diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-02-13 12:25:07 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-02-13 12:25:07 +0100 |
commit | a5e1520e4538e29ecfbd4b168306f890566d7bfd (patch) | |
tree | 28099c268b5d4b1e33c2b29f0714c45f0b961382 /nixpkgs/pkgs/os-specific/linux | |
parent | 822f7c15c04567fbdc27020e862ea2b70cfbf8eb (diff) | |
parent | 3560d1c8269d0091b9aae10731b5e85274b7bbc1 (diff) | |
download | nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.gz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.bz2 nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.lz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.xz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.zst nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.zip |
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/pkgs/build-support/go/module.nix
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux')
106 files changed, 1562 insertions, 1698 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/anbox/default.nix b/nixpkgs/pkgs/os-specific/linux/anbox/default.nix index 856664fed806..ad03ba1aefb2 100644 --- a/nixpkgs/pkgs/os-specific/linux/anbox/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/anbox/default.nix @@ -80,10 +80,13 @@ stdenv.mkDerivation rec { systemd ]; - # Flag needed by GCC 12 but unrecognized by GCC 9 (aarch64-linux default now) - env.NIX_CFLAGS_COMPILE = toString (lib.optionals (with stdenv; cc.isGNU && lib.versionAtLeast cc.version "12") [ - "-Wno-error=mismatched-new-delete" - ]); + env.CXXFLAGS = toString [ "-include cstdint" ]; + + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isGNU (toString [ + "-Wno-error=redundant-move" + # Flag needed by GCC 12 but unrecognized by GCC 9 (aarch64-linux default now) + (lib.optionalString (lib.versionAtLeast stdenv.cc.version "12") "-Wno-error=mismatched-new-delete") + ]); prePatch = '' patchShebangs scripts diff --git a/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix b/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix index 7765ce0aa52a..a99100ad8f4e 100644 --- a/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "android-udev-rules"; - version = "20231207"; + version = "20240114"; src = fetchFromGitHub { owner = "M0Rf30"; repo = "android-udev-rules"; rev = version; - hash = "sha256-wNGIDOHbQ4qtKqtGqLOGEopWgnox3cATY77daRNVUFM="; + hash = "sha256-qf+KcEcWOsgLMifUOqNbi5t4s62p1gUfna45MyD01U0="; }; installPhase = '' diff --git a/nixpkgs/pkgs/os-specific/linux/apfs/default.nix b/nixpkgs/pkgs/os-specific/linux/apfs/default.nix index 0c8d7cb989d4..28505f8c9eee 100644 --- a/nixpkgs/pkgs/os-specific/linux/apfs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/apfs/default.nix @@ -6,7 +6,7 @@ }: let - tag = "0.3.6"; + tag = "0.3.7"; in stdenv.mkDerivation { pname = "apfs"; @@ -16,7 +16,7 @@ stdenv.mkDerivation { owner = "linux-apfs"; repo = "linux-apfs-rw"; rev = "v${tag}"; - hash = "sha256-k62PgUffBx6ZrWWLeX460adh/vv6XWxSmtEiwaWxiaU="; + hash = "sha256-LmUaIKZ1Msc4yAXNMzyDhPCPsQYeYnUbRF6pA9WvHYk="; }; hardeningDisable = [ "pic" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix b/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix index 5c4c14eeb069..b825cfc0a962 100644 --- a/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix @@ -16,14 +16,6 @@ stdenv.mkDerivation rec { sha256 = cfg.sha256.${pname}; }; - patches = [ - # batman-adv: compat: Fix skb_vlan_eth_hdr conflict in stable kernels - (fetchpatch2 { - url = "https://git.open-mesh.org/batman-adv.git/commitdiff_plain/be69e50e8c249ced085d41ddd308016c1c692174?hp=74d3c5e1c682a9efe31b75e8986668081a4b5341"; - sha256 = "sha256-yfEiU74wuMSKal/6mwzgdccqDMEv4P7CkAeiSAEwvjA="; - }) - ]; - nativeBuildInputs = kernel.moduleBuildDependencies; makeFlags = kernel.makeFlags ++ [ "KERNELPATH=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" diff --git a/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix b/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix index f78191489d0f..545285a6cf42 100644 --- a/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix +++ b/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix @@ -1,16 +1,16 @@ { - version = "2023.3"; + version = "2024.0"; # To get these, run: # # ``` # for tool in alfred batctl batman-adv; do - # nix-prefetch-url https://downloads.open-mesh.org/batman/releases/batman-adv-2023.3/$tool-2023.3.tar.gz --type sha256 | xargs nix hash to-sri --type sha256 + # nix-prefetch-url https://downloads.open-mesh.org/batman/releases/batman-adv-2024.0/$tool-2024.0.tar.gz --type sha256 | xargs nix hash to-sri --type sha256 # done # ``` sha256 = { - alfred = "sha256-rVrUFJ+uz351MCpXeqpnOxz8lAXSAksrSpFjuscMjk8="; - batctl = "sha256-mswxFwkwwXl8OHY7h73/iAVMNNHwEvu4EAaCc/7zEhI="; - batman-adv = "sha256-98bFPlk0PBYmQsubRPEBZ2XUv1E+A5ACvmEremweo2w="; + alfred = "sha256-0CmkNjirFnceX3HhNLyEPRcT10BBxlvNoYox0Y9VMb0="; + batctl = "sha256-doU+hyAa9jxBHbFS/QxiWnKalzMRWJfRMxYE4sWmfH0="; + batman-adv = "sha256-YREGl7V5n2RqKoKk3Pl/rtS7EqfMQ79Gg9LE3k9rQOc="; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix deleted file mode 100644 index d864f30096d7..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix +++ /dev/null @@ -1,164 +0,0 @@ -{ stdenv -, lib -, fetchurl -, fetchpatch -, alsa-lib -, dbus -, ell -, glib -, json_c -, libical -, docutils -, pkg-config -, python3 -, readline -, systemdMinimal -, udev -, withExperimental ? false -}: let - pythonPath = with python3.pkgs; [ - dbus-python - pygobject3 - recursivePthLoader - ]; -in stdenv.mkDerivation rec { - pname = "bluez"; - version = "5.70"; - - src = fetchurl { - url = "mirror://kernel/linux/bluetooth/${pname}-${version}.tar.xz"; - sha256 = "sha256-N+Ny6RaVXhRMuIL4iOS+QImPEK47fCE93N1V7pwAkng="; - }; - - patches = [ - # replace use of a non-standard symbol to fix build with musl libc (pkgsMusl.bluez) - (fetchpatch { - url = "https://git.alpinelinux.org/aports/plain/main/bluez/max-input.patch?id=32b31b484cb13009bd8081c4106e4cf064ec2f1f"; - sha256 = "sha256-SczbXtsxBkCO+izH8XOBcrJEO2f7MdtYVT3+2fCV8wU="; - }) - # Fix device pairing regression - # FIXME: remove in next release - (fetchpatch { - url = "https://github.com/bluez/bluez/commit/3a9c637010f8dc1ba3e8382abe01065761d4f5bb.patch"; - hash = "sha256-UUmYMHnxYrw663nEEC2mv3zj5e0omkLNejmmPUtgS3c="; - }) - # CVE-2023-45866 / https://github.com/skysafe/reblog/tree/main/cve-2023-45866 - (fetchpatch { - name = "CVE-2023-45866.patch"; - url = "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"; - sha256 = "sha256-IuPQ18yN0EO/PkqdT/JETyOxdZCKewBiDjGN4CG2GLo="; - }) - ]; - - buildInputs = [ - alsa-lib - dbus - ell - glib - json_c - libical - python3 - readline - udev - ]; - - nativeBuildInputs = [ - docutils - pkg-config - python3.pkgs.wrapPython - ]; - - outputs = [ "out" "dev" "test" ]; - - postPatch = '' - substituteInPlace tools/hid2hci.rules \ - --replace /sbin/udevadm ${systemdMinimal}/bin/udevadm \ - --replace "hid2hci " "$out/lib/udev/hid2hci " - # Disable some tests: - # - test-mesh-crypto depends on the following kernel settings: - # CONFIG_CRYPTO_[USER|USER_API|USER_API_AEAD|USER_API_HASH|AES|CCM|AEAD|CMAC] - if [[ ! -f unit/test-mesh-crypto.c ]]; then echo "unit/test-mesh-crypto.c no longer exists"; false; fi - echo 'int main() { return 77; }' > unit/test-mesh-crypto.c - ''; - - configureFlags = [ - "--localstatedir=/var" - "--enable-library" - "--enable-cups" - "--enable-pie" - "--enable-external-ell" - "--with-dbusconfdir=${placeholder "out"}/share" - "--with-dbussystembusdir=${placeholder "out"}/share/dbus-1/system-services" - "--with-dbussessionbusdir=${placeholder "out"}/share/dbus-1/services" - "--with-systemdsystemunitdir=${placeholder "out"}/etc/systemd/system" - "--with-systemduserunitdir=${placeholder "out"}/etc/systemd/user" - "--with-udevdir=${placeholder "out"}/lib/udev" - "--enable-health" - "--enable-mesh" - "--enable-midi" - "--enable-nfc" - "--enable-sixaxis" - "--enable-btpclient" - "--enable-hid2hci" - "--enable-logger" - - # To provide ciptool, sdptool, and rfcomm (unmaintained) - # superseded by new D-Bus APIs - "--enable-deprecated" - ] ++ lib.optional withExperimental "--enable-experimental"; - - - # Work around `make install' trying to create /var/lib/bluetooth. - installFlags = [ "statedir=$(TMPDIR)/var/lib/bluetooth" ]; - - makeFlags = [ "rulesdir=${placeholder "out"}/lib/udev/rules.d" ]; - - doCheck = stdenv.hostPlatform.isx86_64; - - postInstall = '' - mkdir -p $test/{bin,test} - cp -a test $test - pushd $test/test - for a in \ - simple-agent \ - test-adapter \ - test-device \ - test-thermometer \ - list-devices \ - monitor-bluetooth \ - ; do - ln -s ../test/$a $test/bin/bluez-$a - done - popd - wrapPythonProgramsIn $test/test "$test/test ${toString pythonPath}" - '' + '' - # for bluez4 compatibility for NixOS - mkdir $out/sbin - ln -s ../libexec/bluetooth/bluetoothd $out/sbin/bluetoothd - ln -s ../libexec/bluetooth/obexd $out/sbin/obexd - - # Add extra configuration - mkdir $out/etc/bluetooth - ln -s /etc/bluetooth/main.conf $out/etc/bluetooth/main.conf - - # https://github.com/NixOS/nixpkgs/issues/204418 - ln -s /etc/bluetooth/input.conf $out/etc/bluetooth/input.conf - ln -s /etc/bluetooth/network.conf $out/etc/bluetooth/network.conf - - # Add missing tools, ref https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/bluez - for files in `find tools/ -type f -perm -755`; do - filename=$(basename $files) - install -Dm755 tools/$filename $out/bin/$filename - done - install -Dm755 attrib/gatttool $out/bin/gatttool - ''; - - enableParallelBuilding = true; - - meta = with lib; { - description = "Bluetooth support for Linux"; - homepage = "http://www.bluez.org/"; - license = with licenses; [ gpl2 lgpl21 ]; - platforms = platforms.linux; - }; -} diff --git a/nixpkgs/pkgs/os-specific/linux/bpftrace/default.nix b/nixpkgs/pkgs/os-specific/linux/bpftrace/default.nix index ecb34c373b74..984eee759451 100644 --- a/nixpkgs/pkgs/os-specific/linux/bpftrace/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bpftrace/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "bpftrace"; - version = "0.19.1"; + version = "0.20.1"; src = fetchFromGitHub { owner = "iovisor"; repo = "bpftrace"; rev = "v${version}"; - hash = "sha256-JyMogqyntSm2IDXzsOIjcUkf2YwG2oXKpqPpdx/eMNI="; + hash = "sha256-jgM01G0zhaXNd2FiZwQb13O2/mXS971gUSGOAnrJLTQ="; }; diff --git a/nixpkgs/pkgs/os-specific/linux/crda/default.nix b/nixpkgs/pkgs/os-specific/linux/crda/default.nix deleted file mode 100644 index ffed5fc36a78..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/crda/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ lib, stdenv, fetchurl, fetchpatch, libgcrypt, libnl, pkg-config, python3Packages, wireless-regdb }: - -stdenv.mkDerivation rec { - pname = "crda"; - version = "4.14"; - - src = fetchurl { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snapshot/crda-${version}.tar.gz"; - sha256 = "sha256-Wo81u4snR09Gaw511FG6kXQz2KqxiJZ4pk2cTnKouMI="; - }; - - patches = [ - # Fix python 3 build: except ImportError, e: SyntaxError: invalid syntax - (fetchpatch { - url = "https://raw.githubusercontent.com/archlinux/svntogit-packages/d234fddf451fab0f4fc412e2769f54e11f10d7d8/trunk/crda-4.14-python-3.patch"; - sha256 = "sha256-KEezEKrfizq9k4ZiE2mf3Nl4JiBayhXeVnFl7wYh28Y="; - }) - - (fetchpatch { - url = "https://raw.githubusercontent.com/archlinux/svntogit-packages/d48ec843222b0d74c85bce86fa6f087c7dfdf952/trunk/0001-Makefile-Link-libreg.so-against-the-crypto-library.patch"; - sha256 = "sha256-j93oydi209f22OF8aXZ/NczuUOnlhkdSeYvy2WRRvm0="; - }) - ]; - - strictDeps = true; - - nativeBuildInputs = [ - pkg-config - python3Packages.m2crypto # only used for a build time script - ]; - - buildInputs = [ - libgcrypt - libnl - ]; - - postPatch = '' - patchShebangs utils/ - substituteInPlace Makefile \ - --replace 'gzip' 'gzip -n' \ - --replace ldconfig true \ - --replace pkg-config $PKG_CONFIG - sed -i crda.c \ - -e "/\/usr\/.*\/regulatory.bin/d" \ - -e "s|/lib/crda|${wireless-regdb}/lib/crda|g" - ''; - - makeFlags = [ - "PREFIX=$(out)" - "SBINDIR=$(out)/bin/" - "UDEV_RULE_DIR=$(out)/lib/udev/rules.d/" - "REG_BIN=${wireless-regdb}/lib/crda/regulatory.bin" - ]; - - buildFlags = [ "all_noverify" ]; - enableParallelBuilding = true; - - doCheck = true; - checkTarget = "verify"; - - meta = with lib; { - description = "Linux wireless Central Regulatory Domain Agent"; - longDescription = '' - CRDA acts as the udev helper for communication between the kernel and - userspace for regulatory compliance. It relies on nl80211 for communication. - - CRDA is intended to be run only through udev communication from the kernel. - To use it under NixOS, add - - services.udev.packages = [ pkgs.crda ]; - - to the system configuration. - ''; - homepage = "https://wireless.wiki.kernel.org/en/developers/regulatory/crda"; - license = licenses.free; # "copyleft-next 0.3.0", as yet without a web site - platforms = platforms.linux; - }; -} diff --git a/nixpkgs/pkgs/os-specific/linux/cryptsetup/default.nix b/nixpkgs/pkgs/os-specific/linux/cryptsetup/default.nix index fbff9a3363de..33edbc0a4f73 100644 --- a/nixpkgs/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/cryptsetup/default.nix @@ -14,14 +14,14 @@ stdenv.mkDerivation rec { pname = "cryptsetup"; - version = "2.6.1"; + version = "2.7.0"; outputs = [ "bin" "out" "dev" "man" ]; separateDebugInfo = true; src = fetchurl { url = "mirror://kernel/linux/utils/cryptsetup/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - hash = "sha256-QQ3tZaEHKrnI5Brd7Te5cpwIf+9NLbArtO9SmtbaRpM="; + hash = "sha256-lAA6AM1agZRPRejcUp4M/Spv9im9LNIc9eV05GXa95U="; }; patches = [ diff --git a/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix b/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix index 408dfa408e1d..476ea57d44ec 100644 --- a/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/displaylink/default.nix @@ -4,10 +4,8 @@ , util-linux , libusb1 , evdi -, systemd -, makeWrapper +, makeBinaryWrapper , requireFile -, substituteAll }: let @@ -17,9 +15,8 @@ let else if stdenv.hostPlatform.system == "aarch64-linux" then "aarch64-linux-gnu" else throw "Unsupported architecture"; libPath = lib.makeLibraryPath [ stdenv.cc.cc util-linux libusb1 evdi ]; - in -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "displaylink"; version = "5.8.0-63.33"; @@ -41,15 +38,21 @@ stdenv.mkDerivation rec { ''; }; - nativeBuildInputs = [ unzip makeWrapper ]; + nativeBuildInputs = [ + makeBinaryWrapper + unzip + ]; unpackPhase = '' + runHook preUnpack unzip $src - chmod +x displaylink-driver-${version}.run - ./displaylink-driver-${version}.run --target . --noexec --nodiskspace + chmod +x displaylink-driver-${finalAttrs.version}.run + ./displaylink-driver-${finalAttrs.version}.run --target . --noexec --nodiskspace + runHook postUnpack ''; installPhase = '' + runHook preInstall install -Dt $out/lib/displaylink *.spkg install -Dm755 ${bins}/DisplayLinkManager $out/bin/DisplayLinkManager mkdir -p $out/lib/udev/rules.d $out/share @@ -63,6 +66,7 @@ stdenv.mkDerivation rec { # We introduce a dependency on the source file so that it need not be redownloaded everytime echo $src >> "$out/share/workspace_dependencies.pin" + runHook postInstall ''; dontStrip = true; @@ -71,10 +75,11 @@ stdenv.mkDerivation rec { meta = with lib; { description = "DisplayLink DL-5xxx, DL-41xx and DL-3x00 Driver for Linux"; homepage = "https://www.displaylink.com/"; + hydraPlatforms = []; license = licenses.unfree; + mainProgram = "DisplayLinkManager"; maintainers = with maintainers; [ abbradar ]; platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; - hydraPlatforms = []; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; }; -} +}) diff --git a/nixpkgs/pkgs/os-specific/linux/evdi/default.nix b/nixpkgs/pkgs/os-specific/linux/evdi/default.nix index bd34ac0db4d3..059c7891a52b 100644 --- a/nixpkgs/pkgs/os-specific/linux/evdi/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/evdi/default.nix @@ -1,19 +1,25 @@ -{ lib, stdenv, fetchFromGitHub, kernel, libdrm, python3 }: +{ lib +, stdenv +, fetchFromGitHub +, kernel +, libdrm +, python3 +}: let python3WithLibs = python3.withPackages (ps: with ps; [ pybind11 ]); in -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "evdi"; - version = "1.14.1"; + version = "1.14.1-unstable-2024-01-30"; src = fetchFromGitHub { owner = "DisplayLink"; - repo = pname; - rev = "v${version}"; - hash = "sha256-em3Y56saB7K3Wr31Y0boc38xGb57gdveN0Cstgy8y20="; + repo = "evdi"; + rev = "d21a6ea3c69ba180457966a04b6545d321cf46ca"; + hash = "sha256-Txa9yX9h3GfmHRRNvhrfrsUoQhqRWbBt4gJYAZTNe0w="; }; env.NIX_CFLAGS_COMPILE = toString [ @@ -24,7 +30,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = kernel.moduleBuildDependencies; - buildInputs = [ kernel libdrm python3WithLibs ]; + buildInputs = [ + kernel + libdrm + python3WithLibs + ]; makeFlags = kernel.makeFlags ++ [ "KVER=${kernel.modDirVersion}" @@ -34,19 +44,21 @@ stdenv.mkDerivation rec { hardeningDisable = [ "format" "pic" "fortify" ]; installPhase = '' + runHook preInstall install -Dm755 module/evdi.ko $out/lib/modules/${kernel.modDirVersion}/kernel/drivers/gpu/drm/evdi/evdi.ko install -Dm755 library/libevdi.so $out/lib/libevdi.so + runHook postInstall ''; enableParallelBuilding = true; meta = with lib; { + broken = kernel.kernelOlder "4.19"; changelog = "https://github.com/DisplayLink/evdi/releases/tag/v${version}"; description = "Extensible Virtual Display Interface"; + homepage = "https://www.displaylink.com/"; + license = with licenses; [ lgpl21Only gpl2Only ]; maintainers = with maintainers; [ ]; platforms = platforms.linux; - license = with licenses; [ lgpl21Only gpl2Only ]; - homepage = "https://www.displaylink.com/"; - broken = kernel.kernelOlder "4.19" || kernel.kernelAtLeast "6.6"; }; -} +}) diff --git a/nixpkgs/pkgs/os-specific/linux/eventstat/default.nix b/nixpkgs/pkgs/os-specific/linux/eventstat/default.nix index 2c139cd3c865..0de1ded83543 100644 --- a/nixpkgs/pkgs/os-specific/linux/eventstat/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/eventstat/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "eventstat"; - version = "0.05.01"; + version = "0.06.00"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-raODDA1EKtZThFg0NV6EfrWj5mSQNaiekywfOfAvYXI="; + hash = "sha256-lCtXILpZn1/laRnsfE5DlQQQKKvfHxOJu87SkpWKeTE="; }; buildInputs = [ ncurses ]; diff --git a/nixpkgs/pkgs/os-specific/linux/ffado/default.nix b/nixpkgs/pkgs/os-specific/linux/ffado/default.nix index 3d44ad813a69..d1e78a312e05 100644 --- a/nixpkgs/pkgs/os-specific/linux/ffado/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/ffado/default.nix @@ -24,13 +24,15 @@ let in mkDerivation rec { pname = "ffado"; - version = "2.4.7"; + version = "2.4.8"; src = fetchurl { url = "http://www.ffado.org/files/libffado-${version}.tgz"; - sha256 = "0vsn3y52g6f77lqh9qfkd7dslmb7bbgy46cv5idynx4frqscc23s"; + hash = "sha256-f0x561ehKw6uMSri0RZip+v1JHZuhixtywl0PVU/N44="; }; + sourceRoot = "libffado-${version}/libffado"; + prePatch = '' substituteInPlace ./support/tools/ffado-diag.in \ --replace /lib/modules/ "/run/booted-system/kernel-modules/lib/modules/" diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch deleted file mode 100644 index 4e95ccea8dc1..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch +++ /dev/null @@ -1,138 +0,0 @@ -diff --git a/data/bios-settings.d/meson.build b/data/bios-settings.d/meson.build -index b0ff5b106..13ac380d0 100644 ---- a/data/bios-settings.d/meson.build -+++ b/data/bios-settings.d/meson.build -@@ -1,5 +1,5 @@ - if build_standalone and host_machine.system() == 'linux' - install_data('README.md', -- install_dir: join_paths(sysconfdir, 'fwupd', 'bios-settings.d') -+ install_dir: join_paths(sysconfdir_install, 'fwupd', 'bios-settings.d') - ) - endif -diff --git a/data/meson.build b/data/meson.build -index e13da4adf..6858c240f 100644 ---- a/data/meson.build -+++ b/data/meson.build -@@ -26,7 +26,7 @@ endif - - if build_standalone - install_data(['fwupd.conf'], -- install_dir: join_paths(sysconfdir, 'fwupd'), -+ install_dir: join_paths(sysconfdir_install, 'fwupd'), - install_mode: 'rw-r-----', - ) - plugin_quirks += files([ -diff --git a/data/pki/meson.build b/data/pki/meson.build -index 3649fecea..c3462744b 100644 ---- a/data/pki/meson.build -+++ b/data/pki/meson.build -@@ -12,13 +12,13 @@ install_data([ - 'GPG-KEY-Linux-Foundation-Firmware', - 'GPG-KEY-Linux-Vendor-Firmware-Service', - ], -- install_dir: join_paths(sysconfdir, 'pki', 'fwupd') -+ install_dir: join_paths(sysconfdir_install, 'pki', 'fwupd') - ) - install_data([ - 'GPG-KEY-Linux-Foundation-Metadata', - 'GPG-KEY-Linux-Vendor-Firmware-Service', - ], -- install_dir: join_paths(sysconfdir, 'pki', 'fwupd-metadata') -+ install_dir: join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') - ) - endif - -@@ -26,11 +26,11 @@ if supported_pkcs7 - install_data([ - 'LVFS-CA.pem', - ], -- install_dir: join_paths(sysconfdir, 'pki', 'fwupd') -+ install_dir: join_paths(sysconfdir_install, 'pki', 'fwupd') - ) - install_data([ - 'LVFS-CA.pem', - ], -- install_dir: join_paths(sysconfdir, 'pki', 'fwupd-metadata') -+ install_dir: join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') - ) - endif -diff --git a/data/remotes.d/meson.build b/data/remotes.d/meson.build -index c20a1a05e..5354bac7f 100644 ---- a/data/remotes.d/meson.build -+++ b/data/remotes.d/meson.build -@@ -15,14 +15,14 @@ if build_standalone and get_option('lvfs') != 'false' - output: 'lvfs.conf', - configuration: con3, - install: true, -- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), - ) - configure_file( - input: 'lvfs-testing.conf', - output: 'lvfs-testing.conf', - configuration: con3, - install: true, -- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), - ) - i18n.merge_file( - input: 'lvfs.metainfo.xml', -@@ -56,12 +56,12 @@ configure_file( - output: 'vendor.conf', - configuration: con2, - install: true, -- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), - ) - configure_file( - input: 'vendor-directory.conf', - output: 'vendor-directory.conf', - configuration: con2, - install: true, -- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), - ) -diff --git a/meson.build b/meson.build -index ca6ccdf92..0a3097d90 100644 ---- a/meson.build -+++ b/meson.build -@@ -195,6 +195,12 @@ endif - mandir = join_paths(prefix, get_option('mandir')) - localedir = join_paths(prefix, get_option('localedir')) - -+if get_option('sysconfdir_install') != '' -+ sysconfdir_install = join_paths(prefix, get_option('sysconfdir_install')) -+else -+ sysconfdir_install = sysconfdir -+endif -+ - diffcmd = find_program('diff') - gio = dependency('gio-2.0', version: '>= 2.68.0') - giounix = dependency('gio-unix-2.0', version: '>= 2.68.0', required: false) - -diff --git a/meson_options.txt b/meson_options.txt -index 877891126..986d0ee31 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -1,3 +1,8 @@ -+option('sysconfdir_install', -+ type: 'string', -+ value: '', -+ description: 'sysconfdir to use during installation' -+) - option('build', - type: 'combo', - choices: [ -diff --git a/plugins/uefi-capsule/meson.build b/plugins/uefi-capsule/meson.build -index eb196c21e..c9a29f680 100644 ---- a/plugins/uefi-capsule/meson.build -+++ b/plugins/uefi-capsule/meson.build -@@ -20,7 +20,7 @@ if host_machine.system() == 'linux' - output: '35_fwupd', - configuration: con2, - install: true, -- install_dir: join_paths(sysconfdir, 'grub.d') -+ install_dir: join_paths(sysconfdir_install, 'grub.d') - ) - elif host_machine.system() == 'freebsd' - backend_srcs += 'fu-uefi-backend-freebsd.c' diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/default.nix deleted file mode 100644 index ac1605f979e7..