Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Göktürk Yüksek" <gokturk@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/files/systemd/, ...
Date: Sun, 03 Jul 2016 22:09:07
Message-Id: 1467583154.715ae3980dad1558c0dc9f090f10835551138e59.gokturk@gentoo
1 commit: 715ae3980dad1558c0dc9f090f10835551138e59
2 Author: Nicholas Vinson <nvinson234 <AT> gmail <DOT> com>
3 AuthorDate: Sat Jun 4 23:28:16 2016 +0000
4 Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 3 21:59:14 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=715ae398
7
8 net-firewall/nftables: Remove outdated files
9
10 Package-Manager: portage-2.3.0_rc1
11
12 net-firewall/nftables/Manifest | 1 -
13 net-firewall/nftables/files/nftables.init | 166 -------------
14 net-firewall/nftables/files/nftables.init-r1 | 263 ---------------------
15 .../files/systemd/nftables-restore.service | 14 --
16 .../nftables/files/systemd/nftables-store.service | 11 -
17 .../nftables/files/systemd/nftables.service | 6 -
18 net-firewall/nftables/nftables-0.5-r4.ebuild | 67 ------
19 7 files changed, 528 deletions(-)
20
21 diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
22 index 99fde80..ee4654f 100644
23 --- a/net-firewall/nftables/Manifest
24 +++ b/net-firewall/nftables/Manifest
25 @@ -1,2 +1 @@
26 -DIST nftables-0.5.tar.gz 216740 SHA256 b48991f4e9e73b689bc254fa06b3ff3c1f937241d333291cb2ae72c0cd2398b6 SHA512 5d804ac9bb340446e52e5b0e86b726216ecc0d1eb42738cf133ba1acc5b442f720f5644005e02b9e3e8fae4e2bdc64d32560d6c6b1b26fe15bde24d62db51679 WHIRLPOOL 348d511c7ee530e6fb04b9828babad45407e4b60c443aaa8902aa9535705ff54cb78cd5e5c8ba970b57b97406b00718e94ab8a346fceaa82803bdaad84d30285
27 DIST nftables-0.6.tar.gz 252523 SHA256 85dd7fa4e741c0be02efddbc57b5d300e1147f09ec6f81d0399110f96dc958f0 SHA512 17f3b94687865e077dc082cf61b29ab2854fd1ffe18212a8d424f2876aef8db9780dd4d06dca8e6d093498151d47bab73e40e1f54062a83a23a3cbe75f27e921 WHIRLPOOL d15eaf81426d73bea28752f96727d291120120fb2aaa994d421d900974eb45062957435e077664fb916780f636ed9b61889dbec8b627d5d309512bae96f02874
28
29 diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init
30 deleted file mode 100644
31 index b849402..0000000
32 --- a/net-firewall/nftables/files/nftables.init
33 +++ /dev/null
34 @@ -1,166 +0,0 @@
35 -#!/sbin/openrc-run
36 -# Copyright 2014 Nicholas Vinson
37 -# Copyright 1999-2014 Gentoo Foundation
38 -# Distributed under the terms of the GNU General Public License v2
39 -
40 -extra_commands="clear list panic save"
41 -extra_started_commands="reload"
42 -
43 -depend() {
44 - need localmount #434774
45 - before net
46 -}
47 -
48 -checkkernel() {
49 - if ! nft list tables >/dev/null 2>&1; then
50 - eerror "Your kernel lacks nftables support, please load"
51 - eerror "appropriate modules and try again."
