Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Patrick McLean <chutzpah@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
Date: Thu, 24 Feb 2022 17:21:34
Message-Id: 1645723251.63428e7ae12c38a6c101386f7cf0499cfb087f04.chutzpah@gentoo
1 commit: 63428e7ae12c38a6c101386f7cf0499cfb087f04
2 Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
3 AuthorDate: Thu Feb 24 17:20:32 2022 +0000
4 Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
5 CommitDate: Thu Feb 24 17:20:51 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63428e7a
7
8 net-firewall/nftables: Version bump to 1.0.2
9
10 Had to drop the slibtool patch as it causes build to fail with GNU
11 libtool.
12
13 Copyright: Sony Interactive Entertainment Inc.
14 Package-Manager: Portage-3.0.30, Repoman-3.0.3
15 Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
16
17 net-firewall/nftables/Manifest | 1 +
18 .../files/nftables-1.0.2-compilation.patch | 34 ++++
19 net-firewall/nftables/nftables-1.0.2.ebuild | 186 +++++++++++++++++++++
20 3 files changed, 221 insertions(+)
21
22 diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
23 index 9ba8523f3bc9..164083bf9526 100644
24 --- a/net-firewall/nftables/Manifest
25 +++ b/net-firewall/nftables/Manifest
26 @@ -2,3 +2,4 @@ DIST nftables-0.9.8.tar.bz2 879516 BLAKE2B 5063090d648668f4d5ae6d4be48ebecc65dfd
27 DIST nftables-0.9.9.tar.bz2 922624 BLAKE2B 8de2709576a26ca84a8d694f7cb06cad2bb2fb4671ba21ffc32c0d5997e8124ae7cd794dafddf4db48d8a49c280b48b07d2a31b6c18f6647fdb67cfe7f065b61 SHA512 dfdd3ffc0ffc1742ca0494a3f8fac1c7b2fe942849e60d33fc3cb8a51e27bd39e1ccfeda2195191377a32bb5363ea244f4c3e71b4a6d930f33bf87e17a534fab
28 DIST nftables-1.0.0.tar.bz2 921053 BLAKE2B ee86a323170433c3ba62f80118947864aac0fe0aaeb48afeb5a116a48782185c83313ef1b5735c7749eb5eccb88f252b444d1ee908be25bdaa4d9c0b833c1dc2 SHA512 33460bef4ee76b7caa44fa5515357127ae84be468448cc838dd31919b6e045ba6195b761118d4c8a4219a9f008c4416542ce784f4daad94f3b44c0626bcdd014
29 DIST nftables-1.0.1.tar.bz2 954586 BLAKE2B e406699c96b98495f1b6deeab0233873ce20b43c13c162eafea1e6b371961123a69f3d5e7bd2f1bedfdbe58fed56ba3e2dae962b88657af6f4ab5b3743fb6373 SHA512 a0db4d82725509d2a9c638ba7ba55547ad7b5138a5fe686b0e90260d6a65e060dd72a470969c1d69e945303bd2bfc33b2021d9f4141b88befefddc61b7afe10d
30 +DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932dd172b3569618696100bf3853b9a108bf0296dcf9d615ae7c0fbec84b48266299b62cf755d181d19c626f8a3cd4 SHA512 560d23c6e369eafd7b354d29fe73d46154e4a74dec000178c1aea47751fe535d20c4e6bbecd3955eb2b327c7a60b1269e5c6dc5781498546b639fa2d1367a9ca
31
32 diff --git a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
33 new file mode 100644
34 index 000000000000..166063587485
35 --- /dev/null
36 +++ b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
37 @@ -0,0 +1,34 @@
38 +From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001
39 +From: Pablo Neira Ayuso <pablo@×××××××××.org>
40 +Date: Tue, 22 Feb 2022 00:56:36 +0100
41 +Subject: examples: compile with `make check' and add AM_CPPFLAGS
42 +
43 +Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to
44 +specify local headers via -I.
