From 0b2fd04c0cc55211a5ada9221a2a0e9bac275c78 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Mon, 15 Apr 2024 12:21:00 +0200 Subject: [PATCH 1/2] frr: 9.1 -> 10.0 Release notes: https://github.com/FRRouting/frr/releases/tag/frr-10.0 Breaking changes relevant for NixOS: - bgpd: Enable enforce-first-as by default for BGP -> may disable for RR Some Notable changes: - BGP RPKI VRF support - Introduce local host routes Notable fixes: - Fix crash in OSPF TE parsing Signed-off-by: Markus Theil --- pkgs/servers/frr/default.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/pkgs/servers/frr/default.nix b/pkgs/servers/frr/default.nix index d4adb5ed34faa4a..ba1f46414f6a192 100644 --- a/pkgs/servers/frr/default.nix +++ b/pkgs/servers/frr/default.nix @@ -86,24 +86,15 @@ lib.warnIf (!(stdenv.buildPlatform.canExecute stdenv.hostPlatform)) stdenv.mkDerivation rec { pname = "frr"; - version = "9.1"; + version = "10.0"; src = fetchFromGitHub { owner = "FRRouting"; repo = pname; rev = "${pname}-${version}"; - hash = "sha256-oDPr51vI+tlT1IiUPufmZh/UE0TNKWrn4RqpnGoGxNo="; + hash = "sha256-vvh9z2hmjvAA7OXgrUmlcrrTE5MRedZzfmhX5FEDKwE="; }; - patches = [ - # fixes crash in OSPF TE parsing - (fetchpatch { - name = "CVE-2024-27913.patch"; - url = "https://github.com/FRRouting/frr/commit/541503eecd302d2cc8456167d130014cd2cf1134.patch"; - hash = "sha256-7NxPlQK/6lbLs/NqNi4OZ2uBWfXw99SiXDR6okNvJlg="; - }) - ]; - nativeBuildInputs = [ autoreconfHook bison From 650b034813ac22bb263f2d278ef558fea431ce18 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Mon, 13 May 2024 16:17:45 +0200 Subject: [PATCH 2/2] doc/release-notes: add frr 10.0 BGP Signed-off-by: Markus Theil --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 14143c3037c619c..7ac0fc579bb021a 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -435,6 +435,8 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used. Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory. +- `frr` was updated to 10.0, which introduces the default of `enforce-first-as` for BGP. Please disable again if needed. + - `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`. This was done so that secrets aren't stored in the world-readable nix store. To migrate, you will have to create a file with the same exact string, and change