diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-11-19 16:49:21 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-11-19 16:51:12 +0100 |
commit | b9c0b3f126472b144c543d8d77a8047e8d905ada (patch) | |
tree | 2ad99b8789bcb62b993ed18d2877905f7f02bdac /nixpkgs/pkgs/os-specific | |
parent | 67419f0e56f99b0ebbe14574d3492110ac84c8d6 (diff) | |
parent | c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad (diff) | |
download | nixlib-b9c0b3f126472b144c543d8d77a8047e8d905ada.tar nixlib-b9c0b3f126472b144c543d8d77a8047e8d905ada.tar.gz nixlib-b9c0b3f126472b144c543d8d77a8047e8d905ada.tar.bz2 nixlib-b9c0b3f126472b144c543d8d77a8047e8d905ada.tar.lz nixlib-b9c0b3f126472b144c543d8d77a8047e8d905ada.tar.xz nixlib-b9c0b3f126472b144c543d8d77a8047e8d905ada.tar.zst nixlib-b9c0b3f126472b144c543d8d77a8047e8d905ada.zip |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs into HEAD
Conflicts: nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/top-level/perl-packages.nix
Diffstat (limited to 'nixpkgs/pkgs/os-specific')
45 files changed, 909 insertions, 174 deletions
diff --git a/nixpkgs/pkgs/os-specific/darwin/DarwinTools/default.nix b/nixpkgs/pkgs/os-specific/darwin/DarwinTools/default.nix index 72a375028453..11e4c84395da 100644 --- a/nixpkgs/pkgs/os-specific/darwin/DarwinTools/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/DarwinTools/default.nix @@ -13,17 +13,17 @@ stdenv.mkDerivation rec { ./sw_vers-CFPriv.patch ]; - postPatch = '' - substituteInPlace Makefile \ - --replace gcc cc - ''; - configurePhase = '' export SRCROOT=. export SYMROOT=. export DSTROOT=$out ''; + makeFlags = [ + "CC=${stdenv.cc.targetPrefix}cc" + "STRIP=${stdenv.cc.targetPrefix}strip" + ]; + postInstall = '' mv $out/usr/* $out rmdir $out/usr diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-sdk/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-sdk/default.nix index 0c959695d779..5484ba5acb18 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-sdk/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-sdk/default.nix @@ -1,9 +1,6 @@ -{ stdenv, fetchurl, libxml2, xar, cpio, pkgs, python3Minimal, pbzx, lib, darwin-stubs, print-reexports }: +{ stdenv, fetchurl, cpio, pbzx, pkgs, lib, darwin-stubs, print-reexports }: let - xarMinimal = xar.override { - libxml2 = libxml2.override { pythonSupport = false; }; - }; # sadly needs to be exported because security_tool needs it sdk = stdenv.mkDerivation rec { pname = "MacOS_SDK"; @@ -19,27 +16,23 @@ let sha256 = "13xq34sb7383b37hwy076gnhf96prpk1b4087p87xnwswxbrisih"; }; - nativeBuildInputs = [ xarMinimal cpio python3Minimal pbzx ]; + nativeBuildInputs = [ cpio pbzx ]; outputs = [ "out" "dev" "man" ]; unpackPhase = '' - xar -x -f $src + pbzx $src | cpio -idm ''; + sourceRoot = "."; + installPhase = '' - start="$(pwd)" mkdir -p $out - cd $out - pbzx -n $start/Payload | cpio -idm - - mv usr/* . - rmdir usr - mv System/* . - rmdir System + cp -R System/Library $out + cp -R usr/* $out - pushd lib + pushd $out/lib cp ${darwin-stubs}/usr/lib/libcups*.tbd . ln -s libcups.2.tbd libcups.tbd ln -s libcupscgi.1.tbd libcupscgi.tbd diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix index 6e6712f375e6..931bebeae5dd 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix @@ -1,6 +1,13 @@ { appleDerivation', stdenvNoCC }: appleDerivation' stdenvNoCC { + patches = [ + # The source release version of math.h is missing some symbols that are actually present + # in newer SDKs. Patch them into the header to avoid implicit function declaration errors + # when compiling with newer versions of clang. + ./missing-declarations.patch + ]; + installPhase = '' mkdir -p $out/include diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/Libm/missing-declarations.patch b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/Libm/missing-declarations.patch new file mode 100644 index 000000000000..e56934e59d4c --- /dev/null +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/Libm/missing-declarations.patch @@ -0,0 +1,292 @@ +--- a/Source/Intel/math.h 2023-10-20 09:43:42.640416006 -0400 ++++ b/Source/Intel/math.h 2023-10-20 09:47:59.743127003 -0400 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002 Apple Computer, Inc. All rights reserved. ++ * Copyright (c) 2002-2015 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * +@@ -27,14 +27,17 @@ + * Contains: typedefs, prototypes, and macros germane to C99 floating point.* + * * + *******************************************************************************/ ++#ifndef __MATH_H__ ++#define __MATH_H__ ++ + #ifndef __MATH__ + #define __MATH__ ++#endif + +-#include <sys/cdefs.h> /* For definition of __DARWIN_UNIX03 et al */ ++#include <sys/cdefs.h> ++#include <Availability.h> + +-#ifdef __cplusplus +-extern "C" { +-#endif ++__BEGIN_DECLS + + /****************************************************************************** + * Floating point data types * +@@ -87,14 +90,26 @@ + #define FP_SUBNORMAL 5 + #define FP_SUPERNORMAL 6 /* meaningful only on PowerPC */ + +-/* fma() *function call* is more costly than equivalent (in-line) multiply and add operations */ +-/* For single and double precision, the cost isn't too bad, because we can fall back on higher */ +-/* precision hardware, with the necessary range to handle infinite precision products. However, */ +-/* expect the long double fma to be at least an order of magnitude slower than a simple multiply */ +-/* and an add. */ +-#undef FP_FAST_FMA +-#undef FP_FAST_FMAF +-#undef FP_FAST_FMAL ++#if defined __arm64__ || defined __ARM_VFPV4__ ++/* On these architectures, fma(), fmaf( ), and fmal( ) are generally about as ++ fast as (or faster than) separate multiply and add of the same operands. */ ++# define FP_FAST_FMA 1 ++# define FP_FAST_FMAF 1 ++# define FP_FAST_FMAL 1 ++#elif (defined __i386__ || defined __x86_64__) && (defined __FMA__) ++/* When targeting the FMA ISA extension, fma() and fmaf( ) are generally ++ about as fast as (or faster than) separate multiply and add of the same ++ operands, but fmal( ) may be more costly. */ ++# define FP_FAST_FMA 1 ++# define FP_FAST_FMAF 1 ++# undef FP_FAST_FMAL ++#else ++/* On these architectures, fma( ), fmaf( ), and fmal( ) function calls are ++ significantly more costly than separate multiply and add operations. */ ++# undef FP_FAST_FMA ++# undef FP_FAST_FMAF ++# undef FP_FAST_FMAL ++#endif + + /* The values returned by `ilogb' for 0 and NaN respectively. */ + #define FP_ILOGB0 (-2147483647 - 1) +@@ -191,6 +206,23 @@ + static __inline__ int __inline_isnormalf( float __x ) { float fabsf = __builtin_fabsf(__x); if( __x != __x ) return 0; return fabsf < __builtin_inff() && fabsf >= __FLT_MIN__; } + static __inline__ int __inline_isnormald( double __x ) { double fabsf = __builtin_fabs(__x); if( __x != __x ) return 0; return fabsf < __builtin_inf() && fabsf >= __DBL_MIN__; } + static __inline__ int __inline_isnormal( long double __x ) { long double fabsf = __builtin_fabsl(__x); if( __x != __x ) return 0; return fabsf < __builtin_infl() && fabsf >= __LDBL_MIN__; } ++ ++#if defined __i386__ || defined __x86_64__ ++__header_always_inline int __inline_signbitl(long double __x) { ++ union { ++ long double __ld; ++ struct{ unsigned long long __m; unsigned short __sexp; } __p; ++ } __u; ++ __u.__ld = __x; ++ return (int)(__u.__p.__sexp >> 15); ++} ++#else ++__header_always_inline int __inline_signbitl(long double __x) { ++ union { long double __f; unsigned long long __u;} __u; ++ __u.__f = __x; ++ return (int)(__u.