summaryrefslogtreecommitdiff
path: root/net-firewall
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/Manifest.gzbin5550 -> 5544 bytes
-rw-r--r--net-firewall/nftables/Manifest9
-rw-r--r--net-firewall/nftables/files/libexec/nftables-mk.sh2
-rwxr-xr-xnet-firewall/nftables/files/libexec/nftables.sh1
-rw-r--r--net-firewall/nftables/nftables-0.9.0-r5.ebuild103
-rw-r--r--net-firewall/nftables/nftables-0.9.1-r1.ebuild (renamed from net-firewall/nftables/nftables-0.9.1.ebuild)10
-rw-r--r--net-firewall/nftables/nftables-0.9.2-r1.ebuild (renamed from net-firewall/nftables/nftables-0.9.2.ebuild)10
7 files changed, 126 insertions, 9 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index aa41a306dc84..c845c32d8bc4 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
Binary files differ
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index f58bed582810..ac79c8678730 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,5 +1,5 @@
-AUX libexec/nftables-mk.sh 1071 BLAKE2B 0377d7ddbf11a8e897050a715b1313db95ba5f19832d882357f6083bb7a890a2fdf1d97a9b3730ad341f58539655b22989b18b29358645eb5b4d597e800b382a SHA512 4e2901de1d8d9488939bc052bd3f6362cba1855138e0577630db4bc1d9e352d9ab0a54e3c5c8bf0daecf56b9471f445eb9770879ea29b7e7961a576d65f49647
-AUX libexec/nftables.sh 3643 BLAKE2B 83818eb88db2d30c58b348e12b5c5baf7599f4e301ac12455a70f1c98e369e4febab3020ddb1c5b83e6d3777b3a98bd30a5baf73d90ac00e1278d88fc1565b8b SHA512 efc9b4f9520c78b6248f16bd5708669872e8abf949f6f4b81182f331f8532dfeaae2df648e8878e9b5cbd66c0259daab71035ea922754807654b2b3bc86b4352
+AUX libexec/nftables-mk.sh 1070 BLAKE2B 30d8109d74e7d8c4f51c753f676f91a1902ad42f6d68662f1191ff73d2a43a1bf49fb795f3763705f8aeb0a4f22cab0006a943e01adb188f1ef9eb05125dfdbd SHA512 a14e48f014f75c7e611bf2a653d9760804754febd1ae4543f78abbfbe60c79f5aa07c5fd53fe26bb74b48fcb8cb8aa78274771212e41c42db031e8c8ba7e81d2
+AUX libexec/nftables.sh 3665 BLAKE2B 74362a4425e974e74e7b895980002f0ded2ecbb4731bbf956edb56ffb9f1ad394802c4eeab3af3735eba4d8e71572a5663e564ce4e7fad76c9715043b90c1b43 SHA512 6cb1ac0928ae2da5c69764d45c52a661a6d72698bb9edd6a603580d2f9bd82b59f2a2661e7569ade3a3b729459d115004f251ad6a5eac8cdf1d38c65bfa9349e
AUX nftables-0.9.1-avoid_dive_into_py_subdir.patch 1097 BLAKE2B dfb2b75226f54ec6af270de97edc10d065e5a9842654e8c6e5c13f3dbc7550e9a4bce90626418bf618d5111c4fbea4a361797e794150923286454c8fe4386b4f SHA512 cbcbd8897f3659771edf53df26f2741e0803d1e8d48180889d687122f986d39f412a88afd1c6d4cf0b7709d024d0c648065dd30714d1401718068291320b84e0
AUX nftables-0.9.1-python_build.patch 1490 BLAKE2B 9cd50eaa93c315752f545827acc03629a349e46542ac884783b4494a8ec8d37d2270de9c13d67c49b91ba1ba510f32cd0fdde520a01957527633c1b860f3c3d3 SHA512 d3cd35b42203112b4423cb89eff51bccb63e18f2a325cf9b486cc8db367892d1afea941198a66c6a671df9324bd7cab39ed4cba7d0447f6bff10861a5cdcfda5
AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602
@@ -11,6 +11,7 @@ DIST nftables-0.9.0.tar.gz 417981 BLAKE2B 4dfba4d71928f1694ffeb4871353fc373d88e2
DIST nftables-0.9.1.tar.bz2 764066 BLAKE2B 26b194d6b3b970c05348c32a3ab21e8c25fcdb0d09d3d6b467198ba23a5bb44e7b6450d3efb86c39a488df4a837885c4a1ab96c197d5449f7de49b7b18ff5f90 SHA512 e14b75197ba3fea2a46c090450bf8b45b39fdc20db67bab1d6919c90128dee8ea8bbe9508e070f86b22ec70bcad8ab584fb89630a2240f09683137471c77d242
