1 |
commit: 63428e7ae12c38a6c101386f7cf0499cfb087f04 |
2 |
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com> |
3 |
AuthorDate: Thu Feb 24 17:20:32 2022 +0000 |
4 |
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Feb 24 17:20:51 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63428e7a |
7 |
|
8 |
net-firewall/nftables: Version bump to 1.0.2 |
9 |
|
10 |
Had to drop the slibtool patch as it causes build to fail with GNU |
11 |
libtool. |
12 |
|
13 |
Copyright: Sony Interactive Entertainment Inc. |
14 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
15 |
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org> |
16 |
|
17 |
net-firewall/nftables/Manifest | 1 + |
18 |
.../files/nftables-1.0.2-compilation.patch | 34 ++++ |
19 |
net-firewall/nftables/nftables-1.0.2.ebuild | 186 +++++++++++++++++++++ |
20 |
3 files changed, 221 insertions(+) |
21 |
|
22 |
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest |
23 |
index 9ba8523f3bc9..164083bf9526 100644 |
24 |
--- a/net-firewall/nftables/Manifest |
25 |
+++ b/net-firewall/nftables/Manifest |
26 |
@@ -2,3 +2,4 @@ DIST nftables-0.9.8.tar.bz2 879516 BLAKE2B 5063090d648668f4d5ae6d4be48ebecc65dfd |
27 |
DIST nftables-0.9.9.tar.bz2 922624 BLAKE2B 8de2709576a26ca84a8d694f7cb06cad2bb2fb4671ba21ffc32c0d5997e8124ae7cd794dafddf4db48d8a49c280b48b07d2a31b6c18f6647fdb67cfe7f065b61 SHA512 dfdd3ffc0ffc1742ca0494a3f8fac1c7b2fe942849e60d33fc3cb8a51e27bd39e1ccfeda2195191377a32bb5363ea244f4c3e71b4a6d930f33bf87e17a534fab |
28 |
DIST nftables-1.0.0.tar.bz2 921053 BLAKE2B ee86a323170433c3ba62f80118947864aac0fe0aaeb48afeb5a116a48782185c83313ef1b5735c7749eb5eccb88f252b444d1ee908be25bdaa4d9c0b833c1dc2 SHA512 33460bef4ee76b7caa44fa5515357127ae84be468448cc838dd31919b6e045ba6195b761118d4c8a4219a9f008c4416542ce784f4daad94f3b44c0626bcdd014 |
29 |
DIST nftables-1.0.1.tar.bz2 954586 BLAKE2B e406699c96b98495f1b6deeab0233873ce20b43c13c162eafea1e6b371961123a69f3d5e7bd2f1bedfdbe58fed56ba3e2dae962b88657af6f4ab5b3743fb6373 SHA512 a0db4d82725509d2a9c638ba7ba55547ad7b5138a5fe686b0e90260d6a65e060dd72a470969c1d69e945303bd2bfc33b2021d9f4141b88befefddc61b7afe10d |
30 |
+DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932dd172b3569618696100bf3853b9a108bf0296dcf9d615ae7c0fbec84b48266299b62cf755d181d19c626f8a3cd4 SHA512 560d23c6e369eafd7b354d29fe73d46154e4a74dec000178c1aea47751fe535d20c4e6bbecd3955eb2b327c7a60b1269e5c6dc5781498546b639fa2d1367a9ca |
31 |
|
32 |
diff --git a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch |
33 |
new file mode 100644 |
34 |
index 000000000000..166063587485 |
35 |
--- /dev/null |
36 |
+++ b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch |
37 |
@@ -0,0 +1,34 @@ |
38 |
+From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001 |
39 |
+From: Pablo Neira Ayuso <pablo@×××××××××.org> |
40 |
+Date: Tue, 22 Feb 2022 00:56:36 +0100 |
41 |
+Subject: examples: compile with `make check' and add AM_CPPFLAGS |
42 |
+ |
43 |
+Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to |
44 |
+specify local headers via -I. |
45 |
+ |
46 |
+Unfortunately, `make distcheck' did not catch this compile time error in |
47 |
+my system, since it was using the nftables/libnftables.h file of the |
48 |
+previous nftables release. |
49 |
+ |
50 |
+Fixes: 5b364657a35f ("build: missing SUBIRS update") |
51 |
+Fixes: caf2a6ad2d22 ("examples: add libnftables example program") |
52 |
+Signed-off-by: Pablo Neira Ayuso <pablo@×××××××××.org> |
53 |
+--- |
54 |
+ examples/Makefile.am | 4 +++- |
55 |
