1 |
vapier 07/12/24 11:25:46 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: iptables-1.4.0.ebuild |
5 |
Log: |
6 |
Version bump #203161 by Nebojsa Trpkovic. |
7 |
(Portage version: 2.1.4_rc11) |
8 |
|
9 |
Revision Changes Path |
10 |
1.154 net-firewall/iptables/ChangeLog |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.154&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.154&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?r1=1.153&r2=1.154 |
15 |
|
16 |
Index: ChangeLog |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v |
19 |
retrieving revision 1.153 |
20 |
retrieving revision 1.154 |
21 |
diff -u -r1.153 -r1.154 |
22 |
--- ChangeLog 24 Dec 2007 09:43:38 -0000 1.153 |
23 |
+++ ChangeLog 24 Dec 2007 11:25:46 -0000 1.154 |
24 |
@@ -1,6 +1,11 @@ |
25 |
# ChangeLog for net-firewall/iptables |
26 |
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.153 2007/12/24 09:43:38 pva Exp $ |
28 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.154 2007/12/24 11:25:46 vapier Exp $ |
29 |
+ |
30 |
+*iptables-1.4.0 (24 Dec 2007) |
31 |
+ |
32 |
+ 24 Dec 2007; Mike Frysinger <vapier@g.o> +iptables-1.4.0.ebuild: |
33 |
+ Version bump #203161 by Nebojsa Trpkovic. |
34 |
|
35 |
*iptables-1.3.8-r3 (24 Dec 2007) |
36 |
|
37 |
|
38 |
|
39 |
|
40 |
1.1 net-firewall/iptables/iptables-1.4.0.ebuild |
41 |
|
42 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild?rev=1.1&view=markup |
43 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild?rev=1.1&content-type=text/plain |
44 |
|
45 |
Index: iptables-1.4.0.ebuild |
46 |
=================================================================== |
47 |
# Copyright 1999-2007 Gentoo Foundation |
48 |
# Distributed under the terms of the GNU General Public License v2 |
49 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild,v 1.1 2007/12/24 11:25:46 vapier Exp $ |
50 |
|
51 |
inherit eutils toolchain-funcs linux-info |
52 |
|
53 |
L7_PV=2.17 |
54 |
L7_P=netfilter-layer7-v${L7_PV} |
55 |
IMQ_PATCH=iptables-1.3.6-imq.diff |
56 |
|
57 |
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" |
58 |
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/" |
59 |
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2 |
60 |
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} ) |
61 |
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )" |
62 |
|
63 |
LICENSE="GPL-2" |
64 |
SLOT="0" |
65 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
66 |
IUSE="extensions imq ipv6 l7filter static" |
67 |
|
68 |
DEPEND="virtual/os-headers |
69 |
l7filter? ( virtual/linux-sources ) |
70 |
imq? ( virtual/linux-sources )" |
71 |
RDEPEND="" |
72 |
|
73 |
pkg_setup() { |
74 |
if use l7filter || use imq || use extensions ; then |
75 |
ewarn "WARNING: 3rd party extensions has been enabled." |
76 |
ewarn "This means that iptables will use your currently installed" |
77 |
ewarn "kernel in ${KERNEL_DIR} as headers for iptables." |
78 |
ewarn |
79 |
if use extensions ; then |
80 |
ewarn "You may have to patch your kernel to allow iptables to build." |
81 |
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches" |
82 |
ewarn "for your kernel." |
83 |
ewarn |
84 |
fi |
85 |
linux-info_pkg_setup |
86 |
fi |
87 |
|
88 |
if kernel_is ge 2 6 20 |
89 |
then |
90 |
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c |
91 |
else |
92 |
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c |
93 |
fi |
94 |
if use l7filter && \ |
95 |
[ ! -f "${L7FILE}" ]; then |
96 |
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" |
97 |
fi |
98 |
if use imq && \ |
99 |
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then |
100 |
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel" |
101 |
fi |
102 |
} |
103 |
|
104 |
src_unpack() { |
105 |
unpack ${P}.tar.bz2 |
106 |
if use l7filter |
107 |
then |
108 |
unpack ${L7_P}.tar.gz |
109 |
fi |
110 |
cd "${S}" |
111 |
|
112 |
# this provide's grsec's stealth match |
113 |
EPATCH_OPTS="-p0" \ |
114 |
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 |
115 |
sed -i \ |
116 |
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \ |
117 |
extensions/Makefile || die "failed to enable stealth extension" |
118 |
|
119 |
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches |
120 |
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do |
121 |
EPATCH_SOURCE=${base}/${CTARGET}/${check} |
122 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check} |
123 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check} |
124 |
if [[ -d ${EPATCH_SOURCE} ]] ; then |
125 |
