diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-08-23 10:09:14 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-08-26 09:07:03 +0000 |
| commit | 63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f (patch) | |
| tree | d58934cb48f9c953b19a0d0d5cffc0d0c5561471 /nixpkgs/pkgs/os-specific | |
| parent | c4eef3dacb2a3d359561f30917d9e3cc4e041be9 (diff) | |
| parent | 91a22f76cd1716f9d0149e8a5c68424bb691de15 (diff) | |
| download | nixlib-63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f.tar nixlib-63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f.tar.gz nixlib-63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f.tar.bz2 nixlib-63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f.tar.lz nixlib-63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f.tar.xz nixlib-63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f.tar.zst nixlib-63dabcc77ef9a56655e1ca2ab2e25e6163a72c1f.zip | |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/pkgs/build-support/go/module.nix nixpkgs/pkgs/development/python-modules/django-mailman3/default.nix
Diffstat (limited to 'nixpkgs/pkgs/os-specific')
70 files changed, 1646 insertions, 558 deletions
diff --git a/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix b/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix index 136c9721c6bb..ff9f4d911f03 100644 --- a/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix +++ b/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, stdenvNoCC -, makeScopeWithSplicing, generateSplicesForMkScope +, makeScopeWithSplicing', generateSplicesForMkScope , buildPackages , bsdSetupHook, makeSetupHook , fetchgit, fetchzip, coreutils, groff, mandoc, byacc, flex, which, m4, gawk, substituteAll, runtimeShell @@ -66,11 +66,9 @@ let done ''; -in makeScopeWithSplicing - (generateSplicesForMkScope "freebsd") - (_: {}) - (_: {}) - (self: let +in makeScopeWithSplicing' { + otherSplices = generateSplicesForMkScope "freebsd"; + f = (self: let inherit (self) mkDerivation; in { inherit freebsdSrc; @@ -898,4 +896,5 @@ in makeScopeWithSplicing ''; }); -}) +}); +} diff --git a/nixpkgs/pkgs/os-specific/bsd/netbsd/default.nix b/nixpkgs/pkgs/os-specific/bsd/netbsd/default.nix index 11d8aa2ec3b0..5012a0c7d3c7 100644 --- a/nixpkgs/pkgs/os-specific/bsd/netbsd/default.nix +++ b/nixpkgs/pkgs/os-specific/bsd/netbsd/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, stdenvNoCC -, makeScopeWithSplicing, generateSplicesForMkScope +, makeScopeWithSplicing', generateSplicesForMkScope , buildPackages , bsdSetupHook, makeSetupHook, fetchcvs, groff, mandoc, byacc, flex , zlib @@ -26,17 +26,15 @@ let else "no"}" ]; -in makeScopeWithSplicing - (generateSplicesForMkScope "netbsd") - (_: {}) - (_: {}) - (self: let +in makeScopeWithSplicing' { + otherSplices = generateSplicesForMkScope "netbsd"; + f = (self: let inherit (self) mkDerivation; in { # Why do we have splicing and yet do `nativeBuildInputs = with self; ...`? # - # We use `makeScopeWithSplicing` because this should be used for all + # We use `makeScopeWithSplicing'` because this should be used for all # nested package sets which support cross, so the inner `callPackage` works # correctly. But for the inline packages we don't bother to use # `callPackage`. @@ -1011,4 +1009,5 @@ in makeScopeWithSplicing # END MISCELLANEOUS # -}) +}); +} diff --git a/nixpkgs/pkgs/os-specific/darwin/apparency/default.nix b/nixpkgs/pkgs/os-specific/darwin/apparency/default.nix new file mode 100644 index 000000000000..0bae99c14b37 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/darwin/apparency/default.nix @@ -0,0 +1,39 @@ +{ lib +, fetchurl +, stdenv +, undmg +}: + +stdenv.mkDerivation { + pname = "apparency"; + version = "1.5.1"; + + src = fetchurl { + url = "https://web.archive.org/web/20230815073821/https://www.mothersruin.com/software/downloads/Apparency.dmg"; + hash = "sha256-JpaBdlt8kTNFzK/yZVZ+ZFJ3DnPQbogJC7QBmtSVkoQ="; + }; + + nativeBuildInputs = [ undmg ]; + + sourceRoot = "Apparency.app"; + + installPhase = '' + runHook preInstall + + mkdir -p $out/Applications/Apparency.app $out/bin + cp -R . $out/Applications/Apparency.app + ln -s ../Applications/Apparency.app/Contents/MacOS/appy $out/bin + + runHook postInstall + ''; + + meta = { + description = "The App That Opens Apps"; + homepage = "https://www.mothersruin.com/software/Apparency/"; + license = lib.licenses.unfreeRedistributable; + maintainers = with lib.maintainers; [ Enzime ]; + mainProgram = "appy"; + platforms = lib.platforms.darwin; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + }; +} diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix index e44241171c60..3ac338d5c619 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix @@ -1,5 +1,17 @@ -{ lib, appleDerivation, xcbuild, ncurses, libutil, Libc }: +{ stdenv, lib, appleDerivation, xcbuild, ncurses, libutil, Libc }: +let + # Libc conflicts with libc++ 16, so provide only the header from it that’s needed to build. + msgcat = stdenv.mkDerivation { + pname = "Libc-msgcat"; + version = lib.getVersion Libc; + + buildCommand = '' + mkdir -p "$out/include" + ln -s ${lib.getDev Libc}/include/msgcat.h "$out/include/" + ''; + }; +in appleDerivation { # We can't just run the root build, because https://github.com/facebook/xcbuild/issues/264 @@ -44,7 +56,7 @@ appleDerivation { ''; nativeBuildInputs = [ xcbuild ]; - buildInputs = [ ncurses libutil Libc ]; + buildInputs = [ ncurses libutil msgcat ]; meta = { platforms = lib.platforms.darwin; diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix index b05d973bb3d3..7650dcdc8c70 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix @@ -63,6 +63,7 @@ appleDerivation' (if headersOnly then stdenvNoCC else stdenv) ( MIG = "mig"; MIGCOM = "migcom"; STRIP = "${stdenv.cc.bintools.targetPrefix or ""}strip"; + RANLIB = "${stdenv.cc.bintools.targetPrefix or ""}ranlib"; NM = "${stdenv.cc.bintools.targetPrefix or ""}nm"; UNIFDEF = "unifdef"; DSYMUTIL = "dsymutil"; diff --git a/nixpkgs/pkgs/os-specific/darwin/dark-mode-notify/default.nix b/nixpkgs/pkgs/os-specific/darwin/dark-mode-notify/default.nix new file mode 100644 index 000000000000..31d1a2c8d8b9 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/darwin/dark-mode-notify/default.nix @@ -0,0 +1,40 @@ +{ lib +, fetchFromGitHub +, stdenv +, swift +, swiftpm +, darwin +}: + +stdenv.mkDerivation (final: { + pname = "dark-mode-notify"; + version = "unstable-2022-07-18"; + + src = fetchFromGitHub { + owner = "bouk"; + repo = "dark-mode-notify"; + rev = "4d7fe211f81c5b67402fad4bed44995344a260d1"; + hash = "sha256-LsAQ5v5jgJw7KsJnQ3Mh6+LNj1EMHICMoD5WzF3hRmU="; + }; + + nativeBuildInputs = [ + swift + swiftpm + ]; + + buildInputs = with darwin.apple_sdk.frameworks; [ + Foundation + Cocoa + ]; + + makeFlags = [ "prefix=$(out)" ]; + + meta = { + description = "Run a script whenever dark mode changes in macOS"; + homepage = "https://github.com/bouk/dark-mode-notify"; + # Doesn't build on x86_64 because of some CoreGraphics issue, even with SDK 11.0 + platforms = [ "aarch64-darwin" ]; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ YorikSar ]; + }; +}) diff --git a/nixpkgs/pkgs/os-specific/darwin/raycast/default.nix b/nixpkgs/pkgs/os-specific/darwin/raycast/default.nix index 2116237ad666..4824bcff4f85 100644 --- a/nixpkgs/pkgs/os-specific/darwin/raycast/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/raycast/default.nix @@ -6,12 +6,12 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "raycast"; - version = "1.55.2"; + version = "1.57.1"; src = fetchurl { name = "Raycast.dmg"; url = "https://releases.raycast.com/releases/${finalAttrs.version}/download?build=universal"; - hash = "sha256-O+9dSXmkNxeY0Rvjn7dcStk/cqmM4y+lrXa5MymYUcY="; + hash = "sha256-ePHaNujW39LjMc+R2TZ1favJXeroHpbeuRNwmv8HgXc="; }; dontPatch = true; diff --git a/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix b/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix index dcdbdde1fae1..3eb75ab432fc 100644 --- a/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix @@ -7,11 +7,11 @@ stdenvNoCC.mkDerivation rec { pname = "rectangle"; - version = "0.68"; + version = "0.70"; src = fetchurl { url = "https://github.com/rxhanson/Rectangle/releases/download/v${version}/Rectangle${version}.dmg"; - hash = "sha256-N1zSMmRo6ux/b16K4Og68A5bfht2WWi7S40Yys3QkTY="; + hash = "sha256-YJYDzmFfLlXDupyEjoEAin5qynyLjXjuav1DSS/Q5zU="; }; sourceRoot = "."; @@ -37,7 +37,7 @@ stdenvNoCC.mkDerivation rec { homepage = "https://rectangleapp.com/"; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; platforms = platforms.darwin; - maintainers = with maintainers; [ Enzime ]; + maintainers = with maintainers; [ Enzime Intuinewin ]; license = licenses.mit; }; } diff --git a/nixpkgs/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix b/nixpkgs/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix new file mode 100644 index 000000000000..13595e3771a7 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix @@ -0,0 +1,13 @@ +{ writeTextFile, cctools, sigtool }: + +writeTextFile { + name = "post-link-sign-hook"; + executable = true; + + text = '' + if [ "$linkerOutput" != "/dev/null" ]; then + CODESIGN_ALLOCATE=${cctools}/bin/${cctools.targetPrefix}codesign_allocate \ + ${sigtool}/bin/codesign -f -s - "$linkerOutput" + fi + ''; +} diff --git a/nixpkgs/pkgs/os-specific/linux/bpfmon/default.nix b/nixpkgs/pkgs/os-specific/linux/bpfmon/default.nix index c75b9375e3b1..f0815376c2a0 100644 --- a/nixpkgs/pkgs/os-specific/linux/bpfmon/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bpfmon/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "bpfmon"; - version = "2.51"; + version = "2.52"; src = fetchFromGitHub { owner = "bbonev"; repo = "bpfmon"; rev = "refs/tags/v${version}"; - hash = "sha256-EGRxWq94BWceYXunzcOpMQv4g7cMjVCEWMR0ULGN2Jg="; + hash = "sha256-W7OnrC+FCxMd4YbYiybjIvO0LT7Hr1/0Y3BQwItaTBs="; }; buildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/bpftune/default.nix b/nixpkgs/pkgs/os-specific/linux/bpftune/default.nix index da1bd1b384bb..7ad8496647fb 100644 --- a/nixpkgs/pkgs/os-specific/linux/bpftune/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bpftune/default.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation rec { pname = "bpftune"; - version = "unstable-2023-07-14"; + version = "unstable-2023-08-02"; src = fetchFromGitHub { owner = "oracle-samples"; repo = "bpftune"; - rev = "66620152bf8c37ab592e9273fe87e567126801c2"; - hash = "sha256-U0O+F1DBF1xiaUKklwpZORBwF1T9wHM0SPQKUNaxKZk="; + rev = "f7e051a011d581a3c667b7f7b769862407d85f04"; + hash = "sha256-1tfr2vB/XRnpGJVwo2NQkXomz+J6AzvpS1P3rcAyAyI="; }; postPatch = '' @@ -32,6 +32,9 @@ stdenv.mkDerivation rec { substituteInPlace include/bpftune/libbpftune.h \ --replace /usr/lib64/bpftune/ "$out/lib/bpftune/" \ --replace /usr/local/lib64/bpftune/ "$out/lib/bpftune/" + + substituteInPlace src/Makefile sample_tuner/Makefile \ + --replace 'BPF_INCLUDE := /usr/include' 'BPF_INCLUDE := ${lib.getDev libbpf}/include' \ ''; nativeBuildInputs = [ @@ -50,7 +53,6 @@ stdenv.mkDerivation rec { "prefix=${placeholder "out"}" "confprefix=${placeholder "out"}/etc" "BPFTUNE_VERSION=${version}" - "BPF_INCLUDE=${lib.getDev libbpf}/include" "NL_INCLUDE=${lib.getDev libnl}/include/libnl3" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/brillo/default.nix b/nixpkgs/pkgs/os-specific/linux/brillo/default.nix index 4446ed005028..237b6db65b02 100644 --- a/nixpkgs/pkgs/os-specific/linux/brillo/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/brillo/default.nix @@ -27,6 +27,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Backlight and Keyboard LED control tool"; homepage = "https://gitlab.com/cameronnemo/brillo"; + mainProgram = "brillo"; license = [ licenses.gpl3 licenses.bsd0 ]; platforms = platforms.linux; maintainers = [ maintainers.alexarice ]; diff --git a/nixpkgs/pkgs/os-specific/linux/conky/default.nix b/nixpkgs/pkgs/os-specific/linux/conky/default.nix index 2c2f21022a77..3eb05f25936f 100644 --- a/nixpkgs/pkgs/os-specific/linux/conky/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/conky/default.nix @@ -67,13 +67,13 @@ with lib; stdenv.mkDerivation rec { pname = "conky"; - version = "1.19.2"; + version = "1.19.3"; src = fetchFromGitHub { owner = "brndnmtthws"; repo = "conky"; rev = "v${version}"; - hash = "sha256-AKU2kHYwhSmNrqZQWLmY82U+WQiuYiZKCJC5c0jG3KQ="; + hash = "sha256-Wt1g7/2PebpyxvIBihDBsl3DvM1EeRyOhD5ntlk0Oh0="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/consoletools/default.nix b/nixpkgs/pkgs/os-specific/linux/consoletools/default.nix index 8def013b956f..61ddd5203cdc 100644 --- a/nixpkgs/pkgs/os-specific/linux/consoletools/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/consoletools/default.nix @@ -1,15 +1,16 @@ -{ lib, stdenv, fetchurl, SDL }: +{ lib, stdenv, fetchurl, pkg-config, SDL, SDL2 }: stdenv.mkDerivation rec { pname = "linuxconsoletools"; - version = "1.6.1"; + version = "1.8.1"; src = fetchurl { url = "mirror://sourceforge/linuxconsole/${pname}-${version}.tar.bz2"; - sha256 = "0d2r3j916fl2y7pk1y82b9fvbr10dgs1gw7rqwzfpispdidb1mp9"; + sha256 = "sha256-TaKXRceCt9sY9fN8Sed78WMSHdN2Hi/HY2+gy/NcJFY="; }; - buildInputs = [ SDL ]; + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ SDL SDL2 ]; makeFlags = [ "DESTDIR=$(out)"]; diff --git a/nixpkgs/pkgs/os-specific/linux/dcgm/default.nix b/nixpkgs/pkgs/os-specific/linux/dcgm/default.nix index 36c7e3ca6880..32842a8eea0e 100644 --- a/nixpkgs/pkgs/os-specific/linux/dcgm/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/dcgm/default.nix @@ -104,36 +104,30 @@ in gcc11Stdenv.mkDerivation rec { hardeningDisable = [ "all" ]; + strictDeps = true; + nativeBuildInputs = [ - addOpenGLRunpath + # autoAddOpenGLRunpathHook does not actually depend on or incur any dependency + # of cudaPackages. It merely adds an impure, non-Nix PATH