Merge remote-tracking branch 'upstream/master' into HEAD

11 files changed, 262 insertions, 151 deletions

diff --git a/pkgs/os-specific/darwin/apple-sdk/frameworks.nix b/pkgs/os-specific/darwin/apple-sdk/frameworks.nix
index 5475b6641707..7b930e86a39f 100644
--- a/pkgs/os-specific/darwin/apple-sdk/frameworks.nix
+++ b/pkgs/os-specific/darwin/apple-sdk/frameworks.nix
@@ -46,7 +46,8 @@ with frameworks; with libs; {
   ExceptionHandling       = [];
   FWAUserLib              = [];
   ForceFeedback           = [ CF IOKit ];
-  Foundation              = [ CF libobjc Security ApplicationServices SystemConfiguration ];
+  # cf-private was moved first in list because of https://github.com/NixOS/nixpkgs/pull/28635
+  Foundation              = [ cf-private CF libobjc Security ApplicationServices SystemConfiguration ];
   GLKit                   = [ CF ];
   GLUT                    = [ OpenGL ];
   GSS                     = [];
diff --git a/pkgs/os-specific/darwin/duti/default.nix b/pkgs/os-specific/darwin/duti/default.nix
new file mode 100644
index 000000000000..10eac5d47191
--- /dev/null
+++ b/pkgs/os-specific/darwin/duti/default.nix
@@ -0,0 +1,30 @@
+{stdenv, lib, fetchFromGitHub, autoreconfHook, darwin}:
+
+stdenv.mkDerivation rec {
+  pname = "duti";
+  name = "${pname}-${version}";
+  version = "1.5.4pre";
+  src = fetchFromGitHub {
+    owner = "moretension";
+    repo = pname;
+    rev = "7dbcae86f99fedef5a6c4311f032a0f1ca0539cc";
+    sha256 = "1z9sa0yk87vs57d5338y6lvm1v1vvynxb7dy1x5aqzkcr0imhljl";
+  };
+  nativeBuildInputs = [autoreconfHook];
+  buildInputs = [darwin.apple_sdk.frameworks.ApplicationServices];
+  configureFlags = ["--with-macosx-sdk=/homeless-shelter"];
+  meta = with lib; {
+    description = "A command-line tool to select default applications for document types and URL schemes on Mac OS X";
+    longDescription = ''
+      duti is a command-line utility capable of setting default applications for
+      various document types on Mac OS X, using Apple's Uniform Type Identifiers. A
+      UTI is a unique string describing the format of a file's content. For instance,
+      a Microsoft Word document has a UTI of com.microsoft.word.doc. Using duti, the
+      user can change which application acts as the default handler for a given UTI.
+    '';
+    maintainers = with maintainers; [matthewbauer];
+    platforms = platforms.darwin;
+    licenses = licenses.publicDomain;
+    homepage = "http://duti.org/";
+  };
+}
diff --git a/pkgs/os-specific/linux/evdi/default.nix b/pkgs/os-specific/linux/evdi/default.nix
index 9cfcb55ce137..11d0a461da09 100644
--- a/pkgs/os-specific/linux/evdi/default.nix
+++ b/pkgs/os-specific/linux/evdi/default.nix
@@ -27,6 +27,6 @@ stdenv.mkDerivation rec {
     platforms = platforms.linux;
     license = licenses.gpl2;
     homepage = http://www.displaylink.com/;
-    broken = versionOlder kernel.version "4.9";
+    broken = versionOlder kernel.version "4.9" || !stdenv.lib.versionOlder kernel.version "4.13";
   };
 }
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 5711779eb869..7f1fb98789d9 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -68,6 +68,10 @@ DEBUG_SG y
 SCHED_STACK_END_CHECK y
 BUG_ON_DATA_CORRUPTION y
 
+${optionalString (versionAtLeast version "4.13") ''
+  REFCOUNT_FULL y
+''}
+
 # Perform usercopy bounds checking.
 HARDENED_USERCOPY y
 
@@ -89,6 +93,11 @@ ${optionalString (versionAtLeast version "4.11") ''
   GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
 ''}
 
