[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/systemd/

[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/systemd/

[Jason Donenfeld]

commit:     1dbbd48205516f3d2e14dad349c06f23b182de40
Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 21 15:05:11 2018 +0000
Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Wed Feb 21 15:06:15 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dbbd482

net-firewall/iptables: pass -w to ip*tables-restore in systemd units

Otherwise one restore rule will prevent the other from working, and
nothing will get restored.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 net-firewall/iptables/files/systemd/ip6tables-restore.service           | 2 +-
 net-firewall/iptables/files/systemd/iptables-restore.service            | 2 +-
 .../iptables/{iptables-1.4.21-r4.ebuild => iptables-1.4.21-r5.ebuild}   | 2 +-
 .../iptables/{iptables-1.6.1-r2.ebuild => iptables-1.6.1-r3.ebuild}     | 0
 .../iptables/{iptables-1.6.2.ebuild => iptables-1.6.2-r1.ebuild}        | 0
 5 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service
index c149e92ba90..921b691296d 100644
--- a/net-firewall/iptables/files/systemd/ip6tables-restore.service
+++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service
@@ -8,7 +8,7 @@ Wants=network-pre.target
 
 [Service]
 Type=oneshot
-ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save
+ExecStart=/sbin/ip6tables-restore -w -- /var/lib/ip6tables/rules-save
 
 [Install]
 WantedBy=basic.target

diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service
index 2474ee3ec41..a9e56793548 100644
--- a/net-firewall/iptables/files/systemd/iptables-restore.service
+++ b/net-firewall/iptables/files/systemd/iptables-restore.service
@@ -8,7 +8,7 @@ Wants=network-pre.target
 
 [Service]
 Type=oneshot
-ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save
+ExecStart=/sbin/iptables-restore -w -- /var/lib/iptables/rules-save
 
 [Install]
 WantedBy=basic.target

diff --git a/net-firewall/iptables/iptables-1.4.21-r4.ebuild b/net-firewall/iptables/iptables-1.4.21-r5.ebuild
similarity index 98%
rename from net-firewall/iptables/iptables-1.4.21-r4.ebuild
rename to net-firewall/iptables/iptables-1.4.21-r5.ebuild
index b873bc7ffcf..7861dad2a4f 100644
--- a/net-firewall/iptables/iptables-1.4.21-r4.ebuild
+++ b/net-firewall/iptables/iptables-1.4.21-r5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="5"

diff --git a/net-firewall/iptables/iptables-1.6.1-r2.ebuild b/net-firewall/iptables/iptables-1.6.1-r3.ebuild
similarity index 100%
rename from net-firewall/iptables/iptables-1.6.1-r2.ebuild
rename to net-firewall/iptables/iptables-1.6.1-r3.ebuild

diff --git a/net-firewall/iptables/iptables-1.6.2.ebuild b/net-firewall/iptables/iptables-1.6.2-r1.ebuild
similarity index 100%
rename from net-firewall/iptables/iptables-1.6.2.ebuild
rename to net-firewall/iptables/iptables-1.6.2-r1.ebuild

[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/systemd/

[David Seifert]

commit:     aafab0c2e5ac2e13a1df49a6b3f2f122c1bd518d
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sun May  9 09:33:09 2021 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sun May  9 09:33:09 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aafab0c2

net-firewall/iptables: Remove old 1.8.5, 1.8.6

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: David Seifert <soap <AT> gentoo.org>

 net-firewall/iptables/Manifest                     |   2 -
 .../iptables/files/systemd/ip6tables.service       |   6 -
 .../iptables/files/systemd/iptables.service        |   6 -
 net-firewall/iptables/iptables-1.8.5.ebuild        | 179 ---------------------
 net-firewall/iptables/iptables-1.8.6.ebuild        | 179 ---------------------
 5 files changed, 372 deletions(-)

diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 2e92db50183..20be9ec24c2 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,3 +1 @@
-DIST iptables-1.8.5.tar.bz2 713769 BLAKE2B 49659fc2f1f284f31637048fa1e6edb4853e9bf6ac0b6ada5599a7af34a4449205b5eb6b85b630ce4757b49cf3f8ac9ad6220e07c2c22abb688a3aeb5cf99cd2 SHA512 6a6baa541bb7aa331b176e0a91894e0766859814b59e77c71351ac34d6ebd337487981db48c70e476a48c67bcf891cfc663221a7582feb1496ad1df56eb28da8
-DIST iptables-1.8.6.tar.bz2 715744 BLAKE2B 72167610b396054fe18c495d7a9e23051d217116074ee39198af989a3e50b9908cb75f42b9172d3cfd76343835386a78a2c51d1153ed5d219a6d68209e11dc9c SHA512 d06e4cddb69822c4618664a35877fc5811992936cade2040bb0e4eb25a4d879eadc7c84401c40fb39ffac7888568505adcb1cfe995cd166a15c702237daf6acf
 DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75

