fix: install iptables-nft to the host

These are used by CNI plugins. Fixes siderolabs#9883 See siderolabs/pkgs#1106 Signed-off-by: Andrey Smirnov <[email protected]> (cherry picked from commit 07220fe)
smira · Dec 12, 2024 · c547557 · c547557
1 parent 94b342b
commit c547557
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 30 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -7,36 +7,40 @@ ARG PKGS
 ARG EXTRAS
 ARG INSTALLER_ARCH
 
-ARG PKGS_PREFIX
-ARG PKG_FHS
-ARG PKG_CA_CERTIFICATES
-ARG PKG_CRYPTSETUP
-ARG PKG_CONTAINERD
-ARG PKG_DOSFSTOOLS
-ARG PKG_EUDEV
-ARG PKG_GRUB
-ARG PKG_SD_BOOT
-ARG PKG_IPTABLES
-ARG PKG_IPXE
-ARG PKG_LIBINIH
-ARG PKG_LIBJSON_C
-ARG PKG_LIBPOPT
-ARG PKG_LIBURCU
-ARG PKG_OPENSSL
-ARG PKG_LIBSECCOMP
-ARG PKG_LINUX_FIRMWARE
-ARG PKG_LVM2
-ARG PKG_LIBAIO
-ARG PKG_MUSL
-ARG PKG_RUNC
-ARG PKG_XFSPROGS
-ARG PKG_APPARMOR
-ARG PKG_UTIL_LINUX
-ARG PKG_KMOD
-ARG PKG_KERNEL
-ARG PKG_CNI
-ARG PKG_FLANNEL_CNI
-ARG PKG_TALOSCTL_CNI_BUNDLE_INSTALL
+ARG PKGS_PREFIX=scratch
+ARG PKG_FHS=scratch
+ARG PKG_CA_CERTIFICATES=scratch
+ARG PKG_CRYPTSETUP=scratch
+ARG PKG_CONTAINERD=scratch
+ARG PKG_DOSFSTOOLS=scratch
+ARG PKG_E2FSPROGS=scratch
+ARG PKG_EUDEV=scratch
+ARG PKG_LIBCAP=scratch
+ARG PKG_GRUB=scratch
+ARG PKG_SD_BOOT=scratch
+ARG PKG_IPTABLES=scratch
+ARG PKG_IPXE=scratch
+ARG PKG_LIBINIH=scratch
+ARG PKG_LIBJSON_C=scratch
+ARG PKG_LIBMNL=scratch
+ARG PKG_LIBNFTNL=scratch
+ARG PKG_LIBPOPT=scratch
+ARG PKG_LIBURCU=scratch
+ARG PKG_OPENSSL=scratch
+ARG PKG_LIBSECCOMP=scratch
+ARG PKG_LINUX_FIRMWARE=scratch
+ARG PKG_LVM2=scratch
+ARG PKG_LIBAIO=scratch
+ARG PKG_MUSL=scratch
+ARG PKG_RUNC=scratch
+ARG PKG_XFSPROGS=scratch
+ARG PKG_APPARMOR=scratch
+ARG PKG_UTIL_LINUX=scratch
+ARG PKG_KMOD=scratch
+ARG PKG_KERNEL=scratch
+ARG PKG_CNI=scratch
+ARG PKG_FLANNEL_CNI=scratch
+ARG PKG_TALOSCTL_CNI_BUNDLE_INSTALL=scratch
 
 # Resolve package images using ${PKGS} to be used later in COPY --from=.
 
@@ -78,6 +82,12 @@ FROM --platform=arm64 ${PKG_LIBINIH} AS pkg-libinih-arm64
 FROM --platform=amd64 ${PKG_LIBJSON_C} AS pkg-libjson-c-amd64
 FROM --platform=arm64 ${PKG_LIBJSON_C} AS pkg-libjson-c-arm64
 
