sablink
/
overlay
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add genkerenl and iptables

This commit is contained in:
Mario Fetka 2012-11-08 01:44:18 +01:00
parent bf9579841f
commit 0b13863373
18 changed files with 5259 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
eclass/sabayon-artwork.eclass Normal file
View File

@ -0,0 +1,55 @@
# Copyright 2004-2009 Sabayon Project
# Distributed under the terms of the GNU General Public License v2
# $
inherit eutils
# @ECLASS-VARIABLE: KERN_INITRAMFS_SEARCH_NAME
# @DESCRIPTION:
# Argument used by `find` to search inside ${ROOT}boot Linux
# Kernel initramfs files to patch
KERN_INITRAMFS_SEARCH_NAME="${KERN_INITRAMFS_SEARCH_NAME:-initramfs-genkernel*}"
# @ECLASS-VARIABLE: GFX_SPLASH_NAME
# @DESCRIPTION:
# Default splash theme name to use
GFX_SPLASH_NAME="${GFX_SPLASH_NAME:-sabayon}"
# @FUNCTION: update_kernel_initramfs_splash
# @USAGE: update_kernel_initramfs_splash [splash_theme] [splash_file]
# @RETURN: 1, if something went wrong
#
# @MAINTAINER:
# Fabio Erculiani
update_kernel_initramfs_splash() {
[[ -z "${2}" ]] && die "wrong update_kernel_splash arguments"
if ! has_version "media-gfx/splashutils"; then
ewarn "media-gfx/splashutils not found, cannot update kernel splash"
return 1
fi
splash_geninitramfs -a "${2}" ${1}
return ${?}
}
# @FUNCTION: update_sabayon_kernel_initramfs_splash
# @USAGE: update_sabayon_kernel_initramfs_splash
#
# @MAINTAINER:
# Fabio Erculiani
update_sabayon_kernel_initramfs_splash() {
local splash_name="${GFX_SPLASH_NAME}"
local override_splash_file="${ROOT}etc/oem/splash_name"
if [ -f "${override_splash_file}" ]; then
found_splash_name=$(cat "${override_splash_file}" | cut -d" " -f 1)
if [ -d "/etc/splash/${found_splash_name}" ]; then
splash_name="${found_splash_name}"
fi
fi
for bootfile in `find ${ROOT}boot -name "${KERN_INITRAMFS_SEARCH_NAME}"`; do
einfo "Updating boot splash for ${bootfile}"
update_kernel_initramfs_splash "${GFX_SPLASH_NAME}" "${bootfile}"
done
}

