Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: c694e77ab790
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 7fa7bf2fdac7
Choose a head ref
  • 5 commits
  • 6 files changed
  • 1 contributor

Commits on Nov 18, 2020

  1. nixos: openstack: have its own metadata fetcher expression

    These two APIs have diverged over time and are no longer compatible.
    grahamc committed Nov 18, 2020
    Copy the full SHA
    21339b4 View commit details
    Browse the repository at this point in the history

Commits on Nov 19, 2020

  1. nixos: ec2 ami: support IMDSv2

    AWS's metadata service has two versions. Version 1 allowed plain HTTP
    requests to get metadata. However, this was frequently abused when a
    user could trick an AWS-hosted server in to proxying requests to the
    metadata service. Since the metadata service is frequently used to
    generate AWS access keys, this is pretty gnarly. Version two is
    identical except it requires the caller to request a token and provide
    it on each request.
    
    Today, starting a NixOS AMI in EC2 where the metadata service is
    configured to only allow v2 requests fails: the user's SSH key is not
    placed, and configuration provided by the user-data is not applied.
    The server is useless. This patch addresses that.
    
    Note the dependency on curl is not a joyful one, and it expand the
    initrd by 30M. However, see the added comment for more information
    about why this is needed. Note the idea of using `echo` and `nc` are
    laughable. Don't do that.
    grahamc committed Nov 19, 2020
    Copy the full SHA
    83ea88e View commit details
    Browse the repository at this point in the history
  2. nixos ami: preflight the imds token

    According to Freenode's ##AWS, the metadata server can sometimes
    take a few moments to get its shoes on, and the very first boot
    of a machine can see failed requests for a few moments.
    grahamc committed Nov 19, 2020
    Copy the full SHA
    f2cfecd View commit details
    Browse the repository at this point in the history
  3. Copy the full SHA
    0d87ce6 View commit details
    Browse the repository at this point in the history
  4. Merge pull request #104193 from grahamc/ec2-metadata-imdsv2

    NixOS EC2 AMI: Support IMDSv2
    grahamc committed Nov 19, 2020
    Copy the full SHA
    7fa7bf2 View commit details
    Browse the repository at this point in the history