diff mbox series

[bug#37398,1/2] gnu: linux-libre: Enable all nftables family modules.

Message ID 87k1ab34qo.fsf@member.fsf.org
State Accepted
Headers show
Series [bug#37398,1/2] gnu: linux-libre: Enable all nftables family modules. | expand

Commit Message

宋文武 Sept. 14, 2019, 4:02 a.m. UTC 
Marius Bakke <mbakke@fastmail.com> writes:

> iyzsong@member.fsf.org (宋文武) writes:
>
>> 宋文武 <iyzsong@member.fsf.org> writes:
>>
>>> * gnu/packages/aux-files/linux-libre/4.19-arm.conf,
>>> gnu/packages/aux-files/linux-libre/4.19-arm64.conf,
>>> gnu/packages/aux-files/linux-libre/4.19-i686.conf,
>>> gnu/packages/aux-files/linux-libre/4.19-x86_64.conf,
>>> gnu/packages/aux-files/linux-libre/5.2-arm.conf,
>>> gnu/packages/aux-files/linux-libre/5.2-arm64.conf,
>>> gnu/packages/aux-files/linux-libre/5.2-i686.conf,
>>> gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET,
>>> CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP,
>>> CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'.
>>
>> I got 5.2 built now, and it doesn't work, may have to be enabled as 'y',
>> will investigate it later...
>
> In general, when making changes to the kernel configuration, you need to
> use the interactive configuration system provided by the kernel build
> system.  The reason is that many options have dependencies: if you set
> CONFIG_FOO=y, CONFIG_BAR might also need to be y.
>
> Using the configuration system ensures these dependencies are handled
> properly.  Here is one way to do that on Guix:
>
> $ tar -xf $(guix build -S linux-libre) -C /tmp
> $ cd /tmp/linux-libre-5.2.13
> $ guix environment linux-libre --ad-hoc ncurses
> $ cp /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf .config
> $ make oldconfig
> $ make nconfig
> $ cp .config /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf
>
> I don't have time to go into more details right now, but hope this helps!

Thanks, the interactive configuration system does the right thing.  And
I now have made configs for x86_64, 4.19 and 5.2.  Since i686 is similar
to x86_64, so I apply the x86_64 config diff to i686 config, no
rejections, it should work.  But the arm ones are different, and I don't
know how to make them without an arm machine (a naive 'make nconfig' in
my x86_64 environment generates a lot of diffs...), so I skip them for
now:
I also use 'make nconfig' for 4.14, and the result is okay, so I guess
since 4.19, those nftables families have to be enabled as 'y', while
previously they can be built as modules.

Is it fine to only update kernel configurations for intel architectures?

Comments

Danny Milosavljevic Sept. 14, 2019, 10:02 a.m. UTC | #1 
Add to your services field in operating-system:

            (service qemu-binfmt-service-type
             (qemu-binfmt-configuration
              (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc" "mips64el"))
              (guix-support? #t)))

and reconfigure.

Then

$ guix environment -s armhf-linux linux-libre
(env)$ make oldconfig
(env)$ make nconfig
diff mbox series

Patch

From 3071ddc697bfaa5cff9324be3332a9dda9289b76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@member.fsf.org>
Date: Sat, 14 Sep 2019 11:26:37 +0800
Subject: [PATCH 1/2] gnu: linux-libre: intel: Enable all nftables families.

TODO: Adjust arm kernels accordingly.

* gnu/packages/aux-files/linux-libre/4.19-i686.conf,
gnu/packages/aux-files/linux-libre/4.19-x86_64.conf,
gnu/packages/aux-files/linux-libre/5.2-i686.conf,
gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET,
CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and
CONFIG_NF_TABLES_BRIDGE to 'y', and related options to 'm'.
---
 .../aux-files/linux-libre/4.19-i686.conf      | 35 +++++++++++++++----
 .../aux-files/linux-libre/4.19-x86_64.conf    | 35 +++++++++++++++----
 .../aux-files/linux-libre/5.2-i686.conf       | 28 +++++++++++----
 .../aux-files/linux-libre/5.2-x86_64.conf     | 28 +++++++++++----
 4 files changed, 102 insertions(+), 24 deletions(-)

diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf
index c1df3f0f49..75a18ec5ef 100644
--- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf
+++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf
@@ -1209,8 +1209,8 @@  CONFIG_NF_NAT_REDIRECT=y
 CONFIG_NETFILTER_SYNPROXY=m
 CONFIG_NF_TABLES=m
 CONFIG_NF_TABLES_SET=m
-# CONFIG_NF_TABLES_INET is not set
-# CONFIG_NF_TABLES_NETDEV is not set
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
 CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
 CONFIG_NFT_FLOW_OFFLOAD=m
@@ -1226,11 +1226,18 @@  CONFIG_NFT_OBJREF=m
 CONFIG_NFT_QUEUE=m
 CONFIG_NFT_QUOTA=m
 CONFIG_NFT_REJECT=m
+CONFIG_NFT_REJECT_INET=m
 CONFIG_NFT_COMPAT=m
 CONFIG_NFT_HASH=m
+CONFIG_NFT_FIB=m
+CONFIG_NFT_FIB_INET=m
 CONFIG_NFT_SOCKET=m
 CONFIG_NFT_OSF=m
 CONFIG_NFT_TPROXY=m
+CONFIG_NF_DUP_NETDEV=m
+CONFIG_NFT_DUP_NETDEV=m
+CONFIG_NFT_FWD_NETDEV=m
+CONFIG_NFT_FIB_NETDEV=m
 CONFIG_NF_FLOW_TABLE_INET=m
 CONFIG_NF_FLOW_TABLE=m
 CONFIG_NETFILTER_XTABLES=m
@@ -1394,8 +1401,12 @@  CONFIG_IP_VS_PE_SIP=m
 CONFIG_NF_DEFRAG_IPV4=m
 CONFIG_NF_SOCKET_IPV4=m
 CONFIG_NF_TPROXY_IPV4=m
-# CONFIG_NF_TABLES_IPV4 is not set
-# CONFIG_NF_TABLES_ARP is not set
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NFT_CHAIN_ROUTE_IPV4=m
+CONFIG_NFT_REJECT_IPV4=m
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_FIB_IPV4=m
+CONFIG_NF_TABLES_ARP=y
 CONFIG_NF_FLOW_TABLE_IPV4=m
 CONFIG_NF_DUP_IPV4=m
 CONFIG_NF_LOG_ARP=m
@@ -1403,6 +1414,9 @@  CONFIG_NF_LOG_IPV4=m
 CONFIG_NF_REJECT_IPV4=m
 CONFIG_NF_NAT_IPV4=m
 CONFIG_NF_NAT_MASQUERADE_IPV4=y
+CONFIG_NFT_CHAIN_NAT_IPV4=m
+CONFIG_NFT_MASQ_IPV4=m
+CONFIG_NFT_REDIR_IPV4=m
 CONFIG_NF_NAT_SNMP_BASIC=m
 CONFIG_NF_NAT_PROTO_GRE=m
 CONFIG_NF_NAT_PPTP=m
@@ -1434,7 +1448,14 @@  CONFIG_IP_NF_ARP_MANGLE=m
 #
 CONFIG_NF_SOCKET_IPV6=m
 CONFIG_NF_TPROXY_IPV6=m
-# CONFIG_NF_TABLES_IPV6 is not set
+CONFIG_NF_TABLES_IPV6=y
+CONFIG_NFT_CHAIN_ROUTE_IPV6=m
+CONFIG_NFT_CHAIN_NAT_IPV6=m
+CONFIG_NFT_MASQ_IPV6=m
+CONFIG_NFT_REDIR_IPV6=m
+CONFIG_NFT_REJECT_IPV6=m
+CONFIG_NFT_DUP_IPV6=m
+CONFIG_NFT_FIB_IPV6=m
 CONFIG_NF_FLOW_TABLE_IPV6=m
 CONFIG_NF_DUP_IPV6=m
 CONFIG_NF_REJECT_IPV6=m
@@ -1468,7 +1489,9 @@  CONFIG_NF_DEFRAG_IPV6=m
 # DECnet: Netfilter Configuration
 #
 CONFIG_DECNET_NF_GRABULATOR=m
-# CONFIG_NF_TABLES_BRIDGE is not set
