Merge branch 'testing'

# By James Meyer (1091) and others # Via James Meyer (5) and others * testing: (1148 commits) LinHES-config: during install don't kill off lirc. This keeps the remote active all the way to the finish Change version numbers to 8.0 to match the release number. LinHES-conifg LinHES-system mythdb-initial runit-scripts supplemental-web LinHES-conifig: mv_install.py for the last partition don't go all the way to the end. Gotta leave room for gpt tables. xf86-video-ati: xorg ati driver. LinHES-config: timezip.py add syncing up of parental lvl passwords and starting level with MBE. LinHES-system: correct the logic for breaking out of the wmctrl loop. As written it would break out of the inner loop..but not the 60 iteration loop. e16_theme_settings: remove slide-in prop for new windows. For whatever reason this was preventing mplayer from being positioned correctly for appletrailers. LinHES-config, mythinstall: change case of hd_pvr and serial to all lower refs #902 zilog-firmware: firmware for TX support of the hdpvr and pvr-150 In general I can't recommend anybody using these transmitters but including the firmware just in case someone really wants to linhes-udev-rules: added hdprv_lirc rule. All of these lirc rules are limited to exactly one device. If more then one device is present then only the last device in init will get the symlink runit-scripts: fix logging for igdeamon, add support to remote init script so that the blaster is always the first device in the chain. added support specificly for hd_pvr LinHES-system: add lh_system_restore and lh_system_backup. These scripts are called from the mythmenu. refs #900 iguanair: rebuild with python 2.7 LinHES-system: msg_daemon.py fix init and nasty bug related to timeout. In a nutshell timeout wouldn't work unless a msg without a timeout was called first. linhes-udev-rules: add rules for mce,streamzap,serial lirc devices. mythinstall: recompile for matching libs mythtv: latest .25-fixes and change mythbackup/restore call lh_system_$op to replace mythbackup/mythrestore. mythbackup no longer works correctly with the new windowmanager linhes-scripts: myth2mp3, myth2x264, myth2xvid: use mythutil to get cutlist LinHES-config, supplimental-web: Fix proxy numbering for Ceton infiniTV linhes-system: add additional stuff to the system backup and also introduced an exclude file. The exclude/include files are locate in /home/mythtv/backup_config/ ...
author: James Meyer <james.meyer@operamail.com> 2013-02-19 21:10:18 (GMT)
committer: James Meyer <james.meyer@operamail.com> 2013-02-19 21:10:18 (GMT)
commit: 2648e999d277eac5c3d331a3609bcc73fafbea71 (patch)
tree: 40951fb8e7fdbe28a0baa324ae615055203f1e2e /abs/core/iptables
parent: c759b5e0c4aa6fc37412b4dee2cf9ad993fd376d (diff)
parent: 7e6f7ca174e1af67178dc5293a312a4a733eb095 (diff)
download: linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.zip
linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.gz
linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.bz2
13 files changed, 163 insertions, 94 deletions
diff --git a/abs/core/iptables/0503-extension_cppflags.patch b/abs/core/iptables/0503-extension_cppflags.patch
new file mode 100644
index 0000000..0eb6457
--- /dev/null
+++ b/abs/core/iptables/0503-extension_cppflags.patch
@@ -0,0 +1,13 @@
+Index: b/extensions/GNUmakefile.in
+===================================================================
+--- a/extensions/GNUmakefile.in	2012-03-27 12:14:05.000000000 -0400
++++ b/extensions/GNUmakefile.in	2012-03-27 16:03:48.378790221 -0400
+@@ -21,7 +21,7 @@
+ kinclude_CPPFLAGS  = @kinclude_CPPFLAGS@
+ 
+ AM_CFLAGS       = ${regular_CFLAGS}
+-AM_CPPFLAGS     = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS}
++AM_CPPFLAGS     = ${CPPFLAGS} ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS}
+ AM_DEPFLAGS     = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
+ AM_LDFLAGS      = @noundef_LDFLAGS@
+ 
diff --git a/abs/core/iptables/PKGBUILD b/abs/core/iptables/PKGBUILD
index 107e033..d2c859d 100644
--- a/abs/core/iptables/PKGBUILD
+++ b/abs/core/iptables/PKGBUILD
@@ -1,49 +1,84 @@
-# $Id: PKGBUILD 86873 2010-08-06 09:59:22Z ronald $
+# $Id: PKGBUILD 162152 2012-06-22 12:55:41Z dreisner $
 # Maintainer: Ronald van Haren <ronald.archlinux.org>
 # Contributor: Thomas Baechler <thomas@archlinux.org>
 