45 +
46 +Unfortunately, `make distcheck' did not catch this compile time error in
47 +my system, since it was using the nftables/libnftables.h file of the
48 +previous nftables release.
49 +
50 +Fixes: 5b364657a35f ("build: missing SUBIRS update")
51 +Fixes: caf2a6ad2d22 ("examples: add libnftables example program")
52 +Signed-off-by: Pablo Neira Ayuso <pablo@×××××××××.org>
53 +---
54 + examples/Makefile.am | 4 +++-
55 + 1 file changed, 3 insertions(+), 1 deletion(-)
56 +
57 +diff --git a/examples/Makefile.am b/examples/Makefile.am
58 +index c972170d..3b8b0b67 100644
59 +--- a/examples/Makefile.am
60 ++++ b/examples/Makefile.am
61 +@@ -1,4 +1,6 @@
62 +-noinst_PROGRAMS = nft-buffer \
63 ++check_PROGRAMS = nft-buffer \
64 + nft-json-file
65 +
66 ++AM_CPPFLAGS = -I$(top_srcdir)/include
67 ++
68 + LDADD = $(top_builddir)/src/libnftables.la
69 +--
70 +cgit v1.2.3
71 +
72
73 diff --git a/net-firewall/nftables/nftables-1.0.2.ebuild b/net-firewall/nftables/nftables-1.0.2.ebuild
74 new file mode 100644
75 index 000000000000..0bbf94f10942
76 --- /dev/null
77 +++ b/net-firewall/nftables/nftables-1.0.2.ebuild
78 @@ -0,0 +1,186 @@
79 +# Copyright 1999-2022 Gentoo Authors
80 +# Distributed under the terms of the GNU General Public License v2
81 +
82 +EAPI=7
83 +
84 +PYTHON_COMPAT=( python3_{8..10} )
85 +DISTUTILS_OPTIONAL=1
86 +inherit autotools linux-info distutils-r1 systemd
87 +
88 +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
89 +HOMEPAGE="https://netfilter.org/projects/nftables/"
90 +
91 +if [[ ${PV} =~ ^[9]{4,}$ ]]; then
92 + inherit git-r3
93 + EGIT_REPO_URI="https://git.netfilter.org/${PN}"
94 +
95 + BDEPEND="
96 + sys-devel/bison
97 + sys-devel/flex
98 + "
99 +else
100 + SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
101 + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
102 +fi
103 +
104 +LICENSE="GPL-2"
105 +SLOT="0/1"
106 +IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
107 +
108 +RDEPEND="
109 + >=net-libs/libmnl-1.0.4:0=
110 + >=net-libs/libnftnl-1.2.1:0=
111 + gmp? ( dev-libs/gmp:= )
112 + json? ( dev-libs/jansson:= )
113 + python? ( ${PYTHON_DEPS} )
114 + readline? ( sys-libs/readline:= )
115 + xtables? ( >=net-firewall/iptables-1.6.1:= )
116 +"
117 +
118 +DEPEND="${RDEPEND}"
119 +
120 +BDEPEND+="
121 + doc? (
122 + app-text/asciidoc
123 + >=app-text/docbook2X-0.8.8-r4
124 + )
125 + virtual/pkgconfig
126 +"
127 +
128 +REQUIRED_USE="
129 + python? ( ${PYTHON_REQUIRED_USE} )
130 + libedit? ( !readline )
131 +"
132 +
133 +PATCHES=(
134 + "${FILESDIR}/nftables-1.0.2-compilation.patch"
135 +)
136 +
137 +pkg_setup() {
138 + if kernel_is ge 3 13; then
139 + if use modern-kernel && kernel_is lt 3 18; then
140 + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
141 + fi
142 + CONFIG_CHECK="~NF_TABLES"
143 + linux-info_pkg_setup
144 + else
145 + eerror "This package requires kernel version 3.13 or newer to work properly."
