diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-04-28 14:39:00 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-06-10 08:52:36 +0000 |
commit | 693e64ef7421374338ddb1dc12b9573feec75972 (patch) | |
tree | 2526ac075d248699c35d63e04499890ee4381f5f /nixpkgs/pkgs/os-specific/linux | |
parent | 7014df2256694d97093d6f2bb1db340d346dea88 (diff) | |
parent | 8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17 (diff) | |
download | nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.gz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.bz2 nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.lz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.xz nixlib-693e64ef7421374338ddb1dc12b9573feec75972.tar.zst nixlib-693e64ef7421374338ddb1dc12b9573feec75972.zip |
Merge commit '8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17'
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux')
73 files changed, 361 insertions, 305 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/afuse/default.nix b/nixpkgs/pkgs/os-specific/linux/afuse/default.nix index 7375f45eb6db..75c44e111725 100644 --- a/nixpkgs/pkgs/os-specific/linux/afuse/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/afuse/default.nix @@ -11,11 +11,18 @@ stdenv.mkDerivation { nativeBuildInputs = [ autoreconfHook pkg-config ]; buildInputs = [ fuse ]; + postPatch = lib.optionalString stdenv.isDarwin '' + # Fix the build on macOS with macFUSE installed + substituteInPlace configure.ac --replace \ + 'export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH' \ + "" + ''; + meta = { description = "Automounter in userspace"; homepage = "https://github.com/pcarrier/afuse"; license = lib.licenses.gpl2; maintainers = [ lib.maintainers.marcweber ]; - platforms = lib.platforms.linux; + platforms = lib.platforms.unix; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/anbox/kmod.nix b/nixpkgs/pkgs/os-specific/linux/anbox/kmod.nix index f62e6ee6aa53..1ed6d9c5f723 100644 --- a/nixpkgs/pkgs/os-specific/linux/anbox/kmod.nix +++ b/nixpkgs/pkgs/os-specific/linux/anbox/kmod.nix @@ -36,7 +36,7 @@ stdenv.mkDerivation { homepage = "https://github.com/anbox/anbox-modules"; license = licenses.gpl2; platforms = platforms.linux; - broken = (versionOlder kernel.version "4.4") || (kernel.features.grsecurity or false); + broken = (versionOlder kernel.version "4.4"); maintainers = with maintainers; [ edwtjo ]; }; diff --git a/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix b/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix index 935b5e65b1f9..bb0c0b45d6e1 100644 --- a/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix @@ -136,10 +136,9 @@ let wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH" done - substituteInPlace $out/bin/aa-notify --replace /usr/bin/notify-send ${libnotify}/bin/notify-send - # aa-notify checks its name and does not work named ".aa-notify-wrapped" - mv $out/bin/aa-notify $out/bin/aa-notify-wrapped - makeWrapper ${perl}/bin/perl $out/bin/aa-notify --set PERL5LIB ${libapparmor}/${perl.libPrefix} --add-flags $out/bin/aa-notify-wrapped + substituteInPlace $out/bin/aa-notify \ + --replace /usr/bin/notify-send ${libnotify}/bin/notify-send \ + --replace /usr/bin/perl "${perl}/bin/perl -I ${libapparmor}/${perl.libPrefix}" ''; inherit doCheck; diff --git a/nixpkgs/pkgs/os-specific/linux/bcc/default.nix b/nixpkgs/pkgs/os-specific/linux/bcc/default.nix index 290e3b561800..4235ecb38d34 100644 --- a/nixpkgs/pkgs/os-specific/linux/bcc/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bcc/default.nix @@ -1,7 +1,7 @@ -{ lib, stdenv, fetchurl, fetchpatch +{ lib, stdenv, fetchFromGitHub , makeWrapper, cmake, llvmPackages, kernel , flex, bison, elfutils, python, luajit, netperf, iperf, libelf -, systemtap, bash +, systemtap, bash, libbpf }: python.pkgs.buildPythonApplication rec { @@ -10,9 +10,11 @@ python.pkgs.buildPythonApplication rec { disabled = !stdenv.isLinux; - src = fetchurl { - url = "https://github.com/iovisor/bcc/releases/download/v${version}/bcc-src-with-submodule.tar.gz"; - sha256 = "sha256-TEH8Gmp+8ghLQ8UsGy5hBCMLqfMeApWEFr8THYSOdOQ="; + src = fetchFromGitHub { + owner = "iovisor"; + repo = "bcc"; + rev = "v${version}"; + sha256 = "sha256:0k807vzznlb2icczw64ph6q28605kvghya2kd4h3c7jmap6gq1qg"; }; format = "other"; @@ -20,6 +22,7 @@ python.pkgs.buildPythonApplication rec { llvm clang-unwrapped kernel elfutils luajit netperf iperf systemtap.stapBuild flex bash + libbpf ]; patches = [ @@ -38,6 +41,7 @@ python.pkgs.buildPythonApplication rec { "-DREVISION=${version}" "-DENABLE_USDT=ON" "-DENABLE_CPP_API=ON" + "-DCMAKE_USE_LIBBPF_PACKAGE=ON" ]; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix index 6cb23de50a99..2e342fbc0392 100644 --- a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix @@ -19,11 +19,11 @@ ]; in stdenv.mkDerivation rec { pname = "bluez"; - version = "5.56"; + version = "5.58"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/${pname}-${version}.tar.xz"; - sha256 = "sha256-WcTbqfyKripqX48S8ZvBsMLcJzVcfKMSPu0/5r19C50="; + sha256 = "1wgiv8cqya6n1w5fz24cb8q401bhn5aa6s7g95l26rzblmsmw1n8"; }; buildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/btfs/default.nix b/nixpkgs/pkgs/os-specific/linux/btfs/default.nix index 70864b311d29..342272f42861 100644 --- a/nixpkgs/pkgs/os-specific/linux/btfs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/btfs/default.nix @@ -22,6 +22,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/johang/btfs"; license = licenses.gpl3; maintainers = with maintainers; [ rnhmjoj ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix b/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix index bd50852bd9d4..ca3e38c2e707 100644 --- a/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix @@ -20,17 +20,17 @@ let in stdenv.mkDerivation rec { pname = "displaylink"; - version = "5.3.1.34"; + version = "5.4.0-55.153"; src = requireFile rec { name = "displaylink.zip"; - sha256 = "1c1kbjgpb71f73qnyl44rvwi6l4ivddq789rwvvh0ahw2jm324hy"; + sha256 = "1m2l3bnlfwfp94w7khr05npsbysg9mcyi7hi85n78xkd0xdcxml8"; message = '' In order to install the DisplayLink drivers, you must first comply with DisplayLink's EULA and download the binaries and sources from here: - https://www.displaylink.com/downloads/file?id=1576 + https://www.synaptics.com/node/3751 Once you have downloaded the file, please use the following commands and re-run the installation: diff --git a/nixpkgs/pkgs/os-specific/linux/dropwatch/default.nix b/nixpkgs/pkgs/os-specific/linux/dropwatch/default.nix index 288dea85cc82..c2701c057193 100644 --- a/nixpkgs/pkgs/os-specific/linux/dropwatch/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/dropwatch/default.nix @@ -1,30 +1,47 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config -, libnl, readline, libbfd, ncurses, zlib }: +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, libbfd +, libnl +, libpcap +, ncurses +, readline +, zlib +}: stdenv.mkDerivation rec { pname = "dropwatch"; - version = "1.5.1"; + version = "1.5.3"; src = fetchFromGitHub { owner = "nhorman"; repo = pname; rev = "v${version}"; - sha256 = "1qmax0l7z1qik42c949fnvjh5r6awk4gpgzdsny8iwnmwzjyp8b8"; + sha256 = "0axx0zzrs7apqnl0r70jyvmgk7cs5wk185id479mapgngibwkyxy"; }; - nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ libbfd libnl ncurses readline zlib ]; - - # To avoid running into https://sourceware.org/bugzilla/show_bug.cgi?id=14243 we need to define: - NIX_CFLAGS_COMPILE = "-DPACKAGE=${pname} -DPACKAGE_VERSION=${version}"; + nativeBuildInputs = [ + autoreconfHook + pkg-config + ]; + buildInputs = [ + libbfd + libnl + libpcap + ncurses + readline + zlib + ]; enableParallelBuilding = true; meta = with lib; { description = "Linux kernel dropped packet monitor"; homepage = "https://github.com/nhorman/dropwatch"; - license = licenses.gpl2; + license = licenses.gpl2Plus; platforms = platforms.linux; - maintainers = [ maintainers.c0bw3b ]; + maintainers = with maintainers; [ c0bw3b ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/evdi/default.nix b/nixpkgs/pkgs/os-specific/linux/evdi/default.nix index 0f56d0e95ca6..a8a0445e955d 100644 --- a/nixpkgs/pkgs/os-specific/linux/evdi/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/evdi/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "evdi"; - version = "v1.7.2"; + version = "unstable-20210401"; src = fetchFromGitHub { owner = "DisplayLink"; repo = pname; - rev = version; - sha256 = "074j0xh037n8mc4isihfz9lap57wvxaxib32pvy6jhjl3wyik632"; + rev = "b0b3d131b26df62664ca33775679eea7b70c47b1"; + sha256 = "09apbvdc78bbqzja9z3b1wrwmqkv3k7cn3lll5gsskxjnqbhxk9y"; }; nativeBuildInputs = kernel.moduleBuildDependencies; @@ -33,6 +33,6 @@ stdenv.mkDerivation rec { platforms = platforms.linux; license = with licenses; [ lgpl21 gpl2 ]; homepage = "https://www.displaylink.com/"; - broken = versionOlder kernel.version "4.9" || stdenv.isAarch64; + broken = versionOlder kernel.version "4.19" || stdenv.isAarch64; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix index 7e0c48a439d7..6a826f639660 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix @@ -25,6 +25,6 @@ stdenvNoCC.mkDerivation rec { description = "Firmware for the Raspberry Pi board"; homepage = "https://github.com/raspberrypi/firmware"; license = licenses.unfreeRedistributableFirmware; # See https://github.com/raspberrypi/firmware/blob/master/boot/LICENCE.broadcom - maintainers = with maintainers; [ dezgeg tavyc ]; + maintainers = with maintainers; [ dezgeg ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/flashbench/default.nix b/nixpkgs/pkgs/os-specific/linux/flashbench/default.nix index 44bcbba205e0..619aea69aa64 100644 --- a/nixpkgs/pkgs/os-specific/linux/flashbench/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/flashbench/default.nix @@ -27,6 +27,5 @@ stdenv.mkDerivation { homepage = "https://github.com/bradfa/flashbench"; platforms = platforms.linux; license = licenses.gpl2Only; - maintainers = [ maintainers.rycee ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/fuse/common.nix b/nixpkgs/pkgs/os-specific/linux/fuse/common.nix index 053ea34c82eb..cca1ecf5d246 100644 --- a/nixpkgs/pkgs/os-specific/linux/fuse/common.nix +++ b/nixpkgs/pkgs/os-specific/linux/fuse/common.nix @@ -96,7 +96,7 @@ in stdenv.mkDerivation rec { inherit (src.meta) homepage; changelog = "https://github.com/libfuse/libfuse/releases/tag/fuse-${version}"; platforms = platforms.linux; - license = with licenses; [ gpl2 lgpl21 ]; + license = with licenses; [ gpl2Only lgpl21Only ]; maintainers = [ maintainers.primeos ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/fuse/default.nix b/nixpkgs/pkgs/os-specific/linux/fuse/default.nix index 02c46b9ba772..b7ee8772f46b 100644 --- a/nixpkgs/pkgs/os-specific/linux/fuse/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/fuse/default.nix @@ -11,7 +11,7 @@ in { }; fuse_3 = mkFuse { - version = "3.10.2"; - sha256Hash = "0m44hhk6jxkgkvk2jsjcwa3pqgzzqnpm606n3n8wn1ldypkvpsps"; + version = "3.10.3"; + sha256Hash = "054g3jqy8lhlj8kkwd16wxaxzynmh8h5iv20cryd0psg0hgmhd7v"; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/hostapd/default.nix b/nixpkgs/pkgs/os-specific/linux/hostapd/default.nix index 2b018c0267a6..5d4edc4f7e76 100644 --- a/nixpkgs/pkgs/os-specific/linux/hostapd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/hostapd/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pkg-config, libnl, openssl, sqlite ? null }: +{ lib, stdenv, fetchurl, fetchpatch, pkg-config, libnl, openssl, sqlite ? null }: stdenv.mkDerivation rec { pname = "hostapd"; @@ -43,6 +43,12 @@ stdenv.mkDerivation rec { url = "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"; sha256 = "12npqp2skgrj934wwkqicgqksma0fxz09di29n1b5fm5i4njl8d8"; }) + # In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. + (fetchpatch { + name = "CVE-2021-30004.patch"; + url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15"; + sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg"; + }) ]; outputs = [ "out" "man" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/isgx/default.nix b/nixpkgs/pkgs/os-specific/linux/isgx/default.nix index 1806916b14db..3e551e559170 100644 --- a/nixpkgs/pkgs/os-specific/linux/isgx/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/isgx/default.nix @@ -17,6 +17,11 @@ stdenv.mkDerivation rec { url = "https://github.com/intel/linux-sgx-driver/commit/276c5c6a064d22358542f5e0aa96b1c0ace5d695.patch"; sha256 = "sha256-PmchqYENIbnJ51G/tkdap/g20LUrJEoQ4rDtqy6hj24="; }) + # Fixes detection with kernel >= 5.11 + (fetchpatch { + url = "https://github.com/intel/linux-sgx-driver/commit/ed2c256929962db1a8805db53bed09bb8f2f4de3.patch"; + sha256 = "sha256-MRbgS4U8FTCP1J1n+rhsvbXxKDytfl6B7YlT9Izq05U="; + }) ]; hardeningDisable = [ "pic" ]; @@ -46,8 +51,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/intel/linux-sgx-driver"; license = with licenses; [ bsd3 /* OR */ gpl2Only ]; maintainers = with maintainers; [ oxalica ]; - platforms = platforms.linux; - # The driver is already in kernel >= 5.11.0. - broken = kernelAtLeast "5.11.0"; + platforms = [ "x86_64-linux" ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 777a91241bbf..5cece836b73e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -12,7 +12,7 @@ # Configuration { lib, stdenv, version -, features ? { grsecurity = false; xen_dom0 = false; } +, features ? {} }: with lib; @@ -42,7 +42,7 @@ let TIMER_STATS = whenOlder "4.11" yes; DEBUG_NX_TEST = whenOlder "4.11" no; DEBUG_STACK_USAGE = no; - DEBUG_STACKOVERFLOW = mkIf (!features.grsecurity) (option no); + DEBUG_STACKOVERFLOW = option no; RCU_TORTURE_TEST = no; SCHEDSTATS = no; DETECT_HUNG_TASK = yes; @@ -142,6 +142,9 @@ let IPV6_MROUTE_MULTIPLE_TABLES = yes; IPV6_PIMSM_V2 = yes; IPV6_FOU_TUNNEL = whenAtLeast "4.7" module; + IPV6_SEG6_LWTUNNEL = whenAtLeast "4.10" yes; + IPV6_SEG6_HMAC = whenAtLeast "4.10" yes; + IPV6_SEG6_BPF = whenAtLeast "4.18" yes; NET_CLS_BPF = whenAtLeast "4.4" module; NET_ACT_BPF = whenAtLeast "4.4" module; NET_SCHED = yes; @@ -440,7 +443,7 @@ let SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default # Prevent processes from ptracing non-children processes SECURITY_YAMA = option yes; - DEVKMEM = mkIf (!features.grsecurity) no; # Disable /dev/kmem + DEVKMEM = no; # Disable /dev/kmem USER_NS = yes; # Support for user namespaces @@ -520,7 +523,7 @@ let virtualisation = { PARAVIRT = option yes; - HYPERVISOR_GUEST = mkIf (!features.grsecurity) yes; + HYPERVISOR_GUEST = yes; PARAVIRT_SPINLOCKS = option yes; KVM_APIC_ARCHITECTURE = whenOlder "4.8" yes; @@ -528,7 +531,7 @@ let KVM_COMPAT = { optional = true; tristate = whenBetween "4.0" "4.12" "y"; }; KVM_DEVICE_ASSIGNMENT = { optional = true; tristate = whenBetween "3.10" "4.12" "y"; }; KVM_GENERIC_DIRTYLOG_READ_PROTECT = whenAtLeast "4.0" yes; - KVM_GUEST = mkIf (!features.grsecurity) yes; + KVM_GUEST = yes; KVM_MMIO = yes; KVM_VFIO = yes; KSM = yes; @@ -544,13 +547,8 @@ let VBOXGUEST = option no; DRM_VBOXVIDEO = option no; - } // optionalAttrs (stdenv.isx86_64 || stdenv.isi686) ({ - XEN = option yes; - - # XXX: why isn't this in the xen-dom0 conditional section below? - XEN_DOM0 = option yes; - - } // optionalAttrs features.xen_dom0 { + XEN = option yes; + XEN_DOM0 = option yes; PCI_XEN = option yes; HVC_XEN = option yes; HVC_XEN_FRONTEND = option yes; @@ -569,7 +567,7 @@ let XEN_SELFBALLOONING = option yes; XEN_STUB = option yes; XEN_TMEM = option yes; - }); + }; media = { MEDIA_DIGITAL_TV_SUPPORT = yes; @@ -712,7 +710,6 @@ let MD = yes; # Device mapper (RAID, LVM, etc.) # Enable initrd support. - BLK_DEV_RAM = yes; BLK_DEV_INITRD = yes; PM_TRACE_RTC = no; # Disable some expensive (?) features. diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix index 0a9c2d11fefd..68a1fcdb0e6b 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix @@ -46,7 +46,6 @@ stdenv.hostPlatform != stdenv.buildPlatform , extraMeta ? {} -, isXen ? features.xen_dom0 or false , isZen ? false , isLibre ? false , isHardened ? false @@ -73,8 +72,6 @@ let efiBootStub = true; needsCifsUtils = true; netfilterRPFilter = true; - grsecurity = false; - xen_dom0 = false; ia32Emulation = true; } // features) kernelPatches; @@ -178,7 +175,8 @@ let passthru = { features = kernelFeatures; - inherit commonStructuredConfig isXen isZen isHardened isLibre