public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2015-10-15  9:06 Ian Delaney
  0 siblings, 0 replies; 14+ messages in thread
From: Ian Delaney @ 2015-10-15  9:06 UTC (permalink / raw
  To: gentoo-commits

commit:     322474a9c7cb65b6ebd39d8efd8526f19c38f90b
Author:     Ian Delaney <idella4 <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 15 09:05:28 2015 +0000
Commit:     Ian Delaney <idella4 <AT> gentoo <DOT> org>
CommitDate: Thu Oct 15 09:06:37 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=322474a9

net-firewall/nftables: revbump and patch to fix broken init script

patches submitted by Nicholas Vinson via gentoo bug, set in metadata
as new proxy maintainer by invitation by developer maintainer mreug,
thanks to gokturk for assistance and cross testing

Gentoo bug: #560920

Package-Manager: portage-2.2.20.1

 net-firewall/nftables/files/nftables.init-r1 | 263 +++++++++++++++++++++++++++
 net-firewall/nftables/metadata.xml           |  16 +-
 net-firewall/nftables/nftables-0.5-r1.ebuild |  57 ++++++
 3 files changed, 331 insertions(+), 5 deletions(-)

diff --git a/net-firewall/nftables/files/nftables.init-r1 b/net-firewall/nftables/files/nftables.init-r1
new file mode 100644
index 0000000..05bb053
--- /dev/null
+++ b/net-firewall/nftables/files/nftables.init-r1
@@ -0,0 +1,263 @@
+#!/sbin/runscript
+# Copyright 2014 Nicholas Vinson
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="clear list panic save"
+extra_started_commands="reload"
+depend() {
+    need localmount #434774
+    before net
+}
+
+start_pre() {
+    checkkernel || return 1
+    checkconfig || return 1
+    return 0
+}
+
+clear() {
+    if use_legacy; then
+        clear_legacy
+        return 0
+    fi
+
+    nft flush ruleset
+}
+
+list() {
+    if use_legacy; then
+        list_legacy
+        return 0
+    fi
+
+    nft list ruleset
+}
+
+panic() {
+    checkkernel || return 1
+    if service_started ${RC_SVCNAME}; then
+        rc-service ${RC_SVCNAME} stop
+    fi
+
+    ebegin "Dropping all packets"
+    clear
+    if nft create table ip filter >/dev/null 2>&1; then
+        #nft -f /var/lib/nftables/rules-panic.ip
+	nft -f /dev/stdin <<-EOF
+	    table ip filter {
+	                    chain input {
+	                                    type filter hook input priority 0;
+	                                    drop
+	                    }
+	                    chain forward {
+	                                    type filter hook forward priority 0;
+	                                    drop
+	                    }
+	                    chain output {
+	                                    type filter hook output priority 0;
+	                                    drop
+	                    }
+	    }
+	EOF
+    fi
+    if nft create table ip6 filter >/dev/null 2>&1; then
+        #nft -f /var/lib/nftables/rules-panic.ip6
+	nft -f /dev/stdin <<-EOF
+	    table ip6 filter {
+	                    chain input {
+	                                    type filter hook input priority 0;
+	                                    drop
+	                    }
+	                    chain forward {
+	                                    type filter hook forward priority 0;
+	                                    drop
+	                    }
+	                    chain output {
+	                                    type filter hook output priority 0;
+	                                    drop
+	                    }
+	    }
+	EOF
+    fi
+}
+
+reload() {
+    checkkernel || return 1
+    ebegin "Flushing firewall"
+    clear
+    start
+}
+
+save() {
+    ebegin "Saving nftables state"
+    checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
+    checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
+
+    local tmp_save="${NFTABLES_SAVE}.tmp"
+
+    if use_legacy; then
+        save_legacy ${tmp_save}
+    else
+        nft list ruleset > ${tmp_save}
+    fi
+    mv ${tmp_save} ${NFTABLES_SAVE}
+}
+
+start() {
+    ebegin "Loading nftables state and starting firewall"
+    clear
+    nft -f ${NFTABLES_SAVE}
+    eend $?
+}
+
+stop() {
+    if yesno ${SAVE_ON_STOP:-yes}; then
+        save || return 1
+    fi
+
+    ebegin "Stopping firewall"
+    clear
+    eend $?
+}
+
+################################################################################
+#
+# SUPPORT FUNCTIONS
+#
+################################################################################
+checkconfig() {
+    if [ ! -f ${NFTABLES_SAVE} ]; then
+        eerror "Not starting nftables.  First create some rules then run:"
+        eerror "rc-service nftables save"
+        return 1
+    fi
+    return 0
+}
+
+checkkernel() {
+    if ! nft list tables >/dev/null 2>&1; then
+        eerror "Your kernel lacks nftables support, please load"
+        eerror "appropriate modules and try again."
+        return 1
+    fi
+    return 0
+}
+
+use_legacy() {
+    local major_ver minor_ver
+
+    major_ver=`uname -r | cut -d '.' -f1`
+    minor_ver=`uname -r | cut -d '.' -f2`
+
+    [[ $major_ver -ge 4 || $major_ver -eq 3 && $minor_ver -ge 18 ]] && return 1
+    return 0
+}
+
+################################################################################
+#
+# LEGACY COMMAND FUNCTIONS
+#
+################################################################################
+
+clear_legacy() {
+    local l3f line table chain first_line
+
+    first_line=1
+    if manualwalk; then
+        for l3f in $(getfamilies); do
+            nft list tables ${l3f} | while read line; do
+                table=$(echo ${line} | sed "s/table[ \t]*//")
+                deletetable ${l3f} ${table}
+            done
+        done
+    else
+        nft list tables | while read line; do
+            l3f=$(echo ${line} | cut -d ' ' -f2)
+            table=$(echo ${line} | cut -d ' ' -f3)
+            deletetable ${l3f} ${table}
+        done
+    fi
+}
+
+list_legacy() {
+    local l3f
+
+    if manualwalk; then
+        for l3f in $(getfamilies); do
+            nft list tables ${l3f} | while read line; do
+                line=$(echo ${line} | sed "s/table/table ${l3f}/")
+                echo "$(nft list ${line})"
+            done
+        done
+    else
+        nft list tables | while read line; do
+            echo "$(nft list ${line})"
+        done
+    fi
+}
+
+save_legacy() {
+    tmp_save=$1
+    touch "${tmp_save}"
+    if manualwalk; then
+        for l3f in $(getfamilies); do
+            nft list tables ${l3f} | while read line; do
+                line=$(echo ${line} | sed "s/table/table ${l3f}/")
+                nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save}
+            done
+        done
+    else
+        nft list tables | while read line; do
+            nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}"
+        done
+    fi
+}
+
+################################################################################
+#
+# LEGACY SUPPORT FUNCTIONS
+#
+################################################################################
+CHECK_TABLE_NAME="GENTOO_CHECK_TABLE"
+
+getfamilies() {
+    local l3f families
+
+    for l3f in ip arp ip6 bridge inet; do
+        if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then
+            families="${families}${l3f} "
+            nft delete table ${l3f} ${CHECK_TABLE_NAME}
+        fi
+    done
+    echo ${families}
+}
+
+manualwalk() {
+    local result l3f=`getfamilies | cut -d ' ' -f1`
+
+    nft create table ${l3f} ${CHECK_TABLE_NAME}
+    nft list tables | read line
+    if [ $(echo $line | wc -w) -lt 3 ]; then
+        result=0
+    fi
+    result=1
+    nft delete table ${l3f} ${CHECK_TABLE_NAME}
+
+    return $result
+}
+
+deletetable() {
+    # family is $1
+    # table name is $2
+    nft flush table $1 $2
+    nft list table $1 $2 | while read l; do
+        chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2)
+        if [ -n "${chain}" ]; then
+            nft flush chain $1 $2 ${chain}
+            nft delete chain $1 $2 ${chain}
+        fi
+    done
+    nft delete table $1 $2
+}
+

diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml
index a250966..822af25 100644
--- a/net-firewall/nftables/metadata.xml
+++ b/net-firewall/nftables/metadata.xml
@@ -1,9 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<herd>base-system</herd>
-<maintainer>
-	<email>mrueg@gentoo.org</email>
-	<name>Manuel Rüger</name>
-</maintainer>
+	<herd>base-system</herd>
+	<herd>proxy-maintainers</herd>
+	<maintainer>
+		<email>mrueg@gentoo.org</email>
+		<name>Manuel Rüger</name>
+	</maintainer>
+	<maintainer>
+		<email>nvinson234@gmail.com</email>
+		<name>Nicholas Vinson</name>
+		<description>Proxy maintianer to be assifgned bugs</description>
+	</maintainer>
 </pkgmetadata>

diff --git a/net-firewall/nftables/nftables-0.5-r1.ebuild b/net-firewall/nftables/nftables-0.5-r1.ebuild
new file mode 100644
index 0000000..8c70616
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.5-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools linux-info eutils
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://netfilter.org/projects/nftables/"
+SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="debug gmp +readline"
+
+RDEPEND=">=net-libs/libmnl-1.0.3
+	>=net-libs/libnftnl-1.0.5
+	gmp? ( dev-libs/gmp:0= )
+	readline? ( sys-libs/readline:0= )"
+DEPEND="${RDEPEND}
+	>=app-text/docbook2X-0.8.8-r4
+	sys-devel/bison
+	sys-devel/flex"
+
+S="${WORKDIR}"/v${PV}
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	epatch_user
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		--sbindir="${EPREFIX}"/sbin \
+		$(use_enable debug) \
+		$(use_with readline cli) \
+		$(use_with !gmp mini_gmp)
+}
+
+src_install() {
+	default
+
+	newconfd "${FILESDIR}"/${PN}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}.init-r1 ${PN}
+	keepdir /var/lib/nftables
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2016-07-03 22:08 Göktürk Yüksek
  0 siblings, 0 replies; 14+ messages in thread
From: Göktürk Yüksek @ 2016-07-03 22:08 UTC (permalink / raw
  To: gentoo-commits

commit:     4bb40c4276fd8bf1f0e109a033eae18dab1da480
Author:     Nicholas Vinson <nvinson234 <AT> gmail <DOT> com>
AuthorDate: Fri Jun  3 03:28:53 2016 +0000
Commit:     Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
CommitDate: Sun Jul  3 21:58:26 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bb40c42

net-firewall/nftables: version bump to 0.6

Fixes bug #584898 and updates the nftables-0.5-pdf-doc.patch to match
upstream submission.

Gentoo-bug: 584898
Package-Manager: portage-2.3.0_rc1

 net-firewall/nftables/Manifest                     |  1 +
 .../nftables/files/nftables-0.5-pdf-doc.patch      | 22 +++----
 net-firewall/nftables/nftables-0.6.ebuild          | 68 ++++++++++++++++++++++
 3 files changed, 80 insertions(+), 11 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 78785f2..99fde80 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1 +1,2 @@
 DIST nftables-0.5.tar.gz 216740 SHA256 b48991f4e9e73b689bc254fa06b3ff3c1f937241d333291cb2ae72c0cd2398b6 SHA512 5d804ac9bb340446e52e5b0e86b726216ecc0d1eb42738cf133ba1acc5b442f720f5644005e02b9e3e8fae4e2bdc64d32560d6c6b1b26fe15bde24d62db51679 WHIRLPOOL 348d511c7ee530e6fb04b9828babad45407e4b60c443aaa8902aa9535705ff54cb78cd5e5c8ba970b57b97406b00718e94ab8a346fceaa82803bdaad84d30285
+DIST nftables-0.6.tar.gz 252523 SHA256 85dd7fa4e741c0be02efddbc57b5d300e1147f09ec6f81d0399110f96dc958f0 SHA512 17f3b94687865e077dc082cf61b29ab2854fd1ffe18212a8d424f2876aef8db9780dd4d06dca8e6d093498151d47bab73e40e1f54062a83a23a3cbe75f27e921 WHIRLPOOL d15eaf81426d73bea28752f96727d291120120fb2aaa994d421d900974eb45062957435e077664fb916780f636ed9b61889dbec8b627d5d309512bae96f02874

diff --git a/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch b/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch
index b6f7834..d09faa3 100644
--- a/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch
+++ b/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch
@@ -4,22 +4,22 @@ generation.
 --- a/configure.ac
 +++ b/configure.ac
 @@ -27,10 +27,16 @@
- 	      AS_IF([test "x$enable_debug" = "xno"], [with_debug=no], [with_debug=yes]),
- 	      [with_debug=yes])
- AC_SUBST(with_debug)
- AM_CONDITIONAL([BUILD_DEBUG], [test "x$with_debug" != xno])
+ AC_CONFIG_HEADER([config.h])
+ 
+ AC_DEFINE([_GNU_SOURCE], [], [Enable various GNU extensions])
+ AC_DEFINE([_STDC_FORMAT_MACROS], [], [printf-style format macros])
  
 +AC_ARG_ENABLE([pdf-doc],
-+	      AS_HELP_STRING([--enable-pdf-doc], [Enable PDF documentation]),
++	      AS_HELP_STRING([--disable-pdf-doc], [Disable PDF documentation]),
 +	      AS_IF([test "x$enable_pdf_doc" = "xno"], [enable_pdf_doc=no],
-+	      [enable_pdf_doc=yes]), [enable_pdf_doc=no])
++	      [enable_pdf_doc=yes]), [enable_pdf_doc=yes])
 +AM_CONDITIONAL([BUILD_PDF], [test "x$enable_pdf_doc" == "xyes" ])
 +
- # Checks for programs.
- AC_PROG_CC
- AC_PROG_MKDIR_P
- AC_PROG_INSTALL
- AC_PROG_SED
+ AC_ARG_ENABLE([debug],
+ 	      AS_HELP_STRING([--enable-debug], [Disable debugging]),
+ 	      AS_IF([test "x$enable_debug" = "xno"], [with_debug=no], [with_debug=yes]),
+ 	      [with_debug=yes])
+ AC_SUBST(with_debug)
 @@ -61,15 +67,15 @@
  	)]
  )

diff --git a/net-firewall/nftables/nftables-0.6.ebuild b/net-firewall/nftables/nftables-0.6.ebuild
new file mode 100644
index 0000000..d97df4d
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.6.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools linux-info systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://netfilter.org/projects/nftables/"
+SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="debug doc gmp +readline"
+
+RDEPEND=">=net-libs/libmnl-1.0.3
+	>=net-libs/libnftnl-1.0.6
+	gmp? ( dev-libs/gmp:0= )
+	readline? ( sys-libs/readline:0= )"
+DEPEND="${RDEPEND}
+	>=app-text/docbook2X-0.8.8-r4
+	doc? ( >=app-text/dblatex-0.3.7 )
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig"
+
+S="${WORKDIR}/v${PV}"
+
+PATCHES=( "${FILESDIR}/${PN}-0.5-pdf-doc.patch" )
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		--sbindir="${EPREFIX}"/sbin \
+		$(use_enable doc pdf-doc) \
+		$(use_enable debug) \
+		$(use_with readline cli) \
+		$(use_with !gmp mini_gmp)
+}
+
+src_install() {
+	default
+
+	dodir /usr/libexec/${PN}
+	insinto /usr/libexec/${PN}
+	doins /usr/libexec/${PN}/${PN}.sh
+
+	newconfd "${FILESDIR}"/${PN}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}.init-r2 ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}{,-{re,}store}.service
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2018-01-18 14:21 Lars Wendler
  0 siblings, 0 replies; 14+ messages in thread
From: Lars Wendler @ 2018-01-18 14:21 UTC (permalink / raw
  To: gentoo-commits

commit:     b85e9b4b352dac72db999011a570bcbcbcafddf3
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 18 14:20:05 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 18 14:21:17 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b85e9b4b

net-firewall/nftables: Removed old.