847
eclass/sabayon-kernel.eclass Normal file
View File

@ -0,0 +1,847 @@
# Copyright 2004-2010 Sabayon Project
# Distributed under the terms of the GNU General Public License v2
# $
# @ECLASS-VARIABLE: K_SABPATCHES_VER
# @DESCRIPTION:
# The version of the sabayon patches tarball(s) to apply.
# A value of "5" would apply 2.6.12-5 to my-sources-2.6.12.ebuild
# @ECLASS-VARIABLE: K_SABKERNEL_NAME
# @DESCRIPTION:
# The kernel name used by the ebuild, it should be the ending ${PN} part
# for example, of linux-sabayon it is "${PN/${PN/-*}-}" (sabayon)
K_SABKERNEL_NAME="${K_SABKERNEL_NAME:-${PN/${PN/-*}-}}"
# @ECLASS-VARIABLE: K_SABKERNEL_URI_CONFIG
# @DESCRIPTION:
# Set this either to "no" or "yes" depending on the location of the
# kernel config files. If they are inside FILESDIR (old location)
# leave this option set to "no", otherwise set this to "yes"
K_SABKERNEL_URI_CONFIG="${K_SABKERNEL_URI_CONFIG:-no}"
# @ECLASS-VARIABLE: K_SABKERNEL_SELF_TARBALL_NAME
# @DESCRIPTION:
# If the main kernel sources tarball is generated in-house and available
# on the "sabayon" mirror, set this variable to the extension name (see example
# below). This will disable ALL the extra/local patches (since they have to
# be applied inside the tarball). Moreover, K_SABKERNEL_URI_CONFIG,
# K_SABPATCHES_VER, K_SABKERNEL_NAME, K_KERNEL_PATCH_VER will be ignored.
# Example:
# K_SABKERNEL_SELF_TARBALL_NAME="sabayon"
# This would generate:
# SRC_URI="mirror://sabayon/sys-kernel/linux-${PV}+sabayon.tar.bz2"
K_SABKERNEL_SELF_TARBALL_NAME="${K_SABKERNEL_SELF_TARBALL_NAME:-}"
# @ECLASS-VARIABLE: K_SABKERNEL_FORCE_SUBLEVEL
# @DESCRIPTION:
# Force the rewrite of SUBLEVEL in kernel sources Makefile
K_SABKERNEL_FORCE_SUBLEVEL="${K_SABKERNEL_FORCE_SUBLEVEL:-}"
# @ECLASS-VARIABLE: K_SABKERNEL_RESET_EXTRAVERSION
# @DESCRIPTION:
# Force the rewrite of EXTRAVERSION in kernel sources Makefile (setting it to "")
K_SABKERNEL_RESET_EXTRAVERSION="${K_SABKERNEL_RESET_EXTRAVERSION:-}"
# @ECLASS-VARIABLE: K_SABKERNEL_LONGTERM
# @DESCRIPTION:
# Consider Kernel stable patchset as longterm (changing URL)
K_SABKERNEL_LONGTERM="${K_SABKERNEL_LONGTERM:-}"
# @ECLASS-VARIABLE: K_KERNEL_SOURCES_PKG
# @DESCRIPTION:
# The kernel sources package used to build this kernel binary
K_KERNEL_SOURCES_PKG="${K_KERNEL_SOURCES_PKG:-${CATEGORY}/${PN/*-}-sources-${PVR}}"
# @ECLASS-VARIABLE: K_KERNEL_PATCH_VER
# @DESCRIPTION:
# If set to "3" for example, it applies the upstream kernel
# patch corresponding to patch-${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}.3.bz2
# @TODO: deprecate and remove once 2.6.x kernels are retired
K_KERNEL_PATCH_VER="${K_KERNEL_PATCH_VER:-}"
# @ECLASS-VARIABLE: K_KERNEL_PATCH_HOTFIXES
# @DESCRIPTION:
# If there is the need to quickly apply patches to the kernel
# without bumping the kernel patch tarball (for eg. in case
# of just released security fixes), set this variable in your ebuild
# pointing to space separated list of patch paths.
K_KERNEL_PATCH_HOTFIXES="${K_KERNEL_PATCH_HOTFIXES:-}"
# @ECLASS-VARIABLE: K_KERNEL_DISABLE_PR_EXTRAVERSION
# @DESCRIPTION:
# Set this to "1" if you want to tell kernel-2 eclass to
# not use ${PR} in kernel EXTRAVERSION (K_NOUSEPR). Otherwise, set
# this to "0" to not set K_NOUSEPR at all.
K_KERNEL_DISABLE_PR_EXTRAVERSION="${K_KERNEL_DISABLE_PR_EXTRAVERSION:-1}"
# @ECLASS-VARIABLE: K_KERNEL_SLOT_USEPVR
# @DESCRIPTION:
# Set this to "1" if you want to use ${PVR} in SLOT variable, instead of ${PV}
# sys-kernel/linux-vserver (vserver-sources) require this. This won't work for
# firmware pkgs.
K_KERNEL_SLOT_USEPVR="${K_KERNEL_SLOT_USEPVR:-0}"
# @ECLASS-VARIABLE: K_SABKERNEL_FIRMWARE
# @DESCRIPTION:
# Set this to "1" if your ebuild is a kernel firmware package
K_FIRMWARE_PACKAGE="${K_FIRMWARE_PACKAGE:-}"
# @ECLASS-VARIABLE: K_ONLY_SOURCES
# @DESCRIPTION:
# For every kernel binary package, there is a kernel source package associated
# if your ebuild is one of them, set this to "1"
K_ONLY_SOURCES="${K_ONLY_SOURCES:-}"
# @ECLASS-VARIABLE: K_REQUIRED_LINUX_FIRMWARE_VER
# @DESCRIPTION:
# Minimum required version of sys-kernel/linux-formware package, if any
K_REQUIRED_LINUX_FIRMWARE_VER="${K_REQUIRED_LINUX_FIRMWARE_VER:-}"
# @ECLASS-VARIABLE: K_WORKAROUND_SOURCES_COLLISION
# @DESCRIPTION:
# For kernel binary packages, Workaround file collisions with kernel
# sources already providing certain files (like Makefile). Used
# by linux-openvz and linux-vserver
K_WORKAROUND_SOURCES_COLLISION="${K_WORKAROUND_SOURCES_COLLISION:-}"
# @ECLASS-VARIABLE: K_WORKAROUND_USE_REAL_EXTRAVERSION
# @DESCRIPTION:
# Some kernel sources are shipped with their own EXTRAVERSION and
# we're kindly asked to not touch it, if this is your case, set
# this variable and depmod will work correctly.
K_WORKAROUND_USE_REAL_EXTRAVERSION="${K_WORKAROUND_USE_REAL_EXTRAVERSION:-}"
# @ECLASS-VARIABLE: K_GENKERNEL_ARGS
# @DESCRIPTION:
# Provide extra genkernel arguments using K_GENKERNEL_ARGS
K_GENKERNEL_ARGS="${K_GENKERNEL_ARGS:-}"
# @ECLASS-VARIABLE: K_MKIMAGE_RAMDISK_ADDRESS
# @DESCRIPTION:
# [ARM ONLY] Provide the ramdisk load address to be used with mkimage
K_MKIMAGE_RAMDISK_ADDRESS="${K_MKIMAGE_RAMDISK_ADDRESS:-}"
# @ECLASS-VARIABLE: K_MKIMAGE_RAMDISK_ENTRYPOINT
# @DESCRIPTION:
# [ARM ONLY] Provide the ramdisk entry point address to be used with mkimage
K_MKIMAGE_RAMDISK_ENTRYPOINT="${K_MKIMAGE_RAMDISK_ENTRYPOINT:-}"
KERN_INITRAMFS_SEARCH_NAME="${KERN_INITRAMFS_SEARCH_NAME:-initramfs-genkernel*${K_SABKERNEL_NAME}}"
# Disable deblobbing feature
K_DEBLOB_AVAILABLE=0
ETYPE="sources"
inherit eutils kernel-2 sabayon-artwork mount-boot linux-info
# from kernel-2 eclass
detect_version
detect_arch
DESCRIPTION="Sabayon Linux kernel functions and phases"
K_LONGTERM_URL_STR=""
if [ -n "${K_SABKERNEL_LONGTERM}" ]; then
K_LONGTERM_URL_STR="/longterm/v${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}"
fi
## kernel-2 eclass settings
if [ -n "${K_SABKERNEL_SELF_TARBALL_NAME}" ]; then
SRC_URI="mirror://sabayon/${CATEGORY}/linux-${PVR}+${K_SABKERNEL_SELF_TARBALL_NAME}.tar.bz2"
elif [ -n "${K_SABPATCHES_VER}" ]; then
UNIPATCH_STRICTORDER="yes"
K_SABPATCHES_PKG="${PV}-${K_SABPATCHES_VER}.tar.bz2"
UNIPATCH_LIST="${DISTFILES}/${K_SABPATCHES_PKG}"
SRC_URI="${KERNEL_URI}
mirror://sabayon/${CATEGORY}/linux-sabayon-patches/${K_SABPATCHES_PKG}"
else
SRC_URI="${KERNEL_URI}"
fi
if [ -z "${K_SABKERNEL_SELF_TARBALL_NAME}" ]; then
if [ -n "${K_KERNEL_PATCH_VER}" ]; then
K_PATCH_NAME="patch-${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}.${K_KERNEL_PATCH_VER}.bz2"
SRC_URI="${SRC_URI}
mirror://kernel/linux/kernel/v${KV_MAJOR}.${KV_MINOR}${K_LONGTERM_URL_STR}/${K_PATCH_NAME}"
UNIPATCH_LIST="${DISTDIR}/${K_PATCH_NAME}
${UNIPATCH_LIST}"
fi
fi
if [ -n "${K_KERNEL_PATCH_HOTFIXES}" ]; then
UNIPATCH_LIST="${K_KERNEL_PATCH_HOTFIXES} ${UNIPATCH_LIST}"
fi
_get_real_kv_full() {
if [[ "${KV_MAJOR}${KV_MINOR}" -eq 26 ]]; then
echo "${ORIGINAL_KV_FULL}"
elif [[ "${OKV/.*}" = "3" ]]; then
# Linux 3.x support, KV_FULL is set to: 3.0-sabayon
# need to add another final .0 to the version part
echo "${ORIGINAL_KV_FULL/-/.0-}"
else
echo "${ORIGINAL_KV_FULL}"
fi
}
# replace "linux" with K_SABKERNEL_NAME, usually replaces
# "linux" with "sabayon" or "server" or "openvz"
KV_FULL="${KV_FULL/${PN/-*}/${K_SABKERNEL_NAME}}"
EXTRAVERSION="${EXTRAVERSION/${PN/-*}/${K_SABKERNEL_NAME}}"
# drop -rX if exists
if [[ -n "${PR//r0}" ]] && [[ "${K_KERNEL_DISABLE_PR_EXTRAVERSION}" = "1" ]] \
&& [[ -z "${K_NOSETEXTRAVERSION}" ]]; then
EXTRAVERSION="${EXTRAVERSION%-r*}"
KV_FULL="${KV_FULL%-r*}"
KV="${KV%-r*}"
fi
# rewrite it
ORIGINAL_KV_FULL="${KV_FULL}"
KV_FULL="$(_get_real_kv_full)"
# Starting from linux-3.0, we still have to install
# sources stuff into /usr/src/linux-3.0.0-sabayon (example)
# where the last part must always match uname -r
# otherwise kernel-switcher (and RELEASE_LEVEL file)
# will complain badly
KV_OUT_DIR="/usr/src/linux-${KV_FULL}"
S="${WORKDIR}/linux-${KV_FULL}"
if [ -n "${K_FIRMWARE_PACKAGE}" ]; then
SLOT="0"
elif [ "${K_KERNEL_SLOT_USEPVR}" = "1" ]; then
SLOT="${PVR}"
else
SLOT="${PV}"
fi
_is_kernel_binary() {
if [ -z "${K_ONLY_SOURCES}" ] && [ -z "${K_FIRMWARE_PACKAGE}" ]; then
# yes it is
return 0
else
# no it isn't
return 1
fi
}
# provide extra virtual pkg
if _is_kernel_binary; then
PROVIDE="virtual/linux-binary"
fi
if [ -n "${K_SABKERNEL_SELF_TARBALL_NAME}" ]; then
HOMEPAGE="http://gitweb.sabayon.org/?p=linux/kernel/sabayon.git;a=summary"
else
HOMEPAGE="http://www.sabayon.org"
fi
# set SRC_URI
if [ -z "${K_SABKERNEL_SELF_TARBALL_NAME}" ]; then
if [ "${K_SABKERNEL_URI_CONFIG}" = "yes" ]; then
tmp_K_SABKERNEL_CONFIG_FILE="${K_SABKERNEL_CONFIG_FILE:-${K_SABKERNEL_NAME}-${PVR}-__ARCH__.config}"
# ARM not supported, if put in SRC_URI it tries to fetch it
SRC_URI="${SRC_URI}
amd64? ( mirror://sabayon/${CATEGORY}/linux-sabayon-patches/config/${tmp_K_SABKERNEL_CONFIG_FILE/__ARCH__/amd64} )
x86? ( mirror://sabayon/${CATEGORY}/linux-sabayon-patches/config/${tmp_K_SABKERNEL_CONFIG_FILE/__ARCH__/x86} )"
# K_SABKERNEL_CONFIG_FILE will be set in _set_config_file_vars
unset tmp_K_SABKERNEL_CONFIG_FILE
fi
fi
# Returns success if _set_config_file_vars was called.
_is_config_file_set() {
[[ ${_config_file_set} = 1 ]]
}
_set_config_file_vars() {
# Setup kernel configuration file name
if [ -z "${K_SABKERNEL_SELF_TARBALL_NAME}" ]; then
if [ "${K_SABKERNEL_URI_CONFIG}" = "yes" ]; then
K_SABKERNEL_CONFIG_FILE="${K_SABKERNEL_CONFIG_FILE:-${K_SABKERNEL_NAME}-${PVR}-__ARCH__.config}"
use amd64 && K_SABKERNEL_CONFIG_FILE=${K_SABKERNEL_CONFIG_FILE/__ARCH__/amd64}
use x86 && K_SABKERNEL_CONFIG_FILE=${K_SABKERNEL_CONFIG_FILE/__ARCH__/x86}
else
use arm && K_SABKERNEL_CONFIG_FILE="${K_SABKERNEL_CONFIG_FILE:-${K_SABKERNEL_NAME}-${PVR}-arm.config}"
use amd64 && K_SABKERNEL_CONFIG_FILE="${K_SABKERNEL_CONFIG_FILE:-${K_SABKERNEL_NAME}-${PVR}-amd64.config}"
use x86 && K_SABKERNEL_CONFIG_FILE="${K_SABKERNEL_CONFIG_FILE:-${K_SABKERNEL_NAME}-${PVR}-x86.config}"
fi
else
K_SABKERNEL_CONFIG_FILE="${K_SABKERNEL_CONFIG_FILE:-${K_SABKERNEL_NAME}-${PVR}-__ARCH__.config}"
K_SABKERNEL_ALT_CONFIG_FILE="${K_SABKERNEL_ALT_CONFIG_FILE:-${K_SABKERNEL_NAME}-${PV}-__ARCH__.config}"
if use amd64; then
K_SABKERNEL_CONFIG_FILE=${K_SABKERNEL_CONFIG_FILE/__ARCH__/amd64}
K_SABKERNEL_ALT_CONFIG_FILE=${K_SABKERNEL_ALT_CONFIG_FILE/__ARCH__/amd64}
elif use x86; then
K_SABKERNEL_CONFIG_FILE=${K_SABKERNEL_CONFIG_FILE/__ARCH__/x86}
K_SABKERNEL_ALT_CONFIG_FILE=${K_SABKERNEL_ALT_CONFIG_FILE/__ARCH__/x86}
elif use arm; then
K_SABKERNEL_CONFIG_FILE=${K_SABKERNEL_CONFIG_FILE/__ARCH__/arm}
K_SABKERNEL_ALT_CONFIG_FILE=${K_SABKERNEL_ALT_CONFIG_FILE/__ARCH__/arm}
fi
fi
_config_file_set=1
}
if [ -n "${K_ONLY_SOURCES}" ] || [ -n "${K_FIRMWARE_PACKAGE}" ]; then
IUSE="${IUSE}"
DEPEND="sys-apps/sed"
RDEPEND="${RDEPEND}"
else
IUSE="dmraid dracut iscsi luks lvm mdadm splash"
DEPEND="app-arch/xz-utils
sys-apps/sed
sys-devel/make
>=sys-kernel/genkernel-3.4.16-r1
arm? ( dev-embedded/u-boot-tools )
splash? ( x11-themes/sabayon-artwork-core )
dracut? ( sys-kernel/dracut )"
RDEPEND="sys-apps/sed
sys-kernel/linux-firmware"
if [ -n "${K_REQUIRED_LINUX_FIRMWARE_VER}" ]; then
RDEPEND+=" >=sys-kernel/linux-firmware-${K_REQUIRED_LINUX_FIRMWARE_VER}"
fi
fi
# internal function
#
# FUNCTION: _update_depmod
# @USAGE: _update_depmod <-r depmod>
# DESCRIPTION:
# It updates the modules.dep file for the current kernel.
# This is more or less the same of linux-mod update_depmod, with the
# exception of accepting parameter which is passed to depmod -r switch
_update_depmod() {
# if we haven't determined the version yet, we need too.
get_version;
ebegin "Updating module dependencies for ${KV_FULL}"
if [ -r "${KV_OUT_DIR}"/System.map ]; then
depmod -ae -F "${KV_OUT_DIR}"/System.map -b "${ROOT}" -r "${1}"
eend $?
else
ewarn
ewarn "${KV_OUT_DIR}/System.map not found."
ewarn "You must manually update the kernel module dependencies using depmod."
eend 1
ewarn
fi
}
sabayon-kernel_pkg_setup() {
if [ -n "${K_FIRMWARE_PACKAGE}" ]; then
einfo "Preparing kernel firmwares"
else
einfo "Preparing kernel and its modules"
fi
}
sabayon-kernel_src_unpack() {
local okv="${OKV}"
if [ -n "${K_SABKERNEL_SELF_TARBALL_NAME}" ]; then
OKV="${PVR}+${K_SABKERNEL_SELF_TARBALL_NAME}"
fi
kernel-2_src_unpack
if [ -n "${K_SABKERNEL_FORCE_SUBLEVEL}" ]; then
# patch out Makefile with proper sublevel
sed -i "s:^SUBLEVEL = .*:SUBLEVEL = ${K_SABKERNEL_FORCE_SUBLEVEL}:" \
"${S}/Makefile" || die
fi
if [ -n "${K_SABKERNEL_RESET_EXTRAVERSION}" ]; then
sed -i "s:^EXTRAVERSION =.*:EXTRAVERSION = :" "${S}/Makefile" || die
# some sources could have multiple append-based EXTRAVERSIONs
sed -i "s/^EXTRAVERSION :=.*//" "${S}/Makefile" || die
fi
OKV="${okv}"
# Let's handle EAPIs 0 and 1...
case ${EAPI:-0} in
0|1) sabayon-kernel_src_prepare ;;
esac
}
sabayon-kernel_src_prepare() {
_set_config_file_vars
}
sabayon-kernel_src_compile() {
if [ -n "${K_FIRMWARE_PACKAGE}" ]; then
_firmwares_src_compile
elif [ -n "${K_ONLY_SOURCES}" ]; then
kernel-2_src_compile
else
_kernel_src_compile
fi
}
_firmwares_src_compile() {
einfo "Starting to compile firmwares..."
_kernel_copy_config "${S}/.config"
