* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2017-11-30 20:38 Robin H. Johnson
0 siblings, 0 replies; 9+ messages in thread
From: Robin H. Johnson @ 2017-11-30 20:38 UTC (permalink / raw
To: gentoo-commits
commit: 40960cbcbab5397a82b1c0eb0cb89af0dee10f6e
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 30 20:38:05 2017 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Thu Nov 30 20:38:05 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40960cbc
net-firewall/ipset: cleanup
Package-Manager: Portage-2.3.16, Repoman-2.3.6
net-firewall/ipset/Manifest | 8 ---
net-firewall/ipset/files/ipset.initd-r2 | 59 -----------------
net-firewall/ipset/files/ipset.initd-r3 | 95 ---------------------------
net-firewall/ipset/ipset-6.15.ebuild | 111 -------------------------------
net-firewall/ipset/ipset-6.16.1.ebuild | 110 -------------------------------
net-firewall/ipset/ipset-6.16.ebuild | 110 -------------------------------
net-firewall/ipset/ipset-6.17.ebuild | 110 -------------------------------
net-firewall/ipset/ipset-6.19.ebuild | 110 -------------------------------
net-firewall/ipset/ipset-6.20.1.ebuild | 113 --------------------------------
net-firewall/ipset/ipset-6.21.1.ebuild | 113 --------------------------------
net-firewall/ipset/ipset-6.24.ebuild | 98 ---------------------------
11 files changed, 1037 deletions(-)
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index 90a13b0ac8c..f909863eb09 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1,11 +1,3 @@
-DIST ipset-6.15.tar.bz2 432771 SHA256 6f60a472bc2ef7b1c864be6472de65365c90e264dfadf28da48c2361393d8fd1 SHA512 f72329bb8610717ccdddbfaf7b7774e717a34d71fdb7f9c7eac97e3d1b314915500c88137b6e229411df99c86d2228bef447f26c116bc2cf992cfb60ab1422d3 WHIRLPOOL 868ee3cd722c2d86c273aca8f3ca7695e8ef5d00d30111ef0f2bf972a119211008d8cadec1760b43b4f0efb24690f20a2cf5f0fdbbb0700cf66e5660d363ab2a
-DIST ipset-6.16.1.tar.bz2 433347 BLAKE2B 6998df5f7e02906fd7ac5e40091599e8d734c139ce1d68316ef0d97b3715619d2f5fe238f9a83471882d3d48b479ab105eebd7d13f8200be38ca015815eaa5c7 SHA512 e54d32932875a9d06acba598280de9e83529f36326cbaaeb05d38b985bc40d276dc46e37eae3d1d4c1afcdd69b3074678512349ebd964b6189ca1c6871efe304
-DIST ipset-6.16.tar.bz2 433118 BLAKE2B 20d3080b88126d19c930b2351212acc01cb8e295a4746fc86c67b0c0bfa91c248927516a19f5935dc344b1780bc3b191514bea6574b4d78d66381dc7d0c0fd41 SHA512 34ef44af76f3609035ae1bdacb7586f2288ee66701ed8a1a5a0632fb23b5f651fe02b070e0f0f1b0ebae6cab02b3f827cc7e67f740cf77f51ba494c25dcc47dd
-DIST ipset-6.17.tar.bz2 448076 BLAKE2B b1ff8d51cc4c9fc0c2053f8dea4f00c05f7d9dacb39fc5550e73b01ffe15c8e37507affc790cdffeb3ec26630a00332a529a3a1bb8b9824b3201609027657877 SHA512 668f173b7ddd8a18af2730205e2e2c38610aa9fd191af52f91080e903bcd8e1f38e8e3a7fd57077decb00fd0556df89c3315c91eaffaa6977f2caf2a3300b175
-DIST ipset-6.19.tar.bz2 465927 BLAKE2B 5df57e88384447e272e8d6a8e2b2a81f910efb703a6f54743c7eb1949fbddcd95922b0dc8659be92e890b8269d61f022161a3e87f7f3050d7ffeffdd4163d0bf SHA512 9e9fdccd8ae34ad56c5fc6da03060b39b3acc9a53154acf7e82df3f2c1545b2bdcc7b5b9b4f6ddd6ee3e8582e81b1fa51fae37cb4f46948c053d5153bdca6f39
-DIST ipset-6.20.1.tar.bz2 500898 BLAKE2B bde1cbce6d5cd0862bfa33752375643d7d5c47ce5c8e7435768d41be09763690ec18892fc88275e45c46dbe1510b4fcacb9ec7b79255883d549cdb110e941fe0 SHA512 3fda3a71c18c8d5f9567038fc72f95abec81b4c789fbca7f7b9c032b15000cfbd2829f11a07f2f9ad2afcff54d6851923caff0917b2ead73756673a6b3667565
-DIST ipset-6.21.1.tar.bz2 510013 BLAKE2B 38d3f6841f6c3ffc95d786aeee3e97a68bf0828a7f8651ec10afcfcf3cf3b460cd977b0380c35ab11117d73813301f7ab93391c64d521dc5f3ab203b5d0300b7 SHA512 c2ffb2eafc780e15370fd48841f4323c39e8fef1893216c8bc0b8aa8d143f9daf078c6e261e4558243004fe9612ce1d5ca4cca16f8b3f324f4194700c1b0accb
-DIST ipset-6.24.tar.bz2 518811 BLAKE2B 19c7ccd8890386dcb342eefc88559edab2f8d0235b8f76c1a916298d32d4b0ac2f4232755cc1c362823a1397dc29054bf0dcf6375804392b541bee2ba6c2b849 SHA512 107bf492030dc4e8e4c2a939e46a715f58458126bfb636dae993e5bf31151d33c2a41b89eb5cca85b71d95b3e36debf97cdfc72c568f351091df17159003d6c6
DIST ipset-6.29.tar.bz2 542735 BLAKE2B 2229eb802597b38287f49cc2936a8be1afde2f638bd7212f86a52bc07d4121b7ff6b334ced2e1354bfdb652bcac81957b5204ac545a081dddfce07958c858fe4 SHA512 ce62c72c4cea1b52f069602a90fbffe9bcb12bf70f5b42d93cacb48e4b5d1192a13b18be45391c66a65421f41968e73416e16af25ae6ef19ba92bdbb2cd45ff3
DIST ipset-6.30.tar.bz2 544054 BLAKE2B eb9a6368436f0c4a813a6733b2122be975c752aee4d8ac9a2e7a02ebd2da372351c318cf1b0c06c1b389c523cd9572dfe1bff813e23a4e924391f9c7a946b75b SHA512 6299a6905fbbcc2dd7c2f07862af184fd3b63b586f7bf3af2de5a0cc692f4ec6ef57db64c3435c1acedd6c293570602dca8cfedcb197a00ec18517ced92dc903
DIST ipset-6.32.tar.bz2 544635 BLAKE2B 684354b0b24b15a657b21d44fa58b2cf7823f78d78ccd2b3f1c2d50b9e1396db6ed1414edb69102e3f82810d844ccd5eb738d1a968921b76b20e5d15c6ae5fb1 SHA512 7b0f5e7ef1a777ab70872aa52f658ff9516cb5de4c67c56d7f596eb88db03467d39b10ffc098441b4bfa4bb21a15f3c5f7f7f825300ce8efbacd767369ad43c7
diff --git a/net-firewall/ipset/files/ipset.initd-r2 b/net-firewall/ipset/files/ipset.initd-r2
deleted file mode 100644
index 86c580cfe08..00000000000
--- a/net-firewall/ipset/files/ipset.initd-r2
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="save"
-
-IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
-
-depend() {
- before iptables ip6tables
-}
-
-checkconfig() {
- if [ ! -f "${IPSET_SAVE}" ] ; then
- eerror "Not starting ${SVCNAME}. First create some rules then run:"
- eerror "/etc/init.d/${SVCNAME} save"
- return 1
- fi
- return 0
-}
-
-start() {
- checkconfig || return 1
- ebegin "Loading ipset session"
- ipset restore < "${IPSET_SAVE}"
- eend $?
