net-firewall/ipset: Sync with Gentoo

It's from Gentoo commit 741ef8be1b312d576bd62eaa00ea92ed392ae069.

sdk_container/src/third_party/portage-stable/net-firewall/ipset/Manifest

@@ -1,2 +1 @@
-DIST ipset-7.11.tar.bz2 674100 BLAKE2B 97f2e3372e963654ece511960e8c22d0dd9e29376d087a3767d89544dfbd85f9f9e75e0cc6c4eb9e1d813d1a472a410033a76feef3319b1d87fd51b0c3fd97cd SHA512 20890de32c17c04d9d3ae42fff64acfe21a252974bee5843ae39bdda707fcef55fde11cffccab9f987bf7e18f5445443c46c50eb854fb6f93f172f7bad07f922
-DIST ipset-7.15.tar.bz2 680383 BLAKE2B 10acff9741370ad80a2845605be1be4f691e987b271f4dcf1fab3abfe158c63c7d39e6b3453ba7cd361dee3df92f85419cfb70806a71b6806555f6571c70b1ed SHA512 0fc936d971c30a0925c585d506c8840e782fdaeec09bc8fd249e874fe838fa55a4dbb697f6e1423a6769abf07a1ce2195abc37cb641e8e4ad70f1b4c7130916a
+DIST ipset-7.17.tar.bz2 684983 BLAKE2B 43b74ab7caf5a963787184aa75b6c071388c8d28997681444b72118aba68b843e961b50418c3fa70b451b4cb090ec62940b770abac2156910442115edbf90d41 SHA512 e308a0d7707ccf7d0cb06a32cf9a822f97862e007abdbab8a91a5a0d5bfbd9f2fb9a3f5e8f36b250ec0d565438c8648a31e8e5b45d8205a76558e90f46e6e597

sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset-7.16-bashism.patch

@@ -0,0 +1,46 @@
+From 6004475ff78ddb3afd8beadcb5330664d50081f5 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Nov 2022 04:38:28 +0000
+Subject: [PATCH] configure.ac: fix bashisms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+configure scripts need to be runnable with a POSIX-compliant /bin/sh.
+
+On many (but not all!) systems, /bin/sh is provided by Bash, so errors
+like this aren't spotted. Notably Debian defaults to /bin/sh provided
+by dash which doesn't tolerate such bashisms as '=='.
+
+This retains compatibility with bash.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -27,7 +27,7 @@ AC_ARG_WITH([kmod],
+                            [Build the kernel module (default: yes)]),
+             [BUILDKMOD="$withval";],
+             [BUILDKMOD="yes";])
+-AM_CONDITIONAL(WITH_KMOD, test "$BUILDKMOD" == "yes")
++AM_CONDITIONAL(WITH_KMOD, test "$BUILDKMOD" = "yes")
+ 
+ dnl Additional arguments
+ dnl Kernel build directory or source tree
+@@ -76,7 +76,7 @@ if test "x$enable_bashcompl" = "xyes"; then
+ 	AC_SUBST(bashcompdir)
+ fi
+ 
+-if test "$BUILDKMOD" == "yes"
++if test "$BUILDKMOD" = "yes"
+ then
+ dnl Sigh: check kernel version dependencies
+ if test "$KBUILDDIR" != ""
+@@ -204,7 +204,7 @@ AC_CHECK_TYPES([union nf_inet_addr],,,[#include <linux/types.h>
+ dnl Checks for functions
+ AC_CHECK_FUNCS(gethostbyname2)
+ 
+-if test "$BUILDKMOD" == "yes"
++if test "$BUILDKMOD" = "yes"
+ then
+ dnl Check kernel incompatibilities... Ugly like hell
+ 

sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch

@@ -1,11 +0,0 @@
---- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -46,7 +46,7 @@ EXTRA_libipset_la_SOURCES = \
- 
- EXTRA_DIST = $(IPSET_SETTYPE_LIST) libipset.map
- 
--pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfigdir = $(prefix)/$(libdir)/pkgconfig
- pkgconfig_DATA = libipset.pc
- 
- dist_man_MANS = libipset.3

sdk_container/src/third_party/portage-stable/net-firewall/ipset/files/ipset.systemd-r1

@@ -0,0 +1,15 @@
+[Unit]
+Description=ipset service
+Before=network-pre.target iptables-restore.service ip6tables-restore.service firewalld.service
+Wants=network-pre.target
+ConditionFileNotEmpty=/var/lib/ipset/rules-save
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecReload=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecStop=/usr/sbin/ipset -file /var/lib/ipset/rules-save save
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/portage-stable/net-firewall/ipset/ipset-7.15.ebuild

