docker-engine: add nftables dependencies

[crazy-max]

ported from:

• Add nftables / libnftables dependencies docker-ce-packaging#1256

relates to https://github.com/docker/packaging/actions/runs/18242560031/job/51946390624#step:7:2360

30.50 # github.com/moby/moby/v2/daemon/libnetwork/internal/nftables
30.50 # [pkg-config --cflags  -- libnftables]
30.50 Package libnftables was not found in the pkg-config search path.
30.50 Perhaps you should add the directory containing `libnftables.pc'
30.50 to the PKG_CONFIG_PATH environment variable
30.50 Package 'libnftables', required by 'virtual:world', not found
67.68 make[1]: Leaving directory '/root/package'
67.68 make[1]: *** [debian/rules:18: override_dh_auto_build] Error 1
67.68 make: *** [debian/rules:70: build] Error 2
67.68 dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

[thaJeztah]

Some quick comments (looks like I didn't look closely at the ce-packaging PR w.r.t. the conditional nftables)

Not a real show-stopper, so I'd be fine to merge as-is (as it looks to match the other PR)

so "LGTM", but happy to hear your thoughts

[thaJeztah]

Maybe we should add a comment why we're skipping it on RHEL (was thinking that later), because RHEL supports it, but it currently requires a subscription to install the required dependencies.

(And, as a further follow-up, we could even consider adding a way to override this, so that it can be built if a subscription is in place)

[crazy-max]

Added comment in https://github.com/docker/packaging/pull/284/files#diff-2eafab85eee78d035c1f1b46aec61fce6d76d11d3002428d91cf5d76eed8ee12R64-R67

[thaJeztah]

Hm.. I now see that we made it optional as well in this case; docker/docker-ce-packaging#1256

Wouldn't shelling out still expect nftables to be present? (Wondering if the conditional Requires was the right choice, or if we just should keep it as Requires unconditionally; in most cases it would already be installed.

We can discuss that with @robmry

Also curious; would these dependencies follow from the RPM spec / package? (as it's listed as Requires in other distros); i.e., could we make use of that, instead of having to manually handle these conditions?

[robmry]

We should just make it a dependency on RHEL too - was going to update the other PR (docker/docker-ce-packaging#1256 (comment)), but can do it as a follow up.

[thaJeztah]

Thanks! Yeah, it was late, so I probably didn't notice it, but looking again, I was thinking the same ❤️

For the "compile time options"; that's definitely more of a "nice to have" follow-up; i.e., have a way to do compile it with the better option (but require a subscription for that). Good for a follow-up, but possibly something we should make a note of somewhere.

[thaJeztah]

Not sure if there's an easy way to detect if an active subscription is present (because in that case, we could make it detect it, and base the compile-time options on that 🤔)

[robmry]

We should just make it a dependency on RHEL too - was going to update the other PR (docker/docker-ce-packaging#1256 (comment)), but can do it as a follow up.

That's done now - docker/docker-ce-packaging#1262