profile
viewpoint

danderson/gobox 13

Trivial CLI wrapper around go.crypto/nacl/box. Easy secure public key authenticated encryption.

danderson/docker-containers 4

Docker containers that I use. Nothing inspiring, just stuff I needed.

danderson/damnitisp 1

Automatically exported from code.google.com/p/damnitisp

danderson/go.universe.tf 1

The "website" for go.universe.tf

danderson/img 1

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

danderson/ansible 0

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications — automate in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com/ansible/

danderson/caddy-builder 0

Travis-based Debian package builder for Caddy, for deployment to my personal servers.

push eventtailscale/tailscale

David Anderson

commit sha c14bc028ac887658bd4c68b8e01775636e1d747a

cmd/microproxy: tiny TLS proxy that borrows autocert x509 certs.

view details

push time in 7 hours

pull request commentNixOS/nixpkgs

nixos/pixiecore: init

Port 69 is TFTP. Pixiecore does a fairly elaborate chainloading operation (described in https://github.com/danderson/netboot/blob/master/pixiecore/README.booting.md) to ensure that it works with the widest possible variety of weird and broken firmwares.

TL;DR: a PXE-booting client hits port 67 for DHCP, then port 4011 (BINL, an MS proprietary fork of PXE but that's a de-facto standard), then port 69 (TFTP to download iPXE with HTTP support), then the HTTP port (to finally download boot instructions, kernel+initrd, and finish the netboot).

bbigras

comment created time in 3 days

issue openedtailscale/tailscale

Add an "about" screen to the windows applet

Requested in #202, some way to see the version info within the app.

Also mentioned the tailscale-ipn.exe version seems to be hardcoded at 0.0.0.1. Unclear where that's coming from, perhaps something in the NSIS logic?

cc @apenwarr for Windows wisdom.

created time in 3 days

issue closedtailscale/tailscale

Raspberrypi 4: tailscaled.sock: connect: no such file or directory

Hi,

No luck getting tailscale to work on my Raspberrypi 4.

The same error below goes for stable vs unstable builds, tried both.

Here is the latest unstable build attempt. Has not changed in days.

Installs fine, but when I try to then run it:

sudo tailscale up
[sudo] password for pi: 
logtail started
Program starting: v0.97-38-ga4b33970: []string{"tailscale", "up"}
LogID: ddb9dc397b87fb08f7820212323fa79386499adf91dd1840978f138d682ed272
Failed to connect to connect to tailscaled. (safesocket.Connect: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory)

To Reproduce Steps to reproduce the behavior:

  1. Following guide @ https://tailscale.com/kb/1043/install-raspbian-buster
  2. Errors out @ Step 4

Expected behavior Expected for tailscale to run and give the url for first time login

Version information:

  • Raspberrypi 4
  • Linux raspberrypi 4.19.75-v7l+ #1270 SMP Tue Sep 24 18:51:41 BST 2019 armv7l GNU/Linux
  • Tailscale v0.97-38-ga4b33970

closed time in 3 days

war59312

issue commenttailscale/tailscale

Raspberrypi 4: tailscaled.sock: connect: no such file or directory

Mac being unable to ping itself is a known quirk of how mac implements VPN support (basically our network engine runs in a little sandboxed universe managed by macOS, and macOS is in charge of the routing between the OS and that sandbox... And for some reason self-pings don't work). It's on our list to figure out if we can work around it, but for now that's "working as designed" from macOS's POV.

Glad to hear it's all working now! We definitely made huge improvements to connectivity in the last few weeks, so I'm not surprised upgrading the older nodes helped a bunch.

I'll open a new bug for the Windows about screen and version stuff. I wouldn't be surprised to find a // TODO in there about that, we got popular a little ahead of schedule and have been catching up since.

war59312

comment created time in 3 days

pull request commenttailscale/tailscale

cmd/tailscale: add status subcommand

grump reviewable defaulting to publish&block.

LGTM. Some comments/questions, but proceed at your discretion

bradfitz

comment created time in 4 days

delete branch danderson/nixpkgs

delete branch : tailscale-19.09

delete time in 4 days

push eventtailscale/tailscale

David Anderson

commit sha 80261b02ba4224d6324af7223e4cd0ebb7775055

testy: make safe for concurrent use. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 5 days

push eventtailscale/tailscale

David Anderson

commit sha 1fdadf06f15df17d78375b9ef8b195522e8d8b24

testy: don't give Clock.Step==0 magical behavior. Turns out it's sometimes useful to stop time entirely. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 5 days

issue openedtailscale/tailscale

Alpine Linux packages

Requested by user: build Alpine Linux apks.

Main question I don't know the answer to yet is how serving apk repositories works.

created time in 5 days

issue openedtailscale/tailscale

Switch logtail to send concatenated JSON

logtail currently submits batches of log entries as a single JSON array. This makes it a bit annoying to decode on the server side, because we have to do a bit of a dance to do a streaming decode.

We should make logtail instead use "concatenated JSON", i.e. a sequence of standalone JSON blobs with no separators. This is trivial to decode incrementally with the stdlib JSON decoder.

created time in 5 days

issue openedtailscale/tailscale

distribute a "node epoch" via control

As we're preparing to turn off eager handshaking, restarting tailscaled suddenly has a larger effect on connectivity. Witness hello.ipn.dev:

  • I'm pinging it, everything's fine. My tailscaled handshaked on first packet out, we have session keys, everything's lovely.
  • I restart tailscaled on hello.ipn.dev. Naturally, it forgets all its negotiated session keys. It comes back up, syncs with control, and sits there, waiting for people to handshake with it.
  • Meanwhile, my laptop's still sending pings using the old session key (they get dropped at the receiving end, naturally), and wondering why nothing's coming back. WireGuard by design has no way for us to say "yo I don't know who you are or what you're doing, handshake me"
  • Eventually, my laptop's tailscaled hits the key rotation timer, re-handshakes, and pings start flowing again.

IOW, every tailscaled restart is now potentially up to 2 minutes of downtime before we re-establish.

A common distributed systems way of solving this is epochs: each client reports some epoch number. We could just use a random int64 generated on startup. If you receive a netmap and a peer's epoch has changed, you immediately know that its session keys have been trashed, and you should immediately expire your timers and re-handshake (with some jitter to desynchronize clients from control's simultaneous notification).

Alternatively, we have to guarantee that control will always deliver a sequence of netmaps in which the peer is entirely removed, then added back, and rely on our reconfiguration of wgengine to reset timers. But I'd prefer to have some explicit notion that "hey this client may look the same as before, but it's not". Among other things, it gives us the option to implement debouncing in control to reduce update rates, without breaking client semantics.

cc @crawshaw @bradfitz thoughts?

created time in 6 days

issue commenttailscale/tailscale

data race

#225 is another facet of the same problem, which is that NativeEndpoint is super unsafe and racey, and needs a ground-up rewrite.

bradfitz

comment created time in 6 days

issue openedtailscale/tailscale

wireguard-go data race

tl;dr: conn_linux.go needs a full rewrite. It's very racey and basically not possible to use safely. I could have fixed this one particular race (UpdateDst touching stuff without locking, and fmt.* printing the struct with reflection, also without locking), but that would be a band-aid for what needs to be a bigger surgery.

So, filing until I pop back up a few levels of yak shave.

Write at 0x00c00038e368 by goroutine 92:
116
  github.com/tailscale/wireguard-go/conn.(*NativeEndpoint).UpdateDst()
117
      /home/runner/work/corp/corp/wireguard-go/conn/conn_linux.go:103 +0x4dd
118
  github.com/tailscale/wireguard-go/device.(*Peer).SetEndpointAddress()
119
      /home/runner/work/corp/corp/wireguard-go/device/peer.go:335 +0x18f
120
  github.com/tailscale/wireguard-go/device.(*Device).RoutineHandshake()
121
      /home/runner/work/corp/corp/wireguard-go/device/receive.go:453 +0xea8
122

123
Previous read at 0x00c00038e368 by goroutine 101:
124
  fmt.(*pp).printValue()
125
      /opt/hostedtoolcache/go/1.13.7/x64/src/reflect/value.go:1914 +0x36a3
126
  fmt.(*pp).printValue()
127
      /opt/hostedtoolcache/go/1.13.7/x64/src/fmt/print.go:869 +0xec7
128
  fmt.(*pp).printValue()
129
      /opt/hostedtoolcache/go/1.13.7/x64/src/fmt/print.go:810 +0x283f
130
  fmt.(*pp).printValue()
131
      /opt/hostedtoolcache/go/1.13.7/x64/src/fmt/print.go:880 +0x25da
132
  fmt.(*pp).printArg()
133
      /opt/hostedtoolcache/go/1.13.7/x64/src/fmt/print.go:716 +0x2ee
134
  fmt.(*pp).doPrintf()
135
      /opt/hostedtoolcache/go/1.13.7/x64/src/fmt/print.go:1030 +0x312
136
  fmt.Sprintf()
137
      /opt/hostedtoolcache/go/1.13.7/x64/src/fmt/print.go:219 +0x73
138
  log.(*Logger).Printf()
139
      /opt/hostedtoolcache/go/1.13.7/x64/src/log/log.go:179 +0x64
140
  github.com/tailscale/wireguard-go/device.(*Peer).SendHandshakeInitiation()
141
      /home/runner/work/corp/corp/wireguard-go/device/send.go:152 +0x2fe

created time in 6 days

push eventtailscale/tailscale

David Anderson

commit sha dbca186a6456b73e747bb665159ea03d212b8cd6

stunner: fix data race. In very low-latency conditions, a STUN request can complete before the startup loop has finished firing off goroutines, leading to a concurrent map mutation.

view details

push time in 6 days

Pull request review commentNixOS/nixpkgs

nixos/pixiecore: init

+{ config, lib, pkgs, ... }:++with lib;++let+  cfg = config.services.pixiecore;+in+{

Add a meta here, with at least maintainers.

