diff options
author | Andrew Savchenko <bircoph@gmail.com> | 2011-08-04 20:09:29 +0400 |
---|---|---|
committer | Andrew Savchenko <bircoph@gmail.com> | 2011-08-04 20:09:29 +0400 |
commit | 271a56f3239fb82fb98e6505f6311c845c01b3ca (patch) | |
tree | 3160105a490c93444909e61bab960346d403fa30 | |
parent | svgalib: fix compilation with linux-2.6.39 (diff) | |
download | bircoph-271a56f3239fb82fb98e6505f6311c845c01b3ca.tar.gz bircoph-271a56f3239fb82fb98e6505f6311c845c01b3ca.tar.bz2 bircoph-271a56f3239fb82fb98e6505f6311c845c01b3ca.zip |
ipset: add init script
Included init script is based on work from bug 181045.
-rw-r--r-- | net-firewall/ipset/ChangeLog | 257 | ||||
-rw-r--r-- | net-firewall/ipset/Manifest | 6 | ||||
-rw-r--r-- | net-firewall/ipset/files/ipset.confd | 8 | ||||
-rwxr-xr-x | net-firewall/ipset/files/ipset.initd | 54 | ||||
-rw-r--r-- | net-firewall/ipset/ipset-6.8.ebuild | 113 | ||||
-rw-r--r-- | net-firewall/ipset/metadata.xml | 11 | ||||
-rw-r--r-- | profiles/categories | 1 |
7 files changed, 450 insertions, 0 deletions
diff --git a/net-firewall/ipset/ChangeLog b/net-firewall/ipset/ChangeLog new file mode 100644 index 0000000..09f0d49 --- /dev/null +++ b/net-firewall/ipset/ChangeLog @@ -0,0 +1,257 @@ +# ChangeLog for net-firewall/ipset +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipset/ChangeLog,v 1.49 2011/07/24 10:59:11 pva Exp $ + +*ipset-6.8 (24 Jul 2011) + + 24 Jul 2011; Peter Volkov <pva@gentoo.org> +ipset-6.8.ebuild: + Version bump, thank Ed Wildgoose for report. + + 02 Jul 2011; Sven Wegener <swegener@gentoo.org> ipset-6.7-r1.ebuild: + Use correct source and build options for kernel. + +*ipset-6.7-r1 (16 Jun 2011) + + 16 Jun 2011; Peter Volkov <pva@gentoo.org> -ipset-6.4.ebuild, + -ipset-6.6.ebuild, -ipset-6.7.ebuild, +ipset-6.7-r1.ebuild: + Add missing xt_set and ip_set_hash_netiface modules. Drop old. + +*ipset-6.7 (16 Jun 2011) + + 16 Jun 2011; Peter Volkov <pva@gentoo.org> +ipset-6.7.ebuild: + Version bump. + +*ipset-6.6 (24 May 2011) + + 24 May 2011; Peter Volkov <pva@gentoo.org> +ipset-6.6.ebuild: + Version bump. + + 15 May 2011; Peter Volkov <pva@gentoo.org> ipset-6.4.ebuild: + Fixed build in case symlink points on different sources then currnely + running, bug #356727#c9 thank Ed Wildgoose for this fix. + +*ipset-6.4 (01 May 2011) + + 01 May 2011; Peter Volkov <pva@gentoo.org> -ipset-2.4.7.ebuild, + +ipset-6.4.ebuild: + Version bump, bug 356727, thank Andreis_Vinogradovs (slepnoga) for report. + + 25 Mar 2011; Kacper Kowalik <xarthisius@gentoo.org> ipset-2.4.7.ebuild, + ipset-4.4.ebuild, ipset-4.5.ebuild: + Dropped ppc wrt #345019, #304037 + +*ipset-4.5 (21 Dec 2010) + + 21 Dec 2010; Peter Volkov <pva@gentoo.org> -ipset-4.1.ebuild, + -ipset-4.2.ebuild, -ipset-4.3.ebuild, +ipset-4.5.ebuild: + Version bump, drop old. + + 26 Nov 2010; Christian Faulhammer <fauli@gentoo.org> ipset-4.4.ebuild: + stable x86, bug 345019 + + 11 Nov 2010; Markos Chandras <hwoarang@gentoo.org> ipset-4.4.ebuild: + Stable on amd64 wrt bug #345019 + +*ipset-4.4 (14 Oct 2010) + + 14 Oct 2010; Peter Volkov <pva@gentoo.org> +ipset-4.4.ebuild: + Version bump. + +*ipset-4.3 (25 Aug 2010) + + 25 Aug 2010; Peter Volkov <pva@gentoo.org> +ipset-4.3.ebuild: + Version bump, fixes 2.6.35 kernel compatibility issue, bug 332687, thank + fkhp and Oleksandr Kovalenko for report. + + 20 May 2010; Peter Volkov <pva@gentoo.org> ipset-4.1.ebuild: + amd64 stable, bug 304037. + + 17 May 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org> ipset-4.1.ebuild: + x86 stable wrt bug #304037 + +*ipset-4.2 (08 Feb 2010) + + 08 Feb 2010; Peter Volkov <pva@gentoo.org> -ipset-2.2.9.20070401.ebuild, + -files/ipset-2.4.2-glibc28-fix.patch, + -files/ipset-2.4.9-gethostbyname-align.patch, -ipset-3.0.ebuild, + +ipset-4.2.ebuild: + Version bump, drop old. + + 15 Nov 2009; Peter Volkov <pva@gentoo.org> ipset-4.1.ebuild: + USE='modules' support. + + 14 Nov 2009; Peter Volkov <pva@gentoo.org> ipset-4.1.ebuild: + Do not build modules in case kernel is patched and modules are built in, + bug #274577 thank Brendan Pike report. + +*ipset-4.1 (14 Nov 2009) + + 14 Nov 2009; Peter Volkov <pva@gentoo.org> -ipset-2.4.9-r1.ebuild, + -ipset-2.5.0-r1.ebuild, +ipset-4.1.ebuild: + Version bump, bug #293043, thank Marcin Mirosław for report. + + 06 Sep 2009; Robin H. Johnson <robbat2@gentoo.org> ipset-2.4.7.ebuild, + ipset-2.4.9-r1.ebuild, ipset-2.5.0-r1.ebuild, ipset-3.0.ebuild: + Cleaning up for linux-info work: inherit linux-mod implies inherit + linux-info. + + 28 Jul 2009; Robin H. Johnson <robbat2@gentoo.org> ipset-3.0.ebuild: + Bug #279286: Min iptables version required for ipset is 1.4.4. Thanks to + James Earl Spahlinger <james@nixeagle.org>. + +*ipset-3.0 (05 Jun 2009) + + 05 Jun 2009; Peter Volkov <pva@gentoo.org> -ipset-2.5.0.ebuild, + +ipset-3.0.ebuild: + Version bump, remove broken version. + +*ipset-2.5.0-r1 (14 May 2009) + + 14 May 2009; Robin H. Johnson <robbat2@gentoo.org> +ipset-2.5.0-r1.ebuild: + Bug #269743: Some of the modules did not get installed. + +*ipset-2.5.0 (04 Apr 2009) + + 04 Apr 2009; Peter Volkov <pva@gentoo.org> +ipset-2.5.0.ebuild: + Version bump. + + 20 Mar 2009; Joseph Jezak <josejx@gentoo.org> ipset-2.4.7.ebuild: + Marked ppc stable for bug #257483. + +*ipset-2.4.9-r1 (03 Mar 2009) + + 03 Mar 2009; Peter Volkov <pva@gentoo.org> + +files/ipset-2.4.9-gethostbyname-align.patch, + -ipset-2.3.0.20070828-r2.ebuild, -ipset-2.3.1.20080612.ebuild, + -ipset-2.3.3a.ebuild, -ipset-2.4.2.ebuild, -ipset-2.4.9.ebuild, + +ipset-2.4.9-r1.ebuild: + Fixed gethostbyname alignment issue on hppa, bug #260481, thank Antixrict + for report and work with upstream. Removed old. + +*ipset-2.4.9 (28 Feb 2009) + + 28 Feb 2009; Peter Volkov <pva@gentoo.org> + -files/ipset-2.4.8-use-new-hash.patch, -ipset-2.4.8.ebuild, + +ipset-2.4.9.ebuild: + Version bump, bug #260480, thank Jeroen Roovers for report. + +*ipset-2.4.8 (26 Feb 2009) + + 26 Feb 2009; Peter Volkov <pva@gentoo.org> + +files/ipset-2.4.8-use-new-hash.patch, ipset-2.4.7.ebuild, + +ipset-2.4.8.ebuild: + Version bump, bug #260338, thank BoneKracker for report. Disable warnings, + fixes bug #259999, thank Aleksey Kunitskiy for