From patchwork Wed Dec 4 18:29:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fiona Klute X-Patchwork-Id: 2018388 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y3Qzc6Tlhz1yQg for ; Thu, 5 Dec 2024 05:29:48 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 8880D41316; Wed, 4 Dec 2024 18:29:47 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id rCLUY9GyAb1I; Wed, 4 Dec 2024 18:29:46 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.142; helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 35B7541320 Received: from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142]) by smtp4.osuosl.org (Postfix) with ESMTP id 35B7541320; Wed, 4 Dec 2024 18:29:46 +0000 (UTC) X-Original-To: buildroot@buildroot.org Delivered-To: buildroot@buildroot.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists1.osuosl.org (Postfix) with ESMTP id 2A5F01DD3 for ; Wed, 4 Dec 2024 18:29:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 27245607B2 for ; Wed, 4 Dec 2024 18:29:33 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id ufTr0ShduXqD for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=212.227.15.18; helo=mout.gmx.net; envelope-from=fiona.klute@gmx.de; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org D2CB86085B DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D2CB86085B Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by smtp3.osuosl.org (Postfix) with ESMTPS id D2CB86085B for ; Wed, 4 Dec 2024 18:29:31 +0000 (UTC) X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from haruka.lan ([85.22.124.249]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MbAcs-1tu9gg3aTA-00lT39; Wed, 04 Dec 2024 19:29:22 +0100 To: buildroot@buildroot.org Date: Wed, 4 Dec 2024 19:29:08 +0100 Message-ID: <20241204182913.4085670-2-fiona.klute@gmx.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241204182913.4085670-1-fiona.klute@gmx.de> References: <20241204182913.4085670-1-fiona.klute@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:JhJ3PUvPnxZ3IoN+Jp4uBD1WPLDoOf3VDQh9C3y9K5LO5TSJXhe tXGS/y/5L0zEjJro36PmSsO7c4LIvJJOuI3iKiDFwMo307/Iktt9Q3/oUqhoaEp+3NjDOpY eFVaoesKiQQZgliK0sxeMd5kEGKzCLKE2QwHmU1Gv4jSJwgmQfkezp2Ivv6pzW1bmh8OsCk 1RPXAuT55Yf/0noOLVH4Q== UI-OutboundReport: notjunk:1;M01:P0:TangTV4tcdg=;LXsXNBZt1JJsVUWGhoqTB33kttO T8S2XzrIQCqPDYwc+XpSlA2CSWQ/5xQVQgnNcS6X/RMA4zUqUQA3ZlavJ2f1ilxF2ZePpfF8n Pa6KAu0MVC82FFnmFWbOXaGAlWXxU6kuKGejhLLnziVqGkw7Sn2/rpbUMrhC4Zh5kkZcc7NOe cBW8lijtVYE6hdzOBENHMhwlknodDeNM9x+UO1LgAFUUmRrX09qSxpB9AVC/VkGm3+RR9Feos bAthWSNRC52YTWYgaBjJJRju0L1Vq4mymvNZSuohReWM1EwA+esBfwRSord/h2AUJhlkaFMiS vUEvmTLswnlnSYHCW0njZqMewRHKDtP0a4wIuuhoMMlco1J2R78U69Mu16XB4wZXG0y2FDy4a mwYwODKg21z03E7dCYNQ5zfEKYzHm0FajQ/lljd09REOae9vLm2BlBZO62g3w8csZis3tRPvf 4CEfOL8DEDV8vWjA464Ae+6EIPVrRaxAtFZj767jWJY/21fdHxHj4i0iVjWAgXPlStxA1Lbnx Fa80DxGyk0BQmrN98OtosHW73dL8PV3/TApT6sqM6wlJPjoDgr3eNw9+Mu174hR9k5nyWnAZR QNb3P/XCWSsjzk79wmod9QQDwqeBaZoSb/DzsXXqgCkLImRBnF5EZ1dcl+4dVALNw6VeUBpPS qkXyFXRv2Yl6LrUNFY3EhE5ScD06MvRWJA9nPdKmpDUWFtXfPIWTb8e1AiTM600ng0teMXGNV dgCv5dBSH+ge/d/k9RVca20CAAkITccLwxrQw6cqr9hOr7Fsekr/FfgskLjt/Q9g61XHmf0/e bpN89seopNqgIzre+3oHVTB5SjTPH+3LOAIdN17FeC1VqDsAjChp6EvKFR8d/MKcBjL94SJ/h Uz9pXmvtd/f5f0TtMiJp7pLIhVIF0P+U2H9dTf79Q/rgTcdxlIgPmInX+GLf2EEoJWl0NunCk 86KhtWdokpb1XSLYybtZ284alNV1Y6bq9CsyUBZT556MixcEz1v5bs17rYnr92mw8N+XUpDxm TLG26mI9fD4HkRg/WN8l/e0en6ZAdg352mOuHBNrDz9yc3j2Zdhc2L2JJ5Koni4Pjo6irBJRP jFJDBT1TIoZbJNWegzIgNWZPsKYyMJ X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1733336963; x=1733941763; i=fiona.klute@gmx.de; bh=lWYV15bvP6gLVhcr/rgX8eB8imTJA9aVFDQy2CicTio=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=MTgn/0dWrmLBvH+2+rt7wNwUJ5mSNMVnwymhOaIH+yyELrnD3ixAz4SIoS1fMolC lu0KM5foa/AXhTUAqyE/tD9ljGyCqkRWXqSXf1xkuzeN0XiBWD92/tHEP2pZMrdfO 0Wi4WYm+y8+rqqsQkunpV+t8qfcaWp+FZZDuMiEQ64fPobVFPvDRqK7OKi+qU0c5r 4Y+tXrruJ0bvUVDYx1CehTx7fTuf9aHGq3ye7RIHN82J/kyoDffvt7lHF9qIVhiBe a15wlV84U96J42jIIOhqYKxNgeCCkhG5onvU/7jLkVUK5HDp3h5eIK4LFZqqHx12+ ExNlzuBktRflZcsl0g== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=gmx.de X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=gmx.de header.i=fiona.klute@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=MTgn/0dW Subject: [Buildroot] [PATCH v5 1/6] package/nftables: add init script X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fiona Klute via buildroot From: Fiona Klute Reply-To: Fiona Klute Cc: Julien Olivain , Fiona Klute , Ricardo Martincoski Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" From: "Fiona Klute (WIWA)" The init script handles an nftables ruleset file with support for atomic reloading. By default the ruleset is expected in /etc/nftables.conf, the location can be changed in /etc/default/nftables. If the ruleset file does not exist, the script does nothing and shows a warning about that fact. Signed-off-by: Fiona Klute (WIWA) --- Changes v4 -> v5: * nftables init script: run any target only if rules file exists Changes v1 -> v2: * clarify comments & commit message * nftables init script: Warning about missing flush in ruleset on reload * nftables init script: check for rules file only on start * nftables init script: return nft return code from start/stop functions package/nftables/S35nftables | 67 ++++++++++++++++++++++++++++++++++++ package/nftables/nftables.mk | 5 +++ 2 files changed, 72 insertions(+) create mode 100644 package/nftables/S35nftables diff --git a/package/nftables/S35nftables b/package/nftables/S35nftables new file mode 100644 index 0000000000..33de15c561 --- /dev/null +++ b/package/nftables/S35nftables @@ -0,0 +1,67 @@ +#!