+CONFIG_NF_TABLES_BRIDGE=y
+CONFIG_NFT_BRIDGE_REJECT=m
+CONFIG_NF_LOG_BRIDGE=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_EBT_BROUTE=m
 CONFIG_BRIDGE_EBT_T_FILTER=m
diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf
index a8f8c81648..f151036410 100644
--- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf
+++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf
@@ -1219,8 +1219,8 @@  CONFIG_NF_NAT_REDIRECT=y
 CONFIG_NETFILTER_SYNPROXY=m
 CONFIG_NF_TABLES=m
 CONFIG_NF_TABLES_SET=m
-# CONFIG_NF_TABLES_INET is not set
-# CONFIG_NF_TABLES_NETDEV is not set
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
 CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
 CONFIG_NFT_FLOW_OFFLOAD=m
@@ -1236,11 +1236,18 @@  CONFIG_NFT_OBJREF=m
 CONFIG_NFT_QUEUE=m
 CONFIG_NFT_QUOTA=m
 CONFIG_NFT_REJECT=m
+CONFIG_NFT_REJECT_INET=m
 CONFIG_NFT_COMPAT=m
 CONFIG_NFT_HASH=m
+CONFIG_NFT_FIB=m
+CONFIG_NFT_FIB_INET=m
 CONFIG_NFT_SOCKET=m
 CONFIG_NFT_OSF=m
 CONFIG_NFT_TPROXY=m
+CONFIG_NF_DUP_NETDEV=m
+CONFIG_NFT_DUP_NETDEV=m
+CONFIG_NFT_FWD_NETDEV=m
+CONFIG_NFT_FIB_NETDEV=m
 CONFIG_NF_FLOW_TABLE_INET=m
 CONFIG_NF_FLOW_TABLE=m
 CONFIG_NETFILTER_XTABLES=m
@@ -1404,8 +1411,12 @@  CONFIG_IP_VS_PE_SIP=m
 CONFIG_NF_DEFRAG_IPV4=m
 CONFIG_NF_SOCKET_IPV4=m
 CONFIG_NF_TPROXY_IPV4=m
-# CONFIG_NF_TABLES_IPV4 is not set
-# CONFIG_NF_TABLES_ARP is not set
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NFT_CHAIN_ROUTE_IPV4=m
+CONFIG_NFT_REJECT_IPV4=m
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_FIB_IPV4=m
+CONFIG_NF_TABLES_ARP=y
 CONFIG_NF_FLOW_TABLE_IPV4=m
 CONFIG_NF_DUP_IPV4=m
 CONFIG_NF_LOG_ARP=m
@@ -1413,6 +1424,9 @@  CONFIG_NF_LOG_IPV4=m
 CONFIG_NF_REJECT_IPV4=m
 CONFIG_NF_NAT_IPV4=m
 CONFIG_NF_NAT_MASQUERADE_IPV4=y
+CONFIG_NFT_CHAIN_NAT_IPV4=m
+CONFIG_NFT_MASQ_IPV4=m
+CONFIG_NFT_REDIR_IPV4=m
 CONFIG_NF_NAT_SNMP_BASIC=m
 CONFIG_NF_NAT_PROTO_GRE=m
 CONFIG_NF_NAT_PPTP=m
@@ -1444,7 +1458,14 @@  CONFIG_IP_NF_ARP_MANGLE=m
 #
 CONFIG_NF_SOCKET_IPV6=m
 CONFIG_NF_TPROXY_IPV6=m
-# CONFIG_NF_TABLES_IPV6 is not set
+CONFIG_NF_TABLES_IPV6=y
+CONFIG_NFT_CHAIN_ROUTE_IPV6=m
+CONFIG_NFT_CHAIN_NAT_IPV6=m
+CONFIG_NFT_MASQ_IPV6=m
+CONFIG_NFT_REDIR_IPV6=m
+CONFIG_NFT_REJECT_IPV6=m
+CONFIG_NFT_DUP_IPV6=m
+CONFIG_NFT_FIB_IPV6=m
 CONFIG_NF_FLOW_TABLE_IPV6=m
 CONFIG_NF_DUP_IPV6=m
 CONFIG_NF_REJECT_IPV6=m
