| 1 |
commit: abff60a972c82e5c0f155a3a37bc6cdb7613ea25 |
| 2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Dec 31 23:23:13 2022 +0000 |
| 4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Dec 31 23:23:21 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abff60a9 |
| 7 |
|
| 8 |
net-firewall/ipset: add 7.17 |
| 9 |
|
| 10 |
Closes: https://bugs.gentoo.org/813468 |
| 11 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
| 12 |
|
| 13 |
net-firewall/ipset/Manifest | 1 + |
| 14 |
net-firewall/ipset/files/ipset.systemd-r1 | 15 ++++ |
| 15 |
net-firewall/ipset/ipset-7.17.ebuild | 119 ++++++++++++++++++++++++++++++ |
| 16 |
3 files changed, 135 insertions(+) |
| 17 |
|
| 18 |
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest |
| 19 |
index db79ace8bb25..6320f121cb5b 100644 |
| 20 |
--- a/net-firewall/ipset/Manifest |
| 21 |
+++ b/net-firewall/ipset/Manifest |
| 22 |
@@ -1,2 +1,3 @@ |
| 23 |
DIST ipset-7.15.tar.bz2 680383 BLAKE2B 10acff9741370ad80a2845605be1be4f691e987b271f4dcf1fab3abfe158c63c7d39e6b3453ba7cd361dee3df92f85419cfb70806a71b6806555f6571c70b1ed SHA512 0fc936d971c30a0925c585d506c8840e782fdaeec09bc8fd249e874fe838fa55a4dbb697f6e1423a6769abf07a1ce2195abc37cb641e8e4ad70f1b4c7130916a |
| 24 |
DIST ipset-7.16.tar.bz2 684512 BLAKE2B c2c58bd6250bab41c3c5cb2ed6a39b1cd5e47a60eca5ed19373dad6c611f5263c61cf12915b5d658700e8e78f4f445788900a2b89cdcdbef3407375b4131fb04 SHA512 e69ddee956f0922c8e08e7e5d358d6b5b24178a9f08151b20957cc3465baaba9ecd6aa938ae157f2cd286ccd7f0b7a279cfd89cec2393a00b43e4d945c275307 |
| 25 |
+DIST ipset-7.17.tar.bz2 684983 BLAKE2B 43b74ab7caf5a963787184aa75b6c071388c8d28997681444b72118aba68b843e961b50418c3fa70b451b4cb090ec62940b770abac2156910442115edbf90d41 SHA512 e308a0d7707ccf7d0cb06a32cf9a822f97862e007abdbab8a91a5a0d5bfbd9f2fb9a3f5e8f36b250ec0d565438c8648a31e8e5b45d8205a76558e90f46e6e597 |
| 26 |
|
| 27 |
diff --git a/net-firewall/ipset/files/ipset.systemd-r1 b/net-firewall/ipset/files/ipset.systemd-r1 |
| 28 |
new file mode 100644 |
| 29 |
index 000000000000..600779604fb3 |
| 30 |
--- /dev/null |
| 31 |
+++ b/net-firewall/ipset/files/ipset.systemd-r1 |
| 32 |
@@ -0,0 +1,15 @@ |
| 33 |
+[Unit] |
| 34 |
+Description=ipset service |
| 35 |
+Before=network-pre.target iptables-restore.service ip6tables-restore.service firewalld.service |
| 36 |
+Wants=network-pre.target |
| 37 |
+ConditionFileNotEmpty=/var/lib/ipset/rules-save |
| 38 |
+ |
| 39 |
+[Service] |
| 40 |
+Type=oneshot |
| 41 |
+RemainAfterExit=yes |
| 42 |
+ExecStart=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore |
| 43 |
+ExecReload=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore |
| 44 |
+ExecStop=/usr/sbin/ipset -file /var/lib/ipset/rules-save save |
| 45 |
+ |
| 46 |
+[Install] |
| 47 |
+WantedBy=multi-user.target |
| 48 |
|
| 49 |
diff --git a/net-firewall/ipset/ipset-7.17.ebuild b/net-firewall/ipset/ipset-7.17.ebuild |
| 50 |
new file mode 100644 |
| 51 |
index 000000000000..450b35c613fc |
| 52 |
--- /dev/null |
| 53 |
+++ b/net-firewall/ipset/ipset-7.17.ebuild |
| 54 |
@@ -0,0 +1,119 @@ |
| 55 |
+# Copyright 1999-2022 Gentoo Authors |
| 56 |
+# Distributed under the terms of the GNU General Public License v2 |
| 57 |
+ |
| 58 |
+EAPI=8 |
| 59 |
+ |
| 60 |
+MODULES_OPTIONAL_USE=modules |
| 61 |
+inherit autotools bash-completion-r1 linux-info linux-mod systemd |
| 62 |
+ |
| 63 |
+DESCRIPTION="IPset tool for iptables, successor to ippool" |
| 64 |
+HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/" |
| 65 |
+SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2" |
| 66 |
+ |
| 67 |
+LICENSE="GPL-2" |
| 68 |
+SLOT="0" |
| 69 |
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86" |
| 70 |
+ |
| 71 |
+RDEPEND=" |
| 72 |
+ >=net-firewall/iptables-1.4.7 |
| 73 |
+ net-libs/libmnl:= |
| 74 |
+" |
| 75 |