52 - return 1
53 - fi
54 - return 0
55 -}
56 -
57 -checkconfig() {
58 - if [ ! -f ${NFTABLES_SAVE} ]; then
59 - eerror "Not starting nftables. First create some rules then run:"
60 - eerror "rc-service nftables save"
61 - return 1
62 - fi
63 - return 0
64 -}
65 -
66 -getfamilies() {
67 - local families
68 - for l3f in ip arp ip6 bridge inet; do
69 - if nft list tables ${l3f} > /dev/null 2>&1; then
70 - families="${families}${l3f} "
71 - fi
72 - done
73 - echo ${families}
74 -}
75 -
76 -clearNFT() {
77 - local l3f line table chain
78 -
79 - for l3f in $(getfamilies); do
80 - nft list tables ${l3f} | while read line; do
81 - table=$(echo ${line} | sed "s/table[ \t]*//")
82 - nft flush table ${l3f} ${table}
83 - nft list table ${l3f} ${table} | while read l; do
84 - chain=$(echo $l | grep -o 'chain [^[:space:]]\+' |\
85 - cut -d ' ' -f2)
86 - if [ -n "${chain}" ]; then
87 - nft flush chain ${l3f} ${table} ${chain}
88 - nft delete chain ${l3f} ${table} ${chain}
89 - fi
90 - done
91 - nft delete table ${l3f} ${table}
92 - done
93 - done
94 -}
95 -
96 -addpanictable() {
97 - local l3f=$1
98 - nft add table ${l3f} panic
99 - nft add chain ${l3f} panic input \{ type filter hook input priority 0\; \}
100 - nft add chain ${l3f} panic output \{ type filter hook output priority 0\; \}
101 - nft add chain ${l3f} panic forward \{ type filter hook forward priority 0\; \}
102 - nft add rule ${l3f} panic input drop
103 - nft add rule ${l3f} panic output drop
104 - nft add rule ${l3f} panic forward drop
105 -}
106 -
107 -start_pre() {
108 - checkkernel || return 1
109 - checkconfig || return 1
110 - return 0
111 -}
112 -
113 -start() {
114 - ebegin "Loading nftables state and starting firewall"
115 - clearNFT
116 - nft -f ${NFTABLES_SAVE}
117 - eend $?
118 -}
119 -
120 -stop() {
121 - if yesno ${SAVE_ON_STOP:-yes}; then
122 - save || return 1
123 - fi
124 -
125 - ebegin "Stopping firewall"
126 - clearNFT
127 - eend $?
128 -}
129 -
130 -reload() {
131 - checkkernel || return 1
132 - # checkrules || return 1
133 - ebegin "Flushing firewall"
134 - clearNFT
135 -
136 - start
137 -}
138 -
139 -clear() {
140 - clearNFT
141 -}
142 -
143 -list() {
144 - local l3f
145 -
146 - for l3f in $(getfamilies); do
147 - nft list tables ${l3f} | while read line; do
148 - line=$(echo ${line} | sed "s/table/table ${l3f}/")
149 - echo "$(nft list ${line})"
150 - done
151 - done
152 -}
153 -
154 -save() {
155 - ebegin "Saving nftables state"
156 - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
157 - checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
158 -
159 - local l3f line tmp_save="${NFTABLES_SAVE}.tmp"
160 -
161 - touch "${tmp_save}"
162 - for l3f in $(getfamilies); do
163 - nft list tables ${l3f} | while read line; do
164 - line=$(echo ${line} | sed "s/table/table ${l3f}/")
165 - # The below substitution fixes an issue where nft -n output may not
166 - # always be parsable by nft -f. For example, nft -n might print
167 - #
168 - # ip6 saddr ::1 ip6 daddr ::1 counter packets 0 bytes 0 accept
169 - #
170 - # but nft -f refuses to parse that string with error:
171 - #
172 - # In file included from internal:0:0-0:
173 - # /var/lib/nftables/rules-save:1:1-2: Error: Could not process rule:
174 - # Invalid argument
175 - # table ip6 filter {
176 - # ^^
177 - echo "$(nft ${SAVE_OPTIONS} list ${line} |\
178 - sed 's/\(::[0-9a-fA-F]\+\)\([^/]\)/\1\/128\2/g')" >> "${tmp_save}"
179 - done
180 - done
181 - mv "${tmp_save}" "${NFTABLES_SAVE}"
182 -}
183 -
184 -panic() {
185 - checkkernel || return 1
186 - if service_started ${RC_SVCNAME}; then
187 - rc-service ${RC_SVCNAME} stop
188 - fi
189 -
190 - ebegin "Dropping all packets"
