diff options
Diffstat (limited to 'net-firewall/nftables')
-rw-r--r-- | net-firewall/nftables/Manifest | 8 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-1.0.5.ebuild | 33 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-1.0.6.ebuild | 44 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-1.0.7.ebuild | 46 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-9999.ebuild | 46 |
5 files changed, 96 insertions, 81 deletions
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index 2b5fee30ac37..548fce80807b 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -12,8 +12,8 @@ DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472b DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93 DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116 DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768 -EBUILD nftables-1.0.5.ebuild 5944 BLAKE2B 51116a81230b4a137a792a670d3bf3bbbe10664679a1a37a7bcf62bd6b756ea9fe4dffad52a10b38712fa5b3480ea631ceb5439fc473083413ada879f524520a SHA512 8d29abc5b03930aa4531283f65f83550f59cf874e22b69507f7c7d9dffa74e7b39de6cc4eaf6d914d234d779174b309491cbfd63dd5cacf30e4990fcea9f39d1 -EBUILD nftables-1.0.6.ebuild 6609 BLAKE2B 74009b5bd7f9857278b95c9461d88b057716b1fc779823dbd5364628c943af51aedc5273fd0bce66fab3c3c1b2d7cb2d337104c26b195dbce45a22be7f0feb62 SHA512 2ce5b7166f5282879ec5b6405f788d07bc144a4527dec5471089cd05baf0159f780136256ee5b3fa53ad2e3f82fc3d72712f9daf0d821c9b344e4d9ab070a949 -EBUILD nftables-1.0.7.ebuild 6682 BLAKE2B 6536445f364249ffe2e1a1497ebf103f0e94261a2e8af06866abfbe4edcb43dde2a8c9d3edba913e00dee15db9643cfd53f9f9f4d0ae305b9b3445d6f18671a3 SHA512 1e207f9c832750d9e3a4616e01db636796907de807e42a4022747772cd2278de93116dd4988bb6134ba40ea7a64a9b16e760a6dd3351c118a93c2cb84d84bd4b -EBUILD nftables-9999.ebuild 6682 BLAKE2B 6536445f364249ffe2e1a1497ebf103f0e94261a2e8af06866abfbe4edcb43dde2a8c9d3edba913e00dee15db9643cfd53f9f9f4d0ae305b9b3445d6f18671a3 SHA512 1e207f9c832750d9e3a4616e01db636796907de807e42a4022747772cd2278de93116dd4988bb6134ba40ea7a64a9b16e760a6dd3351c118a93c2cb84d84bd4b +EBUILD nftables-1.0.5.ebuild 6788 BLAKE2B 356cbc45665b33da01088db5fff42300c157b3ee6b1d4687450351b6a8f6dabc1de4877713dec0b8b27416ab782eac40b7b73da9e77bad040c04a95ac0a451ab SHA512 7de1598827e7c86775e1c2e5fc677b5c1ab7c83be41d313befdae9f4962b07757be88270eeca12ada03d22ad2ced3097e7f36e7462dd79f18c9b8db6f4727f55 +EBUILD nftables-1.0.6.ebuild 6784 BLAKE2B 703a820366c068c2fa71951c3d2101f4bf1060136d9d02a9b2dd2fc6dec3ceb44f79d3464bb734aefa4163e4549713d9e0920fcce2f3fa9cdf35c5c53427024f SHA512 292de49885ea53d70f2537361316f9f2a8a7b58783baf87654ca9a59d9e4aa2c60e958b327f81563934c771a158047b43b02f774dd0bf775905bc446cc7d668e +EBUILD nftables-1.0.7.ebuild 6857 BLAKE2B ec182b0437ca81e71192a7b14f7163f10ed8c36e6d7f79b7811093336f1e261a6799986a8658850a7103646c4b42b1039330a53a1e51679581553292bc9b0d29 SHA512 69a5f36d84f2130cf02cdf6eabaa0c9934e6be0dd9d0910e2c3191521ca464909d6d666cceeeb361933a7b1dc540c884a4c6d6f8db3b12aee0b87a59569ec7bf +EBUILD nftables-9999.ebuild 6857 BLAKE2B ec182b0437ca81e71192a7b14f7163f10ed8c36e6d7f79b7811093336f1e261a6799986a8658850a7103646c4b42b1039330a53a1e51679581553292bc9b0d29 SHA512 69a5f36d84f2130cf02cdf6eabaa0c9934e6be0dd9d0910e2c3191521ca464909d6d666cceeeb361933a7b1dc540c884a4c6d6f8db3b12aee0b87a59569ec7bf MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25 diff --git a/net-firewall/nftables/nftables-1.0.5.ebuild b/net-firewall/nftables/nftables-1.0.5.ebuild index 3b4f9fbbf1d2..5226ca74577d 100644 --- a/net-firewall/nftables/nftables-1.0.5.ebuild +++ b/net-firewall/nftables/nftables-1.0.5.ebuild @@ -167,15 +167,30 @@ src_install() { } pkg_preinst() { - if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then - if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then - eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" - eerror "nft. This probably means that there is a regression introduced by v${PV}." - eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" - - if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then - die "Aborting because of failed nft reload!" - fi + local stderr + + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" fi fi } diff --git a/net-firewall/nftables/nftables-1.0.6.ebuild b/net-firewall/nftables/nftables-1.0.6.ebuild index bd4f23708a7e..e5de7f69c0a1 100644 --- a/net-firewall/nftables/nftables-1.0.6.ebuild +++ b/net-firewall/nftables/nftables-1.0.6.ebuild @@ -169,28 +169,28 @@ src_install() { pkg_preinst() { local stderr - # There's a history of regressions with nftables upgrades. Add a safety - # check to help us spot them earlier. - if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then - # Check the current loaded ruleset, if any, using the newly - # built instance of nft(8). - if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then - # Report errors induced by trying to list the ruleset - # but don't treat them as being fatal. - printf '%s\n' "${stderr}" >&2 - elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then - # Rulesets generated by