Hi Armen, I use the following patches to build deb packages. May you can use them?
One patch for libreswan/main branch, main-enable-nftable-deb.patch, and the other one for Debian repository. regards, -antony On Sun, Sep 24, 2023 at 09:59:38PM +0600, Armen Dilanyan wrote: I am building a deb package following the instructions: "## Building for DEB based systems The packaging/debian directory is used to build deb files. Simply issue the command: make deb." The deb package is being built with iptables dependencies, and I have to install iptables even though I do not use it. Is there any information in the documentation on how to build packages without iptables dependencies?
>From 10f22a36f94bb7a4c19868f453bac11eb3995246 Mon Sep 17 00:00:00 2001 From: Antony Antony <[email protected]> Date: Sat, 25 Feb 2023 10:34:14 +0000 Subject: [PATCH] enable nftable upstream added nftables support use that instead of iptables. - add nftables package dependency - remove iptables dependency - disable iptbales support(upstream default). Signed-off-by: Antony Antony <[email protected]> --- debian/control | 2 +- debian/rules | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index c8849e998f9b..7e6fc896cc45 100644 --- a/debian/control +++ b/debian/control @@ -44,8 +44,8 @@ Depends: dns-root-data, host, iproute2 | iproute (>= 20071016), - iptables, libnss3-tools, + nftbables, ${misc:Depends}, ${shlibs:Depends}, Recommends: diff --git a/debian/rules b/debian/rules index 5491fbfc118a..514977b6f3d9 100755 --- a/debian/rules +++ b/debian/rules @@ -46,6 +46,8 @@ DEBIAN_LIBRESWAN_BUILD_FLAGS = \ USE_NSS_IPSEC_PROFILE=$(IPSEC_PROFILE_AVAILABILITY) \ USE_NSS_AVA_COPY=$(NSS_AVA_MISSING) \ USE_DNSSEC=true \ + HAVE_NFTABLES=true \ + HAVE_IPTABLES=false \ DEFAULT_DNSSEC_ROOTKEY_FILE=/usr/share/dns/root.key override_dh_auto_build: -- 2.41.0
>From e8c2d3d7622d14834b0d8e769826ac4f414ace77 Mon Sep 17 00:00:00 2001 From: Antony Antony <[email protected]> Date: Sat, 25 Feb 2023 10:34:14 +0000 Subject: [PATCH] packaging: debian enable nftable enable nftables support use that instead of iptable - add nftables package dependency - remove iptables dependency - disable iptbales support(upstream default). Signed-off-by: Antony Antony <[email protected]> --- packaging/debian/control | 2 +- packaging/debian/rules | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/packaging/debian/control b/packaging/debian/control index ce9564e475e4..7c464b784529 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -44,10 +44,10 @@ Depends: dns-root-data, bind9-host, iproute2, - iptables, libnspr4, libnss3 (>= 3.16), libnss3-tools, + nftbables, ${misc:Depends}, ${shlibs:Depends}, Recommends: diff --git a/packaging/debian/rules b/packaging/debian/rules index 522e902d91c7..0f6c67d5714f 100755 --- a/packaging/debian/rules +++ b/packaging/debian/rules @@ -27,6 +27,8 @@ override_dh_auto_build: LIBEXECDIR=/usr/libexec/ipsec \ MANDIR=/usr/share/man \ USE_LDAP=true \ + HAVE_NFTABLES=true \ + HAVE_IPTABLES=false \ INITSYSTEM=systemd \ $(ENABLE_LIBCAP_NG) \ $(ENABLE_SELINUX) @@ -40,6 +42,8 @@ override_dh_auto_install-arch: LIBEXECDIR=/usr/libexec/ipsec \ MANDIR=/usr/share/man \ USE_LDAP=true \ + HAVE_NFTABLES=true \ + HAVE_IPTABLES=false \ INITSYSTEM=systemd \ $(ENABLE_LIBCAP_NG) \ $(ENABLE_SELINUX) \ -- 2.41.0
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
