From: "Aric Belsito" <lluixhi@gmail.com>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/musl:master commit in: net-firewall/iptables/, net-firewall/iptables/files/, ...
Date: Sun, 27 Nov 2016 00:17:45 +0000 (UTC) [thread overview]
Message-ID: <1480205712.0b6cfad274a8bb1c47599cee1ee4482d64626ecc.lluixhi@gentoo> (raw)
commit: 0b6cfad274a8bb1c47599cee1ee4482d64626ecc
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sun Nov 27 00:15:12 2016 +0000
Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sun Nov 27 00:15:12 2016 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0b6cfad2
net-firewall/iptables: Add 1.6.0-r1
Sync with upstream
Drop r99 postfix
Remove some lines in the patch that don't break the build.
net-firewall/iptables/Manifest | 16 +++---
.../iptables/files/iptables-1.4.13-r1.init | 2 +-
.../iptables/files/iptables-1.4.21-musl.patch | 60 ----------------------
.../iptables/files/iptables-1.6.0-musl.patch | 38 ++++++++++++++
.../{iptables-1.4.13-r1.init => iptables.init} | 16 +++---
.../files/systemd/ip6tables-restore.service | 4 +-
.../files/systemd/iptables-restore.service | 4 +-
...1.4.21-r99.ebuild => iptables-1.4.21-r1.ebuild} | 10 ++--
...-1.4.21-r99.ebuild => iptables-1.6.0-r1.ebuild} | 42 +++++++++++----
net-firewall/iptables/metadata.xml | 3 ++
10 files changed, 102 insertions(+), 93 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 00a5c0c..408f0d2 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,13 +1,17 @@
AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10
-AUX iptables-1.4.13-r1.init 2772 SHA256 e8f75993729bc559b82cde4d978bcd3b5527069ea94190a3bea2da12a2e907d6 SHA512 c87eed9ae2a1cee9782ddc2c20b5a2644e571d20f25eab76831d5cbb185d18b7d078599e2fac8dac7945674c3af19d00220fa1e2c2053e415cb5c83fcfdf4d8a WHIRLPOOL 889bf1164b67f9f8d8dd96ea3f6c1b4542ea87afa4e74040d43cd488d13c6dc3672ecb2058699a60d7d0bf34c82b452d6f80fc815d85d7ae20c8dbb7ae99ba2f
+AUX iptables-1.4.13-r1.init 2773 SHA256 eca52b98f6d7cc0f74ad2ba65f3a4ea96a0a46424ddab321928c4e82ebf1f5aa SHA512 4e5b555dc32d8358c5a15f50d573c6581c5dc1a726976a46739f13f8f2e0a2524dc6e8faa41d38665cb9068cdfe1785bc91f34104a3bcb0078ad3b1451a418e1 WHIRLPOOL d823437736fcabf54605b7ddbee2c898bb7315cb05f536565714798dea36d66c5141dc4a4dc4a5cff75323f6b09eb361dcd635bc228d8dba4923d5d5159cf779
AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b
-AUX iptables-1.4.21-musl.patch 3947 SHA256 1d5fbdcb4752c480a4198a0188b067352fdd6b99a221de18ab8a106a5b115ee0 SHA512 6fc3c0c29da8f767892b1022e659f341c2ff97bc83a70b4b19fffe3b7385cd4879fe53e9630a6ec9f9449f3b5b20d34a060c4af0c5f186829069da0d075c9dfe WHIRLPOOL f6fe339c790fdfd5de544cc0791b775df2a2c486b7c4b2092ee2cd400874ddb53677abcd5c74022c2dc7079e919890e7da6d481a240b5396bd38162681ce7f54
-AUX systemd/ip6tables-restore.service 395 SHA256 679ba8327bf037e991ff07d8cf910009c67026b0faf8112d75c945b64f4b64de SHA512 e41f7bc55b2b58452b993ccb42014b5bc2701aeeef46eee845a2b016b334299ff4e6d11ba22f3aaff47195f1049dc7fd4be41a7055911420230107b1ee4c6ba3 WHIRLPOOL 232d90f8591358fe853c8c4b569b2825ba02ced59d390232a7f7fb535e3bfbbcb70972938506cbead5e6b57845310f5a91c1fd225898f185cffb96ba7d4d97f3