to the RPATHs of + # executables that need to use cuda at runtime. + cudaPackages_12.autoAddOpenGLRunpathHook + cmake git python3 + ]; - jsoncpp-static - jsoncpp-static.dev - libevent-nossl-static - libevent-nossl-static.dev + buildInputs = [ plog.dev # header-only tclap_1_4 # header-only - ]; - buildInputs = [ catch2 fmt_9 + jsoncpp-static + libevent-nossl-static yaml-cpp ]; - # libcuda.so must be found at runtime because it is supplied by the NVIDIA - # driver. autoAddOpenGLRunpathHook breaks on the statically linked exes. - postFixup = '' - find "$out/bin" "$out/lib" -type f -executable -print0 | while IFS= read -r -d "" f; do - if isELF "$f" && [[ $(patchelf --print-needed "$f" || true) == *libcuda.so* ]]; then - addOpenGLRunpath "$f" - fi - done - ''; - disallowedReferences = lib.concatMap (x: x.pkgSet) cudaPackageSetByVersion; meta = with lib; { diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix index d0bc79eaa767..30f10faab30a 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix @@ -1,7 +1,7 @@ # This file is autogenerated! Run ./update.sh to regenerate. { - version = "20230804"; - revision = "20230804"; - sourceHash = "sha256-TejOQazlH0rBuFHkHooYjR5slpjoSF7TaXvCVUvzevs="; - outputHash = "sha256-lD31M1Vio/MJlfKeHGT21xBzQETwgdeiObxPq79SrvU="; + version = "20230809"; + revision = "f2eb058afc57348cde66852272d6bf11da1eef8f"; + sourceHash = "sha256-tflH32hvHstFNZe1wJMV7gekekbhiUGkBUIUy1n203Q="; + outputHash = "sha256-OkqLvefP+KNk/zYPIiYOUA9i9evy9bX36No8Kw03RP0="; } diff --git a/nixpkgs/pkgs/os-specific/linux/iio-sensor-proxy/default.nix b/nixpkgs/pkgs/os-specific/linux/iio-sensor-proxy/default.nix index 05fd82401a29..3da9396d618e 100644 --- a/nixpkgs/pkgs/os-specific/linux/iio-sensor-proxy/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iio-sensor-proxy/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitLab +, glib , cmake , libxml2 , meson @@ -38,6 +39,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ meson cmake + glib libxml2 ninja pkg-config diff --git a/nixpkgs/pkgs/os-specific/linux/ima-evm-utils/default.nix b/nixpkgs/pkgs/os-specific/linux/ima-evm-utils/default.nix index 23a58ae65e0c..34889783034c 100644 --- a/nixpkgs/pkgs/os-specific/linux/ima-evm-utils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/ima-evm-utils/default.nix @@ -1,4 +1,14 @@ -{ lib, stdenv, fetchgit, autoreconfHook, pkg-config, openssl, attr, keyutils, asciidoc, libxslt, docbook_xsl }: +{ lib +, stdenv +, fetchgit +, autoreconfHook +, pkg-config +, openssl +, keyutils +, asciidoc +, libxslt +, docbook_xsl +}: stdenv.mkDerivation rec { pname = "ima-evm-utils"; @@ -10,16 +20,27 @@ stdenv.mkDerivation rec { sha256 = "sha256-WPBG7v29JHZ+ZGeLgA2gtLzZmaG0Xdvpq+BZ6NriY+A="; }; - nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ openssl attr keyutils asciidoc libxslt ]; + strictDeps = true; - MANPAGE_DOCBOOK_XSL = "${docbook_xsl}/xml/xsl/docbook/manpages/docbook.xsl"; + nativeBuildInputs = [ + autoreconfHook + pkg-config + asciidoc + libxslt + ]; + + buildInputs = [ + openssl + keyutils + ]; + + env.MANPAGE_DOCBOOK_XSL = "${docbook_xsl}/xml/xsl/docbook/manpages/docbook.xsl"; meta = { description = "evmctl utility to manage digital signatures of the Linux kernel integrity subsystem (IMA/EVM)"; homepage = "https://sourceforge.net/projects/linux-ima/"; license = lib.licenses.gpl2; platforms = lib.platforms.linux; - maintainers = with lib.maintainers; [ ]; + maintainers = with lib.maintainers; [ nickcao ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/jool/cli.nix b/nixpkgs/pkgs/os-specific/linux/jool/cli.nix index e6a41ef31ecf..ee5ee1128a86 100644 --- a/nixpkgs/pkgs/os-specific/linux/jool/cli.nix +++ b/nixpkgs/pkgs/os-specific/linux/jool/cli.nix @@ -1,4 +1,6 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pkg-config, libnl, iptables }: +{ lib, stdenv, fetchFromGitHub, nixosTests +, autoreconfHook, pkg-config, libnl, iptables +}: let sourceAttrs = (import ./source.nix) { inherit fetchFromGitHub; }; @@ -10,6 +12,10 @@ stdenv.mkDerivation { src = sourceAttrs.src; + patches = [ + ./validate-config.patch + ]; + outputs = [ "out" "man" @@ -24,6 +30,8 @@ stdenv.mkDerivation { sed -e 's%^XTABLES_SO_DIR = .*%XTABLES_SO_DIR = '"$out"'/lib/xtables%g' -i src/usr/iptables/Makefile ''; + passthru.tests = { inherit (nixosTests) jool; }; + meta = with lib; { homepage = "https://www.jool.mx/"; description = "Fairly compliant SIIT and Stateful NAT64 for Linux - CLI tools"; diff --git a/nixpkgs/pkgs/os-specific/linux/jool/default.nix b/nixpkgs/pkgs/os-specific/linux/jool/default.nix index 2ee5f0d6e078..91276cbc11b1 100644 --- a/nixpkgs/pkgs/os-specific/linux/jool/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/jool/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch, kernel }: +{ lib, stdenv, fetchFromGitHub, kernel, nixosTests }: let sourceAttrs = (import ./source.nix) { inherit fetchFromGitHub; }; @@ -23,6 +23,8 @@ stdenv.mkDerivation { installTargets = "modules_install"; + passthru.tests = { inherit (nixosTests) jool; }; + meta = with lib; { homepage = "https://www.jool.mx/"; description = "Fairly compliant SIIT and Stateful NAT64 for Linux - kernel modules"; diff --git a/nixpkgs/pkgs/os-specific/linux/jool/validate-config.patch b/nixpkgs/pkgs/os-specific/linux/jool/validate-config.patch new file mode 100644 index 000000000000..8841b6fb14f3 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/jool/validate-config.patch @@ -0,0 +1,193 @@ +From df0a1cf61188b5b7bb98675d746cb63d9300f148 Mon Sep 17 00:00:00 2001 +From: rnhmjoj <rnhmjoj@inventati.org> +Date: Sat, 1 Jul 2023 18:47:05 +0200 +Subject: [PATCH] Add mode to validate the atomic configuration + +--- + src/usr/argp/main.c | 6 ++++++ + src/usr/argp/wargp/file.c | 26 +++++++++++++++++++++++++- + src/usr/argp/wargp/file.h | 1 + + src/usr/nl/file.c | 32 ++++++++++++++++++++++---------- + src/usr/nl/file.h | 3 ++- + 5 files changed, 56 insertions(+), 12 deletions(-) + +diff --git a/src/usr/argp/main.c b/src/usr/argp/main.c +index 744a6df0..d04917da 100644 +--- a/src/usr/argp/main.c ++++ b/src/usr/argp/main.c +@@ -238,6 +238,12 @@ static struct cmd_option file_ops[] = { + .handler = handle_file_update, + .handle_autocomplete = autocomplete_file_update, + }, ++ { ++ .label = "check", ++ .xt = XT_ANY, ++ .handler = handle_file_check, ++ .handle_autocomplete = autocomplete_file_update, ++ }, + { 0 }, + }; + +diff --git a/src/usr/argp/wargp/file.c b/src/usr/argp/wargp/file.c +index 0951b544..27ee3e64 100644 +--- a/src/usr/argp/wargp/file.c ++++ b/src/usr/argp/wargp/file.c +@@ -26,6 +26,30 @@ static struct wargp_option update_opts[] = { + { 0 }, + }; + ++int handle_file_check(char *iname, int argc, char **argv, void const *arg) ++{ ++ struct update_args uargs = { 0 }; ++ struct joolnl_socket sk = { 0 }; ++ struct jool_result result; ++ ++ result.error = wargp_parse(update_opts, argc, argv, &uargs); ++ if (result.error) ++ return result.error; ++ ++ if (!uargs.file_name.value) { ++ struct requirement reqs[] = { ++ { false, "a file name" }, ++ { 0 } ++ }; ++ return requirement_print(reqs); ++ } ++ ++ result = joolnl_file_parse(&sk, xt_get(), iname, uargs.file_name.value, ++ uargs.force.value, true); ++ ++ return pr_result(&result); ++} ++ + int handle_file_update(char *iname, int argc, char **argv, void const *arg) + { + struct update_args uargs = { 0 }; +@@ -49,7 +73,7 @@ int handle_file_update(char *iname, int argc, char **argv, void const *arg) + return pr_result(&result); + + result = joolnl_file_parse(&sk, xt_get(), iname, uargs.file_name.value, +- uargs.force.value); ++ uargs.force.value, false); + + joolnl_teardown(&sk); + return pr_result(&result); +diff --git a/src/usr/argp/wargp/file.h b/src/usr/argp/wargp/file.h +index ce5de508..8ea4a4d2 100644 +--- a/src/usr/argp/wargp/file.h ++++ b/src/usr/argp/wargp/file.h +@@ -2,6 +2,7 @@ + #define SRC_USR_ARGP_WARGP_FILE_H_ + + int handle_file_update(char *iname, int argc, char **argv, void const *arg); ++int handle_file_check(char *iname, int argc, char **argv, void const *arg); + void autocomplete_file_update(void const *args); + + #endif /* SRC_USR_ARGP_WARGP_FILE_H_ */ +diff --git a/src/usr/nl/file.c b/src/usr/nl/file.c +index f9413236..51a668bd 100644 +--- a/src/usr/nl/file.c ++++ b/src/usr/nl/file.c +@@ -29,6 +29,7 @@ static struct joolnl_socket sk; + static char const *iname; + static xlator_flags flags; + static __u8 force; ++static bool check; + + struct json_meta { + char const *name; /* This being NULL signals the end of the array. */ +@@ -163,9 +164,11 @@ static struct jool_result handle_array(cJSON *json, int attrtype, char *name, + goto too_small; + + nla_nest_end(msg, root); +- result = joolnl_request(&sk, msg, NULL, NULL); +- if (result.error) +- return result; ++ if (!check) { ++ result = joolnl_request(&sk, msg, NULL, NULL); ++ if (result.error) ++ return result; ++ } + + msg = NULL; + json = json->prev; +@@ -179,6 +182,8 @@ static struct jool_result handle_array(cJSON *json, int attrtype, char *name, + return result_success(); + + nla_nest_end(msg, root); ++ if (check) ++ return result_success(); + return joolnl_request(&sk, msg, NULL, NULL); + + too_small: +@@ -244,6 +249,8 @@ static struct jool_result handle_global(cJSON *json) + + nla_nest_end(msg, root); + free(meta); ++ if (check) ++ return result_success(); + return joolnl_request(&sk, msg, NULL, NULL); + + revert_meta: +@@ -654,9 +661,11 @@ static struct jool_result send_ctrl_msg(bool init) + else + NLA_PUT(msg, JNLAR_ATOMIC_END, 0, NULL); + +- result = joolnl_request(&sk, msg, NULL, NULL); +- if (result.error) +- return result; ++ if (!check) { ++ result = joolnl_request(&sk, msg, NULL, NULL); ++ if (result.error) ++ return result; ++ } + + return result_success(); + +@@ -683,9 +692,11 @@ static struct jool_result do_parsing(char const *iname, char *buffer) + if (result.error) + goto fail; + +- result = send_ctrl_msg(true); +- if (result.error) +- goto fail; ++ if (!check) { ++ result = send_ctrl_msg(true); ++ if (result.error) ++ goto fail; ++ } + + switch (xlator_flags2xt(flags)) { + case XT_SIIT: +@@ -718,12 +729,13 @@ fail: + } + + struct jool_result joolnl_file_parse(struct joolnl_socket *_sk, xlator_type xt, +- char const *iname, char const *file_name, bool _force) ++ char const *iname, char const *file_name, bool _force, bool _check) + { + char *buffer; + struct jool_result result; + + sk = *_sk; ++ check = _check; + flags = xt; + force = _force ? JOOLNLHDR_FLAGS_FORCE : 0; + +diff --git a/src/usr/nl/file.h b/src/usr/nl/file.h +index 51802aaf..8b4a66dd 100644 +--- a/src/usr/nl/file.h ++++ b/src/usr/nl/file.h +@@ -9,7 +9,8 @@ struct jool_result joolnl_file_parse( + xlator_type xt, + char const *iname, + char const *file_name, +- bool force ++ bool force, ++ bool check + ); + + struct jool_result joolnl_file_get_iname( +-- +2.40.1 + diff --git a/nixpkgs/pkgs/os-specific/linux/kbd/default.nix b/nixpkgs/pkgs/os-specific/linux/kbd/default.nix index fc7da8fe9baa..c19646ac529a 100644 --- a/nixpkgs/pkgs/os-specific/linux/kbd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kbd/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "kbd"; - version = "2.5.1"; + version = "2.6.1"; src = fetchurl { url = "mirror://kernel/linux/utils/kbd/${pname}-${version}.tar.xz"; - sha256 = "sha256-zN9FI4emOAlz0pJzY+nLuTn6IGiRWm+Tf/nSRSICRoM="; + sha256 = "sha256-LrbGyXK+lYm6tzMnW/AgvrX2RNX5Q5c3kg5wGvbPNIU="; }; # vlock is moved into its own output, since it depends on pam. This diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 3240fe93de19..c8ae911c1287 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -36,7 +36,10 @@ let debug = { # Necessary for BTF - DEBUG_INFO = yes; + DEBUG_INFO = mkMerge [ + (whenOlder "5.2" (if (features.debug or false) then yes else no)) + (whenBetween "5.2" "5.18" yes) + ]; DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes; # Reduced debug info conflict with BTF and have been enabled in # aarch64 defconfig since 5.13 @@ -59,8 +62,6 @@ let SUNRPC_DEBUG = yes; # Provide access to tunables like sched_migration_cost_ns SCHED_DEBUG = yes; - - GDB_SCRIPTS = yes; }; power-management = { @@ -1034,6 +1035,10 @@ let # Fresh toolchains frequently break -Werror build for minor issues. WERROR = whenAtLeast "5.15" no; + + # > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production. + # https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html + KUNIT = whenAtLeast "5.5" no; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { # Enable CPU/memory hotplug support # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix index 660521349053..a21890a38ca2 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix @@ -47,7 +47,7 @@ # symbolic name and `patch' is the actual patch. The patch may # optionally be compressed with gzip or bzip2. kernelPatches ? [] -, ignoreConfigErrors ? stdenv.hostPlatform.linux-kernel.name or "" != "pc" +, ignoreConfigErrors ? stdenv.hostPlatform.linux-kernel.name != "pc" , extraMeta ? {} , isZen ? false @@ -55,7 +55,7 @@ , isHardened ? false # easy overrides to stdenv.hostPlatform.linux-kernel members -, autoModules ? stdenv.hostPlatform.linux-kernel.autoModules or true +, autoModules ? stdenv.hostPlatform.linux-kernel.autoModules , preferBuiltin ? stdenv.hostPlatform.linux-kernel.preferBuiltin or false , kernelArch ? stdenv.hostPlatform.linuxArch , kernelTests ? [] @@ -128,8 +128,11 @@ let ++ lib.optionals (lib.versionAtLeast version "4.16") [ bison flex ] ++ lib.optional (lib.versionAtLeast version "5.2") pahole; + platformName = stdenv.hostPlatform.linux-kernel.name; # e.g. "defconfig" - kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig or "defconfig"; + kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig; + # e.g. "bzImage" + kernelTarget = stdenv.hostPlatform.linux-kernel.target; makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags ++ extraMakeFlags; @@ -220,7 +223,7 @@ let + toString (lib.attrNames (if lib.isAttrs args then args else args {})) ) overridableKernel; }; - in [ (nixosTests.kernel-generic.testsForKernel overridableKernel) ] ++ kernelTests; + in [ (nixosTests.kernel-generic.passthru.testsForKernel overridableKernel) ] ++ kernelTests; }; finalKernel = lib.extendDerivation true passthru kernel; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index 01d761a6eeb0..6148e5b6f3e6 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,71 +2,71 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.320-hardened1.patch", - "sha256": "1j457mfkxqzv996brwzxaib43s8fdpd5ngrnj61vs3vf8xcwk186", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.320-hardened1/linux-hardened-4.14.320-hardened1.patch" + "name": "linux-hardened-4.14.322-hardened1.patch", + "sha256": "1hshlg5b6n4i3zvx8rg3rnn16indg616sa4dy85w4pfcbjdzyzd3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.322-hardened1/linux-hardened-4.14.322-hardened1.patch" }, - "sha256": "09bn18jvazkc55bqdjbxy8fbca7vjhi9xl2h02w0sq3f1jf6g0pd", - "version": "4.14.320" + "sha256": "1r71g5p0cnbi0nixv91nyhv24dqmvh49rqb2lnbhsdq81fqm8ssm", + "version": "4.14.322" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.289-hardened1.patch", - "sha256": "1bi0cf15nqbk5hkhy76cd1xbb3fsnrgz705lry19v467hn3c0fx3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.289-hardened1/linux-hardened-4.19.289-hardened1.patch" + "name": "linux-hardened-4.19.291-hardened1.patch", + "sha256": "0mjrmgb1hqahk5l3sghyac5vza6my3sjldfh8xn498p5jq4bpdhj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.291-hardened1/linux-hardened-4.19.291-hardened1.patch" }, - "sha256": "1cx33aa9v2071gixvp68pqpp4vxcx61dqg04rf6xns1qg48p93qi", - "version": "4.19.289" + "sha256": "0cxmq8mrkw179jb8sqvad3dskllwn579g2lxcjn21jyqsf85nwz6", + "version": "4.19.291" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.188-hardened1.patch", - "sha256": "10mnrnzg3b5iirvn9x241zxwlysrnv7i65hiil2h8f7lswwgb6ar", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.188-hardened1/linux-hardened-5.10.188-hardened1.patch" + "name": "linux-hardened-5.10.190-hardened1.patch", + "sha256": "1w2ncb3ay8kbw7cfb0gm9q01n14npyvy6l9sqcma409hfgjnq7jv", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.190-hardened1/linux-hardened-5.10.190-hardened1.patch" }, - "sha256": "04k1mc23vqv3mr4m80rab1w7z1cwc0n1kcxzc5vfcfp26nmqnmf9", - "version": "5.10.188" + "sha256": "15zmz9pg91gph2dhigjf1z3w6gkv1kwslki5dpzhgzs03pq3swi9", + "version": "5.10.190" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.123-hardened1.patch", - "sha256": "0q942jcz22yq7lbhmbwpg12p75zb0ky36zp2waz30cixw7lmyx6b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.123-hardened1/linux-hardened-5.15.123-hardened1.patch" + "name": "linux-hardened-5.15.126-hardened1.patch", + "sha256": "0bm1m5xwrcg0ckg68f70fx29air1bfh3gsaaaz8r29l5j1v1lqfp", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.126-hardened1/linux-hardened-5.15.126-hardened1.patch" }, - "sha256": "14xzk4rn7fwgdysnd763rbl25krvq40wk3y5cf8hasifl529brid", - "version": "5.15.123" + "sha256": "0vzdncrvwqxzjkpgf3gjxvl8iwz92szfyzc33cayx28ghjwsmx5d", + "version": "5.15.126" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.251-hardened1.patch", - "sha256": "148qyspyj4a6yrl45f358z64iqxf40zb71ccj5kvwbrn395xiwgs", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.251-hardened1/linux-hardened-5.4.251-hardened1.patch" + "name": "linux-hardened-5.4.253-hardened1.patch", + "sha256": "0rhn107hbabfvxlvnfwakrwc9w7m9m5hvcx03fssalyqd17k8jx1", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.253-hardened1/linux-hardened-5.4.253-hardened1.patch" }, - "sha256": "1jhqnazgiyz1vvrhnq5byl3h1mxrr3555fpiz4byycc1sqz9bd5w", - "version": "5.4.251" + "sha256": "1rr6mnkbw6gwdm9bqjhf4z2xqr458fn2qdv5b4mgm65a15gvmchz", + "version": "5.4.253" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.42-hardened1.patch", - "sha256": "0v5ja4q8wq3gwds0m8bzrxhx6vagg97lvcxrw3glm1d5sv1v94l6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.42-hardened1/linux-hardened-6.1.42-hardened1.patch" + "name": "linux-hardened-6.1.45-hardened1.patch", + "sha256": "153798g37dicz8yhdcl4blsqd7j8sym3zxzkknjk7gldwh0n955m", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.45-hardened1/linux-hardened-6.1.45-hardened1.patch" }, - "sha256": "1lqy72yvsbcv7an1gr8sam6ym3788ss811xb3sw7d2qwaldjdy5a", - "version": "6.1.42" + "sha256": "14piy4cwv18a0yqp4gkrvr51z4zccyhab29n9ybxinkxdqwl68xx", + "version": "6.1.45" }, "6.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.4.7-hardened1.patch", - "sha256": "1kzkx0i3hkq25rywl8xsf5i8716ycjspblk1hrkaq6a02ci0697b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.7-hardened1/linux-hardened-6.4.7-hardened1.patch" + "name": "linux-hardened-6.4.10-hardened1.patch", + "sha256": "1chja2ry1bfl1snxhc1vwpd8p86x94c9kcxf8lbrixky3ff1972y", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.10-hardened1/linux-hardened-6.4.10-hardened1.patch" }, - "sha256": "1n57qijg0m27wcrqll8rb1hi1n0n8ca3bzsnbz05d9ya3nv3q56y", - "version": "6.4.7" + "sha256": "0fgjym6y0zj7wz1byqhxmv3pc3wq412vm1dxbj4gv23pm6r3y2wq", + "version": "6.4.10" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix index 5d759c36acfe..6c18db7f7a4e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.320"; + version = "4.14.323"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "09bn18jvazkc55bqdjbxy8fbca7vjhi9xl2h02w0sq3f1jf6g0pd"; + sha256 = "1g2fh0mn1sv0kq2hh3pynmx2fjai7hdwhf4fnaspl7j5n88902kg"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix index e71cdee98da8..cce6ec86f6ee 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.289"; + version = "4.19.292"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1cx33aa9v2071gixvp68pqpp4vxcx61dqg04rf6xns1qg48p93qi"; + sha256 = "0dr12v4jqmzxcqdghqqjny5zp3g4dx9lxqrl9d4fxz23s79ji5rl"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix index a6baeaac8901..1d9c04f46371 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.188"; + version = "5.10.191"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "04k1mc23vqv3mr4m80rab1w7z1cwc0n1kcxzc5vfcfp26nmqnmf9"; + sha256 = "1hk2x5dgvfq9v6161v25wz5qpzgyvqbx34xbm7ww8z4ish76cm6b"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix index f57635d8a2a0..fcee7105c70e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.15.124"; + version = "5.15.127"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1v927z1grqwcwj6769qm14828fzjzi58lsd86al2l0ddc016l0q0"; + sha256 = "09lgj9hs1cjxg84hb7avras4rlsx18igr69mx433l9hv6issbl5d"; }; } // (args.argsOverride or { })) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix index 5f3afdab8c2e..d72ffa980e77 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.251"; + version = "5.4.254"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1jhqnazgiyz1vvrhnq5byl3h1mxrr3555fpiz4byycc1sqz9bd5w"; + sha256 = "1iyrm2xql15ifhy2b939ywrrc44yd41b79sjjim4vqxmc6lqsq2i"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix index a99218168a63..a63762652339 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.1.43"; + version = "6.1.46"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "02588pl1z8jxgxpa03rsdyg5pr0r3v0aylzp8r5ykm32193lhli4"; + sha256 = "15m228bllks2p8gpsmvplx08yxzp7bij9fnmnafqszylrk7ppxpm"; }; } // (args.argsOverride or { })) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix index f7b043939d20..796a5772b1b2 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.4.8"; + version = "6.4.11"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "1djqqhw542jphqsicpbn1259sgw9pwd08wwkdch31nw4kvhk97y5"; + sha256 = "0609lhgc42j9id2vvdpv8n7djabp46p2mridf9s0sg3x16snhssl"; }; } // (args.argsOverride or { })) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix index 0681df9ceb31..e4c8d5eaed56 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19337"; - sha256 = "1ps7f7dfxjsl6xj6fiz5nw01an44aqsjmfmjzs8y2h0jpb7il9s5"; + rev = "19386"; + sha256 = "1byqf5ih3nissgjl22zs8ggmk1dxdsv6ks9jadcv8f0wn92ddlg0"; } , ... }: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix index 08fefe0218b3..d810d64527cb 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.15.119-rt65"; # updated by ./update-rt.sh + version = "5.15.125-rt66"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1kygpqf6sgkrwg77sv01di23c3n3rn5d44g8k5apx5106pys19bs"; + sha256 = "1izyv1ibiy4dapwb8745dshfbb9b6xqyz77l6mhkmlkcnx33h3qm"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1lkr3l0gad30brdq7kdgvqr3zz4xrd7ai8jh94di6l5krhi7s1w0"; + sha256 = "0ildcydqy980b2rw38q07dbf8z61l0dfjddqyvvyfq5gd6qkmcsb"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix index 6d77e5f87fe2..cfb84c25f275 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "6.1.33-rt11"; # updated by ./update-rt.sh + version = "6.1.46-rt13"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "1kfj7mi3n2lfaw4spz5cbvcl1md038figabyg80fha3kxal6nzdq"; + sha256 = "15m228bllks2p8gpsmvplx08yxzp7bij9fnmnafqszylrk7ppxpm"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0swzp6brk01r7pb73yada18vf6fhdqq4c78abq3abj6y8ay0awhh"; + sha256 = "00pj02mvamxvlkwrca1j3baaa18rg6dra7al1xsvgw3ypckwyafz"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix index 0851a72e010d..ab57c908581e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.5-rc3"; + version = "6.5-rc5"; extraMeta.branch = lib.versions.majorMinor version; # modDirVersion needs to be x.y.z, will always add .0 @@ -11,7 +11,7 @@ buildLinux (args // rec { src = fetchzip { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - hash = "sha256-z4y4eNkY458rxebey3eCG0CUDLJP9oQETVlH8Av3Lhs="; + hash = "sha256-7QNXBuk1jMCdUFWeu5P0j1nwL5PQgBFhlFYbKzj/k6E="; }; # Should the testing kernels ever be built on Hydra? diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix index 07325f0e10b0..61013ef090af 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,5 +1,5 @@ { lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, ubootTools +, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole , fetchpatch }: @@ -53,10 +53,6 @@ in lib.makeOverridable ({ }: let - config_ = config; -in - -let inherit (lib) hasAttr getAttr optional optionals optionalString optionalAttrs maintainers platforms; @@ -69,144 +65,315 @@ let (buildPackages.deterministic-uname.override { inherit modDirVersion; }) ] ++ optional (lib.versionAtLeast version "5.13") zstd; - config = let attrName = attr: "CONFIG_" + attr; in { - isSet = attr: hasAttr (attrName attr) config; - - getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; - - isYes = attr: (config.getValue attr) == "y"; - - isNo = attr: (config.getValue attr) == "n"; - - isModule = attr: (config.getValue attr) == "m"; - - isEnabled = attr: (config.isModule attr) || (config.isYes attr); - - isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); - } // config_; - - isModular = config.isYes "MODULES"; - - kernelConf = stdenv.hostPlatform.linux-kernel; - target = kernelConf.target or "vmlinux"; - - buildDTBs = kernelConf.DTB or false; + drvAttrs = config_: kernelConf: kernelPatches: configfile: + let + config = let attrName = attr: "CONFIG_" + attr; in { + isSet = attr: hasAttr (attrName attr) config; + + getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; + + isYes = attr: (config.getValue attr) == "y"; + + isNo = attr: (config.getValue attr) == "n"; + + isModule = attr: (config.getValue attr) == "m"; + + isEnabled = attr: (config.isModule attr) || (config.isYes attr); + + isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); + } // config_; + + isModular = config.isYes "MODULES"; + + buildDTBs = kernelConf.DTB or false; + + in (optionalAttrs isModular { outputs = [ "out" "dev" ]; }) // { + passthru = rec { + inherit version modDirVersion config kernelPatches configfile + moduleBuildDependencies stdenv; + inherit isZen isHardened isLibre; + isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; + baseVersion = lib.head (lib.splitString "-rc" version); + kernelOlder = lib.versionOlder baseVersion; + kernelAtLeast = lib.versionAtLeast baseVersion; + }; + + inherit src; + + patches = + map (p: p.patch) kernelPatches + # Required for deterministic builds along with some postPatch magic. + ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch + ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch + # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks + # OpenZFS; this was fixed in Linux 5.19 so we backport the fix + # https://github.com/openzfs/zfs/pull/13367 + ++ optional (lib.versionAtLeast version "5.12" && + lib.versionOlder version "5.19" && + stdenv.hostPlatform.isPower) + (fetchpatch { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; + hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; + }); + + postPatch = '' + sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' + + # fixup for pre-5.4 kernels using the $(cd $foo && /bin/pwd) pattern + # FIXME: remove when no longer needed + substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd + + # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. + # This way kernels can be bit-by-bit reproducible depending on settings + # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). + # See also https://kernelnewbies.org/BuildId + sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' + + # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. + [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh + + # Set randstruct seed to a deterministic but diversified value. Note: + # we could have instead patched gen-random-seed.sh to take input from + # the buildFlags, but that would require also patching the kernel's + # toplevel Makefile to add a variable export. This would be likely to + # cause future patch conflicts. + for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do + if [ -f "$file" ]; then + substituteInPlace "$file" \ + --replace