__u >> 63); ++} ++#endif + + #else + +@@ -509,7 +541,112 @@ + extern long double __infl( void ); + extern float __nan( void ); /* 10.3 (and later) must retain in ABI for backward compatability */ + +-#if !defined(_ANSI_SOURCE) ++ ++/****************************************************************************** ++ * Apple extensions to the C standard * ++ ******************************************************************************/ ++ ++/* Because these functions are not specified by any relevant standard, they ++ are prefixed with __, which places them in the implementor's namespace, so ++ they should not conflict with any developer or third-party code. If they ++ are added to a relevant standard in the future, un-prefixed names may be ++ added to the library and they may be moved out of this section of the ++ header. ++ ++ Because these functions are non-standard, they may not be available on non- ++ Apple platforms. */ ++ ++/* __exp10(x) returns 10**x. Edge cases match those of exp( ) and exp2( ). */ ++extern float __exp10f(float) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++extern double __exp10(double) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++ ++/* __sincos(x,sinp,cosp) computes the sine and cosine of x with a single ++ function call, storing the sine in the memory pointed to by sinp, and ++ the cosine in the memory pointed to by cosp. Edge cases match those of ++ separate calls to sin( ) and cos( ). */ ++__header_always_inline void __sincosf(float __x, float *__sinp, float *__cosp); ++__header_always_inline void __sincos(double __x, double *__sinp, double *__cosp); ++ ++/* __sinpi(x) returns the sine of pi times x; __cospi(x) and __tanpi(x) return ++ the cosine and tangent, respectively. These functions can produce a more ++ accurate answer than expressions of the form sin(M_PI * x) because they ++ avoid any loss of precision that results from rounding the result of the ++ multiplication M_PI * x. They may also be significantly more efficient in ++ some cases because the argument reduction for these functions is easier ++ to compute. Consult the man pages for edge case details. */ ++extern float __cospif(float) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++extern double __cospi(double) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++extern float __sinpif(float) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++extern double __sinpi(double) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++extern float __tanpif(float) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++extern double __tanpi(double) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); ++ ++#if (defined __MAC_OS_X_VERSION_MIN_REQUIRED && __MAC_OS_X_VERSION_MIN_REQUIRED < 1090) || \ ++ (defined __IPHONE_OS_VERSION_MIN_REQUIRED && __IPHONE_OS_VERSION_MIN_REQUIRED < 70000) ++/* __sincos and __sincosf were introduced in OSX 10.9 and iOS 7.0. When ++ targeting an older system, we simply split them up into discrete calls ++ to sin( ) and cos( ). */ ++__header_always_inline void __sincosf(float __x, float *__sinp, float *__cosp) { ++ *__sinp = sinf(__x); ++ *__cosp = cosf(__x); ++} ++ ++__header_always_inline void __sincos(double __x, double *__sinp, double *__cosp) { ++ *__sinp = sin(__x); ++ *__cosp = cos(__x); ++} ++#else ++/* __sincospi(x,sinp,cosp) computes the sine and cosine of pi times x with a ++ single function call, storing the sine in the memory pointed to by sinp, ++ and the cosine in the memory pointed to by cosp. Edge cases match those ++ of separate calls to __sinpi( ) and __cospi( ), and are documented in the ++ man pages. ++ ++ These functions were introduced in OSX 10.9 and iOS 7.0. Because they are ++ implemented as header inlines, weak-linking does not function as normal, ++ and they are simply hidden when targeting earlier OS versions. */ ++__header_always_inline void __sincospif(float __x, float *__sinp, float *__cosp); ++__header_always_inline void __sincospi(double __x, double *__sinp, double *__cosp); ++ ++/* Implementation details of __sincos and __sincospi allowing them to return ++ two results while allowing the compiler to optimize away unnecessary load- ++ store traffic. Although these interfaces are exposed in the math.h header ++ to allow compilers to generate better code, users should call __sincos[f] ++ and __sincospi[f] instead and allow the compiler to emit these calls. */ ++struct __float2 { float __sinval; float __cosval; }; ++struct __double2 { double __sinval; double __cosval; }; ++ ++extern struct __float2 __sincosf_stret(float); ++extern struct __double2 __sincos_stret(double); ++extern struct __float2 __sincospif_stret(float); ++extern struct __double2 __sincospi_stret(double); ++ ++__header_always_inline void __sincosf(float __x, float *__sinp, float *__cosp) { ++ const struct __float2 __stret = __sincosf_stret(__x); ++ *__sinp = __stret.__sinval; *__cosp = __stret.__cosval; ++} ++ ++__header_always_inline void __sincos(double __x, double *__sinp, double *__cosp) { ++ const struct __double2 __stret = __sincos_stret(__x); ++ *__sinp = __stret.__sinval; *__cosp = __stret.__cosval; ++} ++ ++__header_always_inline void __sincospif(float __x, float *__sinp, float *__cosp) { ++ const struct __float2 __stret = __sincospif_stret(__x); ++ *__sinp = __stret.__sinval; *__cosp = __stret.__cosval; ++} ++ ++__header_always_inline void __sincospi(double __x, double *__sinp, double *__cosp) { ++ const struct __double2 __stret = __sincospi_stret(__x); ++ *__sinp = __stret.__sinval; *__cosp = __stret.__cosval; ++} ++#endif ++ ++/****************************************************************************** ++ * POSIX/UNIX extensions to the C standard * ++ ******************************************************************************/ ++ ++#if __DARWIN_C_LEVEL >= 199506L + extern double j0 ( double ); + + extern double j1 ( double ); +@@ -543,14 +680,32 @@ + extern int signgam; /* required for unix 2003 */ + + +-#endif /* !defined(_ANSI_SOURCE) */ ++#endif /* __DARWIN_C_LEVEL >= 199506L */ + +-#if !defined(__NOEXTENSIONS__) && (!defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)) +-#define __WANT_EXTENSIONS__ +-#endif ++/* Long-double versions of M_E, etc for convenience on Intel where long- ++ double is not the same as double. Define __MATH_LONG_DOUBLE_CONSTANTS ++ to make these constants available. */ ++#if defined __MATH_LONG_DOUBLE_CONSTANTS ++#define M_El 0xa.df85458a2bb4a9bp-2L ++#define M_LOG2El 0xb.8aa3b295c17f0bcp-3L ++#define M_LOG10El 0xd.e5bd8a937287195p-5L ++#define M_LN2l 0xb.17217f7d1cf79acp-4L ++#define M_LN10l 0x9.35d8dddaaa8ac17p-2L ++#define M_PIl 0xc.90fdaa22168c235p-2L ++#define M_PI_2l 0xc.90fdaa22168c235p-3L ++#define M_PI_4l 0xc.90fdaa22168c235p-4L ++#define M_1_PIl 0xa.2f9836e4e44152ap-5L ++#define M_2_PIl 0xa.2f9836e4e44152ap-4L ++#define M_2_SQRTPIl 0x9.06eba8214db688dp-3L ++#define M_SQRT2l 0xb.504f333f9de6484p-3L ++#define M_SQRT1_2l 0xb.504f333f9de6484p-4L ++#endif /* defined __MATH_LONG_DOUBLE_CONSTANTS */ + +-#ifdef __WANT_EXTENSIONS__ ++/****************************************************************************** ++ * Legacy BSD extensions to the C standard * ++ ******************************************************************************/ + ++#if __DARWIN_C_LEVEL >= __DARWIN_C_FULL + #define FP_SNAN FP_NAN + #define FP_QNAN FP_NAN + +@@ -560,11 +715,6 @@ + /* Legacy API: please use C99 lround() instead. */ + extern long int roundtol ( double ); + +-/* +- * XOPEN/SVID +- */ +-#if !defined(_ANSI_SOURCE) && (!defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)) +-#if (!defined(_XOPEN_SOURCE) || defined(_DARWIN_C_SOURCE)) + #if !defined(__cplusplus) + /* used by matherr below */ + struct exception { +@@ -592,19 +742,12 @@ + #define TLOSS 5 + #define PLOSS 6 + +-#endif /* (!_XOPEN_SOURCE || _DARWIN_C_SOURCE) */ +-#endif /* !_ANSI_SOURCE && (!_POSIX_C_SOURCE || _DARWIN_C_SOURCE) */ +- +-#if !defined( __STRICT_ANSI__) && !defined(_ANSI_SOURCE) && (!defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)) +- + /* Legacy API: please use C99 isfinite() instead. */ + extern int finite ( double ); + + /* Legacy API: please use C99 tgamma() instead. */ + extern double gamma ( double ); + +-#if (!defined(_XOPEN_SOURCE) || defined(_DARWIN_C_SOURCE)) +- + #if !defined(__cplusplus) + extern int matherr ( struct exception * ); + #endif +@@ -633,14 +776,8 @@ + extern double lgamma_r ( double, int * ) AVAILABLE_MAC_OS_X_VERSION_10_6_AND_LATER; + extern long double lgammal_r ( long double, int * ) AVAILABLE_MAC_OS_X_VERSION_10_6_AND_LATER; + #endif /* _REENTRANT */ +- +-#endif /* (!_XOPEN_SOURCE || _DARWIN_C_SOURCE) */ +-#endif /* !_ANSI_SOURCE && (!