Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Frysinger <vapier@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
Date: Thu, 27 Aug 2015 02:08:35
Message-Id: 1440641263.adbc9428f6d4f5f6751127f4edc6846b36083d28.vapier@gentoo
1 commit: adbc9428f6d4f5f6751127f4edc6846b36083d28
2 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
3 AuthorDate: Thu Aug 27 02:07:03 2015 +0000
4 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
5 CommitDate: Thu Aug 27 02:07:43 2015 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adbc9428
7
8 net-firewall/iptables: fix from upstream for static builds #558234
9
10 Silence constant connlabel.conf warnings when using static libs.
11
12 .../iptables-1.4.21-static-connlabel-config.patch | 77 +++++++++++++++
13 net-firewall/iptables/iptables-1.4.21-r3.ebuild | 104 +++++++++++++++++++++
14 2 files changed, 181 insertions(+)
15
16 diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
17 new file mode 100644
18 index 0000000..a4183d6
19 --- /dev/null
20 +++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
21 @@ -0,0 +1,77 @@
22 +https://bugs.gentoo.org/558234
23 +http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
24 +
25 +From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
26 +From: Florian Westphal <fw@××××××.de>
27 +Date: Fri, 5 Sep 2014 20:45:56 +0200
28 +Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
29 + _init hook
30 +
31 +else, static builds will print this for every iptables invocation,
32 +even 'iptables -L'. Delay open until we need to translate a mapping.
33 +
34 +Reported-by: Thomas De Schampheleire <patrickdepinguin@×××××.com>
35 +Signed-off-by: Florian Westphal <fw@××××××.de>
36 +---
37 + extensions/libxt_connlabel.c | 27 ++++++++++++++++++++-------
38 + 1 file changed, 20 insertions(+), 7 deletions(-)
39 +
40 +diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
41 +index c84a167..1f83095 100644
42 +--- a/extensions/libxt_connlabel.c
43 ++++ b/extensions/libxt_connlabel.c
44 +@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
45 + XTOPT_TABLEEND,
46 + };
47 +
48 ++/* cannot do this via _init, else static builds might spew error message
49 ++ * for every iptables invocation.
50 ++ */
51 ++static void connlabel_open(void)
52 ++{
53 ++ if (map)
54 ++ return;
55 ++
56 ++ map = nfct_labelmap_new(NULL);
57 ++ if (!map && errno)
58 ++ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
59 ++ strerror(errno));
60 ++}
61 ++
62 + static void connlabel_mt_parse(struct xt_option_call *cb)
63 + {
64 + struct xt_connlabel_mtinfo *info = cb->data;
65 + int tmp;
66 +
67 ++ connlabel_open();
68 + xtables_option_parse(cb);
69 +
70 + switch (cb->entry->id) {
71 +@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
72 +
73 + static const char *connlabel_get_name(int b)
74 + {
75 +- const char *name = nfct_labelmap_get_name(map, b);
76 ++ const char *name;
77 ++
78 ++ connlabel_open();
79 ++
80 ++ name = nfct_labelmap_get_name(map, b);
81 + if (name && strcmp(name, ""))
82 + return name;
83 + return NULL;
84 +@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
85 +
86 + void _init(void)
87 + {
88 +- map = nfct_labelmap_new(NULL);
89 +- if (!map) {
90 +- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
91 +- connlabel_mt_reg.name, strerror(errno));
92 +- return;
93 +- }
94 + xtables_register_match(&connlabel_mt_reg);
95 + }
96 +--
97 +2.4.4
98 +
99
100 diff --git a/net-firewall/iptables/iptables-1.4.21-r3.ebuild b/net-firewall/iptables/iptables-1.4.21-r3.ebuild
101 new file mode 100644
102 index 0000000..ef4eb78
103 --- /dev/null
104 +++ b/net-firewall/iptables/iptables-1.4.21-r3.ebuild
105 @@ -0,0 +1,104 @@
106 +# Copyright 1999-2014 Gentoo Foundation
107 +# Distributed under the terms of the GNU General Public License v2
108 +# $Id$
109 +
110 +EAPI="5"
111 +
112 +# Force users doing their own patches to install their own tools
113 +AUTOTOOLS_AUTO_DEPEND=no
114 +
115 +inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
116 +
117 +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
118 +HOMEPAGE="http://www.netfilter.org/projects/iptables/"
119 +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
120 +
121 +LICENSE="GPL-2"
122 +# Subslot tracks libxtables as that's the one other packages generally link
123 +# against and iptables changes. Will have to revisit if other sonames change.
124 +SLOT="0/10"
125 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
126 +IUSE="conntrack ipv6 netlink pcap static-libs"
127 +
128 +RDEPEND="
129 + conntrack? ( net-libs/libnetfilter_conntrack )
130 + netlink? ( net-libs/libnfnetlink )
131 + pcap? ( net-libs/libpcap )
132 +"
133 +DEPEND="${RDEPEND}
134 + virtual/os-headers
135 + virtual/pkgconfig
136 +"
137 +
138 +src_prepare() {
139 + # use the saner headers from the kernel
140 + rm -f include/linux/{kernel,types}.h
141 +
142 + epatch "${FILESDIR}"/${P}-configure.patch #557586
143 + epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234
144 +
145 + # Only run autotools if user patched something
146 + epatch_user && eautoreconf || elibtoolize
147 +}
148 +
149 +src_configure() {
150 + # Some libs use $(AR) rather than libtool to build #444282
151 + tc-export AR
152 +
153 + # Hack around struct mismatches between userland & kernel for some ABIs. #472388
154 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
155 +
156 + sed -i \
157 + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
158 + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
159 + configure || die
160 +
161 + econf \
162 + --sbindir="${EPREFIX}/sbin" \
163 + --libexecdir="${EPREFIX}/$(get_libdir)" \
164 + --enable-devel \
165 + --enable-shared \
166 + $(use_enable pcap bpf-compiler) \
167 + $(use_enable static-libs static) \
168 + $(use_enable ipv6)
169 +}
170 +
171 +src_compile() {
172 + emake V=1
173 +}
174 +
175 +src_install() {
176 + default
177 + dodoc INCOMPATIBILITIES iptables/iptables.xslt
178 +
179 + # all the iptables binaries are in /sbin, so might as well
180 + # put these small files in with them
181 + into /
182 + dosbin iptables/iptables-apply
183 + dosym iptables-apply /sbin/ip6tables-apply
184 + doman iptables/iptables-apply.8
185 +
186 + insinto /usr/include
187 + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
188 + insinto /usr/include/iptables
189 + doins include/iptables/internal.h
190 +
191 + keepdir /var/lib/iptables
192 + newinitd "${FILESDIR}"/${PN}.init iptables
193 + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
194 + if use ipv6 ; then
195 + keepdir /var/lib/ip6tables
196 + newinitd "${FILESDIR}"/iptables.init ip6tables
197 + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
198 + fi
199 +
200 + systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
201 + if use ipv6 ; then
202 + systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
203 + fi
204 +
205 + # Move important libs to /lib #332175
206 + gen_usr_ldscript -a ip{4,6}tc iptc xtables
207 +
208 + prune_libtool_files
209 +}
Report Message
Find on MARC Find on Google Groups