modDirVersion; + inherit commonStructuredConfig isZen isHardened isLibre modDirVersion; + isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; kernelOlder = lib.versionOlder version; kernelAtLeast = lib.versionAtLeast version; passthru = kernel.passthru // (removeAttrs passthru [ "passthru" ]); diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index 002799aa6a75..990262ed4d37 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,32 +1,32 @@ { "4.14": { "extra": "-hardened1", - "name": "linux-hardened-4.14.228-hardened1.patch", - "sha256": "0pf3c98m2zlgxv9p10p7xw44f6mqnh8ac47jl1abz3yy3hiag0cd", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.228-hardened1/linux-hardened-4.14.228-hardened1.patch" + "name": "linux-hardened-4.14.230-hardened1.patch", + "sha256": "1nhaqhjga042b69969f0jy680xlrgnms1178ni6c6xhxy6n7y4pq", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.230-hardened1/linux-hardened-4.14.230-hardened1.patch" }, "4.19": { "extra": "-hardened1", - "name": "linux-hardened-4.19.184-hardened1.patch", - "sha256": "1828kkq05808mahkfb0387b1k5qp6pysy4mny1xgpwqdphpp1pq9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.184-hardened1/linux-hardened-4.19.184-hardened1.patch" + "name": "linux-hardened-4.19.187-hardened1.patch", + "sha256": "1vw05qff7hvzl7krcf5kh0ynyy5gljps8qahr4jm0hsd69lmn0qk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.187-hardened1/linux-hardened-4.19.187-hardened1.patch" }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.27-hardened1.patch", - "sha256": "12pzv36p0pdaqqklwv6rpk15c1z1nz2syw1si24514p63v46wmhn", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.27-hardened1/linux-hardened-5.10.27-hardened1.patch" + "name": "linux-hardened-5.10.30-hardened1.patch", + "sha256": "0sxxzrhj41pxk01s2bcfwb47aab2by1zc7yyx9859rslq7dg5aly", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.30-hardened1/linux-hardened-5.10.30-hardened1.patch" }, "5.11": { "extra": "-hardened1", - "name": "linux-hardened-5.11.11-hardened1.patch", - "sha256": "0isq152z4h2kl3rviia9xlpsmdx331kx8p1x00jbf4gcw30amc78", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.11-hardened1/linux-hardened-5.11.11-hardened1.patch" + "name": "linux-hardened-5.11.14-hardened1.patch", + "sha256": "1j8saj1dyflah3mjs07rvxfhhpwhxk65r1y2bd228gp5nm6305px", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.14-hardened1/linux-hardened-5.11.14-hardened1.patch" }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.109-hardened1.patch", - "sha256": "19likbds74lzym969p6hbchlfii4qnsp8y4ryfkba1vv6hv51zzj", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.109-hardened1/linux-hardened-5.4.109-hardened1.patch" + "name": "linux-hardened-5.4.112-hardened1.patch", + "sha256": "1l9igc68dq22nlnlls4x3zfz1h2hb6dqy7vr5r4jvbk22330m12j", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.112-hardened1/linux-hardened-5.4.112-hardened1.patch" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix index fc647d109594..5b6cc206e412 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.228"; + version = "4.14.230"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0nw1jf6x5a990n69aw2da4s4lc1c7mnwiwcda40bl2rkmd24s1qm"; + sha256 = "1gn5cs1ss4bfsnnv0b2s4g5ibiigpzsx0i3qfswchdbxvdag75cw"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_14 ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix index b0e5a865724b..a0084887c505 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.184"; + version = "4.19.187"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0z5pgal8775rf7pvpxq47dnghr42al2k9py0s9jl3js2wamgdyix"; + sha256 = "1hx0jw11xmj57v9a8w34729vgrandaing2n9qkhx5dq4mhy04k50"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_19 ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix index 3a5f86db3a19..8efd28f06c61 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,12 +1,12 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, ... } @ args: buildLinux (args // rec { - version = "4.4.264"; + version = "4.4.266"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1b0d735qnk0bcqn9gdsjqxhk8pkb3597ya9f34lv1vjfaqkkxk7l"; + sha256 = "00x2dmjiiv9zpc0vih9xqmf78kynqzj9q9v1chc2q2hcjpqfj31c"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_4 ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix index 798a16d7a30f..3d58bf31d081 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,12 +1,12 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, ... } @ args: buildLinux (args // rec { - version = "4.9.264"; + version = "4.9.266"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1df2dv26c9z6zsdlqzbcc60f2pszh0hx1n94v65jswlb72a2mipc"; + sha256 = "0qzigcslfp714vaswwlw93xj0h2f8laikppw6krrhfnh5wwrp5dr"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_9 ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix index f35b0e432bed..bf7d3fa7ab30 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.27"; + version = "5.10.30"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1nb95ll66kxiz702gs903n3gy5ialz8cin58l19rqaai55kck7fr"; + sha256 = "0h06lavcbbj9a4dfzca9sprghiq9z33q8i4gh3n2912wmjsnj0nl"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.11.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.11.nix index 1c8540d89345..67dd444810a7 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.11.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.11.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.11.11"; + version = "5.11.14"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1fc3yl4srzla3cbihgnry0pqmgcc17zv0zlkk9zpx99371hpay0a"; + sha256 = "1ia4wzh44lkvrbvnhdnnjcdyvqx2ihpbwkih7wqm1n5prhq38ql7"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_11 ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix index e9d72200eda1..d3fe5a367038 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.109"; + version = "5.4.112"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1vmpc6yrr2zm4m3naflwik5111jr8hy0mnyddwk31l0p4xbg8smc"; + sha256 = "190cq97pm0r6s115ay66rjra7fnyn7m4rak89inwhm223931sdmq"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix index 08898bb0a222..6e264a3ec63b 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "17920"; - sha256 = "0qmhabh4922lpiimrh9smi1q0w8giw3qqxpyzzy2bmr2037011k0"; + rev = "17990"; + sha256 = "1hras4018lgvql1zxw26fzcvk0w1xh6pyh3kmhxxh23k61zl83zk"; } , ... }: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-lqx.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-lqx.nix index de625cebe49c..8d0333e8fd6c 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-lqx.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-lqx.nix @@ -1,7 +1,7 @@ { lib, fetchFromGitHub, buildLinux, linux_zen, ... } @ args: let - version = "5.11.11"; + version = "5.11.16"; suffix = "lqx1"; in @@ -14,7 +14,7 @@ buildLinux (args // { owner = "zen-kernel"; repo = "zen-kernel"; rev = "v${version}-${suffix}"; - sha256 = "1wycqy0m6vjaa39rq7ngwr2qmksqfca27z1711nag7j68dk3ywak"; + sha256 = "1j25r45arikjwyhbr72r1935pr7a8g2j6vshggywdiixvizvrx9b"; }; extraMeta = { diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index cd6273d21e9e..215d36af81ca 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.25-rt35"; # updated by ./update-rt.sh + version = "5.10.27-rt36"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1p8s8vp5b6vjmvhj3plm0pr0d9qp5lrwm6l40a4bjr1vk9myf2lk"; + sha256 = "1nb95ll66kxiz702gs903n3gy5ialz8cin58l19rqaai55kck7fr"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0kvawcyxg0xzhx73xs9g9s0hr7bs44sy4zvfzvcg2m9hdyafry0k"; + sha256 = "1bx023ibav6n2di3i2m8i6n4hp7h6zmz9bva7nqxdflbdwfsma1c"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-xanmod.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-xanmod.nix index efb87df6c970..95f736d94183 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-xanmod.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-xanmod.nix @@ -1,7 +1,7 @@ { lib, stdenv, buildLinux, fetchFromGitHub, ... } @ args: let - version = "5.11.12"; + version = "5.11.16"; suffix = "xanmod1-cacule"; in buildLinux (args // rec { @@ -12,7 +12,7 @@ in owner = "xanmod"; repo = "linux"; rev = modDirVersion; - sha256 = "sha256-omRZ9oAmW3mauUolPf/lgMFMwUCYU4YaZ+OS75Ag+lM="; + sha256 = "sha256-sK2DGJsmKP/gvPyT8HWjPa21OOXydMhGjJzrOkPo71Q="; extraPostFetch = '' rm $out/.config ''; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-zen.