/bin/sh + +DAEMON="nftables" + +# Main ruleset file, override in /etc/default/nftables if you want a +# different location. The file should include a "flush ruleset" +# command to atomically replace any previous rules on reload (instead +# of adding to them). +NFTABLES_CONFIG="/etc/nftables.conf" + +# shellcheck source=/dev/null +[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON" + +# Run only if the ruleset file exists. +if [ ! -f "${NFTABLES_CONFIG}" ]; then + echo "${NFTABLES_CONFIG} does not exist, nothing to do." + exit 0 +fi + +start() { + printf "Loading nftables rules: " + /usr/sbin/nft --file "${NFTABLES_CONFIG}" + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +stop() { + printf "Clearing nftables rules: " + /usr/sbin/nft flush ruleset + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +restart() { + stop + start +} + +reload() { + FLUSH='flush ruleset' + if ! grep -q -x "$FLUSH" "${NFTABLES_CONFIG}"; then + printf 'WARNING: no "%s" in %s, duplicated rules likely\n' \ + "$FLUSH" "${NFTABLES_CONFIG}" + fi + start +} + +case "$1" in + start|stop|restart|reload) + "$1" + ;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac + +exit $? diff --git a/package/nftables/nftables.mk b/package/nftables/nftables.mk index c958f0eb26..380e553cde 100644 --- a/package/nftables/nftables.mk +++ b/package/nftables/nftables.mk @@ -57,6 +57,11 @@ define NFTABLES_LINUX_CONFIG_FIXUPS $(call KCONFIG_ENABLE_OPT,CONFIG_NF_TABLES_INET) endef +define NFTABLES_INSTALL_INIT_SYSV + $(INSTALL) -m 0755 -D package/nftables/S35nftables \ + $(TARGET_DIR)/etc/init.d/S35nftables +endef + $(eval $(autotools-package)) # Legacy: we used to handle it in this .mk From patchwork Wed Dec 4 18:29:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fiona Klute X-Patchwork-Id: 2018386 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y3QzW2d60z1yQg for ; Thu, 5 Dec 2024 05:29:43 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 58128607E2; Wed, 4 Dec 2024 18:29:41 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id o6a08ztVJZtd; Wed, 4 Dec 2024 18:29:40 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.142; helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 2443660B51 Received: from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142]) by smtp3.osuosl.org (Postfix) with ESMTP id 2443660B51; Wed, 4 Dec 2024 18:29:40 +0000 (UTC) X-Original-To: buildroot@buildroot.org Delivered-To: buildroot@buildroot.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists1.osuosl.org (Postfix) with ESMTP id 33BF01DD3 for ; Wed, 4 Dec 2024 18:29:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 17FB360901 for ; Wed, 4 Dec 2024 18:29:33 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id v15sefpqYR-1 for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=212.227.15.19; helo=mout.gmx.net; envelope-from=fiona.klute@gmx.de; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 864A1607B2 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 864A1607B2 Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by smtp3.osuosl.org (Postfix) with ESMTPS id 864A1607B2 for ; Wed, 4 Dec 2024 18:29:31 +0000 (UTC) X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from haruka.lan ([85.22.124.249]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MsHns-1tdAnh0tC6-013gQH; Wed, 04 Dec 2024 19:29:23 +0100 To: buildroot@buildroot.org Date: Wed, 4 Dec 2024 19:29:09 +0100 Message-ID: <20241204182913.4085670-3-fiona.klute@gmx.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241204182913.4085670-1-fiona.klute@gmx.de> References: <20241204182913.4085670-1-fiona.klute@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:9RWkEPrlwMAPmHh47uliClR9EEgng0DfrjQ63F7MVv/7C+TOt6j ozE/TnG11m9zH2nHXV2ydjMu3SAFqIgGLqYvIFc4qTB8LqLjkYNXKtNlb7pVpwHjqUQWO+R PkZWyYzbRRRxZOyHMD7QMLmCenyA35LP2QsaiMcZZ8+beSRDwqNoAaLp8tiiYJxib9c/XJZ Vg7sQUpVJ75AB0lpalQHg== UI-OutboundReport: notjunk:1;M01:P0:Cph3ivsHXpA=;drUX7bJuQHMiQ3uT5seNWgj8tAn W0eY3QDA7X44LKyusTkE6h1iW9ZkZTWi7Ys6uhc4jxlUgocrKquUzVg2/g7fRa/q6CUd5FdSI tjsiwtPlGX1mHraJTqp7k4sygZE1ffLx9KGhpwZMTk3ERTCfmfEFrM0BC4JkJfz7dKZEFnV5l lNgUWjm6LWIpDNb4nV7DDFOvzYNy2gGFHXxlL7Vu5eH4JN6HwUYVMZyN42yQftW1Q1eyzraRY /J1VVzDBlEdtrSganeiyi+IQ+l/3olW67dMeKNsJKah4s+s2rz5Nf3dQlNL9QJ14zl/R2uAi4 K2rwvSiYOt+5A7sJ05UTTrLV063qWzYErbsb5O2SaWo4GIiwY/E3uFUjMwEA0Y9Ofq5RQFIjn Trkq2UKfcyZqAHCJLBcil/o+zXtzAdMKj4tf0hXvVEyxSA249SOm7sjPYo3xYBUyNkBEAa5r1 IT7PAK+SA7elQwdZu2mBJcSJFG1kNsfLIUKsfqbotgOg65jwE9+qOiSHp8SOy49LD3vM0JimH BwRMv4zx4ufBBEhQZWzkEB1L05x6TUDV7Qse6vzic3VTxV9hUVEaV35fTkWEPTd53Snbrkb/V +P64uZh4CkPVK3tAYANoCsUCm/uFTa0lKuk/hg6uVVEyYh/DJBAusVg6fnCn+fu3gfFjZnuNY XlxSOIJHpFjLfNEMla23j3pbNUoM44w62rxwRYMs3jaipvWgumer4XVoHDaIBMwKlLX0SIsEw