef5af5450ac13c9a914d37bb62ebf40fb91fa048b4ec3a24c90 SHA512 ca6524ff1cb1e79d636afeb96f54e4699773e1cbda8e9a3ec5728f4d5b764c0df16b195cdcc0e304ae5643c8761b6b5a6685c737965a7415aec07aeb9f3dc5df -EBUILD nftables-0.9.3-r1.ebuild 3755 BLAKE2B 38553f667a6726ff06e3c92392357c73470d0cf79f2929ab2c96d7955dbd94259f966a86f5db2409aa1f6600bd88d8fb96959ccde7b99c462e3afd239e956e7c SHA512 45fd13e018453f1f9d78284454f677920a3fa11c7bad32670592d669836bc0465b54e2f949499e4a362e7a261911321a088d4d15abfadc7858ab7117454e3d72 -EBUILD nftables-0.9.4-r1.ebuild 3782 BLAKE2B aa3edaa13d0c0032819476c5fdfbe3a1119b815d8d167eafe48c49f36dd49780c80020045418e084ce1c6bdc5b56ffc7a511c50c356b6ccdb44c36ef41899465 SHA512 741af7b9f7b07ee5b6133170637ae819e5d8d190cda398087b7b26f7e7e377df975f2cc72f0b706707073e029b905a8284bb9a13875cda869ec7df9767faa55e -EBUILD nftables-0.9.4-r2.ebuild 4131 BLAKE2B d30066d0eef62040e79e2099bb1db6f49667177e0f7099f0a928ee87f80664b6069b26a6ba954b38e32179e6734b564290ae8466cd8f90d79b2ee1bbc3126d2b SHA512 f777309e620845e89d32596adcd270c2961111168d11d68d9b1cd75b97a60fb3213238b60d7190559eec478d9e08e09c89de8e54bb048c59a51cfb1b412831fc -EBUILD nftables-0.9.6-r1.ebuild 4232 BLAKE2B 5b5f45650c133f374ba23e550a96b0e44f114d754aeeb15368139de6746d558206a899aa5e5cf1af70631eee4feccbc944a1132e9e5b35ac18ad7fae9071cf45 SHA512 a7adb1f95aecb0e0ad9b8876b4b9b9a8768a9072f99ae1d36f4bfbf3716834d0cac70673c5df902b89300073de31f4bb6aee0f0f37b5c01d71dd0d3391f171d0 +DIST nftables-0.9.7.tar.bz2 872759 BLAKE2B 25218d97bd5a102b626a2c4beb37a59da2f6c1a8ead49b18375154ff88da536dfac7442aef2c10d2f6e20e6b51c5760a692960da35b82ab335a58e48189e3ae8 SHA512 174cf2d788dfd21f6709ccdc59060580aff904c3d906bac57d07c1b813b2cfdba895205d8342d722460b813f3504d598b82ac2d8a93af5964569b378b9598455 +EBUILD nftables-0.9.6-r1.ebuild 4231 BLAKE2B b1fdeb97da92be160d9822fa062d45926f28710c31f570e045984b3e89ec027e3c4b0e64e22b6538d1ebae3bdf5df3d65efb0fc969e5b9c75da9a61ec2d9b880 SHA512 d163480c49b3167da05cdd2384bbd3042fcdc6f4b0083a3bc07903286ab43abe169e3594536ca371430ef238fe07d76d3aab9662906422872a981b92ce0fad18 EBUILD nftables-0.9.6.ebuild 4225 BLAKE2B f1138e820093a380fd9e4410e7dee42be398e1e59b15da5f93ab108d2b872c56a76b773745d682ba44b3af1aad9dc9f14c118c7a2600c19121a969fbdfdb45ec SHA512 10ed38eb158b2a55831da59ae392da2b41c6e57e296a7ab015f7d890ae21beb5d2aa03c584bb6637213f0e2fa5b07c2638a4587df838949224001f00cd2116ac -EBUILD nftables-9999.ebuild 4422 BLAKE2B 2385d84bddc4a46e89d3bea0c8aadc9d0ec09ac8802110c72c44006f6271c0ef1bd54a26b4f78e79a2c769b28fb034da27348cbc30fce6b12ad2e1a0779d1db8 SHA512 5792064de6860d4004ca1d68f0c8db49e850cf4bb14307d857ffb9f4d3c047ea4a20357cc9c2282328feaa5b121707408991f7fbbec05e345ba24aa2a38d6d09 +EBUILD nftables-0.9.7-r1.ebuild 4232 BLAKE2B 86bad483fbfd191f1e98f875fa83849350fa1944f15f87fd0b6d64efc11bc7b447996765ce48f332d67ec1c8b3f3b2f333455c23c87430f69b8cfc8633ab9919 SHA512 380f8d040137eb8050c9d547bca641a6a3adcf57af2a9d3504bb269cc1a110a5bc3e9fa5c31462cb3983ffe42b690c25a276f6bb6ab7c8dc053dd9f2c382f0a2 +EBUILD nftables-9999.ebuild 4425 BLAKE2B 8c6d1c5f3541146a6819029a8037e8644eb1e35fafa7a654496ad704e950e611caabf2c1f57bb27f26d52cd48d488fa7a271223b6651003611abbf1e2bc28e25 SHA512 c4ddd1e32cbeeba681b9919a442d2fbfb7b2b9c17cbf0618803843ea984b20e8b6b4c77fe6c09b90433a004816ac2a8555794dfca5e622f00953bd25696be9fe MISC metadata.xml 918 BLAKE2B 8c2c39f04e2c5591ea06788788d244bddc1cdc25780810b2a19e131d43d0bdf964d2129c01605fc536451cb9a3354420a1c2f656dad45c56dec4f360a95fe473 SHA512 08de9d11f48dcb132eb5423de56b458dd4c4122329b84b56c252436c882b7670233f2217cc01755649f27e14ff9346cf99e3a742224567e712f5cb3678165dcf diff --git a/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch b/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch deleted file mode 100644 index 6eb708596255..000000000000 --- a/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3c83e2bca90b697e7c98f849319f1ad015dcdb86 Mon Sep 17 00:00:00 2001 -From: Matt Turner <mattst88@gmail.com> -Date: Tue, 7 Apr 2020 13:16:59 -0700 -Subject: [PATCH nftables 2/2] build: Allow building from tarballs without - yacc/lex - -The generated files are included in the tarballs already, but -configure.ac was coded to fail if yacc/lex were not found regardless. - -Signed-off-by: Matt Turner <mattst88@gmail.com> ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index a04d94bc..3496e410 