+${optionalString (versionAtLeast version "4.13") ''
+  GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
+  GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
+''}
+
 # Disable various dangerous settings
 ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory
 PROC_KCORE n # Exposes kernel text image layout
@@ -97,4 +106,9 @@ INET_DIAG n # Has been used for heap based attacks in the past
 # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
 CC_STACKPROTECTOR_REGULAR n
 CC_STACKPROTECTOR_STRONG y
+
+# Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE
+${optionalString (versionAtLeast version "4.13") ''
+  FORTIFY_SOURCE y
+''}
 ''
diff --git a/pkgs/os-specific/linux/kernel/linux-4.12.nix b/pkgs/os-specific/linux/kernel/linux-4.12.nix
index c35b9e3e02ce..876bbff119fe 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.12.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.12.nix
@@ -1,12 +1,12 @@
 { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.12.12";
+  version = "4.12.13";
   extraMeta.branch = "4.12";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1d254yxn46ydp0x3s5cpyg4p74zvdwiqfiaaim1m3g6rwjmlkjpa";
+    sha256 = "18sxw7mw4fya7381mkah70s3di6b8xxfigjhrhb7zcczrffb4vl9";
   };
 
   kernelPatches = args.kernelPatches;
diff --git a/pkgs/os-specific/linux/kernel/linux-4.13.nix b/pkgs/os-specific/linux/kernel/linux-4.13.nix
index 29f0a05558cf..fb53a278bd14 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.13.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.13.nix
@@ -1,12 +1,12 @@
 { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.13.1";
+  version = "4.13.2";
   extraMeta.branch = "4.13";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1kp1lsf4314af7crpqkd2x1zx407a97r7rz3zhhskbilvsifgkny";
+    sha256 = "1lgwgw9yp5ywbylnmahsmqzs98yfq53mvvqqdgp7ljiqg8bxqjh6";
   };
 
   kernelPatches = args.kernelPatches;
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index 309286b662fc..7e959241b9c2 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,12 +1,12 @@
 { stdenv, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.9.49";
+  version = "4.9.50";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1ywiww2h1gf3ps305irzk7n9xkcgg9bclr2jw6r5cqxmh3qxrv2p";
+    sha256 = "0dhm5w7qa1hyqp254r41b4nhf10a8w7sv1mhd16f61inpb41829c";
   };
 
   kernelPatches = args.kernelPatches;
diff --git a/pkgs/os-specific/linux/netatop/default.nix b/pkgs/os-specific/linux/netatop/default.nix
index 5177ea45e7ab..0498f5cf37e2 100644
--- a/pkgs/os-specific/linux/netatop/default.nix
+++ b/pkgs/os-specific/linux/netatop/default.nix
@@ -38,5 +38,6 @@ stdenv.mkDerivation {
     license = stdenv.lib.licenses.gpl2;
     platforms = stdenv.lib.platforms.linux;
     maintainers = with stdenv.lib.maintainers; [viric];
+    broken = !stdenv.lib.versionOlder kernel.version "4.13";
   };
 }
diff --git a/pkgs/os-specific/linux/sch_cake/default.nix b/pkgs/os-specific/linux/sch_cake/default.nix
index 1522f277fed7..68fc8a6e0170 100644
--- a/pkgs/os-specific/linux/sch_cake/default.nix
+++ b/pkgs/os-specific/linux/sch_cake/default.nix
@@ -30,5 +30,6 @@ stdenv.mkDerivation {
     license = with licenses; [ bsd3 gpl2 ];
     maintainers = with maintainers; [ fpletz ];
     platforms = platforms.linux;
+    broken = !stdenv.lib.versionOlder kernel.version "4.13";
   };
 }
diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix
index 227b67e44863..2d8ee2719da9 100644
--- a/pkgs/os-specific/linux/spl/default.nix
+++ b/pkgs/os-specific/linux/spl/default.nix
@@ -10,53 +10,66 @@ with stdenv.lib;
 let
   buildKernel = any (n: n == configFile) [ "kernel" "all" ];
   buildUser = any (n: n == configFile) [ "user" "all" ];
-in
-  assert any (n: n == configFile) [ "kernel" "user" "all" ];
-  assert buildKernel -> kernel != null;
-stdenv.mkDerivation rec {
-  name = "spl-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
-  version = "0.7.1";
-
-  src = fetchFromGitHub {
-    owner = "zfsonlinux";
-    repo = "spl";
-    rev = "spl-${version}";
-    sha256 = "0m8qhbdd8n40lbd91s30q4lrw8g169sha0410c8rwk2d5qfaxv9n";
-  };
+  common = { version
+    , sha256
+    , rev ? "spl-${version}"
+    } @ args : stdenv.mkDerivation rec {
+      name = "spl-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
+
+      src = fetchFromGitHub {
+        owner = "zfsonlinux";
+        repo = "spl";
+        inherit rev sha256;
+      };
 