diff --git a/net-firewall/iptables/files/systemd/ip6tables.service b/net-firewall/iptables/files/systemd/ip6tables.service
deleted file mode 100644
index 0a6d7fa1c8a..00000000000
--- a/net-firewall/iptables/files/systemd/ip6tables.service
+++ /dev/null
@@ -1,6 +0,0 @@
-[Unit]
-Description=Store and restore ip6tables firewall rules
-
-[Install]
-Also=ip6tables-store.service
-Also=ip6tables-restore.service

diff --git a/net-firewall/iptables/files/systemd/iptables.service b/net-firewall/iptables/files/systemd/iptables.service
deleted file mode 100644
index 3643a3e3103..00000000000
--- a/net-firewall/iptables/files/systemd/iptables.service
+++ /dev/null
@@ -1,6 +0,0 @@
-[Unit]
-Description=Store and restore iptables firewall rules
-
-[Install]
-Also=iptables-store.service
-Also=iptables-restore.service

diff --git a/net-firewall/iptables/iptables-1.8.5.ebuild b/net-firewall/iptables/iptables-1.8.5.ebuild
deleted file mode 100644
index a6ba56cb354..00000000000
--- a/net-firewall/iptables/iptables-1.8.5.ebuild
+++ /dev/null
@@ -1,179 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-BUILD_DEPEND="
-	>=app-eselect/eselect-iptables-20200508
-"
-COMMON_DEPEND="
-	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
-	netlink? ( net-libs/libnfnetlink )
-	nftables? (
-		>=net-libs/libmnl-1.0:0=
-		>=net-libs/libnftnl-1.1.6:0=
-	)
-	pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
-	virtual/os-headers
-	>=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="${BUILD_DEPEND}
-	app-eselect/eselect-iptables
-	virtual/pkgconfig
-	nftables? (
-		sys-devel/flex
-		virtual/yacc
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	${BUILD_DEPEND}
-	nftables? ( net-misc/ethertypes )
-	!<net-firewall/ebtables-2.0.11-r1
-	!<net-firewall/arptables-0.0.5-r1
-"
-
-PATCHES=(
-	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
-	"${FILESDIR}/iptables-1.8.2-link.patch"
-)
-
-src_prepare() {
-	# use the saner headers from the kernel
-	rm include/linux/{kernel,types}.h || die
-
-	default
-	eautoreconf
-}
-
-src_configure() {
-	# Some libs use $(AR) rather than libtool to build #444282
-	tc-export AR
-
-	# Hack around struct mismatches between userland & kernel for some ABIs. #472388
-	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
-	sed -i \
-		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
-		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
-		configure || die
-
-	local myeconfargs=(
-		--sbindir="${EPREFIX}/sbin"
-		--libexecdir="${EPREFIX}/$(get_libdir)"
-		--enable-devel
-		--enable-shared
-		$(use_enable nftables)
-		$(use_enable pcap bpf-compiler)
-		$(use_enable pcap nfsynproxy)
-		$(use_enable static-libs static)
-		$(use_enable ipv6)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	emake V=1
-}
-
-src_install() {
-	default
-	dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
-	# all the iptables binaries are in /sbin, so might as well
-	# put these small files in with them
-	into /
-	dosbin iptables/iptables-apply
-	dosym iptables-apply /sbin/ip6tables-apply
-	doman iptables/iptables-apply.8
-
-	insinto /usr/include
-	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
-	insinto /usr/include/iptables
-	doins include/iptables/internal.h
-
-	keepdir /var/lib/iptables
-	newinitd "${FILESDIR}"/${PN}-r2.init iptables
-	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
-	if use ipv6 ; then
-		keepdir /var/lib/ip6tables
-		dosym iptables /etc/init.d/ip6tables
-		newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
-	fi
-
-	if use nftables; then
-		# Bug 647458
-		rm "${ED}"/etc/ethertypes || die
-
-		# Bugs 660886 and 669894
-		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
-	fi
-
-	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
-	if use ipv6 ; then
-		systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
-	fi
-
-	# Move important libs to /lib #332175
-	gen_usr_ldscript -a ip{4,6}tc xtables
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local default_iptables="xtables-legacy-multi"
-	if ! eselect iptables show &>/dev/null; then
-		elog "Current iptables implementation is unset, setting to ${default_iptables}"
-		eselect iptables set "${default_iptables}"
-	fi
-
-	if use nftables; then
-		local tables
-		for tables in {arp,eb}tables; do
-			if ! eselect ${tables} show &>/dev/null; then
-				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
-				eselect ${tables} set xtables-nft-multi
-			fi
-		done
-	fi
-
-	eselect iptables show
-}
-
-pkg_prerm() {
-	elog "Unsetting iptables symlinks before removal"
-	eselect iptables unset
-
-	if ! has_version 'net-firewall/ebtables'; then
-		elog "Unsetting ebtables symlinks before removal"
-		eselect ebtables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting ebtables symlinks to ebtables-legacy"
-		eselect ebtables set ebtables-legacy
-	fi
-
-	if ! has_version 'net-firewall/arptables'; then
-		elog "Unsetting arptables symlinks before removal"
-		eselect arptables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting arptables symlinks to arptables-legacy"
-		eselect arptables set arptables-legacy
-	fi
-
-	# the eselect module failing should not be fatal
-	return 0
-}

