Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Peter Volkov (pva)" <pva@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-firewall/iptables: ChangeLog iptables-1.3.8-r3.ebuild
Date: Mon, 24 Dec 2007 09:43:48
Message-Id: E1J6jqU-0003dt-KA@stork.gentoo.org
1 pva 07/12/24 09:43:38
2
3 Modified: ChangeLog
4 Added: iptables-1.3.8-r3.ebuild
5 Log:
6 Update for l7-filter patch to version 2.17, bug 195671, reported by <cilly AT cilly.mine.nu>.
7 (Portage version: 2.1.3.19)
8
9 Revision Changes Path
10 1.153 net-firewall/iptables/ChangeLog
11
12 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.153&view=markup
13 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.153&content-type=text/plain
14 diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?r1=1.152&r2=1.153
15
16 Index: ChangeLog
17 ===================================================================
18 RCS file: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v
19 retrieving revision 1.152
20 retrieving revision 1.153
21 diff -u -r1.152 -r1.153
22 --- ChangeLog 17 Dec 2007 10:59:45 -0000 1.152
23 +++ ChangeLog 24 Dec 2007 09:43:38 -0000 1.153
24 @@ -1,6 +1,12 @@
25 # ChangeLog for net-firewall/iptables
26 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
27 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.152 2007/12/17 10:59:45 armin76 Exp $
28 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.153 2007/12/24 09:43:38 pva Exp $
29 +
30 +*iptables-1.3.8-r3 (24 Dec 2007)
31 +
32 + 24 Dec 2007; <pva@g.o> +iptables-1.3.8-r3.ebuild:
33 + Update for l7-filter patch to version 2.17, bug 195671, reported by <cilly
34 + AT cilly.mine.nu>.
35
36 17 Dec 2007; Raúl Porcel <armin76@g.o> iptables-1.3.8-r2.ebuild:
37 alpha/ia64/sparc stable wrt #201909
38
39
40
41 1.1 net-firewall/iptables/iptables-1.3.8-r3.ebuild
42
43 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r3.ebuild?rev=1.1&view=markup
44 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r3.ebuild?rev=1.1&content-type=text/plain
45
46 Index: iptables-1.3.8-r3.ebuild
47 ===================================================================
48 # Copyright 1999-2007 Gentoo Foundation
49 # Distributed under the terms of the GNU General Public License v2
50 # $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r3.ebuild,v 1.1 2007/12/24 09:43:38 pva Exp $
51
52 inherit eutils flag-o-matic toolchain-funcs linux-info
53
54 L7_PV=2.17
55 L7_P=netfilter-layer7-v${L7_PV}
56 IMQ_PATCH=iptables-1.3.6-imq.diff
57
58 DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
59 HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
60 SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
61 imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
62 l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
63
64 LICENSE="GPL-2"
65 SLOT="0"
66 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
67 IUSE="extensions imq ipv6 l7filter static"
68
69 DEPEND="virtual/os-headers
70 l7filter? ( virtual/linux-sources )
71 imq? ( virtual/linux-sources )"
72 RDEPEND=""
73
74 pkg_setup() {
75 if use l7filter || use imq || use extensions ; then
76 ewarn "WARNING: 3rd party extensions has been enabled."
77 ewarn "This means that iptables will use your currently installed"
78 ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
79 ewarn
80 if use extensions ; then
81 ewarn "You may have to patch your kernel to allow iptables to build."
82 ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
83 ewarn "for your kernel."
