[gentoo-commits] gentoo-x86 commit in net-firewall/iptables: ChangeLog iptables-1.4.0.ebuild - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-firewall/iptables: ChangeLog iptables-1.4.0.ebuild
Date:	Mon, 24 Dec 2007 11:25:51
Message-Id:	`E1J6lRK-0004KS-M4@stork.gentoo.org`

1

vapier      07/12/24 11:25:46

2

3

  Modified:             ChangeLog

4

  Added:                iptables-1.4.0.ebuild

5

  Log:

6

  Version bump #203161 by Nebojsa Trpkovic.

7

  (Portage version: 2.1.4_rc11)

8

9

Revision  Changes    Path

10

1.154                net-firewall/iptables/ChangeLog

11

12

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.154&view=markup

13

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.154&content-type=text/plain

14

diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?r1=1.153&r2=1.154

15

16

Index: ChangeLog

17

===================================================================

18

RCS file: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v

19

retrieving revision 1.153

20

retrieving revision 1.154

21

diff -u -r1.153 -r1.154

22

--- ChangeLog	24 Dec 2007 09:43:38 -0000	1.153

23

+++ ChangeLog	24 Dec 2007 11:25:46 -0000	1.154

24

@@ -1,6 +1,11 @@

25

 # ChangeLog for net-firewall/iptables

26

 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2

27

-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.153 2007/12/24 09:43:38 pva Exp $

28

+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.154 2007/12/24 11:25:46 vapier Exp $

29

+

30

+*iptables-1.4.0 (24 Dec 2007)

31

+

32

+  24 Dec 2007; Mike Frysinger <vapier@g.o> +iptables-1.4.0.ebuild:

33

+  Version bump #203161 by Nebojsa Trpkovic.

34

35

 *iptables-1.3.8-r3 (24 Dec 2007)

1.1                  net-firewall/iptables/iptables-1.4.0.ebuild

41

42

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild?rev=1.1&view=markup

43

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild?rev=1.1&content-type=text/plain

44

45

Index: iptables-1.4.0.ebuild

46

===================================================================

47

# Copyright 1999-2007 Gentoo Foundation

48

# Distributed under the terms of the GNU General Public License v2

49

# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild,v 1.1 2007/12/24 11:25:46 vapier Exp $

50

51

inherit eutils toolchain-funcs linux-info

52

53

L7_PV=2.17

54

L7_P=netfilter-layer7-v${L7_PV}

55

IMQ_PATCH=iptables-1.3.6-imq.diff

56

57

DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"

58

HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"

59

SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2

60

	imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )

61

	l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"

62

63

LICENSE="GPL-2"

64

SLOT="0"

65

KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"

66

IUSE="extensions imq ipv6 l7filter static"

67

68

DEPEND="virtual/os-headers

69

	l7filter? ( virtual/linux-sources )

70

	imq? ( virtual/linux-sources )"

71

RDEPEND=""

72

73

pkg_setup() {

74

	if use l7filter || use imq || use extensions ; then

75

		ewarn "WARNING: 3rd party extensions has been enabled."

76

		ewarn "This means that iptables will use your currently installed"

77

		ewarn "kernel in ${KERNEL_DIR} as headers for iptables."

78

		ewarn

79

		if use extensions ; then

80

			ewarn "You may have to patch your kernel to allow iptables to build."

81

			ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"

82

			ewarn "for your kernel."

83

			ewarn

84

fi

85

		linux-info_pkg_setup

86

fi

87

88

	if kernel_is ge 2 6 20

89

	then

90

		L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c

91

	else

92

		L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c

93

fi

94

	if use l7filter && \

95

		[ ! -f "${L7FILE}" ]; then

96

		die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"

97

fi

98

	if use imq && \

99

		[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then

100

		die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"

101

fi

102

}

103

104

src_unpack() {

105

	unpack ${P}.tar.bz2

106

	if use l7filter

107

	then

108

		unpack ${L7_P}.tar.gz

109

fi

110

	cd "${S}"

111

112

	# this provide's grsec's stealth match

113

	EPATCH_OPTS="-p0" \

114

	epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1

115

	sed -i \

116

		-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \

117

		extensions/Makefile || die "failed to enable stealth extension"

118

119

	local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches

120

	for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do

121

		EPATCH_SOURCE=${base}/${CTARGET}/${check}

122

		[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check}

123

		[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check}

124

		if [[ -d ${EPATCH_SOURCE} ]] ; then

125

			EPATCH_SUFFIX="patch"