+AUX iptables-1.4.21-musl.patch 2165 SHA256 1f202ca1f6549af674a7a8300376ca2c451aba5dc1a3203a799ab4c1e6fc7c76 SHA512 1460408bc9a3e08d65a2cf208badb55f927974ae8b364b16f20b15c788fab1720ea55b4d1f3d61f3fb8adcfe8f748dbd817b1ed0d9f2ca9f8be94d585980af0f WHIRLPOOL 05d0254a60872dcb1a767d503c784eca534cf66c71bf448f1863e0b88c753eece249a5b56e57f7e2abf5d1fdf14a6f53e55d045b8af2770ca292482dbf877513
+AUX iptables-1.6.0-musl.patch 1192 SHA256 c1c18e1ba5294af84c9cd8a24648c20486355ed2d27f7c5b0042ea33e131a613 SHA512 abcba22aeab80ac59ca6a5293dd88c258bfa03ca46ad3d83f1298f7f019a1e6fdadf5debf6c7129c4a401af58684658a4b0e5dbfb9336b66975c0865927a434b WHIRLPOOL 53fe9b560b60a1a24cba51f03a7b597a7939eb9d80d0f4629d9c0177dd34cbefbf471dceaef591ff67d4cfe5e73993ea4625f8225e35bae3ad9b3f29b6f21ed8
+AUX iptables.init 2794 SHA256 9e83a7dae3a75a4fd58721cf8df2888c661af9e32e478a59a2507d234bd3d95f SHA512 0fccbdd6152ff422d86bab82eea1ddd09f554107f1eab9423e5703ab805930394086ad52717241d767f9793d3e1b4accf7c9539c9431020610711ca5313d9a16 WHIRLPOOL 65a108a045910c97c7d76bf351c4283e9dc19771f54c632351063785251589aeb302ee04b58910e3faf18ee4af208396fc6af69e692b9e3806de394094bbc554
+AUX systemd/ip6tables-restore.service 398 SHA256 611fb01a539f421a06d443ac5bec4ee412699021bb8f99bcc52056b825b72baa SHA512 4df4f73b14e123c463003656631d1affa431f722c9f598cdde6a63a531432aa3f97635b32c59aa2e1ddc4b45f500169c88da1c055fccac6c8ce89db23d015a7a WHIRLPOOL eabe0338f58a300ea53c15e09e35f8c1eb10ac9574213fbe30aff75eb350eaa676f0c927a14e24e7b2eaad6b69124645ff0df995204e65f2a23f0bc00d5d2e1c
AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6
AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0
-AUX systemd/iptables-restore.service 391 SHA256 ace3b2085700bde96f0597e8c6f3b8524c28d4f9b6c924deb09b164a5b8e979c SHA512 222a088d487f8e5c199aec4a3619f8c8ee620ffca13c35fd3da8daf926db25fa5203226a6f4a2c426622d935ffd57c02ad4ff5edbca922f8168e29fc3e52c516 WHIRLPOOL 507cfef3650fcce3a17d56edfb39110d08397bbd96c88cb21c2cdb74c69b920142f0f68f71312ae7a6013057e0ab500546a0075806dd424fc85b9aebdb76b5f4
+AUX systemd/iptables-restore.service 394 SHA256 611debe959039341f2ee93c276290046365622e4a168c98a9f39684bee9565de SHA512 f0d042b487beaaa0dab0884ccb12c1cb63f9f5949b58187dcd4fcdb28a5b9874fd7b9cc8c14862f8a311a6e4016e2472edc51a776904c9940e1280da7dd3c01b WHIRLPOOL 8fc540b450347ea78e56d03591be2d22bbccadbe65dfe021c23231f9efcda3405d5555a6d5b93f38fbf5cc16855d397da104a873a5dd0fa01270d3b542f9403d
AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db
AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3
DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200
-EBUILD iptables-1.4.21-r99.ebuild 2312 SHA256 755030496807570ff3360caa6af8fd21532eda2f67aa6b7de083946f50bac6ee SHA512 460a070319b983cb15ed291beec759e88f3571bfdd1d4f864419593b3cc9cb7940cee086e343b24188020450438fc36a29ca216598b5f67c52c1d1f14588fcb9 WHIRLPOOL d96e8d68f566f5da874606b730cdf2e9ce22a76d28e231a765dc3af17739ab0503e0e5b13af883cdc8ae323d660ddabb194c38b2684d5d0e168d5eebbc6bcba4
