1 |
commit: 484498f47913afcc44e9d3219a457e044eebe8d1 |
2 |
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jun 4 00:33:08 2016 +0000 |
4 |
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 4 00:33:20 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=484498f4 |
7 |
|
8 |
net-firewall/ipset: bug #554904 bump. |
9 |
|
10 |
Package-Manager: portage-2.2.28 |
11 |
|
12 |
net-firewall/ipset/Manifest | 1 + |
13 |
net-firewall/ipset/files/ipset.initd-r4 | 96 +++++++++++++++++++++++++++++ |
14 |
net-firewall/ipset/ipset-6.29.ebuild | 103 ++++++++++++++++++++++++++++++++ |
15 |
3 files changed, 200 insertions(+) |
16 |
|
17 |
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest |
18 |
index 0d2769c..32cf255 100644 |
19 |
--- a/net-firewall/ipset/Manifest |
20 |
+++ b/net-firewall/ipset/Manifest |
21 |
@@ -6,3 +6,4 @@ DIST ipset-6.19.tar.bz2 465927 SHA256 058e7950efdf8b9539ab79eb145de7be60d6cb7b92 |
22 |
DIST ipset-6.20.1.tar.bz2 500898 SHA256 356cac020438cd0871acbfc4cb119b8296030f0bb4661ad0d44bbc115ccbce92 SHA512 3fda3a71c18c8d5f9567038fc72f95abec81b4c789fbca7f7b9c032b15000cfbd2829f11a07f2f9ad2afcff54d6851923caff0917b2ead73756673a6b3667565 WHIRLPOOL f31cd533d286238e63f38aecbf281d428d75e856b393f61db5f6622d0dc0cd0a6de7aa4d3eaa2831e1da7dd0846e95c22f92b3a586cf3918cee074360a4caff3 |
23 |
DIST ipset-6.21.1.tar.bz2 510013 SHA256 cf46c9c35a15aa0f2e0fbab0422586757bd82386c8ad3864936e6cffbd74a331 SHA512 c2ffb2eafc780e15370fd48841f4323c39e8fef1893216c8bc0b8aa8d143f9daf078c6e261e4558243004fe9612ce1d5ca4cca16f8b3f324f4194700c1b0accb WHIRLPOOL 230ebb4756891283980f5b7f67c0c64772b1527b8e8c0b6cdd2714de450b3f6c2a75d961d44563e440edd1399bdee8cce820fe59f46c28355a6f053ad6b1c37b |
24 |
DIST ipset-6.24.tar.bz2 518811 SHA256 3071fc283f00a6472b5b352ef57f9825c9face70dda5b0d8715f8d43d0e995d0 SHA512 107bf492030dc4e8e4c2a939e46a715f58458126bfb636dae993e5bf31151d33c2a41b89eb5cca85b71d95b3e36debf97cdfc72c568f351091df17159003d6c6 WHIRLPOOL d34e8d5d197be85cf00ea6a5dbfeb7c52b5d42d9e78299620928e69ba1fbbe124cb16b9f5f2e05d1213b2b7a29a2bed2c1edac2f15ee3c83d8dc19eb3afcc112 |
25 |
+DIST ipset-6.29.tar.bz2 542735 SHA256 6af58b21c8b475b1058e02529ea9f15b4b727dbc13dc9cbddf89941b0103880e SHA512 ce62c72c4cea1b52f069602a90fbffe9bcb12bf70f5b42d93cacb48e4b5d1192a13b18be45391c66a65421f41968e73416e16af25ae6ef19ba92bdbb2cd45ff3 WHIRLPOOL 8e6642d180b5e682bb121ffc249638da27650f97bc3b1e8aef75996d7c626eb447c9324b9cf68e25773cef73720e6281c7a16bf3ba96433ab77ef6f437be3999 |
26 |
|
27 |
diff --git a/net-firewall/ipset/files/ipset.initd-r4 b/net-firewall/ipset/files/ipset.initd-r4 |
28 |
new file mode 100644 |
29 |
index 0000000..d3e8409 |
30 |
--- /dev/null |
31 |
+++ b/net-firewall/ipset/files/ipset.initd-r4 |
32 |
@@ -0,0 +1,96 @@ |
33 |
+#!/sbin/openrc-run |
34 |
+# Copyright 1999-2013 Gentoo Foundation |
35 |
+# Distributed under the terms of the GNU General Public License v2 |
36 |
+# $Id$ |
37 |
+ |
38 |
+extra_commands="save" |
39 |
+extra_started_commands="reload" |
40 |
+ |
41 |
+IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} |
42 |
+ |
43 |
+depend() { |
44 |
+ before iptables ip6tables |
45 |
+} |
46 |
+ |
47 |
+checkconfig() { |
48 |
+ if [ ! -f "${IPSET_SAVE}" ] ; then |
49 |
+ eerror "Not starting ${SVCNAME}. First create some rules then run:" |
50 |
+ eerror "/etc/init.d/${SVCNAME} save" |
51 |
+ return 1 |
52 |
+ fi |
53 |
+ return 0 |
54 |
