[gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/ - gentoo-commits

From:	Patrick McLean <chutzpah@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/
Date:	Sat, 27 Jun 2020 20:37:42
Message-Id:	`1593290250.59c53b6dd088199ef5006a19c653dcc188b11b5a.chutzpah@gentoo`

1

commit:     59c53b6dd088199ef5006a19c653dcc188b11b5a

2

Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>

3

AuthorDate: Sat Jun 27 20:33:27 2020 +0000

4

Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>

5

CommitDate: Sat Jun 27 20:37:30 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59c53b6d

7

8

net-firewall/nftables: Add live ebuild

9

10

Package-Manager: Portage-2.3.103, Repoman-2.3.23

11

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

12

13

 net-firewall/nftables/nftables-9999.ebuild | 173 +++++++++++++++++++++++++++++

14

 1 file changed, 173 insertions(+)

15

16

diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild

17

new file mode 100644

18

index 00000000000..916382cdf8d

19

--- /dev/null

20

+++ b/net-firewall/nftables/nftables-9999.ebuild

21

@@ -0,0 +1,173 @@

22

+# Copyright 1999-2020 Gentoo Authors

23

+# Distributed under the terms of the GNU General Public License v2

24

+

25

+EAPI=7

26

+

27

+PYTHON_COMPAT=( python3_{6,7,8,9} )

28

+

29

+inherit autotools linux-info python-r1 systemd

30

+

31

+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"

32

+HOMEPAGE="https://netfilter.org/projects/nftables/"

33

+

34

+if [[ ${PV} =~ ^[9]{4,}$ ]]; then

35

+	inherit git-r3

36

+	EGIT_REPO_URI="https://git.netfilter.org/nftables"

37

+

38

+	BDEPEND="

39

+		sys-devel/bison

40

+		sys-devel/flex

41

+	"

42

+else

43

+	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"

44

+	KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"

45

+fi

46

+

47

+LICENSE="GPL-2"

48

+SLOT="0"

49

+IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"

50

+

51

+RDEPEND="

52

+	>=net-libs/libmnl-1.0.4:0=

53

+	gmp? ( dev-libs/gmp:0= )

54

+	json? ( dev-libs/jansson )

55

+	python? ( ${PYTHON_DEPS} )

56

+	readline? ( sys-libs/readline:0= )

57

+	>=net-libs/libnftnl-1.1.7:0=

58

+	xtables? ( >=net-firewall/iptables-1.6.1 )

59

+"

60

+

61

+DEPEND="${RDEPEND}"

62

+

63

+BDEPEND+="

64

+	doc? (

65

+		app-text/asciidoc

66

+		>=app-text/docbook2X-0.8.8-r4

67

+	)

68

+	virtual/pkgconfig

69

+"

70

+

71

+REQUIRED_USE="

72

+	python? ( ${PYTHON_REQUIRED_USE} )

73

+"

74

+

75

+python_make() {

76

+	emake \

77

+		-C py \

78

+		abs_builddir="${S}" \

79

+		DESTDIR="${D}" \

80

+		PYTHON_BIN="${PYTHON}" \

81

+		"${@}"

82

+}

83

+

84

+pkg_setup() {

85

+	if kernel_is ge 3 13; then

86

+		if use modern-kernel && kernel_is lt 3 18; then

87

+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."

88

+		fi

89

+		CONFIG_CHECK="~NF_TABLES"

90

+		linux-info_pkg_setup

91

+	else

92

+		eerror "This package requires kernel version 3.13 or newer to work properly."

93

+	fi

94

+}

95

+

96

+src_prepare() {

97

+	default

98

+

99

+	# fix installation path for doc stuff

100

+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \

101

+		-i files/nftables/Makefile.am || die

102

+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \

103

+		-i files/osf/Makefile.am || die

104

+

105

+	eautoreconf

106

+}

107

+

108

+src_configure() {

109

+	local myeconfargs=(

110

+		# We handle python separately

111

+		--disable-python

112

+		--sbindir="${EPREFIX}"/sbin

113

+		$(use_enable debug)

114

+		$(use_enable doc man-doc)

115

+		$(use_with !gmp mini_gmp)

116

+		$(use_with json)

117

+		$(use_with readline cli readline)

118

+		$(use_enable static-libs static)

119

+		$(use_with xtables)

120

+	)

121

+	econf "${myeconfargs[@]}"

122

+}

123

+

124

+src_compile() {

125

+	default

126

+

127

+	if use python; then

128

+		python_foreach_impl python_make

129

+	fi

130

+}

131

+

132

+src_install() {

133

+	default

134

+

135

+	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then

136

+		pushd doc >/dev/null || die

137

+		doman *.?

