Skip to content

headscale: backport BaseDomain and ServerURL checks#358255

Merged
wolfgangwalther merged 1 commit intoNixOS:masterfrom
motiejus:headscale-backport-serverurl
Jan 3, 2025
Merged

headscale: backport BaseDomain and ServerURL checks#358255
wolfgangwalther merged 1 commit intoNixOS:masterfrom
motiejus:headscale-backport-serverurl

Conversation

@motiejus
Copy link
Contributor

@motiejus motiejus commented Nov 22, 2024
edited
Loading

Currently users upgrading from 24.05 to 24.11 may stumble across an overly-restrictive BaseURL and ServerURL check in headscale1.

A fix has been merged upstream2, this is backport, so users can have it easier upgrading from 24.05 to 24.11 or unstable.

The patch does not apply cleanly on v0.23.0, so putting it here instead.

Supersedes #357969, this will be backported to 24.11 with a tag.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@motiejus motiejus requested a review from kradalby November 22, 2024 21:42
@motiejus motiejus mentioned this pull request Nov 22, 2024
Closed
13 tasks
@motiejus motiejus marked this pull request as ready for review November 22, 2024 21:43
@motiejus motiejus force-pushed the headscale-backport-serverurl branch from 7b6c732 to 454d3e9 Compare November 22, 2024 21:45
@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Nov 23, 2024
wolfgangwalther
wolfgangwalther reviewed Dec 10, 2024
View reviewed changes
@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Dec 10, 2024

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 358255

x86_64-linux

✅ 1 package built:
  • headscale

x86_64-darwin

❌ 1 package failed to build:
  • headscale

aarch64-darwin

❌ 1 package failed to build:
  • headscale

Are the darwin failures expected?

@motiejus
Copy link
Contributor Author

motiejus commented Dec 10, 2024

Are the darwin failures expected?

Not sure. The paches are not related to Darwin, but the package seems to be not excluded from it (and I don't see why it shouldn't).

I'll try rebasing, maybe something had changed in the meanwhile.

@motiejus
headscale: backport BaseDomain and ServerURL checks
f1bdc12 
Currently users upgrading from 24.05 to 24.11 may stumble across an
overly-restrictive BaseURL and ServerURL check in headscale[1].

A fix has been merged upstream[2], this is backport, so users can have
it easier upgrading from 24.05 to 24.11 or unstable.

The patch does not apply cleanly on v0.23.0, so putting it here instead.

Supersedes NixOS#357969, this will be backported to 24.11 with a tag.

[1]: juanfont/headscale#2210
[2]: juanfont/headscale#2248
@motiejus motiejus force-pushed the headscale-backport-serverurl branch from 454d3e9 to f1bdc12 Compare December 10, 2024 18:59
@github-actions github-actions bot removed 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Dec 10, 2024
@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Dec 10, 2024

Are the darwin failures expected?

Seems to be a sandbox related failure that happens on master, too, so not a blocker.

@ofborg ofborg bot added 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Dec 11, 2024
@totoroot
Copy link
Contributor

totoroot commented Jan 3, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 358255

x86_64-linux

✅ 1 package built:
  • headscale

@totoroot
Copy link
Contributor

totoroot commented Jan 3, 2025

Ran into this while upgrading. Can we get this merged please :)

@wolfgangwalther wolfgangwalther merged commit 12055dc into NixOS:master Jan 3, 2025
1 check passed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Jan 3, 2025

Successfully created backport PR for release-24.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Jan 3, 2025
Merged
1 task
@motiejus motiejus deleted the headscale-backport-serverurl branch January 3, 2025 21:32
@mtoohey31 mtoohey31 mentioned this pull request Jan 7, 2025
Closed
SuperSandro2000
SuperSandro2000 reviewed Jan 9, 2025
View reviewed changes
pkgs/servers/headscale/default.nix
};

# Merged post-v0.23.0, so should be removed with next release.
patches = [ ./patches/config-loosen-up-BaseDomain-and-ServerURL-checks.patch ];
Copy link
Member

@SuperSandro2000 SuperSandro2000 Jan 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

patches don't need to be in a subdirectory

@motiejus motiejus mentioned this pull request Jan 16, 2025
Merged
13 tasks
@motiejus
Copy link
Contributor Author

motiejus commented Jan 16, 2025

Here is a follow-up that removes the Nix assertion: #374374

motiejus added a commit to motiejus/nixpkgs that referenced this pull request Jan 17, 2025
@motiejus
nixos/headscale: remove much-loosened-up server_url check
de0a499 
server_url check [has been loosened upstream][1] and backported to
NixOS[2]. The new, much looser check, is not practical to be implemented
in Nix (you are welcome to give it a try; I've implemented the original
one).

Since the surface area is much smaller now (and the scenario much less
common), I think we can remove this assertion altogether.

[1]: juanfont/headscale#2248
[2]: NixOS#358255
nixpkgs-ci bot pushed a commit that referenced this pull request Jan 17, 2025
@motiejus @github-actions
nixos/headscale: remove much-loosened-up server_url check
0889792 
server_url check [has been loosened upstream][1] and backported to
NixOS[2]. The new, much looser check, is not practical to be implemented
in Nix (you are welcome to give it a try; I've implemented the original
one).

Since the surface area is much smaller now (and the scenario much less
common), I think we can remove this assertion altogether.

[1]: juanfont/headscale#2248
[2]: #358255

(cherry picked from commit de0a499)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@wolfgangwalther wolfgangwalther wolfgangwalther left review comments

@kradalby kradalby Awaiting requested review from kradalby

@NKJe NKJe Awaiting requested review from NKJe

@06kellyjac 06kellyjac Awaiting requested review from 06kellyjac

@ghuntley ghuntley Awaiting requested review from ghuntley

@Misterio77 Misterio77 Awaiting requested review from Misterio77

Assignees

No one assigned

Labels

10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@motiejus @wolfgangwalther @totoroot @SuperSandro2000