(per my comment on the derivation, you're welcome to put me as backup maintainer here too)

bbigras

comment created time in 6 days

Pull request review commentNixOS/nixpkgs

nixos/pixiecore: init

+{ config, lib, pkgs, ... }:++with lib;++let+  cfg = config.services.pixiecore;+in+{+  options = {+    services.pixiecore = {+      enable = mkEnableOption "Pixiecore";++      openFirewall = mkOption {+        type = types.bool;+        default = true;

(chanelling IRC discussion) Default here should be false. Except SSH, NixOS doesn't openFirewall by default, even if the module is enabled.

bbigras

comment created time in 6 days

Pull request review commentNixOS/nixpkgs

nixos/pixiecore: init

+{ config, lib, pkgs, ... }:++with lib;++let+  cfg = config.services.pixiecore;+in+{+  options = {+    services.pixiecore = {+      enable = mkEnableOption "Pixiecore";++      openFirewall = mkOption {+        type = types.bool;+        default = true;+        description = ''+          Open ports in the firewall for Pixiecore.+        '';+      };++      mode = mkOption {+        description = "Which mode to use";+        type = types.enum [ "api" "boot" ];+      };++      debug = mkOption {+        type = types.bool;+        default = false;+        description = "Log more things that aren't directly related to booting a recognized client";+      };++      dhcpNoBind = mkOption {+        type = types.bool;+        default = false;+        description = "Handle DHCP traffic without binding to the DHCP server port";+      };++      kernel = mkOption {+        type = types.str;+        default = "";+        description = "Kernel path. Ignored unless mode is set to 'boot'";+      };++      initrd = mkOption {+        type = types.str;+        default = "";+        description = "Initrd path. Ignored unless mode is set to 'boot'";+      };++      cmdLine = mkOption {+        type = types.str;+        description = "Kernel commandline arguments. Ignored unless mode is set to 'boot'";+      };++      listen = mkOption {+        type = types.str;+        default = "0.0.0.0";+        description = "IPv4 address to listen on";+      };++      port = mkOption {+        type = types.port;+        default = 80;+        description = "Port to listen on for HTTP";+      };++      statusPort = mkOption {+        type = types.port;+        default = 80;+        description = "HTTP port for status information (can be the same as --port)";+      };++      apiServer = mkOption {+        type = types.str;+        example = "127.0.0.1:8080";+        description = "IPv4 address with port of the API. Ignored unless mode is set to 'api'";+      };++      extraArguments = mkOption {+        type = types.listOf types.str;+        default = [];+        description = "Additional command line arguments to pass to Pixiecore";+      };+    };+  };++  config = mkIf cfg.enable {+    networking.firewall = mkIf cfg.openFirewall {+      allowedTCPPorts = [ 4011 cfg.port cfg.statusPort ];+      allowedUDPPorts = [ 67 69 ];+    };++    systemd.services.pixiecore = {+      description = "Pixiecore server";+      after = [ "network.target"];+      wants = [ "network.target"];+      wantedBy = [ "multi-user.target"];+      serviceConfig = {+        Type="simple";+        PIDFile="/run/pixiecore.pid";+        DynamicUser="yes";

DynamicUser might make it tricky for Pixiecore to read kernel/initrd/etc. files from whatever location the user pointed at above. They'd have to make the files world-readable, since there's no predictable identity to grant access to. Maybe preferable to create a stable system user?

bbigras

comment created time in 6 days

Pull request review commentNixOS/nixpkgs

nixos/pixiecore: init

+{ config, lib, pkgs, ... }:++with lib;++let+  cfg = config.services.pixiecore;+in+{+  options = {+    services.pixiecore = {+      enable = mkEnableOption "Pixiecore";++      openFirewall = mkOption {+        type = types.bool;+        default = true;+        description = ''+          Open ports in the firewall for Pixiecore.+        '';+      };++      mode = mkOption {+        description = "Which mode to use";+        type = types.enum [ "api" "boot" ];+      };++      debug = mkOption {+        type = types.bool;+        default = false;+        description = "Log more things that aren't directly related to booting a recognized client";+      };++      dhcpNoBind = mkOption {+        type = types.bool;+        default = false;+        description = "Handle DHCP traffic without binding to the DHCP server port";+      };++      kernel = mkOption {+        type = types.str;+        default = "";+        description = "Kernel path. Ignored unless mode is set to 'boot'";+      };++      initrd = mkOption {+        type = types.str;+        default = "";+        description = "Initrd path. Ignored unless mode is set to 'boot'";+      };++      cmdLine = mkOption {+        type = types.str;+        description = "Kernel commandline arguments. Ignored unless mode is set to 'boot'";+      };++      listen = mkOption {+        type = types.str;+        default = "0.0.0.0";+        description = "IPv4 address to listen on";+      };++      port = mkOption {+        type = types.port;+        default = 80;+        description = "Port to listen on for HTTP";+      };++      statusPort = mkOption {+        type = types.port;+        default = 80;+        description = "HTTP port for status information (can be the same as --port)";+      };++      apiServer = mkOption {+        type = types.str;+        example = "127.0.0.1:8080";+        description = "IPv4 address with port of the API. Ignored unless mode is set to 'api'";

This can be a host:port too, it's "whatever Go accepts when dialing an HTTP server".

bbigras

comment created time in 6 days

Pull request review commentNixOS/nixpkgs

nixos/pixiecore: init

+{ config, lib, pkgs, ... }:++with lib;++let+  cfg = config.services.pixiecore;+in+{+  options = {+    services.pixiecore = {+      enable = mkEnableOption "Pixiecore";++      openFirewall = mkOption {+        type = types.bool;+        default = true;+        description = ''+          Open ports in the firewall for Pixiecore.+        '';+      };++      mode = mkOption {+        description = "Which mode to use";+        type = types.enum [ "api" "boot" ];+      };++      debug = mkOption {+        type = types.bool;+        default = false;+        description = "Log more things that aren't directly related to booting a recognized client";+      };++      dhcpNoBind = mkOption {+        type = types.bool;+        default = false;+        description = "Handle DHCP traffic without binding to the DHCP server port";+      };++      kernel = mkOption {+        type = types.str;+        default = "";+        description = "Kernel path. Ignored unless mode is set to 'boot'";+      };++      initrd = mkOption {+        type = types.str;+        default = "";+        description = "Initrd path. Ignored unless mode is set to 'boot'";+      };++      cmdLine = mkOption {+        type = types.str;+        description = "Kernel commandline arguments. Ignored unless mode is set to 'boot'";+      };++      listen = mkOption {+        type = types.str;+        default = "0.0.0.0";+        description = "IPv4 address to listen on";+      };++      port = mkOption {+        type = types.port;+        default = 80;+        description = "Port to listen on for HTTP";+      };++      statusPort = mkOption {+        type = types.port;+        default = 80;+        description = "HTTP port for status information (can be the same as --port)";+      };++      apiServer = mkOption {+        type = types.str;+        example = "127.0.0.1:8080";+        description = "IPv4 address with port of the API. Ignored unless mode is set to 'api'";+      };++      extraArguments = mkOption {+        type = types.listOf types.str;+        default = [];+        description = "Additional command line arguments to pass to Pixiecore";+      };+    };+  };++  config = mkIf cfg.enable {+    networking.firewall = mkIf cfg.openFirewall {+      allowedTCPPorts = [ 4011 cfg.port cfg.statusPort ];+      allowedUDPPorts = [ 67 69 ];+    };++    systemd.services.pixiecore = {+      description = "Pixiecore server";+      after = [ "network.target"];+      wants = [ "network.target"];+      wantedBy = [ "multi-user.target"];+      serviceConfig = {+        Type="simple";+        PIDFile="/run/pixiecore.pid";

I don't think you need this. Pixiecore doesn't write out a PID file, so this file will never be populated, and will just confuse systemd and users.

bbigras

comment created time in 6 days

Pull request review commentNixOS/nixpkgs

nixos/pixiecore: init

+{ stdenv, buildGoModule, fetchFromGitHub }:++buildGoModule rec {+  pname = "pixiecore";+  version = "2020-03-25";+  rev = "68743c67a60c18c06cd21fd75143e3e069ca3cfc";++  src = fetchFromGitHub {+    owner = "danderson";+    repo = "netboot";+    inherit rev;+    sha256 = "14dslmx3gk08h9gqfjw5y27x7d2c6r8ir7mjd7l9ybysagpzr02a";+  };++  modSha256 = "1waqaglm6f9zy5296z309ppkck2vmydhk9gjnxrgzmhqld5lcq4f";+  subPackages = [ "cmd/pixiecore" ];++  meta = {+    description = "A tool to manage network booting of machines";+    homepage = "https://github.com/danderson/netboot/tree/master/pixiecore";+    license =  stdenv.lib.licenses.asl20;+    maintainers = with stdenv.lib.maintainers; [ bbigras ];

Hi! Pixiecore author here :)

You can add me as a maintainer as well (danderson, already in maintainers list), to increase bus factor.

bbigras

comment created time in 6 days

issue commenttailscale/tailscale

magicsock: seeing IPv6 roaming from fe80:...%ens18

It's not clear to me how we managed to end up roaming to a link-local address though, if magicsock is not spreading those. How did we end up transmitting from that addr?

bradfitz

comment created time in 6 days

issue commenttailscale/tailscale

magicsock: seeing IPv6 roaming from fe80:...%ens18

Yeah, link-local is, well, link-local :) Potentially overlapping namespaces on each L2 segment.