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ /dev/null @@ -1,395 +0,0 @@ -# Updating? Keep $out/etc synchronized with passthru keys - -{ stdenv -, lib -, fetchFromGitHub -, gi-docgen -, pkg-config -, gobject-introspection -, gettext -, libgudev -, libdrm -, polkit -, libxmlb -, glib -, gusb -, sqlite -, libarchive -, libredirect -, curl -, libjcat -, elfutils -, valgrind -, meson -, libuuid -, ninja -, gnutls -, protobufc -, python3 -, wrapGAppsNoGuiHook -, ensureNewerSourcesForZipFilesHook -, json-glib -, bash-completion -, shared-mime-info -, umockdev -, vala -, makeFontsConf -, freefont_ttf -, pango -, tpm2-tss -, bubblewrap -, efibootmgr -, flashrom -, tpm2-tools -, fwupd-efi -, nixosTests -, runCommand -, unstableGitUpdater -, modemmanager -, libqmi -, libmbim -, libcbor -, xz -, enableFlashrom ? false -, enablePassim ? false -}: - -let - python = python3.withPackages (p: with p; [ - jinja2 - pygobject3 - setuptools - ]); - - isx86 = stdenv.hostPlatform.isx86; - - # Dell isn't supported on Aarch64 - haveDell = isx86; - - # only redfish for x86_64 - haveRedfish = stdenv.isx86_64; - - # only use msr if x86 (requires cpuid) - haveMSR = isx86; - - # # Currently broken on Aarch64 - # haveFlashrom = isx86; - # Experimental - haveFlashrom = isx86 && enableFlashrom; - - runPythonCommand = - name: - buildCommandPython: - - runCommand - name - { - nativeBuildInputs = [ python3 ]; - inherit buildCommandPython; - } - '' - exec python3 -c "$buildCommandPython" - ''; - - test-firmware = - let - version = "unstable-2022-04-02"; - src = fetchFromGitHub { - name = "fwupd-test-firmware-${version}"; - owner = "fwupd"; - repo = "fwupd-test-firmware"; - rev = "39954e434d63e20e85870dd1074818f48a0c08b7"; - hash = "sha256-d4qG3fKyxkfN91AplRYqARFz+aRr+R37BpE450bPxi0="; - passthru = { - inherit src version; # For update script - updateScript = unstableGitUpdater { - url = "${test-firmware.meta.homepage}.git"; - }; - }; - }; - in - src // { - meta = src.meta // { - # For update script - position = - let - pos = builtins.unsafeGetAttrPos "updateScript" test-firmware; - in - pos.file + ":" + toString pos.line; - }; - }; -in -stdenv.mkDerivation (finalAttrs: { - pname = "fwupd"; - version = "1.9.11"; - - # libfwupd goes to lib - # daemon, plug-ins and libfwupdplugin go to out - # CLI programs go to out - outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ]; - - src = fetchFromGitHub { - owner = "fwupd"; - repo = "fwupd"; - rev = finalAttrs.version; - hash = "sha256-chPZ9nGhFcaExoJDJvFy8terIGZRU6S90RKBYkoWyGQ="; - }; - - patches = [ - # Since /etc is the domain of NixOS, not Nix, - # we cannot install files there. - # Let’s install the files to $prefix/etc - # while still reading them from /etc. - # NixOS module for fwupd will take take care of copying the files appropriately. - ./add-option-for-installation-sysconfdir.patch - - # Install plug-ins and libfwupdplugin to $out output, - # they are not really part of the library. - ./install-fwupdplugin-to-out.patch - - # Installed tests are installed to different output - # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle. - ./installed-tests-path.patch - - # EFI capsule is located in fwupd-efi now. - ./efi-app-path.patch - ]; - - nativeBuildInputs = [ - # required for firmware zipping - ensureNewerSourcesForZipFilesHook - meson - ninja - gi-docgen - pkg-config - gobject-introspection - gettext - shared-mime-info - valgrind - gnutls - protobufc # for protoc - python - wrapGAppsNoGuiHook - vala - ]; - - buildInputs = [ - polkit - libxmlb - gusb - sqlite - libarchive - libdrm - curl - elfutils - libgudev - libjcat - libuuid - json-glib - umockdev - bash-completion - pango - tpm2-tss - fwupd-efi - protobufc - modemmanager - libmbim - libcbor - libqmi - xz # for liblzma - ] ++ lib.optionals haveFlashrom [ - flashrom - ]; - - mesonFlags = [ - "-Ddocs=enabled" - # We are building the official releases. - "-Dsupported_build=enabled" - "-Dlaunchd=disabled" - "-Dudevdir=lib/udev" - "-Dsystemd_root_prefix=${placeholder "out"}" - "-Dinstalled_test_prefix=${placeholder "installedTests"}" - "--localstatedir=/var" - "--sysconfdir=/etc" - "-Dsysconfdir_install=${placeholder "out"}/etc" - "-Defi_os_dir=nixos" - "-Dplugin_modem_manager=enabled" - # We do not want to place the daemon into lib (cyclic reference) - "--libexecdir=${placeholder "out"}/libexec" - ] ++ lib.optionals (!enablePassim) [ - "-Dpassim=disabled" - ] ++ lib.optionals (!haveDell) [ - "-Dplugin_synaptics_mst=disabled" - ] ++ lib.optionals (!haveRedfish) [ - "-Dplugin_redfish=disabled" - ] ++ lib.optionals (!haveFlashrom) [ - "-Dplugin_flashrom=disabled" - ] ++ lib.optionals (!haveMSR) [ - "-Dplugin_msr=disabled" - ]; - - # TODO: wrapGAppsHook wraps efi capsule even though it is not ELF - dontWrapGApps = true; - - doCheck = true; - - # Environment variables - - # Fontconfig error: Cannot load default config file - FONTCONFIG_FILE = - let - fontsConf = makeFontsConf { - fontDirectories = [ freefont_ttf ]; - }; - in - fontsConf; - - # error: “PolicyKit files are missing” - # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428 - PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions"; - - # Phase hooks - - postPatch = '' - patchShebangs \ - contrib/generate-version-script.py \ - contrib/generate-man.py \ - po/test-deps - - substituteInPlace data/installed-tests/fwupdmgr-p2p.sh \ - --replace "gdbus" ${glib.bin}/bin/gdbus - - # tests fail with: Failed to load SMBIOS: neither SMBIOS or DT found - sed -i 's/test(.*)//' plugins/lenovo-thinklmi/meson.build - sed -i 's/test(.*)//' plugins/mtd/meson.build - # fails on amd cpu - sed -i 's/test(.*)//' libfwupdplugin/meson.build - # in nixos test tries to chmod 0777 $out/share/installed-tests/fwupd/tests/redfish.conf - sed -i "s/get_option('tests')/false/" plugins/redfish/meson.build - - # Device tests use device emulation and need to download emulation data from - # the internet, which does not work on our test VMs. - # It's probably better to disable these tests for NixOS by setting - # the device-tests directory to /dev/null. - # For more info on device emulation, see: - # https://github.com/fwupd/fwupd/blob/eeeac4e9ba8a6513428b456a551bffd95d533e50/docs/device-emulation.md - substituteInPlace data/installed-tests/meson.build \ - --replace "join_paths(datadir, 'fwupd', 'device-tests')" "'/dev/null'" - ''; - - preBuild = '' - # jcat-tool at buildtime requires a home directory - export HOME="$(mktemp -d)" - ''; - - preCheck = '' - addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share" - - echo "12345678901234567890123456789012" > machine-id - export NIX_REDIRECTS=/etc/machine-id=$(realpath machine-id) \ - LD_PRELOAD=${libredirect}/lib/libredirect.so - ''; - - postInstall = '' - # These files have weird licenses so they are shipped separately. - cp --recursive --dereference "${test-firmware}/installed-tests/tests" "$installedTests/libexec/installed-tests/fwupd" - ''; - - preFixup = - let - binPath = [ - efibootmgr - bubblewrap - tpm2-tools - ]; - in - '' - gappsWrapperArgs+=( - --prefix XDG_DATA_DIRS : "${shared-mime-info}/share" - # See programs reached with fu_common_find_program_in_path in source - --prefix PATH : "${lib.makeBinPath binPath}" - ) - ''; - - postFixup = '' - # Since we had to disable wrapGAppsHook, we need to wrap the executables manually. - find -L "$out/bin" "$out/libexec" -type f -executable -print0 \ - | while IFS= read -r -d ''' file; do - if [[ "$file" != *.efi ]]; then - echo "Wrapping program $file" - wrapGApp "$file" - fi - done - - # Cannot be in postInstall, otherwise _multioutDocs hook in preFixup will move right back. - moveToOutput "share/doc" "$devdoc" - ''; - - separateDebugInfo = true; - - passthru = { - filesInstalledToEtc = [ - "fwupd/bios-settings.d/README.md" - "fwupd/fwupd.conf" - "fwupd/remotes.d/lvfs-testing.conf" - "fwupd/remotes.d/lvfs.conf" - "fwupd/remotes.d/vendor.conf" - "fwupd/remotes.d/vendor-directory.conf" - "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware" - "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service" - "pki/fwupd/LVFS-CA.pem" - "pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata" - "pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service" - "pki/fwupd-metadata/LVFS-CA.pem" - "grub.d/35_fwupd" - ]; - - # DisabledPlugins key in fwupd/daemon.conf - defaultDisabledPlugins = [ - "test" - "test_ble" - ]; - - # For updating. - inherit test-firmware; - - # For downstream consumers that need the fwupd-efi this was built with. - inherit fwupd-efi; - - tests = - let - listToPy = list: "[${lib.concatMapStringsSep ", " (f: "'${f}'") list}]"; - in - { - installedTests = nixosTests.installed-tests.fwupd; - - passthruMatches = runPythonCommand "fwupd-test-passthru-matches" '' - import itertools - import configparser - import os - import pathlib - - etc = '${finalAttrs.finalPackage}/etc' - package_etc = set(itertools.chain.from_iterable([[os.path.relpath(os.path.join(prefix, file), etc) for file in files] for (prefix, dirs, files) in os.walk(etc)])) - passthru_etc = set(${listToPy finalAttrs.passthru.filesInstalledToEtc}) - assert len(package_etc - passthru_etc) == 0, f'fwupd package contains the following paths in /etc that are not listed in passthru.filesInstalledToEtc: {package_etc - passthru_etc}' - assert len(passthru_etc - package_etc) == 0, f'fwupd package lists the following paths in passthru.filesInstalledToEtc that are not contained in /etc: {passthru_etc - package_etc}' - - config = configparser.RawConfigParser() - config.read('${finalAttrs.finalPackage}/etc/fwupd/fwupd.conf') - package_disabled_plugins = config.get('fwupd', 'DisabledPlugins').rstrip(';').split(';') - passthru_disabled_plugins = ${listToPy finalAttrs.passthru.defaultDisabledPlugins} - assert package_disabled_plugins == passthru_disabled_plugins, f'Default disabled plug-ins in the package {package_disabled_plugins} do not match those listed in passthru.defaultDisabledPlugins {passthru_disabled_plugins}' - - pathlib.Path(os.getenv('out')).touch() - ''; - }; - }; - - meta = with lib; { - homepage = "https://fwupd.org/"; - maintainers = with maintainers; [ rvdp ]; - license = licenses.lgpl21Plus; - platforms = platforms.linux; - }; -}) diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/efi-app-path.patch b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/efi-app-path.patch deleted file mode 100644 index f9e65a10e657..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/efi-app-path.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/meson.build b/meson.build -index b18108c74..7e674b4d2 100644 ---- a/meson.build -+++ b/meson.build -@@ -404,7 +404,7 @@ endif - - # EFI - if build_standalone -- efi_app_location = join_paths(libexecdir, 'fwupd', 'efi') -+ efi_app_location = join_paths(dependency('fwupd-efi').get_variable(pkgconfig: 'prefix'), 'libexec', 'fwupd', 'efi') - conf.set_quoted('EFI_APP_LOCATION', efi_app_location) - if host_cpu == 'x86' - EFI_MACHINE_TYPE_NAME = 'ia32' diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/install-fwupdplugin-to-out.patch b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/install-fwupdplugin-to-out.patch deleted file mode 100644 index e6269ae840bb..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/install-fwupdplugin-to-out.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/meson.build b/meson.build -index 9ae278b66..7cddf1a0d 100644 ---- a/meson.build -+++ b/meson.build -@@ -507,7 +507,7 @@ if build_standalone - if host_machine.system() == 'windows' - libdir_pkg = 'fwupd-@0@'.format(fwupd_version) - else -- libdir_pkg = join_paths(libdir, 'fwupd-@0@'.format(fwupd_version)) -+ libdir_pkg = join_paths(prefix, 'lib', 'fwupd-@0@'.format(fwupd_version)) - endif - conf.set_quoted('FWUPD_LIBDIR_PKG', libdir_pkg) - endif - diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch deleted file mode 100644 index 2954f89e14c3..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff --git a/data/installed-tests/meson.build b/data/installed-tests/meson.build -index dfce86b1c..5e34c4fa6 100644 ---- a/data/installed-tests/meson.build -+++ b/data/installed-tests/meson.build -@@ -86,5 +86,5 @@ configure_file( - output: 'fwupd-tests.conf', - configuration: con2, - install: true, -- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths(get_option('installed_test_prefix'), 'etc', 'fwupd', 'remotes.d'), - ) -diff --git a/meson.build b/meson.build -index ca6ccdf92..36b1b47b0 100644 ---- a/meson.build -+++ b/meson.build -@@ -188,8 +188,8 @@ else - datadir = join_paths(prefix, get_option('datadir')) - sysconfdir = join_paths(prefix, get_option('sysconfdir')) - localstatedir = join_paths(prefix, get_option('localstatedir')) -- installed_test_bindir = join_paths(libexecdir, 'installed-tests', meson.project_name()) -- installed_test_datadir = join_paths(datadir, 'installed-tests', meson.project_name()) -+ installed_test_bindir = join_paths(get_option('installed_test_prefix'), 'libexec', 'installed-tests', meson.project_name()) -+ installed_test_datadir = join_paths(get_option('installed_test_prefix'), 'share', 'installed-tests', meson.project_name()) - daemon_dir = join_paths(libexecdir, 'fwupd') - endif - mandir = join_paths(prefix, get_option('mandir')) -@@ -497,6 +497,7 @@ gnome = import('gnome') - i18n = import('i18n') - - conf.set_quoted('FWUPD_PREFIX', prefix) -+conf.set_quoted('FWUPD_INSTALLED_TEST_PREFIX', get_option('installed_test_prefix')) - conf.set_quoted('FWUPD_BINDIR', bindir) - conf.set_quoted('FWUPD_LIBDIR', libdir) - conf.set_quoted('FWUPD_LIBEXECDIR', libexecdir) -diff --git a/meson_options.txt b/meson_options.txt -index 877891126..bfc5d1afd 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -452,6 +452,10 @@ option('elogind', - 'false': 'disabled', - }, - ) -+option('installed_test_prefix', -+ type: 'string', -+ description: 'Prefix for installed tests' -+) - option('tests', - type: 'boolean', - value: true, diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix index 70f9d7a6c69e..386df843971c 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix @@ -37,7 +37,7 @@ stdenvNoCC.mkDerivation { # Bluetooth firmware cp -rv "$NIX_BUILD_TOP/bluez-firmware/debian/firmware/broadcom/." "$out/lib/firmware/brcm" - # brcmfmac43455-stdio.bin is a symlink to the non-existent path: ../cypress/cyfmac43455-stdio.bin. + # brcmfmac43455-sdio.bin is a symlink to the non-existent path: ../cypress/cyfmac43455-sdio.bin. # See https://github.com/RPi-Distro/firmware-nonfree/issues/26 ln -s "./cyfmac43455-sdio-standard.bin" "$out/lib/firmware/cypress/cyfmac43455-sdio.bin" diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/sof-firmware/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/sof-firmware/default.nix index 2f33a139c9d3..737c7b936935 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/sof-firmware/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/sof-firmware/default.nix @@ -5,11 +5,11 @@ stdenvNoCC.mkDerivation rec { pname = "sof-firmware"; - version = "2.2.6"; + version = "2023.12"; src = fetchurl { - url = "https://github.com/thesofproject/sof-bin/releases/download/v${version}/sof-bin-v${version}.tar.gz"; - sha256 = "sha256-kyLCp2NtAoRcOyaYTVirj3jWP/THZtCEwxlqWF4ACQU="; + url = "https://github.com/thesofproject/sof-bin/releases/download/v${version}/sof-bin-${version}.tar.gz"; + sha256 = "sha256-VeR+tj5iSNvat9ojK7HjHKLnFVs33BFvbcWxc8ujUDs="; }; dontFixup = true; # binaries must not be stripped or patchelfed @@ -17,8 +17,10 @@ stdenvNoCC.mkDerivation rec { installPhase = '' runHook preInstall mkdir -p $out/lib/firmware/intel - cp -av sof-v${version} $out/lib/firmware/intel/sof - cp -av sof-tplg-v${version} $out/lib/firmware/intel/sof-tplg + cp -av sof $out/lib/firmware/intel/sof + cp -av sof-tplg $out/lib/firmware/intel/sof-tplg + cp -av sof-ace-tplg $out/lib/firmware/intel/sof-ace-tplg + cp -av sof-ipc4 $out/lib/firmware/intel/sof-ipc4 runHook postInstall ''; diff --git a/nixpkgs/pkgs/os-specific/linux/fwts/default.nix b/nixpkgs/pkgs/os-specific/linux/fwts/default.nix index bb4a1a1bd37c..f04b8fcd2108 100644 --- a/nixpkgs/pkgs/os-specific/linux/fwts/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/fwts/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "fwts"; - version = "23.11.00"; + version = "24.01.00"; src = fetchzip { url = "https://fwts.ubuntu.com/release/${pname}-V${version}.tar.gz"; - sha256 = "sha256-3cusxMFIYGKJ+ocQPc77bzHkyQhikLo1szSgE59aK9s="; + sha256 = "sha256-MXWmKxcxgSVCSeeGlWsa8JTBa5hLyvGPZ0811w+s+yA="; stripRoot = false; }; diff --git a/nixpkgs/pkgs/os-specific/linux/health-check/default.nix b/nixpkgs/pkgs/os-specific/linux/health-check/default.nix index 4d1d634ff83d..b8737eb15302 100644 --- a/nixpkgs/pkgs/os-specific/linux/health-check/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/health-check/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "health-check"; - version = "0.03.12"; + version = "0.04.00"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-LuUCs6GLaxI5ywv6dr8dlvAXfcLbr1t7y6s/pb6JDpg="; + hash = "sha256-CPKXpPpdagq3UnTk8Z58WtSPek8L79totKX+Uh6foVg="; }; buildInputs = [ json_c libbsd ]; diff --git a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix index 83dd82e6ab26..a705a9fb5d38 100644 --- a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hwdata"; - version = "0.377-2"; + version = "0.378"; src = fetchFromGitHub { owner = "vcrhonek"; repo = "hwdata"; rev = "v${version}"; - hash = "sha256-Nh+EIsJ/98NnflndQeSgiV2iOC0icTEfgwAySPbG6Lo="; + hash = "sha256-YCx0b4crg8A7mGXwqk1XQZKsm/3TUE8C2bOYKnb/FSA="; }; configureFlags = [ "--datadir=${placeholder "out"}/share" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/intel-compute-runtime/default.nix b/nixpkgs/pkgs/os-specific/linux/intel-compute-runtime/default.nix index 0deb493a49b7..a85eee05422c 100644 --- a/nixpkgs/pkgs/os-specific/linux/intel-compute-runtime/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/intel-compute-runtime/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "intel-compute-runtime"; - version = "23.35.27191.9"; + version = "23.48.27912.11"; src = fetchFromGitHub { owner = "intel"; repo = "compute-runtime"; rev = version; - hash = "sha256-yyuP9erK3bQ5oegLXPM+of6x7fslUXHPlX2q71lnGWA="; + hash = "sha256-9VKmD7FxvBrDVqT1TzKommjrTvalfR4diReaDRy+Lk0="; }; nativeBuildInputs = [ cmake pkg-config ]; diff --git a/nixpkgs/pkgs/os-specific/linux/iotop-c/default.nix b/nixpkgs/pkgs/os-specific/linux/iotop-c/default.nix index 1d7dc9e4d112..57254f30c3c9 100644 --- a/nixpkgs/pkgs/os-specific/linux/iotop-c/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iotop-c/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "iotop-c"; - version = "1.25"; + version = "1.26"; src = fetchFromGitHub { owner = "Tomas-M"; repo = "iotop"; rev = "v${version}"; - sha256 = "sha256-ZIvWdNxGSUmQtMKB/MVHEZ0fJ8b//zSXz+1r/P9ZDkE="; + sha256 = "sha256-m75BHvKMk9ckZ6TgT1QDfHYcEfvfEwWu0bQacnVgSmU="; }; nativeBuildInputs = [ pkg-config ]; @@ -25,6 +25,7 @@ stdenv.mkDerivation rec { description = "iotop identifies processes that use high amount of input/output requests on your machine"; homepage = "https://github.com/Tomas-M/iotop"; maintainers = [ maintainers.arezvov ]; + mainProgram = "iotop-c"; license = licenses.gpl2Plus; platforms = platforms.linux; }; diff --git a/nixpkgs/pkgs/os-specific/linux/iotop/default.nix b/nixpkgs/pkgs/os-specific/linux/iotop/default.nix index 0376ff1a55ec..41647a2378e4 100644 --- a/nixpkgs/pkgs/os-specific/linux/iotop/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iotop/default.nix @@ -22,6 +22,7 @@ python3Packages.buildPythonApplication rec { description = "A tool to find out the processes doing the most IO"; homepage = "http://guichaz.free.fr/iotop"; license = licenses.gpl2; + mainProgram = "iotop"; maintainers = [ maintainers.raskin ]; platforms = platforms.linux; }; diff --git a/nixpkgs/pkgs/os-specific/linux/iproute/default.nix b/nixpkgs/pkgs/os-specific/linux/iproute/default.nix index 1fae93c53251..03eb1959c9b2 100644 --- a/nixpkgs/pkgs/os-specific/linux/iproute/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "6.6.0"; + version = "6.7.