138

+		popd >/dev/null || die

139

+	fi

140

+

141

+	local mksuffix="$(usex modern-kernel '-mk' '')"

142

+

143

+	exeinto /usr/libexec/${PN}

144

+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh

145

+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}

146

+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}

147

+	keepdir /var/lib/nftables

148

+

149

+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service

150

+

151

+	if use python ; then

152

+		python_foreach_impl python_make install

153

+		python_foreach_impl python_optimize

154

+	fi

155

+

156

+	find "${ED}" -type f -name "*.la" -delete || die

157

+}

158

+

159

+pkg_postinst() {

160

+	local save_file

161

+	save_file="${EROOT}/var/lib/nftables/rules-save"

162

+

163

+	# In order for the nftables-restore systemd service to start

164

+	# the save_file must exist.

165

+	if [[ ! -f "${save_file}" ]]; then

166

+		( umask 177; touch "${save_file}" )

167

+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then

168

+		ewarn "Your system has dangerous permissions for ${save_file}"

169

+		ewarn "It is probably affected by bug #691326."

170

+		ewarn "You may need to fix the permissions of the file. To do so,"

171

+		ewarn "you can run the command in the line below as root."

172

+		ewarn "    'chmod 600 \"${save_file}\"'"

173

+	fi

174

+

175

+	if has_version 'sys-apps/systemd'; then

176

+		elog "If you wish to enable the firewall rules on boot (on systemd) you"

177

+		elog "will need to enable the nftables-restore service."

178

+		elog "    'systemctl enable ${PN}-restore.service'"

179

+		elog

180

+		elog "If you are creating firewall rules before the next system restart"

181

+		elog "the nftables-restore service must be manually started in order to"

182

+		elog "save those rules on shutdown."

183

+	fi

184

+	if has_version 'sys-apps/openrc'; then

185

+		elog "If you wish to enable the firewall rules on boot (on openrc) you"

186

+		elog "will need to enable the nftables service."

187

+		elog "    'rc-update add ${PN} default'"

188

+		elog

189

+		elog "If you are creating or updating the firewall rules and wish to save"

190

+		elog "them to be loaded on the next restart, use the \"save\" functionality"

191

+		elog "in the init script."

192

+		elog "    'rc-service ${PN} save'"