Peering over link-local where available would be fairly slick, although it will require us to carry a full https://golang.org/pkg/net/#UDPAddr or equivalent around with us (note the Zone field).

bradfitz

comment created time in 6 days

push eventtailscale/tailscale

David Anderson

commit sha cbd8aceb95e895e106b158082cd794b9ff73b25f

go.mod: bump wireguard-go version. Fixes #219. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 6 days

issue closedtailscale/tailscale

magicsock data race

Found by CI. Triggers infrequently.

2020-03-25T17:45:24.3688273Z redo    oss/wgengine/magicsock/testrace
2020-03-25T17:45:24.3688618Z ==================
2020-03-25T17:45:24.3688963Z WARNING: DATA RACE
2020-03-25T17:45:24.3689322Z Read at 0x00c00007cc80 by goroutine 75:
2020-03-25T17:45:24.3690642Z   github.com/tailscale/wireguard-go/device.deviceUpdateState()
2020-03-25T17:45:24.3691447Z       /home/runner/work/corp/corp/wireguard-go/device/device.go:163 +0x38e
2020-03-25T17:45:24.3692102Z   github.com/tailscale/wireguard-go/device.(*Device).Up()
2020-03-25T17:45:24.3692942Z       /home/runner/work/corp/corp/wireguard-go/device/device.go:204 +0x79
2020-03-25T17:45:24.3693645Z   github.com/tailscale/wireguard-go/device.(*Device).RoutineTUNEventReader()
2020-03-25T17:45:24.3694303Z       /home/runner/work/corp/corp/wireguard-go/device/tun.go:44 +0x30c
2020-03-25T17:45:24.3694617Z 
2020-03-25T17:45:24.3695003Z Previous write at 0x00c00007cc80 by goroutine 57:
2020-03-25T17:45:24.3695619Z   github.com/tailscale/wireguard-go/device.(*Device).Reconfig()
2020-03-25T17:45:24.3696508Z       /home/runner/work/corp/corp/wireguard-go/device/config.go:124 +0xc61
2020-03-25T17:45:24.3697362Z   tailscale.com/wgengine/magicsock.TestTwoDevicePing()
2020-03-25T17:45:24.3697882Z       /home/runner/work/corp/corp/oss/wgengine/magicsock/magicsock_test.go:327 +0xf8e
2020-03-25T17:45:24.3698298Z   testing.tRunner()
2020-03-25T17:45:24.3698779Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:909 +0x199
2020-03-25T17:45:24.3699091Z 
2020-03-25T17:45:24.3699497Z Goroutine 75 (running) created at:
2020-03-25T17:45:24.3700173Z   github.com/tailscale/wireguard-go/device.NewDevice()
2020-03-25T17:45:24.3700939Z       /home/runner/work/corp/corp/wireguard-go/device/device.go:405 +0x61d
2020-03-25T17:45:24.3701456Z   tailscale.com/wgengine/magicsock.TestTwoDevicePing()
2020-03-25T17:45:24.3701967Z       /home/runner/work/corp/corp/oss/wgengine/magicsock/magicsock_test.go:320 +0xf5a
2020-03-25T17:45:24.3702398Z   testing.tRunner()
2020-03-25T17:45:24.3702865Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:909 +0x199
2020-03-25T17:45:24.3703188Z 
2020-03-25T17:45:24.3703599Z Goroutine 57 (running) created at:
2020-03-25T17:45:24.3703997Z   testing.(*T).Run()
2020-03-25T17:45:24.3704827Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:960 +0x651
2020-03-25T17:45:24.3705326Z   testing.runTests.func1()
2020-03-25T17:45:24.3706515Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:1202 +0xa6
2020-03-25T17:45:24.3707062Z   testing.tRunner()
2020-03-25T17:45:24.3707618Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:909 +0x199
2020-03-25T17:45:24.3708029Z   testing.runTests()
2020-03-25T17:45:24.3708581Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:1200 +0x521
2020-03-25T17:45:24.3709065Z   testing.(*M).Run()
2020-03-25T17:45:24.3710332Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:1117 +0x2ff
2020-03-25T17:45:24.3710773Z   main.main()
2020-03-25T17:45:24.3711174Z       _testmain.go:54 +0x223
2020-03-25T17:45:24.3711593Z ==================

closed time in 6 days

danderson

push eventtailscale/wireguard-go

David Anderson

commit sha bd634ffe2ded086b9062994802049be570387f75

device: fix data race accessing persistentKeepaliveInterval. Signed-off-by: David Anderson <danderson@tailscale.com>

view details

push time in 6 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

Technically, Go code can read the build ID, and could branch on it. I can't think of any reasonable justification for doing that though.

This is mostly a curiosity investigation, yes. Unfortunately it's stalled because all my Go team experts are overloaded due to *waves generally at everything*, so I'm not going to pursue this further right now. I've made a note in my nix contrib todo that I want to investigate making buildGoModule more strictly deterministic, even in the face of changing build roots (which is the current suspect cause).

But if you're okay with the rebuild resulting in different build IDs being burned into the binaries, I'm good with merging this as-is.

danderson

comment created time in 6 days

issue openedtailscale/tailscale

magicsock data race

Found by CI. Triggers infrequently.

2020-03-25T17:45:24.3688273Z redo    oss/wgengine/magicsock/testrace
2020-03-25T17:45:24.3688618Z ==================
2020-03-25T17:45:24.3688963Z WARNING: DATA RACE
2020-03-25T17:45:24.3689322Z Read at 0x00c00007cc80 by goroutine 75:
2020-03-25T17:45:24.3690642Z   github.com/tailscale/wireguard-go/device.deviceUpdateState()
2020-03-25T17:45:24.3691447Z       /home/runner/work/corp/corp/wireguard-go/device/device.go:163 +0x38e
2020-03-25T17:45:24.3692102Z   github.com/tailscale/wireguard-go/device.(*Device).Up()
2020-03-25T17:45:24.3692942Z       /home/runner/work/corp/corp/wireguard-go/device/device.go:204 +0x79
2020-03-25T17:45:24.3693645Z   github.com/tailscale/wireguard-go/device.(*Device).RoutineTUNEventReader()
2020-03-25T17:45:24.3694303Z       /home/runner/work/corp/corp/wireguard-go/device/tun.go:44 +0x30c
2020-03-25T17:45:24.3694617Z 
2020-03-25T17:45:24.3695003Z Previous write at 0x00c00007cc80 by goroutine 57:
2020-03-25T17:45:24.3695619Z   github.com/tailscale/wireguard-go/device.(*Device).Reconfig()
2020-03-25T17:45:24.3696508Z       /home/runner/work/corp/corp/wireguard-go/device/config.go:124 +0xc61
2020-03-25T17:45:24.3697362Z   tailscale.com/wgengine/magicsock.TestTwoDevicePing()
2020-03-25T17:45:24.3697882Z       /home/runner/work/corp/corp/oss/wgengine/magicsock/magicsock_test.go:327 +0xf8e
2020-03-25T17:45:24.3698298Z   testing.tRunner()
2020-03-25T17:45:24.3698779Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:909 +0x199
2020-03-25T17:45:24.3699091Z 
2020-03-25T17:45:24.3699497Z Goroutine 75 (running) created at:
2020-03-25T17:45:24.3700173Z   github.com/tailscale/wireguard-go/device.NewDevice()
2020-03-25T17:45:24.3700939Z       /home/runner/work/corp/corp/wireguard-go/device/device.go:405 +0x61d
2020-03-25T17:45:24.3701456Z   tailscale.com/wgengine/magicsock.TestTwoDevicePing()
2020-03-25T17:45:24.3701967Z       /home/runner/work/corp/corp/oss/wgengine/magicsock/magicsock_test.go:320 +0xf5a
2020-03-25T17:45:24.3702398Z   testing.tRunner()
2020-03-25T17:45:24.3702865Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:909 +0x199
2020-03-25T17:45:24.3703188Z 
2020-03-25T17:45:24.3703599Z Goroutine 57 (running) created at:
2020-03-25T17:45:24.3703997Z   testing.(*T).Run()
2020-03-25T17:45:24.3704827Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:960 +0x651
2020-03-25T17:45:24.3705326Z   testing.runTests.func1()
2020-03-25T17:45:24.3706515Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:1202 +0xa6
2020-03-25T17:45:24.3707062Z   testing.tRunner()
2020-03-25T17:45:24.3707618Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:909 +0x199
2020-03-25T17:45:24.3708029Z   testing.runTests()
2020-03-25T17:45:24.3708581Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:1200 +0x521
2020-03-25T17:45:24.3709065Z   testing.(*M).Run()
2020-03-25T17:45:24.3710332Z       /opt/hostedtoolcache/go/1.13.7/x64/src/testing/testing.go:1117 +0x2ff
2020-03-25T17:45:24.3710773Z   main.main()
2020-03-25T17:45:24.3711174Z       _testmain.go:54 +0x223
2020-03-25T17:45:24.3711593Z ==================

created time in 6 days

issue closedtailscale/tailscale

magicsock: data race

Actually in wireguard-go.

