mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-12-08 19:02:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

net-firewall/nftables: Sync with Gentoo upstream; updates to 0.9.9

Browse Source 
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
This commit is contained in:
Sayan Chowdhury 2021-08-13 00:55:41 +05:30 committed by Sayan Chowdhury
parent a00cc42b6b
commit 71577282ef
7 changed files with 208 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/Manifest vendored
View File

@ -1 +1,2 @@
DIST nftables-0.6.tar.gz 252523 SHA256 85dd7fa4e741c0be02efddbc57b5d300e1147f09ec6f81d0399110f96dc958f0 SHA512 17f3b94687865e077dc082cf61b29ab2854fd1ffe18212a8d424f2876aef8db9780dd4d06dca8e6d093498151d47bab73e40e1f54062a83a23a3cbe75f27e921 WHIRLPOOL d15eaf81426d73bea28752f96727d291120120fb2aaa994d421d900974eb45062957435e077664fb916780f636ed9b61889dbec8b627d5d309512bae96f02874 DIST nftables-0.9.8.tar.bz2 879516 BLAKE2B 5063090d648668f4d5ae6d4be48ebecc65dfd4b525768e94a0d90ceebbee73874c916727be8de633550db71c612d698d88cf93575931362b48d954e6ac275143 SHA512 1c5709825c8b2c13cbed0310658959ecee164c930bc9e2447618a0894598138b9a549d20509c32a5c23ce99e40438df38f9e170cf656ce993d819f365490a180
DIST nftables-0.9.9.tar.bz2 922624 BLAKE2B 8de2709576a26ca84a8d694f7cb06cad2bb2fb4671ba21ffc32c0d5997e8124ae7cd794dafddf4db48d8a49c280b48b07d2a31b6c18f6647fdb67cfe7f065b61 SHA512 dfdd3ffc0ffc1742ca0494a3f8fac1c7b2fe942849e60d33fc3cb8a51e27bd39e1ccfeda2195191377a32bb5363ea244f4c3e71b4a6d930f33bf87e17a534fab

52
sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch vendored
View File

@ -1,52 +0,0 @@
Update configure script to include option to enable and disable PDF man page
generation.
--- a/configure.ac
+++ b/configure.ac
@@ -27,10 +27,16 @@
AC_CONFIG_HEADER([config.h])
AC_DEFINE([_GNU_SOURCE], [], [Enable various GNU extensions])
AC_DEFINE([_STDC_FORMAT_MACROS], [], [printf-style format macros])
+AC_ARG_ENABLE([pdf-doc],
+ AS_HELP_STRING([--disable-pdf-doc], [Disable PDF documentation]),
+ AS_IF([test "x$enable_pdf_doc" = "xno"], [enable_pdf_doc=no],
+ [enable_pdf_doc=yes]), [enable_pdf_doc=yes])
+AM_CONDITIONAL([BUILD_PDF], [test "x$enable_pdf_doc" == "xyes" ])
+
AC_ARG_ENABLE([debug],
AS_HELP_STRING([--enable-debug], [Disable debugging]),
AS_IF([test "x$enable_debug" = "xno"], [with_debug=no], [with_debug=yes]),
[with_debug=yes])
AC_SUBST(with_debug)
@@ -61,15 +67,15 @@
)]
)
AC_SUBST(DB2MAN)
AM_CONDITIONAL([BUILD_MAN], [test -n "$DB2MAN"])
-AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no])
-AS_IF([test "$DBLATEX" == "no"],
- [AC_MSG_WARN([dblatex not found, no PDF manpages will be built])]
-)
-AM_CONDITIONAL([BUILD_PDF], [test "$DBLATEX" == "found"])
+AM_COND_IF([BUILD_PDF], [
+ AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no])
+ AS_IF([test "$DBLATEX" == "no"],
+ [AC_MSG_ERROR([dblatex not found])])
+])
# Checks for libraries.
PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.5])
@@ -134,6 +140,7 @@
echo "
nft configuration:
cli support: ${with_cli}
enable debugging: ${with_debug}
- use mini-gmp: ${with_mini_gmp}"
+ use mini-gmp: ${with_mini_gmp}
+ enable pdf documentation: ${enable_pdf_doc}"

