Skip to content

linux: enable PERSISTENT_KEYRINGS and KEYS_REQUEST_CACHE#184770

Merged
lovesegfault merged 2 commits intoNixOS:masterfrom
NickCao:kernel-keyring
Oct 14, 2022
Merged

linux: enable PERSISTENT_KEYRINGS and KEYS_REQUEST_CACHE#184770
lovesegfault merged 2 commits intoNixOS:masterfrom
NickCao:kernel-keyring

Conversation

@NickCao
Copy link
Member

@NickCao NickCao commented Aug 2, 2022

PERSISTENT_KEYRINGS provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis.
KEYS_REQUEST_CACHE enable temporary caching of the last request_key() result.

Description of changes
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@github-actions github-actions bot added the 6.topic: kernel The Linux kernel label Aug 2, 2022
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 2501-5000 This PR causes many rebuilds on Linux and should target the staging branches. labels Aug 2, 2022
@NickCao NickCao marked this pull request as ready for review August 2, 2022 08:40
@NickCao
Copy link
Member Author

NickCao commented Aug 2, 2022

Result of nixpkgs-review pr 184770 run on x86_64-linux 1

1 package marked as broken and skipped:
  • linux_testing_bcachefs
3 packages failed to build:
  • linux_5_4_hardened
  • linux_latest-libre
  • linux_mptcp
9 packages built:
  • linux_4_14_hardened
  • linux_4_19_hardened
  • linux_5_10_hardened
  • linux_hardened (linux_5_15_hardened)
  • linux_5_18_hardened
  • linux_latest (linux_testing)
  • linux_xanmod
  • linux_xanmod_latest
  • linux_xanmod_tt

Failures seem unrelated.

@NickCao NickCao requested a review from NeQuissimus August 2, 2022 10:46
SuperSandro2000
SuperSandro2000 reviewed Aug 2, 2022
View reviewed changes
@NickCao NickCao mentioned this pull request Sep 12, 2022
Merged
13 tasks
@NickCao NickCao requested a review from vcunat September 12, 2022 07:23
@NickCao
linux: enable PERSISTENT_KEYRINGS and KEYS_REQUEST_CACHE
8db1ad7 
PERSISTENT_KEYRINGS provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis.
KEYS_REQUEST_CACHE enable temporary caching of the last request_key() result.
@NickCao
nixos/stratis: add test for encryption support
732950b
@github-actions github-actions bot added the 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS label Sep 16, 2022
@SuperSandro2000 SuperSandro2000 removed their request for review October 3, 2022 20:18
@lovesegfault
Copy link
Member

lovesegfault commented Oct 4, 2022
edited
Loading

Can you please provide some info on whether other distros enable this by default? In the past, we've looked at the default Debian, Fedora, and Arch kernel configs to support the request of new enabled configs.

@NickCao
Copy link
Member Author

NickCao commented Oct 4, 2022

Arch Linux: https://github.com/archlinux/svntogit-packages/blob/230ed05b6ffabad326468e605affabb904b25e01/trunk/config#L10232-L10233
Fedora: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_4830

@NickCao NickCao requested a review from lovesegfault October 14, 2022 07:10
@lovesegfault lovesegfault merged commit 71f2836 into NixOS:master Oct 14, 2022
@NickCao NickCao deleted the kernel-keyring branch October 14, 2022 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@NeQuissimus NeQuissimus Awaiting requested review from NeQuissimus

@alyssais alyssais Awaiting requested review from alyssais

@vcunat vcunat Awaiting requested review from vcunat

@lovesegfault lovesegfault Awaiting requested review from lovesegfault

Assignees

No one assigned

Labels

6.topic: kernel The Linux kernel 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 2501-5000 This PR causes many rebuilds on Linux and should target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NickCao @lovesegfault @SuperSandro2000