+} |
55 |
+ |
56 |
+start() { |
57 |
+ checkconfig || return 1 |
58 |
+ ebegin "Loading ipset session" |
59 |
+ ipset restore < "${IPSET_SAVE}" |
60 |
+ eend $? |
61 |
+} |
62 |
+ |
63 |
+stop() { |
64 |
+ # check if there are any references to current sets |
65 |
+ |
66 |
+ if ! ipset list | gawk ' |
67 |
+ ($1 == "References:") { refcnt += $2 } |
68 |
+ ($1 == "Type:" && $2 == "list:set") { set = 1 } |
69 |
+ (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } |
70 |
+ (set && $1 == "Members:") {scan = 1} |
71 |
+ END { if ((refcnt - setcnt) > 0) exit 1 } |
72 |
+ '; then |
73 |
+ eerror "ipset is in use, can't stop" |
74 |
+ return 1 |
75 |
+ fi |
76 |
+ |
77 |
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then |
78 |
+ save || return 1 |
79 |
+ fi |
80 |
+ |
81 |
+ ebegin "Removing kernel IP sets" |
82 |
+ ipset flush |
83 |
+ ipset destroy |
84 |
+ eend $? |
85 |
+} |
86 |
+ |
87 |
+reload() { |
88 |
+ ebegin "Reloading ipsets" |
89 |
+ |
90 |
+ # Loading sets from a save file is only additive (there is no |
91 |
+ # automatic flushing or replacing). And, we can not remove sets |
92 |
+ # that are currently used in existing iptables rules. |
93 |
+ # |
94 |
+ # Instead, we create new temp sets for any set that is already |
95 |
+ # in use, and then atomically swap them into place. |
96 |
+ # |
97 |
+ # XXX: This does not clean out previously used ipsets that are |
98 |
+ # not in the new saved policy--it can't, because they may still |
99 |
+ # be referenced in the current iptables rules. |
100 |
+ |
101 |
+ # Build a list of all currently used sets (if any). |
102 |
+ running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}') |
103 |
+ running_ipset_list="${running_ipset_list% }" |
104 |
+ # Build a regular expression that matches those set names. |
105 |
+ running_ipset_list_regex="$(echo "$running_ipset_list" | tr -s ' ' '|' )" |
106 |
+ |
107 |
+ # Load up sets from the save file, but rename any set that already |
108 |
+ # exists to a temporary name that we will swap later. |
109 |
+ if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then |
110 |
+ eend $? "Failed to load new ipsets" |
111 |
+ fi |
112 |
+ |
113 |
+ # Now for every set name that currently exists, atomically swap it |
114 |
+ # with the temporary new one we created, and then destroy the old set. |
115 |
+ for ipset_name in ${running_ipset_list} ; do |
116 |
+ ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name" |
117 |
+ ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp" |
118 |
+ done |
119 |
+ eend 0 |
120 |
+} |
121 |
+ |
122 |
+save() { |
123 |
+ ebegin "Saving ipset session" |
124 |
+ touch "${IPSET_SAVE}" |
125 |
+ chmod 0600 "${IPSET_SAVE}" |
126 |
+ ipset save > "${IPSET_SAVE}" |
127 |
+ eend $? |
128 |
+} |
129 |
|
130 |
diff --git a/net-firewall/ipset/ipset-6.29.ebuild b/net-firewall/ipset/ipset-6.29.ebuild |
131 |
new file mode 100644 |
132 |
index 0000000..244fee3 |
133 |
--- /dev/null |
134 |
+++ b/net-firewall/ipset/ipset-6.29.ebuild |
135 |
@@ -0,0 +1,103 @@ |
136 |
+# Copyright 1999-2015 Gentoo Foundation |
137 |
+# Distributed under the terms of the GNU General Public License v2 |
138 |
+# $Id$ |
139 |
+ |
140 |
+EAPI="5" |
141 |
+MODULES_OPTIONAL_USE=modules |
142 |
+inherit autotools linux-info linux-mod |
143 |
+ |
144 |
+DESCRIPTION="IPset tool for iptables, successor to ippool" |
145 |