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -29,13 +29,13 @@ AC_PROG_SED - AM_PROG_LEX - AC_PROG_YACC - --if test -z "$ac_cv_prog_YACC" -+if test -z "$ac_cv_prog_YACC" -a ! -f "${srcdir}/src/parser_bison.c" - then - echo "*** Error: No suitable bison/yacc found. ***" - echo " Please install the 'bison' package." - exit 1 - fi --if test -z "$ac_cv_prog_LEX" -+if test -z "$ac_cv_prog_LEX" -a ! -f "${srcdir}/src/scanner.c" - then - echo "*** Error: No suitable flex/lex found. ***" - echo " Please install the 'flex' package." --- -2.24.1 - diff --git a/net-firewall/nftables/files/nftables-mk.init-r1 b/net-firewall/nftables/files/nftables-mk.init-r1 index 45b2abdbda77..1f03301c0535 100644 --- a/net-firewall/nftables/files/nftables-mk.init-r1 +++ b/net-firewall/nftables/files/nftables-mk.init-r1 @@ -20,7 +20,7 @@ checkkernel() { } checkconfig() { - if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then + if [ -z "${NFTABLES_SAVE}" ] || [ ! -f "${NFTABLES_SAVE}" ] ; then eerror "Not starting nftables. First create some rules then run:" eerror "/etc/init.d/${SVCNAME} save" return 1 @@ -28,6 +28,11 @@ checkconfig() { return 0 } +_nftables() { + export NFTABLES_SAVE SAVE_OPTIONS + /usr/libexec/nftables/nftables.sh "${@}" +} + start_pre() { checkconfig || return 1 checkkernel || return 1 @@ -36,8 +41,8 @@ start_pre() { start() { ebegin "Loading ${SVCNAME} state and starting firewall" - /usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}" - eend $? + _nftables load "${NFTABLES_SAVE}" + eend ${?} } stop() { @@ -47,13 +52,13 @@ stop() { ebegin "Stopping firewall" if [ "${PANIC_ON_STOP}" = "hard" ]; then - /usr/libexec/nftables/nftables.sh panic + _nftables panic elif [ "${PANIC_ON_STOP}" = "soft" ]; then - /usr/libexec/nftables/nftables.sh soft_panic + _nftables soft_panic else - /usr/libexec/nftables/nftables.sh clear + _nftables clear fi - eend $? + eend ${?} } reload() { @@ -63,43 +68,42 @@ reload() { clear() { ebegin "Clearing rules" - /usr/libexec/nftables/nftables.sh clear - eend $? + _nftables clear + eend ${?} } list() { - /usr/libexec/nftables/nftables.sh list + _nftables list } check() { ebegin "Checking rules" - /usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}" - eend $? + _nftables check "${NFTABLES_SAVE}" + eend ${?} } save() { ebegin "Saving ${SVCNAME} state" checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - SAVE_OPTIONS="${SAVE_OPTIONS}" \ - /usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}" - eend $? + _nftables store "${NFTABLES_SAVE}" + eend ${?} } panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap + if service_started "${SVCNAME}"; then + rc-service "${SVCNAME}" zap fi ebegin "Dropping all packets" - /usr/libexec/nftables/nftables.sh panic - eend $? + _nftables panic + eend ${?} } soft_panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap + if service_started "${SVCNAME}"; then + rc-service "${SVCNAME}" zap fi ebegin "Dropping new connections" - /usr/libexec/nftables/nftables.sh soft_panic - eend $? + _nftables soft_panic + eend ${?} } diff --git a/net-firewall/nftables/files/nftables.init-r1 b/net-firewall/nftables/files/nftables.init-r1 index 45b2abdbda77..60f1632f4551 100644 --- a/net-firewall/nftables/files/nftables.init-r1 +++ b/net-firewall/nftables/files/nftables.init-r1 @@ -1,105 +1,129 @@ #!/sbin/openrc-run +# Copyright 2014-2017 Nicholas Vinson # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -extra_commands="check clear list panic save soft_panic" +extra_commands="clear list panic save" extra_started_commands="reload" - depend() { need localmount #434774 before net } -checkkernel() { - if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then - eerror "Your kernel lacks nftables support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 +_nftables() { + export NFTABLES_SAVE SAVE_OPTIONS + /usr/libexec/nftables/nftables.sh "${@}" } -checkconfig() { - if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then - eerror "Not starting nftables. First create some rules then run:" - eerror "/etc/init.d/${SVCNAME} save" - return 1 - fi +start_pre() { + checkkernel || return 1 + checkconfig || return 1 return 0 } -start_pre() { - checkconfig || return 1 - checkkernel || return 1 - check || return 1 +clear() { + _nftables clear || return 1 + return 0 } -start() { - ebegin "Loading ${SVCNAME} state and