diff --git a/0001-cr_options-switch-networking-default-backend-to-nfta.patch b/0001-cr_options-switch-networking-default-backend-to-nfta.patch new file mode 100644 index 0000000..f6f5a81 --- /dev/null +++ b/0001-cr_options-switch-networking-default-backend-to-nfta.patch @@ -0,0 +1,32 @@ +From 379373cfd7fc0a5c0541072f82e206b2b5dc10c5 Mon Sep 17 00:00:00 2001 +From: Danish Prakash +Date: Fri, 31 Jan 2025 16:17:45 +0530 +Subject: [PATCH] cr_options: switch networking default backend to nftables + +criu currently defaults to iptables if network locking method isn't +passed on to it down the stack for instance, from podman and crun. In +cases where podman (netavark by extension) used nftables and iptables +isn't installed, checkpoint/restore fails because it tries to use +iptables. + +Signed-off-by: Danish Prakash +--- + criu/include/cr_options.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/criu/include/cr_options.h b/criu/include/cr_options.h +index 60cf9437e638..cd7d24302dd8 100644 +--- a/criu/include/cr_options.h ++++ b/criu/include/cr_options.h +@@ -70,7 +70,7 @@ enum NETWORK_LOCK_METHOD { + NETWORK_LOCK_SKIP, + }; + +-#define NETWORK_LOCK_DEFAULT NETWORK_LOCK_IPTABLES ++#define NETWORK_LOCK_DEFAULT NETWORK_LOCK_NFTABLES + + /* + * Ghost file size we allow to carry by default. +-- +2.46.0 + diff --git a/criu.changes b/criu.changes index d0632b9..3b93de5 100644 --- a/criu.changes +++ b/criu.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jan 31 11:28:53 UTC 2025 - Danish Prakash + +- Build with default nftables support on openSUSE (bsc#1236769) + * 0001-cr_options-switch-networking-default-backend-to-nfta.patch + ------------------------------------------------------------------- Thu Jan 23 15:03:04 UTC 2025 - Takashi Iwai diff --git a/criu.spec b/criu.spec index de72e82..b8ca8df 100644 --- a/criu.spec +++ b/criu.spec @@ -21,6 +21,13 @@ %define make_options USE_ASCIIDOCTOR=1 %endif +# Build criu with nftables default support if available +%if "%{?default_firewall_backend}" == "nftables" + %define prefer_nftables 1 +%else + %define prefer_nftables 0 +%endif + # currently broken with LTO, resulting in segfaults (bsc#1203854) %define _lto_cflags %{nil} @@ -42,11 +49,12 @@ URL: https://criu.org/ Source0: http://github.com/checkpoint-restore/criu/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # To be generated; we keep a static one for building without pip Source1: crit.py -Patch1: criu-py-install-fix.diff -Patch2: 0002-Fix-build-with-nftables-installed-in-different-direc.patch -Patch4: plugin-dir-path.patch -Patch5: criu-ns-python3-shebang.patch -Patch6: vdso-handle-vvar_vclock-vma-s.patch +Patch101: criu-py-install-fix.diff +Patch102: 0002-Fix-build-with-nftables-installed-in-different-direc.patch +Patch104: plugin-dir-path.patch +Patch105: criu-ns-python3-shebang.patch +Patch106: vdso-handle-vvar_vclock-vma-s.patch +Patch201: 0001-cr_options-switch-networking-default-backend-to-nfta.patch BuildRequires: libcap-devel %if %{with_amdgpu_plugin} BuildRequires: libdrm-devel @@ -132,7 +140,16 @@ This package contains all necessary include files and libraries needed to develop applications with CRIU library. %prep -%autosetup -p1 +%setup -q +%autopatch -M 200 -p1 + +%if %{prefer_nftables} +# build with default nftables support on envs +# where nftables is the default firewall backend +# https://github.com/containers/podman/issues/24799 +%patch -P201 -p1 +%endif + # workaround for Leap 15.x %if 0%{?suse_version} < 1600 sed -i -e's/\(^.*-mshstk\)/# \1/' criu/pie/Makefile