Merge pull request #147516 from pennae/dhcpcd

dhcpcd: 8.1.4 -> 9.4.1, module updates, enable privsep
2021-12-20 14:44:58 +01:00 · 2021-12-20 14:44:58 +01:00 · d5b0e12d9b
commit d5b0e12d9b
parent a7c2c3fc68 971adf24eb
2 changed files with 28 additions and 15 deletions
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@ -207,13 +207,20 @@ in

        serviceConfig =
          { Type = "forking";
-            PIDFile = "/run/dhcpcd.pid";
+            PIDFile = "/run/dhcpcd/pid";
+            RuntimeDirectory = "dhcpcd";
            ExecStart = "@${dhcpcd}/sbin/dhcpcd dhcpcd --quiet ${optionalString cfg.persistent "--persistent"} --config ${dhcpcdConf}";
            ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind";
            Restart = "always";
          };
      };

+    users.users.dhcpcd = {
+      isSystemUser = true;
+      group = "dhcpcd";
+    };
+    users.groups.dhcpcd = {};
+
    environment.systemPackages = [ dhcpcd ];

    environment.etc."dhcpcd.exit-hook".source = exitHook;
--- a/pkgs/tools/networking/dhcpcd/default.nix
+++ b/pkgs/tools/networking/dhcpcd/default.nix
@ -1,15 +1,21 @@
-{ lib, stdenv, fetchurl, fetchpatch, pkg-config, udev, runtimeShellPackage,
-runtimeShell }:
+{ lib
+, stdenv
+, fetchurl
+, pkg-config
+, udev
+, runtimeShellPackage
+, runtimeShell
+, nixosTests
+, enablePrivSep ? true
+}:

 stdenv.mkDerivation rec {
-  # when updating this to >=7, check, see previous reverts:
-  # nix-build -A nixos.tests.networking.scripted.macvlan.x86_64-linux nixos/release-combined.nix
  pname = "dhcpcd";
-  version = "8.1.4";
+  version = "9.4.1";

  src = fetchurl {
    url = "mirror://roy/${pname}/${pname}-${version}.tar.xz";
-    sha256 = "0gf1qif25wy5lffzw39pi4sshmpxz1f4a1m9sglj7am1gaix3817";
+    sha256 = "sha256-gZNXY07+0epc9E7AGyTT0/iFL+yLQkmSXcxWZ8VON2w=";
  };

  nativeBuildInputs = [ pkg-config ];
@ -22,19 +28,17 @@ stdenv.mkDerivation rec {
    substituteInPlace hooks/dhcpcd-run-hooks.in --replace /bin/sh ${runtimeShell}
  '';

-  patches = [
-    (fetchpatch {
-      name = "?id=114870290a8d3d696bc4049c32eef3eed03d6070";
-      url = "https://roy.marples.name/git/dhcpcd/commitdiff_plain/114870290a8d3d696bc4049c32eef3eed03d6070";
-      sha256 = "0kzpwjh2gzvl5lvlnw6lis610p67nassk3apns68ga2pyxlky8qb";
-    })
-  ];
-
  preConfigure = "patchShebangs ./configure";

  configureFlags = [
    "--sysconfdir=/etc"
    "--localstatedir=/var"
+  ]
+  ++ lib.optionals enablePrivSep [
+    "--enable-privsep"
+    # dhcpcd disables privsep if it can't find the default user,
+    # so we explicitly specify a user.
+    "--privsepuser=dhcpcd"
  ];

  makeFlags = [ "PREFIX=${placeholder "out"}" ];
@ -46,6 +50,8 @@ stdenv.mkDerivation rec {
  # Check that the udev plugin got built.
  postInstall = lib.optionalString (udev != null) "[ -e ${placeholder "out"}/lib/dhcpcd/dev/udev.so ]";

+  passthru.tests = { inherit (nixosTests.networking.scripted) macvlan dhcpSimple dhcpOneIf; };
+
  meta = with lib; {
    description = "A client for the Dynamic Host Configuration Protocol (DHCP)";
    homepage = "https://roy.marples.name/projects/dhcpcd";