-  patches = [ ./const.patch ./install_prefix.patch ];
+      patches = [ ./const.patch ./install_prefix.patch ];
 
-  nativeBuildInputs = [ autoreconfHook ];
+      nativeBuildInputs = [ autoreconfHook ];
 
-  hardeningDisable = [ "pic" ];
+      hardeningDisable = [ "pic" ];
 
-  preConfigure = ''
-    substituteInPlace ./module/spl/spl-generic.c --replace /usr/bin/hostid hostid
-    substituteInPlace ./module/spl/spl-generic.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:${gawk}:/bin"
-    substituteInPlace ./module/splat/splat-vnode.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin"
-    substituteInPlace ./module/splat/splat-linux.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin"
-  '';
+      preConfigure = ''
+        substituteInPlace ./module/spl/spl-generic.c --replace /usr/bin/hostid hostid
+        substituteInPlace ./module/spl/spl-generic.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:${gawk}:/bin"
+        substituteInPlace ./module/splat/splat-vnode.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin"
+        substituteInPlace ./module/splat/splat-linux.c --replace "PATH=/sbin:/usr/sbin:/bin:/usr/bin" "PATH=${coreutils}:/bin"
+      '';
 
-  configureFlags = [
-    "--with-config=${configFile}"
-  ] ++ optionals buildKernel [
-    "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
-    "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
-  ];
+      configureFlags = [
+        "--with-config=${configFile}"
+      ] ++ optionals buildKernel [
+        "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
+        "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+      ];
 
-  enableParallelBuilding = true;
+      enableParallelBuilding = true;
 
-  meta = {
-    description = "Kernel module driver for solaris porting layer (needed by in-kernel zfs)";
+      meta = {
+        description = "Kernel module driver for solaris porting layer (needed by in-kernel zfs)";
 
-    longDescription = ''
-      This kernel module is a porting layer for ZFS to work inside the linux
-      kernel.
-    '';
+        longDescription = ''
+          This kernel module is a porting layer for ZFS to work inside the linux
+          kernel.
+        '';
 
-    homepage = http://zfsonlinux.org/;
-    platforms = platforms.linux;
-    license = licenses.gpl2Plus;
-    maintainers = with maintainers; [ jcumming wizeman wkennington fpletz globin ];
+        homepage = http://zfsonlinux.org/;
+        platforms = platforms.linux;
+        license = licenses.gpl2Plus;
+        maintainers = with maintainers; [ jcumming wizeman wkennington fpletz globin ];
+      };
   };
+in
+  assert any (n: n == configFile) [ "kernel" "user" "all" ];
+  assert buildKernel -> kernel != null;
+{
+    splStable = common {
+      version = "0.7.1";
+      sha256 = "0m8qhbdd8n40lbd91s30q4lrw8g169sha0410c8rwk2d5qfaxv9n";
+    };
+
+    splUnstable = common {
+      version = "2017-08-11";
+      rev = "9df9692637aeee416f509c7f39655beb2d35b549";
+      sha256 = "1dggf6xqgk2f7vccv6cgvr8krj7h9f921szp1j2qbxnnq41m37mi";
+    };
 }
diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix
index 48389a758b71..c3af49e08f20 100644
--- a/pkgs/os-specific/linux/zfs/default.nix
+++ b/pkgs/os-specific/linux/zfs/default.nix
@@ -13,112 +13,163 @@ let
   buildKernel = any (n: n == configFile) [ "kernel" "all" ];
   buildUser = any (n: n == configFile) [ "user" "all" ];
 