@@ -1478,7 +1499,9 @@  CONFIG_NF_DEFRAG_IPV6=m
 # DECnet: Netfilter Configuration
 #
 CONFIG_DECNET_NF_GRABULATOR=m
-# CONFIG_NF_TABLES_BRIDGE is not set
+CONFIG_NF_TABLES_BRIDGE=y
+CONFIG_NFT_BRIDGE_REJECT=m
+CONFIG_NF_LOG_BRIDGE=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_EBT_BROUTE=m
 CONFIG_BRIDGE_EBT_T_FILTER=m
diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf
index 0a211f6eb9..8813a70d3d 100644
--- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf
+++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf
@@ -1147,8 +1147,8 @@  CONFIG_NF_NAT_MASQUERADE=y
 CONFIG_NETFILTER_SYNPROXY=m
 CONFIG_NF_TABLES=m
 CONFIG_NF_TABLES_SET=m
-# CONFIG_NF_TABLES_INET is not set
-# CONFIG_NF_TABLES_NETDEV is not set
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
 CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
 CONFIG_NFT_FLOW_OFFLOAD=m
@@ -1158,17 +1158,25 @@  CONFIG_NFT_LOG=m
 CONFIG_NFT_LIMIT=m
 CONFIG_NFT_MASQ=m
 CONFIG_NFT_REDIR=m
+CONFIG_NFT_NAT=m
 CONFIG_NFT_TUNNEL=m
 CONFIG_NFT_OBJREF=m
 CONFIG_NFT_QUEUE=m
 CONFIG_NFT_QUOTA=m
 CONFIG_NFT_REJECT=m
+CONFIG_NFT_REJECT_INET=m
 CONFIG_NFT_COMPAT=m
 CONFIG_NFT_HASH=m
+CONFIG_NFT_FIB=m
+CONFIG_NFT_FIB_INET=m
 CONFIG_NFT_XFRM=m
 CONFIG_NFT_SOCKET=m
 CONFIG_NFT_OSF=m
 CONFIG_NFT_TPROXY=m
+CONFIG_NF_DUP_NETDEV=m
+CONFIG_NFT_DUP_NETDEV=m
+CONFIG_NFT_FWD_NETDEV=m
+CONFIG_NFT_FIB_NETDEV=m
 CONFIG_NF_FLOW_TABLE_INET=m
 CONFIG_NF_FLOW_TABLE=m
 CONFIG_NETFILTER_XTABLES=m
@@ -1335,8 +1343,11 @@  CONFIG_IP_VS_PE_SIP=m
 CONFIG_NF_DEFRAG_IPV4=m
 CONFIG_NF_SOCKET_IPV4=m
 CONFIG_NF_TPROXY_IPV4=m
-# CONFIG_NF_TABLES_IPV4 is not set
-# CONFIG_NF_TABLES_ARP is not set
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NFT_REJECT_IPV4=m
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_FIB_IPV4=m
+CONFIG_NF_TABLES_ARP=y
 CONFIG_NF_FLOW_TABLE_IPV4=m
 CONFIG_NF_DUP_IPV4=m
 CONFIG_NF_LOG_ARP=m
@@ -1373,7 +1384,10 @@  CONFIG_IP_NF_ARP_MANGLE=m
 #
 CONFIG_NF_SOCKET_IPV6=m
 CONFIG_NF_TPROXY_IPV6=m
-# CONFIG_NF_TABLES_IPV6 is not set
+CONFIG_NF_TABLES_IPV6=y
+CONFIG_NFT_REJECT_IPV6=m
+CONFIG_NFT_DUP_IPV6=m
+CONFIG_NFT_FIB_IPV6=m
 CONFIG_NF_FLOW_TABLE_IPV6=m
 CONFIG_NF_DUP_IPV6=m
 CONFIG_NF_REJECT_IPV6=m
@@ -1409,7 +1423,9 @@  CONFIG_NF_DEFRAG_IPV6=m
 CONFIG_DECNET_NF_GRABULATOR=m
 # end of DECnet: Netfilter Configuration
 
