diff --git a/hack/scripts/rpm-builddep.sh b/hack/scripts/rpm-builddep.sh index 4d62b461..e78a1ea0 100755 --- a/hack/scripts/rpm-builddep.sh +++ b/hack/scripts/rpm-builddep.sh @@ -16,9 +16,10 @@ arch=$1 specsDir=$2 +shift 2 if [[ -z "$arch" ]] || [[ -z "$specsDir" ]]; then - echo "usage: ./rpm-builddep " >&2 + echo "usage: ./rpm-builddep [extra-args...]" >&2 exit 1 fi @@ -35,4 +36,4 @@ else fi set -x -$builddepCmd -y "$specsDir"/*.spec +$builddepCmd "$@" -y "$specsDir"/*.spec diff --git a/hack/scripts/verify-rpm-init.sh b/hack/scripts/verify-rpm-init.sh index f92ed2ef..3ff87453 100755 --- a/hack/scripts/verify-rpm-init.sh +++ b/hack/scripts/verify-rpm-init.sh @@ -37,7 +37,7 @@ case "$pkgrelease" in dnf install -y findutils dnf-plugins-core oraclelinux-release-el9 oracle-epel-release-el9 dnf config-manager --enable ol9_addons ol9_codeready_builder ;; - fedora*) + fedora*|rhel*) dnf install -y findutils dnf-plugins-core ;; rockylinux8|almalinux8) diff --git a/pkg/docker-engine/Dockerfile b/pkg/docker-engine/Dockerfile index 9268f78b..df307a77 100644 --- a/pkg/docker-engine/Dockerfile +++ b/pkg/docker-engine/Dockerfile @@ -148,8 +148,16 @@ RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm- rpm-init $DISTRO_NAME COPY rpm /root/rpmbuild/SPECS ARG TARGETPLATFORM -RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \ - rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS +RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep <= 1.7.27), docker-ce-cli, iptables, + nftables, ${shlibs:Depends} Recommends: apparmor, ca-certificates, diff --git a/pkg/docker-engine/rpm/docker-ce.spec b/pkg/docker-engine/rpm/docker-ce.spec index f0389742..2f4aec68 100644 --- a/pkg/docker-engine/rpm/docker-ce.spec +++ b/pkg/docker-engine/rpm/docker-ce.spec @@ -20,6 +20,7 @@ Recommends: docker-ce-rootless-extras Requires: container-selinux Requires: systemd Requires: iptables +Requires: nftables %if %{undefined rhel} || 0%{?rhel} < 9 # Libcgroup is no longer available in RHEL/CentOS >= 9 distros. Requires: libcgroup @@ -35,6 +36,9 @@ BuildRequires: gcc BuildRequires: glibc-static BuildRequires: libarchive BuildRequires: libtool +%if 0%{?_no_libnftables} == 0 +BuildRequires: nftables-devel +%endif BuildRequires: make BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) diff --git a/pkg/docker-engine/scripts/pkg-rpm-build.sh b/pkg/docker-engine/scripts/pkg-rpm-build.sh index 56dcebca..3a5470f4 100755 --- a/pkg/docker-engine/scripts/pkg-rpm-build.sh +++ b/pkg/docker-engine/scripts/pkg-rpm-build.sh @@ -58,11 +58,23 @@ export GO111MODULE=$(check-gomod) xx-go --wrap fix-cc +no_libnftables=0 +case "$DISTRO_NAME" in + rhel*) + # The nftables-devel package is only available in RHEL CRB. For now, build + # with tag "no_libnftables", so dockerd will exec the nft tool, and this + # package is not required. Note that this '--define' is also defined in + # the Dockerfile to install build dependencies. + no_libnftables=1 + ;; +esac + rpmDefine=( --define "_version ${GENVER_PKG_VERSION}" --define "_origversion ${GENVER_VERSION}" --define "_release ${PKG_RPM_RELEASE:-${GENVER_RPM_RELEASE}}" --define "_commit ${GENVER_COMMIT_SHORT}" + --define "_no_libnftables ${no_libnftables}" ) pkgoutput="${OUTDIR}/${DISTRO_RELEASE}/${DISTRO_SUITE}/$(xx-info arch)" @@ -75,6 +87,9 @@ case "$DISTRO_NAME" in export DOCKER_BUILDTAGS="exclude_graphdriver_btrfs $DOCKER_BUILDTAGS" ;; esac +if [ "$no_libnftables" -eq 1 ]; then + export DOCKER_BUILDTAGS="no_libnftables $DOCKER_BUILDTAGS" +fi set -x diff --git a/pkg/docker-engine/verify.Dockerfile b/pkg/docker-engine/verify.Dockerfile index 6eaf7f49..1be08380 100644 --- a/pkg/docker-engine/verify.Dockerfile +++ b/pkg/docker-engine/verify.Dockerfile @@ -28,6 +28,7 @@ FROM scratch AS scripts FROM ${DISTRO_IMAGE} AS base FROM base AS verify-deb +RUN apt-get update && apt-get install -y libnftables1 COPY --from=xx / / ARG DISTRO_RELEASE ARG DISTRO_ID @@ -48,7 +49,7 @@ RUN --mount=from=bin,target=/build <