-}
-
-stop() {
- # check if there are any references to current sets
-
- if ! ipset list | gawk '
- ($1 == "References:") { refcnt += $2 }
- ($1 == "Type:" && $2 == "list:set") { set = 1 }
- (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
- (set && $1 == "Members:") {scan = 1}
- END { if ((refcnt - setcnt) > 0) exit 1 }
- '; then
- eerror "ipset is in use, can't stop"
- return 1
- fi
-
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
-
- ebegin "Removing kernel IP sets"
- ipset flush
- ipset destroy
- eend $?
-}
-
-save() {
- ebegin "Saving ipset session"
- touch "${IPSET_SAVE}"
- chmod 0600 "${IPSET_SAVE}"
- ipset save > "${IPSET_SAVE}"
- eend $?
-}
diff --git a/net-firewall/ipset/files/ipset.initd-r3 b/net-firewall/ipset/files/ipset.initd-r3
deleted file mode 100644
index 85556edd1c3..00000000000
--- a/net-firewall/ipset/files/ipset.initd-r3
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="save"
-extra_started_commands="reload"
-
-IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
-
-depend() {
- before iptables ip6tables
-}
-
-checkconfig() {
- if [ ! -f "${IPSET_SAVE}" ] ; then
- eerror "Not starting ${SVCNAME}. First create some rules then run:"
- eerror "/etc/init.d/${SVCNAME} save"
- return 1
- fi
- return 0
-}
-
-start() {
- checkconfig || return 1
- ebegin "Loading ipset session"
- ipset restore < "${IPSET_SAVE}"
- eend $?
-}
-
-stop() {
- # check if there are any references to current sets
-
- if ! ipset list | gawk '
- ($1 == "References:") { refcnt += $2 }
- ($1 == "Type:" && $2 == "list:set") { set = 1 }
- (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
- (set && $1 == "Members:") {scan = 1}
- END { if ((refcnt - setcnt) > 0) exit 1 }
- '; then
- eerror "ipset is in use, can't stop"
- return 1
- fi
-
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
-
- ebegin "Removing kernel IP sets"
- ipset flush
- ipset destroy
- eend $?
-}
-
-reload() {
- ebegin "Reloading ipsets"
-
- # Loading sets from a save file is only additive (there is no
- # automatic flushing or replacing). And, we can not remove sets
- # that are currently used in existing iptables rules.
- #
- # Instead, we create new temp sets for any set that is already
- # in use, and then atomically swap them into place.
- #
- # XXX: This does not clean out previously used ipsets that are
- # not in the new saved policy--it can't, because they may still
- # be referenced in the current iptables rules.
-
- # Build a list of all currently used sets (if any).
- running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}')
- running_ipset_list="${running_ipset_list% }"
- # Build a regular expression that matches those set names.
- running_ipset_list_regex="${running_ipset_list// /|}"
-
- # Load up sets from the save file, but rename any set that already
- # exists to a temporary name that we will swap later.
- if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then
- eend $? "Failed to load new ipsets"
- fi
-
- # Now for every set name that currently exists, atomically swap it
- # with the temporary new one we created, and then destroy the old set.
- for ipset_name in ${running_ipset_list} ; do
- ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name"
- ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp"
- done
- eend 0
-}
-
-save() {
- ebegin "Saving ipset session"
- touch "${IPSET_SAVE}"
- chmod 0600 "${IPSET_SAVE}"
- ipset save > "${IPSET_SAVE}"
- eend $?
-}
diff --git a/net-firewall/ipset/ipset-6.15.ebuild b/net-firewall/ipset/ipset-6.15.ebuild
deleted file mode 100644
index fda7f2ff30d..00000000000
--- a/net-firewall/ipset/ipset-6.15.ebuild
+++ /dev/null
@@ -1,111 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="4"
-inherit autotools linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~ppc x86"
-IUSE="modules"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-check_header_patch() {
- if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
- eerror "Sorry, but you have to patch kernel sources with the following patch:"
- eerror " # cd ${KV_DIR}"
- eerror " # patch -i ${S}/netlink.patch -p1"
- eerror "You should recompile and run new kernel to avoid runtime errors."
- die "Unpatched kernel"
- fi
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- [[ ${build_modules} -eq 1 ]] && check_header_patch
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}" \
- --disable-silent-rules
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.16.1.ebuild b/net-firewall/ipset/ipset-6.16.1.ebuild
deleted file mode 100644
index 735cbce7981..00000000000
--- a/net-firewall/ipset/ipset-6.16.1.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-inherit autotools linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~x86"
-IUSE="modules"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-check_header_patch() {
- if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
- eerror "Sorry, but you have to patch kernel sources with the following patch:"
- eerror " # cd ${KV_DIR}"
- eerror " # patch -i ${S}/netlink.patch -p1"
- eerror "You should recompile and run new kernel to avoid runtime errors."
- die "Unpatched kernel"
- fi
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- [[ ${build_modules} -eq 1 ]] && check_header_patch
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.16.ebuild b/net-firewall/ipset/ipset-6.16.ebuild
deleted file mode 100644
index 735cbce7981..00000000000
--- a/net-firewall/ipset/ipset-6.16.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-inherit autotools linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~x86"
-IUSE="modules"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-check_header_patch() {
- if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
- eerror "Sorry, but you have to patch kernel sources with the following patch:"
- eerror " # cd ${KV_DIR}"
- eerror " # patch -i ${S}/netlink.patch -p1"
- eerror "You should recompile and run new kernel to avoid runtime errors."
- die "Unpatched kernel"
- fi
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- [[ ${build_modules} -eq 1 ]] && check_header_patch
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.17.ebuild b/net-firewall/ipset/ipset-6.17.ebuild
deleted file mode 100644
index e841595369f..00000000000
--- a/net-firewall/ipset/ipset-6.17.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-inherit autotools linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~ppc x86"
-IUSE="modules"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-check_header_patch() {
- if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
- eerror "Sorry, but you have to patch kernel sources with the following patch:"
- eerror " # cd ${KV_DIR}"
- eerror " # patch -i ${S}/netlink.patch -p1"
- eerror "You should recompile and run new kernel to avoid runtime errors."
- die "Unpatched kernel"
- fi
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- [[ ${build_modules} -eq 1 ]] && check_header_patch
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.19.ebuild b/net-firewall/ipset/ipset-6.19.ebuild
deleted file mode 100644
index 735cbce7981..00000000000
--- a/net-firewall/ipset/ipset-6.19.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-inherit autotools linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~x86"
-IUSE="modules"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-check_header_patch() {
- if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
- eerror "Sorry, but you have to patch kernel sources with the following patch:"
- eerror " # cd ${KV_DIR}"
- eerror " # patch -i ${S}/netlink.patch -p1"
- eerror "You should recompile and run new kernel to avoid runtime errors."
