-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
frr: 9.1 -> 10.0 #304232
frr: 9.1 -> 10.0 #304232
Conversation
The "breaking changes" have to be understood. #274425 has to be reviewed/merged. |
@woffs What's your opinion regarding the breaking changes list? |
Probably need some movement on this because of |
Actually I notice the respective PRs for two of those CVEs haven't even been merged yet.. |
per-daemon conf has to be replaced by unified config. this has to be reworked in the module, but seems to simplify things. |
FRR 10.0 also works fine with per-daemon config files in the NixOS setting. It is just not able to write them back to disk after changes in vtysh/mgmtd (which is nevertheless not possible on NixOS due to read-only config out of the store). I'd not change anything in the module for 10.0. Unifying the config to a single frr.conf will at least break user configs with the same route-map or prefix list names in different per-daemon config. Let's justs state multiple config files as deprecated and unify them in the future otherwise it IMHO breaks config without necessity. |
Seems OK to me, but needs a release note if |
Done |
Release notes: https://github.com/FRRouting/frr/releases/tag/frr-10.0 Breaking changes relevant for NixOS: - bgpd: Enable enforce-first-as by default for BGP -> may disable for RR Some Notable changes: - BGP RPKI VRF support - Introduce local host routes Notable fixes: - Fix crash in OSPF TE parsing Signed-off-by: Markus Theil <[email protected]>
Signed-off-by: Markus Theil <[email protected]>
Rebased to address merge conflict in release notes |
@thillux What's the plan to address the security issues in 23.11? |
The plan is to address the security issues in 23.11 and unstable/24.05 when they have landed upstream. See e.g. FRRouting/frr#15674 which is an unmerged fix for CVE-2024-31951. |
}; | ||
|
||
patches = [ | ||
# fixes crash in OSPF TE parsing | ||
(fetchpatch { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a pressing issue but it was forgotten to remove fetchpatch from the inputs.
Description of changes
Release notes: https://github.com/FRRouting/frr/releases/tag/frr-10.0
Breaking changes:
Currently WIP, opened for possible discussion.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.