 pkgname=iptables
-pkgver=1.4.9
-pkgrel=1
-pkgdesc="A Linux kernel packet control tool"
+pkgver=1.4.14
+pkgrel=2
+pkgdesc='Linux kernel packet control tool'
 arch=('i686' 'x86_64')
 license=('GPL2')
-url="http://www.netfilter.org/"
+url='http://www.netfilter.org/projects/iptables/index.html'
 depends=('glibc' 'bash')
+makedepends=('linux-api-headers')
 options=('!libtool')
-source=(http://www.iptables.org/projects/iptables/files/${pkgname}-${pkgver}.tar.bz2 \
-        iptables ip6tables empty.rules simple_firewall.rules iptables.conf.d)
+source=("http://www.iptables.org/projects/iptables/files/${pkgname}-${pkgver}.tar.bz2"
+        iptables
+        ip6tables
+        empty.rules
+        simple_firewall.rules
+        iptables.conf.d
+        empty-filter.rules
+        empty-mangle.rules
+        empty-nat.rules
+        empty-raw.rules
+        empty-security.rules
+	0503-extension_cppflags.patch
+	iptables.service
+	ip6tables.service
+	iptables-flush)
 backup=(etc/conf.d/iptables)
-sha1sums=('c961b58c57cb99b10f5bb753bf3b436c0df05c7c'
-          'd7540316581bb66c5594885882a14ba394e95098'
-          '70d70113e3a23f0fe99404c5536507a887a4ca5c'
+sha1sums=('daf2972b81e52f562a644798013e946c88319ea3'
+          '5bb6fa526665cdd728c26f0f282f5a51f220cf88'
+          '2db68906b603e5268736f48c8e251f3a49da1d75'
           '83b3363878e3660ce23b2ad325b53cbd6c796ecf'
           '9907f9e815592837abc7fa3264a401567b7606ab'
-          '1c52444ffbecc09f56bb325db49e924dd32f9213')
+          'cdb830137192bbe002c6d01058656bd053ed0ddd'
+          'd9f9f06b46b4187648e860afa0552335aafe3ce4'
+          'c45b738b5ec4cfb11611b984c21a83b91a2d58f3'
+          '1694d79b3e6e9d9d543f6a6e75fed06066c9a6c6'
+          '7db53bb882f62f6c677cc8559cff83d8bae2ef73'
+          'ebbd1424a1564fd45f455a81c61ce348f0a14c2e'
+          '44626980a52e49f345a0b1e1ca03060f3a35763c'
+          '5c4eb4ea88c302e8ff98f435a11dd59b00f4d8b9'
+          'f1f16f44c6a5547b6f251d13007fe6585761e8b0'
+          'e7abda09c61142121b6695928d3b71ccd8fdf73a')
 
 build() {
-  cd ${srcdir}/${pkgname}-${pkgver}
+  cd "${srcdir}/${pkgname}-${pkgver}"
 
-  # http://bugs.archlinux.org/task/17046
-  sed -i '87 i libxt_RATEEST.so: libxt_RATEEST.oo' extensions/GNUmakefile.in
-  sed -i '88 i \\t${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -lm -shared ${LDFLAGS} -o $@ $<;\n' extensions/GNUmakefile.in
+  # use system one
+  rm include/linux/types.h
 
- ./configure --prefix=/usr --with-kernel=usr/src/linux-$(uname -r) \
-	--libexecdir=/usr/lib/iptables --sysconfdir=/etc \
-	--with-xtlibdir=/usr/lib/iptables \
-	--enable-devel --enable-libipq
+  patch -Np1 -i ${srcdir}/0503-extension_cppflags.patch
 
