haka: remove

nixos/doc/manual/release-notes/rl-2505.section.md

@@ -230,6 +230,8 @@
 
   - `pytestFlagsArray` and `unittestFlagsArray` are kept for compatibility purposes. They continue to be Bash-expanded before concatenated. This compatibility layer will be removed in future releases.
 
+- The `haka` package and module has been removed because the package was broken and unmaintained for 9 years.
+
 - `strawberry` has been updated to 1.2, which drops support for the VLC backend and Qt 5. The `strawberry-qt5` package
   and `withGstreamer`/`withVlc` override options have been removed due to this.
 

nixos/modules/module-list.nix

@@ -1384,7 +1384,6 @@
   ./services/security/esdm.nix
   ./services/security/fail2ban.nix
   ./services/security/fprintd.nix
-  ./services/security/haka.nix
   ./services/security/haveged.nix
   ./services/security/hockeypuck.nix
   ./services/security/hologram-agent.nix

nixos/modules/rename.nix

@@ -292,6 +292,9 @@ in
       See https://www.isc.org/blogs/isc-dhcp-eol/ for details.
       Please switch to a different implementation like kea or dnsmasq.
     '')
+    (mkRemovedOptionModule [ "services" "haka" ] ''
+      The corresponding package was broken and removed from nixpkgs.
+    '')
     (mkRemovedOptionModule [ "services" "tedicross" ] ''
       The corresponding package was broken and removed from nixpkgs.
     '')

nixos/modules/services/security/haka.nix

@@ -1,154 +0,0 @@
-# This module defines global configuration for Haka.
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-
-  cfg = config.services.haka;
-
-  haka = cfg.package;
-
-  hakaConf = pkgs.writeText "haka.conf" ''
-    [general]
-    configuration = ${
-      if lib.strings.hasPrefix "/" cfg.configFile then
-        "${cfg.configFile}"
-      else
-        "${haka}/share/haka/sample/${cfg.configFile}"
-    }
-    ${lib.optionalString (builtins.lessThan 0 cfg.threads) "thread = ${cfg.threads}"}
-
-    [packet]
-    ${lib.optionalString cfg.pcap ''module = "packet/pcap"''}
-    ${lib.optionalString cfg.nfqueue ''module = "packet/nqueue"''}
-    ${lib.optionalString cfg.dump.enable ''dump = "yes"''}
-    ${lib.optionalString cfg.dump.enable ''dump_input = "${cfg.dump.input}"''}
-    ${lib.optionalString cfg.dump.enable ''dump_output = "${cfg.dump.output}"''}
-
-    interfaces = "${lib.strings.concatStringsSep "," cfg.interfaces}"
-
-    [log]
-    # Select the log module
-    module = "log/syslog"
-
-    # Set the default logging level
-    #level = "info,packet=debug"
-
-    [alert]
-    # Select the alert module
-    module = "alert/syslog"
-
-    # Disable alert on standard output
-    #alert_on_stdout = no
-
-    # alert/file module option
-    #file = "/dev/null"
-  '';
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.haka = {
-
-      enable = lib.mkEnableOption "Haka";
-
-      package = lib.mkPackageOption pkgs "haka" { };
-
-      configFile = lib.mkOption {
-        default = "empty.lua";
-        example = "/srv/haka/myfilter.lua";
-        type = lib.types.str;
-        description = ''
-          Specify which configuration file Haka uses.
-          It can be absolute path or a path relative to the sample directory of
-          the haka git repo.
-        '';
-      };
-
-      interfaces = lib.mkOption {
-        default = [ "eth0" ];
-        example = [ "any" ];
-        type = with lib.types; listOf str;
-        description = ''
-          Specify which interface(s) Haka listens to.
-          Use 'any' to listen to all interfaces.
-        '';
-      };
-
-      threads = lib.mkOption {
-        default = 0;
-        example = 4;
-        type = lib.types.int;
-        description = ''
-          The number of threads that will be used.
-          All system threads are used by default.
-        '';
-      };
-
-      pcap = lib.mkOption {
-        default = true;
-        type = lib.types.bool;
-        description = "Whether to enable pcap";
-      };
-
-      nfqueue = lib.mkEnableOption "nfqueue";
-
-      dump.enable = lib.mkEnableOption "dump";
-      dump.input = lib.mkOption {
-        default = "/tmp/input.pcap";
-        example = "/path/to/file.pcap";
-        type = lib.types.path;
-        description = "Path to file where incoming packets are dumped";
-      };
-
-      dump.output = lib.mkOption {
-        default = "/tmp/output.pcap";
-        example = "/path/to/file.pcap";
-        type = lib.types.path;
-        description = "Path to file where outgoing packets are dumped";
-      };
-    };
-  };
-
-  ###### implementation
-
-  config = lib.mkIf cfg.enable {
-
-    assertions = [
-      {
-        assertion = cfg.pcap != cfg.nfqueue;
-        message = "either pcap or nfqueue can be enabled, not both.";
-      }
-      {
-        assertion = cfg.nfqueue -> !cfg.dump.enable;
-        message = "dump can only be used with nfqueue.";
-      }
-      {
-        assertion = cfg.interfaces != [ ];
-        message = "at least one interface must be specified.";
-      }
-    ];
-
-    environment.systemPackages = [ haka ];
-
-    systemd.services.haka = {
-      description = "Haka";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      serviceConfig = {
-        ExecStart = "${haka}/bin/haka -c ${hakaConf}";
-        ExecStop = "${haka}/bin/hakactl stop";
-        User = "root";
-        Type = "forking";
-      };
-    };
-  };
-}

