From 4cbcc855382a06088e2f016f62cafdbcb7e40665 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 20 Mar 2022 00:40:44 +0000 Subject: gentoo resync : 20.03.2022 --- net-firewall/Manifest.gz | Bin 4541 -> 4528 bytes net-firewall/ebtables/Manifest | 2 +- net-firewall/ebtables/ebtables-2.0.11-r3.ebuild | 4 +- net-firewall/firehol/Manifest | 4 +- net-firewall/firehol/firehol-3.1.6-r2.ebuild | 67 --- net-firewall/firehol/firehol-3.1.6-r3.ebuild | 67 +++ net-firewall/firehol/firehol-3.1.7-r1.ebuild | 67 +++ net-firewall/firehol/firehol-3.1.7.ebuild | 67 --- net-firewall/firewalld/Manifest | 7 +- net-firewall/firewalld/files/firewalld.service | 22 + net-firewall/firewalld/firewalld-1.0.2-r1.ebuild | 203 +++++++++ net-firewall/firewalld/firewalld-1.0.2.ebuild | 204 --------- net-firewall/firewalld/firewalld-1.0.3-r1.ebuild | 203 +++++++++ net-firewall/firewalld/firewalld-1.0.3.ebuild | 204 --------- net-firewall/firewalld/firewalld-1.1.0-r1.ebuild | 213 +++++++++ net-firewall/fwbuilder/Manifest | 4 +- net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild | 4 +- net-firewall/fwbuilder/fwbuilder-6.0.0_rc1.ebuild | 4 +- net-firewall/fwknop/Manifest | 2 +- net-firewall/fwknop/fwknop-2.6.10-r2.ebuild | 128 ------ net-firewall/fwknop/fwknop-2.6.10-r3.ebuild | 128 ++++++ net-firewall/ipset/Manifest | 2 +- net-firewall/ipset/ipset-7.15.ebuild | 2 +- net-firewall/iptables/Manifest | 4 +- net-firewall/iptables/iptables-1.8.7-r1.ebuild | 20 +- net-firewall/iptables/iptables-1.8.7.ebuild | 4 +- net-firewall/nftables/Manifest | 15 +- ...-explicitly-pass-version-script-to-linker.patch | 27 ++ .../files/nftables-1.0.2-compilation.patch | 36 ++ ....map-export-new-nft_ctx_-get-set-_optimiz.patch | 31 ++ net-firewall/nftables/nftables-0.9.8-r1.ebuild | 166 ------- net-firewall/nftables/nftables-0.9.8-r2.ebuild | 166 +++++++ net-firewall/nftables/nftables-0.9.9-r1.ebuild | 179 ++++++++ net-firewall/nftables/nftables-0.9.9.ebuild | 179 -------- net-firewall/nftables/nftables-1.0.0-r1.ebuild | 179 ++++++++ net-firewall/nftables/nftables-1.0.0.ebuild | 179 -------- net-firewall/nftables/nftables-1.0.1-r1.ebuild | 185 -------- net-firewall/nftables/nftables-1.0.1-r2.ebuild | 185 ++++++++ net-firewall/nftables/nftables-1.0.2-r1.ebuild | 188 ++++++++ net-firewall/nftables/nftables-9999.ebuild | 6 +- net-firewall/nftlb/Manifest | 4 + net-firewall/nftlb/files/nftlb-1.0-musl.patch | 73 ++++ net-firewall/nftlb/files/nftlb-1.0-tests.patch | 45 ++ net-firewall/nftlb/nftlb-1.0.ebuild | 61 +++ net-firewall/nufw/Manifest | 2 +- net-firewall/nufw/nufw-2.2.22-r3.ebuild | 4 +- net-firewall/sanewall/Manifest | 2 +- net-firewall/sanewall/sanewall-1.1.6-r3.ebuild | 55 --- net-firewall/sanewall/sanewall-1.1.6-r4.ebuild | 55 +++ net-firewall/shorewall/Manifest | 2 +- net-firewall/shorewall/shorewall-5.2.8-r1.ebuild | 482 +++++++++++++++++++++ net-firewall/shorewall/shorewall-5.2.8.ebuild | 482 --------------------- net-firewall/ufw/Manifest | 2 +- net-firewall/ufw/ufw-0.36-r1.ebuild | 219 ++++++++++ net-firewall/ufw/ufw-0.36.ebuild | 219 ---------- 55 files changed, 2882 insertions(+), 2182 deletions(-) delete mode 100644 net-firewall/firehol/firehol-3.1.6-r2.ebuild create mode 100644 net-firewall/firehol/firehol-3.1.6-r3.ebuild create mode 100644 net-firewall/firehol/firehol-3.1.7-r1.ebuild delete mode 100644 net-firewall/firehol/firehol-3.1.7.ebuild create mode 100644 net-firewall/firewalld/files/firewalld.service create mode 100644 net-firewall/firewalld/firewalld-1.0.2-r1.ebuild delete mode 100644 net-firewall/firewalld/firewalld-1.0.2.ebuild create mode 100644 net-firewall/firewalld/firewalld-1.0.3-r1.ebuild delete mode 100644 net-firewall/firewalld/firewalld-1.0.3.ebuild create mode 100644 net-firewall/firewalld/firewalld-1.1.0-r1.ebuild delete mode 100644 net-firewall/fwknop/fwknop-2.6.10-r2.ebuild create mode 100644 net-firewall/fwknop/fwknop-2.6.10-r3.ebuild create mode 100644 net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch create mode 100644 net-firewall/nftables/files/nftables-1.0.2-compilation.patch create mode 100644 net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch delete mode 100644 net-firewall/nftables/nftables-0.9.8-r1.ebuild create mode 100644 net-firewall/nftables/nftables-0.9.8-r2.ebuild create mode 100644 net-firewall/nftables/nftables-0.9.9-r1.ebuild delete mode 100644 net-firewall/nftables/nftables-0.9.9.ebuild create mode 100644 net-firewall/nftables/nftables-1.0.0-r1.ebuild delete mode 100644 net-firewall/nftables/nftables-1.0.0.ebuild delete mode 100644 net-firewall/nftables/nftables-1.0.1-r1.ebuild create mode 100644 net-firewall/nftables/nftables-1.0.1-r2.ebuild create mode 100644 net-firewall/nftables/nftables-1.0.2-r1.ebuild create mode 100644 net-firewall/nftlb/files/nftlb-1.0-musl.patch create mode 100644 net-firewall/nftlb/files/nftlb-1.0-tests.patch create mode 100644 net-firewall/nftlb/nftlb-1.0.ebuild delete mode 100644 net-firewall/sanewall/sanewall-1.1.6-r3.ebuild create mode 100644 net-firewall/sanewall/sanewall-1.1.6-r4.ebuild create mode 100644 net-firewall/shorewall/shorewall-5.2.8-r1.ebuild delete mode 100644 net-firewall/shorewall/shorewall-5.2.8.ebuild create mode 100644 net-firewall/ufw/ufw-0.36-r1.ebuild delete mode 100644 net-firewall/ufw/ufw-0.36.ebuild (limited to 'net-firewall') diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz index db3bddaf9304..421a946ffea7 100644 Binary files a/net-firewall/Manifest.gz and b/net-firewall/Manifest.gz differ diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest index 54b1e7e377cf..7851afcf2d22 100644 --- a/net-firewall/ebtables/Manifest +++ b/net-firewall/ebtables/Manifest @@ -4,5 +4,5 @@ AUX ebtables-2.0.11-remove-stray-atsign.patch 1120 BLAKE2B 14bac4aec87d44e5ca166 AUX ebtables.confd-r1 685 BLAKE2B 647eeb26f9c046341c79d450fa5771480cbd9047b063b2e6c32aedeaa669f8c6f73dd317731eac86bfb85f352aec23969af505a461e7f307cf6538cb9c6b21ff SHA512 5bb7ac7aa1a723a7b71f26fbc0337f3cb5b4efd700b95695ab47ac7edc9de7ab0190591d0f56db8e461be93a79cb3ce534335c8ce13a6a6773ff5229c0959033 AUX ebtables.initd-r1 2020 BLAKE2B f73f5904690c5c6344f0668c8327de5605b41ca5a699b3076f3b30545bbea19ff125c5c21d18a73e3bb2cc2986fbf74e7cad5757ced38887551ff59f2ca81dda SHA512 8d4c56102a2a4771e7a0d3a62ddbc4c82eba640ea6d5cba2e55ae2c2d7d0fe2621bcb81a4fa6aebdd1674ac55bb88beb964a89b521d8e684fc02f4b9da555823 DIST ebtables-2.0.11.tar.gz 428411 BLAKE2B 62af4c38ad21498e43f41ef96c8abb5704e8d8a48f1327c587b664f36fdfa9849a9a37e59958db56d38019465d8bf1775914f7387fde99a441615913702cf504 SHA512 43a04c6174c8028c501591ef260526297e0f018016f226e2a3bcf80766fddf53d4605c347554d6da7c4ab5e2131584a18da20916ffddcbf2d26ac93b00c5777f -EBUILD ebtables-2.0.11-r3.ebuild 2496 BLAKE2B cc0506e84dc9a6e6168b59f01f204537649736465b9792a7bbff814e3726b3d7c274e1e1bbfe20f2976b62f1132c362a7425b4a61fd8a1d98e436ce7983d951c SHA512 eff2e063c1489c0ecff02712724853a626eb40035aa9ba86397a22a09e987e7e6a3366541580b5852e01f264d090e6ba4e29f6a574b59d55171d27f428799560 +EBUILD ebtables-2.0.11-r3.ebuild 2494 BLAKE2B 62a35cd20831e9ae5aa5aa619e54f0c93d353eca052f3a1fb821cb02b9b398838846fc67c0eb0bd907bed70c54063a2785ec0318b92e1f04f6ea016c021cc3b3 SHA512 2c5179a5f473cbb493a7c341664a1b2731d19fedd56f4cd78ad5e259235e431c7a49e370841860216dfe84f1159732b84392ed14cfad247a2123c8cabe957c30 MISC metadata.xml 489 BLAKE2B 56da1a333d39d5f48a29b8ad3903f70679d3554df110929290880af2c11d0397fbc553c7248e13aaee25c85d55869c3bfde183960773bbf53e063c5e645e5a16 SHA512 e584988c3ef3cd484272118e85ce8220264ac5a5a374f0297636a4d3790b258ead98f7e93722cd3399a910499d9ccd0a060b08eae096b52a7b424bbf327a7366 diff --git a/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild b/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild index 3701ea171e82..8567d785e8e3 100644 --- a/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild +++ b/net-firewall/ebtables/ebtables-2.0.11-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" @@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_P}" LICENSE="GPL-2" SLOT="0" -KEYWORDS="amd64 ~arm arm64 ppc ~ppc64 ~riscv x86" +KEYWORDS="amd64 arm arm64 ppc ppc64 ~riscv x86" IUSE="+perl static" BDEPEND=">=app-eselect/eselect-iptables-20200508" diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest index a1962cf44740..bc51759ae290 100644 --- a/net-firewall/firehol/Manifest +++ b/net-firewall/firehol/Manifest @@ -4,6 +4,6 @@ AUX fireqos.confd 65 BLAKE2B 121c8df85e9c110e45633c84f3fd4ba9e006bb70dffbdee1507 AUX fireqos.initd 829 BLAKE2B f09905f02189f155455886dd1896a183f2f529d0737939a7065bb52b57870f22805e3e6c029510cc5b57b36e596eb829bcc7651c6a80657ff4e399acc542fa90 SHA512 8364537d3e10c68d309fc40f4b2f88a2a593c38fd6f134b1c09cf937be00f7d96eeba05c83824c9460367bf892a8f79547321784c8f8a4708f856df9a88693f4 DIST firehol-3.1.6.tar.xz 1484424 BLAKE2B aea45aa424b7b43ed0576916f52a785601a21489263c1b5c6abbf3b2b97db80bf2a2420ae8176cd55e335ab93c18a8209a47f467dba80a63cf2c319b3e3e27d8 SHA512 5ffa7e59d3f10a6c7d3f5b5ef9d93f1b2138063374a10cb0c1ac4e75578d6cf7755e154b51febf546563ba003f100af13f89bca3843b66a8d22b8fc2da3fadfe DIST firehol-3.1.7.tar.xz 1457932 BLAKE2B 9a861f2e9c900bce45d0dbd12f4546bc14eb4d74aea27a8d4cb0e5bfe8bea92d9bff3ccf008d46bd64212d689123273c99d0b0faaaadd34f0e1d85e22ee757c9 SHA512 b05cec806c2c8fc410bf9c7a30e3ad1d9f1c06fd2d501a7e5434010f6bb38722aac5b64de9b4285d2c71cacbf6b2f3c758685da5a70c05621df52879eb5148c2 -EBUILD firehol-3.1.6-r2.ebuild 1442 BLAKE2B c07be7c78a6c8d66f91a4c867d1358ae63d2c0444e19767d4e13256b82ab012e7f7b8be0c9c8457620520e107480bd8b130510642d388a609b520eddd4a3d78e SHA512 a2ff2a744fc8daa500c7c3cb45a4b92de946d905e58d7553d53b8237963959061d8aa03b18dd2624b59b48aa859eb491624ef9310b44ddd1c1fd2524896ca410 -EBUILD firehol-3.1.7.ebuild 1444 BLAKE2B 890830d467353129d7dc7e957972cdf8256e8b490ce0b8674513dc1ec57e20147ccf0d413e75973981d195b03cb616b8880f1a397da525352aa72c2466068cb1 SHA512 2ea459492ab538d88eab636678ed35d161d255f9fe78b9c2a18d1c365bf48bd0a3ea2c1d0344b71df286e74ea8affe54759d6350b49e49c645e5ded8afd37417 +EBUILD firehol-3.1.6-r3.ebuild 1448 BLAKE2B e0f98abc7590813988cc7a4cc7d0a930e488978e372cda90378306298d3a45eccddf9f1a96f3ab1bc934eae8b886787668e6f154be69abb13f0094683aa8953b SHA512 c5dcb2e0f55951cb48ac82b573b399ba1ec8526e146ce87cae27a5c0dfc0efa37d15d069b63b1b9ebb0099d5a8635bba438b669aa5884ac01b8a76c36f82944c +EBUILD firehol-3.1.7-r1.ebuild 1450 BLAKE2B 827f1c357427e38374dd99d29753d601fd0e0331f413bbfe7c9eda78500bcd627bd40008d71c485e37127030c713de6f9771760f34af80d4632638ee2e82e396 SHA512 919e1aaa2c2fe83e9803b3b3797d581bdb64dc398fdb9a70ed3eddd841688d22539fbcd534b2f734adf45f27b87014c178352609baf8b55e90afece856dd12d2 MISC metadata.xml 465 BLAKE2B bfefafde956a4355f827c12438dc41f337e3199f6da88bba92d67d811a6f1d2d086e688c2aa262c40c86535671c0db3a32d424d96a2c7c9525f107711beb9c7f SHA512 36174445bf13870981133d45de5d807cec2178612256a6a51dfe2f4b69ee5fd9f245b6fad52a2a194745bb6d4e83115889ce3f18cfbb69b78ec925408fd3bd16 diff --git a/net-firewall/firehol/firehol-3.1.6-r2.ebuild b/net-firewall/firehol/firehol-3.1.6-r2.ebuild deleted file mode 100644 index 0a6d297bcce3..000000000000 --- a/net-firewall/firehol/firehol-3.1.6-r2.ebuild +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit linux-info - -DESCRIPTION="iptables firewall generator" -HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol" -SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -IUSE="doc ipv6 ipset" -KEYWORDS="amd64 arm ~arm64 ~ppc ~x86" - -RDEPEND="net-firewall/iptables - sys-apps/iproute2[-minimal,ipv6?] - sys-apps/kmod[tools] - net-misc/iputils[ipv6?] - net-misc/iprange - net-analyzer/traceroute - app-arch/gzip - ipset? ( - net-firewall/ipset - )" -DEPEND="${RDEPEND}" - -pkg_setup() { - local CONFIG_CHECK=" \ - ~IP_NF_FILTER \ - ~IP_NF_IPTABLES \ - ~IP_NF_MANGLE \ - ~IP_NF_TARGET_MASQUERADE - ~IP_NF_TARGET_REDIRECT \ - ~IP_NF_TARGET_REJECT \ - ~NETFILTER_XT_CONNMARK \ - ~NETFILTER_XT_MATCH_HELPER \ - ~NETFILTER_XT_MATCH_LIMIT \ - ~NETFILTER_XT_MATCH_OWNER \ - ~NETFILTER_XT_MATCH_STATE \ - ~NF_CONNTRACK \ - ~NF_CONNTRACK_IPV4 \ - ~NF_CONNTRACK_MARK \ - ~NF_NAT \ - ~NF_NAT_FTP \ - ~NF_NAT_IRC \ - " - linux-info_pkg_setup -} - -src_configure() { - econf \ - --disable-vnetbuild \ - $(use_enable ipset update-ipsets) \ - $(use_enable doc) \ - $(use_enable ipv6) -} - -src_install() { - default - - newconfd "${FILESDIR}"/firehol.confd firehol - newinitd "${FILESDIR}"/firehol.initd firehol - newconfd "${FILESDIR}"/fireqos.confd fireqos - newinitd "${FILESDIR}"/fireqos.initd fireqos -} diff --git a/net-firewall/firehol/firehol-3.1.6-r3.ebuild b/net-firewall/firehol/firehol-3.1.6-r3.ebuild new file mode 100644 index 000000000000..d68ed4f8bcc6 --- /dev/null +++ b/net-firewall/firehol/firehol-3.1.6-r3.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol" +SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +IUSE="doc ipv6 ipset" +KEYWORDS="amd64 arm ~arm64 ~ppc ~x86" + +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal,ipv6(+)?] + sys-apps/kmod[tools] + net-misc/iputils[ipv6(+)?] + net-misc/iprange + net-analyzer/traceroute + app-arch/gzip + ipset? ( + net-firewall/ipset + )" +DEPEND="${RDEPEND}" + +pkg_setup() { + local CONFIG_CHECK=" \ + ~IP_NF_FILTER \ + ~IP_NF_IPTABLES \ + ~IP_NF_MANGLE \ + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REDIRECT \ + ~IP_NF_TARGET_REJECT \ + ~NETFILTER_XT_CONNMARK \ + ~NETFILTER_XT_MATCH_HELPER \ + ~NETFILTER_XT_MATCH_LIMIT \ + ~NETFILTER_XT_MATCH_OWNER \ + ~NETFILTER_XT_MATCH_STATE \ + ~NF_CONNTRACK \ + ~NF_CONNTRACK_IPV4 \ + ~NF_CONNTRACK_MARK \ + ~NF_NAT \ + ~NF_NAT_FTP \ + ~NF_NAT_IRC \ + " + linux-info_pkg_setup +} + +src_configure() { + econf \ + --disable-vnetbuild \ + $(use_enable ipset update-ipsets) \ + $(use_enable doc) \ + $(use_enable ipv6) +} + +src_install() { + default + + newconfd "${FILESDIR}"/firehol.confd firehol + newinitd "${FILESDIR}"/firehol.initd firehol + newconfd "${FILESDIR}"/fireqos.confd fireqos + newinitd "${FILESDIR}"/fireqos.initd fireqos +} diff --git a/net-firewall/firehol/firehol-3.1.7-r1.ebuild b/net-firewall/firehol/firehol-3.1.7-r1.ebuild new file mode 100644 index 000000000000..1432243602f9 --- /dev/null +++ b/net-firewall/firehol/firehol-3.1.7-r1.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol" +SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +IUSE="doc ipv6 ipset" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" + +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal,ipv6(+)?] + sys-apps/kmod[tools] + net-misc/iputils[ipv6(+)?] + net-misc/iprange + net-analyzer/traceroute + app-arch/gzip + ipset? ( + net-firewall/ipset + )" +DEPEND="${RDEPEND}" + +pkg_setup() { + local CONFIG_CHECK=" \ + ~IP_NF_FILTER \ + ~IP_NF_IPTABLES \ + ~IP_NF_MANGLE \ + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REDIRECT \ + ~IP_NF_TARGET_REJECT \ + ~NETFILTER_XT_CONNMARK \ + ~NETFILTER_XT_MATCH_HELPER \ + ~NETFILTER_XT_MATCH_LIMIT \ + ~NETFILTER_XT_MATCH_OWNER \ + ~NETFILTER_XT_MATCH_STATE \ + ~NF_CONNTRACK \ + ~NF_CONNTRACK_IPV4 \ + ~NF_CONNTRACK_MARK \ + ~NF_NAT \ + ~NF_NAT_FTP \ + ~NF_NAT_IRC \ + " + linux-info_pkg_setup +} + +src_configure() { + econf \ + --disable-vnetbuild \ + $(use_enable ipset update-ipsets) \ + $(use_enable doc) \ + $(use_enable ipv6) +} + +src_install() { + default + + newconfd "${FILESDIR}"/firehol.confd firehol + newinitd "${FILESDIR}"/firehol.initd firehol + newconfd "${FILESDIR}"/fireqos.confd fireqos + newinitd "${FILESDIR}"/fireqos.initd fireqos +} diff --git a/net-firewall/firehol/firehol-3.1.7.ebuild b/net-firewall/firehol/firehol-3.1.7.ebuild deleted file mode 100644 index 3d7828d589f3..000000000000 --- a/net-firewall/firehol/firehol-3.1.7.ebuild +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit linux-info - -DESCRIPTION="iptables firewall generator" -HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol" -SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -IUSE="doc ipv6 ipset" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" - -RDEPEND="net-firewall/iptables - sys-apps/iproute2[-minimal,ipv6?] - sys-apps/kmod[tools] - net-misc/iputils[ipv6?] - net-misc/iprange - net-analyzer/traceroute - app-arch/gzip - ipset? ( - net-firewall/ipset - )" -DEPEND="${RDEPEND}" - -pkg_setup() { - local CONFIG_CHECK=" \ - ~IP_NF_FILTER \ - ~IP_NF_IPTABLES \ - ~IP_NF_MANGLE \ - ~IP_NF_TARGET_MASQUERADE - ~IP_NF_TARGET_REDIRECT \ - ~IP_NF_TARGET_REJECT \ - ~NETFILTER_XT_CONNMARK \ - ~NETFILTER_XT_MATCH_HELPER \ - ~NETFILTER_XT_MATCH_LIMIT \ - ~NETFILTER_XT_MATCH_OWNER \ - ~NETFILTER_XT_MATCH_STATE \ - ~NF_CONNTRACK \ - ~NF_CONNTRACK_IPV4 \ - ~NF_CONNTRACK_MARK \ - ~NF_NAT \ - ~NF_NAT_FTP \ - ~NF_NAT_IRC \ - " - linux-info_pkg_setup -} - -src_configure() { - econf \ - --disable-vnetbuild \ - $(use_enable ipset update-ipsets) \ - $(use_enable doc) \ - $(use_enable ipv6) -} - -src_install() { - default - - newconfd "${FILESDIR}"/firehol.confd firehol - newinitd "${FILESDIR}"/firehol.initd firehol - newconfd "${FILESDIR}"/fireqos.confd fireqos - newinitd "${FILESDIR}"/fireqos.initd fireqos -} diff --git a/net-firewall/firewalld/Manifest b/net-firewall/firewalld/Manifest index c6e0905d87e4..1f43b2d893a4 100644 --- a/net-firewall/firewalld/Manifest +++ b/net-firewall/firewalld/Manifest @@ -1,6 +1,9 @@ AUX firewalld.init 250 BLAKE2B 1c0f690e24313037b801902aa772a9d1cb6889a05f142bc3d84602002ef053cd059b5193983f9fe6d89065a070a566a6a9ba8212a092435953ebed80ea7c7b40 SHA512 