- die "Unpatched kernel"
- fi
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- [[ ${build_modules} -eq 1 ]] && check_header_patch
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.20.1.ebuild b/net-firewall/ipset/ipset-6.20.1.ebuild
deleted file mode 100644
index 6bd830949e0..00000000000
--- a/net-firewall/ipset/ipset-6.20.1.ebuild
+++ /dev/null
@@ -1,113 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-MODULES_OPTIONAL_USE=modules
-inherit autotools linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~ppc ~x86"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-check_header_patch() {
- if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
- eerror "Sorry, but you have to patch kernel sources with the following patch:"
- eerror " # cd ${KV_DIR}"
- eerror " # patch -i ${S}/netlink.patch -p1"
- eerror "You should recompile and run new kernel to avoid runtime errors."
- die "Unpatched kernel"
- fi
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
- # It does still build without NET_NS, but it may be needed in future.
- #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
- #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- [[ ${build_modules} -eq 1 ]] && check_header_patch
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r3 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.21.1.ebuild b/net-firewall/ipset/ipset-6.21.1.ebuild
deleted file mode 100644
index 70888cbc868..00000000000
--- a/net-firewall/ipset/ipset-6.21.1.ebuild
+++ /dev/null
@@ -1,113 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-MODULES_OPTIONAL_USE=modules
-inherit autotools linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~x86"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-check_header_patch() {
- if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
- eerror "Sorry, but you have to patch kernel sources with the following patch:"
- eerror " # cd ${KV_DIR}"
- eerror " # patch -i ${S}/netlink.patch -p1"
- eerror "You should recompile and run new kernel to avoid runtime errors."
- die "Unpatched kernel"
- fi
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
- # It does still build without NET_NS, but it may be needed in future.
- #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
- #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- [[ ${build_modules} -eq 1 ]] && check_header_patch
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r3 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.24.ebuild b/net-firewall/ipset/ipset-6.24.ebuild
deleted file mode 100644
index 0795c0f13b4..00000000000
--- a/net-firewall/ipset/ipset-6.24.ebuild
+++ /dev/null
@@ -1,98 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-MODULES_OPTIONAL_USE=modules
-inherit linux-info linux-mod
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="http://ipset.netfilter.org/"
-SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~ppc ~x86"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl"
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
- # It does still build without NET_NS, but it may be needed in future.
- #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
- #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
-
- build_modules=0
- if use modules; then
- kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
- prune_libtool_files
-
- newinitd "${FILESDIR}"/ipset.initd-r3 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2019-11-27 21:52 Thomas Deutschmann
0 siblings, 0 replies; 9+ messages in thread
From: Thomas Deutschmann @ 2019-11-27 21:52 UTC (permalink / raw
To: gentoo-commits
commit: f7e482662bc47f098378f99aca0a04fdac6f9c5e
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 27 21:51:38 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov 27 21:52:32 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7e48266
net-firewall/ipset: bump to v7.4
- Add systemd unit
Closes: https://bugs.gentoo.org/680438
Closes: https://bugs.gentoo.org/558038
Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-firewall/ipset/Manifest | 1 +
.../ipset/files/ipset-7.4-fix-pkgconfig-dir.patch | 11 ++
net-firewall/ipset/files/ipset.systemd | 15 +++
net-firewall/ipset/ipset-7.4.ebuild | 111 +++++++++++++++++++++
4 files changed, 138 insertions(+)
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index 80346c6ee35..55fce9cf618 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -5,3 +5,4 @@ DIST ipset-6.34.tar.bz2 547940 BLAKE2B a42ad1b0af07250ecae645424d6a9564f16a388da
DIST ipset-6.38.tar.bz2 545568 BLAKE2B 14e526ba40f4912cd78d81831d072f9c9c159ac14169ffea8ce7325ee4839b80e28ef76405535e1b2aeaf2d0b7b3dde0f8a1ec42c7489cbc786282700d9d2b0f SHA512 ba8c45fa6b4df1b4af848d8c0c218fb449a50c79c48b1d1550dd3a188f82d320956bc483874730f917249d8650e50c3eedff66c24a68a136246fdbf6e1127d60
DIST ipset-7.0.tar.bz2 552144 BLAKE2B 722559409e0a617bc2e47a05023ff225a6c422d2847534ff8511611cf1e02451f0fde293eac3a1a6e49547b3e6d5f82dc130b08b7e42f8f9fad9d5908e3c29f4 SHA512 4d63351cd7c98a5662963d3301522c18644e14aeebf93ea15fb5f4e600e7ccc2040a0640fb6d776aa90ef296905d75630ec5f06e46f8521275befecf9705e669
DIST ipset-7.1.tar.bz2 669520 BLAKE2B 0737c4cd780f072dd6fcf67c58ebc8d5afefb33081240c25a972708185771cfad9f746b8ed5135b1e7fca4ce510ed707a7cfd641afc864210184a9998360e699 SHA512 eae9bd83f6675754af8ca443a82e0a1c9d47f60f6bf2a7a405a695223cc17063d5d4eb79428fe21a1f0a867109dfaf8ad8071b45e92191ec108b2cd2382fa854
+DIST ipset-7.4.tar.bz2 670906 BLAKE2B 46875264a4939294f2698149c5aa5793b5a3579da679db06041b702d2eb06b6060082e1d35bb98f54ffb25e77343ab39373c87d32de416db119b506083fa7391 SHA512 b155ced6be88aabd38c2402604bac37ba898aeae50c2d5a7d888d1b33b536b4551387826a4f76878ebb10e97ffaca08245b5ed8a5e3c431cc224b23cbb86a196
diff --git a/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch
new file mode 100644
index 00000000000..b10ddbd4fae
--- /dev/null
+++ b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch
@@ -0,0 +1,11 @@
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -46,7 +46,7 @@ EXTRA_libipset_la_SOURCES = \
+
+ EXTRA_DIST = $(IPSET_SETTYPE_LIST) libipset.map
+
+-pkgconfigdir = $(libdir)/pkgconfig
++pkgconfigdir = $(prefix)/$(libdir)/pkgconfig
+ pkgconfig_DATA = libipset.pc
+
+ dist_man_MANS = libipset.3
diff --git a/net-firewall/ipset/files/ipset.systemd b/net-firewall/ipset/files/ipset.systemd
new file mode 100644
index 00000000000..f7a5eb510a0
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.systemd
@@ -0,0 +1,15 @@
+[Unit]
+Description=ipset service
+Before=network-pre.target iptables.service ip6tables.service firewalld.service
+Wants=network-pre.target
+ConditionFileNotEmpty=/var/lib/ipset/rules-save
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecReload=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecStop=/usr/sbin/ipset -file /var/lib/ipset/rules-save save
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-firewall/ipset/ipset-7.4.ebuild b/net-firewall/ipset/ipset-7.4.ebuild
new file mode 100644
index 00000000000..dbc327ccc29
--- /dev/null
+++ b/net-firewall/ipset/ipset-7.4.ebuild
@@ -0,0 +1,111 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+MODULES_OPTIONAL_USE=modules
+inherit autotools linux-info linux-mod systemd
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86"
+
+BDEPEND="virtual/pkgconfig"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+ CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+ ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
+
+ build_modules=0
+ if use modules; then
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2022-11-24 5:00 Sam James
0 siblings, 0 replies; 9+ messages in thread
From: Sam James @ 2022-11-24 5:00 UTC (permalink / raw
To: gentoo-commits
commit: 3299ae70d136f8841ea556cd7ad33364201eabee
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 24 04:48:19 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 24 04:48:23 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3299ae70
net-firewall/ipset: add 7.16
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/ipset/Manifest | 1 +
net-firewall/ipset/files/ipset-7.16-bashism.patch | 46 ++++++++
net-firewall/ipset/ipset-7.16.ebuild | 121 ++++++++++++++++++++++
3 files changed, 168 insertions(+)
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index dabd8dda8287..db79ace8bb25 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1 +1,2 @@
DIST ipset-7.15.tar.bz2 680383 BLAKE2B 10acff9741370ad80a2845605be1be4f691e987b271f4dcf1fab3abfe158c63c7d39e6b3453ba7cd361dee3df92f85419cfb70806a71b6806555f6571c70b1ed SHA512 0fc936d971c30a0925c585d506c8840e782fdaeec09bc8fd249e874fe838fa55a4dbb697f6e1423a6769abf07a1ce2195abc37cb641e8e4ad70f1b4c7130916a
+DIST ipset-7.16.tar.bz2 684512 BLAKE2B c2c58bd6250bab41c3c5cb2ed6a39b1cd5e47a60eca5ed19373dad6c611f5263c61cf12915b5d658700e8e78f4f445788900a2b89cdcdbef3407375b4131fb04 SHA512 e69ddee956f0922c8e08e7e5d358d6b5b24178a9f08151b20957cc3465baaba9ecd6aa938ae157f2cd286ccd7f0b7a279cfd89cec2393a00b43e4d945c275307
diff --git a/net-firewall/ipset/files/ipset-7.16-bashism.patch b/net-firewall/ipset/files/ipset-7.16-bashism.patch
new file mode 100644
index 000000000000..ff4d6b095528
--- /dev/null
+++ b/net-firewall/ipset/files/ipset-7.16-bashism.patch
@@ -0,0 +1,46 @@
+From 6004475ff78ddb3afd8beadcb5330664d50081f5 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Nov 2022 04:38:28 +0000
+Subject: [PATCH] configure.ac: fix bashisms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+configure scripts need to be runnable with a POSIX-compliant /bin/sh.