cd "${S}" || die "cannot find source dir"
export LDFLAGS=""
OLDARCH="${ARCH}"
unset ARCH
emake firmware || die "cannot compile firmwares"
ARCH="${OLDARCH}"
}
_kernel_copy_config() {
_is_config_file_set \
|| die "Kernel configuration file not set. Was sabayon-kernel_src_prepare() called?"
if [ -n "${K_SABKERNEL_SELF_TARBALL_NAME}" ]; then
local base_path="${S}/sabayon/config"
if [ -f "${base_path}/${K_SABKERNEL_ALT_CONFIG_FILE}" ]; then
# new path, without revision
cp "${base_path}/${K_SABKERNEL_ALT_CONFIG_FILE}" "${1}" || die "cannot copy kernel config"
else
# PVR path (old)
cp "${base_path}/${K_SABKERNEL_CONFIG_FILE}" "${1}" || die "cannot copy kernel config"
fi
else
if [ "${K_SABKERNEL_URI_CONFIG}" = "no" ]; then
cp "${FILESDIR}/${PF/-r0/}-${ARCH}.config" "${1}" || die "cannot copy kernel config"
else
cp "${DISTDIR}/${K_SABKERNEL_CONFIG_FILE}" "${1}" || die "cannot copy kernel config"
fi
fi
}
_kernel_src_compile() {
# disable sandbox
export SANDBOX_ON=0
# needed anyway, even if grub use flag is not used here
if use amd64 || use x86; then
mkdir -p "${WORKDIR}"/boot/grub
else
mkdir -p "${WORKDIR}"/boot
fi
einfo "Starting to compile kernel..."
_kernel_copy_config "${WORKDIR}"/config
# do some cleanup
rm -rf "${WORKDIR}"/lib
rm -rf "${WORKDIR}"/cache
rm -rf "${S}"/temp
# creating workdirs
# some kernels fail with make 3.82 if firmware dir is not created
mkdir "${WORKDIR}"/lib/lib/firmware -p
mkdir "${WORKDIR}"/cache
mkdir "${S}"/temp
cd "${S}" || die
GKARGS="--no-save-config --disklabel"
use dracut && GKARGS="${GKARGS} --dracut"
use splash && GKARGS="${GKARGS} --splash=sabayon"
use dmraid && GKARGS="${GKARGS} --dmraid"
use iscsi && GKARGS="${GKARGS} --iscsi"
use mdadm && GKARGS="${GKARGS} --mdadm"
use luks && GKARGS="${GKARGS} --luks"
use lvm && GKARGS="${GKARGS} --lvm"
export DEFAULT_KERNEL_SOURCE="${S}"
export CMD_KERNEL_DIR="${S}"
for opt in ${MAKEOPTS}; do
if [ "${opt:0:2}" = "-j" ]; then
mkopts="${opt}"
break
fi
done
[ -z "${mkopts}" ] && mkopts="-j3"
OLDARCH="${ARCH}"
env_setup_xmakeopts
[ -n "${xmakeopts}" ] && eval "${xmakeopts}"
if [ -n "${CROSS_COMPILE}" ] && [ "${CBUILD:-${CHOST}}" != "${CTARGET}" ]; then
einfo "Enabling cross-emerge for ${CROSS_COMPILE}, arch: ${KARCH}"
GKARGS="${GKARGS} --arch-override=${KARCH}"
GKARGS="${GKARGS} --kernel-cross-compile=${CROSS_COMPILE}"
GKARGS="${GKARGS} --utils-cross-compile=${CROSS_COMPILE}"
# ARCH= must be forced to KARCH
ARCH="${KARCH}"
else
einfo "Cross-emerge is disabled"
unset CROSS_COMPILE
unset ARCH
fi
# If ARM, build the uImage directly
if use arm; then
K_GENKERNEL_ARGS+=" --kernel-target=uImage --kernel-binary=arch/arm/boot/uImage"
fi
# Workaround bug in splash_geninitramfs corrupting the initramfs
# if xz compression is used (newer genkernel >3.4.24)
local support_comp=$(genkernel --help | grep compress-initramfs-type)
if [ -n "${support_comp}" ]; then
GKARGS+=" --compress-initramfs-type=gzip"
fi
unset LDFLAGS
DEFAULT_KERNEL_SOURCE="${S}" CMD_KERNEL_DIR="${S}" genkernel ${GKARGS} ${K_GENKERNEL_ARGS} \
--kerneldir="${S}" \
--kernel-config="${WORKDIR}"/config \
--cachedir="${WORKDIR}"/cache \
--makeopts="${mkopts}" \
--tempdir="${S}"/temp \
--logfile="${WORKDIR}"/genkernel.log \
--bootdir="${WORKDIR}"/boot \
--mountboot \
--module-prefix="${WORKDIR}"/lib \
all || die "genkernel failed"
ARCH=${OLDARCH}
}
_setup_mkimage_ramdisk() {
local initramfs=$(ls "${WORKDIR}"/boot/${KERN_INITRAMFS_SEARCH_NAME}* 2> /dev/null)
if [ ! -e "${initramfs}" ] || [ ! -f "${initramfs}" ]; then
ewarn "No initramfs at ${initramfs}, cannot run mkimage on it!"
else
einfo "Setting up u-boot initramfs for: ${initramfs}"
/usr/bin/mkimage -A arm -O linux -T ramdisk -C none -a "${K_MKIMAGE_RAMDISK_ADDRESS}" \
-e "${K_MKIMAGE_RAMDISK_ENTRYPOINT}" -d "${initramfs}" \
"${initramfs}.u-boot" || return 1
mv "${initramfs}.u-boot" "${initramfs}" || return 1
fi
return 0
}
sabayon-kernel_src_install() {
if [ -n "${K_FIRMWARE_PACKAGE}" ]; then
_firmwares_src_install
elif [ -n "${K_ONLY_SOURCES}" ]; then
_kernel_sources_src_install
else
_kernel_src_install
fi
}
_firmwares_src_install() {
dodir /lib/firmware
keepdir /lib/firmware
cd "${S}" || die
emake INSTALL_FW_PATH="${D}/lib/firmware" firmware_install || die "cannot install firmwares"
}
_kernel_sources_src_install() {
local version_h_name="${KV_OUT_DIR/\//}/include/linux"
local version_h="${ROOT}${version_h_name}"
if [ -f "${version_h}" ]; then
einfo "Discarding previously installed version.h to avoid collisions"
addwrite "/${version_h_name}"
rm -f "${version_h}"
fi
_kernel_copy_config ".config"
kernel-2_src_install
cd "${D}${KV_OUT_DIR}" || die
local oldarch="${ARCH}"
unset ARCH
if ! use sources_standalone; then
make modules_prepare || die "failed to run modules_prepare"
rm .config || die "cannot remove .config"
rm Makefile || die "cannot remove Makefile"
rm include/linux/version.h || die "cannot remove include/linux/version.h"
fi
ARCH="${oldarch}"
}
_kernel_src_install() {
use arm && { _setup_mkimage_ramdisk || die "cannot setup mkimage"; }
dodir "${KV_OUT_DIR}"
insinto "${KV_OUT_DIR}"
_kernel_copy_config ".config"
doins ".config" || die "cannot copy kernel config"
doins Makefile || die "cannot copy Makefile"
doins Module.symvers || die "cannot copy Module.symvers"
doins System.map || die "cannot copy System.map"
# NOTE: this is a workaround caused by linux-info.eclass not
# being ported to EAPI=2 yet
local version_h_name="${KV_OUT_DIR/\//}/include/linux"
local version_h="${ROOT}${version_h_name}/version.h"
if [ -f "${version_h}" ]; then
einfo "Discarding previously installed version.h to avoid collisions"
addwrite "${version_h}"
rm -f "${version_h}"
fi
# Include include/linux/version.h to make Portage happy
dodir "${KV_OUT_DIR}/include/linux"
insinto "${KV_OUT_DIR}/include/linux"
doins "${S}/include/linux/version.h" || die "cannot copy version.h"
insinto "/boot"
doins "${WORKDIR}"/boot/* || die "cannot copy /boot over"
cp -Rp "${WORKDIR}"/lib/* "${D}/" || die "cannot copy /lib over"
# This doesn't always work because KV_FULL (when K_NOSETEXTRAVERSION=1) doesn't
# reflect the real value used in Makefile
#dosym "../../..${KV_OUT_DIR}" "/lib/modules/${KV_FULL}/source" || die "cannot install source symlink"
#dosym "../../..${KV_OUT_DIR}" "/lib/modules/${KV_FULL}/build" || die "cannot install build symlink"
cd "${D}"/lib/modules/* || die "cannot enter /lib/modules directory, more than one element?"
# cleanup previous
rm -f build source || die
# create sane symlinks
ln -sf "../../..${KV_OUT_DIR}" source || die "cannot create source symlink"
ln -sf "../../..${KV_OUT_DIR}" build || die "cannot create build symlink"
cd "${S}" || die
# drop ${D}/lib/firmware, virtual/linux-firmwares provides it
rm -rf "${D}/lib/firmware"
if [ -n "${K_WORKAROUND_SOURCES_COLLISION}" ]; then
# Fixing up Makefile collision if already installed by
# openvz-sources
einfo "Workarounding source package collisions"
make_file="${KV_OUT_DIR/\//}/Makefile"
einfo "Makefile: ${make_file}"
if [ -f "${ROOT}/${make_file}" ]; then
elog "Removing ${D}/${make_file}"
rm -f "${D}/${make_file}"
fi
fi
# Install kernel configuration information
# useful for Entropy kernel-switcher
if _is_kernel_binary; then
# release level is enough for now
base_dir="/etc/kernels/${P}"
dodir "${base_dir}"
insinto "${base_dir}"
echo "${KV_FULL}" > "RELEASE_LEVEL"
doins "RELEASE_LEVEL"
einfo "Installing ${base_dir}/RELEASE_LEVEL file: ${KV_FULL}"
fi
}
sabayon-kernel_pkg_preinst() {
if _is_kernel_binary; then
mount-boot_pkg_preinst
fi
}
sabayon-kernel_grub2_mkconfig() {
if [ -x "${ROOT}usr/sbin/grub2-mkconfig" ]; then
# Grub 2.00
"${ROOT}usr/sbin/grub2-mkconfig" -o "${ROOT}boot/grub/grub.cfg"
elif [ -x "${ROOT}sbin/grub-mkconfig" ]; then
# Grub 1.99
"${ROOT}sbin/grub-mkdevicemap" --device-map="${ROOT}boot/grub/device.map"
"${ROOT}sbin/grub-mkconfig" -o "${ROOT}boot/grub/grub.cfg"
else
echo
ewarn "Attention, Grub2 is not installed !!!"
ewarn "Grub2 bootloader configuration won't be updated"
echo
fi
}
_get_real_extraversion() {
make_file="${ROOT}${KV_OUT_DIR}/Makefile"
local extraver=$(grep -r "^EXTRAVERSION =" "${make_file}" | cut -d "=" -f 2 | head -n 1)
local trimmed=${extraver%% }
echo ${trimmed## }
}
_get_release_level() {
if [[ -n "${K_WORKAROUND_USE_REAL_EXTRAVERSION}" ]]; then
echo "${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}$(_get_real_extraversion)"
elif [[ "${KV_MAJOR}${KV_MINOR}" -eq 26 ]]; then
echo "${KV_FULL}"
elif [[ "${OKV/.*}" = "3" ]] && [[ "${KV_PATCH}" = "0" ]]; then
# Linux 3.x support, KV_FULL is set to: 3.0-sabayon
# need to add another final .0 to the version part
echo "${KV_FULL/-/.0-}"
else
echo "${KV_FULL}"
fi
}
sabayon-kernel_uimage_config() {
# Two cases here:
# 1. /boot/uImage symlink is broken (pkg_postrm)
# 2. /boot/uImage symlink doesn't exist (pkg_postinst)
if ! has_version app-admin/eselect-uimage; then
ewarn "app-admin/eselect-uimage not installed"
ewarn "If you are using this tool, please install it"
return 0
fi
local uimage_file=$(eselect uimage show --quiet 2> /dev/null)
if [ -z "${uimage_file}" ]; then
# pick the first listed, sorry!
local eselect_list=$(eselect uimage list --quiet 2> /dev/null)
if [ -n "${eselect_list}" ]; then
eselect uimage set 1
else
echo
ewarn "No more kernels available, you won't be able to boot"
echo
fi
else
echo
elog "You are currently booting with kernel:"
elog "${uimage_file}"
elog
elog "Use 'eselect uimage' in order to switch between the available ones"
echo
fi
}
sabayon-kernel_bzimage_config() {
# Two cases here:
# 1. /boot/bzImage symlink is broken (pkg_postrm)
# 2. /boot/bzImage symlink doesn't exist (pkg_postinst)
local kern_arch
use x86 && kern_arch="x86"
use amd64 && kern_arch="x86_64"
if ! has_version app-admin/eselect-bzimage; then
ewarn "app-admin/eselect-bzimage not installed"
ewarn "If you are using this tool, please install it"
return 0
fi
local bzimage_file=$(eselect bzimage show --quiet 2> /dev/null)
if [ -z "${bzimage_file}" ]; then
# try to pic what's being installed
local eselect_list=$(eselect bzimage list --quiet 2> /dev/null)
if [ -n "${eselect_list}" ]; then
eselect bzimage set "kernel-genkernel-${kern_arch}-${KV_FULL}"
if [ "${?}" != "0" ]; then
# pick the first available, sorry!
echo
eselect bzimage set 1
ewarn "Unable to select the right kernel, falling back"
ewarn "to the first available entry. You have been warned"
echo
fi
else
echo
ewarn "No more kernels available, you might not be able to boot"
echo
fi
else
echo
ewarn "You are currently booting with kernel:"
ewarn "${bzimage_file}"
ewarn
ewarn "Use 'eselect bzimage' in order to switch between the available ones"
echo
fi
}
sabayon-kernel_pkg_postinst() {
if _is_kernel_binary; then
fstab_file="${ROOT}etc/fstab"
einfo "Removing extents option for ext4 drives from ${fstab_file}"
# Remove "extents" from /etc/fstab
if [ -f "${fstab_file}" ]; then
sed -i '/ext4/ s/extents//g' "${fstab_file}"
fi
# Update kernel initramfs to match user customizations
update_sabayon_kernel_initramfs_splash
# Add kernel to grub.conf
if use amd64 || use x86; then
if use amd64; then
local kern_arch="x86_64"
else
local kern_arch="x86"
fi
# grub-legacy
if [ -x "${ROOT}usr/sbin/grub-handler" ]; then
"${ROOT}usr/sbin/grub-handler" add \
"/boot/kernel-genkernel-${kern_arch}-${KV_FULL}" \
"/boot/initramfs-genkernel-${kern_arch}-${KV_FULL}"
fi
sabayon-kernel_grub2_mkconfig
fi
# Setup newly installed kernel on ARM
if use arm; then
sabayon-kernel_uimage_config
fi
# Setup newly installed kernel on x86/amd64
# This is quite handy for static grub1/grub2
# configurations (like on Amazon EC2)
if use x86 || use amd64; then
sabayon-kernel_bzimage_config
fi
kernel-2_pkg_postinst
local depmod_r=$(_get_release_level)
_update_depmod "${depmod_r}"
elog "Please report kernel bugs at:"
elog "http://bugs.sabayon.org"
elog "The source code of this kernel is located at"
elog "=${K_KERNEL_SOURCES_PKG}."
elog "Sabayon Linux recommends that portage users install"
elog "${K_KERNEL_SOURCES_PKG} if you want"
elog "to build any packages that install kernel modules"
elog "(such as ati-drivers, nvidia-drivers, virtualbox, etc...)."
else
kernel-2_pkg_postinst
fi
}
sabayon-kernel_pkg_prerm() {
if _is_kernel_binary; then
mount-boot_pkg_prerm
fi
}
sabayon-kernel_pkg_postrm() {
if _is_kernel_binary; then
# Remove kernel from grub.conf
if use amd64 || use x86; then
if use amd64; then
local kern_arch="x86_64"
else
local kern_arch="x86"
fi
if [ -x "${ROOT}usr/sbin/grub-handler" ]; then
"${ROOT}usr/sbin/grub-handler" remove \
"/boot/kernel-genkernel-${kern_arch}-${KV_FULL}" \
"/boot/initramfs-genkernel-${kern_arch}-${KV_FULL}"
fi
sabayon-kernel_grub2_mkconfig
fi
# Setup newly installed kernel on ARM
if use arm; then
sabayon-kernel_uimage_config
fi
# Setup newly installed kernel on x86/amd64
# This is quite handy for static grub1/grub2
# configurations (like on Amazon EC2)
if use x86 || use amd64; then
sabayon-kernel_bzimage_config
fi
fi
}
# export all the available functions here
case ${EAPI:-0} in
0|1) extra_export_funcs= ;;
*) extra_export_funcs=src_prepare ;;
esac
EXPORT_FUNCTIONS pkg_setup src_unpack ${extra_export_funcs} \
src_compile src_install pkg_preinst pkg_postinst pkg_prerm pkg_postrm