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-hzjIBK/Qnwv3VpN/DD3iMReDKpjYy79QOGz1AFzWE84="; + hash = "sha256-/5Qt2YKNfR+Gf2H+cs5DMHjDHl2OSnjiDwLLWJLohB0="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/iputils/default.nix b/nixpkgs/pkgs/os-specific/linux/iputils/default.nix index 56ac85fa0b7a..75d706b63f95 100644 --- a/nixpkgs/pkgs/os-specific/linux/iputils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iputils/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "iputils"; - version = "20231222"; + version = "20240117"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - hash = "sha256-/blxT6k79fgbxX8qCQuJMf7zDPwMjJUt7FCscaMXx6U="; + hash = "sha256-sERY8ZKuXiY85cXdNWOm4byiNU7mOVIeA55dgQJHdoE="; }; outputs = [ "out" "apparmor" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/kbd/default.nix b/nixpkgs/pkgs/os-specific/linux/kbd/default.nix index 9d97f73780d5..badb02aaec5a 100644 --- a/nixpkgs/pkgs/os-specific/linux/kbd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kbd/default.nix @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "kbd"; - version = "2.6.3"; + version = "2.6.4"; src = fetchurl { url = "mirror://kernel/linux/utils/kbd/${pname}-${version}.tar.xz"; - sha256 = "sha256-BJlsCNfRxGCWb7JEo9OIM1LCZ0t61SIAPZ9Oy4q0jes="; + sha256 = "sha256-UZ+NCHrsyn4KM80IS++SwGbrGXMWZmU9zHDJ1xqkCSY="; }; # vlock is moved into its own output, since it depends on pam. This diff --git a/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix b/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix index 652468002775..fc2f8ddbd143 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix @@ -111,12 +111,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "6.6"; in + linuxHeaders = let version = "6.7"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - hash = "sha256-2SagbGPdisffP4buH/ws4qO4Gi0WhITna1s4mrqOVtA="; + hash = "sha256-7zEUSiV20IDYwxaY6D7J9mv5fGd/oqrw1bu58zRbEGk="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 2aacb88dc87e..69f16fd79cf6 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -345,7 +345,7 @@ let }; video = { - DRM_LEGACY = no; + DRM_LEGACY = whenOlder "6.8" no; NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween "5.2" "6.3" no; # Allow specifying custom EDID on the kernel command line @@ -381,6 +381,16 @@ let DRM_VC4_HDMI_CEC = yes; }; + # Enables Rust support in the Linux kernel. This is currently not enabled by default, because it occasionally requires + # patching the Linux kernel for the specific Rust toolchain in nixpkgs. These patches usually take a bit + # of time to appear and this would hold up Linux kernel and Rust toolchain updates. + # + # Once Rust in the kernel has more users, we can reconsider enabling it by default. + rust = optionalAttrs ((features.rust or false) && versionAtLeast version "6.7") { + RUST = yes; + GCC_PLUGINS = no; + }; + sound = { SND_DYNAMIC_MINORS = yes; SND_AC97_POWER_SAVE = yes; # AC97 Power-Saving Mode @@ -685,23 +695,23 @@ let VBOXGUEST = option no; DRM_VBOXVIDEO = option no; - XEN = mkIf stdenv.is64bit (option yes); - XEN_DOM0 = mkIf stdenv.is64bit (option yes); - PCI_XEN = mkIf stdenv.is64bit (option yes); - HVC_XEN = mkIf stdenv.is64bit (option yes); - HVC_XEN_FRONTEND = mkIf stdenv.is64bit (option yes); - XEN_SYS_HYPERVISOR = mkIf stdenv.is64bit (option yes); - SWIOTLB_XEN = mkIf stdenv.is64bit (option yes); - XEN_BACKEND = mkIf stdenv.is64bit (option yes); - XEN_BALLOON = mkIf stdenv.is64bit (option yes); - XEN_BALLOON_MEMORY_HOTPLUG = mkIf stdenv.is64bit (option yes); - XEN_EFI = mkIf stdenv.is64bit (option yes); - XEN_HAVE_PVMMU = mkIf stdenv.is64bit (option yes); - XEN_MCE_LOG = mkIf stdenv.is64bit (option yes); - XEN_PVH = mkIf stdenv.is64bit (option yes); - XEN_PVHVM = mkIf stdenv.is64bit (option yes); - XEN_SAVE_RESTORE = mkIf stdenv.is64bit (option yes); - XEN_SELFBALLOONING = mkIf stdenv.is64bit (whenOlder "5.3" yes); + XEN = option yes; + XEN_DOM0 = option yes; + PCI_XEN = option yes; + HVC_XEN = option yes; + HVC_XEN_FRONTEND = option yes; + XEN_SYS_HYPERVISOR = option yes; + SWIOTLB_XEN = option yes; + XEN_BACKEND = option yes; + XEN_BALLOON = option yes; + XEN_BALLOON_MEMORY_HOTPLUG = option yes; + XEN_EFI = option yes; + XEN_HAVE_PVMMU = option yes; + XEN_MCE_LOG = option yes; + XEN_PVH = option yes; + XEN_PVHVM = option yes; + XEN_SAVE_RESTORE = option yes; + XEN_SELFBALLOONING = whenOlder "5.3" yes; # Enable device detection on virtio-mmio hypervisors VIRTIO_MMIO_CMDLINE_DEVICES = yes; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix index df67005dd816..8ff8dcff0b38 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix @@ -9,6 +9,9 @@ , pahole , lib , stdenv +, rustc +, rustPlatform +, rust-bindgen , # The kernel source tarball. src @@ -37,7 +40,7 @@ modDirVersion ? null , # An attribute set whose attributes express the availability of - # certain features in this kernel. E.g. `{iwlwifi = true;}' + # certain features in this kernel. E.g. `{ia32Emulation = true;}' # indicates a kernel that provides Intel wireless support. Used in # NixOS to implement kernel-specific behaviour. features ? {} @@ -89,9 +92,7 @@ let # Combine the `features' attribute sets of all the kernel patches. kernelFeatures = lib.foldr (x: y: (x.features or {}) // y) ({ - iwlwifi = true; efiBootStub = true; - needsCifsUtils = true; netfilterRPFilter = true; ia32Emulation = true; } // features) kernelPatches; @@ -117,6 +118,8 @@ let map ({extraConfig ? "", ...}: extraConfig) kernelPatches; in lib.concatStringsSep "\n" ([baseConfigStr] ++ configFromPatches); + withRust = ((configfile.moduleStructuredConfig.settings.RUST or {}).tristate or null) == "y"; + configfile = stdenv.mkDerivation { inherit ignoreConfigErrors autoModules preferBuiltin kernelArch extraMakeFlags; pname = "linux-config"; @@ -130,7 +133,11 @@ let depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ perl gmp libmpc mpfr ] ++ lib.optionals (lib.versionAtLeast version "4.16") [ bison flex ] - ++ lib.optional (lib.versionAtLeast version "5.2") pahole; + ++ lib.optional (lib.versionAtLeast version "5.2") pahole + ++ lib.optionals withRust [ rust-bindgen rustc ] + ; + + RUST_LIB_SRC = lib.optionalString withRust rustPlatform.rustLibSrc; platformName = stdenv.hostPlatform.linux-kernel.name; # e.g. "defconfig" @@ -202,7 +209,7 @@ let inherit kernelPatches randstructSeed extraMakeFlags extraMeta configfile; pos = builtins.unsafeGetAttrPos "version" args; - config = { CONFIG_MODULES = "y"; CONFIG_FW_LOADER = "m"; }; + config = { CONFIG_MODULES = "y"; CONFIG_FW_LOADER = "m"; } // lib.optionalAttrs withRust { CONFIG_RUST = "y"; }; } // lib.optionalAttrs (modDirVersion != null) { inherit modDirVersion; }); passthru = basicArgs // { @@ -224,7 +231,7 @@ let override = args: lib.warn ( "override is stubbed for NixOS kernel tests, not applying changes these arguments: " - + toString (lib.attrNames (if lib.isAttrs args then args else args {})) + + toString (lib.attrNames (lib.toFunction args { })) ) overridableKernel; }; in [ (nixosTests.kernel-generic.passthru.testsForKernel overridableKernel) ] ++ kernelTests; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix index 7aa9c5117352..dec6a757c529 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -39,21 +39,33 @@ assert (versionAtLeast version "4.9"); DEBUG_PI_LIST = whenOlder "5.2" yes; # doesn't BUG() DEBUG_PLIST = whenAtLeast "5.2" yes; DEBUG_SG = yes; + DEBUG_VIRTUAL = yes; SCHED_STACK_END_CHECK = yes; REFCOUNT_FULL = whenOlder "5.4.208" yes; + # tell EFI to wipe memory during reset + # https://lwn.net/Articles/730006/ + RESET_ATTACK_MITIGATION = yes; + + # restricts loading of line disciplines via TIOCSETD ioctl to CAP_SYS_MODULE + CONFIG_LDISC_AUTOLOAD = option no; + # Randomize page allocator when page_alloc.shuffle=1 SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; - # Allow enabling slub/slab free poisoning with slub_debug=P - SLUB_DEBUG = yes; - # Wipe higher-level memory allocations on free() with page_poison=1 PAGE_POISONING = yes; PAGE_POISONING_NO_SANITY = whenOlder "5.11" yes; PAGE_POISONING_ZERO = whenOlder "5.11" yes; + # Enable init_on_alloc and init_on_free by default + INIT_ON_ALLOC_DEFAULT_ON = whenAtLeast "5.3" yes; + INIT_ON_FREE_DEFAULT_ON = whenAtLeast "5.3" yes; + + # Wipe all caller-used registers on exit from a function + ZERO_CALL_USED_REGS = whenAtLeast "5.15" yes; + # Enable the SafeSetId LSM SECURITY_SAFESETID = whenAtLeast "5.1" yes; @@ -70,6 +82,16 @@ assert (versionAtLeast version "4.9"); GCC_PLUGIN_RANDSTRUCT = whenOlder "5.19" yes; # A port of the PaX randstruct plugin GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenOlder "5.19" yes; + # Runtime undefined behaviour checks + # https://www.kernel.org/doc/html/latest/dev-tools/ubsan.html + # https://developers.redhat.com/blog/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan + UBSAN = yes; + UBSAN_TRAP = whenAtLeast "5.7" yes; + UBSAN_BOUNDS = whenAtLeast "5.7" yes; + UBSAN_SANITIZE_ALL = yes; + UBSAN_LOCAL_BOUNDS = option yes; # clang only + CFI_CLANG = option yes; # clang only Control Flow Integrity since 6.1 + # Same as GCC_PLUGIN_RANDSTRUCT*, but has been renamed to `RANDSTRUCT*` in 5.19. RANDSTRUCT = whenAtLeast "5.19" yes; RANDSTRUCT_PERFORMANCE = whenAtLeast "5.19" yes; @@ -97,4 +119,15 @@ assert (versionAtLeast version "4.9"); # CONFIG_DEVMEM=n causes these to not exist anymore. STRICT_DEVMEM = option no; IO_STRICT_DEVMEM = option no; + + # stricter IOMMU TLB invalidation + IOMMU_DEFAULT_DMA_STRICT = option yes; + IOMMU_DEFAULT_DMA_LAZY = option no; + + # not needed for less than a decade old glibc versions + LEGACY_VSYSCALL_NONE = yes; + + # Straight-Line-Speculation + # https://lwn.net/Articles/877845/ + SLS = option yes; } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index 345d25e6e4c4..8d92d9cae355 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,52 +2,52 @@ "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.304-hardened1.patch", - "sha256": "0bv6abcx8sknhsnijs176yq7q2mgrlyrv5xysnxa0l6wqpl2gqif", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.304-hardened1/linux-hardened-4.19.304-hardened1.patch" + "name": "linux-hardened-4.19.306-hardened1.patch", + "sha256": "0g38iy5vw9glqmqhmj5y8nnx8gbdj312yb14qnwcl21m78k63mxk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.306-hardened1/linux-hardened-4.19.306-hardened1.patch" }, - "sha256": "165mljr8v1cf4vf4a4b44hx089rprkssvi2azq5wbxxg3basbind", - "version": "4.19.304" + "sha256": "06dy270xw4frnrc9p2qjh8chgp02fr5ll5g2b0lx9xqzlq7y86xr", + "version": "4.19.306" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.206-hardened1.patch", - "sha256": "14xmp28grpwpgrsg88bnv164kk54k6akw5jydrs8447mqfyw7sqr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.206-hardened1/linux-hardened-5.10.206-hardened1.patch" + "name": "linux-hardened-5.10.209-hardened1.patch", + "sha256": "1vccxrwi8a8fz3fcjxxqbkdbfjjhzwqpcibfg0nrydcix79ixgyw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.209-hardened1/linux-hardened-5.10.209-hardened1.patch" }, - "sha256": "0ns8qxcrxj9i76b93xcghl002l8vbkg7ksd435sikig62qr62gf4", - "version": "5.10.206" + "sha256": "1mc8rssk5aypgb58jz6i2bbflfr6qh1kgqpam0k8fqvwcjnjzqj4", + "version": "5.10.209" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.146-hardened1.patch", - "sha256": "0cd8gzixkc89n647g108f9r9dn8a3vw9ajdh4g7w7bq6vq71gglj", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.146-hardened1/linux-hardened-5.15.146-hardened1.patch" + "name": "linux-hardened-5.15.148-hardened1.patch", + "sha256": "0pryxvr058fisns01w52xsfbx4aqx2ssfk9n1r575lgywp6q03fj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.148-hardened1/linux-hardened-5.15.148-hardened1.patch" }, - "sha256": "14nijbspmzd4r38l8cpl4vn9dhawzcfnhyc0gnaxl2m8l9gpm02s", - "version": "5.15.146" + "sha256": "1n75lrck581mppx84cds1a1l5vj05cdkp8ahpry7dx6rgz4pb1f4", + "version": "5.15.148" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.266-hardened1.patch", - "sha256": "1gbyxz788j5lirjc62b56didnwq5s69cfindzndsj1r5wm0hknp4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.266-hardened1/linux-hardened-5.4.266-hardened1.patch" + "name": "linux-hardened-5.4.268-hardened1.patch", + "sha256": "1lz9i5iaa6pchnk1bw9dg85n82j9hvjdh8pb7vxjg05fxvwgn7jh", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.268-hardened1/linux-hardened-5.4.268-hardened1.patch" }, - "sha256": "1dmcn9i3nvf1gldm1a32gnl5ybwbk2lizb3wa4gc06g7dxz2y1ys", - "version": "5.4.266" + "sha256": "081695lgkdwlrp6gpp6pyflgh76zax1w52shys4s9zjnrfkarj5g", + "version": "5.4.268" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.72-hardened1.patch", - "sha256": "0zp6i44y3fi2xsk4jbwhk8w688ci34p5ymmk3kkb8s1cvhqzgddy", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.72-hardened1/linux-hardened-6.1.72-hardened1.patch" + "name": "linux-hardened-6.1.76-hardened1.patch", + "sha256": "1hybya6kxcy90cnc7m1gzykbbarqmbybmgrsbanb3gvlbvjghizx", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.76-hardened1/linux-hardened-6.1.76-hardened1.patch" }, - "sha256": "09h9kzv2xfrn369ynl09dfnjl9025b9vpkcxg75gyp63fy8fdp4q", - "version": "6.1.72" + "sha256": "1zdi4xbk7zyiab7x8z12xqg72zaw3j61slvrbwjfx6pzh47cr005", + "version": "6.1.76" }, "6.5": { "patch": { @@ -62,11 +62,21 @@ "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.11-hardened1.patch", - "sha256": "07l4fvc115iqiwbaq916g1l1jpmcg8injr5z5dx6jp2h635w72n3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.11-hardened1/linux-hardened-6.6.11-hardened1.patch" + "name": "linux-hardened-6.6.15-hardened1.patch", + "sha256": "0yj821zaqxhk4yk1fgv1l5kcqsl05nvq8l6djbvhs0nnlmfd85yf", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.15-hardened1/linux-hardened-6.6.15-hardened1.patch" }, - "sha256": "0lhyczcj1fhh52fjf06ikp5yh7kxc1qymsw44rv6v25vc6kfbqmg", - "version": "6.6.11" + "sha256": "1ajzby6isqji1xlp660m4qj2i2xs003vsjp1jspziwl7hrzhqadb", + "version": "6.6.15" + }, + "6.7": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-6.7.3-hardened1.patch", + "sha256": "03jdch5fx6ly0haa2jrbjzyjnfv66dh1gkbhy1y79v3ylr4x29x4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.3-hardened1/linux-hardened-6.7.3-hardened1.patch" + }, + "sha256": "0i1bfkawyp917d9v3qa5nqzspzr3ixx7scbfl8x4lms74xjqrw5p", + "version": "6.7.3" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json index 197b5d638861..b7f5c8654726 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json @@ -1,38 +1,38 @@ { "testing": { - "version": "6.7-rc8", - "hash": "sha256:02drhwl3f53y97gimgclz61zsa57v29vphkbrzr4cwmz4sh1vngk" + "version": "6.8-rc4", + "hash": "sha256:0nn36b2cx04p2210xm0msa8c1jl96vp0nf0bq3w8xhrl95yzj99z" }, "6.5": { "version": "6.5.13", "hash": "sha256:1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq" }, "6.1": { - "version": "6.1.73", - "hash": "sha256:11vyblm4nkjncdi3akcyizw7jkyxsqn2mjixc51f7kgiddq4ibbc" + "version": "6.1.77", + "hash": "sha256:07grng6rrgpy6c3465hwqhn3gcdam1c8rwya30vgpk8nfxbfqm1v" }, "5.15": { - "version": "5.15.147", - "hash": "sha256:1m7wznqiakarpar4a0nbwxql0hkvds0s79zx3r1xn0fj4mbfdhan" + "version": "5.15.148", + "hash": "sha256:1n75lrck581mppx84cds1a1l5vj05cdkp8ahpry7dx6rgz4pb1f4" }, "5.10": { - "version": "5.10.208", - "hash": "sha256:0vpvy47cmcinhs76cjl2n81zrlhbqgpi4v29izn2hzsl15x189ch" + "version": "5.10.209", + "hash": "sha256:1mc8rssk5aypgb58jz6i2bbflfr6qh1kgqpam0k8fqvwcjnjzqj4" }, "5.4": { - "version": "5.4.267", - "hash": "sha256:0hqw8ww7y9mjrh1wgdkiwk8llxpf4lxwmsmzxm8j4l615kpqvlj2" + "version": "5.4.268", + "hash": "sha256:081695lgkdwlrp6gpp6pyflgh76zax1w52shys4s9zjnrfkarj5g" }, "4.19": { - "version": "4.19.305", - "hash": "sha256:1s6srmhd3visqchshg566c7gq5wnxr3m74854kxksqhhfif450ns" + "version": "4.19.306", + "hash": "sha256:06dy270xw4frnrc9p2qjh8chgp02fr5ll5g2b0lx9xqzlq7y86xr" }, "6.6": { - "version": "6.6.12", - "hash": "sha256:01a6czk6xz9syxvkb2yhbn3vypqy2mnjq7ni84x4nklw7n6frmqz" + "version": "6.6.16", + "hash": "sha256:0c5a9agdr27bwd1z6790whczb858z8i34hhn548lzbdylfamf7dj" }, "6.7": { - "version": "6.7", - "hash": "sha256:0s8hbcsg7fdvspqam8kzcxygjsznr4zfi60nqgc81l3n4m518cgg" + "version": "6.7.4", + "hash": "sha256:036nk3h7vqzd7gnxan2173kpss5qm2pci1lvd58gh90azigrz3gn" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix index 05b18383303f..e4716dfa6d96 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19473"; - sha256 = "0k9pgjg6k9j00x4m3g6chnhgznr5r1yyqd9x8q7a9q9j88vygszs"; + rev = "19489"; + sha256 = "1adnk4710iyq87bj48bfxzmzhv5hk0x3fmyz6ydk5af364fl87mk"; } , ... }: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 58a1be131962..ed64b81efaec 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.204-rt100"; # updated by ./update-rt.sh + version = "5.10.209-rt101"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -17,14 +17,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1vnamiyr378q52xgkg7kvpx80zck729dim77vp06a3q6n580g5gz"; + sha256 = "1mc8rssk5aypgb58jz6i2bbflfr6qh1kgqpam0k8fqvwcjnjzqj4"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1zbpkira8wf3w46586af72k43j8xkj15f0dgq86z975vl60hdk68"; + sha256 = "19vlzjhh4m3fppd0y4m40nx2b7ncai1ya726dq1n9qlzzab6iq2a"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix index ffe37b8d5e7a..50d2115d9e1f 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "6.1.70-rt21"; # updated by ./update-rt.sh + version = "6.1.77-rt24"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "1vxgardfm2fi4c7zkxpljqicllfqqnp835a9lyb7dh2nchk6a4zd"; + sha256 = "07grng6rrgpy6c3465hwqhn3gcdam1c8rwya30vgpk8nfxbfqm1v"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "03lb5s16f7j7s7qvh55mxiv6a6rdnx2j8cyy6c6v4naaq9s82lgn"; + sha256 = "194fdr89020igfdcfwdrfrl3rn51aannadr5x4yhd7p4cma0iq0a"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix index 2ba31fbc9789..baf0231f13e1 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,6 +1,7 @@ { lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl , libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod, ubootTools , fetchpatch +, rustc, rust-bindgen, rustPlatform }: let @@ -56,15 +57,6 @@ let inherit (lib) hasAttr getAttr optional optionals optionalString optionalAttrs maintainers platforms; - # Dependencies that are required to build kernel modules - moduleBuildDependencies = [ - pahole - perl - libelf - # module makefiles often run uname commands to find out the kernel version - (buildPackages.deterministic-uname.override { inherit modDirVersion; }) - ] ++ optional (lib.versionAtLeast version "5.13") zstd; - drvAttrs = config_: kernelConf: kernelPatches: configfile: let config = let attrName = attr: "CONFIG_" + attr; in { @@ -84,14 +76,27 @@ let } // config_; isModular = config.isYes "MODULES"; + withRust = config.isYes "RUST"; buildDTBs = kernelConf.DTB or false; + # Dependencies that are required to build kernel modules + moduleBuildDependencies = [ + pahole + perl + libelf + # module makefiles often run uname commands to find out the kernel version + (buildPackages.deterministic-uname.override { inherit modDirVersion; }) + ] + ++ optional (lib.versionAtLeast version "5.13") zstd + ++ optionals withRust [ rustc rust-bindgen ] + ; + in (optionalAttrs isModular { outputs = [ "out" "dev" ]; }) // { passthru = rec { inherit version modDirVersion config kernelPatches configfile moduleBuildDependencies stdenv; - inherit isZen isHardened isLibre; + inherit isZen isHardened isLibre withRust; isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; baseVersion = lib.head (lib.splitString "-rc" version); kernelOlder = lib.versionOlder baseVersion; @@ -100,6 +105,16 @@ let inherit src; + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ubootTools ] + ++ optional (lib.versionOlder version "5.8") libelf + ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] + ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] + ++ optional (lib.versionAtLeast version "5.8") elfutils + ++ optionals withRust [ rustc rust-bindgen ]; + + RUST_LIB_SRC = lib.optionalString withRust rustPlatform.rustLibSrc; + patches = map (p: p.patch) kernelPatches # Required for deterministic builds along with some postPatch magic. @@ -363,14 +378,6 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPat enableParallelBuilding = true; - depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ubootTools ] - ++ optional (lib.versionOlder version "5.8") libelf - ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] - ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] - ++ optional (lib.versionAtLeast version "5.8") elfutils - ; - hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; # Absolute paths for compilers avoid any PATH-clobbering issues. diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/patches.nix b/nixpkgs/pkgs/os-specific/linux/kernel/patches.nix index 5d4ebc214dc7..a7bf7128f5ef 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/patches.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/patches.nix @@ -65,4 +65,18 @@ name = "export-rt-sched-migrate"; patch = ./export-rt-sched-migrate.patch; }; + + rust_1_74 = { + name = "rust-1.74.patch"; + patch = fetchpatch { + name = "rust-1.74.patch"; + url = "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=80fe9e51510b23472ad0f97175556490549ed714"; + hash = "sha256-yGt7PwqN/G+ZtZSt6eARvVFdkC8tnUiu0Fz4cFCyguM="; + }; + }; + + rust_1_75 = { + name = "rust-1.75.patch"; + patch = ./rust-1.75.patch; + }; } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/rust-1.75.patch b/nixpkgs/pkgs/os-specific/linux/kernel/rust-1.75.patch new file mode 100644 index 000000000000..9d6b1a3dcc75 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/kernel/rust-1.75.patch @@ -0,0 +1,373 @@ +From 77007eef13d52d0a5df9706d47078c4e1390a0a9 Mon Sep 17 00:00:00 2001 +From: Miguel Ojeda <ojeda@kernel.org> +Date: Sun, 24 Dec 2023 18:21:28 +0100 +Subject: [PATCH] rust: upgrade to Rust 1.75.0 + +This is the next upgrade to the Rust toolchain, from 1.74.1 to 1.75.0 +(i.e. the latest) [1]. + +See the upgrade policy [2] and the comments on the first upgrade in +commit 3ed03f4da06e ("rust: upgrade to Rust 1.68.2"). + +# Unstable features + +The `const_maybe_uninit_zeroed` unstable feature [3] was stabilized in +Rust 1.75.0, which we were using in the PHYLIB abstractions. + +The only unstable features allowed to be used outside the `kernel` crate +are still `new_uninit,offset_of`, though other code to be upstreamed +may increase the list. + +Please see [4] for details. + +# Other improvements + +Rust 1.75.0 stabilized `pointer_byte_offsets` [5] which we could +potentially use as an alternative for `ptr_metadata` in the future. + +# Required changes + +For this upgrade, no changes were required (i.e. on our side). + +# `alloc` upgrade and reviewing + +The vast majority of changes are due to our `alloc` fork being upgraded +at once. + +There are two kinds of changes to be aware of: the ones coming from +upstream, which we should follow as closely as possible, and the updates +needed in our added fallible APIs to keep them matching the newer +infallible APIs coming from upstream. + +Instead of taking a look at the diff of this patch, an alternative +approach is reviewing a diff of the changes between upstream `alloc` and +the kernel's. This allows to easily inspect the kernel additions only, +especially to check if the fallible methods we already have still match +the infallible ones in the new version coming from upstream. + +Another approach is reviewing the changes introduced in the additions in +the kernel fork between the two versions. This is useful to spot +potentially unintended changes to our additions. + +To apply these approaches, one may follow steps similar to the following +to generate a pair of patches that show the differences between upstream +Rust and the kernel (for the subset of `alloc` we use) before and after +applying this patch: + + # Get the difference with respect to the old version. + git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) + git -C linux ls-tree -r --name-only HEAD -- rust/alloc | + cut -d/ -f3- | + grep -Fv README.md | + xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH + git -C linux diff --patch-with-stat --summary -R > old.patch + git -C linux restore rust/alloc + + # Apply this patch. + git -C linux am rust-upgrade.patch + + # Get the difference with respect to the new version. + git -C rust checkout $(linux/scripts/min-tool-version.sh rustc) + git -C linux ls-tree -r --name-only HEAD -- rust/alloc | + cut -d/ -f3- | + grep -Fv README.md | + xargs -IPATH cp rust/library/alloc/src/PATH linux/rust/alloc/PATH + git -C linux diff --patch-with-stat --summary -R > new.patch + git -C linux restore rust/alloc + +Now one may check the `new.patch` to take a look at the additions (first +approach) or at the difference between those two patches (second +approach). For the latter, a side-by-side tool is recommended. + +Link: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1750-2023-12-28 [1] +Link: https://rust-for-linux.com/rust-version-policy [2] +Link: https://github.com/rust-lang/rust/issues/91850 [3] +Link: https://github.com/Rust-for-Linux/linux/issues/2 [4] +Link: https://github.com/rust-lang/rust/issues/96283 [5] +Signed-off-by: Miguel Ojeda <ojeda@kernel.org> +Link: https://lore.kernel.org/lkml/20231224172128.271447-1-ojeda@kernel.org/ +Signed-off-by: Alyssa Ross <hi@alyssa.is> +--- + Documentation/process/changes.rst | 2 +- + rust/alloc/alloc.rs | 9 ++++++++- + rust/alloc/boxed.rs | 20 ++++++++++++-------- + rust/alloc/lib.rs | 7 ++++--- + rust/alloc/raw_vec.rs | 19 +++++++++++++++---- + rust/alloc/vec/mod.rs | 16 ++++++++++------ + scripts/min-tool-version.sh | 2 +- + 7 files changed, 51 insertions(+), 24 deletions(-) + +diff --git a/Documentation/process/changes.rst b/Documentation/process/changes.rst +index 169f67773518..52284fdbaf23 100644 +--- a/Documentation/process/changes.rst ++++ b/Documentation/process/changes.rst +@@ -31,7 +31,7 @@ you probably needn't concern yourself with pcmciautils. + ====================== =============== ======================================== + GNU C 5.1 gcc --version + Clang/LLVM (optional) 11.0.0 clang --version +-Rust (optional) 1.74.1 rustc --version ++Rust (optional) 1.75.0 rustc --version + bindgen (optional) 0.65.1 bindgen --version + GNU make 3.82 make --version + bash 4.2 bash --version +diff --git a/rust/alloc/alloc.rs b/rust/alloc/alloc.rs +index 150e13750ff7..8a6be8c98173 100644 +--- a/rust/alloc/alloc.rs ++++ b/rust/alloc/alloc.rs +@@ -379,13 +379,20 @@ const fn ct_error(_: Layout) -> ! { + panic!