The primary concern here is probably that iptables uses functions
that in glibc still require the dynamic library at runtime. However,
for my usage of iptables, I have never actually run into this situation,
and even if I did, I'd rather switch libcs (though I may be in the
minority there). Nevertheless, I think it would be useful to have
this option available for those wanting a statically linked iptables.
Signed-off-by: Keno Fischer <keno@xxxxxxxxxxxxxxxxxx>
---
configure.ac | 10 ++++++++++
iptables/Makefile.am | 6 ++++++
2 files changed, 16 insertions(+)
diff --git a/configure.ac b/configure.ac
index 6ae63f8..a787de9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -67,6 +67,9 @@ AC_ARG_ENABLE([connlabel],
AS_HELP_STRING([--disable-connlabel],
[Do not build libnetfilter_conntrack]),
[enable_connlabel="$enableval"], [enable_connlabel="yes"])
+AC_ARG_ENABLE([static_executables],
+ AS_HELP_STRING([--enable-static-executables], [Statically link executables against libc]),
+ [enable_static_executables="$enableval"], [enable_static_executables="no"])
libiptc_LDFLAGS2="";
AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
@@ -100,6 +103,7 @@ fi;
AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>])
AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"])
+AM_CONDITIONAL([ENABLE_STATIC_EXECUTABLES], [test "$enable_static_executables" = "yes"])
AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"])
AM_CONDITIONAL([ENABLE_IPV4], [test "$enable_ipv4" = "yes"])
AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"])
@@ -111,6 +115,11 @@ AM_CONDITIONAL([ENABLE_SYNCONF], [test "$enable_nfsynproxy" = "yes"])
AM_CONDITIONAL([ENABLE_NFTABLES], [test "$enable_nftables" = "yes"])
AM_CONDITIONAL([ENABLE_CONNLABEL], [test "$enable_connlabel" = "yes"])
+if test "x$enable_static_executables" = "xyes" && test "x$enable_static" != "xyes"; then
+ echo "*** Error: --enable-static-executables without --enable-static. ***"
+ exit 1
+fi
+
if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
fi
@@ -262,6 +271,7 @@ Iptables Configuration:
Build parameters:
Put plugins into executable (static): ${enable_static}
+ Build static executables (static-executables): ${enable_static_executables}
Support plugins via dlopen (shared): ${enable_shared}
Installation prefix (--prefix): ${prefix}
Xtables extension directory: ${e_xtlibdir}
diff --git a/iptables/Makefile.am b/iptables/Makefile.am
index f92cc4f..5c3edec 100644
--- a/iptables/Makefile.am
+++ b/iptables/Makefile.am
@@ -12,6 +12,9 @@ xtables_multi_LDADD = ../extensions/libext.a
if ENABLE_STATIC
xtables_multi_CFLAGS += -DALL_INCLUSIVE
endif
+if ENABLE_STATIC_EXECUTABLES
+xtables_multi_LDFLAGS = ${AM_LDFLAGS} -all-static
+endif
if ENABLE_IPV4
xtables_multi_SOURCES += iptables-save.c iptables-restore.c \
iptables-standalone.c iptables.c
@@ -36,6 +39,9 @@ xtables_compat_multi_LDADD = ../extensions/libext.a ../extensions/libext_ebt.
if ENABLE_STATIC
xtables_compat_multi_CFLAGS += -DALL_INCLUSIVE
endif
+if ENABLE_STATIC_EXECUTABLES
+xtables_compat_multi_LDFLAGS = ${AM_LDFLAGS} -all-static
+endif
xtables_compat_multi_CFLAGS += -DENABLE_NFTABLES -DENABLE_IPV4 -DENABLE_IPV6
xtables_compat_multi_SOURCES += xtables-config-parser.y xtables-config-syntax.l
xtables_compat_multi_SOURCES += xtables-save.c xtables-restore.c \
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