14
sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch vendored
View File

@ -1,14 +0,0 @@
diff --git a/src/payload.c b/src/payload.c
index ac0e917..9ba980a 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
base = ctx->protocol[left->payload.base].desc;
desc = proto_find_upper(base, proto);
+ if (!desc)
+ return;
+
assert(desc->base <= PROTO_BASE_MAX);
if (desc->base == base->base) {
assert(base->length > 0);

13
sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/files/nftables-0.9.8-slibtool.patch vendored Normal file
View File

@ -0,0 +1,13 @@
This fixes build with sys-devel/slibtool
--- nftables-0.9.8/src/Makefile.am
+++ nftables-0.9.8/src/Makefile.am
@@ -90,7 +90,7 @@
libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la
libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \
- --version-script=$(srcdir)/libnftables.map
+ -Wl,--version-script=$(srcdir)/libnftables.map
if BUILD_MINIGMP
noinst_LTLIBRARIES += libminigmp.la

18
sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/metadata.xml vendored
View File

@ -1,12 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata> <pkgmetadata>
<maintainer type="person">
<email>mrueg@gentoo.org</email>
<name>Manuel Rüger</name>
</maintainer>
<maintainer type="project"> <maintainer type="project">
<email>base-system@gentoo.org</email> <email>base-system@gentoo.org</email>
<name>Gentoo Base System</name> <name>Gentoo Base System</name>
</maintainer> </maintainer>
<maintainer type="person">
<email>prometheanfire@gentoo.org</email>
<name>Matthew Thode</name>
</maintainer>
<maintainer type="person" proxied="yes">
<email>klondike@gentoo.org</email>
<name>Francisco Blas Izquierdo Riera</name>
</maintainer>
<use>
<flag name="doc">Create man pages for the package (requires <pkg>app-text/asciidoc</pkg>)</flag>
<flag name="json">Enable JSON support via <pkg>dev-libs/jansson</pkg></flag>
<flag name="modern-kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag>
<flag name="xtables">Add libxtables support to try to automatically translate rules added by iptables-compat</flag>
</use>
</pkgmetadata> </pkgmetadata>

57
sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/nftables-0.6-r4.ebuild vendored
View File

@ -1,57 +0,0 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
inherit autotools linux-info systemd
DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://netfilter.org/projects/nftables/"
SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 arm64 ~arm ~x86"
IUSE="debug doc gmp +readline xml"
RDEPEND=">=net-libs/libmnl-1.0.3
gmp? ( dev-libs/gmp:0= )
readline? ( sys-libs/readline:0= )
>=net-libs/libnftnl-1.0.6[xml(-)?]
"
DEPEND="${RDEPEND}
doc? ( >=app-text/docbook2X-0.8.8-r4 >=app-text/dblatex-0.3.7 )
sys-devel/bison
sys-devel/flex
virtual/pkgconfig"
S="${WORKDIR}/v${PV}"
PATCHES=(
"${FILESDIR}/${PN}-0.5-pdf-doc.patch"
"${FILESDIR}/${P}-null-payload-desc-fix.patch"
)
pkg_setup() {
if kernel_is ge 3 13; then
CONFIG_CHECK="~NF_TABLES"
linux-info_pkg_setup
else
eerror "This package requires kernel version 3.13 or newer to work properly."
fi
}
src_prepare() {
default
eautoreconf
}
src_configure() {
econf \
--sysconfdir="${EPREFIX}"/usr/share \
--sbindir="${EPREFIX}"/sbin \
$(use_enable doc pdf-doc) \
$(use_enable debug) \
$(use_with readline cli) \
$(use_with !gmp mini_gmp)
}

179
sdk_container/src/third_party/coreos-overlay/net-firewall/nftables/nftables-0.9.9.ebuild vendored Normal file
View File

