Merge branch 'master' into staging

There were some conflicts in python modules, commented at #28314.
author: Vladimír Čunát <vcunat@gmail.com> 2017-08-29 10:51:54 +0200
committer: Vladimír Čunát <vcunat@gmail.com> 2017-08-29 10:51:54 +0200
commit: 2858c41823db1654f123c455cca2b145b8d8737b (patch)
tree: 48518e1eb8916d1528d75823c2d1232822d059e9 /pkgs/os-specific/linux
parent: 34b6bbe021baa11a4dddf9532b331dac8d4162f2 (diff)
parent: e1f755e44faa5745ad3a8b18e18017e77dfbe67c (diff)
download: nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar
nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.gz
nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.bz2
nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.lz
nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.xz
nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.zst
nixlib-2858c41823db1654f123c455cca2b145b8d8737b.zip
17 files changed, 183 insertions, 202 deletions
diff --git a/pkgs/os-specific/linux/fbterm/default.nix b/pkgs/os-specific/linux/fbterm/default.nix
index ad3c145cd8a9..e97f911534a1 100644
--- a/pkgs/os-specific/linux/fbterm/default.nix
+++ b/pkgs/os-specific/linux/fbterm/default.nix
@@ -28,6 +28,23 @@ stdenv.mkDerivation {
     mkdir -p "$out/share/terminfo"
     tic -a -v2 -o"$out/share/terminfo" terminfo/fbterm
   '';
+
+  patches = [
+    # fixes from Arch Linux package
+    (fetchurl {
+      url = "https://raw.githubusercontent.com/glitsj16/fbterm-patched/d1fe03313be4654dd0a1c0bb5f51530732345134/gcc-6-build-fixes.patch";
+      sha256 = "1kl9fjnrri6pamjdl4jpkqxk5wxcf6jcchv5801xz8vxp4542m40";
+    })
+    (fetchurl {
+      url = "https://raw.githubusercontent.com/glitsj16/fbterm-patched/d1fe03313be4654dd0a1c0bb5f51530732345134/insertmode-fix.patch";
+      sha256 = "1bad9mqcfpqb94lpx23lsamlhplil73ahzin2xjva0gl3gr1038l";
+    })
+    (fetchurl {
+      url = "https://raw.githubusercontent.com/glitsj16/fbterm-patched/d1fe03313be4654dd0a1c0bb5f51530732345134/miscoloring-fix.patch";
+      sha256 = "1mjszji0jgs2jsagjp671fv0d1983wmxv009ff1jfhi9pbay6jd0";
+    })
+  ];
+
   meta = {
     inherit (s) version;
     description = "Framebuffer terminal emulator";
diff --git a/pkgs/os-specific/linux/ffado/build-fix.patch b/pkgs/os-specific/linux/ffado/build-fix.patch
deleted file mode 100644
index b63fd65184ad..000000000000
--- a/pkgs/os-specific/linux/ffado/build-fix.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-diff --git a/SConstruct b/SConstruct
-index ca5d5cf..76738e3 100644
---- a/SConstruct
-+++ b/SConstruct
-@@ -354,7 +354,7 @@ if conf.CheckForApp( 'which pyuic4' ) and conf.CheckForPyModule( 'dbus' ) and co
-     env['PYUIC4'] = True
-     build_mixer = True
- 
--if conf.CheckForApp( 'xdg-desktop-menu --help' ):
-+if conf.CheckForApp( 'which xdg-desktop-menu' ):
-     env['XDG_TOOLS'] = True
- else:
-     print """
-diff --git a/support/dbus/SConscript b/support/dbus/SConscript
-index 2b0f0c6..23069d8 100644
---- a/support/dbus/SConscript
-+++ b/support/dbus/SConscript
-@@ -44,6 +44,7 @@ if not env.GetOption( "clean" ):
-         env.MergeFlags( env['LIBXML26_FLAGS'] )
-     else:
-         env.PrependUnique( LIBS=["expat"] )
-+        env.MergeFlags( "-DSERIALIZE_USE_EXPAT" )
- 
- env.Xml2Cpp_Proxy('controlclient-glue.h', 'control-interface.xml')
- env.Xml2Cpp_Adaptor('controlserver-glue.h', 'control-interface.xml')
-diff --git a/support/firmware/SConscript b/support/firmware/SConscript
-index 2939cb0..307b295 100644
---- a/support/firmware/SConscript
-+++ b/support/firmware/SConscript
-@@ -36,6 +36,7 @@ if not env.GetOption( "clean" ):
-         env.MergeFlags( env['LIBXML26_FLAGS'] )
-     else:
-         env.PrependUnique( LIBS=["expat"] )
-+        env.MergeFlags( "-DSERIALIZE_USE_EXPAT" )
- 
- static_env = env.Clone()
- 
-diff --git a/support/tools/SConscript b/support/tools/SConscript
-index 651621d..01b11f4 100644
---- a/support/tools/SConscript
-+++ b/support/tools/SConscript
-@@ -36,6 +36,7 @@ if not e.GetOption( "clean" ):
-                 e.MergeFlags( env['LIBXML26_FLAGS'] )
-         else:
-                 e.PrependUnique( LIBS=["expat"] )
-+                e.MergeFlags( "-DSERIALIZE_USE_EXPAT" )
- 
- #
- # For the the ffado-diag tools
-diff --git a/tests/SConscript b/tests/SConscript
-index 307341f..4800b93 100644
---- a/tests/SConscript
-+++ b/tests/SConscript
-@@ -35,6 +35,7 @@ if not env.GetOption( "clean" ):
- 		env.MergeFlags( env['LIBXML26_FLAGS'] )
- 	else:
- 		env.PrependUnique( LIBS=["expat"] )
-+        env.MergeFlags( "-DSERIALIZE_USE_EXPAT" )
- 
- static_env = env.Clone()
- 
diff --git a/pkgs/os-specific/linux/ffado/default.nix b/pkgs/os-specific/linux/ffado/default.nix
index ff259dcfbb05..1ca503f33ecd 100644
--- a/pkgs/os-specific/linux/ffado/default.nix
+++ b/pkgs/os-specific/linux/ffado/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, scons, pkgconfig, which, makeWrapper, python
-, expat, libraw1394, libconfig, libavc1394, libiec61883
+, expat, libraw1394, libconfig, libavc1394, libiec61883, libxmlxx, glibmm
 