84 ewarn
85 fi
86 linux-info_pkg_setup
87 fi
88
89 if kernel_is ge 2 6 20
90 then
91 L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c
92 else
93 L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c
94 fi
95 if use l7filter && \
96 [ ! -f "${L7FILE}" ]; then
97 die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
98 fi
99 if use imq && \
100 [ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
101 die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
102 fi
103 }
104
105 src_unpack() {
106 unpack ${P}.tar.bz2
107 if use l7filter
108 then
109 unpack ${L7_P}.tar.gz
110 fi
111 cd "${S}"
112
113 epatch "${FILESDIR}"/${PN}-1.3.7-sparc64.patch #166201
114 epatch "${FILESDIR}"/${PN}-1.3.7-kernel-dir.patch #172209
115
116 EPATCH_OPTS="-p0" \
117 epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
118 EPATCH_OPTS="-p1" \
119 epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
120
121 # this provide's grsec's stealth match
122 EPATCH_OPTS="-p0" \
123 epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
124 sed -i \
125 -e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
126 extensions/Makefile || die "failed to enable stealth extension"
127
128 local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches
129 for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do
130 EPATCH_SOURCE=${base}/${CTARGET}/${check}
131 [[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check}
132 [[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check}
133 if [[ -d ${EPATCH_SOURCE} ]] ; then
134 EPATCH_SUFFIX="patch"
135 EPATCH_FORCE="yes" \
136 EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \
137 epatch
138 break
139 fi
140 done
141
142 if use imq ; then
143 EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
144 for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do
145 mv ${OA} ${OA}.orig
146 tr '\015' '\012' < ${OA}.orig > ${OA}
147 rm ${OA}.orig
148 done
149 chmod +x extensions/.IMQ-test*
150 fi
151 if use l7filter ; then
152 #yes choosing 2.6.20 was deliberate - upstream mistake possibly
153 if kernel_is ge 2 6 20
154 then
155 L7_PATCH=iptables-1.3-for-kernel-2.6.20forward-layer7-${L7_PV}.patch
156 else
157 L7_PATCH=iptables-1.3-for-kernel-pre2.6.20-layer7-${L7_PV}.patch
158 fi
159 EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
160 chmod +x extensions/.layer7-test*
161 fi
162
163 # the net directory is moving around so account for new/old locations
164 cd "${S}"/extensions
165 local x
166 for x in .*-test* ; do
167 sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
168 if cmp ${x} .new-${x} > /dev/null ; then
169 rm -f .new-${x}
170 else
171 chmod a+rx .new-${x}
172 fi
173 done
174 }
175
176 src_defs() {
177 # these are used in both of src_compile and src_install
178 myconf=""
179 myconf="${myconf} PREFIX="
180 myconf="${myconf} LIBDIR=/$(get_libdir)"
181 myconf="${myconf} BINDIR=/sbin"
182 myconf="${myconf} MANDIR=/usr/share/man"
183 myconf="${myconf} INCDIR=/usr/include"
184 # iptables and libraries are now installed to /sbin and /lib, so that
185 # systems with remote network-mounted /usr filesystems can get their
186 # network interfaces up and running correctly without /usr.
187 use ipv6 || myconf="${myconf} DO_IPV6=0"
188 use static && myconf="${myconf} NO_SHARED_LIBS=0"
189 export myconf
190 if ! use l7filter && ! use imq && ! use extensions ; then
191 export KERNEL_DIR=$(
192 # ugh -- iptables has scripts which check for the existence of
193 # files so we need to give it the right path to our toolchains
194 # include dir where the linux headers are.
195 # FYI IPTABLES: YOU FAIL
196 echo '#include <linux/limits.h>' | $(tc-getCPP) - | grep -o '/[^"]*linux/limits.h' | sed s:/include/linux/limits.h::
197 )
198 diemsg="failure"
199 else
200 diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added"
201 fi
202 export diemsg
203 }
204
205 src_compile() {
206 src_defs
207
208 # iptables will NOT work correctly unless -O[123] are present!
209 replace-flags -O0 -O2
210 get-flag -O || append-flags -O2
211 # cannot work with the following according to Makefile near check:
212 # -g -pg -DIPTC_DEBUG
213
214 emake -j1 \
215 COPT_FLAGS="${CFLAGS}" ${myconf} \
216 KERNEL_DIR="${KERNEL_DIR}" \
217 CC="$(tc-getCC)" \
218 || die "${diemsg}"
219 }
220
221 src_install() {
222 src_defs
223 make ${myconf} \
224 DESTDIR="${D}" \
225 KERNEL_DIR="${KERNEL_DIR}" \
226 install install-devel || die "${diemsg}"
227
228 dodir /usr/$(get_libdir)
229 mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
230
231 keepdir /var/lib/iptables
232 newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
233 newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
234
235 if use ipv6 ; then
236 keepdir /var/lib/ip6tables
237 newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
238 newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
239 fi
240 }
241
242 pkg_postinst() {
243 elog "This package now includes an initscript which loads and saves"
244 elog "rules stored in /var/lib/iptables/rules-save"
245 use ipv6 && elog "and /var/lib/ip6tables/rules-save"
246 elog "This location can be changed in /etc/conf.d/iptables"
247 elog
248 elog "If you are using the iptables initsscript you should save your"
249 elog "rules using the new iptables version before rebooting."
250 elog
251 elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
252 elog "iptables."
253 elog
254 ewarn "!!! ipforwarding is not a part of the iptables initscripts."
255 ewarn
256 ewarn "To enable ipforwarding at bootup:"
257 ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
258 if use ipv6 ; then
259 ewarn "and/or"
260 ewarn " net.ipv6.ip_forward = 1"
261 ewarn "for ipv6."
262 fi
263 if has_version '=net-firewall/iptables-1.2*' ; then
264 ewarn
265 ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
266 ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
267 ewarn "http://bugs.gentoo.org/92535"
268 fi
269 }
270
271
272
273 --
274 gentoo-commits@g.o mailing list
Report Message
Find on MARC Find on Google Groups