("allocation failed"); + } + ++ #[inline] + fn rt_error(layout: Layout) -> ! { + unsafe { + __rust_alloc_error_handler(layout.size(), layout.align()); + } + } + +- unsafe { core::intrinsics::const_eval_select((layout,), ct_error, rt_error) } ++ #[cfg(not(feature = "panic_immediate_abort"))] ++ unsafe { ++ core::intrinsics::const_eval_select((layout,), ct_error, rt_error) ++ } ++ ++ #[cfg(feature = "panic_immediate_abort")] ++ ct_error(layout) + } + + // For alloc test `std::alloc::handle_alloc_error` can be used directly. +diff --git a/rust/alloc/boxed.rs b/rust/alloc/boxed.rs +index 9620eba17268..f5f40778a193 100644 +--- a/rust/alloc/boxed.rs ++++ b/rust/alloc/boxed.rs +@@ -161,7 +161,7 @@ + use core::marker::Unsize; + use core::mem::{self, SizedTypeProperties}; + use core::ops::{ +- CoerceUnsized, Deref, DerefMut, DispatchFromDyn, Generator, GeneratorState, Receiver, ++ CoerceUnsized, Coroutine, CoroutineState, Deref, DerefMut, DispatchFromDyn, Receiver, + }; + use core::pin::Pin; + use core::ptr::{self, NonNull, Unique}; +@@ -211,7 +211,7 @@ impl<T> Box<T> { + /// ``` + /// let five = Box::new(5); + /// ``` +- #[cfg(all(not(no_global_oom_handling)))] ++ #[cfg(not(no_global_oom_handling))] + #[inline(always)] + #[stable(feature = "rust1", since = "1.0.0")] + #[must_use] +@@ -2110,28 +2110,28 @@ fn as_mut(&mut self) -> &mut T { + #[stable(feature = "pin", since = "1.33.0")] + impl<T: ?Sized, A: Allocator> Unpin for Box<T, A> where A: 'static {} + +-#[unstable(feature = "generator_trait", issue = "43122")] +-impl<G: ?Sized + Generator<R> + Unpin, R, A: Allocator> Generator<R> for Box<G, A> ++#[unstable(feature = "coroutine_trait", issue = "43122")] ++impl<G: ?Sized + Coroutine<R> + Unpin, R, A: Allocator> Coroutine<R> for Box<G, A> + where + A: 'static, + { + type Yield = G::Yield; + type Return = G::Return; + +- fn resume(mut self: Pin<&mut Self>, arg: R) -> GeneratorState<Self::Yield, Self::Return> { ++ fn resume(mut self: Pin<&mut Self>, arg: R) -> CoroutineState<Self::Yield, Self::Return> { + G::resume(Pin::new(&mut *self), arg) + } + } + +-#[unstable(feature = "generator_trait", issue = "43122")] +-impl<G: ?Sized + Generator<R>, R, A: Allocator> Generator<R> for Pin<Box<G, A>> ++#[unstable(feature = "coroutine_trait", issue = "43122")] ++impl<G: ?Sized + Coroutine<R>, R, A: Allocator> Coroutine<R> for Pin<Box<G, A>> + where + A: 'static, + { + type Yield = G::Yield; + type Return = G::Return; + +- fn resume(mut self: Pin<&mut Self>, arg: R) -> GeneratorState<Self::Yield, Self::Return> { ++ fn resume(mut self: Pin<&mut Self>, arg: R) -> CoroutineState<Self::Yield, Self::Return> { + G::resume((*self).as_mut(), arg) + } + } +@@ -2448,4 +2448,8 @@ fn cause(&self) -> Option<&dyn core::error::Error> { + fn source(&self) -> Option<&(dyn core::error::Error + 'static)> { + core::error::Error::source(&**self) + } ++ ++ fn provide<'b>(&'b self, request: &mut core::error::Request<'b>) { ++ core::error::Error::provide(&**self, request); ++ } + } +diff --git a/rust/alloc/lib.rs b/rust/alloc/lib.rs +index 9c7ea73da108..345cf5c9cf92 100644 +--- a/rust/alloc/lib.rs ++++ b/rust/alloc/lib.rs +@@ -80,6 +80,8 @@ + not(no_sync), + target_has_atomic = "ptr" + ))] ++#![cfg_attr(not(bootstrap), doc(rust_logo))] ++#![cfg_attr(not(bootstrap), feature(rustdoc_internals))] + #![no_std] + #![needs_allocator] + // Lints: +@@ -115,7 +117,6 @@ + #![feature(const_eval_select)] + #![feature(const_maybe_uninit_as_mut_ptr)] + #![feature(const_maybe_uninit_write)] +-#![feature(const_maybe_uninit_zeroed)] + #![feature(const_pin)] + #![feature(const_refs_to_cell)] + #![feature(const_size_of_val)] +@@ -141,7 +142,7 @@ + #![feature(maybe_uninit_uninit_array)] + #![feature(maybe_uninit_uninit_array_transpose)] + #![feature(pattern)] +-#![feature(pointer_byte_offsets)] ++#![feature(ptr_addr_eq)] + #![feature(ptr_internals)] + #![feature(ptr_metadata)] + #![feature(ptr_sub_ptr)] +@@ -168,7 +169,7 @@ + // + // Language features: + // tidy-alphabetical-start +-#![cfg_attr(not(test), feature(generator_trait))] ++#![cfg_attr(not(test), feature(coroutine_trait))] + #![cfg_attr(test, feature(panic_update_hook))] + #![cfg_attr(test, feature(test))] + #![feature(allocator_internals)] +diff --git a/rust/alloc/raw_vec.rs b/rust/alloc/raw_vec.rs +index a7425582a323..f1b8cec8cc62 100644 +--- a/rust/alloc/raw_vec.rs ++++ b/rust/alloc/raw_vec.rs +@@ -338,10 +338,13 @@ pub fn reserve_for_push(&mut self, len: usize) { + /// The same as `reserve`, but returns on errors instead of panicking or aborting. + pub fn try_reserve(&mut self, len: usize, additional: usize) -> Result<(), TryReserveError> { + if self.needs_to_grow(len, additional) { +- self.grow_amortized(len, additional) +- } else { +- Ok(()) ++ self.grow_amortized(len, additional)?; + } ++ unsafe { ++ // Inform the optimizer that the reservation has succeeded or wasn't needed ++ core::intrinsics::assume(!self.needs_to_grow(len, additional)); ++ } ++ Ok(()) + } + + /// The same as `reserve_for_push`, but returns on errors instead of panicking or aborting. +@@ -378,7 +381,14 @@ pub fn try_reserve_exact( + len: usize, + additional: usize, + ) -> Result<(), TryReserveError> { +- if self.needs_to_grow(len, additional) { self.grow_exact(len, additional) } else { Ok(()) } ++ if self.needs_to_grow(len, additional) { ++ self.grow_exact(len, additional)?; ++ } ++ unsafe { ++ // Inform the optimizer that the reservation has succeeded or wasn't needed ++ core::intrinsics::assume(!self.needs_to_grow(len, additional)); ++ } ++ Ok(()) + } + + /// Shrinks the buffer down to the specified capacity. If the given amount +@@ -569,6 +579,7 @@ fn alloc_guard(alloc_size: usize) -> Result<(), TryReserveError> { + // ensure that the code generation related to these panics is minimal as there's + // only one location which panics rather than a bunch throughout the module. + #[cfg(not(no_global_oom_handling))] ++#[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] + fn capacity_overflow() -> ! { + panic!("capacity overflow"); + } +diff --git a/rust/alloc/vec/mod.rs b/rust/alloc/vec/mod.rs +index 41ca71805ef0..0d95fd7ef337 100644 +--- a/rust/alloc/vec/mod.rs ++++ b/rust/alloc/vec/mod.rs +@@ -1376,7 +1376,7 @@ pub fn as_mut_slice(&mut self) -> &mut [T] { + /// [`as_mut_ptr`]: Vec::as_mut_ptr + /// [`as_ptr`]: Vec::as_ptr + #[stable(feature = "vec_as_ptr", since = "1.37.0")] +- #[cfg_attr(not(bootstrap), rustc_never_returns_null_ptr)] ++ #[rustc_never_returns_null_ptr] + #[inline] + pub fn as_ptr(&self) -> *const T { + // We shadow the slice method of the same name to avoid going through +@@ -1436,7 +1436,7 @@ pub fn as_ptr(&self) -> *const T { + /// [`as_mut_ptr`]: Vec::as_mut_ptr + /// [`as_ptr`]: Vec::as_ptr + #[stable(feature = "vec_as_ptr", since = "1.37.0")] +- #[cfg_attr(not(bootstrap), rustc_never_returns_null_ptr)] ++ #[rustc_never_returns_null_ptr] + #[inline] + pub fn as_mut_ptr(&mut self) -> *mut T { + // We shadow the slice method of the same name to avoid going through +@@ -1565,7 +1565,8 @@ pub unsafe fn set_len(&mut self, new_len: usize) { + #[stable(feature = "rust1", since = "1.0.0")] + pub fn swap_remove(&mut self, index: usize) -> T { + #[cold] +- #[inline(never)] ++ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] ++ #[track_caller] + fn assert_failed(index: usize, len: usize) -> ! { + panic!("swap_remove index (is {index}) should be < len (is {len})"); + } +@@ -1606,7 +1607,8 @@ fn assert_failed(index: usize, len: usize) -> ! { + #[stable(feature = "rust1", since = "1.0.0")] + pub fn insert(&mut self, index: usize, element: T) { + #[cold] +- #[inline(never)] ++ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] ++ #[track_caller] + fn assert_failed(index: usize, len: usize) -> ! { + panic!("insertion index (is {index}) should be <= len (is {len})"); + } +@@ -1667,7 +1669,7 @@ fn assert_failed(index: usize, len: usize) -> ! { + #[track_caller] + pub fn remove(&mut self, index: usize) -> T { + #[cold] +- #[inline(never)] ++ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] + #[track_caller] + fn assert_failed(index: usize, len: usize) -> ! { + panic!("removal index (is {index}) should be < len (is {len})"); +@@ -2097,6 +2099,7 @@ pub fn pop(&mut self) -> Option<T> { + } else { + unsafe { + self.len -= 1; ++ core::intrinsics::assume(self.len < self.capacity()); + Some(ptr::read(self.as_ptr().add(self.len()))) + } + } +@@ -2299,7 +2302,8 @@ pub fn split_off(&mut self, at: usize) -> Self + A: Clone, + { + #[cold] +- #[inline(never)] ++ #[cfg_attr(not(feature = "panic_immediate_abort"), inline(never))] ++ #[track_caller] + fn assert_failed(at: usize, len: usize) -> ! { + panic!("`at` split index (is {at}) should be <= len (is {len})"); + } +diff --git a/scripts/min-tool-version.sh b/scripts/min-tool-version.sh +index c62066825f53..bcc7d4247290 100755 +--- a/scripts/min-tool-version.sh ++++ b/scripts/min-tool-version.sh +@@ -31,7 +31,7 @@ llvm) + fi + ;; + rustc) +- echo 1.74.1 ++ echo 1.75.0 + ;; + bindgen) + echo 0.65.1 +-- +2.43.0 + diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index bf163701f331..3d4af98494a7 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -6,14 +6,14 @@ let # NOTE: When updating these, please also take a look at the changes done to # kernel config in the xanmod version commit ltsVariant = { - version = "6.1.72"; - hash = "sha256-S8Ilrce7xQb549NPIBRIMMIng4xY77Hbq58rE5LOow8="; + version = "6.1.76"; + hash = "sha256-0nBdUFRGMWM3IL/q8CYiDEUA/sIrYPMkzsBQen30o2E="; variant = "lts"; }; mainVariant = { - version = "6.6.10"; - hash = "sha256-5BymQhVWMHg4zlQIPxf40JQI9iSWQqTZfbDd6+G3RsQ="; + version = "6.6.15"; + hash = "sha256-KHn4Ntm1QStgJRWzwmPYXEbEcuZcF4pWJ964wc6J2Wk="; variant = "main"; }; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix index 40538920d100..544a1639953c 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.7"; #zen - suffix = "zen3"; #zen - sha256 = "0iflyip1a70i7bhll5bpls513g3q1hwsi1irm42rmjsysh4fb188"; #zen + version = "6.7.4"; #zen + suffix = "zen1"; #zen + sha256 = "1vk2xfvqx4kplngw8n2c4xxqwxjyiij0dvbynm2y35nf04l6p9bx"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "6.6.12"; #lqx + version = "6.7.4"; #lqx suffix = "lqx1"; #lqx - sha256 = "13wj7w66mrkabf7f03svq8x9dqy7w3dnh9jqpkr2hdkd6l2nf6c3"; #lqx + sha256 = "1p8vgz3qsrpv1fbil2nkdlfzq4mfmjy9kvh264ckmwn4iay0kxmw"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { diff --git a/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix b/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix index 995bfba34a7f..21712e76661a 100644 --- a/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix @@ -4,7 +4,12 @@ , stdenv , zlib , lib + +# for passthru.tests +, knot-dns , nixosTests +, systemd +, tracee }: stdenv.mkDerivation rec { @@ -25,7 +30,9 @@ stdenv.mkDerivation rec { makeFlags = [ "PREFIX=$(out)" "-C src" ]; passthru.tests = { + inherit knot-dns tracee; bpf = nixosTests.bpf; + systemd = systemd.override { withLibBPF = true; }; }; postInstall = '' diff --git a/nixpkgs/pkgs/os-specific/linux/libcap-ng/default.nix b/nixpkgs/pkgs/os-specific/linux/libcap-ng/default.nix index 0f60a8655ced..59aa5bbc0e5d 100644 --- a/nixpkgs/pkgs/os-specific/linux/libcap-ng/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libcap-ng/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libcap-ng"; - version = "0.8.3"; + version = "0.8.4"; src = fetchurl { url = "https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${version}.tar.gz"; - sha256 = "sha256-vtb2hI4iuy+Dtfdksq7w7TkwVOgDqOOocRyyo55rSS0="; + sha256 = "sha256-aFgdOzjnVTy29t33gTsfyZ5ShW8hQh97R3zlq9JgWoo="; }; outputs = [ "out" "dev" "man" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/libnl-tiny/default.nix b/nixpkgs/pkgs/os-specific/linux/libnl-tiny/default.nix index ec39b560826d..8a8c84513f62 100644 --- a/nixpkgs/pkgs/os-specific/linux/libnl-tiny/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libnl-tiny/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation { pname = "libnl-tiny"; - version = "unstable-2023-07-27"; + version = "unstable-2023-12-05"; src = fetchgit { url = "https://git.openwrt.org/project/libnl-tiny.git"; - rev = "bc92a280186f9becc53c0f17e4e43cfbdeec7e7b"; - hash = "sha256-/d6so8hfBOyp8NbUhPZ0aRj6gXO/RLgwCQnAT7N/rF8="; + rev = "965c4bf49658342ced0bd6e7cb069571b4a1ddff"; + hash = "sha256-kegTV7FXMERW7vjRZo/Xp4cbSBZmynBgge2lK71Fx94="; }; nativeBuildInputs = [ cmake pkg-config ]; diff --git a/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix b/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix index 5d1c1cfc89c0..548d5222c7a2 100644 --- a/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "libsepol"; - version = "3.5"; + version = "3.6"; se_url = "https://github.com/SELinuxProject/selinux/releases/download"; outputs = [ "bin" "out" "dev" "man" ]; src = fetchurl { url = "${se_url}/${version}/libsepol-${version}.tar.gz"; - sha256 = "sha256-eP2vaZJNt4C6x4VG5D2cRAdLrXmMLEFdC5u5bQZe6KI="; + sha256 = "sha256-ydxYXqlJA9eE1ZfIYc1dzmRZFo+V4isxoOqxzdgAl1o="; }; postPatch = lib.optionalString stdenv.hostPlatform.isStatic '' diff --git a/nixpkgs/pkgs/os-specific/linux/linuxptp/default.nix b/nixpkgs/pkgs/os-specific/linux/linuxptp/default.nix index 27a9ccb3303f..de215024555d 100644 --- a/nixpkgs/pkgs/os-specific/linux/linuxptp/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/linuxptp/default.nix @@ -15,7 +15,10 @@ stdenv.mkDerivation rec { '/usr/include/linux/' "${linuxHeaders}/include/linux/" ''; - makeFlags = [ "prefix=" ]; + makeFlags = [ + "prefix=" + "CROSS_COMPILE=${stdenv.cc.targetPrefix}" + ]; preInstall = '' export DESTDIR=$out diff --git a/nixpkgs/pkgs/os-specific/linux/lvm2/2_03.nix b/nixpkgs/pkgs/os-specific/linux/lvm2/2_03.nix index b2f6b0aa8a23..fa0a2cc8a600 100644 --- a/nixpkgs/pkgs/os-specific/linux/lvm2/2_03.nix +++ b/nixpkgs/pkgs/os-specific/linux/lvm2/2_03.nix @@ -1,4 +1,4 @@ import ./common.nix { - version = "2.03.22"; - hash = "sha256-TFppI70aznzgRHRgioSTfOBTupGxrOnwsAFyaOcy3Hw="; + version = "2.03.23"; + hash = "sha256-dOeUqene4bz4ogZfZbkZbET98yHiLWO5jtfejJqhel0="; } diff --git a/nixpkgs/pkgs/os-specific/linux/lvm2/common.nix b/nixpkgs/pkgs/os-specific/linux/lvm2/common.nix index 7b9cc10be167..97f1eb3a1771 100644 --- a/nixpkgs/pkgs/os-specific/linux/lvm2/common.nix +++ b/nixpkgs/pkgs/os-specific/linux/lvm2/common.nix @@ -103,8 +103,8 @@ stdenv.mkDerivation rec { })) # Musl fix from Alpine ./fix-stdio-usage.patch - ] ++ lib.optionals stdenv.hostPlatform.isStatic [ - ./no-shared.patch + # https://gitlab.com/lvmteam/lvm2/-/merge_requests/8 + ./fix-static.patch ]; doCheck = false; # requires root diff --git a/nixpkgs/pkgs/os-specific/linux/lvm2/fix-static.patch b/nixpkgs/pkgs/os-specific/linux/lvm2/fix-static.patch new file mode 100644 index 000000000000..89192744adec --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/lvm2/fix-static.patch @@ -0,0 +1,28 @@ +From 0cbe7f0adc86c92c61156c417b27b063f156b31b Mon Sep 17 00:00:00 2001 +From: Alyssa Ross <hi@alyssa.is> +Date: Tue, 2 Jan 2024 18:15:20 +0100 +Subject: [PATCH] makefiles: fix disabling shared link + +LIB_SHARED still gets set when shared linking has been disabled, so +the previous version of this check still attempted to build the +shared library. +--- + libdm/make.tmpl.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libdm/make.tmpl.in b/libdm/make.tmpl.in +index 2dd9625d4d..69ba2c35ab 100644 +--- a/libdm/make.tmpl.in ++++ b/libdm/make.tmpl.in +@@ -436,7 +436,7 @@ DEFS+=-D_FILE_OFFSET_BITS=64 + @echo " [CC] $(<F)" + $(Q) $(CC) -c $(CFLAGS) $(CLDFLAGS) $< $(LIBS) -o $@ + +-ifneq (,$(LIB_SHARED)) ++ifeq ("@SHARED_LINK@", "yes") + + TARGETS += $(LIB_SHARED).$(LIB_VERSION) + $(LIB_SHARED).$(LIB_VERSION): $(OBJECTS) $(LDDEPS) +-- +GitLab + diff --git a/nixpkgs/pkgs/os-specific/linux/lvm2/no-shared.patch b/nixpkgs/pkgs/os-specific/linux/lvm2/no-shared.patch deleted file mode 100644 index 23a82a0fa294..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/lvm2/no-shared.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/libdm/Makefile.in b/libdm/Makefile.in -index 2758648e6..f305a12b0 100644 ---- a/libdm/Makefile.in -+++ b/libdm/Makefile.in -@@ -47,7 +47,6 @@ endif - - LIB_SHARED = $(interface)/libdevmapper.$(LIB_SUFFIX) - LIB_VERSION = $(LIB_VERSION_DM) --TARGETS = libdevmapper.$(LIB_SUFFIX) libdevmapper.$(LIB_SUFFIX).$(LIB_VERSION) .symver_check - - CFLOW_LIST = $(SOURCES) - CFLOW_LIST_TARGET = libdevmapper.cflow -diff --git a/libdm/make.tmpl.in b/libdm/make.tmpl.in -index a731687c2..9366cdf1c 100644 ---- a/libdm/make.tmpl.in -+++ b/libdm/make.tmpl.in -@@ -314,7 +314,7 @@ SUBDIRS.cflow := $(SUBDIRS:=.cflow) - SUBDIRS.clean := $(SUBDIRS:=.clean) - SUBDIRS.distclean := $(SUBDIRS:=.distclean) - --TARGETS += $(LIB_SHARED) $(LIB_STATIC) -+TARGETS += $(LIB_STATIC) - - all: $(SUBDIRS) $(TARGETS) - -@@ -431,7 +431,6 @@ DEFS+=-D_FILE_OFFSET_BITS=64 - - ifneq (,$(LIB_SHARED)) - --TARGETS += $(LIB_SHARED).$(LIB_VERSION) - $(LIB_SHARED).$(LIB_VERSION): $(OBJECTS) $(LDDEPS) - @echo " [CC] $@" - ifeq ("@LIB_SUFFIX@","so") -diff --git a/make.tmpl.in b/make.tmpl.in -index b73176f5a..6100d0dfd 100644 ---- a/make.tmpl.in -+++ b/make.tmpl.in -@@ -368,7 +368,7 @@ SUBDIRS.cflow := $(SUBDIRS:=.cflow) - SUBDIRS.clean := $(SUBDIRS:=.clean) - SUBDIRS.distclean := $(SUBDIRS:=.distclean) - --TARGETS += $(LIB_SHARED) $(LIB_STATIC) -+TARGETS += $(LIB_STATIC) - - INTERNAL_LIBS = \ - $(top_builddir)/libdaemon/client/libdaemonclient.a \ diff --git a/nixpkgs/pkgs/os-specific/linux/lxc/default.nix b/nixpkgs/pkgs/os-specific/linux/lxc/default.nix index 4caf5b9aa943..6724651bbaf7 100644 --- a/nixpkgs/pkgs/os-specific/linux/lxc/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/lxc/default.nix @@ -12,7 +12,6 @@ nix-update-script, nixosTests, openssl, - pam, pkg-config, systemd, }: @@ -41,11 +40,16 @@ stdenv.mkDerivation rec { libseccomp libselinux openssl - pam systemd ]; - patches = [ ./add-meson-options.patch ]; + patches = [ + # make build more nix compatible + ./add-meson-options.patch + + # fix docbook2man version detection + ./docbook-hack.patch + ]; mesonFlags = [ "-Dinstall-init-files=false" diff --git a/nixpkgs/pkgs/os-specific/linux/lxc/docbook-hack.patch b/nixpkgs/pkgs/os-specific/linux/lxc/docbook-hack.patch new file mode 100644 index 000000000000..f758014efbaa --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/lxc/docbook-hack.patch @@ -0,0 +1,21 @@ +diff --git a/meson.build b/meson.build +index d1527679e..360824994 100644 +--- a/meson.build ++++ b/meson.build +@@ -320,15 +320,7 @@ docconf.set('LXC_USERNIC_CONF', lxc_user_network_conf) + docconf.set('LXC_USERNIC_DB', lxc_user_network_db) + docconf.set('PACKAGE_VERSION', version_data.get('LXC_VERSION')) + docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"') +-sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: false, version: '>=0.8') +-if not sgml2man.found() +- sgml2man = find_program('docbook2man', required: false, version: '<0.8') +- if sgml2man.found() +- docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"') +- elif want_mans +- error('missing required docbook2x or docbook-utils dependency') +- endif +-endif ++sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: false) + + ## Threads. + threads = dependency('threads') diff --git a/nixpkgs/pkgs/os-specific/linux/lxc/support-db2x.patch b/nixpkgs/pkgs/os-specific/linux/lxc/support-db2x.patch deleted file mode 100644 index 16715992d35f..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/lxc/support-db2x.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 84f8699..dce9033 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -192,9 +192,9 @@ if test "x$enable_doc" = "xyes" -o "x$enable_doc" = "xauto"; then - AC_SUBST(db2xman) - fi - AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"]) --AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "xdocbook2man"]) -+AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "no-no-no"]) - --if test "x$db2xman" = "xdocbook2man"; then -+if test "x$db2xman" = "no-no-no"; then - docdtd="\"-//Davenport//DTD DocBook V3.0//EN\"" - else - docdtd="\"-//OASIS//DTD DocBook XML\" \"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd\"" diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix index 9a7cca68bfd7..4849ff75c54a 100644 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix @@ -1,4 +1,5 @@ -{ substituteAll +{ callPackage +, substituteAll , runtimeShell , coreutils , gnused @@ -36,6 +37,7 @@ substituteAll { # run some a simple installer tests to make sure nixos-rebuild still works for them passthru.tests = { install-bootloader = nixosTests.nixos-rebuild-install-bootloader; + repl = callPackage ./test/repl.nix {}; simple-installer = nixosTests.installer.simple; specialisations = nixosTests.nixos-rebuild-specialisations; target-host = nixosTests.nixos-rebuild-target-host; diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index 006b5db6320c..2051368a49f6 100755 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -407,6 +407,13 @@ fi tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX) +if [[ ${#tmpDir} -ge 60 ]]; then + # Very long tmp dirs lead to "too long for Unix domain socket" + # SSH ControlPath errors. Especially macOS sets long TMPDIR paths. + rmdir "$tmpDir" + tmpDir=$(TMPDIR= mktemp -t -d nixos-rebuild.XXXXXX) +fi + cleanup() { for ctrl in "$tmpDir"/ssh-*; do ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true @@ -572,6 +579,7 @@ if [ "$action" = repl ]; then - ${blue}config${reset} All option values - ${blue}options${reset} Option data and metadata - ${blue}pkgs${reset} Nixpkgs package set + - ${blue}lib${reset} Nixpkgs library functions - other module arguments - ${blue}flake${reset} Flake outputs, inputs and source info of $flake @@ -592,6 +600,7 @@ if [ "$action" = repl ]; then configuration._module.specialArgs // { inherit (configuration) config options; + lib = configuration.lib or configuration.pkgs.lib; inherit flake; }; in builtins.seq scope builtins.trace motd scope diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/test/repl.nix b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/test/repl.nix new file mode 100644 index 000000000000..1161ff84664d --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/test/repl.nix @@ -0,0 +1,146 @@ +{ lib, + expect, + nix, + nixos-rebuild, + path, + runCommand, + stdenv, + writeText, +}: +let + # Arguably not true, but it holds up for now. + escapeExpect = lib.strings.escapeNixString; + + expectSetup = '' + set timeout 180 + proc expect_simple { pattern } { + puts "Expecting: $pattern" + expect { + timeout { + puts "\nTimeout waiting for: $pattern\n" + exit 1 + } + $pattern + } + } + ''; + + # In case we want/need to evaluate packages or the assertions or whatever, + # we want to have a linux system. + # TODO: make the non-flake test use thise. + linuxSystem = lib.replaceStrings ["darwin"] ["linux"] stdenv.hostPlatform.system; + +in +runCommand "test-nixos-rebuild-repl" { + nativeBuildInputs = [ + expect + nix + nixos-rebuild + ]; + nixpkgs = + if builtins.pathExists (path + "/.git") + then lib.cleanSource path + else path; +} '' + export HOME=$(mktemp -d) + export TEST_ROOT=$PWD/test-tmp + + # Prepare for running Nix in sandbox + export NIX_BUILD_HOOK= + export NIX_CONF_DIR=$TEST_ROOT/etc + export NIX_LOCALSTATE_DIR=$TEST_ROOT/var + export NIX_LOG_DIR=$TEST_ROOT/var/log/nix + export NIX_STATE_DIR=$TEST_ROOT/var/nix + export NIX_STORE_DIR=$TEST_ROOT/store + export PAGER=cat + mkdir -p $TEST_ROOT $NIX_CONF_DIR + + echo General setup + ################## + + export NIX_PATH=nixpkgs=$nixpkgs:nixos-config=$HOME/configuration.nix + cat >> ~/configuration.nix <<EOF + { + boot.loader.grub.enable = false; + fileSystems."