diff options
| author | William A. Kennington III <william@wkennington.com> | 2015-09-19 14:39:57 -0700 |
|---|---|---|
| committer | William A. Kennington III <william@wkennington.com> | 2015-09-19 14:39:57 -0700 |
| commit | 8b670fba26b6b4536377c6178b29a6ff17169506 (patch) | |
| tree | 41f8a58e614df712eec4891c51f9ccba2a14d79b /pkgs/os-specific | |
| parent | 3acffb730aeb1bcab009dcc6ba57707462a3abaa (diff) | |
| parent | 6e092236273bbcd95654392430a281365bc2278a (diff) | |
| download | nixlib-8b670fba26b6b4536377c6178b29a6ff17169506.tar nixlib-8b670fba26b6b4536377c6178b29a6ff17169506.tar.gz nixlib-8b670fba26b6b4536377c6178b29a6ff17169506.tar.bz2 nixlib-8b670fba26b6b4536377c6178b29a6ff17169506.tar.lz nixlib-8b670fba26b6b4536377c6178b29a6ff17169506.tar.xz nixlib-8b670fba26b6b4536377c6178b29a6ff17169506.tar.zst nixlib-8b670fba26b6b4536377c6178b29a6ff17169506.zip | |
Merge branch 'staging.upstream' into staging.post-15.06
Diffstat (limited to 'pkgs/os-specific')
21 files changed, 309 insertions, 395 deletions
diff --git a/pkgs/os-specific/darwin/apple-sdk/default.nix b/pkgs/os-specific/darwin/apple-sdk/default.nix index 33d0e5eb385e..fd578cf33d62 100644 --- a/pkgs/os-specific/darwin/apple-sdk/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk/default.nix @@ -120,7 +120,7 @@ in rec { __propagatedImpureHostDeps = [ "/usr/lib/libXplugin.1.dylib" ]; propagatedBuildInputs = with frameworks; [ - OpenGL ApplicationServices Carbon IOKit CoreFoundation CoreGraphics CoreServices CoreText + OpenGL ApplicationServices Carbon IOKit CF CoreGraphics CoreServices CoreText ]; installPhase = '' @@ -144,9 +144,7 @@ in rec { }; }; - frameworks = (stdenv.lib.mapAttrs framework (import ./frameworks.nix { inherit frameworks libs; })) // { - CoreFoundation = CF; - }; + frameworks = stdenv.lib.mapAttrs framework (import ./frameworks.nix { inherit frameworks libs CF; }); inherit sdk; } diff --git a/pkgs/os-specific/darwin/apple-sdk/frameworks.nix b/pkgs/os-specific/darwin/apple-sdk/frameworks.nix index 9da2dd74c711..f6bf51f94432 100644 --- a/pkgs/os-specific/darwin/apple-sdk/frameworks.nix +++ b/pkgs/os-specific/darwin/apple-sdk/frameworks.nix @@ -2,76 +2,76 @@ # Epic weird knot-tying happening here. # TODO: clean up the process for generating this and include it -{ frameworks, libs }: +{ frameworks, libs, CF }: with frameworks; with libs; { AGL = [ Carbon OpenGL ]; AVFoundation = [ ApplicationServices CoreGraphics ]; AVKit = []; Accounts = []; - AddressBook = [ Carbon CoreFoundation ]; + AddressBook = [ Carbon CF ]; AppKit = [ AudioToolbox QuartzCore ]; AppKitScripting = []; AppleScriptKit = []; AppleScriptObjC = []; AppleShareClientCore = [ CoreServices ]; - AudioToolbox = [ AudioUnit CoreAudio CoreFoundation CoreMIDI ]; - AudioUnit = [ Carbon CoreAudio CoreFoundation ]; + AudioToolbox = [ AudioUnit CoreAudio CF CoreMIDI ]; + AudioUnit = [ Carbon CoreAudio CF ]; AudioVideoBridging = [ Foundation ]; Automator = []; - CFNetwork = [ CoreFoundation ]; + CFNetwork = [ CF ]; CalendarStore = []; Cocoa = []; Collaboration = []; - CoreAudio = [ CoreFoundation IOKit ]; + CoreAudio = [ CF IOKit ]; CoreAudioKit = [ AudioUnit ]; CoreData = []; - CoreGraphics = [ Accelerate CoreFoundation IOKit IOSurface SystemConfiguration ]; + CoreGraphics = [ Accelerate CF IOKit IOSurface SystemConfiguration ]; CoreLocation = []; - CoreMIDI = [ CoreFoundation ]; + CoreMIDI = [ CF ]; CoreMIDIServer = []; - CoreMedia = [ ApplicationServices AudioToolbox CoreAudio CoreFoundation CoreGraphics CoreVideo ]; - CoreMediaIO = [ CoreFoundation CoreMedia ]; - CoreText = [ CoreFoundation CoreGraphics ]; - CoreVideo = [ ApplicationServices CoreFoundation CoreGraphics IOSurface OpenGL ]; + CoreMedia = [ ApplicationServices AudioToolbox CoreAudio CF CoreGraphics CoreVideo ]; + CoreMediaIO = [ CF CoreMedia ]; + CoreText = [ CF CoreGraphics ]; + CoreVideo = [ ApplicationServices CF CoreGraphics IOSurface OpenGL ]; CoreWLAN = [ SecurityFoundation ]; DVComponentGlue = [ CoreServices QuickTime ]; DVDPlayback = []; - DirectoryService = [ CoreFoundation ]; - DiscRecording = [ CoreFoundation CoreServices IOKit ]; + DirectoryService = [ CF ]; + DiscRecording = [ CF CoreServices IOKit ]; DiscRecordingUI = []; - DiskArbitration = [ CoreFoundation IOKit ]; + DiskArbitration = [ CF IOKit ]; DrawSprocket = [ Carbon ]; EventKit = []; ExceptionHandling = []; FWAUserLib = []; - ForceFeedback = [ CoreFoundation IOKit ]; - Foundation = [ CoreFoundation Security ApplicationServices AppKit SystemConfiguration ]; - GLKit = [ CoreFoundation ]; + ForceFeedback = [ CF IOKit ]; + Foundation = [ CF Security ApplicationServices AppKit SystemConfiguration ]; + GLKit = [ CF ]; GLUT = [ GL OpenGL ]; GSS = []; GameController = []; GameKit = [ Foundation ]; - ICADevices = [ Carbon CoreFoundation IOBluetooth ]; + ICADevices = [ Carbon CF IOBluetooth ]; IMServicePlugIn = []; IOBluetoothUI = [ IOBluetooth ]; - IOKit = [ CoreFoundation ]; - IOSurface = [ CoreFoundation IOKit xpc ]; + IOKit = [ CF ]; + IOSurface = [ CF IOKit xpc ]; ImageCaptureCore = []; - ImageIO = [ CoreFoundation CoreGraphics ]; + ImageIO = [ CF CoreGraphics ]; InputMethodKit = [ Carbon ]; InstallerPlugins = []; InstantMessage = []; JavaFrameEmbedding = []; - JavaScriptCore = [ CoreFoundation ]; + JavaScriptCore = [ CF ]; Kerberos = []; - Kernel = [ CoreFoundation IOKit ]; + Kernel = [ CF IOKit ]; LDAP = []; - LatentSemanticMapping = [ Carbon CoreFoundation ]; + LatentSemanticMapping = [ Carbon CF ]; MapKit = []; - MediaAccessibility = [ CoreFoundation CoreGraphics CoreText QuartzCore ]; - MediaToolbox = [ AudioToolbox CoreFoundation CoreMedia ]; - NetFS = [ CoreFoundation ]; + MediaAccessibility = [ CF CoreGraphics CoreText QuartzCore ]; + MediaToolbox = [ AudioToolbox CF CoreMedia ]; + NetFS = [ CF ]; OSAKit = [ Carbon ]; OpenAL = []; OpenCL = [ IOSurface OpenGL ]; @@ -81,7 +81,7 @@ with frameworks; with libs; { PubSub = []; Python = [ ApplicationServices ]; QTKit = [ QuickTime ]; - QuickLook = [ ApplicationServices CoreFoundation ]; + QuickLook = [ ApplicationServices CF ]; QuickTime = [ ApplicationServices AudioUnit Carbon CoreAudio CoreServices OpenGL QuartzCore ]; Ruby = []; RubyCocoa = []; @@ -89,31 +89,31 @@ with frameworks; with libs; { ScreenSaver = []; Scripting = []; ScriptingBridge = []; - Security = [ CoreFoundation IOKit ]; + Security = [ CF IOKit ]; SecurityFoundation = []; SecurityInterface = [ Security ]; - ServiceManagement = [ CoreFoundation Security ]; + ServiceManagement = [ CF Security ]; Social = []; SpriteKit = []; StoreKit = []; SyncServices = []; - SystemConfiguration = [ CoreFoundation Security ]; + SystemConfiguration = [ CF Security ]; TWAIN = [ Carbon ]; Tcl = []; Tk = [ ApplicationServices Carbon X11 ]; - VideoDecodeAcceleration = [ CoreFoundation CoreVideo ]; - VideoToolbox = [ CoreFoundation CoreMedia CoreVideo ]; + VideoDecodeAcceleration = [ CF CoreVideo ]; + VideoToolbox = [ CF CoreMedia CoreVideo ]; WebKit = [ ApplicationServices Carbon JavaScriptCore OpenGL X11 ]; # Umbrellas Accelerate = [ CoreWLAN IOBluetooth ]; - ApplicationServices = [ CoreFoundation CoreServices CoreText ImageIO ]; - Carbon = [ ApplicationServices CoreFoundation CoreServices IOKit Security QuartzCore ]; + ApplicationServices = [ CF CoreServices CoreText ImageIO ]; + Carbon = [ ApplicationServices CF CoreServices IOKit Security QuartzCore ]; CoreBluetooth = []; - CoreServices = [ CFNetwork CoreAudio CoreData CoreFoundation DiskArbitration Security NetFS OpenDirectory ServiceManagement ]; + CoreServices = [ CFNetwork CoreAudio CoreData CF DiskArbitration Security NetFS OpenDirectory ServiceManagement ]; IOBluetooth = [ IOKit ]; JavaVM = []; OpenDirectory = []; Quartz = [ QuickLook ]; - QuartzCore = [ ApplicationServices CoreFoundation CoreVideo OpenCL ]; + QuartzCore = [ ApplicationServices CF CoreVideo OpenCL ]; } diff --git a/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix index 2aca836ba48a..c7fcbb0aabbe 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/CF/default.nix @@ -47,8 +47,9 @@ appleDerivation { ''; postInstall = '' - # gross! convince apple to release this as part of CF - cp /System/Library/Frameworks/CoreFoundation.framework/Headers/CFAttributedString.h "$out/System/Library/Frameworks/CoreFoundation.framework/Headers" + # gross! convince apple to release these as part of CF + cp /System/Library/Frameworks/CoreFoundation.framework/Headers/{CFAttributedString,CFNotificationCenter}.h \ + "$out/System/Library/Frameworks/CoreFoundation.framework/Headers" mv $out/System/* $out rmdir $out/System diff --git a/pkgs/os-specific/linux/apparmor/2.9/default.nix b/pkgs/os-specific/linux/apparmor/2.9/default.nix deleted file mode 100644 index 1b1d9a3d1ca2..000000000000 --- a/pkgs/os-specific/linux/apparmor/2.9/default.nix +++ /dev/null @@ -1,183 +0,0 @@ -{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27, swig, dbus, pam -}: - -let - apparmor-series = "2.9"; - apparmor-patchver = "2"; - apparmor-version = "${apparmor-series}.${apparmor-patchver}"; - - apparmor-meta = component: with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system - ${component}"; - license = licenses.gpl2; - maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; - platforms = platforms.linux; - }; - - apparmor-sources = fetchurl { - url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh"; - }; - - prePatchCommon = '' - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" - ''; - - libapparmor = stdenv.mkDerivation { - name = "libapparmor-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - autoconf - automake - bison - flex - dbus # requires patch to dbus ... - glibc - libtool - perl - pkgconfig - python27 - swig - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - ''; - - buildPhase = '' - cd ./libraries/libapparmor - ./autogen.sh - ./configure --prefix="$out" --with-python --with-perl - make - ''; - - installPhase = '' - make install - ''; - - meta = apparmor-meta "library"; - }; - - apparmor-utils = stdenv.mkDerivation { - name = "apparmor-utils-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - python27 - libapparmor - which - ]; - - prePatch = prePatchCommon; - - buildPhase = '' - cd ./utils - make LANGS="" - ''; - - installPhase = '' - make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" - ''; - - meta = apparmor-meta "user-land utilities"; - }; - - apparmor-parser = stdenv.mkDerivation { - name = "apparmor-parser-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - bison - flex - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - ## techdoc.pdf still doesn't build ... - substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - ''; - - buildPhase = '' - cd ./parser - make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include - ''; - - installPhase = '' - make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" - ''; - - meta = apparmor-meta "rule parser"; - }; - - apparmor-pam = stdenv.mkDerivation { - name = "apparmor-pam-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - pam - pkgconfig - which - ]; - - buildPhase = '' - cd ./changehat/pam_apparmor - make USE_SYSTEM=1 - ''; - - installPhase = '' - make install DESTDIR="$out" - ''; - - meta = apparmor-meta "PAM service"; - }; - - apparmor-profiles = stdenv.mkDerivation { - name = "apparmor-profiles-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ which ]; - - buildPhase = '' - cd ./profiles - make - ''; - - installPhase = '' - make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" - ''; - - meta = apparmor-meta "profiles"; - }; - - apparmor-kernel-patches = stdenv.mkDerivation { - name = "apparmor-kernel-patches-${apparmor-version}"; - src = apparmor-sources; - - phases = ''unpackPhase installPhase''; - - installPhase = '' - mkdir "$out" - cp -R ./kernel-patches "$out" - ''; - - meta = apparmor-meta "kernel patches"; - }; - -in - -{ - inherit libapparmor apparmor-utils apparmor-parser apparmor-pam - apparmor-profiles apparmor-kernel-patches; -} diff --git a/pkgs/os-specific/linux/apparmor/capability.patch b/pkgs/os-specific/linux/apparmor/capability.patch deleted file mode 100644 index c8f2b511d957..000000000000 --- a/pkgs/os-specific/linux/apparmor/capability.patch +++ /dev/null @@ -1,16 +0,0 @@ -Description: allow parser to build even when not on Linux. -Author: Kees Cook <kees@debian.org> - -Index: apparmor-debian/common/Make.rules -=================================================================== ---- apparmor-debian.orig/common/Make.rules 2012-05-05 14:41:25.967259523 -0700 -+++ apparmor-debian/common/Make.rules 2012-05-05 14:41:28.451291053 -0700 -@@ -160,7 +160,7 @@ - CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort) - - .PHONY: list_capabilities --list_capabilities: /usr/include/linux/capability.h -+list_capabilities: - @echo "$(CAPABILITIES)" - - # ===================== diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 22413b2ed314..64c6f66575b6 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,98 +1,167 @@ -{ stdenv, fetchurl -, autoconf, automake, libtool, makeWrapper -, perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext -, bash, pam, TermReadKey, RpcXML, swig, python}: -stdenv.mkDerivation rec { - - name = "apparmor-${version}"; - version = "2.8.4"; - - src = fetchurl { - url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz"; - sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq"; +{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which +, glibc, flex, bison, python27Packages, swig, pam +}: + +let + apparmor-series = "2.10"; + apparmor-version = apparmor-series; + + apparmor-meta = component: with stdenv.lib; { + homepage = http://apparmor.net/; + description = "Linux application security system - ${component}"; + license = licenses.gpl2; + maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; + platforms = platforms.linux; }; - buildInputs = [ - autoconf automake libtool perl bison flex gettext which rpm - LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ]; - - prePatch = '' - substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include" - substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc}/include" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc}/include" - - substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h" - substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - #substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - - # for some reason pdf documentation doesn't build - substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - - substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl" - substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove" - substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh" - ''; + apparmor-sources = fetchurl { + url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; + sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd"; + }; - patches = ./capability.patch; - - buildPhase ='' - PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib - - cd libraries/libapparmor - ./autogen.sh - ./configure --prefix=$out --with-perl # see below - make - make check - make install - mkdir -p $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/ - # this is automatically copied elsewhere.... - - cd ../../utils - make - make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl - - cd ../parser - make - make install DESTDIR=$out DISTRO=unknown - -# cd ../changehat/mod_apparmor -# make # depends on libapparmor having been built first -# make install - - cd ../changehat/pam_apparmor - make # depends on libapparmor having been built first - make install DESTDIR=$out - - cd ../../profiles - LD_LIBRARY_PATH=$out/lib make - #LD_LIBRARY_PATH=$out/lib make check # depends on the parser having been built first - make install DESTDIR=$out - - cd .. - cp -r kernel-patches $out + prePatchCommon = '' + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" + substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" ''; - installPhase = let - perlVersion = (builtins.parseDrvName perl.name).version; - in '' - for i in $out/bin/*; do - wrapProgram $i --prefix PERL5LIB : \ - "$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/" - done - ''; + libapparmor = stdenv.mkDerivation { + name = "libapparmor-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + autoconf + automake + autoreconfHook + bison + flex + glibc + libtool + perl + pkgconfig + python27Packages.python + swig + which + ]; + + # required to build apparmor-parser + dontDisableStatic = true; + + prePatch = prePatchCommon + '' + substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + ''; + + postPatch = "cd ./libraries/libapparmor"; + configureFlags = "--with-python --with-perl"; + + meta = apparmor-meta "library"; + }; - meta = with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system"; - license = licenses.gpl2; - maintainers = [ maintainers.phreedom maintainers.thoughtpolice ]; - platforms = platforms.linux; + apparmor-utils = stdenv.mkDerivation { + name = "apparmor-utils-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + perl + python27Packages.python + python27Packages.readline + libapparmor + makeWrapper + which + ]; + + prePatch = prePatchCommon; + postPatch = "cd ./utils"; + makeFlags = ''LANGS=''; + installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX=''; + + postInstall = '' + for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do + wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH" + done + + for prog in aa-exec aa-notify ; do + wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB" + done + ''; + + meta = apparmor-meta "user-land utilities"; }; -} + apparmor-parser = stdenv.mkDerivation { + name = "apparmor-parser-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + bison + flex + which + ]; + + prePatch = prePatchCommon + '' + substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" + substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" + substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + ## techdoc.pdf still doesn't build ... + substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" + ''; + postPatch = "cd ./parser"; + makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include''; + installFlags = ''DESTDIR=$(out) DISTRO=unknown''; + + meta = apparmor-meta "rule parser"; + }; + + apparmor-pam = stdenv.mkDerivation { + name = "apparmor-pam-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + pam + pkgconfig + which + ]; + + postPatch = "cd ./changehat/pam_apparmor"; + makeFlags = ''USE_SYSTEM=1''; + installFlags = ''DESTDIR=$(out)''; + + meta = apparmor-meta "PAM service"; + }; + + apparmor-profiles = stdenv.mkDerivation { + name = "apparmor-profiles-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ which ]; + + postPatch = "cd ./profiles"; + installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles''; + + meta = apparmor-meta "profiles"; + }; + + apparmor-kernel-patches = stdenv.mkDerivation { + name = "apparmor-kernel-patches-${apparmor-version}"; + src = apparmor-sources; + + phases = ''unpackPhase installPhase''; + + installPhase = '' + mkdir "$out" + cp -R ./kernel-patches "$out" + ''; + + meta = apparmor-meta "kernel patches"; + }; + +in + +{ + inherit libapparmor apparmor-utils apparmor-parser apparmor-pam + apparmor-profiles apparmor-kernel-patches; +} diff --git a/pkgs/os-specific/linux/audit/default.nix b/pkgs/os-specific/linux/audit/default.nix index 8a7c573ac0e0..da27d3ed9d43 100644 --- a/pkgs/os-specific/linux/audit/default.nix +++ b/pkgs/os-specific/linux/audit/default.nix @@ -5,11 +5,11 @@ assert enablePython -> python != null; stdenv.mkDerivation rec { - name = "audit-2.4.2"; + name = "audit-2.4.4"; src = fetchurl { url = "http://people.redhat.com/sgrubb/audit/${name}.tar.gz"; - sha256 = "08j134s4509rxfi3hwsp8yyxzlqqxl8kqgv2rfv6p3qng5pjd80j"; + sha256 = "08sfcx8ykcn5jsryil15q8yqm0a8czymyqbb2sqxfc1jbx37zx95"; }; buildInputs = [ openldap ] diff --git a/pkgs/os-specific/linux/autofs/create-patches-v5.sh b/pkgs/os-specific/linux/autofs/create-patches-v5.sh deleted file mode 100644 index 1fe6b503288d..000000000000 --- a/pkgs/os-specific/linux/autofs/create-patches-v5.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# -# Use this script with the upstream sorted list of patches -# curl ftp://ftp.kernel.org/pub/linux/daemons/autofs/v5/patches-5.0.{x+1}/patch_order-5.0.x | -# grep -v '^#' | sh create-patches-v5.sh - -BASEURL=mirror://kernel/linux/daemons/autofs/v5/patches-5.0.9; - -echo '# File created automatically' > patches-v5.nix -echo 'fetchurl :' >> patches-v5.nix -echo '[' >> patches-v5.nix - -while read a; do - URL=$BASEURL/$a - HASH=`nix-prefetch-url $URL` - echo "(fetchurl { url = $URL; sha256 = \"$HASH\"; })" >> patches-v5.nix -done - -echo ']' >> patches-v5.nix diff --git a/pkgs/os-specific/linux/autofs/autofs-v5.nix b/pkgs/os-specific/linux/autofs/default.nix index 787cd34180e7..3a8aa08d8a31 100644 --- a/pkgs/os-specific/linux/autofs/autofs-v5.nix +++ b/pkgs/os-specific/linux/autofs/default.nix @@ -1,18 +1,16 @@ -{stdenv, fetchurl, flex, bison, linuxHeaders}: +{ stdenv, fetchurl, flex, bison, linuxHeaders }: let - baseURL = mirror://kernel/linux/daemons/autofs/v5; -in -stdenv.mkDerivation { - name = "autofs-5.0.8"; + version = "5.1.1"; + name = "autofs-${version}"; +in stdenv.mkDerivation { + inherit name; src = fetchurl { - url = "${baseURL}/autofs-5.0.8.tar.bz2"; - sha256 = "0zczihrqdamj43401v2pczf7zi94f8qk20gc6l92nxmpak3443if"; + url = "mirror://kernel/linux/daemons/autofs/v5/${name}.tar.xz"; + sha256 = "1hr1f11wp538h7r298wpa5khfkhfs8va3p1kdixxhrgkkzpz13z0"; }; - patches = import ./patches-v5.nix fetchurl; - preConfigure = '' configureFlags="--disable-move-mount --with-path=$PATH" export MOUNT=/var/run/current-system/sw/bin/mount @@ -31,11 +29,12 @@ stdenv.mkDerivation { #make install SUBDIRS="samples" # impure! ''; - buildInputs = [flex bison linuxHeaders]; + buildInputs = [ flex bison linuxHeaders ]; - meta = { - description="Kernel based automounter"; - homepage="http://www.linux-consulting.com/Amd_AutoFS/autofs.html"; + meta = { + inherit version; + description = "Kernel-based automounter"; + homepage = http://www.linux-consulting.com/Amd_AutoFS/autofs.html; license = stdenv.lib.licenses.gpl2; executables = [ "automount" ]; }; diff --git a/pkgs/os-specific/linux/autofs/patches-v5.nix b/pkgs/os-specific/linux/autofs/patches-v5.nix deleted file mode 100644 index a577beefbe7f..000000000000 --- a/pkgs/os-specific/linux/autofs/patches-v5.nix +++ /dev/null @@ -1,7 +0,0 @@ -# File created automatically -fetchurl : -[ -(fetchurl { url = mirror://kernel/linux/daemons/autofs/v5/patches-5.0.9/autofs-5.0.8-fix-undefined-authtype_requires_creds-err-if-ldap-en.patch; sha256 = "11v1a32rx57ylp8scswpk41jl9n4kfx55nvdlzhvfs4rhws18rpx"; }) -(fetchurl { url = mirror://kernel/linux/daemons/autofs/v5/patches-5.0.9/autofs-5.0.8-fix-master-map-type-check.patch; sha256 = "1nkq0y6j7dc6214af3q9bxvy7pv9kak0q9chijxcj6zkhfzwrjy3"; }) -(fetchurl { url = mirror://kernel/linux/daemons/autofs/v5/patches-5.0.9/autofs-5.0.8-fix-task-manager-not-getting-signaled.patch; sha256 = "17h06wk4x0rqiky6pm9dglbc5ycxxrd3438a9snnlysl4zzgrqhx"; }) -] diff --git a/pkgs/os-specific/linux/cgmanager/default.nix b/pkgs/os-specific/linux/cgmanager/default.nix index 8f56eda3a1bc..1c79fddeca96 100644 --- a/pkgs/os-specific/linux/cgmanager/default.nix +++ b/pkgs/os-specific/linux/cgmanager/default.nix @@ -1,14 +1,15 @@ -{ stdenv, fetchurl, pkgconfig, libnih, dbus }: +{ stdenv, fetchurl, pkgconfig, libnih, dbus, pam }: stdenv.mkDerivation rec { - name = "cgmanager-0.37"; + name = "cgmanager-0.39"; src = fetchurl { url = "https://linuxcontainers.org/downloads/cgmanager/${name}.tar.gz"; - sha256 = "0vkv8am6h3x89c1rqb6a1glwz3mik3065jigri96njjzmvrff2c3"; + sha256 = "0ysv8klnybp727aad2k0aa67s05q027pzfl7rmm0map4nizlhrcy"; }; - buildInputs = [ pkgconfig libnih dbus ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libnih dbus pam ]; configureFlags = [ "--with-init-script=systemd" diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 6f5ec27c638e..287b83b637f7 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "iproute2-4.1.1"; + name = "iproute2-4.2.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/iproute2/${name}.tar.xz"; - sha256 = "0vz6m2k6hdrjlg4x0r3cd75lg9ysmndbsp35pm8494zvksc7l1vk"; + sha256 = "0c0gyf46ad3jlalm9a7c9iiwvpcrjr4gylrkyranp8qd7rs1w454"; }; patches = lib.optionals enableFan [ ./ubuntu-fan.patch ]; diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix index 0bd76b37d635..b26bc1eb34ad 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.10.87"; + version = "3.10.88"; extraMeta.branch = "3.10"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "01lax9c6j2gw33pr7dla1ly1d89970mkbwh2hnmysgzsyh136rvg"; + sha256 = "0ayz62v46zmbz43zd36a0zpczv4dyjjcyljcfv1p7mgj3fc9fs4z"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.14.nix b/pkgs/os-specific/linux/kernel/linux-3.14.nix index b0b5faaf6827..fb38e32a4b9b 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.14.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.14.51"; + version = "3.14.52"; # Remember to update grsecurity! extraMeta.branch = "3.14"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "1gqsd69cqijff4c4br4ydmcjl226d0yy6vrmgfvy16xiraavq1mk"; + sha256 = "1sgjxp98wdq4a0044i46970jm2prrgp0xz9jg1q4mfysdz3n3fhv"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-4.1.nix b/pkgs/os-specific/linux/kernel/linux-4.1.nix index a04680241d6a..917e5d6ffeed 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.1.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.1.6"; + version = "4.1.7"; # Remember to update grsecurity! extraMeta.branch = "4.1"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1zlr7d5d7rhcbpwsi0svmv0zwj50n6mj6xgfzwwi336f5p26wbci"; + sha256 = "0g1dnvak0pd03d4miy1025bw64wq71w29a058dzspdr6jcf9qwbn"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index b3c51dc6306e..18e73ae68d45 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -82,10 +82,10 @@ rec { }; grsecurity_unstable = grsecPatch - { kversion = "4.1.6"; - revision = "201508181953"; + { kversion = "4.1.7"; + revision = "201509131604"; branch = "test"; - sha256 = "1m227k1wb1q588vkgmngcz86k0wpzan6vra67pcx2478mabm3s89"; + sha256 = "1frfyi1pkiqc3awri3sr7xv41qxc8m2kb1yhfvj6xkrwb9li2bki"; }; grsec_fix_path = diff --git a/pkgs/os-specific/linux/nftables/default.nix b/pkgs/os-specific/linux/nftables/default.nix index 9834443a74d4..e0b16eb24f5b 100644 --- a/pkgs/os-specific/linux/nftables/default.nix +++ b/pkgs/os-specific/linux/nftables/default.nix @@ -2,11 +2,11 @@ , flex, bison, libmnl, libnftnl, gmp, readline }: stdenv.mkDerivation rec { - name = "nftables-0.4"; + name = "nftables-0.5"; src = fetchurl { url = "http://netfilter.org/projects/nftables/files/${name}.tar.bz2"; - sha256 = "0g0x6mf5580kr1azrff0ryxxym43qr72fwir7agmz4b8bjvnkjpn"; + sha256 = "1mhaw7ys7ma5786xyfccgar389jsj2zp7qmvghsgr96q6grxzdhz"; }; configureFlags = [ diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 89a40f93b890..2997c02d26d4 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -2145,10 +2145,47 @@ index 8d171a5..bd0d324 100644 bool paths_check_timestamp(const char* const* paths, usec_t *paths_ts_usec, bool update); diff --git a/src/shared/virt.c b/src/shared/virt.c -index f9c4e67..f10baab 100644 +index f9c4e67..f3104d5 100644 --- a/src/shared/virt.c +++ b/src/shared/virt.c -@@ -293,8 +293,26 @@ int detect_container(const char **id) { +@@ -151,7 +151,7 @@ int detect_vm(const char **id) { + _cleanup_free_ char *domcap = NULL, *cpuinfo_contents = NULL; + static thread_local int cached_found = -1; + static thread_local const char *cached_id = NULL; +- const char *_id = NULL; ++ const char *_id = NULL, *_id_cpuid = NULL; + int r; + + if (_likely_(cached_found >= 0)) { +@@ -197,10 +197,26 @@ int detect_vm(const char **id) { + + /* this will set _id to "other" and return 0 for unknown hypervisors */ + r = detect_vm_cpuid(&_id); +- if (r != 0) ++ ++ /* finish when found a known hypervisor other than kvm */ ++ if (r < 0 || (r > 0 && !streq(_id, "kvm"))) + goto finish; + ++ _id_cpuid = _id; ++ + r = detect_vm_dmi(&_id); ++ ++ /* kvm with and without Virtualbox */ ++ if (streq_ptr(_id_cpuid, "kvm")) { ++ if (r > 0 && streq(_id, "oracle")) ++ goto finish; ++ ++ _id = _id_cpuid; ++ r = 1; ++ goto finish; ++ } ++ ++ /* information from dmi */ + if (r != 0) + goto finish; + +@@ -293,8 +309,26 @@ int detect_container(const char **id) { r = read_one_line_file("/run/systemd/container", &m); if (r == -ENOENT) { diff --git a/pkgs/os-specific/linux/zfs/0.6.5-fix-corruption.patch b/pkgs/os-specific/linux/zfs/0.6.5-fix-corruption.patch new file mode 100644 index 000000000000..af4ce1333c84 --- /dev/null +++ b/pkgs/os-specific/linux/zfs/0.6.5-fix-corruption.patch @@ -0,0 +1,28 @@ +From 96165264ad0afe7a5d440ef49f9712a188486266 Mon Sep 17 00:00:00 2001 +From: Richard Yao <ryao@gentoo.org> +Date: Fri, 18 Sep 2015 08:32:52 -0400 +Subject: [PATCH] Discard on zvols should not exceed the length of a block + +37f9dac592bf5889c3efb305c48ac39b4c7dd140 replaced the end-start +calculation with a cached value, but neglected to update it on discard +operations. This can cause us to discard data not requested, causing +data loss on zvols. + +Reported-by: Richard Connon <richard.connon@zynstra.com> +Signed-off-by: Richard Yao <ryao@gentoo.org> +--- + module/zfs/zvol.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/module/zfs/zvol.c b/module/zfs/zvol.c +index 492f8ff..c5a8071 100644 +--- a/module/zfs/zvol.c ++++ b/module/zfs/zvol.c +@@ -661,6 +661,7 @@ zvol_discard(struct bio *bio) + if (!(bio->bi_rw & REQ_SECURE)) { + start = P2ROUNDUP(start, zv->zv_volblocksize); + end = P2ALIGN(end, zv->zv_volblocksize); ++ size = end - start; + } + #endif + diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index bd79ef514223..df74f1c76e20 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -10,5 +10,8 @@ callPackage ./generic.nix (args // rec { sha256 = "1jqm2a9mldp4km5m454zszsw6p8hrqd7xrbf52pgp82kf5w3d6wz"; }; - patches = [ ./nix-build.patch ]; + patches = [ + ./nix-build.patch + ./0.6.5-fix-corruption.patch + ]; }) diff --git a/pkgs/os-specific/linux/zfs/git.nix b/pkgs/os-specific/linux/zfs/git.nix index 175926f9657c..bf127301d2e3 100644 --- a/pkgs/os-specific/linux/zfs/git.nix +++ b/pkgs/os-specific/linux/zfs/git.nix @@ -10,7 +10,10 @@ callPackage ./generic.nix (args // rec { sha256 = "1jqm2a9mldp4km5m454zszsw6p8hrqd7xrbf52pgp82kf5w3d6wz"; }; - patches = [ ./nix-build.patch ]; + patches = [ + ./nix-build.patch + ./0.6.5-fix-corruption.patch + ]; spl = spl_git; }) |