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-firewall/nftables/Manifest                     |  2 -
 .../nftables/files/nftables-0.5-pdf-doc.patch      | 52 -------------
 .../files/nftables-0.6-null-payload-desc-fix.patch | 14 ----
 net-firewall/nftables/nftables-0.6-r4.ebuild       | 87 ----------------------
 net-firewall/nftables/nftables-0.7.ebuild          | 82 --------------------
 5 files changed, 237 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 3264c8d8d2b..d0f5ddd5bf4 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,4 +1,2 @@
-DIST nftables-0.6.tar.gz 252523 BLAKE2B 0359ca5265b244c433efd0b3c5d6aaf1a68c40b70b9199602e8f17b4e509a24e48554aefafc89d51c9e1e821c471690af9c99f1178f227d3cd9395897837de9e SHA512 17f3b94687865e077dc082cf61b29ab2854fd1ffe18212a8d424f2876aef8db9780dd4d06dca8e6d093498151d47bab73e40e1f54062a83a23a3cbe75f27e921
-DIST nftables-0.7.tar.gz 292652 BLAKE2B 036afb1d27ea7d078f976c76a87a4b1ccef519197594910f7f3cb9d37b09103da41c15f611e24392cc9648f216606a29bd312a9026ecf053fc3b71959d1da7e1 SHA512 6032720abf3af8a6dc0b4f507c6ae970447f504d59db4a34b2e0eea3c59962bc69d9ebfaa4e26a117747eb9d0224716a9709b96551b5479d914d7498f26ed43a
 DIST nftables-0.8.1.tar.gz 329098 BLAKE2B d6e5803e146ed5883761d620ef1549e883a2947b495a9b1ff2a40c70794ab5125596e0802fb60bff6d1a21e666c94338b92a22ef3c4c1b66e0b4521cd3dfb78d SHA512 5cae3a411f24adc17786b45d4ed8256eb44fd90f044f7f5d7ddebb1875d0317197e13128d9b22115cd7fcdfa21dba3c539de325ecedce707f8766c93e03efc75
 DIST nftables-0.8.tar.gz 327629 BLAKE2B a484c22ac010f68fc7458c12cabd0c35e474a0bf81fa4edbefba12d75b424898d38adb11a7fbb4542efbbb2d14be823701b3d9ced7b9fd669338366733fa169b SHA512 90ffebc338c121334ca42822793b6fdeff48390e755c690308919de47064b53f9af735a2c2914e5255f1bddec90484599337d4cdd67f7a01a3956deefcef9fcb

diff --git a/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch b/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch
deleted file mode 100644
index d09faa3ddd9..00000000000
--- a/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-Update configure script to include option to enable and disable PDF man page
-generation.
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -27,10 +27,16 @@
- AC_CONFIG_HEADER([config.h])
- 
- AC_DEFINE([_GNU_SOURCE], [], [Enable various GNU extensions])
- AC_DEFINE([_STDC_FORMAT_MACROS], [], [printf-style format macros])
- 
-+AC_ARG_ENABLE([pdf-doc],
-+	      AS_HELP_STRING([--disable-pdf-doc], [Disable PDF documentation]),
-+	      AS_IF([test "x$enable_pdf_doc" = "xno"], [enable_pdf_doc=no],
-+	      [enable_pdf_doc=yes]), [enable_pdf_doc=yes])
-+AM_CONDITIONAL([BUILD_PDF], [test "x$enable_pdf_doc" == "xyes" ])
-+
- AC_ARG_ENABLE([debug],
- 	      AS_HELP_STRING([--enable-debug], [Disable debugging]),
- 	      AS_IF([test "x$enable_debug" = "xno"], [with_debug=no], [with_debug=yes]),
- 	      [with_debug=yes])
- AC_SUBST(with_debug)
-@@ -61,15 +67,15 @@
- 	)]
- )
- AC_SUBST(DB2MAN)
- AM_CONDITIONAL([BUILD_MAN], [test -n "$DB2MAN"])
- 
--AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no])
--AS_IF([test "$DBLATEX" == "no"],
--	[AC_MSG_WARN([dblatex not found, no PDF manpages will be built])]
--)
--AM_CONDITIONAL([BUILD_PDF], [test "$DBLATEX" == "found"])
-+AM_COND_IF([BUILD_PDF], [
-+	AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no])
-+	AS_IF([test "$DBLATEX" == "no"],
-+	      [AC_MSG_ERROR([dblatex not found])])
-+])
- 
- # Checks for libraries.
- PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
- PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.5])
- 
-@@ -134,6 +140,7 @@
- 
- echo "
- nft configuration:
-   cli support:			${with_cli}
-   enable debugging:		${with_debug}
--  use mini-gmp:			${with_mini_gmp}"
-+  use mini-gmp:			${with_mini_gmp}
-+  enable pdf documentation:	${enable_pdf_doc}"

diff --git a/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch
deleted file mode 100644
index 3ea59e7aa49..00000000000
--- a/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/src/payload.c b/src/payload.c
-index ac0e917..9ba980a 100644
---- a/src/payload.c
-+++ b/src/payload.c
-@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
- 	base = ctx->protocol[left->payload.base].desc;
- 	desc = proto_find_upper(base, proto);
- 
-+	if (!desc)
-+		return;
-+
- 	assert(desc->base <= PROTO_BASE_MAX);
- 	if (desc->base == base->base) {
- 		assert(base->length > 0);

diff --git a/net-firewall/nftables/nftables-0.6-r4.ebuild b/net-firewall/nftables/nftables-0.6-r4.ebuild
deleted file mode 100644
index be9f30bcfbe..00000000000
--- a/net-firewall/nftables/nftables-0.6-r4.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools linux-info systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://netfilter.org/projects/nftables/"
-SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~x86"
-IUSE="debug doc gmp +readline xml"
-
-RDEPEND=">=net-libs/libmnl-1.0.3
-	gmp? ( dev-libs/gmp:0= )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.0.6[xml(-)?]
-	"
-DEPEND="${RDEPEND}
-	>=app-text/docbook2X-0.8.8-r4
-	doc? ( >=app-text/dblatex-0.3.7 )
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig"
-
-S="${WORKDIR}/v${PV}"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-0.5-pdf-doc.patch"
-	"${FILESDIR}/${P}-null-payload-desc-fix.patch"
-)
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	econf \
-		--sbindir="${EPREFIX}"/sbin \
-		$(use_enable doc pdf-doc) \
-		$(use_enable debug) \
-		$(use_with readline cli) \
-		$(use_with !gmp mini_gmp)
-}
-
-src_install() {
-	default
-
-	dodir /usr/libexec/${PN}
-	exeinto /usr/libexec/${PN}
-	doexe "${FILESDIR}"/libexec/${PN}.sh
-
-	newconfd "${FILESDIR}"/${PN}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-	systemd_enable_service basic.target ${PN}-restore.service
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT%/}/var/lib/nftables/rules-save"
-
-	elog "In order for the nftables-restore systemd service to start, "
-	elog "the file, ${save_file}, must exist.  To create this "
-	elog "file run the following command: "
-	elog ""
-	elog "	touch '${save_file}'"
-	elog ""
-	elog "Afterwards, the nftables-restore service should be manually started "
-	elog "to ensure firewall changes are stored on system shutdown.  The "
-	elog "systemd service will function normally thereafter."
-}

diff --git a/net-firewall/nftables/nftables-0.7.ebuild b/net-firewall/nftables/nftables-0.7.ebuild
deleted file mode 100644
index 30376495f19..00000000000
--- a/net-firewall/nftables/nftables-0.7.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools linux-info systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://netfilter.org/projects/nftables/"
-SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~x86"
-IUSE="debug doc gmp +readline"
-
-RDEPEND=">=net-libs/libmnl-1.0.3
-	gmp? ( dev-libs/gmp:0= )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.0.7"
-
-DEPEND="${RDEPEND}
-	>=app-text/docbook2X-0.8.8-r4
-	doc? ( >=app-text/dblatex-0.3.7 )
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig"
-
-S="${WORKDIR}/v${PV}"
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	econf \
-		--sbindir="${EPREFIX}"/sbin \
-		$(use_enable doc pdf-doc) \
-		$(use_enable debug) \
-		$(use_with readline cli) \
-		$(use_with !gmp mini_gmp)
-}
-
-src_install() {
-	default
-
-	dodir /usr/libexec/${PN}
-	exeinto /usr/libexec/${PN}
-	doexe "${FILESDIR}"/libexec/${PN}.sh
-
-	newconfd "${FILESDIR}"/${PN}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-	systemd_enable_service basic.target ${PN}-restore.service
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT%/}/var/lib/nftables/rules-save"
-
-	elog "In order for the nftables-restore systemd service to start, "
-	elog "the file, ${save_file}, must exist.  To create this "
-	elog "file run the following command: "
-	elog ""
-	elog "	touch '${save_file}'"
-	elog ""
-	elog "Afterwards, the nftables-restore service should be manually started "
-	elog "to ensure firewall changes are stored on system shutdown.  The "
-	elog "systemd service will function normally thereafter."
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2019-06-28 11:49 Lars Wendler
  0 siblings, 0 replies; 14+ messages in thread
From: Lars Wendler @ 2019-06-28 11:49 UTC (permalink / raw
  To: gentoo-commits

commit:     7be951c308fdca589c4d7a54131bb39d841a8955
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 28 09:07:23 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Jun 28 11:49:10 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7be951c3

net-firewall/nftables: Bump to version 0.9.1

Package-Manager: Portage-2.3.67, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-firewall/nftables/Manifest                     |   1 +
 .../nftables-0.9.1-avoid_dive_into_py_subdir.patch |  49 ++++++++
 .../files/nftables-0.9.1-python_build.patch        |  45 +++++++
 net-firewall/nftables/nftables-0.9.1.ebuild        | 137 +++++++++++++++++++++
 4 files changed, 232 insertions(+)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 528cd04345e..70378f4b869 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,3 +1,4 @@
 DIST nftables-0.8.5.tar.gz 355403 BLAKE2B 124bc5c35f050cc591f57b39cddcd595f97d14f83aed464b42efed272a03150623667dd0ca2862833c6b86d825d264c79dd1a211b9a6913b5734c0eaa4029b13 SHA512 311ec77646e2bc7da1b46ef2aba7492a5c0fdf23d33633649a6304771c5ce5ad839353b0702e942a82508c01d1c35705b602d91e54913944e03e176dc3f855f8
 DIST nftables-0.8.tar.gz 327629 BLAKE2B a484c22ac010f68fc7458c12cabd0c35e474a0bf81fa4edbefba12d75b424898d38adb11a7fbb4542efbbb2d14be823701b3d9ced7b9fd669338366733fa169b SHA512 90ffebc338c121334ca42822793b6fdeff48390e755c690308919de47064b53f9af735a2c2914e5255f1bddec90484599337d4cdd67f7a01a3956deefcef9fcb
 DIST nftables-0.9.0.tar.gz 417981 BLAKE2B 4dfba4d71928f1694ffeb4871353fc373d88e23c5ba716e726e1e6aba0efb2703233528f7a408bfefe47bfe54aa3612cccab9742c2a2208ec8c7a4bcda0e1823 SHA512 78e383bad5440c9414202cf0e4b6749fc5c01071d2fa547208e61cea6e7e179933990e7e538a60696eb0a7cf510d2c4b273a91d50287bb51507d244cd2875aed
+DIST nftables-0.9.1.tar.bz2 764066 BLAKE2B 26b194d6b3b970c05348c32a3ab21e8c25fcdb0d09d3d6b467198ba23a5bb44e7b6450d3efb86c39a488df4a837885c4a1ab96c197d5449f7de49b7b18ff5f90 SHA512 e14b75197ba3fea2a46c090450bf8b45b39fdc20db67bab1d6919c90128dee8ea8bbe9508e070f86b22ec70bcad8ab584fb89630a2240f09683137471c77d242

diff --git a/net-firewall/nftables/files/nftables-0.9.1-avoid_dive_into_py_subdir.patch b/net-firewall/nftables/files/nftables-0.9.1-avoid_dive_into_py_subdir.patch
new file mode 100644
index 00000000000..8ff4b85d88a
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-0.9.1-avoid_dive_into_py_subdir.patch
@@ -0,0 +1,49 @@
+From c5ca85848c2fe28366d286a5b000f99d927516d3 Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Tue, 25 Jun 2019 08:58:34 +0200
+Subject: build: avoid recursion into py/ if not selected
+
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ Makefile.am    | 6 ++++--
+ py/Makefile.am | 3 ---
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index e567d32d..4a17424d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -3,8 +3,10 @@ ACLOCAL_AMFLAGS	= -I m4
+ SUBDIRS = 	src	\
+ 		include	\
+ 		files	\
+-		doc		\
+-		py
++		doc
++if HAVE_PYTHON
++SUBDIRS += py
++endif
+ 
+ EXTRA_DIST =	tests	\
+ 		files
+diff --git a/py/Makefile.am b/py/Makefile.am
+index 9fce7c9e..5f4e1f6f 100644
+--- a/py/Makefile.am
++++ b/py/Makefile.am
+@@ -1,7 +1,5 @@
+ EXTRA_DIST = setup.py __init__.py nftables.py schema.json
+ 
+-if HAVE_PYTHON
+-
+ all-local:
+ 	cd $(srcdir) && \
+ 		$(PYTHON_BIN) setup.py build --build-base $(abs_builddir)
+@@ -28,4 +26,3 @@ clean-local:
+ 
+ distclean-local:
+ 	rm -f version
+-endif
+-- 
+cgit v1.2.1
+

diff --git a/net-firewall/nftables/files/nftables-0.9.1-python_build.patch b/net-firewall/nftables/files/nftables-0.9.1-python_build.patch
new file mode 100644
index 00000000000..81f65524ce7
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-0.9.1-python_build.patch
@@ -0,0 +1,45 @@
+From 1f7e4deb527db32c55646e6e5baedb2ff2aa205e Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Tue, 25 Jun 2019 08:58:33 +0200
+Subject: build: unbreak non-functionality of --disable-python
+
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ configure.ac | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 75cf9199..b71268e8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -103,11 +103,14 @@ AC_ARG_WITH([python_bin],
+ 	   )
+ 
+ AS_IF([test "x$PYTHON_BIN" = "x"], [
+-	AS_IF([test "x$enable_python" = "xyes"], [AC_MSG_ERROR([Python asked but not found])])
+-	AS_IF([test "x$enable_python" = "xcheck"], [AC_MSG_WARN([Python not found, continuing anyway])])
++	AS_IF([test "x$enable_python" = "xyes"], [AC_MSG_ERROR([Python asked but not found])],
++	[test "x$enable_python" = "xcheck"], [
++		AC_MSG_WARN([Python not found, continuing anyway])
++		enable_python=no
+ 	])
++])
+ 
+-AM_CONDITIONAL([HAVE_PYTHON], [test "x$PYTHON_BIN" != "x"])
++AM_CONDITIONAL([HAVE_PYTHON], [test "$enable_python" != "no"])
+ 
+ AC_CONFIG_FILES([					\
+ 		Makefile				\
+@@ -138,7 +141,7 @@ nft configuration:
+   libxtables support:		${with_xtables}
+   json output support:          ${with_json}"
+ 
+-AS_IF([test "x$PYTHON_BIN" != "x"], [
++AS_IF([test "$enable_python" != "no"], [
+ 	echo "  enable Python:		yes (with $PYTHON_BIN)"
+ 	], [
+ 	echo "  enable Python:		no"
+-- 
+cgit v1.2.1
+

diff --git a/net-firewall/nftables/nftables-0.9.1.ebuild b/net-firewall/nftables/nftables-0.9.1.ebuild
new file mode 100644
index 00000000000..832ec7e67b4
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.1.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{5,6,7} )
+
+inherit autotools linux-info python-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86"
+IUSE="debug +gmp json +modern_kernel python +readline static-libs"
+
+RDEPEND="${PYTHON_DEPS}
+	>=net-libs/libmnl-1.0.3:0=
+	gmp? ( dev-libs/gmp:0= )
+	json? ( dev-libs/jansson )
+	readline? ( sys-libs/readline:0= )
+	>=net-libs/libnftnl-1.1.3:0="
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	>=app-text/docbook2X-0.8.8-r4
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+#S="${WORKDIR}/v${PV}"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-python_build.patch
+	"${FILESDIR}"/${P}-avoid_dive_into_py_subdir.patch
+)
+
+python_make() {
+	emake \
+		-C py \
+		abs_builddir="${S}" \
+		DESTDIR="${D}" \
+		PYTHON_BIN="${PYTHON}" \
+		${@}
+}
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern_kernel && kernel_is lt 3 18; then
+			eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# fix installation path for doc stuff
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}@' \
+		-i files/nftables/Makefile.am || die
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/osf@' \
+		-i files/osf/Makefile.am || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		# We handle python separately
+		--disable-python
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with readline cli)
+		$(use_enable static-libs static)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use python ; then
+		python_foreach_impl python_make
+	fi
+}
+
+src_install() {
+	default
+
+	local mksuffix="$(usex modern_kernel '-mk' '')"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	if use python ; then
+		python_foreach_impl python_make install
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f ${save_file} ]]; then
+		touch ${save_file}
+	fi
+
+	elog "If you wish to enable the firewall rules on boot (on systemd) you"
+	elog "will need to enable the nftables-restore service."
+	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
+	elog
+	elog "If you are creating firewall rules before the next system restart "
+	elog "the nftables-restore service must be manually started in order to "
+	elog "save those rules on shutdown."
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2020-04-02  7:47 Lars Wendler
  0 siblings, 0 replies; 14+ messages in thread
From: Lars Wendler @ 2020-04-02  7:47 UTC (permalink / raw
  To: gentoo-commits

