From eb74998125b43701a321e12afff8339e11320d7d Mon Sep 17 00:00:00 2001 From: "Yann E. MORIN" Date: Thu, 17 Aug 2023 21:11:30 +0200 Subject: [PATCH] package/nftables: fix the build of the pyhon bindings nftables provides python bindings; it uses setuptools to install them. We currently install those bindings by telling the nftables buildsystem, autotools, to install the python bindings. However, we do not pass any of the environment variables that are needed for setuptools packages. When host-python-setuptools is installed before nftables is built [0], this breaks the system at runtime, as the bindings are not installed; only the egg is, resulting in runtime errors like: # python -c 'import nftables' Traceback (most recent call last): File "", line 1, in ModuleNotFoundError: No module named 'nftables' Upstream has been doing some changes on their python handling, but it is not in a released version yet, and we can't backport those changes either, due to other big changes. Instead, we split the pyhon bindings to their own package. For legacy handling, we make that new package default to y, so that existing (def)config still work. The only novelty is that it can be disabled now. Many thanks to Julien for testing and finding the offending dependency, to James for suggesting the package split, and to Adam for, well, trigerring the issue in the first place! ;-p Note: a git bisect of the issue turns up 72 candidates for the breakage, all around the time we dropped python2 support in early 2022; the last known-good commit is 55df30f8b1fb (package/zfs: drop python2 support) and the first known-bad commit is 697acda00d9f (package/pkg-python: drop python2 host/setuptools support); everything in-between does not configure (package/python/Config.in.host still sourced but already removed), or does not build (host-python still in the dependency chain but already removed), so had to be skipped during the bisect. [0] This can happen when another python package using setuptools is built before nftables. However, with PPD, this never happens because host-python-setuptools is never in the dependency chain of nftables. Reported-by: Julien Olivain Tested-by: Julien Olivain Suggested-by: James Hilliard Signed-off-by: Yann E. MORIN Cc: Adam Duskett Cc: Thomas Petazzoni --- package/nftables/Config.in | 5 +++++ package/nftables/nftables-python/Config.in | 4 ++++ .../nftables-python/nftables-python.hash | 1 + .../nftables-python/nftables-python.mk | 22 +++++++++++++++++++ package/nftables/nftables.mk | 18 ++++++++------- 5 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 package/nftables/nftables-python/Config.in create mode 120000 package/nftables/nftables-python/nftables-python.hash create mode 100644 package/nftables/nftables-python/nftables-python.mk diff --git a/package/nftables/Config.in b/package/nftables/Config.in index 8d172b7256..833a3a38a2 100644 --- a/package/nftables/Config.in +++ b/package/nftables/Config.in @@ -13,5 +13,10 @@ config BR2_PACKAGE_NFTABLES http://www.netfilter.org/projects/nftables/index.html +# Legacy: this used to be handled in nftables.mk +if BR2_PACKAGE_NFTABLES +source "package/nftables/nftables-python/Config.in" +endif + comment "nftables needs a toolchain w/ wchar, headers >= 3.12" depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 diff --git a/package/nftables/nftables-python/Config.in b/package/nftables/nftables-python/Config.in new file mode 100644 index 0000000000..b16e2d0ad1 --- /dev/null +++ b/package/nftables/nftables-python/Config.in @@ -0,0 +1,4 @@ +config BR2_PACKAGE_NFTABLES_PYTHON + bool "python bindings" + default y # legacy + depends on BR2_PACKAGE_PYTHON3 diff --git a/package/nftables/nftables-python/nftables-python.hash b/package/nftables/nftables-python/nftables-python.hash new file mode 120000 index 0000000000..9ac74580e7 --- /dev/null +++ b/package/nftables/nftables-python/nftables-python.hash @@ -0,0 +1 @@ +../nftables.hash \ No newline at end of file diff --git a/package/nftables/nftables-python/nftables-python.mk b/package/nftables/nftables-python/nftables-python.mk new file mode 100644 index 0000000000..908bacd99a --- /dev/null +++ b/package/nftables/nftables-python/nftables-python.mk @@ -0,0 +1,22 @@ +################################################################################ +# +# nftables-python +# +################################################################################ + +# The following assignments work only because nftables.mk is included before +# this file is. +NFTABLES_PYTHON_VERSION = $(NFTABLES_VERSION) +NFTABLES_PYTHON_SOURCE = $(NFTABLES_SOURCE) +NFTABLES_PYTHON_SITE = $(NFTABLES_SITE) +NFTABLES_PYTHON_LICENSE = $(NFTABLES_LICENSE) +NFTABLES_PYTHON_LICENSE_FILES = $(NFTABLES_LICENSE_FILES) + +# We share the same source code as nftables +NFTABLES_PYTHON_DL_SUBDIR = nftables + +NFTABLES_PYTHON_SUBDIR = py + +NFTABLES_PYTHON_SETUP_TYPE = setuptools + +$(eval $(python-package)) diff --git a/package/nftables/nftables.mk b/package/nftables/nftables.mk index b0a14bd429..d31df8afa4 100644 --- a/package/nftables/nftables.mk +++ b/package/nftables/nftables.mk @@ -10,9 +10,15 @@ NFTABLES_SITE = https://www.netfilter.org/projects/nftables/files NFTABLES_DEPENDENCIES = libmnl libnftnl host-pkgconf $(TARGET_NLS_DEPENDENCIES) NFTABLES_LICENSE = GPL-2.0 NFTABLES_LICENSE_FILES = COPYING -NFTABLES_CONF_OPTS = --disable-debug --disable-man-doc --disable-pdf-doc NFTABLES_SELINUX_MODULES = iptables +# Python bindings are handled by package nftables-python +NFTABLES_CONF_OPTS = \ + --disable-debug \ + --disable-man-doc \ + --disable-pdf-doc \ + --disable-python + ifeq ($(BR2_PACKAGE_GMP),y) NFTABLES_DEPENDENCIES += gmp NFTABLES_CONF_OPTS += --without-mini-gmp @@ -42,13 +48,6 @@ else NFTABLES_CONF_OPTS += --without-json endif -ifeq ($(BR2_PACKAGE_PYTHON3),y) -NFTABLES_CONF_OPTS += --enable-python -NFTABLES_DEPENDENCIES += python3 -else -NFTABLES_CONF_OPTS += --disable-python -endif - NFTABLES_CONF_ENV = LIBS="$(NFTABLES_LIBS)" define NFTABLES_LINUX_CONFIG_FIXUPS @@ -58,3 +57,6 @@ define NFTABLES_LINUX_CONFIG_FIXUPS endef $(eval $(autotools-package)) + +# Legacy: we used to handle it in this .mk +include package/nftables/nftables-python/nftables-python.mk