 # Optional dependencies
 , libjack2 ? null, dbus ? null, dbus_cplusplus ? null, alsaLib ? null
@@ -25,11 +25,11 @@ let
 in
 stdenv.mkDerivation rec {
   name = "${prefix}ffado-${version}";
-  version = "2.2.1";
+  version = "2.3.0";
 
   src = fetchurl {
     url = "http://www.ffado.org/files/libffado-${version}.tgz";
-    sha256 = "1ximic90l0av91njb123ra2zp6mg23yg5iz8xa5371cqrn79nacz";
+    sha256 = "122z8gya60nyg47i738z2yr4qcjyk2xix4kwhf5ybkmp23kcgqqq";
   };
 
   nativeBuildInputs = [ scons pkgconfig which makeWrapper python ];
@@ -38,10 +38,10 @@ stdenv.mkDerivation rec {
     expat libraw1394 libconfig libavc1394 libiec61883
   ] ++ stdenv.lib.optionals (!libOnly) [
     optLibjack2 optDbus optDbus_cplusplus optAlsaLib optPyqt4
-    optXdg_utils
+    optXdg_utils libxmlxx glibmm
   ];
 
-  patches = [ ./build-fix.patch ];
+  patches = [ ./gcc6.patch ];
 
   postPatch = ''
     # SConstruct checks cpuinfo and an objdump of /bin/mount to determine the appropriate arch
@@ -57,6 +57,10 @@ stdenv.mkDerivation rec {
       src/libutil/serialize_expat.cpp
   '';
 
+  preConfigure = ''
+    export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE $(pkg-config --cflags libxml++-2.6)"
+  '';
+
   # TODO fix ffado-diag, it doesn't seem to use PYPKGDIR
   buildPhase = ''
     export PYDIR=$out/lib/${python.libPrefix}/site-packages
diff --git a/pkgs/os-specific/linux/ffado/gcc6.patch b/pkgs/os-specific/linux/ffado/gcc6.patch
new file mode 100644
index 000000000000..f9cad9c88abd
--- /dev/null
+++ b/pkgs/os-specific/linux/ffado/gcc6.patch
@@ -0,0 +1,19 @@
+Author: Adrian Knoth <adi@drcomp.erfurt.thur.de>
+Forwarded: Yes
+Applied-Upstream: 2.3.1
+Last-Update: 2016-08-11
+Description: Fix FTBFS with gcc6
+
+Index: b/src/ffadotypes.h
+===================================================================
+--- a/src/ffadotypes.h
++++ b/src/ffadotypes.h
+@@ -51,6 +51,8 @@ struct ffado_handle {
+ };
+ 
+ 
++#include <cmath>
++#include <algorithm>
+ #include <vector>
+ #include <string>
+ 
diff --git a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix
index 123a7d9395da..bb714f60c2df 100644
--- a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix
+++ b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "raspberrypi-firmware-${version}";
-  version = "1.20170515";
+  version = "1.20170811";
 
