net-firewall/iptables: Revbump, fix eselect bug (bug #721578)

This also supports eselect-arptables and eselect-ebtables, since the
nftables implementation of xtables can replace both these commands.

Closes: https://bugs.gentoo.org/721578
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

diff --git a/net-firewall/iptables/iptables-1.8.4-r1.ebuild b/net-firewall/iptables/iptables-1.8.4-r2.ebuild
similarity index 77%
rename from net-firewall/iptables/iptables-1.8.4-r1.ebuild
rename to net-firewall/iptables/iptables-1.8.4-r2.ebuild
index 80ef3dd2877b15ab6ce73594dfc19b3553e1f47d..96799b425fb4e14061cd2edaeecf820f5f4ecf55 100644 (file)
--- a/net-firewall/iptables/iptables-1.8.4-r1.ebuild
+++ b/net-firewall/iptables/iptables-1.8.4-r2.ebuild
@@ -19,8 +19,10 @@ SLOT="0/1.8.3"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 IUSE="conntrack ipv6 netlink nftables pcap static-libs"
 
+BUILD_DEPEND="
+       >=app-eselect/eselect-iptables-20200508
+"
 COMMON_DEPEND="
-       app-eselect/eselect-iptables
        conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
        netlink? ( net-libs/libnfnetlink )
        nftables? (
@@ -33,7 +35,8 @@ DEPEND="${COMMON_DEPEND}
        virtual/os-headers
        >=sys-kernel/linux-headers-4.4:0
 "
-BDEPEND="
+BDEPEND="${BUILD_DEPEND}
+       app-eselect/eselect-iptables
        virtual/pkgconfig
        nftables? (
                sys-devel/flex
@@ -41,7 +44,10 @@ BDEPEND="
        )
 "
 RDEPEND="${COMMON_DEPEND}
+       ${BUILD_DEPEND}
        nftables? ( net-misc/ethertypes )
+       !<net-firewall/ebtables-2.0.11-r1
+       !<net-firewall/arptables-0.0.5-r1
 "
 
 PATCHES=(
@@ -116,11 +122,8 @@ src_install() {
                # Bug 647458
                rm "${ED}"/etc/ethertypes || die
 
-               # Bug 660886
-               rm "${ED}"/sbin/{arptables,ebtables} || die
-
-               # Bug 669894
-               rm "${ED}"/sbin/ebtables-{save,restore} || die
+               # Bugs 660886 and 669894
+               rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
        fi
 
        systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
@@ -139,8 +142,18 @@ pkg_postinst() {
        if ! eselect iptables show &>/dev/null; then
                elog "Current iptables implementation is unset, setting to ${default_iptables}"
                eselect iptables set "${default_iptables}"
-               use ipv6 && eselect iptables set --ipv6 "${default_iptables}"
        fi
+
+       if use nftables; then
+               local tables
+               for tables in {arp,eb}tables; do
+                       if ! eselect ${tables} show &>/dev/null; then
+                               elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+                               eselect ${tables} set xtables-nft-multi
+                       fi
+               done
+       fi
+
        eselect iptables show
 }
 
@@ -148,6 +161,22 @@ pkg_prerm() {
        elog "Unsetting iptables symlinks before removal"
        eselect iptables unset
 
+       if ! has_version 'net-firewall/ebtables'; then
+               elog "Unsetting ebtables symlinks before removal"
+               eselect ebtables unset
+       elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+               elog "Resetting ebtables symlinks to ebtables-legacy"
+               eselect ebtables set ebtables-legacy
+       fi
+
+       if ! has_version 'net-firewall/arptables'; then
+               elog "Unsetting arptables symlinks before removal"
+               eselect arptables unset
+       elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+               elog "Resetting arptables symlinks to arptables-legacy"
+               eselect arptables set arptables-legacy
+       fi
+
        # the eselect module failing should not be fatal
        return 0
 }