[neon/neon/livecd-rootfs/Neon/release] live-build/auto: Change iptables calls, to query rules and quickly check that connectivity works after transparent proxy has been installed. LP: #1917920

Thomas Bechtold null at kde.org
Thu Oct 28 12:37:16 BST 2021 

Git commit 3d65dbb7673251864b3c7262069a9f02eb9e9178 by Thomas Bechtold, on behalf of Dimitri John Ledkov.
Committed on 28/09/2021 at 11:48.
Pushed by jriddell into branch 'Neon/release'.

Change iptables calls, to query rules and quickly check that connectivity works after transparent proxy has been installed. LP: #1917920

(cherry picked from commit 1cd8fe14b70e98220c519d679217737672ee9019)

M  +16   -1    live-build/auto/build

https://invent.kde.org/neon/neon/livecd-rootfs/commit/3d65dbb7673251864b3c7262069a9f02eb9e9178

diff --git a/live-build/auto/build b/live-build/auto/build
index fc456919..d44b1a8a 100755
--- a/live-build/auto/build
+++ b/live-build/auto/build
@@ -35,6 +35,18 @@ run_iptables () {
     kver="${kver#*.}"
     kver_minor="${kver%%.*}"
 
+
+    # LP: #1917920
+    # I'm seeing issues after iptables got upgraded from 1.8.5 to
+    # 1.8.7 Somehow installing our nat rule doesn't get activated, and
+    # no networking is happening at all.
+
+    # But somehow calling both iptables -S makes things start working.
+    # Maybe no default chains are installed in our network namespace?!
+    # Or 1.8.7 is somehow broken?
+    iptables -v -t nat -S
+    iptables-legacy -v -t nat -S
+
     if [ "$kver_major" -lt 4 ] || \
        ([ "$kver_major" = 4 ] && [ "$kver_minor" -lt 15 ]); then
         iptables-legacy "$@"
@@ -52,7 +64,7 @@ if [ -n "$REPO_SNAPSHOT_STAMP" ]; then
     apt-get -qyy install iptables
 
     # Redirect all outgoing traffic to port 80 to proxy instead.
-    run_iptables -t nat -A OUTPUT -p tcp --dport 80 \
+    run_iptables -v -t nat -A OUTPUT -p tcp --dport 80 \
         -m owner ! --uid-owner daemon -j REDIRECT --to 8080
 
     # Run proxy as "daemon" to avoid infinite loop.
@@ -65,6 +77,9 @@ if [ -n "$REPO_SNAPSHOT_STAMP" ]; then
         --pid-file=config/magic-proxy.pid \
         --background \
         --setsid
+
+    # Quick check that magic proxy & iptables chains are working
+    timeout 3m apt-get update
 fi
 
 # Link output files somewhere launchpad-buildd will be able to find them.

More information about the Neon-commits mailing list