We currently build CONFIG_IPV6=m.
This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u
Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).
By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.
People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
Patch copied from https://github.com/archlinux/svntogit-packages/blob/packages/wireguard-dkms/trunk/lts.diff
This fixes:
```
In file included from <command-line>:
/build/source/src/compat/compat-asm.h:44: warning: "SYM_FUNC_START" redefined
44 | #define SYM_FUNC_START ENTRY
|
In file included from /build/source/src/compat/compat-asm.h:9,
from <command-line>:
/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/include/linux/linkage.h:218: note: this is the location of the previous definition
218 | #define SYM_FUNC_START(name) \
|
In file included from <command-line>:
/build/source/src/compat/compat-asm.h:45: warning: "SYM_FUNC_END" redefined
45 | #define SYM_FUNC_END ENDPROC
|
In file included from /build/source/src/compat/compat-asm.h:9,
from <command-line>:
/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/include/linux/linkage.h:265: note: this is the location of the previous definition
265 | #define SYM_FUNC_END(name) \
|
/build/source/src/crypto/zinc/blake2s/blake2s-x86_64.S: Assembler messages:
/build/source/src/crypto/zinc/blake2s/blake2s-x86_64.S:50: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/blake2s/blake2s-x86_64.S:176: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/blake2s/blake2s-x86_64.S:180: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/blake2s/blake2s-x86_64.S:257: Error: invalid character '(' in mnemonic
make[3]: *** [/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/scripts/Makefile.build:348: /build/source/src/crypto/zinc/blake2s/blake2s-x86_64.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from <command-line>:
/build/source/src/compat/compat-asm.h:44: warning: "SYM_FUNC_START" redefined
44 | #define SYM_FUNC_START ENTRY
|
In file included from /build/source/src/compat/compat-asm.h:9,
from <command-line>:
/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/include/linux/linkage.h:218: note: this is the location of the previous definition
218 | #define SYM_FUNC_START(name) \
|
In file included from <command-line>:
/build/source/src/compat/compat-asm.h:45: warning: "SYM_FUNC_END" redefined
45 | #define SYM_FUNC_END ENDPROC
|
In file included from /build/source/src/compat/compat-asm.h:9,
from <command-line>:
/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/include/linux/linkage.h:265: note: this is the location of the previous definition
265 | #define SYM_FUNC_END(name) \
|
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S: Assembler messages:
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:123: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:185: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:187: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:319: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:1016: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:1616: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:1620: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:1810: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:1812: Error: invalid character '(' in mnemonic
/build/source/src/crypto/zinc/chacha20/chacha20-x86_64.S:1959: Error: invalid character '(' in mnemonic
make[3]: *** [/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/scripts/Makefile.build:348: /build/source/src/crypto/zinc/chacha20/chacha20-x86_64.o] Error 1
make[2]: *** [/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/Makefile:1729: /build/source/src] Error 2
make[1]: *** [/nix/store/cz60577g5hwk78c2z7rhxl21bklaqr0d-linux-5.4.77-dev/lib/modules/5.4.77-hardened/source/Makefile:179: sub-make] Error 2
make: *** [Makefile:26: module] Error 2
builder for '/nix/store/hll3sjyrwa55arzlsxnbacqdd8s842l1-wireguard-1.0.20200908.drv' failed with exit code 2
```
sudo the package is not suid, so remove it from the PATH. Extend
PATH with $PATH to fetch sudo from the outer PATH. Move the generation
of `path` in to Nix, so the sed expression can use single quotes,
which prevents $PATH being interpolated at build-time.
This makes curl optional if both remote and importd are disabled, and
makes some assertions more robust by switching from curl.dev != null to
lib.getDev curl != null.
upstreams TODO mentions iptables-dev (libiptc) is also used for nspawn,
but it seems like it only makes use of this via networkd anyways (or
does these days) - at least systemdMinimal compiles successfully without
iptables in the build closure.
This was only used to patch a circular output reference from lib to out
on aarch64, but was removed in b68bddfbda,
This commit forgot to remove perl, so remove it now.
This was introduced in https://github.com/NixOS/nixpkgs/pull/99621, but
didn't follow the process documented in
pkgs/os-specific/linux/systemd/default.nix, namely, the `git am` and
`git format-patch` workflow, which caused
`0019-revert-get-rid-of-seat_can_multi_session.patch` to not apply with
`git am` due to missing authorship information.
I did apply this patch manually, and copied authorship information from
4e384ddc11.
I made a mistake merge. Reverting it in c778945806 undid the state
on master, but now I realize it crippled the git merge mechanism.
As the merge contained a mix of commits from `master..staging-next`
and other commits from `staging-next..staging`, it got the
`staging-next` branch into a state that was difficult to recover.
I reconstructed the "desired" state of staging-next tree by:
- checking out the last commit of the problematic range: 4effe769e2
- `git rebase -i --preserve-merges a8a018ddc0` - dropping the mistaken
merge commit and its revert from that range (while keeping
reapplication from 4effe769e2)
- merging the last unaffected staging-next commit (803ca85c20)
- fortunately no other commits have been pushed to staging-next yet
- applying a diff on staging-next to get it into that state
This reverts commit c778945806.