xxz3CAkuaYfnA83CvfDfW1acxJOxY2QS0qyQLTEifJA9dUgpUSW3jIl3OLqsU5C/GrUgH3T8y PBrh7rj/uQHWaeFHJezU+v49Nkx5ELwBrrPKl7m1igLMwQzIocd71g+dVHPvL2A6h9ngumX2l n6L/ziyHgqXnAcwCPfF37QOIqTxrS2smumtFiX9HKjsskNO9ijNzP4NgOGRSMa6+q3nroW+22 +1Yv//95E6Jvloyr2PYOMnifiQpjAZziYo9GZFbpzbXXcwm6y/cdGXtIeD58Yyx/Ku/d88VxU d8oFdp8285mxeERMQWGgA58QbrWPS6iOQYbpSsP9f0yqvnFfOvvfGR/jjRd/vi8EQcIN1WDZX zT2uPpl+cOS0cgNuikRJP7D/8xjY4I X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1733336963; x=1733941763; i=fiona.klute@gmx.de; bh=Jfc5qThGxO4e5pO2LePq+NoR/1Z+YCTJzsT978XdSjk=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=DRrPOaQnsyU11Zkeywt03NmpynzmsvR/IKnTh0Dfmhf11DEvZkZ4IprpiXKmWiM1 dsro8dXS3rgRo2MN1bXCpyncXNkiNqmOMy0plTAVIG13AveScInLEjuPuCIx4NDdU gYjHXgPeu4SJ2zNqGUoCij8xbHYljavtKzCFxM8M683jJP84kudajKBxW6QKXrARl QJ1gzqJVgE+RT2ePngngWeVIuViVnjrlvHX5NtlA/wpohd5mUZOYCvn76lYmpvTUf QwhvsacXmiYXpntqyb8XQp2VMkoZ9nTVSXA4qGZxofnhRkrQiEJ+hXmJ4YQbgJ4SP paG2EFs4kKKj1dk/Cg== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=gmx.de X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=gmx.de header.i=fiona.klute@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=DRrPOaQn Subject: [Buildroot] [PATCH v5 2/6] package/iptables: optionally default to nftables compat X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fiona Klute via buildroot From: Fiona Klute Reply-To: Fiona Klute Cc: Julien Olivain , Fiona Klute , Ricardo Martincoski Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" From: "Fiona Klute (WIWA)" For an nftables-based firewall setup it may be desirable to use iptables-nft as the "iptables" binary, in particular to better integrate legacy applications that do not support nftables directly and call iptables. If the BR2_PACKAGE_IPTABLES_NFTABLES_DEFAULT option introduced by this patch is enabled, iptables, iptables-restore, and iptables-save are symlinked to the -nft version of iptables. The -legacy options can still be called directly if desired. Signed-off-by: Fiona Klute (WIWA) --- Changes v3 -> v4: * set ip6tables symlinks when selecting nftables compat Changes v1 -> v2: * clarify commit message package/iptables/Config.in | 12 ++++++++++++ package/iptables/iptables.mk | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/package/iptables/Config.in b/package/iptables/Config.in index e6b12603e0..ef02c26242 100644 --- a/package/iptables/Config.in +++ b/package/iptables/Config.in @@ -24,6 +24,18 @@ config BR2_PACKAGE_IPTABLES_NFTABLES help Build nftables compat utilities. +if BR2_PACKAGE_IPTABLES_NFTABLES + +config BR2_PACKAGE_IPTABLES_NFTABLES_DEFAULT + bool "use nftables compat by default" + help + Make the nftables compat variant of iptables, iptables-save, + and iptables-restore the default. This only adjusts symlinks + in /usr/sbin, the legacy variants can still be called + directly. + +endif + comment "nftables compat needs a toolchain w/ wchar, dynamic library, headers >= 3.12" depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 || \ !BR2_USE_WCHAR || BR2_STATIC_LIBS diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk index 6712136962..dbf7fbf5e1 100644 --- a/package/iptables/iptables.mk +++ b/package/iptables/iptables.mk @@ -62,4 +62,16 @@ define IPTABLES_INSTALL_INIT_SYSV touch $(TARGET_DIR)/etc/iptables.conf endef +ifeq ($(BR2_PACKAGE_IPTABLES_NFTABLES_DEFAULT),y) +define IPTABLES_MAKE_NFTABLES_DEFAULT + ln -sf xtables-nft-multi $(TARGET_DIR)/usr/sbin/iptables + ln -sf xtables-nft-multi $(TARGET_DIR)/usr/sbin/iptables-restore + ln -sf xtables-nft-multi $(TARGET_DIR)/usr/sbin/iptables-save + ln -sf xtables-nft-multi $(TARGET_DIR)/usr/sbin/ip6tables + ln -sf xtables-nft-multi $(TARGET_DIR)/usr/sbin/ip6tables-restore + ln -sf xtables-nft-multi $(TARGET_DIR)/usr/sbin/ip6tables-save +endef +IPTABLES_POST_INSTALL_TARGET_HOOKS += IPTABLES_MAKE_NFTABLES_DEFAULT +endif + $(eval $(autotools-package)) From patchwork Wed Dec 4 18:29:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fiona Klute X-Patchwork-Id: 2018389 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y3Qzg1M1nz1yQg for ; Thu, 5 Dec 2024 05:29:51 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id D32A46090A; Wed, 4 Dec 2024 18:29:49 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id RzVRHDkLSPEX; Wed, 4 Dec 2024 18:29:49 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.142; helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org DBC5C60E49 Received: from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142]) by smtp3.osuosl.org (Postfix) with ESMTP id DBC5C60E49; Wed, 4 Dec 2024 18:29:48 +0000 (UTC) X-Original-To: buildroot@buildroot.org Delivered-To: buildroot@buildroot.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists1.osuosl.org (Postfix) with ESMTP id 770421DD3 for ; Wed, 4 Dec 2024 18:29:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 50AF460AF9 for ; Wed, 4 Dec 2024 18:29:35 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id EleRMdSL8Sjn for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=212.227.15.18; helo=mout.gmx.net; envelope-from=fiona.klute@gmx.de; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org B79E160812 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org B79E160812 Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by smtp3.osuosl.org (Postfix) with ESMTPS id B79E160812 for ; Wed, 4 Dec 2024 18:29:31 +0000 (UTC) X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from haruka.lan ([85.22.124.249]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MGQnP-1tQsl42QrF-006v1O; Wed, 04 Dec 2024 19:29:23 +0100 To: buildroot@buildroot.org Date: Wed, 4 Dec 2024 19:29:10 +0100 Message-ID: <20241204182913.4085670-4-fiona.klute@gmx.