-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
util-linux: 2.39.3 -> 2.40.1 #309805
util-linux: 2.39.3 -> 2.40.1 #309805
Conversation
Security backport for stable: #309808 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the liblastlog2
and pam_lastlog2
dependency on sqlite
always necessary or only for with pamSupport
?
LGTM
If I'm reading correctly, it's possible to build liblastlog2 without building pam_lastlog2. We could add an option to disable it, but I don't know how to decide whether that's worth it. |
For reference, the parallel build is a bit flaky now:
|
Time to switch to Meson? |
It feels late for 24.05. But fortunately adding meson+ninja wouldn't create an eval-time cycle here. |
Reported, also. |
Difficult to know if these actually fix it, since it only happens sometimes. Link: NixOS#309805 (comment) Link: https://lore.kernel.org/util-linux/[email protected]/
Difficult to know if these actually fix it, since it only happens sometimes. Link: #309805 (comment) Link: https://lore.kernel.org/util-linux/[email protected]/ vcunat edit: only apply on some platforms for now, balancing fixes and the amount of rebuild work on Hydra. The rest is picked from PR #311988
And (aarch64-)darwin build regressed on this update with a different error now: https://hydra.nixos.org/build/260146685
|
Oh, that darwin issue would even become a blocker for |
There's also a bug report here: util-linux/util-linux#3011. |
Man, x86_64-darwin sports yet another error:
(IIRC older macOS doesn't provide this function yet) |
Quite a bad luck with this release, and in the last moments before nixpkgs "freeze". |
I really wish OfBorg was capable of getting past LLVM on staging for Darwin… |
If it was so easy, we perhaps wouldn't even need |
It gets most of the way through — we just need to up the timeout a bit, and then I think OfBorg might even be less overloaded, because it wouldn't be wasting so much of its time trying the same futile LLVM builds over and over. |
Maybe we should just roll back to util-linux 2.39.x for now and keep nixpkgs 24.05 that way? (darwin now, linux on the next rebuild) |
Sounds fine. |
We should probably cherry-pick #309808 in that case. |
Perhaps 2.39.4 instead, as it sounds minimal and should contain also that fix |
We're running into multiple issues, so let's be conservative. In particular, this commit should fix *-darwin builds. /cc PR #309805 as this is kind-of reverting it (partially for now)
Ah yes, that sounds good. I missed that. |
For reference, 2.40.1 also broke its static musl build: |
We need this now to fix nixStatic build: https://hydra.nixos.org/build/259722977 /cc PR #309805
That's likely easily fixed by just disabling the PAM plugin on static builds. But is there any point fixing that, even on staging, or will we revert this there as well? |
Right, not now. I've given up on fixing 2.40.x for nixpkgs 24.05. |
I mean what about staging? i.e. post 24.05 |
I guess it'd just cause merge conflicts, since the gradual reversion on staging-next will propagate to staging. So for future reference when we come back to 2.40, here's the diff for static: diff --git i/pkgs/os-specific/linux/util-linux/default.nix w/pkgs/os-specific/linux/util-linux/default.nix
index 642480b670c7..169f8293ae3e 100644
--- i/pkgs/os-specific/linux/util-linux/default.nix
+++ w/pkgs/os-specific/linux/util-linux/default.nix
@@ -6,6 +6,7 @@
, ncursesSupport ? true
, ncurses
, pamSupport ? true
+, pamLastlogSupport ? pamSupport && !stdenv.hostPlatform.isStatic
, pam
, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd
, systemd
@@ -61,6 +62,7 @@ stdenv.mkDerivation rec {
"--disable-makeinstall-setuid" "--disable-makeinstall-chown"
"--disable-su" # provided by shadow
"--with-tmpfilesdir=${placeholder "out"}/lib/tmpfiles.d"
+ (lib.enableFeature pamLastlogSupport "pam-lastlog2")
(lib.enableFeature writeSupport "write")
(lib.enableFeature nlsSupport "nls")
(lib.withFeature ncursesSupport "ncursesw") |
For context: This update also caused a regression with detecting the UUID of some special LUKS devices (maybe only if the LUKS device contains a LVM). I haven't reported this upstream yet, will do later. |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/nixos-24-05-upgrade-no-boot-device/46335/3 |
bcachefs-tools on master needs util-linux/util-linux#3001 to detect my disks correctly, not a huge issue, but worth noting for future potential issues if that makes it in to nixpkgs-unstable before this does. |
We can backport that patch. |
Description of changes
CVE-2024-28085 (low priority since NixOS doesn't make wall setgid by default).
Release notes
Don't see anything looking like a breaking change.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.