| 1 |
commit: 9a223c82dd8cfd2b72e0e7135b2a773df79b9c78 |
| 2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Mar 15 02:41:30 2023 +0000 |
| 4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Mar 15 02:41:45 2023 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a223c82 |
| 7 |
|
| 8 |
net-firewall/nftables: add 1.0.7 |
| 9 |
|
| 10 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
| 11 |
|
| 12 |
net-firewall/nftables/Manifest | 2 ++ |
| 13 |
.../{nftables-9999.ebuild => nftables-1.0.7.ebuild} | 18 ++++++++++++++++-- |
| 14 |
net-firewall/nftables/nftables-9999.ebuild | 18 ++++++++++++++++-- |
| 15 |
3 files changed, 34 insertions(+), 4 deletions(-) |
| 16 |
|
| 17 |
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest |
| 18 |
index 3537caf064d6..2d752595dfcf 100644 |
| 19 |
--- a/net-firewall/nftables/Manifest |
| 20 |
+++ b/net-firewall/nftables/Manifest |
| 21 |
@@ -2,3 +2,5 @@ DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b |
| 22 |
DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511 |
| 23 |
DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472bf0349a59d0e377f1d44efc870df3449d6f2dc9a198f2e396e5d73b19532dac498e832083ca8cf65cc78db9ccd4 SHA512 afe08381acd27d39cc94743190b07c579f8c49c4182c9b8753d5b3a0b7d1fe89ed664fdbc19cef1547c3ca4a0c1e32ca4303dba9ec626272fa08c77e88c11119 |
| 24 |
DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93 |
| 25 |
+DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116 |
| 26 |
+DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768 |
| 27 |
|
| 28 |
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-1.0.7.ebuild |
| 29 |
similarity index 89% |
| 30 |
copy from net-firewall/nftables/nftables-9999.ebuild |
| 31 |
copy to net-firewall/nftables/nftables-1.0.7.ebuild |
| 32 |
index f60144b1a850..f9713c4a95f6 100644 |
| 33 |
--- a/net-firewall/nftables/nftables-9999.ebuild |
| 34 |
+++ b/net-firewall/nftables/nftables-1.0.7.ebuild |
| 35 |
@@ -26,7 +26,8 @@ else |
| 36 |
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )" |
| 37 |
fi |
| 38 |
|
| 39 |
-LICENSE="GPL-2" |
| 40 |
+# See COPYING: new code is GPL-2+, existing code is GPL-2 |
| 41 |
+LICENSE="GPL-2 GPL-2+" |
| 42 |
SLOT="0/1" |
| 43 |
IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables" |
| 44 |
RESTRICT="!test? ( test )" |
| 45 |
@@ -167,10 +168,23 @@ src_install() { |
| 46 |
} |
| 47 |
|
| 48 |
pkg_preinst() { |
| 49 |
+ local stderr |
| 50 |
+ |
| 51 |
# There's a history of regressions with nftables upgrades. Add a safety |
| 52 |
# check to help us spot them earlier. |
| 53 |
if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then |
| 54 |
- if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then |
| 55 |
+ # Check the current loaded ruleset, if any, using the newly |
| 56 |
+ # built instance of nft(8). |
| 57 |
+ if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then |
| 58 |
+ # Report errors induced by trying to list the ruleset |
| 59 |
+ # but don't treat them as being fatal. |
| 60 |
+ printf '%s\n' "${stderr}" >&2 |
| 61 |
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then |
| 62 |
+ # Rulesets generated by iptables-nft are special in |
| 63 |
+ # nature and will not always be printed in a way that |
| 64 |
+ # constitutes a valid syntax for ntf(8). Ignore them. |
| 65 |
+ return |
| 66 |
+ elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then |
| 67 |
eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" |
| 68 |
eerror "nft. This probably means that there is a regression introduced by v${PV}." |
| 69 |
eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" |
| 70 |
|
| 71 |
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild |
| 72 |
index f60144b1a850..f9713c4a95f6 100644 |
| 73 |
--- a/net-firewall/nftables/nftables-9999.ebuild |
| 74 |
+++ b/net-firewall/nftables/nftables-9999.ebuild |
| 75 |
@@ -26,7 +26,8 @@ else |
| 76 |
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )" |
| 77 |
fi |
| 78 |
|
| 79 |
-LICENSE="GPL-2" |
| 80 |
+# See COPYING: new code is GPL-2+, existing code is GPL-2 |
| 81 |
+LICENSE="GPL-2 GPL-2+" |
| 82 |
SLOT="0/1" |
| 83 |
IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables" |
| 84 |
RESTRICT="!test? ( test )" |
| 85 |
@@ -167,10 +168,23 @@ src_install() { |
| 86 |
} |
| 87 |
|
| 88 |
pkg_preinst() { |
| 89 |
+ local stderr |
| 90 |
+ |
| 91 |
# There's a history of regressions with nftables upgrades. Add a safety |
| 92 |
# check to help us spot them earlier. |
| 93 |
if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then |
| 94 |
- if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then |
| 95 |
+ # Check the current loaded ruleset, if any, using the newly |
| 96 |
+ # built instance of nft(8). |
| 97 |
+ if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then |
| 98 |
+ # Report errors induced by trying to list the ruleset |
| 99 |
+ # but don't treat them as being fatal. |
| 100 |
+ printf '%s\n' "${stderr}" >&2 |
| 101 |
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then |
| 102 |
+ # Rulesets generated by iptables-nft are special in |
| 103 |
+ # nature and will not always be printed in a way that |
| 104 |
+ # constitutes a valid syntax for ntf(8). Ignore them. |
| 105 |
+ return |
| 106 |
+ elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then |
| 107 |
eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" |
| 108 |
eerror "nft. This probably means that there is a regression introduced by v${PV}." |
| 109 |
eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" |
Archives