summaryrefslogtreecommitdiff
path: root/net-firewall/nftables
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall/nftables')
-rw-r--r--net-firewall/nftables/Manifest8
-rw-r--r--net-firewall/nftables/nftables-1.0.5.ebuild33
-rw-r--r--net-firewall/nftables/nftables-1.0.6.ebuild44
-rw-r--r--net-firewall/nftables/nftables-1.0.7.ebuild46
-rw-r--r--net-firewall/nftables/nftables-9999.ebuild46
5 files changed, 96 insertions, 81 deletions
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 2b5fee30ac37..548fce80807b 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -12,8 +12,8 @@ DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472b
DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93
DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116
DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768
-EBUILD nftables-1.0.5.ebuild 5944 BLAKE2B 51116a81230b4a137a792a670d3bf3bbbe10664679a1a37a7bcf62bd6b756ea9fe4dffad52a10b38712fa5b3480ea631ceb5439fc473083413ada879f524520a SHA512 8d29abc5b03930aa4531283f65f83550f59cf874e22b69507f7c7d9dffa74e7b39de6cc4eaf6d914d234d779174b309491cbfd63dd5cacf30e4990fcea9f39d1
-EBUILD nftables-1.0.6.ebuild 6609 BLAKE2B 74009b5bd7f9857278b95c9461d88b057716b1fc779823dbd5364628c943af51aedc5273fd0bce66fab3c3c1b2d7cb2d337104c26b195dbce45a22be7f0feb62 SHA512 2ce5b7166f5282879ec5b6405f788d07bc144a4527dec5471089cd05baf0159f780136256ee5b3fa53ad2e3f82fc3d72712f9daf0d821c9b344e4d9ab070a949
-EBUILD nftables-1.0.7.ebuild 6682 BLAKE2B 6536445f364249ffe2e1a1497ebf103f0e94261a2e8af06866abfbe4edcb43dde2a8c9d3edba913e00dee15db9643cfd53f9f9f4d0ae305b9b3445d6f18671a3 SHA512 1e207f9c832750d9e3a4616e01db636796907de807e42a4022747772cd2278de93116dd4988bb6134ba40ea7a64a9b16e760a6dd3351c118a93c2cb84d84bd4b
-EBUILD nftables-9999.ebuild 6682 BLAKE2B 6536445f364249ffe2e1a1497ebf103f0e94261a2e8af06866abfbe4edcb43dde2a8c9d3edba913e00dee15db9643cfd53f9f9f4d0ae305b9b3445d6f18671a3 SHA512 1e207f9c832750d9e3a4616e01db636796907de807e42a4022747772cd2278de93116dd4988bb6134ba40ea7a64a9b16e760a6dd3351c118a93c2cb84d84bd4b
+EBUILD nftables-1.0.5.ebuild 6788 BLAKE2B 356cbc45665b33da01088db5fff42300c157b3ee6b1d4687450351b6a8f6dabc1de4877713dec0b8b27416ab782eac40b7b73da9e77bad040c04a95ac0a451ab SHA512 7de1598827e7c86775e1c2e5fc677b5c1ab7c83be41d313befdae9f4962b07757be88270eeca12ada03d22ad2ced3097e7f36e7462dd79f18c9b8db6f4727f55
+EBUILD nftables-1.0.6.ebuild 6784 BLAKE2B 703a820366c068c2fa71951c3d2101f4bf1060136d9d02a9b2dd2fc6dec3ceb44f79d3464bb734aefa4163e4549713d9e0920fcce2f3fa9cdf35c5c53427024f SHA512 292de49885ea53d70f2537361316f9f2a8a7b58783baf87654ca9a59d9e4aa2c60e958b327f81563934c771a158047b43b02f774dd0bf775905bc446cc7d668e
+EBUILD nftables-1.0.7.ebuild 6857 BLAKE2B ec182b0437ca81e71192a7b14f7163f10ed8c36e6d7f79b7811093336f1e261a6799986a8658850a7103646c4b42b1039330a53a1e51679581553292bc9b0d29 SHA512 69a5f36d84f2130cf02cdf6eabaa0c9934e6be0dd9d0910e2c3191521ca464909d6d666cceeeb361933a7b1dc540c884a4c6d6f8db3b12aee0b87a59569ec7bf
+EBUILD nftables-9999.ebuild 6857 BLAKE2B ec182b0437ca81e71192a7b14f7163f10ed8c36e6d7f79b7811093336f1e261a6799986a8658850a7103646c4b42b1039330a53a1e51679581553292bc9b0d29 SHA512 69a5f36d84f2130cf02cdf6eabaa0c9934e6be0dd9d0910e2c3191521ca464909d6d666cceeeb361933a7b1dc540c884a4c6d6f8db3b12aee0b87a59569ec7bf
MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25
diff --git a/net-firewall/nftables/nftables-1.0.5.ebuild b/net-firewall/nftables/nftables-1.0.5.ebuild
index 3b4f9fbbf1d2..5226ca74577d 100644
--- a/net-firewall/nftables/nftables-1.0.5.ebuild
+++ b/net-firewall/nftables/nftables-1.0.5.ebuild
@@ -167,15 +167,30 @@ src_install() {
}
pkg_preinst() {
- if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
- if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
- eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
- eerror "nft. This probably means that there is a regression introduced by v${PV}."
- eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-
- if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
- die "Aborting because of failed nft reload!"
- fi
+ local stderr
+
+ # There's a history of regressions with nftables upgrades. Perform a
+ # safety check to help us spot them earlier. For the check to pass, the
+ # currently loaded ruleset, if any, must be successfully evaluated by
+ # the newly built instance of nft(8).
+ if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
+ # Either nftables isn't yet in use or nft(8) cannot be executed.
+ return
+ elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+ # Report errors induced by trying to list the ruleset but don't
+ # treat them as being fatal.
+ printf '%s\n' "${stderr}" >&2
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+ # Rulesets generated by iptables-nft are special in nature and
+ # will not always be printed in a way that constitutes a valid
+ # syntax for ntf(8). Ignore them.
+ return
+ elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
+ eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+ eerror "nft. This probably means that there is a regression introduced by v${PV}."
+ eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+ if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+ die "Aborting because of failed nft reload!"
fi
fi
}
diff --git a/net-firewall/nftables/nftables-1.0.6.ebuild b/net-firewall/nftables/nftables-1.0.6.ebuild
index bd4f23708a7e..e5de7f69c0a1 100644
--- a/net-firewall/nftables/nftables-1.0.6.ebuild
+++ b/net-firewall/nftables/nftables-1.0.6.ebuild
@@ -169,28 +169,28 @@ src_install() {
pkg_preinst() {
local stderr
- # There's a history of regressions with nftables upgrades. Add a safety
- # check to help us spot them earlier.
- if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
- # Check the current loaded ruleset, if any, using the newly
- # built instance of nft(8).
- if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
- # Report errors induced by trying to list the ruleset
- # but don't treat them as being fatal.
- printf '%s\n' "${stderr}" >&2
- elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
- # Rulesets generated by iptables-nft are special in
- # nature and will not always be printed in a way that
- # constitutes a valid syntax for ntf(8). Ignore them.
- return
- elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then
- eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
- eerror "nft. This probably means that there is a regression introduced by v${PV}."
- eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-
- if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
- die "Aborting because of failed nft reload!"
- fi
+ # There's a history of regressions with nftables upgrades. Perform a
+ # safety check to help us spot them earlier. For the check to pass, the
+ # currently loaded ruleset, if any, must be successfully evaluated by
+ # the newly built instance of nft(8).
+ if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
+ # Either nftables isn't yet in use or nft(8) cannot be executed.
+ return
+ elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+ # Report errors induced by trying to list the ruleset but don't
+ # treat them as being fatal.
+ printf '%s\n' "${stderr}" >&2
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+ # Rulesets generated by iptables-nft are special in nature and
+ # will not always be printed in a way that constitutes a valid
+ # syntax for ntf(8). Ignore them.
+ return
+ elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
+ eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+ eerror "nft. This probably means that there is a regression introduced by v${PV}."
+ eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+ if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+ die "Aborting because of failed nft reload!"
fi
fi
}
diff --git a/net-firewall/nftables/nftables-1.0.7.ebuild b/net-firewall/nftables/nftables-1.0.7.ebuild
index f9713c4a95f6..13ecec61248b 100644
--- a/net-firewall/nftables/nftables-1.0.7.ebuild
+++ b/net-firewall/nftables/nftables-1.0.7.ebuild
@@ -34,7 +34,7 @@ RESTRICT="!test? ( test )"
RDEPEND="
>=net-libs/libmnl-1.0.4:=
- >=net-libs/libnftnl-1.2.4:=
+ >=net-libs/libnftnl-1.2.5:=
gmp? ( dev-libs/gmp:= )
json? ( dev-libs/jansson:= )
python? ( ${PYTHON_DEPS} )
@@ -170,28 +170,28 @@ src_install() {
pkg_preinst() {
local stderr
- # There's a history of regressions with nftables upgrades. Add a safety
- # check to help us spot them earlier.
- if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
- # Check the current loaded ruleset, if any, using the newly
- # built instance of nft(8).
- if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
- # Report errors induced by trying to list the ruleset
- # but don't treat them as being fatal.
- printf '%s\n' "${stderr}" >&2
- elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
- # Rulesets generated by iptables-nft are special in
- # nature and will not always be printed in a way that
- # constitutes a valid syntax for ntf(8). Ignore them.
- return
- elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then
- eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
- eerror "nft. This probably means that there is a regression introduced by v${PV}."
- eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-
- if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
- die "Aborting because of failed nft reload!"
- fi
+ # There's a history of regressions with nftables upgrades. Perform a
+ # safety check to help us spot them earlier. For the check to pass, the
+ # currently loaded ruleset, if any, must be successfully evaluated by
+ # the newly built instance of nft(8).
+ if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
+ # Either nftables isn't yet in use or nft(8) cannot be executed.
+ return
+ elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+ # Report errors induced by trying to list the ruleset but don't
+ # treat them as being fatal.
+ printf '%s\n' "${stderr}" >&2
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+ # Rulesets generated by iptables-nft are special in nature and
+ # will not always be printed in a way that constitutes a valid
+ # syntax for ntf(8). Ignore them.
+ return
+ elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
+ eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+ eerror "nft. This probably means that there is a regression introduced by v${PV}."
+ eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+ if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+ die "Aborting because of failed nft reload!"
fi
fi
}
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index f9713c4a95f6..13ecec61248b 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -34,7 +34,7 @@ RESTRICT="!test? ( test )"
RDEPEND="
>=net-libs/libmnl-1.0.4:=
- >=net-libs/libnftnl-1.2.4:=
+ >=net-libs/libnftnl-1.2.5:=
gmp? ( dev-libs/gmp:= )
json? ( dev-libs/jansson:= )
python? ( ${PYTHON_DEPS} )
@@ -170,28 +170,28 @@ src_install() {
pkg_preinst() {
local stderr
- # There's a history of regressions with nftables upgrades. Add a safety
- # check to help us spot them earlier.
- if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
- # Check the current loaded ruleset, if any, using the newly
- # built instance of nft(8).
- if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
- # Report errors induced by trying to list the ruleset
- # but don't treat them as being fatal.
- printf '%s\n' "${stderr}" >&2
- elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
- # Rulesets generated by iptables-nft are special in
- # nature and will not always be printed in a way that
- # constitutes a valid syntax for ntf(8). Ignore them.
- return
- elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then
- eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
- eerror "nft. This probably means that there is a regression introduced by v${PV}."
- eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-
- if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
- die "Aborting because of failed nft reload!"
- fi
+ # There's a history of regressions with nftables upgrades. Perform a
+ # safety check to help us spot them earlier. For the check to pass, the
+ # currently loaded ruleset, if any, must be successfully evaluated by
+ # the newly built instance of nft(8).
+ if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
+ # Either nftables isn't yet in use or nft(8) cannot be executed.
+ return
+ elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+ # Report errors induced by trying to list the ruleset but don't
+ # treat them as being fatal.
+ printf '%s\n' "${stderr}" >&2
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+ # Rulesets generated by iptables-nft are special in nature and
+ # will not always be printed in a way that constitutes a valid
+ # syntax for ntf(8). Ignore them.
+ return
+ elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
+ eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+ eerror "nft. This probably means that there is a regression introduced by v${PV}."
+ eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+ if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+ die "Aborting because of failed nft reload!"
fi
fi
}