diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-08-10 08:17:33 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-08-10 08:17:33 +0100 |
commit | c2968b21192246c8fa4e99d5a2944658096f868e (patch) | |
tree | 7484ee755cf801622a77a7212739fffde9dff5a0 /net-firewall/nftables | |
parent | ed40f2eafae80bcb56715a81c92b1f9c29364bad (diff) |
gentoo auto-resync : 10:08:2022 - 08:17:33
Diffstat (limited to 'net-firewall/nftables')
-rw-r--r-- | net-firewall/nftables/Manifest | 5 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-1.0.5.ebuild | 215 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-9999.ebuild | 2 |
3 files changed, 220 insertions, 2 deletions
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index 6c7817b75b99..aca376433ab1 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -14,7 +14,10 @@ DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932 DIST nftables-1.0.2.tar.bz2.sig 566 BLAKE2B 5b7a20b28c274a950b718e2e14313772707b6bdc3f4519f747350593c1eb3bfbcf8c5dd9ae7d5aa0488c5cde9af8b58e05349c75e8a8246c5634303a331f9d98 SHA512 9be59d771833ac315fd52cffe7074ed9d49fbf592aec8d94500bbc7cc1f44dcb54b3815c46831a5e7e4c4770901cbdd6b8ffc5aa8d8cb7e064ec1c8453d890f1 DIST nftables-1.0.4.tar.bz2 979540 BLAKE2B 1b2c596245cb7f1bc574250d13b9ff6f424f98e98d5955befadb83ea0a71acc6524b066e39f1e9d151f3946b690b2dee45b7d416347371f88911c8d6a9de047e SHA512 7d96c791365d399b3b930a1f9d6c6aa4a8c2180c258bb5163d9d62ea4d094857e2ebb20fc3ef13b89f449f216d0a291d3bcf288704f1e3bd3ceb51b6cadf8215 DIST nftables-1.0.4.tar.bz2.sig 566 BLAKE2B 1ac42a2eb678abcc21d01bbaf5f9a3af3f4c49fa1f0732f2522d3da14e94aacbb12075650d2786224f8fef869fcdc94a1463bd76272aa44fc50ea31a8ebae1bf SHA512 2d2acd4810c1ede844e1eac81a5480866ad40ae71dfcf92d166fd9295290adff70d35d7de8cf1ec81ab63d184b221419ff144bc7010e18884afa992173723af8 +DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b43b7f4f9bff9f7fb46928c6c7eee5a6f07150c404f7cf42f5a1d2e980860a4dd2589b99773179e019a093c42cfa SHA512 51cbf10579db7eed58f4358044840f2ce1bffe84533c5fb03e0ebcc702970856455576ac793169c94d38a9f8148e33631ad91444e54a8be189d93af7c27feb9a +DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511 EBUILD nftables-1.0.2-r1.ebuild 5163 BLAKE2B 02bacad62aea322b42251fb73ea3e23e061167ae5bde03f751231db9b33f3d85cb8a8b0b28038140264092c2a1776e0a4c9b0a464775a0e30c57cc988ac09a36 SHA512 2b55eb2c17686e13ddde19d4da06d0ac1efe09500fd62cc205fcf95d9977f7d2478369aec51e2455aed69c49869afcc54badd08bc3c4bcf26d58972d095c8aa8 EBUILD nftables-1.0.4-r2.ebuild 5973 BLAKE2B 33b0959b853cc3ae0a140549c105116addf23a8f48107e8279e61909927f69bdd718784dca12c5ea06148d64d2fd653e6c47b2a04e71414c8254f787b5fd6789 SHA512 746c7587ff389cb44f2a8b52a618e31dab6ea844b38d8d303a14c59d3aaffd314f37b64e281f3324228727ab629d7092e3836fc226f82d9cda7bc2562b829390 -EBUILD nftables-9999.ebuild 5877 BLAKE2B ffe8dd8c23b5755d231de39c1112db4f416481e67aafdc30b1d6b8909db5c6225f03044d8b69188091bb1681877fb57a20a1528601f049150289008019e48a15 SHA512 e3a5f820332022e502e2ae4c2f4ff0963d7711eed979e8a0dfca2f015c651418447866b0d9b53cf2dfb28de2e47c5adf37daa5c82b614b21c30a8a694f3855a1 +EBUILD nftables-1.0.5.ebuild 5877 BLAKE2B 772a44595ae0e3235edeb92f95496f08c9d0c7f4dc8c03355c9d2b73a882caba148b8eac4c894841b45aa49b4017b5cf2b6f95a545158e64324ef7042a251a69 SHA512 b0ce3867afdc7e1c65ef305ea2500392bf99352075caa80ec73e2555fc5c6af24fc3150283882d175d629a3ccd1af6002645cf2670834faf5c9d10ccf135712f +EBUILD nftables-9999.ebuild 5877 BLAKE2B 