From c44bb2f1094125028a461a6f048824242933a047 Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Date: Fri, 6 Dec 2024 19:02:15 +0400
Subject: [PATCH] fix: install iptables-nft to the host

These are used by CNI plugins.

Fixes #9883

See https://github.com/siderolabs/pkgs/pull/1106

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
---
 Dockerfile                      | 12 ++++++++++++
 Makefile                        |  6 +++++-
 pkg/machinery/gendata/data/pkgs |  2 +-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f1278f01339..93375e6982a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,6 +23,8 @@ ARG PKG_IPTABLES=scratch
 ARG PKG_IPXE=scratch
 ARG PKG_LIBINIH=scratch
 ARG PKG_LIBJSON_C=scratch
+ARG PKG_LIBMNL=scratch
+ARG PKG_LIBNFTNL=scratch
 ARG PKG_LIBPOPT=scratch
 ARG PKG_LIBSEPOL=scratch
 ARG PKG_LIBSELINUX=scratch
@@ -92,6 +94,12 @@ FROM --platform=arm64 ${PKG_LIBINIH} AS pkg-libinih-arm64
 FROM --platform=amd64 ${PKG_LIBJSON_C} AS pkg-libjson-c-amd64
 FROM --platform=arm64 ${PKG_LIBJSON_C} AS pkg-libjson-c-arm64
 
+FROM --platform=amd64 ${PKG_LIBMNL} AS pkg-libmnl-amd64
+FROM --platform=arm64 ${PKG_LIBMNL} AS pkg-libmnl-arm64
+
+FROM --platform=amd64 ${PKG_LIBNFTNL} AS pkg-libnftnl-amd64
+FROM --platform=arm64 ${PKG_LIBNFTNL} AS pkg-libnftnl-arm64
+
 FROM --platform=amd64 ${PKG_LIBPOPT} AS pkg-libpopt-amd64
 FROM --platform=arm64 ${PKG_LIBPOPT} AS pkg-libpopt-arm64
 
@@ -683,6 +691,8 @@ COPY --link --from=pkg-libcap-amd64 / /rootfs
 COPY --link --from=pkg-iptables-amd64 / /rootfs
 COPY --link --from=pkg-libinih-amd64 / /rootfs
 COPY --link --from=pkg-libjson-c-amd64 / /rootfs
+COPY --link --from=pkg-libmnl-amd64 / /rootfs
+COPY --link --from=pkg-libnftnl-amd64 / /rootfs
 COPY --link --from=pkg-libpopt-amd64 / /rootfs
 COPY --link --from=pkg-liburcu-amd64 / /rootfs
 COPY --link --from=pkg-libsepol-amd64 / /rootfs
@@ -757,6 +767,8 @@ COPY --link --from=pkg-libcap-arm64 / /rootfs
 COPY --link --from=pkg-iptables-arm64 / /rootfs
 COPY --link --from=pkg-libinih-arm64 / /rootfs
 COPY --link --from=pkg-libjson-c-arm64 / /rootfs
+COPY --link --from=pkg-libmnl-arm64 / /rootfs
+COPY --link --from=pkg-libnftnl-arm64 / /rootfs
 COPY --link --from=pkg-libpopt-arm64 / /rootfs
 COPY --link --from=pkg-liburcu-arm64 / /rootfs
 COPY --link --from=pkg-libsepol-arm64 / /rootfs
diff --git a/Makefile b/Makefile
index 29b92d96153..428e8bf3ef6 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,7 @@ TOOLS ?= ghcr.io/siderolabs/tools:v1.10.0-alpha.0
 DEBUG_TOOLS_SOURCE := scratch
 
 PKGS_PREFIX ?= ghcr.io/siderolabs
-PKGS ?= v1.10.0-alpha.0-3-g71003a3
+PKGS ?= v1.10.0-alpha.0-4-g9cf35be
 EXTRAS ?= v1.9.0
 
 KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
@@ -43,6 +43,8 @@ PKG_IPTABLES ?= $(PKGS_PREFIX)/iptables:$(PKGS)
 PKG_IPXE ?= $(PKGS_PREFIX)/ipxe:$(PKGS)
 PKG_LIBINIH ?= $(PKGS_PREFIX)/libinih:$(PKGS)
 PKG_LIBJSON_C ?= $(PKGS_PREFIX)/libjson-c:$(PKGS)
+PKG_LIBMNL ?= $(PKGS_PREFIX)/libmnl:$(PKGS)
+PKG_LIBNFTNL ?= $(PKGS_PREFIX)/libnftnl:$(PKGS)
 PKG_LIBPOPT ?= $(PKGS_PREFIX)/libpopt:$(PKGS)
 PKG_LIBSEPOL ?= $(PKGS_PREFIX)/libsepol:$(PKGS)
 PKG_LIBSELINUX ?= $(PKGS_PREFIX)/libselinux:$(PKGS)
@@ -219,6 +221,8 @@ COMMON_ARGS += --build-arg=PKG_IPTABLES=$(PKG_IPTABLES)
 COMMON_ARGS += --build-arg=PKG_IPXE=$(PKG_IPXE)
 COMMON_ARGS += --build-arg=PKG_LIBINIH=$(PKG_LIBINIH)
 COMMON_ARGS += --build-arg=PKG_LIBJSON_C=$(PKG_LIBJSON_C)
+COMMON_ARGS += --build-arg=PKG_LIBMNL=$(PKG_LIBMNL)
+COMMON_ARGS += --build-arg=PKG_LIBNFTNL=$(PKG_LIBNFTNL)
 COMMON_ARGS += --build-arg=PKG_LIBSEPOL=$(PKG_LIBSEPOL)
 COMMON_ARGS += --build-arg=PKG_LIBSELINUX=$(PKG_LIBSELINUX)
 COMMON_ARGS += --build-arg=PKG_PCRE2=$(PKG_PCRE2)
diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs
index 1f85969cd23..c3288f988db 100644
--- a/pkg/machinery/gendata/data/pkgs
+++ b/pkg/machinery/gendata/data/pkgs
@@ -1 +1 @@
-v1.10.0-alpha.0-3-g71003a3
\ No newline at end of file
+v1.10.0-alpha.0-4-g9cf35be
\ No newline at end of file