+HOMEPAGE="http://ipset.netfilter.org/" |
146 |
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" |
147 |
+ |
148 |
+LICENSE="GPL-2" |
149 |
+SLOT="0" |
150 |
+KEYWORDS="~amd64 ~arm64 ~ppc ~x86" |
151 |
+ |
152 |
+RDEPEND=">=net-firewall/iptables-1.4.7 |
153 |
+ net-libs/libmnl" |
154 |
+DEPEND="${RDEPEND}" |
155 |
+ |
156 |
+DOCS=( ChangeLog INSTALL README UPGRADE ) |
157 |
+ |
158 |
+# configurable from outside, e.g. /etc/make.conf |
159 |
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} |
160 |
+ |
161 |
+BUILD_TARGETS="modules" |
162 |
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" |
163 |
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" |
164 |
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do |
165 |
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" |
166 |
+done |
167 |
+ |
168 |
+pkg_setup() { |
169 |
+ get_version |
170 |
+ CONFIG_CHECK="NETFILTER" |
171 |
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." |
172 |
+ # It does still build without NET_NS, but it may be needed in future. |
173 |
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" |
174 |
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." |
175 |
+ |
176 |
+ build_modules=0 |
177 |
+ if use modules; then |
178 |
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." |
179 |
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then |
180 |
+ if linux_chkconfig_present "IP_NF_SET" || \ |
181 |
+ linux_chkconfig_present "IP_SET"; then #274577 |
182 |
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." |
183 |
+ eerror "Please either build ipset with modules USE flag disabled" |
184 |
+ eerror "or rebuild kernel without IP_SET support and make sure" |
185 |
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." |
186 |
+ die "USE=modules and in-kernel ipset support detected." |
187 |
+ else |
188 |
+ einfo "Modular kernel detected. Gonna build kernel modules..." |
189 |
+ build_modules=1 |
190 |
+ fi |
191 |
+ else |
192 |
+ eerror "Nonmodular kernel detected, but USE=modules. Either build" |
193 |
+ eerror "modular kernel (without IP_SET) or disable USE=modules" |
194 |
+ die "Nonmodular kernel detected, will not build kernel modules" |
195 |
+ fi |
196 |
+ fi |
197 |
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup |
198 |
+} |
199 |
+ |
200 |
+#src_prepare() { |
201 |
+# eautoreconf |
202 |
+#} |
203 |
+ |
204 |
+src_configure() { |
205 |
+ econf \ |
206 |
+ $(use_with modules kmod) \ |
207 |
+ --disable-static \ |
208 |
+ --with-maxsets=${IP_NF_SET_MAX} \ |
209 |
+ --libdir="${EPREFIX}/$(get_libdir)" \ |
210 |
+ --with-ksource="${KV_DIR}" \ |
211 |
+ --with-kbuild="${KV_OUT_DIR}" |
212 |
+} |
213 |
+ |
214 |
+src_compile() { |
215 |
+ einfo "Building userspace" |
216 |
+ emake |
217 |
+ |
218 |
+ if [[ ${build_modules} -eq 1 ]]; then |
219 |
+ einfo "Building kernel modules" |
220 |
+ set_arch_to_kernel |
221 |
+ emake modules |
222 |
+ fi |
223 |
+} |
224 |
+ |
225 |
+src_install() { |
226 |
+ einfo "Installing userspace" |
227 |
+ default |
228 |
+ prune_libtool_files |
229 |
+ |
230 |
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} |
231 |
+ newconfd "${FILESDIR}"/ipset.confd ${PN} |
232 |
+ keepdir /var/lib/ipset |
233 |
+ |
234 |
+ if [[ ${build_modules} -eq 1 ]]; then |
235 |
+ einfo "Installing kernel modules" |
236 |
+ linux-mod_src_install |
237 |
+ fi |
238 |
+} |