+DEPEND="${RDEPEND}" |
| 76 |
+BDEPEND="virtual/pkgconfig" |
| 77 |
+ |
| 78 |
+DOCS=( ChangeLog INSTALL README UPGRADE ) |
| 79 |
+ |
| 80 |
+PATCHES=( |
| 81 |
+ "${FILESDIR}"/${PN}-7.16-bashism.patch |
| 82 |
+) |
| 83 |
+ |
| 84 |
+# configurable from outside, e.g. /etc/portage/make.conf |
| 85 |
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} |
| 86 |
+ |
| 87 |
+BUILD_TARGETS="modules" |
| 88 |
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" |
| 89 |
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" |
| 90 |
+MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)" |
| 91 |
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do |
| 92 |
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" |
| 93 |
+done |
| 94 |
+ |
| 95 |
+pkg_setup() { |
| 96 |
+ get_version |
| 97 |
+ CONFIG_CHECK="NETFILTER" |
| 98 |
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." |
| 99 |
+ CONFIG_CHECK+=" NETFILTER_NETLINK" |
| 100 |
+ ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel." |
| 101 |
+ # It does still build without NET_NS, but it may be needed in future. |
| 102 |
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" |
| 103 |
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." |
| 104 |
+ CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" |
| 105 |
+ ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" |
| 106 |
+ |
| 107 |
+ build_modules=0 |
| 108 |
+ if use modules; then |
| 109 |
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then |
| 110 |
+ if linux_chkconfig_present "IP_NF_SET" || \ |
| 111 |
+ linux_chkconfig_present "IP_SET"; then #274577 |
| 112 |
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." |
| 113 |
+ eerror "Please either build ipset with modules USE flag disabled" |
| 114 |
+ eerror "or rebuild kernel without IP_SET support and make sure" |
| 115 |
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." |
| 116 |
+ die "USE=modules and in-kernel ipset support detected." |
| 117 |
+ else |
| 118 |
+ einfo "Modular kernel detected. Gonna build kernel modules..." |
| 119 |
+ build_modules=1 |
| 120 |
+ fi |
| 121 |
+ else |
| 122 |
+ eerror "Nonmodular kernel detected, but USE=modules. Either build" |
| 123 |
+ eerror "modular kernel (without IP_SET) or disable USE=modules" |
| 124 |
+ die "Nonmodular kernel detected, will not build kernel modules" |
| 125 |
+ fi |
| 126 |
+ fi |
| 127 |
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup |
| 128 |
+} |
| 129 |
+ |
| 130 |
+src_prepare() { |
| 131 |
+ default |
| 132 |
+ |
| 133 |
+ eautoreconf |
| 134 |
+} |
| 135 |
+ |
| 136 |
+src_configure() { |
| 137 |
+ export bashcompdir="$(get_bashcompdir)" |
| 138 |
+ |
| 139 |
+ econf \ |
| 140 |
+ --enable-bashcompl \ |
| 141 |
+ $(use_with modules kmod) \ |
| 142 |
+ --with-maxsets=${IP_NF_SET_MAX} \ |
| 143 |
+ --with-ksource="${KV_DIR}" \ |
| 144 |
+ --with-kbuild="${KV_OUT_DIR}" |
| 145 |
+} |
| 146 |
+ |
| 147 |
+src_compile() { |
| 148 |
+ einfo "Building userspace" |
| 149 |
+ emake |
| 150 |
+ |
| 151 |
+ if [[ ${build_modules} -eq 1 ]]; then |
| 152 |
+ einfo "Building kernel modules" |
| 153 |
+ set_arch_to_kernel |
| 154 |
+ emake modules |
| 155 |
+ fi |
| 156 |
+} |
| 157 |
+ |
| 158 |
+src_install() { |
| 159 |
+ einfo "Installing userspace" |
| 160 |
+ default |
| 161 |
+ |
| 162 |
+ find "${ED}" -name '*.la' -delete || die |
| 163 |
+ |
| 164 |
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} |
| 165 |
+ newconfd "${FILESDIR}"/ipset.confd ${PN} |
| 166 |
+ systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service |
| 167 |
+ keepdir /var/lib/ipset |
| 168 |
+ |
| 169 |
+ if [[ ${build_modules} -eq 1 ]]; then |
| 170 |
+ einfo "Installing kernel modules" |
| 171 |
+ linux-mod_src_install |
| 172 |
+ fi |
| 173 |
+} |
Archives