iptables-nft are special in - # nature and will not always be printed in a way that - # constitutes a valid syntax for ntf(8). Ignore them. - return - elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then - eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" - eerror "nft. This probably means that there is a regression introduced by v${PV}." - eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" - - if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then - die "Aborting because of failed nft reload!" - fi + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" fi fi } diff --git a/net-firewall/nftables/nftables-1.0.7.ebuild b/net-firewall/nftables/nftables-1.0.7.ebuild index f9713c4a95f6..13ecec61248b 100644 --- a/net-firewall/nftables/nftables-1.0.7.ebuild +++ b/net-firewall/nftables/nftables-1.0.7.ebuild @@ -34,7 +34,7 @@ RESTRICT="!test? ( test )" RDEPEND=" >=net-libs/libmnl-1.0.4:= - >=net-libs/libnftnl-1.2.4:= + >=net-libs/libnftnl-1.2.5:= gmp? ( dev-libs/gmp:= ) json? ( dev-libs/jansson:= ) python? ( ${PYTHON_DEPS} ) @@ -170,28 +170,28 @@ src_install() { pkg_preinst() { local stderr - # There's a history of regressions with nftables upgrades. Add a safety - # check to help us spot them earlier. - if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then - # Check the current loaded ruleset, if any, using the newly - # built instance of nft(8). - if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then - # Report errors induced by trying to list the ruleset - # but don't treat them as being fatal. - printf '%s\n' "${stderr}" >&2 - elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then - # Rulesets generated by iptables-nft are special in - # nature and will not always be printed in a way that - # constitutes a valid syntax for ntf(8). Ignore them. - return - elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then - eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" - eerror "nft. This probably means that there is a regression introduced by v${PV}." - eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" - - if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then - die "Aborting because of failed nft reload!" - fi + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" fi fi } diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild index f9713c4a95f6..13ecec61248b 100644 --- a/net-firewall/nftables/nftables-9999.ebuild +++ b/net-firewall/nftables/nftables-9999.ebuild @@ -34,7 +34,7 @@ RESTRICT="!test? ( test )" RDEPEND=" >=net-libs/libmnl-1.0.4:= - >=net-libs/libnftnl-1.2.4:= + >=net-libs/libnftnl-1.2.5:= gmp? ( dev-libs/gmp:= ) json? ( dev-libs/jansson:= ) python? ( ${PYTHON_DEPS} ) @@ -170,28 +170,28 @@ src_install() { pkg_preinst() { local stderr - # There's a history of regressions with nftables upgrades. Add a safety - # check to help us spot them earlier. - if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then - # Check the current loaded ruleset, if any, using the newly - # built instance of nft(8). - if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then - # Report errors induced by trying to list the ruleset - # but don't treat them as being fatal. - printf '%s\n' "${stderr}" >&2 - elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then - # Rulesets generated by iptables-nft are special in - # nature and will not always be printed in a way that - # constitutes a valid syntax for ntf(8). Ignore them. - return - elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then - eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" - eerror "nft. This probably means that there is a regression introduced by v${PV}." - eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" - - if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then - die "Aborting because of failed nft reload!" - fi + # There's a history of regressions with nftables upgrades. Perform a + # safety check to help us spot them earlier. For the check to pass, the + # currently loaded ruleset, if any, must be successfully evaluated by + # the newly built instance of nft(8). + if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then + # Either nftables isn't yet in use or nft(8) cannot be executed. + return + elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then + # Report errors induced by trying to list the ruleset but don't + # treat them as being fatal. + printf '%s\n' "${stderr}" >&2 + elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then + # Rulesets generated by iptables-nft are special in nature and + # will not always be printed in a way that constitutes a valid + # syntax for ntf(8). Ignore them. + return + elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then + eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" + eerror "nft. This probably means that there is a regression introduced by v${PV}." + eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" + if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then + die "Aborting because of failed nft reload!" fi fi } |