457cda01449f38563e98e1db937fe1c50745eab91797f52687e3ab9f5d94dd42d129740ae6669e99666a3f096d631dd3a44e66010b638b31b9c6ba798362403e +AUX firewalld.service 581 BLAKE2B b4eb7549305da68bc53f913d5d0a3ff2595e8e482ed2a474ede645f33b8192e142cd1aa964c5c1dcf8a7c336c68d494ee13421ec7566312a4f89330c236cab9c SHA512 b81fb8414619b3661985cbac001a47c76d76b13eebe421919a838fa0396e6470a3109e0d20d88f423ff43b6e48c0537467125a85bf8939ef0ab6ded4d4829b03 DIST firewalld-1.0.2.tar.gz 1307963 BLAKE2B 11a7710981ba39f4bcb8431558e5b558a60d77fb1aa3fe4c5febc37f2eab754a6608e4820b6318c963bb6290a9b26ae9e162d9e46277c34dfdacac46ba938b21 SHA512 fbb60a6f52e5be26051303769b6521a6c775d450ab6704f2d63fe38dc6194976ad36f1d924380d09012f41ab6dab1f6f78c5a859fbfe00c52cdff40d82e62283 DIST firewalld-1.0.3.tar.gz 1310433 BLAKE2B c414a347ca1008e010bf8393e45ffff38b5845fde7cc53b810276e46d67c6302cfe93a59665ad6ebc533b3ae04908f9089546b109888f60f0c798f3cac62a30d SHA512 0ba423e8c294d143f31bbdac13553e58cd0a3429812b555829c34f411478c26cffcc40095218539155e9ed7fe7e360fb8dd85a572a8ad9d5650b0cc206fe42a1 -EBUILD firewalld-1.0.2.ebuild 4867 BLAKE2B 5e97f6a478175dc881495f101a0512903605f1c00eefe3a92df8ab911201f59f6d8a4f5424f85b3bfbf3022ecfb90e07aa6e94dbba6dae75de39d105f912a589 SHA512 15530ee582d0299945269fd321ef75d7a45366d94f09c82073a423cc60583ab926da8ee0a07cfdcc92011e96192a8092e77877f90a02693d57dcb3d9ab40c802 -EBUILD firewalld-1.0.3.ebuild 4866 BLAKE2B 6df55d8766851c6100a8612a6416cd39a3f239bc4269d785b92d6e1776d53a257cc982019e39edc505665da9cb7772bca800f6029cfa5f587dd7f133061a4c4a SHA512 d78b1b35aa8145c2e0b3fd662b5b8c5cf77fb0cb23cb7b4109eab667f6355c73893a4e00eb9b911c259a908e445559668f14f66ef6af0989b2fc7181273036d4 +DIST firewalld-1.1.0.tar.gz 1324519 BLAKE2B d9f97c88a1ed44b325bb95616770c0aff6e0088bccd08d062b3be686964d3d36003c1e13809a8802af2062ff7544b2a1fd870c1e933952a9b77af989ec0f9b54 SHA512 4cb8b0d6387de72827d06c19019e5608e36f647a70aef04879f9225795571638758abd5ff6333bd9db816b6de40d7e8df04c402556c2402e85ad34633d337091 +EBUILD firewalld-1.0.2-r1.ebuild 4845 BLAKE2B 97a508d2b0549aa2479f85b5a408dc69c578056eb7260e18c8f3c529e0671d6717bc71ccd76599e902067d0999816636a2049a705593d4ea9a4c42574d20fb96 SHA512 8ce1404b9784a415bc82c46add90d3166901dc2ddab234a549f6be103f03cedb0f9bd3dcd8aa68a2883bf64a4eadabda2475bcdf1ad64d24aeddf73c8a50ec61 +EBUILD firewalld-1.0.3-r1.ebuild 4840 BLAKE2B 564b9da71fd3d7c8e17ec2cd36864c7079116125b6e0d8cff129127ef377820d41ba2f04ccba0d37e7df7a21a37794d341c9071859e56ab918645479e59068e6 SHA512 519487890a562cd085ffc047d1235e8b7ffbc4be682ca258df8dcde2ded376714fdaaa989e21f9e4929241bc1dc1ada6d4219a02bd67c690713c18dc09610b25 +EBUILD firewalld-1.1.0-r1.ebuild 5145 BLAKE2B 1332093e6c04f4973b5161e46f9dbd113eb41e8050d74cc4b2d0ad3875b81566e8af8b23bcbdccccd56fcd215eb1453c7f1ddf069f68dc00ab24f0a2ba66e31f SHA512 e60a7b2e23c00cc9a8d5a46f63a0690b2831756b680404f27dcd70a5f7931fb79ca69076bcf89b7f48b41b86351e6019eb4398aef1aab259a7d872cf8c1f8285 MISC metadata.xml 587 BLAKE2B f4a873c64f1760c1d28f09886573b638053e23bc2562674b4c21b81414c66271ff8c168d3a98f402bb0d2a3f8982b29cbd77817f0eac346f0774b51ed014113d SHA512 47bd8f14d0eeae00a59fc0507dd178f4420381a8ba197535936acba3aae0344614f003647636c0361c5cc0ef86d2653d7ca175cdeb2d5fdbc8869c3e633df6ba diff --git a/net-firewall/firewalld/files/firewalld.service b/net-firewall/firewalld/files/firewalld.service new file mode 100644 index 000000000000..708326f58fed --- /dev/null +++ b/net-firewall/firewalld/files/firewalld.service @@ -0,0 +1,22 @@ +[Unit] +Description=firewalld - dynamic firewall daemon +Before=network-pre.target +Wants=network-pre.target +After=dbus.service +After=polkit.service +Documentation=man:firewalld(1) + +[Service] +EnvironmentFile=-/etc/sysconfig/firewalld +ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS +ExecReload=/bin/kill -HUP $MAINPID +# supress to log debug and error output also to /var/log/messages +StandardOutput=null +StandardError=null +Type=dbus +BusName=org.fedoraproject.FirewallD1 +KillMode=mixed + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.fedoraproject.FirewallD1.service diff --git a/net-firewall/firewalld/firewalld-1.0.2-r1.ebuild b/net-firewall/firewalld/firewalld-1.0.2-r1.ebuild new file mode 100644 index 000000000000..36b30b91cc4e --- /dev/null +++ b/net-firewall/firewalld/firewalld-1.0.2-r1.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8,9,10} ) +inherit autotools bash-completion-r1 gnome2-utils linux-info plocale python-single-r1 systemd xdg-utils + +DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall" +HOMEPAGE="https://www.firewalld.org/" +SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv x86" +IUSE="gui +nftables +iptables" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND="${PYTHON_DEPS} + iptables? ( + net-firewall/iptables[ipv6(+)] + net-firewall/ebtables + net-firewall/ipset + nftables? ( net-firewall/nftables[xtables(+)] ) + ) + || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) + $(python_gen_cond_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + gui? ( + x11-libs/gtk+:3 + dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] + ) + nftables? ( >=net-firewall/nftables-0.9.4[python,json] ) + ')" +DEPEND="${RDEPEND} + dev-libs/glib:2" +BDEPEND=">=dev-util/intltool-0.35 + sys-devel/gettext" + +RESTRICT="test" # bug 650760 + +# Testsuite's Makefile.am calls missing(!) +# ... but this seems to be consistent with the autoconf docs? +# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html +QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*" + +PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW" + +pkg_setup() { + # See bug #830132 for the huge list + # We can probably narrow it down a bit but it's rather fragile + local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER + ~NETFILTER_ADVANCED + ~NETFILTER_INGRESS + ~NF_NAT_MASQUERADE + ~NF_NAT_REDIRECT + ~NF_TABLES_INET + ~NF_TABLES_IPV4 + ~NF_TABLES_IPV6 + ~NF_CONNTRACK + ~NF_CONNTRACK_BROADCAST + ~NF_CONNTRACK_NETBIOS + ~NF_CONNTRACK_TFTP + ~NF_CT_NETLINK + ~NF_CT_NETLINK_HELPER + ~NF_DEFRAG_IPV4 + ~NF_DEFRAG_IPV6 + ~NF_NAT + ~NF_NAT_TFTP + ~NF_REJECT_IPV4 + ~NF_REJECT_IPV6 + ~NF_SOCKET_IPV4 + ~NF_SOCKET_IPV6 + ~NF_TABLES + ~NF_TABLES_SET + ~NF_TPROXY_IPV4 + ~NF_TPROXY_IPV6 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_MANGLE + ~IP_NF_NAT + ~IP_NF_RAW + ~IP_NF_SECURITY + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REJECT + ~IP6_NF_FILTER + ~IP6_NF_IPTABLES + ~IP6_NF_MANGLE + ~IP6_NF_NAT + ~IP6_NF_RAW + ~IP6_NF_SECURITY + ~IP6_NF_TARGET_MASQUERADE + ~IP6_NF_TARGET_REJECT + ~IP_SET + ~NETFILTER_CONNCOUNT + ~NETFILTER_NETLINK + ~NETFILTER_NETLINK_OSF + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_SYNPROXY + ~NETFILTER_XTABLES + ~NETFILTER_XT_CONNMARK + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NETFILTER_XT_NAT + ~NETFILTER_XT_TARGET_MASQUERADE + ~NFT_COMPAT + ~NFT_COUNTER + ~NFT_CT + ~NFT_FIB + ~NFT_FIB_INET + ~NFT_FIB_IPV4 + ~NFT_FIB_IPV6 + ~NFT_HASH + ~NFT_LIMIT + ~NFT_LOG + ~NFT_MASQ + ~NFT_NAT + ~NFT_NET + ~NFT_OBJREF + ~NFT_QUEUE + ~NFT_QUOTA + ~NFT_REDIR + ~NFT_REJECT + ~NFT_REJECT_INET + ~NFT_REJECT_IPV4 + ~NFT_REJECT_IPV6 + ~NFT_SOCKET + ~NFT_SYNPROXY + ~NFT_TPROXY + ~NFT_TUNNEL + ~NFT_XFRM" + + # kernel >= 4.19 has unified a NF_CONNTRACK module, bug 692944 + if kernel_is -lt 4 19; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6" + fi + + linux-info_pkg_setup +} + +src_prepare() { + default + + eautoreconf + + plocale_find_changes "po" "" ".po" + plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS +} + +src_configure() { + python_setup + + local econf_args=( + --enable-systemd + $(use_with iptables iptables "${EPREFIX}/sbin/iptables") + $(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore") + $(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables") + $(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore") + $(use_with iptables ebtables "${EPREFIX}/sbin/ebtables") + $(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore") + $(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset") + --with-systemd-unitdir="$(systemd_get_systemunitdir)" + --with-bashcompletiondir="$(get_bashcompdir)" + ) + + econf "${econf_args[@]}" +} + +src_install() { + default + python_optimize + + # Get rid of junk + rm -rf "${D}/etc/sysconfig/" || die + + # For non-gui installs we need to remove GUI bits + if ! use gui; then + rm -rf "${D}/etc/xdg/autostart" || die + rm -f "${D}/usr/bin/firewall-applet" || die + rm -f "${D}/usr/bin/firewall-config" || die + rm -rf "${D}/usr/share/applications" || die + rm -rf "${D}/usr/share/icons" || die + fi + + newinitd "${FILESDIR}"/firewalld.init firewalld +} + +pkg_preinst() { + gnome2_schemas_savelist +} + +pkg_postinst() { + xdg_icon_cache_update + gnome2_schemas_update +} + +pkg_postrm() { + xdg_icon_cache_update + gnome2_schemas_update +} diff --git a/net-firewall/firewalld/firewalld-1.0.2.ebuild b/net-firewall/firewalld/firewalld-1.0.2.ebuild deleted file mode 100644 index a5b813717e90..000000000000 --- a/net-firewall/firewalld/firewalld-1.0.2.ebuild +++ /dev/null @@ -1,204 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{8,9,10} ) -inherit autotools bash-completion-r1 gnome2-utils linux-info plocale python-single-r1 systemd xdg-utils - -DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall" -HOMEPAGE="https://www.firewalld.org/" -SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 ~arm arm64 ~ppc64 ~riscv x86" -IUSE="gui +nftables +iptables" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" - -RDEPEND="${PYTHON_DEPS} - !!net-firewall/gshield - iptables? ( - net-firewall/iptables[ipv6] - net-firewall/ebtables - net-firewall/ipset - nftables? ( net-firewall/nftables[xtables(+)] ) - ) - || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) - $(python_gen_cond_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/pygobject:3[${PYTHON_USEDEP}] - gui? ( - x11-libs/gtk+:3 - dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] - ) - nftables? ( >=net-firewall/nftables-0.9.4[python,json] ) - ')" -DEPEND="${RDEPEND} - dev-libs/glib:2" -BDEPEND=">=dev-util/intltool-0.35 - sys-devel/gettext" - -RESTRICT="test" # bug 650760 - -# Testsuite's Makefile.am calls missing(!) -# ... but this seems to be consistent with the autoconf docs? -# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html -QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*" - -PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW" - -pkg_setup() { - # See bug #830132 for the huge list - # We can probably narrow it down a bit but it's rather fragile - local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER - ~NETFILTER_ADVANCED - ~NETFILTER_INGRESS - ~NF_NAT_MASQUERADE - ~NF_NAT_REDIRECT - ~NF_TABLES_INET - ~NF_TABLES_IPV4 - ~NF_TABLES_IPV6 - ~NF_CONNTRACK - ~NF_CONNTRACK_BROADCAST - ~NF_CONNTRACK_NETBIOS - ~NF_CONNTRACK_TFTP - ~NF_CT_NETLINK - ~NF_CT_NETLINK_HELPER - ~NF_DEFRAG_IPV4 - ~NF_DEFRAG_IPV6 - ~NF_NAT - ~NF_NAT_TFTP - ~NF_REJECT_IPV4 - ~NF_REJECT_IPV6 - ~NF_SOCKET_IPV4 - ~NF_SOCKET_IPV6 - ~NF_TABLES - ~NF_TABLES_SET - ~NF_TPROXY_IPV4 - ~NF_TPROXY_IPV6 - ~IP_NF_FILTER - ~IP_NF_IPTABLES - ~IP_NF_MANGLE - ~IP_NF_NAT - ~IP_NF_RAW - ~IP_NF_SECURITY - ~IP_NF_TARGET_MASQUERADE - ~IP_NF_TARGET_REJECT - ~IP6_NF_FILTER - ~IP6_NF_IPTABLES - ~IP6_NF_MANGLE - ~IP6_NF_NAT - ~IP6_NF_RAW - ~IP6_NF_SECURITY - ~IP6_NF_TARGET_MASQUERADE - ~IP6_NF_TARGET_REJECT - ~IP_SET - ~NETFILTER_CONNCOUNT - ~NETFILTER_NETLINK - ~NETFILTER_NETLINK_OSF - ~NETFILTER_NETLINK_QUEUE - ~NETFILTER_SYNPROXY - ~NETFILTER_XTABLES - ~NETFILTER_XT_CONNMARK - ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER_XT_MATCH_MULTIPORT - ~NETFILTER_XT_MATCH_STATE - ~NETFILTER_XT_NAT - ~NETFILTER_XT_TARGET_MASQUERADE - ~NFT_COMPAT - ~NFT_COUNTER - ~NFT_CT - ~NFT_FIB - ~NFT_FIB_INET - ~NFT_FIB_IPV4 - ~NFT_FIB_IPV6 - ~NFT_HASH - ~NFT_LIMIT - ~NFT_LOG - ~NFT_MASQ - ~NFT_NAT - ~NFT_NET - ~NFT_OBJREF - ~NFT_QUEUE - ~NFT_QUOTA - ~NFT_REDIR - ~NFT_REJECT - ~NFT_REJECT_INET - ~NFT_REJECT_IPV4 - ~NFT_REJECT_IPV6 - ~NFT_SOCKET - ~NFT_SYNPROXY - ~NFT_TPROXY - ~NFT_TUNNEL - ~NFT_XFRM" - - # kernel >= 4.19 has unified a NF_CONNTRACK module, bug 692944 - if kernel_is -lt 4 19; then - CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6" - fi - - linux-info_pkg_setup -} - -src_prepare() { - default - - eautoreconf - - plocale_find_changes "po" "" ".po" - plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS -} - -src_configure() { - python_setup - - local econf_args=( - --enable-systemd - $(use_with iptables iptables "${EPREFIX}/sbin/iptables") - $(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore") - $(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables") - $(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore") - $(use_with iptables ebtables "${EPREFIX}/sbin/ebtables") - $(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore") - $(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset") - --with-systemd-unitdir="$(systemd_get_systemunitdir)" - --with-bashcompletiondir="$(get_bashcompdir)" - ) - - econf "${econf_args[@]}" -} - -src_install() { - default - python_optimize - - # Get rid of junk - rm -rf "${D}/etc/sysconfig/" || die - - # For non-gui installs we need to remove GUI bits - if ! use gui; then - rm -rf "${D}/etc/xdg/autostart" || die - rm -f "${D}/usr/bin/firewall-applet" || die - rm -f "${D}/usr/bin/firewall-config" || die - rm -rf "${D}/usr/share/applications" || die - rm -rf "${D}/usr/share/icons" || die - fi - - newinitd "${FILESDIR}"/firewalld.init firewalld -} - -pkg_preinst() { - gnome2_schemas_savelist -} - -pkg_postinst() { - xdg_icon_cache_update - gnome2_schemas_update -} - -pkg_postrm() { - xdg_icon_cache_update - gnome2_schemas_update -} diff --git a/net-firewall/firewalld/firewalld-1.0.3-r1.ebuild b/net-firewall/firewalld/firewalld-1.0.3-r1.ebuild new file mode 100644 index 000000000000..44c9ba18b636 --- /dev/null +++ b/net-firewall/firewalld/firewalld-1.0.3-r1.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8,9,10} ) +inherit autotools bash-completion-r1 gnome2-utils linux-info plocale python-single-r1 systemd xdg-utils + +DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall" +HOMEPAGE="https://firewalld.org/" +SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86" +IUSE="gui +nftables +iptables" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND="${PYTHON_DEPS} + iptables? ( + net-firewall/iptables[ipv6(+)] + net-firewall/ebtables + net-firewall/ipset + nftables? ( net-firewall/nftables[xtables(+)] ) + ) + || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) + $(python_gen_cond_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + gui? ( + x11-libs/gtk+:3 + dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] + ) + nftables? ( >=net-firewall/nftables-0.9.4[python,json] ) + ')" +DEPEND="${RDEPEND} + dev-libs/glib:2" +BDEPEND=">=dev-util/intltool-0.35 + sys-devel/gettext" + +RESTRICT="test" # bug 650760 + +# Testsuite's Makefile.am calls missing(!) +# ... but this seems to be consistent with the autoconf docs? +# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html +QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*" + +PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW" + +pkg_setup() { + # See bug #830132 for the huge list + # We can probably narrow it down a bit but it's rather fragile + local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER + ~NETFILTER_ADVANCED + ~NETFILTER_INGRESS + ~NF_NAT_MASQUERADE + ~NF_NAT_REDIRECT + ~NF_TABLES_INET + ~NF_TABLES_IPV4 + ~NF_TABLES_IPV6 + ~NF_CONNTRACK + ~NF_CONNTRACK_BROADCAST + ~NF_CONNTRACK_NETBIOS + ~NF_CONNTRACK_TFTP + ~NF_CT_NETLINK + ~NF_CT_NETLINK_HELPER + ~NF_DEFRAG_IPV4 + ~NF_DEFRAG_IPV6 + ~NF_NAT + ~NF_NAT_TFTP + ~NF_REJECT_IPV4 + ~NF_REJECT_IPV6 + ~NF_SOCKET_IPV4 + ~NF_SOCKET_IPV6 + ~NF_TABLES + ~NF_TABLES_SET + ~NF_TPROXY_IPV4 + ~NF_TPROXY_IPV6 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_MANGLE + ~IP_NF_NAT + ~IP_NF_RAW + ~IP_NF_SECURITY + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REJECT + ~IP6_NF_FILTER + ~IP6_NF_IPTABLES + ~IP6_NF_MANGLE + ~IP6_NF_NAT + ~IP6_NF_RAW + ~IP6_NF_SECURITY + ~IP6_NF_TARGET_MASQUERADE + ~IP6_NF_TARGET_REJECT + ~IP_SET + ~NETFILTER_CONNCOUNT + ~NETFILTER_NETLINK + ~NETFILTER_NETLINK_OSF + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_SYNPROXY + ~NETFILTER_XTABLES + ~NETFILTER_XT_CONNMARK + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NETFILTER_XT_NAT + ~NETFILTER_XT_TARGET_MASQUERADE + ~NFT_COMPAT + ~NFT_COUNTER + ~NFT_CT + ~NFT_FIB + ~NFT_FIB_INET + ~NFT_FIB_IPV4 + ~NFT_FIB_IPV6 + ~NFT_HASH + ~NFT_LIMIT + ~NFT_LOG + ~NFT_MASQ + ~NFT_NAT + ~NFT_NET + ~NFT_OBJREF + ~NFT_QUEUE + ~NFT_QUOTA + ~NFT_REDIR + ~NFT_REJECT + ~NFT_REJECT_INET + ~NFT_REJECT_IPV4 + ~NFT_REJECT_IPV6 + ~NFT_SOCKET + ~NFT_SYNPROXY + ~NFT_TPROXY + ~NFT_TUNNEL + ~NFT_XFRM" + + # kernel >= 4.19 has unified a NF_CONNTRACK module, bug 692944 + if kernel_is -lt 4 19; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6" + fi + + linux-info_pkg_setup +} + +src_prepare() { + default + + eautoreconf + + plocale_find_changes "po" "" ".po" + plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS +} + +src_configure() { + python_setup + + local econf_args=( + --enable-systemd + $(use_with iptables iptables "${EPREFIX}/sbin/iptables") + $(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore") + $(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables") + $(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore") + $(use_with