From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1496383-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id DD34715A7D9
	for <garchives@archives.gentoo.org>; Wed, 15 Mar 2023 02:42:42 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id ED045E0867;
	Wed, 15 Mar 2023 02:42:41 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id BBBEDE0867
	for <gentoo-commits@lists.gentoo.org>; Wed, 15 Mar 2023 02:42:41 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 33953340CF2
	for <gentoo-commits@lists.gentoo.org>; Wed, 15 Mar 2023 02:42:40 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A4A5E7F9
	for <gentoo-commits@lists.gentoo.org>; Wed, 15 Mar 2023 02:42:38 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1678848105.9a223c82dd8cfd2b72e0e7135b2a773df79b9c78.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-firewall/nftables/Manifest net-firewall/nftables/nftables-1.0.7.ebuild net-firewall/nftables/nftables-9999.ebuild
X-VCS-Directories: net-firewall/nftables/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 9a223c82dd8cfd2b72e0e7135b2a773df79b9c78
X-VCS-Branch: master
Date: Wed, 15 Mar 2023 02:42:38 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 0a2d12e5-6601-4338-bf74-0c1281042fa6
X-Archives-Hash: b12ca5605013a3624fe33610d0585d07

commit:     9a223c82dd8cfd2b72e0e7135b2a773df79b9c78
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 15 02:41:30 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 15 02:41:45 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a223c82

net-firewall/nftables: add 1.0.7

Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-firewall/nftables/Manifest                         |  2 ++
 .../{nftables-9999.ebuild => nftables-1.0.7.ebuild}    | 18 ++++++++++++++++--
 net-firewall/nftables/nftables-9999.ebuild             | 18 ++++++++++++++++--
 3 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 3537caf064d6..2d752595dfcf 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -2,3 +2,5 @@ DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b
 DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511
 DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472bf0349a59d0e377f1d44efc870df3449d6f2dc9a198f2e396e5d73b19532dac498e832083ca8cf65cc78db9ccd4 SHA512 afe08381acd27d39cc94743190b07c579f8c49c4182c9b8753d5b3a0b7d1fe89ed664fdbc19cef1547c3ca4a0c1e32ca4303dba9ec626272fa08c77e88c11119
 DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93
+DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116
+DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768

diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-1.0.7.ebuild
similarity index 89%
copy from net-firewall/nftables/nftables-9999.ebuild
copy to net-firewall/nftables/nftables-1.0.7.ebuild
index f60144b1a850..f9713c4a95f6 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-1.0.7.ebuild
@@ -26,7 +26,8 @@ else
 	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
 fi
 
-LICENSE="GPL-2"
+# See COPYING: new code is GPL-2+, existing code is GPL-2
+LICENSE="GPL-2 GPL-2+"
 SLOT="0/1"
 IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
 RESTRICT="!test? ( test )"
@@ -167,10 +168,23 @@ src_install() {
 }
 
 pkg_preinst() {
+	local stderr
+
 	# There's a history of regressions with nftables upgrades. Add a safety
 	# check to help us spot them earlier.
 	if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
-		if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
+		# Check the current loaded ruleset, if any, using the newly
+		# built instance of nft(8).
+		if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+			# Report errors induced by trying to list the ruleset
+			# but don't treat them as being fatal.
+			printf '%s\n' "${stderr}" >&2
+		elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+			# Rulesets generated by iptables-nft are special in
+			# nature and will not always be printed in a way that
+			# constitutes a valid syntax for ntf(8). Ignore them.
+			return
+		elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then
 			eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
 			eerror "nft. This probably means that there is a regression introduced by v${PV}."
 			eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"

diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index f60144b1a850..f9713c4a95f6 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -26,7 +26,8 @@ else
 	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
 fi
 
-LICENSE="GPL-2"
+# See COPYING: new code is GPL-2+, existing code is GPL-2
+LICENSE="GPL-2 GPL-2+"
 SLOT="0/1"
 IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
 RESTRICT="!test? ( test )"
@@ -167,10 +168,23 @@ src_install() {
 }
 
 pkg_preinst() {
+	local stderr
+
 	# There's a history of regressions with nftables upgrades. Add a safety
 	# check to help us spot them earlier.
 	if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
-		if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
+		# Check the current loaded ruleset, if any, using the newly
+		# built instance of nft(8).
+		if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+			# Report errors induced by trying to list the ruleset
+			# but don't treat them as being fatal.
+			printf '%s\n' "${stderr}" >&2
+		elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+			# Rulesets generated by iptables-nft are special in
+			# nature and will not always be printed in a way that
+			# constitutes a valid syntax for ntf(8). Ignore them.
+			return
+		elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then
 			eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
 			eerror "nft. This probably means that there is a regression introduced by v${PV}."
 			eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"