772a44595ae0e3235edeb92f95496f08c9d0c7f4dc8c03355c9d2b73a882caba148b8eac4c894841b45aa49b4017b5cf2b6f95a545158e64324ef7042a251a69 SHA512 b0ce3867afdc7e1c65ef305ea2500392bf99352075caa80ec73e2555fc5c6af24fc3150283882d175d629a3ccd1af6002645cf2670834faf5c9d10ccf135712f MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25 diff --git a/net-firewall/nftables/nftables-1.0.5.ebuild b/net-firewall/nftables/nftables-1.0.5.ebuild new file mode 100644 index 000000000000..24d357de9872 --- /dev/null +++ b/net-firewall/nftables/nftables-1.0.5.ebuild @@ -0,0 +1,215 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_OPTIONAL=1 +PYTHON_COMPAT=( python3_{8..11} ) +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc +inherit edo linux-info distutils-r1 systemd verify-sig + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit autotools git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + + BDEPEND=" + sys-devel/bison + sys-devel/flex + " +else + SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2 + verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )" + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )" +fi + +LICENSE="GPL-2" +SLOT="0/1" +IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables" +RESTRICT="test? ( userpriv ) !test? ( test )" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.2.3:0= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" + +DEPEND="${RDEPEND}" + +BDEPEND+=" + virtual/pkgconfig + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + python? ( ${PYTHON_DEPS} ) +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + if [[ ${PV} =~ ^[9]{4,}$ ]] ; then + eautoreconf + fi + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_prepare + popd >/dev/null || die + fi +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --disable-static + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_configure + popd >/dev/null || die + fi +} + +src_compile() { + default + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +src_test() { + emake check + + edo tests/shell/run-tests.sh -v + + # Need to rig up Python eclass if using this, but it doesn't seem to work + # for me anyway. + #cd tests/py || die + #"${EPYTHON}" nft-test.py || die +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + # Do it here instead of in src_prepare to avoid eautoreconf + # rmdir lets us catch if more files end up installed in /etc/nftables + dodir /usr/share/doc/${PF}/skels/ + mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die + rmdir "${ED}"/etc/nftables || die + + local mksuffix="$(usex modern-kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + pushd py >/dev/null || die + distutils-r1_src_install + popd >/dev/null || die + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_preinst() { + if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then + if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" + fi + fi + fi +} + +pkg_postinst() { + local save_file + save_file="${EROOT}"/var/lib/nftables/rules-save + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild index 51f0627a762d..24d357de9872 100644 --- a/net-firewall/nftables/nftables-9999.ebuild +++ b/net-firewall/nftables/nftables-9999.ebuild @@ -33,7 +33,7 @@ RESTRICT="test? ( userpriv ) !test? ( test )" RDEPEND=" >=net-libs/libmnl-1.0.4:0= - >=net-libs/libnftnl-1.2.2:0= + >=net-libs/libnftnl-1.2.3:0= gmp? ( dev-libs/gmp:= ) json? ( dev-libs/jansson:= ) python? ( ${PYTHON_DEPS} ) |