@@ -1,114 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-MODULES_OPTIONAL_USE=modules
-inherit autotools linux-info linux-mod systemd
-
-DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="https://ipset.netfilter.org/"
-SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86"
-
-BDEPEND="virtual/pkgconfig"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
-	net-libs/libmnl:="
-DEPEND="${RDEPEND}"
-
-DOCS=( ChangeLog INSTALL README UPGRADE )
-
-PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch )
-
-# configurable from outside, e.g. /etc/portage/make.conf
-IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
-
-BUILD_TARGETS="modules"
-MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
-MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
-MODULE_NAMES+=" em_ipset(kernel/net/sched/:${S}/kernel/net/sched/)"
-for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do
-	MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
-done
-
-pkg_setup() {
-	get_version
-	CONFIG_CHECK="NETFILTER"
-	ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
-	CONFIG_CHECK+=" NETFILTER_NETLINK"
-	ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel."
-	# It does still build without NET_NS, but it may be needed in future.
-	#CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
-	#ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
-	CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
-	ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
-
-	build_modules=0
-	if use modules; then
-		if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
-			if linux_chkconfig_present "IP_NF_SET" || \
-				linux_chkconfig_present "IP_SET"; then #274577
-				eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
-				eerror "Please either build ipset with modules USE flag disabled"
-				eerror "or rebuild kernel without IP_SET support and make sure"
-				eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
-				die "USE=modules and in-kernel ipset support detected."
-			else
-				einfo "Modular kernel detected. Gonna build kernel modules..."
-				build_modules=1
-			fi
-		else
-			eerror "Nonmodular kernel detected, but USE=modules. Either build"
-			eerror "modular kernel (without IP_SET) or disable USE=modules"
-			die "Nonmodular kernel detected, will not build kernel modules"
-		fi
-	fi
-	[[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
-}
-
-src_prepare() {
-	default
-
-	eautoreconf
-}
-
-src_configure() {
-	econf \
-		$(use_with modules kmod) \
-		--disable-static \
-		--with-maxsets=${IP_NF_SET_MAX} \
-		--libdir="${EPREFIX}/$(get_libdir)" \
-		--with-ksource="${KV_DIR}" \
-		--with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
-	einfo "Building userspace"
-	emake
-
-	if [[ ${build_modules} -eq 1 ]]; then
-		einfo "Building kernel modules"
-		set_arch_to_kernel
-		emake modules
-	fi
-}
-
-src_install() {
-	einfo "Installing userspace"
-	default
-
-	find "${ED}" -name '*.la' -delete || die
-
-	newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
-	newconfd "${FILESDIR}"/ipset.confd ${PN}
-	systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service
-	keepdir /var/lib/ipset
-
-	if [[ ${build_modules} -eq 1 ]]; then
-		einfo "Installing kernel modules"
-		linux-mod_src_install
-	fi
-}

sdk_container/src/third_party/portage-stable/net-firewall/ipset/ipset-7.17.ebuild

@@ -1,27 +1,31 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="7"
+EAPI=8
+
 MODULES_OPTIONAL_USE=modules
-inherit autotools linux-info linux-mod systemd
+inherit autotools bash-completion-r1 linux-info linux-mod systemd
 
 DESCRIPTION="IPset tool for iptables, successor to ippool"
-HOMEPAGE="https://ipset.netfilter.org/"
+HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/"
 SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="amd64 ~arm arm64 ppc ~ppc64 ~riscv x86"
+KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86"
 
-BDEPEND="virtual/pkgconfig"
-
-RDEPEND=">=net-firewall/iptables-1.4.7
-	net-libs/libmnl:="
+RDEPEND="
+	>=net-firewall/iptables-1.4.7
+	net-libs/libmnl:=
+"
 DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
 
 DOCS=( ChangeLog INSTALL README UPGRADE )
 
-PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch )
+PATCHES=(
+	"${FILESDIR}"/${PN}-7.16-bashism.patch
+)
 
 # configurable from outside, e.g. /etc/portage/make.conf
 IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
@@ -76,11 +80,12 @@ src_prepare() {
 }
 
 src_configure() {
+	export bashcompdir="$(get_bashcompdir)"
+
 	econf \
+		--enable-bashcompl \
 		$(use_with modules kmod) \
-		--disable-static \
 		--with-maxsets=${IP_NF_SET_MAX} \
-		--libdir="${EPREFIX}/$(get_libdir)" \
 		--with-ksource="${KV_DIR}" \
 		--with-kbuild="${KV_OUT_DIR}"
 }
@@ -104,7 +109,7 @@ src_install() {
 
 	newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
 	newconfd "${FILESDIR}"/ipset.confd ${PN}
-	systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service
+	systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service
 	keepdir /var/lib/ipset
 
 	if [[ ${build_modules} -eq 1 ]]; then