191 - clearNFT
192 -
193 - local l3f
194 - for l3f in $(getfamilies); do
195 - case ${l3f} in
196 - ip) addpanictable ${l3f} ;;
197 - ip6) addpanictable ${l3f} ;;
198 - esac
199 - done
200 -}
201
202 diff --git a/net-firewall/nftables/files/nftables.init-r1 b/net-firewall/nftables/files/nftables.init-r1
203 deleted file mode 100644
204 index 84b4a33..0000000
205 --- a/net-firewall/nftables/files/nftables.init-r1
206 +++ /dev/null
207 @@ -1,263 +0,0 @@
208 -#!/sbin/openrc-run
209 -# Copyright 2014 Nicholas Vinson
210 -# Copyright 1999-2014 Gentoo Foundation
211 -# Distributed under the terms of the GNU General Public License v2
212 -
213 -extra_commands="clear list panic save"
214 -extra_started_commands="reload"
215 -depend() {
216 - need localmount #434774
217 - before net
218 -}
219 -
220 -start_pre() {
221 - checkkernel || return 1
222 - checkconfig || return 1
223 - return 0
224 -}
225 -
226 -clear() {
227 - if use_legacy; then
228 - clear_legacy
229 - return 0
230 - fi
231 -
232 - nft flush ruleset
233 -}
234 -
235 -list() {
236 - if use_legacy; then
237 - list_legacy
238 - return 0
239 - fi
240 -
241 - nft list ruleset
242 -}
243 -
244 -panic() {
245 - checkkernel || return 1
246 - if service_started ${RC_SVCNAME}; then
247 - rc-service ${RC_SVCNAME} stop
248 - fi
249 -
250 - ebegin "Dropping all packets"
251 - clear
252 - if nft create table ip filter >/dev/null 2>&1; then
253 - #nft -f /var/lib/nftables/rules-panic.ip
254 - nft -f /dev/stdin <<-EOF
255 - table ip filter {
256 - chain input {
257 - type filter hook input priority 0;
258 - drop
259 - }
260 - chain forward {
261 - type filter hook forward priority 0;
262 - drop
263 - }
264 - chain output {
265 - type filter hook output priority 0;
266 - drop
267 - }
268 - }
269 - EOF
270 - fi
271 - if nft create table ip6 filter >/dev/null 2>&1; then
272 - #nft -f /var/lib/nftables/rules-panic.ip6
273 - nft -f /dev/stdin <<-EOF
274 - table ip6 filter {
275 - chain input {
276 - type filter hook input priority 0;
277 - drop
278 - }
279 - chain forward {
280 - type filter hook forward priority 0;
281 - drop
282 - }
283 - chain output {
284 - type filter hook output priority 0;
285 - drop
286 - }
287 - }
288 - EOF
289 - fi
290 -}
291 -
292 -reload() {
293 - checkkernel || return 1
294 - ebegin "Flushing firewall"
295 - clear
296 - start
297 -}
298 -
299 -save() {
300 - ebegin "Saving nftables state"
301 - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
302 - checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
303 -
304 - local tmp_save="${NFTABLES_SAVE}.tmp"
305 -
306 - if use_legacy; then
307 - save_legacy ${tmp_save}
308 - else
309 - nft list ruleset > ${tmp_save}
310 - fi
311 - mv ${tmp_save} ${NFTABLES_SAVE}
312 -}
313 -
314 -start() {
315 - ebegin "Loading nftables state and starting firewall"
316 - clear
317 - nft -f ${NFTABLES_SAVE}
318 - eend $?
319 -}
320 -
321 -stop() {
322 - if yesno ${SAVE_ON_STOP:-yes}; then
323 - save || return 1
324 - fi
325 -
326 - ebegin "Stopping firewall"
327 - clear
328 - eend $?
329 -}
330 -
331 -################################################################################
332 -#
333 -# SUPPORT FUNCTIONS
334 -#
335 -################################################################################
336 -checkconfig() {
337 - if [ ! -f ${NFTABLES_SAVE} ]; then
338 - eerror "Not starting nftables. First create some rules then run:"
339 - eerror "rc-service nftables save"
340 - return 1
341 - fi
342 - return 0
343 -}
344 -
345 -checkkernel() {
346 - if ! nft list tables >/dev/null 2>&1; then
347 - eerror "Your kernel lacks nftables support, please load"
348 - eerror "appropriate modules and try again."