   src = fetchFromGitHub {
     owner = "raspberrypi";
     repo = "firmware";
     rev = version;
-    sha256 = "0liy0p69p9yr5cqgrfc23d3n243xkrx889gc8yqd9m2jpns4s361";
+    sha256 = "1lrbbslpwjgvrn7hk3l104gkl07qxh7qd4cdyqccqhqzip9wqhkn";
   };
 
   dontStrip = true;    # Stripping breaks some of the binaries
diff --git a/pkgs/os-specific/linux/kernel/linux-4.12.nix b/pkgs/os-specific/linux/kernel/linux-4.12.nix
index c223584c92d5..df64bffe80b1 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.12.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.12.nix
@@ -1,12 +1,12 @@
 { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.12.8";
+  version = "4.12.9";
   extraMeta.branch = "4.12";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0z4viglsqk9mv3hp6svwihncpxdgxdkzap74say1cqlbm1dqrdyi";
+    sha256 = "1734l7h9rc8y0gr68ir6j99nf480y56b5i5xb40vkywxbhbkj139";
   };
 
   kernelPatches = args.kernelPatches;
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index 0c5a82c02902..393ae9d63ad1 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,12 +1,12 @@
 { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.9.44";
+  version = "4.9.45";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "18z3ijxdb6gmk6n37016233hq15bf9wkfqrkw67xlhyqa1hki9j4";
+    sha256 = "0vb62np19i88nslb24ydwnlhkb4018d247ha4xmn0ncsqy6x3rb6";
   };
 
   kernelPatches = args.kernelPatches;
diff --git a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
index 9e0c55fed6ed..0edc17a6274b 100644
--- a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
+++ b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
@@ -1,9 +1,9 @@
 { stdenv, hostPlatform, fetchFromGitHub, perl, buildLinux, ... } @ args:
 
 let
-  version = "4.12.8";
+  version = "4.12.9";
   revision = "a";
-  sha256 = "03ldbgs4w70q756bl5gsxr2z428njnlslh6293y34r54gz5li9a3";
+  sha256 = "0bdhzh483l9g6c7n263f4wxx5klfciswzkmd5p6jlf9wqx72km33";
 in
 
 import ./generic.nix (args // {
diff --git a/pkgs/os-specific/linux/kernel/linux-rpi.nix b/pkgs/os-specific/linux/kernel/linux-rpi.nix
index f1fabad24fb0..4985e40f51d6 100644
--- a/pkgs/os-specific/linux/kernel/linux-rpi.nix
+++ b/pkgs/os-specific/linux/kernel/linux-rpi.nix
@@ -1,8 +1,8 @@
 { stdenv, hostPlatform, fetchFromGitHub, perl, buildLinux, ... } @ args:
 
 let
-  modDirVersion = "4.9.28";
-  tag = "1.20170515";
+  modDirVersion = "4.9.41";
+  tag = "1.20170811";
 in
 stdenv.lib.overrideDerivation (import ./generic.nix (args // rec {
   version = "${modDirVersion}-${tag}";
@@ -12,7 +12,7 @@ stdenv.lib.overrideDerivation (import ./generic.nix (args // rec {
     owner = "raspberrypi";
     repo = "linux";
     rev = "raspberrypi-kernel_${tag}-1";
-    sha256 = "19cjvns6zs53l319k3a2angffr93dh2j9g0022ww6rmi6niq4fkf";
+    sha256 = "1ly0x7a43zvig0fv7lc6rpq49pcdb7i9sdb78p4gi5485zap40kb";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix
index 5bbee02b9aaf..6778e11710fe 100644
--- a/pkgs/os-specific/linux/kernel/linux-testing.nix
+++ b/pkgs/os-specific/linux/kernel/linux-testing.nix
@@ -1,13 +1,13 @@
 { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.13-rc6";
-  modDirVersion = "4.13.0-rc6";
+  version = "4.13-rc7";
+  modDirVersion = "4.13.0-rc7";
   extraMeta.branch = "4.13";
 
