[OE-core] [OE-Core][PATCH] iptables: Turn ipv6 and libnfnetlink support into PACKAGECONFIG

Khem Raj raj.khem at gmail.com
Sun Mar 17 22:56:24 UTC 2013 

Detection of libnfnetlink is automatic in configure which means
that when you have meta-networking in your cosmos, it would create
a race condition where if libnfnetlink is already staged then it
will be enabled otherwise disabled. The issue happens quite often
with sstate and high parallelism. Since the dependency libnfnetlink
is not part of OE-Core, this patch turns it into a PACKAGECONFIG
which is diabled by default and iptables is patched to provide
the knob.

If you want to enable libnfnetlink support then it can be done
in a bbappend where you are sure that you are also including
meta-networking in your distro.

While at it also turned ipv6 support into packageconfig

Signed-off-by: Khem Raj <raj.khem at gmail.com>
---
 ...Add-option-to-enable-disable-libnfnetlink.patch |   47 ++++++++++++++++++++
 meta/recipes-extended/iptables/iptables_1.4.17.bb  |   15 +++++--
 2 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch

diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
new file mode 100644
index 0000000..ab609e2
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
@@ -0,0 +1,47 @@
+From 5c47cf5061b852c02178f01e23690bfe38a99d93 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem at gmail.com>
+Date: Sun, 17 Mar 2013 11:21:35 -0700
+Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
+
+This changes the configure behaviour from autodetecting
+for libnfnetlink to having an option to disable it explicitly
+
+Signed-off-by: Khem Raj <raj.khem at gmail.com>
+
+Upstream-Status: Pending
+---
+ configure.ac |   11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index ba616ab..ce2d315 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -53,6 +53,9 @@ AC_ARG_ENABLE([libipq],
+ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
+ 	[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
+ 	[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
++AC_ARG_ENABLE([libnfnetlink],
++	AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
++	[enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
+ 
+ libiptc_LDFLAGS2="";
+ AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
+@@ -89,9 +92,11 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"])
+ AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
+ AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])
+ 
+-PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
+-	[nfnetlink=1], [nfnetlink=0])
+-AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
++AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
++  PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0])
++  ])
++
++AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"])
+ 
+ regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
+ 	-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/iptables/iptables_1.4.17.bb b/meta/recipes-extended/iptables/iptables_1.4.17.bb
index f8ef7b6..aa932ce 100644
--- a/meta/recipes-extended/iptables/iptables_1.4.17.bb
+++ b/meta/recipes-extended/iptables/iptables_1.4.17.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\
                     file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc"
 
-PR = "r0"
+PR = "r1"
 
 RRECOMMENDS_${PN} = "kernel-module-x-tables \
                      kernel-module-ip-tables \
@@ -24,14 +24,23 @@ FILES_${PN}-dbg =+ "${libdir}/xtables/.debug"
 SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
            file://types.h-add-defines-that-are-required-for-if_packet.patch \
            file://fix-link-failure-ip6t-NETMAP.patch \
-           file://fix-iptables-extensions-build-error.patch"
+           file://fix-iptables-extensions-build-error.patch \
+           file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
+          "
 SRC_URI[md5sum] = "c3fb2ffd5b39d0d54b06ccc4c8660116"
 SRC_URI[sha256sum] = "51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925"
 
 inherit autotools
 
 EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \
-                ${@base_contains('DISTRO_FEATURES', 'ipv6', '', '--disable-ipv6', d)}"
+               "
+PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
+                 "
+
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+
+# libnfnetlink recipe is in meta-networking layer
+PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink"
 
 do_configure_prepend() {
 	# Remove some libtool m4 files
-- 
1.7.9.5

More information about the Openembedded-core mailing list