-MISC metadata.xml 1158 SHA256 7e9055478930c0b06aa6c9660c59cf250b8dd9ee5e3062c9cf05e521a24655ea SHA512 50a5daa8a84ce9a79e26af31bbb4b3786f0449e11399e7759472d86a895d935a84c0476c7fd7c3c91e7d2aada86979b783153dbd2b27fb3d8a5eaafef84ddfd9 WHIRLPOOL 94c5a196bb01e1d19b42f092d27920687bfbd9efd620e902a531fe95b239b7429002fffbf201fdc65c6efa86988d97dbd8ee273238177c4b27274b82eb8c6a31
+DIST iptables-1.6.0.tar.bz2 608288 SHA256 4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60 SHA512 60360910db76e3265fb7b6456a55b91708263bde9c4e5b9cadf3832d2e2a9db3e6cb60c82e278ea0672618bd5c9566c374e00d19d35a2e8f330116c3ab6aaf51 WHIRLPOOL e5ab2398b0650883d31ea144777a6b00904a4e02434f0420037aa54cfc5e47359b95604e945ae3a1abbf3037c37aea2143d3a5457a500e12f1c1139b11655015
+EBUILD iptables-1.4.21-r1.ebuild 2484 SHA256 a0b493d89bb704f35e835d8fffd1d73ea8528cfaac3f7288e9b7fc9e3b63e0ae SHA512 8145a17bbcccca9aab848150f4068589f2a67562654dd5923ddce6cfdb1f1488027c9d1db878d0d6c5993e9dab1023a7a57ec28c62c924a78cce99d2380bfc67 WHIRLPOOL ca1591bfe3908d020a38c89085b92b2e5483e83f48e0579aeb897d6ff0af1f52e4f786fe600e704aa131015e978061a1376a98030b52940285b773aaac203d7d
+EBUILD iptables-1.6.0-r1.ebuild 3159 SHA256 71a6c1db9fabdc44348bd76e1253c69df7bc658f7148eaf230b2952311ddfb22 SHA512 facfb6d9c6f03a3f04f6f0e32149bb6b90034c7d90aa97624f0326036b10694f85dfa9da61e26be83c7ab2bb6fcdc17d26bee246751f6f1a0c414980a3f5ceee WHIRLPOOL 6a53d4b6685e0178ea9035f52f1e84044beecfce3795c725c53cb5310ac047236a52e96e1e005ae62016969f2c4efec0fb49cf1983cc0f29d53b0f2fc819d8e1
+MISC metadata.xml 1450 SHA256 12a59ccb10431b7760a10a4421f05fd3763eb14c91d27239f04d9bcacec548ab SHA512 3cd157fddc3a2aeca4ba563509b021ae52f02e23a721488eaf47b2aa701e6fee5ab8432603ca9999e6854b4d8a69950cf1a156104ee5db35f9232302326601f1 WHIRLPOOL 4d48988fd6ec8b53a643206c939789a773ab59253506c4659b83f7d563bd558924845dd04bb03702dff160cc49f72a319fa68b7e1e49988022270eeac7cfe82c
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init
index 440e840..56d2a70 100644
--- a/net-firewall/iptables/files/iptables-1.4.13-r1.init
+++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init
@@ -1,4 +1,4 @@
-#!/sbin/runscript
+#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
diff --git a/net-firewall/iptables/files/iptables-1.4.21-musl.patch b/net-firewall/iptables/files/iptables-1.4.21-musl.patch
index 286ea87..f6ad3c7 100644
--- a/net-firewall/iptables/files/iptables-1.4.21-musl.patch
+++ b/net-firewall/iptables/files/iptables-1.4.21-musl.patch
@@ -74,63 +74,3 @@ diff -ru a/iptables-1.4.21/include/linux/netfilter_ipv4/ip_tables.h b/iptables-1
#include <linux/netfilter_ipv4.h>
-diff -ru a/iptables-1.4.21/iptables/ip6tables-restore.c b/iptables-1.4.21/iptables/ip6tables-restore.c
---- a/iptables-1.4.21/iptables/ip6tables-restore.c
-+++ b/iptables-1.4.21/iptables/ip6tables-restore.c
-@@ -9,7 +9,7 @@
- */
-
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdbool.h>
- #include <string.h>
- #include <stdio.h>
-diff -ru a/iptables-1.4.21/iptables/ip6tables-save.c b/iptables-1.4.21/iptables/ip6tables-save.c
---- a/iptables-1.4.21/iptables/ip6tables-save.c
-+++ b/iptables-1.4.21/iptables/ip6tables-save.c
-@@ -6,7 +6,7 @@
- * This code is distributed under the terms of GNU GPL v2