NIXOS_RANDSTRUCT_SEED \ + $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') + break + fi + done + + patchShebangs scripts + + # also patch arch-specific install scripts + for i in $(find arch -name install.sh); do + patchShebangs "$i" + done + ''; + + configurePhase = '' + runHook preConfigure + + mkdir build + export buildRoot="$(pwd)/build" + + echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" + + if [ -f "$buildRoot/.config" ]; then + echo "Could not link $buildRoot/.config : file exists" + exit 1 + fi + ln -sv ${configfile} $buildRoot/.config + + # reads the existing .config file and prompts the user for options in + # the current kernel source that are not found in the file. + make $makeFlags "''${makeFlagsArray[@]}" oldconfig + runHook postConfigure + + make $makeFlags "''${makeFlagsArray[@]}" prepare + actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" + if [ "$actualModDirVersion" != "${modDirVersion}" ]; then + echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" + exit 1 + fi + + buildFlagsArray+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") + + cd $buildRoot + ''; + + buildFlags = [ + "KBUILD_BUILD_VERSION=1-NixOS" + kernelConf.target + "vmlinux" # for "perf" and things like that + ] ++ optional isModular "modules" + ++ optionals buildDTBs ["dtbs" "DTC_FLAGS=-@"] + ++ extraMakeFlags; + + installFlags = [ + "INSTALL_PATH=$(out)" + ] ++ (optional isModular "INSTALL_MOD_PATH=$(out)") + ++ optionals buildDTBs ["dtbs_install" "INSTALL_DTBS_PATH=$(out)/dtbs"]; + + preInstall = let + # All we really need to do here is copy the final image and System.map to $out, + # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets + # for the rest. Easy, right? + # + # Unfortunately for us, the obvious way of getting the built image path, + # make -s image_name, does not work correctly, because some architectures + # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, + # so we end up attempting to install the thing we didn't actually build. + # + # Thankfully, there's a way out that doesn't involve just hardcoding everything. + # + # The kernel has an install target, which runs a pretty simple shell script + # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on + # which kernel version you're looking at) that tries to do something sensible. + # + # (it would be great to hijack this script immediately, as it has all the + # information we need passed to it and we don't need it to try and be smart, + # but unfortunately, the exact location of the scripts differs between kernel + # versions, and they're seemingly not considered to be public API at all) + # + # One of the ways it tries to discover what "something sensible" actually is + # is by delegating to what's supposed to be a user-provided install script + # located at ~/bin/installkernel. + # + # (the other options are: + # - a distribution-specific script at /sbin/installkernel, + # which we can't really create in the sandbox easily + # - an architecture-specific script at arch/$arch/boot/install.sh, + # which attempts to guess _something_ and usually guesses very wrong) + # + # More specifically, the install script exec's into ~/bin/installkernel, if one + # exists, with the following arguments: + # + # $1: $KERNELRELEASE - full kernel version string + # $2: $KBUILD_IMAGE - the final image path + # $3: System.map - path to System.map file, seemingly hardcoded everywhere + # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags + # + # $2 is exactly what we want, so hijack the script and use the knowledge given to it + # by the makefile overlords for our own nefarious ends. + # + # Note that the makefiles specifically look in ~/bin/installkernel, and + # writeShellScriptBin writes the script to <store path>/bin/installkernel, + # so HOME needs to be set to just the store path. + # + # FIXME: figure out a less roundabout way of doing this. + installkernel = buildPackages.writeShellScriptBin "installkernel" '' + cp -av $2 $4 + cp -av $3 $4 + ''; + in '' + installFlagsArray+=("-j$NIX_BUILD_CORES") + export HOME=${installkernel} + ''; + + # Some image types need special install targets (e.g. uImage is installed with make uinstall) + installTargets = [ + (kernelConf.installTarget or ( + /**/ if kernelConf.target == "uImage" then "uinstall" + else if kernelConf.target == "zImage" || kernelConf.target == "Image.gz" then "zinstall" + else "install")) + ]; + + postInstall = optionalString isModular '' + mkdir -p $dev + cp vmlinux $dev/ + if [ -z "''${dontStrip-}" ]; then + installFlagsArray+=("INSTALL_MOD_STRIP=1") + fi + make modules_install $makeFlags "''${makeFlagsArray[@]}" \ + $installFlags "''${installFlagsArray[@]}" + unlink $out/lib/modules/${modDirVersion}/build + unlink $out/lib/modules/${modDirVersion}/source + + mkdir -p $dev/lib/modules/${modDirVersion}/{build,source} + + # To save space, exclude a bunch of unneeded stuff when copying. + (cd .. && rsync --archive --prune-empty-dirs \ + --exclude='/build/' \ + * $dev/lib/modules/${modDirVersion}/source/) + + cd $dev/lib/modules/${modDirVersion}/source + + cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build + make modules_prepare $makeFlags "''${makeFlagsArray[@]}" O=$dev/lib/modules/${modDirVersion}/build + + # For reproducibility, removes accidental leftovers from a `cc1` call + # from a `try-run` call from the Makefile + rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d + + # Keep some extra files on some arches (powerpc, aarch64) + for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o; do + if [ -f "$buildRoot/$f" ]; then + cp $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f + fi + done + + # !!! No documentation on how much of the source tree must be kept + # If/when kernel builds fail due to missing files, you can add + # them here. Note that we may see packages requiring headers + # from drivers/ in the future; it adds 50M to keep all of its + # headers on 3.10 though. + + chmod u+w -R .. + arch=$(cd $dev/lib/modules/${modDirVersion}/build/arch; ls) + + # Remove unused arches + for d in $(cd arch/; ls); do + if [ "$d" = "$arch" ]; then continue; fi + if [ "$arch" = arm64 ] && [ "$d" = arm ]; then continue; fi + rm -rf arch/$d + done + + # Remove all driver-specific code (50M of which is headers) + rm -fR drivers + + # Keep all headers + find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w + + # Keep linker scripts (they are required for out-of-tree modules on aarch64) + find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w + + # Keep root and arch-specific Makefiles + chmod u-w Makefile arch/"$arch"/Makefile* + + # Keep whole scripts dir + chmod u-w -R scripts + + # Delete everything not kept + find . -type f -perm -u=w -print0 | xargs -0 -r rm + + # Delete empty directories + find -empty -type d -delete + + # Remove reference to kmod + sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' + ''; + + requiredSystemFeatures = [ "big-parallel" ]; + + meta = { + description = + "The Linux kernel" + + (if kernelPatches == [] then "" else + " (with patches: " + + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) + + ")"); + license = lib.licenses.gpl2Only; + homepage = "https://www.kernel.org/"; + maintainers = lib.teams.linux-kernel.members ++ [ + maintainers.thoughtpolice + ]; + platforms = platforms.linux; + timeout = 14400; # 4 hours + } // extraMeta; + }; in assert lib.versionOlder version "5.8" -> libelf != null; assert lib.versionAtLeast version "5.8" -> elfutils != null; -stdenv.mkDerivation ({ +stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPatches configfile) // { pname = "linux"; - inherit version src; + inherit version; + + enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ - bc gmp libmpc mpfr nettools openssl perl python3Minimal rsync ubootTools - zstd - ] ++ optional (lib.versionOlder version "5.8") libelf - ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] - ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] - ++ optional (lib.versionAtLeast version "5.8") elfutils; - - patches = - map (p: p.patch) kernelPatches - # Required for deterministic builds along with some postPatch magic. - ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch - ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch - # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks - # OpenZFS; this was fixed in Linux 5.19 so we backport the fix - # https://github.com/openzfs/zfs/pull/13367 - ++ optional (lib.versionAtLeast version "5.12" && - lib.versionOlder version "5.19" && - stdenv.hostPlatform.isPower) - (fetchpatch { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; - hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; - }); - - preUnpack = '' - # The same preUnpack is used to build the configfile, - # which does not have $dev. - if [ -n "$dev" ]; then - mkdir -p $dev/lib/modules/${modDirVersion} - cd $dev/lib/modules/${modDirVersion} - fi - ''; - - postUnpack = '' - mv -Tv "$sourceRoot" source 2>/dev/null || : - export sourceRoot=$PWD/source - ''; - - postPatch = '' - sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' - - # fixup for pre-4.15 kernels using the $(cd $foo && /bin/pwd) pattern - # FIXME: remove when no longer needed - substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd - - # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. - # This way kernels can be bit-by-bit reproducible depending on settings - # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). - # See also https://kernelnewbies.org/BuildId - sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' - - # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. - [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh - - # Set randstruct seed to a deterministic but diversified value. Note: - # we could have instead patched gen-random-seed.sh to take input from - # the buildFlags, but that would require also patching the kernel's - # toplevel Makefile to add a variable export. This would be likely to - # cause future patch conflicts. - for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do - if [ -f "$file" ]; then - substituteInPlace "$file" \ - --replace NIXOS_RANDSTRUCT_SEED \ - $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') - break - fi - done - - patchShebangs scripts - - # also patch arch-specific install scripts - for i in $(find arch -name install.sh); do - patchShebangs "$i" - done - ''; - - configurePhase = '' - runHook preConfigure - - export buildRoot=$TMPDIR/kernel-buildroot - mkdir -p $buildRoot - - echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" - - if [ -f "$buildRoot/.config" ]; then - echo "Could not link $buildRoot/.config : file exists" - exit 1 - fi - ln -sv ${configfile} $buildRoot/.config - - # reads the existing .config file and prompts the user for options in - # the current kernel source that are not found in the file. - make $makeFlags "''${makeFlagsArray[@]}" oldconfig - runHook postConfigure - - make $makeFlags "''${makeFlagsArray[@]}" prepare - actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" - if [ "$actualModDirVersion" != "${modDirVersion}" ]; then - echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" - exit 1 - fi - - buildFlagsArray+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") - - cd $buildRoot - ''; + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal ] + ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools + ++ optional (lib.versionOlder version "5.8") libelf + ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] + ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] + ++ optional (lib.versionAtLeast version "5.8") elfutils + ; hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; @@ -219,214 +386,8 @@ stdenv.mkDerivation ({ "ARCH=${stdenv.hostPlatform.linuxArch}" ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "CROSS_COMPILE=${stdenv.cc.targetPrefix}" - ] ++ (kernelConf.makeFlags or []) + ] ++ (stdenv.hostPlatform.linux-kernel.makeFlags or []) ++ extraMakeFlags; karch = stdenv.hostPlatform.linuxArch; - - buildFlags = [ - "DTC_FLAGS=-@" - "KBUILD_BUILD_VERSION=1-NixOS" - - # Set by default in the kernel since a73619a845d5, - # replicated here to apply to older versions. - # Makes __FILE__ relative to the build directory. - "KCPPFLAGS=-fmacro-prefix-map=$(sourceRoot)/=" - kernelConf.target - ] ++ optional isModular "modules" - ++ optional buildDTBs "dtbs" - ++ extraMakeFlags; - - installFlags = [ - "INSTALL_PATH=$(out)" - ] ++ (optional isModular "INSTALL_MOD_PATH=$(out)") - ++ optionals buildDTBs ["dtbs_install" "INSTALL_DTBS_PATH=$(out)/dtbs"]; - - preInstall = let - # All we really need to do here is copy the final image and System.map to $out, - # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets - # for the rest. Easy, right? - # - # Unfortunately for us, the obvious way of getting the built image path, - # make -s image_name, does not work correctly, because some architectures - # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, - # so we end up attempting to install the thing we didn't actually build. - # - # Thankfully, there's a way out that doesn't involve just hardcoding everything. - # - # The kernel has an install target, which runs a pretty simple shell script - # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on - # which kernel version you're looking at) that tries to do something sensible. - # - # (it would be great to hijack this script immediately, as it has all the - # information we need passed to it and we don't need it to try and be smart, - # but unfortunately, the exact location of the scripts differs between kernel - # versions, and they're seemingly not considered to be public API at all) - # - # One of the ways it tries to discover what "something sensible" actually is - # is by delegating to what's supposed to be