+
+On many (but not all!) systems, /bin/sh is provided by Bash, so errors
+like this aren't spotted. Notably Debian defaults to /bin/sh provided
+by dash which doesn't tolerate such bashisms as '=='.
+
+This retains compatibility with bash.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -27,7 +27,7 @@ AC_ARG_WITH([kmod],
+ [Build the kernel module (default: yes)]),
+ [BUILDKMOD="$withval";],
+ [BUILDKMOD="yes";])
+-AM_CONDITIONAL(WITH_KMOD, test "$BUILDKMOD" == "yes")
++AM_CONDITIONAL(WITH_KMOD, test "$BUILDKMOD" = "yes")
+
+ dnl Additional arguments
+ dnl Kernel build directory or source tree
+@@ -76,7 +76,7 @@ if test "x$enable_bashcompl" = "xyes"; then
+ AC_SUBST(bashcompdir)
+ fi
+
+-if test "$BUILDKMOD" == "yes"
++if test "$BUILDKMOD" = "yes"
+ then
+ dnl Sigh: check kernel version dependencies
+ if test "$KBUILDDIR" != ""
+@@ -204,7 +204,7 @@ AC_CHECK_TYPES([union nf_inet_addr],,,[#include <linux/types.h>
+ dnl Checks for functions
+ AC_CHECK_FUNCS(gethostbyname2)
+
+-if test "$BUILDKMOD" == "yes"
++if test "$BUILDKMOD" = "yes"
+ then
+ dnl Check kernel incompatibilities... Ugly like hell
+
diff --git a/net-firewall/ipset/ipset-7.16.ebuild b/net-firewall/ipset/ipset-7.16.ebuild
new file mode 100644
index 000000000000..c19854792ec7
--- /dev/null
+++ b/net-firewall/ipset/ipset-7.16.ebuild
@@ -0,0 +1,121 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MODULES_OPTIONAL_USE=modules
+inherit autotools bash-completion-r1 linux-info linux-mod systemd
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="https://ipset.netfilter.org/"
+SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86"
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.7
+ net-libs/libmnl:=
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch
+ "${FILESDIR}"/${PN}-7.16-bashism.patch
+)
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ CONFIG_CHECK+=" NETFILTER_NETLINK"
+ ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+ CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+ ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
+
+ build_modules=0
+ if use modules; then
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ export bashcompdir="$(get_bashcompdir)"
+
+ econf \
+ --enable-bashcompl \
+ $(use_with modules kmod) \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2022-12-31 23:28 Sam James
0 siblings, 0 replies; 9+ messages in thread
From: Sam James @ 2022-12-31 23:28 UTC (permalink / raw
To: gentoo-commits
commit: abff60a972c82e5c0f155a3a37bc6cdb7613ea25
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 31 23:23:13 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 31 23:23:21 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abff60a9
net-firewall/ipset: add 7.17
Closes: https://bugs.gentoo.org/813468
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/ipset/Manifest | 1 +
net-firewall/ipset/files/ipset.systemd-r1 | 15 ++++
net-firewall/ipset/ipset-7.17.ebuild | 119 ++++++++++++++++++++++++++++++
3 files changed, 135 insertions(+)
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index db79ace8bb25..6320f121cb5b 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1,2 +1,3 @@
DIST ipset-7.15.tar.bz2 680383 BLAKE2B 10acff9741370ad80a2845605be1be4f691e987b271f4dcf1fab3abfe158c63c7d39e6b3453ba7cd361dee3df92f85419cfb70806a71b6806555f6571c70b1ed SHA512 0fc936d971c30a0925c585d506c8840e782fdaeec09bc8fd249e874fe838fa55a4dbb697f6e1423a6769abf07a1ce2195abc37cb641e8e4ad70f1b4c7130916a
DIST ipset-7.16.tar.bz2 684512 BLAKE2B c2c58bd6250bab41c3c5cb2ed6a39b1cd5e47a60eca5ed19373dad6c611f5263c61cf12915b5d658700e8e78f4f445788900a2b89cdcdbef3407375b4131fb04 SHA512 e69ddee956f0922c8e08e7e5d358d6b5b24178a9f08151b20957cc3465baaba9ecd6aa938ae157f2cd286ccd7f0b7a279cfd89cec2393a00b43e4d945c275307
+DIST ipset-7.17.tar.bz2 684983 BLAKE2B 43b74ab7caf5a963787184aa75b6c071388c8d28997681444b72118aba68b843e961b50418c3fa70b451b4cb090ec62940b770abac2156910442115edbf90d41 SHA512 e308a0d7707ccf7d0cb06a32cf9a822f97862e007abdbab8a91a5a0d5bfbd9f2fb9a3f5e8f36b250ec0d565438c8648a31e8e5b45d8205a76558e90f46e6e597
diff --git a/net-firewall/ipset/files/ipset.systemd-r1 b/net-firewall/ipset/files/ipset.systemd-r1
new file mode 100644
index 000000000000..600779604fb3
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.systemd-r1
@@ -0,0 +1,15 @@
+[Unit]
+Description=ipset service
+Before=network-pre.target iptables-restore.service ip6tables-restore.service firewalld.service
+Wants=network-pre.target
+ConditionFileNotEmpty=/var/lib/ipset/rules-save
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecReload=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecStop=/usr/sbin/ipset -file /var/lib/ipset/rules-save save
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-firewall/ipset/ipset-7.17.ebuild b/net-firewall/ipset/ipset-7.17.ebuild
new file mode 100644
index 000000000000..450b35c613fc
--- /dev/null
+++ b/net-firewall/ipset/ipset-7.17.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MODULES_OPTIONAL_USE=modules
+inherit autotools bash-completion-r1 linux-info linux-mod systemd
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/"
+SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.7
+ net-libs/libmnl:=
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.16-bashism.patch
+)
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ CONFIG_CHECK+=" NETFILTER_NETLINK"
+ ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+ CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+ ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
+
+ build_modules=0
+ if use modules; then
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ export bashcompdir="$(get_bashcompdir)"
+
+ econf \
+ --enable-bashcompl \
+ $(use_with modules kmod) \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2023-05-01 13:36 Sam James
0 siblings, 0 replies; 9+ messages in thread
From: Sam James @ 2023-05-01 13:36 UTC (permalink / raw
To: gentoo-commits
commit: 741ef8be1b312d576bd62eaa00ea92ed392ae069
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon May 1 13:32:44 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon May 1 13:32:44 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=741ef8be
net-firewall/ipset: drop 7.15, 7.16-r1
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/ipset/Manifest | 2 -
.../ipset/files/ipset-7.4-fix-pkgconfig-dir.patch | 11 --
net-firewall/ipset/ipset-7.15.ebuild | 114 --------------------
net-firewall/ipset/ipset-7.16-r1.ebuild | 119 ---------------------
4 files changed, 246 deletions(-)
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index 6320f121cb5b..a65795385364 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1,3 +1 @@