-in stdenv.mkDerivation rec {
-  name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
-  version = "0.7.1";
-
-  src = fetchFromGitHub {
-    owner = "zfsonlinux";
-    repo = "zfs";
-    rev = "zfs-${version}";
+  common = { version
+    , sha256
+    , extraPatches
+    , spl
+    , rev ? "zfs-${version}"
+    , isUnstable ? false
+    , incompatibleKernelVersion ? null } @ args:
+    if buildKernel &&
+      (incompatibleKernelVersion != null) &&
+        versionAtLeast kernel.version incompatibleKernelVersion then
+       throw ''
+         Linux v${kernel.version} is not yet supported by zfsonlinux v${version}.
+         ${stdenv.lib.optional (!isUnstable) "Try zfsUnstable or set the NixOS option boot.zfs.enableUnstable."}
+       ''
+    else stdenv.mkDerivation rec {
+      name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
+
+      src = fetchFromGitHub {
+        owner = "zfsonlinux";
+        repo = "zfs";
+        inherit rev sha256;
+      };
+
+      patches = extraPatches;
+
+      buildInputs = [ autoreconfHook nukeReferences ]
+        ++ optionals buildKernel [ spl ]
+        ++ optionals buildUser [ zlib libuuid python attr ];
+
+      # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
+      NIX_CFLAGS_LINK = "-lgcc_s";
+
+      hardeningDisable = [ "pic" ];
+
+      preConfigure = ''
+        substituteInPlace ./module/zfs/zfs_ctldir.c   --replace "umount -t zfs"           "${utillinux}/bin/umount -t zfs"
+        substituteInPlace ./module/zfs/zfs_ctldir.c   --replace "mount -t zfs"            "${utillinux}/bin/mount -t zfs"
+        substituteInPlace ./lib/libzfs/libzfs_mount.c --replace "/bin/umount"             "${utillinux}/bin/umount"
+        substituteInPlace ./lib/libzfs/libzfs_mount.c --replace "/bin/mount"              "${utillinux}/bin/mount"
+        substituteInPlace ./cmd/ztest/ztest.c         --replace "/usr/sbin/ztest"         "$out/sbin/ztest"
+        substituteInPlace ./cmd/ztest/ztest.c         --replace "/usr/sbin/zdb"           "$out/sbin/zdb"
+        substituteInPlace ./config/user-systemd.m4    --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
+        substituteInPlace ./config/zfs-build.m4       --replace "\$sysconfdir/init.d"     "$out/etc/init.d"
+        substituteInPlace ./etc/zfs/Makefile.am       --replace "\$(sysconfdir)"          "$out/etc"
+        substituteInPlace ./cmd/zed/Makefile.am       --replace "\$(sysconfdir)"          "$out/etc"
+        substituteInPlace ./module/Makefile.in        --replace "/bin/cp"                 "cp"
+        substituteInPlace ./etc/systemd/system/zfs-share.service.in \
+          --replace "@bindir@/rm " "${coreutils}/bin/rm "
+
+        for f in ./udev/rules.d/*
+        do
+          substituteInPlace "$f" --replace "/lib/udev/vdev_id" "$out/lib/udev/vdev_id"
+        done
+
+        ./autogen.sh