126

			EPATCH_FORCE="yes" \

127

			EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \

128

			epatch

129

			break

130

fi

131

	done

132

133

	if use imq ; then

134

		EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}

135

		for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do

136

			mv ${OA} ${OA}.orig

137

			tr '\015' '\012'  < ${OA}.orig > ${OA}

138

			rm ${OA}.orig

139

		done

140

		chmod +x extensions/.IMQ-test*

141

fi

142

	if use l7filter ; then

143

		#yes choosing 2.6.20 was deliberate - upstream mistake possibly

144

		if kernel_is ge 2 6 20

145

		then

146

			L7_PATCH=iptables-1.3-for-kernel-2.6.20forward-layer7-${L7_PV}.patch

147

		else

148

			L7_PATCH=iptables-1.3-for-kernel-pre2.6.20-layer7-${L7_PV}.patch

149

fi

150

		EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}

151

		chmod +x extensions/.layer7-test*

152

fi

153

154

	if ! use extensions ; then

155

		cat <<-EOF > "${S}"/include/linux/compiler.h

156

		#define __user

157

EOF

158

fi

159

}

160

161

src_defs() {

162

	# these are used in both of src_compile and src_install

163

	myconf=""

164

	myconf="${myconf} PREFIX="

165

	myconf="${myconf} LIBDIR=/$(get_libdir)"

166

	myconf="${myconf} BINDIR=/sbin"

167

	myconf="${myconf} MANDIR=/usr/share/man"

168

	myconf="${myconf} INCDIR=/usr/include"

169

	# iptables and libraries are now installed to /sbin and /lib, so that

170

	# systems with remote network-mounted /usr filesystems can get their

171

	# network interfaces up and running correctly without /usr.

172

	use ipv6 || myconf="${myconf} DO_IPV6=0"

173

	use static && myconf="${myconf} NO_SHARED_LIBS=0"

174

	export myconf

175

	if ! use l7filter && ! use imq && ! use extensions ; then

176

		export KERNEL_DIR=$(

177

			# ugh -- iptables has scripts which check for the existence of

178

			# files so we need to give it the right path to our toolchains

179

			# include dir where the linux headers are.

180

			# FYI IPTABLES: YOU FAIL

181

			echo '#include <linux/limits.h>' | $(tc-getCPP) - | grep -o '/[^"]*linux/limits.h' | sed s:/include/linux/limits.h::

182

)

183

		export KBUILD_OUTPUT=${KERNEL_DIR}

184

		diemsg="failure"

185

	else

186

		diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added"

187

fi

188

	export diemsg

189

}

190

191

src_compile() {

192

	src_defs

193

	emake \

194

		COPT_FLAGS="${CFLAGS}" ${myconf} \

195

		CC="$(tc-getCC)" \

196

		|| die "${diemsg}"

197

}

198

199

src_install() {

200

	src_defs

201

	emake ${myconf} \

202

		DESTDIR="${D}" \

203

		KERNEL_DIR="${KERNEL_DIR}" \

204

		install install-devel || die "${diemsg}"

205

206

	dodir /usr/$(get_libdir)

207

	mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)

208

209

	keepdir /var/lib/iptables

210

	newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables

211

	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables

212

213

	if use ipv6 ; then

214

		keepdir /var/lib/ip6tables

215

		newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables

216

		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables

217

fi

218

}

219

220

pkg_postinst() {

221

	elog "This package now includes an initscript which loads and saves"

222

	elog "rules stored in /var/lib/iptables/rules-save"

223

	use ipv6 && elog "and /var/lib/ip6tables/rules-save"

224

	elog "This location can be changed in /etc/conf.d/iptables"

225

	elog

226

	elog "If you are using the iptables initsscript you should save your"

227

	elog "rules using the new iptables version before rebooting."

228

	elog

229

	elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"

230

	elog "iptables."

231

	elog

232

	ewarn "!!! ipforwarding is not a part of the iptables initscripts."

233

	ewarn

234

	ewarn "To enable ipforwarding at bootup:"

235

	ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"

236

	if use ipv6 ; then

237

		ewarn "and/or"

238

		ewarn "  net.ipv6.ip_forward = 1"

239

		ewarn "for ipv6."