193

+	fi

194

+}

1	commit: 59c53b6dd088199ef5006a19c653dcc188b11b5a
2	Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
3	AuthorDate: Sat Jun 27 20:33:27 2020 +0000
4	Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
5	CommitDate: Sat Jun 27 20:37:30 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59c53b6d
7
8	net-firewall/nftables: Add live ebuild
9
10	Package-Manager: Portage-2.3.103, Repoman-2.3.23
11	Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
12
13	net-firewall/nftables/nftables-9999.ebuild \| 173 +++++++++++++++++++++++++++++
14	1 file changed, 173 insertions(+)
15
16	diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
17	new file mode 100644
18	index 00000000000..916382cdf8d
19	--- /dev/null
20	+++ b/net-firewall/nftables/nftables-9999.ebuild
21	@@ -0,0 +1,173 @@
22	+# Copyright 1999-2020 Gentoo Authors
23	+# Distributed under the terms of the GNU General Public License v2
24	+
25	+EAPI=7
26	+
27	+PYTHON_COMPAT=( python3_{6,7,8,9} )
28	+
29	+inherit autotools linux-info python-r1 systemd
30	+
31	+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
32	+HOMEPAGE="https://netfilter.org/projects/nftables/"
33	+
34	+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
35	+ inherit git-r3
36	+ EGIT_REPO_URI="https://git.netfilter.org/nftables"
37	+
38	+ BDEPEND="
39	+ sys-devel/bison
40	+ sys-devel/flex
41	+ "
42	+else
43	+ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
44	+ KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
45	+fi
46	+
47	+LICENSE="GPL-2"
48	+SLOT="0"
49	+IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
50	+
51	+RDEPEND="
52	+ >=net-libs/libmnl-1.0.4:0=
53	+ gmp? ( dev-libs/gmp:0= )
54	+ json? ( dev-libs/jansson )
55	+ python? ( ${PYTHON_DEPS} )
56	+ readline? ( sys-libs/readline:0= )
57	+ >=net-libs/libnftnl-1.1.7:0=
58	+ xtables? ( >=net-firewall/iptables-1.6.1 )
59	+"
60	+
61	+DEPEND="${RDEPEND}"
62	+
63	+BDEPEND+="
64	+ doc? (
65	+ app-text/asciidoc
66	+ >=app-text/docbook2X-0.8.8-r4
67	+ )
68	+ virtual/pkgconfig
69	+"
70	+
71	+REQUIRED_USE="
72	+ python? ( ${PYTHON_REQUIRED_USE} )
73	+"
74	+
75	+python_make() {
76	+ emake \
77	+ -C py \
78	+ abs_builddir="${S}" \
79	+ DESTDIR="${D}" \
80	+ PYTHON_BIN="${PYTHON}" \
81	+ "${@}"
82	+}
83	+
84	+pkg_setup() {
85	+ if kernel_is ge 3 13; then
86	+ if use modern-kernel && kernel_is lt 3 18; then
87	+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
88	+ fi
89	+ CONFIG_CHECK="~NF_TABLES"
90	+ linux-info_pkg_setup
91	+ else
92	+ eerror "This package requires kernel version 3.13 or newer to work properly."
93	+ fi
94	+}
95	+
96	+src_prepare() {
97	+ default
98	+
99	+ # fix installation path for doc stuff
100	+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
101	+ -i files/nftables/Makefile.am \|\| die
102	+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
103	+ -i files/osf/Makefile.am \|\| die
104	+
105	+ eautoreconf
106	+}
107	+
108	+src_configure() {
109	+ local myeconfargs=(
110	+ # We handle python separately
111	+ --disable-python
112	+ --sbindir="${EPREFIX}"/sbin
113	+ $(use_enable debug)
114	+ $(use_enable doc man-doc)
115	+ $(use_with !gmp mini_gmp)
116	+ $(use_with json)
117	+ $(use_with readline cli readline)
118	+ $(use_enable static-libs static)
119	+ $(use_with xtables)
120	+ )
121	+ econf "${myeconfargs[@]}"
122	+}
123	+
124	+src_compile() {
125	+ default
126	+
127	+ if use python; then
128	+ python_foreach_impl python_make
129	+ fi
130	+}
131	+
132	+src_install() {
133	+ default
134	+
135	+ if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
136	+ pushd doc >/dev/null \|\| die
137	+ doman *.?
138	+ popd >/dev/null \|\| die
139	+ fi
140	+
141	+ local mksuffix="$(usex modern-kernel '-mk' '')"
142	+
143	+ exeinto /usr/libexec/${PN}
144	+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
145	+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
146	+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
147	+ keepdir /var/lib/nftables
148	+
149	+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
150	+
151	+ if use python ; then
152	+ python_foreach_impl python_make install
153	+ python_foreach_impl python_optimize
154	+ fi
155	+
156	+ find "${ED}" -type f -name "*.la" -delete \|\| die
157	+}
158	+
159	+pkg_postinst() {
160	+ local save_file
161	+ save_file="${EROOT}/var/lib/nftables/rules-save"
162	+
163	+ # In order for the nftables-restore systemd service to start
164	+ # the save_file must exist.
165	+ if [[ ! -f "${save_file}" ]]; then
166	+ ( umask 177; touch "${save_file}" )
167	+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
168	+ ewarn "Your system has dangerous permissions for ${save_file}"
169	+ ewarn "It is probably affected by bug #691326."
170	+ ewarn "You may need to fix the permissions of the file. To do so,"
171	+ ewarn "you can run the command in the line below as root."
172	+ ewarn " 'chmod 600 \"${save_file}\"'"
173	+ fi
174	+
175	+ if has_version 'sys-apps/systemd'; then
176	+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
177	+ elog "will need to enable the nftables-restore service."
178	+ elog " 'systemctl enable ${PN}-restore.service'"
179	+ elog
180	+ elog "If you are creating firewall rules before the next system restart"
181	+ elog "the nftables-restore service must be manually started in order to"
182	+ elog "save those rules on shutdown."
183	+ fi
184	+ if has_version 'sys-apps/openrc'; then
185	+ elog "If you wish to enable the firewall rules on boot (on openrc) you"
186	+ elog "will need to enable the nftables service."
187	+ elog " 'rc-update add ${PN} default'"
188	+ elog
189	+ elog "If you are creating or updating the firewall rules and wish to save"
190	+ elog "them to be loaded on the next restart, use the \"save\" functionality"
191	+ elog "in the init script."
192	+ elog " 'rc-service ${PN} save'"
193	+ fi
194	+}

Gentoo Archives: gentoo-commits