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241204182913.4085670-1-fiona.klute@gmx.de> References: <20241204182913.4085670-1-fiona.klute@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:N8hSj5Fx296mBjJjjWJOemKuCnWUlvEbQQOgk6qtu39CRH7h7F2 ZLJyjotxOtquprGrYCTAIn8ZIMEBwz/WeqlymKeMSaVBbBEDESBxi9Cnm2APHntR92JHPwK kLwHAI4ppW8/i15raIWE+FOwc6/qgEor3YWwBDfgQC+WhmJbZ8XOc8mib+eZW+y4vThJ2pn 9kxdqydLmQY70VDWG5NgQ== UI-OutboundReport: notjunk:1;M01:P0:iG93v612B2o=;PfgDk8JIAIt9Rfgmlq4sGdHcSVy bQtfLCDgkobtoEqebcylVKf1L5fzAzmzRgeaMHccu7YmYnoocE8mezWR77lZb8JzNUevXjojI 6Au+TY0mAKRBiiJXHZd6Zj6nWNER9OpYVW6+BpBunUwmhDIgkT0mvBHU/L3ZDr2yCsOMq7dFk lJ+7hcBeAQsTV9VSZ4NWDLjulbxwYue48AFSILiXBZMWdHDN+SEkVplxK/ZE+YKDYTYybsg13 5j27RtfZBgj1KrEa58YOJl1jLFW/qEZf6EMLwacg2UC22U15X2Hy4LEAZhyLV3DrcLjGa59u6 XWpzEXQtlus4GSjz4M6/n4LBCb1mDkLz+3fAXPEhQh1yuJptIlxsPpK2VPsNdNskNscXan+ns ko4oZI62LKB5jiQtFaTYqJQDnSdLOY4cJ0F+l+sTRadOMV6Lcb7SKct7pFzkmhvRsQIY6FWvD bfHHLB9hrOibB+tYDBcG68aMtNK5+B0Ous+e080JlzGZnrDdwN7GS5LU8oWiObE2o5g0XZiYp 7XSMOJoiwRdOCbfYIGCRtAH5ol/e6Mz9+2Towco9W3V9EKaiTMW488OK4pJeesfBM5Wk/Ervy 1saVpUM/wyaX9LW/xkx87AjaHy53UL1g91vPyApNNZ5uSbrJ5ZQWFfVhuAutW3n/npkB6MVay EnMd+kgqj2Wd64qXcllZOiLWRG5993gaPmrHg3ESHeI6vGeV9W1pJYZLxjlZX1HC7qLybGuEV yPk9wvqPvRAn1CkpRSOHxWYfgQT6e/WWZgJvljN5TkIC2ld4wkQeiN0+c7Drsh8FcJF2zVIwg tMFT1u9Km6D4sJ0qxxx55+YXDB+awftWOlkvKACqLrN8HBlf/tuulpNRHAmIKJz+2Cd2aj0Jh e5u8dCQ963ufCaRtoGdWSqNxU9DKQG+e1l2hgLvpEV/OEKkLxTQpvNsliwwDA20gy+zkTvVHI i3ACSd5u/lETCYi5q75fGnbUD4AjDJm7ZRxed75Yld9/Fu1r8Js6TKkL0xmxAJqB6VvU0feUi 8lCCKaPQFryERRoeEuZpAILG+TXjdxZ2fefJN5k5kSuGNpGsXkVMqAhSc6RWmqwi0kZ0uSoeZ f964LecPz92qPcVQF1cp1+xFCLLCAI X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1733336963; x=1733941763; i=fiona.klute@gmx.de; bh=kxlReBV+pCRqJl1RtN0A0p2gocOCn8NK3o4RiC8lHts=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=pRx9ppEtekSVPf6rf7suA3Y+kzYl8Hh3RQJCGJ20l2p0lTPZKbFKu5gxiDYu1wGT 5/zXhojgARMY48P5lc6Co8ieH0RzfRBoimOgVeC3Yz1mTf7VTBi0d6N4CPNXvSVTs E9qU3hPrMowSJt5gY1avo+gsTWhuQz+7I4e0uzg0HmcbyNC9kbKTKQr98iiKlG0Up 7lAJohVqpMkKQ2CLdfkSmfg9z64rAw8vlJxQUIrTdWhHHrpy1ZGE8KbLClqC5ZMhX zxn3dFts4zAPdAHQucaz06TC3v46gF7DdbWB/huBtWWZj+sllX/XKVi22FLsibN3V J90Vd+sPAGvoArnkbQ== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=gmx.de X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=gmx.de header.i=fiona.klute@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=pRx9ppEt Subject: [Buildroot] [PATCH v5 3/6] package/iptables: check for rules in init script X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fiona Klute via buildroot From: Fiona Klute Reply-To: Fiona Klute Cc: Julien Olivain , Fiona Klute , Ricardo Martincoski Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" From: "Fiona Klute (WIWA)" Instead of installing an empty rules file, the init script now checks if the rules file exists and does nothing if it doesn't. The "save" action is exempt from that limit because it may be used to create the rules file. Also fix the shellcheck warning about the unused IPTABLES_ARGS variable, and use long form options for iptables commands. Signed-off-by: Fiona Klute (WIWA) --- Changes v4 -> v5: * iptables init script: run any target only if rules file exists, except for "save" (which may be used to create it) Changes v2 -> v3: * replace "iptables -F" with "iptables --flush" .checkpackageignore | 1 - package/iptables/S35iptables | 16 +++++++++++----- package/iptables/iptables.mk | 1 - 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.checkpackageignore b/.checkpackageignore index b793026881..767e3bb21d 100644 --- a/.checkpackageignore +++ b/.checkpackageignore @@ -612,7 +612,6 @@ package/ipmitool/0002-Fix-enterprise-numbers-URL.patch lib_patch.Upstream package/ipmitool/0003-Do-not-require-the-IANA-PEN-registry-file.patch lib_patch.Upstream package/ipmitool/0004-configure.ac-allow-disabling-registry-downloads.patch lib_patch.Upstream package/iprutils/0001-configure.ac-add-AC_USE_SYSTEM_EXTENSIONS.patch lib_patch.Upstream -package/iptables/S35iptables Shellcheck package/irda-utils/0001-daemon.patch lib_patch.Sob lib_patch.Upstream package/irda-utils/0002-nommu.patch lib_patch.Sob lib_patch.Upstream package/irda-utils/0003-subdir.patch lib_patch.Sob lib_patch.Upstream diff --git a/package/iptables/S35iptables b/package/iptables/S35iptables index a2de29d222..fc42fc9a8c 100644 --- a/package/iptables/S35iptables +++ b/package/iptables/S35iptables @@ -2,11 +2,18 @@ DAEMON="iptables" -IPTABLES_ARGS="" +IPTABLES_CONF="/etc/iptables.conf" + +# Run only if IPTABLES_CONF exists, except when the action is "save" +# (which creates it). +if [ ! -f "${IPTABLES_CONF}" ] && [ "$1" != "save" ]; then + echo "${IPTABLES_CONF} does