EPATCH_SUFFIX="patch" |
126 |
EPATCH_FORCE="yes" \ |
127 |
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \ |
128 |
epatch |
129 |
break |
130 |
fi |
131 |
done |
132 |
|
133 |
if use imq ; then |
134 |
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH} |
135 |
for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do |
136 |
mv ${OA} ${OA}.orig |
137 |
tr '\015' '\012' < ${OA}.orig > ${OA} |
138 |
rm ${OA}.orig |
139 |
done |
140 |
chmod +x extensions/.IMQ-test* |
141 |
fi |
142 |
if use l7filter ; then |
143 |
#yes choosing 2.6.20 was deliberate - upstream mistake possibly |
144 |
if kernel_is ge 2 6 20 |
145 |
then |
146 |
L7_PATCH=iptables-1.3-for-kernel-2.6.20forward-layer7-${L7_PV}.patch |
147 |
else |
148 |
L7_PATCH=iptables-1.3-for-kernel-pre2.6.20-layer7-${L7_PV}.patch |
149 |
fi |
150 |
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH} |
151 |
chmod +x extensions/.layer7-test* |
152 |
fi |
153 |
|
154 |
if ! use extensions ; then |
155 |
cat <<-EOF > "${S}"/include/linux/compiler.h |
156 |
#define __user |
157 |
EOF |
158 |
fi |
159 |
} |
160 |
|
161 |
src_defs() { |
162 |
# these are used in both of src_compile and src_install |
163 |
myconf="" |
164 |
myconf="${myconf} PREFIX=" |
165 |
myconf="${myconf} LIBDIR=/$(get_libdir)" |
166 |
myconf="${myconf} BINDIR=/sbin" |
167 |
myconf="${myconf} MANDIR=/usr/share/man" |
168 |
myconf="${myconf} INCDIR=/usr/include" |
169 |
# iptables and libraries are now installed to /sbin and /lib, so that |
170 |
# systems with remote network-mounted /usr filesystems can get their |
171 |
# network interfaces up and running correctly without /usr. |
172 |
use ipv6 || myconf="${myconf} DO_IPV6=0" |
173 |
use static && myconf="${myconf} NO_SHARED_LIBS=0" |
174 |
export myconf |
175 |
if ! use l7filter && ! use imq && ! use extensions ; then |
176 |
export KERNEL_DIR=$( |
177 |
# ugh -- iptables has scripts which check for the existence of |
178 |
# files so we need to give it the right path to our toolchains |
179 |
# include dir where the linux headers are. |
180 |
# FYI IPTABLES: YOU FAIL |
181 |
echo '#include <linux/limits.h>' | $(tc-getCPP) - | grep -o '/[^"]*linux/limits.h' | sed s:/include/linux/limits.h:: |
182 |
) |
183 |
export KBUILD_OUTPUT=${KERNEL_DIR} |
184 |
diemsg="failure" |
185 |
else |
186 |
diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added" |
187 |
fi |
188 |
export diemsg |
189 |
} |
190 |
|
191 |
src_compile() { |
192 |
src_defs |
193 |
emake \ |
194 |
COPT_FLAGS="${CFLAGS}" ${myconf} \ |
195 |
CC="$(tc-getCC)" \ |
196 |
|| die "${diemsg}" |
197 |
} |
198 |
|
199 |
src_install() { |
200 |
src_defs |
201 |
emake ${myconf} \ |
202 |
DESTDIR="${D}" \ |
203 |
KERNEL_DIR="${KERNEL_DIR}" \ |
204 |
install install-devel || die "${diemsg}" |
205 |
|
206 |
dodir /usr/$(get_libdir) |
207 |
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir) |
208 |
|
209 |
keepdir /var/lib/iptables |
210 |
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables |
211 |
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables |
212 |
|
213 |
if use ipv6 ; then |
214 |
keepdir /var/lib/ip6tables |
215 |
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables |
216 |
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables |
217 |
fi |
218 |
} |
219 |
|
220 |
pkg_postinst() { |
221 |
elog "This package now includes an initscript which loads and saves" |
222 |
elog "rules stored in /var/lib/iptables/rules-save" |
223 |
use ipv6 && elog "and /var/lib/ip6tables/rules-save" |
224 |
elog "This location can be changed in /etc/conf.d/iptables" |
225 |
elog |
226 |
elog "If you are using the iptables initsscript you should save your" |
227 |
elog "rules using the new iptables version before rebooting." |
228 |
elog |
229 |
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" |
230 |
elog "iptables." |
231 |
elog |
232 |
ewarn "!!! ipforwarding is not a part of the iptables initscripts." |
233 |
ewarn |
234 |
ewarn "To enable ipforwarding at bootup:" |
235 |
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" |
236 |
if use ipv6 ; then |
237 |
ewarn "and/or" |
238 |
ewarn " net.ipv6.ip_forward = 1" |
239 |
ewarn "for ipv6." |
240 |
fi |
241 |
if has_version '=net-firewall/iptables-1.2*' ; then |
242 |
ewarn |
243 |
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove" |
244 |
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:" |
245 |
ewarn "http://bugs.gentoo.org/92535" |
246 |
fi |
247 |
} |
248 |
|
249 |
|
250 |
|
251 |
-- |
252 |
gentoo-commits@g.o mailing list |