diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.confd b/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.confd deleted file mode 100644 index 9fe42e9c75..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.confd +++ /dev/null @@ -1,16 +0,0 @@ -# /etc/conf.d/ipset - -# Location in which ipset initscript will save set rules on -# service shutdown -IPSET_SAVE="/var/lib/ipset/rules-save" - -# Save state on stopping ipset -SAVE_ON_STOP="yes" - -# If you need to log iptables messages as soon as iptables starts, -# AND your logger does NOT depend on the network, then you may wish -# to uncomment the next line. -# If your logger depends on the network, and you uncomment this line -# you will create an unresolvable circular dependency during startup. -# After commenting or uncommenting this line, you must run 'rc-update -u'. -#rc_use="logger" diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.initd-r4 b/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.initd-r4 deleted file mode 100644 index 32ab581d8c..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.initd-r4 +++ /dev/null @@ -1,94 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="save" -extra_started_commands="reload" - -IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} - -depend() { - before iptables ip6tables -} - -checkconfig() { - if [ ! -f "${IPSET_SAVE}" ] ; then - eerror "Not starting ${SVCNAME}. First create some rules then run:" - eerror "/etc/init.d/${SVCNAME} save" - return 1 - fi - return 0 -} - -start() { - checkconfig || return 1 - ebegin "Loading ipset session" - ipset restore < "${IPSET_SAVE}" - eend $? -} - -stop() { - # check if there are any references to current sets - - if ! ipset list | gawk ' - ($1 == "References:") { refcnt += $2 } - ($1 == "Type:" && $2 == "list:set") { set = 1 } - (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } - (set && $1 == "Members:") {scan = 1} - END { if ((refcnt - setcnt) > 0) exit 1 } - '; then - eerror "ipset is in use, can't stop" - return 1 - fi - - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 - fi - - ebegin "Removing kernel IP sets" - ipset flush - ipset destroy - eend $? -} - -reload() { - ebegin "Reloading ipsets" - - # Loading sets from a save file is only additive (there is no - # automatic flushing or replacing). And, we can not remove sets - # that are currently used in existing iptables rules. - # - # Instead, we create new temp sets for any set that is already - # in use, and then atomically swap them into place. - # - # XXX: This does not clean out previously used ipsets that are - # not in the new saved policy--it can't, because they may still - # be referenced in the current iptables rules. - - # Build a list of all currently used sets (if any). - running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}') - running_ipset_list="${running_ipset_list% }" - # Build a regular expression that matches those set names. - running_ipset_list_regex="$(echo "$running_ipset_list" | tr -s ' ' '|' )" - - # Load up sets from the save file, but rename any set that already - # exists to a temporary name that we will swap later. - if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then - eend $? "Failed to load new ipsets" - fi - - # Now for every set name that currently exists, atomically swap it - # with the temporary new one we created, and then destroy the old set. - for ipset_name in ${running_ipset_list} ; do - ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name" - ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp" - done - eend 0 -} - -save() { - ebegin "Saving ipset session" - checkpath --file --mode 0600 "${IPSET_SAVE}" - ipset save > "${IPSET_SAVE}" - eend $? -} diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.systemd b/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.systemd deleted file mode 100644 index f7a5eb510a..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.systemd +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=ipset service -Before=network-pre.target iptables.service ip6tables.service firewalld.service -Wants=network-pre.target -ConditionFileNotEmpty=/var/lib/ipset/rules-save - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore -ExecReload=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore -ExecStop=/usr/sbin/ipset -file /var/lib/ipset/rules-save save - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/ipset-7.17.ebuild b/sdk_container/src/third_party/portage-stable/net-firewall/ipset/ipset-7.17.ebuild deleted file mode 100644 index acb6795887..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-firewall/ipset/ipset-7.17.ebuild +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MODULES_OPTIONAL_USE=modules -inherit autotools bash-completion-r1 linux-info linux-mod systemd - -DESCRIPTION="IPset tool for iptables, successor to ippool" -HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/" -SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86" - -RDEPEND=" - >=net-firewall/iptables-1.4.7 - net-libs/libmnl:= -" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig" - -DOCS=( ChangeLog INSTALL README UPGRADE ) - -PATCHES=( - "${FILESDIR}"/${PN}-7.16-bashism.patch -) - -# configurable from outside, e.g. /etc/portage/make.conf -IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} - -BUILD_TARGETS="modules" -MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" -MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" -MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)" -for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do - MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" -done - -pkg_setup() { - get_version - CONFIG_CHECK="NETFILTER" - ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." - CONFIG_CHECK+=" NETFILTER_NETLINK" - ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel." - # It does still build without NET_NS, but it may be needed in future. - #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" - #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." - CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" - ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" - - build_modules=0 - if use modules; then - if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then - if linux_chkconfig_present "IP_NF_SET" || \ - linux_chkconfig_present "IP_SET"; then #274577 - eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." - eerror "Please either build ipset with modules USE flag disabled" - eerror "or rebuild kernel without IP_SET support and make sure" - eerror "there is NO kernel ip_set* modules in /lib/modules//... ." - die "USE=modules and in-kernel ipset support detected." - else - einfo "Modular kernel detected. Gonna build kernel modules..." - build_modules=1 - fi - else - eerror "Nonmodular kernel detected, but USE=modules. Either build" - eerror "modular kernel (without IP_SET) or disable USE=modules" - die "Nonmodular kernel detected, will not build kernel modules" - fi - fi - [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup -} - -src_prepare() { - default - - eautoreconf -} - -src_configure() { - export bashcompdir="$(get_bashcompdir)" - - econf \ - --enable-bashcompl \ - $(use_with modules kmod) \ - --with-maxsets=${IP_NF_SET_MAX} \ - --with-ksource="${KV_DIR}" \ - --with-kbuild="${KV_OUT_DIR}" -} - -src_compile() { - einfo "Building userspace" - emake - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Building kernel modules" - set_arch_to_kernel - emake modules - fi -} - -src_install() { - einfo "Installing userspace" - default - - find "${ED}" -name '*.la' -delete || die - - newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} - newconfd "${FILESDIR}"/ipset.confd ${PN} - systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service - keepdir /var/lib/ipset - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Installing kernel modules" - linux-mod_src_install - fi -}