- */
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
- #include <stdlib.h>
-diff -ru a/iptables-1.4.21/iptables/iptables-restore.c b/iptables-1.4.21/iptables/iptables-restore.c
---- a/iptables-1.4.21/iptables/iptables-restore.c
-+++ b/iptables-1.4.21/iptables/iptables-restore.c
-@@ -6,7 +6,7 @@
- */
-
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdbool.h>
- #include <string.h>
- #include <stdio.h>
-diff -ru a/iptables-1.4.21/iptables/iptables-save.c b/iptables-1.4.21/iptables/iptables-save.c
---- a/iptables-1.4.21/iptables/iptables-save.c
-+++ b/iptables-1.4.21/iptables/iptables-save.c
-@@ -6,7 +6,7 @@
- *
- */
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
- #include <stdlib.h>
-diff -ru a/iptables-1.4.21/iptables/iptables-xml.c b/iptables-1.4.21/iptables/iptables-xml.c
---- a/iptables-1.4.21/iptables/iptables-xml.c
-+++ b/iptables-1.4.21/iptables/iptables-xml.c
-@@ -7,7 +7,7 @@
- */
-
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <string.h>
- #include <stdio.h>
- #include <stdlib.h>
diff --git a/net-firewall/iptables/files/iptables-1.6.0-musl.patch b/net-firewall/iptables/files/iptables-1.6.0-musl.patch
new file mode 100644
index 0000000..d5d99ad
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.6.0-musl.patch
@@ -0,0 +1,38 @@
+diff -Naurw iptables-1.6.0.orig/extensions/libip6t_ipv6header.c iptables-1.6.0/extensions/libip6t_ipv6header.c
+--- iptables-1.6.0.orig/extensions/libip6t_ipv6header.c 2015-12-09 04:55:06.000000000 -0800
++++ iptables-1.6.0/extensions/libip6t_ipv6header.c 2015-12-23 17:22:56.757094312 -0800
+@@ -10,6 +10,9 @@
+ #include <netdb.h>
+ #include <xtables.h>
+ #include <linux/netfilter_ipv6/ip6t_ipv6header.h>
++#ifndef IPPROTO_HOPOPTS
++# define IPPROTO_HOPOPTS 0
++#endif
+
+ enum {
+ O_HEADER = 0,
+diff -Naurw iptables-1.6.0.orig/extensions/libxt_TCPOPTSTRIP.c iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c
+--- iptables-1.6.0.orig/extensions/libxt_TCPOPTSTRIP.c 2015-12-09 04:55:06.000000000 -0800
++++ iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c 2015-12-23 17:21:50.463763843 -0800
+@@ -12,6 +12,21 @@
+ #ifndef TCPOPT_MD5SIG
+ # define TCPOPT_MD5SIG 19
+ #endif
++#ifndef TCPOPT_MAXSEG
++# define TCPOPT_MAXSEG 2
++#endif
++#ifndef TCPOPT_WINDOW
++# define TCPOPT_WINDOW 3
++#endif
++#ifndef TCPOPT_SACK_PERMITTED
++# define TCPOPT_SACK_PERMITTED 4
++#endif
++#ifndef TCPOPT_SACK
++# define TCPOPT_SACK 5
++#endif
++#ifndef TCPOPT_TIMESTAMP
++# define TCPOPT_TIMESTAMP 8
++#endif
+
+ enum {
+ O_STRIP_OPTION = 0,
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables.init
old mode 100644
new mode 100755
similarity index 90%
copy from net-firewall/iptables/files/iptables-1.4.13-r1.init
copy to net-firewall/iptables/files/iptables.init
index 440e840..de9f39f
--- a/net-firewall/iptables/files/iptables-1.4.13-r1.init
+++ b/net-firewall/iptables/files/iptables.init
@@ -1,4 +1,4 @@
-#!/sbin/runscript
+#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -35,7 +35,7 @@ set_table_policy() {
esac
local chain
for chain in ${chains} ; do
- ${iptables_bin} -t ${table} -P ${chain} ${policy}
