Merge pull request #151795 from pennae/dhcpcd

dhcpcd: fix !enablePrivSep build, nixos/dhcpcd: assert if dhcpcd would crash
2022-01-29 17:06:02 +00:00 · 2022-01-29 17:06:02 +00:00 · 0be46d0515
commit 0be46d0515
parent defabb219d 831024e2b9
2 changed files with 28 additions and 7 deletions
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@ -183,6 +183,20 @@ in

  config = mkIf enableDHCP {

+    assertions = [ {
+      # dhcpcd doesn't start properly with malloc ∉ [ libc scudo ]
+      # see https://github.com/NixOS/nixpkgs/issues/151696
+      assertion =
+        dhcpcd.enablePrivSep
+          -> elem config.environment.memoryAllocator.provider [ "libc" "scudo" ];
+      message = ''
+        dhcpcd with privilege separation is incompatible with chosen system malloc.
+          Currently only the `libc` and `scudo` allocators are known to work.
+          To disable dhcpcd's privilege separation, overlay Nixpkgs and override dhcpcd
+          to set `enablePrivSep = false`.
+      '';
+    } ];
+
    systemd.services.dhcpcd = let
      cfgN = config.networking;
      hasDefaultGatewaySet = (cfgN.defaultGateway != null && cfgN.defaultGateway.address != "")
--- a/pkgs/tools/networking/dhcpcd/default.nix
+++ b/pkgs/tools/networking/dhcpcd/default.nix
@ -34,12 +34,16 @@ stdenv.mkDerivation rec {
    "--sysconfdir=/etc"
    "--localstatedir=/var"
  ]
-  ++ lib.optionals enablePrivSep [
-    "--enable-privsep"
-    # dhcpcd disables privsep if it can't find the default user,
-    # so we explicitly specify a user.
-    "--privsepuser=dhcpcd"
-  ];
+  ++ (
+    if ! enablePrivSep
+    then [ "--disable-privsep" ]
+    else [
+      "--enable-privsep"
+      # dhcpcd disables privsep if it can't find the default user,
+      # so we explicitly specify a user.
+      "--privsepuser=dhcpcd"
+    ]
+  );

  makeFlags = [ "PREFIX=${placeholder "out"}" ];

@ -50,7 +54,10 @@ stdenv.mkDerivation rec {
  # Check that the udev plugin got built.
  postInstall = lib.optionalString (udev != null) "[ -e ${placeholder "out"}/lib/dhcpcd/dev/udev.so ]";

-  passthru.tests = { inherit (nixosTests.networking.scripted) macvlan dhcpSimple dhcpOneIf; };
+  passthru = {
+    inherit enablePrivSep;
+    tests = { inherit (nixosTests.networking.scripted) macvlan dhcpSimple dhcpOneIf; };
+  };

  meta = with lib; {
    description = "A client for the Dynamic Host Configuration Protocol (DHCP)";