==================
WARNING: DATA RACE
Read at 0x00c000124c80 by goroutine 63:
  github.com/tailscale/wireguard-go/device.(*Peer).timersAnyAuthenticatedPacketTraversal()
      /Users/crawshaw/repo/corp/wireguard-go/device/timers.go:227 +0x4a
  github.com/tailscale/wireguard-go/device.(*Device).RoutineHandshake()
      /Users/crawshaw/repo/corp/wireguard-go/device/receive.go:449 +0xe79

Previous write at 0x00c000124c80 by goroutine 464:
  github.com/tailscale/wireguard-go/device.(*Device).Reconfig()
      /Users/crawshaw/repo/corp/wireguard-go/device/config.go:124 +0xbc4
  tailscale.com/wgengine/magicsock.TestTwoDevicePing()
      /Users/crawshaw/repo/corp/oss/wgengine/magicsock/magicsock_test.go:369 +0x1441
  testing.tRunner()
      /Users/crawshaw/repo/goroot/src/testing/testing.go:992 +0x1eb

Goroutine 63 (running) created at:
  github.com/tailscale/wireguard-go/device.NewDevice()
      /Users/crawshaw/repo/corp/wireguard-go/device/device.go:409 +0x5d7
  tailscale.com/wgengine/magicsock.TestTwoDevicePing()
      /Users/crawshaw/repo/corp/oss/wgengine/magicsock/magicsock_test.go:360 +0x13fe
  testing.tRunner()
      /Users/crawshaw/repo/goroot/src/testing/testing.go:992 +0x1eb

Goroutine 464 (running) created at:
  testing.(*T).Run()
      /Users/crawshaw/repo/goroot/src/testing/testing.go:1043 +0x660
  testing.runTests.func1()
      /Users/crawshaw/repo/goroot/src/testing/testing.go:1285 +0xa6
  testing.tRunner()
      /Users/crawshaw/repo/goroot/src/testing/testing.go:992 +0x1eb
  testing.runTests()
      /Users/crawshaw/repo/goroot/src/testing/testing.go:1283 +0x527
  testing.(*M).Run()
      /Users/crawshaw/repo/goroot/src/testing/testing.go:1200 +0x2ff
  main.main()
      _testmain.go:50 +0x223
==================

closed time in 6 days

crawshaw

issue commenttailscale/tailscale

magicsock: data race

Fixed this a while back.

crawshaw

comment created time in 6 days

issue commenttailscale/tailscale

Raspberrypi 4: tailscaled.sock: connect: no such file or directory

Relay connections are always set up as a last resort when NAT traversal fails. In this case you're very likely using them for some connections, because netcheck reports MappingVariesByDestIP: true, which means your NAT is hostile to p2p traversal. It's also fine for machines to be homed at different relays, but it does mean you could be falling victim to a bug we recently fixed. What version of the package are you running? I'm looking for 0.97-45 or newer for some DERP fixes.

Pushing tailscaled logs to log.tailscale.io is always on right now, DNS/firewall blocking's your best bet. It'll also make it impossible for us to debug your connectivity issues, since tailscaled logs are the primary tool we use for that. Happy to delete the logs already collected if you drop us a line at support@tailscale.com with the account you used to auth to tailscale.

war59312

comment created time in 7 days

push eventtailscale/tailscale

David Anderson

commit sha 73fccd8b06d0c1540324c68b650f617a3e2c603b

control/controlclient: remove old compat PacketFilter initialization. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 7 days

issue commenttailscale/tailscale

magicsock: don't report derp home to control until derp connected

I don't know that the race condition matters much. What's the adverse side-effect that's addressed by fixing it?

delaying lgtm in principle, but it's going to be threading more synchronization into LocalBackend, which is already quite hairy and in need of less complex state management. That's why I'm asking about what we expect to benefit.

Re: polling derp state from derp nodes: standard worry about coupling our servers to each other. No specific complaint, just that the second we have them talking to each other, we introduce the potential for coordinated or cascading failures. But we need derp to talk to control anyway, so we're just talking about degrees.

Can we make control the upstream? derp dials into control and pushes updates, rather than control dialing out? Gets around the discovery problem (how many derps where - control is the well-known point of our universe)

How do we support self-hosted derp for enterprise, or derp bundled into tailscaled? Have to be careful to not box ourselves out of that with the protocol to control. All the trickiness is going to be in the auth handshake, and knowing what keys derp is allowed to claim it's hosting (maybe end-host provides a proof using control's pubkey, which derper relays as evidence?).

bradfitz

comment created time in 7 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

I just dived into the Go compiler to try and figure out what goes into build ID, and failed. There's um, a lot of code that goes into computing build ID, and it's intertwined with the build caching logic. I'm going to need an adult in the Go world to help me further (fortunately I might have access to one...).

danderson

comment created time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

Oh actually, does buildGoModule use a deterministic rootdir path when building? The build path is hashed into the build ID, so if the derivation hash changes (which it did, because buildGoModule's derivation hash changed, because of the env var change), then it would hash in a different build path into the build ID.

That would explain the "build ID only" diff: produced exactly the same code, but built from a different path?

@worldofpeace I'm too new to Nix to be sure of my reasoning here. Does this seem plausible, or would you expect buildGoModule to eradicate that harmless non-determinism? (harmless because it only happens if the derivation hash changes, but the produced binaries are identical)

danderson

comment created time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

I'm looking through the code of Go 1.12 that generates the build ID. It cares about a lot of factors, but afaict the environment variables is not one of them...

Clearly one of the inputs to the Go build ID is changing, but I can't figure out which one. I've sent a distress call on twitter (https://twitter.com/dave_universetf/status/1242222407810572288) because I have no idea where to go from here to identify the cause. Will keep looking.

On the bright side though: this change is a no-op in practice, there is no change in the generated machine code. I still want to get a definitive answer on why the build ID changed though.

danderson

comment created time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

Readelf says all the changed bytes are in the .note.go.buildid ELF section, which is Go's own deterministic build ID that hashes its inputs. I suspect it's taking in the env as a hash input, which would explain why it changed and nothing else - but digging further.

Either way, the actual code+data of the binary is unchanged.

danderson

comment created time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

Minor diff in the antibody binary:

--- /home/dave/antibody.before	2020-03-23 15:06:44.702861189 -0700
+++ /home/dave/antibody.after	2020-03-23 15:06:37.322806354 -0700
@@ -40,12 +40,12 @@
 00000270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
 00000f40  00 00 00 00 00 00 00 00  00 00 00 00 04 00 00 00  |................|
-00000f50  53 00 00 00 04 00 00 00  47 6f 00 00 70 32 4c 53  |S.......Go..p2LS|
-00000f60  4c 38 46 56 75 56 6e 4c  6a 6d 73 6d 63 6c 77 6b  |L8FVuVnLjmsmclwk|
+00000f50  53 00 00 00 04 00 00 00  47 6f 00 00 36 69 4e 33  |S.......Go..6iN3|
+00000f60  79 4a 43 35 38 33 5a 34  7a 51 32 77 71 77 37 76  |yJC583Z4zQ2wqw7v|
 00000f70  2f 6e 31 79 63 72 73 4b  66 32 5f 68 34 63 6a 5f  |/n1ycrsKf2_h4cj_|
 00000f80  56 6a 30 6d 74 2f 75 63  4f 53 42 37 77 66 71 76  |Vj0mt/ucOSB7wfqv|
-00000f90  38 57 42 67 6e 70 43 55  53 4f 2f 38 75 61 6b 5a  |8WBgnpCUSO/8uakZ|
-00000fa0  6c 4d 75 65 57 54 50 6d  4b 47 4e 62 2d 74 48 00  |lMueWTPmKGNb-tH.|
+00000f90  38 57 42 67 6e 70 43 55  53 4f 2f 78 50 70 57 52  |8WBgnpCUSO/xPpWR|
+00000fa0  7a 35 51 6b 34 37 6a 64  36 44 77 45 5f 61 53 00  |z5Qk47jd6DwE_aS.|
 00000fb0  2f 6e 69 78 2f 73 74 6f  72 65 2f 77 78 31 76 6b  |/nix/store/wx1vk|
 00000fc0  37 35 62 70 64 72 36 35  67 36 78 77 78 62 6a 34  |75bpdr65g6xwxbj4|
 00000fd0  72 77 30 70 6b 30 34 76  35 6a 33 2d 67 6c 69 62  |rw0pk04v5j3-glib|

Looks pretty minor, but can't identify the diff more precisely without further disasm.

danderson

comment created time in 8 days

push eventdanderson/nixpkgs

Mathieu A.-Tetreault

commit sha 35c9bf5ae065f7a2c15051d385c89a8a81092f64

breeze-plymouth: allow usage of custom logo (cherry picked from commit 001b42db7f18f62cf8853586c1114d66b3889708)

view details

Jan Tojnar

commit sha 5ab322490fdb919e15470cb1af476427d4cfb456

Merge pull request #73250 from wamserma/guake-add-setuptools guake: add missing dependency on setuptools

view details

worldofpeace

commit sha e569ef70f70c9497460d311c06ba12f447ee4073

zoom-us: use latest qt Fixes #74273

view details

Ben Hipple

commit sha 0b28c5594f6c4bde5e926318f5da310406be85e7

irony-server: Fix build with 1.4.0 cmake files The irony-server binary package tracks the irony-server elisp package, which was upgraded to 1.4.0. This is now failing on Hydra because upstream has refactored the CMake build, and now require CMake files from LLVM. (cherry picked from commit 33e0ffebc1770a11f9849564244531be6688dd1e) 19.09 has the same problem

view details

Ivan Kozik

commit sha 3e9a78241d31ce5f1c1cff9c4ed2895ff47dfb5e

chromium: 78.0.3904.108 -> 79.0.3945.79 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 The new widevine patch was taken from https://git.archlinux.org/svntogit/packages.git/plain/trunk/chromium-widevine.patch?h=packages/chromium (cherry picked from commit 14b40e291d21c6ac0405ca38a1421811f5834fa1)

view details

Ivan Kozik

commit sha b457cc6c8367e9bae860cb657fa5c656b7a6b2a5

chromium: fix GL support by not using the ANGLE GL implementation (cherry picked from commit 46d252f1f17f323a5daaf291e03a156e50da6fd3)

view details

Ivan Kozik

commit sha 95eca1725fdb7dadb42917c2211a70acd703ebd2

chromium: explain enable_widevine = true (cherry picked from commit 3d71db8abbc06898608e5a0e52844908f3ac19d0)

