| 1 |
vapier 07/12/30 15:00:48 |
| 2 |
|
| 3 |
Modified: ChangeLog |
| 4 |
Added: iptables-1.4.0-r1.ebuild |
| 5 |
Log: |
| 6 |
Install dev headers/libs again #203744. |
| 7 |
(Portage version: 2.1.4_rc11) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.157 net-firewall/iptables/ChangeLog |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.157&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.157&content-type=text/plain |
| 14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?r1=1.156&r2=1.157 |
| 15 |
|
| 16 |
Index: ChangeLog |
| 17 |
=================================================================== |
| 18 |
RCS file: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v |
| 19 |
retrieving revision 1.156 |
| 20 |
retrieving revision 1.157 |
| 21 |
diff -u -r1.156 -r1.157 |
| 22 |
--- ChangeLog 27 Dec 2007 21:48:28 -0000 1.156 |
| 23 |
+++ ChangeLog 30 Dec 2007 15:00:48 -0000 1.157 |
| 24 |
@@ -1,6 +1,12 @@ |
| 25 |
# ChangeLog for net-firewall/iptables |
| 26 |
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 |
| 27 |
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.156 2007/12/27 21:48:28 vapier Exp $ |
| 28 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.157 2007/12/30 15:00:48 vapier Exp $ |
| 29 |
+ |
| 30 |
+*iptables-1.4.0-r1 (30 Dec 2007) |
| 31 |
+ |
| 32 |
+ 30 Dec 2007; Mike Frysinger <vapier@g.o> |
| 33 |
+ +files/iptables-1.4.0-dev-files.patch, +iptables-1.4.0-r1.ebuild: |
| 34 |
+ Install dev headers/libs again #203744. |
| 35 |
|
| 36 |
27 Dec 2007; Mike Frysinger <vapier@g.o> iptables-1.4.0.ebuild: |
| 37 |
Punt USE=imq. Use user-custom patch dir in /etc/. |
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
1.1 net-firewall/iptables/iptables-1.4.0-r1.ebuild |
| 42 |
|
| 43 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0-r1.ebuild?rev=1.1&view=markup |
| 44 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0-r1.ebuild?rev=1.1&content-type=text/plain |
| 45 |
|
| 46 |
Index: iptables-1.4.0-r1.ebuild |
| 47 |
=================================================================== |
| 48 |
# Copyright 1999-2007 Gentoo Foundation |
| 49 |
# Distributed under the terms of the GNU General Public License v2 |
| 50 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.0-r1.ebuild,v 1.1 2007/12/30 15:00:48 vapier Exp $ |
| 51 |
|
| 52 |
inherit eutils toolchain-funcs linux-info |
| 53 |
|
| 54 |
L7_PV=2.17 |
| 55 |
L7_P=netfilter-layer7-v${L7_PV} |
| 56 |
|
| 57 |
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" |
| 58 |
HOMEPAGE="http://www.iptables.org/ http://l7-filter.sf.net/" |
| 59 |
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2 |
| 60 |
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )" |
| 61 |
|
| 62 |
LICENSE="GPL-2" |
| 63 |
SLOT="0" |
| 64 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
| 65 |
IUSE="extensions ipv6 l7filter static" |
| 66 |
|
| 67 |
DEPEND="virtual/os-headers |
| 68 |
l7filter? ( virtual/linux-sources )" |
| 69 |
RDEPEND="" |
| 70 |
|
| 71 |
pkg_setup() { |
| 72 |
if use l7filter || use extensions ; then |
| 73 |
ewarn "WARNING: 3rd party extensions has been enabled." |
| 74 |
ewarn "This means that iptables will use your currently installed" |
| 75 |
ewarn "kernel in ${KERNEL_DIR} as headers for iptables." |
| 76 |
ewarn |
| 77 |
if use extensions ; then |
| 78 |
ewarn "You may have to patch your kernel to allow iptables to build." |
| 79 |
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches" |
| 80 |
ewarn "for your kernel." |
| 81 |
ewarn |
| 82 |
fi |
| 83 |
linux-info_pkg_setup |
| 84 |
fi |
| 85 |
|
| 86 |
if kernel_is ge 2 6 20 |
| 87 |
then |
| 88 |
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c |
| 89 |
else |
| 90 |
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c |
| 91 |
fi |
| 92 |
if use l7filter && \ |
| 93 |
[ ! -f "${L7FILE}" ]; then |
| 94 |
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" |
| 95 |
fi |
| 96 |
} |
| 97 |
|
| 98 |
src_unpack() { |
| 99 |
unpack ${P}.tar.bz2 |
| 100 |
if use l7filter |
| 101 |
then |
| 102 |
unpack ${L7_P}.tar.gz |
| 103 |
fi |
| 104 |
cd "${S}" |
| 105 |
|
| 106 |
epatch "${FILESDIR}"/${P}-dev-files.patch |
| 107 |
|
| 108 |
# this provide's grsec's stealth match |
| 109 |
EPATCH_OPTS="-p0" \ |
| 110 |
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 |
| 111 |
sed -i \ |
| 112 |
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \ |
| 113 |
extensions/Makefile || die "failed to enable stealth extension" |
| 114 |
|
| 115 |
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches |
| 116 |
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do |
| 117 |
EPATCH_SOURCE=${base}/${CTARGET}/${check} |
| 118 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check} |
| 119 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check} |
| 120 |
if [[ -d ${EPATCH_SOURCE} ]] ; then |
| 121 |
EPATCH_SUFFIX="patch" |
| 122 |
EPATCH_FORCE="yes" \ |
| 123 |
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \ |
| 124 |
epatch |
| 125 |
break |
| 126 |
fi |
| 127 |
done |
| 128 |
|
| 129 |
if use l7filter ; then |
| 130 |
#yes choosing 2.6.20 was deliberate - upstream mistake possibly |
| 131 |
if kernel_is ge 2 6 20 |
| 132 |
then |
| 133 |
L7_PATCH=iptables-1.4-for-kernel-2.6.20forward-layer7-${L7_PV}.patch |
| 134 |
else |
| 135 |
eerror "Currently there is no l7-filter patch available for this" |
| 136 |
eerror "kernel iptables-1.4 and kernel version pre 2.6.20." |
| 137 |
eerror "If you need to compile iptables 1.4.x against Linux 2.6.19.x" |
| 138 |
eerror "or earlier, with l7-filter patch, please, report upstream." |
| 139 |
die "No patch available." |
| 140 |
fi |
| 141 |
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH} |
| 142 |
chmod +x extensions/.layer7-test* |
| 143 |
fi |
| 144 |
|
| 145 |
if ! use extensions ; then |
| 146 |
cat <<-EOF > "${S}"/include/linux/compiler.h |
| 147 |
#define __user |
| 148 |
EOF |
| 149 |
fi |
| 150 |
} |
| 151 |
|
| 152 |
src_defs() { |
| 153 |
# these are used in both of src_compile and src_install |
| 154 |
myconf="" |
| 155 |
myconf="${myconf} PREFIX=" |
| 156 |
myconf="${myconf} LIBDIR=/$(get_libdir)" |
| 157 |
myconf="${myconf} BINDIR=/sbin" |
| 158 |
myconf="${myconf} MANDIR=/usr/share/man" |
| 159 |
myconf="${myconf} INCDIR=/usr/include" |
| 160 |
# iptables and libraries are now installed to /sbin and /lib, so that |
| 161 |
# systems with remote network-mounted /usr filesystems can get their |
| 162 |
# network interfaces up and running correctly without /usr. |
| 163 |
use ipv6 || myconf="${myconf} DO_IPV6=0" |
| 164 |
use static && myconf="${myconf} NO_SHARED_LIBS=0" |
| 165 |
export myconf |
| 166 |
if ! use l7filter && ! use extensions ; then |
| 167 |
export KERNEL_DIR=$( |
| 168 |
# ugh -- iptables has scripts which check for the existence of |
| 169 |
# files so we need to give it the right path to our toolchains |
| 170 |
# include dir where the linux headers are. |
| 171 |
# FYI IPTABLES: YOU FAIL |
| 172 |
echo '#include <linux/limits.h>' | $(tc-getCPP) - | grep -o '/[^"]*linux/limits.h' | sed s:/include/linux/limits.h:: |
| 173 |
) |
| 174 |
export KBUILD_OUTPUT=${KERNEL_DIR} |
| 175 |
diemsg="failure" |
| 176 |
else |
| 177 |
diemsg="failure - with l7filter and/or other miscellanious patches added" |
| 178 |
fi |
| 179 |
export diemsg |
| 180 |
} |
| 181 |
|
| 182 |
src_compile() { |
| 183 |
src_defs |
| 184 |
emake \ |
| 185 |
COPT_FLAGS="${CFLAGS}" ${myconf} \ |
| 186 |
CC="$(tc-getCC)" \ |
| 187 |
|| die "${diemsg}" |
| 188 |
} |
| 189 |
|
| 190 |
src_install() { |
| 191 |
src_defs |
| 192 |
emake ${myconf} \ |
| 193 |
DESTDIR="${D}" \ |
| 194 |
KERNEL_DIR="${KERNEL_DIR}" \ |
| 195 |
install install-devel || die "${diemsg}" |
| 196 |
|
| 197 |
dodir /usr/$(get_libdir) |
| 198 |
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir) |
| 199 |
|
| 200 |
keepdir /var/lib/iptables |
| 201 |
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables |
| 202 |
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables |
| 203 |
|
| 204 |
if use ipv6 ; then |
| 205 |
keepdir /var/lib/ip6tables |
| 206 |
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables |
| 207 |
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables |
| 208 |
fi |
| 209 |
} |
| 210 |
|
| 211 |
pkg_postinst() { |
| 212 |
elog "This package now includes an initscript which loads and saves" |
| 213 |
elog "rules stored in /var/lib/iptables/rules-save" |
| 214 |
use ipv6 && elog "and /var/lib/ip6tables/rules-save" |
| 215 |
elog "This location can be changed in /etc/conf.d/iptables" |
| 216 |
elog |
| 217 |
elog "If you are using the iptables initsscript you should save your" |
| 218 |
elog "rules using the new iptables version before rebooting." |
| 219 |
elog |
| 220 |
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" |
| 221 |
elog "iptables." |
| 222 |
elog |
| 223 |
ewarn "!!! ipforwarding is not a part of the iptables initscripts." |
| 224 |
ewarn |
| 225 |
ewarn "To enable ipforwarding at bootup:" |
| 226 |
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" |
| 227 |
if use ipv6 ; then |
| 228 |
ewarn "and/or" |
| 229 |
ewarn " net.ipv6.ip_forward = 1" |
| 230 |
ewarn "for ipv6." |
| 231 |
fi |
| 232 |
if has_version '=net-firewall/iptables-1.2*' ; then |
| 233 |
ewarn |
| 234 |
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove" |
| 235 |
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:" |
| 236 |
ewarn "http://bugs.gentoo.org/92535" |
| 237 |
fi |
| 238 |
} |
| 239 |
|
| 240 |
|
| 241 |
|
| 242 |
-- |
| 243 |
gentoo-commits@g.o mailing list |
Archives