net-firewall/iptables: don't install /sbin/{arptables,ebtables} symlink

If you want to use arptables or ebtables from iptables package, please
call arptables-nft or ebtables-nft.

Closes: https://bugs.gentoo.org/660886
Package-Manager: Portage-2.3.41, Repoman-2.3.9

2 files changed, 51 insertions, 1 deletions

diff --git a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
new file mode 100644
index 000000000000..1053c0a338ed
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
@@ -0,0 +1,44 @@
+Backport of
+
+https://git.netfilter.org/iptables/commit/?id=565a22395c4c620bf26a002515d9016db0c35824
+
+Bug: https://bugs.gentoo.org/660886
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -80,7 +80,9 @@ x_sbin_links  = iptables-nft iptables-nft-restore iptables-nft-save \
+ 		ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
+ 		iptables-translate ip6tables-translate \
+ 		iptables-restore-translate ip6tables-restore-translate \
+-		arptables ebtables xtables-monitor
++		arptables-nft arptables \
++		ebtables-nft ebtables \
++		xtables-monitor
+ endif
+ 
+ iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
+--- a/iptables/Makefile.in
++++ b/iptables/Makefile.in
+@@ -526,7 +526,9 @@ vx_bin_links = iptables-xml
+ @ENABLE_NFTABLES_TRUE@		ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
+ @ENABLE_NFTABLES_TRUE@		iptables-translate ip6tables-translate \
+ @ENABLE_NFTABLES_TRUE@		iptables-restore-translate ip6tables-restore-translate \
+-@ENABLE_NFTABLES_TRUE@		arptables ebtables xtables-monitor
++@ENABLE_NFTABLES_TRUE@		arptables-nft arptables \
++@ENABLE_NFTABLES_TRUE@		ebtables-nft ebtables \
++@ENABLE_NFTABLES_TRUE@		xtables-monitor
+ 
+ pkgconfig_DATA = xtables.pc
+ all: $(BUILT_SOURCES)
+--- a/iptables/xtables-nft-multi.c
++++ b/iptables/xtables-nft-multi.c
+@@ -31,8 +31,10 @@ static const struct subcommand multi_subcommands[] = {
+ 	{"iptables-restore-translate",	xtables_ip4_xlate_restore_main},
+ 	{"ip6tables-restore-translate",	xtables_ip6_xlate_restore_main},
+ 	{"arptables",			xtables_arp_main},
++	{"arptables-nft",		xtables_arp_main},
+ 	{"ebtables-translate",		xtables_eb_xlate_main},
+ 	{"ebtables",			xtables_eb_main},
++	{"ebtables-nft",		xtables_eb_main},
+ 	{"xtables-monitor",		xtables_monitor_main},
+ 	{NULL},
+ };
diff --git a/net-firewall/iptables/iptables-1.8.0.ebuild b/net-firewall/iptables/iptables-1.8.0-r1.ebuild
index e8e9447e3dd0..cbef20783c21 100644
--- a/net-firewall/iptables/iptables-1.8.0.ebuild
+++ b/net-firewall/iptables/iptables-1.8.0-r1.ebuild
@@ -42,9 +42,12 @@ RDEPEND="${COMMON_DEPEND}
 "
 
 src_prepare() {
-	eapply "${FILESDIR}"/iptables-1.8.0-fix-building-without-nft-backend.patch
+	eapply "${FILESDIR}"/${P}-fix-building-without-nft-backend.patch
 	touch -r configure extensions/GNUmakefile.in || die
 
+	eapply "${FILESDIR}"/${P}-support-nft-suffix-for-arptables-and-ebtables.patch
+	touch -r configure iptables/Makefile.{am,in} || die
+
 	# use the saner headers from the kernel
 	rm -f include/linux/{kernel,types}.h
 
@@ -112,6 +115,9 @@ src_install() {
 	if use nftables; then
 		# Bug 647458
 		rm "${ED%/}"/etc/ethertypes || die
+
+		# Bug 660886
+		rm "${ED%/}"/sbin/{arptables,ebtables} || die
 	fi
 
 	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service