diff --git a/deb/common/control b/deb/common/control index ca820a86c4..64f5a9f660 100644 --- a/deb/common/control +++ b/deb/common/control @@ -11,6 +11,7 @@ Build-Depends: bash, gcc, git, libc-dev, + libnftables-dev, libsystemd-dev, libtool, make, @@ -26,6 +27,7 @@ Pre-Depends: init-system-helpers (>= 1.54~) Depends: containerd.io (>= 1.7.27), docker-ce-cli, iptables, + nftables, ${shlibs:Depends} Recommends: apparmor, ca-certificates, diff --git a/rpm/Makefile b/rpm/Makefile index f38a3c8d8b..e78a033e32 100644 --- a/rpm/Makefile +++ b/rpm/Makefile @@ -92,6 +92,11 @@ centos: $(CENTOS_RELEASES) ## build all centos rpm packages .PHONY: rhel rhel: $(RHEL_RELEASES) ## build all rhel rpm packages +# The nftables-devel package is only available in RHEL CRB. For now, build +# with tag "no_libnftables", so dockerd will exec the nft tool, and this +# package is not required. Note that this '--define' is also hard-coded in +# each of the rhel-*/Dockerfile files. +$(RHEL_RELEASES): RPMBUILD_EXTRA_FLAGS += --define '_no_libnftables true' .PHONY: $(DISTROS) $(DISTROS): sources diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index a584679c70..39fa401225 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -25,6 +25,11 @@ Requires: iptables-nft %else Requires: iptables %endif +%if %{undefined _no_libnftables} +# When dockerd is not linked against libnftables, the nftables package +# is not a hard requirement. +Requires: nftables +%endif %if %{undefined rhel} || 0%{?rhel} < 9 # Libcgroup is no longer available in RHEL/CentOS >= 9 distros. Requires: libcgroup @@ -40,6 +45,9 @@ BuildRequires: gcc BuildRequires: git BuildRequires: glibc-static BuildRequires: libtool +%if %{undefined _no_libnftables} +BuildRequires: nftables-devel +%endif BuildRequires: make BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) diff --git a/rpm/rhel-10/Dockerfile b/rpm/rhel-10/Dockerfile index e25866ddc0..0cff537a35 100644 --- a/rpm/rhel-10/Dockerfile +++ b/rpm/rhel-10/Dockerfile @@ -31,7 +31,7 @@ ENV GOPATH=/go ENV GOTOOLCHAIN=local ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin ENV AUTO_GOPATH=1 -ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs +ENV DOCKER_BUILDTAGS="exclude_graphdriver_btrfs no_libnftables" ARG DISTRO ARG SUITE ENV DISTRO=${DISTRO} @@ -39,7 +39,7 @@ ENV SUITE=${SUITE} RUN dnf install -y rpm-build COPY --link SPECS /root/rpmbuild/SPECS -RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec +RUN dnf builddep --define '_no_libnftables true' -y /root/rpmbuild/SPECS/*.spec COPY --link --from=golang /usr/local/go /usr/local/go WORKDIR /root/rpmbuild ENTRYPOINT ["/bin/rpmbuild"] diff --git a/rpm/rhel-8/Dockerfile b/rpm/rhel-8/Dockerfile index 99bb7492c8..1fbdff1192 100644 --- a/rpm/rhel-8/Dockerfile +++ b/rpm/rhel-8/Dockerfile @@ -31,7 +31,7 @@ ENV GOPATH=/go ENV GOTOOLCHAIN=local ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin ENV AUTO_GOPATH=1 -ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs +ENV DOCKER_BUILDTAGS="exclude_graphdriver_btrfs no_libnftables" ARG DISTRO ARG SUITE ENV DISTRO=${DISTRO} @@ -39,7 +39,7 @@ ENV SUITE=${SUITE} RUN dnf install -y rpm-build COPY --link SPECS /root/rpmbuild/SPECS -RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec +RUN dnf builddep --define '_no_libnftables true' -y /root/rpmbuild/SPECS/*.spec COPY --link --from=golang /usr/local/go /usr/local/go WORKDIR /root/rpmbuild ENTRYPOINT ["/bin/rpmbuild"] diff --git a/rpm/rhel-9/Dockerfile b/rpm/rhel-9/Dockerfile index 9266d750ce..b602a1ce2c 100644 --- a/rpm/rhel-9/Dockerfile +++ b/rpm/rhel-9/Dockerfile @@ -31,7 +31,7 @@ ENV GOPATH=/go ENV GOTOOLCHAIN=local ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin ENV AUTO_GOPATH=1 -ENV DOCKER_BUILDTAGS=exclude_graphdriver_btrfs +ENV DOCKER_BUILDTAGS="exclude_graphdriver_btrfs no_libnftables" ARG DISTRO ARG SUITE ENV DISTRO=${DISTRO} @@ -39,7 +39,7 @@ ENV SUITE=${SUITE} RUN dnf install -y rpm-build COPY --link SPECS /root/rpmbuild/SPECS -RUN dnf builddep -y /root/rpmbuild/SPECS/*.spec +RUN dnf builddep --define '_no_libnftables true' -y /root/rpmbuild/SPECS/*.spec COPY --link --from=golang /usr/local/go /usr/local/go WORKDIR /root/rpmbuild ENTRYPOINT ["/bin/rpmbuild"]