1 |
vapier 07/12/30 15:00:48 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: iptables-1.4.0-r1.ebuild |
5 |
Log: |
6 |
Install dev headers/libs again #203744. |
7 |
(Portage version: 2.1.4_rc11) |
8 |
|
9 |
Revision Changes Path |
10 |
1.157 net-firewall/iptables/ChangeLog |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.157&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.157&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?r1=1.156&r2=1.157 |
15 |
|
16 |
Index: ChangeLog |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v |
19 |
retrieving revision 1.156 |
20 |
retrieving revision 1.157 |
21 |
diff -u -r1.156 -r1.157 |
22 |
--- ChangeLog 27 Dec 2007 21:48:28 -0000 1.156 |
23 |
+++ ChangeLog 30 Dec 2007 15:00:48 -0000 1.157 |
24 |
@@ -1,6 +1,12 @@ |
25 |
# ChangeLog for net-firewall/iptables |
26 |
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.156 2007/12/27 21:48:28 vapier Exp $ |
28 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.157 2007/12/30 15:00:48 vapier Exp $ |
29 |
+ |
30 |
+*iptables-1.4.0-r1 (30 Dec 2007) |
31 |
+ |
32 |
+ 30 Dec 2007; Mike Frysinger <vapier@g.o> |
33 |
+ +files/iptables-1.4.0-dev-files.patch, +iptables-1.4.0-r1.ebuild: |
34 |
+ Install dev headers/libs again #203744. |
35 |
|
36 |
27 Dec 2007; Mike Frysinger <vapier@g.o> iptables-1.4.0.ebuild: |
37 |
Punt USE=imq. Use user-custom patch dir in /etc/. |
38 |
|
39 |
|
40 |
|
41 |
1.1 net-firewall/iptables/iptables-1.4.0-r1.ebuild |
42 |
|
43 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0-r1.ebuild?rev=1.1&view=markup |
44 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0-r1.ebuild?rev=1.1&content-type=text/plain |
45 |
|
46 |
Index: iptables-1.4.0-r1.ebuild |
47 |
=================================================================== |
48 |
# Copyright 1999-2007 Gentoo Foundation |
49 |
# Distributed under the terms of the GNU General Public License v2 |
50 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.0-r1.ebuild,v 1.1 2007/12/30 15:00:48 vapier Exp $ |
51 |
|
52 |
inherit eutils toolchain-funcs linux-info |
53 |
|
54 |
L7_PV=2.17 |
55 |
L7_P=netfilter-layer7-v${L7_PV} |
56 |
|
57 |
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" |
58 |
HOMEPAGE="http://www.iptables.org/ http://l7-filter.sf.net/" |
59 |
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2 |
60 |
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )" |
61 |
|
62 |
LICENSE="GPL-2" |
63 |
SLOT="0" |
64 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
65 |
IUSE="extensions ipv6 l7filter static" |
66 |
|
67 |
DEPEND="virtual/os-headers |
68 |
l7filter? ( virtual/linux-sources )" |
69 |
RDEPEND="" |
70 |
|
71 |
pkg_setup() { |
72 |
if use l7filter || use extensions ; then |
73 |
ewarn "WARNING: 3rd party extensions has been enabled." |
74 |
ewarn "This means that iptables will use your currently installed" |
75 |
ewarn "kernel in ${KERNEL_DIR} as headers for iptables." |
76 |
ewarn |
77 |
if use extensions ; then |
78 |
ewarn "You may have to patch your kernel to allow iptables to build." |
79 |
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches" |
80 |
ewarn "for your kernel." |
81 |
ewarn |
82 |
fi |
83 |
linux-info_pkg_setup |
84 |
fi |
85 |
|
86 |
if kernel_is ge 2 6 20 |
87 |
then |
88 |
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c |
89 |
else |
90 |
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c |
91 |
fi |
92 |
if use l7filter && \ |
93 |
[ ! -f "${L7FILE}" ]; then |
94 |
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" |
95 |
fi |
96 |
} |
97 |
|
98 |
src_unpack() { |
99 |
unpack ${P}.tar.bz2 |
100 |
if use l7filter |
101 |
then |
102 |
unpack ${L7_P}.tar.gz |
103 |
fi |
104 |
cd "${S}" |
105 |
|
106 |
epatch "${FILESDIR}"/${P}-dev-files.patch |
107 |
|
108 |
# this provide's grsec's stealth match |
109 |
EPATCH_OPTS="-p0" \ |
110 |
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 |
111 |
sed -i \ |
112 |
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \ |
113 |
extensions/Makefile || die "failed to enable stealth extension" |
114 |
|
115 |
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches |
116 |
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do |
117 |
EPATCH_SOURCE=${base}/${CTARGET}/${check} |
118 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check} |
119 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check} |
120 |
if [[ -d ${EPATCH_SOURCE} ]] ; then |
121 |
EPATCH_SUFFIX="patch" |
