diff options
49 files changed, 3274 insertions, 522 deletions
diff --git a/lib/platforms.nix b/lib/platforms.nix index 44a56b659c72..067670c6b3e7 100644 --- a/lib/platforms.nix +++ b/lib/platforms.nix @@ -7,7 +7,7 @@ rec { freebsd = ["i686-freebsd" "x86_64-freebsd"]; openbsd = ["i686-openbsd" "x86_64-openbsd"]; netbsd = ["i686-netbsd" "x86_64-netbsd"]; - cygwin = ["i686-cygwin"]; + cygwin = ["i686-cygwin" "x86_64-cygwin"]; unix = linux ++ darwin ++ freebsd ++ openbsd; all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd; none = []; diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index 40dc687d03bb..40362fbbb23f 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -13,11 +13,10 @@ states that a user account named <literal>alice</literal> shall exist: <programlisting> users.extraUsers.alice = - { createHome = true; + { isNormalUser = true; home = "/home/alice"; description = "Alice Foobar"; extraGroups = [ "wheel" "networkmanager" ]; - useDefaultShell = true; openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; }; </programlisting> @@ -58,11 +57,6 @@ users.extraGroups.students.gid = 1000; As with users, the group ID (gid) is optional and will be assigned automatically if it’s missing.</para> -<warning><para>Currently declarative user management is not perfect: -<command>nixos-rebuild</command> does not know how to realise certain -configuration changes. This includes removing a user or group, and -removing group membership from a user.</para></warning> - <para>In the imperative style, users and groups are managed by commands such as <command>useradd</command>, <command>groupmod</command> and so on. For instance, to create a user diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl new file mode 100644 index 000000000000..197b65e27c4b --- /dev/null +++ b/nixos/modules/config/update-users-groups.pl @@ -0,0 +1,239 @@ +use strict; +use File::Path qw(make_path); +use File::Slurp; +use JSON; + +make_path("/var/lib/nixos", { mode => 0755 }); + + +# Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in +# /etc/login.defs. +sub allocId { + my ($used, $idMin, $idMax, $up, $getid) = @_; + my $id = $up ? $idMin : $idMax; + while ($id >= $idMin && $id <= $idMax) { + if (!$used->{$id} && !defined &$getid($id)) { + $used->{$id} = 1; + return $id; + } + $used->{$id} = 1; + if ($up) { $id++; } else { $id--; } + } + die "$0: out of free UIDs or GIDs\n"; +} + +my (%gidsUsed, %uidsUsed); + +sub allocGid { + return allocId(\%gidsUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) }); +} + +sub allocUid { + my ($isSystemUser) = @_; + my ($min, $max, $up) = $isSystemUser ? (400, 499, 0) : (1000, 29999, 1); + return allocId(\%uidsUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) }); +} + + +# Read the declared users/groups. +my $spec = decode_json(read_file($ARGV[0])); + +# Don't allocate UIDs/GIDs that are already in use. +foreach my $g (@{$spec->{groups}}) { + $gidsUsed{$g->{gid}} = 1 if defined $g->{gid}; +} + +foreach my $u (@{$spec->{groups}}) { + $uidsUsed{$u->{u}} = 1 if defined $u->{uid}; +} + +# Read the current /etc/group. +sub parseGroup { + chomp; + my @f = split(':', $_, -4); + my $gid = $f[2] eq "" ? undef : int($f[2]); + $gidsUsed{$gid} = 1 if defined $gid; + return ($f[0], { name => $f[0], password => $f[1], gid => $gid, members => $f[3] }); +} + +my %groupsCur = -f "/etc/group" ? map { parseGroup } read_file("/etc/group") : (); + +# Read the current /etc/passwd. +sub parseUser { + chomp; + my @f = split(':', $_, -7); + my $uid = $f[2] eq "" ? undef : int($f[2]); + $uidsUsed{$uid} = 1 if defined $uid; + return ($f[0], { name => $f[0], fakePassword => $f[1], uid => $uid, + gid => $f[3], description => $f[4], home => $f[5], shell => $f[6] }); +} + +my %usersCur = -f "/etc/passwd" ? map { parseUser } read_file("/etc/passwd") : (); + +# Read the groups that were created declaratively (i.e. not by groups) +# in the past. These must be removed if they are no longer in the +# current spec. +my $declGroupsFile = "/var/lib/nixos/declarative-groups"; +my %declGroups; +$declGroups{$_} = 1 foreach split / /, -e $declGroupsFile ? read_file($declGroupsFile) : ""; + +# Idem for the users. +my $declUsersFile = "/var/lib/nixos/declarative-users"; +my %declUsers; +$declUsers{$_} = 1 foreach split / /, -e $declUsersFile ? read_file($declUsersFile) : ""; + + +# Generate a new /etc/group containing the declared groups. +my %groupsOut; +foreach my $g (@{$spec->{groups}}) { + my $name = $g->{name}; + my $existing = $groupsCur{$name}; + + my %members = map { ($_, 1) } @{$g->{members}}; + + if (defined $existing) { + $g->{gid} = $existing->{gid} if !defined $g->{gid}; + if ($g->{gid} != $existing->{gid}) { + warn "warning: not applying GID change of group ‘$name’\n"; + $g->{gid} = $existing->{gid}; + } + $g->{password} = $existing->{password}; # do we want this? + if ($spec->{mutableUsers}) { + # Merge in non-declarative group members. + foreach my $uname (split /,/, $existing->{members} // "") { + $members{$uname} = 1 if !defined $declUsers{$uname}; + } + } + } else { + $g->{gid} = allocGid if !defined $g->{gid}; + $g->{password} = "x"; + } + + $g->{members} = join ",", sort(keys(%members)); + $groupsOut{$name} = $g; +} + +# Update the persistent list of declarative groups. +write_file($declGroupsFile, join(" ", sort(keys %groupsOut))); + +# Merge in the existing /etc/group. +foreach my $name (keys %groupsCur) { + my $g = $groupsCur{$name}; + next if defined $groupsOut{$name}; + if (!$spec->{mutableUsers} || defined $declGroups{$name}) { + print STDERR "removing group ‘$name’\n"; + } else { + $groupsOut{$name} = $g; + } +} + + +# Rewrite /etc/group. FIXME: acquire lock. +my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" } + (sort { $a->{gid} <=> $b->{gid} } values(%groupsOut)); +write_file("/etc/group.tmp", @lines); +rename("/etc/group.tmp", "/etc/group") or die; +system("nscd --invalidate group"); + +# Generate a new /etc/passwd containing the declared users. +my %usersOut; +foreach my $u (@{$spec->{users}}) { + my $name = $u->{name}; + + # Resolve the gid of the user. + if ($u->{group} =~ /^[0-9]$/) { + $u->{gid} = $u->{group}; + } elsif (defined $groupsOut{$u->{group}}) { + $u->{gid} = $groupsOut{$u->{group}}->{gid} // die; + } else { + warn "warning: user ‘$name’ has unknown group ‘$u->{group}’\n"; + $u->{gid} = 65534; + } + + my $existing = $usersCur{$name}; + if (defined $existing) { + $u->{uid} = $existing->{uid} if !defined $u->{uid}; + if ($u->{uid} != $existing->{uid}) { + warn "warning: not applying UID change of user ‘$name’\n"; + $u->{uid} = $existing->{uid}; + } + } else { + $u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid}; + + # Create a home directory. + if ($u->{createHome}) { + make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; + chown $u->{uid}, $u->{gid}, $u->{home}; + } + } + + if (defined $u->{passwordFile}) { + if (-e $u->{passwordFile}) { + $u->{hashedPassword} = read_file($u->{passwordFile}); + chomp $u->{hashedPassword}; + } else { + warn "warning: password file ‘$u->{passwordFile}’ does not exist\n"; + } + } + + $u->{fakePassword} = $existing->{fakePassword} // "x"; + $usersOut{$name} = $u; +} + +# Update the persistent list of declarative users. +write_file($declUsersFile, join(" ", sort(keys %usersOut))); + +# Merge in the existing /etc/passwd. +foreach my $name (keys %usersCur) { + my $u = $usersCur{$name}; + next if defined $usersOut{$name}; + if (!$spec->{mutableUsers} || defined $declUsers{$name}) { + print STDERR "removing user ‘$name’\n"; + } else { + $usersOut{$name} = $u; + } +} + +# Rewrite /etc/passwd. FIXME: acquire lock. +@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" } + (sort { $a->{uid} <=> $b->{uid} } (values %usersOut)); +write_file("/etc/passwd.tmp", @lines); +rename("/etc/passwd.tmp", "/etc/passwd") or die; +system("nscd --invalidate passwd"); + + +# Rewrite /etc/shadow to add new accounts or remove dead ones. +my @shadowNew; +my %shadowSeen; + +foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) { + chomp $line; + my ($name, $password, @rest) = split(':', $line, -9); + my $u = $usersOut{$name};; + next if !defined $u; + $password = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME + push @shadowNew, join(":", $name, $password, @rest) . "\n"; + $shadowSeen{$name} = 1; +} + +foreach my $u (values %usersOut) { + next if defined $shadowSeen{$u->{name}}; + my $password = "!"; + $password = $u->{hashedPassword} if defined $u->{hashedPassword}; + # FIXME: set correct value for sp_lstchg. + push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n"; +} + +write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew); +rename("/etc/shadow.tmp", "/etc/shadow") or die; + + +# Call chpasswd to apply password. FIXME: generate the hashes directly +# and merge into the /etc/shadow updating above. +foreach my $u (@{$spec->{users}}) { + if (defined $u->{password}) { + my $pid = open(PW, "| chpasswd") or die; + print PW "$u->{name}:$u->{password}\n"; + close PW or die "unable to change password of user ‘$u->{name}’: $?\n"; + } +} diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index a55593c2bad8..d172ddb6bca7 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -7,9 +7,6 @@ let ids = config.ids; cfg = config.users; - nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers; - nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups; - passwordDescription = '' The options <literal>hashedPassword</literal>, <literal>password</literal> and <literal>passwordFile</literal> @@ -55,10 +52,8 @@ let type = with types; nullOr int; default = null; description = '' - The account UID. If the <option>mutableUsers</option> option - is false, the UID cannot be null. Otherwise, the UID might be - null, in which case a free UID is picked on activation (by the - useradd command). + The account UID. If the UID is null, a free UID is picked on + activation. ''; }; @@ -67,8 +62,7 @@ let default = false; description = '' Indicates if the user is a system user or not. This option - only has an effect if <option>mutableUsers</option> is - <literal>true</literal> and <option>uid</option> is + only has an effect if <option>uid</option> is <option>null</option>, in which case it determines whether the user's UID is allocated in the range for system users (below 500) or in the range for normal users (starting at @@ -76,6 +70,21 @@ let ''; }; + isNormalUser = mkOption { + type = types.bool; + default = false; + description = '' + Indicates whether this is an account for a “real” user. This + automatically sets <option>group</option> to + <literal>users</literal>, <option>createHome</option> to + <literal>true</literal>, <option>home</option> to + <filename>/home/<replaceable>username</replaceable></filename>, + <option>useDefaultShell</option> to <literal>true</literal>, + and <option>isSystemUser</option> to + <literal>false</literal>. + ''; + }; + group = mkOption { type = types.str; default = "nogroup"; @@ -182,22 +191,20 @@ let ${passwordDescription} ''; }; - - createUser = mkOption { - type = types.bool; - default = true; - description = '' - Indicates if the user should be created automatically as a local user. - Set this to false if the user for instance is an LDAP user. NixOS will - then not modify any of the basic properties for the user account. - ''; - }; }; - config = { - name = mkDefault name; - shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell); - }; + config = mkMerge + [ { name = mkDefault name; + shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell); + } + (mkIf config.isNormalUser { + group = mkDefault "users"; + createHome = mkDefault true; + home = mkDefault "/home/${name}"; + useDefaultShell = mkDefault true; + isSystemUser = mkDefault false; + }) + ]; }; @@ -217,10 +224,8 @@ let type = with types; nullOr int; default = null; description = '' - The group GID. If the <literal>mutableUsers</literal> option - is false, the GID cannot be null. Otherwise, the GID might be - null, in which case a free GID is picked on activation (by the - groupadd command). + The group GID. If the GID is null, a free GID is picked on + activation. ''; }; @@ -271,60 +276,10 @@ let }; }; - getGroup = gname: - let - groups = mapAttrsToList (n: g: g) ( - filterAttrs (n: g: g.name == gname) cfg.extraGroups - ); - in - if length groups == 1 then head groups - else if groups == [] then throw "Group ${gname} not defined" - else throw "Group ${gname} has multiple definitions"; - - getUser = uname: - let - users = mapAttrsToList (n: u: u) ( - filterAttrs (n: u: u.name == uname) cfg.extraUsers - ); - in - if length users == 1 then head users - else if users == [] then throw "User ${uname} not defined" - else throw "User ${uname} has multiple definitions"; - - mkGroupEntry = gname: - let - g = getGroup gname; - users = mapAttrsToList (n: u: u.name) ( - filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers - ); - in concatStringsSep ":" [ - g.name "x" (toString g.gid) - (concatStringsSep "," (users ++ (filter (u: !(elem u users)) g.members))) - ]; - - mkPasswdEntry = uname: let u = getUser uname; in - concatStringsSep ":" [ - u.name "x" (toString u.uid) - (toString (getGroup u.group).gid) - u.description u.home u.shell - ]; - filterNull = a: filter (x: hasAttr a x && getAttr a x != null); - sortOn = a: sort (as1: as2: lessThan (getAttr a as1) (getAttr a as2)); - - groupFile = pkgs.writeText "group" ( - concatStringsSep "\n" (map (g: mkGroupEntry g.name) ( sortOn "gid" (filterNull "gid" (attrValues cfg.extraGroups)) - )) - ); - - passwdFile = pkgs.writeText "passwd" ( - concatStringsSep "\n" (map (u: mkPasswdEntry u.name) ( sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers)) - )) - ); - mkSubuidEntry = user: concatStrings ( map (range: "${user.name}:${toString range.startUid}:${toString range.count}\n") user.subUidRanges); @@ -339,30 +294,6 @@ let subgidFile = concatStrings (map mkSubgidEntry ( sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers)))); - # If mutableUsers is true, this script adds all users/groups defined in - # users.extra{Users,Groups} to /etc/{passwd,group} iff there isn't any - # existing user/group with the same name in those files. - # If mutableUsers is false, the /etc/{passwd,group} files will simply be - # replaced with the users/groups defined in the NixOS configuration. - # The merging procedure could certainly be improved, and instead of just - # keeping the lines as-is from /etc/{passwd,group} they could be combined - # in some way with the generated content from the NixOS configuration. - merger = src: pkgs.writeScript "merger" '' - #!${pkgs.bash}/bin/bash - - PATH=${pkgs.gawk}/bin:${pkgs.gnugrep}/bin:$PATH - - ${if !cfg.mutableUsers - then ''cp ${src} $1.tmp'' - else ''awk -F: '{ print "^"$1":.*" }' $1 | egrep -vf - ${src} | cat $1 - > $1.tmp'' - } - - # set mtime to +1, otherwise change might go unnoticed (vipw/vigr only looks at mtime) - touch -m -t $(date -d @$(($(stat -c %Y $1)+1)) +%Y%m%d%H%M.%S) $1.tmp - - mv -f $1.tmp $1 - ''; - idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }: let id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set)); @@ -376,6 +307,21 @@ let uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid"; gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid"; + spec = builtins.toFile "users-groups.json" (builtins.toJSON { + inherit (cfg) mutableUsers; + users = mapAttrsToList (n: u: + { inherit (u) + name uid group description home shell createHome isSystemUser + password passwordFile hashedPassword; + }) cfg.extraUsers; + groups = mapAttrsToList (n: g: + { inherit (g) name gid; + members = mapAttrsToList (n: u: u.name) ( + filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers + ); + }) cfg.extraGroups; + }); + in { ###### interface @@ -512,67 +458,12 @@ in { grsecurity.gid = ids.gids.grsecurity; }; - system.activationScripts.users = - let - mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers; - setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers; - pwFile = u: if !(isNull u.hashedPassword) - then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; } - else if !(isNull u.password) - then pkgs.runCommand "password-file" { pw = u.password; } '' - echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out - '' else u.passwordFile; - setpw = n: u: '' - setpw=yes - ${optionalString cfg.mutableUsers '' - test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no - ''} - if [ "$setpw" == "yes" ]; then - ${if !(isNull (pwFile u)) - then '' - echo -n "${u.name}:" | cat - "${pwFile u}" | \ - ${pkgs.shadow}/sbin/chpasswd -e - '' - else "passwd -l '${u.name}' &>/dev/null" - } - fi - ''; - mkhome = n: u: '' - uid="$(id -u ${u.name})" - gid="$(id -g ${u.name})" - h="${u.home}" - test -a "$h" || mkdir -p "$h" || true - test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true - test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true - ''; - groupadd = n: g: '' - if [ -z "$(getent group "${g.name}")" ]; then - ${pkgs.shadow}/sbin/groupadd "${g.name}" - fi - ''; - useradd = n: u: '' - if ! id "${u.name}" &>/dev/null; then - ${pkgs.shadow}/sbin/useradd \ - -g "${u.group}" \ - -G "${concatStringsSep "," u.extraGroups}" \ - -s "${u.shell}" \ - -d "${u.home}" \ - ${optionalString u.isSystemUser "--system"} \ - "${u.name}" - echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e - fi - ''; - in stringAfter [ "etc" ] '' - touch /etc/group - touch /etc/passwd - VISUAL=${merger groupFile} ${pkgs.shadow}/sbin/vigr &>/dev/null - VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null - ${pkgs.shadow}/sbin/grpconv - ${pkgs.shadow}/sbin/pwconv - ${concatStrings (mapAttrsToList groupadd nonGidGroups)} - ${concatStrings (mapAttrsToList useradd nonUidUsers)} - ${concatStrings (mapAttrsToList mkhome mkhomeUsers)} - ${concatStrings (mapAttrsToList setpw setpwUsers)} + system.activationScripts.users = stringAfter [ "etc" ] + '' + ${pkgs.perl}/bin/perl -w \ + -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl \ + -I${pkgs.perlPackages.JSON}/lib/perl5/site_perl \ + ${./update-users-groups.pl} ${spec} ''; # for backwards compatibility @@ -589,13 +480,7 @@ in { assertions = [ { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); - message = "uids and gids must be unique!"; - } - { assertion = cfg.mutableUsers || (nonUidUsers == {}); - message = "When mutableUsers is false, no uid can be null: ${toString (attrNames nonUidUsers)}"; - } - { assertion = cfg.mutableUsers || (nonGidGroups == {}); - message = "When mutableUsers is false, no gid can be null"; + message = "UIDs and GIDs must be unique!"; } ]; diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index cabdb09ec9c1..93a348f27174 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -511,12 +511,8 @@ $bootLoaderConfig # Define a user account. Don't forget to set a password with ‘passwd’. # users.extraUsers.guest = { - # name = "guest"; - # group = "users"; + # isNormalUser = true; # uid = 1000; - # createHome = true; - # home = "/home/guest"; - # shell = "/run/current-system/sw/bin/bash"; # }; } diff --git a/nixos/modules/profiles/demo.nix b/nixos/modules/profiles/demo.nix index 605cc6aad1de..ef6fd77b5f8d 100644 --- a/nixos/modules/profiles/demo.nix +++ b/nixos/modules/profiles/demo.nix @@ -4,12 +4,9 @@ imports = [ ./graphical.nix ]; users.extraUsers.demo = - { description = "Demo user account"; - group = "users"; + { isNormalUser = true; + description = "Demo user account"; extraGroups = [ "wheel" ]; - home = "/home/demo"; - createHome = true; - useDefaultShell = true; password = "demo"; uid = 1000; }; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index d62340f2c798..35455f17779f 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -177,6 +177,11 @@ in if [ "$PRIVATE_NETWORK" = 1 ]; then ip link del dev "ve-$INSTANCE" 2> /dev/null || true fi + + + if [ "$PRIVATE_NETWORK" = 1 ]; then + ip link del dev "ve-$INSTANCE" 2> /dev/null || true + fi ''; script = @@ -240,6 +245,12 @@ in ip route add $LOCAL_ADDRESS dev $ifaceHost fi fi + + # This blocks until the container-startup-done service + # writes something to this pipe. FIXME: it also hangs + # until the start timeout expires if systemd-nspawn exits. + read x < $root/var/lib/startup-done + rm -f $root/var/lib/startup-done ''; preStop = diff --git a/nixos/tests/common/user-account.nix b/nixos/tests/common/user-account.nix index 0239a3c4d08a..aa3a0b82bcde 100644 --- a/nixos/tests/common/user-account.nix +++ b/nixos/tests/common/user-account.nix @@ -1,11 +1,9 @@ { pkgs, ... }: { users.extraUsers = pkgs.lib.singleton - { name = "alice"; + { isNormalUser = true; + name = "alice"; description = "Alice Foobar"; - home = "/home/alice"; - createHome = true; - useDefaultShell = true; password = "foobar"; uid = 1000; }; diff --git a/pkgs/applications/editors/ed/default.nix b/pkgs/applications/editors/ed/default.nix index 0c764fcf8f86..ea8b2b27987b 100644 --- a/pkgs/applications/editors/ed/default.nix +++ b/pkgs/applications/editors/ed/default.nix @@ -1,11 +1,12 @@ -{ fetchurl, stdenv }: +{ fetchurl, stdenv, lzip }: stdenv.mkDerivation rec { - name = "ed-1.9"; + version = "1.10"; + name = "ed-${version}"; src = fetchurl { - url = "mirror://gnu/ed/${name}.tar.gz"; - sha256 = "122syihsx2hwzj75mkf5a9ssiky2xby748kp4cc00wzhmp7p5cym"; + url = "mirror://gnu/ed/${name}.tar.lz"; + sha256 = "16kycdm5fcvpdr41hxb2da8da6jzs9dqznsg5552z6rh28n0jh4m"; }; /* FIXME: Tests currently fail on Darwin: @@ -23,6 +24,8 @@ stdenv.mkDerivation rec { compileFlags = [ "CC=${stdenv.cross.config}-gcc" ]; }; + buildInputs = [ lzip ]; + meta = { description = "An implementation of the standard Unix editor"; @@ -38,9 +41,7 @@ stdenv.mkDerivation rec { ''; license = stdenv.lib.licenses.gpl3Plus; - homepage = http://www.gnu.org/software/ed/; - - maintainers = [ ]; + maintainers = with stdenv.lib.maintainers; [ fuuzetsu ]; }; } diff --git a/pkgs/applications/networking/newsreaders/liferea/default.nix b/pkgs/applications/networking/newsreaders/liferea/default.nix index e38d5188dc2f..a5216b2902a6 100644 --- a/pkgs/applications/networking/newsreaders/liferea/default.nix +++ b/pkgs/applications/networking/newsreaders/liferea/default.nix @@ -33,7 +33,6 @@ stdenv.mkDerivation rec { for f in "$out"/bin/*; do wrapProgram "$f" \ --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \ - --prefix LD_LIBRARY_PATH : "${gnome3.libgnome_keyring}/lib" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ --prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules:${glib_networking}/lib/gio/modules" \ --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gtk}/share:$out/share:$GSETTINGS_SCHEMAS_PATH" diff --git a/pkgs/applications/version-management/subversion/default.nix b/pkgs/applications/version-management/subversion/default.nix index 7526bb5f0437..6e3d2f3d4d53 100644 --- a/pkgs/applications/version-management/subversion/default.nix +++ b/pkgs/applications/version-management/subversion/default.nix @@ -17,13 +17,13 @@ assert javahlBindings -> jdk != null && perl != null; stdenv.mkDerivation rec { - version = "1.8.9"; + version = "1.8.10"; name = "subversion-${version}"; src = fetchurl { url = "mirror://apache/subversion/${name}.tar.bz2"; - sha1 = "424ee12708f39a126efd905886666083dcc4eeaf"; + sha1 = "d6896d94bb53c1b4c6e9c5bb1a5c466477b19b2b"; }; buildInputs = [ zlib apr aprutil sqlite ] diff --git a/pkgs/applications/virtualization/virt-manager/default.nix b/pkgs/applications/virtualization/virt-manager/default.nix index e451ff79a945..d4d680f05fa2 100644 --- a/pkgs/applications/virtualization/virt-manager/default.nix +++ b/pkgs/applications/virtualization/virt-manager/default.nix @@ -51,7 +51,6 @@ buildPythonPackage rec { --prefix GI_TYPELIB_PATH : $GI_TYPELIB_PATH \ --prefix GIO_EXTRA_MODULES : "${dconf}/lib/gio/modules" \ --prefix GSETTINGS_SCHEMA_DIR : $out/share/glib-2.0/schemas \ - --prefix LD_LIBRARY_PATH : ${gtk3}/lib/:${libvirt-glib}/lib/:${vte}/lib:${gtkvnc}/lib${optionalString spiceSupport ":${spice_gtk}/lib"} \ --prefix XDG_DATA_DIRS : "$out/share:${gsettings_desktop_schemas}/share:${gtk3}/share:$GSETTINGS_SCHEMAS_PATH:\$XDG_DATA_DIRS" done diff --git a/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh b/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh index c53fd44207d0..2ad7783a442c 100644 --- a/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh +++ b/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh @@ -77,7 +77,6 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE"; then n=$((n + 1)) done params=("${rest[@]}") - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE --sysroot=/var/empty" fi diff --git a/pkgs/build-support/gcc-wrapper/ld-wrapper.sh b/pkgs/build-support/gcc-wrapper/ld-wrapper.sh index 822c4a03a218..51803e12a4ea 100644 --- a/pkgs/build-support/gcc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/gcc-wrapper/ld-wrapper.sh @@ -32,9 +32,6 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE" \ # We cannot skip this; barf. echo "impure path \`$p' used in link" >&2 exit 1 - elif test "${p:0:9}" = "--sysroot"; then - # Our ld is not built with sysroot support (Can we fix that?) - : else rest=("${rest[@]}" "$p") fi diff --git a/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix index 84a77e5a024a..6b9a69c738dc 100644 --- a/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix +++ b/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix @@ -25,7 +25,6 @@ stdenv.mkDerivation rec { wrapProgram "$out/bin/gedit" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${gnome3.libpeas}/lib:${gnome3.gtksourceview}/lib" \ --prefix XDG_DATA_DIRS : "${gnome3.gtksourceview}/share:${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" ''; diff --git a/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix index b393bb439316..a8c84d6a7698 100644 --- a/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix +++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix @@ -28,17 +28,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - preFixup = - let - libPath = stdenv.lib.makeLibraryPath - [ evince gtk3 gnome3.tracker gnome3.gnome_online_accounts ]; - in - '' + preFixup = '' substituteInPlace $out/bin/gnome-documents --replace gapplication "${glib}/bin/gapplication" wrapProgram "$out/bin/gnome-documents" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH ":" "${libPath}" \ --prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \ --run "if [ -z \"\$XDG_CACHE_DIR\" ]; then XDG_CACHE_DIR=\$HOME/.cache; fi; if [ -w \"\$XDG_CACHE_DIR/..\" ]; then mkdir -p \"\$XDG_CACHE_DIR/gnome-documents\"; fi" rm $out/share/icons/hicolor/icon-theme.cache diff --git a/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix index b8d2bbc79efd..31d521e8c302 100644 --- a/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix +++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix @@ -24,19 +24,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - preFixup = - let - libPath = stdenv.lib.makeLibraryPath - [ glib gtk3 libnotify tracker gnome3.grilo cairo - gst_all_1.gstreamer gst_all_1.gst-plugins-base - gst_all_1.gst-plugins-good gst_all_1.gst-plugins-bad ]; - in - '' + preFixup = '' wrapProgram "$out/bin/gnome-music" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${libPath}" \ --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0" \ --prefix GRL_PLUGIN_PATH : "${gnome3.grilo-plugins}/lib/grilo-0.2" \ --prefix PYTHONPATH : "$PYTHONPATH" diff --git a/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix b/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix index dbb19f77d21e..6f6816efa5bd 100644 --- a/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix +++ b/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix @@ -35,7 +35,6 @@ stdenv.mkDerivation rec { wrapProgram "$out/bin/gnome-shell" \ --prefix PATH : "${unzip}/bin" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${accountsservice}/lib:${ibus}/lib:${gdm}/lib" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix XDG_DATA_DIRS : "${gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" diff --git a/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix b/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix index 2eccb9a32cf9..1a48d6529a21 100644 --- a/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix +++ b/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix @@ -30,7 +30,6 @@ stdenv.mkDerivation rec { --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH ":" "${libsoup}/lib:${gnome3.gnome_desktop}/lib:${libnotify}/lib:${gtk3}/lib:${atk}/lib" \ --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)" ''; diff --git a/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix b/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix index 56a5f18544f7..c303ccdf51e2 100644 --- a/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix +++ b/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix @@ -30,8 +30,7 @@ stdenv.mkDerivation rec { for i in $out/libexec/gpaste/*; do wrapProgram $i \ --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ - --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${libPath}" + --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" done ''; diff --git a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix index 396adf9ba752..1698abfd00f7 100644 --- a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix +++ b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix @@ -4,7 +4,7 @@ , automoc4, soprano, qca2, attica, enchant, libdbusmenu_qt, grantlee , docbook_xml_dtd_42, docbook_xsl, polkit_qt_1, acl, attr, libXtst , udev, herqq, phonon, libjpeg, xz, ilmbase, libxslt -, pkgconfig +, pkgconfig, fetchpatch }: kde { @@ -28,7 +28,15 @@ kde { # There are a few hardcoded paths. # Split plugins from libs? - patches = [ ../files/polkit-install.patch ]; + patches = [ + ../files/polkit-install.patch + (fetchpatch { + name = "CVE-2014-5033.patch"; + url = "http://quickgit.kde.org/?p=kdelibs.git" + + "&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23"; + sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73"; + }) + ]; cmakeFlags = [ "-DDOCBOOKXML_CURRENTDTD_DIR=${docbook_xml_dtd_42}/xml/dtd/docbook" diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 2fb8f9d73b5e..f56ee003f505 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -13,7 +13,7 @@ , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, mpc, gettext, which , libelf # optional, for link-time optimizations (LTO) -, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework. +, cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null , libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null @@ -59,14 +59,12 @@ let version = "4.8.3"; # Whether building a cross-compiler for GNU/Hurd. crossGNU = cross != null && cross.config == "i586-pc-gnu"; - /* gccinstall.info says that "parallel make is currently not supported since - collisions in profile collecting may occur". - */ - enableParallelBuilding = !profiledCompiler; + enableParallelBuilding = true; patches = [] ++ optional enableParallelBuilding ./parallel-bconfig.patch ++ optional (cross != null) ./libstdc++-target.patch + ++ optional noSysDirs ./no-sys-dirs.patch # The GNAT Makefiles did not pay attention to CFLAGS_FOR_TARGET for its # target libraries and tools. ++ optional langAda ./gnat-cflags.patch @@ -278,7 +276,6 @@ stdenv.mkDerivation ({ ++ (optional javaAwtGtk pkgconfig); buildInputs = [ gmp mpfr mpc libelf ] - ++ (optional (ppl != null) ppl) ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -295,15 +292,7 @@ stdenv.mkDerivation ({ NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lm -ldl"; - preConfigure = '' - configureFlagsArray=( - ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic) - "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"} - ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS) - "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\" - \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""} - ); - '' + stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) '' + preConfigure = stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) '' export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g` export LDFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $LDFLAGS_FOR_TARGET" export CXXFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $CXXFLAGS_FOR_TARGET" @@ -331,7 +320,6 @@ stdenv.mkDerivation ({ ${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} ${if enablePlugin then "--enable-plugin" else "--disable-plugin"} - ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""} ${optionalString (isl != null) "--with-isl=${isl}"} ${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"} ${if langJava then @@ -414,7 +402,6 @@ stdenv.mkDerivation ({ configureFlags = '' ${if enableMultilib then "" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} - ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""} ${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""} ${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""} ${if javaAwtGtk then "--enable-java-awt=gtk" else ""} @@ -523,7 +510,6 @@ stdenv.mkDerivation ({ maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ]; - # Volunteers needed for the {Cyg,Dar}win ports of *PPL. # gnatboot is not available out of linux platforms, so we disable the darwin build # for the gnat (ada compiler). platforms = diff --git a/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch b/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch new file mode 100644 index 000000000000..36df51904acf --- /dev/null +++ b/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch @@ -0,0 +1,28 @@ +diff -ru -x '*~' gcc-4.8.3-orig/gcc/cppdefault.c gcc-4.8.3/gcc/cppdefault.c +--- gcc-4.8.3-orig/gcc/cppdefault.c 2013-01-10 21:38:27.000000000 +0100 ++++ gcc-4.8.3/gcc/cppdefault.c 2014-08-18 16:20:32.893944536 +0200 +@@ -35,6 +35,8 @@ + # undef CROSS_INCLUDE_DIR + #endif + ++#undef LOCAL_INCLUDE_DIR ++ + const struct default_include cpp_include_defaults[] + #ifdef INCLUDE_DEFAULTS + = INCLUDE_DEFAULTS; +diff -ru -x '*~' gcc-4.8.3-orig/gcc/gcc.c gcc-4.8.3/gcc/gcc.c +--- gcc-4.8.3-orig/gcc/gcc.c 2014-03-23 12:30:57.000000000 +0100 ++++ gcc-4.8.3/gcc/gcc.c 2014-08-18 13:19:32.689201690 +0200 +@@ -1162,10 +1162,10 @@ + /* Default prefixes to attach to command names. */ + + #ifndef STANDARD_STARTFILE_PREFIX_1 +-#define STANDARD_STARTFILE_PREFIX_1 "/lib/" ++#define STANDARD_STARTFILE_PREFIX_1 "" + #endif + #ifndef STANDARD_STARTFILE_PREFIX_2 +-#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/" ++#define STANDARD_STARTFILE_PREFIX_2 "" + #endif + + #ifdef CROSS_DIRECTORY_STRUCTURE /* Don't use these prefixes for a cross compiler. */ diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index 8b185d00bcc0..d38040a48b38 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -11,7 +11,7 @@ , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, mpc, gettext, which , libelf # optional, for link-time optimizations (LTO) -, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework. +, cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null , libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null @@ -57,10 +57,7 @@ let version = "4.9.1"; # Whether building a cross-compiler for GNU/Hurd. crossGNU = cross != null && cross.config == "i586-pc-gnu"; - /* gccinstall.info says that "parallel make is currently not supported since - collisions in profile collecting may occur". - */ - enableParallelBuilding = !profiledCompiler; + enableParallelBuilding = true; patches = [ ] ++ optional enableParallelBuilding ./parallel-bconfig.patch @@ -276,7 +273,6 @@ stdenv.mkDerivation ({ ++ (optional javaAwtGtk pkgconfig); buildInputs = [ gmp mpfr mpc libelf ] - ++ (optional (ppl != null) ppl) ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -294,13 +290,6 @@ stdenv.mkDerivation ({ NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lm -ldl"; preConfigure = '' - configureFlagsArray=( - ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic) - "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"} - ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS) - "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\" - \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""} - ); ${stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) '' export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g` @@ -322,7 +311,6 @@ stdenv.mkDerivation ({ ${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} ${if enablePlugin then "--enable-plugin" else "--disable-plugin"} - ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""} ${optionalString (isl != null) "--with-isl=${isl}"} ${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"} ${if langJava then @@ -403,7 +391,6 @@ stdenv.mkDerivation ({ configureFlags = '' ${if enableMultilib then "" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} - ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""} ${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""} ${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""} ${if javaAwtGtk then "--enable-java-awt=gtk" else ""} @@ -510,7 +497,6 @@ stdenv.mkDerivation ({ maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ]; - # Volunteers needed for the {Cyg,Dar}win ports of *PPL. # gnatboot is not available out of linux platforms, so we disable the darwin build # for the gnat (ada compiler). platforms = diff --git a/pkgs/development/compilers/orc/default.nix b/pkgs/development/compilers/orc/default.nix index 7dfbe218bb7c..ca5eadc8a649 100644 --- a/pkgs/development/compilers/orc/default.nix +++ b/pkgs/development/compilers/orc/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - name = "orc-0.4.19"; + name = "orc-0.4.21"; src = fetchurl { - url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.gz"; - sha256 = "17mmgwll2waz44m908lcxc5fd6n44yysh7p4pdw33hr138r507z2"; + url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.xz"; + sha256 = "187wrnq0ficwjj4y3yqci5fxcdkiazfs6k5js26k5b26hipzmham"; }; - doCheck = true; + doCheck = stdenv.is64bit; # see https://bugzilla.gnome.org/show_bug.cgi?id=728129#c7 meta = { description = "The Oil Runtime Compiler"; diff --git a/pkgs/development/interpreters/perl/5.16/default.nix b/pkgs/development/interpreters/perl/5.16/default.nix index 600884db5e67..c1a5374c92ea 100644 --- a/pkgs/development/interpreters/perl/5.16/default.nix +++ b/pkgs/development/interpreters/perl/5.16/default.nix @@ -54,6 +54,12 @@ stdenv.mkDerivation rec { ${optionalString stdenv.isArm '' configureFlagsArray=(-Dldflags="-lm -lrt") ''} + + ${optionalString stdenv.isCygwin '' + cp cygwin/cygwin.c{,.bak} + echo "#define PERLIO_NOT_STDIO 0" > tmp + cat tmp cygwin/cygwin.c.bak > cygwin/cygwin.c + ''} ''; preBuild = optionalString (!(stdenv ? gcc && stdenv.gcc.nativeTools)) diff --git a/pkgs/development/libraries/ffmpeg/1.x.nix b/pkgs/development/libraries/ffmpeg/1.x.nix index a0dcf52dcce0..e2aa336d5d21 100644 --- a/pkgs/development/libraries/ffmpeg/1.x.nix +++ b/pkgs/development/libraries/ffmpeg/1.x.nix @@ -31,11 +31,11 @@ assert playSupport -> SDL != null; assert freetypeSupport -> freetype != null; stdenv.mkDerivation rec { - name = "ffmpeg-1.2.7"; + name = "ffmpeg-1.2.8"; src = fetchurl { url = "http://www.ffmpeg.org/releases/${name}.tar.bz2"; - sha256 = "13nj5q5ad0kcrid8r5x6x8lqfhk8kms14pmncf6vbdbk6x45k6v6"; + sha256 = "0n9fklr8zqkd60dc5ai161l6k4dbiac5hqy0pi1w82yamc25k6s2"; }; # `--enable-gpl' (as well as the `postproc' and `swscale') mean that diff --git a/pkgs/development/libraries/ffmpeg/2.x.nix b/pkgs/development/libraries/ffmpeg/2.x.nix index 19a4099a8b1c..8a25c4812b2c 100644 --- a/pkgs/development/libraries/ffmpeg/2.x.nix +++ b/pkgs/development/libraries/ffmpeg/2.x.nix @@ -5,11 +5,11 @@ }: stdenv.mkDerivation rec { - name = "ffmpeg-2.3.2"; + name = "ffmpeg-2.3.3"; src = fetchurl { url = "http://www.ffmpeg.org/releases/${name}.tar.bz2"; - sha256 = "1lpzqjpklmcjzk327pz070m3qz3s1cwg8v90w6r1sdh8491kbqc4"; + sha256 = "0ik4c06anh49r5b0d3rq9if4zl6ysjsa341655kzw22fl880sk5v"; }; subtitleSupport = config.ffmpeg.subtitle or true; diff --git a/pkgs/development/libraries/glew/default.nix b/pkgs/development/libraries/glew/default.nix index 9ec88799d0dd..5127311e7c91 100644 --- a/pkgs/development/libraries/glew/default.nix +++ b/pkgs/development/libraries/glew/default.nix @@ -3,11 +3,11 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "glew-1.10.0"; + name = "glew-1.11.0"; src = fetchurl { url = "mirror://sourceforge/glew/${name}.tgz"; - sha256 = "01zki46dr5khzlyywr3cg615bcal32dazfazkf360s1znqh17i4r"; + sha256 = "1mhkllxz49l1x680dmzrv2i82qjrq017sykah3xc90f2d8qcxfv9"; }; nativeBuildInputs = [ x11 libXmu libXi ]; @@ -42,9 +42,11 @@ stdenv.mkDerivation rec { ] ++ optional (stdenv.cross.libc == "msvcrt") "SYSTEM=mingw" ++ optional (stdenv.cross.libc == "libSystem") "SYSTEM=darwin"; - meta = { + meta = with stdenv.lib; { description = "An OpenGL extension loading library for C(++)"; homepage = http://glew.sourceforge.net/; - license = ["BSD" "GLX" "SGI-B" "GPL2"]; # License description copied from gentoo-1.4.0 + license = licenses.free; # different files under different licenses + #["BSD" "GLX" "SGI-B" "GPL2"] + platforms = platforms.mesaPlatforms; }; } diff --git a/pkgs/development/libraries/glibc/2.19/common.nix b/pkgs/development/libraries/glibc/2.19/common.nix index cd1ba747d7c6..a828148c3d5f 100644 --- a/pkgs/development/libraries/glibc/2.19/common.nix +++ b/pkgs/development/libraries/glibc/2.19/common.nix @@ -60,6 +60,7 @@ stdenv.mkDerivation ({ ./fix-math.patch ./cve-2014-0475.patch + ./cve-2014-5119.patch ]; postPatch = '' diff --git a/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch b/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch new file mode 100644 index 000000000000..cbae03425eb9 --- /dev/null +++ b/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch @@ -0,0 +1,206 @@ +http://anonscm.debian.org/viewvc/pkg-glibc/glibc-package/trunk/debian/patches/any/cvs-CVE-2014-5119.diff?revision=6248&view=co + +commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 +Author: Florian Weimer <fweimer@redhat.com> +Date: Tue Aug 26 19:38:59 2014 +0200 + + __gconv_translit_find: Disable function [BZ #17187] + + This functionality has never worked correctly, and the implementation + contained a security vulnerability (CVE-2014-5119). + +2014-08-26 Florian Weimer <fweimer@redhat.com> + + [BZ #17187] + * iconv/gconv_trans.c (struct known_trans, search_tree, lock, + trans_compare, open_translit, __gconv_translit_find): + Remove module loading code. + +--- a/iconv/gconv_trans.c ++++ b/iconv/gconv_trans.c +@@ -238,181 +238,12 @@ __gconv_transliterate (struct __gconv_step *step, + return __GCONV_ILLEGAL_INPUT; + } + +- +-/* Structure to represent results of found (or not) transliteration +- modules. */ +-struct known_trans +-{ +- /* This structure must remain the first member. */ +- struct trans_struct info; +- +- char *fname; +- void *handle; +- int open_count; +-}; +- +- +-/* Tree with results of previous calls to __gconv_translit_find. */ +-static void *search_tree; +- +-/* We modify global data. */ +-__libc_lock_define_initialized (static, lock); +- +- +-/* Compare two transliteration entries. */ +-static int +-trans_compare (const void *p1, const void *p2) +-{ +- const struct known_trans *s1 = (const struct known_trans *) p1; +- const struct known_trans *s2 = (const struct known_trans *) p2; +- +- return strcmp (s1->info.name, s2->info.name); +-} +- +- +-/* Open (maybe reopen) the module named in the struct. Get the function +- and data structure pointers we need. */ +-static int +-open_translit (struct known_trans *trans) +-{ +- __gconv_trans_query_fct queryfct; +- +- trans->handle = __libc_dlopen (trans->fname); +- if (trans->handle == NULL) +- /* Not available. */ +- return 1; +- +- /* Find the required symbol. */ +- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context"); +- if (queryfct == NULL) +- { +- /* We cannot live with that. */ +- close_and_out: +- __libc_dlclose (trans->handle); +- trans->handle = NULL; +- return 1; +- } +- +- /* Get the context. */ +- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames) +- != 0) +- goto close_and_out; +- +- /* Of course we also have to have the actual function. */ +- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans"); +- if (trans->info.trans_fct == NULL) +- goto close_and_out; +- +- /* Now the optional functions. */ +- trans->info.trans_init_fct = +- __libc_dlsym (trans->handle, "gconv_trans_init"); +- trans->info.trans_context_fct = +- __libc_dlsym (trans->handle, "gconv_trans_context"); +- trans->info.trans_end_fct = +- __libc_dlsym (trans->handle, "gconv_trans_end"); +- +- trans->open_count = 1; +- +- return 0; +-} +- +- + int + internal_function + __gconv_translit_find (struct trans_struct *trans) + { +- struct known_trans **found; +- const struct path_elem *runp; +- int res = 1; +- +- /* We have to have a name. */ +- assert (trans->name != NULL); +- +- /* Acquire the lock. */ +- __libc_lock_lock (lock); +- +- /* See whether we know this module already. */ +- found = __tfind (trans, &search_tree, trans_compare); +- if (found != NULL) +- { +- /* Is this module available? */ +- if ((*found)->handle != NULL) +- { +- /* Maybe we have to reopen the file. */ +- if ((*found)->handle != (void *) -1) +- /* The object is not unloaded. */ +- res = 0; +- else if (open_translit (*found) == 0) +- { +- /* Copy the data. */ +- *trans = (*found)->info; +- (*found)->open_count++; +- res = 0; +- } +- } +- } +- else +- { +- size_t name_len = strlen (trans->name) + 1; +- int need_so = 0; +- struct known_trans *newp; +- +- /* We have to continue looking for the module. */ +- if (__gconv_path_elem == NULL) +- __gconv_get_path (); +- +- /* See whether we have to append .so. */ +- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0) +- need_so = 1; +- +- /* Create a new entry. */ +- newp = (struct known_trans *) malloc (sizeof (struct known_trans) +- + (__gconv_max_path_elem_len +- + name_len + 3) +- + name_len); +- if (newp != NULL) +- { +- char *cp; +- +- /* Clear the struct. */ +- memset (newp, '\0', sizeof (struct known_trans)); +- +- /* Store a copy of the module name. */ +- newp->info.name = cp = (char *) (newp + 1); +- cp = __mempcpy (cp, trans->name, name_len); +- +- newp->fname = cp; +- +- /* Search in all the directories. */ +- for (runp = __gconv_path_elem; runp->name != NULL; ++runp) +- { +- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name), +- trans->name, name_len); +- if (need_so) +- memcpy (cp, ".so", sizeof (".so")); +- +- if (open_translit (newp) == 0) +- { +- /* We found a module. */ +- res = 0; +- break; +- } +- } +- +- if (res) +- newp->fname = NULL; +- +- /* In any case we'll add the entry to our search tree. */ +- if (__tsearch (newp, &search_tree, trans_compare) == NULL) +- { +- /* Yickes, this should not happen. Unload the object. */ +- res = 1; +- /* XXX unload here. */ +- } +- } +- } +- +- __libc_lock_unlock (lock); +- +- return res; ++ /* Transliteration module loading has been removed because it never ++ worked as intended and suffered from a security vulnerability. ++ Consequently, this function always fails. */ ++ return 1; + } diff --git a/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch b/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch new file mode 100644 index 000000000000..04bcc42a032f --- /dev/null +++ b/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch @@ -0,0 +1,25 @@ +--- ./giscanner/utils.py.orig 2014-08-14 22:05:05.055334080 +0200 ++++ ./giscanner/utils.py 2014-08-14 22:05:24.687497334 +0200 +@@ -110,17 +110,11 @@ + if dlname is None: + return None + +- # Darwin uses absolute paths where possible; since the libtool files never +- # contain absolute paths, use the libdir field +- if platform.system() == 'Darwin': +- dlbasename = os.path.basename(dlname) +- libdir = _extract_libdir_field(la_file) +- if libdir is None: +- return dlbasename +- return libdir + '/' + dlbasename +- # From the comments in extract_libtool(), older libtools had +- # a path rather than the raw dlname +- return os.path.basename(dlname) ++ dlbasename = os.path.basename(dlname) ++ libdir = _extract_libdir_field(la_file) ++ if libdir is None: ++ return dlbasename ++ return libdir + '/' + dlbasename + + + def extract_libtool(la_file): diff --git a/pkgs/development/libraries/gobject-introspection/default.nix b/pkgs/development/libraries/gobject-introspection/default.nix index 7686fb308383..4b7ec1f41163 100644 --- a/pkgs/development/libraries/gobject-introspection/default.nix +++ b/pkgs/development/libraries/gobject-introspection/default.nix @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { setupHook = ./setup-hook.sh; + patches = [ ./absolute_shlib_path.patch ]; + meta = with stdenv.lib; { description = "A middleware layer between C libraries and language bindings"; homepage = http://live.gnome.org/GObjectIntrospection; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index bbad10898bf4..54fd8d3810e3 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -24,7 +24,7 @@ else */ let - version = "10.2.5"; + version = "10.2.6"; # this is the default search path for DRI drivers driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32"; in @@ -35,7 +35,7 @@ stdenv.mkDerivation { src = fetchurl { url = "ftp://ftp.freedesktop.org/pub/mesa/${version}/MesaLib-${version}.tar.bz2"; - sha256 = "039is15p8pkhf8m0yiyb72zybl63xb9ckqzcg3xwi8zlyw5ryidl"; + sha256 = "01n8ib190s12m8hiiyi4wfm9jhkbqjd769npjwvf965smp918cqr"; }; prePatch = "patchShebangs ."; diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 8c88df984f05..c972635c9c72 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -60,7 +60,12 @@ stdenv.mkDerivation { else "./config"; configureFlags = "shared --libdir=lib --openssldir=etc/ssl" + - stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"; + stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + + stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") " no-asm"; + + preBuild = stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") '' + sed -i -e "s|-march=i486|-march=x86-64|g" Makefile + ''; makeFlags = "MANDIR=$(out)/share/man"; diff --git a/pkgs/development/libraries/readline/readline4.nix b/pkgs/development/libraries/readline/readline4.nix deleted file mode 100644 index d9dcdc9f048f..000000000000 --- a/pkgs/development/libraries/readline/readline4.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ stdenv, fetchurl, ncurses }: - -stdenv.mkDerivation { - name = "readline-4.3"; - src = fetchurl { - url = mirror://gnu/readline/readline-4.3.tar.gz; - md5 = "f86f7cb717ab321fe15f1bbcb058c11e"; - }; - propagatedBuildInputs = [ncurses]; -} diff --git a/pkgs/development/libraries/readline/readline5.nix b/pkgs/development/libraries/readline/readline5.nix deleted file mode 100644 index c208d5b9fe6b..000000000000 --- a/pkgs/development/libraries/readline/readline5.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ stdenv, fetchurl, ncurses }: - -stdenv.mkDerivation { - name = "readline-5.2"; - - src = fetchurl { - url = mirror://gnu/readline/readline-5.2.tar.gz; - sha256 = "0icz4hqqq8mlkwrpczyaha94kns0am9z0mh3a2913kg2msb8vs0j"; - }; - - propagatedBuildInputs = [ncurses]; - - patches = stdenv.lib.optional stdenv.isDarwin ./shobj-darwin.patch; -} diff --git a/pkgs/development/libraries/readline/readline6.3.nix b/pkgs/development/libraries/readline/readline6.3.nix index 17299e5f10d8..04db1ffd4469 100644 --- a/pkgs/development/libraries/readline/readline6.3.nix +++ b/pkgs/development/libraries/readline/readline6.3.nix @@ -1,11 +1,13 @@ -{ fetchurl, stdenv, ncurses }: +{ fetchzip, stdenv, ncurses }: stdenv.mkDerivation (rec { - name = "readline-6.3"; + name = "readline-6.3p08"; - src = fetchurl { - url = "mirror://gnu/readline/${name}.tar.gz"; - sha256 = "0hzxr9jxqqx5sxsv9vmlxdnvlr9vi4ih1avjb869hbs6p5qn1fjn"; + src = fetchzip { + #url = "mirror://gnu/readline/${name}.tar.gz"; + url = "http://git.savannah.gnu.org/cgit/readline.git/snapshot/" + + "readline-a73b98f779b388a5d0624e02e8bb187246e3e396.tar.gz"; + sha256 = "19ji3wrv4fs79fd0nkacjy9q94pvy2cm66yb3aqysahg0cbrz5l1"; }; propagatedBuildInputs = [ncurses]; @@ -17,7 +19,7 @@ stdenv.mkDerivation (rec { ./no-arch_only-6.3.patch ]; - meta = { + meta = with stdenv.lib; { description = "Library for interactive line editing"; longDescription = '' @@ -37,9 +39,11 @@ stdenv.mkDerivation (rec { homepage = http://savannah.gnu.org/projects/readline/; - license = stdenv.lib.licenses.gpl3Plus; + license = licenses.gpl3Plus; - maintainers = [ stdenv.lib.maintainers.ludo ]; + maintainers = [ maintainers.ludo ]; + + platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/readline/shobj-darwin.patch b/pkgs/development/libraries/readline/shobj-darwin.patch deleted file mode 100644 index a9199ca3e89a..000000000000 --- a/pkgs/development/libraries/readline/shobj-darwin.