+      '';
+
+      configureFlags = [
+        "--with-config=${configFile}"
+        ] ++ optionals buildUser [
+        "--with-dracutdir=$(out)/lib/dracut"
+        "--with-udevdir=$(out)/lib/udev"
+        "--with-systemdunitdir=$(out)/etc/systemd/system"
+        "--with-systemdpresetdir=$(out)/etc/systemd/system-preset"
+        "--with-mounthelperdir=$(out)/bin"
+        "--sysconfdir=/etc"
+        "--localstatedir=/var"
+        "--enable-systemd"
+        ] ++ optionals buildKernel [
+        "--with-spl=${spl}/libexec/spl"
+        "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
+        "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+      ];
+
+      enableParallelBuilding = true;
+
+      installFlags = [
+        "sysconfdir=\${out}/etc"
+        "DEFAULT_INITCONF_DIR=\${out}/default"
+      ];
+
+      postInstall = ''
+        # Prevent kernel modules from depending on the Linux -dev output.
+        nuke-refs $(find $out -name "*.ko")
+      '' + optionalString buildUser ''
+        # Remove provided services as they are buggy
+        rm $out/etc/systemd/system/zfs-import-*.service
+
+        sed -i '/zfs-import-scan.service/d' $out/etc/systemd/system/*
+
+        for i in $out/etc/systemd/system/*; do
+        substituteInPlace $i --replace "zfs-import-cache.service" "zfs-import.target"
+        done
+
+        # Fix pkgconfig.
+        ln -s ../share/pkgconfig $out/lib/pkgconfig
+
+        # Remove tests because they add a runtime dependency on gcc
+        rm -rf $out/share/zfs/zfs-tests
+      '';
+
+      outputs = [ "out" ] ++ optionals buildUser [ "lib" "dev" ];
+
+      meta = {
+        description = "ZFS Filesystem Linux Kernel module";
+        longDescription = ''
+          ZFS is a filesystem that combines a logical volume manager with a
+          Copy-On-Write filesystem with data integrity detection and repair,
+          snapshotting, cloning, block devices, deduplication, and more.
+        '';
+        home = http://zfsonlinux.org/;
+        license = licenses.cddl;
+        platforms = platforms.linux;
+        maintainers = with maintainers; [ jcumming wizeman wkennington fpletz globin ];
+      };
+    };
+in {
+  # also check if kernel version constraints in
+  # ./nixos/modules/tasks/filesystems/zfs.nix needs
+  # to be adapted
+  zfsStable = common {
+    # comment/uncomment if breaking kernel versions are known
+    incompatibleKernelVersion = null;
+
+    # this package should point to the latest release.
+    version = "0.7.1";
+
     sha256 = "0czal6lpl8igrhwmqh5jcgx07rlcgnrfg6ywzf681vsyh3gaxj9n";
+
+    extraPatches = [
+      (fetchpatch {
+        url = "https://github.com/Mic92/zfs/compare/zfs-0.7.0-rc3...nixos-zfs-0.7.0-rc3.patch";
+        sha256 = "1vlw98v8xvi8qapzl1jwm69qmfslwnbg3ry1lmacndaxnyckkvhh";
+      })
+    ];
+
+    inherit spl;
   };
 