-  make || return 1
+ ./configure --prefix=/usr \
+     --libexecdir=/usr/lib/iptables --sysconfdir=/etc \
+     --with-xtlibdir=/usr/lib/iptables \
+     --enable-devel --enable-libipq \
+     --enable-shared 
+
+  make
 }
 
 package() {
-  cd ${srcdir}/${pkgname}-${pkgver}
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  make DESTDIR="${pkgdir}" install
 
-  make DESTDIR=${pkgdir} install || return 1
+  cd "${srcdir}"
+  install -D -m755 iptables "${pkgdir}"/etc/rc.d/iptables
+  install -D -m755 ip6tables "${pkgdir}"/etc/rc.d/ip6tables
+  install -D -m644 empty.rules "${pkgdir}"/etc/iptables/empty.rules
+  install -D -m644 simple_firewall.rules "${pkgdir}"/etc/iptables/simple_firewall.rules
+  install -D -m644 iptables.conf.d "${pkgdir}"/etc/conf.d/iptables
 
-  install -D -m755 ../iptables ${pkgdir}/etc/rc.d/iptables
-  install -D -m755 ../ip6tables ${pkgdir}/etc/rc.d/ip6tables
-  install -D -m644 ../empty.rules ${pkgdir}/etc/iptables/empty.rules
-  install -D -m644 ../simple_firewall.rules ${pkgdir}/etc/iptables/simple_firewall.rules
-  install -D -m644 ../iptables.conf.d ${pkgdir}/etc/conf.d/iptables
+  mkdir -p "${pkgdir}"/var/lib/iptables
+  install -m644 empty-{filter,mangle,nat,raw,security}.rules "${pkgdir}"/var/lib/iptables
+
+  # install systemd files
+  install -Dm644 ${srcdir}/iptables.service ${pkgdir}/usr/lib/systemd/system/iptables.service
+  install -Dm644 ${srcdir}/ip6tables.service ${pkgdir}/usr/lib/systemd/system/ip6tables.service
+  install -Dm755 ${srcdir}/iptables-flush ${pkgdir}/usr/lib/systemd/scripts/iptables-flush  
 }
+
diff --git a/abs/core/iptables/empty-filter.rules b/abs/core/iptables/empty-filter.rules
new file mode 100644
index 0000000..5a4de48
--- /dev/null
+++ b/abs/core/iptables/empty-filter.rules
@@ -0,0 +1,6 @@
+# Empty iptables filter table rule file
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
diff --git a/abs/core/iptables/empty-mangle.rules b/abs/core/iptables/empty-mangle.rules
new file mode 100644
index 0000000..49d493c
--- /dev/null
+++ b/abs/core/iptables/empty-mangle.rules
@@ -0,0 +1,8 @@
+# Empty iptables mangle table rules file
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
diff --git a/abs/core/iptables/empty-nat.rules b/abs/core/iptables/empty-nat.rules
new file mode 100644
index 0000000..437e964
--- /dev/null
+++ b/abs/core/iptables/empty-nat.rules
@@ -0,0 +1,7 @@
+# Empty iptables nat table rules file
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+COMMIT
diff --git a/abs/core/iptables/empty-raw.rules b/abs/core/iptables/empty-raw.rules
new file mode 100644
index 0000000..8dc50d2
--- /dev/null
+++ b/abs/core/iptables/empty-raw.rules
@@ -0,0 +1,5 @@
+# Empty iptables raw table rules file
+*raw
+:PREROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
diff --git a/abs/core/iptables/empty-security.rules b/abs/core/iptables/empty-security.rules
new file mode 100644
index 0000000..4531fa1
--- /dev/null
+++ b/abs/core/iptables/empty-security.rules
@@ -0,0 +1,6 @@
+# Empty iptables security table rules file
+*security
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
diff --git a/abs/core/iptables/ip6tables b/abs/core/iptables/ip6tables
index 1733db2..2d119e3 100755
--- a/abs/core/iptables/ip6tables
+++ b/abs/core/iptables/ip6tables
@@ -4,7 +4,6 @@
 [ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
 
 # Set defaults if settings are missing
-[ -z "$IP6TABLES" ] && IP6TABLES=/usr/sbin/ip6tables
 [ -z "$IP6TABLES_CONF" ] && IP6TABLES_CONF=/etc/iptables/ip6tables.rules
 