349 - return 1
350 - fi
351 - return 0
352 -}
353 -
354 -use_legacy() {
355 - local major_ver minor_ver
356 -
357 - major_ver=`uname -r | cut -d '.' -f1`
358 - minor_ver=`uname -r | cut -d '.' -f2`
359 -
360 - [[ $major_ver -ge 4 || $major_ver -eq 3 && $minor_ver -ge 18 ]] && return 1
361 - return 0
362 -}
363 -
364 -################################################################################
365 -#
366 -# LEGACY COMMAND FUNCTIONS
367 -#
368 -################################################################################
369 -
370 -clear_legacy() {
371 - local l3f line table chain first_line
372 -
373 - first_line=1
374 - if manualwalk; then
375 - for l3f in $(getfamilies); do
376 - nft list tables ${l3f} | while read line; do
377 - table=$(echo ${line} | sed "s/table[ \t]*//")
378 - deletetable ${l3f} ${table}
379 - done
380 - done
381 - else
382 - nft list tables | while read line; do
383 - l3f=$(echo ${line} | cut -d ' ' -f2)
384 - table=$(echo ${line} | cut -d ' ' -f3)
385 - deletetable ${l3f} ${table}
386 - done
387 - fi
388 -}
389 -
390 -list_legacy() {
391 - local l3f
392 -
393 - if manualwalk; then
394 - for l3f in $(getfamilies); do
395 - nft list tables ${l3f} | while read line; do
396 - line=$(echo ${line} | sed "s/table/table ${l3f}/")
397 - echo "$(nft list ${line})"
398 - done
399 - done
400 - else
401 - nft list tables | while read line; do
402 - echo "$(nft list ${line})"
403 - done
404 - fi
405 -}
406 -
407 -save_legacy() {
408 - tmp_save=$1
409 - touch "${tmp_save}"
410 - if manualwalk; then
411 - for l3f in $(getfamilies); do
412 - nft list tables ${l3f} | while read line; do
413 - line=$(echo ${line} | sed "s/table/table ${l3f}/")
414 - nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save}
415 - done
416 - done
417 - else
418 - nft list tables | while read line; do
419 - nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}"
420 - done
421 - fi
422 -}
423 -
424 -################################################################################
425 -#
426 -# LEGACY SUPPORT FUNCTIONS
427 -#
428 -################################################################################
429 -CHECK_TABLE_NAME="GENTOO_CHECK_TABLE"
430 -
431 -getfamilies() {
432 - local l3f families
433 -
434 - for l3f in ip arp ip6 bridge inet; do
435 - if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then
436 - families="${families}${l3f} "
437 - nft delete table ${l3f} ${CHECK_TABLE_NAME}
438 - fi
439 - done
440 - echo ${families}
441 -}
442 -
443 -manualwalk() {
444 - local result l3f=`getfamilies | cut -d ' ' -f1`
445 -
446 - nft create table ${l3f} ${CHECK_TABLE_NAME}
447 - nft list tables | read line
448 - if [ $(echo $line | wc -w) -lt 3 ]; then
449 - result=0
450 - fi
451 - result=1
452 - nft delete table ${l3f} ${CHECK_TABLE_NAME}
453 -
454 - return $result
455 -}
456 -
457 -deletetable() {
458 - # family is $1
459 - # table name is $2
460 - nft flush table $1 $2
461 - nft list table $1 $2 | while read l; do
462 - chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2)
463 - if [ -n "${chain}" ]; then
464 - nft flush chain $1 $2 ${chain}
465 - nft delete chain $1 $2 ${chain}
466 - fi
467 - done
468 - nft delete table $1 $2
469 -}
470 -
471
472 diff --git a/net-firewall/nftables/files/systemd/nftables-restore.service b/net-firewall/nftables/files/systemd/nftables-restore.service
473 deleted file mode 100644
474 index 7a7eacf..0000000
475 --- a/net-firewall/nftables/files/systemd/nftables-restore.service
476 +++ /dev/null
477 @@ -1,14 +0,0 @@
478 -[Unit]