a user-provided install script - # located at ~/bin/installkernel. - # - # (the other options are: - # - a distribution-specific script at /sbin/installkernel, - # which we can't really create in the sandbox easily - # - an architecture-specific script at arch/$arch/boot/install.sh, - # which attempts to guess _something_ and usually guesses very wrong) - # - # More specifically, the install script exec's into ~/bin/installkernel, if one - # exists, with the following arguments: - # - # $1: $KERNELRELEASE - full kernel version string - # $2: $KBUILD_IMAGE - the final image path - # $3: System.map - path to System.map file, seemingly hardcoded everywhere - # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags - # - # $2 is exactly what we want, so hijack the script and use the knowledge given to it - # by the makefile overlords for our own nefarious ends. - # - # Note that the makefiles specifically look in ~/bin/installkernel, and - # writeShellScriptBin writes the script to <store path>/bin/installkernel, - # so HOME needs to be set to just the store path. - # - # FIXME: figure out a less roundabout way of doing this. - installkernel = buildPackages.writeShellScriptBin "installkernel" '' - cp -av $2 $4 - cp -av $3 $4 - ''; - in '' - installFlagsArray+=("-j$NIX_BUILD_CORES") - export HOME=${installkernel} - ''; - - # Some image types need special install targets (e.g. uImage is installed with make uinstall) - installTargets = [ - (kernelConf.installTarget or ( - /**/ if target == "uImage" then "uinstall" - else if target == "zImage" || target == "Image.gz" then "zinstall" - else "install")) - ]; - - postInstall = optionalString isModular '' - if [ -z "''${dontStrip-}" ]; then - installFlagsArray+=("INSTALL_MOD_STRIP=1") - fi - make modules_install $makeFlags "''${makeFlagsArray[@]}" \ - $installFlags "''${installFlagsArray[@]}" - unlink $out/lib/modules/${modDirVersion}/build - unlink $out/lib/modules/${modDirVersion}/source - - mkdir $dev/lib/modules/${modDirVersion}/build - - cd $dev/lib/modules/${modDirVersion}/source - - cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build - make modules_prepare $makeFlags "''${makeFlagsArray[@]}" O=$dev/lib/modules/${modDirVersion}/build - - # For reproducibility, removes accidental leftovers from a `cc1` call - # from a `try-run` call from the Makefile - rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d - - # Keep some extra files - for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o \ - scripts/gdb/linux vmlinux vmlinux-gdb.py - do - if [ -e "$buildRoot/$f" ]; then - mkdir -p "$(dirname "$dev/lib/modules/${modDirVersion}/build/$f")" - cp -HR $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f - fi - done - ln -s $dev/lib/modules/${modDirVersion}/build/vmlinux $dev - - # !!! No documentation on how much of the source tree must be kept - # If/when kernel builds fail due to missing files, you can add - # them here. Note that we may see packages requiring headers - # from drivers/ in the future; it adds 50M to keep all of its - # headers on 3.10 though. - - chmod u+w -R .. - arch=$(cd $dev/lib/modules/${modDirVersion}/build/arch; ls) - - # Remove unused arches - for d in $(cd arch/; ls); do - if [ "$d" = "$arch" ]; then continue; fi - if [ "$arch" = arm64 ] && [ "$d" = arm ]; then continue; fi - rm -rf arch/$d - done - - # Remove all driver-specific code (50M of which is headers) - rm -fR drivers - - # Keep all headers - find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w - - # Keep linker scripts (they are required for out-of-tree modules on aarch64) - find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w - - # Keep root and arch-specific Makefiles - chmod u-w Makefile arch/"$arch"/Makefile* - - # Keep whole scripts dir - chmod u-w -R scripts - - # Delete everything not kept - find . -type f -perm -u=w -print0 | xargs -0 -r rm - - # Delete empty directories - find -empty -type d -delete - - # Remove reference to kmod - sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' - '' - # unfortunately linux/arch/mips/Makefile does not understand installkernel - # and simply copies to $(INSTALL_PATH)/vmlinux-$(KERNELRELEASE) - + lib.optionalString stdenv.hostPlatform.isMips '' - mv $out/vmlinux-* $out/vmlinux || true - mv $out/vmlinuz-* $out/vmlinuz || true - mv $out/System.map-* $out/System.map - ''; - - preFixup = '' - # Don't strip $dev/lib/modules/*/vmlinux - stripDebugList="$(cd $dev && echo lib/modules/*/build/*/)" - '' + lib.optionalString (stdenv.hostPlatform.isMips) '' - $STRIP -s $out/vmlinux || true - ''; - - enableParallelBuilding = true; - - passthru = rec { - inherit version modDirVersion config kernelPatches configfile - moduleBuildDependencies stdenv; - inherit isZen isHardened isLibre; - isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; - baseVersion = lib.head (lib.splitString "-rc" version); - kernelOlder = lib.versionOlder baseVersion; - kernelAtLeast = lib.versionAtLeast baseVersion; - }; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - description = - "The Linux kernel" + - (lib.optionalString (kernelPatches != []) ( - " (with patches: " - + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) - + ")" - )); - license = lib.licenses.gpl2Only; - homepage = "https://www.kernel.org/"; - maintainers = lib.teams.linux-kernel.members ++ [ - maintainers.thoughtpolice - ]; - platforms = platforms.linux; - badPlatforms = - lib.optionals (lib.versionOlder version "4.15") [ "riscv32-linux" "riscv64-linux" ] ++ - lib.optional (lib.versionOlder version "5.19") "loongarch64-linux"; - timeout = 14400; # 4 hours - } // extraMeta; -} // optionalAttrs (pos != null) { - inherit pos; -} // optionalAttrs isModular { - outputs = [ "out" "dev" ]; -})) +} // (optionalAttrs (pos != null) { inherit pos; }))) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix b/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix index 620ecfc43df2..2fc82b2e10be 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix @@ -63,7 +63,7 @@ stdenv.mkDerivation { postPatch = '' # Linux scripts patchShebangs scripts - + patchShebangs tools/perf/check-headers.sh '' + lib.optionalString (lib.versionAtLeast kernel.version "6.3") '' # perf-specific scripts patchShebangs tools/perf/pmu-events diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/update.sh b/nixpkgs/pkgs/os-specific/linux/kernel/update.sh index 560edced36ea..4171b7492b7b 100755 --- a/nixpkgs/pkgs/os-specific/linux/kernel/update.sh +++ b/nixpkgs/pkgs/os-specific/linux/kernel/update.sh @@ -58,11 +58,15 @@ ls $NIXPKGS/pkgs/os-specific/linux/kernel | while read FILE; do echo "Updated $OLDVER -> $V" done -# Update linux-rt -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-rt.sh +# Allowing errors again: one broken update script shouldn't inhibit the +# update of other kernel variants. +set +e -# Update linux-libre -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh +echo Update linux-rt +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-rt.sh || echo "update-rt failed with exit code $?" -# Update linux-hardened -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py +echo Update linux-libre +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh || echo "update-libre failed with exit code $?" + +echo Update linux-hardened +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py || echo "update-hardened failed with exit code $?" diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 4412bd56fadd..30b8f6bba893 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -3,14 +3,14 @@ let # These names are how they are designated in https://xanmod.org. ltsVariant = { - version = "6.1.42"; - hash = "sha256-mOydloX5bff9wrFh40wf12GW+sION9SoGK2mAC1yNOw="; + version = "6.1.46"; + hash = "sha256-E9DEWfhl9hUAQXOvJVYJsKBFIen0xHrmiUdTUvGeKxE="; variant = "lts"; }; mainVariant = { - version = "6.4.7"; - hash = "sha256-0yOVCMqhoiWz8IlYRR0wXytAzjv81Cf5NoFa9qxGMm4="; + version = "6.4.11"; + hash = "sha256-HZTLuxdlkVRBe8C95vr6Fk9YjlCXZEpK3gfbtzLqwLQ="; variant = "main"; }; @@ -29,9 +29,9 @@ let # AMD P-state driver X86_AMD_PSTATE = lib.mkOverride 60 yes; - # Google's BBRv2 TCP congestion Control - TCP_CONG_BBR2 = yes; - DEFAULT_BBR2 = yes; + # Google's BBRv3 TCP congestion Control + TCP_CONG_BBR = yes; + DEFAULT_BBR = yes; # FQ-PIE Packet Scheduling NET_SCH_DEFAULT = yes; diff --git a/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix b/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix index abe797f74b25..5d1c1cfc89c0 100644 --- a/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libsepol/default.nix @@ -41,5 +41,6 @@ stdenv.mkDerivation rec { platforms = platforms.linux; maintainers = [ ]; license = lib.licenses.gpl2Plus; + pkgConfigModules = [ "libselinux" ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/libsmbios/default.nix b/nixpkgs/pkgs/os-specific/linux/libsmbios/default.nix index 2049b7cf0e70..df4337a6caff 100644 --- a/nixpkgs/pkgs/os-specific/linux/libsmbios/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libsmbios/default.nix @@ -35,7 +35,10 @@ stdenv.mkDerivation rec { cp -a out/public-include/smbios_c $out/include/ ''; - preFixup = ''rm -rf "$(pwd)" ''; # Hack to avoid TMPDIR in RPATHs + # remove forbidden reference to $TMPDIR + preFixup = '' + patchelf --shrink-rpath --allowed-rpath-prefixes "$NIX_STORE" "$out/sbin/smbios-sys-info-lite" + ''; meta = with lib; { homepage = "https://github.com/dell/libsmbios"; diff --git a/nixpkgs/pkgs/os-specific/linux/lm-sensors/default.nix b/nixpkgs/pkgs/os-specific/linux/lm-sensors/default.nix index 895e84f827b4..9b37b7c7e63e 100644 --- a/nixpkgs/pkgs/os-specific/linux/lm-sensors/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/lm-sensors/default.nix @@ -48,7 +48,10 @@ stdenv.mkDerivation rec { # Making regexp to patch-out installing of .so symlinks from Makefile is # complicated, it is easier to remove them post-install. - postInstall = lib.optionalString stdenv.hostPlatform.isStatic '' + postInstall = '' + mkdir -p $out/share/doc/${pname} + cp -r configs doc/* $out/share/doc/${pname} + '' + lib.optionalString stdenv.hostPlatform.isStatic '' rm $out/lib/*.so* ''; diff --git a/nixpkgs/pkgs/os-specific/linux/mdadm/default.nix b/nixpkgs/pkgs/os-specific/linux/mdadm/default.nix index 05e0600928a3..e7aa16d3dd39 100644 --- a/nixpkgs/pkgs/os-specific/linux/mdadm/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/mdadm/default.nix @@ -48,6 +48,7 @@ stdenv.mkDerivation rec { description = "Programs for managing RAID arrays under Linux"; homepage = "http://neil.brown.name/blog/mdadm"; license = licenses.gpl2; + mainProgram = "mdadm"; maintainers = with maintainers; [ ekleog ]; platforms = platforms.linux; }; diff --git a/nixpkgs/pkgs/os-specific/linux/microcode/intel.nix b/nixpkgs/pkgs/os-specific/linux/microcode/intel.nix index 03c8300dbfc8..b58d471680b5 100644 --- a/nixpkgs/pkgs/os-specific/linux/microcode/intel.nix +++ b/nixpkgs/pkgs/os-specific/linux/microcode/intel.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "microcode-intel"; - version = "20230613"; + version = "20230808"; src = fetchFromGitHub { owner = "intel"; repo = "Intel-Linux-Processor-Microcode-Data-Files"; rev = "microcode-${version}"; - hash = "sha256-tP59wfZHCLwPb2FkHaa+0D4RW1Zmu9vKaIgbveP/nLI="; + hash = "sha256-xyb4FUV7vG2YSuN4H6eBaf8c4At70NZiUuepbgg2HNg="; }; nativeBuildInputs = [ iucode-tool libarchive ]; diff --git a/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/binutils/default.nix b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/binutils/default.nix index 8722ff818297..f386ebbaf8e9 100644 --- a/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/binutils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/binutils/default.nix @@ -37,13 +37,13 @@ let ]; configureFlags = [ - "--disable-nls" - "--disable-shared" - "--disable-werror" "--prefix=${placeholder "out"}" - "--build=${buildPlatform.config}" "--host=${hostPlatform.config}" + "--disable-nls" + "--disable-shared" + "--disable-werror" + "--with-sysroot=/" # Turn on --enable-new-dtags by default to make the linker set # RUNPATH instead of RPATH on binaries. This is important because @@ -93,8 +93,6 @@ bash.runCommand "${pname}-${version}" { # Patch ${lib.concatMapStringsSep "\n" (f: "patch -Np1 -i ${f}") patches} - # Clear the default library search path. - echo 'NATIVE_LIB_DIRS=' >> ld/configure.tgt # Configure ${if mesBootstrap then '' diff --git a/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/default.nix b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/default.nix index 3b84795678ef..2a10a3395ba7 100644 --- a/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/default.nix @@ -73,6 +73,11 @@ lib.makeScope mesBootstrap = true; }; + gcc46 = callPackage ./gcc/4.6.nix { + gcc = gcc2; + glibc = glibc22; + }; + inherit (callPackage ./glibc { bash = bash_2_05; gnused = gnused-mes; @@ -151,6 +156,7 @@ lib.makeScope echo ${gawk.tests.get-version} echo ${gcc2.tests.get-version} echo ${gcc2-mes.tests.get-version} + echo ${gcc46.tests.get-version} echo ${gnugrep.tests.get-version} echo ${gnused.tests.get-version} echo ${gnused-mes.tests.get-version} diff --git a/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/gcc/4.6.nix b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/gcc/4.6.nix new file mode 100644 index 000000000000..ce348352b67e --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/gcc/4.6.nix @@ -0,0 +1,161 @@ +{ lib +, buildPlatform +, hostPlatform +, fetchurl +, bash +, gcc +, glibc +, linux-headers +, binutils +, gnumake +, gnupatch +, gnused +, gnugrep +, gawk +, diffutils +, findutils +, gnutar +, gzip +}: +let + pname = "gcc"; + version = "4.6.4"; + + src = fetchurl { + url = "mirror://gnu/gcc/gcc-${version}/gcc-core-${version}.tar.gz"; + sha256 = "173kdb188qg79pcz073cj9967rs2vzanyjdjyxy9v0xb0p5sad75"; + }; + + ccSrc = fetchurl { + url = "mirror://gnu/gcc/gcc-${version}/gcc-g++-${version}.tar.gz"; + sha256 = "1fqqk5zkmdg4vmqzdmip9i42q6b82i3f6yc0n86n9021cr7ms2k9"; + }; + + patches = [ + # This patch enables building gcc-4.6.4 using gcc-2.95.3 and glibc-2.2.5 + # * Tweak Makefile to allow overriding NATIVE_SYSTEM_HEADER_DIR using #:makeflags + # * Add missing limits.h include. + # * Add SSIZE_MAX define. The SSIZE_MAX define has been added to Mes + # upstream and can be removed with the next Mes release. + # * Remove -fbuilding-libgcc flag, it assumes features being present from a + # newer gcc or glibc. + # * [MES_BOOTSTRAP_GCC]: Disable threads harder. + (fetchurl { + url = "https://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/gcc-boot-4.6.4.patch?id=50249cab3a98839ade2433456fe618acc6f804a5"; + sha256 = "1zzd8gnihw6znrgb6c6pfsmm0vix89xw3giv1nnsykm57j0v3z0d"; + }) + ./libstdc++-target.patch + ]; + + # To reduce the set of pre-built bootstrap inputs, build + # GMP & co. from GCC. + gmpVersion = "4.3.2"; + gmp = fetchurl { + url = "mirror://gnu/gmp/gmp-${gmpVersion}.tar.gz"; + sha256 = "15rwq54fi3s11izas6g985y9jklm3xprfsmym3v1g6xr84bavqvv"; + }; + + mpfrVersion = "2.4.2"; + mpfr = fetchurl { + url = "mirror://gnu/mpfr/mpfr-${mpfrVersion}.tar.gz"; + sha256 = "0dxn4904dra50xa22hi047lj8kkpr41d6vb9sd4grca880c7wv94"; + }; + + mpcVersion = "1.0.3"; + mpc = fetchurl { + url = "mirror://gnu/mpc/mpc-${mpcVersion}.tar.gz"; + sha256 = "1hzci2zrrd7v3g1jk35qindq05hbl0bhjcyyisq9z209xb3fqzb1"; + }; +in +bash.runCommand "${pname}-${version}" { + inherit pname version; + + nativeBuildInputs = [ + gcc + binutils + gnumake + gnupatch + gnused + gnugrep + gawk + diffutils + findutils + gnutar + gzip + ]; + + # condition in ./libcpp/configure requires `env` which is not available in this coreutils + am_cv_CXX_dependencies_compiler_type = "gcc"; + am_cv_CC_dependencies_compiler_type = "gcc"; + + passthru.tests.get-version = result: + bash.runCommand "${pname}-get-version-${version}" {} '' + ${result}/bin/gcc --version + mkdir $out + ''; + + meta = with lib; { + description = "GNU Compiler Collection, version ${version}"; + homepage = "https://gcc.gnu.org"; + license = licenses.gpl3Plus; + maintainers = teams.minimal-bootstrap.members; + platforms = platforms.unix; + }; +} '' + # Unpack + tar xzf ${src} + tar xzf ${ccSrc} + tar xzf ${gmp} + tar xzf ${mpfr} + tar xzf ${mpc} + cd gcc-${version} + + ln -s ../gmp-${gmpVersion} gmp + ln -s ../mpfr-${mpfrVersion} mpfr + ln -s ../mpc-${mpcVersion} mpc + + # Patch + ${lib.concatMapStringsSep "\n" (f: "patch -Np1 -i ${f}") patches} + + # Configure + export C_INCLUDE_PATH="${gcc}/lib/gcc-lib/${hostPlatform.config}/${gcc.version}/include:${linux-headers}/include:${glibc}/include:$(pwd)/mpfr/src" + export CPLUS_INCLUDE_PATH="$C_INCLUDE_PATH" + export LDFLAGS="-B${glibc}/lib -Wl,-dynamic-linker -Wl,${glibc}" + export LDFLAGS_FOR_TARGET=$LDFLAGS + export LIBRARY_PATH="${glibc}/lib:${gcc}/lib" + export LIBS="-lc -lnss_files -lnss_dns -lresolv" + bash ./configure \ + --prefix=$out \ + --build=${buildPlatform.config} \ + --host=${hostPlatform.config} \ + --with-native-system-header-dir=${glibc}/include \ + --with-build-sysroot=${glibc}/include \ + --disable-bootstrap \ + --disable-decimal-float \ + --disable-libatomic \ + --disable-libcilkrts \ + --disable-libgomp \ + --disable-libitm \ + --disable-libmudflap \ + --disable-libquadmath \ + --disable-libsanitizer \ + --disable-libssp \ + --disable-libvtv \ + --disable-lto \ + --disable-lto-plugin \ + --disable-multilib \ + --disable-plugin \ + --disable-threads \ + --enable-languages=c,c++ \ + --enable-static \ + --disable-shared \ + --enable-threads=single \ + --disable-libstdcxx-pch \ + --disable-build-with-cxx + + # Build + make + + # Install + make install +'' diff --git a/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/gcc/libstdc++-target.patch b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/gcc/libstdc++-target.patch new file mode 100644 index 000000000000..fb622b395806 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/minimal-bootstrap/gcc/libstdc++-target.patch @@ -0,0 +1,32 @@ +Patch to make the target libraries 'configure' scripts find the proper CPP. +I noticed that building the mingw32 cross compiler. +Looking at the build script for mingw in archlinux, I think that only nixos +needs this patch. I don't know why. +diff --git a/Makefile.in b/Makefile.in +index 93f66b6..d691917 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -266,6 +266,7 @@ BASE_TARGET_EXPORTS = \ + AR="$(AR_FOR_TARGET)"; export AR; \ + AS="$(COMPILER_AS_FOR_TARGET)"; export AS; \ + CC="$(CC_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS"; export CC; \ ++ CPP="$(CC_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS -E"; export CC; \ + CFLAGS="$(CFLAGS_FOR_TARGET)"; export CFLAGS; \ + CONFIG_SHELL="$(SHELL)"; export CONFIG_SHELL; \ + CPPFLAGS="$(CPPFLAGS_FOR_TARGET)"; export CPPFLAGS; \ +@@ -291,11 +292,13 @@ BASE_TARGET_EXPORTS = \ + RAW_CXX_TARGET_EXPORTS = \ + $(BASE_TARGET_EXPORTS) \ + CXX_FOR_TARGET="$(RAW_CXX_FOR_TARGET)"; export CXX_FOR_TARGET; \ +- CXX="$(RAW_CXX_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS"; export CXX; ++ CXX="$(RAW_CXX_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS"; export CXX; \ ++ CXXCPP="$(RAW_CXX_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS -E"; export CXX; + + NORMAL_TARGET_EXPORTS = \ + $(BASE_TARGET_EXPORTS) \ +- CXX="$(CXX_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS"; export CXX; ++ CXX="$(CXX_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS"; export CXX; \ ++ CXXCPP="$(CXX_FOR_TARGET) $(XGCC_FLAGS_FOR_TARGET) $$TFLAGS -E"; export CXX; + + # Where to find GMP + HOST_GMPLIBS = @gmplibs@ diff --git a/nixpkgs/pkgs/os-specific/linux/mmc-utils/default.nix b/nixpkgs/pkgs/os-specific/linux/mmc-utils/default.nix index 9580301eae9f..58ceb7404b96 100644 --- a/nixpkgs/pkgs/os-specific/linux/mmc-utils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/mmc-utils/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation { pname = "mmc-utils"; - version = "unstable-2023-06-12"; + version = "unstable-2023-08-07"; src = fetchzip rec { url = "https://git.kernel.org/pub/scm/utils/mmc/mmc-utils.git/snapshot/mmc-utils-${passthru.rev}.tar.gz"; - passthru.rev = "6d593efc3cd00e4debd0ffc5806246390dc66242"; - sha256 = "QOrU47cTPnvJHM40Bjq51VSSinmRnXCimk1h5mt4vNw="; + passthru.rev = "613495ecaca97a19fa7f8f3ea23306472b36453c"; + sha256 = "zOjm/YDxqU6bu6GMyQTuzuZbrCfaU4FBodRWLb8GTdE="; }; makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" "prefix=$(out)" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/mwprocapture/default.nix b/nixpkgs/pkgs/os-specific/linux/mwprocapture/default.nix index 681307a00b29..9185f50674ff 100644 --- a/nixpkgs/pkgs/os-specific/linux/mwprocapture/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/mwprocapture/default.nix @@ -12,12 +12,12 @@ let in stdenv.mkDerivation rec { pname = "mwprocapture"; - subVersion = "4328"; + subVersion = "4373"; version = "1.3.0.${subVersion}-${kernel.version}"; src = fetchurl { url = "https://www.magewell.com/files/drivers/ProCaptureForLinux_${subVersion}.tar.gz"; - sha256 = "197l86ad52ijmmq5an6891gd1chhkxqiagamcchirrky4c50qs36"; + sha256 = "sha256-/6q+6CTlgkHOgq1PF8dSPfl/xm/UFczr/AGkac2mXZ8="; }; nativeBuildInputs = kernel.moduleBuildDependencies; @@ -60,7 +60,7 @@ stdenv.mkDerivation rec { homepage = "https://www.magewell.com/"; description = "Linux driver for the Magewell Pro Capture family"; license = licenses.unfreeRedistributable; - maintainers = with maintainers; [ MP2E ]; + maintainers = with maintainers; [ flexiondotorg MP2E ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix index b0a00972eca2..b871c63e36d3 100644 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix @@ -6,6 +6,7 @@ , nix , lib , nixosTests +, installShellFiles }: let fallback = import ./../../../../nixos/modules/installer/tools/nix-fallback-paths.nix; @@ -20,6 +21,12 @@ substituteAll { nix_i686_linux = fallback.i686-linux; nix_aarch64_linux = fallback.aarch64-linux; path = lib.makeBinPath [ coreutils gnused gnugrep ]; + nativeBuildInputs = [ + installShellFiles + ]; + postInstall = '' + installManPage ${./nixos-rebuild.8} + ''; # run some a simple installer tests to make sure nixos-rebuild still works for them passthru.tests = { diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 new file mode 100644 index 000000000000..64bbbee411d7 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 @@ -0,0 +1,452 @@ +.Dd January 1, 1980 +.Dt nixos-rebuild 8 +.Os +.Sh NAME +.Nm nixos-rebuild +.Nd reconfigure a NixOS machine +. +. +. +.Sh SYNOPSIS +.Nm +.Bro +.Cm switch | boot | test | build | dry-build | dry-activate | edit | build-vm | build-vm-with-bootloader +.Brc +.br +.Op Fl -upgrade | -upgrade-all +.Op Fl -install-bootloader +.Op Fl -no-build-nix +.Op Fl -fast +.Op Fl -rollback +.Op Fl -builders Ar builder-spec +.br +.Op Fl -flake Ar flake-uri +.Op Fl -no-flake +.Op Fl -override-input Ar input-name flake-uri +.br +.Op Fl -profile-name | p Ar name +.Op Fl -specialisation | c Ar name +.br +.Op Fl -build-host Va host +.Op Fl -target-host Va host +.Op Fl -use-remote-sudo +.br +.Op Fl -show-trace +.Op Fl I Va NIX_PATH +.Op Fl -verbose | v +.Op Fl -impure +.Op Fl -max-jobs | j Va number +.Op Fl -keep-failed | K +.Op Fl -keep-going | k +. +. +. +.Sh DESCRIPTION +This command updates the system so that it corresponds to the +configuration specified in +.Pa /etc/nixos/configuration.nix +or +.Pa /etc/nixos/flake.nix Ns +\&. Thus, every time you modify the configuration or any other NixOS module, you +must run +.Nm +to make the changes take effect. It builds the new system in +.Pa /nix/store Ns +, runs its activation script, and stop and (re)starts any system services if +needed. Please note that user services need to be started manually as they +aren't detected by the activation script at the moment. +. +.Pp +This command has one required argument, which specifies the desired +operation. It must be one of the following: +.Bl -tag -width indent +.It Cm switch +Build and activate the new configuration, and make it the boot default. That +is, the configuration is added to the GRUB boot menu as the default +menu entry, so that subsequent reboots will boot the system into the new +configuration. Previous configurations activated with +.Ic nixos-rebuild switch +or +.Ic nixos-rebuild boot +remain available in the GRUB menu. +.Pp +Note that if you are using specializations, running just +.Ic nixos-rebuild switch +will switch you back to the unspecialized, base system \(em in that case, you +might want to use this instead: +.Bd -literal -offset indent +$ nixos-rebuild switch --specialisation your-specialisation-name +.Ed +.Pp +This command will build all specialisations and make them bootable just +like regular +.Ic nixos-rebuild switch +does \(em the only thing different is that it will switch to given +specialisation instead of the base system; it can be also used to switch from +the base system into a specialised one, or to switch between specialisations. +. +.It Cm boot +Build the new configuration and make it the boot default (as with +.Ic nixos-rebuild switch Ns +), but do not activate it. That is, the system continues to run the previous +configuration until the next reboot. +. +.It Cm test +Build and activate the new configuration, but do not add it to the GRUB +boot menu. Thus, if you reboot the system (or if it crashes), you will +automatically revert to the default configuration (i.e. the +configuration resulting from the last call to +.Ic nixos-rebuild switch +or +.Ic nixos-rebuild boot Ns +). +.Pp +Note that if you are using specialisations, running just +.Ic nixos-rebuild test +will activate the unspecialised, base system \(em in that case, you might want +to use this instead: +.Bd -literal -offset indent +$ nixos-rebuild test --specialisation your-specialisation-name +.Ed +.Pp +This command can be also used to switch from the base system into a +specialised one, or to switch between specialisations. +. +.It Cm build +Build the new configuration, but neither activate it nor add it to the +GRUB boot menu. It leaves a symlink named +.Pa result +in the current directory, which points to the output of the top-level +.Dq system +derivation. This is essentially the same as doing +.Bd -literal -offset indent +$ nix-build /path/to/nixpkgs/nixos -A system +.Ed +.Pp +Note that you do not need to be root to run +.Ic nixos-rebuild build Ns +\&. +. +.It Cm dry-build +Show what store paths would be built or downloaded by any of the +operations above, but otherwise do nothing. +. +.It Cm dry-activate +Build the new configuration, but instead of activating it, show what +changes would be performed by the activation (i.e. by +.Ic nixos-rebuild test Ns +). For instance, this command will print which systemd units would be restarted. +The list of changes is not guaranteed to be complete. +. +.It Cm edit +Opens +.Pa configuration.nix +in the default editor. +. +.It Cm build-vm +Build a script that starts a NixOS virtual machine with the desired +configuration. It leaves a symlink +.Pa result +in the current directory that points (under +.Ql result/bin/run\- Ns Va hostname Ns \-vm Ns +) +at the script that starts the VM. Thus, to test a NixOS configuration in +a virtual machine, you should do the following: +.Bd -literal -offset indent +$ nixos-rebuild build-vm +$ ./result/bin/run-*-vm +.Ed +.Pp +The VM is implemented using the +.Ql qemu +package. For best performance, you should load the +.Ql kvm-intel +or +.Ql kvm-amd +kernel modules to get hardware virtualisation. +.Pp +The VM mounts the Nix store of the host through the 9P file system. The +host Nix store is read-only, so Nix commands that modify the Nix store +will not work in the VM. This includes commands such as +.Nm Ns +; to change the VM’s configuration, you must halt the VM and re-run the commands +above. +.Pp +The VM has its own ext3 root file system, which is automatically created when +the VM is first started, and is persistent across reboots of the VM. It is +stored in +.Ql ./ Ns Va hostname Ns .qcow2 Ns +\&. +.