diff --git a/net-firewall/iptables/iptables-1.8.6.ebuild b/net-firewall/iptables/iptables-1.8.6.ebuild
deleted file mode 100644
index b496e8ccd7e..00000000000
--- a/net-firewall/iptables/iptables-1.8.6.ebuild
+++ /dev/null
@@ -1,179 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-BUILD_DEPEND="
-	>=app-eselect/eselect-iptables-20200508
-"
-COMMON_DEPEND="
-	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
-	netlink? ( net-libs/libnfnetlink )
-	nftables? (
-		>=net-libs/libmnl-1.0:0=
-		>=net-libs/libnftnl-1.1.6:0=
-	)
-	pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
-	virtual/os-headers
-	>=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="${BUILD_DEPEND}
-	app-eselect/eselect-iptables
-	virtual/pkgconfig
-	nftables? (
-		sys-devel/flex
-		virtual/yacc
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	${BUILD_DEPEND}
-	nftables? ( net-misc/ethertypes )
-	!<net-firewall/ebtables-2.0.11-r1
-	!<net-firewall/arptables-0.0.5-r1
-"
-
-PATCHES=(
-	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
-	"${FILESDIR}/iptables-1.8.2-link.patch"
-)
-
-src_prepare() {
-	# use the saner headers from the kernel
-	rm include/linux/{kernel,types}.h || die
-
-	default
-	eautoreconf
-}
-
-src_configure() {
-	# Some libs use $(AR) rather than libtool to build #444282
-	tc-export AR
-
-	# Hack around struct mismatches between userland & kernel for some ABIs. #472388
-	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
-	sed -i \
-		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
-		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
-		configure || die
-
-	local myeconfargs=(
-		--sbindir="${EPREFIX}/sbin"
-		--libexecdir="${EPREFIX}/$(get_libdir)"
-		--enable-devel
-		--enable-shared
-		$(use_enable nftables)
-		$(use_enable pcap bpf-compiler)
-		$(use_enable pcap nfsynproxy)
-		$(use_enable static-libs static)
-		$(use_enable ipv6)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	emake V=1
-}
-
-src_install() {
-	default
-	dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
-	# all the iptables binaries are in /sbin, so might as well
-	# put these small files in with them
-	into /
-	dosbin iptables/iptables-apply
-	dosym iptables-apply /sbin/ip6tables-apply
-	doman iptables/iptables-apply.8
-
-	insinto /usr/include
-	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
-	insinto /usr/include/iptables
-	doins include/iptables/internal.h
-
-	keepdir /var/lib/iptables
-	newinitd "${FILESDIR}"/${PN}-r2.init iptables
-	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
-	if use ipv6 ; then
-		keepdir /var/lib/ip6tables
-		dosym iptables /etc/init.d/ip6tables
-		newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
-	fi
-
-	if use nftables; then
-		# Bug 647458
-		rm "${ED}"/etc/ethertypes || die
-
-		# Bugs 660886 and 669894
-		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
-	fi
-
-	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
-	if use ipv6 ; then
-		systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
-	fi
-
-	# Move important libs to /lib #332175
-	gen_usr_ldscript -a ip{4,6}tc xtables
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local default_iptables="xtables-legacy-multi"
-	if ! eselect iptables show &>/dev/null; then
-		elog "Current iptables implementation is unset, setting to ${default_iptables}"
-		eselect iptables set "${default_iptables}"
-	fi
-
-	if use nftables; then
-		local tables
-		for tables in {arp,eb}tables; do
-			if ! eselect ${tables} show &>/dev/null; then
-				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
-				eselect ${tables} set xtables-nft-multi
-			fi
-		done
-	fi
-
-	eselect iptables show
-}
-
-pkg_prerm() {
-	elog "Unsetting iptables symlinks before removal"
-	eselect iptables unset
-
-	if ! has_version 'net-firewall/ebtables'; then
-		elog "Unsetting ebtables symlinks before removal"
-		eselect ebtables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting ebtables symlinks to ebtables-legacy"
-		eselect ebtables set ebtables-legacy
-	fi
-
-	if ! has_version 'net-firewall/arptables'; then
-		elog "Unsetting arptables symlinks before removal"
-		eselect arptables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting arptables symlinks to arptables-legacy"
-		eselect arptables set arptables-legacy
-	fi
-
-	# the eselect module failing should not be fatal
-	return 0
-}