Skip to content

cracklib: 2.10.0 -> 2.10.3: modernize & massively slim down#429797

Merged
K900 merged 1 commit intoNixOS:stagingfrom
nikstur:modernize-cracklib-staging
Aug 1, 2025
Merged

cracklib: 2.10.0 -> 2.10.3: modernize & massively slim down#429797
K900 merged 1 commit intoNixOS:stagingfrom
nikstur:modernize-cracklib-staging

Conversation

@nikstur
Copy link
Contributor

@nikstur nikstur commented Jul 31, 2025
edited
Loading

Use fetchFromGitHub to make the updateScript easier and avoid xz style supply chain issues.

Separate into multiple outputs. The "out" output now doesn't have a bash dependency anymore because all the scripts are in "bin".

Do not build the massive wordlist anymore. Instead rely on the built-in one. This is also what e.g. archlinux does and it leads to a massively smaller package: 10MiB -> 1MiB. This is especially dramatic/relevant because cracklib is in the mandatory NixOS system closure because it's a dependency of systemd. This change saves 9MiB transferred to literally every NixOS machine.

This is also relevant for #428908

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nikstur nikstur changed the base branch from master to staging July 31, 2025 09:44
@nixpkgs-ci nixpkgs-ci bot closed this Jul 31, 2025
@nixpkgs-ci nixpkgs-ci bot reopened this Jul 31, 2025
@nikstur
cracklib: 2.10.0 -> 2.10.3
c1c1488 
Use fetchFromGitHub to make the updateScript easier and avoid xz style
supply chain issues.

Separate into multiple outputs. The "out" output now doesn't have a bash
dependency anymore because all the scripts are in "bin".

Do not build the massive wordlist anymore. Instead rely on the built-in
one. This is also what e.g. archlinux does and it leads to a massively
smaller package: 10MiB -> 1MiB. This is especially dramatic/relevant
because cracklib is in the mandatory NixOS system closure because it's a
dependency of systemd. This change saves 9MiB transferred to literally
every NixOS machine.
@nikstur nikstur force-pushed the modernize-cracklib-staging branch from a9b44dc to c1c1488 Compare July 31, 2025 09:45
@nikstur nikstur changed the title cracklib: 2.10.0 -> 2.10.3: massively slim down cracklib: 2.10.0 -> 2.10.3: modernize & massively slim down Jul 31, 2025
@nikstur nikstur marked this pull request as ready for review July 31, 2025 09:48
@nikstur nikstur requested a review from reckenrode July 31, 2025 09:48
@nikstur nikstur mentioned this pull request Jul 31, 2025
Closed
@nix-owners nix-owners bot requested a review from lovek323 July 31, 2025 09:52
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jul 31, 2025
@nikstur nikstur requested review from K900 and arianvp July 31, 2025 10:12
@nikstur nikstur mentioned this pull request Jul 31, 2025
Merged
13 tasks
@K900 K900 merged commit 08f942e into NixOS:staging Aug 1, 2025
33 of 35 checks passed
@nikstur nikstur deleted the modernize-cracklib-staging branch August 4, 2025 22:06
nikstur added a commit to nikstur/nixpkgs that referenced this pull request Aug 10, 2025
@nikstur
kbd: do not compress by default
4049a36 
Removes the dependency on bash.

Increases the binary size by 2.3MiB. However, with the 9MiB saved
by removing the excessive dictionary from cracklib (NixOS#429797), this still
results in a net reduction of the mandatory closure size.

Once kbd allows using the compression libraries instead of shelling out
to the binaries (github.com/legionus/kbd/issues/138) we can compress by
default again.

Add the package `kbdCompressed` for users that want to load custom
compressed fonts and keymaps. Alternatively, they can still uncompress
custom fonts and keymaps themselves and then call loadkeys/setfont on
it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reckenrode reckenrode Awaiting requested review from reckenrode

@lovek323 lovek323 Awaiting requested review from lovek323

@arianvp arianvp Awaiting requested review from arianvp

@K900 K900 Awaiting requested review from K900

Assignees

No one assigned

Labels

10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nikstur @K900