+ ${iptables_bin} -w -t ${table} -P ${chain} ${policy}
done
}
@@ -73,8 +73,8 @@ stop() {
for a in $(cat ${iptables_proc}) ; do
set_table_policy $a ACCEPT
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
done
eend $?
}
@@ -85,8 +85,8 @@ reload() {
ebegin "Flushing firewall"
local a
for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
done
eend $?
@@ -121,8 +121,8 @@ panic() {
local a
ebegin "Dropping all packets"
for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
set_table_policy $a DROP
done
diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service
index 88415fa..c149e92 100644
--- a/net-firewall/iptables/files/systemd/ip6tables-restore.service
+++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service
@@ -3,8 +3,8 @@ Description=Restore ip6tables firewall rules
# if both are queued for some reason, don't store before restoring :)
Before=ip6tables-store.service
# sounds reasonable to have firewall up before any of the services go up
-Before=network.target
-Conflicts=shutdown.target
+Before=network-pre.target
+Wants=network-pre.target
[Service]
Type=oneshot
diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service
index 9d568d7..2474ee3 100644
--- a/net-firewall/iptables/files/systemd/iptables-restore.service
+++ b/net-firewall/iptables/files/systemd/iptables-restore.service
@@ -3,8 +3,8 @@ Description=Restore iptables firewall rules
# if both are queued for some reason, don't store before restoring :)
Before=iptables-store.service
# sounds reasonable to have firewall up before any of the services go up
-Before=network.target
-Conflicts=shutdown.target
+Before=network-pre.target
+Wants=network-pre.target
[Service]
Type=oneshot
diff --git a/net-firewall/iptables/iptables-1.4.21-r99.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
similarity index 87%
copy from net-firewall/iptables/iptables-1.4.21-r99.ebuild
copy to net-firewall/iptables/iptables-1.4.21-r1.ebuild
index b024219..b680012 100644
--- a/net-firewall/iptables/iptables-1.4.21-r99.ebuild
+++ b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -15,10 +15,11 @@ SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="amd64 arm ~mips ppc x86"
-IUSE="ipv6 netlink static-libs"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="conntrack ipv6 netlink static-libs"
RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
netlink? ( net-libs/libnfnetlink )
"
DEPEND="${RDEPEND}
@@ -42,6 +43,7 @@ src_configure() {
sed -i \
-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
configure || die
econf \
@@ -87,7 +89,7 @@ src_install() {
systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
fi
- # Move important libs to /lib
+ # Move important libs to /lib #332175
gen_usr_ldscript -a ip{4,6}tc iptc xtables
prune_libtool_files
diff --git a/net-firewall/iptables/iptables-1.4.21-r99.ebuild b/net-firewall/iptables/iptables-1.6.0-r1.ebuild
similarity index 58%
rename from net-firewall/iptables/iptables-1.4.21-r99.ebuild
rename to net-firewall/iptables/iptables-1.6.0-r1.ebuild
index b024219..16d079a 100644
--- a/net-firewall/iptables/iptables-1.4.21-r99.ebuild