   src = fetchurl {
     url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz";
-    sha256 = "06jdbgihdjmq84d7km43f3w6d3hwmbnv3sgzip3nhx77l14cp7f2";
+    sha256 = "1xkfxsvdhd0xcfjcr78222sa58i02z2ca9fv804jbyp7w9g628rm";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/ply/default.nix b/pkgs/os-specific/linux/ply/default.nix
index a9c84516ef84..8ae731892768 100644
--- a/pkgs/os-specific/linux/ply/default.nix
+++ b/pkgs/os-specific/linux/ply/default.nix
@@ -16,9 +16,17 @@ in stdenv.mkDerivation {
   };
 
   preAutoreconf = ''
-    # ply wants to install header fails to its build directory
-    # use 7z to handle multiple archive formats transparently
-    7z x ${kernel.src} -so | 7z x -aoa -si -ttar
+    # If kernel sources are a folder (i.e. fetched from git), we just copy them in
+    # Since they are owned by uid 0 and read-only, we need to fix permissions
+    if [ -d ${kernel.src} ]; then
+      cp -r ${kernel.src} linux-${kernel.version}
+      chown -R $(whoami): linux-${kernel.version}
+      chmod -R a+w linux-${kernel.version}
+    else
+      # ply wants to install header files to its build directory
+      # use 7z to handle multiple archive formats transparently
+      7z x ${kernel.src} -so | 7z x -aoa -si -ttar
+    fi
 
