Skip to content

sing-box: 1.11.15 -> 1.12.3, nixos/sing-box: add user and group, nixosTests.sing-box: migrate config #430835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Aug 21, 2025
Merged

sing-box: 1.11.15 -> 1.12.3, nixos/sing-box: add user and group, nixosTests.sing-box: migrate config #430835

merged 7 commits into from
Aug 21, 2025

Conversation

Prince213
Copy link
Member

@Prince213 Prince213 commented Aug 4, 2025
edited
Loading

Release notes: https://github.com/SagerNet/sing-box/releases/tag/v1.12.3
Changelog: https://sing-box.sagernet.org/changelog/#1123

Reference:

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Aug 4, 2025
@nix-owners nix-owners bot requested a review from NickCao August 4, 2025 06:14
@nixpkgs-ci nixpkgs-ci bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` and removed 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. labels Aug 4, 2025
@Prince213 Prince213 added 8.has: package (update) This PR updates a package to a newer version 8.has: tests This PR has tests labels Aug 4, 2025
@Prince213 Prince213 changed the title sing-box: 1.11.15 -> 1.12.0 sing-box: 1.11.15 -> 1.12.0, nixos/sing-box: add user and group options, nixosTests.sing-box: migrate dns config Aug 4, 2025
@nixpkgs-ci nixpkgs-ci bot added 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation labels Aug 4, 2025
@Prince213
Copy link
Member Author

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 430835

Logs: https://github.com/Prince213/nixpkgs-review-gha/actions/runs/16716235811

x86_64-linux

⏩ 2 packages blacklisted:
  • nixos-install-tools
  • tests.nixos-functions.nixos-test
✅ 1 package built:
  • sing-box

aarch64-linux

⏩ 2 packages blacklisted:
  • nixos-install-tools
  • tests.nixos-functions.nixos-test
✅ 1 package built:
  • sing-box

x86_64-darwin (sandbox = true)

✅ 1 package built:
  • sing-box

aarch64-darwin (sandbox = true)

✅ 1 package built:
  • sing-box

@CyanChanges CyanChanges mentioned this pull request Aug 4, 2025
Closed
3 tasks
@nixpkgs-ci nixpkgs-ci bot added the 12.approvals: 1 This PR was reviewed and approved by one person. label Aug 4, 2025
NickCao
NickCao reviewed Aug 4, 2025
View reviewed changes
@Prince213 Prince213 requested a review from NickCao August 5, 2025 04:25
@Prince213 Prince213 changed the title sing-box: 1.11.15 -> 1.12.0, nixos/sing-box: add user and group options, nixosTests.sing-box: migrate dns config sing-box: 1.11.15 -> 1.12.0, nixos/sing-box: add user and group, nixosTests.sing-box: migrate dns config Aug 5, 2025
NickCao
NickCao reviewed Aug 6, 2025
View reviewed changes
Copy link
Member

@NickCao NickCao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise LGTM.

XYenon
XYenon reviewed Aug 7, 2025
View reviewed changes
@Prince213 Prince213 requested review from NickCao and XYenon August 7, 2025 06:28
@nekohasekai
Copy link

nekohasekai commented Aug 7, 2025
edited
Loading

It should be noted that although sing-box 1.12.0 changes some configuration formats, it is not a breaking change. The old format will continue to be compatible until two minor versions, which is about a year later, giving users plenty of time to update their configurations.

@Prince213
Copy link
Member Author

It should be noted that although sing-box 1.12.0 changes some configuration formats, it is not a breaking change. The old format will continue to be compatible until two minor versions, which is about a year later, giving users plenty of time to update their configurations.

Thanks. However, this will mean that if we don't consider 1.11.15 -> 1.12.0 as a breaking change, then we need to make 1.12.1 -> 1.12.2 as one, which breaks semantic versioning and will cause confusion. Thus it's better to do it right now, and nothing can stop nixos-unstable user to migrate now or later anyway.

@nekohasekai
Copy link

It should be noted that although sing-box 1.12.0 changes some configuration formats, it is not a breaking change. The old format will continue to be compatible until two minor versions, which is about a year later, giving users plenty of time to update their configurations.

Thanks. However, this will mean that if we don't consider 1.11.15 -> 1.12.0 as a breaking change, then we need to make 1.12.1 -> 1.12.2 as one, which breaks semantic versioning and will cause confusion. Thus it's better to do it right now, and nothing can stop nixos-unstable user to migrate now or later anyway.

You seem to have misunderstood, that's 1.14.0, not 1.12.2

@Prince213
Copy link
Member Author

I'm avoiding DynamicUser now because of systemd/systemd#9503.

@nekohasekai
Copy link

I believe that most people will not need to use the resolved service and its DNS server, since their purpose is to replace systemd-resolved to accept DNS settings set by other software (e.g. NetworkManager, Tailscale), rather than querying through resolved (although it is implemented in the local DNS server in new 1.13 alpha versions).

