Trying to build iptables 1.4.6 using the 2.6.33 linux-headers fails: In file included from libipt_ECN.c:17:0: ../include/linux/netfilter_ipv4/ipt_ECN.h:11:43: fatal error: linux/netfilter_ipv4/ipt_DSCP.h: No such file or directory compilation terminated. make[2]: *** [libipt_ECN.o] Error 1 Indeed, ipt_DSCP.h is not installed by the 2.6.33 headers package (and in general it looks like there are far fewer headers in the netfilter_ipv4 directory in the 2.6.33 vs 2.6.30 header install). Downgrading to the (stable) 2.6.30-r1 headers package fixes the issue. Reproducible: Always Portage 2.1.8.3 (default/linux/amd64/10.0/desktop, gcc-4.5.0, glibc-2.10.1-r1, 2.6.33-gentoo-1 x86_64) ================================================================= System uname: Linux-2.6.33-gentoo-1-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q6600_@_2.40GHz-with-gentoo-2.0.1 Timestamp of tree: Tue, 08 Jun 2010 07:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p37 dev-java/java-config: 2.1.10 dev-lang/python: 2.4.6, 2.6.5-r2, 3.1.2-r3 dev-python/pycrypto: 2.1.0 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.65 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1 sys-devel/gcc: 3.4.6-r2, 4.1.2, 4.3.4, 4.4.3-r2, 4.5.0 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA dlj-1.1" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -O2 -pipe -momit-leaf-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=core2 -O2 -pipe -momit-leaf-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests ccache distlocks fixpackages news nostrip parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://chi-10g-1-mirror.fastsoft.net/pub/linux/gentoo/gentoo-distfiles/" LANG="C" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/java-overlay /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa amarok amd64 bash-completion berkdb branding bzip2 cairo cdr cli consolekit cracklib crypt cups cxx dbus doc dri dts dvd dvdr dvdread emacs encode exif fam firefox flac fortran gdbm gmp gtk hal iconv ipod jpeg lcms libnotify mad mbox mmx mng modules mp3 mp4 mpeg mudflap multilib ncurses nls nptl nptlonly offensive ogg opengl openmp pam pango pcre pdf perl png ppds python qt3support qt4 readline reflection sdl session spell spl sqlite sse sse2 sse3 ssl ssse3 startup-notification svg sysfs tcpd threads tiff truetype unicode usb vorbis webkit x264 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_default authn_file authz_groupfile authz_host authz_owner authz_user autoindex cache deflate dir env expires ext_filter file_cache filter headers imagemap include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif so status suexec unique_id userdir usertrack vhost_alias fastcgi" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Hello JAck, can you please attach the complete build.log? Thanks
Created attachment 234731 [details] iptables-1.4.6 build log Build log attached. BTW, #s on the headers: 2.6.30: ls /usr/include/linux/netfilter_ipv4 | wc -l 46 2.6.33: ls /usr/include/linux/netfilter_ipv4 | wc -l 14
not a bug in linux-headers. this is what upstream linux wants.
It looks like this was fixed upstream in January: https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=350661a6eb089f3e54e67e022db9e16ea280499f So 1.4.7 and 1.4.8 should be OK, though I haven't tested. Perhaps a version mask is all that is required here.
and 1.4.7 is in the tree already (for months at this point)
How is this invalid? 1.4.6 still doesn't build
you're breaking the system by mixing and matching stable and unstable
And setting a DEPEND for !sys-kernel/linux-headers>=2.6.33 is that hard?
we track two sets of trees synced to each other. issues like this dont come up when things are tracked correctly. by the time the kernel headers stabilize, iptables would stabilize as well. so yes, it is a waste of time because fixing one of these encourages people to find & file more.
vapier: Having stable iptables NOT compile on a system that's otherwise ~arch system would be a good reason to have that blocker added.
no, it isnt
Mike, I don't think it's hard to add such code to make people happy, so I've added it. But in general I agree this bug is INVALID: it's impossible to track stable/unstable matching and with this fix I'm not going event to pretend that something was improved in the tree. New packages enter ~arch on daily basis and similar breakages exist all over the tree and it's completely impossible to track them. That said, if users provide solution - I tend to apply it. Also note this fix will die very soon since I'm going to fill stabilization request for 1.4.8 as soon as time comes...
i'm not inclined to even let a trickle in so as to avoid encouraging more. think this is a good idea ? then i look forward to the people running stable packages with unstable gcc and filing bugs about those too. it's a terrible idea and the reason we have trackers/stabilization bugs in the first place. but i'm not going to take it so far as to revert your changes to iptables if you were so inclined to spend the time to make it.
BTW, it might be useful to update the documentation to mention that mixing stable and unstable 'breaks the system'. http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3&chap=3 for instance simply describes how to do it with zero caveats.
Jack, open a new bug for our documentation team to consider. I'm not sure that they'll add this since there is cation about ~arch in handbook, but IMO separate sentence about mixing could be given too. In any case this bug is not a place for such requests since we are not working on documentation. thanks.
