rpms/xtables-addons/devel ipset-config, NONE, 1.1 ipset.init, NONE, 1.1 xtables-addons-userspace.patch, NONE, 1.1 xtables-addons.spec, NONE, 1.1

Chen Lei supercyper at rpmfusion.org
Mon Jun 28 11:40:24 CEST 2010 

Author: supercyper

Update of /cvs/free/rpms/xtables-addons/devel
In directory se02.es.rpmfusion.net:/tmp/cvs-serv24556

Added Files:
	ipset-config ipset.init xtables-addons-userspace.patch 
	xtables-addons.spec 
Log Message:



--- NEW FILE ipset-config ---
# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for an ipset
# restart or stop. Only set to 'no' if there are problems unloading ipset
# modules.
IPSET_MODULES_UNLOAD="yes"

# Save current ipset rules on stop.
#   Value: yes|no,  default: no
# Saves all ipset rules to /etc/sysconfig/ipset if ipset gets stopped
# (e.g. on system shutdown).
IPSET_SAVE_ON_STOP="no"

# Save current ipset rules on restart.
#   Value: yes|no,  default: no
# Saves all ipset rules to /etc/sysconfig/ipset if ipset gets
# restarted.
IPSET_SAVE_ON_RESTART="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPSET_STATUS_NUMERIC="yes"

# Sorted status output
#   Value: yes|no,  default: yes
# List sorted entries in the status output.
IPSET_STATUS_SORTED="yes"


--- NEW FILE ipset.init ---
#!/bin/sh
#
# ipset	Startup script for ipset
#
# chkconfig: - 07 93
# description:	Starts, stops and saves ipset
#
# config: /etc/sysconfig/ipset
# config: /etc/sysconfig/ipset-config
#
### BEGIN INIT INFO
# Provides: ipset
# Required-Start:
# Required-Stop:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop ipset
# Description: Start, stop and save ipset
### END INIT INFO

# Source function library.
. /etc/init.d/functions

IPSET=ipset
IPSET_DATA=/etc/sysconfig/$IPSET
IPSET_CONFIG=/etc/sysconfig/${IPSET}-config
VAR_SUBSYS_IPSET=/var/lock/subsys/$IPSET

if [ ! -x /sbin/$IPSET ]; then
    echo -n $"${IPSET}: /sbin/$IPSET does not exist."; warning; echo
    exit 5
fi


# Default ipset configuration:
IPSET_MODULES_UNLOAD="yes"
IPSET_SAVE_ON_STOP="no"
IPSET_SAVE_ON_RESTART="no"
IPSET_STATUS_NUMERIC="yes"
IPSET_STATUS_SORTED="yes"

# Load ipset configuration.
[ -f "$IPSET_CONFIG" ] && . "$IPSET_CONFIG"

# Ipset modules
IPSET_MODULES=($(lsmod | awk "/^ip_set[_ ]/ {print \$1}"))

rmmod_r() {
    # Unload module with all referring modules.
    # At first all referring modules will be unloaded, then the module itself.
    local mod=$1
    local ret=0
    local ref=

    # Get referring modules.
    ref=$(lsmod | awk "/^${mod}/ { print \$4; }" | tr ',' ' ') 

    # recursive call for all referring modules
    for i in $ref; do
	rmmod_r $i
	let ret+=$?;
    done

    # Unload module.
    # The extra test is for 2.6: The module might have autocleaned,
    # after all referring modules are unloaded.
    if grep -q "^${mod}" /proc/modules ; then
	modprobe -r $mod > /dev/null 2>&1
	res=$?
	[ $res -eq 0 ] || echo -n " $mod"
	let ret+=$res;
    fi

    return $ret
}

flush_n_delete() {
    local use=
    
    # Check if ipset module is loaded.
    [ -z "$IPSET_MODULES" ] && return 0

    # Get ipt_set modules use count.
    use=$(lsmod | awk "/^ipt_(set|SET) / {print \$3}")
    # Exit if ipset is in use.
    if [ -n "$use" ]; then
        for i in $use; do
	    if [ $i -gt 0 ]; then
		echo -n $"${IPSET}: Set is in use, operation not permitted."; warning; echo
		exit 1
	    fi           
        done
    fi

