[Buildroot] [PATCH v2 1/1] package/connman: bump to 1.38
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Thu Feb 27 22:08:46 UTC 2020
Hello Petr,
Thanks for this new version!
On Thu, 27 Feb 2020 21:15:53 +0100
Petr Vorel <petr.vorel at gmail.com> wrote:
> Add choice for either iptables or nftables as firewall types.
> Add option to enable/disable wireguard support.
> This release requires libmnl (if WireGuard enabled).
>
> Signed-off-by: Petr Vorel <petr.vorel at gmail.com>
I think this really needs to be split into several commits: version
bump, iptables/nftables selection, wireguard support. Each logical
change should be in a separate commit.
> diff --git a/package/connman/Config.in b/package/connman/Config.in
> index 30eae23c96..5e4ac8bb7d 100644
> --- a/package/connman/Config.in
> +++ b/package/connman/Config.in
> @@ -8,7 +8,6 @@ config BR2_PACKAGE_CONNMAN
> depends on !BR2_TOOLCHAIN_USES_MUSL # missing res_ninit()
> select BR2_PACKAGE_DBUS
> select BR2_PACKAGE_LIBGLIB2
> - select BR2_PACKAGE_IPTABLES
> help
> The Connection Manager (ConnMan) project provides a daemon
> for managing internet connections within embedded devices
> @@ -18,10 +17,39 @@ config BR2_PACKAGE_CONNMAN
>
> if BR2_PACKAGE_CONNMAN
>
> +choice
> + prompt "Firewall type"
> + default BR2_PACKAGE_CONNMAN_IPTABLES
> + help
> + Select which firewall type is used.
> +
> +config BR2_PACKAGE_CONNMAN_IPTABLES
> + bool "iptables"
> + select BR2_PACKAGE_IPTABLES
> + help
> + Use iptables as firewall.
> +
> +config BR2_PACKAGE_CONNMAN_NFTABLES
> + bool "nftables"
> + select BR2_PACKAGE_NFTABLES
This needs:
depends on BR2_USE_WCHAR
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12
> + help
> + Use nftables as firewall.
> +endchoice
> +
> config BR2_PACKAGE_CONNMAN_ETHERNET
> bool "enable Ethernet support"
> default y
>
> +config BR2_PACKAGE_CONNMAN_WIREGUARD
> + bool "enable WireGuard support"
> + select BR2_PACKAGE_LIBMNL
> + select BR2_PACKAGE_WIREGUARD_LINUX_COMPAT
I don't think you should select this. Indeed, this is only needed if
you use an "older" kernel which doesn't have upstream support for
Wireguard. With a very recent kernel (Linux 5.6+),
wireguard-linux-compat should not be used.
> + select BR2_PACKAGE_WIREGUARD_TOOLS
> + help
> + Enable WiFi support (scan and static/dhcp interface
> + setup). ConnMan detects the start of wpa_supplicant
> + automatically.
This help text seems weird to document wireguard support :-)
> -CONNMAN_VERSION = 1.37
> +CONNMAN_VERSION = 1.38
> CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz
> CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman
> CONNMAN_DEPENDENCIES = libglib2 dbus iptables
> @@ -13,19 +13,25 @@ CONNMAN_LICENSE = GPL-2.0
> CONNMAN_LICENSE_FILES = COPYING
> CONNMAN_CONF_OPTS += \
> --with-dbusconfdir=/etc \
> + $(if $(BR2_PACKAGE_CONNMAN_BLUETOOTH),--enable-bluetooth,--disable-bluetooth) \
> $(if $(BR2_PACKAGE_CONNMAN_DEBUG),--enable-debug,--disable-debug) \
> $(if $(BR2_PACKAGE_CONNMAN_ETHERNET),--enable-ethernet,--disable-ethernet) \
> - $(if $(BR2_PACKAGE_CONNMAN_WIFI),--enable-wifi,--disable-wifi) \
> - $(if $(BR2_PACKAGE_CONNMAN_WISPR),--enable-wispr,--disable-wispr) \
> - $(if $(BR2_PACKAGE_CONNMAN_BLUETOOTH),--enable-bluetooth,--disable-bluetooth) \
> + $(if $(BR2_PACKAGE_CONNMAN_IPTABLES),--with-firewall=iptables) \
> $(if $(BR2_PACKAGE_CONNMAN_LOOPBACK),--enable-loopback,--disable-loopback) \
> $(if $(BR2_PACKAGE_CONNMAN_NEARD),--enable-neard,--disable-neard) \
> + $(if $(BR2_PACKAGE_CONNMAN_NFTABLES),--with-firewall=nftables) \
> $(if $(BR2_PACKAGE_CONNMAN_OFONO),--enable-ofono,--disable-ofono) \
> + $(if $(BR2_PACKAGE_CONNMAN_WIFI),--enable-wifi,--disable-wifi) \
> + $(if $(BR2_PACKAGE_CONNMAN_WIREGUARD),--enable-wireguard,--disable-wireguard) \
> + $(if $(BR2_PACKAGE_CONNMAN_WISPR),--enable-wispr,--disable-wispr) \
> $(if $(BR2_INIT_SYSTEMD),--with-systemdunitdir=/usr/lib/systemd/system)
You're doing some spurious changes here, like doing alphabetic
ordering. This is good, but do it in a separate patch.
Also I think this method of splitting CONF_OPTS and DEPENDENCIES is not
great, and is not the typical way we use in Buildroot.
We normally prefer:
ifeq ($(feature),y)
pkg_CONF_OPTS += --enable-feature
pkg_DEPENDENCIES += some-other-pkg
else
pkg_CONF_OPTS += --disable-feature
endif
Perhaps we should convert connman.mk to that logic as a preparation
patch.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list