diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 6cd59a95e63c6..4e6ed6b0a986b 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -306,6 +306,24 @@ The module update takes care of the new config syntax and the data itself (user - `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved for `root` and the `wheel` group. +- CoreDNS can now be built with external plugins by overriding `externalPlugins` and `vendorHash` arguments like this: + + ``` + services.coredns = { + enable = true; + package = pkgs.coredns.override { + externalPlugins = [ + {name = "fanout"; repo = "github.com/networkservicemesh/fanout"; version = "v1.9.1";} + ]; + vendorHash = ""; + }; + }; + ``` + + To get the necessary SRI hash, set `vendorHash = "";`. The build will fail and produce the correct `vendorHash` in the error message. + + If you use this feature, updates to CoreDNS may require updating `vendorHash` by following these steps again. + ## Nixpkgs internals {#sec-release-23.11-nixpkgs-internals} diff --git a/pkgs/servers/dns/coredns/default.nix b/pkgs/servers/dns/coredns/default.nix index 8c340e444737d..2dcfc538be45a 100644 --- a/pkgs/servers/dns/coredns/default.nix +++ b/pkgs/servers/dns/coredns/default.nix @@ -3,9 +3,16 @@ , buildGoModule , fetchFromGitHub , installShellFiles +, externalPlugins ? [] +, vendorHash ? "sha256-TvIswNQ7DL/MtYmMSxXf+VqKHcmzZVZwohOCvRWxBkY=" }: -buildGoModule rec { +let + attrsToPlugins = attrs: + builtins.map ({name, repo, version}: "${name}:${repo}") attrs; + attrsToSources = attrs: + builtins.map ({name, repo, version}: "${repo}@${version}") attrs; +in buildGoModule rec { pname = "coredns"; version = "1.11.0"; @@ -16,12 +23,32 @@ buildGoModule rec { sha256 = "sha256-Mn8hOsODTlnl6PJaevMcyIKkIx/1Lk2HGA7fSSizR20="; }; - vendorHash = "sha256-9LFwrG6RxZaCLxrNabdnq++U5Aw+d2w90Zqt/wszNTY="; + inherit vendorHash; nativeBuildInputs = [ installShellFiles ]; outputs = [ "out" "man" ]; + # Override the go-modules fetcher derivation to fetch plugins + modBuildPhase = '' + for plugin in ${builtins.toString (attrsToPlugins externalPlugins)}; do echo $plugin >> plugin.cfg; done + for src in ${builtins.toString (attrsToSources externalPlugins)}; do go get $src; done + go generate + go mod vendor + ''; + + modInstallPhase = '' + mv -t vendor go.mod go.sum plugin.cfg + cp -r --reflink=auto vendor "$out" + ''; + + preBuild = '' + chmod -R u+w vendor + mv -t . vendor/go.{mod,sum} vendor/plugin.cfg + + go generate + ''; + postPatch = '' substituteInPlace test/file_cname_proxy_test.go \ --replace "TestZoneExternalCNAMELookupWithProxy" \ @@ -29,6 +56,11 @@ buildGoModule rec { substituteInPlace test/readme_test.go \ --replace "TestReadme" "SkipReadme" + + # this test fails if any external plugins were imported. + # it's a lint rather than a test of functionality, so it's safe to disable. + substituteInPlace test/presubmit_test.go \ + --replace "TestImportOrdering" "SkipImportOrdering" '' + lib.optionalString stdenv.isDarwin '' # loopback interface is lo0 on macos sed -E -i 's/\blo\b/lo0/' plugin/bind/setup_test.go