report. + + 04 Feb 2009; Markus Meier <maekke@gentoo.org> ipset-2.4.7.ebuild: + amd64/x86 stable, bug #257483 + +*ipset-2.4.7 (31 Jan 2009) + + 31 Jan 2009; Peter Volkov <pva@gentoo.org> + +files/ipset-2.4.7-LDFLAGS.patch, +ipset-2.4.7.ebuild: + Version bump. Respect LDFLAGS, #246016, thank Olivier Huber. Probably + fixes compatibility issue with 2.6.28, #254207, thank Jochen Schlick. + +*ipset-2.4.2 (24 Oct 2008) + + 24 Oct 2008; Robin H. Johnson <robbat2@gentoo.org> + +files/ipset-2.4.2-glibc28-fix.patch, +ipset-2.4.2.ebuild: + Bug #243092, version bump. + + 14 Oct 2008; Robin H. Johnson <robbat2@gentoo.org> ipset-2.3.3a.ebuild: + Bug #236138, allow building with non-modular kernels. + +*ipset-2.3.3a (14 Aug 2008) + + 14 Aug 2008; Robin H. Johnson <robbat2@gentoo.org> +ipset-2.3.3a.ebuild: + Bug #233763, version bump to resolve glibc-2.8 issues. Upstream also now + includes modules buildable without patching the kernel. + +*ipset-2.3.1.20080612 (25 Jun 2008) + + 25 Jun 2008; Robin H. Johnson <robbat2@gentoo.org> + +ipset-2.3.1.20080612.ebuild: + Version bump per bug #226155. + +*ipset-2.3.0.20070828-r2 (14 Nov 2007) + + 14 Nov 2007; <pva@gentoo.org> -ipset-2.3.0.20070828-r1.ebuild, + +ipset-2.3.0.20070828-r2.ebuild: + Fixed LIBDIR to include /; bug 199084 reported by Krzysztof Olędzki + <ole+gentoo AT ans.pl>. + + 10 Nov 2007; <pva@gentoo.org> -ipset-2.1.0.20050119-r1.ebuild, + -ipset-2.2.8.20051203.ebuild, -ipset-2.2.9.20060508.ebuild: + Clean old. + + 10 Nov 2007; Christian Faulhammer <opfer@gentoo.org> + ipset-2.2.9.20070401.ebuild: + stable x86, bug 198158 + +*ipset-2.3.0.20070828-r1 (07 Nov 2007) + + 07 Nov 2007; <pva@gentoo.org> -ipset-2.3.0.20070828.ebuild, + +ipset-2.3.0.20070828-r1.ebuild: + Cleaned ebuild, courtesy of Donnie Berkholz <dberkholz AT gentoo.org> + +*ipset-2.3.0.20070828 (05 Nov 2007) + + 05 Nov 2007; <pva@gentoo.org> metadata.xml, +ipset-2.3.0.20070828.ebuild: + Version bump. Added myself in metadata. Added emerge --config to patch the + kernel. + + 12 Apr 2007; Stefan Schweizer <genstef@gentoo.org> + -ipset-2.1.0.20050119.ebuild: + Remove old version that uses check_KV, bug 150058 + +*ipset-2.2.9.20070401 (10 Apr 2007) + + 10 Apr 2007; Robin H. Johnson <robbat2@gentoo.org> + +ipset-2.2.9.20070401.ebuild: + New version from upstream, bug #173218. Please note that while this version + will compile without a patched kernel, you still need a patched kernel to + use it!. + +*ipset-2.2.9.20060508 (25 May 2006) + + 25 May 2006; Robin H. Johnson <robbat2@gentoo.org> + ipset-2.2.8.20051203.ebuild, +ipset-2.2.9.20060508.ebuild: + Bug #126878, upstream seems to have changed the directory name inside the + tarball. Also version bump that fixes a return code issue. + + 27 Jan 2006; Robin H. Johnson <robbat2@gentoo.org> + ipset-2.2.8.20051203.ebuild: + Adjust description to indicate that this package only provides the userspace + portion of ipset. You must still manually patch your kernel to have ipset + support. + +*ipset-2.2.8.20051203 (12 Dec 2005) + + 12 Dec 2005; Robin H. Johnson <robbat2@gentoo.org> + +ipset-2.2.8.20051203.ebuild: + Version bump. + + 26 Sep 2005; Robin H. Johnson <robbat2@gentoo.org> + ipset-2.1.0.20050119-r1.ebuild: + Stable on x86, 146 days in ~x86. + + 06 May 2005; Sven Wegener <swegener@gentoo.org> + ipset-2.1.0.20050119.ebuild, ipset-2.1.0.20050119-r1.ebuild: + Removed * postfix from <, <=, >= and > dependencies. + +*ipset-2.1.0.20050119-r1 (03 May 2005) + + 03 May 2005; Robin H. Johnson <robbat2@gentoo.org> + +ipset-2.1.0.20050119-r1.ebuild: + Convert to use linux-info eclass. + + 26 Apr 2005; Andrej Kacian <ticho@gentoo.org> ipset-2.1.0.20050119.ebuild: + Added ~amd64 keyword. + +*ipset-2.1.0.20050119 (10 Mar 2005) + + 10 Mar 2005; Robin H. Johnson <robbat2@gentoo.org> +metadata.xml, + +ipset-2.1.0.20050119.ebuild: + Initial commit, ebuild by Robin H. Johnson <robbat2@gentoo.org>. + diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest new file mode 100644 index 0000000..ea3003c --- /dev/null +++ b/net-firewall/ipset/Manifest @@ -0,0 +1,6 @@ +AUX ipset.confd 191 RMD160 b05d15226960cfaad609a11433bd5ec47c855681 SHA1 57ca914734177c0247802749896ff5cee2806f4e SHA256 51f976f3c4aedd5cae6c48c62e566527de344cef8eaf8175ce1e631b7b670043 +AUX ipset.initd 1130 RMD160 3044c71ff33f30b7ed05f8bf8a73f9d6a1bb887c SHA1 4becbffb04877a18fa63d463ce169fae15d31913 SHA256 3150d06327872ff3ddb345c5317aac56a18ffb6a8479823f501acc04891c8c02 +DIST ipset-6.8.tar.bz2 122954 RMD160 94ee3177540743153013b04e560839596dde1aad SHA1 0f4abb79fe8a65088f687e8a274aaddb542bc86a SHA256 d7b499ee961cd92ba5f0f698e5de49909d8b2c6697ff5aea3a1535e183f9b809 +EBUILD ipset-6.8.ebuild 3356 RMD160 2a7205d726283f1f612a70ed0fe122aade73cc6b SHA1 6c557c85cdf9f746e18b31671b40f059d1296c7c SHA256 4e934cb93a7ec68073694c9d97fde05ff0831d8d34b8b39826c3e2eb56c55dac +MISC ChangeLog 8776 RMD160 3ed2eed75b591999fcadd827c13a561a46f5485f SHA1 adcf7562f7cf18ffac4cf40ee4f2485153b88c87 SHA256 f4c47fae8f9895b935a87c66c1d2f8b46419a38aa5a61657216886b8687f27c4 +MISC metadata.xml 282 RMD160 aa8f4511de4ce6c391a019bfe77d4fbb42d0abb6 SHA1 721fca55a38262a0101e2e6680443986c27a681d SHA256 f4824882e12d63f3488e08077df95b12dca429a0275b82c541e4098527773fa5 diff --git a/net-firewall/ipset/files/ipset.confd b/net-firewall/ipset/files/ipset.confd new file mode 100644 index 0000000..aef7589 --- /dev/null +++ b/net-firewall/ipset/files/ipset.confd @@ -0,0 +1,8 @@ +# /etc/conf.d/ipset + +# Location in which ipset initscript will save set rules on +# service shutdown +IPSET_SAVE="/var/lib/ipset/rules-save" + +# Save state on stopping ipset +SAVE_ON_STOP="yes" diff --git a/net-firewall/ipset/files/ipset.initd b/net-firewall/ipset/files/ipset.initd new file mode 100755 index 0000000..bc21070 --- /dev/null +++ b/net-firewall/ipset/files/ipset.initd @@ -0,0 +1,54 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +opts="save" + +ipset_bin="/usr/sbin/ipset" + +depend() { + before iptables ip6tables + use logger +} + +checkconfig() { + if [[ ! -f ${IPSET_SAVE} ]] ; then + eerror "Not starting ${SVCNAME}. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ipset session'" + ${ipset_bin} restore < "${IPSET_SAVE}" + eend $? +} + +stop() { + service_started iptables && { + eerror "Can't stop while iptables is running" + return 1 + } + service_started ip6tables && { + eerror "Can't stop while ip6tables is running" + return 1 + } + if [[ "${SAVE_ON_STOP}" = "yes" ]] ; then + save || return 1 + fi + ebegin "Removing kernel IP sets" + ${ipset_bin} destroy + eend $? +} + +save() { + ebegin "Saving ipset session" + touch "${IPSET_SAVE}" + chmod 0600 "${IPSET_SAVE}" + ${ipset_bin} save > "${IPSET_SAVE}" + eend $? +} diff --git a/net-firewall/ipset/ipset-6.8.ebuild b/net-firewall/ipset/ipset-6.8.ebuild new file mode 100644 index 0000000..f67a44a --- /dev/null +++ b/net-firewall/ipset/ipset-6.8.ebuild @@ -0,0 +1,113 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipset/ipset-6.8.ebuild,v 1.1 2011/07/24 10:59:11 pva Exp $ + +EAPI="4" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool." +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.4 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done +CONFIG_CHECK="NETFILTER IP6_NF_IPTABLES !IP_SET" +ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." +ERROR_IP6_NF_IPTABLES="ipset requires IP6_NF_IPTABLES support in your kernel." +ERROR_IP_SET="There is IP_SET support in your kernel. Please build ipset with modules USE flag disabled or you may have troubles loading correct modules." + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You do not need to recompile your kernel." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_builtin "IP_NF_SET"; then #274577 + einfo "Modular kernel detected but IP_NF_SET=y, will not build kernel modules" + else + if kernel_is -gt 2 6 39; then + einfo "This kernel has modules inside, will not build kernel modules" + else + einfo "Modular kernel detected, will build kernel modules" + build_modules=1 + fi + fi + else + einfo "Nonmodular kernel detected, will not build kernel modules" + fi + fi + + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}"/$(get_libdir) \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + emake DESTDIR="${D}" install + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi + find "${ED}" \( -name '*.la' -o -name '*.a' \) -exec rm -f '{}' + + + keepdir /var/lib/ipset + newinitd "${FILESDIR}"/${PN}.initd ipset + newconfd "${FILESDIR}"/${PN}.confd ipset +} + +pkg_postinst() { + linux-mod_pkg_postinst + elog "Note you need to rebuid and run kernel with netlink.patch or you'll get error:" + elog "Kernel error received: Invalid argument" +} diff --git a/net-firewall/ipset/metadata.xml b/net-firewall/ipset/metadata.xml new file mode 100644 index 0000000..f38b7dc --- /dev/null +++ b/net-firewall/ipset/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>no-herd</herd> +<maintainer> + <email>robbat2@gentoo.org</email> +</maintainer> +<maintainer> + <email>pva@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/profiles/categories b/profiles/categories index f560d66..d2c9a84 100644 --- a/profiles/categories +++ b/profiles/categories @@ -12,6 +12,7 @@ media-sound media-video net-dialup net-dns +net-firewall net-ftp net-libs net-misc |