internal/rosa: iptables artifact

This also pulls in netlink libraries from netfilter project.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/rosa/all.go

@@ -69,6 +69,7 @@ const (
 	Gzip
 	Hakurei
 	HakureiDist
+	IPTables
 	Kmod
 	LibXau
 	Libbsd
@@ -79,6 +80,8 @@ const (
 	Libffi
 	Libgd
 	Libmd
+	Libmnl
+	Libnftnl
 	Libtool
 	Libseccomp
 	Libucontext

internal/rosa/netfilter.go

@@ -0,0 +1,149 @@
+package rosa
+
+import "hakurei.app/internal/pkg"
+
+func (t Toolchain) newLibmnl() (pkg.Artifact, string) {
+	const (
+		version  = "1.0.5"
+		checksum = "DN-vbbvQDpxXJm0TJ6xlluILvfrB86avrCTX50XyE9SEFSAZ_o8nuKc5Gu0Am7-u"
+	)
+	return t.NewPackage("libmnl", version, pkg.NewHTTPGetTar(
+		nil, "https://www.netfilter.org/projects/libmnl/files/"+
+			"libmnl-"+version+".tar.bz2",
+		mustDecode(checksum),
+		pkg.TarBzip2,
+	), &PackageAttr{
+		Patches: []KV{
+			{"libbsd-sys-queue", `diff --git a/examples/netfilter/nfct-daemon.c b/examples/netfilter/nfct-daemon.c
+index d223ac2..a7878d0 100644
+--- a/examples/netfilter/nfct-daemon.c
++++ b/examples/netfilter/nfct-daemon.c
+@@ -20,7 +20,7 @@
+ #include <linux/netfilter/nfnetlink.h>
+ #include <linux/netfilter/nfnetlink_conntrack.h>
+ 
+-#include <sys/queue.h>
++#include <bsd/sys/queue.h>
+ 
+ struct nstats {
+ 	LIST_ENTRY(nstats)	list;
+`},
+		},
+	}, &MakeHelper{
+		Configure: []KV{
+			{"enable-static"},
+		},
+	},
+		Libbsd,
+		KernelHeaders,
+	), version
+}
+func init() {
+	artifactsM[Libmnl] = Metadata{
+		f: Toolchain.newLibmnl,
+
+		Name:        "libmnl",
+		Description: "a minimalistic user-space library oriented to Netlink developers",
+		Website:     "https://www.netfilter.org/projects/libmnl/",
+
+		ID: 1663,
+	}
+}
+
+func (t Toolchain) newLibnftnl() (pkg.Artifact, string) {
+	const (
+		version  = "1.3.1"
+		checksum = "A6EFNv2TbOcjcsXX2hQ-pKsF5FvlSh-BNEf9LrgnVH4nDjcv6NbtyHkTriz9kIEu"
+	)
+	return t.NewPackage("libnftnl", version, pkg.NewHTTPGet(
+		nil, "https://www.netfilter.org/projects/libnftnl/files/"+
+			"libnftnl-"+version+".tar.xz",
+		mustDecode(checksum),
+	), &PackageAttr{
+		SourceKind: SourceKindTarXZ,
+
+		Env: []string{
+			"CFLAGS=-D_GNU_SOURCE",
+		},
+	}, &MakeHelper{
+		Configure: []KV{
+			{"enable-static"},
+		},
+	},
+		XZ,
+		PkgConfig,
+
+		Libmnl,
+		KernelHeaders,
+	), version
+}
+func init() {
+	artifactsM[Libnftnl] = Metadata{
+		f: Toolchain.newLibnftnl,
+
+		Name:        "libnftnl",
+		Description: "a userspace library providing a low-level netlink API to the in-kernel nf_tables subsystem",
+		Website:     "https://www.netfilter.org/projects/libnftnl/",
+
+		Dependencies: P{
+			Libmnl,
+		},
+
+		ID: 1681,
+	}
+}
+
+func (t Toolchain) newIPTables() (pkg.Artifact, string) {
+	const (
+		version  = "1.8.13"
+		checksum = "JsNI7dyZHnHLtDkKWAxzAIMZ5t-ff3LkSPqNJsn5VM5Eq2m1bA5NKI-XfMRpQsg6"
+	)
+	return t.NewPackage("iptables", version, pkg.NewHTTPGet(
+		nil, "https://www.netfilter.org/projects/iptables/files/"+
+			"iptables-"+version+".tar.xz",
+		mustDecode(checksum),
+	), &PackageAttr{
+		SourceKind: SourceKindTarXZ,
+
+		ScriptEarly: `
+rm \
+	extensions/libxt_connlabel.txlate \
+	extensions/libxt_conntrack.txlate
+sed -i \
+	's/de:ad:0:be:ee:ff/DE:AD:00:BE:EE:FF/g' \
+	extensions/libebt_dnat.txlate \
+	extensions/libebt_snat.txlate
+`,
+	}, &MakeHelper{
+		Configure: []KV{
+			{"enable-static"},
+		},
+		ScriptCheckEarly: `
+ln -s ../system/bin/bash /bin/
+chmod +w /etc/ && ln -s ../usr/src/iptables/etc/ethertypes /etc/
+		`,
+	},
+		XZ,
+		PkgConfig,
+		Bash,
+		Python,
+
+		Libnftnl,
+		KernelHeaders,
+	), version
+}
+func init() {
+	artifactsM[IPTables] = Metadata{
+		f: Toolchain.newIPTables,
+
+		Name:        "iptables",
+		Description: "the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset",
+		Website:     "https://www.netfilter.org/projects/iptables/",
+
+		Dependencies: P{
+			Libnftnl,
+		},
+
+		ID: 1394,
+	}
+}