     configureFlagsArray+=(--with-kerneldir=$(echo $(pwd)/linux-*))
     ./autogen.sh --prefix=$out
diff --git a/pkgs/os-specific/linux/upstart/check-config.nix b/pkgs/os-specific/linux/upstart/check-config.nix
deleted file mode 100644
index 5803b4ed8339..000000000000
--- a/pkgs/os-specific/linux/upstart/check-config.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-# Useful tool to check syntax of a config file. Upstart needs a dbus
-# session, so this script wraps one up and makes the operation not
-# require any prior state.
-#
-# See: http://mwhiteley.com/scripts/2012/12/11/dbus-init-checkconf.html
-{stdenv, coreutils, upstart, writeScript, dbus}:
-
-writeScript "upstart-check-config" ''
-  #!${stdenv.shell}
-
-  set -o errexit
-  set -o nounset
-
-  export PATH=${stdenv.lib.makeBinPath [dbus.out upstart coreutils]}:$PATH
-
-  if [[ $# -ne 1 ]]
-  then
-    echo "Usage: $0 upstart-conf-file" >&2
-    exit 1
-  fi
-  config=$1 && shift
-
-  dbus_pid_file=$(mktemp)
-  exec 4<> $dbus_pid_file
-
-  dbus_add_file=$(mktemp)
-  exec 6<> $dbus_add_file
-
-  dbus-daemon --fork --print-pid 4 --print-address 6 --session
-
-  function clean {
-    dbus_pid=$(cat $dbus_pid_file)
-    if [[ -n $dbus_pid ]]; then
-      kill $dbus_pid
-    fi
-    rm -f $dbus_pid_file $dbus_add_file
-  }
-  trap "{ clean; }" EXIT
-
-  export DBUS_SESSION_BUS_ADDRESS=$(cat $dbus_add_file)
-
-  init-checkconf $config
-''
diff --git a/pkgs/os-specific/linux/upstart/default.nix b/pkgs/os-specific/linux/upstart/default.nix
deleted file mode 100644
index 76ce2637cede..000000000000
--- a/pkgs/os-specific/linux/upstart/default.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ stdenv, fetchurl, pkgconfig, dbus, libnih, python, makeWrapper, utillinux
-, writeScript }:
-
-let
-  inherit (stdenv.lib) makeBinPath;
-  version = "1.5";
-
-  upstart = stdenv.mkDerivation rec {
-  name = "upstart-${version}";
-
-  src = fetchurl {
-    url = "http://upstart.ubuntu.com/download/${version}/${name}.tar.gz";
-    sha256 = "01w4ab6nlisz5blb0an1sxjkndwikr7sjp0cmz4lg00g3n7gahmx";
-  };
-
-  buildInputs = [ pkgconfig dbus libnih python makeWrapper];
-
-  NIX_CFLAGS_COMPILE =
-    ''
-      -DSHELL="${stdenv.shell}"
-      -DCONFFILE="/etc/init.conf"
-      -DCONFDIR="/etc/init"
-      -DPATH="/no-path"
-    '';
-
-  # The interface version prevents NixOS from switching to an
-  # incompatible Upstart at runtime.  (Switching across reboots is
-  # fine, of course.)  It should be increased whenever Upstart changes
-  # in a backwards-incompatible way.  If the interface version of two
-  # Upstart builds is the same, then we can switch between them at
-  # runtime; otherwise we can't and we need to reboot.
-  passthru.interfaceVersion = 2;
-
-  postInstall =
-    ''
-      t=$out/etc/bash_completion.d
-      mkdir -p $t
-      cp ${./upstart-bash-completion} $t/upstart
-
-      # Patch some binaries to refer to the correct binary location.
-      sed -i "s,/sbin/init,$out/bin/init,g" $out/bin/init-checkconf
-      sed -i "s,initctl,$out/bin/initctl," $out/bin/initctl2dot
-
-      # Add some missing executable permissions, and wrap binaries.
-      chmod +x $out/bin/init-checkconf $out/bin/init-checkconf
-      wrapProgram $out/bin/init-checkconf \
-        --prefix PATH : $out/bin:${makeBinPath [utillinux dbus]}
-      wrapProgram $out/bin/initctl2dot --prefix PATH : $out/bin
-    '';
-
-  meta = {
-    homepage = http://upstart.ubuntu.com/;
-    description = "An event-based replacement for the /sbin/init daemon";
-    platforms = stdenv.lib.platforms.linux;
-  };
-};
-
-in upstart
diff --git a/pkgs/os-specific/linux/upstart/upstart-bash-completion b/pkgs/os-specific/linux/upstart/upstart-bash-completion
deleted file mode 100644
index f47d38c90ad2..000000000000
--- a/pkgs/os-specific/linux/upstart/upstart-bash-completion
+++ /dev/null
@@ -1,18 +0,0 @@
-_upstart_comp_list(){
-  COMPREPLY=()
-  cur=${COMP_WORDS[COMP_CWORD]}
-  if [ $COMP_CWORD -eq 1 ]; then
-      COMPREPLY=( $(compgen -o filenames -W "$@" $cur) )
-  fi
-}
-
-_upstart_complete() { _upstart_comp_list "$(initctl list 2>&1 | grep -E "$1" | cut -f2 -d ' ')"; }
-
-_waiting(){ _upstart_complete "(waiting|instance)"; }
-_running(){ _upstart_complete "(running|instance)"; }
-_jobs(){ _upstart_comp_list "$(ls -1 /etc/event.d 2> /dev/null)"; }
-
-complete -F _jobs status
-complete -F _waiting start
-complete -F _running stop
-complete -F _running restart
diff --git a/pkgs/os-specific/linux/usbguard/daemon_read_only_config.patch b/pkgs/os-specific/linux/usbguard/daemon_read_only_config.patch
new file mode 100644
index 000000000000..eb4d5df698ac
--- /dev/null
+++ b/pkgs/os-specific/linux/usbguard/daemon_read_only_config.patch
@@ -0,0 +1,13 @@
+diff --git a/src/Library/ConfigFilePrivate.cpp b/src/Library/ConfigFilePrivate.cpp
+index 8aefa65..40914f7 100644
