~kravietz/snap-nftables

ref: 5619fed8531065d08e29973a9b23f3b0da07e96a snap-nftables/snap/snapcraft.yaml -rw-r--r-- 2.6 KiB
5619fed8Pawel Krawczyk yet another way 1 year, 9 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
---
name: nftables-pk
summary: nftables is the new packet classification framework that replaces iptables
description: |
        Provides the latest version of nft command-line utility with the intention
        of replacing outdated and buggy packages provided by mainline Linux distributions.
        For documentation on how to use nftables see https://wiki.nftables.org/

        If you use snapd older than 2.41 you will need the following after installation:

                snap connect nftables-pk:network-control

        You may want to create a system-wide alias:

                snap alias nftables-pk.nft nft

        Remember to update your nftables scripts to point to /snap/bin/nft and move
        your scripts from /etc/nftables to /var/snap/nftables-pk/common.

        Since this snap is fully confined, configuration files must be placed
        in /var/snap/nftables-pk/common which is mapped to /etc/nftables.
        When you run "nftables -f /etc/nftables/main.conf" it will really look
        for "/var/snap/nftables-pk/common/main.conf".

        More documentation can be found at https://git.sr.ht/~kravietz/snap-nftables
        Report issues https://todo.sr.ht/~kravietz/snap-nftables


# obtain version information from the `nftables` part below
adopt-info: nftables

assumes:
- snapd2.41     # for rt_netlink
- common-data-dir # for config files

license: GPL-3.0
# https://docs.snapcraft.io/channels
grade: stable
confinement: strict
base: core18

# where configuration files need to go https://forum.snapcraft.io/t/snap-layouts/7207
layout:
  /etc/nftables:
    bind: $SNAP_COMMON

parts:
  libnftnl:
    plugin: autotools
    source-type: git
    source: git://git.netfilter.org/libnftnl
    build-packages:
      - build-essential
      - bison
      - flex
      - asciidoc
      - libmnl-dev
      - libgmp-dev
      - libreadline-dev
      - pkg-config

  nftables:
    plugin: autotools
    source-type: git
    source: git://git.netfilter.org/nftables
    # https://forum.snapcraft.io/t/using-external-metadata/4642
    # compile using previously built libnftnl part
    configflags:
        - CFLAGS=-I$SNAPCRAFT_STAGE/include
        - LDFLAGS=-L$SNAPCRAFT_STAGE/lib
    # ensure libnftnl is built first
    after: [libnftnl]
    # set version from git
    override-pull: |
      snapcraftctl pull
      snapcraftctl set-version $(git describe --abbrev=0)

apps:
  nft:
    command: nft
    plugs:
    # https://docs.snapcraft.io/supported-interfaces
    - network           # for netlink interface
    - network-control   # for /etc/iproute2/ files
    - firewall-control  # for actual nftables configuration