Skip to content

Comments

anubis: init at 1.14.2#391924

Merged
GaetanLepage merged 1 commit intoNixOS:masterfrom
knightpp:add-anubis
Mar 22, 2025
Merged

anubis: init at 1.14.2#391924
GaetanLepage merged 1 commit intoNixOS:masterfrom
knightpp:add-anubis

Conversation

@knightpp
Copy link
Member

@knightpp knightpp commented Mar 21, 2025
edited
Loading

Anubis is an HTTP reverse proxy designed to block malicious clients. See https://github.com/TecharoHQ/anubis/.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Mar 21, 2025
Defelo
Defelo reviewed Mar 21, 2025
View reviewed changes
Copy link
Member

@Defelo Defelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also v1.14.0 has just been released

@knightpp knightpp changed the title anubis: init at 1.13.0 anubis: init at 1.14.0 Mar 21, 2025
@knightpp knightpp requested a review from Defelo March 21, 2025 21:02
@Defelo
Copy link
Member

Defelo commented Mar 21, 2025

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 391924

Logs: https://github.com/Defelo/nixpkgs-review-gha/actions/runs/14000991304

Download packages from cache:
  • x86_64-linux 
    nix-store -r --add-root nixpkgs-pr-391924-x86_64-linux \
  --option binary-caches 'https://cache.nixos.org/ https://attic.defelo.de/nixpkgs' \
  --option trusted-public-keys '
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  nixpkgs:xeaAWa3crK09hMmFiygBeRmLq3hUjUShgaAwYVUEtw0=
  ' \
  /nix/store/ir6klnfc2122j9fn9ya8qj4wq4bd2mv1-anubis-1.14.0
  • aarch64-linux 
    nix-store -r --add-root nixpkgs-pr-391924-aarch64-linux \
  --option binary-caches 'https://cache.nixos.org/ https://attic.defelo.de/nixpkgs' \
  --option trusted-public-keys '
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  nixpkgs:xeaAWa3crK09hMmFiygBeRmLq3hUjUShgaAwYVUEtw0=
  ' \
  /nix/store/mscm54miv5bljq92nyzdpklzn6anpyc9-anubis-1.14.0

x86_64-linux

✅ 1 package built:
  • anubis

aarch64-linux

✅ 1 package built:
  • anubis

x86_64-darwin

❌ 1 package failed to build:
  • anubis

aarch64-darwin

❌ 1 package failed to build:
  • anubis

@Xe
Copy link
Contributor

Xe commented Mar 22, 2025

Make sure you upgrade to v1.14.2 to fix GHSA-2c93-xxqg-54gm.

@soopyc soopyc mentioned this pull request Mar 22, 2025
Merged
13 tasks
@knightpp knightpp changed the title anubis: init at 1.14.0 anubis: init at 1.14.2 Mar 22, 2025
@knightpp
Copy link
Member Author

knightpp commented Mar 22, 2025

fixed darwin build

isabelroses
isabelroses approved these changes Mar 22, 2025
View reviewed changes
Copy link
Member

@isabelroses isabelroses left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 391924

x86_64-linux

✅ 1 package built:
  • anubis

aarch64-darwin

✅ 1 package built:
  • anubis

@isabelroses isabelroses added the 12.approvals: 1 This PR was reviewed and approved by one person. label Mar 22, 2025
Defelo
Defelo reviewed Mar 22, 2025
View reviewed changes
pkgs/by-name/an/anubis/package.nix
"-X=github.com/TecharoHQ/anubis.Version=v${finalAttrs.version}"
]
++ lib.optionals stdenv.hostPlatform.isLinux [
"-extldflags=-static"
Copy link
Member

@Defelo Defelo Mar 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really necessary? At least on x86_64-linux the build also succeeds without this flag and the exact same binary is produced.