    # Flush ipset rules and delete sets.
    echo -n $"${IPSET}: Flushing ipset rules: "
    ret=0

    # Flush ipset rules.
    $IPSET -F;
    let ret+=$?;

    # Delete ipset sets.
    $IPSET -X;
    let ret+=$?;


    [ $ret -eq 0 ] && success || failure
    echo
    return $ret
}


start() {
    # Do not start if there is no config file.
    [ ! -f "$IPSET_DATA" ] && return 6
    
    flush_n_delete

    echo -n $"${IPSET}: Applying ipset rules: "    

    $IPSET --restore < $IPSET_DATA
    if [ $? -eq 0 ]; then
	success; echo
    else
	failure; echo; return 1
    fi
    
    touch $VAR_SUBSYS_IPSET
    return $ret
}

stop() {
    # Do not stop if ipset module is not loaded.
    [ -z "$IPSET_MODULES" ] && return 0

    flush_n_delete
    
    if [ "x$IPSET_MODULES_UNLOAD" = "xyes" ]; then
	echo -n $"${IPSET}: Unloading modules: "
	ret=0
	for mod in ${IPSET_MODULES[*]}; do
	    rmmod_r $mod
	    let ret+=$?;
	done
	[ $ret -eq 0 ] && success || failure
	echo
    fi
    
    rm -f $VAR_SUBSYS_IPSET
    return $ret
}

save() {
    # Check if ipset module is loaded
    [ -z "$IPSET_MODULES" ] && return 0

    echo -n $"${IPSET}: Saving ipset rules to $IPSET_DATA: "

    ret=0
    TMP_FILE=$(/bin/mktemp -q /tmp/$IPSET.XXXXXX) \
	&& chmod 600 "$TMP_FILE" \
	&& $IPSET --save > $TMP_FILE 2>/dev/null \
	&& size=$(stat -c '%s' $TMP_FILE) && [ $size -gt 0 ] \
	|| ret=1
    if [ $ret -eq 0 ]; then
	if [ -e $IPSET_DATA ]; then
	    cp -f $IPSET_DATA $IPSET_DATA.save \
		&& chmod 600 $IPSET_DATA.save \
		|| ret=1
	fi
	if [ $ret -eq 0 ]; then
	    cp -f $TMP_FILE $IPSET_DATA \
		&& chmod 600 $IPSET_DATA \
	        || ret=1
	fi
    fi
    [ $ret -eq 0 ] && success || failure
    echo
    rm -f $TMP_FILE
    return $ret
}

status() {
    # Do not print status if lockfile is missing and ipset modules are not 
    # loaded.
    if [ ! -f "$VAR_SUBSYS_IPSET" -a -z "$IPSET_MODULES" ]; then
	echo $"${IPSET}: Ipset is not running."
	return 3
    fi
    # Check if ipset modules are loaded
    if [ -z "$IPSET_MODULES" ]; then
	echo $"${IPSET}: Ipset modules are not loaded."
	return 3
    fi
    NUM=
    [ "x$IPSET_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
    SORT=
    [ "x$IPSET_STATUS_SORTED" = "xyes" ] && SORT="--sorted"

	$IPSET --list $NUM $SORT && echo

    return 0
}

restart() {
    [ "x$IPSET_SAVE_ON_RESTART" = "xyes" ] && save
    stop
    start
}


case "$1" in
    start)
	[ -f "$VAR_SUBSYS_IPSET" ] && exit 0
	start
	RETVAL=$?
	;;
    stop)
	[ "x$IPSET_SAVE_ON_STOP" = "xyes" ] && save
	stop
	RETVAL=$?
	;;
    restart|force-reload)
	restart
	RETVAL=$?
	;;
    condrestart|try-restart)
	[ ! -e "$VAR_SUBSYS_IPSET" ] && exit 0
	restart
	RETVAL=$?
	;;
    status)
	status
	RETVAL=$?
	;;
    save)
	save
	RETVAL=$?
	;;
    *)
	echo $"Usage: ${IPSET} {start|stop|restart|condrestart|status|save}"
	RETVAL=2
	;;
esac

exit $RETVAL


xtables-addons-userspace.patch:
 Makefile.am            |    1 -
 configure.ac           |   47 -----------------------------------------------
 extensions/Makefile.am |   22 ----------------------
 3 files changed, 70 deletions(-)

