1 |
commit: 59c53b6dd088199ef5006a19c653dcc188b11b5a |
2 |
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jun 27 20:33:27 2020 +0000 |
4 |
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 27 20:37:30 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59c53b6d |
7 |
|
8 |
net-firewall/nftables: Add live ebuild |
9 |
|
10 |
Package-Manager: Portage-2.3.103, Repoman-2.3.23 |
11 |
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org> |
12 |
|
13 |
net-firewall/nftables/nftables-9999.ebuild | 173 +++++++++++++++++++++++++++++ |
14 |
1 file changed, 173 insertions(+) |
15 |
|
16 |
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild |
17 |
new file mode 100644 |
18 |
index 00000000000..916382cdf8d |
19 |
--- /dev/null |
20 |
+++ b/net-firewall/nftables/nftables-9999.ebuild |
21 |
@@ -0,0 +1,173 @@ |
22 |
+# Copyright 1999-2020 Gentoo Authors |
23 |
+# Distributed under the terms of the GNU General Public License v2 |
24 |
+ |
25 |
+EAPI=7 |
26 |
+ |
27 |
+PYTHON_COMPAT=( python3_{6,7,8,9} ) |
28 |
+ |
29 |
+inherit autotools linux-info python-r1 systemd |
30 |
+ |
31 |
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" |
32 |
+HOMEPAGE="https://netfilter.org/projects/nftables/" |
33 |
+ |
34 |
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then |
35 |
+ inherit git-r3 |
36 |
+ EGIT_REPO_URI="https://git.netfilter.org/nftables" |
37 |
+ |
38 |
+ BDEPEND=" |
39 |
+ sys-devel/bison |
40 |
+ sys-devel/flex |
41 |
+ " |
42 |
+else |
43 |
+ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" |
44 |
+ KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86" |
45 |
+fi |
46 |
+ |
47 |
+LICENSE="GPL-2" |
48 |
+SLOT="0" |
49 |
+IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" |
50 |
+ |
51 |
+RDEPEND=" |
52 |
+ >=net-libs/libmnl-1.0.4:0= |
53 |
+ gmp? ( dev-libs/gmp:0= ) |
54 |
+ json? ( dev-libs/jansson ) |
55 |
+ python? ( ${PYTHON_DEPS} ) |
56 |
+ readline? ( sys-libs/readline:0= ) |
57 |
+ >=net-libs/libnftnl-1.1.7:0= |
58 |
+ xtables? ( >=net-firewall/iptables-1.6.1 ) |
59 |
+" |
60 |
+ |
61 |
+DEPEND="${RDEPEND}" |
62 |
+ |
63 |
+BDEPEND+=" |
64 |
+ doc? ( |
65 |
+ app-text/asciidoc |
66 |
+ >=app-text/docbook2X-0.8.8-r4 |
67 |
+ ) |
68 |
+ virtual/pkgconfig |
69 |
+" |
70 |
+ |
71 |
+REQUIRED_USE=" |
72 |
+ python? ( ${PYTHON_REQUIRED_USE} ) |
73 |
+" |
74 |
+ |
75 |
+python_make() { |
76 |
+ emake \ |
77 |
+ -C py \ |
78 |
+ abs_builddir="${S}" \ |
79 |
+ DESTDIR="${D}" \ |
80 |
+ PYTHON_BIN="${PYTHON}" \ |
81 |
+ "${@}" |
82 |
+} |
83 |
+ |
84 |
+pkg_setup() { |
85 |
+ if kernel_is ge 3 13; then |
86 |
+ if use modern-kernel && kernel_is lt 3 18; then |
87 |
+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." |
88 |
+ fi |
89 |
+ CONFIG_CHECK="~NF_TABLES" |
90 |
+ linux-info_pkg_setup |
91 |
+ else |
92 |
+ eerror "This package requires kernel version 3.13 or newer to work properly." |
93 |
+ fi |
94 |
+} |
95 |
+ |
96 |
+src_prepare() { |
97 |
+ default |
98 |
+ |
99 |
+ # fix installation path for doc stuff |
100 |
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ |
101 |
+ -i files/nftables/Makefile.am || die |
102 |
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ |
103 |
+ -i files/osf/Makefile.am || die |
104 |
+ |
105 |
+ eautoreconf |
106 |
+} |
107 |
+ |
108 |