view details

Ivan Kozik

commit sha b648527497e622d0d2d6344477e5846309581f93

chromium: fix enableWideVine for v79 which needs the manifest.json in WidevineCdm/ (cherry picked from commit af006f9ff3bcdb7d3a06b9dee2d40ed3b9b3c4c8)

view details

Jonathan Ringer

commit sha ad1e1af5ad3f4d11a5921c9fd9abe47500911ede

pythonPackages.pyjwt: fix tests Rationale for this backport: not entirely sure why this starts to fail now, but this change fixes the build on 19.09: https://hydra.nixos.org/build/109120376 (cherry picked from commit 5cc8fdb5d7c983ec9f6dae7fe9fcb7e0fc986768)

view details

Maximilian Bosch

commit sha 0b5c6267bbc9d9377b9bf7d7596962702d17cf5e

matrix-synapse: 1.7.2 -> 1.7.3 https://github.com/matrix-org/synapse/releases/tag/v1.7.3 (cherry picked from commit a5689a2ff1bf6449d709c6fbf6ed0c5b3bfea8b3)

view details

Robert Scott

commit sha c3f2b7799a65c13a3de074ed071aa68b431f6081

cyrus_sasl: add patch for CVE-2019-19906 sourced from debian as patch isn't even in upstream master yet. (cherry picked from commit 302a77a02cc75709bafa39953bfa84e03aa52e26)

view details

aszlig

commit sha f7bc9886f9d52822bf257740cb2f061ae6adaec2

nginx: Clear Last-Modified if ETag is from store This is what I've suspected a while ago[1]: > Heads-up everyone: After testing this in a few production instances, > it seems that some browsers still get cache hits for new store paths > (and changed contents) for some reason. I highly suspect that it might > be due to the last-modified header (as mentioned in [2]). > > Going to test this with last-modified disabled for a little while and > if this is the case I think we should improve that patch by disabling > last-modified if serving from a store path. Much earlier[2] when I reviewed the patch, I wrote this: > Other than that, it looks good to me. > > However, I'm not sure what we should do with Last-Modified header. > From RFC 2616, section 13.3.4: > > - If both an entity tag and a Last-Modified value have been > provided by the origin server, SHOULD use both validators in > cache-conditional requests. This allows both HTTP/1.0 and > HTTP/1.1 caches to respond appropriately. > > I'm a bit nervous about the SHOULD here, as user agents in the wild > could possibly just use Last-Modified and use the cached content > instead. Unfortunately, I didn't pursue this any further back then because @pbogdan noted[3] the following: > Hmm, could they (assuming they are conforming): > > * If an entity tag has been provided by the origin server, MUST > use that entity tag in any cache-conditional request (using If- > Match or If-None-Match). Since running with this patch in some deployments, I found that both Firefox and Chrome/Chromium do NOT re-validate against the ETag if the Last-Modified header is still the same. So I wrote a small NixOS VM test with Geckodriver to have a test case which is closer to the real world and I indeed was able to reproduce this. Whether this is actually a bug in Chrome or Firefox is an entirely different issue and even IF it is the fault of the browsers and it is fixed at some point, we'd still need to handle this for older browser versions. Apart from clearing the header, I also recreated the patch by using a plain "git diff" with a small description on top. This should make it easier for future authors to work on that patch. [1]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-495072764 [2]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451644084 [3]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451646135 Signed-off-by: aszlig <aszlig@nix.build> (cherry picked from commit ccf55bead1f3bc2a6419a9fdcec55933ffe046de) Reason: The issue breaks setups that serve static content via Nix store paths. I've also backported the NixOS VM test from Python to Perl.

view details

Matthew Bauer

commit sha e9156086187b09970e5cdb5178450c73ae59ecd6

haskell/with-packages-wrapper.nix: install "doc" outputs We were previously just installing the "out" output which broke when we recently changed to generating multiple outputs. Fixes #76837

view details

Maximilian Bosch

commit sha 4e3a453ad45e91d75d6a6f7c1b31735d1b715bcc

wireguard-tools: 1.0.20191226 -> 1.0.20200102 (cherry picked from commit fad24a7f9cb1c6efeea3eca37579717c59d568c7)

view details

zowoq

commit sha 7572786449ca180da849284263a75702ba287e05

docker: 19.03.4 -> 19.03.5 (cherry picked from commit 31d2d5a382262f40c728216047b46ee68e8cd85c)

view details

talyz

commit sha dbc79093be0af015352f4832379f599ac0ad93d0

gitlab-shell: 10.2.0 -> 10.3.0 (cherry picked from commit 6972aec884561f340dc63785406a11b399b58d42)

view details

talyz

commit sha 9fc0570071a2122175af3f70ec5d1b043d863ef2

gitlab-workhorse: 8.14.1 -> 8.18.0 (cherry picked from commit 2f614714ed1b70e48af2307cf598b49ac63632c6)

view details

talyz

commit sha 18469aca5a6a67d569a7663cc673b4db7939fe00

gitaly: 1.72.1 -> a4b6c71d4b7c1588587345e2dfe0c6bd7cc63a83 For some reason this untagged commit is the one referred to in the main repository; this might be a mistake, but we'll have to package it for now to follow upstream. (cherry picked from commit 445bc1494c31ff5803eb5cf58bcf7c620d985653)

view details

talyz

commit sha 7ce433cf0625b809a517e9c5f6ec9915b5d37e35

gitlab: update.py: Get go deps for gitlab-shell from the root dir GitLab Shell now has the go.mod and go.sum files in the root of the repo; the go subdirectory has been removed and all the code in it has been moved up to the root. (cherry picked from commit a3c72e66a674b74e3ac0294f294d4ca1579f27fa)

view details

talyz

commit sha c93501dc78677e97aa33c93d39b63777d5f0e095

gitlab: 12.5.5 -> 12.6.0 (cherry picked from commit ff28cfa6d327d7b1dca4f330b068fa036836a73d)

view details

push time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

Updated to use mostly cherrypicks from master. The one change that's not a cherrypick is specific to 19.09: 609a3da59e6491ea923e7a8aa25d946483d248ae makes the derivation use Go 1.13 explicitly, as it's required by tailscale and not the default on 19.09.

The cherry-pick of 0e1cf19043e1de969d3f01db70173dbe982b27d6 still causes a rebuild of all Go code. The rebuild is a no-op because Go 1.12 doesn't know about the sumdb environment variable that got added, but that change alters hashes and so, yay rebuild.

danderson

comment created time in 8 days

push eventdanderson/nixpkgs

David Anderson

commit sha 75569aa6e4b43f26caaf09aca4340471c4273b15

tailscale: switch version and git ref to use a tag. The tag points to the same commit hash, so the binary is unchanged. Signed-off-by: David Anderson <dave@natulte.net> (cherry picked from commit 3fa813e820a90b475e7144512070d7e55d93732e)

view details

David Anderson

commit sha 609a3da59e6491ea923e7a8aa25d946483d248ae

tailscale: build using Go 1.13 explicitly. Tailscale does not support Go 1.12. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [20.03 backport]

Updated to only contain cherry-picks from master.

danderson

comment created time in 8 days

push eventdanderson/nixpkgs

John Ericson

commit sha 2607aae93fc9db7b05541d8338a7e6bb9871d057

fetchsvn: Fix for cross Just use `nativeBuildInputs` at build time.

view details

Eelco Dolstra

commit sha 4f721661b2449607f8e5f416891857a4177fbc0a

lcov: Support gcc 9 https://github.com/linux-test-project/lcov/issues/58 https://github.com/Homebrew/homebrew-core/pull/50070 (cherry picked from commit 74c82056c966b9e3cf39d427cd6ea99a887277ec)

view details

Josef Kemetmüller

commit sha bc0586b7be887a329c950d3440e8050dca5681b1

lcov: Fix patch checksums The previously committed checksums seem to have been mistakenly taken directly from fetchurl without fetchpatch normalization. (cherry picked from commit adfb8a039b583a0a3dee94024cef7085032ee4ef)

view details

Matthew Bauer

commit sha acb24b4cc4432687e063ae2b5a08f449934e5fbf

lib/systems: Assume newlib when no kernel and no libc is provided newlib is the default for most tools when no kernel is provided. Other exist, but this seems like a safe default. (cherry picked from commit 8009c2071179ee3490f244b91a49202728efe403)

view details

John Ericson

commit sha 00afca09295db93bf8bffe3f6f2d92a74eb97b38

lib: Add armv6l-none to doubles list

view details

John Ericson

commit sha 783fa4616e044ca33e4841514a180ad1325b48d4

rustc: Add way to override the arch and config triple for rust Sometimes it is useful for it to be slightly different. Going forward we should, however, try to make this fallback rarely needed.

view details

Timo Kaufmann

commit sha 04f75b17392e7fae282e3e9296a821dc8b4bb272

symmetrica: 2.0 -> 3.0.1 This switches to the sagemath fork, since the original upstream is no longer maintained and sagemath has effectively maintained symmetrica through patches for a while now. The update fixes one bug in particular that has caused failures in the sagemath test suite: https://github.com/NixOS/nixpkgs/issues/81449 https://trac.sagemath.org/ticket/15312 https://trac.sagemath.org/ticket/29061 Regarding the licensing change: https://gitlab.com/sagemath/symmetrica/-/commit/7cf91b380078a4def28dd6bab2b4607e2346c650 (cherry picked from commit 0c875c28c693c52e9da33ab89b0a1554148ef517)

view details

Daniel Wheeler

commit sha 9d99c49138fb27deb0cabdd97cc0e39604614a81

python37Packages.starlette: 0.13.0 -> 0.12.9 - Reverting the version of Starlette as FastAPI can not use anything greater than 0.12.12. FastAPI is Starlette's only dependent. - Use fetchurl instead of fetchPypi as this is now the preferred method. This also makes the tests pass and, thus, the build, which was failing.