1316
net-firewall/iptables/ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

10
net-firewall/iptables/Manifest Normal file
View File

@ -0,0 +1,10 @@
AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10
AUX iptables-1.4.13-IMQ-test1.diff 4310 SHA256 2a611eadf841f38dd44825b9511c48391223f96d885e49d067a94838cbd877a6 SHA512 37bafeed169a9a96b52a3a9d8479fb3ecdfe6058ed2810f479655f597d8b37a55c66242fb65ca435aa21f5a72836d30521072bd8d4b0fcc92945b9465d8cc668 WHIRLPOOL c69ad07c5d4763862cedde8c7805166bda3e6afc0e0a57a58b58fc0ba1f14c4f3b738d98e6e9f34e2b5a88f0ee82707cdd9ccd0795be13f8ec425efd3c083f58
AUX iptables-1.4.13-r1.init 2666 SHA256 add450154d983c09e1ade0d929d9eb8b151634c0eb8e0a2c512f12e3c9574ade SHA512 8d1150dd076ad41644bc99342e20f1ecea0bfa6f5da106019b479f76398d774b55bdbe842cfa4e5d0a7f364eba10374695df3249e92ae53c56b2b2ac928ea6a1 WHIRLPOOL 2ba3227729c85d2695eb9682d98441fcf4d373ea88861330c7d299ddb0d04660a734ecdea08cba01b15796998c66ffe7657b934f414c821bd228b5d4d45c3b0a
AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b
AUX iptables-1.4.13.init 2632 SHA256 3c955bbc787e57d6c0d6d5e97ec34e350fbcbf4f0b453bd2ed624e68ac83155f SHA512 ffb5eb1372a69f3aa9ed3181b3c96fe34b3a07a1b7021e132d0b8eca65f65d83bc546371bc3e7081de68e02fd18bf99993eff6a643715e4b4d0d0d9066c5eee8 WHIRLPOOL 50a3771e5ac7b0ee38cc23c11791c05616687bc44fd6708a89c431422dcee99a92448c55f5b4c790614e785b3b74cc0e168c9d91c547e9e4faa477bed7b0cdea
AUX iptables-layer7.patch 11456 SHA256 2caf08767e82eec69c53612063c004756e15e37b28338a4aff31bdd8be6cc74d SHA512 1f4ca9f95404781aaff99b2accaff80588171f35d33f190effcb4808a1161e8a2c3f3baf593666cb305c35b18bdc42070f5cdd808f0e93b404f4620934318d3e WHIRLPOOL 682d10cceece2b2b093dd2c113cd36ff4ef37796531b4d8b1b0049c4937670dd4a36139dd157b32ef4c1de9e958aeb2c4a9ed9892aee108bf0d7c1efe32b1419
DIST iptables-1.4.16.3.tar.bz2 536872 SHA256 643ccf34099d53d5b839e1d889c05627745a51ec122648e76a9fcec3a8a9ec79 SHA512 c232a927fe63623cc0d336b4a09d7baad2d0c5a2a5e3b7ad083727e9f17cd0b668a826a4c5ff0bbb45233fee6c38c153710b13f458514516af7cf7df10d720e2 WHIRLPOOL 2dadcdb39f7741cb7b3c493bc36792a6edbdd9ddaa0c862d2ec0a6fbb89eb82c55f04ae407ab641f425208b15ef6e689af10ce6c03368e40652367c39dead75f
EBUILD iptables-1.4.16.3.ebuild 2346 SHA256 52354ce68dd8aeb4edf8024d9c2922ea4fc9e19a50d2163777e06f40be26353e SHA512 8fd8e297644b9da495939e78bf1d0ec2cbd3634eb315b5508903617b3681f1865419a5d503ac9ac0824d4dd806bf884eed9d1a6a146a05309a7169335c3b5a8f WHIRLPOOL 033bd35b47448e6fe66038d0a3f4bb5e272bf55e90a791aa8f45d248987555d5e6f05ac6dee1217b35ee006f9518f50f88018d536d64264cc6fc59be8ab9d190
MISC ChangeLog 48600 SHA256 1198a02eb018f75e1dcfe5c37a166267fef971111967b62b6fbe215aa540c6ca SHA512 3f6463392886cd79059d41a5ecd6041474c39c1f8fcebd6ca364d643051dccaa3b370f676dd2710a3743318d816aab86a37dec96833d5ae49759710291ac6a57 WHIRLPOOL ed3c04733e9051db8050221258a700c8609b42d41626a0370cc23e5859849a8dab6144476adcea3ff26dff097b04616a37ea9cf6010ab9402d43e929f3924b8f
MISC metadata.xml 1033 SHA256 6972ae7bad5c0025564a15429579f046ab4c365929aa175b1e84c1586872bdc9 SHA512 fe251377457099cbf9014fc206176a79d377b2c61f1b239b81e10cb05e740ac8e6d4849ac60987091d33b66ae9d72fbb36cf590bfe663e3dc1338c3648e1c179 WHIRLPOOL e0282695b2be9ab1b56e3779d26e27ce38803fa7fce9b1c66eb0ab3226d527e354436fcde7e15aa238c83dcbeab74cbf6f1aba36609096ca4bcdf982fce52abc

19
net-firewall/iptables/files/ip6tables-1.4.13.confd Normal file
View File

@ -0,0 +1,19 @@
# /etc/conf.d/ip6tables
# Location in which iptables initscript will save set rules on
# service shutdown
IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
# Options to pass to iptables-save and iptables-restore
SAVE_RESTORE_OPTIONS="-c"
# Save state on stopping iptables
SAVE_ON_STOP="yes"
# If you need to log iptables messages as soon as iptables starts,
# AND your logger does NOT depend on the network, then you may wish
# to uncomment the next line.
# If your logger depends on the network, and you uncomment this line
# you will create an unresolvable circular dependency during startup.
# After commenting or uncommenting this line, you must run 'rc-update -u'.
#rc_use="logger"

141
net-firewall/iptables/files/iptables-1.4.13-IMQ-test1.diff Normal file
View File

