Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 7c15694c29ae
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: d7b3d2d0fdd4
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Aug 4, 2019

  1. nixos/sshguard: create ipsets before starting, and clean up after sto… 

    …pping.

The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.

This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.

This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.

Fixes #65985.
    @danderson
    danderson committed Aug 4, 2019
    Copy the full SHA
    089da1c View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2019

  1. Merge pull request #65995 from danderson/master 

    nixos/sshguard: create ipsets before starting, and clean up after stopping.
    @mmahut
    mmahut committed Aug 19, 2019
    Copy the full SHA
    d7b3d2d View commit details
    Browse the repository at this point in the history