From 83bed4367e76e9003479a8d7bd5cbee080d80017 Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Mon, 3 Jun 2024 12:35:49 +0200 Subject: [PATCH] rpm: Don't default to nftables on existing distros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrea Bolognani Reviewed-by: Daniel P. Berrangé --- libvirt.spec.in | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 4381dbe30c..5ca7b95e6c 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -205,6 +205,18 @@ %define with_modular_daemons 1 %endif +# Prefer nftables for future OS releases but keep using iptables +# for existing ones +%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41 + %define prefer_nftables 1 + %define firewall_backend_priority nftables,iptables +%else + %define prefer_nftables 0 + %define firewall_backend_priority iptables,nftables +%endif + + + # Force QEMU to run as non-root %define qemu_user qemu %define qemu_group qemu @@ -592,7 +604,7 @@ Summary: Network driver plugin for the libvirtd daemon Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} Requires: dnsmasq >= 2.41 - %if 0%{?rhel} >= 10 || 0%{?fedora} >= 41 + %if %{prefer_nftables} Requires: nftables %else Requires: iptables @@ -1387,7 +1399,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec) %{?enable_werror} \ -Dexpensive_tests=enabled \ -Dinit_script=systemd \ - -Dfirewall_backend_priority=nftables,iptables \ + -Dfirewall_backend_priority=%{firewall_backend_priority} \ -Ddocs=enabled \ -Dtests=enabled \ -Drpath=disabled \