Replace netcat-openbsd with libressl #39634
Conversation
|
Success on x86_64-darwin (full log) Attempted: libressl, netcat-gnu Partial log (click to expand)
|
|
Success on x86_64-linux (full log) Attempted: libressl, netcat-gnu Partial log (click to expand)
|
|
Success on aarch64-linux (full log) Attempted: libressl, netcat-gnu Partial log (click to expand)
|
|
Woohoo! LGTM! Thank you! Looks good w/musl! |
| @@ -11,6 +11,8 @@ let | |||
| inherit sha256; | |||
| }; | |||
|
|
|||
| configureFlags = [ "--enable-nc" ]; | |||
|
|
|||
| enableParallelBuilding = true; | |||
|
|
|||
| outputs = [ "bin" "dev" "out" "man" ]; | |||
There was a problem hiding this comment.
Maybe a separate output for netcat? It feels weird to me that if I install netcat I also get a ssl library.
There was a problem hiding this comment.
Yes i can look into it. My hope was that it would be small enough to not matter though.
There was a problem hiding this comment.
The problem with somethig like this is that it’s not obvious what is in the netcat output. For instance should nc.1 go in man or netcat?
There was a problem hiding this comment.
Everything that belongs to netcat should also go there.
I still feel weird about doing this because it seems a little hacky but this was requested by @Mic92 and seems understandable to not want to mix up libressl outputs with netcat stuff.
|
@matthewbauer: Be sure to note this in the release notes, because this is incompatible with In the meantime, I'm going to fix the hibernate test... |
|
Ok will do! They looked identical when I tried them but thanks for catching that. |
|
Actually if it does really need it, we can probably still apply this patch (with minor modifications): https://sources.debian.org/patches/netcat-openbsd/1.105-7/0006-quit-timer.patch/ Which enables the -q flag. We would definitely want to upstream it to OpenBSD. I strongly dislike Debian's tendency of "patch hording". |
I'm not sure why 024b501 used -q 0 because even netcat-openbsd has the -N flag which IMO is the better way to shutdown the socket on EOF. Our default netcat implementation has changed once again[1] in 3c3b822 and we're now using LibreSSL's implementation, which doesn't have a -q flag. See #39634 for the pull request introducing the switch. [1]: #19982 Signed-off-by: aszlig <aszlig@nix.build> Cc: @matthewbauer, @dtzWill, @Mic92
|
@aszlig Are the Nixpkgs release notes no longer used? I can definitely put the release note in nixos/doc/manual/rl-1809.xml just want to make sure that is the right place. |
|
@matthewbauer: This is mainly a NixOS issue anyway, because |
I'm not sure why 024b501 used -q 0 because even netcat-openbsd has the -N flag which IMO is the better way to shutdown the socket on EOF. Our default netcat implementation has changed once again[1] in 3c3b822 and we're now using LibreSSL's implementation, which doesn't have a -q flag. See NixOS#39634 for the pull request introducing the switch. [1]: NixOS#19982 Signed-off-by: aszlig <aszlig@nix.build> Cc: @matthewbauer, @dtzWill, @Mic92
|
FYI, we tripped over the missing |
|
Note that this makes |
|
Alternatively define a separate derivation for This makes it clearer which version of netcat it actually is, and where netcat is coming from when running |
|
FWIW #101601 - the one from debian appears to be more portable. |
Motivation for this change
Libressl comes with the netcat program. This is much more portable and from the exact same source as Debian's version.
/cc @WilliButz @ookhoi @dtzWill