commit:     7d761f89de9ca533a4ef703b99439de2f7761d81
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  2 07:46:45 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr  2 07:47:50 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d761f89

net-firewall/nftables: Removed old

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-firewall/nftables/Manifest                     |   3 -
 .../nftables-0.9.1-avoid_dive_into_py_subdir.patch |  49 -------
 .../files/nftables-0.9.1-python_build.patch        |  45 -------
 net-firewall/nftables/nftables-0.9.0-r5.ebuild     | 103 --------------
 net-firewall/nftables/nftables-0.9.0-r6.ebuild     | 103 --------------
 net-firewall/nftables/nftables-0.9.1-r2.ebuild     | 149 ---------------------
 net-firewall/nftables/nftables-0.9.2-r2.ebuild     | 144 --------------------
 7 files changed, 596 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 38d6eefb1dd..8efe409eb2f 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,5 +1,2 @@
-DIST nftables-0.9.0.tar.gz 417981 BLAKE2B 4dfba4d71928f1694ffeb4871353fc373d88e23c5ba716e726e1e6aba0efb2703233528f7a408bfefe47bfe54aa3612cccab9742c2a2208ec8c7a4bcda0e1823 SHA512 78e383bad5440c9414202cf0e4b6749fc5c01071d2fa547208e61cea6e7e179933990e7e538a60696eb0a7cf510d2c4b273a91d50287bb51507d244cd2875aed
-DIST nftables-0.9.1.tar.bz2 764066 BLAKE2B 26b194d6b3b970c05348c32a3ab21e8c25fcdb0d09d3d6b467198ba23a5bb44e7b6450d3efb86c39a488df4a837885c4a1ab96c197d5449f7de49b7b18ff5f90 SHA512 e14b75197ba3fea2a46c090450bf8b45b39fdc20db67bab1d6919c90128dee8ea8bbe9508e070f86b22ec70bcad8ab584fb89630a2240f09683137471c77d242
-DIST nftables-0.9.2.tar.bz2 779850 BLAKE2B 40bf9ed956a126048f27b343afc7aa4f6e34f35dc91127402cb127903f8150d212c80491fef2b54c18a63ca065608521062b3f6a2dd78969bdbf4d7d8a5a751d SHA512 2d83b104af0d70f99a16c2e40afdb9bf89bd984323810e2895976c5e2e346bf09dd88850a391f295e335279adfdd39d34c13610cf8e6b801499dc0df2a5cecf6
 DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43
 DIST nftables-0.9.4.tar.bz2 792788 BLAKE2B 3f2d8ff3bcfe3ab815ee369c4937adef5e5730edee8ea59b32031732802e608bcb47ddd3e55303ad6c295158aff51b2f2c069d98600db83d732ff78836c7abb5 SHA512 cef5b5f26f3a2893a3eb1323f1f0ecfd6e2865e0eb040e9b7da5824e5be2274b888e661abe96e828add9e951f47303e30cb7c9238d267a031c0f99b5f3b6e2c0

diff --git a/net-firewall/nftables/files/nftables-0.9.1-avoid_dive_into_py_subdir.patch b/net-firewall/nftables/files/nftables-0.9.1-avoid_dive_into_py_subdir.patch
deleted file mode 100644
index 8ff4b85d88a..00000000000
--- a/net-firewall/nftables/files/nftables-0.9.1-avoid_dive_into_py_subdir.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c5ca85848c2fe28366d286a5b000f99d927516d3 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Tue, 25 Jun 2019 08:58:34 +0200
-Subject: build: avoid recursion into py/ if not selected
-
-Signed-off-by: Jan Engelhardt <jengelh@inai.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- Makefile.am    | 6 ++++--
- py/Makefile.am | 3 ---
- 2 files changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index e567d32d..4a17424d 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3,8 +3,10 @@ ACLOCAL_AMFLAGS	= -I m4
- SUBDIRS = 	src	\
- 		include	\
- 		files	\
--		doc		\
--		py
-+		doc
-+if HAVE_PYTHON
-+SUBDIRS += py
-+endif
- 
- EXTRA_DIST =	tests	\
- 		files
-diff --git a/py/Makefile.am b/py/Makefile.am
-index 9fce7c9e..5f4e1f6f 100644
---- a/py/Makefile.am
-+++ b/py/Makefile.am
-@@ -1,7 +1,5 @@
- EXTRA_DIST = setup.py __init__.py nftables.py schema.json
- 
--if HAVE_PYTHON
--
- all-local:
- 	cd $(srcdir) && \
- 		$(PYTHON_BIN) setup.py build --build-base $(abs_builddir)
-@@ -28,4 +26,3 @@ clean-local:
- 
- distclean-local:
- 	rm -f version
--endif
--- 
-cgit v1.2.1
-

diff --git a/net-firewall/nftables/files/nftables-0.9.1-python_build.patch b/net-firewall/nftables/files/nftables-0.9.1-python_build.patch
deleted file mode 100644
index 81f65524ce7..00000000000
--- a/net-firewall/nftables/files/nftables-0.9.1-python_build.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 1f7e4deb527db32c55646e6e5baedb2ff2aa205e Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Tue, 25 Jun 2019 08:58:33 +0200
-Subject: build: unbreak non-functionality of --disable-python
-
-Signed-off-by: Jan Engelhardt <jengelh@inai.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- configure.ac | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 75cf9199..b71268e8 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -103,11 +103,14 @@ AC_ARG_WITH([python_bin],
- 	   )
- 
- AS_IF([test "x$PYTHON_BIN" = "x"], [
--	AS_IF([test "x$enable_python" = "xyes"], [AC_MSG_ERROR([Python asked but not found])])
--	AS_IF([test "x$enable_python" = "xcheck"], [AC_MSG_WARN([Python not found, continuing anyway])])
-+	AS_IF([test "x$enable_python" = "xyes"], [AC_MSG_ERROR([Python asked but not found])],
-+	[test "x$enable_python" = "xcheck"], [
-+		AC_MSG_WARN([Python not found, continuing anyway])
-+		enable_python=no
- 	])
-+])
- 
--AM_CONDITIONAL([HAVE_PYTHON], [test "x$PYTHON_BIN" != "x"])
-+AM_CONDITIONAL([HAVE_PYTHON], [test "$enable_python" != "no"])
- 
- AC_CONFIG_FILES([					\
- 		Makefile				\
-@@ -138,7 +141,7 @@ nft configuration:
-   libxtables support:		${with_xtables}
-   json output support:          ${with_json}"
- 
--AS_IF([test "x$PYTHON_BIN" != "x"], [
-+AS_IF([test "$enable_python" != "no"], [
- 	echo "  enable Python:		yes (with $PYTHON_BIN)"
- 	], [
- 	echo "  enable Python:		no"
--- 
-cgit v1.2.1
-

diff --git a/net-firewall/nftables/nftables-0.9.0-r5.ebuild b/net-firewall/nftables/nftables-0.9.0-r5.ebuild
deleted file mode 100644
index dc29d33b649..00000000000
--- a/net-firewall/nftables/nftables-0.9.0-r5.ebuild
+++ /dev/null
@@ -1,103 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools linux-info systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm ~arm64 ia64 x86"
-IUSE="debug doc +gmp json +modern-kernel +readline"
-
-RDEPEND=">=net-libs/libmnl-1.0.3:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.1:0="
-
-DEPEND="${RDEPEND}
-	>=app-text/docbook2X-0.8.8-r4
-	doc? ( >=app-text/dblatex-0.3.7 )
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig"
-
-S="${WORKDIR}/v${PV}"
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc pdf-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	local mksuffix=""
-	use modern-kernel && mksuffix="-mk"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	docinto /usr/share/doc/${PF}/skels
-	dodoc "${D}"/etc/nftables/*
-	rm -R "${D}"/etc/nftables
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT%/}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}

diff --git a/net-firewall/nftables/nftables-0.9.0-r6.ebuild b/net-firewall/nftables/nftables-0.9.0-r6.ebuild
deleted file mode 100644
index 90884e99c1c..00000000000
--- a/net-firewall/nftables/nftables-0.9.0-r6.ebuild
+++ /dev/null
@@ -1,103 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools linux-info systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86"
-IUSE="debug doc +gmp json +modern-kernel +readline"
-
-RDEPEND=">=net-libs/libmnl-1.0.3:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.1:0="
-
-DEPEND="${RDEPEND}
-	>=app-text/docbook2X-0.8.8-r4
-	doc? ( >=app-text/dblatex-0.3.7 )
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig"
-
-S="${WORKDIR}/v${PV}"
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc pdf-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	local mksuffix=""
-	use modern-kernel && mksuffix="-mk"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	docinto skels
-	dodoc "${D}"/etc/nftables/*
-	rm -R "${D}"/etc/nftables
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT%/}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}

diff --git a/net-firewall/nftables/nftables-0.9.1-r2.ebuild b/net-firewall/nftables/nftables-0.9.1-r2.ebuild
deleted file mode 100644
index adebe58c63c..00000000000
--- a/net-firewall/nftables/nftables-0.9.1-r2.ebuild
+++ /dev/null
@@ -1,149 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86"
-IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.3:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? ( app-text/asciidoc )
-	>=app-text/docbook2X-0.8.8-r4
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-#S="${WORKDIR}/v${PV}"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-python_build.patch
-	"${FILESDIR}"/${P}-avoid_dive_into_py_subdir.patch
-)
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		${@}
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python ; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}

diff --git a/net-firewall/nftables/nftables-0.9.2-r2.ebuild b/net-firewall/nftables/nftables-0.9.2-r2.ebuild
deleted file mode 100644
index 99f33eaaa6c..00000000000
--- a/net-firewall/nftables/nftables-0.9.2-r2.ebuild
+++ /dev/null
@@ -1,144 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~sparc ~x86"
-IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.4:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? ( app-text/asciidoc )
-	>=app-text/docbook2X-0.8.8-r4
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-#S="${WORKDIR}/v${PV}"
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		${@}
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python ; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2020-11-08  2:59 Patrick McLean
  0 siblings, 0 replies; 14+ messages in thread
From: Patrick McLean @ 2020-11-08  2:59 UTC (permalink / raw
  To: gentoo-commits

commit:     cb51431baffa2b5f38beb351274913f0d2768fc9
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  8 02:59:20 2020 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Sun Nov  8 02:59:20 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb51431b

net-firewall/nftables-0.9.7-r1: revbump, fix initd (bug #753491, #744955)

Closes: https://bugs.gentoo.org/753491
Closes: https://bugs.gentoo.org/744955
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 net-firewall/nftables/files/nftables-mk.init-r1    |  50 ++++---
 net-firewall/nftables/files/nftables.init-r1       | 154 ++++++++++++---------
 ...ables-0.9.7.ebuild => nftables-0.9.7-r1.ebuild} |   2 +-
 net-firewall/nftables/nftables-0.9.7.ebuild        |   2 +-
 net-firewall/nftables/nftables-9999.ebuild         |   2 +-
 5 files changed, 119 insertions(+), 91 deletions(-)

diff --git a/net-firewall/nftables/files/nftables-mk.init-r1 b/net-firewall/nftables/files/nftables-mk.init-r1
index 45b2abdbda7..1f03301c053 100644
--- a/net-firewall/nftables/files/nftables-mk.init-r1
+++ b/net-firewall/nftables/files/nftables-mk.init-r1
@@ -20,7 +20,7 @@ checkkernel() {
 }
 
 checkconfig() {
-	if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then
+	if [ -z "${NFTABLES_SAVE}" ] || [ ! -f "${NFTABLES_SAVE}" ] ; then
 		eerror "Not starting nftables. First create some rules then run:"
 		eerror "/etc/init.d/${SVCNAME} save"
 		return 1
@@ -28,6 +28,11 @@ checkconfig() {
 	return 0
 }
 
+_nftables() {
+	export NFTABLES_SAVE SAVE_OPTIONS
+	/usr/libexec/nftables/nftables.sh "${@}"
+}
+
 start_pre() {
 	checkconfig || return 1
 	checkkernel || return 1
@@ -36,8 +41,8 @@ start_pre() {
 
 start() {
 	ebegin "Loading ${SVCNAME} state and starting firewall"
-	/usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}"
-	eend $?
+	_nftables load "${NFTABLES_SAVE}"
+	eend ${?}
 }
 
 stop() {
@@ -47,13 +52,13 @@ stop() {
 
 	ebegin "Stopping firewall"
 	if [ "${PANIC_ON_STOP}" = "hard" ]; then
-		/usr/libexec/nftables/nftables.sh panic
+		_nftables panic
 	elif [ "${PANIC_ON_STOP}" = "soft" ]; then
-		/usr/libexec/nftables/nftables.sh soft_panic
+		_nftables soft_panic
 	else
-		/usr/libexec/nftables/nftables.sh clear
+		_nftables clear
 	fi
-	eend $?
+	eend ${?}
 }
 
 reload() {
@@ -63,43 +68,42 @@ reload() {
 
 clear() {
 	ebegin "Clearing rules"
-	/usr/libexec/nftables/nftables.sh clear
-	eend $?
+	_nftables clear
+	eend ${?}
 }
 
 list() {
-	/usr/libexec/nftables/nftables.sh list
+	_nftables list
 }
 
 check() {
 	ebegin "Checking rules"
-	/usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}"
-	eend $?
+	_nftables check "${NFTABLES_SAVE}"
+	eend ${?}
 }
 
 save() {
 	ebegin "Saving ${SVCNAME} state"
 	checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
 	checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
-	SAVE_OPTIONS="${SAVE_OPTIONS}" \
-		/usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}"
-	eend $?
+	_nftables store "${NFTABLES_SAVE}"
+	eend ${?}
 }
 
 panic() {
-	if service_started ${SVCNAME}; then
-		rc-service ${SVCNAME} zap
+	if service_started "${SVCNAME}"; then
+		rc-service "${SVCNAME}" zap
 	fi
 	ebegin "Dropping all packets"
-	/usr/libexec/nftables/nftables.sh panic
-	eend $?
+	_nftables panic
+	eend ${?}
 }
 
 soft_panic() {
-	if service_started ${SVCNAME}; then
-		rc-service ${SVCNAME} zap
+	if service_started "${SVCNAME}"; then
+		rc-service "${SVCNAME}" zap
 	fi
 	ebegin "Dropping new connections"
-	/usr/libexec/nftables/nftables.sh soft_panic
-	eend $?
+	_nftables soft_panic
+	eend ${?}
 }

diff --git a/net-firewall/nftables/files/nftables.init-r1 b/net-firewall/nftables/files/nftables.init-r1
index 45b2abdbda7..60f1632f455 100644
--- a/net-firewall/nftables/files/nftables.init-r1
+++ b/net-firewall/nftables/files/nftables.init-r1
@@ -1,105 +1,129 @@
 #!/sbin/openrc-run
+# Copyright 2014-2017 Nicholas Vinson
 # Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-extra_commands="check clear list panic save soft_panic"
+extra_commands="clear list panic save"
 extra_started_commands="reload"
-
 depend() {
 	need localmount #434774
 	before net
 }
 
-checkkernel() {
-	if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then
-		eerror "Your kernel lacks nftables support, please load"
-		eerror "appropriate modules and try again."
-		return 1
-	fi
-	return 0
+_nftables() {
+	export NFTABLES_SAVE SAVE_OPTIONS
+	/usr/libexec/nftables/nftables.sh "${@}"
 }
 
-checkconfig() {
-	if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then
-		eerror "Not starting nftables. First create some rules then run:"
-		eerror "/etc/init.d/${SVCNAME} save"
-		return 1
-	fi
+start_pre() {
+	checkkernel || return 1
+	checkconfig || return 1
 	return 0
 }
 
-start_pre() {
-	checkconfig || return 1
-	checkkernel || return 1
-	check || return 1
+clear() {
+	_nftables clear || return 1
+	return 0
 }
 
-start() {
-	ebegin "Loading ${SVCNAME} state and starting firewall"
-	/usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}"
-	eend $?
+list() {
+	_nftables list || return 1
+	return 0
 }
 