not exist, nothing to do." + exit 0 +fi start() { printf 'Starting %s: ' "$DAEMON" - iptables-restore /etc/iptables.conf + iptables-restore "$IPTABLES_CONF" status=$? if [ "$status" -eq 0 ]; then echo "OK" @@ -18,7 +25,7 @@ start() { stop() { printf 'Stopping %s: ' "$DAEMON" - iptables -F + iptables --flush status=$? if [ "$status" -eq 0 ]; then echo "OK" @@ -30,13 +37,12 @@ stop() { restart() { stop - sleep 1 start } save() { printf 'Saving %s: ' "$DAEMON" - iptables-save -f /etc/iptables.conf + iptables-save --file "$IPTABLES_CONF" status=$? if [ "$status" -eq 0 ]; then echo "OK" diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk index dbf7fbf5e1..e7495c1085 100644 --- a/package/iptables/iptables.mk +++ b/package/iptables/iptables.mk @@ -59,7 +59,6 @@ endef define IPTABLES_INSTALL_INIT_SYSV $(INSTALL) -m 0755 -D package/iptables/S35iptables \ $(TARGET_DIR)/etc/init.d/S35iptables - touch $(TARGET_DIR)/etc/iptables.conf endef ifeq ($(BR2_PACKAGE_IPTABLES_NFTABLES_DEFAULT),y) From patchwork Wed Dec 4 18:29:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Fiona Klute X-Patchwork-Id: 2018387 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y3QzY4Xvcz1yQg for ; Thu, 5 Dec 2024 05:29:45 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 4F99A60873; Wed, 4 Dec 2024 18:29:44 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 5ArMAP9ean2v; Wed, 4 Dec 2024 18:29:43 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.142; helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org A172860E49 Received: from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142]) by smtp3.osuosl.org (Postfix) with ESMTP id A172860E49; Wed, 4 Dec 2024 18:29:42 +0000 (UTC) X-Original-To: buildroot@buildroot.org Delivered-To: buildroot@buildroot.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists1.osuosl.org (Postfix) with ESMTP id 364B61DDD for ; Wed, 4 Dec 2024 18:29:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 1672484437 for ; Wed, 4 Dec 2024 18:29:33 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id Gkjx8cndxjnx for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=212.227.15.18; helo=mout.gmx.net; envelope-from=fiona.klute@gmx.de; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 4F9BE84436 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4F9BE84436 Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4F9BE84436 for ; Wed, 4 Dec 2024 18:29:30 +0000 (UTC) X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from haruka.lan ([85.22.124.249]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MfHEP-1tqYn23zFT-00qfi0; Wed, 04 Dec 2024 19:29:24 +0100 To: buildroot@buildroot.org Date: Wed, 4 Dec 2024 19:29:11 +0100 Message-ID: <20241204182913.4085670-5-fiona.klute@gmx.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241204182913.4085670-1-fiona.klute@gmx.de> References: <20241204182913.4085670-1-fiona.klute@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:9CfxQ9Alaut7pY9ZJJfgwWIt8maTn5uH3Jd+lz4YmJ58lH0cHL/ ryTZMYxyvqzPlS6UTojalAZjc9EF1Nfn3ec2/aoSZSXWHhfvfbB7gvTkfSRJS+T8yetb2Pu tTKGPqY9CqATs0BQ2VWALBA8ZNx9MW9dLqM6C+Tk2g2nQtgcfIGvCgvVpcDfZDTKI8G6mKH QWD9thWq8WKEE3rxAGJOQ== UI-OutboundReport: notjunk:1;M01:P0:JT5bcvX1j8M=;2I3cOb77SR0fvs2OTYkqseh9Pcz 5iPji+3O3RWzxj1xwqDy+ZwVHeeTidITlFi1UKeCLOvt+JO5Dm9IJyYuCyxQau5XWgA0L4pzd eFjc+T05aOFoom5qxL6kXAKsJevj6nn7MCbS0fbiRbQGWcUl757cCV1X1PCn+Icow4+tHo7Ki iVMWx8izYUmEkkpIlxBO/3W4qLUI0z2VIDfOC3rYBlt6ZgO4+EQFTGld4O7qtxBIcJY2l2t9x I4UiLb/pYQBVI91Daz1JutT3c9SnnONhvwPXdlhHH54S/ijADIPwjlyVYV54m54eEHrtXicC2 4jmj/IhNACwjGoqDWGY4kRoYHkOiUaSTzgOqd1a1P8EDSUIVthooJIq5kR1B9g9hzpxVDxSO0 ytRzR4R3TnPaNF9zRQ0LjRTxT7YTEmOs/Jn02+08+N796uUNiabBK/9kB7VDdJXTQ4wMLsKiF AbEiNBR7FNTP36/FhPTUAK6T3wKVSroqgJEYY9pgE4r8sn1RvN2U51CALtGLhC+jCUAQtrH/B RjFD8c68OFq6tFvQ3MZJgrdSxTqIvNQrt4zMWsgT3BbGel5ZcSk/H8ihnYtvIpvgEcbDvR5RJ I/qNVEHHqLX/6WIfpJaPehfhhueVYkzeb8x9oKQmKMWvdvEmaL9AjvxGT4Cu8W7SlA01bN9rj cA1rwGq3wDy3gWQCeQWRVj2X/dlk/dSBsNfj3IfxJOI+yoFuTwq+rnTqifcehhxWeANrotxwx Z+rHEq+7olq0sHUqKC9JNONcq7p5fAspUXNrA+7Ji85jxkfy3PmPeKS2xevZZ5wkh8PiK/ZHE z+XWq00I6DXVRHstQQnrpBjofJS2saBtg3bftxqnpJm2a/waATnqJsEibDjCvX3dr/OvFnj1o Vub80i8lHFhMMEqkBPNHrHH1Hwj6o1TIsRuf2H6kRA7EKS+BLG2rRPleNAEMFjtxqMwmESkoz JqG8fVPMxh+EHb0Xhh9ScZCGsXYPGQMobtrFC9mnDb5sQrghMhNbnkqbVb5mjDPtLKVzzNZhx 71GmZ0NqkispQNmBFjeozjNwP5wvSQJ10LBLP+kC8iC84Ln5QsVlSZ+xCO2W5va/CflpL7TNU tqBxlPo1FQu3o0neUx0wuukrhOa8Y9 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1733336964; x=1733941764; i=fiona.klute@gmx.de; bh=y0uzZdZAkT3/JkVeZzF/zxWNrAhKMNe5juprGxmmH/8=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Type:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=IzZKexuaMOn60OymtilQT4AZ8fzfsj17YzhdY3q3N/IGovs2UG8uy73cZbjQ5diw QHWKv3JVO1dahtT2tV7GfDcOTUbcKK/JPq7bBxegOfcEUThH+UfQpynKOEMHkY7cI h1AQnGujX7ZBGUj0WaECaGF9OMevsYLblskNFkmLfM667Qu0gmmQfXm/o/f4FtiMw zOp4bp2meNLIRT61XSc1j1ZMNuOAC+wvPYU+bq/EWCJ4NsaQocLACQZGDeDP0Zb8k 37FUwWEaL+AZPBNBBxn5ziZntSrUg/rzGWLNnTe4Pa56Cm6idsj8mgNsqgiqNZ8tF ljslJEwSS5Jc5CAghQ== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=gmx.de X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=gmx.de