Copy link
Member Author

@knightpp knightpp Mar 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure. Since CGO is enabled by default, I think it is unnecessary, but the upstream builds with it https://github.com/TecharoHQ/anubis/blob/main/.ko.yaml#L12

Copy link
Member

@Defelo Defelo Mar 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, if upstream adds this flag, we can probably just keep it

@Defelo
Copy link
Member

Defelo commented Mar 22, 2025

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 391924

Logs: https://github.com/Defelo/nixpkgs-review-gha/actions/runs/14010729669

Download packages from cache:
  • x86_64-linux 
    nix-store -r --add-root nixpkgs-pr-391924-x86_64-linux \
  --option binary-caches 'https://cache.nixos.org/ https://attic.defelo.de/nixpkgs' \
  --option trusted-public-keys '
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  nixpkgs:xeaAWa3crK09hMmFiygBeRmLq3hUjUShgaAwYVUEtw0=
  ' \
  /nix/store/lc27bhhv08qv1yw1cr86snyp26j203wz-anubis-1.14.2
  • aarch64-linux 
    nix-store -r --add-root nixpkgs-pr-391924-aarch64-linux \
  --option binary-caches 'https://cache.nixos.org/ https://attic.defelo.de/nixpkgs' \
  --option trusted-public-keys '
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  nixpkgs:xeaAWa3crK09hMmFiygBeRmLq3hUjUShgaAwYVUEtw0=
  ' \
  /nix/store/vavm2z76km8znsa263is2cpag518jbw5-anubis-1.14.2
  • x86_64-darwin 
    nix-store -r --add-root nixpkgs-pr-391924-x86_64-darwin \
  --option binary-caches 'https://cache.nixos.org/ https://attic.defelo.de/nixpkgs' \
  --option trusted-public-keys '
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  nixpkgs:xeaAWa3crK09hMmFiygBeRmLq3hUjUShgaAwYVUEtw0=
  ' \
  /nix/store/brjapr208bhan7gwicj44a05pkrmnr20-anubis-1.14.2
  • aarch64-darwin 
    nix-store -r --add-root nixpkgs-pr-391924-aarch64-darwin \
  --option binary-caches 'https://cache.nixos.org/ https://attic.defelo.de/nixpkgs' \
  --option trusted-public-keys '
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  nixpkgs:xeaAWa3crK09hMmFiygBeRmLq3hUjUShgaAwYVUEtw0=
  ' \
  /nix/store/vfr5bx4sdqgz5f87b0ihvmgchzvild66-anubis-1.14.2

x86_64-linux

✅ 1 package built:
  • anubis

aarch64-linux

✅ 1 package built:
  • anubis

x86_64-darwin

✅ 1 package built:
  • anubis

aarch64-darwin

✅ 1 package built:
  • anubis

Defelo
Defelo approved these changes Mar 22, 2025
View reviewed changes
Copy link
Member

@Defelo Defelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested on x86_64-linux

@Defelo Defelo added 8.has: package (new) This PR adds a new package 12.approvals: 2 This PR was reviewed and approved by two persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Mar 22, 2025
soopyc
soopyc approved these changes Mar 22, 2025
View reviewed changes
Copy link
Member

@soopyc soopyc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested working on x86_64-linux

@soopyc soopyc added 12.approvals: 3+ This PR was reviewed and approved by three or more persons. and removed 12.approvals: 2 This PR was reviewed and approved by two persons. labels Mar 22, 2025
GaetanLepage
GaetanLepage reviewed Mar 22, 2025
View reviewed changes
@GaetanLepage GaetanLepage merged commit 1b86a60 into NixOS:master Mar 22, 2025
30 of 31 checks passed
@knightpp knightpp deleted the add-anubis branch July 16, 2025 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Defelo Defelo Defelo approved these changes

@GaetanLepage GaetanLepage GaetanLepage approved these changes

@isabelroses isabelroses isabelroses approved these changes

+1 more reviewer

@soopyc soopyc soopyc approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 12.approvals: 3+ This PR was reviewed and approved by three or more persons.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@knightpp @Defelo @Xe @soopyc @GaetanLepage @isabelroses