Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add networking.hosts and .hostFiles from nixos #939

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add networking.hosts and .hostFiles from nixos #939

wants to merge 4 commits into from
+110 −0

Conversation

ibizaman
Copy link

@ibizaman ibizaman commented Apr 22, 2024
edited
Loading

This code was taken nearly verbatim from
https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/networking.nix

The few changes were related to making the default /etc/hosts match the Apple's stock one. This implied no 127.0.0.2 and forcing the IPV6 ::1 entry.

@willemml
Copy link

willemml commented May 5, 2024
edited
Loading

Possible duplicate of #807? (my PR is older and doesn't have tests though, so maybe this should be preferred)

@ibizaman
Copy link
Author

ibizaman commented May 7, 2024

Sorry @willemml I missed your PR. I didn’t intend to duplicate work.

@ibizaman ibizaman mentioned this pull request Aug 16, 2024
Open
@secana
Copy link

secana commented Aug 19, 2024

This PR seems fine but is blocked as a review is required. How can we help to get it merged?

@niklasravnsborg
Copy link
Contributor

Oh this would be awesome :)

Enzime
Enzime requested changes Sep 3, 2024
View reviewed changes
Copy link
Collaborator

@Enzime Enzime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rebase this PR?

modules/networking/default.nix Outdated
in mkBefore [ localhostHosts stringHosts extraHosts ];

environment.etc.hosts = {
copy = true;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
copy = true;
knownSha256Hashes = [ "..." ];

The copy option was removed, can you add the default /etc/hosts to docs/known-files and its sha256 hash here?

tests/networking-hosts.nix Outdated
echo checking /etc/hosts file >&2

file=${config.out}/etc/hosts
grep '127.0.0.1' $file
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably also worth testing that localhost is mapped to 127.0.0.1 and ::1 as they're the defaults

@ibizaman
add networking.hosts and .hostFiles from nixos
6d019e1 
This code was taking nearly verbatim from
https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/networking.nix

The few changes were related to making default /etc/hosts match the Apple's stock one. This implied
no 127.0.0.2 and forcing the IPV6 ::1 entry.
@ibizaman
switch to knownSha256Hashes
8ec98dc
@ibizaman
add more tests
274963a
@ibizaman
Copy link
Author

ibizaman commented Sep 3, 2024
edited
Loading

@Enzime rebasing is done. I tried to do the hash thing but I think I got it wrong.

I did cp /etc/hosts hosts, edited the file to remove the modifications I made, then sha256sum hosts and that's the hash I used. I suppose the hash is wrong though? Could someone provide me with the hash of a stock /etc/hosts file?

@emilazy
Copy link
Collaborator

emilazy commented Sep 3, 2024

It looks right to me:

emily@yuyuko ~> cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost
emily@yuyuko ~> shasum -a 256 /etc/hosts
c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da  /etc/hosts

@emilazy
Copy link
Collaborator

emilazy commented Sep 3, 2024

However the file in doc/ seems to be missing the trailing newline.

@ibizaman
Copy link
Author

ibizaman commented Sep 4, 2024

@emilazy good catch! Indeed:

Without the newline:

$ sha256sum doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da
1b6fb3e08d41ae31b6bfe1f66fecf3ef53e302047993f6235570bc9391f291bb  doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da

With:

$ sha256sum doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da
c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da  doc/known-files/c7dd0e2ed261ce76d76f852596c5b54026b9a894fa481381ffd399b556c0e2da

@Enzime
Copy link
Collaborator

Enzime commented Sep 4, 2024

Looks like the tests are broken now

@ibizaman
Copy link
Author

ibizaman commented Sep 4, 2024
edited
Loading

@Enzime indeed 😞 I have two questions related to the two failures I see.

How can I fix the /etc/hosts file exists issue? Does the error now come from me including a wrong /etc/hosts file? How can I print the /etc/hosts file from CI?

I looked and looked at the test output and can’t see the error printed out. How can I run the tests locally if I use flakes? I tried a few command line incantations but I can’t seem to make it right.

@Enzime
Copy link
Collaborator

Enzime commented Nov 7, 2024

The ability to run the tests through a flake interface will be added in #1140, until that's merged you can run your test locally with nix-build release.nix -A tests.networking-hosts

I've accessed the GitHub runner through tmate (I suspect only maintainers have access but I'm not sure, it's the last step in the install-against-stable and install-against-unstable jobs that runs if the job failed) and extracted the /etc/hosts file:

$ cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost
192.168.64.25 Mac-1730942908330.local Mac-1730942908330
192.168.64.25 Mac-1730942908330.local Mac-1730942908330
$ shasum -a 256 /etc/hosts
31ce667128143b67ac1e7c3b64fda0891d4ff011259c48e6c9bdbd704bc29118  /etc/hosts

I suspect that every GitHub Mac will have a different /etc/hosts so you'll most likely need to update these lines to generate a hash of /etc/hosts and set environment.etc.hosts.knownSha256Sums = [ ... ] like is already done with nix.conf:

nix-darwin/.github/workflows/test.yml

Lines 143 to 146 in 98e7dba

nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
flake.nix

@Enzime
Copy link
Collaborator

Enzime commented Nov 7, 2024

Also if you could rebase this PR that would be great, let us know if you're still interested in working on this PR

@emilazy
Copy link
Collaborator

emilazy commented Nov 7, 2024

Probably simplest to just move the config files out of the way rather than hashing them.

@Enzime
Copy link
Collaborator

Enzime commented Nov 7, 2024

In the case of nix.conf I chose to hash it because of access-tokens and the changes get reflected immediately when I last tested but that should be fine for /etc/hosts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Enzime Enzime Enzime requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ibizaman @willemml @secana @niklasravnsborg @emilazy @Enzime