DIST nftables-0.9.2.tar.bz2 779850 BLAKE2B 40bf9ed956a126048f27b343afc7aa4f6e34f35dc91127402cb127903f8150d212c80491fef2b54c18a63ca065608521062b3f6a2dd78969bdbf4d7d8a5a751d SHA512 2d83b104af0d70f99a16c2e40afdb9bf89bd984323810e2895976c5e2e346bf09dd88850a391f295e335279adfdd39d34c13610cf8e6b801499dc0df2a5cecf6
EBUILD nftables-0.9.0-r4.ebuild 2497 BLAKE2B 17916257a8fd7934348d4ceddcbead2c50a24954bff6b50e9f13ec5da2351935c3310be2c6749bfb94141523ca2157e6fe84d89bb7b56914f4f3a0553b7e58b8 SHA512 bf2036978cc0412b677c9117512db14c7344747e19f3fe1b2ef6a7d2b750cf64b33c41bdfaae55f8cfdda19c7f376faadd16a626816672a05b70b11d77231ffc
-EBUILD nftables-0.9.1.ebuild 3439 BLAKE2B cc4cc8af10d494b52a1b1c1cb826983fbe04bf62d7c11aa25bb7c8b11189feeb6e69b2437276574ff0dd9f41d680fcf3e5b19f4d62e17324a3129eeb4c521594 SHA512 dc05bd17223ad8106259170681b2ca55af02842ea1f1eb9f809b93f829c0930a9cfdd06df8922faf6c5d8e54b2d59ebc5516da1ba7eaa8b264e04aa6466fc4ad
-EBUILD nftables-0.9.2.ebuild 3342 BLAKE2B 05e99227df28fcd6b9d7f70e1295b2ca0997e84d15eeabb0cefb2dbcc9c91eae6637f98e08aa7fef98bb541ba620c53c881e729a735e6aff26a1465499b6ebe9 SHA512 c191d5a43ef0bde4f0ac85c9b702d2999744c25ede558103e648b4aa5c8b9c140b1839a0a655e203868dc80e2319948161ebb942bc2c6db4c0bae9dfac7a5a1c
+EBUILD nftables-0.9.0-r5.ebuild 2875 BLAKE2B d8b081a9530c56d04a353b7512b405066bb0db152cbbcb375a2aeca7a84769c28cd78d50401abe71042bb4be51c4eb5ce660633fc682c22c0a0b0f97e4b8a93e SHA512 edba9fae6e9e0eb78cadeaffb65d26bf3373b219bdf1bf3548495b23443949d2007a033805d310d9f963def5dc3edcb95e13677f551b1010eaed95f791f11d72
+EBUILD nftables-0.9.1-r1.ebuild 3813 BLAKE2B 3f9a5e868ec743ad2fb702d8fe07b2bb4e0bb5da6a34a4daf2b3ae69ea2bcb799c0093b2ced4884e4904cd032cdd50738db8b8167fefa3e8d5cf27d8942c7d8d SHA512 b3cd2e1acb1cfb01b9ef74ff37230c5b4762453639c06ddeba889d6b832a5adcc7b587143f02e20388afd989811243d504a603c5dcc99d1a068e34a7ef5d9e60
+EBUILD nftables-0.9.2-r1.ebuild 3716 BLAKE2B 89a0ad3d4adfab23299b1908d80aee7469e73f90ab3360524e7636f4f2025afc3bceefdd21d56568f2b4e00b9ff36d5c68c62999495aab5bfc0ba1344fe5e8b3 SHA512 638f9b38806ccd4279ce9038ccbd45925d10adf7311b52d555c4ba70ec29d97eb4f3d76a0afac2f22529940efc21264e68005ecf7cc0fffc2923c8a1a6f2cc69
MISC metadata.xml 918 BLAKE2B 16404ad621319f8a8e93e39d8586aaadb0f6fc6989ee928605a8e5e00f581c5f84b11b9718958667a2f76722950a893e5d6097ff2f242961998ac7b092901489 SHA512 27413ba6b81e930b13ae55292d1c308b54b173cf120430d5462313cd8052834bd01e272978b3ba1d4b9f1be99215a90446b2e93bd0a502d328182706be40f02d
diff --git a/net-firewall/nftables/files/libexec/nftables-mk.sh b/net-firewall/nftables/files/libexec/nftables-mk.sh
index b3d7db60d7fe..27defe3c1c31 100644
--- a/net-firewall/nftables/files/libexec/nftables-mk.sh
+++ b/net-firewall/nftables/files/libexec/nftables-mk.sh
@@ -24,7 +24,7 @@ main() {
;;
"store")
local tmp_save="${NFTABLES_SAVE}.tmp"
- umask 600;
+ umask 177
(
printf '#!/sbin/nft -f\nflush ruleset\n'
nft ${SAVE_OPTIONS} list ruleset
diff --git a/net-firewall/nftables/files/libexec/nftables.sh b/net-firewall/nftables/files/libexec/nftables.sh
index cc55f8566000..557b454a9115 100755
--- a/net-firewall/nftables/files/libexec/nftables.sh
+++ b/net-firewall/nftables/files/libexec/nftables.sh
@@ -25,6 +25,7 @@ main() {
retval=$?
