jamapii
l33t
Joined: 16 Sep 2004
Posts: 637
|
 Posted: Thu Sep 01, 2005 11:52 am Post subject: iptables and kernel ebuilds with patch-o-matic |
 |
|
These are only examples. You might want to adapt this to your kernel.
I modified some ebuilds to support patch-o-matic. The kernel ebuild needs an iptables tarball to unpack in its WORKDIR to satisfy patch-o-matic's requirements. The iptables ebuild copies the kernel to its WORKDIR, but it can patch the kernel in place (switching the sandbox off, this is untested).
List the patches you want in /etc/make.conf:
| Code: | | PATCH_O_MATIC="addrtype REJECT iprange" |
This crude ebuild, pom-gentoo-sources-2.4.31-r1, is only an example. I've tested only a variant of it.
| Code: |
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.31-r1.ebuild,v 1.1 2005/07/20 15:13:05 plasmaroo Exp $
# based on gentoo sources
ETYPE="sources"
inherit kernel-2
detect_version
KEYWORDS="~x86 -ppc"
IUSE=''
UNIPATCH_STRICTORDER='Y'
UNIPATCH_LIST="${DISTDIR}/${PF/pom-gentoo/gentoo}.tar.bz2
${FILESDIR}/gentoo-sources-2.4.CAN-2004-1056.patch
${FILESDIR}/gentoo-sources-2.4.81106.patch"
DESCRIPTION="Full sources including the Gentoo patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/pom-gentoo/gentoo}.tar.bz2
http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20050824.tar.bz2
http://www.iptables.org/files/iptables-1.3.3.tar.bz2"
src_unpack () {
kernel-2_src_unpack || die "patches failed"
if [ "${PATCH_O_MATIC}" ]; then
cd $WORKDIR
unpack iptables-1.3.3.tar.bz2
unpack patch-o-matic-ng-20050824.tar.bz2
export KERNEL_DIR=${S}
export IPTABLES_DIR=$WORKDIR/iptables-1.3.3
cd $WORKDIR/patch-o-matic*
./runme -batch ${PATCH_O_MATIC}
fi
}
|
This is a patch to the iptables-1.3.3.ebuild, to focus on the important parts. If you patch manually, add the URL to SRC_URI, add the pom_find_kernel() function anywhere, and the last part belongs at the end of src_unpack().
You can set POM_KERNEL_DIR in /etc/make.conf, but this is optional.
You can set POM_PATCH_KERNEL=yes in /etc/make.conf. This will patch the kernel in place, bypassing the sandbox. You don't need the "pom-gentoo-sources" then, but you must re-emerge iptables every time you emerge a new kernel, because patching the kernel is a side effect of installing iptables.
But you can just ignore all this, then the ebuild will default to waste time and temporary disk space by copying the kernel tree.
| Code: | --- /usr/portage/net-firewall/iptables/iptables-1.3.3.ebuild 2005-08-25 06:35:52.000000000 +0200
+++ iptables-1.3.3-r1.ebuild 2005-09-01 09:31:51.000000000 +0200
@@ -15,6 +15,7 @@
extensions? (
http://www.linuximq.net/patchs/${IMQ_PATCH}
mirror://sourceforge/l7-filter/${L7_P}.tar.gz
+ http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20050824.tar.bz2
)"
LICENSE="GPL-2"
@@ -41,6 +42,34 @@
fi
}
+pom_find_kernel() {
+ if [ "${POM_KERNEL_DIR}" ]; then
+ export KERNEL_DIR="${POM_KERNEL_DIR}"
+ einfo "pom: Setting KERNEL_DIR to $KERNEL_DIR"
+ elif [ -r /usr/src/linux/Makefile ]; then
+ export KERNEL_DIR=/usr/src/linux
+ einfo "pom: Found kernel at $KERNEL_DIR"
+ elif [ -r /usr/src/linux-"$(uname -r)"/Makefile ]; then
+ export KERNEL_DIR=/usr/src/linux-"$(uname -r)"
+ einfo "pom: Found kernel at $KERNEL_DIR"
+ # else: hope KERNEL_DIR is ok
+ fi
+
+ if [ "${POM_PATCH_KERNEL}" ] && echo "${POM_PATCH_KERNEL}" | grep -Eiqv '^(0$|n)'; then
+ einfo "Kernel will be patched in place at $KERNEL_DIR"
+ export SANDBOX_ON=0
+ else
+ einfo "Copying kernel sources before patching..."
+ mkdir "$WORKDIR/linux"
+ [ -r "$KERNEL_DIR"/Makefile ] || die "kernel source not found"
+ (cd "$KERNEL_DIR"; tar -cf - .) | (cd "$WORKDIR/linux"; tar -xf -) || die "problem backing up kernel"
+ export KERNEL_DIR="$WORKDIR/linux"
+ einfo "Kernel will be patched at $KERNEL_DIR"
+ fi
+
+ [ -r "$KERNEL_DIR"/Makefile ] # return value = is kernel dir OK?
+}
+
src_unpack() {
unpack ${P}.tar.bz2
use extensions && unpack ${L7_P}.tar.gz
@@ -66,6 +95,19 @@
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/{.IMQ-test*,.childlevel-test*,.layer7-test*}
fi
+
+ if use extensions && [ "${PATCH_O_MATIC}" ]; then
+ local oldsandbox="$SANDBOX_ON"
+ cd $WORKDIR
+ unpack patch-o-matic-ng-20050824.tar.bz2
+
+ export IPTABLES_DIR=${S}
+ pom_find_kernel || die "No suitable kernel for patch-o-matic found"
+ cd $WORKDIR/patch-o-matic*
+ ./runme -batch ${PATCH_O_MATIC}
+
+ export SANDBOX_ON="$oldsandbox"
+ fi
}
|
If patch-o-matic suddenly asks you something in the middle of the emerge, one of the patches failed. |
|
Unsupported Software