@ -0,0 +1,141 @@
diff -Naur iptables-1.4.12.2/extensions/libxt_IMQ.c iptables-1.4.12.2-imq/extensions/libxt_IMQ.c
--- iptables-1.4.12.2/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200
+++ iptables-1.4.12.2-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300
@@ -0,0 +1,105 @@
+/* Shared library add-on to iptables to add IMQ target support. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <xtables.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_IMQ.h>
+
+/* Function which prints out usage message. */
+static void IMQ_help(void)
+{
+ printf(
+"IMQ target options:\n"
+" --todev <N> enqueue to imq<N>, defaults to 0\n");
+
+}
+
+static struct option IMQ_opts[] = {
+ { "todev", 1, 0, '1' },
+ { 0 }
+};
+
+/* Initialize the target. */
+static void IMQ_init(struct xt_entry_target *t)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data;
+
+ mr->todev = 0;
+}
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_target **target)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data;
+
+ switch(c) {
+ case '1':
+/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --todev");
+*/
+ mr->todev=atoi(optarg);
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+/* Prints out the targinfo. */
+static void IMQ_print(const void *ip,
+ const struct xt_entry_target *target,
+ int numeric)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
+
+ printf("IMQ: todev %u ", mr->todev);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void IMQ_save(const void *ip, const struct xt_entry_target *target)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
+
+ printf(" --todev %u", mr->todev);
+}
+
+static struct xtables_target imq_target = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+ .init = IMQ_init,
+ .parse = IMQ_parse,
+ .print = IMQ_print,
+ .save = IMQ_save,
+ .extra_opts = IMQ_opts,
+};
+
+static struct xtables_target imq_target6 = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+ .init = IMQ_init,
+ .parse = IMQ_parse,
+ .print = IMQ_print,
+ .save = IMQ_save,
+ .extra_opts = IMQ_opts,
+};
+
+// void __attribute((constructor)) nf_ext_init(void){
+void _init(void){
+ xtables_register_target(&imq_target);
+ xtables_register_target(&imq_target6);
+}
diff -Naur iptables-1.4.12.2/extensions/libxt_IMQ.man iptables-1.4.12.2-imq/extensions/libxt_IMQ.man
--- iptables-1.4.12.2/extensions/libxt_IMQ.man 1970-01-01 02:00:00.000000000 +0200
+++ iptables-1.4.12.2-imq/extensions/libxt_IMQ.man 2011-09-30 13:53:21.000000000 +0300
@@ -0,0 +1,15 @@
+This target is used to redirect the traffic to the IMQ driver and you can apply
+QoS rules like HTB or CBQ.
+For example you can select only traffic comming from a specific interface or
+is going out on a specific interface.
+Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic
+or AFTER NAT in the case of incomming traffic.
+.TP
+\fB\-\-to\-dev\fP \fIvalue\fP
+Set the IMQ interface where to send this traffic
+.TP
+Example:
+.TP
+Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1:
+iptables \-t mangle \-A FORWARD \-i eth0 \-j IMQ \-\-to\-dev 0
+iptables \-t mangle \-A FORWARD \-o eth0 \-j IMQ \-\-to\-dev 1
diff -Naur iptables-1.4.12.2/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.2-imq/include/linux/netfilter/xt_IMQ.h
--- iptables-1.4.12.2/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200
+++ iptables-1.4.12.2-imq/include/linux/netfilter/xt_IMQ.h 2011-09-30 13:53:21.000000000 +0300
@@ -0,0 +1,9 @@
+#ifndef _XT_IMQ_H
+#define _XT_IMQ_H
+
+struct xt_imq_info {
+ unsigned int todev; /* target imq device */
+};
+
+#endif /* _XT_IMQ_H */
+

116
net-firewall/iptables/files/iptables-1.4.13-r1.init Normal file
View File

@ -0,0 +1,116 @@
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13-r1.init,v 1.1 2012/09/14 17:58:26 axs Exp $
extra_commands="save panic"
extra_started_commands="reload"
iptables_name=${SVCNAME}
if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
iptables_name="iptables"
fi
iptables_bin="/sbin/${iptables_name}"
case ${iptables_name} in
iptables) iptables_proc="/proc/net/ip_tables_names"
iptables_save=${IPTABLES_SAVE};;
ip6tables) iptables_proc="/proc/net/ip6_tables_names"
iptables_save=${IP6TABLES_SAVE};;
esac
depend() {
before net
}
set_table_policy() {
local chains table=$1 policy=$2
case ${table} in
nat) chains="PREROUTING POSTROUTING OUTPUT";;
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
filter) chains="INPUT FORWARD OUTPUT";;
*) chains="";;
esac
local chain
for chain in ${chains} ; do
${iptables_bin} -t ${table} -P ${chain} ${policy}
done
}
checkkernel() {
if [ ! -e ${iptables_proc} ] ; then
eerror "Your kernel lacks ${iptables_name} support, please load"
eerror "appropriate modules and try again."
return 1
fi
return 0
}
checkconfig() {
if [ ! -f ${iptables_save} ] ; then
eerror "Not starting ${iptables_name}. First create some rules then run:"
eerror "/etc/init.d/${iptables_name} save"
return 1
fi
return 0
}
start() {
checkconfig || return 1
ebegin "Loading ${iptables_name} state and starting firewall"
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
eend $?
}
stop() {
if [ "${SAVE_ON_STOP}" = "yes" ] ; then
save || return 1
fi
checkkernel || return 1
ebegin "Stopping firewall"
local a
for a in $(cat ${iptables_proc}) ; do
set_table_policy $a ACCEPT
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
done
eend $?
}
reload() {
checkkernel || return 1
ebegin "Flushing firewall"
local a
for a in $(cat ${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
done
eend $?
start
}
save() {
ebegin "Saving ${iptables_name} state"
checkpath -q -d "$(dirname "${iptables_save}")"
checkpath -q -m 0600 -f "${iptables_save}"
${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
eend $?
}
panic() {
checkkernel || return 1
if service_started ${iptables_name}; then
rc-service ${iptables_name} stop
fi
local a
ebegin "Dropping all packets"
for a in $(cat ${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
set_table_policy $a DROP
done
eend $?
}

19
net-firewall/iptables/files/iptables-1.4.13.confd Normal file
View File

@ -0,0 +1,19 @@
# /etc/conf.d/iptables
# Location in which iptables initscript will save set rules on
# service shutdown
IPTABLES_SAVE="/var/lib/iptables/rules-save"
# Options to pass to iptables-save and iptables-restore
SAVE_RESTORE_OPTIONS="-c"
# Save state on stopping iptables
SAVE_ON_STOP="yes"
# If you need to log iptables messages as soon as iptables starts,
# AND your logger does NOT depend on the network, then you may wish
# to uncomment the next line.
# If your logger depends on the network, and you uncomment this line
# you will create an unresolvable circular dependency during startup.
# After commenting or uncommenting this line, you must run 'rc-update -u'.
#rc_use="logger"

116
net-firewall/iptables/files/iptables-1.4.13.init Normal file
View File

@ -0,0 +1,116 @@
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13.init,v 1.1 2012/05/21 21:24:16 williamh Exp $
extra_commands="save panic"
extra_started_commands="reload"
iptables_name=${SVCNAME}
if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
iptables_name="iptables"
fi
iptables_bin="/sbin/${iptables_name}"
case ${iptables_name} in
iptables) iptables_proc="/proc/net/ip_tables_names"
iptables_save=${IPTABLES_SAVE};;
ip6tables) iptables_proc="/proc/net/ip6_tables_names"
iptables_save=${IP6TABLES_SAVE};;
esac
depend() {
before net
}
set_table_policy() {
local chains table=$1 policy=$2
case ${table} in
nat) chains="PREROUTING POSTROUTING OUTPUT";;
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
filter) chains="INPUT FORWARD OUTPUT";;
*) chains="";;
esac
local chain
for chain in ${chains} ; do
${iptables_bin} -t ${table} -P ${chain} ${policy}
done
}
checkkernel() {
if [ ! -e ${iptables_proc} ] ; then
eerror "Your kernel lacks ${iptables_name} support, please load"
eerror "appropriate modules and try again."
return 1
fi
return 0
}
checkconfig() {
if [ ! -f ${iptables_save} ] ; then
eerror "Not starting ${iptables_name}. First create some rules then run:"
eerror "/etc/init.d/${iptables_name} save"
return 1
fi
return 0
}
start() {
checkconfig || return 1
ebegin "Loading ${iptables_name} state and starting firewall"
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
eend $?
}
stop() {
if [ "${SAVE_ON_STOP}" = "yes" ] ; then
save || return 1
fi
checkkernel || return 1
ebegin "Stopping firewall"
local a
for a in $(cat ${iptables_proc}) ; do
set_table_policy $a ACCEPT
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
done
eend $?
}
reload() {
checkkernel || return 1
ebegin "Flushing firewall"
local a
for a in $(cat ${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
done
eend $?
start
}
save() {
ebegin "Saving ${iptables_name} state"
touch "${iptables_save}"
chmod 0600 "${iptables_save}"
${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
eend $?
}
panic() {
checkkernel || return 1
if service_started ${iptables_name}; then
rc-service ${iptables_name} stop
fi
local a
ebegin "Dropping all packets"
for a in $(cat ${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
set_table_policy $a DROP
done
eend $?
}