-stop() {
-	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
-		save || return 1
+panic() {
+	checkkernel || return 1
+	if service_started "${RC_SVCNAME}"; then
+		rc-service "${RC_SVCNAME}" stop
 	fi
 
-	ebegin "Stopping firewall"
-	if [ "${PANIC_ON_STOP}" = "hard" ]; then
-		/usr/libexec/nftables/nftables.sh panic
-	elif [ "${PANIC_ON_STOP}" = "soft" ]; then
-		/usr/libexec/nftables/nftables.sh soft_panic
-	else
-		/usr/libexec/nftables/nftables.sh clear
+	ebegin "Dropping all packets"
+	clear
+	if nft create table ip filter >/dev/null 2>&1; then
+	nft -f /dev/stdin <<-EOF
+		table ip filter {
+			chain input {
+				type filter hook input priority 0;
+				drop
+			}
+			chain forward {
+				type filter hook forward priority 0;
+				drop
+			}
+			chain output {
+				type filter hook output priority 0;
+				drop
+			}
+		}
+	EOF
+	fi
+	if nft create table ip6 filter >/dev/null 2>&1; then
+	nft -f /dev/stdin <<-EOF
+		table ip6 filter {
+			chain input {
+				type filter hook input priority 0;
+				drop
+			}
+			chain forward {
+				type filter hook forward priority 0;
+				drop
+			}
+			chain output {
+				type filter hook output priority 0;
+				drop
+			}
+		}
+	EOF
 	fi
-	eend $?
 }
 
 reload() {
-	start_pre || return 1
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	clear
 	start
 }
 
-clear() {
-	ebegin "Clearing rules"
-	/usr/libexec/nftables/nftables.sh clear
-	eend $?
+save() {
+	ebegin "Saving nftables state"
+	checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
+	checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
+	export SAVE_OPTIONS
+	_nftables store "${NFTABLES_SAVE}"
+	return $?
 }
 
-list() {
-	/usr/libexec/nftables/nftables.sh list
+start() {
+	ebegin "Loading nftables state and starting firewall"
+	clear
+	_nftables load "${NFTABLES_SAVE}"
+	eend ${?}
 }
 
-check() {
-	ebegin "Checking rules"
-	/usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}"
-	eend $?
-}
+stop() {
+	if yesno "${SAVE_ON_STOP:-yes}"; then
+		save || return 1
+	fi
 
-save() {
-	ebegin "Saving ${SVCNAME} state"
-	checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
-	checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
-	SAVE_OPTIONS="${SAVE_OPTIONS}" \
-		/usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}"
-	eend $?
+	ebegin "Stopping firewall"
+	clear
+	eend ${?}
 }
 
-panic() {
-	if service_started ${SVCNAME}; then
-		rc-service ${SVCNAME} zap
+checkconfig() {
+	if [ ! -f "${NFTABLES_SAVE}" ]; then
+		eerror "Not starting nftables.  First create some rules then run:"
+		eerror "rc-service nftables save"
+		return 1
 	fi
-	ebegin "Dropping all packets"
-	/usr/libexec/nftables/nftables.sh panic
-	eend $?
+	return 0
 }
 
-soft_panic() {
-	if service_started ${SVCNAME}; then
-		rc-service ${SVCNAME} zap
+checkkernel() {
+	if ! nft list tables >/dev/null 2>&1; then
+		eerror "Your kernel lacks nftables support, please load"
+		eerror "appropriate modules and try again."
+		return 1
 	fi
-	ebegin "Dropping new connections"
-	/usr/libexec/nftables/nftables.sh soft_panic
-	eend $?
+	return 0
 }

diff --git a/net-firewall/nftables/nftables-0.9.7.ebuild b/net-firewall/nftables/nftables-0.9.7-r1.ebuild
similarity index 98%
copy from net-firewall/nftables/nftables-0.9.7.ebuild
copy to net-firewall/nftables/nftables-0.9.7-r1.ebuild
index c1413422262..99305e2ed64 100644
--- a/net-firewall/nftables/nftables-0.9.7.ebuild
+++ b/net-firewall/nftables/nftables-0.9.7-r1.ebuild
@@ -111,7 +111,7 @@ src_install() {
 	exeinto /usr/libexec/${PN}
 	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
 	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
 	keepdir /var/lib/nftables
 
 	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service

diff --git a/net-firewall/nftables/nftables-0.9.7.ebuild b/net-firewall/nftables/nftables-0.9.7.ebuild
index c1413422262..99305e2ed64 100644
--- a/net-firewall/nftables/nftables-0.9.7.ebuild
+++ b/net-firewall/nftables/nftables-0.9.7.ebuild
@@ -111,7 +111,7 @@ src_install() {
 	exeinto /usr/libexec/${PN}
 	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
 	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
 	keepdir /var/lib/nftables
 
 	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service

diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index 2230bbd4f98..1cc0dea3eb8 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -122,7 +122,7 @@ src_install() {
 	exeinto /usr/libexec/${PN}
 	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
 	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
 	keepdir /var/lib/nftables
 
 	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2020-11-08  3:02 Patrick McLean
  0 siblings, 0 replies; 14+ messages in thread
From: Patrick McLean @ 2020-11-08  3:02 UTC (permalink / raw
  To: gentoo-commits

commit:     f5c070668a438055c5cc6666bbc759eac40372e1
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  8 03:02:25 2020 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Sun Nov  8 03:02:25 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5c07066

net-firewall/nftables: Remove old

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 net-firewall/nftables/Manifest                     |   3 -
 ...w-building-from-tarballs-without-yacc-lex.patch |  37 -----
 net-firewall/nftables/nftables-0.9.3-r1.ebuild     | 144 -------------------
 net-firewall/nftables/nftables-0.9.4-r1.ebuild     | 147 -------------------
 net-firewall/nftables/nftables-0.9.4-r2.ebuild     | 158 ---------------------
 5 files changed, 489 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index bdc20af83d0..658a95d5986 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,5 +1,2 @@
-DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43
-DIST nftables-0.9.4-manpages.tar.xz 38580 BLAKE2B bb561c7824d032ecfff5c98af10c95af6f5188377f43de8398be7e503adff0441d49fa3e2cefcb646927cc1a4222957f0cc75d5ad4c770ef3a3f8cb8a677c5ce SHA512 1b94ff06ceccf75bbefbf64496d5fa0b492907d7ec5fe41f7808c6e239b2a0a42e88d61e35e22485abee7e4bd382178e962a7c5b113433247ca329cbfa408bca
-DIST nftables-0.9.4.tar.bz2 792788 BLAKE2B 3f2d8ff3bcfe3ab815ee369c4937adef5e5730edee8ea59b32031732802e608bcb47ddd3e55303ad6c295158aff51b2f2c069d98600db83d732ff78836c7abb5 SHA512 cef5b5f26f3a2893a3eb1323f1f0ecfd6e2865e0eb040e9b7da5824e5be2274b888e661abe96e828add9e951f47303e30cb7c9238d267a031c0f99b5f3b6e2c0
 DIST nftables-0.9.6.tar.bz2 859481 BLAKE2B 0ede36370d9f8b75d0179f8f28077124d47132413417382b737508c7ef81c7d2891e1934e69c1ef5af5450ac13c9a914d37bb62ebf40fb91fa048b4ec3a24c90 SHA512 ca6524ff1cb1e79d636afeb96f54e4699773e1cbda8e9a3ec5728f4d5b764c0df16b195cdcc0e304ae5643c8761b6b5a6685c737965a7415aec07aeb9f3dc5df
 DIST nftables-0.9.7.tar.bz2 872759 BLAKE2B 25218d97bd5a102b626a2c4beb37a59da2f6c1a8ead49b18375154ff88da536dfac7442aef2c10d2f6e20e6b51c5760a692960da35b82ab335a58e48189e3ae8 SHA512 174cf2d788dfd21f6709ccdc59060580aff904c3d906bac57d07c1b813b2cfdba895205d8342d722460b813f3504d598b82ac2d8a93af5964569b378b9598455

diff --git a/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch b/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch
deleted file mode 100644
index 6eb70859625..00000000000
--- a/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 3c83e2bca90b697e7c98f849319f1ad015dcdb86 Mon Sep 17 00:00:00 2001
-From: Matt Turner <mattst88@gmail.com>
-Date: Tue, 7 Apr 2020 13:16:59 -0700
-Subject: [PATCH nftables 2/2] build: Allow building from tarballs without
- yacc/lex
-
-The generated files are included in the tarballs already, but
-configure.ac was coded to fail if yacc/lex were not found regardless.
-
-Signed-off-by: Matt Turner <mattst88@gmail.com>
----
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index a04d94bc..3496e410 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -29,13 +29,13 @@ AC_PROG_SED
- AM_PROG_LEX
- AC_PROG_YACC
- 
--if test -z "$ac_cv_prog_YACC"
-+if test -z "$ac_cv_prog_YACC" -a ! -f "${srcdir}/src/parser_bison.c"
- then
-         echo "*** Error: No suitable bison/yacc found. ***"
-         echo "    Please install the 'bison' package."
-         exit 1
- fi
--if test -z "$ac_cv_prog_LEX"
-+if test -z "$ac_cv_prog_LEX" -a ! -f "${srcdir}/src/scanner.c"
- then
-         echo "*** Error: No suitable flex/lex found. ***"
-         echo "    Please install the 'flex' package."
--- 
-2.24.1
-

diff --git a/net-firewall/nftables/nftables-0.9.3-r1.ebuild b/net-firewall/nftables/nftables-0.9.3-r1.ebuild
deleted file mode 100644
index 40a505c31ae..00000000000
--- a/net-firewall/nftables/nftables-0.9.3-r1.ebuild
+++ /dev/null
@@ -1,144 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~ia64 ~ppc64 ~sparc x86"
-IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.5:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? ( app-text/asciidoc )
-	>=app-text/docbook2X-0.8.8-r4
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-#S="${WORKDIR}/v${PV}"
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		${@}
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python ; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}

diff --git a/net-firewall/nftables/nftables-0.9.4-r1.ebuild b/net-firewall/nftables/nftables-0.9.4-r1.ebuild
deleted file mode 100644
index 9cd3da3f64c..00000000000
--- a/net-firewall/nftables/nftables-0.9.4-r1.ebuild
+++ /dev/null
@@ -1,147 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
-IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.6:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-#S="${WORKDIR}/v${PV}"
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		${@}
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python ; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemctl enable ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}

diff --git a/net-firewall/nftables/nftables-0.9.4-r2.ebuild b/net-firewall/nftables/nftables-0.9.4-r2.ebuild
deleted file mode 100644
index cf8385c7c2b..00000000000
--- a/net-firewall/nftables/nftables-0.9.4-r2.ebuild
+++ /dev/null
@@ -1,158 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
-	!doc? ( https://dev.gentoo.org/~chutzpah/dist/nftables/${P}-manpages.tar.xz )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
-IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.6:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-#S="${WORKDIR}/v${PV}"
-
-PATCHES=(
-	# this has been sent upstream, see
-	# https://marc.info/?l=netfilter-devel&m=158629102300853
-	"${FILESDIR}/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch"
-)
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		${@}
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python ; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc; then
-		pushd "${WORKDIR}/${P}-manpages" >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemctl enable ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2021-01-21 23:15 Lars Wendler
  0 siblings, 0 replies; 14+ messages in thread
From: Lars Wendler @ 2021-01-21 23:15 UTC (permalink / raw
  To: gentoo-commits

commit:     624c189ab990ca7f9ef45c046b8d1dd60b66a151
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 21 23:15:23 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 21 23:15:37 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=624c189a

net-firewall/nftables: Fixed build with sys-devel/slibtool

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-firewall/nftables/files/nftables-0.9.8-slibtool.patch | 13 +++++++++++++
 net-firewall/nftables/nftables-0.9.8.ebuild               |  4 ++++
 2 files changed, 17 insertions(+)

diff --git a/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch b/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch
new file mode 100644
index 00000000000..a92645f793c
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch
@@ -0,0 +1,13 @@
+This fixes build with sys-devel/slibtool
+
+--- nftables-0.9.8/src/Makefile.am
++++ nftables-0.9.8/src/Makefile.am
+@@ -90,7 +90,7 @@
+ 
+ libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la
+ libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \
+-			 --version-script=$(srcdir)/libnftables.map
++			 -Wl,--version-script=$(srcdir)/libnftables.map
+ 
+ if BUILD_MINIGMP
+ noinst_LTLIBRARIES += libminigmp.la

diff --git a/net-firewall/nftables/nftables-0.9.8.ebuild b/net-firewall/nftables/nftables-0.9.8.ebuild
index da74dfce922..626037ea8e8 100644
--- a/net-firewall/nftables/nftables-0.9.8.ebuild
+++ b/net-firewall/nftables/nftables-0.9.8.ebuild
@@ -40,6 +40,10 @@ REQUIRED_USE="
 	python? ( ${PYTHON_REQUIRED_USE} )
 "
 
+PATCHES=(
+	"${FILESDIR}/${PN}-0.9.8-slibtool.patch"
+)
+
 python_make() {
 	emake \
 		-C py \


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2021-05-09  9:33 David Seifert
  0 siblings, 0 replies; 14+ messages in thread
From: David Seifert @ 2021-05-09  9:33 UTC (permalink / raw
  To: gentoo-commits

commit:     31504377b1030f3c88dbb113142b2c5678c98092
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sun May  9 09:33:12 2021 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sun May  9 09:33:12 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31504377

net-firewall/nftables: Remove old 0.9.6, 0.9.6-r1, 0.9.7-r1

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: David Seifert <soap <AT> gentoo.org>

 net-firewall/nftables/Manifest                 |   2 -
 net-firewall/nftables/files/nftables-mk.init   | 104 ----------------
 net-firewall/nftables/files/nftables.init      | 124 -------------------
 net-firewall/nftables/nftables-0.9.6-r1.ebuild | 162 -------------------------
 net-firewall/nftables/nftables-0.9.6.ebuild    | 162 -------------------------
 net-firewall/nftables/nftables-0.9.7-r1.ebuild | 162 -------------------------
 6 files changed, 716 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index f7773a6ba0f..2a75be7d73d 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,3 +1 @@
-DIST nftables-0.9.6.tar.bz2 859481 BLAKE2B 0ede36370d9f8b75d0179f8f28077124d47132413417382b737508c7ef81c7d2891e1934e69c1ef5af5450ac13c9a914d37bb62ebf40fb91fa048b4ec3a24c90 SHA512 ca6524ff1cb1e79d636afeb96f54e4699773e1cbda8e9a3ec5728f4d5b764c0df16b195cdcc0e304ae5643c8761b6b5a6685c737965a7415aec07aeb9f3dc5df
-DIST nftables-0.9.7.tar.bz2 872759 BLAKE2B 25218d97bd5a102b626a2c4beb37a59da2f6c1a8ead49b18375154ff88da536dfac7442aef2c10d2f6e20e6b51c5760a692960da35b82ab335a58e48189e3ae8 SHA512 174cf2d788dfd21f6709ccdc59060580aff904c3d906bac57d07c1b813b2cfdba895205d8342d722460b813f3504d598b82ac2d8a93af5964569b378b9598455
 DIST nftables-0.9.8.tar.bz2 879516 BLAKE2B 5063090d648668f4d5ae6d4be48ebecc65dfd4b525768e94a0d90ceebbee73874c916727be8de633550db71c612d698d88cf93575931362b48d954e6ac275143 SHA512 1c5709825c8b2c13cbed0310658959ecee164c930bc9e2447618a0894598138b9a549d20509c32a5c23ce99e40438df38f9e170cf656ce993d819f365490a180