+FROM --platform=amd64 ${PKG_LIBMNL} AS pkg-libmnl-amd64
+FROM --platform=arm64 ${PKG_LIBMNL} AS pkg-libmnl-arm64
+
+FROM --platform=amd64 ${PKG_LIBNFTNL} AS pkg-libnftnl-amd64
+FROM --platform=arm64 ${PKG_LIBNFTNL} AS pkg-libnftnl-arm64
+
 FROM --platform=amd64 ${PKG_LIBPOPT} AS pkg-libpopt-amd64
 FROM --platform=arm64 ${PKG_LIBPOPT} AS pkg-libpopt-arm64
 
@@ -615,6 +625,8 @@ COPY --link --from=pkg-eudev-amd64 / /rootfs
 COPY --link --from=pkg-iptables-amd64 / /rootfs
 COPY --link --from=pkg-libinih-amd64 / /rootfs
 COPY --link --from=pkg-libjson-c-amd64 / /rootfs
+COPY --link --from=pkg-libmnl-amd64 / /rootfs
+COPY --link --from=pkg-libnftnl-amd64 / /rootfs
 COPY --link --from=pkg-libpopt-amd64 / /rootfs
 COPY --link --from=pkg-liburcu-amd64 / /rootfs
 COPY --link --from=pkg-openssl-amd64 / /rootfs
@@ -681,6 +693,8 @@ COPY --link --from=pkg-eudev-arm64 / /rootfs
 COPY --link --from=pkg-iptables-arm64 / /rootfs
 COPY --link --from=pkg-libinih-arm64 / /rootfs
 COPY --link --from=pkg-libjson-c-arm64 / /rootfs
+COPY --link --from=pkg-libmnl-arm64 / /rootfs
+COPY --link --from=pkg-libnftnl-arm64 / /rootfs
 COPY --link --from=pkg-libpopt-arm64 / /rootfs
 COPY --link --from=pkg-liburcu-arm64 / /rootfs
 COPY --link --from=pkg-openssl-arm64 / /rootfs

diff --git a/Makefile b/Makefile
@@ -39,6 +39,8 @@ PKG_IPTABLES ?= $(PKGS_PREFIX)/iptables:$(PKGS)
 PKG_IPXE ?= $(PKGS_PREFIX)/ipxe:$(PKGS)
 PKG_LIBINIH ?= $(PKGS_PREFIX)/libinih:$(PKGS)
 PKG_LIBJSON_C ?= $(PKGS_PREFIX)/libjson-c:$(PKGS)
+PKG_LIBMNL ?= $(PKGS_PREFIX)/libmnl:$(PKGS)
+PKG_LIBNFTNL ?= $(PKGS_PREFIX)/libnftnl:$(PKGS)
 PKG_LIBPOPT ?= $(PKGS_PREFIX)/libpopt:$(PKGS)
 PKG_LIBURCU ?= $(PKGS_PREFIX)/liburcu:$(PKGS)
 PKG_OPENSSL ?= $(PKGS_PREFIX)/openssl:$(PKGS)
@@ -203,6 +205,8 @@ COMMON_ARGS += --build-arg=PKG_IPTABLES=$(PKG_IPTABLES)
 COMMON_ARGS += --build-arg=PKG_IPXE=$(PKG_IPXE)
 COMMON_ARGS += --build-arg=PKG_LIBINIH=$(PKG_LIBINIH)
 COMMON_ARGS += --build-arg=PKG_LIBJSON_C=$(PKG_LIBJSON_C)
+COMMON_ARGS += --build-arg=PKG_LIBMNL=$(PKG_LIBMNL)
+COMMON_ARGS += --build-arg=PKG_LIBNFTNL=$(PKG_LIBNFTNL)
 COMMON_ARGS += --build-arg=PKG_LIBPOPT=$(PKG_LIBPOPT)
 COMMON_ARGS += --build-arg=PKG_LIBURCU=$(PKG_LIBURCU)
 COMMON_ARGS += --build-arg=PKG_OPENSSL=$(PKG_OPENSSL)