-DIST ipset-7.15.tar.bz2 680383 BLAKE2B 10acff9741370ad80a2845605be1be4f691e987b271f4dcf1fab3abfe158c63c7d39e6b3453ba7cd361dee3df92f85419cfb70806a71b6806555f6571c70b1ed SHA512 0fc936d971c30a0925c585d506c8840e782fdaeec09bc8fd249e874fe838fa55a4dbb697f6e1423a6769abf07a1ce2195abc37cb641e8e4ad70f1b4c7130916a
-DIST ipset-7.16.tar.bz2 684512 BLAKE2B c2c58bd6250bab41c3c5cb2ed6a39b1cd5e47a60eca5ed19373dad6c611f5263c61cf12915b5d658700e8e78f4f445788900a2b89cdcdbef3407375b4131fb04 SHA512 e69ddee956f0922c8e08e7e5d358d6b5b24178a9f08151b20957cc3465baaba9ecd6aa938ae157f2cd286ccd7f0b7a279cfd89cec2393a00b43e4d945c275307
DIST ipset-7.17.tar.bz2 684983 BLAKE2B 43b74ab7caf5a963787184aa75b6c071388c8d28997681444b72118aba68b843e961b50418c3fa70b451b4cb090ec62940b770abac2156910442115edbf90d41 SHA512 e308a0d7707ccf7d0cb06a32cf9a822f97862e007abdbab8a91a5a0d5bfbd9f2fb9a3f5e8f36b250ec0d565438c8648a31e8e5b45d8205a76558e90f46e6e597
diff --git a/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch
deleted file mode 100644
index b10ddbd4fae0..000000000000
--- a/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -46,7 +46,7 @@ EXTRA_libipset_la_SOURCES = \
-
- EXTRA_DIST = $(IPSET_SETTYPE_LIST) libipset.map
-
--pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfigdir = $(prefix)/$(libdir)/pkgconfig
- pkgconfig_DATA = libipset.pc
-
- dist_man_MANS = libipset.3
diff --git a/net-firewall/ipset/ipset-7.15.ebuild b/net-firewall/ipset/ipset-7.15.ebuild
deleted file mode 100644
index fad8d3142d3b..000000000000
--- a/net-firewall/ipset/ipset-7.15.ebuild
+++ /dev/null
@@ -1,114 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-MODULES_OPTIONAL_USE=modules
-inherit autotools linux-info linux-mod systemd
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="https://ipset.netfilter.org/"
-SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ppc ppc64 ~riscv x86"
-
-BDEPEND="virtual/pkgconfig"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
- net-libs/libmnl:="
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
- CONFIG_CHECK+=" NETFILTER_NETLINK"
- ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
- # It does still build without NET_NS, but it may be needed in future.
- #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
- #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
- CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
- ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
-
- build_modules=0
- if use modules; then
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with modules kmod) \
- --disable-static \
- --with-maxsets=${IP_NF_SET_MAX} \
- --libdir="${EPREFIX}/$(get_libdir)" \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
-
- find "${ED}" -name '*.la' -delete || die
-
- newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
diff --git a/net-firewall/ipset/ipset-7.16-r1.ebuild b/net-firewall/ipset/ipset-7.16-r1.ebuild
deleted file mode 100644
index 0954044f712d..000000000000
--- a/net-firewall/ipset/ipset-7.16-r1.ebuild
+++ /dev/null
@@ -1,119 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MODULES_OPTIONAL_USE=modules
-inherit autotools bash-completion-r1 linux-info linux-mod systemd
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="https://ipset.netfilter.org/"
-SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
-
-RDEPEND="
- >=net-firewall/iptables-1.4.7
- net-libs/libmnl:=
-"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-PATCHES=(
- "${FILESDIR}"/${PN}-7.16-bashism.patch
-)
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
- MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
- CONFIG_CHECK+=" NETFILTER_NETLINK"
- ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
- # It does still build without NET_NS, but it may be needed in future.
- #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
- #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
- CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
- ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
-
- build_modules=0
- if use modules; then
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
- [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- export bashcompdir="$(get_bashcompdir)"
-
- econf \
- --enable-bashcompl \
- $(use_with modules kmod) \
- --with-maxsets=${IP_NF_SET_MAX} \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- set_arch_to_kernel
- emake modules
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
-
- find "${ED}" -name '*.la' -delete || die
-
- newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
- newconfd "${FILESDIR}"/ipset.confd ${PN}
- systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod_src_install
- fi
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2023-06-17 18:00 Sam James
0 siblings, 0 replies; 9+ messages in thread
From: Sam James @ 2023-06-17 18:00 UTC (permalink / raw
To: gentoo-commits
commit: 3262040cbde4a5738ee7c6b41a3038001ab383d8
Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Sat Jun 17 17:21:56 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 17 17:59:39 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3262040c
net-firewall/ipset: Make temp suffix configurable
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/908235
Closes: https://github.com/gentoo/gentoo/pull/31516
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/ipset/files/ipset.confd-r1 | 19 +++++
net-firewall/ipset/files/ipset.initd-r5 | 105 ++++++++++++++++++++++++++++
net-firewall/ipset/ipset-7.17-r1.ebuild | 119 ++++++++++++++++++++++++++++++++
3 files changed, 243 insertions(+)
diff --git a/net-firewall/ipset/files/ipset.confd-r1 b/net-firewall/ipset/files/ipset.confd-r1
new file mode 100644
index 000000000000..ebedb672a676
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.confd-r1
@@ -0,0 +1,19 @@
+# /etc/conf.d/ipset
+
+# Location in which ipset initscript will save set rules on
+# service shutdown
+IPSET_SAVE="/var/lib/ipset/rules-save"
+
+# Save state on stopping ipset
+SAVE_ON_STOP="yes"
+
+# Suffix used for temporary set names used for atomic swaps
+TEMP_SUFFIX=".t"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/ipset/files/ipset.initd-r5 b/net-firewall/ipset/files/ipset.initd-r5
new file mode 100644
index 000000000000..0c73cec68c7d
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.initd-r5
@@ -0,0 +1,105 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save"
+extra_started_commands="reload"
+
+IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
+
+depend() {
+ before iptables ip6tables
+}
+
+checkconfig() {
+ if [ ! -f "${IPSET_SAVE}" ] ; then
+ eerror "Not starting ${SVCNAME}. First create some rules then run:"
+ eerror "/etc/init.d/${SVCNAME} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ipset session"
+ ipset restore < "${IPSET_SAVE}"
+ eend $?
