blob: dd7a313409cf644857f3516163c440e1c5858d50 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# Copyright 2023-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
MODULES_OPTIONAL_IUSE="+modules"
inherit flag-o-matic linux-mod-r1
XTABLES_MODULES=(
account chaos delude dhcpmac dnetmap echo ipmark logmark
proto sysrq tarpit asn condition fuzzy geoip gradm iface
ipp2p ipv4options length2 lscan pknock psd quota2
)
MODULES_KERNEL_MIN=4.15
DESCRIPTION="iptables extensions not yet accepted in the main kernel"
HOMEPAGE="
https://inai.de/projects/xtables-addons/
https://codeberg.org/jengelh/xtables-addons/
"
SRC_URI="https://inai.de/files/xtables-addons/${P}.tar.xz"
LICENSE="GPL-2+"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="${XTABLES_MODULES[*]/#/xtables_addons_}"
XTABLES_SCRIPTS_DEPEND="
app-arch/unzip
dev-perl/Net-CIDR-Lite
dev-perl/Text-CSV_XS
virtual/perl-Getopt-Long
"
DEPEND="net-firewall/iptables:="
RDEPEND="
${DEPEND}
xtables_addons_asn? ( ${XTABLES_SCRIPTS_DEPEND} )
xtables_addons_geoip? ( ${XTABLES_SCRIPTS_DEPEND} )
"
pkg_setup() {
local CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK"
if use xtables_addons_pknock; then
CONFIG_CHECK+=" ~CONNECTOR"
local ERROR_CONNECTOR="CONFIG_CONNECTOR: is not set but is needed to receive userspace
notifications from pknock through netlink/connector"
fi
linux-mod-r1_pkg_setup
}
src_prepare() {
default
local mod modules
mapfile -t modules < <(sed -En 's/^build_(.+)=.*/\L\1/p' mconfig || die)
[[ ${modules[*]} == "${XTABLES_MODULES[*]}" ]] ||
die "XTABLES_MODULES needs to be updated to: '${modules[*]}'"
for mod in "${modules[@]}"; do
use xtables_addons_${mod} || sed -i "/^build_${mod}=/Id" mconfig || die
done
}
src_configure() {
# Uses CFLAGS for tools, and it may mismatch with the kernel's CC
# FIXME?: ideally would want to build tools with normal CC
use modules && CC=${KERNEL_CC} strip-unsupported-flags
local econfargs=(
# TODO?: should move to ${EPREFIX}/usr + use default libexecdir by now
# (matching documentation), but could be a disruptive change for users
# with xt_asn/geoip_* paths they may have hardcoded in scripts
--prefix="${EPREFIX:-/}"
--libexecdir="${EPREFIX}"/$(get_libdir)
$(usex modules --with-kbuild="${KV_OUT_DIR}" --without-kbuild)
)
econf "${econfargs[@]}"
}
src_compile() {
use modules || MODULES_MAKEARGS=()
emake "${MODULES_MAKEARGS[@]}"
}
src_install() {
MODULES_MAKEARGS+=(
DESTDIR="${D}"
INSTALL_MOD_DIR=xtables_addons
)
emake "${MODULES_MAKEARGS[@]}" install
modules_post_process
dodoc -r README.rst doc/.
use xtables_addons_asn ||
find "${ED}" -type f -name '*_asn*' -delete || die
use xtables_addons_geoip ||
find "${ED}" -type f -name '*_geoip*' -delete || die
find "${ED}" -type f -name '*.la' -delete || die
}
|