@Prince213
Copy link
Member Author

Looks like resolved is working now, should be good.

@nekohasekai
Copy link

Since 1.12 has been in beta for six months and I haven't received any bug reports regarding the default interface finder, I suspect this is a configuration issue or a test failure caused by an unusual environment.

In any case, if this bug occurs during normal use, please open an issue with us.

@Prince213
Copy link
Member Author

I suspect this is a configuration issue or a test failure caused by an unusual environment.

sing-box works fine, just that there's this harmless ERROR level message. It could be related to how we set up network interfaces, as I don't see this outside of NixOS tests.

@Prince213 Prince213 requested review from Moraxyc and NickCao and removed request for NickCao and Moraxyc August 20, 2025 04:35
@Prince213 Prince213 changed the title sing-box: 1.11.15 -> 1.12.2, nixos/sing-box: add user and group, nixosTests.sing-box: migrate dns config sing-box: 1.11.15 -> 1.12.2, nixos/sing-box: add user and group, nixosTests.sing-box: migrate config Aug 20, 2025
@Prince213
Copy link
Member Author

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 430835 -p sing-box -p nixosTests.sing-box

Logs: https://github.com/Prince213/nixpkgs-review-gha/actions/runs/17088627400

x86_64-linux

✅ 1 test built:
  • nixosTests.sing-box
✅ 1 package built:
  • sing-box

aarch64-linux

✅ 1 test built:
  • nixosTests.sing-box
✅ 1 package built:
  • sing-box

x86_64-darwin (sandbox = true)

✅ 1 package built:
  • sing-box

aarch64-darwin (sandbox = true)

✅ 1 package built:
  • sing-box

@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 3+ This PR was reviewed and approved by three or more persons. and removed 12.approvals: 2 This PR was reviewed and approved by two persons. labels Aug 21, 2025
@Prince213 Prince213 changed the title sing-box: 1.11.15 -> 1.12.2, nixos/sing-box: add user and group, nixosTests.sing-box: migrate config sing-box: 1.11.15 -> 1.12.3, nixos/sing-box: add user and group, nixosTests.sing-box: migrate config Aug 21, 2025
@Prince213
Copy link
Member Author

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 430835 -p sing-box -p nixosTests.sing-box
Commit: 5bcb1aca6fbbbc18874f3f0291e06d57310e4889 (subsequent changes)
Merge: b370d8814c11efde6144f01b02e140b94586bfb8

Logs: https://github.com/Prince213/nixpkgs-review-gha/actions/runs/17118080780

x86_64-linux

✅ 1 test built:
  • nixosTests.sing-box
✅ 1 package built:
  • sing-box

aarch64-linux

❌ 1 package failed to build:
  • nixosTests.sing-box
✅ 1 package built:
  • sing-box

x86_64-darwin (sandbox = true)

✅ 1 package built:
  • sing-box

aarch64-darwin (sandbox = true)

✅ 1 package built:
  • sing-box

@Prince213
Copy link
Member Author

aarch64-linux test is failing consistently:

error: Cannot build '/nix/store/iqvxcg445ch6hv7kia2cpwzlh91yh7b0-vm-test-run-sing-box.drv'.
       Reason: required system or feature not available
       Required system: 'aarch64-linux' with features {kvm, nixos-test}
       Current system: 'aarch64-linux' with features {benchmark, big-parallel, nixos-test, uid-range}

@dramforever
Copy link
Contributor

aarch64-linux sing-box.tests.sing-box passes on my Apple MacBook Pro (14-inch, M1 Pro, 2021) "j314s"

@NickCao NickCao merged commit 09950e4 into NixOS:master Aug 21, 2025
27 of 29 checks passed
@NickCao
Copy link
Member

NickCao commented Aug 21, 2025

Again, please test if the polkit/dbus rules actually work as intended, otherwise we may as well remove them.

@Prince213
Copy link
Member Author

Again, please test if the polkit/dbus rules actually work as intended, otherwise we may as well remove them.

They are used when sing-box is running as an unprivileged user (such as sing-box) and needs to set up resolved-related features. Since resolved is tested to work, we can be confident that the rules are working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NickCao NickCao Awaiting requested review from NickCao

4 more reviewers

@XYenon XYenon XYenon approved these changes

@nekohasekai nekohasekai nekohasekai left review comments

@hellodword hellodword hellodword approved these changes

@Moraxyc Moraxyc Moraxyc approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (update) This PR updates a package to a newer version 8.has: tests This PR has tests 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 12.approvals: 3+ This PR was reviewed and approved by three or more persons.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@Prince213 @nekohasekai @Guanran928 @Moraxyc @hellodword @NickCao @mlyxshi @dramforever @XYenon