--- NEW FILE xtables-addons-userspace.patch ---
diff -urP xtables-addons-1.27.org/configure.ac xtables-addons-1.27/configure.ac
--- xtables-addons-1.27.org/configure.ac	2010-05-31 09:47:58.385362271 +0800
+++ xtables-addons-1.27/configure.ac	2010-05-31 10:01:32.727112933 +0800
@@ -9,18 +9,6 @@
 AC_DISABLE_STATIC
 AC_PROG_LIBTOOL
 
-AC_ARG_WITH([kbuild],
-	AS_HELP_STRING([--with-kbuild=PATH],
-	[Path to kernel build directory [[/lib/modules/CURRENT/build]]]),
-	[kbuilddir="$withval"],
-	[kbuilddir="/lib/modules/$(uname -r)/build"])
-#
-# check for --without-kbuild
-#
-if [[ "$kbuilddir" == no ]]; then
-	kbuilddir="";
-fi
-
 AC_ARG_WITH([xtlibdir],
 	AS_HELP_STRING([--with-xtlibdir=PATH],
 	[Path where to install Xtables extensions [[LIBEXECDIR/xtables]]]),
@@ -37,42 +25,7 @@
 	-Winline -pipe -DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" \
 	-I\${XA_TOPSRCDIR}/include";
 
-#
-# check kernel version
-#
-if grep -q "CentOS release 5\." /etc/redhat-release 2>/dev/null ||
-    grep -q "Red Hat Enterprise Linux Server release 5" /etc/redhat-release 2>/dev/null; then
-	# しまった!
-	# Well, just a warning. Maybe the admin updated the kernel.
-	echo "WARNING: This distribution's shipped kernel is not supported.";
-fi;
-krel="$(make -sC ${kbuilddir} kernelrelease)";
-krel="${krel%%-*}";
-kmajor="${krel%%.*}";
-krel="${krel#*.}";
-kminor="${krel%%.*}";
-krel="${krel#*.}";
-kmicro="${krel%%.*}";
-if test "$kmicro" = "$krel"; then
-	kstable=0;
-else
-	kstable="${krel#*.}";
-	if test -z "$kstable"; then
-		kstable=0;
-	fi;
-fi;
-echo "Found kernel version $kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-if test "$kmajor" -gt 2 -o "$kminor" -gt 6 -o "$kmicro" -gt 35; then
-	echo "WARNING: You are trying a newer kernel. Results may vary. :-)";
-elif test \( "$kmajor" -lt 2 -o "$kminor" -lt 6 -o "$kmicro" -lt 17 \) -o \
-    \( "$kmajor" -eq 2 -a "$kminor" -eq 6 -a "$kmicro" -eq 18 -a \
-    "$kstable" -lt 5 \); then
-	echo "ERROR: That kernel version is not supported. Please see INSTALL for minimum configuration.";
-	exit 1;
-fi;
-
 AC_SUBST([regular_CFLAGS])
-AC_SUBST([kbuilddir])
 AC_SUBST([xtlibdir])
 AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans
 	extensions/Makefile extensions/ACCOUNT/Makefile
diff -urP xtables-addons-1.27.org/extensions/Makefile.am xtables-addons-1.27/extensions/Makefile.am
--- xtables-addons-1.27.org/extensions/Makefile.am	2010-05-31 09:47:58.363361712 +0800
+++ xtables-addons-1.27/extensions/Makefile.am	2010-05-31 10:02:08.845363738 +0800
@@ -1,26 +1,4 @@
 # -*- Makefile -*-
 # AUTOMAKE
 
-# Not having Kbuild in Makefile.extra because it will already recurse
-.PHONY: modules modules_install clean_modules
-
-_kcall = -C ${kbuilddir} M=${abs_srcdir}
-
-modules:
-	@echo -n "Xtables-addons ${PACKAGE_VERSION} - Linux "
-	@if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} --no-print-directory -s kernelrelease; fi;
-	${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} modules; fi;
-
-modules_install:
-	${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} INSTALL_MOD_PATH=${DESTDIR} ext-mod-dir='$${INSTALL_MOD_DIR}' modules_install; fi;
-
-clean_modules:
-	${AM_V_silent}if [ -n "${kbuilddir}" ]; then ${MAKE} ${_kcall} clean; fi;
-
-all-local: modules
-
-install-exec-local: modules_install
-
-clean-local: clean_modules
-
 include ../Makefile.extra
diff -urP xtables-addons-1.27.org/Makefile.am xtables-addons-1.27/Makefile.am
--- xtables-addons-1.27.org/Makefile.am	2010-05-31 09:47:58.385362271 +0800
+++ xtables-addons-1.27/Makefile.am	2010-05-31 09:52:19.632360246 +0800
@@ -12,7 +12,6 @@
 	${MAKE} -f Makefile.mans all;
 