iptables ebtables "${EPREFIX}/sbin/ebtables") + $(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore") + $(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset") + --with-systemd-unitdir="$(systemd_get_systemunitdir)" + --with-bashcompletiondir="$(get_bashcompdir)" + ) + + econf "${econf_args[@]}" +} + +src_install() { + default + python_optimize + + # Get rid of junk + rm -rf "${D}/etc/sysconfig/" || die + + # For non-gui installs we need to remove GUI bits + if ! use gui; then + rm -rf "${D}/etc/xdg/autostart" || die + rm -f "${D}/usr/bin/firewall-applet" || die + rm -f "${D}/usr/bin/firewall-config" || die + rm -rf "${D}/usr/share/applications" || die + rm -rf "${D}/usr/share/icons" || die + fi + + newinitd "${FILESDIR}"/firewalld.init firewalld +} + +pkg_preinst() { + gnome2_schemas_savelist +} + +pkg_postinst() { + xdg_icon_cache_update + gnome2_schemas_update +} + +pkg_postrm() { + xdg_icon_cache_update + gnome2_schemas_update +} diff --git a/net-firewall/firewalld/firewalld-1.0.3.ebuild b/net-firewall/firewalld/firewalld-1.0.3.ebuild deleted file mode 100644 index 510d602c75ab..000000000000 --- a/net-firewall/firewalld/firewalld-1.0.3.ebuild +++ /dev/null @@ -1,204 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{8,9,10} ) -inherit autotools bash-completion-r1 gnome2-utils linux-info plocale python-single-r1 systemd xdg-utils - -DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall" -HOMEPAGE="https://firewalld.org/" -SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" -IUSE="gui +nftables +iptables" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" - -RDEPEND="${PYTHON_DEPS} - !!net-firewall/gshield - iptables? ( - net-firewall/iptables[ipv6] - net-firewall/ebtables - net-firewall/ipset - nftables? ( net-firewall/nftables[xtables(+)] ) - ) - || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) - $(python_gen_cond_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/pygobject:3[${PYTHON_USEDEP}] - gui? ( - x11-libs/gtk+:3 - dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] - ) - nftables? ( >=net-firewall/nftables-0.9.4[python,json] ) - ')" -DEPEND="${RDEPEND} - dev-libs/glib:2" -BDEPEND=">=dev-util/intltool-0.35 - sys-devel/gettext" - -RESTRICT="test" # bug 650760 - -# Testsuite's Makefile.am calls missing(!) -# ... but this seems to be consistent with the autoconf docs? -# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html -QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*" - -PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW" - -pkg_setup() { - # See bug #830132 for the huge list - # We can probably narrow it down a bit but it's rather fragile - local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER - ~NETFILTER_ADVANCED - ~NETFILTER_INGRESS - ~NF_NAT_MASQUERADE - ~NF_NAT_REDIRECT - ~NF_TABLES_INET - ~NF_TABLES_IPV4 - ~NF_TABLES_IPV6 - ~NF_CONNTRACK - ~NF_CONNTRACK_BROADCAST - ~NF_CONNTRACK_NETBIOS - ~NF_CONNTRACK_TFTP - ~NF_CT_NETLINK - ~NF_CT_NETLINK_HELPER - ~NF_DEFRAG_IPV4 - ~NF_DEFRAG_IPV6 - ~NF_NAT - ~NF_NAT_TFTP - ~NF_REJECT_IPV4 - ~NF_REJECT_IPV6 - ~NF_SOCKET_IPV4 - ~NF_SOCKET_IPV6 - ~NF_TABLES - ~NF_TABLES_SET - ~NF_TPROXY_IPV4 - ~NF_TPROXY_IPV6 - ~IP_NF_FILTER - ~IP_NF_IPTABLES - ~IP_NF_MANGLE - ~IP_NF_NAT - ~IP_NF_RAW - ~IP_NF_SECURITY - ~IP_NF_TARGET_MASQUERADE - ~IP_NF_TARGET_REJECT - ~IP6_NF_FILTER - ~IP6_NF_IPTABLES - ~IP6_NF_MANGLE - ~IP6_NF_NAT - ~IP6_NF_RAW - ~IP6_NF_SECURITY - ~IP6_NF_TARGET_MASQUERADE - ~IP6_NF_TARGET_REJECT - ~IP_SET - ~NETFILTER_CONNCOUNT - ~NETFILTER_NETLINK - ~NETFILTER_NETLINK_OSF - ~NETFILTER_NETLINK_QUEUE - ~NETFILTER_SYNPROXY - ~NETFILTER_XTABLES - ~NETFILTER_XT_CONNMARK - ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER_XT_MATCH_MULTIPORT - ~NETFILTER_XT_MATCH_STATE - ~NETFILTER_XT_NAT - ~NETFILTER_XT_TARGET_MASQUERADE - ~NFT_COMPAT - ~NFT_COUNTER - ~NFT_CT - ~NFT_FIB - ~NFT_FIB_INET - ~NFT_FIB_IPV4 - ~NFT_FIB_IPV6 - ~NFT_HASH - ~NFT_LIMIT - ~NFT_LOG - ~NFT_MASQ - ~NFT_NAT - ~NFT_NET - ~NFT_OBJREF - ~NFT_QUEUE - ~NFT_QUOTA - ~NFT_REDIR - ~NFT_REJECT - ~NFT_REJECT_INET - ~NFT_REJECT_IPV4 - ~NFT_REJECT_IPV6 - ~NFT_SOCKET - ~NFT_SYNPROXY - ~NFT_TPROXY - ~NFT_TUNNEL - ~NFT_XFRM" - - # kernel >= 4.19 has unified a NF_CONNTRACK module, bug 692944 - if kernel_is -lt 4 19; then - CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6" - fi - - linux-info_pkg_setup -} - -src_prepare() { - default - - eautoreconf - - plocale_find_changes "po" "" ".po" - plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS -} - -src_configure() { - python_setup - - local econf_args=( - --enable-systemd - $(use_with iptables iptables "${EPREFIX}/sbin/iptables") - $(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore") - $(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables") - $(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore") - $(use_with iptables ebtables "${EPREFIX}/sbin/ebtables") - $(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore") - $(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset") - --with-systemd-unitdir="$(systemd_get_systemunitdir)" - --with-bashcompletiondir="$(get_bashcompdir)" - ) - - econf "${econf_args[@]}" -} - -src_install() { - default - python_optimize - - # Get rid of junk - rm -rf "${D}/etc/sysconfig/" || die - - # For non-gui installs we need to remove GUI bits - if ! use gui; then - rm -rf "${D}/etc/xdg/autostart" || die - rm -f "${D}/usr/bin/firewall-applet" || die - rm -f "${D}/usr/bin/firewall-config" || die - rm -rf "${D}/usr/share/applications" || die - rm -rf "${D}/usr/share/icons" || die - fi - - newinitd "${FILESDIR}"/firewalld.init firewalld -} - -pkg_preinst() { - gnome2_schemas_savelist -} - -pkg_postinst() { - xdg_icon_cache_update - gnome2_schemas_update -} - -pkg_postrm() { - xdg_icon_cache_update - gnome2_schemas_update -} diff --git a/net-firewall/firewalld/firewalld-1.1.0-r1.ebuild b/net-firewall/firewalld/firewalld-1.1.0-r1.ebuild new file mode 100644 index 000000000000..9b7cca65163e --- /dev/null +++ b/net-firewall/firewalld/firewalld-1.1.0-r1.ebuild @@ -0,0 +1,213 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8,9,10} ) +inherit autotools bash-completion-r1 gnome2-utils linux-info optfeature plocale python-single-r1 systemd xdg-utils + +DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall" +HOMEPAGE="https://firewalld.org/" +SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="gui +nftables +iptables" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND="${PYTHON_DEPS} + iptables? ( + net-firewall/iptables[ipv6(+)] + net-firewall/ebtables + net-firewall/ipset + nftables? ( net-firewall/nftables[xtables(+)] ) + ) + || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) + $(python_gen_cond_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + gui? ( + x11-libs/gtk+:3 + dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] + ) + nftables? ( >=net-firewall/nftables-0.9.4[python,json] ) + ')" +DEPEND="${RDEPEND} + dev-libs/glib:2" +BDEPEND=">=dev-util/intltool-0.35 + sys-devel/gettext" + +RESTRICT="test" # bug 650760 + +# Testsuite's Makefile.am calls missing(!) +# ... but this seems to be consistent with the autoconf docs? +# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html +QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*" + +PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hr hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW" + +pkg_setup() { + # See bug #830132 for the huge list + # We can probably narrow it down a bit but it's rather fragile + local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER + ~NETFILTER_ADVANCED + ~NETFILTER_INGRESS + ~NF_NAT_MASQUERADE + ~NF_NAT_REDIRECT + ~NF_TABLES_INET + ~NF_TABLES_IPV4 + ~NF_TABLES_IPV6 + ~NF_CONNTRACK + ~NF_CONNTRACK_BROADCAST + ~NF_CONNTRACK_NETBIOS_NS + ~NF_CONNTRACK_TFTP + ~NF_CT_NETLINK + ~NF_CT_NETLINK_HELPER + ~NF_DEFRAG_IPV4 + ~NF_DEFRAG_IPV6 + ~NF_NAT + ~NF_NAT_TFTP + ~NF_REJECT_IPV4 + ~NF_REJECT_IPV6 + ~NF_SOCKET_IPV4 + ~NF_SOCKET_IPV6 + ~NF_TABLES + ~NF_TPROXY_IPV4 + ~NF_TPROXY_IPV6 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_MANGLE + ~IP_NF_NAT + ~IP_NF_RAW + ~IP_NF_SECURITY + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REJECT + ~IP6_NF_FILTER + ~IP6_NF_IPTABLES + ~IP6_NF_MANGLE + ~IP6_NF_NAT + ~IP6_NF_RAW + ~IP6_NF_SECURITY + ~IP6_NF_TARGET_MASQUERADE + ~IP6_NF_TARGET_REJECT + ~IP_SET + ~NETFILTER_CONNCOUNT + ~NETFILTER_NETLINK + ~NETFILTER_NETLINK_OSF + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_SYNPROXY + ~NETFILTER_XTABLES + ~NETFILTER_XT_CONNMARK + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NETFILTER_XT_NAT + ~NETFILTER_XT_TARGET_MASQUERADE + ~NFT_COMPAT + ~NFT_COUNTER + ~NFT_CT + ~NFT_FIB + ~NFT_FIB_INET + ~NFT_FIB_IPV4 + ~NFT_FIB_IPV6 + ~NFT_HASH + ~NFT_LIMIT + ~NFT_LOG + ~NFT_MASQ + ~NFT_NAT + ~NFT_OBJREF + ~NFT_QUEUE + ~NFT_QUOTA + ~NFT_REDIR + ~NFT_REJECT + ~NFT_REJECT_INET + ~NFT_REJECT_IPV4 + ~NFT_REJECT_IPV6 + ~NFT_SOCKET + ~NFT_SYNPROXY + ~NFT_TPROXY + ~NFT_TUNNEL + ~NFT_XFRM" + + # kernel >= 4.19 has unified a NF_CONNTRACK module, bug #692944 + if kernel_is -lt 4 19; then + CONFIG_CHECK+=" ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6" + fi + + # bug #831259 + if kernel_is -le 5 4 ; then + CONFIG_CHECK+=" ~NF_TABLES_SET" + fi + + linux-info_pkg_setup +} + +src_prepare() { + default + + eautoreconf + + plocale_find_changes "po" "" ".po" || die + plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS +} + +src_configure() { + python_setup + + local econf_args=( + --enable-systemd + $(use_with iptables iptables "${EPREFIX}/sbin/iptables") + $(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore") + $(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables") + $(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore") + $(use_with iptables ebtables "${EPREFIX}/sbin/ebtables") + $(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore") + $(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset") + --with-systemd-unitdir="$(systemd_get_systemunitdir)" + --with-bashcompletiondir="$(get_bashcompdir)" + ) + + econf "${econf_args[@]}" +} + +src_install() { + default + python_optimize + + # Get rid of junk + rm -rf "${D}/etc/sysconfig/" || die + + # For non-gui installs we need to remove GUI bits + if ! use gui; then + rm -rf "${D}/etc/xdg/autostart" || die + rm -f "${D}/usr/bin/firewall-applet" || die + rm -f "${D}/usr/bin/firewall-config" || die + rm -rf "${D}/usr/share/applications" || die + rm -rf "${D}/usr/share/icons" || die + fi + + newinitd "${FILESDIR}"/firewalld.init firewalld + + # Our version drops the/an obsolete 'conflicts' line with old iptables services + # bug #833506 + systemd_dounit "${FILESDIR}"/firewalld.service +} + +pkg_preinst() { + gnome2_schemas_savelist +} + +pkg_postinst() { + xdg_icon_cache_update + gnome2_schemas_update + + # bug #833569 + optfeature "changing zones with NetworkManager" gnome-extra/nm-applet +} + +pkg_postrm() { + xdg_icon_cache_update + gnome2_schemas_update +} diff --git a/net-firewall/fwbuilder/Manifest b/net-firewall/fwbuilder/Manifest index d6b9618c461a..d1fe0dc4f4b9 100644 --- a/net-firewall/fwbuilder/Manifest +++ b/net-firewall/fwbuilder/Manifest @@ -4,6 +4,6 @@ AUX fwbuilder-6.0.0_rc1-automagic-ccache.patch 721 BLAKE2B 0fd2d5b6e7b564993b92e AUX fwbuilder-6.0.0_rc1-fix_version.patch 516 BLAKE2B e544ceceda6890f55a33eae0a1bef4fda23804a357b77cdc0ca79e129c6d16b738b391376dd8a43da1aeffe2f8c9a8ca174f53958f194a9e81998988ed2b7965 SHA512 b97198159c76030bf81ec7e86f48fa1da4cc982f614174d8baab431249ae45c19963765a5d101bc8e6cc4b75d8be13c918cd1f607a8d8e2dd4b544c6d57b95b6 DIST fwbuilder-5.3.7.tar.gz 7332419 BLAKE2B 130c5ab413263b61b7a78dfabe8d0db861ddfd8bfcee62eb11b9ac8c229c9a9e2b6d8a22e296a12e0e9d0fd9b503882eb06e62f7dc0f62487d760191fce8b553 SHA512 d6504ddab17e80cb332f005b6bbb16c15a7b4735361733f0e0437cb94059a5c9039e563be6e0e8d328954db2416b2c0bdbb8afa36cd946f61e7c7edaee47453b DIST fwbuilder-6.0.0_rc1.tar.gz 7281841 BLAKE2B 4adfb2c1ba22d781e98de2e02cc7cca6a1c214d3b63e156b76a351d1a7e399afaf0227ced4c9fa228c637c37247dd1cb6e88a0cc4231a3827ba2e5bd0b8a4c5e SHA512 11126c23d8b9f68e7cdcf0a6d3de1678f1b0c879959cef5484b30c2d41ab0377c70dce432d014331cfd376a5fd20e384db7342745a066e8159c2ae275d5bdec4 -EBUILD fwbuilder-5.3.7.ebuild 1482 BLAKE2B bf0f2d7e38908e69777f00c75b7139be568dce47dd94c346194af67443ba87d0167eee826243f4ec44b72ef8f8e858bc2272ac093972aa2f753d7ed2e367feae SHA512 6e0ae543d68a35816123b304da2eba45c901bee18e08c54dd5bc5684f94ffaa827d3ab2ee2a23f5955c45396d0da57a533dd1c7cb54cfa8a53c4094e91128000 -EBUILD fwbuilder-6.0.0_rc1.ebuild 1477 BLAKE2B 7f96cfb2fa4ed9a355f72e1df7134cb65c0bb642c48213fa1848d14b5d18076f05d7154c241bbb508794d547c1914bc09e8aed8de5dd226f735ae5734c2a06c9 SHA512 6e857373e92da2f021660441cfa1ab5ea2682d02947b16f650a515635e7dbc300300c1b407eb9bf2839b9049f1f77a2cdf0a6c44e4e3dacf26f5a9d52f964a9f +EBUILD fwbuilder-5.3.7.ebuild 1483 BLAKE2B c77ee0d179e37a08fafefac6bb2497af42022310d8137cfdd06009300711f9c8ed528d7787601ab6778f3a2c1bd490b77e6f2187e4a94e3b6fc269c57b48287a SHA512 db351c077d1b0e31afabf7e83d578fe50d032c3cd30fc954e334213ca17acb2d4eccd0e83755a59bf9cd0f73e14b389e24b873c28f760f8370abc7d6bb3265eb +EBUILD fwbuilder-6.0.0_rc1.ebuild 1478 BLAKE2B 58f7ceb225af15737c926c4df54774fbb2991eba77077cba2341006840f4b869a70f02d4aeeeb6aeacde3e0787cc411cca7e84893f4cdf15cca1a93f7ade70c2 SHA512 1c670689d8d1857a3c8e32a77f854262d98d0848e4bfcca440ad73f06b4580e5fc023b7dd4a219d61214695ea38079cdfa62590ed5ba23a1692b71305cc2c57e MISC metadata.xml 167 BLAKE2B 868e3b584722eaacf68273db062bb773d8c7e5d7ab2b81ca7e8397643bf7cc106c3a1033594401c99c54f667bb45d6b73f9048fc335580bbd44b4589ad26a832 SHA512 30caadd1496c3b9969136038239a1d8e01f236726b4022c2d7e19ca7575f25f735e556835e581afbf44fbd3e4104c40f2b5ef5fa70118d75c881fdf871962d0a diff --git a/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild b/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild index 23cb633f9aee..2e5604a324f7 100644 --- a/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild +++ b/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -11,7 +11,7 @@ SRC_URI="https://github.com/fwbuilder/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ppc ppc64 x86" +KEYWORDS="amd64 ~ppc ppc64 x86" IUSE="" DEPEND=" diff --git a/net-firewall/fwbuilder/fwbuilder-6.0.0_rc1.ebuild b/net-firewall/fwbuilder/fwbuilder-6.0.0_rc1.ebuild index 7fc8236ca0fb..9d701aa1ae56 100644 --- a/net-firewall/fwbuilder/fwbuilder-6.0.0_rc1.ebuild +++ b/net-firewall/fwbuilder/fwbuilder-6.0.0_rc1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -12,7 +12,7 @@ S="${WORKDIR}/${P/_/-}" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ppc ppc64 x86" +KEYWORDS="amd64 ~ppc ppc64 x86" IUSE="test" RESTRICT="!test? ( test ) test" diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest index b970a472684c..f46f7735a6e5 100644 --- a/net-firewall/fwknop/Manifest +++ b/net-firewall/fwknop/Manifest @@ -4,5 +4,5 @@ AUX fwknopd.init 2706 BLAKE2B 561cc62b1e557d425648947c25751dfb2fe323b04cb96ea1d0 AUX fwknopd.service 235 BLAKE2B c46c01121a745ee46a5415654c0ba422531008ed52915833712f748026eda3afd8019d6ec6bb86434b40ad273a4cc46115d3a64a73b621731ec68f3bad92dc41 SHA512 890bbba586183275cbd3b420a9c0d609ff3eca0fd239b4af97e2730e2790f317fc114f51d60107ba4fbddd2cabb60c70d8b615e2a75bb80cf27d352c894a1c6d AUX fwknopd.tmpfiles.conf 31 BLAKE2B 81d88d9bb1fd826c242b2815e1a6c0e5a300f22e19dd65ad67e114d692731cb532162ac877f0239879ebfcf0432d61053adcddd2c234d85ed60bf33720b22dcc SHA512 73b56a42c7728c9dabd82cd81bd6ffa1b948fe80fa67feee348ad65f957f1f2ea53c6b5d74fa2784ea75c45c2c27b5d989da4a618f3a4cf67914c927e04b74ae DIST fwknop-2.6.10.tar.gz 1988197 BLAKE2B d4c2010c64ab160f0edc02e2b1530749ee47ff6ed16d6b556d366daef7ce5e22ef38fbbbf6e8cfaa14e0d9706ba2b65937b03c70b54b3429ff1732ae33c1852c SHA512 3b3e35eda574abd1759431c88677eea7078c54cb3252c0ee0e1019b5b8224ed8844d30760da70a952e1cd92b04715a547f6effabda54678f791fff9afa32cd80 -EBUILD fwknop-2.6.10-r2.ebuild 3379 BLAKE2B f55fac553135a5a46ff8c491a3dac990885b7786e62926e59cb870dcd617f2c3b1a4981a18caac43e0565ff0b746838fc6cc765dff6011d2278461fb7d793834 SHA512 6b38fdfb06b8b2e10ff357983f0c46ebf3fdd7fb79110ad163ac397dc46d7bebb44e19c7aba43b43f4f07d2726471cca464bdc989d52bcd6c241b06ffd0094fc +EBUILD fwknop-2.6.10-r3.ebuild 3381 BLAKE2B 11a3b8bd6ed3888e3526f541fe9fd1822a7adc66354136ecd62d164364724d9960a62f40acea02fecf51e45743cab0d72ae4cd9b2fbe155da1a445c6f8a96837 SHA512 5d897a9b3cca73a4285ae56925c392fbf00df3b58c7abdebc7d71a8848611c968c02e39efee2bb463fd9f450ce6b0e99af0e5fcd660707979e9f7c08e1bb8bf3 MISC metadata.xml 1248 BLAKE2B 0e1cee756e1e5cf4ae7b4334b6d2dcb2f6ad67cf930d72cb6ab7ee4c84e3218474af88d3f3c03b306777be20e8763c771d28eb5762ae0d889f93dd8d559bc75a SHA512 8fb3ec7045a512f7c08250b5533a11a50a87ebf21837acd7c25db52434e7c55f2981adec0e8618824c1bfae8d8fc3200d7c2f94b4405bbffab010bdc60ca1c74 diff --git a/net-firewall/fwknop/fwknop-2.6.10-r2.ebuild b/net-firewall/fwknop/fwknop-2.6.10-r2.ebuild deleted file mode 100644 index f8c21045b3ae..000000000000 --- a/net-firewall/fwknop/fwknop-2.6.10-r2.ebuild +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools linux-info readme.gentoo-r1 systemd tmpfiles - -DESCRIPTION="Single Packet Authorization and Port Knocking application" -HOMEPAGE="https://www.cipherdyne.org/fwknop/" -SRC_URI="https://www.cipherdyne.org/fwknop/download/${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+client extras firewalld gdbm gpg +iptables nfqueue +server static-libs udp-server" - -DEPEND=" - client? ( net-misc/wget[ssl] ) - firewalld? ( net-firewall/firewalld ) - gdbm? ( sys-libs/gdbm ) - gpg? ( - app-crypt/gpgme - dev-libs/libassuan - dev-libs/libgpg-error - ) - iptables? ( net-firewall/iptables ) - nfqueue? ( net-libs/libnetfilter_queue ) - server? ( !nfqueue? ( !udp-server? ( net-libs/libpcap ) ) ) -" -RDEPEND="${DEPEND}" - -REQUIRED_USE=" - nfqueue? ( server ) - server? ( ^^ ( firewalld iptables ) ) - udp-server? ( server ) -" - -PATCHES=( "${FILESDIR}/${PN}-2.6.10_fno-common_fix.patch" ) - -DOCS=( AUTHORS ChangeLog README ) - -DISABLE_AUTOFORMATTING=1 -DOC_CONTENTS=" -Example configuration files were installed to '${EPREFIX}/etc/fwknopd/'. -Please edit them to suit your needs and then remove the .example suffix. - -fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf. -You can set the desired backend via FIREWALL_EXE option in fwknopd.conf -instead of the default one chosen at compile time. -" - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - default_src_prepare - - # Install example configs with .example suffix. - if use server; then - sed -i -e 's|conf;|conf.example;|g' Makefile.am || die - fi - - eautoreconf -} - -src_configure() { - local myeconfargs=( - --localstatedir="${EPREFIX}/run" - $(use_enable client) - $(use_enable !gdbm file-cache) - $(use_enable nfqueue nfq-capture) - $(use_enable server) - $(use_enable udp-server) - $(use_with gpg gpgme) - ) - use firewalld && myeconfargs+=(--with-firewalld="${EPREFIX}/usr/sbin/firewalld") - use iptables && myeconfargs+=(--with-iptables="${EPREFIX}/sbin/iptables") - - econf "${myeconfargs[@]}" -} - -src_install() { - default_src_install - - if use extras; then - dodoc extras/apparmor/usr.sbin.fwknopd - dodoc extras/console-qr/console-qr.sh - dodoc extras/fwknop-launcher/* - fi - - if use server; then - newinitd "${FILESDIR}/fwknopd.init" fwknopd - newconfd "${FILESDIR}/fwknopd.confd" fwknopd - systemd_dounit "${FILESDIR}/fwknopd.service" - newtmpfiles "${FILESDIR}/fwknopd.tmpfiles.conf" fwknopd.conf - readme.gentoo_create_doc - fi - - find "${ED}" -type f -name "*.la" -delete || die - - if ! use static-libs ; then - find "${ED}" -type f -name libfko.a -delete || die - fi -} - -pkg_postinst() { - if use server; then - readme.gentoo_print_elog - - tmpfiles_process fwknopd.conf - - if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then - echo - ewarn "fwknopd daemon relies on the 'comment' match in order to expire" - ewarn "created firewall rules, which is an important security feature." - ewarn "Please enable NETFILTER_XT_MATCH_COMMENT support in your kernel." - echo - fi - if use nfqueue && \ - ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_TARGET_NFQUEUE; then - echo - ewarn "fwknopd daemon relies on the 'NFQUEUE' target for NFQUEUE mode." - ewarn "Please enable NETFILTER_XT_TARGET_NFQUEUE support in your kernel." - echo - fi - fi -} diff --git a/net-firewall/fwknop/fwknop-2.6.10-r3.ebuild b/net-firewall/fwknop/fwknop-2.6.10-r3.ebuild new file mode 100644 index 000000000000..3b582da13606 --- /dev/null +++ b/net-firewall/fwknop/fwknop-2.6.10-r3.ebuild @@ -0,0 +1,128 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools linux-info readme.gentoo-r1 systemd tmpfiles + +DESCRIPTION="Single Packet Authorization and Port Knocking application" +HOMEPAGE="https://www.cipherdyne.org/fwknop/" +SRC_URI="https://www.cipherdyne.org/fwknop/download/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+client extras firewalld gdbm gpg +iptables nfqueue +server static-libs udp-server" + +DEPEND=" + client? ( net-misc/wget[ssl] ) + firewalld? ( net-firewall/firewalld ) + gdbm? ( sys-libs/gdbm ) + gpg? ( + app-crypt/gpgme:= + dev-libs/libassuan + dev-libs/libgpg-error + ) + iptables? ( net-firewall/iptables ) + nfqueue? ( net-libs/libnetfilter_queue ) + server? ( !nfqueue? ( !udp-server? ( net-libs/libpcap ) ) ) +" +RDEPEND="${DEPEND}" + +REQUIRED_USE=" + nfqueue? ( server ) + server? ( ^^ ( firewalld iptables ) ) + udp-server? ( server ) +" + +PATCHES=( "${FILESDIR}/${PN}-2.6.10_fno-common_fix.patch" ) + +DOCS=( AUTHORS ChangeLog README ) + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=" +Example configuration files were installed to '${EPREFIX}/etc/fwknopd/'. +Please edit them to suit your needs and then remove the .example suffix. + +fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf. +You can set the desired backend via FIREWALL_EXE option in fwknopd.conf +instead of the default one chosen at compile time. +" + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + default_src_prepare + + # Install example configs with .example suffix. + if use server; then + sed -i -e 's|conf;|conf.example;|g' Makefile.am || die + fi + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --localstatedir="${EPREFIX}/run" + $(use_enable client) + $(use_enable !gdbm file-cache) + $(use_enable nfqueue nfq-capture) + $(use_enable server) + $(use_enable udp-server) + $(use_with gpg gpgme) + ) + use firewalld && myeconfargs+=(--with-firewalld="${EPREFIX}/usr/sbin/firewalld") + use iptables && myeconfargs+=(--with-iptables="${EPREFIX}/sbin/iptables") + + econf "${myeconfargs[@]}" +} + +src_install() { + default_src_install + + if use extras; then + dodoc extras/apparmor/usr.sbin.fwknopd + dodoc extras/console-qr/console-qr.sh + dodoc extras/fwknop-launcher/* + fi + + if use server; then + newinitd "${FILESDIR}/fwknopd.init" fwknopd + newconfd "${FILESDIR}/fwknopd.confd" fwknopd + systemd_dounit "${FILESDIR}/fwknopd.service" + newtmpfiles "${FILESDIR}/fwknopd.tmpfiles.conf" fwknopd.conf + readme.gentoo_create_doc + fi + + find "${ED}" -type f -name "*.la" -delete || die + + if ! use static-libs ; then + find "${ED}" -type f -name libfko.a -delete || die + fi +} + +pkg_postinst() { + if use server; then + readme.gentoo_print_elog + + tmpfiles_process fwknopd.conf + + if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then + echo + ewarn "fwknopd daemon relies on the 'comment' match in order to expire" + ewarn "created firewall rules, which is an important security feature." + ewarn "Please enable NETFILTER_XT_MATCH_COMMENT support in your kernel." + echo + fi + if use nfqueue && \ + ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_TARGET_NFQUEUE; then + echo + ewarn "fwknopd daemon relies on the 'NFQUEUE' target for NFQUEUE mode." + ewarn "Please enable NETFILTER_XT_TARGET_NFQUEUE support in your kernel." + echo + fi + fi +} diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest index 7c8a4ab928f3..c2efdd0962a1 100644 --- a/net-firewall/ipset/Manifest +++ b/net-firewall/ipset/Manifest @@ -5,5 +5,5 @@ AUX ipset.systemd 476 BLAKE2B 6d536142066ab60fdec24bcb138976709f186c575a7958ad9e DIST ipset-7.11.tar.bz2 674100 BLAKE2B 97f2e3372e963654ece511960e8c22d0dd9e29376d087a3767d89544dfbd85f9f9e75e0cc6c4eb9e1d813d1a472a410033a76feef3319b1d87fd51b0c3fd97cd SHA512 20890de32c17c04d9d3ae42fff64acfe21a252974bee5843ae39bdda707fcef55fde11cffccab9f987bf7e18f5445443c46c50eb854fb6f93f172f7bad07f922 DIST ipset-7.15.tar.bz2 680383 BLAKE2B 10acff9741370ad80a2845605be1be4f691e987b271f4dcf1fab3abfe158c63c7d39e6b3453ba7cd361dee3df92f85419cfb70806a71b6806555f6571c70b1ed SHA512 0fc936d971c30a0925c585d506c8840e782fdaeec09bc8fd249e874fe838fa55a4dbb697f6e1423a6769abf07a1ce2195abc37cb641e8e4ad70f1b4c7130916a EBUILD ipset-7.11-r1.ebuild 3450 BLAKE2B 214cade04c6b499a7e0043df1eec4cd475b9247b21fa1bc218503082a5265d54d93f6a388281ac7360c48de65581dd3517e49aea7022557535ff42590695795f SHA512 a8ec2d9ca9b17ba666641c6e9539714bb836e043363a5a8e0a913314b476aca59eb4fb9efd6febcc8c13bbe35962ea14bdddc510a2055d980a347e43271c6439 -EBUILD ipset-7.15.ebuild 3449 BLAKE2B 1eae15b36aacf574dad0813af76ff309c0ebb698ca53b53425a444b1f6447c2b095583b4976e444bd5822c1161336382c23ff6243468b657dffd5a7efaf6fe41 SHA512 1f60cd604465530e5d81e5cf385a4bc39f437f3caa2da99656a23777c147ca34d75eedff25b1784baa49ff045acd4c65eac752023b1440ed3967c0d57e49947a +EBUILD ipset-7.15.ebuild 3448 BLAKE2B 2c850a8eb40653629905320c3f5bc6ee153bd33fb1c88b0865efdfd80b6a431a5b56a5af0879fac96b00aefe43d3036f8ee9e102808fd14712594d35649a9fe0 SHA512 49d89f3e53330c38dfac993633eb00bca2f65eb37ba60725d2bc57a36df6a2e466e654623bc52f8ccc4b9112087a4022b21452cba4d94867874ebf10463e978a MISC metadata.xml 369 BLAKE2B f41c3bdbd41f5cd6ae9451f00d80d3ca0e17343f45c37f88ab6e34dda8fce78e4d9b4d670385b3f8d9025f6065f1911d1815b610bbbbbfeb364942b8512ccc7b SHA512 f359ed08f769da53de8c31350f48b7fd0504c863fb29664ce40eac4e56f2cca842d9dc8de350fd4790a3a143ed4db6ed3df3419cc9daad4403078039ced52d3e diff --git a/net-firewall/ipset/ipset-7.15.ebuild b/net-firewall/ipset/ipset-7.15.ebuild index f4dbd52bf881..fad8d3142d3b 100644 --- a/net-firewall/ipset/ipset-7.15.ebuild +++ b/net-firewall/ipset/ipset-7.15.ebuild @@ -11,7 +11,7 @@ SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="amd64 arm arm64 ppc ~ppc64 ~riscv x86" +KEYWORDS="amd64 arm arm64 ppc ppc64 ~riscv x86" BDEPEND="virtual/pkgconfig" diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index e5289fccb777..26d69c963fb5 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -9,6 +9,6 @@ AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a AUX systemd/iptables-restore.service 400 BLAKE2B cd7f700cf717a2efb6504770308f7dcb90a1968f64cca98ea5e7437cf3cf2a2e8f575e3743ac19eec8738c665f4243f537a101c00d5d1cc94648688d4e240a59 SHA512 8c005e321ad041068f243e4baa6588b24b0ffd69991f2129dfab0a34d0ebaf702ff2be8b7328126c84abdc3bbd300e1c387a690c5f6a002b50b2e9148feeb8ef AUX systemd/iptables-store.service 240 BLAKE2B 7ddb4425e63cd41f421767fab25a7b055087fddde5927291b3fce6e0e978f0cb3b734bcacf02f78257eec99274056b69058436a847dcb366f5fb70032e410355 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 -EBUILD iptables-1.8.7-r1.ebuild 4777 BLAKE2B 8966c8181c23b7e48554ea34b22a84ce96de655eb3f1f6d40e33793f067415da67eb276cdc28dce0cb48d034c6fc5f72d59001d989eb82d4859e0ca378493b66 SHA512 429aa79710c3f9f73ad0e6d18d768664419ef144432f8acb0c020551a928eaeee75a750395c18b4890d15227f5f0c1abee7f560bcecebfcce624bbfba0d72ad0 -EBUILD iptables-1.8.7.ebuild 4682 BLAKE2B 6d5e8c0d3b9aa4ec0de723547b23dfde616732d4e525299a7a21738cf0f8bb688b8dc4303592790f2ba835f198bde5da71e9b83f0a8f037c8c6adb2aa9ddd78c SHA512 fca30ef62c65af232436f6cd34c12693e4de65886019f12c5cc2bf2165e52d0dae36370e160887616a4d1b4a05aeb6d9476df4a6083ccd553eb37e54cc8fe573 +EBUILD iptables-1.8.7-r1.ebuild 4592 BLAKE2B 6f44a01c470d7fc561fc5eb481550cfdbcf2462a201a2623807d185b5426570718bb5fbb212be7f9f04e94185440f5954e60c1d6fddd30bb7d624814a0050de3 SHA512 2487c58761d5ee362726009fb144657fd494ccdc11cd642dcf87a17539190b9a0d428dd707fc5ac1571f1298e756bbd935f509a4441aeafd6cbde2433fa2c877 +EBUILD iptables-1.8.7.ebuild 4681 BLAKE2B 22362cd7bde9dfb826ac9666c86014f153117b9773e3592fdaa1074c85d84db79e4d887e2a2d094e84ad4960db44ef0538805af782c60e568b6f83b55e50b577 SHA512 5b57b5be14dcb8ac5a71ca73ac60737e6b488f61e72a7c1414e0014ad25606f00e13d736c0acfeb294b35b9011b060f02bc3c04790b129f21b6b628a49c0bba8 MISC metadata.xml 1466 BLAKE2B 7378fedb44c6e6d19e508a764ec997911f966beccd40b1f93096ad3343b7cd72f9ca129e67a666c54ca4382348a448597bd607197ffe6b94669d84306c81d127 SHA512 f89038980e81bfceaf872ff1938c47e8ad12060bbe9ff48e0e9ca9dd5acc0196b2261d2b22a156cbfd7be89d1d67448969d39ff9b28efb0896702760afa14842 diff --git a/net-firewall/iptables/iptables-1.8.7-r1.ebuild b/net-firewall/iptables/iptables-1.8.7-r1.ebuild index f748bdb9f289..886111459d9b 100644 --- a/net-firewall/iptables/iptables-1.8.7-r1.ebuild +++ b/net-firewall/iptables/iptables-1.8.7-r1.ebuild @@ -14,7 +14,7 @@ LICENSE="GPL-2" # the last time. SLOT="0/1.8.3" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -IUSE="conntrack ipv6 netlink nftables pcap static-libs" +IUSE="conntrack netlink nftables pcap static-libs" BUILD_DEPEND=" >=app-eselect/eselect-iptables-20200508 @@ -78,12 +78,12 @@ src_configure() { --sbindir="${EPREFIX}/sbin" --libexecdir="${EPREFIX}/$(get_libdir)" --enable-devel + --enable-ipv6 --enable-shared $(use_enable nftables) $(use_enable pcap bpf-compiler) $(use_enable pcap nfsynproxy) $(use_enable static-libs static) - $(use_enable ipv6) ) econf "${myeconfargs[@]}" } @@ -104,18 +104,15 @@ src_install() { doman iptables/iptables-apply.8 insinto /usr/include - doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + doins include/ip{,6}tables.h insinto /usr/include/iptables doins include/iptables/internal.h - keepdir /var/lib/iptables + keepdir /var/lib/ip{,6}tables newinitd "${FILESDIR}"/${PN}-r2.init iptables newconfd "${FILESDIR}"/${PN}-r1.confd iptables - if use ipv6 ; then - keepdir /var/lib/ip6tables - dosym iptables /etc/init.d/ip6tables - newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables - fi + dosym iptables /etc/init.d/ip6tables + newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables if use nftables; then # Bug 647458 @@ -125,10 +122,7 @@ src_install() { rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die fi - systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service - if use ipv6 ; then - systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service - fi + systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service # Move important libs to /lib #332175 gen_usr_ldscript -a ip{4,6}tc xtables diff --git a/net-firewall/iptables/iptables-1.8.7.ebuild b/net-firewall/iptables/iptables-1.8.7.ebuild index 2aa7363c4145..e81c56c6afe9 100644 --- a/net-firewall/iptables/iptables-1.8.7.ebuild +++ b/net-firewall/iptables/iptables-1.8.7.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -13,7 +13,7 @@ LICENSE="GPL-2" # Subslot reflects PV when libxtables and/or libip*tc was changed # the last time. SLOT="0/1.8.3" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="conntrack ipv6 netlink nftables pcap static-libs" BUILD_DEPEND=" diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index c96b8bb76853..f7a6d599d897 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -2,6 +2,9 @@ AUX libexec/nftables-mk.sh 1070 BLAKE2B 30d8109d74e7d8c4f51c753f676f91a1902ad42f AUX libexec/nftables.sh 3665 BLAKE2B 74362a4425e974e74e7b895980002f0ded2ecbb4731bbf956edb56ffb9f1ad394802c4eeab3af3735eba4d8e71572a5663e564ce4e7fad76c9715043b90c1b43 SHA512 6cb1ac0928ae2da5c69764d45c52a661a6d72698bb9edd6a603580d2f9bd82b59f2a2661e7569ade3a3b729459d115004f251ad6a5eac8cdf1d38c65bfa9349e AUX man-pages/gen-manpages.bash 1797 BLAKE2B c93cc311570abd674a12eb88711cf01664f437b8dc0fb4de36194f36671d92c35e04fcff6c56adcb0e642f089169f63ef063736398584e5e7ce799bf55acf2ff SHA512 ea3291412ce13d9dd463403fcc11c665c9de63edaabdecaf55e051b52b0ff845c9c7d63a6c4c08e4d2d94428815fe11daf9b7390081b4e9de4774e188b9ea677 AUX nftables-0.9.8-slibtool.patch 427 BLAKE2B 00ab37efe35a68818af21d91781eb6610574a164743c9aea4458aea2efd6ce50aa788ac4a667d37ed3a686e6802e9feb8a4145f2debc9fb379d3621ed002d6df SHA512 8969d2db4aa2ddb5e352c864af5f85aa95849c0ffbc0b5d0fb4f9b848a3a35ab1aa2e747a9c6f4911fc1cdf0f4eb2032d863bfc10e4dcc120604735e7e04f911 +AUX nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch 1062 BLAKE2B 65306c5f920c6179ebd064737a1713d0af7f94ca3b813aa19a1abe5162f88d5507d290fdbdcb05729a83bf1c7d36bc0a61252b224b44896722a89e71982ec8bf SHA512 1d2fed0ca10ee5f7beab94808a73a0002ec6ba63deaa44ab87fdd97d869f0da776ce6c09834d9c6bc7393ae80aca7a326ab1e8df0b122ad016cba5627fd4fffa +AUX nftables-1.0.2-compilation.patch 1188 BLAKE2B 524298dbe639ee9c613d9314cd6ad10abe058534bc6fd1773aeab14fc76103247817ff472e4c7b03e5d2adda5ce84172bb98aac548d432e64f61222d85c6f43c SHA512 d438ec732840eeddfb123e184d00e7b54590e85004a7e89bbacfac48602e36b5082f29a3848ed54769f5155b162beeda7eee58f788fc917dfb598e1ad986694d +AUX nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch 960 BLAKE2B d37f4f2dd72268303170d5d1af1a52e922724fc578afbaf85d05eb5f7beaef3cb67cff37f324cb2adb5b41a7e9b656c51142e6c122a8ea8ecae3ede84e46f7ff SHA512 e1a4da28d62bb09b1e4acdbb3acef211b640715ed0aae93c5206debc3dd2367385aa0c06a9f9a94297c21fb25d659d3e3d51463261d9e4eef269c2c450f0f4e1 AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602 AUX nftables-mk.init-r1 1970 BLAKE2B 9ece7da364eac76ef2ac401f4cc3ed558e926e8f07ab43f084de819098e9543bda0a9a8d40375e4e01dd6e53b92d744acf8f3caaeab1c3678ca84b1f48d59685 SHA512 9f1e491ba5fd8a1173eb055bfa5a0de3c040c158e7d54848fcd373a5f4c4041df6fb9ddc5b0e8fdfd78243665c627b8767816bcf94dd142b441b21227206fef3 AUX nftables.confd 655 BLAKE2B 5512be1edd43e270941de3d9b66fda69e4afd7c7e6e970b232a044c2fd64f8e50b9b55a4fe670174c3eabf3d176ee0158c1043baec4b76b0802e7e97bc862fcf SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 @@ -11,9 +14,11 @@ DIST nftables-0.9.8.tar.bz2 879516 BLAKE2B 5063090d648668f4d5ae6d4be48ebecc65dfd DIST nftables-0.9.9.tar.bz2 922624 BLAKE2B 8de2709576a26ca84a8d694f7cb06cad2bb2fb4671ba21ffc32c0d5997e8124ae7cd794dafddf4db48d8a49c280b48b07d2a31b6c18f6647fdb67cfe7f065b61 SHA512 dfdd3ffc0ffc1742ca0494a3f8fac1c7b2fe942849e60d33fc3cb8a51e27bd39e1ccfeda2195191377a32bb5363ea244f4c3e71b4a6d930f33bf87e17a534fab DIST nftables-1.0.0.tar.bz2 921053 BLAKE2B ee86a323170433c3ba62f80118947864aac0fe0aaeb48afeb5a116a48782185c83313ef1b5735c7749eb5eccb88f252b444d1ee908be25bdaa4d9c0b833c1dc2 SHA512 33460bef4ee76b7caa44fa5515357127ae84be468448cc838dd31919b6e045ba6195b761118d4c8a4219a9f008c4416542ce784f4daad94f3b44c0626bcdd014 DIST nftables-1.0.1.tar.bz2 954586 BLAKE2B e406699c96b98495f1b6deeab0233873ce20b43c13c162eafea1e6b371961123a69f3d5e7bd2f1bedfdbe58fed56ba3e2dae962b88657af6f4ab5b3743fb6373 SHA512 a0db4d82725509d2a9c638ba7ba55547ad7b5138a5fe686b0e90260d6a65e060dd72a470969c1d69e945303bd2bfc33b2021d9f4141b88befefddc61b7afe10d -EBUILD nftables-0.9.8-r1.ebuild 4285 BLAKE2B 4c03efb0f42ce1619c8aee1a27fa837dab27ab37c1b4db78428fe5391a0f7b7cd1b1f84c9affc52ee656d85e22055a4eacb4b09a69139239a8e480d8c3339c92 SHA512 d66b7e3072b28495cf87dcb3f55488bde050a3cce741a394b2ab9347f5ceaffca53cd258f530098c1ad87c0447d11c6fa6f77b462a00ff9b6d42caf3e0f7122a -EBUILD nftables-0.9.9.ebuild 4553 BLAKE2B 54b3de2a5413532de597c7b496dcc83405136e442f1d9dca2e3c3cabe23f0ed8d2e84311d9091b62ec14e284cf768652f924cfd51df537a576d391026d82df2d SHA512 6d17349a2749437becd3d8a75c192e58d6019b49c3e99594d7f0f6989cb84b5a24820b843aed08cf6a43cdf359f63c250b7a00fdf2cb994c93faa31f3ad458b3 -EBUILD nftables-1.0.0.ebuild 4558 BLAKE2B 8365c83cd919817f8c0b7868a3a66b1018e9718b338d7902e7a1a836d19980eb56301359630d0c18f104ac89dce85b36291d190defbbe278521eb473b620b466 SHA512 7220d616f94de73f024290bb9c24fd65a17a68855c1754d9b4b74a60bb2a7005b643d2d356f58809ed638358ce5872e387c62b4e37fb8ce108a3529d6db59809 -EBUILD nftables-1.0.1-r1.ebuild 4741 BLAKE2B 732080a02f8585a46e3a52d64e888d1210b1e6ae5773ebf6dfa10f7372d7c272aaa727a5815ec997657367e94c9f42e48f112d9539338137614a0987aa9390fb SHA512 626742cd980ea46eedd24aef6c3ffb566d12fcf3ffe9b9c5004031addd2908f91e2aba76b4fd5b3ef03676db2380f59a9565149cbdb07102f891f9b8c3122cd4 -EBUILD nftables-9999.ebuild 4735 BLAKE2B 364499724015c29d6ede31ce9229fc5603a35953c7169e9734279b63d0bb78c94b6852fec33c6c0b420d0abf9db3f281b9ce36eed522e72d55af28e9a07551ad SHA512 1d2045639f63325f2d8a7ace74cd686e9ce5ad74ed68d5016e2e9be6f4b25ecbb437c1c33bdd350349e3d8e819c537ca7fb198d3432dc25cccd5f77fa2cbc3b3 +DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932dd172b3569618696100bf3853b9a108bf0296dcf9d615ae7c0fbec84b48266299b62cf755d181d19c626f8a3cd4 SHA512 560d23c6e369eafd7b354d29fe73d46154e4a74dec000178c1aea47751fe535d20c4e6bbecd3955eb2b327c7a60b1269e5c6dc5781498546b639fa2d1367a9ca +EBUILD nftables-0.9.8-r2.ebuild 4285 BLAKE2B ebc540b040a7d33d614709a469045672598c1e778fdacdcf233e980d3683aed9a59c0e04f929c0bd944bb79e2d89d5d0d41598b1ff446aca1d3b20d59c2b013b SHA512 5a80918c983d31609881fd96671e697abaf86b20f1024d9bbce7e0d4c7996f0f33ed72c4458d9bf73412eea1ecb2570f4983288de7ecc460569ae94e380030de +EBUILD nftables-0.9.9-r1.ebuild 4553 BLAKE2B 540457437c02723382787e9fdf062845c38286f5cab3419010239c61ed3e6b965cde6365e97c047c07c1ffe75e064a9d26d2cab445cef97e6d1660e67f8e494d SHA512 13d287e808d24645659873d8708c547d91ae52f3a3ea66606b0fc87a9bf7aac4432555fab0dc82896302dabaa90f5df823ed13bc370e28ad5e2491567f88932c +EBUILD nftables-1.0.0-r1.ebuild 4558 BLAKE2B c341d163bf665694a618c9f8eae1b26be0e67c24ed4db6339651530c2a840f23c9e9aa240e296dd697ae93505e7af11a04ad32b9bde9d53ef93e266e25b70d10 SHA512 e8b30662a5e5c640157a81b0064d598c584b7181d0211eb1ab24049159a0f6ae1672fbd9d4779a75bc3c1a9732d33b0c3f534b2b37cc308af6f574217b5fba69 +EBUILD nftables-1.0.1-r2.ebuild 4733 BLAKE2B 5635e341e1171637261d280d02e0579b1c6480adb81f84704caec7c7e37f389004e95fb28672459eddb02d70a536dcf1e3789b119347f4d4a0de1dfc2e9dbd20 SHA512 f0a29c90fd40c9057ebb047e3d8f6612d429e3778ffa6c54fe7f9b575aaaa66a0b61903ab0e9ac076486fd5a800960182c1a55037713aecd219770f900027565 +EBUILD nftables-1.0.2-r1.ebuild 4938 BLAKE2B d4d4257ffeeea8bd0bf6b23d01a539ab0ad7d70c8092b231272a8d7a2607aec47347af938e4a39065f504c889bffed2e7fd21c538c22cc72496ea4e454188edc SHA512 eec6bcc51f611f8e3794fe2e8f6d20bccd066db76622f0806558c42af99ad6de110c72fde0f372b025a5c262949ce64a9d53d64db63a147a80bb3aa0fb4d3e21 +EBUILD nftables-9999.ebuild 4735 BLAKE2B a40d65c44b5de6ed205056bc22a36d48f3e8e997ac273319764458dbb1de3fc5f579bea757ef20c1eeca806c11187f60e6e53133028620814db919c96d261ea2 SHA512 ad40ab2f97a0bfe4b3ba8f8fec3a9875cad4b5dad4398a831d48167cc27ee9d159db997d78a988ec998206f5a00758d3063b6513c1fb92d8056c7047344c9d5f MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25 diff --git a/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch b/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch new file mode 100644 index 000000000000..41c3de5bc83b --- /dev/null +++ b/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch @@ -0,0 +1,27 @@ +https://git.netfilter.org/nftables/commit/src?id=1d507ce7f1d3c12481ee24bd1dcac2fc1984ee9f + +From: Sam James +Date: Thu, 24 Feb 2022 19:45:43 +0000 +Subject: build: explicitly pass --version-script to linker + +--version-script is a linker option, so let's use -Wl, so that +libtool handles it properly. It seems like the previous method gets silently +ignored with GNU libtool in some cases(?) and downstream in Gentoo, +we had to apply this change to make the build work with slibtool anyway. + +But it's indeed correct in any case, so let's swap. + +Signed-off-by: Sam James +Signed-off-by: Pablo Neira Ayuso +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -91,7 +91,7 @@ libparser_la_CFLAGS = ${AM_CFLAGS} \ + + libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la + libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \ +- --version-script=$(srcdir)/libnftables.map ++ -Wl,--version-script=$(srcdir)/libnftables.map + + if BUILD_MINIGMP + noinst_LTLIBRARIES += libminigmp.la +cgit v1.2.3 diff --git a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch new file mode 100644 index 000000000000..96670c1d9531 --- /dev/null +++ b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch @@ -0,0 +1,36 @@ +https://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3 + +From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Tue, 22 Feb 2022 00:56:36 +0100 +Subject: examples: compile with `make check' and add AM_CPPFLAGS + +Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to +specify local headers via -I. + +Unfortunately, `make distcheck' did not catch this compile time error in +my system, since it was using the nftables/libnftables.h file of the +previous nftables release. + +Fixes: 5b364657a35f ("build: missing SUBIRS update") +Fixes: caf2a6ad2d22 ("examples: add libnftables example program") +Signed-off-by: Pablo Neira Ayuso +--- + examples/Makefile.am | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/examples/Makefile.am b/examples/Makefile.am +index c972170d..3b8b0b67 100644 +--- a/examples/Makefile.am ++++ b/examples/Makefile.am +@@ -1,4 +1,6 @@ +-noinst_PROGRAMS = nft-buffer \ ++check_PROGRAMS = nft-buffer \ + nft-json-file + ++AM_CPPFLAGS = -I$(top_srcdir)/include ++ + LDADD = $(top_builddir)/src/libnftables.la +-- +cgit v1.2.3 + diff --git a/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch b/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch new file mode 100644 index 000000000000..09841d482222 --- /dev/null +++ b/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch @@ -0,0 +1,31 @@ +https://git.netfilter.org/nftables/commit/src?id=e98a9b83cd52c7c75bedb3dad46539b197ed17ba + +From: Sam James +Date: Thu, 24 Feb 2022 19:45:42 +0000 +Subject: libnftables.map: export new nft_ctx_{get,set}_optimize API + +[ Remove incorrect symbol names were exported via .map file ] + +Without this, we're not explicitly saying this is part of the +public API. + +This new API was added in 1.0.2 and is used by e.g. the main +nft binary. Noticed when fixing the version-script option +(separate patch) which picked up this problem when .map +was missing symbols (related to when symbol visibility +options get set). + +Signed-off-by: Sam James +Signed-off-by: Pablo Neira Ayuso +--- a/src/libnftables.map ++++ b/src/libnftables.map +@@ -30,6 +30,6 @@ LIBNFTABLES_2 { + } LIBNFTABLES_1; + + LIBNFTABLES_3 { +- nft_set_optimize; +- nft_get_optimize; ++ nft_ctx_set_optimize; ++ nft_ctx_get_optimize; + } LIBNFTABLES_2; +cgit v1.2.3 diff --git a/net-firewall/nftables/nftables-0.9.8-r1.ebuild b/net-firewall/nftables/nftables-0.9.8-r1.ebuild deleted file mode 100644 index 17044fb39c47..000000000000 --- a/net-firewall/nftables/nftables-0.9.8-r1.ebuild +++ /dev/null @@ -1,166 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7,8,9} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" -SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~ia64 ppc ppc64 sparc x86" -IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.4:0= - >=net-libs/libnftnl-1.1.9:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND=" - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - virtual/pkgconfig -" - -REQUIRED_USE=" - python? ( ${PYTHON_REQUIRED_USE} ) -" - -PATCHES=( - "${FILESDIR}/${PN}-0.9.8-slibtool.patch" -) - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - "${@}" -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python; then - python_foreach_impl python_make - fi -} - -src_install() { - default - - if ! use doc; then - pushd doc >/dev/null || die - doman *.? - popd >/dev/null || die - fi - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - python_foreach_impl python_make install - python_foreach_impl python_optimize - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - if has_version 'sys-apps/systemd'; then - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart" - elog "the nftables-restore service must be manually started in order to" - elog "save those rules on shutdown." - fi - if has_version 'sys-apps/openrc'; then - elog "If you wish to enable the firewall rules on boot (on openrc) you" - elog "will need to enable the nftables service." - elog " 'rc-update add ${PN} default'" - elog - elog "If you are creating or updating the firewall rules and wish to save" - elog "them to be loaded on the next restart, use the \"save\" functionality" - elog "in the init script." - elog " 'rc-service ${PN} save'" - fi -} diff --git a/net-firewall/nftables/nftables-0.9.8-r2.ebuild b/net-firewall/nftables/nftables-0.9.8-r2.ebuild new file mode 100644 index 000000000000..58bf1cc65087 --- /dev/null +++ b/net-firewall/nftables/nftables-0.9.8-r2.ebuild @@ -0,0 +1,166 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7,8,9} ) + +inherit autotools linux-info python-r1 systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" +SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 arm arm64 ~ia64 ppc ppc64 sparc x86" +IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.1.9:0= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + virtual/pkgconfig +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.8-slibtool.patch" +) + +python_make() { + emake \ + -C py \ + abs_builddir="${S}" \ + DESTDIR="${D}" \ + PYTHON_BIN="${PYTHON}" \ + "${@}" +} + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + # fix installation path for doc stuff + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ + -i files/nftables/Makefile.am || die + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ + -i files/osf/Makefile.am || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use python; then + python_foreach_impl python_make + fi +} + +src_install() { + default + + if ! use doc; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + local mksuffix="$(usex modern-kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + python_foreach_impl python_make install + python_foreach_impl python_optimize + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local save_file + save_file="${EROOT}/var/lib/nftables/rules-save" + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/net-firewall/nftables/nftables-0.9.9-r1.ebuild b/net-firewall/nftables/nftables-0.9.9-r1.ebuild new file mode 100644 index 000000000000..40d4fbc36744 --- /dev/null +++ b/net-firewall/nftables/nftables-0.9.9-r1.ebuild @@ -0,0 +1,179 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..10} ) + +inherit autotools linux-info python-r1 systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + + BDEPEND=" + sys-devel/bison + sys-devel/flex + " +else + SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" + KEYWORDS="amd64 arm arm64 ~ia64 ppc ~ppc64 ~riscv sparc x86" +fi + +LICENSE="GPL-2" +SLOT="0/1" +IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.2.0:0= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" + +DEPEND="${RDEPEND}" + +BDEPEND+=" + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + virtual/pkgconfig +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.8-slibtool.patch" +) + +python_make() { + emake \ + -C py \ + abs_builddir="${S}" \ + DESTDIR="${D}" \ + PYTHON_BIN="${PYTHON}" \ + "${@}" +} + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + # fix installation path for doc stuff + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ + -i files/nftables/Makefile.am || die + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ + -i files/osf/Makefile.am || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use python; then + python_foreach_impl python_make + fi +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + local mksuffix="$(usex modern-kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + python_foreach_impl python_make install + python_foreach_impl python_optimize + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local save_file + save_file="${EROOT}/var/lib/nftables/rules-save" + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/net-firewall/nftables/nftables-0.9.9.ebuild b/net-firewall/nftables/nftables-0.9.9.ebuild deleted file mode 100644 index 3a44d46ef975..000000000000 --- a/net-firewall/nftables/nftables-0.9.9.ebuild +++ /dev/null @@ -1,179 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..10} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" - -if [[ ${PV} =~ ^[9]{4,}$ ]]; then - inherit git-r3 - EGIT_REPO_URI="https://git.netfilter.org/${PN}" - - BDEPEND=" - sys-devel/bison - sys-devel/flex - " -else - SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~ia64 ppc ~ppc64 ~riscv sparc x86" -fi - -LICENSE="GPL-2" -SLOT="0/1" -IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.4:0= - >=net-libs/libnftnl-1.2.0:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND+=" - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - virtual/pkgconfig -" - -REQUIRED_USE=" - python? ( ${PYTHON_REQUIRED_USE} ) - libedit? ( !readline ) -" - -PATCHES=( - "${FILESDIR}/${PN}-0.9.8-slibtool.patch" -) - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - "${@}" -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with libedit cli editline) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python; then - python_foreach_impl python_make - fi -} - -src_install() { - default - - if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then - pushd doc >/dev/null || die - doman *.? - popd >/dev/null || die - fi - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - python_foreach_impl python_make install - python_foreach_impl python_optimize - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - if has_version 'sys-apps/systemd'; then - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart" - elog "the nftables-restore service must be manually started in order to" - elog "save those rules on shutdown." - fi - if has_version 'sys-apps/openrc'; then - elog "If you wish to enable the firewall rules on boot (on openrc) you" - elog "will need to enable the nftables service." - elog " 'rc-update add ${PN} default'" - elog - elog "If you are creating or updating the firewall rules and wish to save" - elog "them to be loaded on the next restart, use the \"save\" functionality" - elog "in the init script." - elog " 'rc-service ${PN} save'" - fi -} diff --git a/net-firewall/nftables/nftables-1.0.0-r1.ebuild b/net-firewall/nftables/nftables-1.0.0-r1.ebuild new file mode 100644 index 000000000000..31bd6d1de988 --- /dev/null +++ b/net-firewall/nftables/nftables-1.0.0-r1.ebuild @@ -0,0 +1,179 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..10} ) + +inherit autotools linux-info python-r1 systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + + BDEPEND=" + sys-devel/bison + sys-devel/flex + " +else + SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" + KEYWORDS="amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~riscv sparc x86" +fi + +LICENSE="GPL-2" +SLOT="0/1" +IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.2.0:0= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" + +DEPEND="${RDEPEND}" + +BDEPEND+=" + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + virtual/pkgconfig +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.8-slibtool.patch" +) + +python_make() { + emake \ + -C py \ + abs_builddir="${S}" \ + DESTDIR="${D}" \ + PYTHON_BIN="${PYTHON}" \ + "${@}" +} + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + # fix installation path for doc stuff + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ + -i files/nftables/Makefile.am || die + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ + -i files/osf/Makefile.am || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + default + + if use python; then + python_foreach_impl python_make + fi +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + local mksuffix="$(usex modern-kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + python_foreach_impl python_make install + python_foreach_impl python_optimize + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local save_file + save_file="${EROOT}/var/lib/nftables/rules-save" + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/net-firewall/nftables/nftables-1.0.0.ebuild b/net-firewall/nftables/nftables-1.0.0.ebuild deleted file mode 100644 index 6285ac74649d..000000000000 --- a/net-firewall/nftables/nftables-1.0.0.ebuild +++ /dev/null @@ -1,179 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..10} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" - -if [[ ${PV} =~ ^[9]{4,}$ ]]; then - inherit git-r3 - EGIT_REPO_URI="https://git.netfilter.org/${PN}" - - BDEPEND=" - sys-devel/bison - sys-devel/flex - " -else - SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~riscv sparc x86" -fi - -LICENSE="GPL-2" -SLOT="0/1" -IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.4:0= - >=net-libs/libnftnl-1.2.0:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND+=" - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - virtual/pkgconfig -" - -REQUIRED_USE=" - python? ( ${PYTHON_REQUIRED_USE} ) - libedit? ( !readline ) -" - -PATCHES=( - "${FILESDIR}/${PN}-0.9.8-slibtool.patch" -) - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - "${@}" -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with libedit cli editline) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python; then - python_foreach_impl python_make - fi -} - -src_install() { - default - - if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then - pushd doc >/dev/null || die - doman *.? - popd >/dev/null || die - fi - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - python_foreach_impl python_make install - python_foreach_impl python_optimize - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - if has_version 'sys-apps/systemd'; then - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart" - elog "the nftables-restore service must be manually started in order to" - elog "save those rules on shutdown." - fi - if has_version 'sys-apps/openrc'; then - elog "If you wish to enable the firewall rules on boot (on openrc) you" - elog "will need to enable the nftables service." - elog " 'rc-update add ${PN} default'" - elog - elog "If you are creating or updating the firewall rules and wish to save" - elog "them to be loaded on the next restart, use the \"save\" functionality" - elog "in the init script." - elog " 'rc-service ${PN} save'" - fi -} diff --git a/net-firewall/nftables/nftables-1.0.1-r1.ebuild b/net-firewall/nftables/nftables-1.0.1-r1.ebuild deleted file mode 100644 index 584e495b73d4..000000000000 --- a/net-firewall/nftables/nftables-1.0.1-r1.ebuild +++ /dev/null @@ -1,185 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..10} ) -DISTUTILS_OPTIONAL=1 -inherit autotools linux-info distutils-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" - -if [[ ${PV} =~ ^[9]{4,}$ ]]; then - inherit git-r3 - EGIT_REPO_URI="https://git.netfilter.org/${PN}" - - BDEPEND=" - sys-devel/bison - sys-devel/flex - " -else - SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" -fi - -LICENSE="GPL-2" -SLOT="0/1" -IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.4:0= - >=net-libs/libnftnl-1.2.1:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND+=" - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - virtual/pkgconfig -" - -REQUIRED_USE=" - python? ( ${PYTHON_REQUIRED_USE} ) - libedit? ( !readline ) -" - -PATCHES=( - "${FILESDIR}/${PN}-0.9.8-slibtool.patch" -) - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_prepare - popd >/dev/null || die - fi -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with libedit cli editline) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_configure - popd >/dev/null || die - fi -} - -src_compile() { - default - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_compile - popd >/dev/null || die - fi -} - -src_install() { - default - - if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then - pushd doc >/dev/null || die - doman *.? - popd >/dev/null || die - fi - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - pushd py >/dev/null || die - distutils-r1_src_install - popd >/dev/null || die - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - if has_version 'sys-apps/systemd'; then - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart" - elog "the nftables-restore service must be manually started in order to" - elog "save those rules on shutdown." - fi - if has_version 'sys-apps/openrc'; then - elog "If you wish to enable the firewall rules on boot (on openrc) you" - elog "will need to enable the nftables service." - elog " 'rc-update add ${PN} default'" - elog - elog "If you are creating or updating the firewall rules and wish to save" - elog "them to be loaded on the next restart, use the \"save\" functionality" - elog "in the init script." - elog " 'rc-service ${PN} save'" - fi -} diff --git a/net-firewall/nftables/nftables-1.0.1-r2.ebuild b/net-firewall/nftables/nftables-1.0.1-r2.ebuild new file mode 100644 index 000000000000..3ab5c9291110 --- /dev/null +++ b/net-firewall/nftables/nftables-1.0.1-r2.ebuild @@ -0,0 +1,185 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..10} ) +DISTUTILS_OPTIONAL=1 +inherit autotools linux-info distutils-r1 systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + + BDEPEND=" + sys-devel/bison + sys-devel/flex + " +else + SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" + KEYWORDS="amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86" +fi + +LICENSE="GPL-2" +SLOT="0/1" +IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.2.1:0= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" + +DEPEND="${RDEPEND}" + +BDEPEND+=" + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + virtual/pkgconfig +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.8-slibtool.patch" +) + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + # fix installation path for doc stuff + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ + -i files/nftables/Makefile.am || die + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ + -i files/osf/Makefile.am || die + + eautoreconf + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_prepare + popd >/dev/null || die + fi +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_configure + popd >/dev/null || die + fi +} + +src_compile() { + default + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + local mksuffix="$(usex modern-kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + pushd py >/dev/null || die + distutils-r1_src_install + popd >/dev/null || die + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local save_file + save_file="${EROOT}/var/lib/nftables/rules-save" + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/net-firewall/nftables/nftables-1.0.2-r1.ebuild b/net-firewall/nftables/nftables-1.0.2-r1.ebuild new file mode 100644 index 000000000000..8b7db17f23e8 --- /dev/null +++ b/net-firewall/nftables/nftables-1.0.2-r1.ebuild @@ -0,0 +1,188 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) +DISTUTILS_OPTIONAL=1 +inherit autotools linux-info distutils-r1 systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://netfilter.org/projects/nftables/" + +if [[ ${PV} =~ ^[9]{4,}$ ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.netfilter.org/${PN}" + + BDEPEND=" + sys-devel/bison + sys-devel/flex + " +else + SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi + +LICENSE="GPL-2" +SLOT="0/1" +IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables" + +RDEPEND=" + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.2.1:0= + gmp? ( dev-libs/gmp:= ) + json? ( dev-libs/jansson:= ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) +" + +DEPEND="${RDEPEND}" + +BDEPEND+=" + doc? ( + app-text/asciidoc + >=app-text/docbook2X-0.8.8-r4 + ) + virtual/pkgconfig +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + libedit? ( !readline ) +" + +PATCHES=( + "${FILESDIR}/nftables-1.0.2-compilation.patch" + "${FILESDIR}/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch" + "${FILESDIR}/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch" +) + +pkg_setup() { + if kernel_is ge 3 13; then + if use modern-kernel && kernel_is lt 3 18; then + eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." + fi + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + + # fix installation path for doc stuff + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ + -i files/nftables/Makefile.am || die + sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ + -i files/osf/Makefile.am || die + + eautoreconf + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_prepare + popd >/dev/null || die + fi +} + +src_configure() { + local myeconfargs=( + # We handle python separately + --disable-python + --disable-static + --sbindir="${EPREFIX}"/sbin + $(use_enable debug) + $(use_enable doc man-doc) + $(use_with !gmp mini_gmp) + $(use_with json) + $(use_with libedit cli editline) + $(use_with readline cli readline) + $(use_enable static-libs static) + $(use_with xtables) + ) + econf "${myeconfargs[@]}" + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_configure + popd >/dev/null || die + fi +} + +src_compile() { + default + + if use python; then + pushd py >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +src_install() { + default + + if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then + pushd doc >/dev/null || die + doman *.? + popd >/dev/null || die + fi + + local mksuffix="$(usex modern-kernel '-mk' '')" + + exeinto /usr/libexec/${PN} + newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh + newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + + if use python ; then + pushd py >/dev/null || die + distutils-r1_src_install + popd >/dev/null || die + fi + + find "${ED}" -type f -name "*.la" -delete || die +} + +pkg_postinst() { + local save_file + save_file="${EROOT}/var/lib/nftables/rules-save" + + # In order for the nftables-restore systemd service to start + # the save_file must exist. + if [[ ! -f "${save_file}" ]]; then + ( umask 177; touch "${save_file}" ) + elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then + ewarn "Your system has dangerous permissions for ${save_file}" + ewarn "It is probably affected by bug #691326." + ewarn "You may need to fix the permissions of the file. To do so," + ewarn "you can run the command in the line below as root." + ewarn " 'chmod 600 \"${save_file}\"'" + fi + + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi +} diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild index 82923aace969..d6697d8a7eef 100644 --- a/net-firewall/nftables/nftables-9999.ebuild +++ b/net-firewall/nftables/nftables-9999.ebuild @@ -30,11 +30,11 @@ IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xt RDEPEND=" >=net-libs/libmnl-1.0.4:0= >=net-libs/libnftnl-1.2.1:0= - gmp? ( dev-libs/gmp:0= ) + gmp? ( dev-libs/gmp:= ) json? ( dev-libs/jansson:= ) python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - xtables? ( >=net-firewall/iptables-1.6.1 ) + readline? ( sys-libs/readline:= ) + xtables? ( >=net-firewall/iptables-1.6.1:= ) " DEPEND="${RDEPEND}" diff --git a/net-firewall/nftlb/Manifest b/net-firewall/nftlb/Manifest index aa9778daedaa..197abc435bb8 100644 --- a/net-firewall/nftlb/Manifest +++ b/net-firewall/nftlb/Manifest @@ -1,5 +1,9 @@ AUX nftlb-0.6-musl.patch 1887 BLAKE2B fdf12a0f3113e1fff17096195150e387ec44342d67b80d63fff525e8b28222599276bb607b7f21b44953dbeb0f00861b6477b01af24bc990be046b45a169ced5 SHA512 48781ce88c94b7d184764d9b2fb70410310215fe165fa89965293633bc039044e5d34eb10fe382f9d394f36e5960a91efb12c9e7fde24c057ae6ece0f3d75bb9 AUX nftlb-0.6-tests.patch 1037 BLAKE2B 1b26671d49035bb57bfd5f730d40d756017234413f427a94367d571a47a4959f09389d55b95e46e0512003e0eb3022470feadeee00632d64cf6cfa94097e89b4 SHA512 9c57db285efb5a5e12d1099e4f44de17e70eb137e7fa05f9c678cadf43c7eecaab76fdb7a7815e2a22ccb9fb1d3e5c524496a9a87ff10cb64f4ff50c281889ce +AUX nftlb-1.0-musl.patch 1899 BLAKE2B 6c2c51ba355473754ac1aa59e423b367c9eba8c0aef6cc0756533f08e22aa423e397a2216449b25360d625d62ef64173701e0cec40be6bb342094ad81a2ca463 SHA512 e73efbaffa03c9bf762b9335561ae3f905434cd15351e843063c8aeac5cd80db6bbb3916fe0eca04a7699c3bebfb8910e52a2f1f07b068ee1c9951d645bf3e28 +AUX nftlb-1.0-tests.patch 1025 BLAKE2B 1c1a3b363d5896799dbc9c789684bcb407cafeee6b7d7d061f28142a718a77b9a7fc11a59ff40f178047d37a8452c66cab904661d36874efc343677ec4a043a4 SHA512 a013fd84528620e61b93b11218edb5fbf4096d0367d802f697048f544751a0a4c9d64ecfa5198b28d8dc732b195db7d7ed5028423aa26c855f116d11665f096b DIST nftlb-0.6.tar.gz 121216 BLAKE2B 98b69c35070eb733a218ac1b1aaa7816de1e4f149c8447fee298b4cf50c57610c816fb178d4115e1e7af5cea0f5b20df36eb5b79655e0d7c69ff30e363985104 SHA512 95b879cfc187fe94cc6876f4af3fe77795c1e0228850cfb38b95206685d9065076b6905d365da7ec5f92773cf8f72f6e441d9140d9b10b02eaf9b6c862c31006 +DIST nftlb-1.0.tar.gz 195057 BLAKE2B b8237b7ba6f6f61dde726d53b63f2488bf38646984b252317ba0f47727ae91e5f4d58c32c0f0d609b134124efd29fdce2b9c10a981a3892220dac78c84946f48 SHA512 f93db34e4372d8f16e99650f3ade62908ce65722fadd521c6d698ab81b24502f6d82e1945b06b166876ebeb39e1907c97a40776ddf985b035b883e93f62e8766 EBUILD nftlb-0.6.ebuild 1021 BLAKE2B 28e978c5eaa237691d102184761476ef31fab9a0c986825ae87df87599121774c2d1a95963695b52ce7a130d48c9fbf096339b166b3d57998a4a4e95d6414f25 SHA512 fb3e447387fb311569e56075b04e4a6352ee38eb9a5d8d9b2a2690404cb47cf5ff477002d2a715c047728bc203f9fe08af202e40eb5948809fb292a099d20000 +EBUILD nftlb-1.0.ebuild 1037 BLAKE2B 61b6a5e568945cb063f205b39dc43e36aa4ed1001bdadd592e513f813c376f41eab26309f4a2df4827741fa4eacfa88a8b57c5dfcffae53674fe0a824baf62ff SHA512 43a81b0c731563e4d1cf8a3880b722d9c171d7930b1998cb4251d38f756fcd02bc6860e923db776aca3ca24aff3fd8590c195a009d41399bbe3331c8e7ffed1d MISC metadata.xml 256 BLAKE2B e4fb7b4732dc88ff20c10bd7e5425beca8310c14d3934046ad6fcd99d8f401ea8610a6df5444d094f5bae4e5120cb7aedc15b45f0862b73f83bd7d5e54617337 SHA512 d37651285ce883fc1c73b41e09e66788d47b2451a4f96ac4237e6bef59643b3171a7a24900f204f0ca1accdbd5961d74e4bd7c8c41e1d29492874e4cbc737611 diff --git a/net-firewall/nftlb/files/nftlb-1.0-musl.patch b/net-firewall/nftlb/files/nftlb-1.0-musl.patch new file mode 100644 index 000000000000..399136754554 --- /dev/null +++ b/net-firewall/nftlb/files/nftlb-1.0-musl.patch @@ -0,0 +1,73 @@ +diff --git a/configure.ac b/configure.ac +index 84bfd96..3f6f81d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2,6 +2,7 @@ AC_INIT([nftlb], [1.0], [netfilter-devel@vger.kernel.org]) + + AC_CONFIG_AUX_DIR([build-aux]) + AC_CONFIG_MACRO_DIR([m4]) ++AC_CONFIG_HEADERS([config.h]) + AM_INIT_AUTOMAKE([-Wall foreign subdir-objects + tar-pax no-dist-gzip dist-bzip2 1.6]) + +@@ -25,5 +26,7 @@ AC_CHECK_HEADER([ev.h], [EVENTINC="-include ev.h"], + [EVENTINC="-include libev/ev.h"], + [AC_MSG_ERROR([ev.h not found])])]) + ++AC_CHECK_HEADERS([execinfo.h]) ++ + AC_CONFIG_FILES([Makefile src/Makefile]) + AC_OUTPUT +diff --git a/src/main.c b/src/main.c +index 9854f95..8e7df1d 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -18,6 +18,7 @@ + * along with this program. If not, see . + * + */ ++#include "config.h" + + #include + #include +@@ -25,7 +26,10 @@ + #include + #include + #include ++ ++#ifdef HAVE_EXECINFO_H + #include ++#endif /* HAVE_EXECINFO_H */ + + #include "config.h" + #include "objects.h" +@@ -88,6 +92,7 @@ static void nftlb_sighandler(int signo) + exit(EXIT_SUCCESS); + } + ++#ifdef HAVE_EXECINFO_H + static void nftlb_trace() { + void *buffer[255]; + char **str; +@@ -109,6 +114,7 @@ static void nftlb_trace() { + + exit(EXIT_FAILURE); + } ++#endif /* HAVE_EXECINFO_H */ + + int main(int argc, char *argv[]) + { +@@ -166,9 +172,13 @@ int main(int argc, char *argv[]) + + if (signal(SIGINT, nftlb_sighandler) == SIG_ERR || + signal(SIGTERM, nftlb_sighandler) == SIG_ERR || ++#ifdef HAVE_EXECINFO_H + signal(SIGPIPE, SIG_IGN) == SIG_ERR || + signal(SIGABRT, nftlb_trace) == SIG_ERR || + signal(SIGSEGV, nftlb_trace) == SIG_ERR) { ++#else ++ signal(SIGPIPE, SIG_IGN) == SIG_ERR) { ++#endif /* HAVE_EXECINFO_H */ + tools_printlog(LOG_ERR, "Error assigning signals"); + return EXIT_FAILURE; + } diff --git a/net-firewall/nftlb/files/nftlb-1.0-tests.patch b/net-firewall/nftlb/files/nftlb-1.0-tests.patch new file mode 100644 index 000000000000..48685074cb83 --- /dev/null +++ b/net-firewall/nftlb/files/nftlb-1.0-tests.patch @@ -0,0 +1,45 @@ +diff --git a/tests/exec_tests.sh b/tests/exec_tests.sh +index 2a30a07..7814f5a 100755 +--- a/tests/exec_tests.sh ++++ b/tests/exec_tests.sh +@@ -36,6 +36,8 @@ fi + + echo "-- Executing configuration tests" + ++retval=0 ++ + for test in `ls -d ${TESTS}`; do + if [[ ! ${test} =~ ^..._ ]]; then + continue; +@@ -58,6 +60,7 @@ for test in `ls -d ${TESTS}`; do + + if [ $statusexec -ne 0 ]; then + echo -e "\e[31mNFT EXEC ERROR\e[0m" ++ retval=1 + continue; + fi + +@@ -65,6 +68,7 @@ for test in `ls -d ${TESTS}`; do + + if [ ! -f ${outputfile} ]; then + echo "Dump file doesn't exist" ++ retval=1 + continue; + fi + +@@ -76,6 +80,7 @@ for test in `ls -d ${TESTS}`; do + rm -f ${reportfile} + else + echo -e "\e[31mNFT DUMP ERROR\e[0m" ++ retval=1 + if [ $APPLY_REPORTS -eq 1 ]; then + cat ${reportfile} > ${outputfile} + echo -e "APPLIED" +@@ -89,4 +94,7 @@ fi + + if [ "`grep 'nft command error' /var/log/syslog`" != "" ]; then + echo -e "\e[33m* command errors found, please check syslog\e[0m" ++ retval=1 + fi ++ ++exit ${retval} diff --git a/net-firewall/nftlb/nftlb-1.0.ebuild b/net-firewall/nftlb/nftlb-1.0.ebuild new file mode 100644 index 000000000000..f1e9170bcbc4 --- /dev/null +++ b/net-firewall/nftlb/nftlb-1.0.ebuild @@ -0,0 +1,61 @@ +# Copyright 2020-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit linux-info autotools + +DESCRIPTION="nftables load balancer" +HOMEPAGE="https://github.com/zevenet/nftlb" +SRC_URI="https://github.com/zevenet/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="AGPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND=" + net-firewall/nftables:=[modern-kernel] + dev-libs/jansson:= + dev-libs/libev:= +" +RDEPEND="${DEPEND}" + +# tests need root access +RESTRICT="test" + +PATCHES=( + "${FILESDIR}/nftlb-1.0-tests.patch" + "${FILESDIR}/nftlb-1.0-musl.patch" +) + +pkg_setup() { + local CONFIG_CHECK=" + ~NF_TABLES + ~NFT_NUMGEN + ~NFT_HASH + ~NF_NAT + ~IP_NF_NAT + " + + linux-info_pkg_setup + + if kernel_is lt 4 19; then + eerror "${PN} requires kernel version 4.19 or newer" + fi +} + +src_prepare() { + default + eautoreconf +} + +src_test() { + pushd tests >/dev/null || die + + sed -e "s:/var/log/syslog:\"${T}/tests.log\":" \ + -i exec_tests.sh || die + + ./exec_tests.sh || die "tests failed" + + popd >/dev/null || die +} diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest index 8052816a0262..e9b530a80daa 100644 --- a/net-firewall/nufw/Manifest +++ b/net-firewall/nufw/Manifest @@ -5,5 +5,5 @@ AUX nufw-2.2.22-var-run.patch 1438 BLAKE2B 259d96d3a7386ac30f4ca7a88ecb0a4714b04 AUX nufw-conf.d 122 BLAKE2B 3263b28a9a783f35920a30cb022fe86b8a0fdc05b45c5a191e53c0b201ca38da9fe9eeda82866cf69dc760e0ff2fcd0264ee17f53f03a6077b63d9fcbd2dd1f0 SHA512 df48fc1843bf07e7ccfacd647caafc43752fdfa76da09a89d9ec0d76b79746c60c70f68c004c7e37899f195ae63adefc7d1c1b2c7b41da27911eb4cdc54212fb AUX nufw-init.d 273 BLAKE2B 00827d4cf93b484c6563b7bccc4020e9de0e8f2652eb29f9b1a64dfb4333b7e04b370f977a43a8f9af4b680d62e658a7779822c6671059e83a5ceea7f1872f5e SHA512 7f8b16532ae74b6aae8a9c7ef4a7509b66253f03a47c8ee521163a35db525e8c25b091289e10337307906a27e0aba558bd2a28dc0b91cbc09ce17ba78002d0e1 DIST nufw-2.2.22.tar.bz2 597491 BLAKE2B 4c3092aeaced237ceb9faa16cff275938de23cdca31d2d6f6406238a0fe75ad15468f91a80b1d6e0bfc6dac520b6331ee19a1d95a006d591b891b91aad6caa8b SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee -EBUILD nufw-2.2.22-r3.ebuild 2701 BLAKE2B c7bb93df4e851e4adcfb809ce1dd06dce0fe43bd9c64cc6e366371fdf721a4dc7286e271aab6c7541fcce2673c752a4b504e44cc1a2d4f1f529e85cf6ddcde06 SHA512 75f4f61e3d502220c77fa69997eb5337bf3a19ea64da68cf744c6c2197a4627ef3ebf99cfe4d96e477b3980772be3381423b78e5fb6a5f11a61dc53d98b4d1f4 +EBUILD nufw-2.2.22-r3.ebuild 2692 BLAKE2B a944a0617512b5dd070ff1545d8db5c28c25bedb6f5220f3600551f8ebcc6463365b63b49ad67938e069aed29a2b69393753dcaed69a0ac00d942fc0bcbcf202 SHA512 4dc3c91c8a751c0abb966b184d25c251d1e4dffef9ad41788f5b211b392726ee2e6aa0ac596452b88151ac160c92d06ba6d3451ed29469489b03b788169403f8 MISC metadata.xml 640 BLAKE2B c06edc5ba48c7b4447ff1c823f54dcea87f56a727a11d77c33e348a516d904a3d08cb2657090a8acfee0f985b45898c4469db865dec5ae5faa39738e4c7106c1 SHA512 0db8eb5af7d4b1fb42189b30b303314cdc0beedb7a85962f3539a446751e8f6d2c298bfc2e33d6bf806b2543e1ef0631b98c1f447cca42302845376324828fef diff --git a/net-firewall/nufw/nufw-2.2.22-r3.ebuild b/net-firewall/nufw/nufw-2.2.22-r3.ebuild index d8bbd19926f2..9dbc74d1518b 100644 --- a/net-firewall/nufw/nufw-2.2.22-r3.ebuild +++ b/net-firewall/nufw/nufw-2.2.22-r3.ebuild @@ -1,10 +1,10 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 SSL_CERT_MANDATORY=1 -inherit autotools flag-o-matic multilib pam ssl-cert +inherit autotools flag-o-matic pam ssl-cert DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" HOMEPAGE="http://www.nufw.org/" diff --git a/net-firewall/sanewall/Manifest b/net-firewall/sanewall/Manifest index 714972aaddde..a4a00faa9e9b 100644 --- a/net-firewall/sanewall/Manifest +++ b/net-firewall/sanewall/Manifest @@ -1,5 +1,5 @@ AUX sanewall.confd 120 BLAKE2B e2b3da4e1b3106641d8bab89ee61597e25b4a3f8f87fc6586de77d46eaed8bb108044c0f32c1f079a6068a94ed496c02cf9368433261f6b6755a277fce613f6c SHA512 5b8468d6e167ab00e37481618650f4844cb186465097a3cbca8a462940f324d50447d464d8db58666c77909231c3d664022bd7979501d3496ad627bf726cfa7e AUX sanewall.initd 1051 BLAKE2B 3b5523d5c0b779aa76154ab0ab14f5c43bb742df68ea3bee6649c9fa3a7b089dbf7ffcea60cc27e8f2d80262197107f630ed0dec3862cd084ba75431f11a44d5 SHA512 2272e7ee2a7d2c0bf97d1fdfb0cfd2b271626d8934545fca20c1c3757b4b90f5f715417c0e2d48e900a12a4d72a5fb0005294ef753b3c1b1ed8d5f217da7f571 DIST sanewall-1.1.6.tar.xz 585316 BLAKE2B 027454da387d251af8268e38a97a7a1c7ee82a95429059ecdae23453a7c31676c5afb0b0f9bbdc4ed60f879479070fb8a057b3a5914290d768736abd1f46cadd SHA512 73260197b88816e90b15fc244a5940c290ec99c82eb8e50338b4f0f88710900c8cd18920c6f319205e527859c0696da28798428ab04b03c7f355c1d8ba6f7ca0 -EBUILD sanewall-1.1.6-r3.ebuild 1443 BLAKE2B c74b59f365f608601ceb187cea157addd9802d923e3a1d33ec0a306a429960cc613b7628ed4f22ed33c9fee578743c1b296c404398da21380b25ecf50a3840ec SHA512 4ceaea699a68fde92510b1e10485aca5e9dea25de2e03e1b293c6e73d8acc7d15e0e5a1a076f34b3dfb782bd2240cd71d941ca3686a34ba88b451c925a3bb7df +EBUILD sanewall-1.1.6-r4.ebuild 1446 BLAKE2B 222a29899c98a16b1190e1ecfc16d1bc11df69c041df941d0c99fbc4126f1626db87898a6707fac83e98622bdb4c26a7beebbb058065b9bddb8a63c06bedd189 SHA512 39773032845206c36786df2dd65a996a506cf752baf6717777334f55a35c9028962e9737aa958e941fd612d7620b2a2af210dd82959a3ba99d3f0411a561b733 MISC metadata.xml 167 BLAKE2B 868e3b584722eaacf68273db062bb773d8c7e5d7ab2b81ca7e8397643bf7cc106c3a1033594401c99c54f667bb45d6b73f9048fc335580bbd44b4589ad26a832 SHA512 30caadd1496c3b9969136038239a1d8e01f236726b4022c2d7e19ca7575f25f735e556835e581afbf44fbd3e4104c40f2b5ef5fa70118d75c881fdf871962d0a diff --git a/net-firewall/sanewall/sanewall-1.1.6-r3.ebuild b/net-firewall/sanewall/sanewall-1.1.6-r3.ebuild deleted file mode 100644 index 0fe04aa29826..000000000000 --- a/net-firewall/sanewall/sanewall-1.1.6-r3.ebuild +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit linux-info - -DESCRIPTION="iptables firewall generator (fork of firehol)" -HOMEPAGE="https://www.sanewall.org" -SRC_URI="https://download.sanewall.org/releases/${PV}/${P}.tar.xz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~amd64 ~x86" - -RDEPEND=" - net-firewall/iptables[ipv6] - sys-apps/iproute2[-minimal] - sys-apps/kmod[tools] - sys-apps/net-tools - || ( - net-misc/wget - net-misc/curl - ) -" -DEPEND="" - -pkg_setup() { - local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \ - ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \ - ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \ - ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER" - - get_version - if [[ ${KV_PATCH} -ge 25 ]] ; then - CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}" - else - CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}" - fi - linux-info_pkg_setup -} - -src_install() { - default - newconfd "${FILESDIR}"/${PN}.confd ${PN} - newinitd "${FILESDIR}"/${PN}.initd ${PN} -} - -pkg_postinst() { - # install default configuration if it doesn't exist - if [[ ! -e "${ROOT}"/etc/${PN}/${PN}.conf ]] ; then - einfo "Installing a sample configuration to ${ROOT}/etc/${PN}/${PN}.conf" - cp "${ROOT}"/etc/${PN}/${PN}.conf.example "${ROOT}"/etc/${PN}/${PN}.conf || die - fi -} diff --git a/net-firewall/sanewall/sanewall-1.1.6-r4.ebuild b/net-firewall/sanewall/sanewall-1.1.6-r4.ebuild new file mode 100644 index 000000000000..3381cbed5e8b --- /dev/null +++ b/net-firewall/sanewall/sanewall-1.1.6-r4.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit linux-info + +DESCRIPTION="iptables firewall generator (fork of firehol)" +HOMEPAGE="https://www.sanewall.org" +SRC_URI="https://download.sanewall.org/releases/${PV}/${P}.tar.xz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +RDEPEND=" + net-firewall/iptables[ipv6(+)] + sys-apps/iproute2[-minimal] + sys-apps/kmod[tools] + sys-apps/net-tools + || ( + net-misc/wget + net-misc/curl + ) +" +DEPEND="" + +pkg_setup() { + local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \ + ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \ + ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \ + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER" + + get_version + if [[ ${KV_PATCH} -ge 25 ]] ; then + CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}" + else + CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}" + fi + linux-info_pkg_setup +} + +src_install() { + default + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.initd ${PN} +} + +pkg_postinst() { + # install default configuration if it doesn't exist + if [[ ! -e "${ROOT}"/etc/${PN}/${PN}.conf ]] ; then + einfo "Installing a sample configuration to ${ROOT}/etc/${PN}/${PN}.conf" + cp "${ROOT}"/etc/${PN}/${PN}.conf.example "${ROOT}"/etc/${PN}/${PN}.conf || die + fi +} diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest index 841c9a9885b1..306a52d4137c 100644 --- a/net-firewall/shorewall/Manifest +++ b/net-firewall/shorewall/Manifest @@ -22,5 +22,5 @@ DIST shorewall-init-5.2.8.tar.bz2 42589 BLAKE2B 74e265ed9d938b6130800f548f5f4765 DIST shorewall-lite-5.2.8.tar.bz2 47250 BLAKE2B 2fff00d7a6248a3db0aa5d6b3ed041b06bdfa35b71195088659afd4036cf61c6bc2f3de739803d4e26e56785aa90c87ec6a2120239183351fae7a54065f1a629 SHA512 d72f260b095f1dfb2b0a0c967ae80bfd7f5f3469a08eb446c0b3e1b1e662cb500510b75f2979a00a9ef57b16e6a23a95483c34e2a5c5d2d090bc1e071ea87292 DIST shorewall6-5.2.8.tar.bz2 203102 BLAKE2B d9117d42cd25e18aa1104ec3f4498227eedcce5c3531623e2e4d6ec27ba5221f98e1ae2e596ac90d7415cd366b2dbfdd024adaaef0c1c2756900188bde105903 SHA512 7044efe84b2c585fcd0bfb661666c71cea140157f22ba7d4881006e24d785eb0091c071c825fa5948bc1383e7fd4617cc8f3d4e68865cf472ddea3811bf1833d DIST shorewall6-lite-5.2.8.tar.bz2 47178 BLAKE2B 47026c3fdab7564c8e48b653a4c67db99fe5ff07de723169f65185aea563691806164a637a38c419d19619cf1380462fa7287b0993d9389dd311393bac911602 SHA512 a80ffc7baf7800e024e41a0f9736543b15d10f2d403540e48e8a2cd2ba0196ce04ff01ac98fc03852c7d268bb4954714dd428375e768b80aa4792683b8775935 -EBUILD shorewall-5.2.8.ebuild 16943 BLAKE2B 33ce7acd62973b90205a85616f31b0bcbe4655222110e00c5bb7312e51b5d66acbeff1ddb125b59a48e6c4b8311bb6055e7e9579acb84a35c3ef62cc705ccd4d SHA512 b450c0060aa58829a4001431145635fc128006b80af3104f4ab42a6916b6cda576310b4adc520fd6b25ac0a0ad505fb1c9d758ce88c717ea5d1f7520f01a0445 +EBUILD shorewall-5.2.8-r1.ebuild 16955 BLAKE2B 291631c586a50aa34b11561f97b6e7e1a73447018f5b2f11410168c0b4d1415c115be50fcbf39734f1581360d8c831a7613413600884845805e9877bbc9e494e SHA512 343cba6edbb1ac8a7880185c03c28636ea4f143d60413d381a0fcbf7a40004b3c5a0925e10c07a0462b65d31ca92896ac3d7662e5e1c9bb254f8cd191f60475d MISC metadata.xml 2255 BLAKE2B 669608503b5252aac383a628d8efd16a280d390f52670178ee95d6b025ae0261e06a7cb59a667bbaa8590fa07c346e75133ff1542be681ec33798ec2d48bb156 SHA512 8b1663236afb891caa8faab343063d64cf8963540d4286e42285c97c29cb5d27561eca6a80a17488c8a58be4bde0fff4f720c27f27d85d6366ed823da989c4c9 diff --git a/net-firewall/shorewall/shorewall-5.2.8-r1.ebuild b/net-firewall/shorewall/shorewall-5.2.8-r1.ebuild new file mode 100644 index 000000000000..0053c3c05ee4 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.2.8-r1.ebuild @@ -0,0 +1,482 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit linux-info prefix systemd + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="https://shorewall.org/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(ver_cut 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(ver_cut 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + if [[ ${MY_PV} = *-Beta* ]] ; then + MY_URL_SUFFIX="-Beta${MY_PV##*-Beta}" + elif [[ ${MY_PV} = *-RC* ]] ; then + MY_URL_SUFFIX="-RC${MY_PV##*-RC}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha amd64 ~hppa ppc ppc64 sparc x86" +fi + +SRC_URI=" + https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See https://shorewall.org/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6(+)] + >=sys-apps/iproute2-3.8.0[ipv6(+)] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6(+)] + >=sys-apps/iproute2-3.8.0[ipv6(+)] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !=4.19 has unified NF_CONNTRACK module, bug 671176 + if kernel_is -lt 4 19; then + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + sed -i \ + -e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \ + "${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc" + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + pushd "${S}"/${MY_PN_CORE} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + + pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die + eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch + popd &>/dev/null || die + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + pushd "${S}"/${MY_PN_INIT} &>/dev/null || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r2.patch + popd &>/dev/null || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${ED}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + DESTDIR="${ED}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + keepdir /var/lib/shorewall + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + DESTDIR="${ED}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + keepdir /var/lib/shorewall6 + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + DESTDIR="${ED}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + keepdir /var/lib/shorewall-lite + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + DESTDIR="${ED}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + keepdir /var/lib/shorewall6-lite + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${ED}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${ED}/etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${ED}/etc/logrotate.d/shorewall-init\" ..." + rm -rf "${ED}"/etc/logrotate.d/shorewall-init || die "Removing \"${ED}/etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${ED}/etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${ED}/etc/NetworkManager\" ..." + rm -rf "${ED}"/etc/NetworkManager || die "Removing \"${ED}/etc/NetworkManager\" failed" + fi + + if [[ -f "${ED}/usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${ED}"/usr/share/shorewall-init/ifupdown || die "Removing \"${ED}/usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " https://shorewall.org/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! ver_test ${v} -ge ${MY_MAJOR_RELEASE_NUMBER}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - https://shorewall.org/Shorewall-5.html#idm214" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " https://shorewall.org/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.2.8.ebuild b/net-firewall/shorewall/shorewall-5.2.8.ebuild deleted file mode 100644 index 566917fbfb31..000000000000 --- a/net-firewall/shorewall/shorewall-5.2.8.ebuild +++ /dev/null @@ -1,482 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit linux-info prefix systemd - -DESCRIPTION='A high-level tool for configuring Netfilter' -HOMEPAGE="https://shorewall.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" - -MY_PV=${PV/_rc/-RC} -MY_PV=${MY_PV/_beta/-Beta} -MY_P=${PN}-${MY_PV} - -MY_MAJOR_RELEASE_NUMBER=$(ver_cut 1-2) -MY_MAJORMINOR_RELEASE_NUMBER=$(ver_cut 1-3) - -# shorewall -MY_PN_IPV4=Shorewall -MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} - -# shorewall6 -MY_PN_IPV6=Shorewall6 -MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} - -# shorewall-lite -MY_PN_LITE4=Shorewall-lite -MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} - -# shorewall6-lite -MY_PN_LITE6=Shorewall6-lite -MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} - -# shorewall-init -MY_PN_INIT=Shorewall-init -MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} - -# shorewall-core -MY_PN_CORE=Shorewall-core -MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} - -# shorewall-docs-html -MY_PN_DOCS=Shorewall-docs-html -MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} - -# Upstream URL schema: -# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 -# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 -# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 - -MY_URL_PREFIX= -MY_URL_SUFFIX= -if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then - MY_URL_PREFIX='development/' - - if [[ ${MY_PV} = *-Beta* ]] ; then - MY_URL_SUFFIX="-Beta${MY_PV##*-Beta}" - elif [[ ${MY_PV} = *-RC* ]] ; then - MY_URL_SUFFIX="-RC${MY_PV##*-RC}" - fi - - # Cleaning up temporary variables - unset _tmp_last_index - unset _tmp_suffix -else - KEYWORDS="~alpha amd64 ~hppa ppc ppc64 sparc x86" -fi - -SRC_URI=" - https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 - ipv4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) - ipv6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) - lite4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) - lite6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) - init? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) - doc? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) -" - -# - Shorewall6 requires Shorewall -# - Installing Shorewall-init or just the documentation doesn't make any sense, -# that's why we force the user to select at least one "real" Shorewall product -# -# See https://shorewall.org/download.htm#Which -REQUIRED_USE=" - ipv6? ( ipv4 ) - || ( ipv4 lite4 lite6 ) -" - -# No build dependencies! Just plain shell scripts... -DEPEND="" - -RDEPEND=" - >=net-firewall/iptables-1.4.20 - >=sys-apps/iproute2-3.8.0[-minimal] - >=sys-devel/bc-1.06.95 - ipv4? ( - >=dev-lang/perl-5.16 - virtual/perl-Digest-SHA - ) - ipv6? ( - >=dev-perl/Socket6-0.230.0 - >=net-firewall/iptables-1.4.20[ipv6] - >=sys-apps/iproute2-3.8.0[ipv6] - ) - lite6? ( - >=net-firewall/iptables-1.4.20[ipv6] - >=sys-apps/iproute2-3.8.0[ipv6] - ) - init? ( >=sys-apps/coreutils-8.20 ) - selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) - !net-firewall/shorewall-core - !net-firewall/shorewall6 - !net-firewall/shorewall-lite - !net-firewall/shorewall6-lite - !net-firewall/shorewall-init - !