iptables-1.2.9-r3 ebuild fails to compile with the following errors: gcc -O3 -march=athlon-tbird -mcpu=athlon-tbird -pipe -fomit-frame-pointer -fno-stack-protector -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_recent_sh.o -c extensions/libipt_recent.c In file included from include/libiptc/libiptc.h:6, from include/iptables.h:5, from extensions/libipt_recent.c:8: /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX' /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined make: *** [extensions/libipt_recent_sh.o] Error 1 gcc -O3 -march=athlon-tbird -mcpu=athlon-tbird -pipe -fomit-frame-pointer -fno-stack-protector -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_recent_sh.o -c extensions/libipt_recent.c In file included from include/libiptc/libiptc.h:6, from include/iptables.h:5, from extensions/libipt_recent.c:8: /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX' /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined make: *** [extensions/libipt_recent_sh.o] Error 1 However, it still keeps on the emerge process and strips and installs whatever it seems to have at the moment. The previous version of iptables was unmerged following this and this results in no firewall running on my server now. Reproducible: Always Steps to Reproduce: 1.emerge -va iptables 2.wait 3.realize that /sbin/iptables is missing, re-emerge and pay more attention. Actual Results: I was left without /sbin/iptables since the program was not built. However, the portage process did not stop even though make returned an error. Expected Results: Not necessarily have compiled correctly, but portage should have stopped when make returned 1. Portage 2.0.50-r8 (default-x86-2004.0, gcc-3.3.3, glibc-2.3.3.20040420-r0, 2.6.7-gentoo-r6) =============================================================== == System uname: 2.6.7-gentoo-r6 i686 AMD Athlon(tm) Processor Gentoo Base System version 1.4.16 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r3 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -march=athlon-tbird -mcpu=athlon-tbird -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/ qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=athlon-tbird -mcpu=athlon-tbird -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox strict userpriv usersandbox" GENTOO_MIRRORS="ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://mirror.datapipe.net/ gentoo http://mirror.datapipe.net/gentoo ftp://mirrors.sec.informatik.tu-darmstadt.de/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl apm arts avi berkdb crypt encode foomaticdb gd gdbm gif gpm gtk2 imap imlib jpeg jpg libg++ libwww mad mikmod motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdf pdflib perl png python quicktime readline sdl slang spell ssl svga tcpd truetype x86 xml2 xmms xv zlib"
Created attachment 34384 [details, diff] patch against gentoo-dev-sources-2.6.7-r6 I've attached a kernel patch that solve the problem. I will pass this patch to gentoo-dev-sources maintainer for a future fix.
This fix was posted on the forums and it works for me. "Fix for 2.6.7-gentoo-r6: copy over ip_tables.h from /usr/include to /usr/src.. cp /usr/include/linux/netfilter_ipv4/ip_tables.h \ /usr/src/linux/include/linux/netfilter_ipv4/ If you use ipv6, you must copy the netfilter_ipv6/ip6_tables.h to usr/src..foo/netfilter_ipv6/ as well. And I guess for arp_tables works the same. I'm not using ARP tables." http://forums.gentoo.org/viewtopic.php?t=186688
It's still very bad that the ebuild carries on to install despite the fact that make install fails. Wouldn't it be better to make install || die?
*** Bug 55516 has been marked as a duplicate of this bug. ***
net-firewall/iptables-1.2.9-r3 was just marked x86 - even though this problem still exists.
ditto here, copying /usr/include/linux/netfilter_ipv4/ip_tables.h into /usr/src/linux/include/linux/netfilter_ipv4/ let all the binary stuff build running gentoo-dev-sources-2.6.7-r6 here as well.
Only kernel 2.6.7 seems to be affected. 'ln -sf /usr/src/linux-2.6.6 /usr/src/linux' did the trick for me. May I suggest, as a quick fix, to at least use 'make ... || die' all over the place?
Created attachment 34413 [details, diff] Patch against iptables-1.2.9-r3.ebuild to use "|| die"
Same here on amd64.
copying the file: cp /usr/include/linux/netfilter_ipv4/ip_tables.h /usr/src/linux/include/linux/netfilter_ipv4/ worked for me
The kernel patch worked like a charm on my end. Applied cleanly as well. What bugged me the most was not the fact that iptables did not run, but that the ebuilt did not die; at this point.
*** Bug 55632 has been marked as a duplicate of this bug. ***
"|| die" did not stop "installing" iptables-1.2.9-r3 without the binary /sbin/iptables with kernel sources 2.6.7. I linked /usr/src/linux against linux-2.6.6 and now compilation and install of binaries works fine.
It is enough to just remove the /usr/src/linux link and iptables do compile well against kernel headers in /usr/include/... instead.
Please try iptables-1.2.9-r4