_POSIX_C_SOURCE || _DARWIN_C_SOURCE) */ +- +-#endif /* __WANT_EXTENSIONS__ */ + +-#ifdef __cplusplus +-} +-#endif ++#endif /* __DARWIN_C_LEVEL >= __DARWIN_C_FULL */ + +-#endif /* __MATH__ */ ++__END_DECLS ++#endif /* __MATH_H__ */ diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix index 38b13f784a32..998bc867e757 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix @@ -1,11 +1,19 @@ -{ lib, stdenv, appleDerivation', launchd, bootstrap_cmds, xnu, xpc, ppp, IOKit, eap8021x, Security +{ lib, stdenv, runCommand, appleDerivation', launchd, bootstrap_cmds, swift-corelibs-foundation, xnu, xpc, ppp, IOKit, eap8021x, Security , headersOnly ? false }: +let + privateHeaders = runCommand "swift-corelibs-foundation-private" { } '' + mkdir -p $out/include/CoreFoundation + + cp ${swift-corelibs-foundation}/Library/Frameworks/CoreFoundation.framework/PrivateHeaders/* \ + $out/include/CoreFoundation + ''; +in appleDerivation' stdenv { meta.broken = stdenv.cc.nativeLibc; nativeBuildInputs = lib.optionals (!headersOnly) [ bootstrap_cmds ]; - buildInputs = lib.optionals (!headersOnly) [ launchd ppp xpc IOKit eap8021x ]; + buildInputs = lib.optionals (!headersOnly) [ privateHeaders launchd ppp xpc IOKit eap8021x ]; propagatedBuildInputs = lib.optionals (!headersOnly) [ Security ]; @@ -13,7 +21,6 @@ appleDerivation' stdenv { NIX_CFLAGS_COMPILE = toString [ "-ISystemConfiguration.framework/Headers" "-I${xnu}/Library/Frameworks/System.framework/Versions/B/PrivateHeaders" - "-D_DNS_SD_LIBDISPATCH" # Needed for DNSServiceSetDispatchQueue to be available ]; }; @@ -23,11 +30,6 @@ appleDerivation' stdenv { substituteInPlace SystemConfiguration.fproj/SCNetworkReachability.c \ --replace ''$'#define\tHAVE_VPN_STATUS' "" - - # Our neutered CoreFoundation doesn't have this function, but I think we'll live... - substituteInPlace SystemConfiguration.fproj/SCNetworkConnectionPrivate.c \ - --replace 'CFPreferencesAppValueIsForced(serviceID, USER_PREFERENCES_APPLICATION_ID)' 'FALSE' \ - --replace 'CFPreferencesAppValueIsForced(userPrivate->serviceID, USER_PREFERENCES_APPLICATION_ID)' 'FALSE' ''; dontBuild = headersOnly; diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix index 30d123ab804c..e4431c68c9aa 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix @@ -5,12 +5,17 @@ let xnu-src = if stdenv.isAarch64 then macosPackages_11_0_1.xnu.src else xnu.src; arch = if stdenv.isAarch64 then "arm" else "i386"; in appleDerivation { + patches = [ + # Fixes a build failure with newer versions of clang that make implicit int an error. + ./fix-implicit-int.patch + ]; + nativeBuildInputs = [ xcbuildHook ]; buildInputs = [ libutil ]; env.NIX_CFLAGS_COMPILE = "-I."; NIX_LDFLAGS = "-lutil"; - patchPhase = '' + prePatch = '' # ugly hacks for missing headers # most are bsd related - probably should make this a drv unpackFile ${Libc.src} diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/fix-implicit-int.patch b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/fix-implicit-int.patch new file mode 100644 index 000000000000..df0fff930daf --- /dev/null +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/fix-implicit-int.patch @@ -0,0 +1,11 @@ +diff -ur a/diskdev_cmds.xcodeproj/project.pbxproj b/diskdev_cmds.xcodeproj/project.pbxproj +--- a/quota.tproj/quota.c 2021-10-06 01:13:40.000000000 -0400 ++++ b/quota.tproj/quota.c 2023-10-27 08:24:05.960965958 -0400 +@@ -115,6 +115,7 @@ + + int + main(argc, argv) ++ int argc; + char *argv[]; + { + int ngroups; diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix index 4082f5b760cf..0ba4caee6289 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix @@ -4,6 +4,9 @@ appleDerivation' stdenvNoCC { dontBuild = true; installPhase = '' mkdir -p $out/include - cp mDNSShared/dns_sd.h $out/include + # TODO: Do this only for 765.50.9 once there is a way to apply version-specific + # logic in a source-release derivation. + substitute mDNSShared/dns_sd.h $out/include/dns_sd.h \ + --replace '#define _DNS_SD_LIBDISPATCH 0' '#define _DNS_SD_LIBDISPATCH 1' ''; } diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix index c99523d6c861..c6fc00943037 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix @@ -20,7 +20,12 @@ appleDerivation { done ''; - env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error=format-security" ]; # hardeningDisable doesn't cut it + env.NIX_CFLAGS_COMPILE = toString [ + # hardeningDisable doesn't cut it + "-Wno-error=format-security" + # Required to build with clang 16 + "-Wno-error=deprecated-non-prototype" + ]; meta = { platforms = lib.platforms.darwin; diff --git a/nixpkgs/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix b/nixpkgs/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix index d77976773c66..5c593b1488e2 100644 --- a/nixpkgs/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix +++ b/nixpkgs/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, cmake, ninja, pkg-config, launchd, libdispatch, python3, libxml2, objc4, icu }: +{ lib, stdenv, fetchFromGitHub, fetchurl, makeSetupHook, cmake, pkg-config, launchd, libdispatch, python3Minimal, libxml2, objc4, icu }: let # 10.12 adds a new sysdir.h that our version of CF in the main derivation depends on, but @@ -21,7 +21,7 @@ stdenv.mkDerivation { sha256 = "17kpql0f27xxz4jjw84vpas5f5sn4vdqwv10g151rc3rswbwln1z"; }; - nativeBuildInputs = [ cmake ninja pkg-config python3 ]; + nativeBuildInputs = [ cmake pkg-config python3Minimal ]; buildInputs = [ (lib.getDev launchd) libdispatch libxml2 objc4 icu ]; patches = [ diff --git a/nixpkgs/pkgs/os-specific/linux/apfs/default.nix b/nixpkgs/pkgs/os-specific/linux/apfs/default.nix index dc46c790c3af..98487799aa8a 100644 --- a/nixpkgs/pkgs/os-specific/linux/apfs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/apfs/default.nix @@ -6,7 +6,7 @@ }: let - tag = "0.3.4"; + tag = "0.3.5"; in stdenv.mkDerivation { pname = "apfs"; @@ -16,7 +16,7 @@ stdenv.mkDerivation { owner = "linux-apfs"; repo = "linux-apfs-rw"; rev = "v${tag}"; - hash = "sha256-EeVOrZtmKi5VfPerW9IntjRvdU3AbFPHG+pyAI4ciGk="; + hash = "sha256-rKz9a4Z+tx63rhknQIl/zu/WIMjxxM0+NGyaxnzxLk4="; }; hardeningDisable = [ "pic" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix index acb484ba6b6a..c6c7d9d0f509 100644 --- a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix @@ -23,11 +23,11 @@ ]; in stdenv.mkDerivation rec { pname = "bluez"; - version = "5.66"; + version = "5.70"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/${pname}-${version}.tar.xz"; - sha256 = "sha256-Of6mS1kMlJKYSgwnqJ/CA+HNx0hmCG77j0aYZ3qytXQ="; + sha256 = "sha256-N+Ny6RaVXhRMuIL4iOS+QImPEK47fCE93N1V7pwAkng="; }; patches = [ diff --git a/nixpkgs/pkgs/os-specific/linux/ell/default.nix b/nixpkgs/pkgs/os-specific/linux/ell/default.nix index c85a75d1f17f..789a59f751f5 100644 --- a/nixpkgs/pkgs/os-specific/linux/ell/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/ell/default.nix @@ -3,20 +3,20 @@ , autoreconfHook , pkg-config , dbus -, fetchpatch , sysctl +, gitUpdater }: stdenv.mkDerivation rec { pname = "ell"; - version = "0.58"; + version = "0.59"; outputs = [ "out" "dev" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/ell/ell.git"; rev = version; - hash = "sha256-CwUwwvyT541aIvypVMqRhHkVJLna121Cme+v7c0FLWo="; + hash = "sha256-uJcGYT+JSdz/XTyJb/VUyedmSKJW/4BbTM3fw3ebtIc="; }; nativeBuildInputs = [ @@ -30,19 +30,17 @@ stdenv.mkDerivation rec { sysctl ]; - patches = [ - # /proc/sys/net/core/somaxconn doesn't always exist in the nix build environment - (fetchpatch { - name = "skip-sysctl-test-if-sysfs-not-available.patch"; - url = "https://patchwork.kernel.org/project/ell/patch/526DA75D-01AB-4D85-BF5C-5F25E5C39480@kloenk.dev/raw/"; - hash = "sha256-YYGYWQ67cbMLt6RnqZmHt+tpvVIDKPbSCqPIouk6alU="; - }) - ]; enableParallelBuilding = true; # tests sporadically fail on musl doCheck = !stdenv.hostPlatform.isMusl; + passthru = { + updateScript = gitUpdater { + url = "https://git.kernel.org/pub/scm/libs/ell/ell.git"; + }; + }; + meta = with lib; { homepage = "https://git.kernel.org/pub/scm/libs/ell/ell.git"; description = "Embedded Linux Library"; diff --git a/nixpkgs/pkgs/os-specific/linux/fuse/common.nix b/nixpkgs/pkgs/os-specific/linux/fuse/common.nix index bbd871a1b9ae..f4b8bfc5661a 100644 --- a/nixpkgs/pkgs/os-specific/linux/fuse/common.nix +++ b/nixpkgs/pkgs/os-specific/linux/fuse/common.nix @@ -1,4 +1,4 @@ -{ version, sha256Hash }: +{ version, hash }: { lib, stdenv, fetchFromGitHub, fetchpatch , fusePackages, util-linux, gettext, shadow @@ -17,7 +17,7 @@ in stdenv.mkDerivation rec { owner = "libfuse"; repo = "libfuse"; rev = "${pname}-${version}"; - sha256 = sha256Hash; + inherit hash; }; preAutoreconf = "touch config.rpath"; @@ -48,6 +48,7 @@ in stdenv.mkDerivation rec { mesonFlags = lib.optionals isFuse3 [ "-Dudevrulesdir=/udev/rules.d" "-Duseroot=false" + "-Dinitscriptdir=" ]; preConfigure = '' diff --git a/nixpkgs/pkgs/os-specific/linux/fuse/default.nix