view details

Daniel Wheeler

commit sha 55fee4d66fe3f6ba4f35a73595c6724d2ef9f40f

python37Packages.fastapi: 0.45.0 -> 0.49.0 - Add peewee to test environment as now required. - Remove pyproject.toml patching as no longer required.

view details

Eelco Dolstra

commit sha 16dd1df08174e007d664c808712a639db5eff49e

Merge pull request #82333 from edolstra/fix-lcov Backport lcov fixes to 20.03

view details

Aaron Andersen

commit sha 96e221d6dbc645befb3185cfbf89711b846bc30c

rsyslog: remove libksi from default build because it is broken (cherry picked from commit bdd33bc3aa114a0218af7c68a7cb4571582ad996)

view details

John Ericson

commit sha 99c18b34410fe7bbbe3f6417258b06a3d5e3171d

clang-*: Sync wrapping logic We only want to refer to GCC under these conditions.

view details

John Ericson

commit sha bc054004ac04b2500247c2efe504e6b3da444e61

cc-wrapper, clang: `libstdcxxHook` should a propagated build input Lumping it in with the target platform libraries was incorrect, and caused eval failures when gcc couldn't be built for the target platform.

view details

John Ericson

commit sha 0c73297c075cf4fd87922f621fc2358c65b659f3

compiler-rt-{7,8,9}: Fix cmakeFlags in a few ways - Cross to bare metal with GCC works - Flags are deduplicated - Darwin bootstrapping for 8 and 0 closer. - Flags are same across versions.

view details

John Ericson

commit sha 7562a06e8590cb9257b9caaa577ca7ade1872f36

Merge pull request #82248 from Ericson2314/fetchsvn-cross fetchsvn: Fix for cross

view details

Christoph Bauer

commit sha 6bbdce2b15665af6310069cc4f1e667e426c4356

pwsafe -> 1.9.0 fixes the broken build there is a problem with wxGTK 3.1.2 maybe related to https://github.com/pwsafe/pwsafe/blob/master/src/ui/wxWidgets/TreeCtrl.cpp line 107 So I use wxGTK30 file is a new depedency (cherry picked from commit 0b2047d71299577e3edef4ca4b7f3b6b3d0c4a19)

view details

John Ericson

commit sha 7c0d3f6f70c7a55e8c988e9d6882820b9d26171d

lib: Fix systems test for new `armv6l-none`

view details

Jeff Labonte

commit sha 71d2a85a70a4b51ad118b54f978d816634084ca7

protonvpn-cli-ng: 2.2.0 -> 2.2.2 Simply keep up to date the cli since it is used to connect to a VPN. (cherry picked from commit eb96574e9df3aba387c4abe902b154398271becf) Reason: A tool to communicate with a VPN provider should be kept up-to-date

view details

Jeff Labonte

commit sha 294fd3c0f517b44cd79dbacec7df5118b46da303

brave: 1.4.96 -> 1.5.112 Keep brave updated to the latest release (cherry picked from commit 418e3e41cf22753911c5f474d8bd89252ec76ce0) Reasons: Keep the browser up-to-date as much as possible.

view details

R. RyanTM

commit sha a02a11f7393293cc43f11289bd8b7f5809a747f9

blender: 2.82 -> 2.82a (#82450) (cherry picked from commit 4d8cac34f79ed890b586a91a0c049cf0cfa307a6)

view details

push time in 8 days

PR opened NixOS/nixpkgs

tailscale: switch version and git ref to use a tag.
Motivation for this change

As requested, cc @Profpatsch @worldofpeace .

The tag points to the same commit hash as in the previous config, so the output binaries are unchanged.

Signed-off-by: David Anderson dave@natulte.net

Things done
  • [x] Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • [ ] NixOS
    • [ ] macOS
    • [x] other Linux distributions
  • [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • [ ] Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • [x] Tested execution of all binary files (usually in ./result/bin/)
  • [ ] Determined the impact on package closure size (by running nix path-info -S before and after)
  • [ ] Ensured that relevant documentation is up to date
  • [x] Fits CONTRIBUTING.md.
+2 -2

0 comment

1 changed file

pr created time in 8 days

push eventdanderson/nixpkgs

rnhmjoj

commit sha 03f246620d2e6cf5fa47b44b43c35bcc7aaaebde

powerline-fonts: install psf to share/consolefonts This will make easier to set the font of the virtual console in NixOS. Instead of specifing the full filepath of the psf on can simply do: console.font = "ter-powerline-v20b"; console.packages = [ pkgs.powerline-fonts ];

view details

worldofpeace

commit sha b9db3f8ca0f880cf0623cb34822c9d4949ff2bf2

nixos/mate: use upstream session

view details

worldofpeace

commit sha 67034d584f120a0fe2a32c2b7c874862f6fd1591

mate.mate-session-manager: debugging from environment variable

view details

worldofpeace

commit sha af73425b825c18fa923ca6abf7fd6293ac8a306e

nixos/mate: debugging via environment variable

view details

Echo Nolan

commit sha 4e9b94836fb3b548685bab95d4c07caa03fc0748

libeatmydata: fix launcher script - find shell library properly The new version of the launcher script in version 105 doesn't have the #8665 bug, but it does try to find the shell library using Debian tools, which obviously doesn't work on Nix. Removed the now-unneccessary makeWrapper and patched out the Debian bits.

view details

R. RyanTM

commit sha 757ea3948552317e70fc59f26ecb534ae4d1a791

remmina: 1.3.10 -> 1.4.1

view details

Pascal Bach

commit sha 34d3bdf0377b54ba953484ac8fa66dc5701c0098

perlPackages.ParserYapp: init ad 1.21

view details

Pascal Bach

commit sha ae29c52db5a883136a2d5ff63c5861ce637d8aa8

samba: 4.11.5 -> 4.12.0 - add support for liburing on linux - remove backported patch - move native build dependencies to nativeBuildInputs

view details

Benjamin Saunders

commit sha b5533631cebeee8173ba113acbe641866ca1adab

vulkan-loader: use vulkan-headers include path in pkgconfig file

view details

R. RyanTM

commit sha 78e6e054570646801c787598590ea882399e0ed8

magnetico: 0.9.0 -> 0.11.0

view details

Izorkin

commit sha c75398b10a23fe19408026b455b20a1961af3917

nixos/fail2ban: disable work fail2ban without firewall

view details

R. RyanTM

commit sha 0cc1efe21950d2d592e1175593bcb08dd08eaf69

python27Packages.zc_buildout_nix: 2.13.2 -> 2.13.3

view details

Darius Jahandarie

commit sha 5fa345922f1d5534be1c9ba9162c0bab3354e157

nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582

view details

José Romildo Malaquias

commit sha 5071f0b93a7fc7b3c98a77f4912dfbea4a5629dc

volctl: 0.6.2 -> 0.6.3

view details

Eric Dallo

commit sha 3064aa7525a7a343dedd31357d30208b2d60f9a2

gnomeExtensions.draw-on-your-screen: init at 6

view details

Aaron Andersen

commit sha 3474b55614775de1ddfa99368ef1c75ec8d7797f

nixos/mysql: fix service so it works with mysql80 package

view details

Michael Lingelbach

commit sha 41b012907d7ec302ef953dfcaaef337ae6f93f79

nvidia-optical-flow-sdk: init at 79c6cee80a2df9a196f20afd6b598a9810964c32

view details

Michael Lingelbach

commit sha dc1a15e7bd74e8065369839e774f38bac43e4d4a

opencv4: Enable nvidia-optical-flow-sdk when building with cuda

view details

Mario Rodas

commit sha 7db50540230a09982938ee86de5f3a9cd6f09e41

age: fix build on darwin

view details

Mario Rodas

commit sha 7449323baf9d2fb97f4248c27a4975d3a494122d

aerc: fix build on darwin

view details

push time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [20.03 backport]

Ack. I'll send a PR to master, then adjust this PR to be purely cherry-picks from master.

danderson

comment created time in 8 days

Pull request review commentNixOS/nixpkgs

tailscale: init at 0.97-0 [20.03 backport]

+{ lib, buildGoModule, fetchFromGitHub, makeWrapper, iptables, iproute }:++buildGoModule rec {+  pname = "tailscale";+  version = "v0.97";++  src = fetchFromGitHub {+    owner = "tailscale";+    repo = "tailscale";+    rev = "v0.97";

Woops, adding your suggested change resolved this.

To your other question: the version adjust isn't in master yet. I'll queue up a PR to do that as well. The version+rev change is a no-op on the built binaries though, since the v0.97 tag references the commit hash we used in the initial commit to unstable.

danderson

comment created time in 8 days

push eventdanderson/nixpkgs

Dave Anderson

commit sha 9ca711938329293e6848b5340e5aaee93d8a1737

tailscale: adjust version to conform to nixpkgs conventions. Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>

view details

push time in 8 days

pull request commentNixOS/nixpkgs

tailscale: init at 0.97-0 [backport 19.09]

Done.

danderson

comment created time in 9 days

push eventdanderson/nixpkgs

David Anderson

commit sha 348e373d2ca3894254b0ff44327f50f24d5a1412

tailscale: use github git tag as version+ref. This will cause problems for future releases due to upstream's versioning scheme, but since Nix doesn't care about the version number here, it's fine to alter the scheme later. Signed-off-by: David Anderson <dave@natulte.net> (cherry picked from commit 89b01b679e9c435a94f584d5f06bdfe8ab7112ea)

view details

push time in 9 days

pull request commenttailscale/tailscale

derp: send new "peer gone" frames when previous sender disconnects

SGTM. This may be a good opportunity for a server-side feature flag as well? (so we can turn on/off from tailcontrol, do mass experiments more easily) No strong feeling though, happy to get this shipped ASAP so we can see what happens.

bradfitz

comment created time in 9 days

Pull request review commentNixOS/nixpkgs

tailscale: init at 0.97-0 [20.03 backport]

+{ lib, buildGoModule, fetchFromGitHub, makeWrapper, iptables, iproute }:++buildGoModule rec {+  pname = "tailscale";+  version = "0.97-0";

(as I tried to explain on IRC, the versioning logic of the tailscale repo is currently a bit broken, and the version names are based on the state of the non-OSS repo. So even though the code itself is all open, the releases end up pointing to an opaque commit hash right now.