+src_configure() { |
109 |
+ local myeconfargs=( |
110 |
+ # We handle python separately |
111 |
+ --disable-python |
112 |
+ --sbindir="${EPREFIX}"/sbin |
113 |
+ $(use_enable debug) |
114 |
+ $(use_enable doc man-doc) |
115 |
+ $(use_with !gmp mini_gmp) |
116 |
+ $(use_with json) |
117 |
+ $(use_with readline cli readline) |
118 |
+ $(use_enable static-libs static) |
119 |
+ $(use_with xtables) |
120 |
+ ) |
121 |
+ econf "${myeconfargs[@]}" |
122 |
+} |
123 |
+ |
124 |
+src_compile() { |
125 |
+ default |
126 |
+ |
127 |
+ if use python; then |
128 |
+ python_foreach_impl python_make |
129 |
+ fi |
130 |
+} |
131 |
+ |
132 |
+src_install() { |
133 |
+ default |
134 |
+ |
135 |
+ if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then |
136 |
+ pushd doc >/dev/null || die |
137 |
+ doman *.? |
138 |
+ popd >/dev/null || die |
139 |
+ fi |
140 |
+ |
141 |
+ local mksuffix="$(usex modern-kernel '-mk' '')" |
142 |
+ |
143 |
+ exeinto /usr/libexec/${PN} |
144 |
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh |
145 |
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} |
146 |
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} |
147 |
+ keepdir /var/lib/nftables |
148 |
+ |
149 |
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service |
150 |
+ |
151 |
+ if use python ; then |
152 |
+ python_foreach_impl python_make install |
153 |
+ python_foreach_impl python_optimize |
154 |
+ fi |
155 |
+ |
156 |
+ find "${ED}" -type f -name "*.la" -delete || die |
157 |
+} |
158 |
+ |
159 |
+pkg_postinst() { |
160 |
+ local save_file |
161 |
+ save_file="${EROOT}/var/lib/nftables/rules-save" |
162 |
+ |
163 |
+ # In order for the nftables-restore systemd service to start |
164 |
+ # the save_file must exist. |
165 |
+ if [[ ! -f "${save_file}" ]]; then |
166 |
+ ( umask 177; touch "${save_file}" ) |
167 |
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then |
168 |
+ ewarn "Your system has dangerous permissions for ${save_file}" |
169 |
+ ewarn "It is probably affected by bug #691326." |
170 |
+ ewarn "You may need to fix the permissions of the file. To do so," |
171 |
+ ewarn "you can run the command in the line below as root." |
172 |
+ ewarn " 'chmod 600 \"${save_file}\"'" |
173 |
+ fi |
174 |
+ |
175 |
+ if has_version 'sys-apps/systemd'; then |
176 |
+ elog "If you wish to enable the firewall rules on boot (on systemd) you" |
177 |
+ elog "will need to enable the nftables-restore service." |
178 |
+ elog " 'systemctl enable ${PN}-restore.service'" |
179 |
+ elog |
180 |
+ elog "If you are creating firewall rules before the next system restart" |
181 |
+ elog "the nftables-restore service must be manually started in order to" |
182 |
+ elog "save those rules on shutdown." |
183 |
+ fi |
184 |
+ if has_version 'sys-apps/openrc'; then |
185 |
+ elog "If you wish to enable the firewall rules on boot (on openrc) you" |
186 |
+ elog "will need to enable the nftables service." |
187 |
+ elog " 'rc-update add ${PN} default'" |
188 |
+ elog |
189 |
+ elog "If you are creating or updating the firewall rules and wish to save" |
190 |
+ elog "them to be loaded on the next restart, use the \"save\" functionality" |
191 |
+ elog "in the init script." |
192 |
+ elog " 'rc-service ${PN} save'" |
193 |
+ fi |
194 |
+} |