forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net-firewall/nftables: don't enable service by default
Fixes: https://bugs.gentoo.org/676290 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Matthew Thode <[email protected]>
- Loading branch information
1 parent
eb80554
commit 1b41288
Showing
1 changed file
with
97 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| # Copyright 1999-2019 Gentoo Authors | ||
| # Distributed under the terms of the GNU General Public License v2 | ||
|
|
||
| EAPI=6 | ||
|
|
||
| inherit autotools linux-info systemd | ||
|
|
||
| DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" | ||
| HOMEPAGE="https://netfilter.org/projects/nftables/" | ||
| SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" | ||
|
|
||
| LICENSE="GPL-2" | ||
| SLOT="0" | ||
| KEYWORDS="~amd64 ~arm ~ia64 ~x86" | ||
| IUSE="debug doc +gmp json +modern_kernel +readline" | ||
|
|
||
| RDEPEND=">=net-libs/libmnl-1.0.3:0= | ||
| gmp? ( dev-libs/gmp:0= ) | ||
| json? ( dev-libs/jansson ) | ||
| readline? ( sys-libs/readline:0= ) | ||
| >=net-libs/libnftnl-1.1.1:0=" | ||
|
|
||
| DEPEND="${RDEPEND} | ||
| >=app-text/docbook2X-0.8.8-r4 | ||
| doc? ( >=app-text/dblatex-0.3.7 ) | ||
| sys-devel/bison | ||
| sys-devel/flex | ||
| virtual/pkgconfig" | ||
|
|
||
| S="${WORKDIR}/v${PV}" | ||
|
|
||
| pkg_setup() { | ||
| if kernel_is ge 3 13; then | ||
| if use modern_kernel && kernel_is lt 3 18; then | ||
| eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly." | ||
| fi | ||
| CONFIG_CHECK="~NF_TABLES" | ||
| linux-info_pkg_setup | ||
| else | ||
| eerror "This package requires kernel version 3.13 or newer to work properly." | ||
| fi | ||
| } | ||
|
|
||
| src_prepare() { | ||
| default | ||
| eautoreconf | ||
| } | ||
|
|
||
| src_configure() { | ||
| local myeconfargs=( | ||
| --sbindir="${EPREFIX}"/sbin | ||
| $(use_enable debug) | ||
| $(use_enable doc pdf-doc) | ||
| $(use_with !gmp mini_gmp) | ||
| $(use_with json) | ||
| $(use_with readline cli) | ||
| ) | ||
| econf "${myeconfargs[@]}" | ||
| } | ||
|
|
||
| src_install() { | ||
| default | ||
|
|
||
| local mksuffix="" | ||
| use modern_kernel && mksuffix="-mk" | ||
|
|
||
| exeinto /usr/libexec/${PN} | ||
| newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh | ||
| newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} | ||
| newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} | ||
| keepdir /var/lib/nftables | ||
|
|
||
| systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service | ||
|
|
||
| docinto /usr/share/doc/${PF}/skels | ||
| dodoc "${D}"/etc/nftables/* | ||
| rm -R "${D}"/etc/nftables | ||
| } | ||
|
|
||
| pkg_postinst() { | ||
| local save_file | ||
| save_file="${EROOT%/}/var/lib/nftables/rules-save" | ||
|
|
||
| # In order for the nftables-restore systemd service to start | ||
| # the save_file must exist. | ||
| if [[ ! -f ${save_file} ]]; then | ||
| touch ${save_file} | ||
| fi | ||
|
|
||
| elog "If you wish to enable the firewall rules on boot (on systemd) you" | ||
| elog "will need to enable the nftables-restore service." | ||
| elog " 'systemd_enable_service basic.target ${PN}-restore.service'" | ||
| elog | ||
| elog "If you are creating firewall rules before the next system restart " | ||
| elog "the nftables-restore service must be manually started in order to " | ||
| elog "save those rules on shutdown." | ||
| } |