;;
"store")
+ umask 177
local tmp_save="${NFTABLES_SAVE}.tmp"
if ! use_legacy; then
nft ${SAVE_OPTIONS} list ruleset > ${tmp_save}
diff --git a/net-firewall/nftables/nftables-0.9.0-r5.ebuild b/net-firewall/nftables/nftables-0.9.0-r5.ebuild
new file mode 100644
index 000000000000..d98c11e37e4c
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.0-r5.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools linux-info systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86"
+IUSE="debug doc +gmp json +modern_kernel +readline"
+
+RDEPEND=">=net-libs/libmnl-1.0.3:0=
+ gmp? ( dev-libs/gmp:0= )
+ json? ( dev-libs/jansson )
+ readline? ( sys-libs/readline:0= )
+ >=net-libs/libnftnl-1.1.1:0="
+
+DEPEND="${RDEPEND}
+ >=app-text/docbook2X-0.8.8-r4
+ doc? ( >=app-text/dblatex-0.3.7 )
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig"
+
+S="${WORKDIR}/v${PV}"
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ if use modern_kernel && kernel_is lt 3 18; then
+ eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+ fi
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable debug)
+ $(use_enable doc pdf-doc)
+ $(use_with !gmp mini_gmp)
+ $(use_with json)
+ $(use_with readline cli)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+
+ local mksuffix=""
+ use modern_kernel && mksuffix="-mk"
+
+ exeinto /usr/libexec/${PN}
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+ docinto /usr/share/doc/${PF}/skels
+ dodoc "${D}"/etc/nftables/*
+ rm -R "${D}"/etc/nftables
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT%/}/var/lib/nftables/rules-save"
+
+ # In order for the nftables-restore systemd service to start
+ # the save_file must exist.
+ if [[ ! -f "${save_file}" ]]; then
+ touch "${save_file}"
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
+ fi
+
+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
+ elog "will need to enable the nftables-restore service."
+ elog " 'systemd_enable_service basic.target ${PN}-restore.service'"
+ elog
+ elog "If you are creating firewall rules before the next system restart "
+ elog "the nftables-restore service must be manually started in order to "
+ elog "save those rules on shutdown."
+}
diff --git a/net-firewall/nftables/nftables-0.9.1.ebuild b/net-firewall/nftables/nftables-0.9.1-r1.ebuild
index db6f707d58c6..5752d73a1b96 100644
--- a/net-firewall/nftables/nftables-0.9.1.ebuild
+++ b/net-firewall/nftables/nftables-0.9.1-r1.ebuild
@@ -129,8 +129,14 @@ pkg_postinst() {
# In order for the nftables-restore systemd service to start
# the save_file must exist.
- if [[ ! -f ${save_file} ]]; then
- touch ${save_file}
+ if [[ ! -f "${save_file}" ]]; then
+ touch "${save_file}"
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
fi
elog "If you wish to enable the firewall rules on boot (on systemd) you"
diff --git a/net-firewall/nftables/nftables-0.9.2.ebuild b/net-firewall/nftables/nftables-0.9.2-r1.ebuild
index 112b5f0b9afb..d35797947814 100644
--- a/net-firewall/nftables/nftables-0.9.2.ebuild
+++ b/net-firewall/nftables/nftables-0.9.2-r1.ebuild
@@ -124,8 +124,14 @@ pkg_postinst() {
# In order for the nftables-restore systemd service to start
# the save_file must exist.
- if [[ ! -f ${save_file} ]]; then
- touch ${save_file}
+ if [[ ! -f "${save_file}" ]]; then
+ touch "${save_file}"
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
fi
elog "If you wish to enable the firewall rules on boot (on systemd) you"