/".device = "x"; + imports = [ ./hardware-configuration.nix ]; + } + EOF + + echo '{ }' > ~/hardware-configuration.nix + + + echo Test traditional NixOS configuration + ######################################### + + expect ${writeText "test-nixos-rebuild-repl-expect" '' + ${expectSetup} + spawn nixos-rebuild repl --fast + + expect "nix-repl> " + + send "config.networking.hostName\n" + expect "\"nixos\"" + ''} + + + echo Test flake based NixOS configuration + ######################################### + + # Switch to flake flavored environment + unset NIX_PATH + cat > $NIX_CONF_DIR/nix.conf <<EOF + experimental-features = nix-command flakes + EOF + + # Make the config pure + echo '{ nixpkgs.hostPlatform = "${linuxSystem}"; }' > ~/hardware-configuration.nix + + cat >~/flake.nix <<EOF + { + inputs.nixpkgs.url = "path:$nixpkgs"; + outputs = { nixpkgs, ... }: { + nixosConfigurations.testconf = nixpkgs.lib.nixosSystem { + modules = [ + ./configuration.nix + # Let's change it up a bit + { networking.hostName = "itsme"; } + ]; + }; + }; + } + EOF + + # cat -n ~/flake.nix + + expect ${writeText "test-nixos-rebuild-repl-expect" '' + ${expectSetup} + spawn sh -c "nixos-rebuild repl --fast --flake path:\$HOME#testconf" + + expect_simple "nix-repl>" + + send "config.networking.hostName\n" + expect_simple "itsme" + + expect_simple "nix-repl>" + send "lib.version\n" + expect_simple ${escapeExpect ( + # The version string is a bit different in the flake lib, so we expect a prefix and ignore the rest + # Furthermore, including the revision (suffix) would cause unnecessary rebuilds. + # Note that a length of 4 only matches e.g. "24. + lib.strings.substring 0 4 (lib.strings.escapeNixString lib.version))} + + # Make sure it's the right lib - should be the flake lib, not Nixpkgs lib. + expect_simple "nix-repl>" + send "lib?nixosSystem\n" + expect_simple "true" + expect_simple "nix-repl>" + send "lib?nixos\n" + expect_simple "true" + ''} + echo + + ######### + echo Done + touch $out +'' diff --git a/nixpkgs/pkgs/os-specific/linux/nsncd/default.nix b/nixpkgs/pkgs/os-specific/linux/nsncd/default.nix index 81590a6f8692..01cb6695b330 100644 --- a/nixpkgs/pkgs/os-specific/linux/nsncd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nsncd/default.nix @@ -7,19 +7,22 @@ rustPlatform.buildRustPackage rec { pname = "nsncd"; - version = "unstable-2023-10-26"; + version = "unstable-2024-01-16"; - # https://github.com/twosigma/nsncd/pull/71 has not been upstreamed - # to twosigma/nsncd yet. Using the nix-community fork in the - # meantime. src = fetchFromGitHub { - owner = "nix-community"; + owner = "twosigma"; repo = "nsncd"; - rev = "d6513421f420e407248c6d0aee39ae2f861a7cec"; - hash = "sha256-PykzwpPxMDHJOr2HubXuw+Krk9Jbi0E3M2lEAOXhx2M="; + rev = "f4706786f26d12c533035fb2916be9be5751150b"; + hash = "sha256-GbKDWW00eZZwmslkaGIO8hjCyD5xi7h+S2WP6q5ekOQ="; }; - cargoSha256 = "sha256-cUM7rYXWpJ0aMiurXBp15IlxAmf/x5uiodxEqBPCQT0="; + cargoSha256 = "sha256-jAxcyMPDTBFBrG0cuKm0Tm5p/UEnUgTPQKDgqY2yK7w="; + checkFlags = [ + # Relies on the test environment to be able to resolve "localhost" + # on IPv4. That's not the case in the Nix sandbox somehow. Works + # when running cargo test impurely on a (NixOS|Debian) machine. + "--skip=ffi::test_gethostbyname2_r" + ]; meta = with lib; { description = "the name service non-caching daemon"; diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh index fbb116ab42ad..aa614aec1283 100755 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh @@ -14,6 +14,8 @@ unpackFile() { buildPhase() { + runHook preBuild + if [ -n "$bin" ]; then # Create the module. echo "Building linux driver against kernel: $kernel"; @@ -23,10 +25,14 @@ buildPhase() { cd .. fi + + runHook postBuild } installPhase() { + runHook preInstall + # Install libGL and friends. # since version 391, 32bit libraries are bundled in the 32/ sub-directory @@ -214,6 +220,8 @@ installPhase() { # FIXME: needs PATH and other fixes # install -Dm755 nvidia-bug-report.sh $bin/bin/nvidia-bug-report.sh fi + + runHook postInstall } genericBuild diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix index bd57c19db335..de3248c2dd59 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -16,6 +16,12 @@ let selectHighestVersion = a: b: if lib.versionOlder a.version b.version then b else a; + + # https://forums.developer.nvidia.com/t/linux-6-7-3-545-29-06-550-40-07-error-modpost-gpl-incompatible-module-nvidia-ko-uses-gpl-only-symbol-rcu-read-lock/280908/19 + rcu_patch = fetchpatch { + url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; + hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; + }; in rec { mkDriver = generic; @@ -33,6 +39,8 @@ rec { openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo="; settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10="; persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE="; + + patches = [ rcu_patch ]; }; latest = selectHighestVersion production (generic { @@ -43,30 +51,35 @@ rec { settingsSha256 = "sha256-YBaKpRQWSdXG8Usev8s3GYHCPqL8PpJeF6gpa2droWY="; persistencedSha256 = "sha256-AiYrrOgMagIixu3Ss2rePdoL24CKORFvzgZY3jlNbwM="; - patchFlags = [ "-p1" "-d" "kernel" ]; - patches = []; + patches = [ rcu_patch ]; + + brokenOpen = kernel.kernelAtLeast "6.7"; }); beta = selectHighestVersion latest (generic { - version = "545.23.06"; - sha256_64bit = "sha256-QTnTKAGfcvKvKHik0BgAemV3PrRqRlM3B9jjZeupCC8="; - sha256_aarch64 = "sha256-qkVP6AiXNoRTqgqPvs/AfErEq8BTQw25rtJ6GS06JTM="; - openSha256 = "sha256-m7D5LZdhFCZYAIbhrgZ0pN2z19LsU3I3Q7qsKX7Z6mM="; - settingsSha256 = "sha256-+X6gDeU8Qlvprb05aB2quM55y0zEcBXtb65e3Rq9gKg="; - persistencedSha256 = "sha256-RQJAIwPqOUI5FB3uf0/Y4K/iwFfoLpU1/+BOK/KF5VA="; + version = "550.40.07"; + sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0="; + sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4="; + openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I="; + settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs="; + persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870="; + + patches = [ rcu_patch ]; }); # Vulkan developer beta driver # See here for more information: https://developer.nvidia.com/vulkan-driver vulkan_beta = generic rec { - version = "535.43.22"; + version = "535.43.25"; persistencedVersion = "535.98"; settingsVersion = "535.98"; - sha256_64bit = "sha256-emam5bfYJeFi1+Z0Z1//luaY1JTKcQNYUP8GmG9480Q="; - openSha256 = "sha256-8Nz6LfEdAsm7d6Leqs+ikN0BpOPkLCcd7bckK0MOIFU="; + sha256_64bit = "sha256-Ir75rT1xs3Cycd1Wl7EqIUuU5bGfeSPYbGiq2Eqjlsw="; + openSha256 = "sha256-HnM4/sUKvZ8hGuwa0YSTAuC9HShw6on3+lk0TcqcPEQ="; settingsSha256 = "sha256-jCRfeB1w6/dA27gaz6t5/Qo7On0zbAPIi74LYLel34s="; persistencedSha256 = "sha256-WviDU6B50YG8dO64CGvU3xK8WFUX8nvvVYm/fuGyroM="; url = "https://developer.nvidia.com/downloads/vulkan-beta-${lib.concatStrings (lib.splitVersion version)}-linux"; + + patches = [ rcu_patch ]; }; # data center driver compatible with current default cudaPackages @@ -79,6 +92,10 @@ rec { useSettings = false; usePersistenced = false; useFabricmanager = true; + + patches = [ rcu_patch ]; + + broken = kernel.kernelAtLeast "6.5"; }; dc_535 = generic rec { @@ -90,6 +107,8 @@ rec { useSettings = false; usePersistenced = true; useFabricmanager = true; + + patches = [ rcu_patch ]; }; # Update note: @@ -104,8 +123,7 @@ rec { settingsSha256 = "sha256-r6DuIH/rnsCm/y51iRgPNi5/kz+EFMVABREdTjBneZ0="; persistencedSha256 = "sha256-e71fpPBBv8S/aoeXxBXkzKy5bsMMbv8y024cSLc8DYc="; - patchFlags = [ "-p1" "-d" "kernel" ]; - patches = []; + patches = [ rcu_patch ]; }; # Last one supporting x86 @@ -117,10 +135,18 @@ rec { persistencedSha256 = "sha256-NuqUQbVt80gYTXgIcu0crAORfsj9BCRooyH3Gp1y1ns="; broken = kernel.kernelAtLeast "6.2"; + + # fixes the bug described in https://bbs.archlinux.org/viewtopic.php?pid=2083439#p2083439 + # see https://bbs.archlinux.org/viewtopic.php?pid=2083651#p2083651 + # and https://bbs.archlinux.org/viewtopic.php?pid=2083699#p2083699 + postInstall = '' + mv $out/lib/tls/* $out/lib + rmdir $out/lib/tls + ''; }; legacy_340 = let - # Source cooresponding to https://aur.archlinux.org/packages/nvidia-340xx-dkms + # Source corresponding to https://aur.archlinux.org/packages/nvidia-340xx-dkms aurPatches = fetchFromGitHub { owner = "archlinux-jerry"; repo = "nvidia-340xx"; @@ -154,5 +180,13 @@ rec { broken = kernel.kernelAtLeast "6.7"; patches = map (patch: "${aurPatches}/${patch}") patchset; + + # fixes the bug described in https://bbs.archlinux.org/viewtopic.php?pid=2083439#p2083439 + # see https://bbs.archlinux.org/viewtopic.php?pid=2083651#p2083651 + # and https://bbs.archlinux.org/viewtopic.php?pid=2083699#p2083699 + postInstall = '' + mv $out/lib/tls/* $out/lib + rmdir $out/lib/tls + ''; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix index c60098ab899d..2cbc1846362b 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix @@ -19,10 +19,12 @@ , useFabricmanager ? false , ibtSupport ? false -, prePatch ? "" +, prePatch ? null , postPatch ? null , patchFlags ? null , patches ? [ ] +, preInstall ? null +, postInstall ? null , broken ? false , brokenOpen ? broken }@args: @@ -58,7 +60,6 @@ with lib; -assert useSettings -> !libsOnly; assert !libsOnly -> kernel != null; assert versionOlder version "391" -> sha256_32bit != null; assert useSettings -> settingsSha256 != null; @@ -145,6 +146,7 @@ let patches = if libsOnly then null else patches; inherit prePatch postPatch patchFlags; + inherit preInstall postInstall; inherit version useGLVND useProfiles; inherit (stdenv.hostPlatform) system; inherit i686bundled; diff --git a/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix b/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix index b1944778237d..89149027d3b8 100644 --- a/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/openvswitch/default.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "3.2.1"; - hash = "sha256-nXdyDJIU60Lx9cvpLuUp3E7MUnaZvvGDm+UKbXJRH0o="; + version = "3.2.2"; + hash = "sha256-BCesNAYE3RyxfBAzK2/6+PcV1W+1ZEZQKVSLSq/pWC8="; } diff --git a/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix b/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix index d52aae987085..93ccbfcee95d 100644 --- a/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix +++ b/nixpkgs/pkgs/os-specific/linux/openvswitch/lts.nix @@ -1,5 +1,5 @@ import ./generic.nix { - version = "2.17.8"; - hash = "sha256-DWAwepAxl90ay7MXPCz++BicaeSHYuZ06O8VeFZac+U="; + version = "2.17.9"; + hash = "sha256-4bP6RyZ2YmhT8i1j+VnlrQYeG/V+G71ETQ7Yj5R++LE="; updateScriptArgs = "--lts=true --regex '2\.17.*'"; } diff --git a/nixpkgs/pkgs/os-specific/linux/pam/default.nix b/nixpkgs/pkgs/os-specific/linux/pam/default.nix index 10864df2597b..c956dfad4c64 100644 --- a/nixpkgs/pkgs/os-specific/linux/pam/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/pam/default.nix @@ -1,5 +1,4 @@ -{ lib, stdenv, buildPackages, fetchurl -, fetchpatch +{ lib, stdenv, buildPackages, fetchurl, fetchpatch , flex, cracklib, db4, gettext, audit, libxcrypt , nixosTests , autoreconfHook269, pkg-config-unwrapped @@ -7,22 +6,21 @@ stdenv.mkDerivation rec { pname = "linux-pam"; - version = "1.5.2"; + version = "1.6.0"; src = fetchurl { - url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; - sha256 = "sha256-5OxxMakdpEUSV0Jo9JPG2MoQXIcJFpG46bVspoXU+U0="; + url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; + hash = "sha256-//SjTlu+534ujxmS8nYx4jKby/igVj3etcM4m04xaa0="; }; patches = [ ./suid-wrapper-path.patch - # Pull support for localization on non-default --prefix: - # https://github.com/NixOS/nixpkgs/issues/249010 - # https://github.com/linux-pam/linux-pam/pull/604 + + # Backport fix for missing include breaking musl builds. (fetchpatch { - name = "bind-locales.patch"; - url = "https://github.com/linux-pam/linux-pam/commit/77bd338125cde583ecdfb9fd69619bcd2baf15c2.patch"; - hash = "sha256-tlc9RcLZpEH315NFD4sdN9yOco8qhC6+bszl4OHm+AI="; + name = "pam_namespace-stdint.h.patch"; + url = "https://github.com/linux-pam/linux-pam/commit/cc9d40b7cdbd3e15ccaa324a0dda1680ef9dea13.patch"; + hash = "sha256-tCnH2yPO4dBbJOZA0fP2gm1EavHRMEJyfzB5Vy7YjAA="; }) ]; @@ -35,8 +33,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - # autoreconfHook269 is needed for `suid-wrapper-path.patch` and - # `bind-locales.patch` above. + # autoreconfHook269 is needed for `suid-wrapper-path.patch` above. # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ] ++ lib.optional stdenv.buildPlatform.isDarwin gettext; @@ -57,6 +54,9 @@ stdenv.mkDerivation rec { configureFlags = [ "--includedir=${placeholder "out"}/include/security" "--enable-sconfigdir=/etc/security" + # The module is deprecated. We re-enable it explicitly until NixOS + # module stops using it. + "--enable-lastlog" ]; installFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/pam_usb/default.nix b/nixpkgs/pkgs/os-specific/linux/pam_usb/default.nix deleted file mode 100644 index 1264894ad0c9..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/pam_usb/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ lib, stdenv, fetchurl, makeWrapper, dbus, libxml2, pam, pkg-config, pmount, python2Packages, writeScript, runtimeShell }: - -let - - # Search in the environment if the same program exists with a set uid or - # set gid bit. If it exists, run the first program found, otherwise run - # the default binary. - useSetUID = drv: path: - let - name = baseNameOf path; - bin = "${drv}${path}"; - in assert name != ""; - writeScript "setUID-${name}" '' - #!${runtimeShell} - inode=$(stat -Lc %i ${bin}) - for file in $(type -ap ${name}); do - case $(stat -Lc %a $file) in - ([2-7][0-7][0-7][0-7]) - if test -r "$file".real; then - orig=$(cat "$file".real) - if test $inode = $(stat -Lc %i "$orig"); then - exec "$file" "$@" - fi - fi;; - esac - done - exec ${bin} "$@" - ''; - - pmountBin = useSetUID pmount "/bin/pmount"; - pumountBin = useSetUID pmount "/bin/pumount"; - inherit (python2Packages) python dbus-python; -in - -stdenv.mkDerivation rec { - pname = "pam_usb"; - version = "0.5.0"; - - src = fetchurl { - url = "mirror://sourceforge/pamusb/pam_usb-${version}.tar.gz"; - sha256 = "1g1w0s9d8mfld8abrn405ll5grv3xgs0b0hsganrz6qafdq9j7q1"; - }; - - nativeBuildInputs = [ - makeWrapper - pkg-config - ]; - - buildInputs = [ - # pam_usb dependencies - dbus libxml2 pam pmount - # pam_usb's tools dependencies - python - # cElementTree is included with python 2.5 and later. - ]; - - preBuild = '' - makeFlagsArray=(DESTDIR=$out) - substituteInPlace ./src/volume.c \ - --replace 'pmount' '${pmountBin}' \ - --replace 'pumount' '${pumountBin}' - ''; - - # pmount is append to the PATH because pmounts binaries should have a set uid bit. - postInstall = '' - mv $out/usr/* $out/. # fix color */ - rm -rf $out/usr - for prog in $out/bin/pamusb-conf $out/bin/pamusb-agent; do - substituteInPlace $prog --replace '/usr/bin/env python' '/bin/python' - wrapProgram $prog \ - --prefix PYTHONPATH : "$(toPythonPath ${dbus-python})" - done - ''; - - meta = { - homepage = "http://pamusb.org/"; - description = "Authentication using USB Flash Drives"; - license = lib.licenses.gpl2; - platforms = lib.platforms.linux; - }; -} diff --git a/nixpkgs/pkgs/os-specific/linux/pcm/default.nix b/nixpkgs/pkgs/os-specific/linux/pcm/default.nix index 15f54fb360a4..7a86a58ffa12 100644 --- a/nixpkgs/pkgs/os-specific/linux/pcm/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/pcm/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pcm"; - version = "202311"; + version = "202401"; src = fetchFromGitHub { owner = "opcm"; repo = "pcm"; rev = version; - hash = "sha256-lWE7Gz/+LLMr3UyqfwBWEwpSvtdjMgdxVqc9hrZAYfk="; + hash = "sha256-S4E9q4pdF9pT0ehKkeOMbJEFlTV9zB15BZA0R+cjVi8="; }; nativeBuildInputs = [ cmake ]; diff --git a/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix b/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix index 7b8b4683cbd7..d4ae90cddd7c 100644 --- a/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "power-calibrate"; - version = "0.01.35"; + version = "0.01.36"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-6ggxerWWBfjVgkgwLmIv/kPb04JIsJxPcVBrRQAG/ZM="; + hash = "sha256-7NKR82waxooB62D59kRmJPqxoVHX9OIWKwLrmzsg9OQ="; }; installFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix b/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix index 5d75249d616c..7014e3b095f4 100644 --- a/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rdma-core/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "rdma-core"; - version = "49.0"; + version = "50.0"; src = fetchFromGitHub { owner = "linux-rdma"; repo = "rdma-core"; rev = "v${finalAttrs.version}"; - hash = "sha256-4095U7fLIvixUY3K6l0iFJh7oWwwKAX/WcD3ziqdsLg="; + hash = "sha256-PJlbY7QR9b2eVaALpuq/67kRTc91HEhs9Wl7WXtSLmA="; }; strictDeps = true; diff --git a/nixpkgs/pkgs/os-specific/linux/rtl8812au/default.nix b/nixpkgs/pkgs/os-specific/linux/rtl8812au/default.nix index adc197a1166e..ed330fc24637 100644 --- a/nixpkgs/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rtl8812au/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation { pname = "rtl8812au"; - version = "${kernel.version}-unstable-2023-07-22"; + version = "${kernel.version}-unstable-2024-01-19"; src = fetchFromGitHub { owner = "morrownr"; repo = "8812au-20210629"; - rev = "b5f4e6e894eca8fea38661e2fc22a2570e0274ad"; - hash = "sha256-3uPowesJVh/cnagMz/Uadb+U5rDUAWfU39tZaDNCoqg="; + rev = "3b921c0beda8583c1d2d1b0b7e4692d11e7ea772"; + hash = "sha256-Ji61Y23uGSTyj3Z5ia9iev5rVzSOv7XY/IfAClhz7Q8="; }; nativeBuildInputs = [ bc nukeReferences ] ++ kernel.moduleBuildDependencies; diff --git a/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix b/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix index 73b098894b98..edb2feed6c61 100644 --- a/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rtl88x2bu/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation { pname = "rtl88x2bu"; - version = "${kernel.version}-unstable-2023-09-24"; + version = "${kernel.version}-unstable-2023-11-29"; src = fetchFromGitHub { owner = "morrownr"; repo = "88x2bu-20210702"; - rev = "888ba1b309e6258a736ef5c37a68836cd0ea5517"; - sha256 = "sha256-oLRGRKUNTmIw+Zn23TArGumo24AIH2YEMpnStyXBNw8="; + rev = "cd2b6cbd9c8fbfebee8a1f28fab8e4434450456c"; + sha256 = "sha256-t1lLJSEDzY2zvgcKYaxUq/umrlLpxu4+4zWmG8R0Wz4="; }; hardeningDisable = [ "pic" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/rust-out-of-tree-module/default.nix b/nixpkgs/pkgs/os-specific/linux/rust-out-of-tree-module/default.nix new file mode 100644 index 000000000000..fd6b85a4dbd6 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/rust-out-of-tree-module/default.nix @@ -0,0 +1,28 @@ +{ lib, fetchFromGitHub, kernel }: +kernel.stdenv.mkDerivation { + name = "rust-out-of-tree-module"; + + src = fetchFromGitHub { + owner = "Rust-for-linux"; + repo = "rust-out-of-tree-module"; + + rev = "7addf9dafba795524f6179a557f7272ecbe1b165"; + hash = "sha256-Bj7WonZ499W/FajbxjM7yBkU9iTxTW7CrRbCSzWbsSc="; + }; + + nativeBuildInputs = kernel.moduleBuildDependencies; + makeFlags = kernel.makeFlags ++ [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" ]; + + installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ]; + installTargets = [ "modules_install" ]; + + meta = { + broken = !kernel.withRust; + description = "A basic template for an out-of-tree Linux kernel module written in Rust"; + homepage = "https://github.com/Rust-for-Linux/rust-out-of-tree-module"; + license = lib.licenses.gpl2Only; + maintainers = [ lib.maintainers.blitz ]; + platforms = lib.platforms.linux; + }; + +} diff --git a/nixpkgs/pkgs/os-specific/linux/sasutils/default.nix b/nixpkgs/pkgs/os-specific/linux/sasutils/default.nix index d30e7f608c77..64d288117bf4 100644 --- a/nixpkgs/pkgs/os-specific/linux/sasutils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sasutils/default.nix @@ -2,13 +2,13 @@ python3Packages.buildPythonApplication rec { pname = "sasutils"; - version = "0.4.0"; + version = "0.5.0"; src = fetchFromGitHub { owner = "stanford-rc"; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-9JRw+UoxU0I5RHuimzYrM/3j8UWHuicVpoOdRRrj2Wc="; + sha256 = "sha256-DK0mEqlPf9UGtUxqbzB0l1xX0P4htYm2NYvV7zilhx0="; }; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/os-specific/linux/setools/default.nix b/nixpkgs/pkgs/os-specific/linux/setools/default.nix index 2e554a0241b2..0819ae91fc87 100644 --- a/nixpkgs/pkgs/os-specific/linux/setools/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/setools/default.nix @@ -8,18 +8,18 @@ with python3.pkgs; buildPythonApplication rec { pname = "setools"; - version = "4.4.1"; + version = "4.4.4"; src = fetchFromGitHub { owner = "SELinuxProject"; repo = pname; rev = "refs/tags/${version}"; - sha256 = "sha256-4T5FIdnKi35JSm+IoYA2gIBBRV0nN0YLEw9xvDqNcgo="; + hash = "sha256-QCJfFdY4THBurx7G8q/WAzb7b9CwtNNGi5fn9D++BMU="; }; nativeBuildInputs = [ cython ]; buildInputs = [ libsepol ]; - propagatedBuildInputs = [ enum34 libselinux networkx ] + propagatedBuildInputs = [ enum34 libselinux networkx setuptools ] ++ optionals withGraphics [ pyqt5 ]; nativeCheckInputs = [ tox checkpolicy ]; diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix index cd3d2f94d6f3..0ee191e86895 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix @@ -1,5 +1,6 @@ { stdenv , fetchFromGitHub +, fetchpatch , lib , curl , nlohmann_json @@ -43,6 +44,16 @@ stdenv.mkDerivation rec { hash = "sha256-q0dI4WdA1ue4sw+QfSherh31Ldf9gnhoft66o3E9gnU="; }; + patches = [ + # Fix gcc-13 build: + # https://github.com/microsoft/Azure-DCAP-Client/pull/197 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/microsoft/Azure-DCAP-Client/commit/fbcae7b3c8f1155998248cf5b5f4c1df979483f5.patch"; + hash = "sha256-ezEuQql3stn58N1ZPKMlhPpUOBkDpCcENpGwFAmWtHc="; + }) + ]; + nativeBuildInputs = [ pkg-config ]; diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix index 1e4432ecc642..40d80ece8abf 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix @@ -9,7 +9,7 @@ sgx-azure-dcap-client.overrideAttrs (old: { gtest ]; - patches = [ + patches = (old.patches or []) ++ [ ./tests-missing-includes.patch ]; diff --git a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix index d6319fd0dcf3..2f4e49062aef 