nixos/tests/haka.nix

@@ -1,27 +0,0 @@
-# This test runs haka and probes it with hakactl
-
-import ./make-test-python.nix (
-  { pkgs, ... }:
-  {
-    name = "haka";
-    meta = with pkgs.lib.maintainers; {
-      maintainers = [ tvestelind ];
-    };
-
-    nodes = {
-      haka =
-        { ... }:
-        {
-          services.haka.enable = true;
-        };
-    };
-
-    testScript = ''
-      start_all()
-
-      haka.wait_for_unit("haka.service")
-      haka.succeed("hakactl status")
-      haka.succeed("hakactl stop")
-    '';
-  }
-)

pkgs/by-name/ha/haka/package.nix

@@ -1,64 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchurl,
-  cmake,
-  swig,
-  wireshark,
-  check,
-  rsync,
-  libpcap,
-  gawk,
-  libedit,
-  pcre,
-  nixosTests,
-}:
-
-let
-  version = "0.3.0";
-in
-
-stdenv.mkDerivation {
-  pname = "haka";
-  inherit version;
-
-  src = fetchurl {
-    name = "haka_${version}_source.tar.gz";
-    url = "https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz";
-    sha256 = "0dm39g3k77sa70zrjsqadidg27a6iqq61jzfdxazpllnrw4mjy4w";
-  };
-
-  env.NIX_CFLAGS_COMPILE = "-Wno-error";
-
-  preConfigure = ''
-    sed -i 's,/etc,'$out'/etc,' src/haka/haka.c
-    sed -i 's,/etc,'$out'/etc,' src/haka/CMakeLists.txt
-    sed -i 's,/opt/haka/etc,$out/opt/haka/etc,' src/haka/haka.1
-    sed -i 's,/etc,'$out'/etc,' doc/user/tool_suite_haka.rst
-  '';
-
-  nativeBuildInputs = [ cmake ];
-  buildInputs = [
-    swig
-    wireshark
-    check
-    rsync
-    libpcap
-    gawk
-    libedit
-    pcre
-  ];
-
-  passthru.tests = { inherit (nixosTests) haka; };
-
-  meta = {
-    description = "Collection of tools that allows capturing TCP/IP packets and filtering them based on Lua policy files";
-    homepage = "http://www.haka-security.org/";
-    license = lib.licenses.mpl20;
-    maintainers = [ lib.maintainers.tvestelind ];
-    platforms = [
-      "x86_64-linux"
-      "i686-linux"
-    ]; # fails on aarch64
-  };
-}

pkgs/top-level/aliases.nix

@@ -641,6 +641,7 @@ mapAliases {
   ### H ###
 
   hacksaw = throw "'hacksaw' has been removed due to lack of upstream maintenance"; # Added 2025-01-25
+  haka = throw "haka has been removed because it failed to build and was unmaintained for 9 years"; # Added 2025-03-11
   haven-cli = throw "'haven-cli' has been removed due to the official announcement of the project closure. Read more at https://havenprotocol.org/2024/12/12/project-closure-announcement"; # Added 2025-02-25
   HentaiAtHome = hentai-at-home; # Added 2024-06-12
   hll2390dw-cups = throw "The hll2390dw-cups package was dropped since it was unmaintained."; # Added 2024-06-21