header.i=fiona.klute@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=IzZKexua Subject: [Buildroot] [PATCH v5 4/6] support/testing: test for nftables init script X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fiona Klute via buildroot From: Fiona Klute Reply-To: Fiona Klute Cc: Julien Olivain , Fiona Klute , Ricardo Martincoski Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" From: "Fiona Klute (WIWA)" The new test checks that a pre-defined rules file can be loaded and works as expected, and that after flushing the blocked IP responds to ping again. Signed-off-by: Fiona Klute (WIWA) --- DEVELOPERS | 1 + .../testing/tests/package/test_nftables.py | 37 ++++++++++++++++++- .../rootfs-overlay/etc/nftables.conf | 8 ++++ 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 support/testing/tests/package/test_nftables/rootfs-overlay/etc/nftables.conf diff --git a/DEVELOPERS b/DEVELOPERS index aedd736772..9d1a6b0def 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -1099,6 +1099,7 @@ F: package/python-dunamai/ F: package/python-poetry-dynamic-versioning/ F: package/python-pyasynchat/ F: package/python-pyasyncore/ +F: support/testing/tests/package/test_nftables.py N: Flávio Tapajós F: configs/asus_tinker-s_rk3288_defconfig diff --git a/support/testing/tests/package/test_nftables.py b/support/testing/tests/package/test_nftables.py index 142e7d0352..2622c7e822 100644 --- a/support/testing/tests/package/test_nftables.py +++ b/support/testing/tests/package/test_nftables.py @@ -85,7 +85,7 @@ class TestNftables(infra.basetest.BRTest): # supposed to fail earlier is now supposed to succeed. self.assertRunOk(ping_test_cmd) - def test_run(self): + def boot_vm(self): img = os.path.join(self.builddir, "images", "rootfs.cpio.gz") kern = os.path.join(self.builddir, "images", "Image") self.emulator.boot(arch="aarch64", @@ -97,6 +97,9 @@ class TestNftables(infra.basetest.BRTest): "-initrd", img]) self.emulator.login() + def test_run(self): + self.boot_vm() + # We check the program can execute. self.assertRunOk("nft --version") @@ -107,3 +110,35 @@ class TestNftables(infra.basetest.BRTest): # We run again the same test sequence using our simple nft # python implementation, to check the language bindings. self.nftables_test(prog="/root/nft.py") + + +class TestNftablesInit(TestNftables): + config = TestNftables.config + \ + """ + BR2_INIT_BUSYBOX=y + """ + + def test_run(self): + self.boot_vm() + + # start with known state (rules from /etc/nftables.conf) + self.assertRunOk("/etc/init.d/S35nftables reload") + + # Same concept as in TestNftables.nftables_test: The rules + # should allow ping to 127.0.0.1, but not 127.0.0.2. + ping_cmd_prefix = "ping -c 3 -i 0.5 -W 2 " + self.assertRunOk(ping_cmd_prefix + "127.0.0.1") + _, exit_code = self.emulator.run(ping_cmd_prefix + "127.0.0.2") + self.assertNotEqual(exit_code, 0) + + # Stop should flush the rules, ping to both addresses should + # work now. + self.assertRunOk("/etc/init.d/S35nftables stop") + self.assertRunOk(ping_cmd_prefix + "127.0.0.1") + self.assertRunOk(ping_cmd_prefix + "127.0.0.2") + + # Start is essentially the same as reload, check that + # 127.0.0.2 gets blocked again. + self.assertRunOk("/etc/init.d/S35nftables start") + _, exit_code = self.emulator.run(ping_cmd_prefix + "127.0.0.2") + self.assertNotEqual(exit_code, 0) diff --git a/support/testing/tests/package/test_nftables/rootfs-overlay/etc/nftables.conf b/support/testing/tests/package/test_nftables/rootfs-overlay/etc/nftables.conf new file mode 100644 index 0000000000..a04af1d634 --- /dev/null +++ b/support/testing/tests/package/test_nftables/rootfs-overlay/etc/nftables.conf @@ -0,0 +1,8 @@ +flush ruleset + +table inet filter { + chain input { + type filter hook input priority filter; policy accept; + ip daddr 127.0.0.2 icmp type echo-request drop + } +} From patchwork Wed Dec 4 18:29:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fiona Klute X-Patchwork-Id: 2018384 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y3QzS3Zvdz1yQg for ; Thu, 5 Dec 2024 05:29:40 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id D2DA7412AC; Wed, 4 Dec 2024 18:29:38 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id n_TqysSoJwsS; Wed, 4 Dec 2024 18:29:37 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.142; helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org AE2134130D Received: from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142]) by smtp4.osuosl.org (Postfix) with ESMTP id AE2134130D; Wed, 4 Dec 2024 18:29:37 +0000 (UTC) X-Original-To: buildroot@buildroot.org Delivered-To: buildroot@buildroot.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists1.osuosl.org (Postfix) with ESMTP id 14BCA1DDB for ; Wed, 4 Dec 2024 18:29:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 02A464130D for ; Wed, 4 Dec 2024 18:29:33 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id eZgdGBTEZIhs for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=212.227.15.19; helo=mout.gmx.net; envelope-from=fiona.klute@gmx.de; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 9F27F412AC DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 9F27F412AC Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by smtp4.osuosl.org (Postfix) with ESMTPS id 9F27F412AC for ; Wed, 4 Dec 2024 18:29:31 +0000 (UTC) X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from haruka.lan ([85.22.124.249]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MnaoZ-1u2ARV1JxN-00ZfCU; Wed, 04 Dec 2024 19:29:24 +0100 To: buildroot@buildroot.org Date: Wed, 4 Dec 2024 19:29:12 +0100 Message-ID: <20241204182913.4085670-6-fiona.klute@gmx.