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-zen.nix index 8743c9ad5514..b28400819d53 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-zen.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-zen.nix @@ -1,7 +1,7 @@ { lib, fetchFromGitHub, buildLinux, ... } @ args: let - version = "5.11.11"; + version = "5.11.16"; suffix = "zen1"; in @@ -14,7 +14,7 @@ buildLinux (args // { owner = "zen-kernel"; repo = "zen-kernel"; rev = "v${version}-${suffix}"; - sha256 = "0rldvgvdbsqvshrbv2g335qvwzk76l7rpnp9dwzsiv2qphrzxazi"; + sha256 = "0jyicnpqccn194jrm1mc4zq0cil7ls9l57ws3nv783vlk7b0k3gv"; }; extraMeta = { diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix index 2fc63322f5b5..e45b21ff35fb 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix @@ -37,7 +37,6 @@ in { extraMeta ? {}, # for module compatibility - isXen ? features.xen_dom0 or false, isZen ? false, isLibre ? false, isHardened ? false, @@ -94,7 +93,8 @@ let passthru = { inherit version modDirVersion config kernelPatches configfile moduleBuildDependencies stdenv; - inherit isXen isZen isHardened isLibre; + inherit isZen isHardened isLibre; + isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; kernelOlder = lib.versionOlder version; kernelAtLeast = lib.versionAtLeast version; }; diff --git a/nixpkgs/pkgs/os-specific/linux/libcap/default.nix b/nixpkgs/pkgs/os-specific/linux/libcap/default.nix index 871e04648e4e..47fa7c05e792 100644 --- a/nixpkgs/pkgs/os-specific/linux/libcap/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libcap/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, buildPackages, fetchurl, attr, perl +{ stdenv, lib, buildPackages, fetchurl, attr, perl, runtimeShell , usePam ? !isStatic, pam ? null , isStatic ? stdenv.hostPlatform.isStatic }: @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { prePatch = '' # use full path to bash - substituteInPlace progs/capsh.c --replace "/bin/bash" "${stdenv.shell}" + substituteInPlace progs/capsh.c --replace "/bin/bash" "${runtimeShell}" # set prefixes substituteInPlace Make.Rules \ diff --git a/nixpkgs/pkgs/os-specific/linux/libfabric/default.nix b/nixpkgs/pkgs/os-specific/linux/libfabric/default.nix index 0bc1ed123dcc..9a1e44f6af99 100644 --- a/nixpkgs/pkgs/os-specific/linux/libfabric/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libfabric/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "libfabric"; - version = "1.12.0"; + version = "1.12.1"; enableParallelBuilding = true; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { owner = "ofiwg"; repo = pname; rev = "v${version}"; - sha256 = "sha256-OFp6nEW5D8vjglqLRbEgKryb2/KFuJD8Zn6rkpcuPh0="; + sha256 = "sha256-J2PoDwjPWYpagX4M2k9E1xitBzgRUZzwX9Gf00H+Tdc="; }; nativeBuildInputs = [ pkg-config autoreconfHook ] ; diff --git a/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix b/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix index 6582c6d8e8d6..2c9239b2e7d8 100644 --- a/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libselinux/default.nix @@ -35,15 +35,16 @@ stdenv.mkDerivation rec { "MAN3DIR=$(man)/share/man/man3" "MAN5DIR=$(man)/share/man/man5" "MAN8DIR=$(man)/share/man/man8" - "PYTHON=${python3.pythonForBuild}/bin/python" - "PYTHONLIBDIR=$(py)/${python3.sitePackages}" "SBINDIR=$(bin)/sbin" "SHLIBDIR=$(out)/lib" "LIBSEPOLA=${lib.getLib libsepol}/lib/libsepol.a" + ] ++ optionals enablePython [ + "PYTHON=${python3.pythonForBuild.interpreter}" + "PYTHONLIBDIR=$(py)/${python3.sitePackages}" ]; - preInstall = '' + preInstall = optionalString enablePython '' mkdir -p $py/${python3.sitePackages}/selinux ''; diff --git a/nixpkgs/pkgs/os-specific/linux/mdevd/default.nix b/nixpkgs/pkgs/os-specific/linux/mdevd/default.nix new file mode 100644 index 000000000000..b88e3ad1e6f0 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/mdevd/default.nix @@ -0,0 +1,28 @@ +{ lib, skawarePackages }: + +with skawarePackages; + +buildPackage { + pname = "mdevd"; + version = "0.1.3.0"; + sha256 = "0spvw27xxd0m6j8bl8xysmgsx18fl769smr6dsh25s2d5h3sp2dy"; + + description = "mdev-compatible Linux hotplug manager daemon"; + platforms = lib.platforms.linux; + + outputs = [ "bin" "out" "dev" "doc" ]; + + configureFlags = [ + "--with-sysdeps=${skalibs.lib}/lib/skalibs/sysdeps" + "--with-include=${skalibs.dev}/include" + "--with-lib=${skalibs.lib}/lib" + ]; + + postInstall = '' + # remove all mdevd executables from build directory + rm $(find -type f -mindepth 1 -maxdepth 1 -executable) + + mv doc $doc/share/doc/mdevd/html + mv examples $doc/share/doc/mdevd/examples + ''; +} diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix index 1da25db7ae35..aa1b810976d2 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -28,10 +28,10 @@ rec { # Policy: use the highest stable version as the default (on our master). stable = if stdenv.hostPlatform.system == "x86_64-linux" then generic { - version = "460.67"; - sha256_64bit = "L2cRySVw7mgYSN25mJV+b4uOeHTdjLGvFPEkwyFgtec="; - settingsSha256 = "DB+ZeKm6cYQuVkJWjVd71qOTOmwIcRqx1CxfkgMbDpg="; - persistencedSha256 = "HCmZZRlNhOHi5yN2lNHhBILZkdng73q0vCbv7CIX/8s="; + version = "460.73.01"; + sha256_64bit = "120ymf59l6nipczszf82lrm2p4ihhqyv2pfwwfg9wy96vqcckc8i"; + settingsSha256 = "08jh7g34p9yxv5fh1cw0r2pjx65ryiv3w2lk1qg0gxn2r7xypkx0"; + persistencedSha256 = "040gx4wqp3hxcfb4aba4sl7b01ixr5slhzw0xldwcqlmhpwqphi5"; } else legacy_390; diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix index 75453d955ad0..2d325ab3d565 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix @@ -51,7 +51,7 @@ let src = if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { - url = args.url or "https://download.nvidia.com/XFree86/Linux-x86_64/${version}/NVIDIA-Linux-x86_64-${version}${pkgSuffix}.run"; + url = args.url or "https://us.download.nvidia.com/XFree86/Linux-x86_64/${version}/NVIDIA-Linux-x86_64-${version}${pkgSuffix}.run"; sha256 = sha256_64bit; } else if stdenv.hostPlatform.system == "i686-linux" then diff --git a/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix b/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix index 5e8bb550cf99..3a3065084881 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "nvme-cli"; - version = "1.13"; + version = "1.14"; src = fetchFromGitHub { owner = "linux-nvme"; repo = "nvme-cli"; rev = "v${version}"; - sha256 = "1d538kp841bjh8h8d9q7inqz56rdcwb3m78zfx8607ddykv7wcqb"; + sha256 = "0dpadz945482srqpsbfx1bh7rc499fgpyzz1flhk9g9xjbpapkzc"; }; nativeBuildInputs = [ pkg-config ]; @@ -35,6 +35,6 @@ stdenv.mkDerivation rec { ''; license = licenses.gpl2Plus; platforms = platforms.linux; - maintainers = with maintainers; [ primeos tavyc ]; + maintainers = with maintainers; [ mic92 ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix b/nixpkgs/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix index cb5719c31a2f..16dcfe9ba060 100644 --- a/nixpkgs/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix @@ -10,12 +10,12 @@ buildGoModule rec { pname = "oci-seccomp-bpf-hook"; - version = "1.2.1"; + version = "1.2.2"; src = fetchFromGitHub { owner = "containers"; repo = "oci-seccomp-bpf-hook"; rev = "v${version}"; - sha256 = "0zbrpv6j4gd4l36zl2dljazdm85qlqwchf0xvmnaywcj8c8b49xw"; + sha256 = "sha256-SRphs8zwKz6jlAixVZkHdww0jroaBNK82kSLj1gs6Wg="; }; vendorSha256 = null; diff --git a/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix b/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix index 254105534866..5faccc14ce76 100644 --- a/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix @@ -8,12 +8,12 @@ let _kernel = kernel; pythonEnv = python3.withPackages (ps: with ps; [ six ]); in stdenv.mkDerivation rec { - version = "2.14.1"; + version = "2.14.2"; pname = "openvswitch"; src = fetchurl { url = "https://www.openvswitch.org/releases/${pname}-${version}.tar.gz"; - sha256 = "sha256-GAttQsCrSybyH1i4vzszdiA9dHWqeo7xUTZVFMNQiP4="; + sha256 = "sha256-ZfQg+VTiUNiV+y2yKhMuHLVgvF4rkFHoNFETSBCOWXo="; }; kernel = optional (_kernel != null) _kernel.dev; diff --git