diff --git a/net-firewall/nftables/files/nftables-mk.init b/net-firewall/nftables/files/nftables-mk.init
deleted file mode 100644
index f7e3dce8ada..00000000000
--- a/net-firewall/nftables/files/nftables-mk.init
+++ /dev/null
@@ -1,104 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="check clear list panic save soft_panic"
-extra_started_commands="reload"
-
-depend() {
-	need localmount #434774
-	before net
-}
-
-checkkernel() {
-	if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then
-		eerror "Your kernel lacks nftables support, please load"
-		eerror "appropriate modules and try again."
-		return 1
-	fi
-	return 0
-}
-
-checkconfig() {
-	if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then
-		eerror "Not starting nftables. First create some rules then run:"
-		eerror "/etc/init.d/${SVCNAME} save"
-		return 1
-	fi
-	return 0
-}
-
-start_pre() {
-	checkconfig || return 1
-	checkkernel || return 1
-	check || return 1
-}
-
-start() {
-	ebegin "Loading ${SVCNAME} state and starting firewall"
-	/usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}"
-	eend $?
-}
-
-stop() {
-	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
-		save || return 1
-	fi
-
-	ebegin "Stopping firewall"
-	if [ "${PANIC_ON_STOP}" = "hard" ]; then
-		/usr/libexec/nftables/nftables.sh panic
-	elif [ "${PANIC_ON_STOP}" = "soft" ]; then
-		/usr/libexec/nftables/nftables.sh soft_panic
-	else
-		/usr/libexec/nftables/nftables.sh clear
-	fi
-	eend $?
-}
-
-reload() {
-	start_pre || return 1
-	start
-}
-
-clear() {
-	ebegin "Clearing rules"
-	/usr/libexec/nftables/nftables.sh clear
-	eend $?
-}
-
-list() {
-	/usr/libexec/nftables/nftables.sh list
-}
-
-check() {
-	ebegin "Checking rules"
-	/usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}"
-	eend $?
-}
-
-save() {
-	ebegin "Saving ${SVCNAME} state"
-	checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
-	checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
-	/usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}"
-	eend $?
-}
-
-panic() {
-	if service_started ${SVCNAME}; then
-		rc-service ${SVCNAME} zap
-	fi
-	ebegin "Dropping all packets"
-	/usr/libexec/nftables/nftables.sh panic
-	eend $?
-}
-
-soft_panic() {
-	if service_started ${SVCNAME}; then
-		rc-service ${SVCNAME} zap
-	fi
-	ebegin "Dropping new connections"
-	/usr/libexec/nftables/nftables.sh soft_panic
-	eend $?
-}

diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init
deleted file mode 100644
index cf4ab8b5f44..00000000000
--- a/net-firewall/nftables/files/nftables.init
+++ /dev/null
@@ -1,124 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 2014-2017 Nicholas Vinson
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="clear list panic save"
-extra_started_commands="reload"
-depend() {
-    need localmount #434774
-    before net
-}
-
-start_pre() {
-    checkkernel || return 1
-    checkconfig || return 1
-    return 0
-}
-
-clear() {
-    /usr/libexec/nftables/nftables.sh clear || return 1
-    return 0
-}
-
-list() {
-    /usr/libexec/nftables/nftables.sh list || return 1
-    return 0
-}
-
-panic() {
-    checkkernel || return 1
-    if service_started ${RC_SVCNAME}; then
-        rc-service ${RC_SVCNAME} stop
-    fi
-
-    ebegin "Dropping all packets"
-    clear
-    if nft create table ip filter >/dev/null 2>&1; then
-	nft -f /dev/stdin <<-EOF
-	    table ip filter {
-	                    chain input {
-	                                    type filter hook input priority 0;
-	                                    drop
-	                    }
-	                    chain forward {
-	                                    type filter hook forward priority 0;
-	                                    drop
-	                    }
-	                    chain output {
-	                                    type filter hook output priority 0;
-	                                    drop
-	                    }
-	    }
-	EOF
-    fi
-    if nft create table ip6 filter >/dev/null 2>&1; then
-	nft -f /dev/stdin <<-EOF
-	    table ip6 filter {
-	                    chain input {
-	                                    type filter hook input priority 0;
-	                                    drop
-	                    }
-	                    chain forward {
-	                                    type filter hook forward priority 0;
-	                                    drop
-	                    }
-	                    chain output {
-	                                    type filter hook output priority 0;
-	                                    drop
-	                    }
-	    }
-	EOF
-    fi
-}
-
-reload() {
-    checkkernel || return 1
-    ebegin "Flushing firewall"
-    clear
-    start
-}
-
-save() {
-    ebegin "Saving nftables state"
-    checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
-    checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
-    export SAVE_OPTIONS
-    /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE}
-    return $?
-}
-
-start() {
-    ebegin "Loading nftables state and starting firewall"
-    clear
-    /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE}
-    eend $?
-}
-
-stop() {
-    if yesno ${SAVE_ON_STOP:-yes}; then
-        save || return 1
-    fi
-
-    ebegin "Stopping firewall"
-    clear
-    eend $?
-}
-
-checkconfig() {
-    if [ ! -f ${NFTABLES_SAVE} ]; then
-        eerror "Not starting nftables.  First create some rules then run:"
-        eerror "rc-service nftables save"
-        return 1
-    fi
-    return 0
-}
-
-checkkernel() {
-    if ! nft list tables >/dev/null 2>&1; then
-        eerror "Your kernel lacks nftables support, please load"
-        eerror "appropriate modules and try again."
-        return 1
-    fi
-    return 0
-}

diff --git a/net-firewall/nftables/nftables-0.9.6-r1.ebuild b/net-firewall/nftables/nftables-0.9.6-r1.ebuild
deleted file mode 100644
index fb41c0456bc..00000000000
--- a/net-firewall/nftables/nftables-0.9.6-r1.ebuild
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~ia64 ppc ~ppc64 sparc x86"
-IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.7:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		"${@}"
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}

diff --git a/net-firewall/nftables/nftables-0.9.6.ebuild b/net-firewall/nftables/nftables-0.9.6.ebuild
deleted file mode 100644
index 690196596ef..00000000000
--- a/net-firewall/nftables/nftables-0.9.6.ebuild
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~ia64 ~ppc64 ~sparc x86"
-IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.7:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		"${@}"
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}

diff --git a/net-firewall/nftables/nftables-0.9.7-r1.ebuild b/net-firewall/nftables/nftables-0.9.7-r1.ebuild
deleted file mode 100644
index 37fd9baf808..00000000000
--- a/net-firewall/nftables/nftables-0.9.7-r1.ebuild
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
-IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	>=net-libs/libnftnl-1.1.8:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		"${@}"
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2022-02-24 17:21 Patrick McLean
  0 siblings, 0 replies; 14+ messages in thread
From: Patrick McLean @ 2022-02-24 17:21 UTC (permalink / raw
  To: gentoo-commits

commit:     63428e7ae12c38a6c101386f7cf0499cfb087f04
Author:     Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Thu Feb 24 17:20:32 2022 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Feb 24 17:20:51 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63428e7a

net-firewall/nftables: Version bump to 1.0.2

Had to drop the slibtool patch as it causes build to fail with GNU
libtool.

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 net-firewall/nftables/Manifest                     |   1 +
 .../files/nftables-1.0.2-compilation.patch         |  34 ++++
 net-firewall/nftables/nftables-1.0.2.ebuild        | 186 +++++++++++++++++++++
 3 files changed, 221 insertions(+)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 9ba8523f3bc9..164083bf9526 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -2,3 +2,4 @@ DIST nftables-0.9.8.tar.bz2 879516 BLAKE2B 5063090d648668f4d5ae6d4be48ebecc65dfd
 DIST nftables-0.9.9.tar.bz2 922624 BLAKE2B 8de2709576a26ca84a8d694f7cb06cad2bb2fb4671ba21ffc32c0d5997e8124ae7cd794dafddf4db48d8a49c280b48b07d2a31b6c18f6647fdb67cfe7f065b61 SHA512 dfdd3ffc0ffc1742ca0494a3f8fac1c7b2fe942849e60d33fc3cb8a51e27bd39e1ccfeda2195191377a32bb5363ea244f4c3e71b4a6d930f33bf87e17a534fab
 DIST nftables-1.0.0.tar.bz2 921053 BLAKE2B ee86a323170433c3ba62f80118947864aac0fe0aaeb48afeb5a116a48782185c83313ef1b5735c7749eb5eccb88f252b444d1ee908be25bdaa4d9c0b833c1dc2 SHA512 33460bef4ee76b7caa44fa5515357127ae84be468448cc838dd31919b6e045ba6195b761118d4c8a4219a9f008c4416542ce784f4daad94f3b44c0626bcdd014
 DIST nftables-1.0.1.tar.bz2 954586 BLAKE2B e406699c96b98495f1b6deeab0233873ce20b43c13c162eafea1e6b371961123a69f3d5e7bd2f1bedfdbe58fed56ba3e2dae962b88657af6f4ab5b3743fb6373 SHA512 a0db4d82725509d2a9c638ba7ba55547ad7b5138a5fe686b0e90260d6a65e060dd72a470969c1d69e945303bd2bfc33b2021d9f4141b88befefddc61b7afe10d
+DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932dd172b3569618696100bf3853b9a108bf0296dcf9d615ae7c0fbec84b48266299b62cf755d181d19c626f8a3cd4 SHA512 560d23c6e369eafd7b354d29fe73d46154e4a74dec000178c1aea47751fe535d20c4e6bbecd3955eb2b327c7a60b1269e5c6dc5781498546b639fa2d1367a9ca

diff --git a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
new file mode 100644
index 000000000000..166063587485
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
@@ -0,0 +1,34 @@
+From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 22 Feb 2022 00:56:36 +0100
+Subject: examples: compile with `make check' and add AM_CPPFLAGS
+
+Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to
+specify local headers via -I.
+
+Unfortunately, `make distcheck' did not catch this compile time error in
+my system, since it was using the nftables/libnftables.h file of the
+previous nftables release.
+
+Fixes: 5b364657a35f ("build: missing SUBIRS update")
+Fixes: caf2a6ad2d22 ("examples: add libnftables example program")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ examples/Makefile.am | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/examples/Makefile.am b/examples/Makefile.am
+index c972170d..3b8b0b67 100644
+--- a/examples/Makefile.am
++++ b/examples/Makefile.am
+@@ -1,4 +1,6 @@
+-noinst_PROGRAMS	= nft-buffer		\
++check_PROGRAMS	= nft-buffer		\
+ 		  nft-json-file
+ 
++AM_CPPFLAGS = -I$(top_srcdir)/include
++
+ LDADD = $(top_builddir)/src/libnftables.la
+-- 
+cgit v1.2.3
+

diff --git a/net-firewall/nftables/nftables-1.0.2.ebuild b/net-firewall/nftables/nftables-1.0.2.ebuild
new file mode 100644
index 000000000000..0bbf94f10942
--- /dev/null
+++ b/net-firewall/nftables/nftables-1.0.2.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+DISTUTILS_OPTIONAL=1
+inherit autotools linux-info distutils-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+
+	BDEPEND="
+		sys-devel/bison
+		sys-devel/flex
+	"
+else
+	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0/1"
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+	>=net-libs/libmnl-1.0.4:0=
+	>=net-libs/libnftnl-1.2.1:0=
+	gmp? ( dev-libs/gmp:= )
+	json? ( dev-libs/jansson:= )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND+="
+	doc? (
+		app-text/asciidoc
+		>=app-text/docbook2X-0.8.8-r4
+	)
+	virtual/pkgconfig
+"
+
+REQUIRED_USE="
+	python? ( ${PYTHON_REQUIRED_USE} )
+	libedit? ( !readline )
+"
+
+PATCHES=(
+	"${FILESDIR}/nftables-1.0.2-compilation.patch"
+)
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# fix installation path for doc stuff
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+		-i files/nftables/Makefile.am || die
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+		-i files/osf/Makefile.am || die
+
+	eautoreconf
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_prepare
+		popd >/dev/null || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		# We handle python separately
+		--disable-python
+		--disable-static
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc man-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with libedit cli editline)
+		$(use_with readline cli readline)
+		$(use_enable static-libs static)
+		$(use_with xtables)
+	)
+	econf "${myeconfargs[@]}"
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_configure
+		popd >/dev/null || die
+	fi
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_compile
+		popd >/dev/null || die
+	fi
+}
+
+src_install() {
+	default
+
+	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+		pushd doc >/dev/null || die
+		doman *.?
+		popd >/dev/null || die
+	fi
+
+	local mksuffix="$(usex modern-kernel '-mk' '')"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	if use python ; then
+		pushd py >/dev/null || die
+		distutils-r1_src_install
+		popd >/dev/null || die
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f "${save_file}" ]]; then
+		( umask 177; touch "${save_file}" )
+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+		ewarn "Your system has dangerous permissions for ${save_file}"
+		ewarn "It is probably affected by bug #691326."
+		ewarn "You may need to fix the permissions of the file. To do so,"
+		ewarn "you can run the command in the line below as root."
+		ewarn "    'chmod 600 \"${save_file}\"'"
+	fi
+
+	if has_version 'sys-apps/systemd'; then
+		elog "If you wish to enable the firewall rules on boot (on systemd) you"
+		elog "will need to enable the nftables-restore service."
+		elog "    'systemctl enable ${PN}-restore.service'"
+		elog
+		elog "If you are creating firewall rules before the next system restart"
+		elog "the nftables-restore service must be manually started in order to"
+		elog "save those rules on shutdown."
+	fi
+	if has_version 'sys-apps/openrc'; then
+		elog "If you wish to enable the firewall rules on boot (on openrc) you"
+		elog "will need to enable the nftables service."
+		elog "    'rc-update add ${PN} default'"
+		elog
+		elog "If you are creating or updating the firewall rules and wish to save"
+		elog "them to be loaded on the next restart, use the \"save\" functionality"
+		elog "in the init script."
+		elog "    'rc-service ${PN} save'"
+	fi
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2022-06-17 16:18 Mike Gilbert
  0 siblings, 0 replies; 14+ messages in thread
From: Mike Gilbert @ 2022-06-17 16:18 UTC (permalink / raw
  To: gentoo-commits

commit:     8c7d289358511150d712e08b2cbb175b1374d9f7
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 17 16:16:41 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Jun 17 16:16:41 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c7d2893

net-firewall/nftables: backport upstream revert

Closes: https://bugs.gentoo.org/852662
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 ....4-revert-scanner-flags-move-to-own-scope.patch | 252 +++++++++++++++++++++
 ...ables-1.0.4.ebuild => nftables-1.0.4-r1.ebuild} |   3 +
 2 files changed, 255 insertions(+)