406
net-firewall/iptables/files/iptables-layer7.patch Normal file
View File

@ -0,0 +1,406 @@
diff -urN iptables-1.4.9.1.org/extensions/libxt_layer7.c iptables-1.4.9.1/extensions/libxt_layer7.c
--- iptables-1.4.9.1.org/extensions/libxt_layer7.c 1970-01-01 01:00:00.000000000 +0100
+++ iptables-1.4.9.1/extensions/libxt_layer7.c 2009-07-14 00:53:05.000000000 +0200
@@ -0,0 +1,368 @@
+/*
+ Shared library add-on to iptables for layer 7 matching support.
+
+ By Matthew Strait <quadong@users.sf.net>, Oct 2003-Aug 2008.
+
+ http://l7-filter.sf.net
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version
+ 2 of the License, or (at your option) any later version.
+ http://www.gnu.org/licenses/gpl.txt
+*/
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <ctype.h>
+#include <dirent.h>
+
+#include <xtables.h>
+#include <linux/netfilter/xt_layer7.h>
+
+#define MAX_FN_LEN 256
+
+static char l7dir[MAX_FN_LEN] = "\0";
+
+/* Function which prints out usage message. */
+static void help(void)
+{
+ printf(
+ "layer7 match options:\n"
+ " --l7dir <directory> : Look for patterns here instead of /etc/l7-protocols/\n"
+ " (--l7dir must be specified before --l7proto if used)\n"
+ "[!] --l7proto <name>: Match named protocol using /etc/l7-protocols/.../name.pat\n");
+}
+
+static const struct option opts[] = {
+ { .name = "l7proto", .has_arg = 1, .val = 'p' },
+ { .name = "l7dir", .has_arg = 1, .val = 'd' },
+ { .name = NULL }
+};
+
+/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */
+static int parse_protocol_file(char * filename, const char * protoname, struct xt_layer7_info *info)
+{
+ FILE * f;
+ char * line = NULL;
+ size_t len = 0;
+
+ enum { protocol, pattern, done } datatype = protocol;
+
+ f = fopen(filename, "r");
+
+ if(!f)
+ return 0;
+
+ while(getline(&line, &len, f) != -1)
+ {
+ if(strlen(line) < 2 || line[0] == '#')
+ continue;
+
+ /* strip the pesky newline... */
+ if(line[strlen(line) - 1] == '\n')
+ line[strlen(line) - 1] = '\0';
+
+ if(datatype == protocol)
+ {
+ /* Ignore everything on the line beginning with the
+ first space or tab . For instance, this allows the
+ protocol line in http.pat to be "http " (or
+ "http I am so cool") instead of just "http". */
+ if(strchr(line, ' ')){
+ char * space = strchr(line, ' ');
+ space[0] = '\0';
+ }
+ if(strchr(line, '\t')){
+ char * space = strchr(line, '\t');
+ space[0] = '\0';
+ }
+
+ /* sanity check. First non-comment non-blank
+ line must be the same as the file name. */
+ if(strcmp(line, protoname))
+ xtables_error(OTHER_PROBLEM,
+ "Protocol name (%s) doesn't match file name (%s). Bailing out\n",
+ line, filename);
+
+ if(strlen(line) >= MAX_PROTOCOL_LEN)
+ xtables_error(PARAMETER_PROBLEM,
+ "Protocol name in %s too long!", filename);
+ strncpy(info->protocol, line, MAX_PROTOCOL_LEN);
+
+ datatype = pattern;
+ }
+ else if(datatype == pattern)
+ {
+ if(strlen(line) >= MAX_PATTERN_LEN)
+ xtables_error(PARAMETER_PROBLEM, "Pattern in %s too long!", filename);
+ strncpy(info->pattern, line, MAX_PATTERN_LEN);
+
+ datatype = done;
+ break;
+ }
+ else
+ xtables_error(OTHER_PROBLEM, "Internal error");
+ }
+
+ if(datatype != done)
+ xtables_error(OTHER_PROBLEM, "Failed to get all needed data from %s", filename);
+
+ if(line) free(line);
+ fclose(f);
+
+ return 1;
+}
+
+static int hex2dec(char c)
+{
+ switch (c)
+ {
+ case '0' ... '9':
+ return c - '0';
+ case 'a' ... 'f':
+ return c - 'a' + 10;
+ case 'A' ... 'F':
+ return c - 'A' + 10;
+ default:
+ xtables_error(OTHER_PROBLEM, "hex2dec: bad value!\n");
+ return 0;
+ }
+}
+
+/* takes a string with \xHH escapes and returns one with the characters
+they stand for */
+static char * pre_process(char * s)
+{
+ char * result = malloc(strlen(s) + 1);
+ int sindex = 0, rrindex = 0;
+ while( sindex < strlen(s) )
+ {
+ if( sindex + 3 < strlen(s) &&
+ s[sindex] == '\\' && s[sindex+1] == 'x' &&
+ isxdigit(s[sindex + 2]) && isxdigit(s[sindex + 3]) )
+ {
+ /* carefully remember to call tolower here... */
+ result[rrindex] = tolower( hex2dec(s[sindex + 2])*16 +
+ hex2dec(s[sindex + 3] ) );
+
+ switch ( result[rrindex] )
+ {
+ case 0x24:
+ case 0x28:
+ case 0x29:
+ case 0x2a:
+ case 0x2b:
+ case 0x2e:
+ case 0x3f:
+ case 0x5b:
+ case 0x5c:
+ case 0x5d:
+ case 0x5e:
+ case 0x7c:
+ fprintf(stderr,
+ "Warning: layer7 regexp contains a control character, %c, in hex (\\x%c%c).\n"
+ "I recommend that you write this as %c or \\%c, depending on what you meant.\n",
+ result[rrindex], s[sindex + 2], s[sindex + 3], result[rrindex], result[rrindex]);
+ break;
+ case 0x00:
+ fprintf(stderr,
+ "Warning: null (\\x00) in layer7 regexp. A null terminates the regexp string!\n");
+ break;
+ default:
+ break;
+ }
+
+
+ sindex += 3; /* 4 total */
+ }
+ else
+ result[rrindex] = tolower(s[sindex]);
+
+ sindex++;
+ rrindex++;
+ }
+ result[rrindex] = '\0';
+
+ return result;
+}
+
+#define MAX_SUBDIRS 128
+static char ** readl7dir(char * dirname)
+{
+ DIR * scratchdir;
+ struct dirent ** namelist;
+ char ** subdirs = malloc(MAX_SUBDIRS * sizeof(char *));
+
+ int n, d = 1;
+ subdirs[0] = "";
+
+ n = scandir(dirname, &namelist, 0, alphasort);
+
+ if (n < 0)
+ {
+ perror("scandir");
+ xtables_error(OTHER_PROBLEM, "Couldn't open %s\n", dirname);
+ }
+ else
+ {
+ while(n--)
+ {
+ char fulldirname[MAX_FN_LEN];
+
+ snprintf(fulldirname, MAX_FN_LEN, "%s/%s", dirname, namelist[n]->d_name);
+
+ if((scratchdir = opendir(fulldirname)) != NULL)
+ {
+ closedir(scratchdir);
+
+ if(!strcmp(namelist[n]->d_name, ".") ||
+ !strcmp(namelist[n]->d_name, ".."))
+ /* do nothing */ ;
+ else
+ {
+ subdirs[d] = malloc(strlen(namelist[n]->d_name) + 1);
+ strcpy(subdirs[d], namelist[n]->d_name);
+ d++;
+ if(d >= MAX_SUBDIRS - 1)
+ {
+ fprintf(stderr,
+ "Too many subdirectories, skipping the rest!\n");
+ break;
+ }
+ }
+ }
+ free(namelist[n]);
+ }
+ free(namelist);
+ }
+
+ subdirs[d] = NULL;
+
+ return subdirs;
+}
+
+static void parse_layer7_protocol(const char *s, struct xt_layer7_info *info)
+{
+ char filename[MAX_FN_LEN];
+ char * dir = NULL;
+ char ** subdirs;
+ int n = 0, done = 0;
+
+ if(strlen(l7dir) > 0) dir = l7dir;
+ else dir = "/etc/l7-protocols";
+
+ subdirs = readl7dir(dir);
+
+ while(subdirs[n] != NULL)
+ {
+ int c = snprintf(filename, MAX_FN_LEN, "%s/%s/%s.pat", dir, subdirs[n], s);
+
+ if(c > MAX_FN_LEN)
+ xtables_error(OTHER_PROBLEM,
+ "Filename beginning with %s is too long!\n", filename);
+
+ /* read in the pattern from the file */
+ if(parse_protocol_file(filename, s, info)){
+ done = 1;
+ break;
+ }
+
+ n++;
+ }
+
+ if(!done)
+ xtables_error(OTHER_PROBLEM,
+ "Couldn't find a pattern definition file for %s.\n", s);
+
+ /* process \xHH escapes and tolower everything. (our regex lib has no
+ case insensitivity option.) */
+ strncpy(info->pattern, pre_process(info->pattern), MAX_PATTERN_LEN);
+}
+
+/* Function which parses command options; returns true if it ate an option */
+static int parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_match **match)
+{
+ struct xt_layer7_info *layer7info =
+ (struct xt_layer7_info *)(*match)->data;
+
+ switch (c) {
+ case 'p':
+ parse_layer7_protocol(argv[optind-1], layer7info);
+ if (invert)
+ layer7info->invert = true;
+ *flags = 1;
+ break;
+
+ case 'd':
+ if(strlen(argv[optind-1]) >= MAX_FN_LEN)
+ xtables_error(PARAMETER_PROBLEM, "directory name too long\n");
+
+ strncpy(l7dir, argv[optind-1], MAX_FN_LEN);
+
+ *flags = 1;
+ break;
+
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Final check; must have specified --l7proto */
+static void final_check(unsigned int flags)
+{
+ if (!flags)
+ xtables_error(PARAMETER_PROBLEM,
+ "LAYER7 match: You must specify `--l7proto'");
+}
+
+static void print_protocol(char s[], int invert, int numeric)
+{
+ fputs("l7proto ", stdout);
+ if (invert) fputc('!', stdout);
+ printf("%s ", s);
+}
+
+/* Prints out the matchinfo. */
+static void print(const void *ip,
+ const struct xt_entry_match *match,
+ int numeric)
+{
+ printf("LAYER7 ");
+ print_protocol(((struct xt_layer7_info *)match->data)->protocol,
+ ((struct xt_layer7_info *)match->data)->invert, numeric);
+}
+/* Saves the union ipt_matchinfo in parsable form to stdout. */
+static void save(const void *ip, const struct xt_entry_match *match)
+{
+ const struct xt_layer7_info *info =
+ (const struct xt_layer7_info*) match->data;
+
+ printf("--l7proto %s%s ", (info->invert)? "! ":"", info->protocol);
+}
+
+static struct xtables_match layer7 = {
+ .family = AF_INET,
+ .name = "layer7",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_layer7_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_layer7_info)),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+void _init(void)
+{
+ xtables_register_match(&layer7);
+}
diff -urN iptables-1.4.9.1.org/extensions/libxt_layer7.man iptables-1.4.9.1/extensions/libxt_layer7.man
--- iptables-1.4.9.1.org/extensions/libxt_layer7.man 1970-01-01 01:00:00.000000000 +0100
+++ iptables-1.4.9.1/extensions/libxt_layer7.man 2009-07-14 00:51:32.000000000 +0200
@@ -0,0 +1,14 @@
+This module matches packets based on the application layer data of
+their connections. It uses regular expression matching to compare
+the application layer data to regular expressions found it the layer7
+configuration files. This is an experimental module which can be found at
+http://l7-filter.sf.net. It takes two options.
+.TP
+.BI "--l7proto " "\fIprotocol\fP"
+Match the specified protocol. The protocol name must match a file
+name in /etc/l7-protocols/ or one of its first-level child directories.
+.TP
+.BI "--l7dir " "\fIdirectory\fP"
+Use \fIdirectory\fP instead of /etc/l7-protocols/. This option must be
+specified before --l7proto.
+
--- iptables.orig/include/linux/netfilter/xt_layer7.h 1969-12-31 18:00:00.000000000 -0600
+++ iptables/include/linux/netfilter/xt_layer7.h 2009-01-07 16:07:31.000000000 -0600
@@ -0,0 +1,13 @@
+#ifndef _XT_LAYER7_H
+#define _XT_LAYER7_H
+
+#define MAX_PATTERN_LEN 8192
+#define MAX_PROTOCOL_LEN 256
+
+struct xt_layer7_info {
+ char protocol[MAX_PROTOCOL_LEN];
+ char pattern[MAX_PATTERN_LEN];
+ u_int8_t invert;
+};
+
+#endif /* _XT_LAYER7_H */