@ -0,0 +1,179 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_7 )
inherit autotools linux-info python-r1 systemd
DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
HOMEPAGE="https://netfilter.org/projects/nftables/"
if [[ ${PV} =~ ^[9]{4,}$ ]]; then
inherit git-r3
EGIT_REPO_URI="https://git.netfilter.org/${PN}"
BDEPEND="
sys-devel/bison
sys-devel/flex
"
else
SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
KEYWORDS="amd64 arm arm64 ~ia64 ppc ~ppc64 ~riscv sparc x86"
fi
LICENSE="GPL-2"
SLOT="0/1"
IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
RDEPEND="
>=net-libs/libmnl-1.0.4:0=
>=net-libs/libnftnl-1.2.0:0=
gmp? ( dev-libs/gmp:0= )
json? ( dev-libs/jansson:= )
python? ( ${PYTHON_DEPS} )
readline? ( sys-libs/readline:0= )
xtables? ( >=net-firewall/iptables-1.6.1 )
"
DEPEND="${RDEPEND}"
BDEPEND+="
doc? (
app-text/asciidoc
>=app-text/docbook2X-0.8.8-r4
)
virtual/pkgconfig
"
REQUIRED_USE="
python? ( ${PYTHON_REQUIRED_USE} )
libedit? ( !readline )
"
PATCHES=(
"${FILESDIR}/${PN}-0.9.8-slibtool.patch"
)
python_make() {
emake \
-C py \
abs_builddir="${S}" \
DESTDIR="${D}" \
PYTHON_BIN="${PYTHON}" \
"${@}"
}
pkg_setup() {
if kernel_is ge 3 13; then
if use modern-kernel && kernel_is lt 3 18; then
eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
fi
CONFIG_CHECK="~NF_TABLES"
linux-info_pkg_setup
else
eerror "This package requires kernel version 3.13 or newer to work properly."
fi
}
src_prepare() {
default
# fix installation path for doc stuff
sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-i files/nftables/Makefile.am || die
sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-i files/osf/Makefile.am || die
eautoreconf
}
src_configure() {
local myeconfargs=(
# We handle python separately
--disable-python
--sbindir="${EPREFIX}"/sbin
$(use_enable debug)
$(use_enable doc man-doc)
$(use_with !gmp mini_gmp)
$(use_with json)
$(use_with libedit cli editline)
$(use_with readline cli readline)
$(use_enable static-libs static)
$(use_with xtables)
)
econf "${myeconfargs[@]}"
}
src_compile() {
default
if use python; then
python_foreach_impl python_make
fi
}
src_install() {
default
if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
pushd doc >/dev/null || die
doman *.?
popd >/dev/null || die
fi
local mksuffix="$(usex modern-kernel '-mk' '')"
exeinto /usr/libexec/${PN}
newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
keepdir /var/lib/nftables
systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
if use python ; then
python_foreach_impl python_make install
python_foreach_impl python_optimize
fi
find "${ED}" -type f -name "*.la" -delete || die
}
pkg_postinst() {
local save_file
save_file="${EROOT}/var/lib/nftables/rules-save"
# In order for the nftables-restore systemd service to start
# the save_file must exist.
if [[ ! -f "${save_file}" ]]; then
( umask 177; touch "${save_file}" )
elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
ewarn "Your system has dangerous permissions for ${save_file}"
ewarn "It is probably affected by bug #691326."
ewarn "You may need to fix the permissions of the file. To do so,"
ewarn "you can run the command in the line below as root."
ewarn " 'chmod 600 \"${save_file}\"'"
fi
if has_version 'sys-apps/systemd'; then
elog "If you wish to enable the firewall rules on boot (on systemd) you"
elog "will need to enable the nftables-restore service."
elog " 'systemctl enable ${PN}-restore.service'"
elog
elog "If you are creating firewall rules before the next system restart"
elog "the nftables-restore service must be manually started in order to"
elog "save those rules on shutdown."
fi
if has_version 'sys-apps/openrc'; then
elog "If you wish to enable the firewall rules on boot (on openrc) you"
elog "will need to enable the nftables service."
elog " 'rc-update add ${PN} default'"
elog
elog "If you are creating or updating the firewall rules and wish to save"
elog "them to be loaded on the next restart, use the \"save\" functionality"
elog "in the init script."
elog " 'rc-service ${PN} save'"
fi
}