talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
nixpkgs/pkgs/by-name/ka/kanidm
History
emilylange 01c15b8752
nixos/tests/kanidm: restore eval when calling nixosTests.kanidm directly 
instead of `kanidm.passthru.tests` by leveraging `runTest { }.extend`
and `_module.args.<name> = lib.mkDefault <thing>`.
2025-08-08 14:42:08 +02:00
..
provision-patches
1_5.nix
1_6.nix
kanidm: add EOL notice and set for 1.6
2025-08-03 15:27:30 -04:00
1_7.nix
kanidm_1_7: 1.7.0 -> 1.7.1
2025-08-06 13:38:56 -04:00
generic.nix
nixos/tests/kanidm: restore eval when calling nixosTests.kanidm directly
2025-08-08 14:42:08 +02:00
package.nix
README.md
kanidm: add EOL notice and set for 1.6
2025-08-03 15:27:30 -04:00

README.md

Kanidm release guide

Kanidm supports one release at any given time, with a 30-day overlap to allow for upgrades from old to new version. Version upgrades are only supported on adjacent releases, with no support for jumping versions.

To ensure we provide sufficient coverage for upgrading, we will aim to have two or three releases in tree at any given time. Unsupported versions will be marked as vulnerable (lacking an "unsupported" mechanism), but built by hydra to avoid pushing the very large rebuild on users.

The default version will be updated with each new version, but the default will not be backported. It is expected that stable users will have to manually specify the version, and update that version, throughout the lifecycle of a NixOS release.

New release

For example, when upgrading from 1.4 -> 1.5

Init new version

  1. cp pkgs/by-name/ka/kanidm/1_4.nix pkgs/by-name/ka/kanidm/1_5.nix
  2. cp -r pkgs/by-name/ka/kanidm/patches/1_4 pkgs/by-name/ka/kanidm/patches/1_5
  3. Update 1_5.nix hashes/paths, and as needed for upstream changes, generic.nix
  4. Update all-packages.nix to add kanidm_1_5 and kanidmWithSecretProvisioning_1_5, leave default
  5. Update the previous release, e.g. 1_4.nix and set eolDate = "YYYY-MM-DD" where the date is 30 days from release of 1.5.
  6. Create commit, kanidm_1_5: init at 1.5.0 - this is the only commit that will be backported

Update default

  1. sed -i 's/1_4/1_5/' pkgs/by-name/ka/kanidm/package.nix
  2. Update all-packages.nix and set kanidmWithSecretProvisioning = kanidmWithSecretProvisioning_1_5;
  3. Create commit kanidm: update default to 1.5.0

Backport to stable

  1. Manually create a backport using only the init commit

Remove release

Kanidm versions are supported for 30 days after the release of new versions. Following the example above, 1.5.x superseding 1.4.x in 30 days, do the following near the end of the 30 day window

  1. Update pkgs/by-name/ka/kanidm/1_4.nix by adding unsupported = true;

  2. Update pkgs/top-level/release.nix and add kanidm_1_4-1.4.6 and kanidmWithSecretProvisioning_1_4-1.4.6 to permittedInsecurePackages

  3. Create commit kanidm_1_4: mark EOL, this commit alone should be backported

  4. Remove the third oldest release from all-packages.nix, e.g. 1.3.x continuing the example. Remove kanidm_1_3 and kanidmWithSecretProvisioning_1_3

  5. Update pkgs/top-level/release.nix and remove kanidm_1_3* from permittedInsecurePackages

  6. Update pkgs/top-level/aliases.nix and add kanidm_1_4 and kanidmWithSecretProvisioning_1_4-1.4.6

  7. Remove pkgs/by-name/ka/kanidm/1_3.nix