+--- a/src/Library/ConfigFilePrivate.cpp
++++ b/src/Library/ConfigFilePrivate.cpp
+@@ -51,7 +51,7 @@ namespace usbguard
+ 
+   void ConfigFilePrivate::open(const std::string& path)
+   {
+-    _stream.open(path, std::ios::in|std::ios::out);
++    _stream.open(path, std::ios::in);
+     if (!_stream.is_open()) {
+       throw std::runtime_error("Can't open " + path);
+     }
diff --git a/pkgs/os-specific/linux/usbguard/default.nix b/pkgs/os-specific/linux/usbguard/default.nix
new file mode 100644
index 000000000000..b88d96e02a44
--- /dev/null
+++ b/pkgs/os-specific/linux/usbguard/default.nix
@@ -0,0 +1,68 @@
+{
+  stdenv, fetchurl, lib,
+  libxslt, pandoc, pkgconfig,
+  dbus_glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg,
+  libgcrypt ? null,
+  libsodium ? null
+}:
+
+with stdenv.lib;
+
+assert libgcrypt != null -> libsodium == null;
+
+stdenv.mkDerivation rec {
+  version = "0.7.0";
+  name = "usbguard-${version}";
+
+  repo = "https://github.com/dkopecek/usbguard";
+
+  src = fetchurl {
+    url = "${repo}/releases/download/${name}/${name}.tar.gz";
+    sha256 = "1e1485a2b47ba3bde9de2851b371d2552a807047a21e0b81553cf80d7f722709";
+  };
+
+  patches = [
+    ./daemon_read_only_config.patch
+    ./documentation.patch
+  ];
+
+  nativeBuildInputs = [
+    libxslt
+    pandoc # for rendering documentation
+    pkgconfig
+  ];
+
+  buildInputs = [
+    dbus_glib
+    libcap_ng
+    libqb
+    libseccomp
+    polkit
+    protobuf
+
+    qtbase
+    qtsvg
+    qttools
+  ]
+  ++ (lib.optional (libgcrypt != null) libgcrypt)
+  ++ (lib.optional (libsodium != null) libsodium);
+
+  configureFlags = [
+    "--with-bundled-catch"
+    "--with-bundled-pegtl"
+    "--with-dbus"
+    "--with-gui-qt=qt5"
+    "--with-polkit"
+  ]
+  ++ (lib.optional (libgcrypt != null) "--with-crypto-library=gcrypt")
+  ++ (lib.optional (libsodium != null) "--with-crypto-library=sodium");
+
+  enableParallelBuilding = true;
+
+  meta = {
+    description = "The USBGuard software framework helps to protect your computer against BadUSB.";
+    homepage = "https://dkopecek.github.io/usbguard/";
+    license = licenses.gpl2;
+    maintainers = [ maintainers.tnias ];
+  };
+}
diff --git a/pkgs/os-specific/linux/usbguard/documentation.patch b/pkgs/os-specific/linux/usbguard/documentation.patch
new file mode 100644
index 000000000000..89de627131f5
--- /dev/null
+++ b/pkgs/os-specific/linux/usbguard/documentation.patch
@@ -0,0 +1,32 @@
+diff --git a/doc/usbguard-daemon.conf.5.md b/doc/usbguard-daemon.conf.5.md
+index ea86ad1..63aec70 100644
+--- a/doc/usbguard-daemon.conf.5.md
++++ b/doc/usbguard-daemon.conf.5.md
+@@ -30,21 +30,21 @@ The **usbguard-daemon.conf** file is loaded by the USBGuard daemon after it pars
+ **RestoreControllerDeviceState**=<*boolean*>
+ :   The USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances. Using this setting, you can control whether the daemon will try to restore the attribute values to the state before modification on shutdown.
+ 
++**DeviceManagerBackend**=<*backend*>
++:   Which device manager backend implementation to use. Backend should be one of `uevent` (default) or `dummy`.
++
+ **IPCAllowedUsers**=<*username*> [<*username*> ...]
+ :   A space delimited list of usernames that the daemon will accept IPC connections from.
+ 
+ **IPCAllowedGroups**=<*groupname*> [<*groupname*> ...]
+ :   A space delimited list of groupnames that the daemon will accept IPC connections from.
+ 
+-**IPCAccessControlFiles**=<*path*>
+-:   Path to a directory holding the IPC access control files.
+-
+-**DeviceManagerBackend**=<*backend*>
+-:   Which device manager backend implementation to use. Backend should be one of `uevent` (default) or `dummy`.
+-
+ **IPCAccessControlFiles**=<*path*>
+ :   The files at this location will be interpreted by the daemon as IPC access control definition files. See the **IPC ACCESS CONTROL** section for more details.
+ 
++**DeviceRulesWithPort**=<*boolean*>
++:   Generate device specific rules including the "via-port" attribute.
++
+ **AuditFilePath**=<*filepath*>
+ :   USBGuard audit events log file path.
+
author	Vladimír Čunát <vcunat@gmail.com>	2017-08-29 10:51:54 +0200
committer	Vladimír Čunát <vcunat@gmail.com>	2017-08-29 10:51:54 +0200
commit	2858c41823db1654f123c455cca2b145b8d8737b (patch)
tree	48518e1eb8916d1528d75823c2d1232822d059e9 /pkgs/os-specific/linux
parent	34b6bbe021baa11a4dddf9532b331dac8d4162f2 (diff)
parent	e1f755e44faa5745ad3a8b18e18017e77dfbe67c (diff)
download	nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.gz nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.bz2 nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.lz nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.xz nixlib-2858c41823db1654f123c455cca2b145b8d8737b.tar.zst nixlib-2858c41823db1654f123c455cca2b145b8d8737b.zip