+ 1 file changed, 3 insertions(+), 1 deletion(-) |
56 |
+ |
57 |
+diff --git a/examples/Makefile.am b/examples/Makefile.am |
58 |
+index c972170d..3b8b0b67 100644 |
59 |
+--- a/examples/Makefile.am |
60 |
++++ b/examples/Makefile.am |
61 |
+@@ -1,4 +1,6 @@ |
62 |
+-noinst_PROGRAMS = nft-buffer \ |
63 |
++check_PROGRAMS = nft-buffer \ |
64 |
+ nft-json-file |
65 |
+ |
66 |
++AM_CPPFLAGS = -I$(top_srcdir)/include |
67 |
++ |
68 |
+ LDADD = $(top_builddir)/src/libnftables.la |
69 |
+-- |
70 |
+cgit v1.2.3 |
71 |
+ |
72 |
|
73 |
diff --git a/net-firewall/nftables/nftables-1.0.2.ebuild b/net-firewall/nftables/nftables-1.0.2.ebuild |
74 |
new file mode 100644 |
75 |
index 000000000000..0bbf94f10942 |
76 |
--- /dev/null |
77 |
+++ b/net-firewall/nftables/nftables-1.0.2.ebuild |
78 |
@@ -0,0 +1,186 @@ |
79 |
+# Copyright 1999-2022 Gentoo Authors |
80 |
+# Distributed under the terms of the GNU General Public License v2 |
81 |
+ |
82 |
+EAPI=7 |
83 |
+ |
84 |
+PYTHON_COMPAT=( python3_{8..10} ) |
85 |
+DISTUTILS_OPTIONAL=1 |
86 |
+inherit autotools linux-info distutils-r1 systemd |
87 |
+ |
88 |
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" |
89 |
+HOMEPAGE="https://netfilter.org/projects/nftables/" |
90 |
+ |
91 |
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then |
92 |
+ inherit git-r3 |
93 |
+ EGIT_REPO_URI="https://git.netfilter.org/${PN}" |
94 |
+ |
95 |
+ BDEPEND=" |
96 |
+ sys-devel/bison |
97 |
+ sys-devel/flex |
98 |
+ " |
99 |
+else |
100 |
+ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" |
101 |
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" |
102 |
+fi |
103 |
+ |
104 |
+LICENSE="GPL-2" |
105 |
+SLOT="0/1" |
106 |
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" |
107 |
+ |
108 |
+RDEPEND=" |
109 |
+ >=net-libs/libmnl-1.0.4:0= |
110 |
+ >=net-libs/libnftnl-1.2.1:0= |
111 |
+ gmp? ( dev-libs/gmp:= ) |
112 |
+ json? ( dev-libs/jansson:= ) |
113 |
+ python? ( ${PYTHON_DEPS} ) |
114 |
+ readline? ( sys-libs/readline:= ) |
115 |
+ xtables? ( >=net-firewall/iptables-1.6.1:= ) |
116 |
+" |
117 |
+ |
118 |
+DEPEND="${RDEPEND}" |
119 |
+ |
120 |
+BDEPEND+=" |
121 |
+ doc? ( |
122 |
+ app-text/asciidoc |
123 |
+ >=app-text/docbook2X-0.8.8-r4 |
124 |
+ ) |
125 |
+ virtual/pkgconfig |
126 |
+" |
127 |
+ |
128 |
+REQUIRED_USE=" |
129 |
+ python? ( ${PYTHON_REQUIRED_USE} ) |
130 |
+ libedit? ( !readline ) |
131 |
+" |
132 |
+ |
133 |
+PATCHES=( |
134 |
+ "${FILESDIR}/nftables-1.0.2-compilation.patch" |
135 |
+) |
136 |
+ |
137 |
+pkg_setup() { |
138 |
+ if kernel_is ge 3 13; then |
139 |
+ if use modern-kernel && kernel_is lt 3 18; then |
140 |
+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." |
141 |
+ fi |
142 |
+ CONFIG_CHECK="~NF_TABLES" |
143 |
+ linux-info_pkg_setup |
144 |
+ else |
145 |
+ eerror "This package requires kernel version 3.13 or newer to work properly." |
146 |
+ fi |
147 |
+} |
148 |
+ |
149 |
+src_prepare() { |
150 |
+ default |
151 |
+ |
152 |
+ # fix installation path for doc stuff |
153 |
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ |
154 |
+ -i files/nftables/Makefile.am || die |
155 |
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ |
156 |
+ -i files/osf/Makefile.am || die |
157 |
+ |
158 |
+ eautoreconf |
159 |
+ |
160 |
+ if use python; then |
161 |
+ pushd py >/dev/null || die |
162 |
+ distutils-r1_src_prepare |
163 |
+ popd >/dev/null || die |
164 |
+ fi |
165 |
+} |
166 |
+ |
167 |
+src_configure() { |
168 |
+ local myeconfargs=( |
169 |
+ # We handle python separately |