diff --git a/net-firewall/nftables/files/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch b/net-firewall/nftables/files/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch
new file mode 100644
index 000000000000..db58602bb4e6
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch
@@ -0,0 +1,252 @@
+From 638af0ceb2b22307098bb2730822e148ef0b9424 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 10 Jun 2022 13:01:46 +0200
+Subject: Revert "scanner: flags: move to own scope"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Excess nesting of scanner scopes is very fragile and error prone:
+
+rule `iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop`
+fails with `Error: No symbol type information` hinting at `prefix`
+
+Problem is that we nest via:
+ counter
+   limit
+     log
+    flags
+
+By the time 'prefix' is scanned, state is still stuck in 'counter' due
+to this nesting.  Working around "prefix" isn't enough, any other
+keyword, e.g. "level" in 'flags all level debug' will be parsed as 'string' too.
+
+So, revert this.
+
+Fixes: a16697097e2b ("scanner: flags: move to own scope")
+Reported-by: Christian Göttsche <cgzones@googlemail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ include/parser.h                  |  1 -
+ src/parser_bison.y                | 29 ++++++++++++++---------------
+ src/scanner.l                     | 18 +++++++-----------
+ tests/shell/testcases/parsing/log | 10 ++++++++++
+ 4 files changed, 31 insertions(+), 27 deletions(-)
+ create mode 100755 tests/shell/testcases/parsing/log
+
+diff --git a/include/parser.h b/include/parser.h
+index f32154cc..d8d2eb11 100644
+--- a/include/parser.h
++++ b/include/parser.h
+@@ -35,7 +35,6 @@ enum startcond_type {
+ 	PARSER_SC_CT,
+ 	PARSER_SC_COUNTER,
+ 	PARSER_SC_ETH,
+-	PARSER_SC_FLAGS,
+ 	PARSER_SC_ICMP,
+ 	PARSER_SC_IGMP,
+ 	PARSER_SC_IP,
+diff --git a/src/parser_bison.y b/src/parser_bison.y
+index ca5c488c..2a0240fb 100644
+--- a/src/parser_bison.y
++++ b/src/parser_bison.y
+@@ -942,7 +942,6 @@ close_scope_esp		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_ESP); }
+ close_scope_eth		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_ETH); };
+ close_scope_export	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_EXPORT); };
+ close_scope_fib		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FIB); };
+-close_scope_flags	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_FLAGS); };
+ close_scope_frag	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FRAG); };
+ close_scope_fwd		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_FWD); };
+ close_scope_hash	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); };
+@@ -1679,7 +1678,7 @@ table_block_alloc	:	/* empty */
+ 			}
+ 			;
+ 
+-table_options		:	FLAGS		STRING	close_scope_flags
++table_options		:	FLAGS		STRING
+ 			{
+ 				if (strcmp($2, "dormant") == 0) {
+ 					$<table>0->flags |= TABLE_F_DORMANT;
+@@ -1946,7 +1945,7 @@ set_block		:	/* empty */	{ $$ = $<set>-1; }
+ 				datatype_set($1->key, $3->dtype);
+ 				$$ = $1;
+ 			}
+-			|	set_block	FLAGS		set_flag_list	stmt_separator	close_scope_flags
++			|	set_block	FLAGS		set_flag_list	stmt_separator
+ 			{
+ 				$1->flags = $3;
+ 				$$ = $1;
+@@ -2080,7 +2079,7 @@ map_block		:	/* empty */	{ $$ = $<set>-1; }
+ 				$1->flags  |= NFT_SET_OBJECT;
+ 				$$ = $1;
+ 			}
+-			|	map_block	FLAGS		set_flag_list	stmt_separator	close_scope_flags
++			|	map_block	FLAGS		set_flag_list	stmt_separator
+ 			{
+ 				$1->flags |= $3;
+ 				$$ = $1;
+@@ -2153,7 +2152,7 @@ flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
+ 			{
+ 				$$->flags |= NFT_FLOWTABLE_COUNTER;
+ 			}
+-			|	flowtable_block	FLAGS	OFFLOAD	stmt_separator	close_scope_flags
++			|	flowtable_block	FLAGS	OFFLOAD	stmt_separator
+ 			{
+ 				$$->flags |= FLOWTABLE_F_HW_OFFLOAD;
+ 			}
+@@ -2520,7 +2519,7 @@ dev_spec		:	DEVICE	string
+ 			|	/* empty */		{ $$ = NULL; }
+ 			;
+ 
+-flags_spec		:	FLAGS		OFFLOAD	close_scope_flags
++flags_spec		:	FLAGS		OFFLOAD
+ 			{
+ 				$<chain>0->flags |= CHAIN_F_HW_OFFLOAD;
+ 			}
+@@ -3126,7 +3125,7 @@ log_arg			:	PREFIX			string
+ 				$<stmt>0->log.level	= $2;
+ 				$<stmt>0->log.flags 	|= STMT_LOG_LEVEL;
+ 			}
+-			|	FLAGS			log_flags	close_scope_flags
++			|	FLAGS			log_flags
+ 			{
+ 				$<stmt>0->log.logflags	|= $2;
+ 			}
+@@ -3828,13 +3827,13 @@ queue_stmt		:	queue_stmt_compat	close_scope_queue
+ 			{
+ 				$$ = queue_stmt_alloc(&@$, $3, 0);
+ 			}
+-			|	QUEUE FLAGS	queue_stmt_flags close_scope_flags TO queue_stmt_expr close_scope_queue
++			|	QUEUE FLAGS	queue_stmt_flags TO queue_stmt_expr close_scope_queue
+ 			{
+-				$$ = queue_stmt_alloc(&@$, $6, $3);
++				$$ = queue_stmt_alloc(&@$, $5, $3);
+ 			}
+-			|	QUEUE	FLAGS	queue_stmt_flags close_scope_flags QUEUENUM queue_stmt_expr_simple close_scope_queue
++			|	QUEUE	FLAGS	queue_stmt_flags QUEUENUM queue_stmt_expr_simple close_scope_queue
+ 			{
+-				$$ = queue_stmt_alloc(&@$, $6, $3);
++				$$ = queue_stmt_alloc(&@$, $5, $3);
+ 			}
+ 			;
+ 
+@@ -5501,7 +5500,7 @@ comp_hdr_expr		:	COMP	comp_hdr_field	close_scope_comp
+ 			;
+ 
+ comp_hdr_field		:	NEXTHDR		{ $$ = COMPHDR_NEXTHDR; }
+-			|	FLAGS	close_scope_flags	{ $$ = COMPHDR_FLAGS; }
++			|	FLAGS		{ $$ = COMPHDR_FLAGS; }
+ 			|	CPI		{ $$ = COMPHDR_CPI; }
+ 			;
+ 
+@@ -5562,7 +5561,7 @@ tcp_hdr_field		:	SPORT		{ $$ = TCPHDR_SPORT; }
+ 			|	ACKSEQ		{ $$ = TCPHDR_ACKSEQ; }
+ 			|	DOFF		{ $$ = TCPHDR_DOFF; }
+ 			|	RESERVED	{ $$ = TCPHDR_RESERVED; }
+-			|	FLAGS	close_scope_flags	{ $$ = TCPHDR_FLAGS; }
++			|	FLAGS		{ $$ = TCPHDR_FLAGS; }
+ 			|	WINDOW		{ $$ = TCPHDR_WINDOW; }
+ 			|	CHECKSUM	{ $$ = TCPHDR_CHECKSUM; }
+ 			|	URGPTR		{ $$ = TCPHDR_URGPTR; }
+@@ -5676,7 +5675,7 @@ sctp_chunk_type		:	DATA		{ $$ = SCTP_CHUNK_TYPE_DATA; }
+ 			;
+ 
+ sctp_chunk_common_field	:	TYPE	close_scope_type	{ $$ = SCTP_CHUNK_COMMON_TYPE; }
+-			|	FLAGS	close_scope_flags	{ $$ = SCTP_CHUNK_COMMON_FLAGS; }
++			|	FLAGS	{ $$ = SCTP_CHUNK_COMMON_FLAGS; }
+ 			|	LENGTH	{ $$ = SCTP_CHUNK_COMMON_LENGTH; }
+ 			;
+ 
+@@ -5844,7 +5843,7 @@ rt4_hdr_expr		:	RT4	rt4_hdr_field	close_scope_rt
+ 			;
+ 
+ rt4_hdr_field		:	LAST_ENT	{ $$ = RT4HDR_LASTENT; }
+-			|	FLAGS	close_scope_flags	{ $$ = RT4HDR_FLAGS; }
++			|	FLAGS		{ $$ = RT4HDR_FLAGS; }
+ 			|	TAG		{ $$ = RT4HDR_TAG; }
+ 			|	SID		'['	NUM	']'
+ 			{
+diff --git a/src/scanner.l b/src/scanner.l
+index 2154281e..7eb74020 100644
+--- a/src/scanner.l
++++ b/src/scanner.l
+@@ -201,7 +201,6 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
+ %s SCANSTATE_CT
+ %s SCANSTATE_COUNTER
+ %s SCANSTATE_ETH
+-%s SCANSTATE_FLAGS
+ %s SCANSTATE_ICMP
+ %s SCANSTATE_IGMP
+ %s SCANSTATE_IP
+@@ -339,7 +338,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
+ "jump"			{ return JUMP; }
+ "goto"			{ return GOTO; }
+ "return"		{ return RETURN; }
+-<SCANSTATE_EXPR_QUEUE,SCANSTATE_STMT_DUP,SCANSTATE_STMT_FWD,SCANSTATE_STMT_NAT,SCANSTATE_STMT_TPROXY,SCANSTATE_FLAGS,SCANSTATE_IP,SCANSTATE_IP6>"to"			{ return TO; } /* XXX: SCANSTATE_FLAGS and SCANSTATE_IP here are workarounds */
++<SCANSTATE_EXPR_QUEUE,SCANSTATE_STMT_DUP,SCANSTATE_STMT_FWD,SCANSTATE_STMT_NAT,SCANSTATE_STMT_TPROXY,SCANSTATE_IP,SCANSTATE_IP6>"to"			{ return TO; } /* XXX: SCANSTATE_IP is a workaround */
+ 
+ "inet"			{ return INET; }
+ "netdev"		{ return NETDEV; }
+@@ -363,14 +362,9 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
+ "index"			{ return INDEX; }
+ "comment"		{ return COMMENT; }
+ 
+-<SCANSTATE_FLAGS>{
+-	"constant"		{ return CONSTANT; }
+-	"dynamic"		{ return DYNAMIC; }
+-
+-	/* log flags */
+-	"all"			{ return ALL; }
+-}
++"constant"		{ return CONSTANT; }
+ "interval"		{ return INTERVAL; }
++"dynamic"		{ return DYNAMIC; }
+ "auto-merge"		{ return AUTOMERGE; }
+ "timeout"		{ return TIMEOUT; }
+ "gc-interval"		{ return GC_INTERVAL; }
+@@ -418,7 +412,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
+ }
+ 
+ "queue"			{ scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_QUEUE); return QUEUE;}
+-<SCANSTATE_FLAGS,SCANSTATE_EXPR_QUEUE>{
++<SCANSTATE_EXPR_QUEUE>{
+ 	"num"		{ return QUEUENUM;}
+ 	"bypass"	{ return BYPASS;}
+ 	"fanout"	{ return FANOUT;}
+@@ -612,7 +606,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
+ <SCANSTATE_EXPR_COMP>{
+ 	"cpi"			{ return CPI; }
+ }
+-"flags"			{ scanner_push_start_cond(yyscanner, SCANSTATE_FLAGS); return FLAGS; }
++"flags"			{ return FLAGS; }
+ 
+ "udp"			{ scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_UDP); return UDP; }
+ "udplite"		{ scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_UDPLITE); return UDPLITE; }
+@@ -781,6 +775,8 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
+ 
+ "notrack"		{ return NOTRACK; }
+ 
++"all"			{ return ALL; }
++
+ <SCANSTATE_CMD_EXPORT,SCANSTATE_CMD_IMPORT,SCANSTATE_CMD_MONITOR>{
+ 	"xml"			{ return XML; }
+ 	"json"			{ return JSON; }
+diff --git a/tests/shell/testcases/parsing/log b/tests/shell/testcases/parsing/log
+new file mode 100755
+index 00000000..0b89d589
+--- /dev/null
++++ b/tests/shell/testcases/parsing/log
+@@ -0,0 +1,10 @@
++#!/bin/bash
++
++$NFT add table t || exit 1
++$NFT add chain t c || exit 1
++$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop' || exit 1
++$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all level debug drop' || exit 1
++$NFT delete table t || exit 1
++
++exit 0
++
+-- 
+cgit v1.2.3
+

diff --git a/net-firewall/nftables/nftables-1.0.4.ebuild b/net-firewall/nftables/nftables-1.0.4-r1.ebuild
similarity index 98%
rename from net-firewall/nftables/nftables-1.0.4.ebuild
rename to net-firewall/nftables/nftables-1.0.4-r1.ebuild
index d3b5ea2ddc40..0bab2b816c54 100644
--- a/net-firewall/nftables/nftables-1.0.4.ebuild
+++ b/net-firewall/nftables/nftables-1.0.4-r1.ebuild
@@ -70,6 +70,9 @@ pkg_setup() {
 }
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/nftables-1.0.4-revert-scanner-flags-move-to-own-scope.patch"
+	)
 	default
 
 	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2022-06-17 16:18 Mike Gilbert
  0 siblings, 0 replies; 14+ messages in thread
From: Mike Gilbert @ 2022-06-17 16:18 UTC (permalink / raw
  To: gentoo-commits

commit:     00f385e7029c9a98e4b9a1912c749d20a8ce77cb
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 17 16:07:26 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Jun 17 16:07:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00f385e7

net-firewall/nftables: drop 1.0.1-r2, 1.0.3, 1.0.3-r1

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-firewall/nftables/Manifest                     |   4 -
 .../nftables/files/nftables-0.9.8-slibtool.patch   |  13 --
 .../files/nftables-1.0.3-optimize-segfault.patch   |  64 -------
 .../files/nftables-1.0.3-test-shell-sets.patch     |  21 ---
 net-firewall/nftables/nftables-1.0.1-r2.ebuild     | 188 -------------------
 net-firewall/nftables/nftables-1.0.3-r1.ebuild     | 206 ---------------------
 net-firewall/nftables/nftables-1.0.3.ebuild        | 185 ------------------
 7 files changed, 681 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 5b6889bfbb24..89b4506ccf95 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,8 +1,4 @@
-DIST nftables-1.0.1.tar.bz2 954586 BLAKE2B e406699c96b98495f1b6deeab0233873ce20b43c13c162eafea1e6b371961123a69f3d5e7bd2f1bedfdbe58fed56ba3e2dae962b88657af6f4ab5b3743fb6373 SHA512 a0db4d82725509d2a9c638ba7ba55547ad7b5138a5fe686b0e90260d6a65e060dd72a470969c1d69e945303bd2bfc33b2021d9f4141b88befefddc61b7afe10d
-DIST nftables-1.0.1.tar.bz2.sig 566 BLAKE2B d504987b16b7a8676586ecb3a1ce9588bff972ca54bbb3ce3b0db5288f1fd981e529dccea009bd01a3a96e5199a034956bd43cdeaba67847239a88d458f43f8a SHA512 0884098ceabe7b070e146e47292afd8c80188ea595eaeaadb228307f502dae4a43bf801dea2a25519eaef3c96d567daf40e45c37fabb58db1b2256eb8f256cb0
 DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932dd172b3569618696100bf3853b9a108bf0296dcf9d615ae7c0fbec84b48266299b62cf755d181d19c626f8a3cd4 SHA512 560d23c6e369eafd7b354d29fe73d46154e4a74dec000178c1aea47751fe535d20c4e6bbecd3955eb2b327c7a60b1269e5c6dc5781498546b639fa2d1367a9ca
 DIST nftables-1.0.2.tar.bz2.sig 566 BLAKE2B 5b7a20b28c274a950b718e2e14313772707b6bdc3f4519f747350593c1eb3bfbcf8c5dd9ae7d5aa0488c5cde9af8b58e05349c75e8a8246c5634303a331f9d98 SHA512 9be59d771833ac315fd52cffe7074ed9d49fbf592aec8d94500bbc7cc1f44dcb54b3815c46831a5e7e4c4770901cbdd6b8ffc5aa8d8cb7e064ec1c8453d890f1
-DIST nftables-1.0.3.tar.bz2 978270 BLAKE2B f0410805e47679749a7e157e76834ee977bda53042a3c9fa34052778613c25bfc944257f6e51a94c9981cacbe28fb82ec8e3b82a2e1e34865b1412890138bfb0 SHA512 83252c0275f20243065c4d77dfca4ab2b70b4042c9491fb3323eb60c96f9a6e0d69699a641457f3d629d078269ba62ce766ffdb2ad79c64bd54ad11943819900
-DIST nftables-1.0.3.tar.bz2.sig 566 BLAKE2B 8cf74954708c827e16932c58481981838b129f598f760a457fc2ab503500dfdf4de42f671d07e7920a028d2489f8a96a14bf8698fa3a9ad9997ce3411d6be0fd SHA512 f8a4acc6cf0a844720cf4bf2808b0c6a103f81f54d90cf155bd2c86938d997dc92d405b94eb91b725edeb8e76ef23c6ec318f067b30b2049fbef765230020ff2
 DIST nftables-1.0.4.tar.bz2 979540 BLAKE2B 1b2c596245cb7f1bc574250d13b9ff6f424f98e98d5955befadb83ea0a71acc6524b066e39f1e9d151f3946b690b2dee45b7d416347371f88911c8d6a9de047e SHA512 7d96c791365d399b3b930a1f9d6c6aa4a8c2180c258bb5163d9d62ea4d094857e2ebb20fc3ef13b89f449f216d0a291d3bcf288704f1e3bd3ceb51b6cadf8215
 DIST nftables-1.0.4.tar.bz2.sig 566 BLAKE2B 1ac42a2eb678abcc21d01bbaf5f9a3af3f4c49fa1f0732f2522d3da14e94aacbb12075650d2786224f8fef869fcdc94a1463bd76272aa44fc50ea31a8ebae1bf SHA512 2d2acd4810c1ede844e1eac81a5480866ad40ae71dfcf92d166fd9295290adff70d35d7de8cf1ec81ab63d184b221419ff144bc7010e18884afa992173723af8

diff --git a/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch b/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch
deleted file mode 100644
index a92645f793c7..000000000000
--- a/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-This fixes build with sys-devel/slibtool
-
---- nftables-0.9.8/src/Makefile.am
-+++ nftables-0.9.8/src/Makefile.am
-@@ -90,7 +90,7 @@
- 
- libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la
- libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \
--			 --version-script=$(srcdir)/libnftables.map
-+			 -Wl,--version-script=$(srcdir)/libnftables.map
- 
- if BUILD_MINIGMP
- noinst_LTLIBRARIES += libminigmp.la

