summaryrefslogtreecommitdiff
path: root/net-firewall/nftables
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2022-08-10 08:17:33 +0100
committerV3n3RiX <venerix@koprulu.sector>2022-08-10 08:17:33 +0100
commitc2968b21192246c8fa4e99d5a2944658096f868e (patch)
tree7484ee755cf801622a77a7212739fffde9dff5a0 /net-firewall/nftables
parented40f2eafae80bcb56715a81c92b1f9c29364bad (diff)
gentoo auto-resync : 10:08:2022 - 08:17:33
Diffstat (limited to 'net-firewall/nftables')
-rw-r--r--net-firewall/nftables/Manifest5
-rw-r--r--net-firewall/nftables/nftables-1.0.5.ebuild215
-rw-r--r--net-firewall/nftables/nftables-9999.ebuild2
3 files changed, 220 insertions, 2 deletions
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 6c7817b75b99..aca376433ab1 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -14,7 +14,10 @@ DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932
DIST nftables-1.0.2.tar.bz2.sig 566 BLAKE2B 5b7a20b28c274a950b718e2e14313772707b6bdc3f4519f747350593c1eb3bfbcf8c5dd9ae7d5aa0488c5cde9af8b58e05349c75e8a8246c5634303a331f9d98 SHA512 9be59d771833ac315fd52cffe7074ed9d49fbf592aec8d94500bbc7cc1f44dcb54b3815c46831a5e7e4c4770901cbdd6b8ffc5aa8d8cb7e064ec1c8453d890f1
DIST nftables-1.0.4.tar.bz2 979540 BLAKE2B 1b2c596245cb7f1bc574250d13b9ff6f424f98e98d5955befadb83ea0a71acc6524b066e39f1e9d151f3946b690b2dee45b7d416347371f88911c8d6a9de047e SHA512 7d96c791365d399b3b930a1f9d6c6aa4a8c2180c258bb5163d9d62ea4d094857e2ebb20fc3ef13b89f449f216d0a291d3bcf288704f1e3bd3ceb51b6cadf8215
DIST nftables-1.0.4.tar.bz2.sig 566 BLAKE2B 1ac42a2eb678abcc21d01bbaf5f9a3af3f4c49fa1f0732f2522d3da14e94aacbb12075650d2786224f8fef869fcdc94a1463bd76272aa44fc50ea31a8ebae1bf SHA512 2d2acd4810c1ede844e1eac81a5480866ad40ae71dfcf92d166fd9295290adff70d35d7de8cf1ec81ab63d184b221419ff144bc7010e18884afa992173723af8
+DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b43b7f4f9bff9f7fb46928c6c7eee5a6f07150c404f7cf42f5a1d2e980860a4dd2589b99773179e019a093c42cfa SHA512 51cbf10579db7eed58f4358044840f2ce1bffe84533c5fb03e0ebcc702970856455576ac793169c94d38a9f8148e33631ad91444e54a8be189d93af7c27feb9a
+DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511
EBUILD nftables-1.0.2-r1.ebuild 5163 BLAKE2B 02bacad62aea322b42251fb73ea3e23e061167ae5bde03f751231db9b33f3d85cb8a8b0b28038140264092c2a1776e0a4c9b0a464775a0e30c57cc988ac09a36 SHA512 2b55eb2c17686e13ddde19d4da06d0ac1efe09500fd62cc205fcf95d9977f7d2478369aec51e2455aed69c49869afcc54badd08bc3c4bcf26d58972d095c8aa8
EBUILD nftables-1.0.4-r2.ebuild 5973 BLAKE2B 33b0959b853cc3ae0a140549c105116addf23a8f48107e8279e61909927f69bdd718784dca12c5ea06148d64d2fd653e6c47b2a04e71414c8254f787b5fd6789 SHA512 746c7587ff389cb44f2a8b52a618e31dab6ea844b38d8d303a14c59d3aaffd314f37b64e281f3324228727ab629d7092e3836fc226f82d9cda7bc2562b829390
-EBUILD nftables-9999.ebuild 5877 BLAKE2B ffe8dd8c23b5755d231de39c1112db4f416481e67aafdc30b1d6b8909db5c6225f03044d8b69188091bb1681877fb57a20a1528601f049150289008019e48a15 SHA512 e3a5f820332022e502e2ae4c2f4ff0963d7711eed979e8a0dfca2f015c651418447866b0d9b53cf2dfb28de2e47c5adf37daa5c82b614b21c30a8a694f3855a1
+EBUILD nftables-1.0.5.ebuild 5877 BLAKE2B 772a44595ae0e3235edeb92f95496f08c9d0c7f4dc8c03355c9d2b73a882caba148b8eac4c894841b45aa49b4017b5cf2b6f95a545158e64324ef7042a251a69 SHA512 b0ce3867afdc7e1c65ef305ea2500392bf99352075caa80ec73e2555fc5c6af24fc3150283882d175d629a3ccd1af6002645cf2670834faf5c9d10ccf135712f
+EBUILD nftables-9999.ebuild 5877 BLAKE2B 772a44595ae0e3235edeb92f95496f08c9d0c7f4dc8c03355c9d2b73a882caba148b8eac4c894841b45aa49b4017b5cf2b6f95a545158e64324ef7042a251a69 SHA512 b0ce3867afdc7e1c65ef305ea2500392bf99352075caa80ec73e2555fc5c6af24fc3150283882d175d629a3ccd1af6002645cf2670834faf5c9d10ccf135712f
MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25
diff --git a/net-firewall/nftables/nftables-1.0.5.ebuild b/net-firewall/nftables/nftables-1.0.5.ebuild
new file mode 100644
index 000000000000..24d357de9872
--- /dev/null
+++ b/net-firewall/nftables/nftables-1.0.5.ebuild
@@ -0,0 +1,215 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_OPTIONAL=1
+PYTHON_COMPAT=( python3_{8..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
+inherit edo linux-info distutils-r1 systemd verify-sig
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+ inherit autotools git-r3
+ EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+
+ BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ "
+else
+ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
+ verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
+fi
+
+LICENSE="GPL-2"
+SLOT="0/1"
