From: Patrick McLean <patrick.mclean@sony.com>
Date: Sat, 9 May 2020 02:52:46 +0000 (-0700)
Subject: net-firewall/iptables: Revbump, fix eselect bug (bug #721578)
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cfc7d9481a9002d8827cba7f4a3b247589202907;p=gentoo.git

net-firewall/iptables: Revbump, fix eselect bug (bug #721578)

This also supports eselect-arptables and eselect-ebtables, since the
nftables implementation of xtables can replace both these commands.

Closes: https://bugs.gentoo.org/721578
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>
---

diff --git a/net-firewall/iptables/iptables-1.8.4-r1.ebuild b/net-firewall/iptables/iptables-1.8.4-r2.ebuild
similarity index 77%
rename from net-firewall/iptables/iptables-1.8.4-r1.ebuild
rename to net-firewall/iptables/iptables-1.8.4-r2.ebuild
index 80ef3dd2877b..96799b425fb4 100644
--- a/net-firewall/iptables/iptables-1.8.4-r1.ebuild
+++ b/net-firewall/iptables/iptables-1.8.4-r2.ebuild
@@ -19,8 +19,10 @@ SLOT="0/1.8.3"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 IUSE="conntrack ipv6 netlink nftables pcap static-libs"
 
+BUILD_DEPEND="
+	>=app-eselect/eselect-iptables-20200508
+"
 COMMON_DEPEND="
-	app-eselect/eselect-iptables
 	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
 	netlink? ( net-libs/libnfnetlink )
 	nftables? (
@@ -33,7 +35,8 @@ DEPEND="${COMMON_DEPEND}
 	virtual/os-headers
 	>=sys-kernel/linux-headers-4.4:0
 "
-BDEPEND="
+BDEPEND="${BUILD_DEPEND}
+	app-eselect/eselect-iptables
 	virtual/pkgconfig
 	nftables? (
 		sys-devel/flex
@@ -41,7 +44,10 @@ BDEPEND="
 	)
 "
 RDEPEND="${COMMON_DEPEND}
+	${BUILD_DEPEND}
 	nftables? ( net-misc/ethertypes )
+	!<net-firewall/ebtables-2.0.11-r1
+	!<net-firewall/arptables-0.0.5-r1
 "
 
 PATCHES=(
@@ -116,11 +122,8 @@ src_install() {
 		# Bug 647458
 		rm "${ED}"/etc/ethertypes || die
 
-		# Bug 660886
-		rm "${ED}"/sbin/{arptables,ebtables} || die
-
-		# Bug 669894
-		rm "${ED}"/sbin/ebtables-{save,restore} || die
+		# Bugs 660886 and 669894
+		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
 	fi
 
 	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
@@ -139,8 +142,18 @@ pkg_postinst() {
 	if ! eselect iptables show &>/dev/null; then
 		elog "Current iptables implementation is unset, setting to ${default_iptables}"
 		eselect iptables set "${default_iptables}"
-		use ipv6 && eselect iptables set --ipv6 "${default_iptables}"
 	fi
+
+	if use nftables; then
+		local tables
+		for tables in {arp,eb}tables; do
+			if ! eselect ${tables} show &>/dev/null; then
+				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+				eselect ${tables} set xtables-nft-multi
+			fi
+		done
+	fi
+
 	eselect iptables show
 }
 
@@ -148,6 +161,22 @@ pkg_prerm() {
 	elog "Unsetting iptables symlinks before removal"
 	eselect iptables unset
 
+	if ! has_version 'net-firewall/ebtables'; then
+		elog "Unsetting ebtables symlinks before removal"
+		eselect ebtables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting ebtables symlinks to ebtables-legacy"
+		eselect ebtables set ebtables-legacy
+	fi
+
+	if ! has_version 'net-firewall/arptables'; then
+		elog "Unsetting arptables symlinks before removal"
+		eselect arptables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting arptables symlinks to arptables-legacy"
+		eselect arptables set arptables-legacy
+	fi
+
 	# the eselect module failing should not be fatal
 	return 0
 }