diff --git a/net-firewall/nftables/files/nftables-1.0.3-optimize-segfault.patch b/net-firewall/nftables/files/nftables-1.0.3-optimize-segfault.patch
deleted file mode 100644
index 95e53adc0b2f..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.3-optimize-segfault.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-https://git.netfilter.org/nftables/commit/?id=59bd944f6d75e99fe0c8d743e7fd482672640c2d
-
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Wed, 1 Jun 2022 10:14:22 +0200
-Subject: optimize: segfault when releasing unsupported statement
-
-Call xfree() instead since stmt_alloc() does not initialize the
-statement type fields.
-
-Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1609
-Fixes: ea1f1c9ff608 ("optimize: memleak in statement matrix")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---- a/src/optimize.c
-+++ b/src/optimize.c
-@@ -304,7 +304,7 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
- 			clone->nat.type_flags = stmt->nat.type_flags;
- 			break;
- 		default:
--			stmt_free(clone);
-+			xfree(clone);
- 			continue;
- 		}
- 
---- a/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft
-+++ b/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft
-@@ -1,4 +1,10 @@
- table ip x {
-+	set s {
-+		type ipv4_addr
-+		size 65535
-+		flags dynamic
-+	}
-+
- 	chain filter_in_tcp {
- 	}
- 
-@@ -6,6 +12,7 @@ table ip x {
- 	}
- 
- 	chain y {
-+		update @s { ip saddr limit rate 12/minute burst 30 packets } accept
- 		tcp dport vmap { 80 : accept, 81 : accept, 443 : accept, 8000-8100 : accept, 24000-25000 : accept }
- 		meta l4proto vmap { tcp : goto filter_in_tcp, udp : goto filter_in_udp }
- 		log
---- a/tests/shell/testcases/optimizations/merge_vmaps
-+++ b/tests/shell/testcases/optimizations/merge_vmaps
-@@ -3,11 +3,16 @@
- set -e
- 
- RULESET="table ip x {
-+	set s {
-+		type ipv4_addr
-+		flags dynamic
-+	}
- 	chain filter_in_tcp {
- 	}
- 	chain filter_in_udp {
- 	}
- 	chain y {
-+	        update @s { ip saddr limit rate 12/minute burst 30 packets } accept
- 		tcp dport vmap {
- 			80 : accept,
- 			81 : accept,
-cgit v1.2.3

diff --git a/net-firewall/nftables/files/nftables-1.0.3-test-shell-sets.patch b/net-firewall/nftables/files/nftables-1.0.3-test-shell-sets.patch
deleted file mode 100644
index c5f93e20eea6..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.3-test-shell-sets.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://git.netfilter.org/nftables/commit/?id=3835de19fe5773baac5b79f35484d0f0e99bcfe1
-
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Wed, 1 Jun 2022 18:17:02 +0200
-Subject: tests: shell: sets_with_ifnames release netns on exit
-
-Missing ip netns del call from cleanup()
-
-Fixes: d6fdb0d8d482 ("sets_with_ifnames: add test case for concatenated range")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---- a/tests/shell/testcases/sets/sets_with_ifnames
-+++ b/tests/shell/testcases/sets/sets_with_ifnames
-@@ -13,6 +13,7 @@ ns2="nft2ifname-$rnd"
- cleanup()
- {
- 	ip netns del "$ns1"
-+	ip netns del "$ns2"
- }
- 
- trap cleanup EXIT
-cgit v1.2.3

diff --git a/net-firewall/nftables/nftables-1.0.1-r2.ebuild b/net-firewall/nftables/nftables-1.0.1-r2.ebuild
deleted file mode 100644
index a6b3f71dcc5e..000000000000
--- a/net-firewall/nftables/nftables-1.0.1-r2.ebuild
+++ /dev/null
@@ -1,188 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..10} )
-DISTUTILS_OPTIONAL=1
-inherit autotools linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-
-	BDEPEND="
-		sys-devel/bison
-		sys-devel/flex
-	"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
-	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
-	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-LICENSE="GPL-2"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	>=net-libs/libnftnl-1.2.1:0=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-0.9.8-slibtool.patch"
-)
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}

diff --git a/net-firewall/nftables/nftables-1.0.3-r1.ebuild b/net-firewall/nftables/nftables-1.0.3-r1.ebuild
deleted file mode 100644
index 86c5513a263c..000000000000
--- a/net-firewall/nftables/nftables-1.0.3-r1.ebuild
+++ /dev/null
@@ -1,206 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python3_{8..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-
-	BDEPEND="
-		sys-devel/bison
-		sys-devel/flex
-	"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
-	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-LICENSE="GPL-2"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
-RESTRICT="test? ( userpriv ) !test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	>=net-libs/libnftnl-1.2.1:0=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${PYTHON_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-optimize-segfault.patch
-	"${FILESDIR}"/${P}-test-shell-sets.patch
-)
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	edo tests/shell/run-tests.sh -v
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}

diff --git a/net-firewall/nftables/nftables-1.0.3.ebuild b/net-firewall/nftables/nftables-1.0.3.ebuild
deleted file mode 100644
index cdfe5fdcf824..000000000000
--- a/net-firewall/nftables/nftables-1.0.3.ebuild
+++ /dev/null
@@ -1,185 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..11} )
-DISTUTILS_OPTIONAL=1
-inherit autotools linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-
-	BDEPEND="
-		sys-devel/bison
-		sys-devel/flex
-	"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
-	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
-	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-LICENSE="GPL-2"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	>=net-libs/libnftnl-1.2.1:0=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2023-07-19 18:45 Sam James
  0 siblings, 0 replies; 14+ messages in thread
From: Sam James @ 2023-07-19 18:45 UTC (permalink / raw
  To: gentoo-commits

commit:     06e1673af5319f058aaddf278ec0fcdfe7311701
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 19 18:44:19 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jul 19 18:44:35 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06e1673a

net-firewall/nftables: backport 1.0.8 regression fix

Thanks to kerframil for the heads up.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../nftables-1.0.8-fix-regression-evaluate.patch   | 235 +++++++++++++++++++++
 net-firewall/nftables/nftables-1.0.8-r2.ebuild     | 223 +++++++++++++++++++
 2 files changed, 458 insertions(+)

diff --git a/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch b/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch
new file mode 100644
index 000000000000..1b81ab0e6ef2
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch
@@ -0,0 +1,235 @@
+https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719001444.154070-1-pablo@netfilter.org/
+https://git.netfilter.org/nftables/commit/?id=5f1676ac9f1aeb36d7695c3c354dade013a1e4f3
+
+From 5f1676ac9f1aeb36d7695c3c354dade013a1e4f3 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 18 Jul 2023 23:10:01 +0200
+Subject: meta: stash context statement length when generating payload/meta
+ dependency
+
+... meta mark set ip dscp
+
+generates an implicit dependency from the inet family to match on meta
+nfproto ip.
+
+The length of this implicit expression is incorrectly adjusted to the
+statement length, ie. relational to compare meta nfproto takes 4 bytes
+instead of 1 byte. The evaluation of 'ip dscp' under the meta mark
+statement triggers this implicit dependency which should not consider
+the context statement length since it is added before the statement
+itself.
+
+This problem shows when listing the ruleset, since netlink_parse_cmp()
+where left->len < right->len, hence handling the implicit dependency as
+a concatenation, but it is actually a bug in the evaluation step that
+leads to incorrect bytecode.
+
+Fixes: 3c64ea7995cb ("evaluate: honor statement length in integer evaluation")
+Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand")
+Tested-by: Brian Davidson <davidson.brian@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/src/payload.c
++++ b/src/payload.c
+@@ -409,6 +409,7 @@ static int payload_add_dependency(struct eval_ctx *ctx,
+ 	const struct proto_hdr_template *tmpl;
+ 	struct expr *dep, *left, *right;
+ 	struct proto_ctx *pctx;
++	unsigned int stmt_len;
+ 	struct stmt *stmt;
+ 	int protocol;
+ 
+@@ -429,11 +430,16 @@ static int payload_add_dependency(struct eval_ctx *ctx,
+ 				    constant_data_ptr(protocol, tmpl->len));
+ 
+ 	dep = relational_expr_alloc(&expr->location, OP_EQ, left, right);
++
++	stmt_len = ctx->stmt_len;
++	ctx->stmt_len = 0;
++
+ 	stmt = expr_stmt_alloc(&dep->location, dep);
+ 	if (stmt_evaluate(ctx, stmt) < 0) {
+ 		return expr_error(ctx->msgs, expr,
+ 					  "dependency statement is invalid");
+ 	}
++	ctx->stmt_len = stmt_len;
+ 
+ 	if (ctx->inner_desc) {
+ 		if (tmpl->meta_key)
+@@ -543,6 +549,7 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
+ 	const struct hook_proto_desc *h;
+ 	const struct proto_desc *desc;
+ 	struct proto_ctx *pctx;
++	unsigned int stmt_len;
+ 	struct stmt *stmt;
+ 	uint16_t type;
+ 
+@@ -559,12 +566,18 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
+ 					  "protocol specification is invalid "
+ 					  "for this family");
+ 
++		stmt_len = ctx->stmt_len;
++		ctx->stmt_len = 0;
++
+ 		stmt = meta_stmt_meta_iiftype(&expr->location, type);
+ 		if (stmt_evaluate(ctx, stmt) < 0) {
+ 			return expr_error(ctx->msgs, expr,
+ 					  "dependency statement is invalid");
+ 		}
+ 		*res = stmt;
++
++		ctx->stmt_len = stmt_len;
++
+ 		return 0;
+ 	}
+ 
+--- a/tests/py/inet/meta.t
++++ b/tests/py/inet/meta.t
+@@ -25,3 +25,8 @@ meta mark set ct mark >> 8;ok
+ meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 };ok
+ ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 };ok
+ ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 };ok
++
++meta mark set ip dscp;ok
++meta mark set ip dscp | 0x40;ok
++meta mark set ip6 dscp;ok
++meta mark set ip6 dscp | 0x40;ok
+--- a/tests/py/inet/meta.t.json
++++ b/tests/py/inet/meta.t.json
+@@ -440,3 +440,89 @@
+     }
+ ]
+ 
++# meta mark set ip dscp
++[
++    {
++        "mangle": {
++            "key": {
++                "meta": {
++                    "key": "mark"
++                }
++            },
++            "value": {
++                "payload": {
++                    "field": "dscp",
++                    "protocol": "ip"
++                }
++            }
++        }
++    }
++]
++
++# meta mark set ip dscp | 0x40
++[
++    {
++        "mangle": {
++            "key": {
++                "meta": {
++                    "key": "mark"
++                }
++            },
++            "value": {
++                "|": [
++                    {
++                        "payload": {
++                            "field": "dscp",
++                            "protocol": "ip"
++                        }
++                    },
++                    64
++                ]
++            }
++        }
++    }
++]
++
++# meta mark set ip6 dscp
++[
++    {
++        "mangle": {
++            "key": {
++                "meta": {
++                    "key": "mark"
++                }
++            },
++            "value": {
++                "payload": {
++                    "field": "dscp",
++                    "protocol": "ip6"
++                }
++            }
++        }
++    }
++]
++
++# meta mark set ip6 dscp | 0x40
++[
++    {
++        "mangle": {
++            "key": {
++                "meta": {
++                    "key": "mark"
++                }
++            },
++            "value": {
++                "|": [
++                    {
++                        "payload": {
++                            "field": "dscp",
++                            "protocol": "ip6"
++                        }
++                    },
++                    64
++                ]
++            }
++        }
++    }
++]
++
+--- a/tests/py/inet/meta.t.payload
++++ b/tests/py/inet/meta.t.payload
+@@ -133,3 +133,43 @@ inet test-inet input
+   [ meta load mark => reg 9 ]
+   [ lookup reg 1 set __set%d ]
+ 
++# meta mark set ip dscp
++inet test-inet input
++  [ meta load nfproto => reg 1 ]
++  [ cmp eq reg 1 0x00000002 ]
++  [ payload load 1b @ network header + 1 => reg 1 ]
++  [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
++  [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
++  [ meta set mark with reg 1 ]
++
++# meta mark set ip dscp | 0x40
++inet test-inet input
++  [ meta load nfproto => reg 1 ]
++  [ cmp eq reg 1 0x00000002 ]
++  [ payload load 1b @ network header + 1 => reg 1 ]
++  [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
++  [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
++  [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
++  [ meta set mark with reg 1 ]
++
++# meta mark set ip6 dscp
++inet test-inet input
++  [ meta load nfproto => reg 1 ]
++  [ cmp eq reg 1 0x0000000a ]
++  [ payload load 2b @ network header + 0 => reg 1 ]
++  [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
++  [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
++  [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
++  [ meta set mark with reg 1 ]
++
++# meta mark set ip6 dscp | 0x40
++inet test-inet input
++  [ meta load nfproto => reg 1 ]
++  [ cmp eq reg 1 0x0000000a ]
++  [ payload load 2b @ network header + 0 => reg 1 ]
++  [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
++  [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
++  [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
++  [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
++  [ meta set mark with reg 1 ]
++
+-- 
+cgit v1.2.3

diff --git a/net-firewall/nftables/nftables-1.0.8-r2.ebuild b/net-firewall/nftables/nftables-1.0.8-r2.ebuild
new file mode 100644
index 000000000000..d19cafc3218a
--- /dev/null
+++ b/net-firewall/nftables/nftables-1.0.8-r2.ebuild
@@ -0,0 +1,223 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_OPTIONAL=1
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
+inherit edo linux-info distutils-r1 systemd verify-sig
+
+DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+	inherit autotools git-r3
+	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+	BDEPEND="sys-devel/bison"
+else
+	SRC_URI="
+		https://netfilter.org/projects/nftables/files/${P}.tar.xz
+		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )
+	"
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
+fi
+
+# See COPYING: new code is GPL-2+, existing code is GPL-2
+LICENSE="GPL-2 GPL-2+"
+SLOT="0/1"
+IUSE="debug doc +gmp json libedit python +readline static-libs test xtables"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	>=net-libs/libmnl-1.0.4:=
+	>=net-libs/libnftnl-1.2.6:=
+	gmp? ( dev-libs/gmp:= )
+	json? ( dev-libs/jansson:= )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND+="
+	sys-devel/flex
+	virtual/pkgconfig
+	doc? (
+		app-text/asciidoc
+		>=app-text/docbook2X-0.8.8-r4
+	)
+	python? ( ${DISTUTILS_DEPS} )
+"
+
+REQUIRED_USE="
+	python? ( ${PYTHON_REQUIRED_USE} )
+	libedit? ( !readline )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-fix-regression-evaluate.patch
+)
+
+src_prepare() {
+	default
+
+	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
+		eautoreconf
+	fi
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_prepare
+		popd >/dev/null || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		# We handle python separately
+		--disable-python
+		--disable-static
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc man-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with libedit cli editline)
+		$(use_with readline cli readline)
+		$(use_enable static-libs static)
+		$(use_with xtables)
+	)
+	econf "${myeconfargs[@]}"
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_configure
+		popd >/dev/null || die
+	fi
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_compile
+		popd >/dev/null || die
+	fi
+}
+
+src_test() {
+	emake check
+
+	if [[ ${EUID} == 0 ]]; then
+		edo tests/shell/run-tests.sh -v
+	else
+		ewarn "Skipping shell tests (requires root)"
+	fi
+
+	# Need to rig up Python eclass if using this, but it doesn't seem to work
+	# for me anyway.
+	#cd tests/py || die
+	#"${EPYTHON}" nft-test.py || die
+}
+
+src_install() {
+	default
+
+	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+		pushd doc >/dev/null || die
+		doman *.?
+		popd >/dev/null || die
+	fi
+
+	# Do it here instead of in src_prepare to avoid eautoreconf
+	# rmdir lets us catch if more files end up installed in /etc/nftables
+	dodir /usr/share/doc/${PF}/skels/
+	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
+	rmdir "${ED}"/etc/nftables || die
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}-mk.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	if use python ; then
+		pushd py >/dev/null || die
+		distutils-r1_src_install
+		popd >/dev/null || die
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_preinst() {
+	local stderr
+
+	# There's a history of regressions with nftables upgrades. Perform a
+	# safety check to help us spot them earlier. For the check to pass, the
+	# currently loaded ruleset, if any, must be successfully evaluated by
+	# the newly built instance of nft(8).
+	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
+		# Either nftables isn't yet in use or nft(8) cannot be executed.
+		return
+	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+		# Report errors induced by trying to list the ruleset but don't
+		# treat them as being fatal.
+		printf '%s\n' "${stderr}" >&2
+	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+		# Rulesets generated by iptables-nft are special in nature and
+		# will not always be printed in a way that constitutes a valid
+		# syntax for ntf(8). Ignore them.
+		return
+	elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
+		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+		eerror "nft. This probably means that there is a regression introduced by v${PV}."
+		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+			die "Aborting because of failed nft reload!"
+		fi
+	fi
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT}"/var/lib/nftables/rules-save
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f "${save_file}" ]]; then
+		( umask 177; touch "${save_file}" )
+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+		ewarn "Your system has dangerous permissions for ${save_file}"
+		ewarn "It is probably affected by bug #691326."
+		ewarn "You may need to fix the permissions of the file. To do so,"
+		ewarn "you can run the command in the line below as root."
+		ewarn "    'chmod 600 \"${save_file}\"'"
+	fi
+
+	if has_version 'sys-apps/systemd'; then
+		elog "If you wish to enable the firewall rules on boot (on systemd) you"
+		elog "will need to enable the nftables-restore service."
+		elog "    'systemctl enable ${PN}-restore.service'"
+		elog
+		elog "If you are creating firewall rules before the next system restart"
+		elog "the nftables-restore service must be manually started in order to"
+		elog "save those rules on shutdown."
+	fi
+
+	if has_version 'sys-apps/openrc'; then
+		elog "If you wish to enable the firewall rules on boot (on openrc) you"
+		elog "will need to enable the nftables service."
+		elog "    'rc-update add ${PN} default'"
+		elog
+		elog "If you are creating or updating the firewall rules and wish to save"
+		elog "them to be loaded on the next restart, use the \"save\" functionality"
+		elog "in the init script."
+		elog "    'rc-service ${PN} save'"
+	fi
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/
@ 2024-02-20  5:06 Sam James
  0 siblings, 0 replies; 14+ messages in thread
From: Sam James @ 2024-02-20  5:06 UTC (permalink / raw
  To: gentoo-commits