146 + fi
147 +}
148 +
149 +src_prepare() {
150 + default
151 +
152 + # fix installation path for doc stuff
153 + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
154 + -i files/nftables/Makefile.am || die
155 + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
156 + -i files/osf/Makefile.am || die
157 +
158 + eautoreconf
159 +
160 + if use python; then
161 + pushd py >/dev/null || die
162 + distutils-r1_src_prepare
163 + popd >/dev/null || die
164 + fi
165 +}
166 +
167 +src_configure() {
168 + local myeconfargs=(
169 + # We handle python separately
170 + --disable-python
171 + --disable-static
172 + --sbindir="${EPREFIX}"/sbin
173 + $(use_enable debug)
174 + $(use_enable doc man-doc)
175 + $(use_with !gmp mini_gmp)
176 + $(use_with json)
177 + $(use_with libedit cli editline)
178 + $(use_with readline cli readline)
179 + $(use_enable static-libs static)
180 + $(use_with xtables)
181 + )
182 + econf "${myeconfargs[@]}"
183 +
184 + if use python; then
185 + pushd py >/dev/null || die
186 + distutils-r1_src_configure
187 + popd >/dev/null || die
188 + fi
189 +}
190 +
191 +src_compile() {
192 + default
193 +
194 + if use python; then
195 + pushd py >/dev/null || die
196 + distutils-r1_src_compile
197 + popd >/dev/null || die
198 + fi
199 +}
200 +
201 +src_install() {
202 + default
203 +
204 + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
205 + pushd doc >/dev/null || die
206 + doman *.?
207 + popd >/dev/null || die
208 + fi
209 +
210 + local mksuffix="$(usex modern-kernel '-mk' '')"
211 +
212 + exeinto /usr/libexec/${PN}
213 + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
214 + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
215 + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
216 + keepdir /var/lib/nftables
217 +
218 + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
219 +
220 + if use python ; then
221 + pushd py >/dev/null || die
222 + distutils-r1_src_install
223 + popd >/dev/null || die
224 + fi
225 +
226 + find "${ED}" -type f -name "*.la" -delete || die
227 +}
228 +
229 +pkg_postinst() {
230 + local save_file
231 + save_file="${EROOT}/var/lib/nftables/rules-save"
232 +
233 + # In order for the nftables-restore systemd service to start
234 + # the save_file must exist.
235 + if [[ ! -f "${save_file}" ]]; then
236 + ( umask 177; touch "${save_file}" )
237 + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
238 + ewarn "Your system has dangerous permissions for ${save_file}"
239 + ewarn "It is probably affected by bug #691326."
240 + ewarn "You may need to fix the permissions of the file. To do so,"
241 + ewarn "you can run the command in the line below as root."
242 + ewarn " 'chmod 600 \"${save_file}\"'"
243 + fi
244 +
245 + if has_version 'sys-apps/systemd'; then
246 + elog "If you wish to enable the firewall rules on boot (on systemd) you"
247 + elog "will need to enable the nftables-restore service."
248 + elog " 'systemctl enable ${PN}-restore.service'"
249 + elog
250 + elog "If you are creating firewall rules before the next system restart"
251 + elog "the nftables-restore service must be manually started in order to"
252 + elog "save those rules on shutdown."
253 + fi
254 + if has_version 'sys-apps/openrc'; then
255 + elog "If you wish to enable the firewall rules on boot (on openrc) you"
256 + elog "will need to enable the nftables service."
257 + elog " 'rc-update add ${PN} default'"
258 + elog
259 + elog "If you are creating or updating the firewall rules and wish to save"
260 + elog "them to be loaded on the next restart, use the \"save\" functionality"
261 + elog "in the init script."
262 + elog " 'rc-service ${PN} save'"
263 + fi
264 +}
Report Message
Find on MARC Find on Google Groups