I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
This reverts commit fb6d63f3fd.
I really hope this finally fixes#99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011
Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
Related:
- 9fc5e7e473
- 593e11fd94
- 508ae42a0f
Since the last time I ran this script, the Repology API changed, so I had to
adapt the script used in the previous PR. The new API should be more robust, so
overall this is a positive (no more grepping the error messages for our relevant
data but just a nice json structure).
Here's the new script I used:
```sh
curl https://repology.org/api/v1/repository/nix_unstable/problems \
| jq -r '.[] | select(.type == "homepage_permanent_https_redirect") | .data | "s@\(.url)@\(.target)@"' \
| sort | uniq | tee script.sed
find -name '*.nix' | xargs -P4 -- sed -f script.sed -i
```
I will also add this script to `maintainers/scripts`.
Update to latest stable version. Changes:
d0f0f048ec sd-path: use ROOTPREFIX without suffixed slash
e662cf6d51 hashmap: make sure to initialize shared hash key atomically
da310c6b45 socket: downgrade log warnings about inability to set socket buffer sizes
ab6fcd9135 core: fix securebits setting
4f6925484d capability-util: add new function for raising setpcap
771436884d network: do not add prefix to RA if radv is not configured
fb2afc5f30 man: document the random delay of persistent timers
b2006ddc8f test-network: add test for ENOBUFS issue #17012
8758580ef5 backlight: do not claim that ID_BACKLIGHT_CLAMP= property is not set
57fc184a6c fs-util,tmpfiles: fix error handling of fchmod_opath()
db0f031e70 bootctl: don't accidentally propagate errors in "bootctl status"
3e2c806681 ethtool-util: don't pass error value that isn't used to log_syntax
b671730edb network: don't fail on various config parse errors
0ad86030c5 man: document that sd_bus_message_close_container() may only be called at end of container
f3da018017 cryptsetup: Fix null pointer dereference (#16987)
6f65eaf9c2 core: fix set keep caps for ambient capabilities
08338a234e core: fix comments on ambient capabilities
f0e6d9876d network: make log_link_error() or friends return void
35766dc61b core: make log_unit_error() or friends return void
3ed10b2ee8 core/slice: explicitly specify return value
2f6406914b udev: do not discard const qualifier
07671aa4cc sd-device: make log_device_error() or friends return void
d4bea73972 udev: explicitly specify return value
7db399be1e udev: return negative errno for invalid EVDEV_ABS_XXX= property
8c8d188e85 udev: make log_rule_error() or friends return void
4921375fd3 socket: fix copy/paste error
0f7fd97749 udev: warn if failed to set buffer size for device monitor
fc763d38d8 network: increase receive buffer size for device monitor
3bf7797f1f network: do not start device monitor if /sys is read-only
ebc0729c6a network: honor the buffer size specified in networkd.socket
ef3d2e178b core/socket: use fd_set_{rcv,snd}buf()
5dd4cc4b10 sd-device-monitor: use fd_set_rcvbuf()
fe9b92e566 util: introduce fd_set_{snd,rcv}buf()
4dcae66688 util: try to set with SO_{RCV,SND}BUFFORCE when requested size is larger than the kernel limit
4b6b523946 util: refuse to set too large value for socket buffer size
b4be8edb45 network: ignore error on increasing netlink receive buffer size
5ce47fb491 tree-wide: if get_block_device() returns zero devno, check for it in all cases
8ea6ec18e7 btrfs: if BTRFS_IOC_DEV_INFO returns /dev/root generate a friendly error message
e1ff4947d2 basic/log: make log_{info,warning,...} return void
8019995e9a tree-wide: correct cases where return log_{error,warning} is used without value
932f4c3e8b test-execute/exec-dynamicuser-statedir.service: fix quoting
16b9426f70 man: fix quickhelp listing in sysusers.d(5)
bde903d9e9 network: fix NDisc handling for the case when multiple routers exist
c965063b64 network: expose route_{hash,compare}_func()
6d24a40669 network: expose address_{hash,compare}_func()
054838a2e0 util: expose in6_addr_{hash,compare}_func()
58bd4a70de network: fixes gateway assignment through DHCPv4
8ad5382fe3 bash-completion: resolvectl: support 'log-level' command
a98bd75072 resolvectl: add 'log-level' to help message
78262fe807 core/socket: we may get ENOTCONN from socket_instantiate_service()
fecb3f00c4 homed: remember the secret even when the for_state is FIXATING_FOR_ACQUIRE
- This is fetched from a different URL, so allow passing that explicitly.
- There also isn't an nvidia-persistenced or nvidia-settings release for
this version, so use 450.57 instead. Also implement passing
persistenced and settings version explicitly.
Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
required a bit of an overhaul to ensure we're compiling against *this*
kernel's headers, not those in glibc which are presumably from some other
random kernel version.
would be nice to update to a more recent version, the build of this tool
reportedly got broken soon after this release.