commit:     9174964fd14cdb0655d2538eb2709c3e8239a4a1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 20 05:04:02 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb 20 05:04:08 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9174964f

net-firewall/nftables: drop 1.0.7-r1, 1.0.8-r1, 1.0.8-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-firewall/nftables/Manifest                     |   4 -
 .../nftables-1.0.8-fix-regression-evaluate.patch   | 235 ---------------------
 net-firewall/nftables/metadata.xml                 |   1 -
 net-firewall/nftables/nftables-1.0.7-r1.ebuild     | 232 --------------------
 net-firewall/nftables/nftables-1.0.8-r1.ebuild     | 217 -------------------
 net-firewall/nftables/nftables-1.0.8-r2.ebuild     | 223 -------------------
 6 files changed, 912 deletions(-)

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 0f38f5b23c9d..07f3200ad5d6 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,6 +1,2 @@
-DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116
-DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768
-DIST nftables-1.0.8.tar.xz 882980 BLAKE2B cdf174846cbc3e581993cdee3a24e5ead3fdbb3d6b24d51473ed88affb7fcf70279a8374a4963b31044a9e64cb72ddb28ca1f1686bbaa3101eed4d623fb67d05 SHA512 06053c05a0d7c84a5cc4d22733836dadf9880c3552df3dace6d30aea95c7e1edb5528ea45df8576f282c15bf58f23407e26efb22257bd98a478849a8bdd4f8d5
-DIST nftables-1.0.8.tar.xz.sig 566 BLAKE2B 2f22b9467a55a46ec9e8caf13efe3cd59a6a1a867174602b583549ccaff54576b5f80b5ad9b1cefd208c3f49bc6ce07072626218f479628df369ed7294e1b83b SHA512 0ddd8f29dc5ba891069c63715719f11c0a4745f1e3cd9cd7f9e388ac35835cfbe8f34b371a2ce2a06cbda42384cc72d0bf57746fb02757d68a9b053bbbd67a77
 DIST nftables-1.0.9.tar.xz 971968 BLAKE2B 1dfd1e79d3a7b645fd0995dad10893d70dbd13c92805c5cf30825acbbeb45071b2095072cecbd14b4f66cf0c284d2937a996c6b8013213438f53b92731af039d SHA512 dc34099658e283d9fd4d06264b593710121074558305ea23ab298c5f6a6b564a826f186241b6e106fbaa4e11160cf77e68bb52b4ce401b28d8d2e403cd4b88e8
 DIST nftables-1.0.9.tar.xz.sig 566 BLAKE2B d4bb0a1f629d2950753799fba18f6c3ce50e5ff242816e392245a714bfeccb3408583added4362f1e0da47cc6e30b0b95f864cf8443a1872d59ae40b15b5f706 SHA512 9b96ce8539700713ff4802fb2deff5b2ea0dd3155c45f5a8f49a45f70226893c7449e0b79504833b2e63e5290290e693c962128a226ca8f6ca281185bdcd7b51

diff --git a/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch b/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch
deleted file mode 100644
index 1b81ab0e6ef2..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719001444.154070-1-pablo@netfilter.org/
-https://git.netfilter.org/nftables/commit/?id=5f1676ac9f1aeb36d7695c3c354dade013a1e4f3
-
-From 5f1676ac9f1aeb36d7695c3c354dade013a1e4f3 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 18 Jul 2023 23:10:01 +0200
-Subject: meta: stash context statement length when generating payload/meta
- dependency
-
-... meta mark set ip dscp
-
-generates an implicit dependency from the inet family to match on meta
-nfproto ip.
-
-The length of this implicit expression is incorrectly adjusted to the
-statement length, ie. relational to compare meta nfproto takes 4 bytes
-instead of 1 byte. The evaluation of 'ip dscp' under the meta mark
-statement triggers this implicit dependency which should not consider
-the context statement length since it is added before the statement
-itself.
-
-This problem shows when listing the ruleset, since netlink_parse_cmp()
-where left->len < right->len, hence handling the implicit dependency as
-a concatenation, but it is actually a bug in the evaluation step that
-leads to incorrect bytecode.
-
-Fixes: 3c64ea7995cb ("evaluate: honor statement length in integer evaluation")
-Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand")
-Tested-by: Brian Davidson <davidson.brian@gmail.com>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---- a/src/payload.c
-+++ b/src/payload.c
-@@ -409,6 +409,7 @@ static int payload_add_dependency(struct eval_ctx *ctx,
- 	const struct proto_hdr_template *tmpl;
- 	struct expr *dep, *left, *right;
- 	struct proto_ctx *pctx;
-+	unsigned int stmt_len;
- 	struct stmt *stmt;
- 	int protocol;
- 
-@@ -429,11 +430,16 @@ static int payload_add_dependency(struct eval_ctx *ctx,
- 				    constant_data_ptr(protocol, tmpl->len));
- 
- 	dep = relational_expr_alloc(&expr->location, OP_EQ, left, right);
-+
-+	stmt_len = ctx->stmt_len;
-+	ctx->stmt_len = 0;
-+
- 	stmt = expr_stmt_alloc(&dep->location, dep);
- 	if (stmt_evaluate(ctx, stmt) < 0) {
- 		return expr_error(ctx->msgs, expr,
- 					  "dependency statement is invalid");
- 	}
-+	ctx->stmt_len = stmt_len;
- 
- 	if (ctx->inner_desc) {
- 		if (tmpl->meta_key)
-@@ -543,6 +549,7 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
- 	const struct hook_proto_desc *h;
- 	const struct proto_desc *desc;
- 	struct proto_ctx *pctx;
-+	unsigned int stmt_len;
- 	struct stmt *stmt;
- 	uint16_t type;
- 
-@@ -559,12 +566,18 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
- 					  "protocol specification is invalid "
- 					  "for this family");
- 
-+		stmt_len = ctx->stmt_len;
-+		ctx->stmt_len = 0;
-+
- 		stmt = meta_stmt_meta_iiftype(&expr->location, type);
- 		if (stmt_evaluate(ctx, stmt) < 0) {
- 			return expr_error(ctx->msgs, expr,
- 					  "dependency statement is invalid");
- 		}
- 		*res = stmt;
-+
-+		ctx->stmt_len = stmt_len;
-+
- 		return 0;
- 	}
- 
---- a/tests/py/inet/meta.t
-+++ b/tests/py/inet/meta.t
-@@ -25,3 +25,8 @@ meta mark set ct mark >> 8;ok
- meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 };ok
- ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 };ok
- ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 };ok
-+
-+meta mark set ip dscp;ok
-+meta mark set ip dscp | 0x40;ok
-+meta mark set ip6 dscp;ok
-+meta mark set ip6 dscp | 0x40;ok
---- a/tests/py/inet/meta.t.json
-+++ b/tests/py/inet/meta.t.json
-@@ -440,3 +440,89 @@
-     }
- ]
- 
-+# meta mark set ip dscp
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "payload": {
-+                    "field": "dscp",
-+                    "protocol": "ip"
-+                }
-+            }
-+        }
-+    }
-+]
-+
-+# meta mark set ip dscp | 0x40
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "|": [
-+                    {
-+                        "payload": {
-+                            "field": "dscp",
-+                            "protocol": "ip"
-+                        }
-+                    },
-+                    64
-+                ]
-+            }
-+        }
-+    }
-+]
-+
-+# meta mark set ip6 dscp
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "payload": {
-+                    "field": "dscp",
-+                    "protocol": "ip6"
-+                }
-+            }
-+        }
-+    }
-+]
-+
-+# meta mark set ip6 dscp | 0x40
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "|": [
-+                    {
-+                        "payload": {
-+                            "field": "dscp",
-+                            "protocol": "ip6"
-+                        }
-+                    },
-+                    64
-+                ]
-+            }
-+        }
-+    }
-+]
-+
---- a/tests/py/inet/meta.t.payload
-+++ b/tests/py/inet/meta.t.payload
-@@ -133,3 +133,43 @@ inet test-inet input
-   [ meta load mark => reg 9 ]
-   [ lookup reg 1 set __set%d ]
- 
-+# meta mark set ip dscp
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x00000002 ]
-+  [ payload load 1b @ network header + 1 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
-+  [ meta set mark with reg 1 ]
-+
-+# meta mark set ip dscp | 0x40
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x00000002 ]
-+  [ payload load 1b @ network header + 1 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
-+  [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
-+  [ meta set mark with reg 1 ]
-+
-+# meta mark set ip6 dscp
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x0000000a ]
-+  [ payload load 2b @ network header + 0 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
-+  [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
-+  [ meta set mark with reg 1 ]
-+
-+# meta mark set ip6 dscp | 0x40
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x0000000a ]
-+  [ payload load 2b @ network header + 0 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
-+  [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
-+  [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
-+  [ meta set mark with reg 1 ]
-+
--- 
-cgit v1.2.3

diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml
index 9b4ce12e54e0..1fcc64724c1f 100644
--- a/net-firewall/nftables/metadata.xml
+++ b/net-firewall/nftables/metadata.xml
@@ -16,7 +16,6 @@
 	<use>
 		<flag name="doc">Create man pages for the package (requires <pkg>app-text/asciidoc</pkg>)</flag>
 		<flag name="json">Enable JSON support via <pkg>dev-libs/jansson</pkg></flag>
-		<flag name="modern-kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag>
 		<flag name="xtables">Add libxtables support to try to automatically translate rules added by iptables-compat</flag>
 	</use>
 </pkgmetadata>

diff --git a/net-firewall/nftables/nftables-1.0.7-r1.ebuild b/net-firewall/nftables/nftables-1.0.7-r1.ebuild
deleted file mode 100644
index d5054eca943d..000000000000
--- a/net-firewall/nftables/nftables-1.0.7-r1.ebuild
+++ /dev/null
@@ -1,232 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python3_{9..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-	BDEPEND="app-alternatives/yacc"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.xz
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )"
-	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-# See COPYING: new code is GPL-2+, existing code is GPL-2
-LICENSE="GPL-2 GPL-2+"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:=
-	>=net-libs/libnftnl-1.2.5:=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	app-alternatives/lex
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${PYTHON_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	local stderr
-
-	# There's a history of regressions with nftables upgrades. Perform a
-	# safety check to help us spot them earlier. For the check to pass, the
-	# currently loaded ruleset, if any, must be successfully evaluated by
-	# the newly built instance of nft(8).
-	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
-		# Either nftables isn't yet in use or nft(8) cannot be executed.
-		return
-	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
-		# Report errors induced by trying to list the ruleset but don't
-		# treat them as being fatal.
-		printf '%s\n' "${stderr}" >&2
-	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
-		# Rulesets generated by iptables-nft are special in nature and
-		# will not always be printed in a way that constitutes a valid
-		# syntax for ntf(8). Ignore them.
-		return
-	elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
-		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-		eerror "nft. This probably means that there is a regression introduced by v${PV}."
-		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-			die "Aborting because of failed nft reload!"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}

diff --git a/net-firewall/nftables/nftables-1.0.8-r1.ebuild b/net-firewall/nftables/nftables-1.0.8-r1.ebuild
deleted file mode 100644
index 221f5fa3d427..000000000000
--- a/net-firewall/nftables/nftables-1.0.8-r1.ebuild
+++ /dev/null
@@ -1,217 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-	BDEPEND="app-alternatives/yacc"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.xz
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )"
-	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-# See COPYING: new code is GPL-2+, existing code is GPL-2
-LICENSE="GPL-2 GPL-2+"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:=
-	>=net-libs/libnftnl-1.2.6:=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND+="
-	app-alternatives/lex
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${DISTUTILS_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}-mk.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	local stderr
-
-	# There's a history of regressions with nftables upgrades. Perform a
-	# safety check to help us spot them earlier. For the check to pass, the
-	# currently loaded ruleset, if any, must be successfully evaluated by
-	# the newly built instance of nft(8).
-	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
-		# Either nftables isn't yet in use or nft(8) cannot be executed.
-		return
-	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
-		# Report errors induced by trying to list the ruleset but don't
-		# treat them as being fatal.
-		printf '%s\n' "${stderr}" >&2
-	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
-		# Rulesets generated by iptables-nft are special in nature and
-		# will not always be printed in a way that constitutes a valid
-		# syntax for ntf(8). Ignore them.
-		return
-	elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
-		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-		eerror "nft. This probably means that there is a regression introduced by v${PV}."
-		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-			die "Aborting because of failed nft reload!"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}

diff --git a/net-firewall/nftables/nftables-1.0.8-r2.ebuild b/net-firewall/nftables/nftables-1.0.8-r2.ebuild
deleted file mode 100644
index 6f7b07fcd40b..000000000000
--- a/net-firewall/nftables/nftables-1.0.8-r2.ebuild
+++ /dev/null
@@ -1,223 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-	BDEPEND="app-alternatives/yacc"
-else
-	SRC_URI="
-		https://netfilter.org/projects/nftables/files/${P}.tar.xz
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )
-	"
-	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-# See COPYING: new code is GPL-2+, existing code is GPL-2
-LICENSE="GPL-2 GPL-2+"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:=
-	>=net-libs/libnftnl-1.2.6:=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND+="
-	app-alternatives/lex
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${DISTUTILS_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-fix-regression-evaluate.patch
-)
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}-mk.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	local stderr
-
-	# There's a history of regressions with nftables upgrades. Perform a
-	# safety check to help us spot them earlier. For the check to pass, the
-	# currently loaded ruleset, if any, must be successfully evaluated by
-	# the newly built instance of nft(8).
-	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
-		# Either nftables isn't yet in use or nft(8) cannot be executed.
-		return
-	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
-		# Report errors induced by trying to list the ruleset but don't
-		# treat them as being fatal.
-		printf '%s\n' "${stderr}" >&2
-	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
-		# Rulesets generated by iptables-nft are special in nature and
-		# will not always be printed in a way that constitutes a valid
-		# syntax for ntf(8). Ignore them.
-		return
-	elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
-		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-		eerror "nft. This probably means that there is a regression introduced by v${PV}."
-		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-			die "Aborting because of failed nft reload!"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2024-02-20  5:06 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-20  5:06 [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/, net-firewall/nftables/ Sam James
  -- strict thread matches above, loose matches on Subject: below --
2023-07-19 18:45 Sam James
2022-06-17 16:18 Mike Gilbert
2022-06-17 16:18 Mike Gilbert
2022-02-24 17:21 Patrick McLean
2021-05-09  9:33 David Seifert
2021-01-21 23:15 Lars Wendler
2020-11-08  3:02 Patrick McLean
2020-11-08  2:59 Patrick McLean
2020-04-02  7:47 Lars Wendler
2019-06-28 11:49 Lars Wendler
2018-01-18 14:21 Lars Wendler
2016-07-03 22:08 Göktürk Yüksek
2015-10-15  9:06 Ian Delaney

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox