Merge pull request #147516 from pennae/dhcpcd

dhcpcd: 8.1.4 -> 9.4.1, module updates, enable privsep

authored by Franz Pletz and committed by GitHub d5b0e12d a7c2c3fc

+28 -15
+8 -1
nixos/modules/services/networking/dhcpcd.nix
··· 207 207 208 208 serviceConfig = 209 209 { Type = "forking"; 210 - PIDFile = "/run/dhcpcd.pid"; 210 + PIDFile = "/run/dhcpcd/pid"; 211 + RuntimeDirectory = "dhcpcd"; 211 212 ExecStart = "@${dhcpcd}/sbin/dhcpcd dhcpcd --quiet ${optionalString cfg.persistent "--persistent"} --config ${dhcpcdConf}"; 212 213 ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind"; 213 214 Restart = "always"; 214 215 }; 215 216 }; 217 + 218 + users.users.dhcpcd = { 219 + isSystemUser = true; 220 + group = "dhcpcd"; 221 + }; 222 + users.groups.dhcpcd = {}; 216 223 217 224 environment.systemPackages = [ dhcpcd ]; 218 225
+20 -14
pkgs/tools/networking/dhcpcd/default.nix
··· 1 - { lib, stdenv, fetchurl, fetchpatch, pkg-config, udev, runtimeShellPackage, 2 - runtimeShell }: 1 + { lib 2 + , stdenv 3 + , fetchurl 4 + , pkg-config 5 + , udev 6 + , runtimeShellPackage 7 + , runtimeShell 8 + , nixosTests 9 + , enablePrivSep ? true 10 + }: 3 11 4 12 stdenv.mkDerivation rec { 5 - # when updating this to >=7, check, see previous reverts: 6 - # nix-build -A nixos.tests.networking.scripted.macvlan.x86_64-linux nixos/release-combined.nix 7 13 pname = "dhcpcd"; 8 - version = "8.1.4"; 14 + version = "9.4.1"; 9 15 10 16 src = fetchurl { 11 17 url = "mirror://roy/${pname}/${pname}-${version}.tar.xz"; 12 - sha256 = "0gf1qif25wy5lffzw39pi4sshmpxz1f4a1m9sglj7am1gaix3817"; 18 + sha256 = "sha256-gZNXY07+0epc9E7AGyTT0/iFL+yLQkmSXcxWZ8VON2w="; 13 19 }; 14 20 15 21 nativeBuildInputs = [ pkg-config ]; ··· 21 27 prePatch = '' 22 28 substituteInPlace hooks/dhcpcd-run-hooks.in --replace /bin/sh ${runtimeShell} 23 29 ''; 24 - 25 - patches = [ 26 - (fetchpatch { 27 - name = "?id=114870290a8d3d696bc4049c32eef3eed03d6070"; 28 - url = "https://roy.marples.name/git/dhcpcd/commitdiff_plain/114870290a8d3d696bc4049c32eef3eed03d6070"; 29 - sha256 = "0kzpwjh2gzvl5lvlnw6lis610p67nassk3apns68ga2pyxlky8qb"; 30 - }) 31 - ]; 32 30 33 31 preConfigure = "patchShebangs ./configure"; 34 32 35 33 configureFlags = [ 36 34 "--sysconfdir=/etc" 37 35 "--localstatedir=/var" 36 + ] 37 + ++ lib.optionals enablePrivSep [ 38 + "--enable-privsep" 39 + # dhcpcd disables privsep if it can't find the default user, 40 + # so we explicitly specify a user. 41 + "--privsepuser=dhcpcd" 38 42 ]; 39 43 40 44 makeFlags = [ "PREFIX=${placeholder "out"}" ]; ··· 45 49 46 50 # Check that the udev plugin got built. 47 51 postInstall = lib.optionalString (udev != null) "[ -e ${placeholder "out"}/lib/dhcpcd/dev/udev.so ]"; 52 + 53 + passthru.tests = { inherit (nixosTests.networking.scripted) macvlan dhcpSimple dhcpOneIf; }; 48 54 49 55 meta = with lib; { 50 56 description = "A client for the Dynamic Host Configuration Protocol (DHCP)";