From 3018849cc8ab5bdd24332ebd39e64e4e971231fe Mon Sep 17 00:00:00 2001 From: Dorian Date: Sun, 19 Apr 2026 09:01:59 -0400 Subject: [PATCH] =?UTF-8?q?fix(iso):=20add=20clang/libclang/nftables=20dep?= =?UTF-8?q?s=20=E2=80=94=20rustables=20gateway=20feature=20uses=20bindgen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 5th ISO attempt died in rustables's build.rs (which uses bindgen to wrap libnftnl) with "couldn't find any valid shared libraries matching: libclang". bindgen requires libclang.so at build time to parse C headers. rustables also needs libnftnl-dev + libmnl-dev for the actual wrappers. Added to the fips-builder stage apt install line. Co-Authored-By: Claude Opus 4.7 (1M context) --- image-recipe/build-auto-installer-iso.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh index b23bf633..735ee04d 100755 --- a/image-recipe/build-auto-installer-iso.sh +++ b/image-recipe/build-auto-installer-iso.sh @@ -249,13 +249,16 @@ if [ ! -f "$ROOTFS_TAR" ] || [ "$1" == "--rebuild" ]; then # we don't want to ship an ISO that silently skips FIPS. FROM rust:1-slim-bookworm AS fips-builder ENV DEBIAN_FRONTEND=noninteractive -# libdbus-1-dev and libssl-dev added because jmcorgan/fips upstream -# now links against dbus + openssl (observed 2026-04-19 rebuild). The -# .pc files need to be present at pkg-config time or the cargo build -# panics in libdbus-sys's build.rs. +# Build deps tracked as upstream fips adds transitive native deps: +# - libdbus-1-dev: libdbus-sys (observed 2026-04-19 rebuild) +# - libssl-dev: openssl dependencies +# - libnftnl-dev, libmnl-dev, clang, libclang-dev: rustables → +# bindgen (the gateway feature enables rustables for nftables +# integration). bindgen panics without libclang.so. RUN apt-get update && apt-get install -y --no-install-recommends \\ git ca-certificates build-essential pkg-config dpkg-dev \\ libdbus-1-dev libssl-dev \\ + clang libclang-dev libnftnl-dev libmnl-dev \\ && rm -rf /var/lib/apt/lists/* RUN cargo install --locked cargo-deb RUN git clone --depth 1 https://github.com/jmcorgan/fips.git /src/fips