starting firewall" - /usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}" - eend $? +list() { + _nftables list || return 1 + return 0 } -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 +panic() { + checkkernel || return 1 + if service_started "${RC_SVCNAME}"; then + rc-service "${RC_SVCNAME}" stop fi - ebegin "Stopping firewall" - if [ "${PANIC_ON_STOP}" = "hard" ]; then - /usr/libexec/nftables/nftables.sh panic - elif [ "${PANIC_ON_STOP}" = "soft" ]; then - /usr/libexec/nftables/nftables.sh soft_panic - else - /usr/libexec/nftables/nftables.sh clear + ebegin "Dropping all packets" + clear + if nft create table ip filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi + if nft create table ip6 filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip6 filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF fi - eend $? } reload() { - start_pre || return 1 + checkkernel || return 1 + ebegin "Flushing firewall" + clear start } -clear() { - ebegin "Clearing rules" - /usr/libexec/nftables/nftables.sh clear - eend $? +save() { + ebegin "Saving nftables state" + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" + checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + export SAVE_OPTIONS + _nftables store "${NFTABLES_SAVE}" + return $? } -list() { - /usr/libexec/nftables/nftables.sh list +start() { + ebegin "Loading nftables state and starting firewall" + clear + _nftables load "${NFTABLES_SAVE}" + eend ${?} } -check() { - ebegin "Checking rules" - /usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}" - eend $? -} +stop() { + if yesno "${SAVE_ON_STOP:-yes}"; then + save || return 1 + fi -save() { - ebegin "Saving ${SVCNAME} state" - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" - checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - SAVE_OPTIONS="${SAVE_OPTIONS}" \ - /usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}" - eend $? + ebegin "Stopping firewall" + clear + eend ${?} } -panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap +checkconfig() { + if [ ! -f "${NFTABLES_SAVE}" ]; then + eerror "Not starting nftables. First create some rules then run:" + eerror "rc-service nftables save" + return 1 fi - ebegin "Dropping all packets" - /usr/libexec/nftables/nftables.sh panic - eend $? + return 0 } -soft_panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap +checkkernel() { + if ! nft list tables >/dev/null 2>&1; then + eerror "Your kernel lacks nftables support, please load" + eerror "appropriate modules and try again." + return 1 fi - ebegin "Dropping new connections" - /usr/libexec/nftables/nftables.sh soft_panic - eend $? + return 0 } diff --git a/net-firewall/nftables/nftables-0.9.3-r1.ebuild b/net-firewall/nftables/nftables-0.9.3-r1.ebuild deleted file mode 100644 index 40a505c31ae9..000000000000 --- a/net-firewall/nftables/nftables-0.9.3-r1.ebuild +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" -#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~ia64 ~ppc64 ~sparc x86" -IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.3:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.5:0= - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND=" - doc? ( app-text/asciidoc ) - >=app-text/docbook2X-0.8.8-r4 - sys-devel/bison - sys-devel/flex - virtual/pkgconfig -" - -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -#S="${WORKDIR}/v${PV}" - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - ${@} -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python ; then - python_foreach_impl python_make - fi -} - -src_install() { - default - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - python_foreach_impl python_make install - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemd_enable_service basic.target ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart " - elog "the nftables-restore service must be manually started in order to " - elog "save those rules on shutdown." -} diff --git a/net-firewall/nftables/nftables-0.9.4-r1.ebuild b/net-firewall/nftables/nftables-0.9.4-r1.ebuild deleted file mode 100644 index 9cd3da3f64c2..000000000000 --- a/net-firewall/nftables/nftables-0.9.4-r1.ebuild +++ /dev/null @@ -1,147 