Breaking changes announcement for unstable

The dhcpcd service (networking.useDHCP) has been hardened and now runs exclusively as the “dhcpcd” user (no root at all). (PR #336988)

Most users shouldn’t see any difference, but if you were relying on the root privileges in networking.dhcpcd.runHook you will have to write specific sudo or polkit rules to allow dhcpcd to perform privileged actions.

Also, as part of these changes, the DHCP lease files directory has also been moved from /var/db/dhcpcd to /var/lib/dhcpcd. This migration is performed automatically, but you may have to update your backup rules.

3 Likes

A typo was introduced and subsequently fixed in the ec2-data script that runs on OpenStack and AWS and will clobber the permissions of your machine and lock you out of SSH. Unfortunately the change made it into the unstable channel.

The fix just rolled out in unstable-small but is still rolling out to unstable Nixpkgs PR #347678 ("treewide: fix typo chown -> chmod") progress

If you happen to be locked out, the fix for AWS is:

  • log in using SSM (for this your IAM instance profile must have the arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore policy attached)
  • You’ll notice that /etc/ssh is owned by a non-existent user named 755
  • chown root /etc/ssh /etc/ec2-metadata
  • You should have access to your server over SSH again

I will work on a NixOS test that will make these kind of bugs channel blockers

10 Likes

pkgs.meilisearch changes from 1.9.0 → 1.10.2 including a breaking change in the Experimental AI-powered search.

Users should follow the update and migration guide: https://www.meilisearch.com/docs/learn/update_and_migration/updating

See also meilisearch: 1.9.0 -> 1.10.2 by bbenno · Pull Request #349995 · NixOS/nixpkgs · GitHub

The Darwin SDK pattern changes have landed in master. See Title: The Darwin SDKs have been updated for the list of breaking changes.

6 Likes