 . /etc/rc.conf
@@ -12,14 +11,14 @@
 
 case "$1" in
 	start)
-		if [ ! -f $IP6TABLES_CONF ]; then
-			echo "Cannot load iptables rules: $IP6TABLES_CONF is missing!" >&2
+		if [ ! -f "$IP6TABLES_CONF" ]; then
+			echo "Cannot load ip6tables rules: $IP6TABLES_CONF is missing!" >&2
 			exit 1
 		fi
 		stat_busy "Starting IP6 Tables"
 		if [ "$IPTABLES_FORWARD" = "1" ]; then
-                        echo 1 >/proc/sys/net/ipv6/conf/default/forwarding
-                        echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
+			echo 1 >/proc/sys/net/ipv6/conf/default/forwarding
+			echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
 		fi
 		if ck_daemon ip6tables; then
 			/usr/sbin/ip6tables-restore < $IP6TABLES_CONF
@@ -35,42 +34,16 @@ case "$1" in
 		;;
 	stop)
 		stat_busy "Stopping IP6 Tables"
-                echo 0 >/proc/sys/net/ipv6/conf/all/forwarding
-                echo 0 >/proc/sys/net/ipv6/conf/default/forwarding
 		if ! ck_daemon ip6tables; then
 			fail=0
 			for table in $(cat /proc/net/ip6_tables_names); do
-				$IP6TABLES -t $table -F &>/dev/null && \
-					$IP6TABLES -t $table -X &>/dev/null && \
-					$IP6TABLES -t $table -Z &>/dev/null
+				ip6tables-restore < /var/lib/iptables/empty-$table.rules
 				[ $? -gt 0 ] && fail=1
 			done
 			if [ $fail -gt 0 ]; then
 				stat_fail
 			else
 				rm_daemon ip6tables
-				# reset policies
-				for table in filter mangle raw; do
-					if grep -qw $table /proc/net/ip6_tables_names; then
-						$IP6TABLES -t $table -P OUTPUT ACCEPT
-					fi
-				done
-				for table in filter mangle; do
-					if grep -qw $table /proc/net/ip6_tables_names; then
-						$IP6TABLES -t $table -P INPUT ACCEPT
-						$IP6TABLES -t $table -P FORWARD ACCEPT
-					fi
-				done
-				for table in mangle raw; do
-					if grep -qw $table /proc/net/ip6_tables_names; then
-						$IP6TABLES -t $table -P PREROUTING ACCEPT
-					fi
-				done
-				for table in mangle; do
-					if grep -qw $table /proc/net/ip6_tables_names; then
-						$IP6TABLES -t $table -P POSTROUTING ACCEPT
-					fi
-				done
 				stat_done
 			fi
 		else
@@ -79,7 +52,6 @@ case "$1" in
 		;;
 	restart)
 		$0 stop
-		sleep 2
 		$0 start
 		;;
 	save)
diff --git a/abs/core/iptables/ip6tables.service b/abs/core/iptables/ip6tables.service
new file mode 100644
index 0000000..9a695f3
--- /dev/null
+++ b/abs/core/iptables/ip6tables.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=IPv6 Packet Filtering Framework
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
+ExecStop=/usr/lib/systemd/scripts/iptables-flush 6
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/abs/core/iptables/iptables b/abs/core/iptables/iptables
index 50c13d5..fbb02fa 100755
--- a/abs/core/iptables/iptables
+++ b/abs/core/iptables/iptables
@@ -4,7 +4,6 @@
 [ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
 
 # Set defaults if settings are missing
-[ -z "$IPTABLES" ] && IPTABLES=/usr/sbin/iptables
 [ -z "$IPTABLES_CONF" ] && IPTABLES_CONF=/etc/iptables/iptables.rules
 