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" -#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86" -IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.3:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.6:0= - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND=" - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - sys-devel/bison - sys-devel/flex - virtual/pkgconfig -" - -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -#S="${WORKDIR}/v${PV}" - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - ${@} -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python ; then - python_foreach_impl python_make - fi -} - -src_install() { - default - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - python_foreach_impl python_make install - python_foreach_impl python_optimize - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart " - elog "the nftables-restore service must be manually started in order to " - elog "save those rules on shutdown." -} diff --git a/net-firewall/nftables/nftables-0.9.6-r1.ebuild b/net-firewall/nftables/nftables-0.9.6-r1.ebuild index be001c0ddd6b..b04e5f2d0815 100644 --- a/net-firewall/nftables/nftables-0.9.6-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.6-r1.ebuild @@ -13,7 +13,7 @@ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 sparc ~x86" IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" diff --git a/net-firewall/nftables/nftables-0.9.4-r2.ebuild b/net-firewall/nftables/nftables-0.9.7-r1.ebuild index cf8385c7c2b5..99305e2ed641 100644 --- a/net-firewall/nftables/nftables-0.9.4-r2.ebuild +++ b/net-firewall/nftables/nftables-0.9.7-r1.ebuild @@ -3,15 +3,13 @@ EAPI=7 -PYTHON_COMPAT=( python3_{6,7,8} ) +PYTHON_COMPAT=( python3_{6,7,8,9} ) inherit autotools linux-info python-r1 systemd DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" HOMEPAGE="https://netfilter.org/projects/nftables/" -#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2 - !doc? ( https://dev.gentoo.org/~chutzpah/dist/nftables/${P}-manpages.tar.xz )" +SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" @@ -19,12 +17,12 @@ KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86" IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" - >=net-libs/libmnl-1.0.3:0= + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.1.8:0= gmp? ( dev-libs/gmp:0= ) json? ( dev-libs/jansson ) python? ( ${PYTHON_DEPS} ) readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.6:0= xtables? ( >=net-firewall/iptables-1.6.1 ) " @@ -38,15 +36,9 @@ BDEPEND=" virtual/pkgconfig " -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -#S="${WORKDIR}/v${PV}" - -PATCHES=( - # this has been sent upstream, see - # https://marc.info/?l=netfilter-devel&m=158629102300853 - "${FILESDIR}/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch" -) +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) +" python_make() { emake \ @@ -54,7 +46,7 @@ python_make() { abs_builddir="${S}" \ DESTDIR="${D}" \ PYTHON_BIN="${PYTHON}" \ - ${@} + "${@}" } pkg_setup() { @@ -100,7 +92,7 @@ src_configure() { src_compile() { default - if use python ; then + if use python; then python_foreach_impl python_make fi } @@ -109,7 +101,7 @@ src_install() { default if ! use doc; then - pushd "${WORKDIR}/${P}-manpages" >/dev/null || die + pushd doc >/dev/null || die doman *.? popd >/dev/null || die fi @@ -119,7 +111,7 @@ src_install() { exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} keepdir /var/lib/nftables systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service @@ -148,11 +140,23 @@ pkg_postinst() { ewarn " 'chmod 600 \"${save_file}\"'" fi - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart " - elog "the nftables-restore service must be manually started in order to " - elog "save those rules on shutdown." + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi } diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild index 989c4f467e91..1cc0dea3eb82 100644 --- a/net-firewall/nftables/nftables-9999.ebuild +++ b/net-firewall/nftables/nftables-9999.ebuild @@ -29,11 +29,11 @@ IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.1.8:0= gmp? ( dev-libs/gmp:0= ) json? ( dev-libs/jansson ) python? ( ${PYTHON_DEPS} ) readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.8:0= xtables? ( >=net-firewall/iptables-1.6.1 ) " @@ -122,7 +122,7 @@ src_install() { exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} keepdir /var/lib/nftables systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service |