net-firewall/nftables: Sync with Gentoo

It's from Gentoo commit 0ebab7224898e19bd6e36a17449ffd7324f29513.

sdk_container/src/third_party/portage-stable/net-firewall/nftables/Manifest

@@ -1,6 +1,4 @@
 DIST nftables-1.1.1.tar.xz 989700 BLAKE2B f273c78369ba755049c6afa63eba195cf29f926fa8fc9bf344022904c00a8c6c4259cc5093e23993a55fd25790af575305df79a7c28624fa7082661b2eed70d0 SHA512 676413d4adadffb15d52c1f8f6432636cab83a7bcda1a18d9f0e6b58819a2c027a49922588c02bd9ad386de930eaa697bfe74c0938b595bf1ee485bfa7cf2e50
 DIST nftables-1.1.1.tar.xz.sig 566 BLAKE2B b7debda3373972f69af9b4b23e1b66a8fd156440187aafba605bb7342c267207e5aa628256e96432ebd4583a6a9436e1969a33636111d2bd8d57185a01e2d502 SHA512 fc23034c512f686167203e827ff2a8f7cb64530211ce92a28793bd49577ce3bf519ffbe910b0071cb21925898497cb5cbf70121c68bfcdbfa4460c63a14203ac
-DIST nftables-1.1.2.tar.xz 1035116 BLAKE2B caa8e8fecb7a832a316ee3cbcf6726dd9774a28bf92f24ac3b331a4ce4d3222a038a5688396c12bc2d63f9a96f9961b6f5b1f476488480d09174b7ba3325527a SHA512 b43f1a7773bf8a14d6599f479bab7fc8763bf9c011b487f98b8f52f10d4b84cfe9ebc1a5fcc3dfa84ac891582bbdc761cb294c0b90181cc2ba5d9e98b058c436
-DIST nftables-1.1.2.tar.xz.sig 566 BLAKE2B 79892fc481a1bc7b3adea25c86140221225f8cd615cea5c90c445f3e60d30f32cf5ed54ae45e8fe8228d1cde71daabb9632bb71e55703b7e205f66fe37cedc34 SHA512 578017e2dc1288c6c705e5554c200e5c9e234529609063ffc8ef125a3342488dae61ff30b0361f81e135a396e05c553c4a7d1f5ee8beb7bff3016b09b920a6f9
 DIST nftables-1.1.3.tar.xz 990172 BLAKE2B 35f4ece6c27b29a14bc71bb7893971134950509a713e84453e1f87df6b07cda327314d6dbbf048032a047652b8817f8ee8a5d74a56e356088495edd1dbbed000 SHA512 b5c244cb6db73eb232e5c999e07403b60c543efb9c4b9991838cc9c43a1bd08ca7b2926233536cbb0cc66e2a9acc4fbddc4b5565f5665e753c107a8739a86040
 DIST nftables-1.1.3.tar.xz.sig 566 BLAKE2B 4f0e9c89213b46d3445a729bf96b1790adc53725f31134f9028297e99d83ac43f5094f9cfa0efee903dc691781dd5d67a814583ff1c645776f1a46266dc2681f SHA512 7aa972c146e0dfaacc8faaef9b9ebbe419f7cbc5814d1fb978b35a4972d384aabe2e6e053fefc6d5d042acb9bff5f35e5f97cbee0c4a0152c53ab9c2e5b0335f

sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.1-r1.ebuild

@@ -21,7 +21,7 @@ else
 		https://netfilter.org/projects/nftables/files/${P}.tar.xz
 		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )
 	"
-	KEYWORDS="amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~sparc x86"
+	KEYWORDS="amd64 arm arm64 hppa ~loong ~mips ppc ppc64 ~riscv ~sparc x86"
 	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
 fi
 

sdk_container/src/third_party/portage-stable/net-firewall/nftables/nftables-1.1.2.ebuild

@@ -1,236 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..13} )
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
-inherit eapi9-ver edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-	BDEPEND="app-alternatives/yacc"
-else
-	inherit libtool
-	SRC_URI="
-		https://netfilter.org/projects/nftables/files/${P}.tar.xz
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )
-	"
-	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-	BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-netfilter-20240415 )"
-fi
-
-# See COPYING: new code is GPL-2+, existing code is GPL-2
-LICENSE="GPL-2 GPL-2+"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:=
-	>=net-libs/libnftnl-1.2.9:=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND+="
-	app-alternatives/lex
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${DISTUTILS_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	else
-		elibtoolize
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	if use python; then
-		pushd tests/py >/dev/null || die
-		distutils-r1_src_test
-		popd >/dev/null || die
-	fi
-}
-
-python_test() {
-	if [[ ${EUID} == 0 ]]; then
-		edo "${EPYTHON}" nft-test.py
-	else
-		ewarn "Skipping Python tests (requires root)"
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}-mk.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-load.service
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-store.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	local stderr
-
-	# There's a history of regressions with nftables upgrades. Perform a
-	# safety check to help us spot them earlier. For the check to pass, the
-	# currently loaded ruleset, if any, must be successfully evaluated by
-	# the newly built instance of nft(8).
-	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
-		# Either nftables isn't yet in use or nft(8) cannot be executed.
-		return
-	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
-		# Report errors induced by trying to list the ruleset but don't
-		# treat them as being fatal.
-		printf '%s\n' "${stderr}" >&2
-	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
-		# Rulesets generated by iptables-nft are special in nature and
-		# will not always be printed in a way that constitutes a valid
-		# syntax for ntf(8). Ignore them.
-		return
-	elif set -- "${ED}"/usr/lib*/libnftables.so;
-		! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft
-	then
-		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-		eerror "nft. This probably means that there is a regression introduced by v${PV}."
-		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-			die "Aborting because of failed nft reload!"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-load systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		if ver_replacing -lt "1.1.1-r1"; then
-			elog "Starting with ${PN}-1.1.1-r1, the ${PN}-restore.service has"
-			elog "been split into ${PN}-load.service and ${PN}-store.service."
-			elog
-		fi
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-load service."
-		elog "    'systemctl enable ${PN}-load.service'"
-		elog
-		elog "Enable nftables-store.service if you want firewall rules to be"
-		elog "saved at shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}