240

fi

241

	if has_version '=net-firewall/iptables-1.2*' ; then

242

		ewarn

243

		ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"

244

		ewarn "rules added with iptables-1.2.x.  This is a known issue, please see:"

245

		ewarn "http://bugs.gentoo.org/92535"

246

fi

247

}

--

252

gentoo-commits@g.o mailing list

1	vapier 07/12/24 11:25:46
2
3	Modified: ChangeLog
4	Added: iptables-1.4.0.ebuild
5	Log:
6	Version bump #203161 by Nebojsa Trpkovic.
7	(Portage version: 2.1.4_rc11)
8
9	Revision Changes Path
10	1.154 net-firewall/iptables/ChangeLog
11
12	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.154&view=markup
13	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.154&content-type=text/plain
14	diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?r1=1.153&r2=1.154
15
16	Index: ChangeLog
17	===================================================================
18	RCS file: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v
19	retrieving revision 1.153
20	retrieving revision 1.154
21	diff -u -r1.153 -r1.154
22	--- ChangeLog 24 Dec 2007 09:43:38 -0000 1.153
23	+++ ChangeLog 24 Dec 2007 11:25:46 -0000 1.154
24	@@ -1,6 +1,11 @@
25	# ChangeLog for net-firewall/iptables
26	# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
27	-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.153 2007/12/24 09:43:38 pva Exp $
28	+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.154 2007/12/24 11:25:46 vapier Exp $
29	+
30	+*iptables-1.4.0 (24 Dec 2007)
31	+
32	+ 24 Dec 2007; Mike Frysinger <vapier@g.o> +iptables-1.4.0.ebuild:
33	+ Version bump #203161 by Nebojsa Trpkovic.
34
35	*iptables-1.3.8-r3 (24 Dec 2007)
36
37
38
39
40	1.1 net-firewall/iptables/iptables-1.4.0.ebuild
41
42	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild?rev=1.1&view=markup
43	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild?rev=1.1&content-type=text/plain
44
45	Index: iptables-1.4.0.ebuild
46	===================================================================
47	# Copyright 1999-2007 Gentoo Foundation
48	# Distributed under the terms of the GNU General Public License v2
49	# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild,v 1.1 2007/12/24 11:25:46 vapier Exp $
50
51	inherit eutils toolchain-funcs linux-info
52
53	L7_PV=2.17
54	L7_P=netfilter-layer7-v${L7_PV}
55	IMQ_PATCH=iptables-1.3.6-imq.diff
56
57	DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
58	HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
59	SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
60	imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
61	l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
62
63	LICENSE="GPL-2"
64	SLOT="0"
65	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
66	IUSE="extensions imq ipv6 l7filter static"
67
68	DEPEND="virtual/os-headers
69	l7filter? ( virtual/linux-sources )
70	imq? ( virtual/linux-sources )"
71	RDEPEND=""
72
73	pkg_setup() {
74	if use l7filter \|\| use imq \|\| use extensions ; then
75	ewarn "WARNING: 3rd party extensions has been enabled."
76	ewarn "This means that iptables will use your currently installed"
77	ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
78	ewarn
79	if use extensions ; then
80	ewarn "You may have to patch your kernel to allow iptables to build."
81	ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
82	ewarn "for your kernel."
83	ewarn
84	fi
85	linux-info_pkg_setup
86	fi
87
88	if kernel_is ge 2 6 20
89	then
90	L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c
91	else
92	L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c
93	fi
94	if use l7filter && \
95	[ ! -f "${L7FILE}" ]; then
96	die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
97	fi
98	if use imq && \
99	[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
100	die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
101	fi
102	}
103
104	src_unpack() {
105	unpack ${P}.tar.bz2
106	if use l7filter
107	then
108	unpack ${L7_P}.tar.gz
109	fi
110	cd "${S}"
111
112	# this provide's grsec's stealth match
113	EPATCH_OPTS="-p0" \
114	epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
115	sed -i \
116	-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
117	extensions/Makefile \|\| die "failed to enable stealth extension"
118
119	local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches
120	for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do
121	EPATCH_SOURCE=${base}/${CTARGET}/${check}
122	[[ -r ${EPATCH_SOURCE} ]] \|\| EPATCH_SOURCE=${base}/${CHOST}/${check}
123	[[ -r ${EPATCH_SOURCE} ]] \|\| EPATCH_SOURCE=${base}/${check}
124	if [[ -d ${EPATCH_SOURCE} ]] ; then
125	EPATCH_SUFFIX="patch"
126	EPATCH_FORCE="yes" \
127	EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \
128	epatch
129	break
130	fi
131	done
132
133	if use imq ; then
134	EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
135	for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do
136	mv ${OA} ${OA}.orig
137	tr '\015' '\012' < ${OA}.orig > ${OA}
138	rm ${OA}.orig
139	done
140	chmod +x extensions/.IMQ-test*
141	fi
142	if use l7filter ; then
143	#yes choosing 2.6.20 was deliberate - upstream mistake possibly
144	if kernel_is ge 2 6 20
145	then
146	L7_PATCH=iptables-1.3-for-kernel-2.6.20forward-layer7-${L7_PV}.patch
147	else
148	L7_PATCH=iptables-1.3-for-kernel-pre2.6.20-layer7-${L7_PV}.patch
149	fi
150	EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
151	chmod +x extensions/.layer7-test*
152	fi
153
154	if ! use extensions ; then
155	cat <<-EOF > "${S}"/include/linux/compiler.h
156	#define __user
157	EOF
158	fi
159	}
160
161	src_defs() {
162	# these are used in both of src_compile and src_install
163	myconf=""
164	myconf="${myconf} PREFIX="
165	myconf="${myconf} LIBDIR=/$(get_libdir)"
166	myconf="${myconf} BINDIR=/sbin"
167	myconf="${myconf} MANDIR=/usr/share/man"
168	myconf="${myconf} INCDIR=/usr/include"
169	# iptables and libraries are now installed to /sbin and /lib, so that
170	# systems with remote network-mounted /usr filesystems can get their
171	# network interfaces up and running correctly without /usr.
172	use ipv6 \|\| myconf="${myconf} DO_IPV6=0"
173	use static && myconf="${myconf} NO_SHARED_LIBS=0"
174	export myconf
175	if ! use l7filter && ! use imq && ! use extensions ; then
176	export KERNEL_DIR=$(
177	# ugh -- iptables has scripts which check for the existence of
178	# files so we need to give it the right path to our toolchains
179	# include dir where the linux headers are.
180	# FYI IPTABLES: YOU FAIL
181	echo '#include <linux/limits.h>' \| $(tc-getCPP) - \| grep -o '/[^"]*linux/limits.h' \| sed s:/include/linux/limits.h::
182	)
183	export KBUILD_OUTPUT=${KERNEL_DIR}
184	diemsg="failure"
185	else
186	diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added"
187	fi
188	export diemsg
189	}
190
191	src_compile() {
192	src_defs
193	emake \
194	COPT_FLAGS="${CFLAGS}" ${myconf} \
195	CC="$(tc-getCC)" \
196	\|\| die "${diemsg}"
197	}
198
199	src_install() {
200	src_defs
201	emake ${myconf} \
202	DESTDIR="${D}" \
203	KERNEL_DIR="${KERNEL_DIR}" \
204	install install-devel \|\| die "${diemsg}"
205
206	dodir /usr/$(get_libdir)
207	mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
208
209	keepdir /var/lib/iptables
210	newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
211	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
212
213	if use ipv6 ; then
214	keepdir /var/lib/ip6tables
215	newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
216	newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
217	fi
218	}
219
220	pkg_postinst() {
221	elog "This package now includes an initscript which loads and saves"
222	elog "rules stored in /var/lib/iptables/rules-save"
223	use ipv6 && elog "and /var/lib/ip6tables/rules-save"
224	elog "This location can be changed in /etc/conf.d/iptables"
225	elog
226	elog "If you are using the iptables initsscript you should save your"
227	elog "rules using the new iptables version before rebooting."
228	elog
229	elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
230	elog "iptables."
231	elog
232	ewarn "!!! ipforwarding is not a part of the iptables initscripts."
233	ewarn
234	ewarn "To enable ipforwarding at bootup:"
235	ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
236	if use ipv6 ; then
237	ewarn "and/or"
238	ewarn " net.ipv6.ip_forward = 1"
239	ewarn "for ipv6."
240	fi
241	if has_version '=net-firewall/iptables-1.2*' ; then
242	ewarn
243	ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
244	ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
245	ewarn "http://bugs.gentoo.org/92535"
246	fi
247	}
248
249
250
251	--
252	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits