diff options
| author | Philipp Volguine <phil.volguine@gmail.com> | 2016-01-23 21:19:34 +0000 |
|---|---|---|
| committer | Philipp Volguine <phil.volguine@gmail.com> | 2016-01-23 21:19:34 +0000 |
| commit | af2b47646c7867539e46fa6c6f88a99c214f70d6 (patch) | |
| tree | 61e6a959911d2a3b923a96c8bc5daa47d9615aa7 /pkgs/os-specific | |
| parent | 7c4830f3b777b0685c38038122891b9bad3055ee (diff) | |
| parent | c445ec36cbf241c69f07830d59a28b0942ff8f2e (diff) | |
| download | nixlib-af2b47646c7867539e46fa6c6f88a99c214f70d6.tar nixlib-af2b47646c7867539e46fa6c6f88a99c214f70d6.tar.gz nixlib-af2b47646c7867539e46fa6c6f88a99c214f70d6.tar.bz2 nixlib-af2b47646c7867539e46fa6c6f88a99c214f70d6.tar.lz nixlib-af2b47646c7867539e46fa6c6f88a99c214f70d6.tar.xz nixlib-af2b47646c7867539e46fa6c6f88a99c214f70d6.tar.zst nixlib-af2b47646c7867539e46fa6c6f88a99c214f70d6.zip | |
Merge remote-tracking branch 'philhub/master'
Diffstat (limited to 'pkgs/os-specific')
36 files changed, 678 insertions, 148 deletions
diff --git a/pkgs/os-specific/linux/ati-drivers/builder.sh b/pkgs/os-specific/linux/ati-drivers/builder.sh index 520f20e2ed6e..844f30e0c60d 100644 --- a/pkgs/os-specific/linux/ati-drivers/builder.sh +++ b/pkgs/os-specific/linux/ati-drivers/builder.sh @@ -6,15 +6,14 @@ set -x die(){ echo $@; exit 1; } -# custom unpack: -mkdir fglrx +mkdir fglrx # custom unpack: cd fglrx unzip $src cd .. run_file=$(echo fglrx/amd-driver-installer-*) sh $run_file --extract . -eval "$patchPhase" +eval "$patchPhase1" case "$system" in x86_64-linux) @@ -31,6 +30,7 @@ case "$system" in esac # Handle/Build the kernel module. + if test -z "$libsOnly"; then kernelVersion=$(cd ${kernel}/lib/modules && ls) @@ -41,6 +41,7 @@ if test -z "$libsOnly"; then # current kbuild infrastructure allows using CONFIG_* defines # but ati sources don't use them yet.. # copy paste from make.sh + setSMP(){ linuxincludes=$kernelBuild/include @@ -68,7 +69,6 @@ if test -z "$libsOnly"; then if [ "$SMP" = 0 ]; then echo "assuming default: SMP=$SMP" fi - # act on final result if [ ! "$SMP" = 0 ]; then smp="-SMP" @@ -147,19 +147,15 @@ if test -z "$libsOnly"; then fi { # install - mkdir -p $out/lib/xorg - cp -r common/usr/include $out cp -r common/usr/sbin $out cp -r common/usr/share $out - cp -r common/usr/X11R6 $out - + mkdir $out/bin/ + cp -f common/usr/X11R6/bin/* $out/bin/ # cp -r arch/$arch/lib $out/lib - # what are those files used for? cp -r common/etc $out - cp -r $DIR_DEPENDING_ON_XORG_VERSION/usr/X11R6/$lib_arch/* $out/lib/xorg # install kernel module @@ -179,30 +175,26 @@ fi cp -r $TMP/arch/$arch/usr/X11R6/$lib_arch/modules/dri/* $out/lib cp -r $TMP/arch/$arch/usr/X11R6/$lib_arch/*.so* $out/lib cp -r $TMP/arch/$arch/usr/X11R6/$lib_arch/fglrx/fglrx-libGL.so.1.2 $out/lib/fglrx-libGL.so.1.2 - cp -r $TMP/arch/$arch/usr/$lib_arch/* $out/lib - - # cp -r $TMP/arch/$arch/usr/$lib_arch/* $out/lib ln -s libatiuki.so.1.0 $out/lib/libatiuki.so.1 ln -s fglrx-libGL.so.1.2 $out/lib/libGL.so.1 ln -s fglrx-libGL.so.1.2 $out/lib/libGL.so - - ln -s libfglrx_gamma.so.1.0 $out/lib/libfglrx_gamma.so.1 + # FIXME : This file is missing or has changed versions + #ln -s libfglrx_gamma.so.1.0 $out/lib/libfglrx_gamma.so.1 # make xorg use the ati version ln -s $out/lib/xorg/modules/extensions/{fglrx/fglrx-libglx.so,libglx.so} - # Correct some paths that are hardcoded into binary libs. if [ "$arch" == "x86_64" ]; then for lib in \ - lib/xorg/modules/extensions/fglrx/fglrx-libglx.so \ - lib/xorg/modules/glesx.so \ - lib/dri/fglrx_dri.so \ - lib/fglrx_dri.so \ - lib/fglrx-libGL.so.1.2 + xorg/modules/extensions/fglrx/fglrx-libglx.so \ + xorg/modules/glesx.so \ + dri/fglrx_dri.so \ + fglrx_dri.so \ + fglrx-libGL.so.1.2 do oldPaths="/usr/X11R6/lib/modules/dri" newPaths="/run/opengl-driver/lib/dri" - sed -i -e "s|$oldPaths|$newPaths|" $out/$lib + sed -i -e "s|$oldPaths|$newPaths|" $out/lib/$lib done else oldPaths="/usr/X11R6/lib32/modules/dri\x00/usr/lib32/dri" @@ -211,34 +203,45 @@ fi $out/lib/xorg/modules/extensions/fglrx/fglrx-libglx.so for lib in \ - lib/dri/fglrx_dri.so \ - lib/fglrx_dri.so \ - lib/xorg/modules/glesx.so + dri/fglrx_dri.so \ + fglrx_dri.so \ + xorg/modules/glesx.so do oldPaths="/usr/X11R6/lib32/modules/dri/" newPaths="/run/opengl-driver-32/lib/dri" - sed -i -e "s|$oldPaths|$newPaths|" $out/$lib + sed -i -e "s|$oldPaths|$newPaths|" $out/lib/$lib done oldPaths="/usr/X11R6/lib32/modules/dri\x00" newPaths="/run/opengl-driver-32/lib/dri" sed -i -e "s|$oldPaths|$newPaths|" $out/lib/fglrx-libGL.so.1.2 fi - # libstdc++ and gcc are needed by some libs - patchelf --set-rpath $gcc/$lib_arch $out/lib/libatiadlxx.so - patchelf --set-rpath $gcc/$lib_arch $out/lib/xorg/modules/glesx.so + for pelib1 in \ + fglrx_dri.so \ + dri/fglrx_dri.so + do + patchelf --remove-needed libX11.so.6 $out/lib/$pelib1 + done + + for pelib2 in \ + libatiadlxx.so \ + xorg/modules/glesx.so \ + dri/fglrx_dri.so \ + fglrx_dri.so \ + libaticaldd.so + do + patchelf --set-rpath $gcc/$lib_arch/ $out/lib/$pelib2 + done } if test -z "$libsOnly"; then { # build samples mkdir -p $out/bin - mkdir -p samples cd samples tar xfz ../common/usr/src/ati/fglrx_sample_source.tgz - eval "$patchPhaseSamples" ( # build and install fgl_glxgears @@ -252,27 +255,42 @@ if test -z "$libsOnly"; then true || ( # build and install + ### + ## FIXME ? # doesn't build undefined reference to `FGLRX_X11SetGamma' - # wich should be contained in -lfglrx_gamma + # which should be contained in -lfglrx_gamma + # This should create $out/lib/libfglrx_gamma.so.1.0 ? because there is + # a symlink named libfglrx_gamma.so.1 linking to libfglrx_gamma.so.1.0 in $out/lib/ cd programs/fglrx_gamma gcc -fPIC -I${libXxf86vm}/include \ -I${xf86vidmodeproto}/include \ -I$out/X11R6/include \ -L$out/lib \ - -Wall -lm -lfglrx_gamma -lX11 -lXext -o fglrx_xgamma fglrx_xgamma.c + -Wall -lm -lfglrx_gamma -lX11 -lXext -o $out/bin/fglrx_xgamma fglrx_xgamma.c ) - { # copy binaries and wrap them: + { + # patch and copy statically linked qt libs used by amdcccle + patchelf --set-interpreter $(echo $glibc/lib/ld-linux*.so.2) $TMP/arch/$arch/usr/share/ati/$lib_arch/libQtCore.so.4 && + patchelf --set-rpath $gcc/$lib_arch/ $TMP/arch/$arch/usr/share/ati/$lib_arch/libQtCore.so.4 && + patchelf --set-rpath $gcc/$lib_arch/:$out/share/ati/:$libXrender/lib/:$libSM/lib/:$libICE/lib/:$libfontconfig/lib/:$libfreetype/lib/ $TMP/arch/$arch/usr/share/ati/$lib_arch/libQtGui.so.4 && + mkdir -p $out/share/ati + cp -r $TMP/arch/$arch/usr/share/ati/$lib_arch/libQtCore.so.4 $out/share/ati/ + cp -r $TMP/arch/$arch/usr/share/ati/$lib_arch/libQtGui.so.4 $out/share/ati/ + # copy binaries and wrap them: BIN=$TMP/arch/$arch/usr/X11R6/bin - cp $BIN/* $out/bin + patchelf --set-rpath $gcc/$lib_arch/:$out/share/ati/:$libXinerama/lib/:$libXrandr/lib/ $TMP/arch/$arch/usr/X11R6/bin/amdcccle + patchelf --set-rpath $libXrender/lib/:$libXrandr/lib/ $TMP/arch/$arch/usr/X11R6/bin/aticonfig + patchelf --shrink-rpath $BIN/amdcccle for prog in $BIN/*; do - patchelf --set-interpreter $(echo $glibc/lib/ld-linux*.so.2) $out/bin/$(basename $prog) - wrapProgram $out/bin/$(basename $prog) --prefix LD_LIBRARY_PATH : $out/lib:$gcc/lib:$qt4/lib:$LD_LIBRARY_PATH + cp -f $prog $out/bin && + patchelf --set-interpreter $(echo $glibc/lib/ld-linux*.so.2) $out/bin/$(basename $prog) && + wrapProgram $out/bin/$(basename $prog) --prefix LD_LIBRARY_PATH : $out/lib/:$gcc/lib/:$out/share/ati/:$libXinerama/lib/:$libXrandr/lib/:$libfontconfig/lib/:$libfreetype/lib/:$LD_LIBRARY_PATH done } - rm -fr $out/lib/modules/fglrx # don't think those .a files are needed. They cause failure of the mod + rm -f $out/lib/fglrx/switchlibglx && rm -f $out/lib/fglrx/switchlibGL } diff --git a/pkgs/os-specific/linux/ati-drivers/default.nix b/pkgs/os-specific/linux/ati-drivers/default.nix index bb0888855095..377297feaf75 100644 --- a/pkgs/os-specific/linux/ati-drivers/default.nix +++ b/pkgs/os-specific/linux/ati-drivers/default.nix @@ -1,9 +1,6 @@ -{ stdenv, fetchurl, kernel ? null, which, imake -, mesa # for fgl_glxgears -, libXxf86vm, xf86vidmodeproto # for fglrx_gamma -, xorg, makeWrapper, glibc, patchelf -, unzip -, qt4 # for amdcccle +{ stdenv, fetchurl, kernel ? null, which +, xorg, makeWrapper, glibc, patchelf, unzip +, fontconfig, freetype, mesa # for fgl_glxgears , # Whether to build the libraries only (i.e. not the kernel module or # driver utils). Used to support 32-bit binaries on 64-bit # Linux. @@ -12,6 +9,15 @@ assert (!libsOnly) -> kernel != null; +with stdenv.lib; + +let + version = "15.7"; +in + +# This derivation requires a maximum of gcc49, Linux kernel 4.1 and xorg.xserver 1.17 +# and will not build or run using versions newer + # If you want to use a different Xorg version probably # DIR_DEPENDING_ON_XORG_VERSION in builder.sh has to be adopted (?) # make sure libglx.so of ati is used. xorg.xorgserver does provide it as well @@ -20,23 +26,37 @@ assert (!libsOnly) -> kernel != null; # See http://thread.gmane.org/gmane.linux.distributions.nixos/4145 for a # workaround (TODO) -# The gentoo ebuild contains much more magic and is usually a great resource to -# find patches :) +# The gentoo ebuild contains much more "magic" and is usually a great resource to +# find patches XD # http://wiki.cchtml.com/index.php/Main_Page -# There is one issue left: +# # /usr/lib/dri/fglrx_dri.so must point to /run/opengl-driver/lib/fglrx_dri.so - -with stdenv.lib; +# This is done in the builder script. stdenv.mkDerivation { - name = "ati-drivers-15.7" + (optionalString (!libsOnly) "-${kernel.version}"); - builder = ./builder.sh; + linuxonly = + if stdenv.system == "i686-linux" then + true + else if stdenv.system == "x86_64-linux" then + true + else throw "ati-drivers are Linux only. Sorry. The build was stopped."; - inherit libXxf86vm xf86vidmodeproto; + name = "ati-drivers-${version}" + (optionalString (!libsOnly) "-${kernel.version}"); + + builder = ./builder.sh; gcc = stdenv.cc.cc; + libXinerama = xorg.libXinerama; + libXrandr = xorg.libXrandr; + libXrender = xorg.libXrender; + libXxf86vm = xorg.libXxf86vm; + xf86vidmodeproto = xorg.xf86vidmodeproto; + libSM = xorg.libSM; + libICE = xorg.libICE; + libfreetype = freetype; + libfontconfig = fontconfig; src = fetchurl { url = "http://www2.ati.com/drivers/linux/amd-driver-installer-15.20.1046-x86.x86_64.zip"; @@ -44,16 +64,19 @@ stdenv.mkDerivation { curlOpts = "--referer http://support.amd.com/en-us/download/desktop?os=Linux%20x86_64"; }; - patchPhase = "patch -p1 < ${./kernel-api-fixes.patch}"; patchPhaseSamples = "patch -p2 < ${./patch-samples.patch}"; + patchPhase1 = "patch -p1 < ${./kernel-api-fixes.patch}"; buildInputs = - [ xorg.libXext xorg.libX11 xorg.libXinerama - xorg.libXrandr which imake makeWrapper + [ xorg.libXrender xorg.libXext xorg.libX11 xorg.libXinerama xorg.libSM + xorg.libXrandr xorg.libXxf86vm xorg.xf86vidmodeproto xorg.imake xorg.libICE patchelf unzip mesa - qt4 + fontconfig + freetype + makeWrapper + which ]; inherit libsOnly; @@ -63,26 +86,37 @@ stdenv.mkDerivation { inherit glibc /* glibc only used for setting interpreter */; LD_LIBRARY_PATH = stdenv.lib.concatStringsSep ":" - [ "${xorg.libXrandr}/lib" - "${xorg.libXrender}/lib" - "${xorg.libXext}/lib" - "${xorg.libX11}/lib" - "${xorg.libXinerama}/lib" + [ "${xorg.libXrandr}/lib/" + "${xorg.libXrender}/lib/" + "${xorg.libXext}/lib/" + "${xorg.libX11}/lib/" + "${xorg.libXinerama}/lib/" + "${xorg.libSM}/lib/" + "${xorg.libICE}/lib/" + "${stdenv.cc.cc}/lib/" ]; # without this some applications like blender don't start, but they start # with nvidia. This causes them to be symlinked to $out/lib so that they # appear in /run/opengl-driver/lib which get's added to LD_LIBRARY_PATH - extraDRIlibs = [ xorg.libXext ]; - inherit mesa qt4; # only required to build examples and amdcccle + extraDRIlibs = [ xorg.libXrandr xorg.libXrender xorg.libXext xorg.libX11 xorg.libXinerama xorg.libSM xorg.libICE ]; + + inherit mesa; # only required to build the examples + + enableParallelBuilding = true; meta = with stdenv.lib; { - description = "ATI drivers"; + description = "ATI Catalyst display drivers"; homepage = http://support.amd.com/us/gpudownload/Pages/index.aspx; license = licenses.unfree; maintainers = with maintainers; [ marcweber offline jgeerds ]; platforms = platforms.linux; hydraPlatforms = []; + # Copied from the nvidia default.nix to prevent a store collision. + priority = 4; }; + + + } diff --git a/pkgs/os-specific/linux/bluez/bluez5.nix b/pkgs/os-specific/linux/bluez/bluez5.nix index 753771bf44e0..cc132ddc397e 100644 --- a/pkgs/os-specific/linux/bluez/bluez5.nix +++ b/pkgs/os-specific/linux/bluez/bluez5.nix @@ -5,11 +5,11 @@ assert stdenv.isLinux; stdenv.mkDerivation rec { - name = "bluez-5.36"; + name = "bluez-5.37"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/${name}.tar.xz"; - sha256 = "1wkqwmi5krr37mxcqqlp5m2xnw7vw70v3ww7j09vvlskxcdflhx3"; + sha256 = "c14ba9ddcb0055522073477b8fd8bf1ddf5d219e75fdfd4699b7e0ce5350d6b0"; }; pythonPath = with pythonPackages; diff --git a/pkgs/os-specific/linux/firmware/rt5677/default.nix b/pkgs/os-specific/linux/firmware/rt5677/default.nix new file mode 100644 index 000000000000..46716b3f4900 --- /dev/null +++ b/pkgs/os-specific/linux/firmware/rt5677/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchgit }: + +stdenv.mkDerivation { + name = "rt5677-firmware"; + + src = fetchgit { + url = "https://github.com/raphael/linux-samus"; + rev = "995de6c2093797905fbcd79f1a3625dd3f50be37"; + sha256 = "6e59f7ce24122eb9474e7863e63729de632e4c7afcb8f08534cb2102007f8381"; + }; + + + installPhase = '' + mkdir -p $out/lib/firmware + cp ./firmware/rt5677_elf_vad $out/lib/firmware + ''; + + meta = with stdenv.lib; { + description = "Firmware for Realtek rt5677 device"; + license = licenses.unfreeRedistributableFirmware; + maintainers = [ maintainers.zohl ]; + }; +} diff --git a/pkgs/os-specific/linux/kernel/chromiumos-patches/fix-double-Kconfig-entry-3.14.patch b/pkgs/os-specific/linux/kernel/chromiumos-patches/fix-double-Kconfig-entry-3.14.patch new file mode 100644 index 000000000000..7fdcafa62d9d --- /dev/null +++ b/pkgs/os-specific/linux/kernel/chromiumos-patches/fix-double-Kconfig-entry-3.14.patch @@ -0,0 +1,47 @@ +From de6299c1627d80ea6742a0bef15bdb6981e5cfd7 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov <ab@fmap.me> +Date: Fri, 25 Dec 2015 17:11:40 +0300 +Subject: [PATCH 1/2] drivers_base: fix double Kconfig entry + +--- + drivers/base/Kconfig | 24 ------------------------ + 1 file changed, 24 deletions(-) + +diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig +index 946ced4..fc3405e1 100644 +--- a/drivers/base/Kconfig ++++ b/drivers/base/Kconfig +@@ -163,30 +163,6 @@ config FW_LOADER_USER_HELPER + no longer required unless you have a special firmware file that + resides in a non-standard path. + +-config WANT_DEV_COREDUMP +- bool +- help +- Drivers should "select" this option if they desire to use the +- device coredump mechanism. +- +-config ALLOW_DEV_COREDUMP +- bool "Allow device coredump" if EXPERT +- default y +- help +- This option controls if the device coredump mechanism is available or +- not; if disabled, the mechanism will be omitted even if drivers that +- can use it are enabled. +- Say 'N' for more sensitive systems or systems that don't want +- to ever access the information to not have the code, nor keep any +- data. +- +- If unsure, say Y. +- +-config DEV_COREDUMP +- bool +- default y if WANT_DEV_COREDUMP +- depends on ALLOW_DEV_COREDUMP +- + config DEBUG_DRIVER + bool "Driver Core verbose debug messages" + depends on DEBUG_KERNEL +-- +2.6.3 + diff --git a/pkgs/os-specific/linux/kernel/chromiumos-patches/fix-double-Kconfig-entry-3.18.patch b/pkgs/os-specific/linux/kernel/chromiumos-patches/fix-double-Kconfig-entry-3.18.patch new file mode 100644 index 000000000000..2d8af8fa7459 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/chromiumos-patches/fix-double-Kconfig-entry-3.18.patch @@ -0,0 +1,48 @@ +diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig +index 48398b4..0e37f7d 100644 +--- a/drivers/base/Kconfig ++++ b/drivers/base/Kconfig +@@ -198,30 +198,6 @@ config DEV_COREDUMP + default y if WANT_DEV_COREDUMP + depends on ALLOW_DEV_COREDUMP + +-config WANT_DEV_COREDUMP +- bool +- help +- Drivers should "select" this option if they desire to use the +- device coredump mechanism. +- +-config ALLOW_DEV_COREDUMP +- bool "Allow device coredump" if EXPERT +- default y +- help +- This option controls if the device coredump mechanism is available or +- not; if disabled, the mechanism will be omitted even if drivers that +- can use it are enabled. +- Say 'N' for more sensitive systems or systems that don't want +- to ever access the information to not have the code, nor keep any +- data. +- +- If unsure, say Y. +- +-config DEV_COREDUMP +- bool +- default y if WANT_DEV_COREDUMP +- depends on ALLOW_DEV_COREDUMP +- + config DEBUG_DRIVER + bool "Driver Core verbose debug messages" + depends on DEBUG_KERNEL +diff --git a/drivers/mfd/Kconfig b/drivers/mfd/Kconfig +index 58154a9..53a0d73 100644 +--- a/drivers/mfd/Kconfig ++++ b/drivers/mfd/Kconfig +@@ -81,7 +81,7 @@ config MFD_AXP20X + + config MFD_CROS_EC + tristate "Support ChromeOS Embedded Controller" +- depends on MFD_CORE ++ select MFD_CORE + help + If you say Y here you get support for the ChromeOS Embedded + Controller (EC) providing keyboard, battery and power services. diff --git a/pkgs/os-specific/linux/kernel/chromiumos-patches/mfd-fix-dependency.patch b/pkgs/os-specific/linux/kernel/chromiumos-patches/mfd-fix-dependency.patch new file mode 100644 index 000000000000..f17ecce92d1c --- /dev/null +++ b/pkgs/os-specific/linux/kernel/chromiumos-patches/mfd-fix-dependency.patch @@ -0,0 +1,25 @@ +From 65c5b603489d230b1f1775b01ba1529843cfeba6 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov <ab@fmap.me> +Date: Fri, 25 Dec 2015 17:11:56 +0300 +Subject: [PATCH 2/2] mfd: fix dependency for MFD_CROS_EC + +--- + drivers/mfd/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/mfd/Kconfig b/drivers/mfd/Kconfig +index f425dce..a62a285 100644 +--- a/drivers/mfd/Kconfig ++++ b/drivers/mfd/Kconfig +@@ -61,7 +61,7 @@ config MFD_AAT2870_CORE + + config MFD_CROS_EC + tristate "Support ChromeOS Embedded Controller" +- depends on MFD_CORE ++ select MFD_CORE + help + If you say Y here you get support for the ChromeOS Embedded + Controller (EC) providing keyboard, battery and power services. +-- +2.6.3 + diff --git a/pkgs/os-specific/linux/kernel/chromiumos-patches/no-link-restrictions.patch b/pkgs/os-specific/linux/kernel/chromiumos-patches/no-link-restrictions.patch new file mode 100644 index 000000000000..ce19dd5d1696 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/chromiumos-patches/no-link-restrictions.patch @@ -0,0 +1,15 @@ +diff --git a/fs/namei.c b/fs/namei.c +index d999a86..eb6e530 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -703,8 +703,8 @@ static inline void put_link(struct nameidata *nd, struct path *link, void *cooki + path_put(link); + } + +-int sysctl_protected_symlinks __read_mostly = 1; +-int sysctl_protected_hardlinks __read_mostly = 1; ++int sysctl_protected_symlinks __read_mostly = 0; ++int sysctl_protected_hardlinks __read_mostly = 0; + + /** + * may_follow_link - Check symlink following for unsafe situations diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 8179211ba5ca..90b4a6a48244 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -147,7 +147,7 @@ with stdenv.lib; # Video configuration. # Enable KMS for devices whose X.org driver supports it. - ${optionalString (versionOlder version "4.3") '' + ${optionalString (versionOlder version "4.3" && !(features.chromiumos or false)) '' DRM_I915_KMS y ''} # Allow specifying custom EDID on the kernel command line @@ -504,6 +504,67 @@ with stdenv.lib; # Disable the firmware helper fallback, udev doesn't implement it any more FW_LOADER_USER_HELPER_FALLBACK? n + # ChromiumOS support + ${optionalString (features.chromiumos or false) '' + CHROME_PLATFORMS y + VGA_SWITCHEROO n + MMC_SDHCI_PXAV2 n + NET_IPVTI n + IPV6_VTI n + REGULATOR_FIXED_VOLTAGE n + TPS6105X n + CPU_FREQ_STAT y + IPV6 y + MFD_CROS_EC y + MFD_CROS_EC_LPC y + MFD_CROS_EC_DEV y + CHARGER_CROS_USB_PD y + I2C y + MEDIA_SUBDRV_AUTOSELECT n + VIDEO_IR_I2C n + BLK_DEV_DM y + ANDROID_PARANOID_NETWORK n + DM_VERITY n + DRM_VGEM n + CPU_FREQ_GOV_INTERACTIVE n + INPUT_KEYRESET n + DM_BOOTCACHE n + UID_CPUTIME n + + ${optionalString (versionAtLeast version "3.18") '' + CPUFREQ_DT n + EXTCON_CROS_EC n + DRM_POWERVR_ROGUE n + CHROMEOS_OF_FIRMWARE y + TEST_RHASHTABLE n + BCMDHD n + TRUSTY n + ''} + + ${optionalString (versionOlder version "3.18") '' + MALI_MIDGARD n + DVB_USB_DIB0700 n + DVB_USB_DW2102 n + DVB_USB_PCTV452E n + DVB_USB_TTUSB2 n + DVB_USB_AF9015 n + DVB_USB_AF9035 n + DVB_USB_ANYSEE n + DVB_USB_AZ6007 n + DVB_USB_IT913X n + DVB_USB_LME2510 n + DVB_USB_RTL28XXU n + USB_S2255 n + VIDEO_EM28XX n + VIDEO_TM6000 n + USB_DWC2 n + USB_GSPCA n + SPEAKUP n + XO15_EBOOK n + USB_GADGET n + ''} + ''} + ${kernelPlatform.kernelExtraConfig or ""} ${extraConfig} '' diff --git a/pkgs/os-specific/linux/kernel/cve-2016-0728.patch b/pkgs/os-specific/linux/kernel/cve-2016-0728.patch new file mode 100644 index 000000000000..5eec95c62930 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/cve-2016-0728.patch @@ -0,0 +1,78 @@ +From 05fd13592b60c3e9873f56705f80ff934e98b046 Mon Sep 17 00:00:00 2001 +From: David Howells <dhowells@redhat.com> +Date: Mon, 18 Jan 2016 10:53:31 +0000 +Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring() + +This fixes CVE-2016-0728. + +If a thread is asked to join as a session keyring the keyring that's already +set as its session, we leak a keyring reference. + +This can be tested with the following program: + + #include <stddef.h> + #include <stdio.h> + #include <sys/types.h> + #include <keyutils.h> + + int main(int argc, const char *argv[]) + { + int i = 0; + key_serial_t serial; + + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + + if (keyctl(KEYCTL_SETPERM, serial, + KEY_POS_ALL | KEY_USR_ALL) < 0) { + perror("keyctl"); + return -1; + } + + for (i = 0; i < 100; i++) { + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + } + + return 0; + } + +If, after the program has run, there something like the following line in +/proc/keys: + +3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty + +with a usage count of 100 * the number of times the program has been run, +then the kernel is malfunctioning. If leaked-keyring has zero usages or +has been garbage collected, then the problem is fixed. + +Reported-by: Yevgeny Pats <yevgeny@perception-point.io> +Signed-off-by: David Howells <dhowells@redhat.com> +RH-bugzilla: 1298036 +--- + security/keys/process_keys.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c +index 43b4cddbf2b3..7877e5cd4e23 100644 +--- a/security/keys/process_keys.c ++++ b/security/keys/process_keys.c +@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) + ret = PTR_ERR(keyring); + goto error2; + } else if (keyring == new->session_keyring) { ++ key_put(keyring); + ret = 0; + goto error2; + } +-- +2.5.0 + diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index b42892f9f2d8..59d3642e6227 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -23,6 +23,7 @@ # symbolic name and `patch' is the actual patch. The patch may # optionally be compressed with gzip or bzip2. kernelPatches ? [] +, ignoreConfigErrors ? stdenv.platform.name != "pc" , extraMeta ? {} , ... }: @@ -41,14 +42,13 @@ let in lib.concatStringsSep "\n" ([baseConfig] ++ configFromPatches); configfile = stdenv.mkDerivation { + inherit ignoreConfigErrors; name = "linux-config-${version}"; generateConfig = ./generate-config.pl; kernelConfig = kernelConfigFun config; - ignoreConfigErrors = stdenv.platform.name != "pc"; - nativeBuildInputs = [ perl ]; platformName = stdenv.platform.name; diff --git a/pkgs/os-specific/linux/kernel/genksyms-fix-segfault.patch b/pkgs/os-specific/linux/kernel/genksyms-fix-segfault.patch new file mode 100644 index 000000000000..47ae77a5a54d --- /dev/null +++ b/pkgs/os-specific/linux/kernel/genksyms-fix-segfault.patch @@ -0,0 +1,19 @@ +diff --git a/scripts/genksyms/genksyms.c b/scripts/genksyms/genksyms.c +index 88632df..ba6cfa9 100644 +--- a/scripts/genksyms/genksyms.c ++++ b/scripts/genksyms/genksyms.c +@@ -233,11 +233,11 @@ static struct symbol *__add_symbol(const char *name, enum symbol_type type, + free_list(last_enum_expr, NULL); + last_enum_expr = NULL; + enum_counter = 0; +- if (!name) +- /* Anonymous enum definition, nothing more to do */ +- return NULL; + } + ++ if (!name) ++ return NULL; ++ + h = crc32(name) % HASH_BUCKETS; + for (sym = symtab[h]; sym; sym = sym->hash_next) { + if (map_to_ns(sym->type) == map_to_ns(type) && diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix index a231b551dc06..6a4531d9deb4 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix @@ -9,6 +9,8 @@ import ./generic.nix (args // rec { sha256 = "0z0jdix1mfpnnc8cxw7rzpnhxdayckpnrasvxi1qf0dwhcqgk92d"; }; + kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix index 7ed6cd142d15..1e58d4e50291 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix @@ -9,6 +9,8 @@ import ./generic.nix (args // rec { sha256 = "1bn07wsrcbg4qgqd4v2810c3qc0ifbcza0fyj8s54yd78g9qj4lj"; }; + kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.14.nix b/pkgs/os-specific/linux/kernel/linux-3.14.nix index 987452618f04..62f1be8b92b1 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.14.nix @@ -10,6 +10,8 @@ import ./generic.nix (args // rec { sha256 = "0jw1023cpn4bjmi0db86lrxri9xj75cj8p2iqs44jabvh35idl7l"; }; + kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index 24a568f5feb1..86258308c1e0 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -9,6 +9,8 @@ import ./generic.nix (args // rec { sha256 = "14pz8mvk48i2y1ffkhczjcm2icpb2g9xlpzyrvvis42n5178fjf6"; }; + kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-4.1.nix b/pkgs/os-specific/linux/kernel/linux-4.1.nix index d9efce840fab..29d4870597a3 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.1.nix @@ -9,6 +9,8 @@ import ./generic.nix (args // rec { sha256 = "18sr0dl5ax6pcx6nqp9drb4l6a38g07vxihiqpbwb231jv68h8j7"; }; + kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-4.2.nix b/pkgs/os-specific/linux/kernel/linux-4.2.nix deleted file mode 100644 index 6d2deead3a2a..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-4.2.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ stdenv, fetchurl, perl, buildLinux, ... } @ args: - -import ./generic.nix (args // rec { - version = "4.2.6"; - # Remember to update grsecurity! - extraMeta.branch = "4.2"; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0p7v6v3v9kn7w5iragi5hx0dylhis0jy6xmk77gka486q1ynpnqp"; - }; - - features.iwlwifi = true; - features.efiBootStub = true; - features.needsCifsUtils = true; - features.canDisableNetfilterConntrackHelpers = true; - features.netfilterRPFilter = true; -} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.3.nix b/pkgs/os-specific/linux/kernel/linux-4.3.nix index 1a33f4828cd1..8d590a72d743 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.3.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.3.nix @@ -10,6 +10,8 @@ import ./generic.nix (args // rec { sha256 = "8cad4ce7d049c2ecc041b0844bd478bf85f0d3071c93e0c885a776d57cbca3cf"; }; + kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 36a297b95e57..cf17e915f8bf 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -10,6 +10,8 @@ import ./generic.nix (args // rec { sha256 = "401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2"; }; + kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-chromiumos-3.14.nix b/pkgs/os-specific/linux/kernel/linux-chromiumos-3.14.nix new file mode 100644 index 000000000000..fb52b14c9ae3 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-chromiumos-3.14.nix @@ -0,0 +1,19 @@ +{ stdenv, fetchgit, perl, buildLinux, ncurses, openssh, ... } @ args: + +import ./generic.nix (args // rec { + version = "3.14.0"; + extraMeta.branch = "3.14"; + + src = fetchgit { + url = "https://chromium.googlesource.com/chromiumos/third_party/kernel"; + rev = "63a768b40c91c6f3518ea1f20d0cb664ed4e6a57"; + sha256 = "613527a032699be32c18d3f5d8d4c215d7718279a1c372c9f371d4e6c0b9cc34"; + }; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; + features.chromiumos = true; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-chromiumos-3.18.nix b/pkgs/os-specific/linux/kernel/linux-chromiumos-3.18.nix new file mode 100644 index 000000000000..9ab3f70c97fc --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-chromiumos-3.18.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchgit, perl, buildLinux, ncurses, ... } @ args: + +import ./generic.nix (args // rec { + version = "3.18.0"; + extraMeta.branch = "3.18"; + + src = fetchgit { + url = "https://chromium.googlesource.com/chromiumos/third_party/kernel"; + rev = "3179ec7e3f07fcc3ca35817174c5fc6584030ab3"; + sha256 = "0hfa97fs216x8q20fsmw02kvf6mw6c6zczfjk2bpym6v7zxdzj28"; + }; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; + features.chromiumos = true; + + extraMeta.hydraPlatforms = []; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-mptcp.nix b/pkgs/os-specific/linux/kernel/linux-mptcp.nix new file mode 100644 index 000000000000..2b0e3017979f --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-mptcp.nix @@ -0,0 +1,49 @@ +{ stdenv, fetchurl, perl, buildLinux, ... } @ args: + +import ./generic.nix (args // rec { + mptcpVersion = "0.90"; + modDirVersion = "3.18.20"; + version = "${modDirVersion}-mptcp_v${mptcpVersion}"; + + extraMeta = { + branch = "3.18"; + maintainer = stdenv.lib.maintainers.layus; + }; + + src = fetchurl { + url = "https://github.com/multipath-tcp/mptcp/archive/v${mptcpVersion}.tar.gz"; + sha256 = "1wzdvd1j1wqjkysj98g451y6mxr9a5hff5kn9inxwbzm9yg4icj5"; + }; + + extraConfig = '' + IPV6 y + MPTCP y + IP_MULTIPLE_TABLES y + + # Enable advanced path-managers... + MPTCP_PM_ADVANCED y + MPTCP_FULLMESH y + MPTCP_NDIFFPORTS y + # ... but use none by default. + # The default is safer if source policy routing is not setup. + DEFAULT_DUMMY y + DEFAULT_MPTCP_PM "default" + + # MPTCP scheduler selection. + # Disabled as the only non-default is the useless round-robin. + MPTCP_SCHED_ADVANCED n + DEFAULT_MPTCP_SCHED "default" + + # Smarter TCP congestion controllers + TCP_CONG_LIA m + TCP_CONG_OLIA m + TCP_CONG_WVEGAS m + TCP_CONG_BALIA m + ''; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index cd34819a8489..c74c4c5a944b 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -87,10 +87,10 @@ rec { }; grsecurity_unstable = grsecPatch - { kversion = "4.2.3"; - revision = "201510130858"; + { kversion = "4.3.3"; + revision = "201601051958"; branch = "test"; - sha256 = "0ndzcx9i94c065dlyvgykmin5bfkbydrv0kxxq52a4c9is6nlsrb"; + sha256 = "0hdf9fp5kyd9g8p3qp76jwqvqf561k61wynsq7q9aabvy0p1s18k"; }; grsec_fix_path = @@ -103,4 +103,29 @@ rec { patch = ./crc-regression.patch; }; + genksyms_fix_segfault = + { name = "genksyms-fix-segfault"; + patch = ./genksyms-fix-segfault.patch; + }; + + + chromiumos_Kconfig_fix_entries_3_14 = + { name = "Kconfig_fix_entries_3_14"; + patch = ./chromiumos-patches/fix-double-Kconfig-entry-3.14.patch; + }; + + chromiumos_Kconfig_fix_entries_3_18 = + { name = "Kconfig_fix_entries_3_18"; + patch = ./chromiumos-patches/fix-double-Kconfig-entry-3.18.patch; + }; + + chromiumos_no_link_restrictions = + { name = "chromium-no-link-restrictions"; + patch = ./chromiumos-patches/no-link-restrictions.patch; + }; + + chromiumos_mfd_fix_dependency = + { name = "mfd_fix_dependency"; + patch = ./chromiumos-patches/mfd-fix-dependency.patch; + }; } diff --git a/pkgs/os-specific/linux/lvm2/default.nix b/pkgs/os-specific/linux/lvm2/default.nix index 0e6bf512aa26..351c2f609814 100644 --- a/pkgs/os-specific/linux/lvm2/default.nix +++ b/pkgs/os-specific/linux/lvm2/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, pkgconfig, udev, utillinux, coreutils, enable_dmeventd ? false }: let - version = "2.02.132"; + version = "2.02.140"; in stdenv.mkDerivation { @@ -9,7 +9,7 @@ stdenv.mkDerivation { src = fetchurl { url = "ftp://sources.redhat.com/pub/lvm2/releases/LVM2.${version}.tgz"; - sha256 = "0ac8izssflj371zzar16965zlia6a6zd97i0n00jxfxssnfa0fj1"; + sha256 = "1jd46diyv7074fw8kxwq7imn4pl76g01d8y7z4scq0lkxf8jmpai"; }; configureFlags = [ diff --git a/pkgs/os-specific/linux/mmc-utils/default.nix b/pkgs/os-specific/linux/mmc-utils/default.nix new file mode 100644 index 000000000000..8f7881b13e8f --- /dev/null +++ b/pkgs/os-specific/linux/mmc-utils/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchgit }: + +stdenv.mkDerivation rec { + name = "mmc-utils-${version}"; + version = "2015-11-18"; + + src = fetchgit { + url = "git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc-utils.git"; + rev = "44f94b925894577f9ffcf2c418dd013a5e582648"; + sha256 = "1c1g9jpyhykhmidz7mjzrf63w3xlzqkijrqz1g6j4dz6p9pv1gax"; + }; + + installPhase = '' + make install prefix=$out + mkdir -p $out/share/man/man1 + cp man/mmc.1 $out/share/man/man1/ + ''; + + meta = with stdenv.lib; { + description = "Configure MMC storage devices from userspace"; + homepage = http://git.kernel.org/cgit/linux/kernel/git/cjb/mmc-utils.git/; + license = licenses.gpl2; + maintainers = [ maintainers.dezgeg ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/os-specific/linux/multipath-tools/default.nix b/pkgs/os-specific/linux/multipath-tools/default.nix index 3da37a89923a..ba69b421c3d3 100644 --- a/pkgs/os-specific/linux/multipath-tools/default.nix +++ b/pkgs/os-specific/linux/multipath-tools/default.nix @@ -1,30 +1,32 @@ { stdenv, fetchurl, lvm2, libaio, gzip, readline, udev }: stdenv.mkDerivation rec { - name = "multipath-tools-0.4.9"; + name = "multipath-tools-0.5.0"; src = fetchurl { url = "http://christophe.varoqui.free.fr/multipath-tools/${name}.tar.bz2"; - sha256 = "04n7kazp1zrlqfza32phmqla0xkcq4zwn176qff5ida4a60whi4d"; + sha256 = "1yd6l1l1c62xjr1xnij2x49kr416anbgfs4y06r86kp9hkmz2g7i"; }; - sourceRoot = "."; + postPatch = '' + sed -i -re ' + s,^( *#define +DEFAULT_MULTIPATHDIR\>).*,\1 "'"$out/lib/multipath"'", + ' libmultipath/defaults.h + sed -i -e 's,\$(DESTDIR)/\(usr/\)\?,$(prefix)/,g' \ + kpartx/Makefile libmpathpersist/Makefile + ''; - buildInputs = [ lvm2 libaio readline ]; + nativeBuildInputs = [ gzip ]; + buildInputs = [ udev lvm2 libaio readline ]; - preBuild = - '' - makeFlagsArray=(GZIP="${gzip}/bin/gzip -9n -c" prefix=$out mandir=$out/share/man/man8 man5dir=$out/share/man/man5 LIB=lib) - - substituteInPlace multipath/Makefile --replace /etc $out/etc - substituteInPlace kpartx/Makefile --replace /etc $out/etc - - substituteInPlace kpartx/kpartx.rules --replace /sbin/kpartx $out/sbin/kpartx - substituteInPlace kpartx/kpartx_id --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup - - substituteInPlace libmultipath/defaults.h --replace /lib/udev/scsi_id ${udev}/lib/udev/scsi_id - substituteInPlace libmultipath/hwtable.c --replace /lib/udev/scsi_id ${udev}/lib/udev/scsi_id - ''; + makeFlags = [ + "LIB=lib" + "prefix=$(out)" + "mandir=$(out)/share/man/man8" + "man5dir=$(out)/share/man/man5" + "man3dir=$(out)/share/man/man3" + "unitdir=$(out)/lib/systemd/system" + ]; meta = { description = "Tools for the Linux multipathing driver"; diff --git a/pkgs/os-specific/linux/paxtest/default.nix b/pkgs/os-specific/linux/paxtest/default.nix new file mode 100644 index 000000000000..7c8e5eb70a15 --- /dev/null +++ b/pkgs/os-specific/linux/paxtest/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "paxtest-${version}"; + version = "0.9.14"; + + src = fetchurl { + url = "https://www.grsecurity.net/~spender/${name}.tar.gz"; + sha256 = "0j40h3x42k5mr5gc5np4wvr9cdf9szk2f46swf42zny8rlgxiskx"; + }; + + buildPhase = '' + make $makeFlags RUNDIR=$out/bin/ linux + ''; + + installPhase = '' + mkdir -p $out/bin + find . -executable -exec cp {} $out/bin \; + ''; + + meta = with stdenv.lib; { + description = "Test various memory protection measures"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainer = [ maintainers.copumpkin ]; + }; +} + diff --git a/pkgs/os-specific/linux/spl/const.patch b/pkgs/os-specific/linux/spl/const.patch index 3bfcaa22b13c..932e8a9eb1c4 100644 --- a/pkgs/os-specific/linux/spl/const.patch +++ b/pkgs/os-specific/linux/spl/const.patch @@ -1,10 +1,10 @@ diff --git a/module/spl/spl-proc.c b/module/spl/spl-proc.c -index f25239a..b731123 100644 +index eb00505..6f38cef 100644 --- a/module/spl/spl-proc.c +++ b/module/spl/spl-proc.c -@@ -38,7 +38,7 @@ - - #define SS_DEBUG_SUBSYS SS_PROC +@@ -36,7 +36,7 @@ + #include <linux/uaccess.h> + #include <linux/version.h> -#if defined(CONSTIFY_PLUGIN) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,8,0) +#if defined(CONSTIFY_PLUGIN) diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix index b8aad109c5a8..959523ec5971 100644 --- a/pkgs/os-specific/linux/spl/default.nix +++ b/pkgs/os-specific/linux/spl/default.nix @@ -17,13 +17,13 @@ assert buildKernel -> kernel != null; stdenv.mkDerivation rec { name = "spl-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}"; - version = "0.6.5.3"; + version = "0.6.5.4"; src = fetchFromGitHub { owner = "zfsonlinux"; repo = "spl"; rev = "spl-${version}"; - sha256 = "0lj57apwsy8cfwsvg9z62k71r3qms2p87lgcdk54g7352cwziqps"; + sha256 = "0k80xvl15ahbs0mylfl2bd5widxhngpf7dl6zq46s21wk0795jl4"; }; patches = [ ./const.patch ./install_prefix.patch ]; diff --git a/pkgs/os-specific/linux/spl/install_prefix.patch b/pkgs/os-specific/linux/spl/install_prefix.patch index 0f12f531f7ae..dc91392bd2fe 100644 --- a/pkgs/os-specific/linux/spl/install_prefix.patch +++ b/pkgs/os-specific/linux/spl/install_prefix.patch @@ -1,5 +1,5 @@ diff --git a/Makefile.am b/Makefile.am -index 89af931..674420c 100644 +index 4977448..ac17217 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,10 +12,10 @@ endif @@ -40,10 +40,10 @@ index e0da4b3..d6d7af0 100644 kernel_HEADERS = $(KERNEL_H) endif diff --git a/include/linux/Makefile.am b/include/linux/Makefile.am -index 1cca44a..e0d843b 100644 +index 712e94e..4af9fb7 100644 --- a/include/linux/Makefile.am +++ b/include/linux/Makefile.am -@@ -19,6 +19,6 @@ USER_H = +@@ -18,6 +18,6 @@ USER_H = EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) if CONFIG_KERNEL @@ -76,10 +76,10 @@ index 10e7093..febecdf 100644 kernel_HEADERS = $(KERNEL_H) endif diff --git a/include/sys/Makefile.am b/include/sys/Makefile.am -index 2d21c57..3958cfd 100644 +index 73c4a84..31a9f50 100644 --- a/include/sys/Makefile.am +++ b/include/sys/Makefile.am -@@ -104,7 +104,7 @@ USER_H = +@@ -107,7 +107,7 @@ USER_H = EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H) if CONFIG_KERNEL @@ -125,7 +125,7 @@ index 63d9af3..de1aa18 100644 kernel_HEADERS = $(KERNEL_H) endif diff --git a/include/util/Makefile.am b/include/util/Makefile.am -index b721b50..cbb9a05 100644 +index e2bf09f..3f5d6ce 100644 --- a/include/util/Makefile.am +++ b/include/util/Makefile.am @@ -9,6 +9,6 @@ USER_H = @@ -149,7 +149,7 @@ index 7faab0a..8148b3d 100644 kernel_HEADERS = $(KERNEL_H) endif diff --git a/module/Makefile.in b/module/Makefile.in -index 41c1010..3141397 100644 +index d4e62e1..73fa01c 100644 --- a/module/Makefile.in +++ b/module/Makefile.in @@ -21,15 +21,15 @@ clean: @@ -162,8 +162,9 @@ index 41c1010..3141397 100644 KERNELRELEASE=@LINUX_VERSION@ @# Remove extraneous build products when packaging - kmoddir=$(DESTDIR)$(INSTALL_MOD_PATH)/lib/modules/@LINUX_VERSION@; \ +- if [ -n "$(DESTDIR)" ]; then \ + kmoddir=@prefix@/$(INSTALL_MOD_PATH)/lib/modules/@LINUX_VERSION@; \ - if [ -n $$kmoddir ]; then \ ++ if [ -n "@prefix@" ]; then \ find $$kmoddir -name 'modules.*' | xargs $(RM); \ fi - sysmap=$(DESTDIR)$(INSTALL_MOD_PATH)/boot/System.map-@LINUX_VERSION@; \ diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 3cff6512fe46..d13417ad032b 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub, pkgconfig, intltool, gperf, libcap, dbus, kmod , xz, pam, acl, cryptsetup, libuuid, m4, utillinux -, glib, kbd, libxslt, coreutils, libgcrypt +, glib, kbd, libxslt, coreutils, libgcrypt, libapparmor, audit, lz4 , kexectools, libmicrohttpd, linuxHeaders, libseccomp , autoreconfHook, gettext, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45 , enableKDbus ? false @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { buildInputs = [ linuxHeaders pkgconfig intltool gperf libcap kmod xz pam acl /* cryptsetup */ libuuid m4 glib libxslt libgcrypt - libmicrohttpd kexectools libseccomp + libmicrohttpd kexectools libseccomp audit lz4 libapparmor /* FIXME: we may be able to prevent the following dependencies by generating an autoconf'd tarball, but that's probably not worth it. */ @@ -45,6 +45,7 @@ stdenv.mkDerivation rec { "--enable-compat-libs" # get rid of this eventually "--disable-tests" + "--enable-lz4" "--enable-hostnamed" "--enable-networkd" "--disable-sysusers" diff --git a/pkgs/os-specific/linux/xf86-input-mtrack/default.nix b/pkgs/os-specific/linux/xf86-input-mtrack/default.nix index a4fd00e4911b..ac7e782444f5 100644 --- a/pkgs/os-specific/linux/xf86-input-mtrack/default.nix +++ b/pkgs/os-specific/linux/xf86-input-mtrack/default.nix @@ -1,34 +1,28 @@ { stdenv , fetchurl -, autoconf -, automake , utilmacros , pkgconfig -, libtool , mtdev , xorgserver , xproto , inputproto , pixman +, autoreconfHook }: stdenv.mkDerivation { name = "xf86-input-mtrack-0.3.0"; - preConfigure = "autoreconf -vfi"; - buildInputs = [ - autoconf - automake utilmacros pkgconfig - libtool mtdev xorgserver xproto inputproto pixman + autoreconfHook ]; CFLAGS = "-I${pixman}/include/pixman-1"; diff --git a/pkgs/os-specific/linux/xf86-video-nested/default.nix b/pkgs/os-specific/linux/xf86-video-nested/default.nix index 0d0639390a73..0f9e0591a060 100644 --- a/pkgs/os-specific/linux/xf86-video-nested/default.nix +++ b/pkgs/os-specific/linux/xf86-video-nested/default.nix @@ -1,5 +1,5 @@ -{ stdenv, fetchgit, autoconf, automake, fontsproto, libX11, libXext -, libtool, pixman, pkgconfig, renderproto, utilmacros, xorgserver +{ stdenv, fetchgit, autoreconfHook, fontsproto, libX11, libXext +, pixman, pkgconfig, renderproto, utilmacros, xorgserver }: stdenv.mkDerivation { @@ -12,13 +12,12 @@ stdenv.mkDerivation { }; buildInputs = - [ autoconf automake fontsproto libX11 libXext libtool pixman + [ autoreconfHook fontsproto libX11 libXext pixman pkgconfig renderproto utilmacros xorgserver ]; configurePhase = '' - autoreconf -fvi ./configure --prefix=$out CFLAGS="-I${pixman}/include/pixman-1" ''; diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index 28fc35efbd46..42da97a7a7b7 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -20,13 +20,13 @@ assert buildKernel -> kernel != null && spl != null; stdenv.mkDerivation rec { name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}"; - version = "0.6.5.3"; + version = "0.6.5.4"; src = fetchFromGitHub { owner = "zfsonlinux"; repo = "zfs"; rev = "zfs-${version}"; - sha256 = "1hq65kq50hzhd1zqgyzqq2whg1fckigq8jmhhdsnbwrwmx5y76lh"; + sha256 = "10zf1kdgmdiaaa3zmz4sz5aj5ql6v24wcwixlxbwhwc51mr46k50"; }; patches = [ ./nix-build.patch ]; diff --git a/pkgs/os-specific/linux/zfs/nix-build.patch b/pkgs/os-specific/linux/zfs/nix-build.patch index ae8e82f703af..cc9e36838c7e 100644 --- a/pkgs/os-specific/linux/zfs/nix-build.patch +++ b/pkgs/os-specific/linux/zfs/nix-build.patch @@ -1,8 +1,8 @@ diff --git a/Makefile.am b/Makefile.am -index 49b417a..f4af44d 100644 +index f8abb5f..82e8fb6 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -12,10 +12,10 @@ endif +@@ -11,10 +11,10 @@ endif if CONFIG_KERNEL SUBDIRS += module @@ -28,10 +28,10 @@ index a94cad5..a160fe2 100644 kernel_HEADERS = $(COMMON_H) $(KERNEL_H) endif diff --git a/include/linux/Makefile.am b/include/linux/Makefile.am -index d00b1c8..3242d2e 100644 +index 595d1db..d41375d 100644 --- a/include/linux/Makefile.am +++ b/include/linux/Makefile.am -@@ -17,6 +17,6 @@ libzfs_HEADERS = $(COMMON_H) $(USER_H) +@@ -18,6 +18,6 @@ libzfs_HEADERS = $(COMMON_H) $(USER_H) endif if CONFIG_KERNEL @@ -40,10 +40,10 @@ index d00b1c8..3242d2e 100644 kernel_HEADERS = $(COMMON_H) $(KERNEL_H) endif diff --git a/include/sys/Makefile.am b/include/sys/Makefile.am -index 7ddace0..8da3870 100644 +index 77ecfb2..52b3612 100644 --- a/include/sys/Makefile.am +++ b/include/sys/Makefile.am -@@ -102,6 +102,6 @@ libzfs_HEADERS = $(COMMON_H) $(USER_H) +@@ -114,6 +114,6 @@ libzfs_HEADERS = $(COMMON_H) $(USER_H) endif if CONFIG_KERNEL @@ -88,7 +88,7 @@ index 0859b9f..b0c6eec 100644 kernel_HEADERS = $(COMMON_H) $(KERNEL_H) endif diff --git a/module/Makefile.in b/module/Makefile.in -index 686402b..9cbf598 100644 +index d4ddee2..876c811 100644 --- a/module/Makefile.in +++ b/module/Makefile.in @@ -18,9 +18,9 @@ modules: @@ -107,7 +107,7 @@ index 686402b..9cbf598 100644 "*** - @SPL_OBJ@/module/@SPL_SYMBOLS@\n"; \ exit 1; \ fi -+ @# when copying a file out of the nix store, we need to make it writable again. ++ @# when copying a file out of the nix store, we need to make it writable again. + chmod +w @SPL_SYMBOLS@ $(MAKE) -C @LINUX_OBJ@ SUBDIRS=`pwd` @KERNELMAKE_PARAMS@ CONFIG_ZFS=m $@ @@ -122,8 +122,9 @@ index 686402b..9cbf598 100644 KERNELRELEASE=@LINUX_VERSION@ @# Remove extraneous build products when packaging - kmoddir=$(DESTDIR)$(INSTALL_MOD_PATH)/lib/modules/@LINUX_VERSION@; \ +- if [ -n "$(DESTDIR)" ]; then \ + kmoddir=@prefix@/$(INSTALL_MOD_PATH)/lib/modules/@LINUX_VERSION@; \ - if [ -n $$kmoddir ]; then \ ++ if [ -n "@prefix@" ]; then \ find $$kmoddir -name 'modules.*' | xargs $(RM); \ fi - sysmap=$(DESTDIR)$(INSTALL_MOD_PATH)/boot/System.map-@LINUX_VERSION@; \ |