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/Mic92/zfs/compare/zfs-0.7.0-rc3...nixos-zfs-0.7.0-rc3.patch";
-      sha256 = "1vlw98v8xvi8qapzl1jwm69qmfslwnbg3ry1lmacndaxnyckkvhh";
-    })
-  ];
-
-  buildInputs = [ autoreconfHook nukeReferences ]
-  ++ optionals buildKernel [ spl ]
-  ++ optionals buildUser [ zlib libuuid python attr ];
-
-  # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
-  NIX_CFLAGS_LINK = "-lgcc_s";
-
-  hardeningDisable = [ "pic" ];
-
-  preConfigure = ''
-    substituteInPlace ./module/zfs/zfs_ctldir.c   --replace "umount -t zfs"           "${utillinux}/bin/umount -t zfs"
-    substituteInPlace ./module/zfs/zfs_ctldir.c   --replace "mount -t zfs"            "${utillinux}/bin/mount -t zfs"
-    substituteInPlace ./lib/libzfs/libzfs_mount.c --replace "/bin/umount"             "${utillinux}/bin/umount"
-    substituteInPlace ./lib/libzfs/libzfs_mount.c --replace "/bin/mount"              "${utillinux}/bin/mount"
-    substituteInPlace ./cmd/ztest/ztest.c         --replace "/usr/sbin/ztest"         "$out/sbin/ztest"
-    substituteInPlace ./cmd/ztest/ztest.c         --replace "/usr/sbin/zdb"           "$out/sbin/zdb"
-    substituteInPlace ./config/user-systemd.m4    --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
-    substituteInPlace ./config/zfs-build.m4       --replace "\$sysconfdir/init.d"     "$out/etc/init.d"
-    substituteInPlace ./etc/zfs/Makefile.am       --replace "\$(sysconfdir)"          "$out/etc"
-    substituteInPlace ./cmd/zed/Makefile.am       --replace "\$(sysconfdir)"          "$out/etc"
-    substituteInPlace ./module/Makefile.in        --replace "/bin/cp"                 "cp"
-    substituteInPlace ./etc/systemd/system/zfs-share.service.in \
-      --replace "@bindir@/rm " "${coreutils}/bin/rm "
-
-    for f in ./udev/rules.d/*
-    do
-      substituteInPlace "$f" --replace "/lib/udev/vdev_id" "$out/lib/udev/vdev_id"
-    done
-
-    ./autogen.sh
-  '';
-
-  configureFlags = [
-    "--with-config=${configFile}"
-    ] ++ optionals buildUser [
-    "--with-dracutdir=$(out)/lib/dracut"
-    "--with-udevdir=$(out)/lib/udev"
-    "--with-systemdunitdir=$(out)/etc/systemd/system"
-    "--with-systemdpresetdir=$(out)/etc/systemd/system-preset"
-    "--with-mounthelperdir=$(out)/bin"
-    "--sysconfdir=/etc"
-    "--localstatedir=/var"
-    "--enable-systemd"
-    ] ++ optionals buildKernel [
-    "--with-spl=${spl}/libexec/spl"
-    "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
-    "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
-  ];
-
-  enableParallelBuilding = true;
-
-  installFlags = [
-    "sysconfdir=\${out}/etc"
-    "DEFAULT_INITCONF_DIR=\${out}/default"
-  ];
-
-  postInstall = ''
-    # Prevent kernel modules from depending on the Linux -dev output.
-    nuke-refs $(find $out -name "*.ko")
-  '' + optionalString buildUser ''
-    # Remove provided services as they are buggy
-    rm $out/etc/systemd/system/zfs-import-*.service
-
-    sed -i '/zfs-import-scan.service/d' $out/etc/systemd/system/*
-
-    for i in $out/etc/systemd/system/*; do
-    substituteInPlace $i --replace "zfs-import-cache.service" "zfs-import.target"
-    done
-
-    # Fix pkgconfig.
-    ln -s ../share/pkgconfig $out/lib/pkgconfig
-
-    # Remove tests because they add a runtime dependency on gcc
-    rm -rf $out/share/zfs/zfs-tests
-  '';
-
-  outputs = [ "out" ] ++ optionals buildUser [ "lib" "dev" ];
-
-  meta = {
-    description = "ZFS Filesystem Linux Kernel module";
-    longDescription = ''
-      ZFS is a filesystem that combines a logical volume manager with a
-      Copy-On-Write filesystem with data integrity detection and repair,
-      snapshotting, cloning, block devices, deduplication, and more.
-    '';
-    homepage = http://zfsonlinux.org/;
-    license = licenses.cddl;
-    platforms = platforms.linux;
-    maintainers = with maintainers; [ jcumming wizeman wkennington fpletz globin ];
+  zfsUnstable = common {
+    # comment/uncomment if breaking kernel versions are known
+    incompatibleKernelVersion = null;
+
+    # this package should point to a version / git revision compatible with the latest kernel release
+    version = "2017-09-12";
+
+    rev = "ded8f06a3cfee60b3a8ea5309e9c4d0e567ed3b5";
+    sha256 = "0yn4fg4a00hpflmmr0jbbhfb921nygpw2xbbjy35abl57k6zk375";
+    isUnstable = true;
+
+    extraPatches = [
+      (fetchpatch {
+        url = "https://github.com/Mic92/zfs/compare/ded8f06a3cfee...nixos-zfs-2017-09-12.patch";
+        sha256 = "033wf4jn0h0kp0h47ai98rywnkv5jwvf3xwym30phnaf8xxdx8aj";
+      })
+    ];
+
+    spl = splUnstable;
   };
 }