+}
+
+stop() {
+ # check if there are any references to current sets
+
+ if ! ipset list | gawk '
+ ($1 == "References:") { refcnt += $2 }
+ ($1 == "Type:" && $2 == "list:set") { set = 1 }
+ (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
+ (set && $1 == "Members:") {scan = 1}
+ END { if ((refcnt - setcnt) > 0) exit 1 }
+ '; then
+ eerror "ipset is in use, can't stop"
+ return 1
+ fi
+
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Removing kernel IP sets"
+ ipset flush
+ ipset destroy
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ipsets"
+
+ # Loading sets from a save file is only additive (there is no
+ # automatic flushing or replacing). And, we can not remove sets
+ # that are currently used in existing iptables rules.
+ #
+ # Instead, we create new temp sets for any set that is already
+ # in use, and then atomically swap them into place.
+ #
+ # XXX: This does not clean out previously used ipsets that are
+ # not in the new saved policy--it can't, because they may still
+ # be referenced in the current iptables rules.
+
+
+ # Build a list of all currently used sets (if any).
+ running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}')
+ running_ipset_list="${running_ipset_list% }"
+
+ # Check the configured suffix, and make sure there are no collisions
+ if test -z "${TEMP_SUFFIX}" ; then
+ eend 1 "TEMP_SUFFIX cannot be empty"
+ return 1
+ elif echo "$running_ipset_list" | grep -q -E "${TEMP_SUFFIX}( |$)" ; then
+ eend 1 "Existing set(s) match TEMP_SUFFIX pattern ('${TEMP_SUFFIX}'), cannot continue"
+ return 1
+ fi
+
+ # Build a regular expression that matches those set names.
+ running_ipset_list_regex="$(echo "$running_ipset_list" | tr -s ' ' '|' )"
+
+ # Load up sets from the save file, but rename any set that already
+ # exists to a temporary name that we will swap later.
+ if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2${TEMP_SUFFIX} /" | ipset restore ; then
+ eend $? "Failed to load new ipsets"
+ fi
+
+ # Now for every set name that currently exists, atomically swap it
+ # with the temporary new one we created, and then destroy the old set.
+ for ipset_name in ${running_ipset_list} ; do
+ ipset swap ${ipset_name} ${ipset_name}${TEMP_SUFFIX} || eend $? "Failed to swap in new ipset $ipset_name"
+ ipset destroy ${ipset_name}${TEMP_SUFFIX} || eend $? "Failed to delete obsolete ipset ${ipset_name}${TEMP_SUFFIX}"
+ done
+ eend 0
+}
+
+save() {
+ ebegin "Saving ipset session"
+ checkpath --file --mode 0600 "${IPSET_SAVE}"
+ ipset save > "${IPSET_SAVE}"
+ eend $?
+}
diff --git a/net-firewall/ipset/ipset-7.17-r1.ebuild b/net-firewall/ipset/ipset-7.17-r1.ebuild
new file mode 100644
index 000000000000..e4e4505a853a
--- /dev/null
+++ b/net-firewall/ipset/ipset-7.17-r1.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MODULES_OPTIONAL_USE=modules
+inherit autotools bash-completion-r1 linux-info linux-mod systemd
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/"
+SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.7
+ net-libs/libmnl:=
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-7.16-bashism.patch
+)
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ CONFIG_CHECK+=" NETFILTER_NETLINK"
+ ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+ CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+ ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
+
+ build_modules=0
+ if use modules; then
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ export bashcompdir="$(get_bashcompdir)"
+
+ econf \
+ --enable-bashcompl \
+ $(use_with modules kmod) \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+
+ newinitd "${FILESDIR}"/ipset.initd-r5 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd-r1 ${PN}
+ systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2024-03-09 18:03 Mike Pagano
0 siblings, 0 replies; 9+ messages in thread
From: Mike Pagano @ 2024-03-09 18:03 UTC (permalink / raw
To: gentoo-commits
commit: f88dc1707b301affc840120fba5fdc59b665e00a
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 9 18:02:43 2024 +0000
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Sat Mar 9 18:02:59 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f88dc170
net-firewall/ipset: Fix bash-completion script
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
net-firewall/ipset/files/ipset-bash-completion.patch | 11 +++++++++++
net-firewall/ipset/ipset-7.21.ebuild | 2 ++
2 files changed, 13 insertions(+)
diff --git a/net-firewall/ipset/files/ipset-bash-completion.patch b/net-firewall/ipset/files/ipset-bash-completion.patch
new file mode 100644
index 000000000000..1c2b6e62b822
--- /dev/null
+++ b/net-firewall/ipset/files/ipset-bash-completion.patch
@@ -0,0 +1,11 @@
+--- a/utils/ipset_bash_completion/ipset 2024-03-09 12:53:38.756882196 -0500
++++ b/utils/ipset_bash_completion/ipset 2024-03-09 12:54:32.838917743 -0500
+@@ -1005,7 +1005,7 @@ if ((got_bashcompl)); then
+ if ! declare -F _ipset_known_hosts &>/dev/null; then
+ eval '_ipset_known_hosts() { '$(declare -f _known_hosts_real | \
+ grep -v __ltrim_colon_completions | \
+- grep -Ev "^_known_hosts_real.*$" | grep -Ev "^(\{|\})")'; }'
++ grep -Ev "^_known_hosts_real.*$" | grep -Ev "^(\{|\})")' }'
+ fi
+ fi
+
diff --git a/net-firewall/ipset/ipset-7.21.ebuild b/net-firewall/ipset/ipset-7.21.ebuild
index 433d477210f0..6f112b1ac2d2 100644
--- a/net-firewall/ipset/ipset-7.21.ebuild
+++ b/net-firewall/ipset/ipset-7.21.ebuild
@@ -21,6 +21,8 @@ RDEPEND="
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig"
+PATCHES=( "${FILESDIR}/${PN}-bash-completion.patch" )
+
DOCS=( ChangeLog INSTALL README UPGRADE )
# configurable from outside, e.g. /etc/portage/make.conf
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2025-01-22 22:25 Mike Pagano
0 siblings, 0 replies; 9+ messages in thread
From: Mike Pagano @ 2025-01-22 22:25 UTC (permalink / raw
To: gentoo-commits
commit: 84d2b00b12d30db4d0041b185b88a0288c99e9a0
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 22 22:25:08 2025 +0000
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Jan 22 22:25:08 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84d2b00b
net-firewall/ipset: drop 7.22-r2 and patches
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
net-firewall/ipset/Manifest | 1 -
.../ipset/files/ipset-7.22-argv-bounds.patch | 36 ------
.../files/ipset-7.22-asan-buffer-overflow.patch | 52 ---------
.../files/ipset-7.22-fix-building-on-musl.patch | 10 --
net-firewall/ipset/ipset-7.22-r2.ebuild | 121 ---------------------
5 files changed, 220 deletions(-)
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index 60be56721589..afca750b4594 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1,2 +1 @@
-DIST ipset-7.22.tar.bz2 694069 BLAKE2B 9daaff54adb6f9daf69cd7dabbd9134d8fcf8cd7f8ef0c52296961579ad3c8202087158a01664228eff70356ba97f77ec61abbab7c7ce323112fbdc32abd661b SHA512 e375a9110eb7974480147c57eb2cff4bdd03c7704cdae006a3d254cc80fada587aa8aee25a86f7cab29db83f5e283c5f9a47a314297317660ebba5097f623d79
DIST ipset-7.23.tar.bz2 695655 BLAKE2B a596630d12a8bcc1383475627e5e62b7be4c17570ae9d3650b9dbcac0ec46324e1ac7c0e7e11f674fb5354871538f6f15e57476ac752b1ac1415023d837904e6 SHA512 5a43c790abf157a55db5a9a22cb5f28a225f5c7969beda81566a2259aa82c9d852979eb805b11b4347f47c6a0c2cc4de6f14e4733bee5b562844422a45fb9dab
diff --git a/net-firewall/ipset/files/ipset-7.22-argv-bounds.patch b/net-firewall/ipset/files/ipset-7.22-argv-bounds.patch
deleted file mode 100644
index 07d18303642e..000000000000
--- a/net-firewall/ipset/files/ipset-7.22-argv-bounds.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-https://git.netfilter.org/ipset/commit/?id=851cb04ffee5040f1e0063f77c3fe9bc6245e0fb
-
-From 851cb04ffee5040f1e0063f77c3fe9bc6245e0fb Mon Sep 17 00:00:00 2001
-From: Phil Sutter <phil@nwl.cc>
-Date: Thu, 27 Jun 2024 10:18:17 +0200
-Subject: lib: ipset: Avoid 'argv' array overstepping
-
-The maximum accepted value for 'argc' is MAX_ARGS which matches 'argv'
-array size. The maximum allowed array index is therefore argc-1.
