diff options
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/conntrack-tools/conntrack-tools-1.4.7.ebuild | 105 | ||||
| -rw-r--r-- | net-firewall/firewalld/Manifest | 2 | ||||
| -rw-r--r-- | net-firewall/firewalld/firewalld-1.3.0.ebuild | 216 | ||||
| -rw-r--r-- | net-firewall/firewalld/firewalld-1.3.1.ebuild | 216 | ||||
| -rw-r--r-- | net-firewall/ipset/Manifest | 2 | ||||
| -rw-r--r-- | net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch | 11 | ||||
| -rw-r--r-- | net-firewall/ipset/ipset-7.15.ebuild | 114 | ||||
| -rw-r--r-- | net-firewall/ipset/ipset-7.16-r1.ebuild | 119 | ||||
| -rw-r--r-- | net-firewall/nftables/Manifest | 4 | ||||
| -rw-r--r-- | net-firewall/nftables/nftables-1.0.5-r1.ebuild | 231 | ||||
| -rw-r--r-- | net-firewall/nftables/nftables-1.0.6-r1.ebuild | 231 | ||||
| -rw-r--r-- | net-firewall/xtables-addons/Manifest | 2 | ||||
| -rw-r--r-- | net-firewall/xtables-addons/xtables-addons-3.20.ebuild | 189 | ||||
| -rw-r--r-- | net-firewall/xtables-addons/xtables-addons-3.21.ebuild | 189 |
14 files changed, 0 insertions, 1631 deletions
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.7.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.7.ebuild deleted file mode 100644 index 2d0e25171711..000000000000 --- a/net-firewall/conntrack-tools/conntrack-tools-1.4.7.ebuild +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc -inherit linux-info systemd verify-sig - -DESCRIPTION="Connection tracking userspace tools" -HOMEPAGE="https://conntrack-tools.netfilter.org" -SRC_URI="https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2 - verify-sig? ( https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2.sig )" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm64 ~hppa ppc ppc64 ~riscv x86" -IUSE="doc +cthelper +cttimeout systemd" - -RDEPEND=" - >=net-libs/libmnl-1.0.3 - >=net-libs/libnetfilter_conntrack-1.0.9 - >=net-libs/libnetfilter_queue-1.0.2 - >=net-libs/libnfnetlink-1.0.1 - net-libs/libtirpc - cthelper? ( - >=net-libs/libnetfilter_cthelper-1.0.0 - ) - cttimeout? ( - >=net-libs/libnetfilter_cttimeout-1.0.0 - ) - systemd? ( - >=sys-apps/systemd-227 - ) -" -DEPEND="${RDEPEND}" -BDEPEND=" - sys-devel/bison - sys-devel/flex - virtual/pkgconfig - doc? ( - app-text/docbook-xml-dtd:4.1.2 - app-text/xmlto - ) - verify-sig? ( sec-keys/openpgp-keys-netfilter ) -" - -pkg_setup() { - linux-info_pkg_setup - - if kernel_is lt 2 6 18 ; then - die "${PN} requires at least 2.6.18 kernel version" - fi - - # netfilter core team has changed some option names with kernel 2.6.20 - if kernel_is lt 2 6 20 ; then - CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK" - else - CONFIG_CHECK="~NF_CT_NETLINK" - fi - CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK - ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS" - - check_extra_config - - linux_config_exists || \ - linux_chkconfig_present "NF_CONNTRACK_IPV4" || \ - linux_chkconfig_present "NF_CONNTRACK_IPV6" || \ - ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \ - "are not set when one at least should be." -} - -src_prepare() { - default - - # bug #474858 - sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die -} - -src_configure() { - econf \ - $(use_enable cthelper) \ - $(use_enable cttimeout) \ - $(use_enable systemd) -} - -src_compile() { - default - - use doc && emake -C doc/manual -} - -src_install() { - default - - newinitd "${FILESDIR}"/conntrackd.initd-r3 conntrackd - newconfd "${FILESDIR}"/conntrackd.confd-r2 conntrackd - - insinto /etc/conntrackd - doins doc/stats/conntrackd.conf - - systemd_dounit "${FILESDIR}"/conntrackd.service - - dodoc -r doc/sync doc/stats AUTHORS TODO - use doc && dodoc doc/manual/${PN}.html -} diff --git a/net-firewall/firewalld/Manifest b/net-firewall/firewalld/Manifest index d61b351f728c..5243b7f7c53f 100644 --- a/net-firewall/firewalld/Manifest +++ b/net-firewall/firewalld/Manifest @@ -1,3 +1 @@ -DIST firewalld-1.3.0.tar.gz 2146120 BLAKE2B ea023278099e095ab46ea46f78f2e75c33ebadfc253cbc74beb56cf6176b98a3104f3d048c4b5379ce1ee0cca05010f9a90d019602233d869b563dd92de0cf7c SHA512 e20605c8f12c12a2a692eaa38d7833b0c258092a6742c1adc359928fb4fb1872667e3a3bf0bad0b139dfc132a5507a8745789745fd9408324f7d171ad2cd5d68 -DIST firewalld-1.3.1.tar.bz2 1229285 BLAKE2B cd3c42f90700ab9076b2bcf51f4a863adf6909072bd3c6a0439e1a37af4cfca7b4bcf323e0609ec22bb98f5669145636d70b394e37bf8e4641590f431d0167eb SHA512 98fb8a3fed2fa02aef2fe4940e044839693daa7a040d38e6ad5ff636e6cb60647917b80340858b28a9f3e3a4a736d7e4e6fdfe00356c072308d0c22277015574 DIST firewalld-1.3.2.tar.bz2 1225416 BLAKE2B 108302dab4a1a156bc12df4ec82a2f6fc7ad3e17ca56f68ac9cbd4f85db4cd06abc1a39275ec6d11fc41e820d9fc01f3cd59a73f44332cd3b9662d50d2eeb22a SHA512 06658d279c5ec8eadfb14f9f7053882fc2872a4e27055e9c3aac81cf93167773d592fc29bd749cb6447116419c663fac79d6df725422394409b9a2e1c4708695 diff --git a/net-firewall/firewalld/firewalld-1.3.0.ebuild b/net-firewall/firewalld/firewalld-1.3.0.ebuild deleted file mode 100644 index 79d062f3b4ae..000000000000 --- a/net-firewall/firewalld/firewalld-1.3.0.ebuild +++ /dev/null @@ -1,216 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{9..11} ) -inherit bash-completion-r1 gnome2-utils linux-info optfeature plocale python-single-r1 systemd xdg-utils - -DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall" -HOMEPAGE="https://firewalld.org/" -SRC_URI="https://github.com/firewalld/firewalld/releases/download/v${PV}/${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86" -IUSE="gui +nftables +iptables test" -# Tests are too unreliable in sandbox environment -RESTRICT="!test? ( test ) test" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" - -RDEPEND="${PYTHON_DEPS} - iptables? ( - net-firewall/iptables[ipv6(+)] - net-firewall/ebtables - net-firewall/ipset - nftables? ( net-firewall/nftables[xtables(+)] ) - ) - || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) - $(python_gen_cond_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/pygobject:3[${PYTHON_USEDEP}] - gui? ( - x11-libs/gtk+:3 - dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] - ) - nftables? ( >=net-firewall/nftables-0.9.4[python,json] ) - ')" -DEPEND="${RDEPEND} - dev-libs/glib:2" -BDEPEND="app-text/docbook-xml-dtd - >=dev-util/intltool-0.35 - sys-devel/gettext" - -# Testsuite's Makefile.am calls missing(!) -# ... but this seems to be consistent with the autoconf docs? -# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html -QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*" - -PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hr hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW" - -pkg_setup() { - # See bug #830132 for the huge list - # We can probably narrow it down a bit but it's rather fragile - local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER - ~NETFILTER_ADVANCED - ~NETFILTER_INGRESS - ~NF_NAT_MASQUERADE - ~NF_NAT_REDIRECT - ~NF_TABLES_INET - ~NF_TABLES_IPV4 - ~NF_TABLES_IPV6 - ~NF_CONNTRACK - ~NF_CONNTRACK_BROADCAST - ~NF_CONNTRACK_NETBIOS_NS - ~NF_CONNTRACK_TFTP - ~NF_CT_NETLINK - ~NF_CT_NETLINK_HELPER - ~NF_DEFRAG_IPV4 - ~NF_DEFRAG_IPV6 - ~NF_NAT - ~NF_NAT_TFTP - ~NF_REJECT_IPV4 - ~NF_REJECT_IPV6 - ~NF_SOCKET_IPV4 - ~NF_SOCKET_IPV6 - ~NF_TABLES - ~NF_TPROXY_IPV4 - ~NF_TPROXY_IPV6 - ~IP_NF_FILTER - ~IP_NF_IPTABLES - ~IP_NF_MANGLE - ~IP_NF_NAT - ~IP_NF_RAW - ~IP_NF_SECURITY - ~IP_NF_TARGET_MASQUERADE - ~IP_NF_TARGET_REJECT - ~IP6_NF_FILTER - ~IP6_NF_IPTABLES - ~IP6_NF_MANGLE - ~IP6_NF_NAT - ~IP6_NF_RAW - ~IP6_NF_SECURITY - ~IP6_NF_TARGET_MASQUERADE - ~IP6_NF_TARGET_REJECT - ~IP_SET - ~NETFILTER_CONNCOUNT - ~NETFILTER_NETLINK - ~NETFILTER_NETLINK_OSF - ~NETFILTER_NETLINK_QUEUE - ~NETFILTER_SYNPROXY - ~NETFILTER_XTABLES - ~NETFILTER_XT_CONNMARK - ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER_XT_MATCH_MULTIPORT - ~NETFILTER_XT_MATCH_STATE - ~NETFILTER_XT_NAT - ~NETFILTER_XT_TARGET_MASQUERADE - ~NFT_COMPAT - ~NFT_CT - ~NFT_FIB - ~NFT_FIB_INET - ~NFT_FIB_IPV4 - ~NFT_FIB_IPV6 - ~NFT_HASH - ~NFT_LIMIT - ~NFT_LOG - ~NFT_MASQ - ~NFT_NAT - ~NFT_OBJREF - ~NFT_QUEUE - ~NFT_QUOTA - ~NFT_REDIR - ~NFT_REJECT - ~NFT_REJECT_INET - ~NFT_REJECT_IPV4 - ~NFT_REJECT_IPV6 - ~NFT_SOCKET - ~NFT_SYNPROXY - ~NFT_TPROXY - ~NFT_TUNNEL - ~NFT_XFRM" - - # kernel >= 4.19 has unified a NF_CONNTRACK module, bug #692944 - if kernel_is -lt 4 19; then - CONFIG_CHECK+=" ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6" - fi - - # bug #831259 - if kernel_is -le 5 4 ; then - CONFIG_CHECK+=" ~NF_TABLES_SET" - fi - - # bug #853055 - if kernel_is -lt 5 18 ; then - CONFIG_CHECK+=" ~NFT_COUNTER" - fi - - linux-info_pkg_setup -} - -src_prepare() { - default - - plocale_find_changes "po" "" ".po" || die - plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS -} - -src_configure() { - python_setup - - local myeconfargs=( - --enable-systemd - $(use_with iptables iptables "${EPREFIX}/sbin/iptables") - $(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore") - $(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables") - $(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore") - $(use_with iptables ebtables "${EPREFIX}/sbin/ebtables") - $(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore") - $(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset") - --with-systemd-unitdir="$(systemd_get_systemunitdir)" - --with-bashcompletiondir="$(get_bashcompdir)" - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - default - python_optimize - - # Get rid of junk - rm -rf "${D}/etc/sysconfig/" || die - - # For non-gui installs we need to remove GUI bits - if ! use gui; then - rm -rf "${D}/etc/xdg/autostart" || die - rm -f "${D}/usr/bin/firewall-applet" || die - rm -f "${D}/usr/bin/firewall-config" || die - rm -rf "${D}/usr/share/applications" || die - rm -rf "${D}/usr/share/icons" || die - fi - - newinitd "${FILESDIR}"/firewalld.init firewalld - - # Our version drops the/an obsolete 'conflicts' line with old iptables services - # bug #833506 - systemd_dounit "${FILESDIR}"/firewalld.service -} - -pkg_preinst() { - gnome2_schemas_savelist -} - -pkg_postinst() { - xdg_icon_cache_update - gnome2_schemas_update - - # bug #833569 - optfeature "changing zones with NetworkManager" gnome-extra/nm-applet -} - -pkg_postrm() { - xdg_icon_cache_update - gnome2_schemas_update -} diff --git a/net-firewall/firewalld/firewalld-1.3.1.ebuild b/net-firewall/firewalld/firewalld-1.3.1.ebuild deleted file mode 100644 index 779a8dfedba5..000000000000 --- a/net-firewall/firewalld/firewalld-1.3.1.ebuild +++ /dev/null @@ -1,216 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{9..11} ) -inherit bash-completion-r1 gnome2-utils linux-info optfeature plocale python-single-r1 systemd xdg-utils - -DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall" -HOMEPAGE="https://firewalld.org/" -SRC_URI="https://github.com/firewalld/firewalld/releases/download/v${PV}/${P}.tar.bz2" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86" -IUSE="gui +nftables +iptables test" -# Tests are too unreliable in sandbox environment -RESTRICT="!test? ( test ) test" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" - -RDEPEND="${PYTHON_DEPS} - iptables? ( - net-firewall/iptables[ipv6(+)] - net-firewall/ebtables - net-firewall/ipset - nftables? ( net-firewall/nftables[xtables(+)] ) - ) - || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) - $(python_gen_cond_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/pygobject:3[${PYTHON_USEDEP}] - gui? ( - x11-libs/gtk+:3 - dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] - ) - nftables? ( >=net-firewall/nftables-0.9.4[python,json] ) - ')" -DEPEND="${RDEPEND} - dev-libs/glib:2" -BDEPEND="app-text/docbook-xml-dtd - >=dev-util/intltool-0.35 - sys-devel/gettext" - -# Testsuite's Makefile.am calls missing(!) -# ... but this seems to be consistent with the autoconf docs? -# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html -QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*" - -PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hr hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW" - -pkg_setup() { - # See bug #830132 for the huge list - # We can probably narrow it down a bit but it's rather fragile - local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER - ~NETFILTER_ADVANCED - ~NETFILTER_INGRESS - ~NF_NAT_MASQUERADE - ~NF_NAT_REDIRECT - ~NF_TABLES_INET - ~NF_TABLES_IPV4 - ~NF_TABLES_IPV6 - ~NF_CONNTRACK - ~NF_CONNTRACK_BROADCAST - ~NF_CONNTRACK_NETBIOS_NS - ~NF_CONNTRACK_TFTP - ~NF_CT_NETLINK - ~NF_CT_NETLINK_HELPER - ~NF_DEFRAG_IPV4 - ~NF_DEFRAG_IPV6 - ~NF_NAT - ~NF_NAT_TFTP - ~NF_REJECT_IPV4 - ~NF_REJECT_IPV6 - ~NF_SOCKET_IPV4 - ~NF_SOCKET_IPV6 - ~NF_TABLES - ~NF_TPROXY_IPV4 - ~NF_TPROXY_IPV6 - ~IP_NF_FILTER - ~IP_NF_IPTABLES - ~IP_NF_MANGLE - ~IP_NF_NAT - ~IP_NF_RAW - ~IP_NF_SECURITY - ~IP_NF_TARGET_MASQUERADE - ~IP_NF_TARGET_REJECT - ~IP6_NF_FILTER - ~IP6_NF_IPTABLES - ~IP6_NF_MANGLE - ~IP6_NF_NAT - ~IP6_NF_RAW - ~IP6_NF_SECURITY - ~IP6_NF_TARGET_MASQUERADE - ~IP6_NF_TARGET_REJECT - ~IP_SET - ~NETFILTER_CONNCOUNT - ~NETFILTER_NETLINK - ~NETFILTER_NETLINK_OSF - ~NETFILTER_NETLINK_QUEUE - ~NETFILTER_SYNPROXY - ~NETFILTER_XTABLES - ~NETFILTER_XT_CONNMARK - ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER_XT_MATCH_MULTIPORT - ~NETFILTER_XT_MATCH_STATE - ~NETFILTER_XT_NAT - ~NETFILTER_XT_TARGET_MASQUERADE - ~NFT_COMPAT - ~NFT_CT - ~NFT_FIB - ~NFT_FIB_INET - ~NFT_FIB_IPV4 - ~NFT_FIB_IPV6 - ~NFT_HASH - ~NFT_LIMIT - ~NFT_LOG - ~NFT_MASQ - ~NFT_NAT - ~NFT_OBJREF - ~NFT_QUEUE - ~NFT_QUOTA - ~NFT_REDIR - ~NFT_REJECT - ~NFT_REJECT_INET - ~NFT_REJECT_IPV4 - ~NFT_REJECT_IPV6 - ~NFT_SOCKET - ~NFT_SYNPROXY - ~NFT_TPROXY - ~NFT_TUNNEL - ~NFT_XFRM" - - # kernel >= 4.19 has unified a NF_CONNTRACK module, bug #692944 - if kernel_is -lt 4 19; then - CONFIG_CHECK+=" ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6" - fi - - # bug #831259 - if kernel_is -le 5 4 ; then - CONFIG_CHECK+=" ~NF_TABLES_SET" - fi - - # bug #853055 - if kernel_is -lt 5 18 ; then - CONFIG_CHECK+=" ~NFT_COUNTER" - fi - - linux-info_pkg_setup -} - -src_prepare() { - default - - plocale_find_changes "po" "" ".po" || die - plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS -} - -src_configure() { - python_setup - - local myeconfargs=( - --enable-systemd - $(use_with iptables iptables "${EPREFIX}/sbin/iptables") - $(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore") - $(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables") - $(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore") - $(use_with iptables ebtables "${EPREFIX}/sbin/ebtables") - $(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore") - $(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset") - --with-systemd-unitdir="$(systemd_get_systemunitdir)" - --with-bashcompletiondir="$(get_bashcompdir)" - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - default - python_optimize - - # Get rid of junk - rm -rf "${D}/etc/sysconfig/" || die - - # For non-gui installs we need to remove GUI bits - if ! use gui; then - rm -rf "${D}/etc/xdg/autostart" || die - rm -f "${D}/usr/bin/firewall-applet" || die - rm -f "${D}/usr/bin/firewall-config" || die - rm -rf "${D}/usr/share/applications" || die - rm -rf "${D}/usr/share/icons" || die - fi - - newinitd "${FILESDIR}"/firewalld.init firewalld - - # Our version drops the/an obsolete 'conflicts' line with old iptables services - # bug #833506 - systemd_dounit "${FILESDIR}"/firewalld.service -} - -pkg_preinst() { - gnome2_schemas_savelist -} - -pkg_postinst() { - xdg_icon_cache_update - gnome2_schemas_update - - # bug #833569 - optfeature "changing zones with NetworkManager" gnome-extra/nm-applet -} - -pkg_postrm() { - xdg_icon_cache_update - gnome2_schemas_update -} diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest index 6320f121cb5b..a65795385364 100644 --- a/net-firewall/ipset/Manifest +++ b/net-firewall/ipset/Manifest @@ -1,3 +1 @@ -DIST ipset-7.15.tar.bz2 680383 BLAKE2B 10acff9741370ad80a2845605be1be4f691e987b271f4dcf1fab3abfe158c63c7d39e6b3453ba7cd361dee3df92f85419cfb70806a71b6806555f6571c70b1ed SHA512 0fc936d971c30a0925c585d506c8840e782fdaeec09bc8fd249e874fe838fa55a4dbb697f6e1423a6769abf07a1ce2195abc37cb641e8e4ad70f1b4c7130916a -DIST ipset-7.16.tar.bz2 684512 BLAKE2B c2c58bd6250bab41c3c5cb2ed6a39b1cd5e47a60eca5ed19373dad6c611f5263c61cf12915b5d658700e8e78f4f445788900a2b89cdcdbef3407375b4131fb04 SHA512 e69ddee956f0922c8e08e7e5d358d6b5b24178a9f08151b20957cc3465baaba9ecd6aa938ae157f2cd286ccd7f0b7a279cfd89cec2393a00b43e4d945c275307 DIST ipset-7.17.tar.bz2 684983 BLAKE2B 43b74ab7caf5a963787184aa75b6c071388c8d28997681444b72118aba68b843e961b50418c3fa70b451b4cb090ec62940b770abac2156910442115edbf90d41 SHA512 e308a0d7707ccf7d0cb06a32cf9a822f97862e007abdbab8a91a5a0d5bfbd9f2fb9a3f5e8f36b250ec0d565438c8648a31e8e5b45d8205a76558e90f46e6e597 diff --git a/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch deleted file mode 100644 index b10ddbd4fae0..000000000000 --- a/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -46,7 +46,7 @@ EXTRA_libipset_la_SOURCES = \ - - EXTRA_DIST = $(IPSET_SETTYPE_LIST) libipset.map - --pkgconfigdir = $(libdir)/pkgconfig -+pkgconfigdir = $(prefix)/$(libdir)/pkgconfig - pkgconfig_DATA = libipset.pc - - dist_man_MANS = libipset.3 diff --git a/net-firewall/ipset/ipset-7.15.ebuild b/net-firewall/ipset/ipset-7.15.ebuild deleted file mode 100644 index fad8d3142d3b..000000000000 --- a/net-firewall/ipset/ipset-7.15.ebuild +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" -MODULES_OPTIONAL_USE=modules -inherit autotools linux-info linux-mod systemd - -DESCRIPTION="IPset tool for iptables, successor to ippool" -HOMEPAGE="https://ipset.netfilter.org/" -SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ppc ppc64 ~riscv x86" - -BDEPEND="virtual/pkgconfig" - -RDEPEND=">=net-firewall/iptables-1.4.7 - net-libs/libmnl:=" -DEPEND="${RDEPEND}" - -DOCS=( ChangeLog INSTALL README UPGRADE ) - -PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch ) - -# configurable from outside, e.g. /etc/portage/make.conf -IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} - -BUILD_TARGETS="modules" -MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" -MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" -MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)" -for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do - MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" -done - -pkg_setup() { - get_version - CONFIG_CHECK="NETFILTER" - ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." - CONFIG_CHECK+=" NETFILTER_NETLINK" - ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel." - # It does still build without NET_NS, but it may be needed in future. - #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" - #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." - CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" - ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" - - build_modules=0 - if use modules; then - if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then - if linux_chkconfig_present "IP_NF_SET" || \ - linux_chkconfig_present "IP_SET"; then #274577 - eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." - eerror "Please either build ipset with modules USE flag disabled" - eerror "or rebuild kernel without IP_SET support and make sure" - eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." - die "USE=modules and in-kernel ipset support detected." - else - einfo "Modular kernel detected. Gonna build kernel modules..." - build_modules=1 - fi - else - eerror "Nonmodular kernel detected, but USE=modules. Either build" - eerror "modular kernel (without IP_SET) or disable USE=modules" - die "Nonmodular kernel detected, will not build kernel modules" - fi - fi - [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup -} - -src_prepare() { - default - - eautoreconf -} - -src_configure() { - econf \ - $(use_with modules kmod) \ - --disable-static \ - --with-maxsets=${IP_NF_SET_MAX} \ - --libdir="${EPREFIX}/$(get_libdir)" \ - --with-ksource="${KV_DIR}" \ - --with-kbuild="${KV_OUT_DIR}" -} - -src_compile() { - einfo "Building userspace" - emake - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Building kernel modules" - set_arch_to_kernel - emake modules - fi -} - -src_install() { - einfo "Installing userspace" - default - - find "${ED}" -name '*.la' -delete || die - - newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} - newconfd "${FILESDIR}"/ipset.confd ${PN} - systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service - keepdir /var/lib/ipset - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Installing kernel modules" - linux-mod_src_install - fi -} diff --git a/net-firewall/ipset/ipset-7.16-r1.ebuild b/net-firewall/ipset/ipset-7.16-r1.ebuild deleted file mode 100644 index 0954044f712d..000000000000 --- a/net-firewall/ipset/ipset-7.16-r1.ebuild +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MODULES_OPTIONAL_USE=modules -inherit autotools bash-completion-r1 linux-info linux-mod systemd - -DESCRIPTION="IPset tool for iptables, successor to ippool" -HOMEPAGE="https://ipset.netfilter.org/" -SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86" - -RDEPEND=" - >=net-firewall/iptables-1.4.7 - net-libs/libmnl:= -" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig" - -DOCS=( ChangeLog INSTALL README UPGRADE ) - -PATCHES=( - "${FILESDIR}"/${PN}-7.16-bashism.patch -) - -# configurable from outside, e.g. /etc/portage/make.conf -IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} - -BUILD_TARGETS="modules" -MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" -MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" -MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)" -for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do - MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" -done - -pkg_setup() { - get_version - CONFIG_CHECK="NETFILTER" - ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." - CONFIG_CHECK+=" NETFILTER_NETLINK" - ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel." - # It does still build without NET_NS, but it may be needed in future. - #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" - #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." - CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" - ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" - - build_modules=0 - if use modules; then - if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then - if linux_chkconfig_present "IP_NF_SET" || \ - linux_chkconfig_present "IP_SET"; then #274577 - eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." - eerror "Please either build ipset with modules USE flag disabled" - eerror "or rebuild kernel without IP_SET support and make sure" - eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." - die "USE=modules and in-kernel ipset support detected." - else - einfo "Modular kernel detected. Gonna build kernel modules..." - build_modules=1 - fi - else - eerror "Nonmodular kernel detected, but USE=modules. Either build" - eerror "modular kernel (without IP_SET) or disable USE=modules" - die "Nonmodular kernel detected, will not build kernel modules" - fi - fi - [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup -} - -src_prepare() { - default - - eautoreconf -} - -src_configure() { - export bashcompdir="$(get_bashcompdir)" - - econf \ - --enable-bashcompl \ - $(use_with modules kmod) \ - --with-maxsets=${IP_NF_SET_MAX} \ - --with-ksource="${KV_DIR}" \ - --with-kbuild="${KV_OUT_DIR}" -} - -src_compile() { - einfo "Building userspace" - emake - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Building kernel modules" - set_arch_to_kernel - emake modules - fi -} - -src_install() { - einfo "Installing userspace" - default - - find "${ED}" -name '*.la' -delete || die - - newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} - newconfd "${FILESDIR}"/ipset.confd ${PN} - systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service - keepdir /var/lib/ipset - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Installing kernel modules" - linux-mod_src_install - fi -} diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index 2d752595dfcf..61843826524a 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -1,6 +1,2 @@ -DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b43b7f4f9bff9f7fb46928c6c7eee5a6f07150c404f7cf42f5a1d2e980860a4dd2589b99773179e019a093c42cfa SHA512 51cbf10579db7eed58f4358044840f2ce1bffe84533c5fb03e0ebcc702970856455576ac793169c94d38a9f8148e33631ad91444e54a8be189d93af7c27feb9a -DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511 -DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472bf0349a59d0e377f1d44efc870df3449d6f2dc9a198f2e396e5d73b19532dac498e832083ca8cf65cc78db9ccd4 SHA512 afe08381acd27d39cc94743190b07c579f8c49c4182c9b8753d5b3a0b7d1fe89ed664fdbc19cef1547c3ca4a0c1e32ca4303dba9ec626272fa08c77e88c11119 -DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93 DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116 DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768 diff --git a/net-firewall/nftables/nftables-1.0.5-r1.ebuild b/net-firewall/nftables/nftables-1.0.5-r1.ebuild deleted file mode 100644 index 232290e36198..000000000000 --- a/net-firewall/nftables/nftables-1.0.5-r1.ebuild +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_OPTIONAL=1 -PYTHON_COMPAT=( python3_{9..11} ) -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc -inherit edo linux-info distutils-r1 systemd verify-sig - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" - -if [[ ${PV} =~ ^[9]{4,}$ ]]; then - inherit autotools git-r3 - EGIT_REPO_URI="https://git.netfilter.org/${PN}" - BDEPEND="sys-devel/bison" -else - SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2 - verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )" - KEYWORDS="amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86" - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )" -fi - -LICENSE="GPL-2" -SLOT="0/1" -IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=net-libs/libmnl-1.0.4:0= - >=net-libs/libnftnl-1.2.3:0= - gmp? ( dev-libs/gmp:= ) - json? ( dev-libs/jansson:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:= ) - xtables? ( >=net-firewall/iptables-1.6.1:= ) -" - -DEPEND="${RDEPEND}" - -BDEPEND+=" - sys-devel/flex - virtual/pkgconfig - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - python? ( ${PYTHON_DEPS} ) -" - -REQUIRED_USE=" - python? ( ${PYTHON_REQUIRED_USE} ) - libedit? ( !readline ) -" - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - if [[ ${PV} =~ ^[9]{4,}$ ]] ; then - eautoreconf - fi - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_prepare - popd >/dev/null || die - fi -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --disable-static - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with libedit cli editline) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_configure - popd >/dev/null || die - fi -} - -src_compile() { - default - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_compile - popd >/dev/null || die - fi -} - -src_test() { - emake check - - if [[ ${EUID} == 0 ]]; then - edo tests/shell/run-tests.sh -v - else - ewarn "Skipping shell tests (requires root)" - fi - - # Need to rig up Python eclass if using this, but it doesn't seem to work - # for me anyway. - #cd tests/py || die - #"${EPYTHON}" nft-test.py || die -} - -src_install() { - default - - if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then - pushd doc >/dev/null || die - doman *.? - popd >/dev/null || die - fi - - # Do it here instead of in src_prepare to avoid eautoreconf - # rmdir lets us catch if more files end up installed in /etc/nftables - dodir /usr/share/doc/${PF}/skels/ - mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die - rmdir "${ED}"/etc/nftables || die - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - pushd py >/dev/null || die - distutils-r1_src_install - popd >/dev/null || die - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_preinst() { - local stderr - - # There's a history of regressions with nftables upgrades. Perform a - # safety check to help us spot them earlier. For the check to pass, the - # currently loaded ruleset, if any, must be successfully evaluated by - # the newly built instance of nft(8). - if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then - # Either nftables isn't yet in use or nft(8) cannot be executed. - return - elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then - # Report errors induced by trying to list the ruleset but don't - # treat them as being fatal. - printf '%s\n' "${stderr}" >&2 - elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then - # Rulesets generated by iptables-nft are special in nature and - # will not always be printed in a way that constitutes a valid - # syntax for ntf(8). Ignore them. - return - elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then - eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" - eerror "nft. This probably means that there is a regression introduced by v${PV}." - eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" - if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then - die "Aborting because of failed nft reload!" - fi - fi -} - -pkg_postinst() { - local save_file - save_file="${EROOT}"/var/lib/nftables/rules-save - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - if has_version 'sys-apps/systemd'; then - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart" - elog "the nftables-restore service must be manually started in order to" - elog "save those rules on shutdown." - fi - - if has_version 'sys-apps/openrc'; then - elog "If you wish to enable the firewall rules on boot (on openrc) you" - elog "will need to enable the nftables service." - elog " 'rc-update add ${PN} default'" - elog - elog "If you are creating or updating the firewall rules and wish to save" - elog "them to be loaded on the next restart, use the \"save\" functionality" - elog "in the init script." - elog " 'rc-service ${PN} save'" - fi -} diff --git a/net-firewall/nftables/nftables-1.0.6-r1.ebuild b/net-firewall/nftables/nftables-1.0.6-r1.ebuild deleted file mode 100644 index 80c434c2fc43..000000000000 --- a/net-firewall/nftables/nftables-1.0.6-r1.ebuild +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_OPTIONAL=1 -PYTHON_COMPAT=( python3_{9..11} ) -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc -inherit edo linux-info distutils-r1 systemd verify-sig - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" - -if [[ ${PV} =~ ^[9]{4,}$ ]]; then - inherit autotools git-r3 - EGIT_REPO_URI="https://git.netfilter.org/${PN}" - BDEPEND="sys-devel/bison" -else - SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.xz - verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )" - KEYWORDS="amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86" - BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )" -fi - -LICENSE="GPL-2" -SLOT="0/1" -IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=net-libs/libmnl-1.0.4:= - >=net-libs/libnftnl-1.2.4:= - gmp? ( dev-libs/gmp:= ) - json? ( dev-libs/jansson:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:= ) - xtables? ( >=net-firewall/iptables-1.6.1:= ) -" - -DEPEND="${RDEPEND}" - -BDEPEND+=" - sys-devel/flex - virtual/pkgconfig - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - python? ( ${PYTHON_DEPS} ) -" - -REQUIRED_USE=" - python? ( ${PYTHON_REQUIRED_USE} ) - libedit? ( !readline ) -" - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - if [[ ${PV} =~ ^[9]{4,}$ ]] ; then - eautoreconf - fi - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_prepare - popd >/dev/null || die - fi -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --disable-static - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with libedit cli editline) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_configure - popd >/dev/null || die - fi -} - -src_compile() { - default - - if use python; then - pushd py >/dev/null || die - distutils-r1_src_compile - popd >/dev/null || die - fi -} - -src_test() { - emake check - - if [[ ${EUID} == 0 ]]; then - edo tests/shell/run-tests.sh -v - else - ewarn "Skipping shell tests (requires root)" - fi - - # Need to rig up Python eclass if using this, but it doesn't seem to work - # for me anyway. - #cd tests/py || die - #"${EPYTHON}" nft-test.py || die -} - -src_install() { - default - - if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then - pushd doc >/dev/null || die - doman *.? - popd >/dev/null || die - fi - - # Do it here instead of in src_prepare to avoid eautoreconf - # rmdir lets us catch if more files end up installed in /etc/nftables - dodir /usr/share/doc/${PF}/skels/ - mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die - rmdir "${ED}"/etc/nftables || die - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - pushd py >/dev/null || die - distutils-r1_src_install - popd >/dev/null || die - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_preinst() { - local stderr - - # There's a history of regressions with nftables upgrades. Perform a - # safety check to help us spot them earlier. For the check to pass, the - # currently loaded ruleset, if any, must be successfully evaluated by - # the newly built instance of nft(8). - if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then - # Either nftables isn't yet in use or nft(8) cannot be executed. - return - elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then - # Report errors induced by trying to list the ruleset but don't - # treat them as being fatal. - printf '%s\n' "${stderr}" >&2 - elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then - # Rulesets generated by iptables-nft are special in nature and - # will not always be printed in a way that constitutes a valid - # syntax for ntf(8). Ignore them. - return - elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then - eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of" - eerror "nft. This probably means that there is a regression introduced by v${PV}." - eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)" - if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then - die "Aborting because of failed nft reload!" - fi - fi -} - -pkg_postinst() { - local save_file - save_file="${EROOT}"/var/lib/nftables/rules-save - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - if has_version 'sys-apps/systemd'; then - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart" - elog "the nftables-restore service must be manually started in order to" - elog "save those rules on shutdown." - fi - - if has_version 'sys-apps/openrc'; then - elog "If you wish to enable the firewall rules on boot (on openrc) you" - elog "will need to enable the nftables service." - elog " 'rc-update add ${PN} default'" - elog - elog "If you are creating or updating the firewall rules and wish to save" - elog "them to be loaded on the next restart, use the \"save\" functionality" - elog "in the init script." - elog " 'rc-service ${PN} save'" - fi -} diff --git a/net-firewall/xtables-addons/Manifest b/net-firewall/xtables-addons/Manifest index 9c8d722015f1..25a662863be2 100644 --- a/net-firewall/xtables-addons/Manifest +++ b/net-firewall/xtables-addons/Manifest @@ -1,4 +1,2 @@ -DIST xtables-addons-3.20.tar.xz 333232 BLAKE2B bc6df6d6e56bd539dc649d312fe84a5fe9e4743d6b1f72f3b3bb4689cea91cef9051754d30e530fa3140b877a67b2f84490740e669993669a1ee515d0a434b8d SHA512 0a38c12159dd555a31f24dc5a74d012b27723925df827edffe2343f6b8e61e838b5dc4776bafe37587e9622b9da1e9cd4220e4f576d58e78eb21ad18a419fb2e -DIST xtables-addons-3.21.tar.xz 333160 BLAKE2B 5847955ff1e64543d278cfd0572ea10f0395297f87005c1310c7c213a774f4b88b6fd89e41798c549074d93a162e82b5a0c89c493f0f96021546570697860050 SHA512 5ec30a14f7dffcaa87bbeb910b46ef5ba3bafc4b6f0ce1579eb21ca6395106fa9157b300f463b43169ea85ec9ff0d9a5377cb5ebc2bb2f637e2a1fe9ff61728e DIST xtables-addons-3.23.tar.xz 335776 BLAKE2B 9251a2b9707d93dae294dda24bac4f08b69b44486a5235c248f0f64d0ccac78bd6978c98ad9f83de53da1af75d4788b56ce3285a44c738346560ecfc64f8565b SHA512 f798ad74db6068ee50cae662f3de331cbc8654f0ab2b1d59ce3f7818795213e771702078e495f526a212ce8b9ba7920c04670cd5fb3ff51e693bf0161d2e2486 DIST xtables-addons-3.24.tar.xz 335724 BLAKE2B c086616c0366346bd87813ae0fc561bdb8f892eecea19ef88c65afef5318ac6f75fec658e0c6595de5c620c965b2bd7f10e45ff3ec55ffb9ddf8e85643190e7e SHA512 08c3b87617e0124aef99a3953fc5e03e8d98be50ce70771e352509ec64263d5256f744489f10f39879630d9dc8d28f3c91173b4739c95bbd8d5ad56e33138eb4 diff --git a/net-firewall/xtables-addons/xtables-addons-3.20.ebuild b/net-firewall/xtables-addons/xtables-addons-3.20.ebuild deleted file mode 100644 index 5fac792216b8..000000000000 --- a/net-firewall/xtables-addons/xtables-addons-3.20.ebuild +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MODULES_OPTIONAL_USE=modules -MODULES_OPTIONAL_USE_IUSE_DEFAULT=1 -inherit linux-info linux-mod multilib toolchain-funcs - -DESCRIPTION="iptables extensions not yet accepted in the main kernel" -HOMEPAGE="https://inai.de/projects/xtables-addons/" -SRC_URI="https://inai.de/files/xtables-addons/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" - -MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq proto logmark ipmark echo dnetmap dhcpmac delude chaos account" - -for mod in ${MODULES}; do - IUSE="${IUSE} xtables_addons_${mod}" -done - -DEPEND=">=net-firewall/iptables-1.6.0" - -RDEPEND="${DEPEND} - xtables_addons_geoip? ( - app-arch/unzip - dev-perl/Net-CIDR-Lite - dev-perl/Text-CSV_XS - virtual/perl-Getopt-Long - ) -" - -DEPEND="${DEPEND} - virtual/linux-sources" - -SKIP_MODULES="" - -XA_check4internal_module() { - local mod=${1} - local version=${3} - local kconfigname=${3} - - if use xtables_addons_${mod} && kernel_is -gt ${version}; then - ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." - if ! linux_chkconfig_present ${kconfigname}; then - ewarn "Please enable ${kconfigname} target in your kernel - configuration or disable checksum module in ${PN}." - fi - # SKIP_MODULES in case we need to disable building of everything - # like having this USE disabled - SKIP_MODULES+=" ${mod}" - fi -} - -pkg_setup() { - if use modules; then - get_version - check_modules_supported - CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" - ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" - linux-mod_pkg_setup - - if ! linux_chkconfig_present IPV6; then - SKIP_IPV6_MODULES="ip6table_rawpost" - ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" - fi - kernel_is -lt 4 18 && die "${P} requires kernel version >= 4.18" - fi -} - -# Helper for maintainer: cheks if all possible MODULES are listed. -XA_qa_check() { - local all_modules - all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") - if [[ ${all_modules} != ${MODULES} ]]; then - ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." - ewarn "Please, update MODULES in ebuild." - ewarn "'${all_modules}'" - fi -} - -# Is there any use flag set? -XA_has_something_to_build() { - local mod - for mod in ${MODULES}; do - use xtables_addons_${mod} && return - done - - eerror "All modules are disabled. What do you want me to build?" - eerror "Please, set XTABLES_ADDONS to any combination of" - eerror "${MODULES}" - die "All modules are disabled." -} - -# Parse Kbuid files and generates list of sources -XA_get_module_name() { - [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." - local mod objdir build_mod sources_list - mod=${1} - objdir=${S}/extensions - # Take modules name from mconfig - build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") - # strip .o, = and everything before = and print - sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ - {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ - "${objdir}/Kbuild") - - if [[ -d ${S}/extensions/${sources_list} ]]; then - objdir=${S}/extensions/${sources_list} - sources_list=$(sed -n "/^obj-m/\ - {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ - "${objdir}/Kbuild") - fi - for mod_src in ${sources_list}; do - has ${mod_src} ${SKIP_IPV6_MODULES} || \ - echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" - done -} - -# Die on modules known to fail on certain kernel version. -XA_known_failure() { - local module_name=$1 - local KV_max=$2 - - if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then - eerror - eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above." - eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel." - eerror - die - fi -} - -src_prepare() { - XA_qa_check - XA_has_something_to_build - - # Bug #553630#c2. echo fails on linux-4 and above. - # This appears to be fixed, at least as of linux-4.2 - # XA_known_failure "echo" 4 - - local mod module_name - if use modules; then - MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" - fi - for mod in ${MODULES}; do - if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then - sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die - if use modules; then - for module_name in $(XA_get_module_name ${mod}); do - MODULE_NAMES+=" ${module_name}" - done - fi - else - sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die - fi - done - einfo "${MODULE_NAMES}" # for debugging - - sed -e 's/depmod -a/true/' -i Makefile.in || die - sed -e '/^all-local:/{s: modules::}' \ - -e '/^install-exec-local:/{s: modules_install::}' \ - -i extensions/Makefile.in || die - - use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in - - eapply_user -} - -src_configure() { - set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile - econf --prefix="${EPREFIX}/" \ - --libexecdir="${EPREFIX}/$(get_libdir)/" \ - --with-kbuild="${KV_OUT_DIR}" -} - -src_compile() { - emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 - use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile -} - -src_install() { - emake DESTDIR="${D}" install - use modules && linux-mod_src_install - dodoc -r README doc/* - find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' -} diff --git a/net-firewall/xtables-addons/xtables-addons-3.21.ebuild b/net-firewall/xtables-addons/xtables-addons-3.21.ebuild deleted file mode 100644 index e038cfe9ce4f..000000000000 --- a/net-firewall/xtables-addons/xtables-addons-3.21.ebuild +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MODULES_OPTIONAL_USE=modules -MODULES_OPTIONAL_USE_IUSE_DEFAULT=1 -inherit linux-info linux-mod multilib toolchain-funcs - -DESCRIPTION="iptables extensions not yet accepted in the main kernel" -HOMEPAGE="https://inai.de/projects/xtables-addons/" -SRC_URI="https://inai.de/files/xtables-addons/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" - -MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq proto logmark ipmark echo dnetmap dhcpmac delude chaos account" - -for mod in ${MODULES}; do - IUSE="${IUSE} xtables_addons_${mod}" -done - -DEPEND=">=net-firewall/iptables-1.6.0" - -RDEPEND="${DEPEND} - xtables_addons_geoip? ( - app-arch/unzip - dev-perl/Net-CIDR-Lite - dev-perl/Text-CSV_XS - virtual/perl-Getopt-Long - ) -" - -DEPEND="${DEPEND} - virtual/linux-sources" - -SKIP_MODULES="" - -XA_check4internal_module() { - local mod=${1} - local version=${3} - local kconfigname=${3} - - if use xtables_addons_${mod} && kernel_is -gt ${version}; then - ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." - if ! linux_chkconfig_present ${kconfigname}; then - ewarn "Please enable ${kconfigname} target in your kernel - configuration or disable checksum module in ${PN}." - fi - # SKIP_MODULES in case we need to disable building of everything - # like having this USE disabled - SKIP_MODULES+=" ${mod}" - fi -} - -pkg_setup() { - if use modules; then - get_version - check_modules_supported - CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" - ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" - linux-mod_pkg_setup - - if ! linux_chkconfig_present IPV6; then - SKIP_IPV6_MODULES="ip6table_rawpost" - ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" - fi - kernel_is -lt 4 18 && die "${P} requires kernel version >= 4.18" - fi -} - -# Helper for maintainer: cheks if all possible MODULES are listed. -XA_qa_check() { - local all_modules - all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") - if [[ ${all_modules} != ${MODULES} ]]; then - ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." - ewarn "Please, update MODULES in ebuild." - ewarn "'${all_modules}'" - fi -} - -# Is there any use flag set? -XA_has_something_to_build() { - local mod - for mod in ${MODULES}; do - use xtables_addons_${mod} && return - done - - eerror "All modules are disabled. What do you want me to build?" - eerror "Please, set XTABLES_ADDONS to any combination of" - eerror "${MODULES}" - die "All modules are disabled." -} - -# Parse Kbuid files and generates list of sources -XA_get_module_name() { - [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." - local mod objdir build_mod sources_list - mod=${1} - objdir=${S}/extensions - # Take modules name from mconfig - build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") - # strip .o, = and everything before = and print - sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ - {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ - "${objdir}/Kbuild") - - if [[ -d ${S}/extensions/${sources_list} ]]; then - objdir=${S}/extensions/${sources_list} - sources_list=$(sed -n "/^obj-m/\ - {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ - "${objdir}/Kbuild") - fi - for mod_src in ${sources_list}; do - has ${mod_src} ${SKIP_IPV6_MODULES} || \ - echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" - done -} - -# Die on modules known to fail on certain kernel version. -XA_known_failure() { - local module_name=$1 - local KV_max=$2 - - if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then - eerror - eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above." - eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel." - eerror - die - fi -} - -src_prepare() { - XA_qa_check - XA_has_something_to_build - - # Bug #553630#c2. echo fails on linux-4 and above. - # This appears to be fixed, at least as of linux-4.2 - # XA_known_failure "echo" 4 - - local mod module_name - if use modules; then - MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" - fi - for mod in ${MODULES}; do - if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then - sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die - if use modules; then - for module_name in $(XA_get_module_name ${mod}); do - MODULE_NAMES+=" ${module_name}" - done - fi - else - sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die - fi - done - einfo "${MODULE_NAMES}" # for debugging - - sed -e 's/depmod -a/true/' -i Makefile.in || die - sed -e '/^all-local:/{s: modules::}' \ - -e '/^install-exec-local:/{s: modules_install::}' \ - -i extensions/Makefile.in || die - - use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in - - eapply_user -} - -src_configure() { - set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile - econf --prefix="${EPREFIX}/" \ - --libexecdir="${EPREFIX}/$(get_libdir)/" \ - --with-kbuild="${KV_OUT_DIR}" -} - -src_compile() { - emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 - use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile -} - -src_install() { - emake DESTDIR="${D}" install - use modules && linux-mod_src_install - dodoc -r README.rst doc/* - find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' -} |