-# CONFIG_NF_TABLES_BRIDGE is not set
+CONFIG_NF_TABLES_BRIDGE=y
+CONFIG_NFT_BRIDGE_REJECT=m
+CONFIG_NF_LOG_BRIDGE=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_EBT_BROUTE=m
 CONFIG_BRIDGE_EBT_T_FILTER=m
diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf
index 51d4e93372..e1d2c93f9a 100644
--- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf
+++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf
@@ -1168,8 +1168,8 @@  CONFIG_NF_NAT_MASQUERADE=y
 CONFIG_NETFILTER_SYNPROXY=m
 CONFIG_NF_TABLES=m
 CONFIG_NF_TABLES_SET=m
-# CONFIG_NF_TABLES_INET is not set
-# CONFIG_NF_TABLES_NETDEV is not set
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
 CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
 CONFIG_NFT_FLOW_OFFLOAD=m
@@ -1179,17 +1179,25 @@  CONFIG_NFT_LOG=m
 CONFIG_NFT_LIMIT=m
 CONFIG_NFT_MASQ=m
 CONFIG_NFT_REDIR=m
+CONFIG_NFT_NAT=m
 CONFIG_NFT_TUNNEL=m
 CONFIG_NFT_OBJREF=m
 CONFIG_NFT_QUEUE=m
 CONFIG_NFT_QUOTA=m
 CONFIG_NFT_REJECT=m
+CONFIG_NFT_REJECT_INET=m
 CONFIG_NFT_COMPAT=m
 CONFIG_NFT_HASH=m
+CONFIG_NFT_FIB=m
+CONFIG_NFT_FIB_INET=m
 CONFIG_NFT_XFRM=m
 CONFIG_NFT_SOCKET=m
 CONFIG_NFT_OSF=m
 CONFIG_NFT_TPROXY=m
+CONFIG_NF_DUP_NETDEV=m
+CONFIG_NFT_DUP_NETDEV=m
+CONFIG_NFT_FWD_NETDEV=m
+CONFIG_NFT_FIB_NETDEV=m
 CONFIG_NF_FLOW_TABLE_INET=m
 CONFIG_NF_FLOW_TABLE=m
 CONFIG_NETFILTER_XTABLES=m
@@ -1356,8 +1364,11 @@  CONFIG_IP_VS_PE_SIP=m
 CONFIG_NF_DEFRAG_IPV4=m
 CONFIG_NF_SOCKET_IPV4=m
 CONFIG_NF_TPROXY_IPV4=m
-# CONFIG_NF_TABLES_IPV4 is not set
-# CONFIG_NF_TABLES_ARP is not set
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NFT_REJECT_IPV4=m
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_FIB_IPV4=m
+CONFIG_NF_TABLES_ARP=y
 CONFIG_NF_FLOW_TABLE_IPV4=m
 CONFIG_NF_DUP_IPV4=m
 CONFIG_NF_LOG_ARP=m
@@ -1394,7 +1405,10 @@  CONFIG_IP_NF_ARP_MANGLE=m
 #
 CONFIG_NF_SOCKET_IPV6=m
 CONFIG_NF_TPROXY_IPV6=m
-# CONFIG_NF_TABLES_IPV6 is not set
+CONFIG_NF_TABLES_IPV6=y
+CONFIG_NFT_REJECT_IPV6=m
+CONFIG_NFT_DUP_IPV6=m
+CONFIG_NFT_FIB_IPV6=m
 CONFIG_NF_FLOW_TABLE_IPV6=m
 CONFIG_NF_DUP_IPV6=m
 CONFIG_NF_REJECT_IPV6=m
@@ -1430,7 +1444,9 @@  CONFIG_NF_DEFRAG_IPV6=m
 CONFIG_DECNET_NF_GRABULATOR=m
 # end of DECnet: Netfilter Configuration
 
-# CONFIG_NF_TABLES_BRIDGE is not set
+CONFIG_NF_TABLES_BRIDGE=y
+CONFIG_NFT_BRIDGE_REJECT=m
+CONFIG_NF_LOG_BRIDGE=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_EBT_BROUTE=m
 CONFIG_BRIDGE_EBT_T_FILTER=m
-- 
2.19.2