[scarthgap,7/8] iptables: remove /etc/ethertypes

Message ID	a970b6c927fb4c04473484f6e4b0a9853c8a5896.1761596406.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.175, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 7/8] iptables: remove /etc/ethertypes Date: Tue, 28 Oct 2025 06:46:17 -0700 Message-ID: <a970b6c927fb4c04473484f6e4b0a9853c8a5896.1761596406.git.steve@sakoman.com> In-Reply-To: <cover.1761596406.git.steve@sakoman.com> References: <cover.1761596406.git.steve@sakoman.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	[scarthgap,1/8] libpam: mark CVE-2025-6018 as not applicable \| expand [scarthgap,1/8] libpam: mark CVE-2025-6018 as not applicable [scarthgap,2/8] expat: patch CVE-2025-59375 [scarthgap,3/8] elfutils: Fix CVE-2025-1376 [scarthgap,4/8] elfutils: Fix CVE-2025-1377 [scarthgap,5/8] flex: fix build with gcc-15 on host [scarthgap,6/8] gstreamer1.0-plugins-bad: fix buffer allocation fail for v4l2codecs [scarthgap,7/8] iptables: remove /etc/ethertypes [scarthgap,8/8] curl: only set CA bundle in target build

Message ID

a970b6c927fb4c04473484f6e4b0a9853c8a5896.1761596406.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 7/8] iptables: remove /etc/ethertypes
Date: Tue, 28 Oct 2025 06:46:17 -0700
Message-ID: 
 <a970b6c927fb4c04473484f6e4b0a9853c8a5896.1761596406.git.steve@sakoman.com>
In-Reply-To: <cover.1761596406.git.steve@sakoman.com>
References: <cover.1761596406.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

[scarthgap,1/8] libpam: mark CVE-2025-6018 as not applicable | expand

Commit Message

Steve Sakoman Oct. 28, 2025, 1:46 p.m. UTC

From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

When building an image including iptable built with the libnftnl
PACKAGECONFIG, one hits

Downloading file:.../oe-rootfs-repo/armv8a/libkmod2 * check_data_file_clashes: Package iptables wants to install file .../rootfs/etc/ethertypes
        But that file is already provided by package  * netbase

This used to be handled by
0003-Makefile.am-do-not-install-etc-ethertypes.patch, but that patch
got removed with the 1.8.9->1.8.10 upgrade (commit 4616ada82e70).

I think the rationale for dropping the patch was wrong; the commit log
talks about xtables.conf, which is indeed gone from upstream, but said
patch didn't change anything about xtables.conf, it did

-dist_conf_DATA        = etc/ethertypes etc/xtables.conf
+dist_conf_DATA        = etc/xtables.conf

However, instead of patching iptables to not install ethertypes, and
having to forward-port that patch, it is much simpler to just remove
the file in this do_install:append.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@baylibre.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/iptables/iptables_1.8.10.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-extended/iptables/iptables_1.8.10.bb b/meta/recipes-extended/iptables/iptables_1.8.10.bb
index f1ee1efe28..8a1f823dc1 100644
--- a/meta/recipes-extended/iptables/iptables_1.8.10.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.10.bb
@@ -78,6 +78,8 @@  do_install:append() {
         ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables 
         ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables-save
         ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables-restore
+        # ethertypes is provided by the netbase package
+        rm -f ${D}${sysconfdir}/ethertypes
     fi
 }

[scarthgap,7/8] iptables: remove /etc/ethertypes

Commit Message

Patch