1 |
commit: cfc7d9481a9002d8827cba7f4a3b247589202907 |
2 |
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com> |
3 |
AuthorDate: Sat May 9 02:52:46 2020 +0000 |
4 |
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat May 9 02:54:51 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cfc7d948 |
7 |
|
8 |
net-firewall/iptables: Revbump, fix eselect bug (bug #721578) |
9 |
|
10 |
This also supports eselect-arptables and eselect-ebtables, since the |
11 |
nftables implementation of xtables can replace both these commands. |
12 |
|
13 |
Closes: https://bugs.gentoo.org/721578 |
14 |
Copyright: Sony Interactive Entertainment Inc. |
15 |
Package-Manager: Portage-2.3.99, Repoman-2.3.22 |
16 |
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org> |
17 |
|
18 |
...es-1.8.4-r1.ebuild => iptables-1.8.4-r2.ebuild} | 45 ++++++++++++++++++---- |
19 |
1 file changed, 37 insertions(+), 8 deletions(-) |
20 |
|
21 |
diff --git a/net-firewall/iptables/iptables-1.8.4-r1.ebuild b/net-firewall/iptables/iptables-1.8.4-r2.ebuild |
22 |
similarity index 77% |
23 |
rename from net-firewall/iptables/iptables-1.8.4-r1.ebuild |
24 |
rename to net-firewall/iptables/iptables-1.8.4-r2.ebuild |
25 |
index 80ef3dd2877..96799b425fb 100644 |
26 |
--- a/net-firewall/iptables/iptables-1.8.4-r1.ebuild |
27 |
+++ b/net-firewall/iptables/iptables-1.8.4-r2.ebuild |
28 |
@@ -19,8 +19,10 @@ SLOT="0/1.8.3" |
29 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" |
30 |
IUSE="conntrack ipv6 netlink nftables pcap static-libs" |
31 |
|
32 |
+BUILD_DEPEND=" |
33 |
+ >=app-eselect/eselect-iptables-20200508 |
34 |
+" |
35 |
COMMON_DEPEND=" |
36 |
- app-eselect/eselect-iptables |
37 |
conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) |
38 |
netlink? ( net-libs/libnfnetlink ) |
39 |
nftables? ( |
40 |
@@ -33,7 +35,8 @@ DEPEND="${COMMON_DEPEND} |
41 |
virtual/os-headers |
42 |
>=sys-kernel/linux-headers-4.4:0 |
43 |
" |
44 |
-BDEPEND=" |
45 |
+BDEPEND="${BUILD_DEPEND} |
46 |
+ app-eselect/eselect-iptables |
47 |
virtual/pkgconfig |
48 |
nftables? ( |
49 |
sys-devel/flex |
50 |
@@ -41,7 +44,10 @@ BDEPEND=" |
51 |
) |
52 |
" |
53 |
RDEPEND="${COMMON_DEPEND} |
54 |
+ ${BUILD_DEPEND} |
55 |
nftables? ( net-misc/ethertypes ) |
56 |
+ !<net-firewall/ebtables-2.0.11-r1 |
57 |
+ !<net-firewall/arptables-0.0.5-r1 |
58 |
" |
59 |
|
60 |
PATCHES=( |
61 |
@@ -116,11 +122,8 @@ src_install() { |
62 |
# Bug 647458 |
63 |
rm "${ED}"/etc/ethertypes || die |
64 |
|
65 |
- # Bug 660886 |
66 |
- rm "${ED}"/sbin/{arptables,ebtables} || die |
67 |
- |
68 |
- # Bug 669894 |
69 |
- rm "${ED}"/sbin/ebtables-{save,restore} || die |
70 |
+ # Bugs 660886 and 669894 |
71 |
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die |
72 |
fi |
73 |
|
74 |
systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service |
75 |
@@ -139,8 +142,18 @@ pkg_postinst() { |
76 |
if ! eselect iptables show &>/dev/null; then |
77 |
elog "Current iptables implementation is unset, setting to ${default_iptables}" |
78 |
eselect iptables set "${default_iptables}" |
79 |
- use ipv6 && eselect iptables set --ipv6 "${default_iptables}" |
80 |
fi |
81 |
+ |
82 |
+ if use nftables; then |
83 |
+ local tables |
84 |
+ for tables in {arp,eb}tables; do |
85 |
+ if ! eselect ${tables} show &>/dev/null; then |
86 |
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}" |
87 |
+ eselect ${tables} set xtables-nft-multi |
88 |
+ fi |
89 |
+ done |
90 |
+ fi |
91 |
+ |
92 |
eselect iptables show |
93 |
} |
94 |
|
95 |
@@ -148,6 +161,22 @@ pkg_prerm() { |
96 |
elog "Unsetting iptables symlinks before removal" |
97 |
eselect iptables unset |
98 |
|
99 |
+ if ! has_version 'net-firewall/ebtables'; then |
100 |
+ elog "Unsetting ebtables symlinks before removal" |
101 |
+ eselect ebtables unset |
102 |
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then |
103 |
+ elog "Resetting ebtables symlinks to ebtables-legacy" |
104 |
+ eselect ebtables set ebtables-legacy |
105 |
+ fi |
106 |
+ |
107 |
+ if ! has_version 'net-firewall/arptables'; then |
108 |
+ elog "Unsetting arptables symlinks before removal" |
109 |
+ eselect arptables unset |
110 |
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then |
111 |
+ elog "Resetting arptables symlinks to arptables-legacy" |
112 |
+ eselect arptables set arptables-legacy |
113 |
+ fi |
114 |
+ |
115 |
# the eselect module failing should not be fatal |
116 |
return 0 |
117 |
} |