 . /etc/rc.conf
@@ -12,7 +11,7 @@
 
 case "$1" in
 	start)
-		if [ ! -f $IPTABLES_CONF ]; then
+		if [ ! -f "$IPTABLES_CONF" ]; then
 			echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2
 			exit 1
 		fi
@@ -34,41 +33,16 @@ case "$1" in
 		;;
 	stop)
 		stat_busy "Stopping IP Tables"
-		echo 0 >/proc/sys/net/ipv4/ip_forward
 		if ! ck_daemon iptables; then
 			fail=0
 			for table in $(cat /proc/net/ip_tables_names); do
-				$IPTABLES -t $table -F &>/dev/null && \
-					$IPTABLES -t $table -X &>/dev/null && \
-					$IPTABLES -t $table -Z &>/dev/null
+				iptables-restore < /var/lib/iptables/empty-$table.rules
 				[ $? -gt 0 ] && fail=1
 			done
 			if [ $fail -gt 0 ]; then
 				stat_fail
 			else
 				rm_daemon iptables
-				# reset policies
-				for table in filter nat mangle raw; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P OUTPUT ACCEPT
-					fi
-				done
-				for table in filter mangle; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P INPUT ACCEPT
-						$IPTABLES -t $table -P FORWARD ACCEPT
-					fi
-				done
-				for table in nat mangle raw; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P PREROUTING ACCEPT
-					fi
-				done
-				for table in nat mangle; do
-					if grep -qw $table /proc/net/ip_tables_names; then
-						$IPTABLES -t $table -P POSTROUTING ACCEPT
-					fi
-				done
 				stat_done
 			fi
 		else
@@ -77,7 +51,6 @@ case "$1" in
 		;;
 	restart)
 		$0 stop
-		sleep 2
 		$0 start
 		;;
 	save)
diff --git a/abs/core/iptables/iptables-flush b/abs/core/iptables/iptables-flush
new file mode 100755
index 0000000..e6fafe9
--- /dev/null
+++ b/abs/core/iptables/iptables-flush
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# Usage: iptables-flush [6]
+#
+
+iptables=ip$1tables
+if ! type -p "$iptables"; then
+  echo "error: invalid argument"
+  exit 1
+fi
+
+while read -r table; do
+  tables+=("/var/lib/$iptables/empty-$table.rules")
+done <"/proc/net/ip$1_tables_names"
+
+if (( ${#tables[*]} )); then
+  cat "${tables[@]}" | "$iptables-restore"
+fi
diff --git a/abs/core/iptables/iptables.conf.d b/abs/core/iptables/iptables.conf.d
index 07bc11a..1c6cc7b 100644
--- a/abs/core/iptables/iptables.conf.d
+++ b/abs/core/iptables/iptables.conf.d
@@ -1,8 +1,12 @@
 # Configuration for iptables rules
-
-IPTABLES=/usr/sbin/iptables
-IP6TABLES=/usr/sbin/ip6tables
-
 IPTABLES_CONF=/etc/iptables/iptables.rules
 IP6TABLES_CONF=/etc/iptables/ip6tables.rules
-IPTABLES_FORWARD=0  # enable IP forwarding?
+
+# Enable IP forwarding (both IPv4 and IPv6)
+# NOTE: this is not the recommended way to do this, and is supported only for
+# backward compatibility. Instead, use /etc/sysctl.conf and set the following
+# options:
+# * net.ipv4.ip_forward=1
+# * net.ipv6.conf.default.forwarding=1
+# * net.ipv6.conf.all.forwarding=1
+#IPTABLES_FORWARD=0
diff --git a/abs/core/iptables/iptables.service b/abs/core/iptables/iptables.service
new file mode 100644
index 0000000..3084f53
--- /dev/null
+++ b/abs/core/iptables/iptables.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Packet Filtering Framework
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules
+ExecStop=/usr/lib/systemd/scripts/iptables-flush
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
author	James Meyer <james.meyer@operamail.com>	2013-02-19 21:10:18 (GMT)
committer	James Meyer <james.meyer@operamail.com>	2013-02-19 21:10:18 (GMT)
commit	2648e999d277eac5c3d331a3609bcc73fafbea71 (patch)
tree	40951fb8e7fdbe28a0baa324ae615055203f1e2e /abs/core/iptables
parent	c759b5e0c4aa6fc37412b4dee2cf9ad993fd376d (diff)
parent	7e6f7ca174e1af67178dc5293a312a4a733eb095 (diff)
download	linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.zip linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.gz linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.bz2