\" The entire file system hierarchy of the host is available in +.\" the VM under +.\" .Pa /hostfs Ns +.\" . +. +.It Cm build-vm-with-bootloader +Like +.Cm build-vm Ns +, but boots using the regular boot loader of your configuration (e.g. GRUB 1 or +2), rather than booting directly into the kernel and initial ramdisk of the +system. This allows you to test whether the boot loader works correctly. \ +However, it does not guarantee that your NixOS configuration will boot +successfully on the host hardware (i.e., after running +.Ic nixos-rebuild switch Ns +), because the hardware and boot loader configuration in the VM are different. +The boot loader is installed on an automatically generated virtual disk +containing a +.Pa /boot +partition. +.El +. +. +. +.Sh OPTIONS +.Bl -tag -width indent +.It Fl -upgrade , -upgrade-all +Update the root user's channel named +.Ql nixos +before rebuilding the system. +.Pp +In addition to the +.Ql nixos +channel, the root user's channels which have a file named +.Ql .update-on-nixos-rebuild +in their base directory will also be updated. +.Pp +Passing +.Fl -upgrade-all +updates all of the root user's channels. +. +.It Fl -install-bootloader +Causes the boot loader to be (re)installed on the device specified by the +relevant configuration options. +. +.It Fl -no-build-nix +Normally, +.Nm +first builds the +.Ql nixUnstable +attribute in Nixpkgs, and uses the resulting instance of the Nix package manager +to build the new system configuration. This is necessary if the NixOS modules +use features not provided by the currently installed version of Nix. This option +disables building a new Nix. +. +.It Fl -fast +Equivalent to +.Fl -no-build-nix Ns +\&. This option is useful if you call +.Nm +frequently (e.g. if you’re hacking on a NixOS module). +. +.It Fl -rollback +Instead of building a new configuration as specified by +.Pa /etc/nixos/configuration.nix Ns +, roll back to the previous configuration. (The previous configuration is +defined as the one before the “current” generation of the Nix profile +.Pa /nix/var/nix/profiles/system Ns +\&.) +. +.It Fl -builders Ar builder-spec +Allow ad-hoc remote builders for building the new system. This requires +the user executing +.Nm +(usually root) to be configured as a trusted user in the Nix daemon. This can be +achieved by using the +.Va nix.settings.trusted-users +NixOS option. Examples values for that option are described in the +.Dq Remote builds +chapter in the Nix manual, (i.e. +.Ql --builders \(dqssh://bigbrother x86_64-linux\(dq Ns +). By specifying an empty string existing builders specified in +.Pa /etc/nix/machines +can be ignored: +.Ql --builders \(dq\(dq +for example when they are not reachable due to network connectivity. +. +.It Fl -profile-name Ar name , Fl p Ar name +Instead of using the Nix profile +.Pa /nix/var/nix/profiles/system +to keep track of the current and previous system configurations, use +.Pa /nix/var/nix/profiles/system-profiles/ Ns Va name Ns +\&. When you use GRUB 2, for every system profile created with this flag, NixOS +will create a submenu named +.Dq NixOS - Profile Va name +in GRUB’s boot menu, containing the current and previous configurations of this profile. +.Pp +For instance, if you want to test a configuration file named +.Pa test.nix +without affecting the default system profile, you would do: +.Bd -literal -offset indent +$ nixos-rebuild switch -p test -I nixos-config=./test.nix +.Ed +.Pp +The new configuration will appear in the GRUB 2 submenu +.Dq NixOS - Profile 'test' Ns +\&. +. +.It Fl -specialisation Ar name , Fl c Ar name +Activates given specialisation; when not specified, switching and testing +will activate the base, unspecialised system. +. +.It Fl -build-host Ar host +Instead of building the new configuration locally, use the specified host +to perform the build. The host needs to be accessible with +.Ic ssh Ns , +and must be able to perform Nix builds. If the option +.Fl -target-host +is not set, the build will be copied back to the local machine when done. +.Pp +Note that, if +.Fl -no-build-nix +is not specified, Nix will be built both locally and remotely. This is because +the configuration will always be evaluated locally even though the building +might be performed remotely. +.Pp +You can include a remote user name in the host name +.Ns ( Va user@host Ns +). You can also set ssh options by defining the +.Ev NIX_SSHOPTS +environment variable. +. +.It Fl -target-host Ar host +Specifies the NixOS target host. By setting this to something other than an +empty string, the system activation will happen on the remote host instead of +the local machine. The remote host needs to be accessible over +.Ic ssh Ns , +and for the commands +.Cm switch Ns +, +.Cm boot +and +.Cm test +you need root access. +.Pp +If +.Fl -build-host +is not explicitly specified or empty, building will take place locally. +.Pp +You can include a remote user name in the host name +.Ns ( Va user@host Ns +). You can also set ssh options by defining the +.Ev NIX_SSHOPTS +environment variable. +.Pp +Note that +.Nm +honors the +.Va nixpkgs.crossSystem +setting of the given configuration but disregards the true architecture of the +target host. Hence the +.Va nixpkgs.crossSystem +setting has to match the target platform or else activation will fail. +. +.It Fl -use-substitutes +When set, nixos-rebuild will add +.Fl -use-substitutes +to each invocation of nix-copy-closure. This will only affect the behavior of +nixos-rebuild if +.Fl -target-host +or +.Fl -build-host +is also set. This is useful when the target-host connection to cache.nixos.org +is faster than the connection between hosts. +. +.It Fl -use-remote-sudo +When set, nixos-rebuild prefixes remote commands that run on the +.Fl -build-host +and +.Fl -target-host +systems with +.Ic sudo Ns +\&. Setting this option allows deploying as a non-root user. +. +.It Fl -flake Va flake-uri Ns Op Va #name +Build the NixOS system from the specified flake. It defaults to the directory +containing the target of the symlink +.Pa /etc/nixos/flake.nix Ns +, if it exists. The flake must contain an output named +.Ql nixosConfigurations. Ns Va name Ns +\&. If +.Va name +is omitted, it default to the current host name. +. +.It Fl -no-flake +Do not imply +.Fl -flake +if +.Pa /etc/nixos/flake.nix +exists. With this option, it is possible to build non-flake NixOS configurations +even if the current NixOS systems uses flakes. +.El +.Pp +In addition, +.Nm +accepts various Nix-related flags, including +.Fl -max-jobs Ns , +.Fl j Ns , +.Fl I Ns , +.Fl -show-trace Ns , +.Fl -keep-failed Ns , +.Fl -keep-going Ns , +.Fl -impure Ns , +.Fl -verbose Ns , and +.Fl v Ns +\&. See the Nix manual for details. +. +. +. +.Sh ENVIRONMENT +.Bl -tag -width indent +.It Ev NIXOS_CONFIG +Path to the main NixOS configuration module. Defaults to +.Pa /etc/nixos/configuration.nix Ns +\&. +. +.It Ev NIX_PATH +A colon-separated list of directories used to look up Nix expressions enclosed +in angle brackets (e.g. <nixpkgs>). Example: +.Bd -literal -offset indent +nixpkgs=./my-nixpkgs +.Ed +. +.It Ev NIX_SSHOPTS +Additional options to be passed to +.Ic ssh +on the command line. +.El +. +. +. +.Sh FILES +.Bl -tag -width indent +.It Pa /etc/nixos/flake.nix +If this file exists, then +.Nm +will use it as if the +.Fl -flake +option was given. This file may be a symlink to a +.Pa flake.nix +in an actual flake; thus +.Pa /etc/nixos +need not be a flake. +. +.It Pa /run/current-system +A symlink to the currently active system configuration in the Nix store. +. +.It Pa /nix/var/nix/profiles/system +The Nix profile that contains the current and previous system +configurations. Used to generate the GRUB boot menu. +.El +. +. +. +.Sh BUGS +This command should be renamed to something more descriptive. +. +. +. +.Sh AUTHORS +.An -nosplit +.An Eelco Dolstra +and +.An the Nixpkgs/NixOS contributors diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh index 2b0f55c03879..b7824f209776 100755 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh @@ -64,6 +64,7 @@ installPhase() { for i in $lib32 $out; do rm -f $i/lib/lib{glx,nvidia-wfb}.so.* # handled separately rm -f $i/lib/libnvidia-gtk* # built from source + rm -f $i/lib/libnvidia-wayland-client* # built from source if [ "$useGLVND" = "1" ]; then # Pre-built libglvnd rm $i/lib/lib{GL,GLX,EGL,GLESv1_CM,GLESv2,OpenGL,GLdispatch}.so.* @@ -196,9 +197,12 @@ installPhase() { mkdir -p $bin/share/man/man1 cp -p *.1.gz $bin/share/man/man1 rm -f $bin/share/man/man1/{nvidia-xconfig,nvidia-settings,nvidia-persistenced}.1.gz + if [ -e "nvidia-dbus.conf" ]; then + install -Dm644 nvidia-dbus.conf $bin/share/dbus-1/system.d/nvidia-dbus.conf + fi # Install the programs. - for i in nvidia-cuda-mps-control nvidia-cuda-mps-server nvidia-smi nvidia-debugdump; do + for i in nvidia-cuda-mps-control nvidia-cuda-mps-server nvidia-smi nvidia-debugdump nvidia-powerd; do if [ -e "$i" ]; then install -Dm755 $i $bin/bin/$i # unmodified binary backup for mounting in containers diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix index 8f1ca40aa97c..3ad2b8f0fa0b 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -27,12 +27,12 @@ rec { stable = if stdenv.hostPlatform.system == "i686-linux" then legacy_390 else latest; production = generic { - version = "535.86.05"; - sha256_64bit = "sha256-QH3wyjZjLr2Fj8YtpbixJP/DvM7VAzgXusnCcaI69ts="; - sha256_aarch64 = "sha256-ON++eWPDWHnm/NuJmDSYkR4sKKvCdX+kwxS7oA2M5zU="; - openSha256 = "sha256-qCYEQP54cT7G+VrLmuMT+RWIwuGdBhlbYTrCDcztfNs="; - settingsSha256 = "sha256-0NAxQosC+zPz5STpELuRKDMap4KudoPGWKL4QlFWjLQ="; - persistencedSha256 = "sha256-Ak4Wf59w9by08QJ0x15Zs5fHOhiIatiJfjBQfnY65Mg="; + version = "535.98"; + sha256_64bit = "sha256-E1DAmVLTe+L5DWCONq47BQtE/Rb22akZMHGhK/0FTsM="; + sha256_aarch64 = "sha256-ikqj7bvSvCGlkDviaqagyoSZhpf6ZU3TiKKxNDZm3RU="; + openSha256 = "sha256-dgc5Z70NSpBARelNy6XaZ4e7Tz9vWJWeNek3TSztJus="; + settingsSha256 = "sha256-jCRfeB1w6/dA27gaz6t5/Qo7On0zbAPIi74LYLel34s="; + persistencedSha256 = "sha256-WviDU6B50YG8dO64CGvU3xK8WFUX8nvvVYm/fuGyroM="; }; latest = selectHighestVersion production (generic { @@ -65,13 +65,13 @@ rec { # Vulkan developer beta driver # See here for more information: https://developer.nvidia.com/vulkan-driver vulkan_beta = generic rec { - version = "525.47.35"; - persistencedVersion = "525.116.04"; - settingsVersion = "525.116.04"; - sha256_64bit = "sha256-HnjCHsHHH/fqqyc8dXDx/wQhVkXWoH5Z9jJ+/zQWNFc="; - openSha256 = "sha256-/qkCMybr8sC/Da9zi2KbSkLBeQcSbVURnAg1IbjZiBk="; - settingsSha256 = "sha256-qNjfsT9NGV151EHnG4fgBonVFSKc4yFEVomtXg9uYD4="; - persistencedSha256 = "sha256-ci86XGlno6DbHw6rkVSzBpopaapfJvk0+lHcR4LDq50="; + version = "535.43.08"; + persistencedVersion = "535.98"; + settingsVersion = "535.98"; + sha256_64bit = "sha256-u9OJ4xaHGDb5iA5+5jwJhWQGRDa5R6piF1c+K2DGaJs="; + openSha256 = "sha256-kbH/6yDhh44SB08xcX6+tm70PuUHF0tfbvHfIwx7o/U="; + settingsSha256 = "sha256-jCRfeB1w6/dA27gaz6t5/Qo7On0zbAPIi74LYLel34s="; + persistencedSha256 = "sha256-WviDU6B50YG8dO64CGvU3xK8WFUX8nvvVYm/fuGyroM="; url = "https://developer.nvidia.com/downloads/vulkan-beta-${lib.concatStrings (lib.splitString "." version)}-linux"; }; diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix index 2571812b9645..792fda42ca9c 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/generic.nix @@ -51,6 +51,7 @@ let libdrm xorg.libXext xorg.libX11 xorg.libXv xorg.libXrandr xorg.libxcb zlib stdenv.cc.cc wayland mesa libGL openssl + dbus # for nvidia-powerd ]); self = stdenv.mkDerivation { diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/persistenced.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/persistenced.nix index febae9110644..03ad03a472d4 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/persistenced.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/persistenced.nix @@ -44,5 +44,6 @@ stdenv.mkDerivation rec { license = licenses.unfreeRedistributable; platforms = nvidia_x11.meta.platforms; maintainers = with maintainers; [ abbradar ]; + mainProgram = pname; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/settings.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/settings.nix index 5570228d78bf..0b801d4b2724 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/settings.