Use new strongSwan HA kernel patchset keeping iptables ABI
authorMartin Willi <martin@revosec.ch>
Fri, 22 Mar 2013 10:33:51 +0000 (11:33 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 26 Mar 2013 09:31:29 +0000 (10:31 +0100)
Allows us to install stock debian iptables without the need for patching and
compiling our own.

testing/scripts/build-baseimage
testing/scripts/recipes/004_iptables.mk [deleted file]
testing/scripts/recipes/patches/iptables-xfrm-hooks [deleted file]
testing/testing.conf

index 8bafc58..c426f0a 100755 (executable)
@@ -20,7 +20,6 @@ INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
 INC=$INC,libalog0.4.1-base-dev,hostapd
 SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
 INC=$INC,${SERVICES// /,}
-EXC=iptables
 
 CACHEDIR=$BUILDDIR/cache
 APTCACHE=$LOOPDIR/var/cache/apt/archives
@@ -67,7 +66,7 @@ execute "mount -o bind $CACHEDIR $APTCACHE"
 do_on_exit graceful_umount $APTCACHE
 
 log_action "Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)"
-execute "debootstrap --arch=$BASEIMGARCH --include=$INC --exclude $EXC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR"
+execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR"
 
 execute "mount -t proc none $LOOPDIR/proc"
 do_on_exit graceful_umount $LOOPDIR/proc
diff --git a/testing/scripts/recipes/004_iptables.mk b/testing/scripts/recipes/004_iptables.mk
deleted file mode 100644 (file)
index 5120020..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/make
-
-PV  = 1.4.16.3
-PKG = iptables-$(PV)
-TAR = $(PKG).tar.bz2
-SRC = http://www.netfilter.org/projects/iptables/files/$(TAR)
-
-NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
-
-CONFIG_OPTS =
-
-PATCHES = \
-       iptables-xfrm-hooks
-
-all: install
-
-$(TAR):
-       wget $(SRC)
-
-.$(PKG)-unpacked: $(TAR)
-       tar xfj $(TAR)
-       @touch $@
-
-.$(PKG)-patches-applied: .$(PKG)-unpacked
-       cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1
-       @touch $@
-
-.$(PKG)-configured: .$(PKG)-patches-applied
-       cd $(PKG) && ./configure $(CONFIG_OPTS)
-       @touch $@
-
-.$(PKG)-built: .$(PKG)-configured
-       cd $(PKG) && make -j $(NUM_CPUS)
-       @touch $@
-
-install: .$(PKG)-built
-       cd $(PKG) && make install
diff --git a/testing/scripts/recipes/patches/iptables-xfrm-hooks b/testing/scripts/recipes/patches/iptables-xfrm-hooks
deleted file mode 100644 (file)
index baa4a65..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-From 4553ba0130bb9f0aa266cc1e4c3288a52f34eed6 Mon Sep 17 00:00:00 2001
-From: Martin Willi <martin@revosec.ch>
-Date: Wed, 7 Apr 2010 11:40:15 +0200
-Subject: [PATCH] Added XFRM hooks to iptables headers
-
----
- include/linux/netfilter.h      |    2 ++
- include/linux/netfilter_ipv4.h |    6 +++++-
- include/linux/netfilter_ipv6.h |    6 +++++-
- 3 files changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
-index 2eb00b6..b692c67 100644
---- a/include/linux/netfilter.h
-+++ b/include/linux/netfilter.h
-@@ -35,6 +35,8 @@ enum nf_inet_hooks {
-       NF_INET_FORWARD,
-       NF_INET_LOCAL_OUT,
-       NF_INET_POST_ROUTING,
-+      NF_INET_XFRM_IN,
-+      NF_INET_XFRM_OUT,
-       NF_INET_NUMHOOKS
- };
-diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
-index 4d7ba3e..28d3ca9 100644
---- a/include/linux/netfilter_ipv4.h
-+++ b/include/linux/netfilter_ipv4.h
-@@ -47,7 +47,11 @@
- #define NF_IP_LOCAL_OUT               3
- /* Packets about to hit the wire. */
- #define NF_IP_POST_ROUTING    4
--#define NF_IP_NUMHOOKS                5
-+/* Packets going into XFRM input transformation. */
-+#define NF_IP_XFRM_IN         5
-+/* Packets going into XFRM output transformation. */
-+#define NF_IP_XFRM_OUT                6
-+#define NF_IP_NUMHOOKS                7
- enum nf_ip_hook_priorities {
-       NF_IP_PRI_FIRST = INT_MIN,
-diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
-index 7430b39..18590a5 100644
---- a/include/linux/netfilter_ipv6.h
-+++ b/include/linux/netfilter_ipv6.h
-@@ -51,7 +51,11 @@
- #define NF_IP6_LOCAL_OUT              3
- /* Packets about to hit the wire. */
- #define NF_IP6_POST_ROUTING   4
--#define NF_IP6_NUMHOOKS               5
-+/* Packets going into XFRM input transformation. */
-+#define NF_IP6_XFRM_IN                5
-+/* Packets going into XFRM output transformation. */
-+#define NF_IP6_XFRM_OUT               6
-+#define NF_IP6_NUMHOOKS               7
- enum nf_ip6_hook_priorities {
--- 
-1.6.3.3
-
index e3bc565..7929dba 100644 (file)
@@ -22,7 +22,7 @@ KERNELVERSION=3.8.1
 KERNEL=linux-$KERNELVERSION
 KERNELTARBALL=$KERNEL.tar.bz2
 KERNELCONFIG=$DIR/../config/kernel/config-3.8
-KERNELPATCH=ha-3.8.patch.bz2
+KERNELPATCH=ha-3.8-abicompat.patch.bz2
 
 # strongSwan version used in tests
 SWANVERSION=5.0.3