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241204182913.4085670-1-fiona.klute@gmx.de> References: <20241204182913.4085670-1-fiona.klute@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:cQMlyh/P6UCXVvzJI/ajaRoPUJ5tKC4Ga6iVzHgqgSgnCtKZ4v1 Q0284p7pKFWkRyaMNA7gGWHADfTvm7AmsZ5Guu+Ib4KQ+P4fZRMuhFY3ksEH2tBmUBsgN18 0Su+nPha7i54QsWFb9laJOiDtuFBA+LUkI5MsZb5qtjAj3QoL/Mre2N165CX5KyBGvkUj7m VzJWW+sXXtQkl4dQ0sogg== UI-OutboundReport: notjunk:1;M01:P0:9shwe/jfxRA=;CIVj+JXKsFlUdzygFpexz84lSGY tzYavJ+/eVzB54wbTgiHky9P1FoYAh/dsIMgRrIpmS6ViwB5oV1wnaT3v9T7gMtFYnrnmuR9H mJ8x7Spe1j8bLjjgazikZg06Cl8x3glgah3z1C022/WFNas3fivW9vw3hY0YXFzejj3gka35D M2TnnC9CQDtbON8hzdKaA3dRaY3vJ6xvgXIBy91VKP/izg07vPCzakOcQxMgrJILIHyh2v4VK +BeCjSoKapfWNlFu4uT2F/4zQKZtPs4ZDx+tvUAl9qf0HQ41SecnyaQ24X8IM5zwLdEX76Bdq ZSsCasWSVNfbm8NfgMY4VUeQQWlwC/ugPA4hAnd8p1kvWBxLALR/1qadmHf0e0NS4owagEcW8 z+xoAwzQwjRJVqCYSvSmj4UX+5hwgx/plvueqrb/uRfmcmzv3rU4+x8qyekeytGGxjg0fagWQ uA9jJ/gppXOOA/F1rfzOvUSUiTq+MRVtOpbJtZXcusOaCJyOejlgj1CPOEWmeX2o+Viy5cDWL 70sVrU8/ReOBjD3VG2VgtB5JfkVwxxCZiMyuz76gm2lBaRW1Yo9LobpqZO5TBRHMTF7zbVTyc 9APpZGbj/nA1xoPmNRExxhKPElFNjt1QUHdsGaZ7+5+L8NpAMBWwPqRcPkc03HzsKfgLVLblO FDpiTq6dSehV0oNReI0ggDIfXXybN/4IORnEyJTb5pwrgH4bIlEZdJQKrXFQtK9H+Bt0e0XnC Ql7w7rnv5QIPUazHvWaUmDbJxnQO/00n0uueJjMKIU+hD8+ehXamwgKUe1++rjewHOMkLD1n1 WrhL6p29x8qxmVVzIhhmE5TEi12oRy4KOxmLzs9fxpsJrVRQZOWVOMEuaFNUn+7aEcxSEUbEU mtAjDBR+BiZyX1+sqWZ+Hiyc6cOz5L63HpRkO3sSofz6H1rUlVj1286MZ9mFgv3w9c9gm9tzl SRQdKZAByLULfz4xYmHRclTklZkf9I3CP/aS4AyE9cjBe9AiuKtFO7fCa6DDvnQvITLeba/AA UU4hgQSN2ekBiB88jmWDz8O/uyYyp1N1Locgn4fFEIUH3ZCnSaACHHG3MQ2I/tjz9ctZOsBA2 BeX47DaQ4WzvvaDRZh7tLZ0xth9F1G X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1733336964; x=1733941764; i=fiona.klute@gmx.de; bh=Wzj+BtLvoZJX+sM6IKjX2VtFwfjGvCJ+14Ipggpzg9w=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=CPZjLnRgN+1BkF1VkuRvPqr5G17jYvUo6WaLG3Y8aNH0YYFp75tcQA7k4pihKOae fGRRzUZR96N1OlTXti9Cw5B7amqphiHXw3AhUSEev41mMryz+LIWXiU3oh1iPzc1L 2+b1zTFrKVLU35tois9ozwk5gk+V/oK3My625Nua19DGuoWyYU2t8SnBw1rsQi/tx l3v4LgwYWoKprs00G6/dSk8V4KC+Gx1Xm+MJ13+cf+x/v9n4siLQ6DnBuNEccCoA4 paEy2ma1GC2tyqC1LFRtscocDmg6eEr9sMZnyCuKch4Q7I5YahJB1vbII7KxFZ0HF TQ0O5fd/icucUPFdqw== X-Mailman-Original-Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=gmx.de X-Mailman-Original-Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=gmx.de header.i=fiona.klute@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=CPZjLnRg Subject: [Buildroot] [PATCH v5 5/6] support/testing: include init script in iptables test X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fiona Klute via buildroot From: Fiona Klute Reply-To: Fiona Klute Cc: Julien Olivain , Fiona Klute , Ricardo Martincoski Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" From: "Fiona Klute (WIWA)" Check a save/start/stop cycle based on the rules created by direct commands in the pre-existing test. Signed-off-by: Fiona Klute (WIWA) --- Changes v2 -> v3: * remove change to init script that belongs in patch 3 support/testing/tests/package/test_iptables.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/support/testing/tests/package/test_iptables.py b/support/testing/tests/package/test_iptables.py index 924a483ddb..6e4db0ac06 100644 --- a/support/testing/tests/package/test_iptables.py +++ b/support/testing/tests/package/test_iptables.py @@ -11,6 +11,7 @@ class TestIptables(infra.basetest.BRTest): """ BR2_aarch64=y BR2_TOOLCHAIN_EXTERNAL=y + BR2_INIT_BUSYBOX=y BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y @@ -70,9 +71,26 @@ class TestIptables(infra.basetest.BRTest): _, exit_code = self.emulator.run(ping_test_cmd) self.assertNotEqual(exit_code, 0) + # Save the current rules to test the init script later. + self.assertRunOk("/etc/init.d/S35iptables save") + # We delete our only rule #1 in the INPUT chain. self.assertRunOk("iptables --delete INPUT 1") # Since we deleted the rule, the ping test command which was # supposed to fail earlier is now supposed to succeed. self.assertRunOk(ping_test_cmd) + + # Load the rules as saved before. + self.assertRunOk("/etc/init.d/S35iptables start") + + # Ping to 127.0.0.2 is expected to fail again. + _, exit_code = self.emulator.run(ping_test_cmd) + self.assertNotEqual(exit_code, 0) + + # And flush the rules again. + self.assertRunOk("/etc/init.d/S35iptables stop") + + # Since we deleted the rule, the ping test command which was + # supposed to fail earlier is now supposed to succeed. + self.assertRunOk(ping_test_cmd) From patchwork Wed Dec 4 18:29:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fiona Klute X-Patchwork-Id: 2018385 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Y3QzS4zmKz1yRL for ; Thu, 5 Dec 2024 05:29:40 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 0807060B2E; Wed, 4 Dec 2024 18:29:36 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id ilyB9bkL49Ph; Wed, 4 Dec 2024 18:29:35 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.142; helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org A0F36608A5 Received: from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142]) by smtp3.osuosl.org (Postfix) with ESMTP id A0F36608A5; Wed, 4 Dec 2024 18:29:34 +0000 (UTC) X-Original-To: buildroot@buildroot.org Delivered-To: buildroot@buildroot.