-
-This fix will leave items in argv non-NULL-terminated, so explicitly
-NULL the formerly last entry after shifting.
-
-Looks like a day-1 bug. Interestingly, this neither triggered ASAN nor
-valgrind. Yet adding debug output printing argv entries being copied
-did.
-
-Fixes: 1e6e8bd9a62aa ("Third stage to ipset-5")
-Signed-off-by: Phil Sutter <phil@nwl.cc>
-Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---- a/lib/ipset.c
-+++ b/lib/ipset.c
-@@ -343,9 +343,9 @@ ipset_shift_argv(int *argc, char *argv[], int from)
-
- assert(*argc >= from + 1);
-
-- for (i = from + 1; i <= *argc; i++)
-+ for (i = from + 1; i < *argc; i++)
- argv[i-1] = argv[i];
-- (*argc)--;
-+ argv[--(*argc)] = NULL;
- return;
- }
-
---
-cgit v1.2.3
diff --git a/net-firewall/ipset/files/ipset-7.22-asan-buffer-overflow.patch b/net-firewall/ipset/files/ipset-7.22-asan-buffer-overflow.patch
deleted file mode 100644
index 56d126db5efa..000000000000
--- a/net-firewall/ipset/files/ipset-7.22-asan-buffer-overflow.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-https://git.netfilter.org/ipset/commit/?id=f1bcacf5eeb8620ea684524e1ce9c3951a77f1f9
-
-From f1bcacf5eeb8620ea684524e1ce9c3951a77f1f9 Mon Sep 17 00:00:00 2001
-From: Phil Sutter <phil@nwl.cc>
-Date: Thu, 27 Jun 2024 10:18:16 +0200
-Subject: lib: data: Fix for global-buffer-overflow warning by ASAN
-
-After compiling with CFLAGS="-fsanitize=address -g", running the
-testsuite triggers the following warning:
-
-| ipmap: Range: Check syntax error: missing range/from-to: FAILED
-| Failed test: ../src/ipset 2>.foo.err -N test ipmap
-| =================================================================
-| ==4204==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55a21e77172a at pc 0x7f1ef246f2a6 bp 0x7fffed8f4f40 sp 0x7fffed8f46e8
-| READ of size 32 at 0x55a21e77172a thread T0
-| #0 0x7f1ef246f2a5 in __interceptor_memcpy /var/tmp/portage/sys-devel/gcc-13.2.1_p20231014/work/gcc-13-20231014/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899
-| #1 0x55a21e758bf6 in ipset_strlcpy /home/n0-1/git/ipset/lib/data.c:119
-| #2 0x55a21e758bf6 in ipset_data_set /home/n0-1/git/ipset/lib/data.c:349
-| #3 0x55a21e75ee2f in ipset_parse_typename /home/n0-1/git/ipset/lib/parse.c:1819
-| #4 0x55a21e754119 in ipset_parser /home/n0-1/git/ipset/lib/ipset.c:1205
-| #5 0x55a21e752cef in ipset_parse_argv /home/n0-1/git/ipset/lib/ipset.c:1344
-| #6 0x55a21e74ea45 in main /home/n0-1/git/ipset/src/ipset.c:38
-| #7 0x7f1ef224cf09 (/lib64/libc.so.6+0x23f09)
-| #8 0x7f1ef224cfc4 in __libc_start_main (/lib64/libc.so.6+0x23fc4)
-| #9 0x55a21e74f040 in _start (/home/n0-1/git/ipset/src/ipset+0x1d040)
-|
-| 0x55a21e77172a is located 54 bytes before global variable '*.LC1' defined in 'ipset_bitmap_ip.c' (0x55a21e771760) of size 19
-| '*.LC1' is ascii string 'IP|IP/CIDR|FROM-TO'
-| 0x55a21e77172a is located 0 bytes after global variable '*.LC0' defined in 'ipset_bitmap_ip.c' (0x55a21e771720) of size 10
-| '*.LC0' is ascii string 'bitmap:ip'
-
-Fix this by avoiding 'src' array overstep in ipset_strlcpy(): In
-contrast to strncpy(), memcpy() does not respect NUL-chars in input but
-stubbornly reads as many bytes as specified.
-
-Fixes: a7432ba786ca4 ("Workaround misleading -Wstringop-truncation warning")
-Signed-off-by: Phil Sutter <phil@nwl.cc>
-Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---- a/lib/data.c
-+++ b/lib/data.c
-@@ -111,6 +111,9 @@ ipset_strlcpy(char *dst, const char *src, size_t len)
- assert(dst);
- assert(src);
-
-+ if (strlen(src) < len)
-+ len = strlen(src) + 1;
-+
- memcpy(dst, src, len);
- dst[len - 1] = '\0';
- }
---
-cgit v1.2.3
diff --git a/net-firewall/ipset/files/ipset-7.22-fix-building-on-musl.patch b/net-firewall/ipset/files/ipset-7.22-fix-building-on-musl.patch
deleted file mode 100644
index 7a77aa952869..000000000000
--- a/net-firewall/ipset/files/ipset-7.22-fix-building-on-musl.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/src/ipset.c 2024-08-30 14:21:19.201863069 +0000
-+++ b/src/ipset.c 2024-08-30 14:21:52.525571560 +0000
-@@ -15,6 +15,7 @@
- #include <config.h>
- #include <libipset/ipset.h> /* ipset library */
- #include <libipset/xlate.h> /* translate to nftables */
-+#include <libgen.h>
-
- int
- main(int argc, char *argv[])
diff --git a/net-firewall/ipset/ipset-7.22-r2.ebuild b/net-firewall/ipset/ipset-7.22-r2.ebuild
deleted file mode 100644
index affe9147840d..000000000000
--- a/net-firewall/ipset/ipset-7.22-r2.ebuild
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MODULES_OPTIONAL_IUSE=modules
-inherit autotools bash-completion-r1 linux-mod-r1 systemd
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/"
-SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86"
-
-RDEPEND="
- net-firewall/iptables
- net-libs/libmnl:=
-"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-PATCHES=(
- "${FILESDIR}/${PN}-bash-completion.patch"
- "${FILESDIR}/${P}-asan-buffer-overflow.patch"
- "${FILESDIR}/${P}-argv-bounds.patch"
- "${FILESDIR}/${P}-fix-building-on-musl.patch"
-)
-
-src_prepare() {
- default
- eautoreconf
-}
-
-pkg_setup() {
- get_version
- CONFIG_CHECK="NETFILTER"
- ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
- CONFIG_CHECK+=" NETFILTER_NETLINK"
- ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
- # It does still build without NET_NS, but it may be needed in future.