122 |
EPATCH_FORCE="yes" \ |
123 |
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \ |
124 |
epatch |
125 |
break |
126 |
fi |
127 |
done |
128 |
|
129 |
if use l7filter ; then |
130 |
#yes choosing 2.6.20 was deliberate - upstream mistake possibly |
131 |
if kernel_is ge 2 6 20 |
132 |
then |
133 |
L7_PATCH=iptables-1.4-for-kernel-2.6.20forward-layer7-${L7_PV}.patch |
134 |
else |
135 |
eerror "Currently there is no l7-filter patch available for this" |
136 |
eerror "kernel iptables-1.4 and kernel version pre 2.6.20." |
137 |
eerror "If you need to compile iptables 1.4.x against Linux 2.6.19.x" |
138 |
eerror "or earlier, with l7-filter patch, please, report upstream." |
139 |
die "No patch available." |
140 |
fi |
141 |
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH} |
142 |
chmod +x extensions/.layer7-test* |
143 |
fi |
144 |
|
145 |
if ! use extensions ; then |
146 |
cat <<-EOF > "${S}"/include/linux/compiler.h |
147 |
#define __user |
148 |
EOF |
149 |
fi |
150 |
} |
151 |
|
152 |
src_defs() { |
153 |
# these are used in both of src_compile and src_install |
154 |
myconf="" |
155 |
myconf="${myconf} PREFIX=" |
156 |
myconf="${myconf} LIBDIR=/$(get_libdir)" |
157 |
myconf="${myconf} BINDIR=/sbin" |
158 |
myconf="${myconf} MANDIR=/usr/share/man" |
159 |
myconf="${myconf} INCDIR=/usr/include" |
160 |
# iptables and libraries are now installed to /sbin and /lib, so that |
161 |
# systems with remote network-mounted /usr filesystems can get their |
162 |
# network interfaces up and running correctly without /usr. |
163 |
use ipv6 || myconf="${myconf} DO_IPV6=0" |
164 |
use static && myconf="${myconf} NO_SHARED_LIBS=0" |
165 |
export myconf |
166 |
if ! use l7filter && ! use extensions ; then |
167 |
export KERNEL_DIR=$( |
168 |
# ugh -- iptables has scripts which check for the existence of |
169 |
# files so we need to give it the right path to our toolchains |
170 |
# include dir where the linux headers are. |
171 |
# FYI IPTABLES: YOU FAIL |
172 |
echo '#include <linux/limits.h>' | $(tc-getCPP) - | grep -o '/[^"]*linux/limits.h' | sed s:/include/linux/limits.h:: |
173 |
) |
174 |
export KBUILD_OUTPUT=${KERNEL_DIR} |
175 |
diemsg="failure" |
176 |
else |
177 |
diemsg="failure - with l7filter and/or other miscellanious patches added" |
178 |
fi |
179 |
export diemsg |
180 |
} |
181 |
|
182 |
src_compile() { |
183 |
src_defs |
184 |
emake \ |
185 |
COPT_FLAGS="${CFLAGS}" ${myconf} \ |
186 |
CC="$(tc-getCC)" \ |
187 |
|| die "${diemsg}" |
188 |
} |
189 |
|
190 |
src_install() { |
191 |
src_defs |
192 |
emake ${myconf} \ |
193 |
DESTDIR="${D}" \ |
194 |
KERNEL_DIR="${KERNEL_DIR}" \ |
195 |
install install-devel || die "${diemsg}" |
196 |
|
197 |
dodir /usr/$(get_libdir) |
198 |
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir) |
199 |
|
200 |
keepdir /var/lib/iptables |
201 |
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables |
202 |
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables |
203 |
|
204 |
if use ipv6 ; then |
205 |
keepdir /var/lib/ip6tables |
206 |
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables |
207 |
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables |
208 |
fi |
209 |
} |
210 |
|
211 |
pkg_postinst() { |
212 |
elog "This package now includes an initscript which loads and saves" |
213 |
elog "rules stored in /var/lib/iptables/rules-save" |
214 |
use ipv6 && elog "and /var/lib/ip6tables/rules-save" |
215 |
elog "This location can be changed in /etc/conf.d/iptables" |
216 |
elog |
217 |
elog "If you are using the iptables initsscript you should save your" |
218 |
elog "rules using the new iptables version before rebooting." |
219 |
elog |
220 |
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" |
221 |
elog "iptables." |
222 |
elog |
223 |
ewarn "!!! ipforwarding is not a part of the iptables initscripts." |
224 |
ewarn |
225 |
ewarn "To enable ipforwarding at bootup:" |
226 |
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" |
227 |
if use ipv6 ; then |
228 |
ewarn "and/or" |
229 |
ewarn " net.ipv6.ip_forward = 1" |
230 |
ewarn "for ipv6." |
231 |
fi |
232 |
if has_version '=net-firewall/iptables-1.2*' ; then |
233 |
ewarn |
234 |
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove" |
235 |
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:" |
236 |
ewarn "http://bugs.gentoo.org/92535" |
237 |
fi |
238 |
} |
239 |
|
240 |
|
241 |
|
242 |
-- |
243 |
gentoo-commits@g.o mailing list |