I'm working on fixing that so that OSS build versions are entirely based on the OSS tree, but it's not done yet. So, just a heads up that the versioning for this package will change in the future, once all this is fixed upstream)

danderson

comment created time in 9 days

Pull request review commentNixOS/nixpkgs

tailscale: init at 0.97-0 [20.03 backport]

+{ lib, buildGoModule, fetchFromGitHub, makeWrapper, iptables, iproute }:++buildGoModule rec {+  pname = "tailscale";+  version = "0.97-0";

Done. However, just flagging that this will be a problem for future releases. Upstream, I'm about to mark 0.97-40 as stable, which will be the version number burned into the binaries. v0.97 doesn't appear anywhere in the software itself.

Fortunately, Nix itself doesn't care about the version number, so I'm happy with whatever is acceptable to nixpkgs for now, until we get to a release that's unrepresentable.

danderson

comment created time in 9 days

push eventdanderson/nixpkgs

David Anderson

commit sha 89b01b679e9c435a94f584d5f06bdfe8ab7112ea

tailscale: use github git tag as version+ref. This will cause problems for future releases due to upstream's versioning scheme, but since Nix doesn't care about the version number here, it's fine to alter the scheme later. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 9 days

pull request commenttailscale/tailscale

derp: send new "peer gone" frames when previous sender disconnects

General thought that I accidentally didn't add in reviewable: this is going to make DERP harder to debug with our current tooling. If packets are getting lost, I now don't obviously know which derp server they're supposed to transit, nor do I know the state of that derp server's routes (e.g. do we have stale routes, buggily, causing us to drop packets?).

This makes me nervous about this, vs. the fairly minor benefit I expect it to confer. What am I missing?

bradfitz

comment created time in 9 days

pull request commentNixOS/nixpkgs

redo-apenwarr: switch to python3 and fix building man

We raced each other! I was about to send the same PR :).

Just for the record: upstream released 0.42a specifically for python3 support, so the upgrade here is not to HEAD per se, but to the next official upstream release.

Thanks for fixing!

ck3d

comment created time in 9 days

push eventdanderson/nixpkgs

David Anderson

commit sha 3f50be73acfd38ffd553a5deb196d6c2ca6b6a0d

WIP: upgrade redo-apenwarr to 0.42a, supports python3. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 10 days

push eventdanderson/nixpkgs

Ben Wolsieffer

commit sha 34b4babed2898068e0bc173d27931d5e20358a61

adoptopenjdk-bin: add OpenJDK 13

view details

Ben Wolsieffer

commit sha d9d5b737ee41832a859014a74f632dd430a6f5b6

adoptopenjdk-bin: fix JDK 8 build on ARM

view details

Matt McHenry

commit sha d00559ebb84af84b48a207a5a0a0762ce9d577eb

openjdk: 12.0.2 -> 13.0.1

view details

David Wood

commit sha 4a0819805a6e389bb5e37a72d8d41345b1ad4a1a

wooting-udev-rules: init at 20190601 Signed-off-by: David Wood <david.wood@codeplay.com>

view details

David Wood

commit sha 47d402e4f70bc96daed0f8cc4bd9d94bea4cedce

wootility: init at 3.3.3 Signed-off-by: David Wood <david.wood@codeplay.com>

view details

David Wood

commit sha 33f4d93e0308631255eb04629c28dab0acda50d3

nixos/wooting: add `hardware.wooting` module Signed-off-by: David Wood <david.wood@codeplay.com>

view details

Joe Hermaszewski

commit sha 25b70da19d136961742255dc4285900e885d2a52

restic: fix cross compilation Remove the custom build phase

view details

Christian Kampka

commit sha fcdf22329aec76561413fa8122dac48e12e47af8

kops_1_16: init at 1.16.0

view details

Florian Klink

commit sha fa58182b17f1bb5245a03d90074e33518f000dca

edid-generator: init at unstable-2018-03-15

view details

Gasper Vozel

commit sha 171d374c178aefdc8b3b8c08b894d9a4acd58954

Add hashdeep 4.4 package A set of cross-platform tools to compute hashes. See: http://md5deep.sourceforge.net/start-hashdeep.html

view details

Kovacsics Robert

commit sha d68dfbb545e862c8445bb52c641b3bc51a8726b6

noweb: fix installation, use placeholders The problem was that nix passes lists as space-separated strings not as arrays of strings, so `"${foo[@]}"` doesn't work as intended because it's not an array. Instead we pass it in a bash array. Also, using builtins.placeholder instead of passing "$(out)" to bash, as that's not what we want to do (the `$(...)` is the process expansion in bash)

view details

Christoph Bauer

commit sha 0b2047d71299577e3edef4ca4b7f3b6b3d0c4a19

pwsafe -> 1.9.0 fixes the broken build there is a problem with wxGTK 3.1.2 maybe related to https://github.com/pwsafe/pwsafe/blob/master/src/ui/wxWidgets/TreeCtrl.cpp line 107 So I use wxGTK30 file is a new depedency

view details

Atkins

commit sha 3d266ccdb753354f7b2842a05060a0221ce468d4

maintainers: add atkinschang

view details

Atkins

commit sha 37aab73f56a6c9739469849b08485370a05b47c1

minikube: 1.2.0 -> 1.3.1

view details

Atkins

commit sha 036c2fed12aab1583d79c338b81872a0ca7e543c

docker-machine-hyperkit: separate from minikube

view details

Atkins

commit sha 8d5e32ec44af3d5c8eb2112b91e1a736ec15d7d6

minikube: 1.3.1 -> 1.5.2

view details

Atkins

commit sha d6fe4e1ec12f7a0da323c8fd558d344ddcfad8ee

minikube: 1.5.2 -> 1.6.2

view details

Atkins

commit sha d8b2f2b1edfb066d3ddc0eece200e20e27aec734

minikube: 1.6.2 -> 1.8.1

view details

Matt McHenry

commit sha 1b8719437b4b1269d05e1a8b1628f885fa2a9d62

Merge remote-tracking branch 'channels/nixos-unstable' into jdk-13 Conflicts: pkgs/development/compilers/adoptopenjdk-bin/sources.json -- keep newer adoptopenjdk versions from HEAD^2

view details

Matt McHenry

commit sha 36ae82fd3a7a5edba2b5d5acd51966d13bc23ba0

openjdk: 13.0.1 -> 13.0.2

view details

push time in 10 days

issue commenttailscale/tailscale

tailscaled: get working on macOS

We can't. Tailscale uses macOS features that are only accessible to signed mac store apps. There is significant work to do before Tailscale can work outside of the mac store. Sorry.

bradfitz

comment created time in 10 days

issue commentmetallb/metallb

Make dev environment work

inv dev-env requires an environment that can run Docker, which is rare in CIs. I think currently on CircleCI we run in containers, so docker-in-docker doesn't work. I think CircleCI supports VMs for free, but it'll make all CI much slower.

Sounds like a good idea to test this, I'm just not sure how to do it well.

johananl

comment created time in 10 days

pull request commentNixOS/nixpkgs

nixos/graphite: fix + cleanups

LGTM! Very excited to close that longstanding CVE bug :)

lsix

comment created time in 10 days

issue openedtailscale/tailscale

Probe for DERP latency over HTTPS if UDP is blocked

In a UDP-blocked network, DERP latency checking fails. This is expected, and we have a fallback: use a random DERP server. This guarantees connectivity, but potentially at the cost of higher latency if we pick the wrong one (75% probability currently).

If we get zero response from UDP during netcheck, we should switch to a fallback where we check DERP latency using HTTPS queries to derpX.tailscale.com. This check will take longer (many RTTs), but it should give us good data for UDP-blocked networks.

created time in 10 days

issue openedtailscale/tailscale

`tailscale netcheck` makes it sound like DERP won't work

On a UDP-blocked network, tailscale netcheck says this:

 * Nearest DERP: 0 ()
 * DERP latency:

This makes it look like we're saying "DERP doesn't work". In reality what we're saying is "DERP latency checking failed, magicsock will use a random DERP server".

We should be a little more explicit about the meaning of these fields when latency checking fails.

created time in 10 days

pull request commentmetallb/metallb

Update Hetzner support in clouds.md

Thanks! We'll update the website a little later with some 0.9.2 tweaks.

dioptre

comment created time in 11 days

push eventmetallb/metallb

Andrew Grosser

commit sha e82a77d43f5187b50057b75f5056e0a96190b7b1

Update clouds.md

view details

push time in 11 days

PR merged metallb/metallb

Update Hetzner support in clouds.md

Thanks for sending a pull request! A few things before we get started:

  1. If this is your first time, please read the contributing guide
  2. For non-trivial pull requests, please file an issue first, and get agreement that the change is a good idea, and a general guideline for how it should be implemented, before sending code. Large PRs that weren't first discussed and agreed upon in an issue won't be accepted.
  3. If the PR fixes a particular bug, please include the words "Fixed #<issue number>" in the PR text, so that the bug auto-closes when the PR is merged.
+1 -1

0 comment

1 changed file

dioptre

pr closed time in 11 days

push eventtailscale/tailscale

David Anderson

commit sha ea907800666aa21ab49569529982c885313b0d5a

derp: specify type of the by-reason drop varz. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 11 days

delete branch tailscale/tailscale

delete branch : bradfitz/derpbase

delete time in 11 days

push eventtailscale/tailscale

Brad Fitzpatrick

commit sha fd824df1fa712bd91e7cba072da3a0bb5f5df4b1

derp: export metric for server's initial MemStats.Sys reading Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

view details

push time in 11 days

issue openedmetallb/metallb

Fix 0.9.2 release notes formatting

Hugo mangled the release notes Markdown a bit: first paragraph should be inside the bullet, not dedented. And a list bullet got glommed onto the end of the previous sentence.

cc @daxmc99 @rata @champtar

created time in 11 days

push eventtailscale/tailscale

David Anderson

commit sha dbfc916273396f14eb09def1153739e79ed947d9

derp: add short queues between reader and writer, drop on overload. This avoids the server blocking on misbehaving or heavily contended clients. We attempt to drop from the head of the queue to keep overall queueing time lower. Also: - fixes server->client keepalives, which weren't happening. - removes read rate-limiter, deferring instead to kernel-level global limiter/fair queuer. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha 1e031001dba3467e2f7cbb2f42842ff17ea0cefd

derp: move write timeout to package constant. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha 58b8ebd290a9113b4b99c975d7561dbab51c6819

derp: add per-reason packet drop counter. In parallel with the summed counter for now, for dashboard migration. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha 64b52489295c3b89356703bb6862745614b6f947

derp: sprinkle comments and docstrings. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 11 days

PR merged tailscale/tailscale

derp: add one send queue per client, queue packets from receivers.

Related changes:

  • Remove per-node rate limiter, rely entirely on kernel fair queuing+limiting for now.
  • Fix server->client keepalives. Code used to send 1 keepalive and then stop.
  • Packet drop counters broken down by drop reason.

Missing:

  • New test that overloads queues & verifies receivers don't block. Working on that after zzz, but code is good for review meanwhile.

<!-- Reviewable:start -->

This change is <img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/> <!-- Reviewable:end -->

+200 -129

0 comment

2 changed files

danderson

pr closed time in 11 days

created tagmetallb/metallb

tagv0.9.2

A network load-balancer implementation for Kubernetes using standard routing protocols

created time in 11 days

push eventmetallb/metallb

David Anderson

commit sha 70d9ff688ebfc5e6bb4a45f5a0d9eac2b3909da2

website: release notes for 0.9.2.

view details

push time in 11 days

push eventmetallb/metallb

David Anderson

commit sha 8b665d0aba75b86f49ff23b12ae07ee22c650d59

speaker: make linter happy. (cherry picked from commit 654f7872b99b9a429faae6af1dd3a3c4a051f9d4)

view details

David Anderson

commit sha d855487bc17b75a267ce9bbcdab336c18e7a0543

Automated update for release v0.9.2

view details

push time in 11 days

push eventmetallb/metallb

David Anderson

commit sha 2df8dc7ef6de7e1d8a5dd0417f43916e60b24d54

website: release notes for 0.9.1.

view details

push time in 11 days

created tagmetallb/metallb

tagv0.9.1

A network load-balancer implementation for Kubernetes using standard routing protocols

created time in 11 days

push eventmetallb/metallb

David Anderson

commit sha fc1203c2050e5a1c365438fcc25e0378d7edcb0e

Automated update for release v0.9.1

view details

push time in 11 days

push eventmetallb/metallb

David Anderson

commit sha 654f7872b99b9a429faae6af1dd3a3c4a051f9d4

speaker: make linter happy.

view details

push time in 11 days

delete branch metallb/metallb

delete branch : master

delete time in 11 days

create barnchmetallb/metallb

branch : master

created branch time in 11 days

create barnchmetallb/metallb

branch : v0.9

created branch time in 11 days

created tagmetallb/metallb

tagv0.9.0

A network load-balancer implementation for Kubernetes using standard routing protocols

created time in 11 days

push eventmetallb/metallb

David Anderson

commit sha 5b4a5f3fcaf9e5163940120f7e80c187b93e1a55

release-process: update contributor script to be less manual.

view details

push time in 11 days

PR closed metallb/metallb

Implement MP-BGP for IPv6 announcements

A basic implementation of MP-BGP for just IPv6 announcements. This allows IPv6 service addresses to be announced using BGP.

I've tried to keep the implementation as simple as possible and have only done MP-BGP for IPv6. I tried to avoid touching the IPv4 codepath.

Todo:

  • [ ] IPv6 withdraw
+102 -19

8 comments

3 changed files

Marlinc

pr closed time in 11 days

delete branch metallb/metallb

delete branch : master

delete time in 11 days

issue commenttailscale/tailscale

Raspberrypi 4: tailscaled.sock: connect: no such file or directory

That error means tailscaled is not starting correctly. What does journalctl -u tailscaled --since="1 hour ago" say?

My initial guess is your rpi is missing the tuntap kernel module, but the logs will say for sure.

war59312

comment created time in 11 days

push eventtailscale/tailscale

David Anderson

commit sha 0be475ba466fc5b6391656a3be1c9416db859753

Revert "tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them" Breaks something deep in wireguard or magicsock's brainstem, no packets at all can flow. All received packets fail decryption with "invalid mac1". This reverts commit 94024355edd563473345e28f9d441e46fd14c70f. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha e133bf646ffcd451f1c7d9ba9a69ded60ef55b19

derp: add short queues between reader and writer, drop on overload. This avoids the server blocking on misbehaving or heavily contended clients. We attempt to drop from the head of the queue to keep overall queueing time lower. Also: - fixes server->client keepalives, which weren't happening. - removes read rate-limiter, deferring instead to kernel-level global limiter/fair queuer. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha 4ef1195d74d99bf9c7eb32967fe619494990f0ad

derp: move write timeout to package constant. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha 24235c6aac2f5d1e5b745dea4780b7713626a672

derp: add per-reason packet drop counter. In parallel with the summed counter for now, for dashboard migration. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha ea1a41391d45e464097fc1fd85de7cb538022c27

derp: sprinkle comments and docstrings. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 11 days

Pull request review commentNixOS/nixpkgs

nixos/graphite: fix + cleanups

 import ./make-test-python.nix ({ pkgs, ... } :     one.wait_for_unit("default.target")     one.wait_for_unit("graphiteWeb.service")     one.wait_for_unit("graphiteApi.service")-    one.wait_for_unit("graphitePager.service")     one.wait_for_unit("graphite-beacon.service")     one.wait_for_unit("carbonCache.service")-    one.wait_for_unit("seyren.service")+    # one.wait_for_unit("seyren.service")

Remove line?

lsix

comment created time in 11 days

Pull request review commentNixOS/nixpkgs

nixos/graphite: fix + cleanups

 in {       };     }; -    pager = {

Do these services no longer exist upstream?

I think you want to add some mkRemovedOptionModule statements for these, so that configs fail with an explanation for any current users.

lsix

comment created time in 11 days

PR closed NixOS/nixpkgs

Reviewers
nixos/graphite: delete. 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 6.topic: nixos 6.topic: python 8.has: clean-up 8.has: module (update)
Motivation for this change

The graphite module is unmaintained (although upstream is still developing graphite). It pulls in a closure of insecure python packages, and is the only one that depends on them.

One of its deps, Django 1.8, has been marked insecure for >1 year, and nobody stepped up to fix it.

Fixes #52679.

Signed-off-by: David Anderson dave@natulte.net

Things done

<!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. -->

  • [ ] Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • [ ] NixOS
    • [ ] macOS
    • [ ] other Linux distributions
  • [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • [ ] Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • [ ] Tested execution of all binary files (usually in ./result/bin/)
  • [ ] Determined the impact on package closure size (by running nix path-info -S before and after)
  • [x] Ensured that relevant documentation is up to date
  • [ ] Fits CONTRIBUTING.md.
+5 -834

12 comments

12 changed files

danderson

pr closed time in 11 days

pull request commentNixOS/nixpkgs

nixos/graphite: delete.

Thank you! I'll close this and review your PR.

danderson

comment created time in 11 days

CommitCommentEvent

push eventtailscale/tailscale

David Anderson

commit sha 0be475ba466fc5b6391656a3be1c9416db859753

Revert "tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them" Breaks something deep in wireguard or magicsock's brainstem, no packets at all can flow. All received packets fail decryption with "invalid mac1". This reverts commit 94024355edd563473345e28f9d441e46fd14c70f. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 12 days

PR opened tailscale/tailscale

Reviewers
derp: add one send queue per client, queue packets from receivers.

Related changes:

  • Remove per-node rate limiter, rely entirely on kernel fair queuing+limiting for now.
  • Fix server->client keepalives. Code used to send 1 keepalive and then stop.
  • Packet drop counters broken down by drop reason.

Missing:

  • New test that overloads queues & verifies receivers don't block. Working on that after zzz, but code is good for review meanwhile.
+196 -129

0 comment

2 changed files

pr created time in 12 days

push eventtailscale/tailscale

David Anderson

commit sha c3a2db360fadfd65d585582c8f38719b00040fec

derp: add per-reason packet drop counter. In parallel with the summed counter for now, for dashboard migration. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 12 days

push eventtailscale/tailscale

David Anderson

commit sha 34a44add18ebbc13582aed31260685fbae961b9f

derp: add short queues between reader and writer, drop on overload. This avoids the server blocking on misbehaving or heavily contended clients. We attempt to drop from the head of the queue to keep overall queueing time lower. Also: - fixes server->client keepalives, which weren't happening. - removes read rate-limiter, deferring instead to kernel-level global limiter/fair queuer. Signed-off-by: David Anderson <dave@natulte.net>

view details

David Anderson

commit sha 7db2d7448806316ad415331c07549ba07b1f4962

derp: move write timeout to package constant. Signed-off-by: David Anderson <dave@natulte.net>

view details

push time in 12 days

more