170 |
+ --disable-python |
171 |
+ --disable-static |
172 |
+ --sbindir="${EPREFIX}"/sbin |
173 |
+ $(use_enable debug) |
174 |
+ $(use_enable doc man-doc) |
175 |
+ $(use_with !gmp mini_gmp) |
176 |
+ $(use_with json) |
177 |
+ $(use_with libedit cli editline) |
178 |
+ $(use_with readline cli readline) |
179 |
+ $(use_enable static-libs static) |
180 |
+ $(use_with xtables) |
181 |
+ ) |
182 |
+ econf "${myeconfargs[@]}" |
183 |
+ |
184 |
+ if use python; then |
185 |
+ pushd py >/dev/null || die |
186 |
+ distutils-r1_src_configure |
187 |
+ popd >/dev/null || die |
188 |
+ fi |
189 |
+} |
190 |
+ |
191 |
+src_compile() { |
192 |
+ default |
193 |
+ |
194 |
+ if use python; then |
195 |
+ pushd py >/dev/null || die |
196 |
+ distutils-r1_src_compile |
197 |
+ popd >/dev/null || die |
198 |
+ fi |
199 |
+} |
200 |
+ |
201 |
+src_install() { |
202 |
+ default |
203 |
+ |
204 |
+ if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then |
205 |
+ pushd doc >/dev/null || die |
206 |
+ doman *.? |
207 |
+ popd >/dev/null || die |
208 |
+ fi |
209 |
+ |
210 |
+ local mksuffix="$(usex modern-kernel '-mk' '')" |
211 |
+ |
212 |
+ exeinto /usr/libexec/${PN} |
213 |
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh |
214 |
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} |
215 |
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} |
216 |
+ keepdir /var/lib/nftables |
217 |
+ |
218 |
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service |
219 |
+ |
220 |
+ if use python ; then |
221 |
+ pushd py >/dev/null || die |
222 |
+ distutils-r1_src_install |
223 |
+ popd >/dev/null || die |
224 |
+ fi |
225 |
+ |
226 |
+ find "${ED}" -type f -name "*.la" -delete || die |
227 |
+} |
228 |
+ |
229 |
+pkg_postinst() { |
230 |
+ local save_file |
231 |
+ save_file="${EROOT}/var/lib/nftables/rules-save" |
232 |
+ |
233 |
+ # In order for the nftables-restore systemd service to start |
234 |
+ # the save_file must exist. |
235 |
+ if [[ ! -f "${save_file}" ]]; then |
236 |
+ ( umask 177; touch "${save_file}" ) |
237 |
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then |
238 |
+ ewarn "Your system has dangerous permissions for ${save_file}" |
239 |
+ ewarn "It is probably affected by bug #691326." |
240 |
+ ewarn "You may need to fix the permissions of the file. To do so," |
241 |
+ ewarn "you can run the command in the line below as root." |
242 |
+ ewarn " 'chmod 600 \"${save_file}\"'" |
243 |
+ fi |
244 |
+ |
245 |
+ if has_version 'sys-apps/systemd'; then |
246 |
+ elog "If you wish to enable the firewall rules on boot (on systemd) you" |
247 |
+ elog "will need to enable the nftables-restore service." |
248 |
+ elog " 'systemctl enable ${PN}-restore.service'" |
249 |
+ elog |
250 |
+ elog "If you are creating firewall rules before the next system restart" |
251 |
+ elog "the nftables-restore service must be manually started in order to" |
252 |
+ elog "save those rules on shutdown." |
253 |
+ fi |
254 |
+ if has_version 'sys-apps/openrc'; then |
255 |
+ elog "If you wish to enable the firewall rules on boot (on openrc) you" |
256 |
+ elog "will need to enable the nftables service." |
257 |
+ elog " 'rc-update add ${PN} default'" |
258 |
+ elog |
259 |
+ elog "If you are creating or updating the firewall rules and wish to save" |
260 |
+ elog "them to be loaded on the next restart, use the \"save\" functionality" |
261 |
+ elog "in the init script." |
262 |
+ elog " 'rc-service ${PN} save'" |
263 |
+ fi |
264 |
+} |