87
net-firewall/iptables/iptables-1.4.16.3.ebuild Normal file
View File

@ -0,0 +1,87 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.16.3.ebuild,v 1.1 2012/10/23 07:58:43 radhermit Exp $
EAPI="4"
# Force users doing their own patches to install their own tools
AUTOTOOLS_AUTO_DEPEND=no
inherit eutils multilib toolchain-funcs autotools
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="ipv6 netlink static-libs"
RDEPEND="
netlink? ( net-libs/libnfnetlink )
"
DEPEND="${RDEPEND}
virtual/os-headers
virtual/pkgconfig
"
src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
epatch "${FILESDIR}/iptables-1.4.13-IMQ-test1.diff"
epatch "${FILESDIR}/iptables-layer7.patch"
eautoreconf
# Only run autotools if user patched something
epatch_user && eautoreconf || elibtoolize
}
src_configure() {
sed -i \
-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
configure || die
econf \
--sbindir="${EPREFIX}/sbin" \
--libexecdir="${EPREFIX}/$(get_libdir)" \
--enable-devel \
--enable-shared \
$(use_enable static-libs static) \
$(use_enable ipv6)
}
src_compile() {
emake V=1
}
src_install() {
default
dodoc INCOMPATIBILITIES iptables/iptables.xslt
# all the iptables binaries are in /sbin, so might as well
# put these small files in with them
into /
dosbin iptables/iptables-apply
dosym iptables-apply /sbin/ip6tables-apply
doman iptables/iptables-apply.8
insinto /usr/include
doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
insinto /usr/include/iptables
doins include/iptables/internal.h
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
fi
# Move important libs to /lib
gen_usr_ldscript -a ip{4,6}tc iptc xtables
find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
}

23
net-firewall/iptables/metadata.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>base-system</herd>
<maintainer>
<email>pva@gentoo.org</email>
</maintainer>
<use>
<flag name='netlink'>Build against libnfnetlink which enables the nfnl_osf util</flag>
</use>
<longdescription>
iptables is the userspace command line program used to set up, maintain, and
inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a
part of packet filtering framework which allows the stateless and stateful
packet filtering, all kinds of network address and port translation, and is a
flexible and extensible infrastructure with multiple layers of API's for 3rd
party extensions. The iptables package also includes ip6tables. ip6tables is
used for configuring the IPv6 packet filter.
Note that some extensions (e.g. imq and l7filter) are not included into
official kernel sources so you have to patch the sources before installation.
</longdescription>
</pkgmetadata>

1819
sys-kernel/genkernel/ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

15
sys-kernel/genkernel/Manifest Normal file
View File

@ -0,0 +1,15 @@
AUX genkernel.bash 2438 SHA256 e7de9771ba79ef878e2c9a21a1c1720f092c6047d3cc7d4a49ff6b90e7e2c248 SHA512 2bfe23606f919577bb2d174ffe18cd00fbb4ce642fb8860b319e059745d46ff8459b99374159f78af9f3aebb0a352a74ccd74c3be581980f5e298293b96e983d WHIRLPOOL 71a6be56d38c24c3032fec5f4016c92dd0bc8140e5204db9d97c5cc5be42a2465282f36e213858b528d013ff74c6bcbf9aa443a77a8ed3ce8174baa79afe6004
AUX initramfs.mounts 816 SHA256 57ba8450e3f09edc9a4e5a1be15d49c77e4e014e27c626e9e3771167cbb54e49 SHA512 97e5f92d135cff3911a68c7f1afd0f781ec1c1b794cdc824d74f8c119104ecb40bd7180be8414dc72f3a5a811143d6b4bf443ac1d3ff7a71b1e88cbf7c179665 WHIRLPOOL f39d27de6e69b3555f81138a59f25b104f9dd6aa6254a5391d3375b15acaac48f0e698f3e6f96ed88845b84fbf8fa2cd64b98281df977c12a99ec7d9ddaf2a10
DIST LVM2.2.02.88.tgz 1029151 SHA256 a129d1d3949524da7d6d2a67218254baea02df06a6744faa5808a4182b2fb432 SHA512 5c334c2c78220f4f9f082a74cbf0b156e96f2a07b5e55f054ff70c752ada97a67f83fa1d89c02accb7cbe5a62e356588831d96a102b7bf16cdce2591d4e37e4b WHIRLPOOL b30a1f2403e71ff6fb381ec82291018632e1d10258dd615efae4e39077a304a66271013247793390f57c26886599d8bad8f4b896d230f3e4f846e74c12282f71
DIST busybox-1.20.2.tar.bz2 2186738 SHA256 eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882 SHA512 089b67cd920f332daf910711739b1e55ba4c76cfa2122dfe5464432e0d76d3af8327837ebc3cc9954deef3e8f766d16a1928aecb2c169fe3de5a722eea7ea3dd WHIRLPOOL aa8fec92d0ac8bb246dea7353537d425a5fecfa0bb807d0e291c7351e8289b84aab83303c45b75f9b7a98cd10177e210511064f0709425c2f84b069fe6a06420
DIST dmraid-1.0.0.rc16-3.tar.bz2 232743 SHA256 93421bd169d71ff5e7d2db95b62b030bfa205a12010b6468dcdef80337d6fbd8 SHA512 7c45e5117adc52fc2094b1b2bad4f4c518a46317a2196611966d72085ba3587c4ac8d1080f9d934888c01788f2b2d3d621c6f0d3e2a023c0fb1f9f3fa7fc127e WHIRLPOOL 87915ea0013766da8a9722b437bfe146b4b2c7560a7814ac6caab92054ddc3b4b59ceb4d413609d5eaab92b5cee67886ade7924455f1dba19f1b8dabc25d3498
DIST dropbear-2012.55.tar.bz2 1581421 SHA256 04982af2a10b220fa940f9f72f276d612c9bb643cfbb5ee1416e5a0f00de9b0f SHA512 34d4b15fc6d46508b5b93a3bf63e4de9de7a72fa3da56fba4815bacbd2df9e683b3f710d71baee492dfb6d3cfb2c6a454f39e3b752649e1024cd160f96fad0a9 WHIRLPOOL 21fed6d08fb92b52e2e520e3f1efde3308594e8de9d73b801230e73e239356053cd3bc811cab8b2a9eb245070fd52e9769d19d1ba3c3cd5c62ce4a517cddbc32
DIST fuse-2.8.6.tar.gz 505334 SHA256 1ec1913e38f09b2a9ec1579e1800805b5e2c747d1dce515e316dbb665ca139d6 SHA512 03cacc45c8ba6700fcdfa9064ef4e10d3ad6fc0e4fc49d41693de2caf03d44513d449b00a7c5d200d055d9481821252509259f5f3d2d6127fa51957a006a90fd WHIRLPOOL 668c01f5ae9742f3e70248d6d2b57cbeaa0decf93d5f7987550fe54d4ebdb6e445ff841e8d36a60a4824c114651b8a93b118e15b8a00ac30ddc813e583fa2b51
DIST genkernel-3.4.44.2.tar.bz2 200589 SHA256 daa9924d421c09cdc54cb7dde5a39e616a8de438a2fc79cec78d9ee85608d1ec SHA512 4b2f6997b4497b243e0673177a56fbe6cf5cf16769accaed4fb2f2e75cc689c5fd4c243226f8f205418ea82042ee068fc73e37370ffb6b032daf7198b0d4bdf0 WHIRLPOOL 6f452924e48181567b6ead6f255bcc869dfc256de8e838272fe3ebf97fa46e2ff5694d686e2881719d8a88580d94d863664e9c193be53d8f24b876a822874bc9
DIST gnupg-1.4.11.tar.bz2 3407075 SHA256 d18ceeac16e554a501170b9bfde611625252d0fe9448685a69c93bf149ee6ef6 SHA512 97e7b8b0f972cc2f7cabdb0e013cbee1c33e7d48407d040cca5c2037e32abe1c2100194be7d3b569d4f05eb16b24c205a5b83f06718f0241f8d4ee174f1c37ae WHIRLPOOL 6f914627e2f527f6616e1f99d2ae06942b734f839d03a45ffa45bf67516a81d58f89e6a85612cf8e5fd83be04ab0b6bc2da8f81114143dad7523e5fcea62366b
DIST mdadm-3.1.5.tar.bz2 292709 SHA256 1d547d0b36a88968e9fc9fb08b0e64de54a53f3d1cfa3656a9f319180f0727d3 SHA512 6fcf426d63ede01f99ebeee9be686857a04f9b601b37f76722c091ae2999b3ff66fdba52d47323f27900553125a897fc1815fe7be850aa9cc991dd5fa91a5d5d WHIRLPOOL 003595a1338b3a95ccc176b07a31f26dd5fda9460f2c4d3513b9ca09cdab1c91dab05f8914f2354047fccff42c4dcfc6131a383c84467c2838ac7b1af2f9bef8
DIST open-iscsi-2.0-872.tar.gz 900081 SHA256 37753697a170223ac02a292b3a23a315a3c747b490c42480e4057b676c9f8d4f SHA512 d26c87772b0b1d13a8bd2eea9db86b3c61af83efbb788116c01ab6a914ff3de634a7b1bff56c1161b28965315543edbfc2735b6c7fbd3f7797471fde63b69cc0 WHIRLPOOL 4b04c8481c6c5f094ca6f7761828006a84eda7a22a6b3a4d65e7b3e4b39e73ef839ec710b491e7ca731b047fa8c74a9c03a17e85519a62dfbeb95222cfbdd935
DIST unionfs-fuse-0.24.tar.bz2 30381 SHA256 d8abc855eb618ac356b1e716599c82f8f0f74dbaee36d4062edc707567121937 SHA512 e0e414f4edbf641ec9d0135a8723e43fc75412359b482f7aedd66fe8245e4df03943c5ecb6f8de4fdbd97f0346033c691e766cc4f4a755f5b43748e1441d3fbd WHIRLPOOL dc132086d9614895961dc8b498c435145b4390fc80331e0575ee8420faea0201325ab2394b9090d8f721c602ef1f93e150573b1b88b77ee4f7be4a262103b986
EBUILD genkernel-3.4.44.2.ebuild 5287 SHA256 4ec7c2a5df97e23c92fbe31fb20dfd2169d521ca8c841fca34f301e257c4190f SHA512 61a36e45a5527312e28f7cf3644d847c7a0d7a50b0f4f1aaad2ff8a6c8198c7ff1ed01ff987c82411fdf2555838640fd03e5d9c39339248c5b7d43f9a844280b WHIRLPOOL 71a0ba6c609b9183c70655e9047f6c83112a05f3d015c58781a65905a0bbd51556cbe00b19c1e0fc5951ad772b48f248e184cc51462ce9caafa4d2f85db52724
MISC ChangeLog 63186 SHA256 0a1af33ae3b79069cfb75c2df02fd467c574b3bb05b2461775f5d11b02ba03a4 SHA512 662782f63cd236986a63b054791d930c59af8c0e69b48b76f7ea7ba6e3ae87b2ec00863e7e3ac7001a173263db96811ece6e431513354ce9fbb5fb625b3ddfdf WHIRLPOOL c24086aa2852d8755d8cdf776c87cbd6ead066af127daec2549698b36d29b9a2c7bb1f11c696e06885775aa81c6a04ad15825ca5b0201f603a83ccf21a79ad6c
MISC metadata.xml 324 SHA256 c126eb3c7144839781275d68804421eec596e3b82515780c76697ac9e106bcf0 SHA512 e0b2f618305fdcd856745964f0f1e03c77ed98f468129deaa69201d06f44248516343628c1827d0763361c1f2d67801c322f2e18b0d62ba1b2e4386c32a05da9 WHIRLPOOL a0c54a2e7cbfecc76351ee45e0cbbd500fe865626c9c66ea0a5eb80c59de262634b8c0490979c815b31a413cd8ab8527f535cf23486660ba91f248e0853a2fe8

