1 |
commit: 9a223c82dd8cfd2b72e0e7135b2a773df79b9c78 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Mar 15 02:41:30 2023 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 15 02:41:45 2023 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a223c82 |
7 |
|
8 |
net-firewall/nftables: add 1.0.7 |
9 |
|
10 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
11 |
|
12 |
net-firewall/nftables/Manifest | 2 ++ |
13 |
.../{nftables-9999.ebuild => nftables-1.0.7.ebuild} | 18 ++++++++++++++++-- |
14 |
net-firewall/nftables/nftables-9999.ebuild | 18 ++++++++++++++++-- |
15 |
3 files changed, 34 insertions(+), 4 deletions(-) |
16 |
|
17 |
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest |
18 |
index 3537caf064d6..2d752595dfcf 100644 |
19 |
--- a/net-firewall/nftables/Manifest |
20 |
+++ b/net-firewall/nftables/Manifest |
21 |
@@ -2,3 +2,5 @@ DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b |
22 |
DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511 |
23 |
DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472bf0349a59d0e377f1d44efc870df3449d6f2dc9a198f2e396e5d73b19532dac498e832083ca8cf65cc78db9ccd4 SHA512 afe08381acd27d39cc94743190b07c579f8c49c4182c9b8753d5b3a0b7d1fe89ed664fdbc19cef1547c3ca4a0c1e32ca4303dba9ec626272fa08c77e88c11119 |
24 |
DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93 |
25 |
+DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116 |
26 |
+DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768 |
27 |
|
28 |
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-1.0.7.ebuild |
29 |
similarity index 89% |
30 |
copy from net-firewall/nftables/nftables-9999.ebuild |
31 |
copy to net-firewall/nftables/nftables-1.0.7.ebuild |
32 |
index f60144b1a850..f9713c4a95f6 100644 |
33 |
--- a/net-firewall/nftables/nftables-9999.ebuild |
34 |
+++ b/net-firewall/nftables/nftables-1.0.7.ebuild |
35 |
@@ -26,7 +26,8 @@ else |
36 |
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )" |
37 |
fi |
38 |
|
39 |
-LICENSE="GPL-2" |
40 |
+# See COPYING: new code is GPL-2+, existing code is GPL-2 |
41 |
+LICENSE="GPL-2 GPL-2+" |
42 |
SLOT="0/1" |
43 |
IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables" |
44 |
RESTRICT="!test? ( test )" |
45 |
@@ -167,10 +168,23 @@ src_install() { |
46 |
} |
47 |
|
48 |
pkg_preinst() { |
49 |
+ local stderr |
50 |
+ |
51 |
# There's a history of regressions with nftables upgrades. Add a safety |
52 |
# check to help us spot them earlier. |
53 |
if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then |
54 |
- if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then |
55 |
+ # Check the current loaded ruleset, if any, using the newly |
56 |
+ # built instance of nft(8). |
57 |
+ if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then |
58 |
+ # Report errors induced by trying to list the ruleset |
59 |
+ # but don't treat them as being fatal. |
60 |
+ printf '%s\n' "${stderr}" >&2 |
61 |
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then |
62 |
+ # Rulesets generated by iptables-nft are special in |
63 |
+ # nature and will not always be printed in a way that |
64 |
+ # constitutes a valid syntax for ntf(8). Ignore them. |
65 |
+ return |
66 |
+ elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then |
67 |
eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" |
68 |
eerror "nft. This probably means that there is a regression introduced by v${PV}." |
69 |
eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" |
70 |
|
71 |
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild |
72 |
index f60144b1a850..f9713c4a95f6 100644 |
73 |
--- a/net-firewall/nftables/nftables-9999.ebuild |
74 |
+++ b/net-firewall/nftables/nftables-9999.ebuild |
75 |
@@ -26,7 +26,8 @@ else |
76 |
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )" |
77 |
fi |
78 |
|
79 |
-LICENSE="GPL-2" |
80 |
+# See COPYING: new code is GPL-2+, existing code is GPL-2 |
81 |
+LICENSE="GPL-2 GPL-2+" |
82 |
SLOT="0/1" |
83 |
IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables" |
84 |
RESTRICT="!test? ( test )" |
85 |
@@ -167,10 +168,23 @@ src_install() { |
86 |
} |
87 |
|
88 |
pkg_preinst() { |
89 |
+ local stderr |
90 |
+ |
91 |
# There's a history of regressions with nftables upgrades. Add a safety |
92 |
# check to help us spot them earlier. |
93 |
if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then |
94 |
- if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then |
95 |
+ # Check the current loaded ruleset, if any, using the newly |
96 |
+ # built instance of nft(8). |
97 |
+ if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then |
98 |
+ # Report errors induced by trying to list the ruleset |
99 |
+ # but don't treat them as being fatal. |
100 |
+ printf '%s\n' "${stderr}" >&2 |
101 |
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then |
102 |
+ # Rulesets generated by iptables-nft are special in |
103 |
+ # nature and will not always be printed in a way that |
104 |
+ # constitutes a valid syntax for ntf(8). Ignore them. |
105 |
+ return |
106 |
+ elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then |
107 |
eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" |
108 |
eerror "nft. This probably means that there is a regression introduced by v${PV}." |
109 |
eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" |