a/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix b/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix index 4a6cf887c3ba..15c6c05b0613 100644 --- a/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix +++ b/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix @@ -7,12 +7,12 @@ with lib; let _kernel = kernel; in stdenv.mkDerivation rec { - version = "2.5.9"; + version = "2.5.12"; pname = "openvswitch"; src = fetchurl { url = "https://www.openvswitch.org/releases/${pname}-${version}.tar.gz"; - sha256 = "0iv0ncwl6s4qyyb655yj5xvqrjr1zbymmab96q259wa09xnyw7b7"; + sha256 = "0a8wa1lj5p28x3vq0yaxjhqmppp4hvds6hhm0j3czpp8mc09fsfq"; }; patches = [ ./patches/lts-ssl.patch ]; diff --git a/nixpkgs/pkgs/os-specific/linux/radeontop/default.nix b/nixpkgs/pkgs/os-specific/linux/radeontop/default.nix index e6aa07e6cd17..b172fad6adcb 100644 --- a/nixpkgs/pkgs/os-specific/linux/radeontop/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/radeontop/default.nix @@ -40,6 +40,5 @@ stdenv.mkDerivation rec { homepage = "https://github.com/clbr/radeontop"; platforms = platforms.linux; license = licenses.gpl3; - maintainers = with maintainers; [ rycee ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix b/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix index c37514eaf487..dff451a01d3d 100644 --- a/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix @@ -1,6 +1,5 @@ { lib, stdenv, fetchFromGitHub, cmake, pkg-config, docutils , pandoc, ethtool, iproute2, libnl, udev, python3, perl -, makeWrapper } : let @@ -17,7 +16,7 @@ in stdenv.mkDerivation { sha256 = "sha256-2HFtj595sDmWqAewIMwKMaiSDVVWKdQA9l0QsPcw8qA="; }; - nativeBuildInputs = [ cmake pkg-config pandoc docutils makeWrapper ]; + nativeBuildInputs = [ cmake pkg-config pandoc docutils ]; buildInputs = [ libnl ethtool iproute2 udev python3 perl ]; cmakeFlags = [ @@ -39,7 +38,8 @@ in stdenv.mkDerivation { postFixup = '' for pls in $out/bin/{ibfindnodesusing.pl,ibidsverify.pl}; do echo "wrapping $pls" - wrapProgram $pls --prefix PERL5LIB : "$out/${perl.libPrefix}" + substituteInPlace $pls --replace \ + "${perl}/bin/perl" "${perl}/bin/perl -I $out/${perl.libPrefix}" done ''; diff --git a/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix b/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix index fb94b14d9eab..cc37ef13d50e 100644 --- a/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix @@ -1,24 +1,16 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch, kernel, bc }: +{ lib, stdenv, fetchFromGitHub, kernel, bc }: stdenv.mkDerivation rec { name = "rtl88x2bu-${kernel.version}-${version}"; - version = "unstable-2020-08-20"; + version = "unstable-2021-01-21"; src = fetchFromGitHub { owner = "cilynx"; repo = "rtl88x2BU"; - rev = "a1c53f43fb9995fbe3ad26567079d6384626d350"; - sha256 = "1cby66jg511zxs1i535mflafhryla9764mnrzacxppimxpancv3s"; + rev = "48e7c19c92a77554403e1347447f8e2cfd780228"; + sha256 = "0nw2kgblpq6qlr43gbfxqvq0c83664f4czfwzsyfjr47rj00iyq7"; }; - patches = [ - # https://github.com/cilynx/rtl88x2bu/pull/58 - (fetchpatch { - url = "https://github.com/cilynx/rtl88x2bu/pull/58.patch"; - sha256 = "0md9cv61nx85pk3v60y9wviyb9fgj54q9m26wiv3dc7smr70h8l6"; - }) - ]; - hardeningDisable = [ "pic" ]; nativeBuildInputs = [ bc ]; @@ -39,7 +31,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Realtek rtl88x2bu driver"; homepage = "https://github.com/cilynx/rtl88x2bu"; - license = licenses.gpl2; + license = licenses.gpl2Only; platforms = platforms.linux; maintainers = [ maintainers.ralith ]; }; diff --git a/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix b/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix index 6b5e3211a9e0..423023512408 100644 --- a/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix @@ -5,13 +5,13 @@ let in stdenv.mkDerivation { pname = "rtw88"; - version = "unstable-2021-04-01"; + version = "unstable-2021-04-19"; src = fetchFromGitHub { owner = "lwfinger"; repo = "rtw88"; - rev = "689ce370b0c2da207bb092065697f6cb455a00dc"; - hash = "sha256-gdfQxpzYJ9bEObc2iEapA0TPMZuXndBvEu6qwKqdhyo="; + rev = "0f3cc6a5973bc386d9cb542fc85a6ba027edff5d"; + hash = "sha256-PRzWXC1lre8gt1GfVdnaG836f5YK57P9a8tG20yef0w="; }; makeFlags = [ "KSRC=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix index 0ff6fa1f3411..e20023b2b6eb 100644 --- a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt -, libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison +, libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison, runtimeShell , pam ? null, glibcCross ? null }: @@ -38,8 +38,11 @@ stdenv.mkDerivation rec { # Obtain XML resources from XML catalog (patch adapted from gtk-doc) ./respect-xml-catalog-files-var.patch dots_in_usernames + ./runtime-shell.patch ]; + RUNTIME_SHELL = runtimeShell; + # The nix daemon often forbids even creating set[ug]id files. postPatch = ''sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am @@ -77,6 +80,8 @@ stdenv.mkDerivation rec { mv $out/bin/su $su/bin ''; + disallowedReferences = lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) stdenv.shellPackage; + meta = with lib; { homepage = "https://github.com/shadow-maint"; description = "Suite containing authentication-related tools such as passwd and su"; diff --git a/nixpkgs/pkgs/os-specific/linux/shadow/runtime-shell.patch b/nixpkgs/pkgs/os-specific/linux/shadow/runtime-shell.patch new file mode 100644 index 000000000000..0b2e68e330e4 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/shadow/runtime-shell.patch @@ -0,0 +1,13 @@ +diff --git a/configure.ac b/configure.ac +index e4c6aaec..03883ad7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -682,7 +682,7 @@ if test "$enable_utmpx" = "yes"; then + [Define if utmpx should be used]) + fi + +-AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.]) ++AC_DEFINE_UNQUOTED(SHELL, ["$RUNTIME_SHELL"], [The runtime shell.]) + + AM_GNU_GETTEXT_VERSION(0.16) + AM_GNU_GETTEXT([external], [need-ngettext]) diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index b3b241b570a0..ac2d00181602 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -1,7 +1,7 @@ -From dd2ec741aaa7c587eb7719bbf4b305fe28168b77 Mon Sep 17 00:00:00 2001 +From 2f4a5e9c9ef1cd57662e8bd4c24e1029a00d55b5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue, 8 Jan 2013 15:46:30 +0100 -Subject: [PATCH 01/18] Start device units for uninitialised encrypted devices +Subject: [PATCH 01/19] Start device units for uninitialised encrypted devices This is necessary because the NixOS service that initialises the filesystem depends on the appearance of the device unit. Also, this @@ -13,7 +13,7 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index d2f595d18e..941a7c1ba3 100644 +index 7c22eefdb7..e3a55e00b5 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in @@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" @@ -28,5 +28,5 @@ index d2f595d18e..941a7c1ba3 100644 SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index 1f3a1b646841..f54430f764e4 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -1,7 +1,7 @@ -From ab3dab997695db5346f8efbf8566ac96612f0c6e Mon Sep 17 00:00:00 2001 +From 4e96b2e074c4a4f4ce900409872ce2f86704ee5b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri, 12 Apr 2013 13:16:57 +0200 -Subject: [PATCH 02/18] Don't try to unmount /nix or /nix/store +Subject: [PATCH 02/19] Don't try to unmount /nix or /nix/store They'll still be remounted read-only. @@ -38,5 +38,5 @@ index 3a72a13e1a..541320dc9d 100644 || path_equal(path, "/usr") #endif -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index 56f52b9971e3..37caffb97d76 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -1,7 +1,7 @@ -From 3581f8f30270e6340c671a640fe551e954715f8e Mon Sep 17 00:00:00 2001 +From 3d1b2e56a6ed6cc86a64f6f89765a2900e576402 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed, 16 Apr 2014 10:59:28 +0200 -Subject: [PATCH 03/18] Fix NixOS containers +Subject: [PATCH 03/19] Fix NixOS containers In NixOS containers, the init script is bind-mounted into the container, so checking early whether it exists will fail. @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 0842731c18..f790853104 100644 +index 7515380fcd..14f8a82eb8 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5319,6 +5319,7 @@ static int run(int argc, char *argv[]) { +@@ -5323,6 +5323,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index 0842731c18..f790853104 100644 const char *p, *q; if (arg_pivot_root_new) -@@ -5333,6 +5334,7 @@ static int run(int argc, char *argv[]) { +@@ -5337,6 +5338,7 @@ static int run(int argc, char *argv[]) { r = -EINVAL; goto finish; } @@ -30,5 +30,5 @@ index 0842731c18..f790853104 100644 } else { -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch index 4d3729556d6c..2f14a9d6a7e8 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -1,17 +1,17 @@ -From 12b63d8c1d2ca85d9bb7ea07e8eb5e623e1b58e9 Mon Sep 17 00:00:00 2001 +From 3a721cf70e952e933ef5374006bbb11a3a0ad36a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu, 1 May 2014 14:10:10 +0200 -Subject: [PATCH 04/18] Look for fsck in the right place +Subject: [PATCH 04/19] Look for fsck in the right place --- src/fsck/fsck.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c -index 04752fe9dc..ad0ccf91c0 100644 +index 510689f3b7..25cab5acae 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c -@@ -369,7 +369,7 @@ static int run(int argc, char *argv[]) { +@@ -368,7 +368,7 @@ static int run(int argc, char *argv[]) { } else dash_c[0] = 0; @@ -21,5 +21,5 @@ index 04752fe9dc..ad0ccf91c0 100644 cmdline[i++] = "-T"; -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch index 3e40385c3bb7..0acccacd6135 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -1,7 +1,7 @@ -From 95e4533f1eeb6e0d509f9129d0133f0b849cc3c5 Mon Sep 17 00:00:00 2001 +From 8b7f881cf22e98e907506f4c403b9e304e332bf9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri, 19 Dec 2014 14:46:17 +0100 -Subject: [PATCH 05/18] Add some NixOS-specific unit directories +Subject: [PATCH 05/19] Add some NixOS-specific unit directories Look in `/nix/var/nix/profiles/default/lib/systemd/{system,user}` for units provided by packages installed into the default profile via @@ -92,7 +92,7 @@ index 96b82170d0..bf66bd6b77 100644 if (!add) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index f2c045511d..d38a3a0302 100644 +index b5cc8f94a5..a701cd05f8 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in @@ -38,10 +38,11 @@ systemdsystemconfdir=${systemd_system_conf_dir} @@ -110,5 +110,5 @@ index f2c045511d..d38a3a0302 100644 systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch index 99e68c37c20a..bda27ac1762f 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -1,7 +1,7 @@ -From 3aeb3a10c4a7ad387b004bf41efbd171913bcca9 Mon Sep 17 00:00:00 2001 +From 7a6529ee27028860b93bc539e8bbf3f2374d712f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon, 11 May 2015 15:39:38 +0200 -Subject: [PATCH 06/18] Get rid of a useless message in user sessions +Subject: [PATCH 06/19] Get rid of a useless message in user sessions Namely lots of variants of @@ -27,5 +27,5 @@ index 45a417a090..8af3cb08d6 100644 /* A unit we need to run is gone. Sniff. Let's stop this. */ r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch index aeb734f94df0..d51e1c0f5668 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -1,7 +1,7 @@ -From a1454e8edb7a1a87093808dc7db540232147df3d Mon Sep 17 00:00:00 2001 +From 5580303956ca7d8eb431d23c2af0030c9cc0e6e9 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner <gebner@gebner.org> Date: Sun, 6 Dec 2015 14:26:36 +0100 -Subject: [PATCH 07/18] hostnamed, localed, timedated: disable methods that +Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that change system settings. --- @@ -69,7 +69,7 @@ index 736dacdee9..53e0ee935e 100644 model = empty_to_null(model); variant = empty_to_null(variant); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 8bfcfd5cdc..a0ee03f134 100644 +index 76fe04900d..e87c4c8919 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c @@ -646,6 +646,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * @@ -90,10 +90,10 @@ index 8bfcfd5cdc..a0ee03f134 100644 + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, + "Changing system settings via systemd is not supported on NixOS."); + - if (lrtc == c->local_rtc) + if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -905,6 +912,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -907,6 +914,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; @@ -104,5 +104,5 @@ index 8bfcfd5cdc..a0ee03f134 100644 if (r < 0) return r; -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch index 0da52477bb30..2b1c02b233c7 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch @@ -1,7 +1,7 @@ -From 27680c555713e36d16198fc5f60b0f85e0777d30 Mon Sep 17 00:00:00 2001 +From 874698425f6d68fc0d662cb17c7c29e0af3e8c25 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Thu, 7 Jul 2016 02:47:13 +0300 -Subject: [PATCH 08/18] Fix hwdb paths +Subject: [PATCH 08/19] Fix hwdb paths Patch by vcunat. --- @@ -28,5 +28,5 @@ index cb3c77ce96..7b8c80071f 100644 _public_ int sd_hwdb_new(sd_hwdb **ret) { _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index 2b05cea435c8..a1e8ec963c71 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -1,7 +1,7 @@ -From b423ce2560bd380abd80796a890454d95cd8926c Mon Sep 17 00:00:00 2001 +From 367d0dad3d1853048569e315931cb8a27e16a098 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Tue, 11 Oct 2016 13:12:08 +0300 -Subject: [PATCH 09/18] Change /usr/share/zoneinfo to /etc/zoneinfo +Subject: [PATCH 09/19] Change /usr/share/zoneinfo to /etc/zoneinfo NixOS uses this path. --- @@ -13,7 +13,7 @@ NixOS uses this path. 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/man/localtime.xml b/man/localtime.xml -index 73c1b8e5a3..4ab4276283 100644 +index e486474c44..5f373d0723 100644 --- a/man/localtime.xml +++ b/man/localtime.xml @@ -20,7 +20,7 @@ @@ -79,7 +79,7 @@ index 742b43f9fc..f2cb121816 100644 (void) mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index f790853104..74b51f4d28 100644 +index 14f8a82eb8..8632dadec6 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1810,8 +1810,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u @@ -94,7 +94,7 @@ index f790853104..74b51f4d28 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index a0ee03f134..9ecacad25e 100644 +index e87c4c8919..964a40ba81 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c @@ -269,7 +269,7 @@ static int context_read_data(Context *c) { @@ -128,5 +128,5 @@ index a0ee03f134..9ecacad25e 100644 return -ENOMEM; -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch index 1d17bc4cf777..334156495fcf 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -1,7 +1,7 @@ -From aff592e0bf9a911e7f44ce07b66517c38456b627 Mon Sep 17 00:00:00 2001 +From bf285fe7e12bd22f95c14bcefbb5008888c32bfa Mon Sep 17 00:00:00 2001 From: Imuli <i@imu.li> Date: Wed, 19 Oct 2016 08:46:47 -0400 -Subject: [PATCH 10/18] localectl: use /etc/X11/xkb for list-x11-* +Subject: [PATCH 10/19] localectl: use /etc/X11/xkb for list-x11-* NixOS has an option to link the xkb data files to /etc/X11, but not to /usr/share/X11. @@ -23,5 +23,5 @@ index 7d2e887660..91c5139eed 100644 return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch index 8c185c52a271..902018ee4b91 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -1,17 +1,17 @@ -From d410a7a6d1bb0fe730c3ef690676232bfaa49f85 Mon Sep 17 00:00:00 2001 +From 293b19c5fdbda1b4ee579a7e8ba12f024a6f34c9 Mon Sep 17 00:00:00 2001 From: Franz Pletz <fpletz@fnordicwalking.de> Date: Sun, 11 Feb 2018 04:37:44 +0100 -Subject: [PATCH 11/18] build: don't create statedir and don't touch prefixdir +Subject: [PATCH 11/19] build: don't create statedir and don't touch prefixdir --- meson.build | 3 --- 1 file changed, 3 deletions(-) diff --git a/meson.build b/meson.build -index f406d595e6..f05f579816 100644 +index 580964c3fa..f99d4f3ab5 100644 --- a/meson.build +++ b/meson.build -@@ -3517,9 +3517,6 @@ install_data('LICENSE.GPL2', +@@ -3518,9 +3518,6 @@ install_data('LICENSE.GPL2', 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', install_dir : docdir) @@ -22,5 +22,5 @@ index f406d595e6..f05f579816 100644 check_help = find_program('tools/check-help.sh') -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch index 00d085d8a70a..05fce10e8568 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch @@ -1,7 +1,7 @@ -From a569dc0bdb43edb79e338c897f06de2dfa81cfc7 Mon Sep 17 00:00:00 2001 +From 63777e7f690b67952bf4571f8e09e5d8e769d3c0 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold <andreas@rammhold.de> Date: Fri, 2 Nov 2018 21:15:42 +0100 -Subject: [PATCH 12/18] inherit systemd environment when calling generators. +Subject: [PATCH 12/19] inherit systemd environment when calling generators. Systemd generators need access to the environment configured in stage-2-init.sh since it schedules fsck and mkfs executions based on @@ -16,10 +16,10 @@ executables that are being called from managers. 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 1f1450b97c..26b9e41d78 100644 +index 6858950107..07a599ede7 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -4111,9 +4111,14 @@ static int manager_run_generators(Manager *m) { +@@ -4142,9 +4142,14 @@ static int manager_run_generators(Manager *m) { argv[4] = NULL; RUN_WITH_UMASK(0022) @@ -38,5 +38,5 @@ index 1f1450b97c..26b9e41d78 100644 finish: -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch index 51fc4cc30d76..b9bab2d387e9 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch @@ -1,7 +1,7 @@ -From d36d688e32b8f2368499af091c67a7825fadf5ad Mon Sep 17 00:00:00 2001 +From 561dc3b864d96753b5dc448e6e1a80460d5f0bc4 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold <andreas@rammhold.de> Date: Thu, 9 May 2019 11:15:22 +0200 -Subject: [PATCH 13/18] add rootprefix to lookup dir paths +Subject: [PATCH 13/19] add rootprefix to lookup dir paths systemd does not longer use the UDEVLIBEXEC directory as root for discovery default udev rules. By adding `$out/lib` to the lookup paths @@ -34,5 +34,5 @@ index 2e60abb4f1..732ec51d36 100644 #define CONF_PATHS(n) \ CONF_PATHS_USR(n) \ -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index 57499d1feec7..c737b61e749a 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -1,7 +1,7 @@ -From c02b7eb62e46145ec5b544ebd9338c29b9b8f32c Mon Sep 17 00:00:00 2001 +From 8f619304804b02f4e9d7a340ca90359f96adc6e8 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Thu, 25 Jul 2019 20:45:55 +0300 -Subject: [PATCH 14/18] systemd-shutdown: execute scripts in +Subject: [PATCH 14/19] systemd-shutdown: execute scripts in /etc/systemd/system-shutdown This is needed for NixOS to use such scripts as systemd directory is immutable. @@ -23,5 +23,5 @@ index 0d07865542..26d974ef73 100644 /* The log target defaults to console, but the original systemd process will pass its log target in through a * command line argument, which will override this default. Also, ensure we'll never log to the journal or -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index fa72b66911a3..3059216f7c58 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -1,7 +1,7 @@ -From f01b73709d68d4581ad561fbb20c59f895132a99 Mon Sep 17 00:00:00 2001 +From 577b11afe38fc185d785ca8f125f518a4eb21a00 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Thu, 25 Jul 2019 20:46:58 +0300 -Subject: [PATCH 15/18] systemd-sleep: execute scripts in +Subject: [PATCH 15/19] systemd-sleep: execute scripts in /etc/systemd/system-sleep This is needed for NixOS to use such scripts as systemd directory is immutable. @@ -22,5 +22,5 @@ index 39ab554290..880ac7ccb0 100644 }; -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch index 887864baec3f..ad19d910e1e7 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch @@ -1,7 +1,7 @@ -From 3db343c08a09a0009da049f37e3f981519eac62f Mon Sep 17 00:00:00 2001 +From ba19f629c1806ca2d2ab58154e45bce4ae4a3f0c Mon Sep 17 00:00:00 2001 From: Florian Klink <flokli@flokli.de> Date: Sat, 7 Mar 2020 22:40:27 +0100 -Subject: [PATCH 16/18] kmod-static-nodes.service: Update ConditionFileNotEmpty +Subject: [PATCH 16/19] kmod-static-nodes.service: Update ConditionFileNotEmpty On NixOS, kernel modules of the currently booted systems are located at /run/booted-system/kernel-modules/lib/modules/%v/, not /lib/modules/%v/. @@ -23,5 +23,5 @@ index f4170d6a99..9a6a591bea 100644 [Service] Type=oneshot -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index ad92291c258d..585a0aa112e3 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -1,7 +1,7 @@ -From 6f0e9a60dcd2160bcab01366bd521630f6f5dc76 Mon Sep 17 00:00:00 2001 +From c639f311bd27c2bff62a22c34bc92613aaf77587 Mon Sep 17 00:00:00 2001 From: Florian Klink <flokli@flokli.de> Date: Sun, 8 Mar 2020 01:05:54 +0100 -Subject: [PATCH 17/18] path-util.h: add placeholder for DEFAULT_PATH_NORMAL +Subject: [PATCH 17/19] path-util.h: add placeholder for DEFAULT_PATH_NORMAL This will be the $PATH used to lookup ExecStart= etc. options, which systemd itself uses extensively. @@ -29,5 +29,5 @@ index d613709f0b..5cced4c115 100644 #if HAVE_SPLIT_USR # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch index 52a749a16b64..f634e74e663a 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch @@ -1,7 +1,7 @@ -From 120b53a3279ba098ee8e5a346b39cb2b7ef4a106 Mon Sep 17 00:00:00 2001 +From ebb37f81c28aaa80acd9187a7d77dcb3cb3828db Mon Sep 17 00:00:00 2001 From: Thomas Tuegel <ttuegel@mailbox.org> Date: Mon, 26 Oct 2020 21:21:38 +0100 -Subject: [PATCH 18/18] logind-seat-debus: show CanMultiSession again +Subject: [PATCH 18/19] logind-seat-debus: show CanMultiSession again Fixes the "switch user" function in Plasma < 5.20. --- @@ -22,5 +22,5 @@ index a60ed2d3c2..69b6271075 100644 SD_BUS_PROPERTY("CanGraphical", "b", property_get_can_graphical, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("Sessions", "a(so)", property_get_sessions, 0, 0), -- -2.29.2 +2.30.1 diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0019-Revert-pkg-config-prefix-is-not-really-configurable-.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0019-Revert-pkg-config-prefix-is-not-really-configurable-.patch deleted file mode 100644 index 11e619593286..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0019-Revert-pkg-config-prefix-is-not-really-configurable-.patch +++ /dev/null @@ -1,72 +0,0 @@ -From cd5b1075499b8498d9c700a317ad11a3199c447a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> -Date: Sun, 6 Dec 2020 08:34:19 +0100 -Subject: [PATCH 19/19] Revert "pkg-config: prefix is not really configurable, - don't pretend it was" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit 6e65df89c348242dbd10036abc7dd5e8181cf733. - -Signed-off-by: Jörg Thalheim <joerg@thalheim.io> ---- - src/core/systemd.pc.in | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index ccb382e421..8a35e53a4a 100644 ---- a/src/core/systemd.pc.in -+++ b/src/core/systemd.pc.in -@@ -11,7 +11,7 @@ - # considered deprecated (though there is no plan to remove them). New names - # shall have underscores. - --prefix=/usr -+prefix=@prefix@ - root_prefix=@rootprefix_noslash@ - rootprefix=${root_prefix} - sysconf_dir=@sysconfdir@ -@@ -26,10 +26,10 @@ systemdsystemunitdir=${systemd_system_unit_dir} - systemd_system_preset_dir=${rootprefix}/lib/systemd/system-preset - systemdsystempresetdir=${systemd_system_preset_dir} - --systemd_user_unit_dir=/usr/lib/systemd/user -+systemd_user_unit_dir=${prefix}/lib/systemd/user - systemduserunitdir=${systemd_user_unit_dir} - --systemd_user_preset_dir=/usr/lib/systemd/user-preset -+systemd_user_preset_dir=${prefix}/lib/systemd/user-preset - systemduserpresetdir=${systemd_user_preset_dir} - - systemd_system_conf_dir=${sysconfdir}/systemd/system -@@ -48,7 +48,7 @@ systemduserunitpath=${systemd_user_unit_path} - systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators - systemdsystemgeneratordir=${systemd_system_generator_dir} - --systemd_user_generator_dir=/usr/lib/systemd/user-generators -+systemd_user_generator_dir=${prefix}/lib/systemd/user-generators - systemdusergeneratordir=${systemd_user_generator_dir} - - systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir} -@@ -63,7 +63,7 @@ systemdsleepdir=${systemd_sleep_dir} - systemd_shutdown_dir=${root_prefix}/lib/systemd/system-shutdown - systemdshutdowndir=${systemd_shutdown_dir} - --tmpfiles_dir=/usr/lib/tmpfiles.d -+tmpfiles_dir=${prefix}/lib/tmpfiles.d - tmpfilesdir=${tmpfiles_dir} - - sysusers_dir=${rootprefix}/lib/sysusers.d -@@ -78,7 +78,7 @@ binfmtdir=${binfmt_dir} - modules_load_dir=${rootprefix}/lib/modules-load.d - modulesloaddir=${modules_load_dir} - --catalog_dir=/usr/lib/systemd/catalog -+catalog_dir=${prefix}/lib/systemd/catalog - catalogdir=${catalog_dir} - - system_uid_max=@SYSTEM_UID_MAX@ --- -2.29.2 - diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch new file mode 100644 index 000000000000..2d93cdef9a34 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch @@ -0,0 +1,33 @@ +From 5439a516995f9fd57fc91c2cdd016bb18f31aadf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Sun, 6 Dec 2020 08:34:19 +0100 +Subject: [PATCH 19/19] pkg-config: derive prefix from --prefix + +Point prefix to the one configured, instead of `/usr` `systemd` has limited +support for making the pkgconfig prefix overridable, and interpolates those +values later down. + +So we only need to patch this one value to get the correct paths. +See systemd/systemd@bc4e6e27922a2873985ab9367d79fb099f70b505 for details. + +Co-Authored-By: Florian Klink <flokli@flokli.de> +--- + src/core/systemd.pc.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index a701cd05f8..85d6911bdf 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -11,7 +11,7 @@ + # considered deprecated (though there is no plan to remove them). New names + # shall have underscores. + +-prefix=/usr ++prefix=@prefix@ + root_prefix=@rootprefix_noslash@ + rootprefix=${root_prefix} + sysconf_dir=@sysconfdir@ +-- +2.30.1 + diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix index 4f757862897b..bd7c646c9200 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix @@ -113,7 +113,7 @@ assert withCryptsetup -> let wantCurl = withRemote || withImportd; - version = "247.3"; + version = "247.6"; in stdenv.mkDerivation { inherit version pname; @@ -124,12 +124,12 @@ stdenv.mkDerivation { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "0zn0b74iwz3vxabqsk4yydwpgky3c5z4dl83wxbs1qi5d2dnbqa7"; + sha256 = "sha256-7XYEq3Qw25suwjbtPzx9lVPHUu9ZY/1bADXl2wQbkJc="; }; # If these need to be regenerated, `git am path/to/00*.patch` them into a # systemd worktree, rebase to the more recent systemd version, and export the - # patches again via `git format-patch v${version}`. + # patches again via `git -c format.signoff=false format-patch v${version}`. # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all patches patches = [ ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -150,7 +150,7 @@ stdenv.mkDerivation { ./0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch ./0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch ./0018-logind-seat-debus-show-CanMultiSession-again.patch - ./0019-Revert-pkg-config-prefix-is-not-really-configurable-.patch + ./0019-pkg-config-derive-prefix-from-prefix.patch ]; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/teck-udev-rules/default.nix b/nixpkgs/pkgs/os-specific/linux/teck-udev-rules/default.nix new file mode 100644 index 000000000000..eec5eac344ef --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/teck-udev-rules/default.nix @@ -0,0 +1,22 @@ +{ lib, stdenv, teck-programmer }: + +stdenv.mkDerivation { + pname = "teck-udev-rules"; + version = lib.getVersion teck-programmer; + + inherit (teck-programmer) src; + + dontBuild = true; + + installPhase = '' + runHook preInstall + install 40-teck.rules -D -t $out/etc/udev/rules.d/ + runHook postInstall + ''; + + meta = { + description = "udev rules for TECK keyboards"; + inherit (teck-programmer.meta) license; + maintainers = [ lib.maintainers.lourkeur ]; + }; +} diff --git a/nixpkgs/pkgs/os-specific/linux/usbip/default.nix b/nixpkgs/pkgs/os-specific/linux/usbip/default.nix index 923eab71b7a8..43c22a8fd12a 100644 --- a/nixpkgs/pkgs/os-specific/linux/usbip/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/usbip/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, kernel, udev, autoconf, automake, libtool, kernelOlder }: +{ lib, stdenv, kernel, udev, autoconf, automake, libtool, hwdata, kernelOlder }: stdenv.mkDerivation { name = "usbip-${kernel.name}"; @@ -22,10 +22,12 @@ stdenv.mkDerivation { ./autogen.sh ''; + configureFlags = [ "--with-usbids-dir=${hwdata}/share/hwdata/" ]; + meta = with lib; { homepage = "https://github.com/torvalds/linux/tree/master/tools/usb/usbip"; description = "allows to pass USB device from server to client over the network"; - license = licenses.gpl2; + license = with licenses; [ gpl2Only gpl2Plus ]; platforms = platforms.linux; broken = kernelOlder "4.10"; }; diff --git a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix index d7629f0df04d..73f321f26318 100644 --- a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix @@ -1,22 +1,17 @@ -{ lib, stdenv, fetchurl, fetchpatch, pkg-config, zlib, shadow +{ lib, stdenv, fetchurl, pkg-config, zlib, shadow, libcap_ng , ncurses ? null, perl ? null, pam, systemd ? null, minimal ? false }: stdenv.mkDerivation rec { pname = "util-linux"; - version = "2.36.1"; + version = "2.36.2"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1vbyydl1b13lx73di4bhc4br9ih24hcqv7bky0kyrn1c2x1c5yh9"; + sha256 = "0psc0asjp1rmfx1j7468zfnk9nphlphybw2n8dcl74v8v2lnnlgp"; }; patches = [ ./rtcwake-search-PATH-for-shutdown.patch - # Remove patch below in 2.36.2, see https://github.com/karelzak/util-linux/issues/1193 - (fetchpatch { - url = "https://github.com/karelzak/util-linux/commit/52f730e47869ce630fafb24fd46f755dc7ffc691.patch"; - sha256 = "1fz3p9127lfvmrdj1j1s8jds0jjz2dzkvmia66555ihv7hcfajbg"; - }) ]; outputs = [ "bin" "dev" "out" "man" ]; @@ -57,7 +52,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config ]; buildInputs = - [ zlib pam ] + [ zlib pam libcap_ng ] ++ lib.filter (p: p != null) [ ncurses systemd perl ]; doCheck = false; # "For development purpose only. Don't execute on production system!" @@ -71,7 +66,9 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.kernel.org/pub/linux/utils/util-linux/"; description = "A set of system utilities for Linux"; - license = licenses.gpl2; # also contains parts under more permissive licenses + changelog = "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v${lib.versions.majorMinor version}/v${version}-ReleaseNotes"; + # https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/tree/README.licensing + license = with licenses; [ gpl2Only gpl2Plus gpl3Plus lgpl21Plus bsd3 bsdOriginalUC publicDomain ]; platforms = platforms.linux; priority = 6; # lower priority than coreutils ("kill") and shadow ("login" etc.) packages }; diff --git a/nixpkgs/pkgs/os-specific/linux/wpa_supplicant/default.nix b/nixpkgs/pkgs/os-specific/linux/wpa_supplicant/default.nix index f9198cc8ff4b..80eaf04a1149 100644 --- a/nixpkgs/pkgs/os-specific/linux/wpa_supplicant/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/wpa_supplicant/default.nix @@ -37,6 +37,12 @@ stdenv.mkDerivation rec { url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch"; sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z"; }) + # In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. + (fetchpatch { + name = "CVE-2021-30004.patch"; + url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15"; + sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg"; + }) ]; # TODO: Patch epoll so that the dbus actually responds diff --git a/nixpkgs/pkgs/os-specific/linux/zfs/default.nix b/nixpkgs/pkgs/os-specific/linux/zfs/default.nix index 15c8df3cb137..adfd0cda8199 100644 --- a/nixpkgs/pkgs/os-specific/linux/zfs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/zfs/default.nix @@ -157,7 +157,7 @@ let done ''; - outputs = [ "out" ] ++ optionals buildUser [ "lib" "dev" ]; + outputs = [ "out" ] ++ optionals buildUser [ "dev" ]; passthru = { inherit enableMail; @@ -210,9 +210,9 @@ in { kernelCompatible = kernel.kernelAtLeast "3.10" && kernel.kernelOlder "5.12"; # this package should point to a version / git revision compatible with the latest kernel release - version = "2.0.4"; + version = "2.1.0-rc4"; - sha256 = "sha256-ySTt0K3Lc0Le35XTwjiM5l+nIf9co7wBn+Oma1r8YHo="; + sha256 = "sha256-eakOEA7LCJOYDsZH24Y5JbEd2wh1KfCN+qX3QxQZ4e8="; isUnstable = true; }; |