b/nixpkgs/pkgs/os-specific/linux/fuse/default.nix index 6aa3e46d4e1a..f692c2fb41c7 100644 --- a/nixpkgs/pkgs/os-specific/linux/fuse/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/fuse/default.nix @@ -7,11 +7,11 @@ let in { fuse_2 = mkFuse { version = "2.9.9"; - sha256Hash = "1yxxvm58c30pc022nl1wlg8fljqpmwnchkywic3r74zirvlcq23n"; + hash = "sha256-dgjM6M7xk5MHi9xPyCyvF0vq0KM8UCsEYBcMhkrdvfs="; }; fuse_3 = mkFuse { - version = "3.11.0"; - sha256Hash = "1wx80xxlvjn0wxhmkr1g91vwrgxssyzds1hizzxc2xrd4kjh9dfb"; + version = "3.16.2"; + hash = "sha256-QO9s+IkR0rkqIYNqt2IYST6AVBkCr56jcuuz5nKJuA4="; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-Do-not-set-FUSERMOUNT_DIR.patch b/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-Do-not-set-FUSERMOUNT_DIR.patch index 903f30325df2..582d3eb0dec8 100644 --- a/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-Do-not-set-FUSERMOUNT_DIR.patch +++ b/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-Do-not-set-FUSERMOUNT_DIR.patch @@ -1,12 +1,13 @@ +diff --git a/lib/meson.build b/lib/meson.build --- a/lib/meson.build +++ b/lib/meson.build @@ -37,8 +37,7 @@ libfuse = library('fuse3', libfuse_sources, version: meson.project_version(), soversion: '3', include_directories: include_dirs, dependencies: deps, install: true, link_depends: 'fuse_versionscript', -- c_args: [ '-DFUSE_USE_VERSION=35', +- c_args: [ '-DFUSE_USE_VERSION=312', - '-DFUSERMOUNT_DIR="@0@"'.format(fusermount_path) ], -+ c_args: [ '-DFUSE_USE_VERSION=35' ], ++ c_args: [ '-DFUSE_USE_VERSION=312' ], link_args: ['-Wl,--version-script,' + meson.current_source_dir() + '/fuse_versionscript' ]) diff --git a/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-install.patch b/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-install.patch index 147bcb439fb8..769e3088664c 100644 --- a/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-install.patch +++ b/nixpkgs/pkgs/os-specific/linux/fuse/fuse3-install.patch @@ -1,18 +1,20 @@ ---- a/util/install_helper.sh 2019-07-10 12:00:15.984840142 +0200 -+++ b/util/install_helper.sh 2019-07-10 12:28:56.343011401 +0200 -@@ -37,10 +37,10 @@ - fi +--- a/util/install_helper.sh 2023-08-26 22:12:11.028651669 +0200 ++++ b/util/install_helper.sh 2023-08-26 22:38:03.165058694 +0200 +@@ -39,12 +39,12 @@ - install -D -m 644 "${MESON_SOURCE_ROOT}/util/udev.rules" \ + if [ "${udevrulesdir}" != "" ]; then + install -D -m 644 "${MESON_SOURCE_ROOT}/util/udev.rules" \ - "${DESTDIR}${udevrulesdir}/99-fuse3.rules" + "${sysconfdir}${udevrulesdir}/99-fuse3.rules" + fi - install -D -m 755 "${MESON_SOURCE_ROOT}/util/init_script" \ -- "${DESTDIR}/etc/init.d/fuse3" -+ "${sysconfdir}/init.d/fuse3" - + if [ "$initscriptdir" != "" ]; then + install -D -m 755 "${MESON_SOURCE_ROOT}/util/init_script" \ +- "${DESTDIR}${initscriptdir}/fuse3" ++ "${sysconfdir}${initscriptdir}/fuse3" - if test -x /usr/sbin/update-rc.d && test -z "${DESTDIR}"; then + if test -x /usr/sbin/update-rc.d && test -z "${DESTDIR}"; then + /usr/sbin/update-rc.d fuse3 start 34 S . start 41 0 6 . || /bin/true diff --git a/util/meson.build b/util/meson.build index aa0e734..06d4378 100644 --- a/util/meson.build diff --git a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix index a64a0574d8ff..5bfdf61dff6b 100644 --- a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hwdata"; - version = "0.374"; + version = "0.376"; src = fetchFromGitHub { owner = "vcrhonek"; repo = "hwdata"; rev = "v${version}"; - hash = "sha256-RvjYd8iD6JkGhh6TDy/Qo+UzLxbhPvIJvhl/Rw14lbk="; + hash = "sha256-M1uBamN09XepOembDAcHXO/UvnM9s/OiN+eNzChF5Tw="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/iptables/default.nix b/nixpkgs/pkgs/os-specific/linux/iptables/default.nix index 9d2848556eaf..b82484514e5f 100644 --- a/nixpkgs/pkgs/os-specific/linux/iptables/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iptables/default.nix @@ -2,31 +2,18 @@ , autoreconfHook, pkg-config, pruneLibtoolFiles, flex, bison , libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap , nftablesCompat ? true -, fetchpatch +, gitUpdater }: stdenv.mkDerivation rec { - version = "1.8.9"; + version = "1.8.10"; pname = "iptables"; src = fetchurl { url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.xz"; - sha256 = "72Y5pDvoMlpPjqaBI/+sI2y2lujHhQG2ToEGr7AIyH8="; + sha256 = "XMJVwYk1bjF9BwdVzpNx62Oht4PDRJj7jDAmTzzFnJw="; }; - patches = [ - (fetchpatch { - name = "format-security.patch"; - url = "https://git.netfilter.org/iptables/patch/?id=ed4082a7405a5838c205a34c1559e289949200cc"; - sha256 = "OdytFmHk+3Awu+sDQpGTl5/qip4doRblmW2vQzfNZiU="; - }) - (fetchurl { - name = "static.patch"; - url = "https://lore.kernel.org/netfilter-devel/20230402232939.1060151-1-hi@alyssa.is/raw"; - sha256 = "PkH+1HbJjBb3//ffBe0XUQok1lBwgj/STL8Ppu/28f4="; - }) - ]; - outputs = [ "out" "dev" "man" ]; nativeBuildInputs = [ @@ -35,10 +22,6 @@ stdenv.mkDerivation rec { buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ]; - preConfigure = '' - export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl" - ''; - configureFlags = [ "--enable-bpf-compiler" "--enable-devel" @@ -47,6 +30,8 @@ stdenv.mkDerivation rec { "--enable-shared" ] ++ lib.optional (!nftablesCompat) "--disable-nftables"; + enableParallelBuilding = true; + postInstall = lib.optionalString nftablesCompat '' rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save} ln -sv xtables-nft-multi $out/bin/iptables @@ -57,6 +42,13 @@ stdenv.mkDerivation rec { ln -sv xtables-nft-multi $out/bin/ip6tables-save ''; + passthru = { + updateScript = gitUpdater { + url = "https://git.netfilter.org/iptables"; + rev-prefix = "v"; + }; + }; + meta = with lib; { description = "A program to configure the Linux IP packet filtering ruleset"; homepage = "https://www.netfilter.org/projects/iptables/index.html"; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix b/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix index ff40e585b1d8..e0a3c4319b8b 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix @@ -119,7 +119,10 @@ in { hash = "sha256-eldLvCCALqdrUsp/rwcmf3IEXoYbGJFcUnKpjCer+IQ="; }; patches = [ - ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms + ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms + + # Fix regression turning `struct sockaddr_ll` flexible size. + ./revert-af_packet-flex.patch ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel-headers/revert-af_packet-flex.patch b/nixpkgs/pkgs/os-specific/linux/kernel-headers/revert-af_packet-flex.patch new file mode 100644 index 000000000000..ed6c8861d2fb --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/kernel-headers/revert-af_packet-flex.patch @@ -0,0 +1,31 @@ +Revert commit https://github.com/torvalds/linux/commit/a0ade8404c3bc2bf2631cb0f20d372eed22d9d96 + +The change caused API regression by turning fixed size struct to +flexible size struct. It was an unintentional change, broke `udp2raw`: + https://github.com/NixOS/nixpkgs/pull/252587#issuecomment-1744427473 +--- a/include/uapi/linux/if_packet.h ++++ b/include/uapi/linux/if_packet.h +@@ -18,11 +18,7 @@ struct sockaddr_ll { + unsigned short sll_hatype; + unsigned char sll_pkttype; + unsigned char sll_halen; +- union { +- unsigned char sll_addr[8]; +- /* Actual length is in sll_halen. */ +- __DECLARE_FLEX_ARRAY(unsigned char, sll_addr_flex); +- }; ++ unsigned char sll_addr[8]; + }; + + /* Packet types */ +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -3607,7 +3607,7 @@ static int packet_getname(struct socket *sock, struct sockaddr *uaddr, + if (dev) { + sll->sll_hatype = dev->type; + sll->sll_halen = dev->addr_len; +- memcpy(sll->sll_addr_flex, dev->dev_addr, dev->addr_len); ++ memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len); + } else { + sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */ + sll->sll_halen = 0; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 1ce9aa72a484..2954ee8f78b9 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -845,6 +845,8 @@ let CLEANCACHE = whenOlder "5.17" (option yes); CRASH_DUMP = option no; + FSCACHE_STATS = yes; + DVB_DYNAMIC_MINORS = option yes; # we use udev EFI_STUB = yes; # EFI bootloader in the bzImage itself diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix index 74c47db62561..df67005dd816 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix @@ -135,8 +135,6 @@ let platformName = stdenv.hostPlatform.linux-kernel.name; # e.g. "defconfig" kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig; - # e.g. "bzImage" - kernelTarget = stdenv.hostPlatform.linux-kernel.target; makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags ++ extraMakeFlags; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json index 5201a4248f85..94ab60aa67b9 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json @@ -7,10 +7,6 @@ "version": "6.5.11", "hash": "sha256:06dmb4hbwrms0lp4axphwgj8wbnzsym70sx55lxr501b53wlmqif" }, - "6.4": { - "version": "6.4.16", - "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" - }, "6.1": { "version": "6.1.62", "hash": "sha256:1v453q4sf0j8708ivs1zmdf645hgimqvxfc8xz7czgnnmipn3zdr" diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix index 0763ffda26b9..c58c4e67e4d0 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix @@ -6,27 +6,32 @@ # bcachefs-tools stores the expected-revision in: # https://evilpiepirate.org/git/bcachefs-tools.git/tree/.bcachefs_revision # but this does not means that it'll be the latest-compatible revision -, currentCommit ? "84f132d5696138bb038d2dc8f1162d2fab5ac832" -, diffHash ? "sha256-RaBWBU7rXjJFb1euFAFBHWCBQAG7npaCodjp/vMYpyw=" +, currentCommit ? "4d2faeb4fb58c389dc9f76b8d5ae991ef4497e04" +, diffHash ? "sha256-DtMc8P4lTRzvS6PVvD7WtWEPsfnxIXSpqMsKKWs+edI=" , kernelPatches # must always be defined in bcachefs' all-packages.nix entry because it's also a top-level attribute supplied by callPackage , argsOverride ? {} , ... } @ args: - # NOTE: bcachefs-tools should be updated simultaneously to preserve compatibility (kernel.override ( args // { - version = "${kernel.version}-bcachefs-unstable-${commitDate}"; - extraMeta = { - branch = "master"; - broken = stdenv.isAarch64; - maintainers = with lib.maintainers; [ davidak Madouura pedrohlc raitobezarius ]; - }; + argsOverride = { + version = "${kernel.version}-bcachefs-unstable-${commitDate}"; + modDirVersion = kernel.modDirVersion; + + extraMeta = { + homepage = "https://bcachefs.org/"; + branch = "master"; + maintainers = with lib.maintainers; [ davidak Madouura pedrohlc raitobezarius YellowOnion ]; + }; + } // argsOverride; structuredExtraConfig = with lib.kernel; { BCACHEFS_FS = module; BCACHEFS_QUOTA = option yes; BCACHEFS_POSIX_ACL = option yes; + # useful for bug reports + FTRACE = option yes; }; kernelPatches = [ { diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix index d5b67b5efbe3..2ba31fbc9789 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,5 +1,5 @@ { lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod +, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod, ubootTools , fetchpatch }: @@ -120,10 +120,6 @@ let # Ensure that depmod gets resolved through PATH sed -i Makefile -e 's|= /sbin/depmod|= depmod|' - # fixup for pre-5.4 kernels using the $(cd $foo && /bin/pwd) pattern - # FIXME: remove when no longer needed - substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd - # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. # This way kernels can be bit-by-bit reproducible depending on settings # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). @@ -368,8 +364,7 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPat enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ] - ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ubootTools ] ++ optional (lib.versionOlder version "5.8") libelf ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 82b17d461d2b..691b4899f2dd 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -2,6 +2,9 @@ let # These names are how they are designated in https://xanmod.org. + + # NOTE: When updating these, please also take a look at the changes done to + # kernel config in the xanmod version commit ltsVariant = { version = "6.1.62"; hash = "sha256-fo5OQ/MZ+QVdCmLzX0OgFUBedfqrkqp+Ev081RVdtWw="; @@ -26,21 +29,10 @@ let }; structuredExtraConfig = with lib.kernel; { - # AMD P-state driver - X86_AMD_PSTATE = lib.mkOverride 60 yes; - # Google's BBRv3 TCP congestion Control TCP_CONG_BBR = yes; DEFAULT_BBR = yes; - # FQ-PIE Packet Scheduling - NET_SCH_DEFAULT = yes; - DEFAULT_FQ_PIE = yes; - - # Futex WAIT_MULTIPLE implementation for Wine / Proton Fsync. - FUTEX = yes; - FUTEX_PI = yes; - # WineSync driver for fast kernel-backed Wine WINESYNC = module; diff --git a/nixpkgs/pkgs/os-specific/linux/kmod/default.nix b/nixpkgs/pkgs/os-specific/linux/kmod/default.nix index 0843ca3556ae..3f971e7a6edb 100644 --- a/nixpkgs/pkgs/os-specific/linux/kmod/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kmod/default.nix @@ -12,7 +12,7 @@ let in stdenv.mkDerivation rec { pname = "kmod"; - version = "30"; + version = "31"; # autogen.sh is missing from the release tarball, # and we need to run it to regenerate gtk_doc.make, @@ -21,7 +21,7 @@ in stdenv.mkDerivation rec { # https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/.gitignore?id=61a93a043aa52ad62a11ba940d4ba93cb3254e78 src = fetchzip { url = "https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/snapshot/kmod-${version}.tar.gz"; - sha256 = "sha256-/dih2LoqgRrAsVdHRwld28T8pXgqnzapnQhqkXnxbbc="; + hash = "sha256-FNR015/AoYBbi7Eb1M2TXH3yxUuddKICCu+ot10CdeQ="; }; outputs = [ "out" "dev" "lib" ] ++ lib.optional withDevdoc "devdoc"; diff --git a/nixpkgs/pkgs/os-specific/linux/mstflint_access/default.nix b/nixpkgs/pkgs/os-specific/linux/mstflint_access/default.nix new file mode 100644 index 000000000000..6e29e27ccbf2 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/mstflint_access/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, fetchurl, kernel, kmod, mstflint }: + +stdenv.mkDerivation rec { + pname = "mstflint_access"; + inherit (mstflint) version; + + src = fetchurl { + url = "https://github.com/Mellanox/mstflint/releases/download/v${version}/kernel-mstflint-${version}.tar.gz"; + hash = "sha256-rfZts0m8x6clVazpbAa2xK+dYgRU9Us5rbcWa0uHJ1M="; + }; + + nativeBuildInputs = [ kmod ] ++ kernel.moduleBuildDependencies; + + makeFlags = kernel.makeFlags ++ [ + "KVER=${kernel.modDirVersion}" + "KSRC=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + enableParallelBuilding = true; + + preConfigure = lib.optionals (lib.versionAtLeast kernel.version "6.4") '' + sed -i "s/class_create(THIS_MODULE, dev->name)/class_create(dev->name)/g" mst_main.c + ''; + + installPhase = '' + runHook preInstall + + install -D ${pname}.ko $out/lib/modules/${kernel.modDirVersion}/extra/${pname}.ko + + runHook postInstall + ''; + + meta = with lib; { + description = "A kernel module for Nvidia NIC firmware update"; + homepage = "https://github.com/Mellanox/mstflint"; + license = [ licenses.gpl2Only ]; + maintainers = with maintainers; [ thillux ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/os-specific/linux/numatop/default.nix b/nixpkgs/pkgs/os-specific/linux/numatop/default.nix index ad0138f18b75..f4995264b09e 100644 --- a/nixpkgs/pkgs/os-specific/linux/numatop/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/numatop/default.nix @@ -16,12 +16,14 @@ stdenv.mkDerivation rec { patches = [ (fetchpatch { - url = "https://github.com/intel/numatop/pull/54.patch"; + # https://github.com/intel/numatop/pull/54 + url = "https://github.com/intel/numatop/compare/eab0ac5253c5843aa0f0ac36e2eec7612207711b...c1001fd926c24eae2d40729492e07270ce133b72.patch"; sha256 = "sha256-TbMLv7TT9T8wE4uJ1a/AroyPPwrwL0eX5IBLsh9GTTM="; name = "fix-string-operations.patch"; }) (fetchpatch { - url = "https://github.com/intel/numatop/pull/64.patch"; + # https://github.com/intel/numatop/pull/64 + url = "https://github.com/intel/numatop/commit/635e2ce2ccb1ac793cc276a7fcb8a92b1ffefa5d.patch"; sha256 = "sha256-IevbSFJRTS5iQ5apHOVXzF67f3LJaW6j7DySFmVuyiM="; name = "fix-format-strings-mvwprintw.patch"; }) diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh index b7824f209776..fbb116ab42ad 100755 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/builder.sh @@ -1,4 +1,4 @@ -if [ -e .attrs.sh ]; then source .attrs.sh; fi +if [ -e "$NIX_ATTRS_SH_FILE" ]; then . "$NIX_ATTRS_SH_FILE"; elif [ -f .attrs.sh ]; then . .attrs.sh; fi source $stdenv/setup unpackManually() { diff --git a/nixpkgs/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh b/nixpkgs/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh index 34f9b1579455..ed2c60da2612 100644 --- a/nixpkgs/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh +++ b/nixpkgs/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh @@ -1,4 +1,4 @@ -if [ -e .attrs.sh ]; then source .attrs.sh; fi +if [ -e "$NIX_ATTRS_SH_FILE" ]; then . "$NIX_ATTRS_SH_FILE"; elif [ -f .attrs.sh ]; then . .attrs.sh; fi source $stdenv/setup mkdir -p $out/lib diff --git a/nixpkgs/pkgs/os-specific/linux/pam/default.nix b/nixpkgs/pkgs/os-specific/linux/pam/default.nix index b16bebbe3d60..a35f40be5955 100644 --- a/nixpkgs/pkgs/os-specific/linux/pam/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/pam/default.nix @@ -1,5 +1,8 @@ -{ lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext, audit, libxcrypt +{ lib, stdenv, buildPackages, fetchurl +, fetchpatch +, flex, cracklib, db4, gettext, audit, libxcrypt , nixosTests +, autoreconfHook269, pkg-config-unwrapped }: stdenv.mkDerivation rec { @@ -11,12 +14,25 @@ stdenv.mkDerivation rec { sha256 = "sha256-5OxxMakdpEUSV0Jo9JPG2MoQXIcJFpG46bVspoXU+U0="; }; - patches = [ ./suid-wrapper-path.patch ]; + patches = [ + ./suid-wrapper-path.patch + # Pull support for localization on non-default --prefix: + # https://github.com/NixOS/nixpkgs/issues/249010 + # https://github.com/linux-pam/linux-pam/pull/604 + (fetchpatch { + name = "bind-locales.patch"; + url = "https://github.com/linux-pam/linux-pam/commit/77bd338125cde583ecdfb9fd69619bcd2baf15c2.patch"; + hash = "sha256-tlc9RcLZpEH315NFD4sdN9yOco8qhC6+bszl4OHm+AI="; + }) + ]; outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ flex ] + # autoreconfHook269 is needed for `suid-wrapper-path.patch` and + # `bind-locales.patch` above. + # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` + nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ] ++ lib.optional stdenv.buildPlatform.isDarwin gettext; buildInputs = [ cracklib db4 libxcrypt ] diff --git a/nixpkgs/pkgs/os-specific/linux/pam/suid-wrapper-path.patch b/nixpkgs/pkgs/os-specific/linux/pam/suid-wrapper-path.patch index 71533c51a190..a427ccf38816 100644 --- a/nixpkgs/pkgs/os-specific/linux/pam/suid-wrapper-path.patch +++ b/nixpkgs/pkgs/os-specific/linux/pam/suid-wrapper-path.patch @@ -1,6 +1,6 @@ It needs the SUID version during runtime, and that can't be in /nix/store/** ---- a/modules/pam_unix/Makefile.in -+++ b/modules/pam_unix/Makefile.in -@@ -651 +651 @@ +--- a/modules/pam_unix/Makefile.am ++++ b/modules/pam_unix/Makefile.am +@@ -21 +21 @@ - -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ + -DCHKPWD_HELPER=\"/run/wrappers/bin/unix_chkpwd\" \ diff --git a/nixpkgs/pkgs/os-specific/linux/pam_p11/default.nix b/nixpkgs/pkgs/os-specific/linux/pam_p11/default.nix index 8970f7ed6285..0a7e02f4ad81 100644 --- a/nixpkgs/pkgs/os-specific/linux/pam_p11/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/pam_p11/default.nix @@ -13,8 +13,10 @@ stdenv.mkDerivation rec { patches = [ # fix with openssl 3.x + # https://github.com/OpenSC/pam_p11/pull/22 (fetchpatch { - url = "https://github.com/OpenSC/pam_p11/pull/22.patch"; + name = "OpenSC-pam_p11-pull-22.patch"; + url = "https://github.com/OpenSC/pam_p11/compare/cd4eba2e921e1c2f93cde71922a76af99376246c...debd4f7acfaf998cfe4002e0be5c35ad9a9591b5.patch"; excludes = [ ".github/build.sh" ]; hash = "sha256-bm/agnBgvrr8L8yoGK4gzBqOGgsNWf9NIgcNJG7proE="; }) diff --git a/nixpkgs/pkgs/os-specific/linux/prl-tools/default.nix b/nixpkgs/pkgs/os-specific/linux/prl-tools/default.nix index e1f88469e04f..314a95bd5548 100644 --- a/nixpkgs/pkgs/os-specific/linux/prl-tools/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/prl-tools/default.nix @@ -36,13 +36,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "prl-tools"; - version = "19.1.0-54729"; + version = "19.1.1-54734"; # We download the full distribution to extract prl-tools-lin.iso from # => ${dmg}/Parallels\ Desktop.app/Contents/Resources/Tools/prl-tools-lin.iso src = fetchurl { url = "https://download.parallels.com/desktop/v${lib.versions.major finalAttrs.version}/${finalAttrs.version}/ParallelsDesktop-${finalAttrs.version}.dmg"; - hash = "sha256-Qo/6EuILu5i3hjhxecf3qfoMFEJHJZVY19tDIXDJiag="; + hash = "sha256-02YxBkV9pZGfXuK6GvUDTgE9U5H2MOMk24h9qGJdFTM="; }; hardeningDisable = [ "pic" "format" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix b/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix index 67b839a1bd36..56a92ffa44ef 100644 --- a/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix @@ -27,7 +27,9 @@ stdenv.mkDerivation rec { sha256 = "sha256-RRiz56r9NOwH0AY9JQ/UdJmbILIAIYw65W9dIRPxQbQ="; }; - patches = lib.optionals stdenv.hostPlatform.isMusl [ + patches = [ + ./v3-CVE-2023-4016.patch + ] ++ lib.optionals stdenv.hostPlatform.isMusl [ # NOTE: Starting from 4.x we will not need a patch anymore, but need to add # "--disable-w" to configureFlags instead to prevent the utmp errors (fetchpatch { diff --git a/nixpkgs/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch b/nixpkgs/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch new file mode 100644 index 000000000000..2e260eaf7382 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch @@ -0,0 +1,63 @@ +This is https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413.diff +back-ported to procps 3.3.17. That commit changes xmalloc to xcalloc. This patch differs in two ways: + +* We modify it to change malloc (no x-) to xcalloc instead +* We pull in procps-4's definition of xcalloc + +Alternative considered: Also pull in commits that changed malloc to xmalloc and defined xcalloc. +This alternative is rejected because those commits contain many other unrelated changes. + +diff --git a/ps/parser.c b/ps/parser.c +index 4263a1fb..ee9a57d9 100644 +--- a/ps/parser.c ++++ b/ps/parser.c +@@ -36,6 +36,14 @@ + #include "common.h" + #include "c.h" + ++static void *xxcalloc(const size_t nelems, const size_t size) ++{ ++ void *ret = calloc(nelems, size); ++ if (!ret && size && nelems) ++ xerrx(EXIT_FAILURE, "cannot allocate %zu bytes", nelems*size); ++ return ret; ++} ++ + #define ARG_GNU 0 + #define ARG_END 1 + #define ARG_PGRP 2 +@@ -184,7 +192,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + const char *err; /* error code that could or did happen */ + /*** prepare to operate ***/ + node = malloc(sizeof(selection_node)); +- node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */ + node->n = 0; + buf = strdup(arg); + /*** sanity check and count items ***/ +@@ -205,6 +212,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + } while (*++walk); + if(need_item) goto parse_error; + node->n = items; ++ node->u = xxcalloc(items, sizeof(sel_union)); + /*** actually parse the list ***/ + walk = buf; + while(items--){ +@@ -1031,15 +1039,15 @@ static const char *parse_trailing_pids(void){ + thisarg = ps_argc - 1; /* we must be at the end now */ + + pidnode = malloc(sizeof(selection_node)); +- pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ pidnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + pidnode->n = 0; + + grpnode = malloc(sizeof(selection_node)); +- grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ grpnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + grpnode->n = 0; + + sidnode = malloc(sizeof(selection_node)); +- sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ sidnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + sidnode->n = 0; + + while(i--){ diff --git a/nixpkgs/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix b/nixpkgs/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix index ecfd6a87e6b4..a4fc11c8647c 100644 --- a/nixpkgs/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix @@ -1,14 +1,14 @@ -{ lib, stdenv, fetchFromGitHub, kernel, bc, fetchpatch }: +{ lib, stdenv, fetchFromGitHub, kernel, bc }: stdenv.mkDerivation { pname = "rtl8188eus-aircrack"; - version = "${kernel.version}-unstable-2022-03-19"; + version = "${kernel.version}-unstable-2023-09-21"; src = fetchFromGitHub { owner = "aircrack-ng"; repo = "rtl8188eus"; - rev = "0958f294f90b49d6bad4972b14f90676e5d858d3"; - sha256 = "sha256-dkCcwvOLxqU1IZ/OXTp67akjWgsaH1Cq4N8d9slMRI8="; + rev = "3fae7237ba121f1169e9a2ea55040dc123697d3b"; + sha256 = "sha256-ILSMEt9nMdg1ZbFeatWm8Yxf6a/E7Vm7KtKhN933KTc="; }; prePatch = '' @@ -18,13 +18,6 @@ stdenv.mkDerivation { --replace '$(MODDESTDIR)' "$out/lib/modules/${kernel.modDirVersion}/kernel/net/wireless/" ''; - patches = [ - (fetchpatch { - url = "https://github.com/aircrack-ng/rtl8188eus/commit/daa3a2e12290050be3af956915939a55aed50d5f.patch"; - hash = "sha256-VsvaAhO74LzqUxbmdDT9qwVl6Y9lXfGfrHHK3SbnOVA="; - }) - ]; - hardeningDisable = [ "pic" ]; enableParallelBuilding = true; @@ -40,6 +33,6 @@ stdenv.mkDerivation { homepage = "https://github.com/aircrack-ng/rtl8188eus"; license = licenses.gpl2Only; maintainers = with maintainers; [ fortuneteller2k ]; - broken = (lib.versionAtLeast kernel.version "5.17") || ((lib.versions.majorMinor kernel.version) == "5.4" && kernel.isHardened); + broken = (lib.versionAtLeast kernel.version "6.6") || ((lib.versions.majorMinor kernel.version) == "5.4" && kernel.isHardened); }; } diff --git a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix index 746f9b17a698..38fec65b3334 100644 --- a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.14.0"; + version = "4.14.1"; src = fetchFromGitHub { owner = "shadow-maint"; repo = pname; rev = version; - hash = "sha256-zopJevCv7ot8RLp/rSQGKO05eF4FjkLaOEMo9aq9Afo="; + hash = "sha256-DzPPnttnJSOMQwXWyFcz6fEtjwBC3p2PpZpBAQ/Ew18="; }; outputs = [ "out" "su" "dev" "man" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix index 98adb27d796f..0311d46d1fc4 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix @@ -124,7 +124,7 @@ , withRemote ? !stdenv.hostPlatform.isMusl , withResolved ? true , withShellCompletions ? true -, withSysusers ? false # conflicts with the NixOS user management +, withSysusers ? true , withSysupdate ? true , withTimedated ? true , withTimesyncd ? true @@ -134,6 +134,8 @@ , withUtmp ? !stdenv.hostPlatform.isMusl # tests assume too much system access for them to be feasible for us right now , withTests ? false + # build only libudev and libsystemd +, buildLibsOnly ? false # name argument , pname ? "systemd" @@ -202,6 +204,14 @@ stdenv.mkDerivation (finalAttrs: { ./0017-core-don-t-taint-on-unmerged-usr.patch ./0018-tpm2_context_init-fix-driver-name-checking.patch ./0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch + + # Fix for `RuntimeError: ELF .dynamic section is missing.` + # https://github.com/systemd/systemd/issues/29381 + # https://github.com/systemd/systemd/pull/29392 + (fetchpatch { + url = "https://github.com/systemd/systemd/commit/cecbb162a3134b43d2ca160e13198c73ff34c3ef.patch"; + hash = "sha256-hWpUosTDA18mYm5nIb9KnjwOlnzbEHgzha/WpyHoC54="; + }) ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { @@ -372,7 +382,7 @@ stdenv.mkDerivation (finalAttrs: { patchShebangs tools test src/!(rpm|kernel-install|ukify) src/kernel-install/test-kernel-install.sh ''; - outputs = [ "out" "man" "dev" ]; + outputs = [ "out" "dev" ] ++ (lib.optional (!buildLibsOnly) "man"); nativeBuildInputs = [ @@ -436,7 +446,7 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional withUkify (python3Packages.python.withPackages (ps: with ps; [ pefile ])) ; - #dontAddPrefix = true; + mesonBuildType = "release"; mesonFlags = [ "-Dversion-tag=${version}" @@ -697,7 +707,9 @@ stdenv.mkDerivation (finalAttrs: { export DESTDIR=/ ''; - postInstall = '' + mesonInstallTags = lib.optionals buildLibsOnly [ "devel" "libudev" "libsystemd" ]; + + postInstall = lib.optionalString (!buildLibsOnly) '' mkdir -p $out/example/systemd mv $out/lib/{binfmt.d,sysctl.d,tmpfiles.d} $out/example mv $out/lib/systemd/{system,user} $out/example/systemd @@ -715,8 +727,10 @@ stdenv.mkDerivation (finalAttrs: { find $out -name "*kernel-install*" -exec rm {} \; '' + lib.optionalString (!withDocumentation) '' rm -rf $out/share/doc - '' + lib.optionalString withKmod '' + '' + lib.optionalString (withKmod && !buildLibsOnly) '' mv $out/lib/modules-load.d $out/example + '' + lib.optionalString withSysusers '' + mv $out/lib/sysusers.d $out/example ''; # Avoid *.EFI binary stripping. At least on aarch64-linux strip diff --git a/nixpkgs/pkgs/os-specific/linux/trinity/default.nix b/nixpkgs/pkgs/os-specific/linux/trinity/default.nix index 09a2d8bf638d..e0ab2b2802f1 100644 --- a/nixpkgs/pkgs/os-specific/linux/trinity/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/trinity/default.nix @@ -1,25 +1,16 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch }: +{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec { pname = "trinity"; - version = "1.9"; + version = "1.9-unstable-2023-07-10"; src = fetchFromGitHub { owner = "kernelslacker"; repo = "trinity"; - rev = "v${version}"; - sha256 = "0z1a7x727xacam74jccd223k303sllgwpq30lnq9b6xxy8b659bv"; + rev = "e71872454d26baf37ae1d12e9b04a73d64179555"; + hash = "sha256-Zy+4L1CuB2Ul5iF+AokDkAW1wheDzoCTNkvRZFGRNps="; }; - patches = [ - # Pull upstream fix for -fno-common toolchains - (fetchpatch { - name = "fno-common.patch"; - url = "https://github.com/kernelslacker/trinity/commit/e53e25cc8dd5bdb5f7d9b4247de9e9921eec81d8.patch"; - sha256 = "0dbhyc98x11cmac6rj692zymnfqfqcbawlrkg1lhgfagzjxxwshg"; - }) - ]; - postPatch = '' patchShebangs configure patchShebangs scripts @@ -27,12 +18,12 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - makeFlags = [ "DESTDIR=$(out)" ]; + installFlags = [ "DESTDIR=$(out)" ]; meta = with lib; { description = "A Linux System call fuzz tester"; - homepage = "https://codemonkey.org.uk/projects/trinity/"; - license = licenses.gpl2; + homepage = "https://github.com/kernelslacker/trinity"; + license = licenses.gpl2Only; maintainers = [ maintainers.dezgeg ]; platforms = platforms.linux; }; diff --git a/nixpkgs/pkgs/os-specific/linux/usbutils/default.nix b/nixpkgs/pkgs/os-specific/linux/usbutils/default.nix index 20936fa7d495..cfd94bf33c46 100644 --- a/nixpkgs/pkgs/os-specific/linux/usbutils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/usbutils/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "usbutils"; - version = "015"; + version = "017"; src = fetchurl { url = "mirror://kernel/linux/utils/usb/usbutils/usbutils-${version}.tar.xz"; - sha256 = "sha256-w7RRux9P+fY1bKxaaVaprI6F2BZRr1ainmiflPpv2m4="; + hash = "sha256-pqJf/c+RA+ONekRzKsoXBz9OYCuS5K5VYlIxqCcC4Fs="; }; patches = [ diff --git a/nixpkgs/pkgs/os-specific/linux/util-linux/bcachefs-patch-set.patch b/nixpkgs/pkgs/os-specific/linux/util-linux/bcachefs-patch-set.patch new file mode 100644 index 000000000000..068744d4f32d --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/util-linux/bcachefs-patch-set.patch @@ -0,0 +1,277 @@ +commit 68564ebb50f8afab5a9527c534417e247cca0b27 +Author: Filipe Manana <fdmanana@kernel.org> +Date: Thu Aug 17 10:20:13 2023 +0100 + + libmount: Fix regression when mounting with atime + + A regression was introduced in v2.39 that causes mounting with the atime + option to fail: + + $ mkfs.ext4 -F /dev/sdi + $ mount -o atime /dev/sdi /mnt/sdi + mount: /mnt/sdi: not mount point or bad option. + dmesg(1) may have more information after failed mount system call. + + The failure comes from the mount_setattr(2) call returning -EINVAL. This + is because we pass an invalid value for the attr_clr argument. From a + strace capture we have: + + mount_setattr(4, "", AT_EMPTY_PATH, {attr_set=0, attr_clr=MOUNT_ATTR_NOATIME, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) + + We can't pass MOUNT_ATTR_NOATIME to mount_setattr(2) through the attr_clr + argument because all atime options are exclusive, so in order to set atime + one has to pass MOUNT_ATTR__ATIME to attr_clr and leave attr_set as + MOUNT_ATTR_RELATIME (which is defined as a value of 0). + + This can be read from the man page for mount_setattr(2) and also from the + kernel source: + + $ cat fs/namespace.c + static int build_mount_kattr(const struct mount_attr *attr, size_t usize, + struct mount_kattr *kattr, unsigned int flags) + { + (...) + /* + * Since the MOUNT_ATTR_<atime> values are an enum, not a bitmap, + * users wanting to transition to a different atime setting cannot + * simply specify the atime setting in @attr_set, but must also + * specify MOUNT_ATTR__ATIME in the @attr_clr field. + * So ensure that MOUNT_ATTR__ATIME can't be partially set in + * @attr_clr and that @attr_set can't have any atime bits set if + * MOUNT_ATTR__ATIME isn't set in @attr_clr. + */ + if (attr->attr_clr & MOUNT_ATTR__ATIME) { + if ((attr->attr_clr & MOUNT_ATTR__ATIME) != MOUNT_ATTR__ATIME) + return -EINVAL; + + /* + * Clear all previous time settings as they are mutually + * exclusive. + */ + kattr->attr_clr |= MNT_RELATIME | MNT_NOATIME; + switch (attr->attr_set & MOUNT_ATTR__ATIME) { + case MOUNT_ATTR_RELATIME: + kattr->attr_set |= MNT_RELATIME; + break; + case MOUNT_ATTR_NOATIME: + kattr->attr_set |= MNT_NOATIME; + break; + case MOUNT_ATTR_STRICTATIME: + break; + default: + return -EINVAL; + } + (...) + + So fix this by setting attr_clr MOUNT_ATTR__ATIME if we want to clear any + atime related option. + + Signed-off-by: Filipe Manana <fdmanana@kernel.org> + +diff --git a/libmount/src/optlist.c b/libmount/src/optlist.c +index 1e962ec6d..0702adae7 100644 +--- a/libmount/src/optlist.c ++++ b/libmount/src/optlist.c +@@ -875,7 +875,18 @@ int mnt_optlist_get_attrs(struct libmnt_optlist *ls, uint64_t *set, uint64_t *cl + + if (opt->ent->mask & MNT_INVERT) { + DBG(OPTLIST, ul_debugobj(ls, " clr: %s", opt->ent->name)); +- *clr |= x; ++ /* ++ * All atime settings are mutually exclusive so *clr must ++ * have MOUNT_ATTR__ATIME set. ++ * ++ * See the function fs/namespace.c:build_mount_kattr() ++ * in the linux kernel source. ++ */ ++ if (x == MOUNT_ATTR_RELATIME || x == MOUNT_ATTR_NOATIME || ++ x == MOUNT_ATTR_STRICTATIME) ++ *clr |= MOUNT_ATTR__ATIME; ++ else ++ *clr |= x; + } else { + DBG(OPTLIST, ul_debugobj(ls, " set: %s", opt->ent->name)); + *set |= x; +diff --git a/tests/expected/libmount/context-mount-flags b/tests/expected/libmount/context-mount-flags +index 960641863..eb71323dd 100644 +--- a/tests/expected/libmount/context-mount-flags ++++ b/tests/expected/libmount/context-mount-flags +@@ -3,3 +3,6 @@ ro,nosuid,noexec + successfully mounted + rw,nosuid,noexec + successfully umounted ++successfully mounted ++rw,relatime ++successfully umounted +diff --git a/tests/ts/libmount/context b/tests/ts/libmount/context +index f5b47185e..a5d2e81a3 100755 +--- a/tests/ts/libmount/context ++++ b/tests/ts/libmount/context +@@ -116,8 +116,15 @@ $TS_CMD_FINDMNT --kernel --mountpoint $MOUNTPOINT -o VFS-OPTIONS -n >> $TS_OUTPU + + ts_run $TESTPROG --umount $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG + is_mounted $DEVICE && echo "$DEVICE still mounted" >> $TS_OUTPUT 2>> $TS_ERRLOG +-ts_finalize_subtest + ++# Test that the atime option works after the migration to use the new kernel mount APIs. ++ts_run $TESTPROG --mount -o atime $DEVICE $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG ++$TS_CMD_FINDMNT --kernel --mountpoint $MOUNTPOINT -o VFS-OPTIONS -n >> $TS_OUTPUT 2>> $TS_ERRLOG ++is_mounted $DEVICE || echo "$DEVICE not mounted" >> $TS_OUTPUT 2>> $TS_ERRLOG ++ts_run $TESTPROG --umount $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG ++is_mounted $DEVICE && echo "$DEVICE still mounted" >> $TS_OUTPUT 2>> $TS_ERRLOG ++ ++ts_finalize_subtest + + ts_init_subtest "mount-loopdev" + mkdir -p $MOUNTPOINT &> /dev/null + +commit 1ec71634aa4ef5ddca23d65c8a296f3614231e8a +Author: Colin Gillespie <colin@cgillespie.xyz> +Date: Wed Aug 9 18:28:07 2023 +1000 + + libblkid: (bcachefs) fix not detecting large superblocks + + Probing does not detect bcachefs filesystems with a superblock larger + than 4KiB. Bcachefs superblocks grow in size and can become much larger + than this. + + Increase the superblock maximum size limit to 1MiB. + + Validate the superblock isn't larger than the maximum size defined in + the superblocks layout section. + + (cherry picked from commit 48d573797797650d96456979797c0155d58f61cb) + +diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c +index 40e702d75..236877042 100644 +--- a/libblkid/src/superblocks/bcache.c ++++ b/libblkid/src/superblocks/bcache.c +@@ -102,6 +102,15 @@ union bcachefs_sb_csum { + uint8_t raw[16]; + } __attribute__((packed)); + ++struct bcachefs_sb_layout { ++ uint8_t magic[16]; ++ uint8_t layout_type; ++ uint8_t sb_max_size_bits; ++ uint8_t nr_superblocks; ++ uint8_t pad[5]; ++ uint64_t sb_offset[61]; ++} __attribute__((packed)); ++ + struct bcachefs_super_block { + union bcachefs_sb_csum csum; + uint16_t version; +@@ -123,7 +132,7 @@ struct bcachefs_super_block { + uint64_t flags[8]; + uint64_t features[2]; + uint64_t compat[2]; +- uint8_t layout[512]; ++ struct bcachefs_sb_layout layout; + struct bcachefs_sb_field _start[]; + } __attribute__((packed)); + +@@ -143,7 +152,7 @@ struct bcachefs_super_block { + /* granularity of offset and length fields within superblock */ + #define BCACHEFS_SECTOR_SIZE 512 + /* maximum superblock size */ +-#define BCACHEFS_SB_MAX_SIZE 4096 ++#define BCACHEFS_SB_MAX_SIZE 0x100000 + /* fields offset within super block */ + #define BCACHEFS_SB_FIELDS_OFF offsetof(struct bcachefs_super_block, _start) + /* tag value for members field */ +@@ -302,6 +311,9 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag) + return BLKID_PROBE_NONE; + + sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs); ++ if (sb_size > BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits) ++ return BLKID_PROBE_NONE; ++ + if (sb_size > BCACHEFS_SB_MAX_SIZE) + return BLKID_PROBE_NONE; + + +commit acbf17ae8f8ee0f941fe98ed12f115f2b349bba8 +Author: Karel Zak <kzak@redhat.com> +Date: Wed Aug 23 11:53:45 2023 +0200 + + libblkid: (bcachefs) fix compiler warning [-Werror=sign-compare] + + Addresses: https://github.com/util-linux/util-linux/pull/2427 + Signed-off-by: Karel Zak <kzak@redhat.com> + (cherry picked from commit 17873d38fc97913c0a31d4bd08cfbfe45c4de5be) + +diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c +index 236877042..6ab3fe9d4 100644 +--- a/libblkid/src/superblocks/bcache.c ++++ b/libblkid/src/superblocks/bcache.c +@@ -311,7 +311,7 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag) + return BLKID_PROBE_NONE; + + sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs); +- if (sb_size > BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits) ++ if (sb_size > ((uint64_t) BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits)) + return BLKID_PROBE_NONE; + + if (sb_size > BCACHEFS_SB_MAX_SIZE) + +commit 6b9fda87c4e5d0c6f945d7565197f157b9fa3d5f +Author: Thomas Weißschuh <thomas@t-8ch.de> +Date: Wed Aug 23 11:58:33 2023 +0200 + + libblkid: (bcachefs) fix size validation + + Avoid signed shift out-of-bounds. + + Also mark the constants explitly as unsigned instead of casting. + + Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de> + (cherry picked from commit befe455f59de8c7bc66b85ed52aae8cbc95325fa) + +diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c +index 6ab3fe9d4..28ac4b52b 100644 +--- a/libblkid/src/superblocks/bcache.c ++++ b/libblkid/src/superblocks/bcache.c +@@ -142,17 +142,19 @@ struct bcachefs_super_block { + /* magic string len */ + #define BCACHE_SB_MAGIC_LEN (sizeof(BCACHE_SB_MAGIC) - 1) + /* super block offset */ +-#define BCACHE_SB_OFF 0x1000 ++#define BCACHE_SB_OFF 0x1000U + /* supper block offset in kB */ + #define BCACHE_SB_KBOFF (BCACHE_SB_OFF >> 10) + /* magic string offset within super block */ + #define BCACHE_SB_MAGIC_OFF offsetof(struct bcache_super_block, magic) + /* start of checksummed data within superblock */ +-#define BCACHE_SB_CSUMMED_START 8 ++#define BCACHE_SB_CSUMMED_START 8U + /* granularity of offset and length fields within superblock */ +-#define BCACHEFS_SECTOR_SIZE 512 ++#define BCACHEFS_SECTOR_SIZE 512U ++/* maximum superblock size shift */ ++#define BCACHEFS_SB_MAX_SIZE_SHIFT 0x10U + /* maximum superblock size */ +-#define BCACHEFS_SB_MAX_SIZE 0x100000 ++#define BCACHEFS_SB_MAX_SIZE (1U << BCACHEFS_SB_MAX_SIZE_SHIFT) + /* fields offset within super block */ + #define BCACHEFS_SB_FIELDS_OFF offsetof(struct bcachefs_super_block, _start) + /* tag value for members field */ +@@ -311,12 +313,16 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag) + return BLKID_PROBE_NONE; + + sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs); +- if (sb_size > ((uint64_t) BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits)) +- return BLKID_PROBE_NONE; + + if (sb_size > BCACHEFS_SB_MAX_SIZE) + return BLKID_PROBE_NONE; + ++ if (bcs->layout.sb_max_size_bits > BCACHEFS_SB_MAX_SIZE_SHIFT) ++ return BLKID_PROBE_NONE; ++ ++ if (sb_size > (BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits)) ++ return BLKID_PROBE_NONE; ++ + sb = blkid_probe_get_sb_buffer(pr, mag, sb_size); + if (!sb) + return BLKID_PROBE_NONE; diff --git a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix index 45c0d57cbff4..d710fabb7ace 100644 --- a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix @@ -29,6 +29,7 @@ stdenv.mkDerivation rec { patches = [ ./rtcwake-search-PATH-for-shutdown.patch + ./bcachefs-patch-set.patch ]; # We separate some of the utilities into their own outputs. This |