Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 332175 - net-firewall/iptables- links against /usr/lib
Summary: net-firewall/iptables- links against /usr/lib
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo's Team for Core System packages
Depends on:
Reported: 2010-08-11 05:30 UTC by Eray Aslan
Modified: 2024-02-20 05:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Eray Aslan gentoo-dev 2010-08-11 05:30:42 UTC
As discussed in the URL above, binaries in /sbin should preferably be linking against /lib and not /usr/lib as /usr might not be mounted at boot.

$ ldd /sbin/iptables =>  (0xf57fe000) => /usr/lib/ (0xb77d9000) => /usr/lib/ (0xb77d1000) => /lib/ (0xb77ac000) => /lib/ (0xb7661000) => /lib/ (0xb765d000)
        /lib/ (0xb77e6000)

Giving --libdir=/lib to iptables config script should place the above libraries in lib.

Reproducible: Always
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2010-08-11 07:59:30 UTC
Thank you for report. Fixed in with the following:

@@ -25,6 +25,7 @@
 src_configure() {
 	econf \
 		--sbindir=/sbin \
+		--libdir=/$(get_libdir) \
 		--libexecdir=/$(get_libdir) \
 		--enable-devel \
 		--enable-libipq \
@@ -56,4 +57,10 @@
 		newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
 		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
+	# Remove .la from /lib, keep static archives in /usr/lib
+	find "${D}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+	dodir /usr/$(get_libdir)/
+	mv "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)/ || die "failed to mv static libs"
+	gen_usr_ldscript
Comment 2 SpanKY gentoo-dev 2010-08-11 16:59:20 UTC
that isnt really the way to go about it.  minor: no need to quote plus marks.

it really should keep /usr/lib and then do something like:
gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables

screwing around with linker scripts and static archives is dead
Comment 3 SpanKY gentoo-dev 2010-08-19 21:37:11 UTC
ive dropped all the /usr->/ code and replaced it with just the ldscript func i referred to.  i also restored the .la files since the .pc files dont properly express static dependencies.
Comment 4 Larry the Git Cow gentoo-dev 2024-02-06 22:49:54 UTC
The bug has been referenced in the following commit(s):

commit 4fc9966a33ed4f82e6c10f3dc518326fa1063cde
Author:     Eli Schwartz <>
AuthorDate: 2024-02-06 15:29:48 +0000
Commit:     Sam James <>
CommitDate: 2024-02-06 22:49:31 +0000

    net-firewall/iptables: remove usr-ldscript support
    Per news item 2024-01-05-usr-initramfs, we no longer support this use
    case. It is fragile and hacky and leads to bizarre forms of load errors.
    The functionality is, despite being called "split-usr", not really about
    split-usr at all.
    [sam: Add bug #332175 and bug #498878 ref.]
    Signed-off-by: Eli Schwartz <>
    Signed-off-by: Sam James <>

 .../iptables/{iptables-1.8.9-r1.ebuild => iptables-1.8.9-r2.ebuild}  | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2024-02-20 05:24:57 UTC
The bug has been referenced in the following commit(s):

commit 3e7b22c10763d2352b5770266c755667549e94f9
Author:     Sam James <>
AuthorDate: 2024-02-20 05:21:00 +0000
Commit:     Sam James <>
CommitDate: 2024-02-20 05:21:00 +0000

    net-firewall/iptables: drop usr-ldscript
    Per news item.
    Signed-off-by: Sam James <>

 net-firewall/iptables/iptables-1.8.10-r1.ebuild | 179 ++++++++++++++++++++++++
 1 file changed, 179 insertions(+)