479 -Description=Restore nftables firewall rules
480 -# if both are queued for some reason, don't store before restoring :)
481 -Before=nftables-store.service
482 -# sounds reasonable to have firewall up before any of the services go up
483 -Before=network.target
484 -Conflicts=shutdown.target
485 -
486 -[Service]
487 -Type=oneshot
488 -ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save
489 -
490 -[Install]
491 -WantedBy=basic.target
492
493 diff --git a/net-firewall/nftables/files/systemd/nftables-store.service b/net-firewall/nftables/files/systemd/nftables-store.service
494 deleted file mode 100644
495 index 373f8b9..0000000
496 --- a/net-firewall/nftables/files/systemd/nftables-store.service
497 +++ /dev/null
498 @@ -1,11 +0,0 @@
499 -[Unit]
500 -Description=Store nftables firewall rules
501 -Before=shutdown.target
502 -DefaultDependencies=No
503 -
504 -[Service]
505 -Type=oneshot
506 -ExecStart=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save
507 -
508 -[Install]
509 -WantedBy=shutdown.target
510
511 diff --git a/net-firewall/nftables/files/systemd/nftables.service b/net-firewall/nftables/files/systemd/nftables.service
512 deleted file mode 100644
513 index d6f05c7..0000000
514 --- a/net-firewall/nftables/files/systemd/nftables.service
515 +++ /dev/null
516 @@ -1,6 +0,0 @@
517 -[Unit]
518 -Description=Store and restore nftables firewall rules
519 -
520 -[Install]
521 -Also=nftables-store.service
522 -Also=nftables-restore.service
523
524 diff --git a/net-firewall/nftables/nftables-0.5-r4.ebuild b/net-firewall/nftables/nftables-0.5-r4.ebuild
525 deleted file mode 100644
526 index 9ec62ec..0000000
527 --- a/net-firewall/nftables/nftables-0.5-r4.ebuild
528 +++ /dev/null
529 @@ -1,67 +0,0 @@
530 -# Copyright 1999-2016 Gentoo Foundation
531 -# Distributed under the terms of the GNU General Public License v2
532 -# $Id$
533 -
534 -EAPI=5
535 -
536 -inherit autotools linux-info eutils systemd
537 -
538 -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
539 -HOMEPAGE="http://netfilter.org/projects/nftables/"
540 -SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
541 -
542 -LICENSE="GPL-2"
543 -SLOT="0"
544 -KEYWORDS="~amd64 ~arm ~x86"
545 -IUSE="debug doc gmp +readline"
546 -
547 -RDEPEND=">=net-libs/libmnl-1.0.3
548 - >=net-libs/libnftnl-1.0.5
549 - gmp? ( dev-libs/gmp:0= )
550 - readline? ( sys-libs/readline:0= )"
551 -DEPEND="${RDEPEND}
552 - >=app-text/docbook2X-0.8.8-r4
553 - doc? ( >=app-text/dblatex-0.3.7 )
554 - sys-devel/bison
555 - sys-devel/flex
556 - virtual/pkgconfig"
557 -
558 -S="${WORKDIR}"/v${PV}
559 -
560 -pkg_setup() {
561 - if kernel_is ge 3 13; then
562 - CONFIG_CHECK="~NF_TABLES"
563 - linux-info_pkg_setup
564 - else
565 - eerror "This package requires kernel version 3.13 or newer to work properly."
566 - fi
567 -}
568 -
569 -src_prepare() {
570 - epatch -p1 "${FILESDIR}/${P}-pdf-doc.patch"
571 - epatch_user
572 - eautoreconf
573 -}
574 -
575 -src_configure() {
576 - econf \
577 - --sbindir="${EPREFIX}"/sbin \
578 - $(use_enable debug) \
579 - $(use_enable doc pdf-doc) \
580 - $(use_with readline cli) \
581 - $(use_with !gmp mini_gmp)
582 -}
583 -
584 -src_install() {
585 - default
586 -
587 - dodir /usr/libexec/${PN}
588 - exeinto /usr/libexec/${PN}
589 - doexe "${FILESDIR}"/libexec/${PN}.sh
590 -
591 - newconfd "${FILESDIR}"/${PN}.confd ${PN}
592 - newinitd "${FILESDIR}"/${PN}.init-r2 ${PN}
593 - keepdir /var/lib/nftables
594 -
595 - systemd_dounit "${FILESDIR}"/systemd/${PN}{,-{re,}store}.service
596 -}
Report Message
Find on MARC Find on Google Groups