So the iptables version of my package requires ipset (specifically the Makefile lists dependencies +ipset +iptables +kmod-ipt-ipset). When trying to build the package, I've been getting this persistent error:
ERROR: package/network/utils/ipset failed to build
With -j1 V=s, it showed this error:
Invalid kernel source directory [somepath]
This is for target x86, subtarget either 'generic' or 'x86-64' (tried both). Building on x86-64 CPU. I did successfully update and install the feeds, then built tools and toolchain. I didn't change anything in menuconfig, besides the target and the subtarget (and selecting my package). The nftables version of the package builds fine (it doesn't list any kernel modules as dependencies though, only firewall4).
The build system is cloned from Github, branch v23.05.3
Now I discovered that if I run 'make' first (which takes a long while) then ipset builds without an issue. Is there some dependency which is not getting built without running the full make? Is this how it is supposed to be?
I'd bet on the kernel not being compiled when you call make just on your package. You can run a make target/linux/compile I believe. That would build just the kernel.
A bit off topic, an iptables version of an OpenWrt package is not worth the effort as it would be for older EOL versions 21.02 or earlier and you would not get it merged.
There are some "luddite" types that strip out all signs of nftables from current versions because they have "always used iptables and it is better".
If you produced an iptables version for them, with iptables as a dependency, you will end up with iptables-zzz-legacy installed and that can cause all sorts of issues if fw4 is still present and break other iptables packages that use iptables-nft for compatability.
Another off topic potential issue, if you need auto-population of ipset by dnsmasq, this is not supported in OpenWrt 23.05 onwards.
I'm far from a luddite (nice term btw) but I dislike the whole 'upgrade-or-die' culture. From my perspective, a user of an older version of an OS is as good of a user as anybody else. Besides, when speaking of embedded devices which perform an important function and may be somewhat tricky to configure, many people don't want to flush new firmware. Currently I'm providing ipk packages from my Github repo, so whether it will get merged or not, it is there for people who need it.
If you produced an iptables version for them, with iptables as a dependency, you will end up with iptables-zzz-legacy installed and that can cause all sorts of issues if fw4 is still present and break other iptables packages that use iptables-nft for compatability.
I suppose it is possible to specify in the Makefile what the package is incompatible with to make opkg refuse to install it when firewall4 is present? If so, I'll specify that.
Another off topic potential issue, if you need auto-population of ipset by dnsmasq, this is not supported in OpenWrt 23.05 onwards.
My project aims for wide compatibility with almost any Linux device, so it avoids unnecessary dependencies. It implements its own method of populating ipsets (and nftables sets).
Now my question still stands (not necessarily directed at you @Borromini ): isn't the build system supposed to know that a built kernel is a dependency for ipset or kmod-ipt-ipset (not sure which one triggers the issue)?