Install iptables-nft early on during image generation

ChimeraOS · Jun 17, 2024 · a6d587b · a6d587b
1 parent d88b670
commit a6d587b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/build-image.sh b/build-image.sh
@@ -114,6 +114,14 @@ rm -rf /var/cache/pacman/pkg
 pacman --noconfirm -U --overwrite '*' /extra_pkgs/*
 rm -rf /var/cache/pacman/pkg
 
+# Install the new iptables
+# See https://gitlab.archlinux.org/archlinux/packaging/packages/iptables/-/issues/1
+# Since base package group adds iptables by default
+# pacman will ask for confirmation to replace that package
+# but the default answer is no.
+# doing yes | pacman omitting --noconfirm is a necessity 
+yes | pacman -S iptables-nft
+
 # enable services
 systemctl enable ${SERVICES}
 

diff --git a/manifest b/manifest
@@ -267,9 +267,6 @@ export FILES_TO_DELETE="\
 "
 
 postinstallhook() {
-	# use nftables instead of the deprecated iptables
-	yes | pacman -S iptables-nft
-
 	# Add sudo permissions
 	sed -i '/%wheel ALL=(ALL:ALL) ALL/s/^# //g' /etc/sudoers
 	echo "${USERNAME} ALL=(ALL) NOPASSWD: /usr/bin/dmidecode -t 11