+++ b/net-firewall/iptables/iptables-1.6.0-r1.ebuild
@@ -7,30 +7,43 @@ EAPI="5"
# Force users doing their own patches to install their own tools
AUTOTOOLS_AUTO_DEPEND=no
-inherit eutils multilib systemd toolchain-funcs autotools
+inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.netfilter.org/projects/iptables/"
SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm ~mips ppc x86"
-IUSE="ipv6 netlink static-libs"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT="0/11"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0
+ >=net-libs/libnftnl-1.0.5
+ )
+ pcap? ( net-libs/libpcap )
"
DEPEND="${RDEPEND}
virtual/os-headers
virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
"
src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
- epatch ${FILESDIR}/${P}-musl.patch
+ # Fix for MUSL
+ epatch "${FILESDIR}"/${P}-musl.patch
# Only run autotools if user patched something
epatch_user && eautoreconf || elibtoolize
@@ -40,8 +53,12 @@ src_configure() {
# Some libs use $(AR) rather than libtool to build #444282
tc-export AR
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
sed -i \
-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
configure || die
econf \
@@ -49,11 +66,16 @@ src_configure() {
--libexecdir="${EPREFIX}/$(get_libdir)" \
--enable-devel \
--enable-shared \
+ $(use_enable nftables) \
+ $(use_enable pcap bpf-compiler) \
+ $(use_enable pcap nfsynproxy) \
$(use_enable static-libs static) \
$(use_enable ipv6)
}
src_compile() {
+ # Deal with parallel build errors.
+ use nftables && emake -C iptables xtables-config-parser.h
emake V=1
}
@@ -74,20 +96,20 @@ src_install() {
doins include/iptables/internal.h
keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+ newinitd "${FILESDIR}"/${PN}.init iptables
newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+ newinitd "${FILESDIR}"/iptables.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
fi
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+ systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
fi
- # Move important libs to /lib
+ # Move important libs to /lib #332175
gen_usr_ldscript -a ip{4,6}tc iptc xtables
prune_libtool_files
diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml
index f57b4a4..92f454b 100644
--- a/net-firewall/iptables/metadata.xml
+++ b/net-firewall/iptables/metadata.xml
@@ -6,7 +6,10 @@
<name>Gentoo Base System</name>
</maintainer>
<use>
+ <flag name="conntrack">Build against <pkg>net-libs/libnetfilter_conntrack</pkg> when enables the connlabel matcher</flag>
<flag name="netlink">Build against libnfnetlink which enables the nfnl_osf util</flag>
+ <flag name="nftables">Support nftables kernel interface</flag>
+ <flag name="pcap">Build against <pkg>net-libs/libpcap</pkg> which enables the nfbpf_compile util</flag>
</use>
<longdescription>
iptables is the userspace command line program used to set up, maintain, and
reply other threads:[~2016-11-27 0:17 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1480205712.0b6cfad274a8bb1c47599cee1ee4482d64626ecc.lluixhi@gentoo \
--to=lluixhi@gmail.com \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox