kanata: init at 1.0.5

[jian-lin]

Description of changes

https://github.com/jtroo/kanata

Closes #179096

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[jian-lin]

cc @guy-who-googles

[jian-lin]

About the coding style, let's hear from more people.

[jian-lin]

Thanks. Changes have been made.

[jian-lin]

Another question: kanata can run command if cmd feature is enabled, which is not by default. Should we enable it at compile time?

Quoting the author from release notes:

(The cmd feature) is restricted behind conditional compilation because I consider the action to be a security risk that should be explicitly opted into and completely forbidden by default

However, even if cmd feature is enabled at compile time, to actually use this feature, a flag needs to be enabled in the config file.
IMO, for simplicity, we can enable the cmd feature at compile time(, which I have not done in this pr).

What do you think?

[azahi]

Should we enable it at compile time?

Looks like it just creates an additional binary called kanata_cmd_enabled. I see nothing wrong with just adding the flag by default.

You can also add an additional boolean as an input, something like { cmd ? false }, and modify compilation flags depending on its value. That way a user can easily override the package if that functionality is needed.

[SuperSandro2000]

However, even if cmd feature is enabled at compile time, to actually use this feature, a flag needs to be enabled in the config file.
IMO, for simplicity, we can enable the cmd feature at compile time(, which I have not done in this pr).

Then I would just enable it by default.

[jtroo]

I think cmd should be disabled by default and enabled if desired to ensure safe defaults for users.

Here's a hypothetical scenario. A less technical user of kanata may ask for help somewhere random or download a kanata configuration from somewhere random. This untrusted config file could have cmd enabled and have a key do a curl command to do a download and then execute malware. The less technical user probably has no need for the cmd feature and may not know that they should have compiled kanata without the cmd feature.

[jian-lin]

A less technical user may ... download a kanata configuration from somewhere random

IMHO, nixpkgs users are not that less technical in general. But more security is also good.

I'm fine with both decisions.

Another question: if we gate cmd behind an option like enableCmd, is it worth providing another package in all-packages.nix like kanata-with-cmd = callPackage ../tools/system/kanata { enableCmd = true; }?

[jian-lin]

• license is updated.
• cmd feature is gated by withCmd and is disabled by default

[azahi]

Result of nixpkgs-review pr 182358 run on x86_64-linux 1

1 package built:

• kanata

[azahi]

LGTM but I have one tiny nitpick.

[jian-lin]

I add an nixos module for kanata in #182756, you may be interested.