- #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
- #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
- CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
- ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
-
- build_modules=0
- if use modules; then
- if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
- if linux_chkconfig_present "IP_NF_SET" || \
- linux_chkconfig_present "IP_SET"; then #274577
- eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
- eerror "Please either build ipset with modules USE flag disabled"
- eerror "or rebuild kernel without IP_SET support and make sure"
- eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
- die "USE=modules and in-kernel ipset support detected."
- else
- einfo "Modular kernel detected. Gonna build kernel modules..."
- build_modules=1
- fi
- else
- eerror "Nonmodular kernel detected, but USE=modules. Either build"
- eerror "modular kernel (without IP_SET) or disable USE=modules"
- die "Nonmodular kernel detected, will not build kernel modules"
- fi
- fi
-
- [[ ${build_modules} -eq 1 ]] && linux-mod-r1_pkg_setup
-}
-
-src_configure() {
- export bashcompdir="$(get_bashcompdir)"
-
- econf \
- --enable-bashcompl \
- $(use_with modules kmod) \
- --with-maxsets=${IP_NF_SET_MAX} \
- --with-ksource="${KV_DIR}" \
- --with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
- einfo "Building userspace"
-
- local modlist=( xt_set=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/:
- em_ipset=kernel/net/sched:"${S}":kernel/net/sched/:modules )
-
- for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
- modlist+=( ${i}=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/ipset )
- done
-
- emake
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Building kernel modules"
- linux-mod-r1_src_compile
- fi
-}
-
-src_install() {
- einfo "Installing userspace"
- default
-
- find "${ED}" -name '*.la' -delete || die
-
- newinitd "${FILESDIR}"/ipset.initd-r7 ${PN}
- newconfd "${FILESDIR}"/ipset.confd-r1 ${PN}
- systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service
- keepdir /var/lib/ipset
-
- if [[ ${build_modules} -eq 1 ]]; then
- einfo "Installing kernel modules"
- linux-mod-r1_src_install
- fi
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/
@ 2025-05-22 23:05 Mike Pagano
0 siblings, 0 replies; 9+ messages in thread
From: Mike Pagano @ 2025-05-22 23:05 UTC (permalink / raw
To: gentoo-commits
commit: 13ed346019d30425b9762b01a1d22961df3dd10b
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Thu May 22 23:04:48 2025 +0000
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Thu May 22 23:05:23 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13ed3460
net-firewall/ipset: add 7.24, net_namespace.h patch
Check for 'int \*id' in the pernet_operations struct
fails for later versions of kernels as the declaration
is now 'int * const id'. Fix check to include both versions.
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
net-firewall/ipset/Manifest | 1 +
net-firewall/ipset/files/ipset-net_namespace.patch | 11 ++
net-firewall/ipset/ipset-7.24.ebuild | 119 +++++++++++++++++++++
3 files changed, 131 insertions(+)
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index afca750b4594..9ec1656c94f0 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1 +1,2 @@
DIST ipset-7.23.tar.bz2 695655 BLAKE2B a596630d12a8bcc1383475627e5e62b7be4c17570ae9d3650b9dbcac0ec46324e1ac7c0e7e11f674fb5354871538f6f15e57476ac752b1ac1415023d837904e6 SHA512 5a43c790abf157a55db5a9a22cb5f28a225f5c7969beda81566a2259aa82c9d852979eb805b11b4347f47c6a0c2cc4de6f14e4733bee5b562844422a45fb9dab
+DIST ipset-7.24.tar.bz2 695548 BLAKE2B 52e05313353e7b5fe969d5f113794238356bf900b4e7ac4693c05164ecde0826d0e911dcae67bb4103f49b587f94f561d14dcfebb78c5c231013fda7d36a81da SHA512 18ccb49bd38083f0556b11e1d17f43791c52a2b094c9a500b6f770796b17e8e70c3860a628eac2252eb672b1fc9de734d3a0e0823d61dd9be7b4188adc6dd214
diff --git a/net-firewall/ipset/files/ipset-net_namespace.patch b/net-firewall/ipset/files/ipset-net_namespace.patch
new file mode 100644
index 000000000000..5349635967c2
--- /dev/null
+++ b/net-firewall/ipset/files/ipset-net_namespace.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac 2025-05-22 22:36:57.332625302 -0000
++++ b/configure.ac 2025-05-22 22:37:17.729090112 -0000
+@@ -401,7 +401,7 @@ fi
+
+ AC_MSG_CHECKING([kernel source for id in struct pernet_operations])
+ if test -f $ksourcedir/include/net/net_namespace.h && \
+- $AWK '/^struct pernet_operations /,/^}/' $ksourcedir/include/net/net_namespace.h | $GREP -q 'int \*id;'; then
++ $AWK '/^struct pernet_operations /,/^}/' $ksourcedir/include/net/net_namespace.h | $GREP -qE 'int \*id;|int \* const id'; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NET_OPS_ID, define)
+ else
diff --git a/net-firewall/ipset/ipset-7.24.ebuild b/net-firewall/ipset/ipset-7.24.ebuild
new file mode 100644
index 000000000000..953c5079e247
--- /dev/null
+++ b/net-firewall/ipset/ipset-7.24.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MODULES_OPTIONAL_IUSE=modules
+inherit autotools bash-completion-r1 linux-mod-r1 systemd
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/"
+SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+
+RDEPEND="
+ net-firewall/iptables
+ net-libs/libmnl:=
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+PATCHES=(
+ "${FILESDIR}/${PN}-bash-completion.patch"
+ "${FILESDIR}/${PN}-net_namespace.patch"
+)
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ CONFIG_CHECK+=" NETFILTER_NETLINK"
+ ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+ CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+ ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
+
+ build_modules=0
+ if use modules; then
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+
+ [[ ${build_modules} -eq 1 ]] && linux-mod-r1_pkg_setup
+}
+
+src_configure() {
+ export bashcompdir="$(get_bashcompdir)"
+
+ econf \
+ --enable-bashcompl \
+ $(use_with modules kmod) \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+
+ local modlist=( xt_set=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/:
+ em_ipset=kernel/net/sched:"${S}":kernel/net/sched/:modules )
+
+ for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
+ modlist+=( ${i}=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/ipset )
+ done
+
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ linux-mod-r1_src_compile
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+
+ find "${ED}" -name '*.la' -delete || die
+
+ newinitd "${FILESDIR}"/ipset.initd-r7 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd-r1 ${PN}
+ systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod-r1_src_install
+ fi
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-05-22 23:05 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-22 22:25 [gentoo-commits] repo/gentoo:master commit in: net-firewall/ipset/files/, net-firewall/ipset/ Mike Pagano
-- strict thread matches above, loose matches on Subject: below --
2025-05-22 23:05 Mike Pagano
2024-03-09 18:03 Mike Pagano
2023-06-17 18:00 Sam James
2023-05-01 13:36 Sam James
2022-12-31 23:28 Sam James
2022-11-24 5:00 Sam James
2019-11-27 21:52 Thomas Deutschmann
2017-11-30 20:38 Robin H. Johnson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox