commit: 9a223c82dd8cfd2b72e0e7135b2a773df79b9c78
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 15 02:41:30 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 15 02:41:45 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a223c82
net-firewall/nftables: add 1.0.7
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/nftables/Manifest | 2 ++
.../{nftables-9999.ebuild => nftables-1.0.7.ebuild} | 18 ++++++++++++++++--
net-firewall/nftables/nftables-9999.ebuild | 18 ++++++++++++++++--
3 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 3537caf064d6..2d752595dfcf 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -2,3 +2,5 @@ DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B
5d58170b8fc6feccc1581653cd0815d37b59b
DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B
7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977
SHA512
fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511
DIST nftables-1.0.6.tar.xz 834584 BLAKE2B
7c14db883f0ee9394b603870c93dcc92ce472bf0349a59d0e377f1d44efc870df3449d6f2dc9a198f2e396e5d73b19532dac498e832083ca8cf65cc78db9ccd4
SHA512
afe08381acd27d39cc94743190b07c579f8c49c4182c9b8753d5b3a0b7d1fe89ed664fdbc19cef1547c3ca4a0c1e32ca4303dba9ec626272fa08c77e88c11119
DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B
3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507
SHA512
83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93
+DIST nftables-1.0.7.tar.xz 857140 BLAKE2B
972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859
SHA512
063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116
+DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B
53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c
SHA512
b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768
diff --git a/net-firewall/nftables/nftables-9999.ebuild
b/net-firewall/nftables/nftables-1.0.7.ebuild
similarity index 89%
copy from net-firewall/nftables/nftables-9999.ebuild
copy to net-firewall/nftables/nftables-1.0.7.ebuild
index f60144b1a850..f9713c4a95f6 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-1.0.7.ebuild
@@ -26,7 +26,8 @@ else
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
fi
-LICENSE="GPL-2"
+# See COPYING: new code is GPL-2+, existing code is GPL-2
+LICENSE="GPL-2 GPL-2+"
SLOT="0/1"
IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs
test xtables"
RESTRICT="!test? ( test )"
@@ -167,10 +168,23 @@ src_install() {
}
pkg_preinst() {
+ local stderr
+
# There's a history of regressions with nftables upgrades. Add a safety
# check to help us spot them earlier.
if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z
${ROOT} ]]; then
- if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
+ # Check the current loaded ruleset, if any, using the newly
+ # built instance of nft(8).
+ if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1
>"${T}"/ruleset.nft); then
+ # Report errors induced by trying to list the ruleset
+ # but don't treat them as being fatal.
+ printf '%s\n' "${stderr}" >&2
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+ # Rulesets generated by iptables-nft are special in
+ # nature and will not always be printed in a way that
+ # constitutes a valid syntax for ntf(8). Ignore them.
+ return
+ elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then
eerror "Your currently loaded ruleset cannot be parsed
by the newly built instance of"
eerror "nft. This probably means that there is a
regression introduced by v${PV}."
eerror "(To make the ebuild fail instead of warning,
set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
diff --git a/net-firewall/nftables/nftables-9999.ebuild
b/net-firewall/nftables/nftables-9999.ebuild
index f60144b1a850..f9713c4a95f6 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -26,7 +26,8 @@ else
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
fi
-LICENSE="GPL-2"
+# See COPYING: new code is GPL-2+, existing code is GPL-2
+LICENSE="GPL-2 GPL-2+"
SLOT="0/1"
IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs
test xtables"
RESTRICT="!test? ( test )"
@@ -167,10 +168,23 @@ src_install() {
}
pkg_preinst() {
+ local stderr
+
# There's a history of regressions with nftables upgrades. Add a safety
# check to help us spot them earlier.
if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z
${ROOT} ]]; then
- if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
+ # Check the current loaded ruleset, if any, using the newly
+ # built instance of nft(8).
+ if ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1
>"${T}"/ruleset.nft); then
+ # Report errors induced by trying to list the ruleset
+ # but don't treat them as being fatal.
+ printf '%s\n' "${stderr}" >&2
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+ # Rulesets generated by iptables-nft are special in
+ # nature and will not always be printed in a way that
+ # constitutes a valid syntax for ntf(8). Ignore them.
+ return
+ elif ! "${ED}"/sbin/nft -c -f "${T}"/ruleset.nft; then
eerror "Your currently loaded ruleset cannot be parsed
by the newly built instance of"
eerror "nft. This probably means that there is a
regression introduced by v${PV}."
eerror "(To make the ebuild fail instead of warning,
set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