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists1.osuosl.org (Postfix) with ESMTP id D49D41DD1 for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id B68AB84440 for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 46Tr1QaZNImi for ; Wed, 4 Dec 2024 18:29:32 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=212.227.15.18; helo=mout.gmx.net; envelope-from=fiona.klute@gmx.de; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 90DFE84437 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 90DFE84437 Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by smtp1.osuosl.org (Postfix) with ESMTPS id 90DFE84437 for ; Wed, 4 Dec 2024 18:29:31 +0000 (UTC) X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from haruka.lan ([85.22.124.249]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MNKhs-1szhFu2oZe-00YjJl; Wed, 04 Dec 2024 19:29:24 +0100 To: buildroot@buildroot.org Date: Wed, 4 Dec 2024 19:29:13 +0100 Message-ID: <20241204182913.4085670-7-fiona.klute@gmx.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241204182913.4085670-1-fiona.klute@gmx.de> References: <20241204182913.4085670-1-fiona.klute@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:qX67tEQZYXYbdsJ0wfb5Ep4BpyVlvV4xqzdByH+ZKM6McXik1MN wmVh9w4A10GdfYFklDUtMHO4+gHniCn2vDpkJUsVTTaWzwoKOp7dyHpfg45ePqxYc0AP1m3 cY8dN4nVhsjj6ftuSk2hhwor82UCZ67JccB8lrZDEzmD5+tpVDoV0dWQk8TqOJbCU3Z5cRx f9ZErL8734x8jdPl3wf9Q== UI-OutboundReport: notjunk:1;M01:P0:AWjK9GSDfJ4=;mzoTznsgRjj/eclGBlDNDNAEj30 g+R4n3RcuRtAVFhyCmPoQrBiFAQs4NNjl02t7k9UI8x5dA+XnSMj2w7qlXpik+VXOCCKsLgVx 4iWp7A8nCT0lLLuENaDNyHXY8zhLmELO5lHczJw9/AkbhJ8Y200cz/G6ANTBhLej5Skw5q0+V SM/8eCdH0x1Oa/BDS+kRtyiSimpa9J5zEo6t/8E3BX6yimZQ7scO0O6SzmmR4LG9FhC41EbKv GI3xmSc5qjBJ3Rik8+l4kBLBtUIXzvYSgX1YMLxszp7bFhpaCc8NG1uwAlUPbE5N6hsI12CPU YYEr09ezOQwacRWBequeqjBb3EQceO67Y2rXWV1MXz00VKZVHLo/W3VSBxi1ioFwhJPs7Htwk jACZqzIjasOPjyvLUpzmtwu3nu6oIMak4hLC0w9fg65x71OdCSvSN4y/tA4B2bV1fePSDdwt6 OfnoBLVUaRrU4+04771TxEKbzUM83Rqhc06+puWNd+D3919K3lXLahYXg8GvzgOU7VfhhFkp4 RLnlkA6lKwdGahfuxIbrFOTljL8Owt9SIs1KGX2SAcVxQKSLuIxyqpWd+1uXDAce9UnPH349Z TDDAyIf1yGNWlZds5k9ejuOBo2ygDAE0JsjWwEZHFxo0aUrw4BvSafX/IYizzbt2C6Ad7ef8v /dUkaGHa3jjZ961MrNXMMQ/b2zSFODNMKPM6nV1At0tyl5AqwifYHeo4+GWdEpfi6PGPI5SvN xjLx4slVmg7F2BwmW5DIMeQSGt4aDSTntzU3jOI6AJZmwkkomNLdhOOlpLIhLN+E2j1QrhsR2 eXLtp/i96GoR3ID4c7yupYgVzafGswtqtDuhdAhKdTRhTjYk29dCXmYIL8bNRFnSoLhKCW/i0 +M8D5GSMp7KmaOHQKtsQ4TLfchL9zjT6hTMPC9dTA9vZOI4VCtVkvDBB/nzHLNFnq1OrAF3SM Y33TPjcCUj/zDNy6aG0yiDMnYFa0QLEXXWHW6yoEB/TEoJxeoB3l5FBhZReqEo1RwuLvjafVP SAfmJMbmgig7DY1vkqnQ0IVU7d9oqKAMfLSnnqFVHo1myLOXUeXCey8IrbPOneec/QK47JNNf mlHuhWdFr78I4yLQq1ph78CR7SG7Yz X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1733336964; x=1733941764; i=fiona.klute@gmx.de; bh=mQN83VIy5NdC1eMw45hZxdwCVw/EQHm1OzSG+gjkAGE=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=Yk0kNvouitV+C1EI3nHs8ypV/EC1C46ttAbwqZhHdkx4Y73LPmt33camAZrytOEb TvSXIp6N5AfPieVdmo6s7WJZaafolPLgCr4jYsnCNjHqeEwrRqYoRJ4ma9KiRUT4C r81Hx9r9dhyR2WHxen9xqSTGd1PdGg+3B8ey/8u16pp1yq8p7qN/LSSVh07rV/Gww OScRlzLPjpVr8vWrljE5VXuakPWVMbA74oGE5l1kMp6/huoKRwhav/xruzQNrHulx HxmiY5xPDZlRncGVr7P9no6888B+H5yE9UXgKKDrPSFEUAGLUu+5UwQKjPv9bP9HW bC7q0wVWuoIFrhzd0A== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=gmx.de X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmx.de header.i=fiona.klute@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=Yk0kNvou Subject: [Buildroot] [PATCH v5 6/6] support/testing: fix MyPy warnings about BRConfigTest X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fiona Klute via buildroot From: Fiona Klute Reply-To: Fiona Klute Cc: Julien Olivain , Fiona Klute , Ricardo Martincoski Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" From: "Fiona Klute (WIWA)" This removes warnings in editors/IDEs with MyPy typechecking integration. Test classes override "config" with strings (different type than None). Signed-off-by: Fiona Klute (WIWA) --- I haven't seen any other type annotations in the testing code, if they're not welcome please just drop this patch from the series. Personally I think they're good to avoid bugs. support/testing/infra/basetest.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/support/testing/infra/basetest.py b/support/testing/infra/basetest.py index 1ae6232da8..4f020e8a93 100644 --- a/support/testing/infra/basetest.py +++ b/support/testing/infra/basetest.py @@ -24,8 +24,8 @@ MINIMAL_CONFIG = \ class BRConfigTest(unittest.TestCase): """Test up to the configure stage.""" - config = None - br2_external = list() + config: str + br2_external: list[str] = list() downloaddir = None outputdir = None logtofile = True