100644 --- a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.14.2"; + version = "4.14.3"; src = fetchFromGitHub { owner = "shadow-maint"; repo = pname; rev = version; - hash = "sha256-8sFXxP4MPFzKfBHzlKlsibj0lVQKJbC/Z7pWCy3WEuc="; + hash = "sha256-Y5wyvmTh66Bjb1/UPdDF78lgvH7HFTCFowhQQ+Fo9ak="; }; outputs = [ "out" "su" "dev" "man" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/shufflecake/default.nix b/nixpkgs/pkgs/os-specific/linux/shufflecake/default.nix new file mode 100644 index 000000000000..8e1330e56789 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/shufflecake/default.nix @@ -0,0 +1,36 @@ +{ lib, kernel, stdenv, fetchFromGitea, libgcrypt, lvm2 }: +stdenv.mkDerivation (finalAttrs: { + name = "shufflecake"; + version = "0.4.4"; + src = fetchFromGitea { + domain = "codeberg.org"; + owner = "shufflecake"; + repo = "shufflecake-c"; + rev = "v${finalAttrs.version}"; + hash = "sha256-zvGHM5kajJlROI8vg1yZQ5NvJvuGLV2iKvumdW8aglA="; + }; + + nativeBuildInputs = kernel.moduleBuildDependencies; + buildInputs = [ libgcrypt lvm2 ]; + makeFlags = kernel.makeFlags ++ [ + "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + outputs = [ "out" "bin" ]; + + installPhase = '' + install -Dm444 dm-sflc.ko $out/lib/modules/${kernel.modDirVersion}/drivers/md/dm-sflc.ko + install -Dm555 shufflecake $bin/shufflecake + ''; + + meta = with lib; { + description = "A plausible deniability (hidden storage) layer for Linux"; + homepage = "https://shufflecake.net"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ oluceps ]; + outputsToInstall = [ "bin" ]; + platforms = platforms.linux; + broken = kernel.kernelOlder "6.1"; + }; +}) + diff --git a/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix b/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix index 33354b1df8b7..0dbfbd29b6c3 100644 --- a/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix @@ -4,11 +4,11 @@ }: let - # Compare with https://github.com/draios/sysdig/blob/dev/cmake/modules/falcosecurity-libs.cmake - libsRev = "0.13.1"; - libsHash = "sha256-UNoXIkFr64Nr0XVAtV4+BMNpCk4w8Dn4waZek/ok4Uk="; + # Compare with https://github.com/draios/sysdig/blob/0.35.1/cmake/modules/falcosecurity-libs.cmake + libsRev = "0.14.2"; + libsHash = "sha256-sWrniRB/vQd1BZnsiz+wLHugrF3LhuAr9e9gDMavLoo="; - # Compare with https://github.com/falcosecurity/libs/blob/master/cmake/modules/valijson.cmake#L17 + # Compare with https://github.com/falcosecurity/libs/blob/0.14.2/cmake/modules/valijson.cmake valijson = fetchFromGitHub { owner = "tristanpenman"; repo = "valijson"; @@ -16,42 +16,23 @@ let hash = "sha256-ZD19Q2MxMQd3yEKbY90GFCrerie5/jzgO8do4JQDoKM="; }; - tinydir = fetchFromGitHub { - owner = "cxong"; - repo = "tinydir"; - rev = "1.2.5"; - hash = "sha256-qQhvLzpCYMAafBNRWlY5yklHrILM8BYD+xxF0l17+do="; - }; - - # https://github.com/draios/sysdig/blob/0.31.5/cmake/modules/driver.cmake + # https://github.com/draios/sysdig/blob/0.35.1/cmake/modules/driver.cmake driver = fetchFromGitHub { owner = "falcosecurity"; repo = "libs"; - rev = "6.0.1+driver"; - hash = "sha256-e9TJl/IahrUc4Yq2/KssTz3IBjOZwXeLt1jOkZ94EiE="; - }; - - # can be dropped in next release - uthashDevendorPatch = fetchpatch { - url = "https://github.com/falcosecurity/libs/commit/0d58f798ab72e21a16ee6965c775cba2932e5100.patch"; - hash = "sha256-5Y79M9u5rXZiKllJcXzDDw/3JKt0k/CgvWx+MZepkpw="; - }; - - # https://github.com/falcosecurity/libs/blob/master/cmake/modules/b64.cmake - base64 = fetchurl { - url = "https://raw.githubusercontent.com/istio/proxy/1.18.2/extensions/common/wasm/base64.h"; - hash = "sha256-WvHRHp5caMBDvH+2pMrU4ZptX6WvPcPaeVGtVBBCw64="; + rev = "7.0.0+driver"; + hash = "sha256-kXqvfM7HbGh2wEGaO4KBkFDW+m5gpOShJZKJLu9McKk="; }; in stdenv.mkDerivation rec { pname = "sysdig"; - version = "0.34.1"; + version = "0.35.1"; src = fetchFromGitHub { owner = "draios"; repo = "sysdig"; rev = version; - hash = "sha256-G1yr1wHiaGvLMtBZgh4eoiRNJiH0cghHqWFOjKYXXsw="; + hash = "sha256-nSCkKwhdEduepyvcyWEKMQtQ6TfhF3GnTSreRVoarsw="; }; nativeBuildInputs = [ cmake perl installShellFiles pkg-config ]; @@ -84,15 +65,13 @@ stdenv.mkDerivation rec { hash = libsHash; }} libs chmod -R +w libs - pushd libs - patch -p1 < ${uthashDevendorPatch} - popd + + substituteInPlace libs/userspace/libscap/libscap.pc.in libs/userspace/libsinsp/libsinsp.pc.in \ + --replace-fail "\''${prefix}/@CMAKE_INSTALL_LIBDIR@" "@CMAKE_INSTALL_FULL_LIBDIR@" \ + --replace-fail "\''${prefix}/@CMAKE_INSTALL_INCLUDEDIR@" "@CMAKE_INSTALL_FULL_INCLUDEDIR@" cp -r ${driver} driver-src chmod -R +w driver-src - pushd driver-src - patch -p1 < ${uthashDevendorPatch} - popd cmakeFlagsArray+=( "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs" "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver" @@ -108,7 +87,6 @@ stdenv.mkDerivation rec { "-DUSE_BUNDLED_JSONCPP=OFF" "-DCREATE_TEST_TARGETS=OFF" "-DVALIJSON_INCLUDE=${valijson}/include" - "-DTINYDIR_INCLUDE=${tinydir}" "-DUTHASH_INCLUDE=${uthash}/include" ] ++ lib.optional (kernel == null) "-DBUILD_DRIVER=OFF"; @@ -124,7 +102,6 @@ stdenv.mkDerivation rec { exit 1 fi cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -lzstd -labsl_synchronization") - install -D ${base64} build/b64/base64.h '' + lib.optionalString (kernel != null) '' export INSTALL_MOD_PATH="$out" export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index 104a9dad959a..b08026278edb 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -13,10 +13,10 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index c0defc31de..8f80235731 100644 +index 0d68f31d36..6b52f7ed4b 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in -@@ -20,10 +20,6 @@ SUBSYSTEM=="block", TAG+="systemd" +@@ -22,10 +22,6 @@ SUBSYSTEM=="block", TAG+="systemd" SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end" SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index dda8524c498d..8507bb583c8a 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -14,10 +14,10 @@ Original-Author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c -index 4ffec25c75..b99031c54e 100644 +index 55e76b6e16..015a608035 100644 --- a/src/shared/fstab-util.c +++ b/src/shared/fstab-util.c -@@ -43,6 +43,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { +@@ -66,6 +66,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { /* Don't bother with the OS data itself */ if (PATH_IN_SET(mount, "/", @@ -27,7 +27,7 @@ index 4ffec25c75..b99031c54e 100644 "/etc")) return true; diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 1586c2e214..fcae95f824 100644 +index 1a9b99d761..04ef9af1ea 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c @@ -170,8 +170,10 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) { diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index 2d86d1e6957a..535ca3d86457 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index e170958fc5..898a674631 100644 +index 38196ef3d6..57d1750b00 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5648,6 +5648,7 @@ static int run(int argc, char *argv[]) { +@@ -5602,6 +5602,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index e170958fc5..898a674631 100644 _cleanup_free_ char *p = NULL; if (arg_pivot_root_new) -@@ -5662,6 +5663,7 @@ static int run(int argc, char *argv[]) { +@@ -5618,6 +5619,7 @@ static int run(int argc, char *argv[]) { "Directory %s doesn't look like it has an OS tree (/usr/ directory is missing). Refusing.", arg_directory); goto finish; } diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch index c905a4d812af..d2232765f71d 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch @@ -11,12 +11,12 @@ Also, remove /usr and /lib as these don't exist on NixOS. Original-Author: Eelco Dolstra <eelco.dolstra@logicblox.com> --- - src/basic/path-lookup.c | 17 ++--------------- + src/basic/path-lookup.c | 18 ++---------------- src/core/systemd.pc.in | 8 ++++---- - 2 files changed, 6 insertions(+), 19 deletions(-) + 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 7d158a8295..f9bd62b631 100644 +index 4e3d59fc56..0d18b9a2d0 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c @@ -92,11 +92,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { @@ -31,7 +31,7 @@ index 7d158a8295..f9bd62b631 100644 NULL }; -@@ -617,15 +613,13 @@ int lookup_paths_init( +@@ -613,16 +609,13 @@ int lookup_paths_init( persistent_config, SYSTEM_CONFIG_UNIT_DIR, "/etc/systemd/system", @@ -44,11 +44,12 @@ index 7d158a8295..f9bd62b631 100644 - "/usr/local/lib/systemd/system", SYSTEM_DATA_UNIT_DIR, - "/usr/lib/systemd/system", +- /* To be used ONLY for images which might be legacy split-usr */ - STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), STRV_IFNOTNULL(generator_late)); break; -@@ -641,14 +635,11 @@ int lookup_paths_init( +@@ -638,14 +631,11 @@ int lookup_paths_init( persistent_config, USER_CONFIG_UNIT_DIR, "/etc/systemd/user", @@ -64,7 +65,7 @@ index 7d158a8295..f9bd62b631 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -808,7 +799,6 @@ char **generator_binary_paths(RuntimeScope scope) { +@@ -805,7 +795,6 @@ char **generator_binary_paths(RuntimeScope scope) { case RUNTIME_SCOPE_SYSTEM: add = strv_new("/run/systemd/system-generators", "/etc/systemd/system-generators", @@ -72,7 +73,7 @@ index 7d158a8295..f9bd62b631 100644 SYSTEM_GENERATOR_DIR); break; -@@ -816,7 +806,6 @@ char **generator_binary_paths(RuntimeScope scope) { +@@ -813,7 +802,6 @@ char **generator_binary_paths(RuntimeScope scope) { case RUNTIME_SCOPE_USER: add = strv_new("/run/systemd/user-generators", "/etc/systemd/user-generators", @@ -80,7 +81,7 @@ index 7d158a8295..f9bd62b631 100644 USER_GENERATOR_DIR); break; -@@ -855,14 +844,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) { +@@ -852,14 +840,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) { case RUNTIME_SCOPE_SYSTEM: add = strv_new("/run/systemd/system-environment-generators", "/etc/systemd/system-environment-generators", @@ -96,10 +97,10 @@ index 7d158a8295..f9bd62b631 100644 break; diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index 693433b34b..5932a21b5b 100644 +index f3b85b0190..8ae544b495 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in -@@ -38,10 +38,10 @@ systemdsystemconfdir=${systemd_system_conf_dir} +@@ -43,10 +43,10 @@ systemdsystemconfdir=${systemd_system_conf_dir} systemd_user_conf_dir=${sysconfdir}/systemd/user systemduserconfdir=${systemd_user_conf_dir} @@ -111,8 +112,8 @@ index 693433b34b..5932a21b5b 100644 +systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/user:${systemduserunitdir} systemduserunitpath=${systemd_user_unit_path} - systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators -@@ -50,10 +50,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir} + systemd_system_generator_dir=${prefix}/lib/systemd/system-generators +@@ -55,10 +55,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir} systemd_user_generator_dir=${prefix}/lib/systemd/user-generators systemdusergeneratordir=${systemd_user_generator_dir} @@ -124,4 +125,4 @@ index 693433b34b..5932a21b5b 100644 +systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:${systemd_user_generator_dir} systemdusergeneratorpath=${systemd_user_generator_path} - systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep + systemd_sleep_dir=${prefix}/lib/systemd/system-sleep diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch index 0a80d5ac4e83..a0bcc6afaa12 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -13,10 +13,10 @@ in containers. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 22ec6e79b1..771e8e7f16 100644 +index e61ebee253..22cc5cc843 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -1559,7 +1559,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { +@@ -1562,7 +1562,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { if (!unit_is_bound_by_inactive(u, &culprit)) continue; diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch index abc6c24dbf51..b350e36bc5c2 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -11,7 +11,7 @@ Subject: [PATCH] hostnamed, localed, timedated: disable methods that change 3 files changed, 25 insertions(+) diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index 9ef45f8e75..99b1ec2e36 100644 +index e1d53f2395..a224e6dadc 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -1053,6 +1053,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ @@ -35,7 +35,7 @@ index 9ef45f8e75..99b1ec2e36 100644 context_read_machine_info(c); diff --git a/src/locale/localed.c b/src/locale/localed.c -index f544a73580..ce00c262cc 100644 +index 5d96237fae..9af35cd29c 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -229,6 +229,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er @@ -69,10 +69,10 @@ index f544a73580..ce00c262cc 100644 r = x11_context_verify_and_warn(&in, LOG_ERR, error); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index ad1d492d6b..331af34505 100644 +index c7be30f563..50f8aa8675 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -665,6 +665,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * +@@ -659,6 +659,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * if (r < 0) return r; @@ -83,7 +83,7 @@ index ad1d492d6b..331af34505 100644 if (!timezone_is_valid(z, LOG_DEBUG)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); -@@ -743,6 +747,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error +@@ -737,6 +741,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error if (r < 0) return r; @@ -93,7 +93,7 @@ index ad1d492d6b..331af34505 100644 if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -923,6 +930,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -917,6 +924,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0008-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index 3150d97be2e1..30178675f7f9 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0008-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -35,10 +35,10 @@ index e486474c44..5f373d0723 100644 <literal>Etc/UTC</literal>. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 1db630003a..31744c3e68 100644 +index f9014dc560..3ee0363369 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c -@@ -1350,7 +1350,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { +@@ -1412,7 +1412,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { assert(ret); @@ -47,7 +47,7 @@ index 1db630003a..31744c3e68 100644 if (!f) return -errno; -@@ -1391,7 +1391,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { +@@ -1453,7 +1453,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { assert(ret); @@ -56,7 +56,7 @@ index 1db630003a..31744c3e68 100644 if (!f) return -errno; -@@ -1503,7 +1503,7 @@ int verify_timezone(const char *name, int log_level) { +@@ -1565,7 +1565,7 @@ int verify_timezone(const char *name, int log_level) { if (p - name >= PATH_MAX) return -ENAMETOOLONG; @@ -65,7 +65,7 @@ index 1db630003a..31744c3e68 100644 fd = open(t, O_RDONLY|O_CLOEXEC); if (fd < 0) -@@ -1563,7 +1563,7 @@ int get_timezone(char **ret) { +@@ -1625,7 +1625,7 @@ int get_timezone(char **ret) { if (r < 0) return r; /* returns EINVAL if not a symlink */ @@ -75,10 +75,10 @@ index 1db630003a..31744c3e68 100644 return -EINVAL; diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index 1956ab3b13..9ef356f8af 100644 +index f77a5f6266..63bac85b29 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c -@@ -630,7 +630,7 @@ static int process_timezone(int rfd) { +@@ -632,7 +632,7 @@ static int process_timezone(int rfd) { if (isempty(arg_timezone)) return 0; @@ -88,10 +88,10 @@ index 1956ab3b13..9ef356f8af 100644 r = symlinkat_atomic_full(e, pfd, f, /* make_relative= */ false); if (r < 0) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 898a674631..c41a416e04 100644 +index e48ebe8342..41796f3358 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -1924,8 +1924,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid +@@ -1845,8 +1845,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid static const char *timezone_from_path(const char *path) { return PATH_STARTSWITH_SET( path, @@ -103,10 +103,10 @@ index 898a674631..c41a416e04 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 331af34505..722c4b5b4f 100644 +index 50f8aa8675..aff156ab42 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -282,7 +282,7 @@ static int context_read_data(Context *c) { +@@ -276,7 +276,7 @@ static int context_read_data(Context *c) { r = get_timezone(&t); if (r == -EINVAL) @@ -115,7 +115,7 @@ index 331af34505..722c4b5b4f 100644 else if (r < 0) log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); -@@ -306,7 +306,7 @@ static int context_write_data_timezone(Context *c) { +@@ -300,7 +300,7 @@ static int context_write_data_timezone(Context *c) { if (isempty(c->zone) || streq(c->zone, "UTC")) { @@ -124,7 +124,7 @@ index 331af34505..722c4b5b4f 100644 if (unlink("/etc/localtime") < 0 && errno != ENOENT) return -errno; -@@ -314,9 +314,9 @@ static int context_write_data_timezone(Context *c) { +@@ -308,9 +308,9 @@ static int context_write_data_timezone(Context *c) { return 0; } diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0007-Fix-hwdb-paths.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0007-Fix-hwdb-paths.patch deleted file mode 100644 index 7777ba7e4259..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0007-Fix-hwdb-paths.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Nikolay Amiantov <ab@fmap.me> -Date: Thu, 7 Jul 2016 02:47:13 +0300 -Subject: [PATCH] Fix hwdb paths - -Patch by vcunat. ---- - src/libsystemd/sd-hwdb/hwdb-internal.h | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/src/libsystemd/sd-hwdb/hwdb-internal.h b/src/libsystemd/sd-hwdb/hwdb-internal.h -index 5302679a62..39e59a527f 100644 ---- a/src/libsystemd/sd-hwdb/hwdb-internal.h -+++ b/src/libsystemd/sd-hwdb/hwdb-internal.h -@@ -83,8 +83,4 @@ struct trie_value_entry2_f { - } _packed_; - - #define hwdb_bin_paths \ -- "/etc/systemd/hwdb/hwdb.bin\0" \ -- "/etc/udev/hwdb.bin\0" \ -- "/usr/lib/systemd/hwdb/hwdb.bin\0" \ -- _CONF_PATHS_SPLIT_USR_NULSTR("systemd/hwdb/hwdb.bin") \ -- UDEVLIBEXECDIR "/hwdb.bin\0" -+ "/etc/udev/hwdb.bin\0" diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0009-localectl-use-etc-X11-xkb-for-list-x11.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0008-localectl-use-etc-X11-xkb-for-list-x11.patch index c0f6afd7fc7b..fe0dca1863dd 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0009-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0008-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -10,7 +10,7 @@ NixOS has an option to link the xkb data files to /etc/X11, but not to 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/localectl.c b/src/locale/localectl.c -index d8db9d9d22..4601bb5431 100644 +index 32354027f1..1d231f1afc 100644 --- a/src/locale/localectl.c +++ b/src/locale/localectl.c @@ -297,7 +297,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0011-add-rootprefix-to-lookup-dir-paths.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch index fa201126ae27..15fe403c28fc 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0011-add-rootprefix-to-lookup-dir-paths.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch @@ -12,16 +12,16 @@ files that I might have missed. 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/basic/constants.h b/src/basic/constants.h -index 3f96786da9..6e8fb40c08 100644 +index 6bb5f3c281..678d13737d 100644 --- a/src/basic/constants.h +++ b/src/basic/constants.h -@@ -74,13 +74,15 @@ +@@ -65,13 +65,15 @@ + "/etc/" n "\0" \ "/run/" n "\0" \ "/usr/local/lib/" n "\0" \ - "/usr/lib/" n "\0" \ -- _CONF_PATHS_SPLIT_USR_NULSTR(n) -+ _CONF_PATHS_SPLIT_USR_NULSTR(n) \ -+ ROOTPREFIX "/lib/" n "\0" +- "/usr/lib/" n "\0" ++ "/usr/lib/" n "\0" \ ++ PREFIX "/lib/" n "\0" #define CONF_PATHS_USR(n) \ "/etc/" n, \ @@ -29,7 +29,7 @@ index 3f96786da9..6e8fb40c08 100644 "/usr/local/lib/" n, \ - "/usr/lib/" n + "/usr/lib/" n, \ -+ ROOTPREFIX "/lib/" n ++ PREFIX "/lib/" n #define CONF_PATHS(n) \ - CONF_PATHS_USR(n) \ + CONF_PATHS_USR(n) diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch deleted file mode 100644 index b8f97308acfb..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Franz Pletz <fpletz@fnordicwalking.de> -Date: Sun, 11 Feb 2018 04:37:44 +0100 -Subject: [PATCH] build: don't create statedir and don't touch prefixdir - ---- - meson.build | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 395eca1943..082cd748bb 100644 ---- a/meson.build -+++ b/meson.build -@@ -4707,9 +4707,6 @@ install_data('LICENSE.GPL2', - install_subdir('LICENSES', - install_dir : docdir) - --meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) --meson.add_install_script('sh', '-c', 'touch $DESTDIR@0@'.format(prefixdir)) -- - ############################################################ - - # Ensure that changes to the docs/ directory do not break the diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0012-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index fde1e2b276c5..6f0b81a32aa7 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0012-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 8395bb429d..14fbc85bb4 100644 +index b976b7d8cf..b1c02df6fd 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c -@@ -334,6 +334,7 @@ static void init_watchdog(void) { +@@ -336,6 +336,7 @@ static void init_watchdog(void) { int main(int argc, char *argv[]) { static const char* const dirs[] = { SYSTEM_SHUTDOWN_PATH, diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0013-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index d91150cfc490..a5ed574afa24 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0013-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -9,10 +9,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index de1f6c7ec1..d0cdebd80a 100644 +index 21af3e9e52..6d096e3c78 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -224,6 +224,7 @@ static int execute( +@@ -215,6 +215,7 @@ static int execute( }; static const char* const dirs[] = { SYSTEM_SLEEP_PATH, diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0014-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index 13dec1070ffc..55e556288c08 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0014-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -10,21 +10,19 @@ systemd itself uses extensively. 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index 97175bee11..3839704901 100644 +index 6d943e967f..d4380aa7e3 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h -@@ -25,11 +25,11 @@ +@@ -25,9 +25,9 @@ # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) #endif --#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") --#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") -+#define DEFAULT_PATH_NORMAL "@defaultPathNormal@" -+#define DEFAULT_PATH_NORMAL_NULSTR "@defaultPathNormal@\0" - #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") - #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") +-#define DEFAULT_PATH PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") +-#define DEFAULT_PATH_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") -#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") -+#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL ++#define DEFAULT_PATH "@defaultPathNormal@" ++#define DEFAULT_PATH_NULSTR "@defaultPathNormal@\0" ++#define DEFAULT_PATH_COMPAT DEFAULT_PATH - #if HAVE_SPLIT_USR - # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR + #ifndef DEFAULT_USER_PATH + # define DEFAULT_USER_PATH DEFAULT_PATH diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0016-inherit-systemd-environment-when-calling-generators.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch index d6640c87454a..8bccf5539058 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0016-inherit-systemd-environment-when-calling-generators.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch @@ -16,10 +16,10 @@ executables that are being called from managers. 1 file changed, 8 insertions(+) diff --git a/src/core/manager.c b/src/core/manager.c -index 771e8e7f16..acf3ead8d7 100644 +index 22cc5cc843..5dc7d4504f 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -3899,9 +3899,17 @@ static int build_generator_environment(Manager *m, char ***ret) { +@@ -3914,9 +3914,17 @@ static int build_generator_environment(Manager *m, char ***ret) { * adjust generated units to that. Let's pass down some bits of information that are easy for us to * determine (but a bit harder for generator scripts to determine), as environment variables. */ diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0017-core-don-t-taint-on-unmerged-usr.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch index 73b237a29602..8b862918500e 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0017-core-don-t-taint-on-unmerged-usr.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch @@ -13,21 +13,20 @@ so showing the taint isn't really helpful. See also: https://github.com/systemd/systemd/issues/24191 --- - src/core/manager.c | 4 ---- - 1 file changed, 4 deletions(-) + src/core/manager.c | 3 --- + 1 file changed, 3 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index acf3ead8d7..bdbab16829 100644 +index 5dc7d4504f..6208c9aa31 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -4754,10 +4754,6 @@ char* manager_taint_string(const Manager *m) { - if (m->taint_usr) - stage[n++] = "split-usr"; +@@ -4800,9 +4800,6 @@ char* manager_taint_string(const Manager *m) { + const char* stage[12] = {}; + size_t n = 0; - _cleanup_free_ char *usrbin = NULL; - if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin")) - stage[n++] = "unmerged-usr"; -- + if (access("/proc/cgroups", F_OK) < 0) stage[n++] = "cgroups-missing"; - diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0015-pkg-config-derive-prefix-from-prefix.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0015-pkg-config-derive-prefix-from-prefix.patch deleted file mode 100644 index 3fbfd7f10ab4..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0015-pkg-config-derive-prefix-from-prefix.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> -Date: Sun, 6 Dec 2020 08:34:19 +0100 -Subject: [PATCH] pkg-config: derive prefix from --prefix - -Point prefix to the one configured, instead of `/usr` `systemd` has limited -support for making the pkgconfig prefix overridable, and interpolates those -values later down. - -So we only need to patch this one value to get the correct paths. -See systemd/systemd@bc4e6e27922a2873985ab9367d79fb099f70b505 for details. - -Co-Authored-By: Florian Klink <flokli@flokli.de> ---- - src/core/systemd.pc.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index 5932a21b5b..20bf8e316d 100644 ---- a/src/core/systemd.pc.in -+++ b/src/core/systemd.pc.in -@@ -11,7 +11,7 @@ - # considered deprecated (though there is no plan to remove them). New names - # shall have underscores. - --prefix=/usr -+prefix={{PREFIX}} - root_prefix={{ROOTPREFIX_NOSLASH}} - rootprefix=${root_prefix} - sysconf_dir={{SYSCONF_DIR}} diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0018-tpm2_context_init-fix-driver-name-checking.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch index 6de01a0ae802..768f57e1335b 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0018-tpm2_context_init-fix-driver-name-checking.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch @@ -27,15 +27,15 @@ filename_is_valid with path_is_valid. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c -index ae8a8bc073..c284b244f8 100644 +index 5e07b88a89..8dd7315009 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c -@@ -582,7 +582,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) { +@@ -654,7 +654,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) { fn = strjoina("libtss2-tcti-", driver, ".so.0"); /* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */ - if (!filename_is_valid(fn)) + if (!path_is_valid(fn)) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver); + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver); context->tcti_dl = dlopen(fn, RTLD_NOW); diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch index dd9af6738c4e..96cd420221e5 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch @@ -30,10 +30,10 @@ are written into `$XDG_CONFIG_HOME/systemd/user`. 1 file changed, 3 insertions(+) diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c -index e3f25d52d5..81c9c6f6b7 100644 +index 367afa20f7..5777154d01 100644 --- a/src/systemctl/systemctl-edit.c +++ b/src/systemctl/systemctl-edit.c -@@ -323,6 +323,9 @@ int verb_edit(int argc, char *argv[], void *userdata) { +@@ -322,6 +322,9 @@ int verb_edit(int argc, char *argv[], void *userdata) { sd_bus *bus; int r; diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch new file mode 100644 index 000000000000..fd38aa9a2850 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch @@ -0,0 +1,21 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: nikstur <nikstur@outlook.com> +Date: Mon, 6 Nov 2023 22:51:38 +0100 +Subject: [PATCH] meson.build: do not create systemdstatedir + +--- + meson.build | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 7419e2b0b0..c82a527976 100644 +--- a/meson.build ++++ b/meson.build +@@ -2497,7 +2497,6 @@ install_data('LICENSE.GPL2', + install_subdir('LICENSES', + install_dir : docdir) + +-install_emptydir(systemdstatedir) + + ############################################################ + diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch index 68ae22644835..68ae22644835 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix index 23f875d2dc46..064c465bd6e3 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix @@ -5,7 +5,6 @@ , nixosTests , pkgsCross , fetchFromGitHub -, fetchpatch , fetchzip , buildPackages , makeBinaryWrapper @@ -20,7 +19,6 @@ # glib is only used during tests (test-bus-gvariant, test-bus-marshal) , glib -, substituteAll , gettext , python3Packages @@ -52,7 +50,6 @@ , intltool , bzip2 , pcre2 -, e2fsprogs , elfutils , linuxHeaders ? stdenv.cc.libc.linuxHeaders , gnutls @@ -68,17 +65,20 @@ , libmicrohttpd , libfido2 , p11-kit +, libpwquality +, qrencode - # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to be available during build time. + # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to + # be available during build time. # Only libbpf should be a runtime dependency. # Note: llvmPackages is explicitly taken from buildPackages instead of relying # on splicing. Splicing will evaluate the adjacent (pkgsHostTarget) llvmPackages # which is sometimes problematic: llvmPackages.clang looks at targetPackages.stdenv.cc - # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we explicitly - # take buildPackages.llvmPackages, this is no problem because - # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to us. Working - # around this is important, because systemd is in the dependency closure of - # GHC via emscripten and jdk. + # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we + # explicitly take buildPackages.llvmPackages, this is no problem because + # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to + # us. Working around this is important, because systemd is in the dependency + # closure of GHC via emscripten and jdk. , bpftools , libbpf @@ -89,25 +89,36 @@ , withAnalyze ? true , withApparmor ? true , withAudit ? true -, withBootloader ? withEfi && !stdenv.hostPlatform.isMusl # compiles systemd-boot, assumes EFI is available. -, withCompression ? true # adds bzip2, lz4, xz and zstd + # compiles systemd-boot, assumes EFI is available. +, withBootloader ? withEfi + && !stdenv.hostPlatform.isMusl + # "Unknown 64-bit data model" + && !stdenv.hostPlatform.isRiscV32 + # adds bzip2, lz4, xz and zstd +, withCompression ? true , withCoredump ? true , withCryptsetup ? true , withRepart ? true , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi , withFido2 ? true -, withFirstboot ? false # conflicts with the NixOS /etc management + # conflicts with the NixOS /etc management +, withFirstboot ? false , withHomed ? !stdenv.hostPlatform.isMusl , withHostnamed ? true , withHwdb ? true , withImportd ? !stdenv.hostPlatform.isMusl +, withIptables ? true , withKmod ? true , withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0" - && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") # assumes hard floats - && !stdenv.hostPlatform.isMips64 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + # assumes hard floats + && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") + # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 + && !stdenv.hostPlatform.isMips64 # can't find gnu/stubs-32.h && (stdenv.hostPlatform.isPower64 -> stdenv.hostPlatform.isBigEndian) + # https://reviews.llvm.org/D43106#1019077 + && (stdenv.hostPlatform.isRiscV32 -> stdenv.cc.isClang) # buildPackages.targetPackages.llvmPackages is the same as llvmPackages, # but we do it this way to avoid taking llvmPackages as an input, and # risking making it too easy to ignore the above comment about llvmPackages. @@ -120,10 +131,11 @@ , withNss ? !stdenv.hostPlatform.isMusl , withOomd ? true , withPam ? true -, withPasswordQuality ? false +, withPasswordQuality ? true , withPCRE2 ? true , withPolkit ? true , withPortabled ? !stdenv.hostPlatform.isMusl +, withQrencode ? true , withRemote ? !stdenv.hostPlatform.isMusl , withResolved ? true , withShellCompletions ? true @@ -132,15 +144,17 @@ , withTimedated ? true , withTimesyncd ? true , withTpm2Tss ? true -, withUkify ? false # adds python to closure which is too much by default + # adds python to closure which is too much by default +, withUkify ? false , withUserDb ? true , withUtmp ? !stdenv.hostPlatform.isMusl +, withVmspawn ? true # tests assume too much system access for them to be feasible for us right now , withTests ? false # build only libudev and libsystemd , buildLibsOnly ? false - # name argument + # yes, pname is an argument here , pname ? "systemd" , libxslt @@ -157,19 +171,18 @@ assert withHomed -> withPam; assert withUkify -> (withEfi && withBootloader); assert withRepart -> withCryptsetup; assert withBootloader -> withEfi; -# passwdqc is not packaged in nixpkgs yet, if you want to fix this, please submit a PR. -assert !withPasswordQuality; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "254.6"; + version = "255.2"; - # Bump this variable on every (major) version change. See below (in the meson options list) for why. + # Use the command below to update `releaseTimestamp` on every (major) version + # change. More details in the commentary at mesonFlags. # command: # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' - releaseTimestamp = "1690536449"; + releaseTimestamp = "1701895110"; in stdenv.mkDerivation (finalAttrs: { inherit pname version; @@ -180,14 +193,17 @@ stdenv.mkDerivation (finalAttrs: { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - hash = "sha256-Ku24ecDeQt0t7A8/adR3Jm47QZ19+wdMPyJRzCxU4uU="; + hash = "sha256-8SfJY/pcH4yrDeJi0GfIUpetTbpMwyswvSu+RSfgqfY="; }; - # On major changes, or when otherwise required, you *must* reformat the patches, - # `git am path/to/00*.patch` them into a systemd worktree, rebase to the more recent - # systemd version, and export the patches again via - # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. - # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all patches + # On major changes, or when otherwise required, you *must* : + # 1. reformat the patches, + # 2. `git am path/to/00*.patch` them into a systemd worktree, + # 3. rebase to the more recent systemd version, + # 4. and export the patches again via + # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`. + # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all + # patches patches = [ ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -195,50 +211,49 @@ stdenv.mkDerivation (finalAttrs: { ./0004-Add-some-NixOS-specific-unit-directories.patch ./0005-Get-rid-of-a-useless-message-in-user-sessions.patch ./0006-hostnamed-localed-timedated-disable-methods-that-cha.patch - ./0007-Fix-hwdb-paths.patch - ./0008-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch - ./0009-localectl-use-etc-X11-xkb-for-list-x11.patch - ./0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch - ./0011-add-rootprefix-to-lookup-dir-paths.patch - ./0012-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch - ./0013-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch - ./0014-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch - ./0015-pkg-config-derive-prefix-from-prefix.patch - ./0016-inherit-systemd-environment-when-calling-generators.patch - ./0017-core-don-t-taint-on-unmerged-usr.patch - ./0018-tpm2_context_init-fix-driver-name-checking.patch - ./0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch + ./0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch + ./0008-localectl-use-etc-X11-xkb-for-list-x11.patch + ./0009-add-rootprefix-to-lookup-dir-paths.patch + ./0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch + ./0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch + ./0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch + ./0013-inherit-systemd-environment-when-calling-generators.patch + ./0014-core-don-t-taint-on-unmerged-usr.patch + ./0015-tpm2_context_init-fix-driver-name-checking.patch + ./0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch + ./0017-meson.build-do-not-create-systemdstatedir.patch ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [ - ./0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch + ./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { - url = "https://git.openembedded.org/openembedded-core/snapshot/openembedded-core-eb8a86fee9eeae787cc0a58ef2ed087fd48d93eb.tar.gz"; - sha256 = "tE2KpXLvOknIpEZFdOnNxvBmDvZrra3kvQp9tKxa51c="; + url = "https://git.openembedded.org/openembedded-core/snapshot/openembedded-core-6fdf03bd950e55ef7881041606f6e76141033716.tar.gz"; + sha256 = "/+9aJdOxBY8Y4vJPftOCxmyK8L2nvR82KmJxil1a2aY="; }; musl-patches = oe-core + "/meta/recipes-core/systemd/systemd"; in [ - (musl-patches + "/0001-Adjust-for-musl-headers.patch") - (musl-patches + "/0005-pass-correct-parameters-to-getdents64.patch") - (musl-patches + "/0006-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch") - (musl-patches + "/0009-missing_type.h-add-comparison_fn_t.patch") - (musl-patches + "/0010-add-fallback-parse_printf_format-implementation.patch") - (musl-patches + "/0011-src-basic-missing.h-check-for-missing-strndupa.patch") - (musl-patches + "/0012-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch") - (musl-patches + "/0013-add-missing-FTW_-macros-for-musl.patch") - (musl-patches + "/0014-Use-uintmax_t-for-handling-rlim_t.patch") - (musl-patches + "/0016-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch") - (musl-patches + "/0017-Define-glibc-compatible-basename-for-non-glibc-syste.patch") - (musl-patches + "/0018-Do-not-disable-buffering-when-writing-to-oom_score_a.patch") - (musl-patches + "/0019-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch") - (musl-patches + "/0020-avoid-redefinition-of-prctl_mm_map-structure.patch") - (musl-patches + "/0021-do-not-disable-buffer-in-writing-files.patch") - (musl-patches + "/0022-Handle-__cpu_mask-usage.patch") - (musl-patches + "/0023-Handle-missing-gshadow.patch") - (musl-patches + "/0024-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch") - (musl-patches + "/0028-sd-event-Make-malloc_trim-conditional-on-glibc.patch") - (musl-patches + "/0029-shared-Do-not-use-malloc_info-on-musl.patch") + (musl-patches + "/0017-Adjust-for-musl-headers.patch") + (musl-patches + "/0016-pass-correct-parameters-to-getdents64.patch") + (musl-patches + "/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch") + (musl-patches + "/0001-missing_type.h-add-comparison_fn_t.patch") + (musl-patches + "/0002-add-fallback-parse_printf_format-implementation.patch") + (musl-patches + "/0003-src-basic-missing.h-check-for-missing-strndupa.patch") + (musl-patches + "/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch") + (musl-patches + "/0005-add-missing-FTW_-macros-for-musl.patch") + (musl-patches + "/0006-Use-uintmax_t-for-handling-rlim_t.patch") + (musl-patches + "/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch") + (musl-patches + "/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch") + (musl-patches + "/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch") + (musl-patches + "/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch") + (musl-patches + "/0011-avoid-redefinition-of-prctl_mm_map-structure.patch") + (musl-patches + "/0012-do-not-disable-buffer-in-writing-files.patch") + (musl-patches + "/0013-Handle-__cpu_mask-usage.patch") + (musl-patches + "/0014-Handle-missing-gshadow.patch") + (musl-patches + "/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch") + (musl-patches + "/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch") + (musl-patches + "/0021-shared-Do-not-use-malloc_info-on-musl.patch") + (musl-patches + "/0022-avoid-missing-LOCK_EX-declaration.patch") ] ); @@ -257,8 +272,8 @@ stdenv.mkDerivation (finalAttrs: { "$out/lib/systemd/boot/efi" '' + ( let - # The following patches references to dynamic libraries to ensure that - # all the features that are implemented via dlopen(3) are available (or + # The following patches references to dynamic libraries to ensure that all + # the features that are implemented via dlopen(3) are available (or # explicitly deactivated) by pointing dlopen to the absolute store path # instead of relying on the linkers runtime lookup code. # @@ -270,11 +285,11 @@ stdenv.mkDerivation (finalAttrs: { # found` when using e.g. --grep with journalctl. Those errors should # become less unexpected now. # - # There are generally two classes of dlopen(3) calls. Those that we want to - # support and those that should be deactivated / unsupported. This change - # enforces that we handle all dlopen calls explicitly. Meaning: There is - # not a single dlopen call in the source code tree that we did not - # explicitly handle. + # There are generally two classes of dlopen(3) calls. Those that we want + # to support and those that should be deactivated / unsupported. This + # change enforces that we handle all dlopen calls explicitly. Meaning: + # There is not a single dlopen call in the source code tree that we did + # not explicitly handle. # # In order to do this we introduced a list of attributes that maps from # shared object name to the package that contains them. The package can be @@ -283,7 +298,8 @@ stdenv.mkDerivation (finalAttrs: { # path location). # # To get a list of dynamically loaded libraries issue something like - # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list. + # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` + # and update the list below. dlopenLibs = let opt = condition: pkg: if condition then pkg else null; @@ -293,14 +309,17 @@ stdenv.mkDerivation (finalAttrs: { { name = "libbpf.so.1"; pkg = opt withLibBPF libbpf; } { name = "libbpf.so.0"; pkg = null; } - # We did never provide support for libxkbcommon & qrencode + # We did never provide support for libxkbcommon { name = "libxkbcommon.so.0"; pkg = null; } - { name = "libqrencode.so.4"; pkg = null; } + + # qrencode + { name = "libqrencode.so.4"; pkg = opt withQrencode qrencode; } { name = "libqrencode.so.3"; pkg = null; } - # We did not provide libpwquality before so it is safe to disable it for - # now. - { name = "libpwquality.so.1"; pkg = null; } + # Password quality + # We currently do not package passwdqc, only libpwquality. + { name = "libpwquality.so.1"; pkg = opt withPasswordQuality libpwquality; } + { name = "libpasswdqc.so.1"; pkg = null; } # Only include cryptsetup if it is enabled. We might not be able to # provide it during "bootstrap" in e.g. the minimal systemd build as @@ -332,8 +351,7 @@ stdenv.mkDerivation (finalAttrs: { # Support for PKCS#11 in systemd-cryptsetup, systemd-cryptenroll and systemd-homed { name = "libp11-kit.so.0"; pkg = opt (withHomed || withCryptsetup) p11-kit; } - # Password quality support - { name = "libpasswdqc.so.1"; pkg = opt withPasswordQuality null; } + { name = "libip4tc.so.2"; pkg = opt withIptables iptables; } ]; patchDlOpen = dl: @@ -367,7 +385,8 @@ stdenv.mkDerivation (finalAttrs: { # patch all the dlopen calls to contain absolute paths to the libraries lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs ) - # finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle + # finally ensure that there are no left-over dlopen calls (or rather strings + # pointing to shared libraries) that we didn't handle + '' if grep -qr '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src; then echo "Found unhandled dynamic library calls: " @@ -428,14 +447,14 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional withApparmor libapparmor ++ lib.optional withAudit audit ++ lib.optional wantCurl (lib.getDev curl) - ++ lib.optionals withCompression [ bzip2 lz4 xz zstd ] + ++ lib.optionals withCompression [ zlib bzip2 lz4 xz zstd ] ++ lib.optional withCoredump elfutils ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev) ++ lib.optional withKexectools kexec-tools ++ lib.optional withKmod kmod ++ lib.optional withLibidn2 libidn2 ++ lib.optional withLibseccomp libseccomp - ++ lib.optional withNetworkd iptables + ++ lib.optional withIptables iptables ++ lib.optional withPam pam ++ lib.optional withPCRE2 pcre2 ++ lib.optional withSelinux libselinux @@ -445,140 +464,184 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optionals withLibBPF [ libbpf ] ++ lib.optional withTpm2Tss tpm2-tss ++ lib.optional withUkify (python3Packages.python.withPackages (ps: with ps; [ pefile ])) + ++ lib.optionals withPasswordQuality [ libpwquality ] + ++ lib.optionals withQrencode [ qrencode ] ; mesonBuildType = "release"; mesonFlags = [ - "-Dversion-tag=${version}" - # We bump this variable on every (major) version change to ensure - # that we have known-good value for a timestamp that is in the (not so distant) past. - # This serves as a lower bound for valid system timestamps during startup. Systemd will - # reset the system timestamp if this date is +- 15 years from the system time. - # See the systemd v250 release notes for further details: - # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 - "-Dtime-epoch=${releaseTimestamp}" - - "-Dmode=release" - "-Ddbuspolicydir=${placeholder "out"}/share/dbus-1/system.d" - "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" - "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" - "-Dpam=${lib.boolToString withPam}" - "-Dpamconfdir=${placeholder "out"}/etc/pam.d" - "-Drootprefix=${placeholder "out"}" - "-Dpkgconfiglibdir=${placeholder "dev"}/lib/pkgconfig" - "-Dpkgconfigdatadir=${placeholder "dev"}/share/pkgconfig" - "-Dloadkeys-path=${kbd}/bin/loadkeys" - "-Dsetfont-path=${kbd}/bin/setfont" - "-Dtty-gid=3" # tty in NixOS has gid 3 - "-Ddebug-shell=${bashInteractive}/bin/bash" - "-Dglib=${lib.boolToString withTests}" - # while we do not run tests we should also not build them. Removes about 600 targets - "-Dtests=false" - "-Dacl=${lib.boolToString withAcl}" - "-Danalyze=${lib.boolToString withAnalyze}" - "-Daudit=${lib.boolToString withAudit}" - "-Dgcrypt=${lib.boolToString wantGcrypt}" - "-Dimportd=${lib.boolToString withImportd}" - "-Dlz4=${lib.boolToString withCompression}" - "-Dhomed=${lib.boolToString withHomed}" - "-Dlogind=${lib.boolToString withLogind}" - "-Dlocaled=${lib.boolToString withLocaled}" - "-Dhostnamed=${lib.boolToString withHostnamed}" - "-Dmachined=${lib.boolToString withMachined}" - "-Dnetworkd=${lib.boolToString withNetworkd}" - "-Doomd=${lib.boolToString withOomd}" - "-Dpolkit=${lib.boolToString withPolkit}" - "-Dlibcryptsetup=${lib.boolToString withCryptsetup}" - "-Dportabled=${lib.boolToString withPortabled}" - "-Dhwdb=${lib.boolToString withHwdb}" - "-Dremote=${lib.boolToString withRemote}" - "-Dtimedated=${lib.boolToString withTimedated}" - "-Dtimesyncd=${lib.boolToString withTimesyncd}" - "-Duserdb=${lib.boolToString withUserDb}" - "-Dcoredump=${lib.boolToString withCoredump}" - "-Dfirstboot=false" - "-Dresolve=${lib.boolToString withResolved}" - "-Dsplit-usr=false" - "-Dlibcurl=${lib.boolToString wantCurl}" - "-Dlibidn=false" - "-Dlibidn2=${lib.boolToString withLibidn2}" - "-Dfirstboot=${lib.boolToString withFirstboot}" - "-Dsysusers=${lib.boolToString withSysusers}" - "-Drepart=${lib.boolToString withRepart}" - "-Dsysupdate=${lib.boolToString withSysupdate}" - "-Dquotacheck=false" - "-Dldconfig=false" - "-Dsmack=true" - "-Db_pie=true" - "-Dinstall-sysconfdir=false" - "-Dsbat-distro=nixos" - "-Dsbat-distro-summary=NixOS" - "-Dsbat-distro-url=https://nixos.org/" - "-Dsbat-distro-pkgname=${pname}" - "-Dsbat-distro-version=${version}" - /* - As of now, systemd doesn't allow runtime configuration of these values. So - the settings in /etc/login.defs have no effect on it. Many people think this - should be supported however, see - - https://github.com/systemd/systemd/issues/3855 - - https://github.com/systemd/systemd/issues/4850 - - https://github.com/systemd/systemd/issues/9769 - - https://github.com/systemd/systemd/issues/9843 - - https://github.com/systemd/systemd/issues/10184 - */ - "-Dsystem-uid-max=999" - "-Dsystem-gid-max=999" - - "-Dsysvinit-path=" - "-Dsysvrcnd-path=" - - "-Dsulogin-path=${util-linux.login}/bin/sulogin" - "-Dnologin-path=${util-linux.login}/bin/nologin" - "-Dmount-path=${lib.getOutput "mount" util-linux}/bin/mount" - "-Dumount-path=${lib.getOutput "mount" util-linux}/bin/umount" - "-Dcreate-log-dirs=false" + # Options + # We bump this attribute on every (major) version change to ensure that we + # have known-good value for a timestamp that is in the (not so distant) + # past. This serves as a lower bound for valid system timestamps during + # startup. Systemd will reset the system timestamp if this date is +- 15 + # years from the system time. + # See the systemd v250 release notes for further details: + # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 + (lib.mesonOption "time-epoch" releaseTimestamp) + + (lib.mesonOption "version-tag" version) + (lib.mesonOption "mode" "release") + (lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3 + (lib.mesonOption "debug-shell" "${bashInteractive}/bin/bash") + (lib.mesonOption "pamconfdir" "${placeholder "out"}/etc/pam.d") # Use cgroupsv2. This is already the upstream default, but better be explicit. - "-Ddefault-hierarchy=unified" - # Upstream defaulted to disable manpages since they optimize for the much - # more frequent development builds - "-Dman=true" + (lib.mesonOption "default-hierarchy" "unified") + (lib.mesonOption "kmod-path" "${kmod}/bin/kmod") + + # D-Bus + (lib.mesonOption "dbuspolicydir" "${placeholder "out"}/share/dbus-1/system.d") + (lib.mesonOption "dbussessionservicedir" "${placeholder "out"}/share/dbus-1/services") + (lib.mesonOption "dbussystemservicedir" "${placeholder "out"}/share/dbus-1/system-services") + + # pkgconfig + (lib.mesonOption "pkgconfiglibdir" "${placeholder "dev"}/lib/pkgconfig") + (lib.mesonOption "pkgconfigdatadir" "${placeholder "dev"}/share/pkgconfig") + + # Keyboard + (lib.mesonOption "loadkeys-path" "${kbd}/bin/loadkeys") + (lib.mesonOption "setfont-path" "${kbd}/bin/setfont") + + # SBAT + (lib.mesonOption "sbat-distro" "nixos") + (lib.mesonOption "sbat-distro-summary" "NixOS") + (lib.mesonOption "sbat-distro-url" "https://nixos.org/") + (lib.mesonOption "sbat-distro-pkgname" pname) + (lib.mesonOption "sbat-distro-version" version) + + # Users + (lib.mesonOption "system-uid-max" "999") + (lib.mesonOption "system-gid-max" "999") + + # SysVinit + (lib.mesonOption "sysvinit-path" "") + (lib.mesonOption "sysvrcnd-path" "") + + # Login + (lib.mesonOption "sulogin-path" "${util-linux.login}/bin/sulogin") + (lib.mesonOption "nologin-path" "${util-linux.login}/bin/nologin") + + # Mount + (lib.mesonOption "mount-path" "${lib.getOutput "mount" util-linux}/bin/mount") + (lib.mesonOption "umount-path" "${lib.getOutput "mount" util-linux}/bin/umount") + + + # Features + + # Tests + (lib.mesonBool "tests" withTests) + (lib.mesonEnable "glib" withTests) + (lib.mesonEnable "dbus" withTests) + + # Compression + (lib.mesonEnable "bzip2" withCompression) + (lib.mesonEnable "lz4" withCompression) + (lib.mesonEnable "xz" withCompression) + (lib.mesonEnable "zstd" withCompression) + (lib.mesonEnable "zlib" withCompression) + + # NSS + (lib.mesonEnable "nss-mymachines" withNss) + (lib.mesonEnable "nss-resolve" withNss) + (lib.mesonBool "nss-myhostname" withNss) + (lib.mesonBool "nss-systemd" withNss) + + # Cryptsetup + (lib.mesonEnable "libcryptsetup" withCryptsetup) + (lib.mesonEnable "libcryptsetup-plugins" withCryptsetup) + (lib.mesonEnable "p11kit" (withHomed || withCryptsetup)) + + # FIDO2 + (lib.mesonEnable "libfido2" withFido2) + (lib.mesonEnable "openssl" withFido2) + + # Password Quality + (lib.mesonEnable "pwquality" withPasswordQuality) + (lib.mesonEnable "passwdqc" false) + + # Remote + (lib.mesonEnable "remote" withRemote) + (lib.mesonEnable "microhttpd" withRemote) + + (lib.mesonEnable "pam" withPam) + (lib.mesonEnable "acl" withAcl) + (lib.mesonEnable "audit" withAudit) + (lib.mesonEnable "apparmor" withApparmor) + (lib.mesonEnable "gcrypt" wantGcrypt) + (lib.mesonEnable "importd" withImportd) + (lib.mesonEnable "homed" withHomed) + (lib.mesonEnable "polkit" withPolkit) + (lib.mesonEnable "elfutils" withCoredump) + (lib.mesonEnable "libcurl" wantCurl) + (lib.mesonEnable "libidn" false) + (lib.mesonEnable "libidn2" withLibidn2) + (lib.mesonEnable "libiptc" withIptables) + (lib.mesonEnable "repart" withRepart) + (lib.mesonEnable "sysupdate" withSysupdate) + (lib.mesonEnable "selinux" withSelinux) + (lib.mesonEnable "tpm2" withTpm2Tss) + (lib.mesonEnable "pcre2" withPCRE2) + (lib.mesonEnable "bpf-framework" withLibBPF) + (lib.mesonEnable "bootloader" withBootloader) + (lib.mesonEnable "ukify" withUkify) + (lib.mesonEnable "kmod" withKmod) + (lib.mesonEnable "qrencode" withQrencode) + (lib.mesonEnable "vmspawn" withVmspawn) + (lib.mesonEnable "xenctrl" false) + (lib.mesonEnable "gnutls" false) + (lib.mesonEnable "xkbcommon" false) + (lib.mesonEnable "man" true) + + (lib.mesonBool "analyze" withAnalyze) + (lib.mesonBool "logind" withLogind) + (lib.mesonBool "localed" withLocaled) + (lib.mesonBool "hostnamed" withHostnamed) + (lib.mesonBool "machined" withMachined) + (lib.mesonBool "networkd" withNetworkd) + (lib.mesonBool "oomd" withOomd) + (lib.mesonBool "portabled" withPortabled) + (lib.mesonBool "hwdb" withHwdb) + (lib.mesonBool "timedated" withTimedated) + (lib.mesonBool "timesyncd" withTimesyncd) + (lib.mesonBool "userdb" withUserDb) + (lib.mesonBool "coredump" withCoredump) + (lib.mesonBool "firstboot" withFirstboot) + (lib.mesonBool "resolve" withResolved) + (lib.mesonBool "sysusers" withSysusers) + (lib.mesonBool "efi" withEfi) + (lib.mesonBool "utmp" withUtmp) + (lib.mesonBool "log-trace" withLogTrace) + (lib.mesonBool "quotacheck" false) + (lib.mesonBool "ldconfig" false) + (lib.mesonBool "install-sysconfdir" false) + (lib.mesonBool "create-log-dirs" false) + (lib.mesonBool "smack" true) + (lib.mesonBool "b_pie" true) - "-Defi=${lib.boolToString withEfi}" - "-Dbootloader=${lib.boolToString withBootloader}" - - "-Dukify=${lib.boolToString withUkify}" ] ++ lib.optionals (withShellCompletions == false) [ - "-Dbashcompletiondir=no" - "-Dzshcompletiondir=no" - ] ++ lib.optionals (!withNss) [ - "-Dnss-myhostname=false" - "-Dnss-mymachines=false" - "-Dnss-resolve=false" - "-Dnss-systemd=false" - ] ++ lib.optionals withLibBPF [ - "-Dbpf-framework=true" - ] ++ lib.optionals withTpm2Tss [ - "-Dtpm2=true" - ] ++ lib.optionals (!withUtmp) [ - "-Dutmp=false" + (lib.mesonOption "bashcompletiondir" "no") + (lib.mesonOption "zshcompletiondir" "no") ] ++ lib.optionals stdenv.hostPlatform.isMusl [ - "-Dgshadow=false" - "-Didn=false" - ] ++ lib.optionals withKmod [ - "-Dkmod=true" - "-Dkmod-path=${kmod}/bin/kmod" - ] ++ lib.optionals withLogTrace [ - "-Dlog-trace=true" + (lib.mesonBool "gshadow" false) + (lib.mesonBool "idn" false) ]; preConfigure = let - # A list of all the runtime binaries that the systemd executables, tests and libraries are referencing in their source code, scripts and unit files. - # As soon as a dependency isn't required anymore we should remove it from the list. The `where` attribute for each of the replacement patterns must be exhaustive. If another (unhandled) case is found in the source code the build fails with an error message. + # A list of all the runtime binaries referenced by the source code (plus + # scripts and unit files) of systemd executables, tests and libraries. + # As soon as a dependency is lo longer required we should remove it from + # the list. + # The `where` attribute for each of the replacement patterns must be + # exhaustive. If another (unhandled) case is found in the source code the + # build fails with an error message. binaryReplacements = [ - { search = "/usr/bin/getent"; replacement = "${getent}/bin/getent"; where = [ "src/nspawn/nspawn-setuid.c" ]; } - + { + search = "/usr/bin/getent"; + replacement = "${getent}/bin/getent"; + where = [ "src/nspawn/nspawn-setuid.c" ]; + } { search = "/sbin/mkswap"; replacement = "${lib.getBin util-linux}/sbin/mkswap"; @@ -586,8 +649,19 @@ stdenv.mkDerivation (finalAttrs: { "man/systemd-makefs@.service.xml" ]; } - { search = "/sbin/swapon"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; where = [ "src/core/swap.c" "src/basic/unit-def.h" ]; } - { search = "/sbin/swapoff"; replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; where = [ "src/core/swap.c" ]; } + { + search = "/sbin/swapon"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon"; + where = [ + "src/core/swap.c" + "src/basic/unit-def.h" + ]; + } + { + search = "/sbin/swapoff"; + replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff"; + where = [ "src/core/swap.c" ]; + } { search = "/bin/echo"; replacement = "${coreutils}/bin/echo"; @@ -604,14 +678,15 @@ stdenv.mkDerivation (finalAttrs: { { search = "/bin/cat"; replacement = "${coreutils}/bin/cat"; - where = [ "test/test-execute/exec-noexecpaths-simple.service" "src/journal/cat.c" ]; + where = [ + "test/test-execute/exec-noexecpaths-simple.service" + "src/journal/cat.c" + ]; } { search = "/usr/lib/systemd/systemd-fsck"; replacement = "$out/lib/systemd/systemd-fsck"; - where = [ - "man/systemd-fsck@.service.xml" - ]; + where = [ "man/systemd-fsck@.service.xml" ]; } ] ++ lib.optionals withImportd [ { @@ -640,10 +715,14 @@ stdenv.mkDerivation (finalAttrs: { ]; } ] ++ lib.optionals withKmod [ - { search = "/sbin/modprobe"; replacement = "${lib.getBin kmod}/sbin/modprobe"; where = [ "units/modprobe@.service" ]; } + { + search = "/sbin/modprobe"; + replacement = "${lib.getBin kmod}/sbin/modprobe"; + where = [ "units/modprobe@.service" ]; + } ]; - # { replacement, search, where } -> List[str] + # { replacement, search, where, ignore } -> List[str] mkSubstitute = { replacement, search, where, ignore ? [ ] }: map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where; mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }: @@ -736,18 +815,18 @@ stdenv.mkDerivation (finalAttrs: { mv $out/lib/sysusers.d $out/example ''; - # Avoid *.EFI binary stripping. At least on aarch64-linux strip - # removes too much from PE32+ files: + # Avoid *.EFI binary stripping. + # At least on aarch64-linux strip removes too much from PE32+ files: # https://github.com/NixOS/nixpkgs/issues/169693 - # The hack is to move EFI file out of lib/ before doStrip - # run and return it after doStrip run. + # The hack is to move EFI file out of lib/ before doStrip run and return it + # after doStrip run. preFixup = lib.optionalString withBootloader '' mv $out/lib/systemd/boot/efi $out/dont-strip-me ''; # Wrap in the correct path for LUKS2 tokens. postFixup = lib.optionalString withCryptsetup '' - for f in lib/systemd/systemd-cryptsetup bin/systemd-cryptenroll; do + for f in bin/systemd-cryptsetup bin/systemd-cryptenroll; do # This needs to be in LD_LIBRARY_PATH because rpath on a binary is not propagated to libraries using dlopen, in this case `libcryptsetup.so` wrapProgram $out/$f --prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib/cryptsetup done @@ -757,7 +836,7 @@ stdenv.mkDerivation (finalAttrs: { # To cross compile a derivation that builds a UKI with ukify, we need to wrap # ukify with the correct binutils. When wrapping, no splicing happens so we # have to explicitly pull binutils from targetPackages. - wrapProgram $out/lib/systemd/ukify --prefix PATH : ${lib.makeBinPath [ targetPackages.stdenv.cc.bintools ] }:${placeholder "out"}/lib/systemd + wrapProgram $out/bin/ukify --prefix PATH : ${lib.makeBinPath [ targetPackages.stdenv.cc.bintools ] }:${placeholder "out"}/lib/systemd ''; disallowedReferences = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) @@ -765,15 +844,15 @@ stdenv.mkDerivation (finalAttrs: { (builtins.map (p: p.__spliced.buildHost or p) finalAttrs.nativeBuildInputs); passthru = { - # The interface version prevents NixOS from switching to an - # incompatible systemd at runtime. (Switching across reboots is - # fine, of course.) It should be increased whenever systemd changes - # in a backwards-incompatible way. If the interface version of two - # systemd builds is the same, then we can switch between them at - # runtime; otherwise we can't and we need to reboot. + # The `interfaceVersion` attribute below points out the incompatibilities + # between systemd versions. When the new systemd build is + # backwards-compatible with the previous one, then they can be switched at + # runtime (the reboot being optional in this case); otherwise, a reboot is + # needed - and therefore `interfaceVersion` should be incremented. interfaceVersion = 2; - inherit withCryptsetup withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; + inherit withCryptsetup withHostnamed withImportd withKmod withLocaled + withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; tests = { inherit (nixosTests) @@ -781,19 +860,53 @@ stdenv.mkDerivation (finalAttrs: { systemd-journal systemd-journal-gateway systemd-journal-upload; - cross = pkgsCross.${if stdenv.buildPlatform.isAarch64 then "gnu64" else "aarch64-multiplatform"}.systemd; + cross = + let + systemString = + if stdenv.buildPlatform.isAarch64 + then "gnu64" + else "aarch64-multiplatform"; + in + pkgsCross.${systemString}.systemd; }; }; - meta = with lib; { + meta = { homepage = "https://www.freedesktop.org/wiki/Software/systemd/"; description = "A system and service manager for Linux"; - license = licenses.lgpl21Plus; - platforms = platforms.linux; + longDescription = '' + systemd is a suite of basic building blocks for a Linux system. It + provides a system and service manager that runs as PID 1 and starts the + rest of the system. systemd provides aggressive parallelization + capabilities, uses socket and D-Bus activation for starting services, + offers on-demand starting of daemons, keeps track of processes using Linux + control groups, maintains mount and automount points, and implements an + elaborate transactional dependency-based service control logic. systemd + supports SysV and LSB init scripts and works as a replacement for + sysvinit. Other parts include a logging daemon, utilities to control basic + system configuration like the hostname, date, locale, maintain a list of + logged-in users and running containers and virtual machines, system + accounts, runtime directories and settings, and daemons to manage simple + network configuration, network time synchronization, log forwarding, and + name resolution. + ''; + license = with lib.licenses; [ + # Taken from https://raw.githubusercontent.com/systemd/systemd-stable/${finalAttrs.src.rev}/LICENSES/README.md + bsd2 + bsd3 + cc0 + lgpl21Plus + lgpl2Plus + mit + mit0 + ofl + publicDomain + ]; + maintainers = with lib.maintainers; [ flokli kloenk ]; + platforms = lib.platforms.linux; + priority = 10; badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ]; # https://github.com/systemd/systemd/issues/20600#issuecomment-912338965 broken = stdenv.hostPlatform.isStatic; - priority = 10; - maintainers = with maintainers; [ flokli kloenk ]; }; }) diff --git a/nixpkgs/pkgs/os-specific/linux/tailor-gui/default.nix b/nixpkgs/pkgs/os-specific/linux/tailor-gui/default.nix index ecbec75fd82d..d8aace99e4ef 100644 --- a/nixpkgs/pkgs/os-specific/linux/tailor-gui/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/tailor-gui/default.nix @@ -17,7 +17,7 @@ let src = tuxedo-rs.src; sourceRoot = "source/tailor_gui"; pname = "tailor_gui"; - version = tuxedo-rs.version; + version = "0.2.3"; in stdenv.mkDerivation { @@ -54,7 +54,7 @@ stdenv.mkDerivation { ''; homepage = "https://github.com/AaronErhardt/tuxedo-rs"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ mrcjkb ]; + maintainers = with maintainers; [ mrcjkb xaverdh ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/targetcli/default.nix b/nixpkgs/pkgs/os-specific/linux/targetcli/default.nix index f6bb705258f1..6058b3509772 100644 --- a/nixpkgs/pkgs/os-specific/linux/targetcli/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/targetcli/default.nix @@ -2,13 +2,13 @@ python3.pkgs.buildPythonApplication rec { pname = "targetcli"; - version = "2.1.57"; + version = "2.1.58"; src = fetchFromGitHub { owner = "open-iscsi"; repo = "${pname}-fb"; rev = "v${version}"; - hash = "sha256-7JRNHKku9zTeSafL327hkM/E5EWTKqwPudCfmngvWuo="; + hash = "sha256-9QYo7jGk9iWr26j0qPQCqYsJ+vLXAsO4Xs7+7VT9/yc="; }; propagatedBuildInputs = with python3.pkgs; [ configshell rtslib ]; @@ -26,6 +26,7 @@ python3.pkgs.buildPythonApplication rec { description = "A command shell for managing the Linux LIO kernel target"; homepage = "https://github.com/open-iscsi/targetcli-fb"; license = licenses.asl20; + maintainers = lib.teams.helsinki-systems.members; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/tuxedo-rs/default.nix b/nixpkgs/pkgs/os-specific/linux/tuxedo-rs/default.nix index 04c1518aab83..ca48571b7933 100644 --- a/nixpkgs/pkgs/os-specific/linux/tuxedo-rs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/tuxedo-rs/default.nix @@ -1,29 +1,33 @@ { lib , fetchFromGitHub , rustPlatform +, testers +, tuxedo-rs }: -let +rustPlatform.buildRustPackage rec { + pname = "tuxedo-rs"; + version = "0.3.0"; # NOTE: This src is shared with tailor-gui. # When updating, the tailor-gui.cargoDeps hash needs to be updated. src = fetchFromGitHub { owner = "AaronErhardt"; repo = "tuxedo-rs"; - rev = "74b863e6dcb1ec2e6c8fb02c16bb6f23b59e67f6"; - hash = "sha256-Yujki2vGzaT8Ze5Usk8FPg8bn86MvyyPTiWuWwEw7Xs="; + rev = "tailor-v${version}"; + hash = "sha256-5F9Xo+tnmYqmFiKrKMe+EEqypmG9iIvwai5yuKCm00Y="; }; -in -rustPlatform.buildRustPackage { - pname = "tuxedo-rs"; - version = "0.2.3"; - - inherit src; # Some of the tests are impure and rely on files in /etc/tailord doCheck = false; - cargoHash = "sha256-uYt442u/BIzw/lBu18LrsJf5D46oUOFzBJ5pUjCpK6w="; + cargoHash = "sha256-EPbh1elLOJKOrYLeBSaZ27zWGYFajiD60eFGEGaCJKw="; + + passthru.tests.version = testers.testVersion { + package = tuxedo-rs; + command = "${meta.mainProgram} --version"; + version = version; + }; postInstall = '' install -Dm444 tailord/com.tux.Tailor.conf -t $out/share/dbus-1/system.d @@ -40,8 +44,8 @@ rustPlatform.buildRustPackage { ''; homepage = "https://github.com/AaronErhardt/tuxedo-rs"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ mrcjkb ]; + maintainers = with maintainers; [ mrcjkb xaverdh ]; platforms = platforms.linux; + mainProgram = "tailor"; }; } - diff --git a/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix b/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix index c8af2563d622..931d9edc8c37 100644 --- a/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , stdenvNoCC , fetchurl , appimageTools @@ -11,12 +12,12 @@ let pname = "uhk-agent"; - version = "3.2.2"; + version = "3.3.0"; src = fetchurl { url = "https://github.com/UltimateHackingKeyboard/agent/releases/download/v${version}/UHK.Agent-${version}-linux-x86_64.AppImage"; name = "${pname}-${version}.AppImage"; - sha256 = "sha256-0kNcpdYktgzIPVvfSitJ5aIuhJvCEcbubumHhW00QUE="; + sha256 = "sha256-jkIuXKTm8imq1U7kbQhK7LkEeI2qz0Gu7rWuDn6Ex+c="; }; appimageContents = appimageTools.extract { @@ -36,9 +37,14 @@ stdenvNoCC.mkDerivation { ]; buildInputs = [ + stdenv.cc.cc.lib libusb1 ]; + autoPatchelfIgnoreMissingDeps = [ + "libc.musl-x86_64.so.1" + ]; + installPhase = '' runHook preInstall diff --git a/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix b/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix index 997cbe18ba7d..691fa523b522 100644 --- a/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix +++ b/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix @@ -17,23 +17,24 @@ callPackage ./generic.nix args { # check the release notes for compatible kernels kernelCompatible = if stdenv'.isx86_64 || removeLinuxDRM - then kernel.kernelOlder "6.7" + then kernel.kernelOlder "6.8" else kernel.kernelOlder "6.2"; latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM - then linuxKernel.packages.linux_6_6 + then linuxKernel.packages.linux_6_7 else linuxKernel.packages.linux_6_1; # this package should point to a version / git revision compatible with the latest kernel release # IMPORTANT: Always use a tagged release candidate or commits from the # zfs-<version>-staging branch, because this is tested by the OpenZFS # maintainers. - version = "2.2.2"; + version = "2.2.3-unstable-2024-01-26"; + rev = "3425484eb907d489c315cced2a1fdea08ef03fc4"; isUnstable = true; tests = [ nixosTests.zfs.unstable ]; - hash = "sha256-CqhETAwhWMhbld5ib3Rz1dxms+GQbLwjEZw/V7U/2nE="; + hash = "sha256-P8PIp0qRHm/fxYdxWKVRX9LR5tKZR7fFUSY90QDE/lU="; } |