73
sys-kernel/genkernel/files/genkernel.bash Normal file
View File

@ -0,0 +1,73 @@
# genkernel (8) completion
# Copyright 2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# Written by Aron Griffis <agriffis@gentoo.org>
_genkernel()
{
declare cur prev genkernel_help actions params
COMPREPLY=()
cur=${COMP_WORDS[COMP_CWORD]}
prev=${COMP_WORDS[COMP_CWORD-1]}
# extract initial list of params/actions from genkernel --help
genkernel_help=$(command genkernel --help)
actions=( $(<<<"$genkernel_help" sed -n \
'/^Available Actions:/,/^$/s/^[[:space:]]\+\([^[:space:]]\+\).*/\1/p') )
params=( $(<<<"$genkernel_help" egrep -oe '--[^[:space:]]{2,}') )
# attempt to complete the current parameter based on the list
COMPREPLY=($(compgen -W "${params[*]/=*/=} ${actions[*]}" -- "$cur"))
# if we don't have a rhs to complete
if [[ ${#COMPREPLY[@]} -gt 1 ]]; then
return
elif [[ ${#COMPREPLY[@]} -eq 0 && $cur != --*=* ]]; then
return
elif [[ ${#COMPREPLY[@]} -eq 1 && $COMPREPLY != --*= ]]; then
# using nospace completion, add an explicit space
COMPREPLY="${COMPREPLY} "
return
fi
# we have a unique lhs and need to complete the rhs
declare args lhs rhs
if [[ ${#COMPREPLY[@]} -eq 1 ]]; then
lhs=$COMPREPLY
else
lhs=${cur%%=*}=
rhs=${cur#*=}
fi
# genkernel's help gives clues as to what belongs on the rhs.
# extract the clue for the current parameter
args=" ${params[*]} "
args="${args##* $lhs}"
args="${args%% *}"
# generate a list of completions for the argument; this replaces args with
# an array of results
args=( $(case $args in
('<0-5>') compgen -W "$(echo {1..5})" -- "$rhs" ;;
('<outfile>'|'<file>') compgen -A file -o plusdirs -- "$rhs" ;;
('<dir>') compgen -A directory -S / -- "$rhs" ;;
('<tbz2>') compgen -G '*.tbz2' -G '*.tar.bz2' -o plusdirs -- "$rhs" ;;
(*) compgen -o bashdefault -- "$rhs" ;; # punt
esac) )
# we're using nospace completion to prevent spaces after paths that aren't
# "done" yet. So do some hacking to the args to add spaces after
# non-directories.
declare slash=/
args=( "${args[@]/%/ }" ) # add space to all
args=( "${args[@]/%$slash /$slash}" ) # remove space from dirs
# recreate COMPREPLY
if [[ $cur == "$lhs"* ]]; then
COMPREPLY=( "${args[@]}" )
elif [[ ${#args[@]} -gt 0 ]]; then
COMPREPLY=( "${args[@]/#/$lhs}" )
fi
}
complete -o nospace -F _genkernel genkernel

23
sys-kernel/genkernel/files/initramfs.mounts Normal file
View File

@ -0,0 +1,23 @@
# This specifies which mounts from your fstab should be mounted before
# switching to the real root. If this file is missing, genkernel's code will
# default to just "/usr", which will suffice on most systems with a seperate
# /usr mount.
#
# If you have a complex configuration with a bindmount or symlink at /usr, or
# need some other mountpoints at boot, you should update this file such that
# /usr and anything else needed will be available after the switch into the
# real root.
#
# The lines without comments in this file are used as exact matches against the
# second column of your /etc/fstab and the device, fstype and mount options are
# taken from that line in fstab. If no line matches, the line from this file
# will be ignored.
#
/usr
# If you had some need of these:
#/usr/local
#/opt
#/var
#/home

163
sys-kernel/genkernel/genkernel-3.4.44.2.ebuild Normal file
View File

@ -0,0 +1,163 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-kernel/genkernel/genkernel-3.4.44.2.ebuild,v 1.1 2012/10/15 21:00:37 robbat2 Exp $
# genkernel-9999 -> latest Git branch "master"
# genkernel-VERSION -> normal genkernel release
EAPI="3"
VERSION_BUSYBOX='1.20.2'
VERSION_DMRAID='1.0.0.rc16-3'
VERSION_MDADM='3.1.5'
VERSION_FUSE='2.8.6'
VERSION_ISCSI='2.0-872'
VERSION_LVM='2.02.88'
VERSION_UNIONFS_FUSE='0.24'
VERSION_GPG='1.4.11'
VERSION_DROPBEAR='2012.55'
RH_HOME="ftp://sources.redhat.com/pub"
DM_HOME="http://people.redhat.com/~heinzm/sw/dmraid/src"
BB_HOME="http://www.busybox.net/downloads"
COMMON_URI="${DM_HOME}/dmraid-${VERSION_DMRAID}.tar.bz2
${DM_HOME}/old/dmraid-${VERSION_DMRAID}.tar.bz2
mirror://kernel/linux/utils/raid/mdadm/mdadm-${VERSION_MDADM}.tar.bz2
${RH_HOME}/lvm2/LVM2.${VERSION_LVM}.tgz
${RH_HOME}/lvm2/old/LVM2.${VERSION_LVM}.tgz
${BB_HOME}/busybox-${VERSION_BUSYBOX}.tar.bz2
http://www.open-iscsi.org/bits/open-iscsi-${VERSION_ISCSI}.tar.gz
mirror://sourceforge/fuse/fuse-${VERSION_FUSE}.tar.gz
http://podgorny.cz/unionfs-fuse/releases/unionfs-fuse-${VERSION_UNIONFS_FUSE}.tar.bz2
mirror://gnupg/gnupg/gnupg-${VERSION_GPG}.tar.bz2
https://matt.ucc.asn.au/dropbear/dropbear-${VERSION_DROPBEAR}.tar.bz2"
if [[ ${PV} == 9999* ]]
then
EGIT_REPO_URI="git://git.overlays.gentoo.org/proj/${PN}.git
http://git.overlays.gentoo.org/gitroot/proj/${PN}.git"
inherit git-2 bash-completion-r1 eutils
S="${WORKDIR}/${PN}"
SRC_URI="${COMMON_URI}"
KEYWORDS=""
else
inherit bash-completion-r1 eutils
SRC_URI="mirror://gentoo/${P}.tar.bz2
${COMMON_URI}"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
fi
DESCRIPTION="Gentoo automatic kernel building scripts"
HOMEPAGE="http://www.gentoo.org"
LICENSE="GPL-2"
SLOT="0"
RESTRICT=""
IUSE="crypt cryptsetup ibm selinux" # Keep 'crypt' in to keep 'use crypt' below working!
DEPEND="sys-fs/e2fsprogs
selinux? ( sys-libs/libselinux )"
RDEPEND="${DEPEND}
cryptsetup? ( sys-fs/cryptsetup )
app-arch/cpio
>=app-misc/pax-utils-0.2.1
!<sys-apps/openrc-0.9.9"
# pax-utils is used for lddtree
if [[ ${PV} == 9999* ]]; then
DEPEND="${DEPEND} app-text/asciidoc"
fi
src_unpack() {
if [[ ${PV} == 9999* ]] ; then
git-2_src_unpack
else
unpack ${P}.tar.bz2
fi
}
src_prepare() {
use selinux && sed -i 's/###//g' "${S}"/gen_compile.sh
# Update software.sh
sed -i \
-e "s:VERSION_BUSYBOX:$VERSION_BUSYBOX:" \
-e "s:VERSION_MDADM:$VERSION_MDADM:" \
-e "s:VERSION_DMRAID:$VERSION_DMRAID:" \
-e "s:VERSION_FUSE:$VERSION_FUSE:" \
-e "s:VERSION_ISCSI:$VERSION_ISCSI:" \
-e "s:VERSION_LVM:$VERSION_LVM:" \
-e "s:VERSION_UNIONFS_FUSE:$VERSION_UNIONFS_FUSE:" \
-e "s:VERSION_GPG:$VERSION_GPG:" \
-e "s:VERSION_DROPBEAR:$VERSION_DROPBEAR:" \
"${S}"/defaults/software.sh \
|| die "Could not adjust versions"
}
src_compile() {
if [[ ${PV} == 9999* ]]; then
emake || die
fi
}
src_install() {
insinto /etc
doins "${S}"/genkernel.conf || die "doins genkernel.conf"
doman genkernel.8 || die "doman"
dodoc AUTHORS ChangeLog README TODO || die "dodoc"
dobin genkernel || die "dobin genkernel"
rm -f genkernel genkernel.8 AUTHORS ChangeLog README TODO genkernel.conf
insinto /usr/share/genkernel
doins -r "${S}"/* || die "doins"
use ibm && cp "${S}"/ppc64/kernel-2.6-pSeries "${S}"/ppc64/kernel-2.6 || \
cp "${S}"/arch/ppc64/kernel-2.6.g5 "${S}"/arch/ppc64/kernel-2.6
# Copy files to /var/cache/genkernel/src
elog "Copying files to /var/cache/genkernel/src..."
mkdir -p "${D}"/var/cache/genkernel/src
cp -f \
"${DISTDIR}"/mdadm-${VERSION_MDADM}.tar.bz2 \
"${DISTDIR}"/dmraid-${VERSION_DMRAID}.tar.bz2 \
"${DISTDIR}"/LVM2.${VERSION_LVM}.tgz \
"${DISTDIR}"/busybox-${VERSION_BUSYBOX}.tar.bz2 \
"${DISTDIR}"/fuse-${VERSION_FUSE}.tar.gz \
"${DISTDIR}"/unionfs-fuse-${VERSION_UNIONFS_FUSE}.tar.bz2 \
"${DISTDIR}"/gnupg-${VERSION_GPG}.tar.bz2 \
"${DISTDIR}"/open-iscsi-${VERSION_ISCSI}.tar.gz \
"${DISTDIR}"/dropbear-${VERSION_GPG}.tar.bz2 \
"${D}"/var/cache/genkernel/src || die "Copying distfiles..."
newbashcomp "${FILESDIR}"/genkernel.bash "${PN}"
insinto /etc
doins "${FILESDIR}"/initramfs.mounts
}
pkg_postinst() {
echo
elog 'Documentation is available in the genkernel manual page'
elog 'as well as the following URL:'
echo
elog 'http://www.gentoo.org/doc/en/genkernel.xml'
echo
ewarn "This package is known to not work with reiser4. If you are running"
ewarn "reiser4 and have a problem, do not file a bug. We know it does not"
ewarn "work and we don't plan on fixing it since reiser4 is the one that is"
ewarn "broken in this regard. Try using a sane filesystem like ext3 or"
ewarn "even reiser3."
echo
ewarn "The LUKS support has changed from versions prior to 3.4.4. Now,"
ewarn "you use crypt_root=/dev/blah instead of real_root=luks:/dev/blah."
echo
if use crypt && ! use cryptsetup ; then
ewarn "Local use flag 'crypt' has been renamed to 'cryptsetup' (bug #414523)."
ewarn "Please set flag 'cryptsetup' for this very package if you would like"
ewarn "to have genkernel create an initramfs with LUKS support."
ewarn "Sorry for the inconvenience."
echo
fi
}

11
sys-kernel/genkernel/metadata.xml Normal file
View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer>
<email>genkernel@gentoo.org</email>
</maintainer>
<use>
<flag name='cryptsetup'>Enable support for Luks disk enrcyption using <pkg>sys-fs/cryptsetup</pkg></flag>
</use>
</pkgmetadata>