=4.19 has unified NF_CONNTRACK module, bug 671176 - if kernel_is -lt 4 19; then - if use ipv4 || use lite4; then - CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" - - local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" - local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." - fi - - if use ipv6 || use lite6; then - CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" - - local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" - local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." - fi - fi - - check_extra_config -} - -pkg_setup() { - if [[ -n "${DIGEST}" ]]; then - einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." - unset DIGEST - fi -} - -src_prepare() { - # We are moving each unpacked source from MY_P_* to MY_PN_*. - # This allows us to use patches from upstream and keeps epatch_user working - - einfo "Preparing shorewallrc ..." - cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" - eprefixify "${S}"/shorewallrc.gentoo - sed -i \ - -e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \ - "${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc" - - # shorewall-core - mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" - ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." - ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" - eend 0 - - pushd "${S}"/${MY_PN_CORE} &>/dev/null || die - eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch - popd &>/dev/null || die - - # shorewall - if use ipv4; then - mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" - ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" - ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" - cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" - cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" - cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" - eend 0 - - pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die - eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch - popd &>/dev/null || die - fi - - # shorewall6 - if use ipv6; then - mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" - ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" - ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" - cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" - cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" - cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" - eend 0 - - pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die - eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch - popd &>/dev/null || die - fi - - # shorewall-lite - if use lite4; then - mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" - ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" - ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" - cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" - cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" - cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" - eend 0 - - pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die - eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch - popd &>/dev/null || die - fi - - # shorewall6-lite - if use lite6; then - mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" - ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" - ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" - cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" - cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" - cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" - eend 0 - - pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die - eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch - popd &>/dev/null || die - fi - - # shorewall-init - if use init; then - mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" - ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" - ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" - cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" - cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" - cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" - cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" - eend 0 - - eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh - - pushd "${S}"/${MY_PN_INIT} &>/dev/null || die - eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r2.patch - popd &>/dev/null || die - fi - - # shorewall-docs-html - if use doc; then - mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" - fi - - eapply_user -} - -src_configure() { - :; -} - -src_compile() { - :; -} - -src_install() { - # shorewall-core - einfo "Installing ${MY_P_CORE} ..." - DESTDIR="${ED}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" - dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt - - # shorewall - if use ipv4; then - einfo "Installing ${MY_P_IPV4} ..." - DESTDIR="${ED}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" - keepdir /var/lib/shorewall - - if use doc; then - dodoc -r "${S}"/${MY_PN_IPV4}/Samples - fi - fi - - # shorewall6 - if use ipv6; then - einfo "Installing ${MY_P_IPV6} ..." - DESTDIR="${ED}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" - keepdir /var/lib/shorewall6 - - if use doc; then - dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 - fi - fi - - # shorewall-lite - if use lite4; then - einfo "Installing ${MY_P_LITE4} ..." - DESTDIR="${ED}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" - keepdir /var/lib/shorewall-lite - fi - - # shorewall6-lite - if use lite6; then - einfo "Installing ${MY_P_LITE6} ..." - DESTDIR="${ED}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" - keepdir /var/lib/shorewall6-lite - fi - - # shorewall-init - if use init; then - einfo "Installing ${MY_P_INIT} ..." - DESTDIR="${ED}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" - dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt - - if [[ -f "${ED}/etc/logrotate.d/shorewall-init" ]]; then - # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, - # so we don't need a logrotate configuration file for shorewall-init - einfo "Removing unused \"${ED}/etc/logrotate.d/shorewall-init\" ..." - rm -rf "${ED}"/etc/logrotate.d/shorewall-init || die "Removing \"${ED}/etc/logrotate.d/shorewall-init\" failed" - fi - - if [[ -d "${ED}/etc/NetworkManager" ]]; then - # On Gentoo, we don't support NetworkManager - # so we don't need this folder at all - einfo "Removing unused \"${ED}/etc/NetworkManager\" ..." - rm -rf "${ED}"/etc/NetworkManager || die "Removing \"${ED}/etc/NetworkManager\" failed" - fi - - if [[ -f "${ED}/usr/share/shorewall-init/ifupdown" ]]; then - # This script isn't supported on Gentoo - rm -rf "${ED}"/usr/share/shorewall-init/ifupdown || die "Removing \"${ED}/usr/share/shorewall-init/ifupdown\" failed" - fi - fi - - if use doc; then - einfo "Installing ${MY_P_DOCS} ..." - docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* - fi -} - -pkg_postinst() { - if [[ -z "${REPLACING_VERSIONS}" ]]; then - # This is a new installation - - # Show first steps for shorewall/shorewall6 - local _PRODUCTS="" - if use ipv4; then - _PRODUCTS="shorewall" - - if use ipv6; then - _PRODUCTS="${_PRODUCTS}/shorewall6" - fi - fi - - if [[ -n "${_PRODUCTS}" ]]; then - elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" - elog "" - elog " /etc/shorewall/shorewall.conf" - - if use ipv6; then - elog " /etc/shorewall6/shorewall6.conf" - fi - - elog "" - elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" - elog "" - elog " # rc-update add shorewall default" - - if use ipv6; then - elog " # rc-update add shorewall6 default" - fi - fi - - # Show first steps for shorewall-lite/shorewall6-lite - _PRODUCTS="" - if use lite4; then - _PRODUCTS="shorewall-lite" - fi - - if use lite6; then - if [[ -z "${_PRODUCTS}" ]]; then - _PRODUCTS="shorewall6-lite" - else - _PRODUCTS="${_PRODUCTS}/shorewall6-lite" - fi - fi - - if [[ -n "${_PRODUCTS}" ]]; then - if use ipv4; then - elog "" - fi - - elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" - elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." - elog "" - elog "To read more about ${_PRODUCTS}, please visit" - elog " https://shorewall.org/CompiledPrograms.html" - elog "" - elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" - elog "" - - if use lite4; then - elog " # rc-update add shorewall-lite default" - fi - - if use lite6; then - elog " # rc-update add shorewall6-lite default" - fi - fi - - if use init; then - elog "" - elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" - elog "" - elog " # rc-update add shorewall-init boot" - elog "" - elog "and review \$PRODUCTS in" - elog "" - elog " /etc/conf.d/shorewall-init" - fi - - fi - - local v - for v in ${REPLACING_VERSIONS}; do - if ! ver_test ${v} -ge ${MY_MAJOR_RELEASE_NUMBER}; then - # This is an upgrade - - elog "You are upgrading from a previous major version. It is highly recommended that you read" - elog "" - elog " - /usr/share/doc/shorewall*/releasenotes.tx*" - elog " - https://shorewall.org/Shorewall-5.html#idm214" - - if use ipv4; then - elog "" - elog "You can auto-migrate your configuration using" - elog "" - elog " # shorewall update -A" - - if use ipv6; then - elog " # shorewall6 update -A" - fi - - elog "" - elog "*after* you have merged the changed files using one of the configuration" - elog "files update tools of your choice (dispatch-conf, etc-update...)." - - elog "" - elog "But if you are not familiar with the \"shorewall[6] update\" command," - elog "please read the shorewall[6] man page first." - fi - - # Show this elog only once - break - fi - done - - if ! use init; then - elog "" - elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" - elog "before your shorewall-based firewall is ready to start." - elog "" - elog "To read more about shorewall-init, please visit" - elog " https://shorewall.org/Shorewall-init.html" - fi - - if ! has_version "net-firewall/conntrack-tools"; then - elog "" - elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" - elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" - fi - - if ! has_version "dev-perl/Devel-NYTProf"; then - elog "" - elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" - fi -} diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest index 26a9156b67df..5a4e3ae8ed1c 100644 --- a/net-firewall/ufw/Manifest +++ b/net-firewall/ufw/Manifest @@ -9,5 +9,5 @@ AUX ufw-2.initd 2611 BLAKE2B b6a75e023ad0efeeef168e7e074c716ec66f40d3bde9f99cf1a AUX ufw.confd 219 BLAKE2B 8ed5dec5dd9acc84715918240e31398268ff36f73bb2cfc10e64e0593e59cc7f5b988f8545ddea37f19d9b40e870d743bea66edd7da1e3d2753b6edda8afa352 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 AUX ufw.service 329 BLAKE2B e817fc85b3bdb21b47a3089c6f2204292a019eaeae510832530f0e09f8784a312dd636fa3cf90610bb3159d52b4bdaadf803699ac4bff31576b566a3e977b2d2 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7 DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3 -EBUILD ufw-0.36.ebuild 6201 BLAKE2B 7c54de70da56fa3ed13dfa014a3d979b9583542a33331c44fbc72e02fbf8618e2eeea10ce1dc0f57a272b04dde4ac5cbdb820da97f9c4da03946a507f0c58749 SHA512 fedf759d4655494001ba9f1ce31bb41540f460b12ec89bfec65fc158e104265eb519e06a227392bb33ba6809f5dac91248b9e1888c11427352703a82f2b76524 +EBUILD ufw-0.36-r1.ebuild 6204 BLAKE2B ec62cbe52243f10575a6d88565b77bff351e7313fdfb75f36e7abebd8615a2094fb1e9e97c212240854e77b66e581a79c21340d07e520c7961ac7d7e480c10b8 SHA512 d6721e0ae0dff4fe744a14749c9a4363a32a8ce55e52bb1bf408f069747561fa597c91574765d089d1b8092ab4a189f65965a0e725b50b249dd2e546cd52684f MISC metadata.xml 922 BLAKE2B 0c91f6735dd5504990a134e76089fac6f83aeb8f02e62be3a0e66c82d71c8013867b196c952d769247f2ab30786b753114361c066a0b892f79b342491370aedf SHA512 592b21153b57e3ccbd66bde46e4d2ff0768f1c678bc9154e8dd9a728f5f6ca13f71f9349381dba9667e6ed5ae30f38f5d95378d665475694cf9b49edde549a23 diff --git a/net-firewall/ufw/ufw-0.36-r1.ebuild b/net-firewall/ufw/ufw-0.36-r1.ebuild new file mode 100644 index 000000000000..e6626c0697dd --- /dev/null +++ b/net-firewall/ufw/ufw-0.36-r1.ebuild @@ -0,0 +1,219 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..10} ) +DISTUTILS_IN_SOURCE_BUILD=1 +DISTUTILS_USE_SETUPTOOLS=no + +inherit bash-completion-r1 distutils-r1 linux-info systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="https://launchpad.net/ufw" +SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ~arm arm64 ~ia64 ppc ppc64 ~riscv sparc x86" +IUSE="examples ipv6" + +RDEPEND=">=net-firewall/iptables-1.4[ipv6(+)?] + ! /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto "/usr/share/doc/${PF}/logging/syslog-ng" + doins -r "${FILESDIR}"/syslog-ng/* + + insinto "/usr/share/doc/${PF}/logging/rsyslog" + doins -r "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto "/usr/share/doc/${PF}/examples" + doins -r examples/* + fi + newbashcomp shell-completion/bash "${PN}" + + [[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}/usr/sbin/ufw" +} + +pkg_postinst() { + local print_check_req_warn + print_check_req_warn=false + + local found=() + local apps=( "net-firewall/arno-iptables-firewall" + "net-firewall/ferm" + "net-firewall/firehol" + "net-firewall/firewalld" + "net-firewall/ipkungfu" ) + + for exe in "${apps[@]}" + do + if has_version "${exe}"; then + found+=( "${exe}" ) + fi + done + + if [[ -n ${found} ]]; then + echo "" + ewarn "WARNING: Detected other firewall applications:" + ewarn "${found[@]}" + ewarn "If enabled, these applications may interfere with ufw!" + fi + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + echo "" + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + print_check_req_warn=true + else + local rv + for rv in "${REPLACING_VERSIONS}"; do + local major=${rv%%.*} + local minor=${rv#${major}.} + if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then + print_check_req_warn=true + fi + done + fi + if [[ "${print_check_req_warn}" == "true" ]]; then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} diff --git a/net-firewall/ufw/ufw-0.36.ebuild b/net-firewall/ufw/ufw-0.36.ebuild deleted file mode 100644 index a7443cf4f135..000000000000 --- a/net-firewall/ufw/ufw-0.36.ebuild +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..10} ) -DISTUTILS_IN_SOURCE_BUILD=1 -DISTUTILS_USE_SETUPTOOLS=no - -inherit bash-completion-r1 distutils-r1 linux-info systemd - -DESCRIPTION="A program used to manage a netfilter firewall" -HOMEPAGE="https://launchpad.net/ufw" -SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="amd64 ~arm arm64 ~ia64 ppc ppc64 ~riscv sparc x86" -IUSE="examples ipv6" - -RDEPEND=">=net-firewall/iptables-1.4[ipv6?] - ! /dev/null || die - - local lang - for lang in *.po; do - if ! has "${lang%.po}" ${LINGUAS}; then - rm "${lang}" || die - else - _EMPTY_LOCALE_LIST="no" - fi - done - - popd > /dev/null || die - else - _EMPTY_LOCALE_LIST="no" - fi - - distutils-r1_python_prepare_all -} - -python_install_all() { - newconfd "${FILESDIR}"/ufw.confd ufw - newinitd "${FILESDIR}"/ufw-2.initd ufw - systemd_dounit "${FILESDIR}/ufw.service" - - exeinto /usr/share/${PN} - doexe tests/check-requirements - - # users normally would want it - insinto "/usr/share/doc/${PF}/logging/syslog-ng" - doins -r "${FILESDIR}"/syslog-ng/* - - insinto "/usr/share/doc/${PF}/logging/rsyslog" - doins -r "${FILESDIR}"/rsyslog/* - doins doc/rsyslog.example - - if use examples; then - insinto "/usr/share/doc/${PF}/examples" - doins -r examples/* - fi - newbashcomp shell-completion/bash "${PN}" - - [[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo - - distutils-r1_python_install_all - python_replicate_script "${D}/usr/sbin/ufw" -} - -pkg_postinst() { - local print_check_req_warn - print_check_req_warn=false - - local found=() - local apps=( "net-firewall/arno-iptables-firewall" - "net-firewall/ferm" - "net-firewall/firehol" - "net-firewall/firewalld" - "net-firewall/ipkungfu" ) - - for exe in "${apps[@]}" - do - if has_version "${exe}"; then - found+=( "${exe}" ) - fi - done - - if [[ -n ${found} ]]; then - echo "" - ewarn "WARNING: Detected other firewall applications:" - ewarn "${found[@]}" - ewarn "If enabled, these applications may interfere with ufw!" - fi - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - echo "" - elog "To enable ufw, add it to boot sequence and activate it:" - elog "-- # rc-update add ufw boot" - elog "-- # /etc/init.d/ufw start" - echo - elog "If you want to keep ufw logs in a separate file, take a look at" - elog "/usr/share/doc/${PF}/logging." - print_check_req_warn=true - else - local rv - for rv in "${REPLACING_VERSIONS}"; do - local major=${rv%%.*} - local minor=${rv#${major}.} - if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then - print_check_req_warn=true - fi - done - fi - if [[ "${print_check_req_warn}" == "true" ]]; then - echo - elog "/usr/share/ufw/check-requirements script is installed." - elog "It is useful for debugging problems with ufw. However one" - elog "should keep in mind that the script assumes IPv6 is enabled" - elog "on kernel and net-firewall/iptables, and fails when it's not." - fi - echo - ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" - ewarn "default. See README, Remote Management section for more information." -} -- cgit v1.2.3