-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wireguard-tools: 0.0.20191127 -> 0.0.20191212 #75565
Conversation
The dependencies/wrapped programs should now be "nftables OR iptables". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested on NixOS master and it appears to work fine
@GrahamcOfBorg test wireguard |
Please remember to update the iptables||nftables dependency. @ivan did you approve this prematurely? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
diff LGTM
wireguard-tools executables seem to work
nixos test passes
linuxPackages-libre version is broken on master with same error, I don't consider this a regression
[16 built (1 failed), 30 copied (2281.0 MiB), 1078.0 MiB DL]
error: build of '/nix/store/vdn11nyx66rnkwa5v55gjfysyzzaji6w-env.drv' failed
https://github.com/NixOS/nixpkgs/pull/75565
2 package are marked as broken and were skipped:
linuxPackages_hardkernel_4_14.wireguard linuxPackages_hardkernel_latest.wireguard
1 package failed to build:
linuxPackages_latest-libre.wireguard
14 package were built:
linuxPackages-libre.wireguard linuxPackages.wireguard linuxPackages_4_14.wireguard linuxPackages_4_4.wireguard linuxPackages_4_9.wireguard linuxPackages_5_3.wireguard linuxPackages_5_4.wireguard linuxPackages_hardened.wireguard linuxPackages_latest_hardened.wireguard linuxPackages_latest_xen_dom0.wireguard linuxPackages_testing_bcachefs.wireguard linuxPackages_testing_hardened.wireguard linuxPackages_xen_dom0.wireguard wireguard-tools
Regarding nftables: Nix only has fixed dependencies for packages, there is no either/or without moving the PATH wrapper outside of the package itself. However I don't consider that a practical problem for nftables user on NixOS. If they use the nftables module (https://nixos.org/nixos/options.html#networking.nftables.enable) than they will have |
Motivation for this change
new snapshot: https://lists.zx2c4.com/pipermail/wireguard/2019-December/004764.html
This snapshot includes support for (and prefers) nftables as part of
wg-quck
's CVE-2019-14899 mitigations. I stuck with the existingiptables
integration for the nix package because that's what we use innixos
, but I'm wondering how that interacts withnix
installed on other distributions (e.g Fedora defaults to nftables now)?nix-review wip
passes for all kernels exeptlinux-libre-latest
.Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @elseym @ericsagnes @Mic92 @zx2c4 @globin @Ma27