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
+RESTRICT="test? ( userpriv ) !test? ( test )"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.4:0=
+ >=net-libs/libnftnl-1.2.3:0=
+ gmp? ( dev-libs/gmp:= )
+ json? ( dev-libs/jansson:= )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+ xtables? ( >=net-firewall/iptables-1.6.1:= )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND+="
+ virtual/pkgconfig
+ doc? (
+ app-text/asciidoc
+ >=app-text/docbook2X-0.8.8-r4
+ )
+ python? ( ${PYTHON_DEPS} )
+"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+ libedit? ( !readline )
+"
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ if use modern-kernel && kernel_is lt 3 18; then
+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+ fi
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+
+ if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
+ eautoreconf
+ fi
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_prepare
+ popd >/dev/null || die
+ fi
+}
+
+src_configure() {
+ local myeconfargs=(
+ # We handle python separately
+ --disable-python
+ --disable-static
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable debug)
+ $(use_enable doc man-doc)
+ $(use_with !gmp mini_gmp)
+ $(use_with json)
+ $(use_with libedit cli editline)
+ $(use_with readline cli readline)
+ $(use_enable static-libs static)
+ $(use_with xtables)
+ )
+ econf "${myeconfargs[@]}"
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_configure
+ popd >/dev/null || die
+ fi
+}
+
+src_compile() {
+ default
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_compile
+ popd >/dev/null || die
+ fi
+}
+
+src_test() {
+ emake check
+
+ edo tests/shell/run-tests.sh -v
+
+ # Need to rig up Python eclass if using this, but it doesn't seem to work
+ # for me anyway.
+ #cd tests/py || die
+ #"${EPYTHON}" nft-test.py || die
+}
+
+src_install() {
+ default
+
+ if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+ pushd doc >/dev/null || die
+ doman *.?
+ popd >/dev/null || die
+ fi
+
+ # Do it here instead of in src_prepare to avoid eautoreconf
+ # rmdir lets us catch if more files end up installed in /etc/nftables
+ dodir /usr/share/doc/${PF}/skels/
+ mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
+ rmdir "${ED}"/etc/nftables || die
+
+ local mksuffix="$(usex modern-kernel '-mk' '')"
+
+ exeinto /usr/libexec/${PN}
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+ if use python ; then
+ pushd py >/dev/null || die
+ distutils-r1_src_install
+ popd >/dev/null || die
+ fi
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_preinst() {
+ if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
+ if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
+ eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+ eerror "nft. This probably means that there is a regression introduced by v${PV}."
+ eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+
+ if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+ die "Aborting because of failed nft reload!"
+ fi
+ fi
+ fi
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT}"/var/lib/nftables/rules-save
+
+ # In order for the nftables-restore systemd service to start
+ # the save_file must exist.
+ if [[ ! -f "${save_file}" ]]; then
+ ( umask 177; touch "${save_file}" )
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
+ fi
+
+ if has_version 'sys-apps/systemd'; then
+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
+ elog "will need to enable the nftables-restore service."
+ elog " 'systemctl enable ${PN}-restore.service'"
+ elog
+ elog "If you are creating firewall rules before the next system restart"
+ elog "the nftables-restore service must be manually started in order to"
+ elog "save those rules on shutdown."
+ fi
+
+ if has_version 'sys-apps/openrc'; then
+ elog "If you wish to enable the firewall rules on boot (on openrc) you"
+ elog "will need to enable the nftables service."
+ elog " 'rc-update add ${PN} default'"
+ elog
+ elog "If you are creating or updating the firewall rules and wish to save"
+ elog "them to be loaded on the next restart, use the \"save\" functionality"
+ elog "in the init script."
+ elog " 'rc-service ${PN} save'"
+ fi
+}
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index 51f0627a762d..24d357de9872 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -33,7 +33,7 @@ RESTRICT="test? ( userpriv ) !test? ( test )"
RDEPEND="
>=net-libs/libmnl-1.0.4:0=
- >=net-libs/libnftnl-1.2.2:0=
+ >=net-libs/libnftnl-1.2.3:0=
gmp? ( dev-libs/gmp:= )
json? ( dev-libs/jansson:= )
python? ( ${PYTHON_DEPS} )