New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace netcat-openbsd with libressl #39634
Replace netcat-openbsd with libressl #39634
Conversation
Success on x86_64-darwin (full log) Attempted: libressl, netcat-gnu Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: libressl, netcat-gnu Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: libressl, netcat-gnu Partial log (click to expand)
|
Woohoo! LGTM! Thank you! Looks good w/musl! |
@@ -11,6 +11,8 @@ let | |||
inherit sha256; | |||
}; | |||
|
|||
configureFlags = [ "--enable-nc" ]; | |||
|
|||
enableParallelBuilding = true; | |||
|
|||
outputs = [ "bin" "dev" "out" "man" ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe a separate output for netcat? It feels weird to me that if I install netcat I also get a ssl library.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes i can look into it. My hope was that it would be small enough to not matter though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem with somethig like this is that it’s not obvious what is in the netcat output. For instance should nc.1 go in man or netcat?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything that belongs to netcat should also go there.
I still feel weird about doing this because it seems a little hacky but this was requested by @Mic92 and seems understandable to not want to mix up libressl outputs with netcat stuff.
@matthewbauer: Be sure to note this in the release notes, because this is incompatible with In the meantime, I'm going to fix the hibernate test... |
Ok will do! They looked identical when I tried them but thanks for catching that. |
Actually if it does really need it, we can probably still apply this patch (with minor modifications): https://sources.debian.org/patches/netcat-openbsd/1.105-7/0006-quit-timer.patch/ Which enables the -q flag. We would definitely want to upstream it to OpenBSD. I strongly dislike Debian's tendency of "patch hording". |
I'm not sure why 024b501 used -q 0 because even netcat-openbsd has the -N flag which IMO is the better way to shutdown the socket on EOF. Our default netcat implementation has changed once again[1] in 3c3b822 and we're now using LibreSSL's implementation, which doesn't have a -q flag. See #39634 for the pull request introducing the switch. [1]: #19982 Signed-off-by: aszlig <aszlig@nix.build> Cc: @matthewbauer, @dtzWill, @Mic92
@aszlig Are the Nixpkgs release notes no longer used? I can definitely put the release note in nixos/doc/manual/rl-1809.xml just want to make sure that is the right place. |
@matthewbauer: This is mainly a NixOS issue anyway, because |
I'm not sure why 024b501 used -q 0 because even netcat-openbsd has the -N flag which IMO is the better way to shutdown the socket on EOF. Our default netcat implementation has changed once again[1] in 3c3b822 and we're now using LibreSSL's implementation, which doesn't have a -q flag. See NixOS#39634 for the pull request introducing the switch. [1]: NixOS#19982 Signed-off-by: aszlig <aszlig@nix.build> Cc: @matthewbauer, @dtzWill, @Mic92
FYI, we tripped over the missing |
Note that this makes
|
Alternatively define a separate derivation for
This makes it clearer which version of netcat it actually is, and where netcat is coming from when running |
FWIW #101601 - the one from debian appears to be more portable. |
Motivation for this change
Libressl comes with the netcat program. This is much more portable and from the exact same source as Debian's version.
/cc @WilliButz @ookhoi @dtzWill