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/settings.nix @@ -1,9 +1,25 @@ nvidia_x11: sha256: -{ stdenv, lib, fetchFromGitHub, fetchpatch, pkg-config, m4, jansson, gtk2, dbus, gtk3 -, libXv, libXrandr, libXext, libXxf86vm, libvdpau -, librsvg, wrapGAppsHook -, withGtk2 ? false, withGtk3 ? true +{ stdenv +, lib +, fetchFromGitHub +, fetchpatch +, pkg-config +, m4 +, jansson +, gtk2 +, dbus +, gtk3 +, libXv +, libXrandr +, libXext +, libXxf86vm +, libvdpau +, librsvg +, wrapGAppsHook +, addOpenGLRunpath +, withGtk2 ? false +, withGtk3 ? true }: let @@ -52,6 +68,12 @@ stdenv.mkDerivation { # fixes "multiple definition of `VDPAUDeviceFunctions'" linking errors url = "https://github.com/NVIDIA/nvidia-settings/commit/a7c1f5fce6303a643fadff7d85d59934bd0cf6b6.patch"; hash = "sha256-ZwF3dRTYt/hO8ELg9weoz1U/XcU93qiJL2d1aq1Jlak="; + }) + ++ lib.optional (lib.versionAtLeast nvidia_x11.settingsVersion "515.43.04") + (fetchpatch { + # fix wayland support for compositors that use wl_output version 4 + url = "https://github.com/NVIDIA/nvidia-settings/pull/99/commits/2e0575197e2b3247deafd2a48f45afc038939a06.patch"; + hash = "sha256-wKuO5CUTUuwYvsP46Pz+6fI0yxLNpZv8qlbL0TFkEFE="; }); postPatch = lib.optionalString nvidia_x11.useProfiles '' @@ -69,10 +91,10 @@ stdenv.mkDerivation { fi ''; - nativeBuildInputs = [ pkg-config m4 ]; + nativeBuildInputs = [ pkg-config m4 addOpenGLRunpath ]; buildInputs = [ jansson libXv libXrandr libXext libXxf86vm libvdpau nvidia_x11 gtk2 dbus ] - ++ lib.optionals withGtk3 [ gtk3 librsvg wrapGAppsHook ]; + ++ lib.optionals withGtk3 [ gtk3 librsvg wrapGAppsHook ]; installFlags = [ "PREFIX=$(out)" ]; @@ -100,6 +122,8 @@ stdenv.mkDerivation { postFixup = '' patchelf --set-rpath "$(patchelf --print-rpath $out/bin/$binaryName):$out/lib:${libXv}/lib" \ $out/bin/$binaryName + + addOpenGLRunpath $out/bin/$binaryName ''; passthru = { @@ -111,6 +135,7 @@ stdenv.mkDerivation { description = "Settings application for NVIDIA graphics cards"; license = licenses.unfreeRedistributable; platforms = nvidia_x11.meta.platforms; + mainProgram = "nvidia-settings"; maintainers = with maintainers; [ abbradar ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix b/nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix new file mode 100644 index 000000000000..70332abbe6ef --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix @@ -0,0 +1,58 @@ +{ lib +, kernel +, stdenv +, clang-tools +, llvmPackages +, elfutils +, flex +, bison +, bc +, opensnitch +}: + +stdenv.mkDerivation rec { + pname = "opensnitch_ebpf"; + version = "${opensnitch.version}-${kernel.version}"; + + inherit (opensnitch) src; + + sourceRoot = "source/ebpf_prog"; + + nativeBuildInputs = with llvmPackages; [ + bc + bison + clang + clang-tools + elfutils + flex + libllvm + ]; + + # We set -fno-stack-protector here to work around a clang regression. + # This is fine - bpf programs do not use stack protectors + # https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=opensnitch-ebpf-module&id=984b952a784eb701f691dd9f2d45dfeb8d15053b + env.NIX_CFLAGS_COMPILE = "-fno-stack-protector"; + + env.KERNEL_DIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"; + env.KERNEL_HEADERS="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + + extraConfig ='' + CONFIG_UPROBE_EVENTS=y + ''; + + installPhase = '' + runHook preInstall + for file in opensnitch*.o; do + install -Dm644 "$file" "$out/etc/opensnitchd/$file" + done + runHook postInstall + ''; + + meta = with lib; { + description = "eBPF process monitor module for OpenSnitch"; + homepage = "https://github.com/evilsocket/opensnitch"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ onny ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/os-specific/linux/pam_rssh/default.nix b/nixpkgs/pkgs/os-specific/linux/pam_rssh/default.nix index 51cba4d84200..d19457bf3762 100644 --- a/nixpkgs/pkgs/os-specific/linux/pam_rssh/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/pam_rssh/default.nix @@ -9,7 +9,7 @@ rustPlatform.buildRustPackage { pname = "pam_rssh"; - version = "unstable-2023-03-18"; + version = "1.1.0"; src = fetchFromGitHub { owner = "z4yx"; @@ -19,7 +19,7 @@ rustPlatform.buildRustPackage { fetchSubmodules = true; }; - cargoHash = "sha256-/AQqjmAGgvnpVWyoK3ymZ1gNAhTSN30KQEiqv4G+zx8="; + cargoHash = "sha256-QMyMqsjZ91WimIaaSCXtbRScS3BoB+yFtHjx3xViq7U="; nativeBuildInputs = [ pkg-config diff --git a/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix b/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix index 0365abba1432..d5d46e5de7ed 100644 --- a/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "plymouth"; - version = "unstable-2023-06-05"; + version = "unstable-2023-06-17"; outputs = [ "out" "dev" ]; @@ -28,8 +28,8 @@ stdenv.mkDerivation (finalAttrs: { domain = "gitlab.freedesktop.org"; owner = "plymouth"; repo = "plymouth"; - rev = "a5eda165689864cc9a25ec14fd8c6da458598f42"; - hash = "sha256-TpMZZ0naC4D0Knmclc8JpmXPfnpM6q8YotIkNX+aRVo="; + rev = "b1d5aa9d2a6033bba52cf63643e5878f8a9b68a0"; + hash = "sha256-8DXcwt8CZTni5Ma+I63LzNejlIB0Cr1ATA7Nl3z9z6I="; }; patches = [ diff --git a/nixpkgs/pkgs/os-specific/linux/rtkit/default.nix b/nixpkgs/pkgs/os-specific/linux/rtkit/default.nix index fb41863c431d..69d32079d5c7 100644 --- a/nixpkgs/pkgs/os-specific/linux/rtkit/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rtkit/default.nix @@ -16,14 +16,22 @@ stdenv.mkDerivation rec { patches = [ (fetchpatch { - url = "https://github.com/heftig/rtkit/commit/7d62095b94f8df3891c984a1535026d2658bb177.patch"; + name = "meson-actual-use-systemd_systemunitdir.patch"; + url = "https://github.com/heftig/rtkit/pull/19/commits/7d62095b94f8df3891c984a1535026d2658bb177.patch"; sha256 = "17acv549zqcgh7sgprfagbf6drqsr0zdwvf1dsqda7wlqc2h9zn7"; }) (fetchpatch { - url = "https://github.com/heftig/rtkit/commit/98f70edd8f534c371cb4308b9720739c5178918d.patch"; + name = "meson-fix-librt-find_library-check.patch"; + url = "https://github.com/heftig/rtkit/pull/18/commits/98f70edd8f534c371cb4308b9720739c5178918d.patch"; sha256 = "18mnjjsdjfr184nkzi01xyphpdngi31ry4bmkv9ysjxf9wilv4nl"; }) + + (fetchpatch { + name = "rtkit-daemon-dont-log-debug-messages-by-default.patch"; + url = "https://github.com/heftig/rtkit/pull/33/commits/ad649ee491ed1a41537774ad11564a208e598a09.patch"; + sha256 = "sha256-p+MdJVMv58rFd1uc1UFKtq83RquDSFZ3M6YfaBU12UU="; + }) ]; nativeBuildInputs = [ meson ninja pkg-config unixtools.xxd ]; diff --git a/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix b/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix index abe98927613f..a28a9f3d19e8 100644 --- a/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rtw88/default.nix @@ -5,13 +5,13 @@ let in stdenv.mkDerivation { pname = "rtw88"; - version = "unstable-2022-11-05"; + version = "unstable-2023-07-23"; src = fetchFromGitHub { owner = "lwfinger"; repo = "rtw88"; - rev = "c0dfe571fd7b307e036f186ef5711b4c0d9f3f08"; - sha256 = "1gc5nv5pyrfag826z36vsrbirg6iww99yx45pcgpp7rmrpbwamvg"; + rev = "9b6fe04a741a6b0a1edc5ca134927784bff033a5"; + hash = "sha256-OzaIy+WTrljwAhC73wEIRUXrkz1NrGNJAS3zofQyV6E="; }; nativeBuildInputs = kernel.moduleBuildDependencies; @@ -30,7 +30,7 @@ stdenv.mkDerivation { ''; meta = with lib; { - description = "The newest Realtek rtlwifi codes"; + description = "Backport of the latest Realtek RTW88 driver from wireless-next for older kernels"; homepage = "https://github.com/lwfinger/rtw88"; license = with licenses; [ bsd3 gpl2Only ]; maintainers = with maintainers; [ tvorog atila ]; diff --git a/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix b/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix index 582dd939689d..3e63a4a54d8a 100644 --- a/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sysdig/default.nix @@ -5,8 +5,8 @@ let # Compare with https://github.com/draios/sysdig/blob/dev/cmake/modules/falcosecurity-libs.cmake - libsRev = "0.11.3"; - libsSha256 = "sha256-ph4ErNfgVv2aesZawCj+7kdqcYAnRgeNHfSrDMgm6Lo="; + libsRev = "59fb313475b82f842e9e9bbc1e0e629428c0a4cf"; + libsSha256 = "sha256-IjzLbCOpB6EgPDgkGIyg1dNxHfYgU10OLgXrDOPmoTs="; # Compare with https://github.com/falcosecurity/libs/blob/master/cmake/modules/valijson.cmake#L17 valijson = fetchFromGitHub { @@ -20,22 +20,30 @@ let driver = fetchFromGitHub { owner = "falcosecurity"; repo = "libs"; - rev = "5.0.1+driver"; - sha256 = "sha256-CQ6QTcyTnThpJHDXgOM1Zdp5SG7rngp9XtEM+2mS8ro="; + rev = libsRev; + sha256 = libsSha256; }; in stdenv.mkDerivation rec { pname = "sysdig"; - version = "0.32.0"; + version = "0.33.1"; src = fetchFromGitHub { owner = "draios"; repo = "sysdig"; rev = version; - sha256 = "sha256-R14uQdcZ2BnlgWjqvRQP8MDaKMk4Kfw17qTKYYlBg7o="; + sha256 = "sha256-qcJ9EcePrsKic+wgsck+pTrRdQic0xhzguH4EYVP0gk="; }; + patches = [ + # https://github.com/draios/sysdig/pull/2024 + (fetchpatch { + url = "https://github.com/draios/sysdig/commit/d9515aad2be660b2ba7ec8c0b4fb2467a10434af.patch"; + sha256 = "sha256-3m+Rn8BZS8U8QTBDJ6x7kQbH6BE3HKgt1iNnRjPEr8k="; + }) + ]; + nativeBuildInputs = [ cmake perl installShellFiles pkg-config ]; buildInputs = [ luajit diff --git a/nixpkgs/pkgs/os-specific/linux/tiscamera/default.nix b/nixpkgs/pkgs/os-specific/linux/tiscamera/default.nix index 5ef0b0b0ea7f..ce59cea368b1 100644 --- a/nixpkgs/pkgs/os-specific/linux/tiscamera/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/tiscamera/default.nix @@ -60,6 +60,7 @@ stdenv.mkDerivation rec { cmake pkg-config wrapGAppsHook + gobject-introspection ] ++ lib.optionals withDoc [ sphinx graphviz @@ -81,7 +82,6 @@ stdenv.mkDerivation rec { pcre zstd glib - gobject-introspection gst_all_1.gstreamer gst_all_1.gst-plugins-base gst_all_1.gst-plugins-good diff --git a/nixpkgs/pkgs/os-specific/linux/trelay/default.nix b/nixpkgs/pkgs/os-specific/linux/trelay/default.nix index 48148a0b1a0d..aea5b57dfca1 100644 --- a/nixpkgs/pkgs/os-specific/linux/trelay/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/trelay/default.nix @@ -2,7 +2,7 @@ let version = "22.03.5"; in -stdenv.mkDerivation { +stdenv.mkDerivation (finalAttrs: { pname = "trelay"; version = "${version}-${kernel.version}"; @@ -13,7 +13,7 @@ stdenv.mkDerivation { sparseCheckout = [ "package/kernel/trelay/src" ]; }; - sourceRoot = "openwrt/package/kernel/trelay/src"; + sourceRoot = "${finalAttrs.src.name}/package/kernel/trelay/src"; hardeningDisable = [ "pic" "format" ]; nativeBuildInputs = [ kmod ] ++ kernel.moduleBuildDependencies; @@ -43,4 +43,4 @@ stdenv.mkDerivation { platforms = platforms.linux; broken = lib.versionOlder kernel.version "5.10"; }; -} +}) diff --git a/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix b/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix index 435318842048..19ac7fcd42b3 100644 --- a/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/uhk-agent/default.nix @@ -1,11 +1,11 @@ { appimageTools, lib, fetchurl }: let pname = "uhk-agent"; - version = "3.0.1"; + version = "3.0.2"; src = fetchurl { url = "https://github.com/UltimateHackingKeyboard/agent/releases/download/v${version}/UHK.Agent-${version}-linux-x86_64.AppImage"; name = "${pname}-${version}.AppImage"; - sha256 = "sha256-TX7mL6BWAZHZ2W9/BneOt1vxt2slC2Lv6eFWPAgS2a8="; + sha256 = "sha256-RrZ2J6bmk8VXVmpUi9bjqQRJBYjGIczMaSEG9aQ4U4I="; }; appimageContents = appimageTools.extract { diff --git a/nixpkgs/pkgs/os-specific/linux/upower/default.nix b/nixpkgs/pkgs/os-specific/linux/upower/default.nix index 8772c081e037..a002e1af8899 100644 --- a/nixpkgs/pkgs/os-specific/linux/upower/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/upower/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitLab -, fetchpatch , makeWrapper , pkg-config , rsync @@ -18,15 +17,20 @@ , libgudev , libusb1 , glib -, gobject-introspection , gettext , systemd +, nixosTests , useIMobileDevice ? true , libimobiledevice -, withDocs ? (stdenv.buildPlatform == stdenv.hostPlatform) -, nixosTests +, withDocs ? withIntrospection +, mesonEmulatorHook +, withIntrospection ? stdenv.hostPlatform.emulatorAvailable buildPackages +, buildPackages +, gobject-introspection }: +assert withDocs -> withIntrospection; + stdenv.mkDerivation (finalAttrs: { pname = "upower"; version = "1.90.2"; @@ -60,14 +64,19 @@ stdenv.mkDerivation (finalAttrs: { meson ninja python3 - gtk-doc docbook-xsl-nons gettext - gobject-introspection libxslt makeWrapper pkg-config rsync + glib + ] ++ lib.optionals withIntrospection [ + gobject-introspection + ] ++ lib.optionals withDocs [ + gtk-doc + ] ++ lib.optionals (withDocs && !stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ + mesonEmulatorHook ]; buildInputs = [ @@ -110,8 +119,8 @@ stdenv.mkDerivation (finalAttrs: { "-Dsystemdsystemunitdir=${placeholder "out"}/etc/systemd/system" "-Dudevrulesdir=${placeholder "out"}/lib/udev/rules.d" "-Dudevhwdbdir=${placeholder "out"}/lib/udev/hwdb.d" - "-Dintrospection=${if (stdenv.buildPlatform == stdenv.hostPlatform) then "auto" else "disabled"}" - "-Dgtk-doc=${lib.boolToString withDocs}" + (lib.mesonEnable "introspection" withIntrospection) + (lib.mesonBool "gtk-doc" withDocs) "-Dinstalled_test_prefix=${placeholder "installedTests"}" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix index 9a335010c872..e69ec1fb324d 100644 --- a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix @@ -138,6 +138,13 @@ stdenv.mkDerivation rec { # https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/tree/README.licensing license = with licenses; [ gpl2Only gpl2Plus gpl3Plus lgpl21Plus bsd3 bsdOriginalUC publicDomain ]; platforms = platforms.unix; + pkgConfigModules = [ + "blkid" + "fdisk" + "mount" + "smartcols" + "uuid" + ]; priority = 6; # lower priority than coreutils ("kill") and shadow ("login" etc.) packages }; } diff --git a/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix b/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix index 832eb66c02e5..1bb882de7125 100644 --- a/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix +++ b/nixpkgs/pkgs/os-specific/linux/zfs/unstable.nix @@ -12,18 +12,21 @@ in callPackage ./generic.nix args { # check the release notes for compatible kernels kernelCompatible = if stdenv'.isx86_64 || removeLinuxDRM - then kernel.kernelOlder "6.4" + then kernel.kernelOlder "6.5" else kernel.kernelOlder "6.2"; - latestCompatibleLinuxPackages = linuxKernel.packages.linux_6_1; + latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM + then linuxKernel.packages.linux_6_4 + else linuxKernel.packages.linux_6_1; # this package should point to a version / git revision compatible with the latest kernel release # IMPORTANT: Always use a tagged release candidate or commits from the # zfs-<version>-staging branch, because this is tested by the OpenZFS # maintainers. - version = "2.1.12"; + version = "2.1.13-unstable-2023-08-02"; + rev = "245850b66c1e93ec19744ca55aae143d007d2c32"; - sha256 = "eYUR5d4gpTrlFu6j1uL83DWL9uPGgAUDRdSEb73V5i4="; + sha256 = "TtgKV02W8OfU6hssULF/IoFXAPHBTvTKXn5hJ/RGAc0="; isUnstable = true; } |