 install-exec-hook:
-	depmod -a || :;
 
 config.status: Makefile.iptrules.in
 


--- NEW FILE xtables-addons.spec ---
Name:		xtables-addons
Summary:	Extensions targets and matches for iptables
Version:	1.27
Release:	2%{?dist}
# The entire source code is GPLv2 except ACCOUNT/libxt_ACCOUNT_cl.* which is LGPLv2
License:	GPLv2 and LGPLv2
Group:		System Environment/Base
URL:		http://xtables-addons.sourceforge.net
Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
Source1:	ipset.init
Source2:	ipset-config
# patch to build userspace part only
Patch0:		%{name}-userspace.patch
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:	iptables-devel
BuildRequires:	autoconf automake libtool
Provides:	%{name}-kmod-common = %{version}
Requires:	%{name}-kmod >= %{version}
Requires(post): chkconfig
Requires(preun): chkconfig
# This is for /sbin/service
Requires(preun): initscripts
Requires(postun): initscripts
Provides:	ipset = 4.2
%{?_isa:Provides: ipset%{?_isa} = 4.2}
Obsoletes:	%{name}-devel < 1.27-1

%description
Xtables-addons provides extra modules for iptables not present in the kernel,
and is the successor of patch-o-matic. Extensions includes new targets like 
TEE, TARPIT, CHAOS, or modules like geoip, ipset, and account.

This package provides the userspace libraries for iptables to use extensions 
in the %{name}-kmod package. You must also install the 
%{name}-kmod package.

%prep
%setup -q 
%patch0 -p1
if [ -e /%{_lib}/xtables/libxt_TEE.so ]; then
	sed -i 's/build_TEE=m/build_TEE=/' mconfig
fi

%build
./autogen.sh
%configure -with-xtlibdir=/%{_lib}/xtables
make V=1 %{?_smp_mflags}

%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install

# move ipset to /sbin
install -d %{buildroot}/sbin
mv %{buildroot}/%{_sbindir}/ipset %{buildroot}/sbin

# There is no -devel package. So no need for these files
rm -f %{buildroot}%{_libdir}/*.{la,so}

# install init scripts and configuration files
install -D -pm 0755 %{SOURCE1} %{buildroot}%{_initddir}/ipset
install -D -pm 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/ipset-config

%post 
/sbin/ldconfig
/sbin/chkconfig --add ipset

%preun
if [ $1 = 0 ] ; then
    /sbin/service ipset stop >/dev/null 2>&1
    /sbin/chkconfig --del ipset
fi

%postun
/sbin/ldconfig
if [ "$1" -ge "1" ] ; then
    /sbin/service ipset condrestart >/dev/null 2>&1 || :
fi

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
%doc LICENSE README doc/* 
%attr(0755,root,root) %{_initddir}/*
%config(noreplace) %{_sysconfdir}/sysconfig/*
/%{_lib}/xtables/*.so
%{_libdir}/*.so.*
/sbin/ipset 
%{_sbindir}/*
%{_mandir}/man?/*

%changelog
* Mon Jun 28 2010 Chen Lei <supercyper at 163.com> - 1.27-2
- rebuild for kernel 2.6.35

* Mon May 31 2010 Chen Lei <supercyper at 163.com> - 1.27-1
- update to 1.27

* Sun May 02 2010 Chen Lei <supercyper at 163.com> - 1.26-1
- update to 1.26

* Mon Apr 26 2010 Chen Lei <supercyper at 163.com> - 1.25-1
- update to 1.25

* Sun Apr 25 2010 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> - 1.24-2
- rebuilt

* Thu Mar 18 2010 Chen Lei <supercyper at 163.com> - 1.24-1
- initial rpm build

More information about the rpmfusion-commits mailing list