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/support/shobj-conf.orig 2006-04-11 06:15:43.000000000 -0700 -+++ b/support/shobj-conf 2007-11-08 01:15:43.000000000 -0800 -@@ -171,7 +171,7 @@ - SHLIB_LIBSUFF='dylib' - - case "${host_os}" in -- darwin[78]*) SHOBJ_LDFLAGS='' -+ darwin[789]*) SHOBJ_LDFLAGS='' - SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v' - ;; - *) SHOBJ_LDFLAGS='-dynamic' diff --git a/pkgs/development/libraries/serf/default.nix b/pkgs/development/libraries/serf/default.nix index 409b5db01049..f0fedba5ac14 100644 --- a/pkgs/development/libraries/serf/default.nix +++ b/pkgs/development/libraries/serf/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, krb5, pkgconfig }: stdenv.mkDerivation rec { - name = "serf-1.3.6"; + name = "serf-1.3.7"; src = fetchurl { url = "http://serf.googlecode.com/svn/src_releases/${name}.tar.bz2"; - sha256 = "1wk3cplazs8jznjc9ylpd63rrk9k2y05xa7zqx7psycr0gmpnqya"; + sha1 = "db9ae339dba10a2b47f9bdacf30a58fd8e36683a"; }; buildInputs = [ apr scons openssl aprutil zlib krb5 pkgconfig ]; diff --git a/pkgs/development/tools/misc/d-feet/default.nix b/pkgs/development/tools/misc/d-feet/default.nix index 852c1b742195..df5fdbfab5a3 100644 --- a/pkgs/development/tools/misc/d-feet/default.nix +++ b/pkgs/development/tools/misc/d-feet/default.nix @@ -26,7 +26,6 @@ stdenv.mkDerivation rec { wrapProgram $out/bin/d-feet \ --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${gtk3}/lib:${atk}/lib:${libwnck3}/lib" \ --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$out/share" rm $out/share/icons/hicolor/icon-theme.cache diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 7410c87e277e..72cf0e92bb84 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -1,7 +1,25 @@ diff --git a/Makefile.am b/Makefile.am -index 3d9e5c1..4d43cb4 100644 +index 3d9e5c1..46487f6 100644 --- a/Makefile.am +++ b/Makefile.am +@@ -1095,7 +1095,7 @@ BUILT_SOURCES += \ + + src/shared/errno-list.txt: + $(AM_V_at)$(MKDIR_P) $(dir $@) +- $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+[0-9]/ { print $$2; }' > $@ ++ $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+/ { print $$2; }' > $@ + + src/shared/errno-from-name.gperf: src/shared/errno-list.txt + $(AM_V_at)$(MKDIR_P) $(dir $@) +@@ -1107,7 +1107,7 @@ src/shared/errno-from-name.h: src/shared/errno-from-name.gperf + + src/shared/errno-to-name.h: src/shared/errno-list.txt + $(AM_V_at)$(MKDIR_P) $(dir $@) +- $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@ ++ $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} !/EDEADLOCK/ && !/EWOULDBLOCK/ && !/ENOTSUP/ { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@ + + src/shared/af-list.txt: + $(AM_V_at)$(MKDIR_P) $(dir $@) @@ -1707,7 +1707,9 @@ dist_tmpfiles_DATA += \ endif @@ -13,8 +31,42 @@ index 3d9e5c1..4d43cb4 100644 systemd-tmpfiles-setup.service dist_zshcompletion_DATA += \ +@@ -1961,6 +1963,7 @@ systemd_cgls_SOURCES = \ + src/cgls/cgls.c + + systemd_cgls_LDADD = \ ++ libsystemd-internal.la \ + libsystemd-shared.la + + # ------------------------------------------------------------------------------ +diff --git a/TODO b/TODO +index e2ca1e6..d7efdd5 100644 +--- a/TODO ++++ b/TODO +@@ -1,4 +1,6 @@ + Bugfixes: ++* Should systemctl status \* work on all unit types, not just .service? ++ + * enabling an instance unit creates a pointless link, and + the unit will be started with getty@getty.service: + $ systemctl enable getty@.service +diff --git a/rules/42-usb-hid-pm.rules b/rules/42-usb-hid-pm.rules +index c675b5b..4c300da 100644 +--- a/rules/42-usb-hid-pm.rules ++++ b/rules/42-usb-hid-pm.rules +@@ -12,10 +12,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!= + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" + +-# Catch-all for Avocent HID devices. Keyed off interface in order to only +-# trigger on HID class devices. +-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto" +- + # Dell DRAC 4 + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto" + diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in -index db72373..2fc12ca 100644 +index db72373..2875958 100644 --- a/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in @@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd" @@ -28,11 +80,329 @@ index db72373..2fc12ca 100644 # Ignore raid devices that are not yet assembled and started SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0" +@@ -43,7 +39,7 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys + SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k" + + SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_WANTS}+="bluetooth.target" +-ENV{ID_SMARTCARD_READER}=="*?", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target" ++ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target" + SUBSYSTEM=="sound", KERNEL=="card*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target" + + SUBSYSTEM=="printer", TAG+="systemd", ENV{SYSTEMD_WANTS}+="printer.target" +diff --git a/src/cgls/cgls.c b/src/cgls/cgls.c +index b8e275d..1840594 100644 +--- a/src/cgls/cgls.c ++++ b/src/cgls/cgls.c +@@ -35,6 +35,10 @@ + #include "build.h" + #include "output-mode.h" + #include "fileio.h" ++#include "sd-bus.h" ++#include "bus-util.h" ++#include "bus-error.h" ++#include "unit-name.h" + + static bool arg_no_pager = false; + static bool arg_kernel_threads = false; +@@ -127,6 +131,7 @@ int main(int argc, char *argv[]) { + int r = 0, retval = EXIT_FAILURE; + int output_flags; + char _cleanup_free_ *root = NULL; ++ _cleanup_bus_unref_ sd_bus *bus = NULL; + + log_parse_environment(); + log_open(); +@@ -151,6 +156,12 @@ int main(int argc, char *argv[]) { + arg_all * OUTPUT_SHOW_ALL | + (arg_full > 0) * OUTPUT_FULL_WIDTH; + ++ r = bus_open_transport(BUS_TRANSPORT_LOCAL, NULL, false, &bus); ++ if (r < 0) { ++ log_error("Failed to create bus connection: %s", strerror(-r)); ++ goto finish; ++ } ++ + if (optind < argc) { + int i; + +@@ -189,8 +200,52 @@ int main(int argc, char *argv[]) { + } else { + if (arg_machine) { + char *m; ++ const char *cgroup; ++ _cleanup_free_ char *scope = NULL; ++ _cleanup_free_ char *path = NULL; ++ _cleanup_bus_message_unref_ sd_bus_message *reply = NULL; ++ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; ++ + m = strappenda("/run/systemd/machines/", arg_machine); +- r = parse_env_file(m, NEWLINE, "CGROUP", &root, NULL); ++ r = parse_env_file(m, NEWLINE, "SCOPE", &scope, NULL); ++ if (r < 0) { ++ log_error("Failed to get machine path: %s", strerror(-r)); ++ goto finish; ++ } ++ ++ path = unit_dbus_path_from_name(scope); ++ if (!path) { ++ r = log_oom(); ++ goto finish; ++ } ++ ++ r = sd_bus_get_property( ++ bus, ++ "org.freedesktop.systemd1", ++ path, ++ "org.freedesktop.systemd1.Scope", ++ "ControlGroup", ++ &error, ++ &reply, ++ "s"); ++ ++ if (r < 0) { ++ log_error("Failed to query ControlGroup: %s", bus_error_message(&error, -r)); ++ goto finish; ++ } ++ ++ r = sd_bus_message_read(reply, "s", &cgroup); ++ if (r < 0) { ++ bus_log_parse_error(r); ++ goto finish; ++ } ++ ++ root = strdup(cgroup); ++ if (!root) { ++ r = log_oom(); ++ goto finish; ++ } ++ + } else + r = cg_get_root_path(&root); + if (r < 0) { +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 3dd4c91..4201e1e 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -871,7 +871,7 @@ int manager_setup_cgroup(Manager *m) { + safe_close(m->pin_cgroupfs_fd); + + m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK); +- if (r < 0) { ++ if (m->pin_cgroupfs_fd < 0) { + log_error("Failed to open pin file: %m"); + return -errno; + } +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 775825b..5b1c4e3 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -173,6 +173,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->cpu_accounting = b; ++ u->cgroup_realized_mask &= ~CGROUP_CPUACCT; + unit_write_drop_in_private(u, mode, name, b ? "CPUAccounting=yes" : "CPUAccounting=no"); + } + +@@ -192,6 +193,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->cpu_shares = ul; ++ u->cgroup_realized_mask &= ~CGROUP_CPU; + unit_write_drop_in_private_format(u, mode, name, "CPUShares=%lu", ul); + } + +@@ -206,6 +208,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->blockio_accounting = b; ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; + unit_write_drop_in_private(u, mode, name, b ? "BlockIOAccounting=yes" : "BlockIOAccounting=no"); + } + +@@ -225,6 +228,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->blockio_weight = ul; ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; + unit_write_drop_in_private_format(u, mode, name, "BlockIOWeight=%lu", ul); + } + +@@ -294,6 +298,8 @@ int bus_cgroup_set_property( + cgroup_context_free_blockio_device_bandwidth(c, a); + } + ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; ++ + f = open_memstream(&buf, &size); + if (!f) + return -ENOMEM; +@@ -375,6 +381,8 @@ int bus_cgroup_set_property( + cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights); + } + ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; ++ + f = open_memstream(&buf, &size); + if (!f) + return -ENOMEM; +@@ -398,6 +406,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->memory_accounting = b; ++ u->cgroup_realized_mask &= ~CGROUP_MEMORY; + unit_write_drop_in_private(u, mode, name, b ? "MemoryAccounting=yes" : "MemoryAccounting=no"); + } + +@@ -412,6 +421,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->memory_limit = limit; ++ u->cgroup_realized_mask &= ~CGROUP_MEMORY; + unit_write_drop_in_private_format(u, mode, name, "%s=%" PRIu64, name, limit); + } + +@@ -433,6 +443,7 @@ int bus_cgroup_set_property( + char *buf; + + c->device_policy = p; ++ u->cgroup_realized_mask &= ~CGROUP_DEVICE; + + buf = strappenda("DevicePolicy=", policy); + unit_write_drop_in_private(u, mode, name, buf); +@@ -511,6 +522,8 @@ int bus_cgroup_set_property( + cgroup_context_free_device_allow(c, c->device_allow); + } + ++ u->cgroup_realized_mask &= ~CGROUP_DEVICE; ++ + f = open_memstream(&buf, &size); + if (!f) + return -ENOMEM; +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index 13b3d0d..37d4154 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -842,7 +842,7 @@ int bus_exec_context_set_transient_property( + strv_free(c->environment); + c->environment = e; + +- joined = strv_join(c->environment, " "); ++ joined = strv_join_quoted(c->environment); + if (!joined) + return -ENOMEM; + +diff --git a/src/core/job.c b/src/core/job.c +index 35a9de6..dc4f441 100644 +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -1060,6 +1060,9 @@ int job_coldplug(Job *j) { + if (r < 0) + return r; + ++ if (j->state == JOB_WAITING) ++ job_add_to_run_queue(j); ++ + if (j->begin_usec == 0 || j->unit->job_timeout == 0) + return 0; + +diff --git a/src/core/killall.c b/src/core/killall.c +index 57ed41c..eab48f7 100644 +--- a/src/core/killall.c ++++ b/src/core/killall.c +@@ -168,7 +168,7 @@ static int killall(int sig, Set *pids, bool send_sighup) { + continue; + + if (sig == SIGKILL) { +- _cleanup_free_ char *s; ++ _cleanup_free_ char *s = NULL; + + get_process_comm(pid, &s); + log_notice("Sending SIGKILL to PID "PID_FMT" (%s).", pid, strna(s)); +diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c +index d459afe..2a58e48 100644 +--- a/src/core/machine-id-setup.c ++++ b/src/core/machine-id-setup.c +@@ -93,32 +93,9 @@ static int generate(char id[34], const char *root) { + } + } + +- /* If that didn't work, see if we are running in qemu/kvm and a +- * machine ID was passed in via -uuid on the qemu/kvm command +- * line */ +- +- r = detect_vm(&vm_id); +- if (r > 0 && streq(vm_id, "kvm")) { +- char uuid[37]; +- +- fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); +- if (fd >= 0) { +- k = loop_read(fd, uuid, 36, false); +- safe_close(fd); +- +- if (k >= 36) { +- r = shorten_uuid(id, uuid); +- if (r >= 0) { +- log_info("Initializing machine ID from KVM UUID."); +- return 0; +- } +- } +- } +- } +- +- /* If that didn't work either, see if we are running in a +- * container, and a machine ID was passed in via +- * $container_uuid the way libvirt/LXC does it */ ++ /* If that didn't work, see if we are running in a container, ++ * and a machine ID was passed in via $container_uuid the way ++ * libvirt/LXC does it */ + r = detect_container(NULL); + if (r > 0) { + _cleanup_free_ char *e = NULL; +@@ -133,6 +110,30 @@ static int generate(char id[34], const char *root) { + } + } + } ++ ++ } else { ++ /* If we are not running in a container, see if we are ++ * running in qemu/kvm and a machine ID was passed in ++ * via -uuid on the qemu/kvm command line */ ++ ++ r = detect_vm(&vm_id); ++ if (r > 0 && streq(vm_id, "kvm")) { ++ char uuid[37]; ++ ++ fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); ++ if (fd >= 0) { ++ k = loop_read(fd, uuid, 36, false); ++ safe_close(fd); ++ ++ if (k >= 36) { ++ r = shorten_uuid(id, uuid); ++ if (r >= 0) { ++ log_info("Initializing machine ID from KVM UUID."); ++ return 0; ++ } ++ } ++ } ++ } + } + + /* If that didn't work, generate a random machine id */ diff --git a/src/core/main.c b/src/core/main.c -index 41605ee..8517369 100644 +index 41605ee..c65701d 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -1883,7 +1883,7 @@ finish: +@@ -1840,6 +1840,7 @@ finish: + if (reexecute) { + const char **args; + unsigned i, args_size; ++ sigset_t ss; + + /* Close and disarm the watchdog, so that the new + * instance can reinitialize it, but doesn't get +@@ -1883,7 +1884,7 @@ finish: char_array_0(sfd); i = 0; @@ -41,6 +411,83 @@ index 41605ee..8517369 100644 if (switch_root_dir) args[i++] = "--switched-root"; args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; +@@ -1923,6 +1924,13 @@ finish: + args[i++] = NULL; + assert(i <= args_size); + ++ /* reenable any blocked signals, especially important ++ * if we switch from initial ramdisk to init=... */ ++ reset_all_signal_handlers(); ++ ++ assert_se(sigemptyset(&ss) == 0); ++ assert_se(sigprocmask(SIG_SETMASK, &ss, NULL) == 0); ++ + if (switch_root_init) { + args[0] = switch_root_init; + execv(args[0], (char* const*) args); +diff --git a/src/core/manager.c b/src/core/manager.c +index 224106c..7342095 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -422,7 +422,7 @@ int manager_new(SystemdRunningAs running_as, Manager **_m) { + return -ENOMEM; + + #ifdef ENABLE_EFI +- if (detect_container(NULL) <= 0) ++ if (running_as == SYSTEMD_SYSTEM && detect_container(NULL) <= 0) + boot_timestamps(&m->userspace_timestamp, &m->firmware_timestamp, &m->loader_timestamp); + #endif + +@@ -2129,9 +2129,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) { + if (u->id != t) + continue; + +- if (!unit_can_serialize(u)) +- continue; +- + /* Start marker */ + fputs(u->id, f); + fputc('\n', f); +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 9f15211..e41cf5b 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -42,6 +42,7 @@ + #include "mkdir.h" + #include "dev-setup.h" + #include "def.h" ++#include "label.h" + + typedef enum MountMode { + /* This is ordered by priority! */ +@@ -68,6 +69,7 @@ static int append_mounts(BindMount **p, char **strv, MountMode mode) { + STRV_FOREACH(i, strv) { + + (*p)->ignore = false; ++ (*p)->done = false; + + if ((mode == INACCESSIBLE || mode == READONLY || mode == READWRITE) && (*i)[0] == '-') { + (*p)->ignore = true; +@@ -217,7 +219,10 @@ static int mount_dev(BindMount *m) { + goto fail; + } + ++ label_context_set(d, st.st_mode); + r = mknod(dn, st.st_mode, st.st_rdev); ++ label_context_clear(); ++ + if (r < 0) { + r = -errno; + goto fail; +@@ -350,7 +355,7 @@ int setup_namespace( + private_dev; + + if (n > 0) { +- m = mounts = (BindMount *) alloca(n * sizeof(BindMount)); ++ m = mounts = (BindMount *) alloca0(n * sizeof(BindMount)); + r = append_mounts(&m, read_write_dirs, READWRITE); + if (r < 0) + return r; diff --git a/src/core/service.c b/src/core/service.c index ae3695a..6b3aa45 100644 --- a/src/core/service.c @@ -58,7 +505,7 @@ index ae3695a..6b3aa45 100644 log_error_unit(UNIT(s)->id, "%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->id); return -EINVAL; diff --git a/src/core/socket.c b/src/core/socket.c -index 7c18a2b..eba67d5 100644 +index 7c18a2b..1a560a6 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) { @@ -96,6 +543,115 @@ index 7c18a2b..eba67d5 100644 break; } +@@ -1242,6 +1251,8 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { + NULL, + s->exec_runtime, + &pid); ++ if (r < 0) ++ goto fail; + + strv_free(argv); + if (r < 0) +@@ -1497,6 +1508,12 @@ static void socket_enter_running(Socket *s, int cfd) { + } + + if (!pending) { ++ if (!UNIT_ISSET(s->service)) { ++ log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id); ++ r = -ENOENT; ++ goto fail; ++ } ++ + r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL); + if (r < 0) + goto fail; +diff --git a/src/core/timer.c b/src/core/timer.c +index 6c85304..720b8af 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -111,6 +111,23 @@ static int timer_add_default_dependencies(Timer *t) { + return unit_add_two_dependencies_by_name(UNIT(t), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true); + } + ++static void update_stampfile(Timer *t, usec_t timestamp) { ++ _cleanup_close_ int fd = -1; ++ ++ mkdir_parents_label(t->stamp_path, 0755); ++ ++ /* Update the file atime + mtime, if we can */ ++ fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); ++ if (fd >= 0) { ++ struct timespec ts[2]; ++ ++ timespec_store(&ts[0], timestamp); ++ ts[1] = ts[0]; ++ ++ futimens(fd, ts); ++ } ++} ++ + static int timer_setup_persistent(Timer *t) { + int r; + +@@ -131,7 +148,7 @@ static int timer_setup_persistent(Timer *t) { + + e = getenv("XDG_DATA_HOME"); + if (e) +- t->stamp_path = strjoin(e, "/systemd/timers/", UNIT(t)->id, NULL); ++ t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id, NULL); + else { + + _cleanup_free_ char *h = NULL; +@@ -496,22 +513,8 @@ static void timer_enter_running(Timer *t) { + + dual_timestamp_get(&t->last_trigger); + +- if (t->stamp_path) { +- _cleanup_close_ int fd = -1; +- +- mkdir_parents_label(t->stamp_path, 0755); +- +- /* Update the file atime + mtime, if we can */ +- fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); +- if (fd >= 0) { +- struct timespec ts[2]; +- +- timespec_store(&ts[0], t->last_trigger.realtime); +- ts[1] = ts[0]; +- +- futimens(fd, ts); +- } +- } ++ if (t->stamp_path) ++ update_stampfile(t, t->last_trigger.realtime); + + timer_set_state(t, TIMER_RUNNING); + return; +@@ -539,6 +542,11 @@ static int timer_start(Unit *u) { + + if (stat(t->stamp_path, &st) >= 0) + t->last_trigger.realtime = timespec_load(&st.st_atim); ++ else if (errno == ENOENT) ++ /* The timer has never run before, ++ * make sure a stamp file exists. ++ */ ++ update_stampfile(t, now(CLOCK_REALTIME)); + } + + t->result = TIMER_SUCCESS; +diff --git a/src/core/transaction.c b/src/core/transaction.c +index d00f427..2befc32 100644 +--- a/src/core/transaction.c ++++ b/src/core/transaction.c +@@ -378,7 +378,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi + "Found dependency on %s/%s", + k->unit->id, job_type_to_string(k->type)); + +- if (!delete && ++ if (!delete && hashmap_get(tr->jobs, k->unit) && + !unit_matters_to_anchor(k->unit, k)) { + /* Ok, we can drop this one, so let's + * do so. */ diff --git a/src/core/umount.c b/src/core/umount.c index d1258f0..0311812 100644 --- a/src/core/umount.c @@ -109,6 +665,195 @@ index d1258f0..0311812 100644 #ifndef HAVE_SPLIT_USR || path_equal(m->path, "/usr") #endif +diff --git a/src/core/unit.c b/src/core/unit.c +index 153b79b..ed52694 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2287,25 +2287,25 @@ bool unit_can_serialize(Unit *u) { + } + + int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) { +- ExecRuntime *rt; + int r; + + assert(u); + assert(f); + assert(fds); + +- if (!unit_can_serialize(u)) +- return 0; +- +- r = UNIT_VTABLE(u)->serialize(u, f, fds); +- if (r < 0) +- return r; ++ if (unit_can_serialize(u)) { ++ ExecRuntime *rt; + +- rt = unit_get_exec_runtime(u); +- if (rt) { +- r = exec_runtime_serialize(rt, u, f, fds); ++ r = UNIT_VTABLE(u)->serialize(u, f, fds); + if (r < 0) + return r; ++ ++ rt = unit_get_exec_runtime(u); ++ if (rt) { ++ r = exec_runtime_serialize(rt, u, f, fds); ++ if (r < 0) ++ return r; ++ } + } + + dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp); +@@ -2367,17 +2367,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) { + } + + int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { +- size_t offset; + ExecRuntime **rt = NULL; ++ size_t offset; + int r; + + assert(u); + assert(f); + assert(fds); + +- if (!unit_can_serialize(u)) +- return 0; +- + offset = UNIT_VTABLE(u)->exec_runtime_offset; + if (offset > 0) + rt = (ExecRuntime**) ((uint8_t*) u + offset); +@@ -2487,24 +2484,34 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { + if (!s) + return -ENOMEM; + +- free(u->cgroup_path); +- u->cgroup_path = s; ++ if (u->cgroup_path) { ++ void *p; + ++ p = hashmap_remove(u->manager->cgroup_unit, u->cgroup_path); ++ log_info("Removing cgroup_path %s from hashmap (%p)", ++ u->cgroup_path, p); ++ free(u->cgroup_path); ++ } ++ ++ u->cgroup_path = s; + assert(hashmap_put(u->manager->cgroup_unit, s, u) == 1); ++ + continue; + } + +- if (rt) { +- r = exec_runtime_deserialize_item(rt, u, l, v, fds); ++ if (unit_can_serialize(u)) { ++ if (rt) { ++ r = exec_runtime_deserialize_item(rt, u, l, v, fds); ++ if (r < 0) ++ return r; ++ if (r > 0) ++ continue; ++ } ++ ++ r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); + if (r < 0) + return r; +- if (r > 0) +- continue; + } +- +- r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); +- if (r < 0) +- return r; + } + } + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 75d56dd..be8fb2f 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -29,6 +29,7 @@ + #include "mkdir.h" + #include "strv.h" + #include "fileio.h" ++#include "path-util.h" + + static const char *arg_dest = "/tmp"; + static bool arg_enabled = true; +@@ -144,16 +145,19 @@ static int create_disk( + if (!uu) + return log_oom(); + +- if (is_device_path(uu)) { +- _cleanup_free_ char *dd; ++ if (!path_equal(uu, "/dev/null")) { + +- dd = unit_name_from_path(uu, ".device"); +- if (!dd) +- return log_oom(); ++ if (is_device_path(uu)) { ++ _cleanup_free_ char *dd; + +- fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); +- } else +- fprintf(f, "RequiresMountsFor=%s\n", password); ++ dd = unit_name_from_path(uu, ".device"); ++ if (!dd) ++ return log_oom(); ++ ++ fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); ++ } else ++ fprintf(f, "RequiresMountsFor=%s\n", password); ++ } + } + } + +@@ -287,7 +291,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { + } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) { + + free(arg_keyfile); +- arg_keyfile = strdup(key); ++ arg_keyfile = strdup(value); + if (!arg_keyfile) + return log_oom(); + +diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c +index 9b9074c..ad6c76c 100644 +--- a/src/cryptsetup/cryptsetup.c ++++ b/src/cryptsetup/cryptsetup.c +@@ -88,6 +88,13 @@ static int parse_one_option(const char *option) { + return 0; + } + ++ if (arg_key_size % 8) { ++ log_error("size= not a multiple of 8, ignoring."); ++ return 0; ++ } ++ ++ arg_key_size /= 8; ++ + } else if (startswith(option, "key-slot=")) { + + arg_type = CRYPT_LUKS1; +@@ -404,7 +411,7 @@ static int attach_luks_or_plain(struct crypt_device *cd, + /* for CRYPT_PLAIN limit reads + * from keyfile to key length, and + * ignore keyfile-size */ +- arg_keyfile_size = arg_key_size / 8; ++ arg_keyfile_size = arg_key_size; + + /* In contrast to what the name + * crypt_setup() might suggest this +@@ -567,7 +574,7 @@ int main(int argc, char *argv[]) { + else + until = 0; + +- arg_key_size = (arg_key_size > 0 ? arg_key_size : 256); ++ arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); + + if (key_file) { + struct stat st; diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c index 18f2aca..2a2b1ea 100644 --- a/src/fsck/fsck.c @@ -131,11 +876,715 @@ index 18f2aca..2a2b1ea 100644 cmdline[i++] = "-a"; cmdline[i++] = "-T"; cmdline[i++] = "-l"; +diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c +index 6a4aa2c..700e90a 100644 +--- a/src/getty-generator/getty-generator.c ++++ b/src/getty-generator/getty-generator.c +@@ -72,7 +72,7 @@ static int add_serial_getty(const char *tty) { + + log_debug("Automatically adding serial getty for /dev/%s.", tty); + +- n = unit_name_replace_instance("serial-getty@.service", tty); ++ n = unit_name_from_path_instance("serial-getty", tty, ".service"); + if (!n) + return log_oom(); + +@@ -86,7 +86,7 @@ static int add_container_getty(const char *tty) { + + log_debug("Automatically adding container getty for /dev/pts/%s.", tty); + +- n = unit_name_replace_instance("container-getty@.service", tty); ++ n = unit_name_from_path_instance("container-getty", tty, ".service"); + if (!n) + return log_oom(); + +diff --git a/src/journal/catalog.c b/src/journal/catalog.c +index 3ed0b7e..02dedc4 100644 +--- a/src/journal/catalog.c ++++ b/src/journal/catalog.c +@@ -103,7 +103,7 @@ static int finish_item( + const char *payload) { + + ssize_t offset; +- CatalogItem *i; ++ _cleanup_free_ CatalogItem *i = NULL; + int r; + + assert(h); +@@ -126,13 +126,14 @@ static int finish_item( + i->offset = htole64((uint64_t) offset); + + r = hashmap_put(h, i, i); +- if (r == EEXIST) { ++ if (r == -EEXIST) { + log_warning("Duplicate entry for " SD_ID128_FORMAT_STR ".%s, ignoring.", + SD_ID128_FORMAT_VAL(id), language ? language : "C"); +- free(i); + return 0; +- } ++ } else if (r < 0) ++ return r; + ++ i = NULL; + return 0; + } + +@@ -383,8 +384,8 @@ error: + int catalog_update(const char* database, const char* root, const char* const* dirs) { + _cleanup_strv_free_ char **files = NULL; + char **f; +- Hashmap *h; + struct strbuf *sb = NULL; ++ _cleanup_hashmap_free_free_ Hashmap *h = NULL; + _cleanup_free_ CatalogItem *items = NULL; + CatalogItem *i; + Iterator j; +@@ -406,13 +407,17 @@ int catalog_update(const char* database, const char* root, const char* const* di + } + + STRV_FOREACH(f, files) { +- log_debug("reading file '%s'", *f); +- catalog_import_file(h, sb, *f); ++ log_debug("Reading file '%s'", *f); ++ r = catalog_import_file(h, sb, *f); ++ if (r < 0) { ++ log_error("Failed to import file '%s': %s.", ++ *f, strerror(-r)); ++ goto finish; ++ } + } + + if (hashmap_size(h) <= 0) { + log_info("No items in catalog."); +- r = 0; + goto finish; + } else + log_debug("Found %u items in catalog.", hashmap_size(h)); +@@ -443,11 +448,7 @@ int catalog_update(const char* database, const char* root, const char* const* di + log_debug("%s: wrote %u items, with %zu bytes of strings, %ld total size.", + database, n, sb->len, r); + +- r = 0; +- + finish: +- if (h) +- hashmap_free_free(h); + if (sb) + strbuf_cleanup(sb); + +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index f2f1f35..fd9d2a8 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -274,12 +274,6 @@ static int journal_file_verify_header(JournalFile *f) { + !VALID64(le64toh(f->header->entry_array_offset))) + return -ENODATA; + +- if (le64toh(f->header->data_hash_table_offset) < le64toh(f->header->header_size) || +- le64toh(f->header->field_hash_table_offset) < le64toh(f->header->header_size) || +- le64toh(f->header->tail_object_offset) < le64toh(f->header->header_size) || +- le64toh(f->header->entry_array_offset) < le64toh(f->header->header_size)) +- return -ENODATA; +- + if (f->writable) { + uint8_t state; + sd_id128_t machine_id; +diff --git a/src/journal/journal-remote-parse.c b/src/journal/journal-remote-parse.c +index 142de0e..239ff38 100644 +--- a/src/journal/journal-remote-parse.c ++++ b/src/journal/journal-remote-parse.c +@@ -40,7 +40,7 @@ void source_free(RemoteSource *source) { + + static int get_line(RemoteSource *source, char **line, size_t *size) { + ssize_t n, remain; +- char *c; ++ char *c = NULL; + char *newbuf = NULL; + size_t newsize = 0; + +@@ -49,7 +49,9 @@ static int get_line(RemoteSource *source, char **line, size_t *size) { + assert(source->filled <= source->size); + assert(source->buf == NULL || source->size > 0); + +- c = memchr(source->buf, '\n', source->filled); ++ if (source->buf) ++ c = memchr(source->buf, '\n', source->filled); ++ + if (c != NULL) + goto docopy; + +diff --git a/src/journal/journald-kmsg.c b/src/journal/journald-kmsg.c +index 35948ea..48725e4 100644 +--- a/src/journal/journald-kmsg.c ++++ b/src/journal/journald-kmsg.c +@@ -152,7 +152,7 @@ static void dev_kmsg_record(Server *s, char *p, size_t l) { + /* Did we lose any? */ + if (serial > *s->kernel_seqnum) + server_driver_message(s, SD_MESSAGE_JOURNAL_MISSED, "Missed %"PRIu64" kernel messages", +- serial - *s->kernel_seqnum - 1); ++ serial - *s->kernel_seqnum); + + /* Make sure we never read this one again. Note that + * we always store the next message serial we expect +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 6da81e7..b6f8e7e 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -67,6 +67,7 @@ + #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE) + #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC) + #define DEFAULT_RATE_LIMIT_BURST 1000 ++#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH + + #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC) + +@@ -1473,6 +1474,8 @@ int server_init(Server *s) { + s->forward_to_syslog = true; + s->forward_to_wall = true; + ++ s->max_file_usec = DEFAULT_MAX_FILE_USEC; ++ + s->max_level_store = LOG_DEBUG; + s->max_level_syslog = LOG_DEBUG; + s->max_level_kmsg = LOG_NOTICE; +diff --git a/src/journal/microhttpd-util.c b/src/journal/microhttpd-util.c +index f693e0f..9a8d5c6 100644 +--- a/src/journal/microhttpd-util.c ++++ b/src/journal/microhttpd-util.c +@@ -129,7 +129,7 @@ void log_func_gnutls(int level, const char *message) { + if (0 <= level && level < (int) ELEMENTSOF(log_level_map)) + ourlevel = log_level_map[level]; + else +- level = LOG_DEBUG; ++ ourlevel = LOG_DEBUG; + + log_meta(ourlevel, NULL, 0, NULL, "gnutls: %s", message); + } +diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c +index b087a8b..967ab67 100644 +--- a/src/journal/test-catalog.c ++++ b/src/journal/test-catalog.c +@@ -157,7 +157,8 @@ int main(int argc, char *argv[]) { + + setlocale(LC_ALL, "de_DE.UTF-8"); + +- log_set_max_level(LOG_DEBUG); ++ log_parse_environment(); ++ log_open(); + + test_catalog_file_lang(); + +diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c +index 84a8ffa..e79b318 100644 +--- a/src/libsystemd/sd-rtnl/rtnl-message.c ++++ b/src/libsystemd/sd-rtnl/rtnl-message.c +@@ -335,24 +335,28 @@ int sd_rtnl_message_link_get_flags(sd_rtnl_message *m, unsigned *flags) { + /* If successful the updated message will be correctly aligned, if + unsuccessful the old message is untouched. */ + static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data, size_t data_length) { +- uint32_t rta_length, message_length; ++ uint32_t rta_length; ++ size_t message_length, padding_length; + struct nlmsghdr *new_hdr; + struct rtattr *rta; + char *padding; + unsigned i; ++ int offset; + + assert(m); + assert(m->hdr); + assert(!m->sealed); + assert(NLMSG_ALIGN(m->hdr->nlmsg_len) == m->hdr->nlmsg_len); +- assert(!data || data_length > 0); +- assert(data || m->n_containers < RTNL_CONTAINER_DEPTH); ++ assert(!data || data_length); ++ ++ /* get offset of the new attribute */ ++ offset = m->hdr->nlmsg_len; + + /* get the size of the new rta attribute (with padding at the end) */ + rta_length = RTA_LENGTH(data_length); + + /* get the new message size (with padding at the end) */ +- message_length = m->hdr->nlmsg_len + RTA_ALIGN(rta_length); ++ message_length = offset + RTA_ALIGN(rta_length); + + /* realloc to fit the new attribute */ + new_hdr = realloc(m->hdr, message_length); +@@ -361,32 +365,35 @@ static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data, + m->hdr = new_hdr; + + /* get pointer to the attribute we are about to add */ +- rta = (struct rtattr *) ((uint8_t *) m->hdr + m->hdr->nlmsg_len); ++ rta = (struct rtattr *) ((uint8_t *) m->hdr + offset); + + /* if we are inside containers, extend them */ + for (i = 0; i < m->n_containers; i++) +- GET_CONTAINER(m, i)->rta_len += message_length - m->hdr->nlmsg_len; ++ GET_CONTAINER(m, i)->rta_len += message_length - offset; + + /* fill in the attribute */ + rta->rta_type = type; + rta->rta_len = rta_length; +- if (!data) { +- /* this is the start of a new container */ +- m->container_offsets[m->n_containers ++] = m->hdr->nlmsg_len; +- } else { ++ if (data) + /* we don't deal with the case where the user lies about the type + * and gives us too little data (so don't do that) +- */ ++ */ + padding = mempcpy(RTA_DATA(rta), data, data_length); +- /* make sure also the padding at the end of the message is initialized */ +- memzero(padding, +- (uint8_t *) m->hdr + message_length - (uint8_t *) padding); ++ else { ++ /* if no data was passed, make sure we still initialize the padding ++ note that we can have data_length > 0 (used by some containers) */ ++ padding = RTA_DATA(rta); ++ data_length = 0; + } + ++ /* make sure also the padding at the end of the message is initialized */ ++ padding_length = (uint8_t*)m->hdr + message_length - (uint8_t*)padding; ++ memzero(padding, padding_length); ++ + /* update message size */ + m->hdr->nlmsg_len = message_length; + +- return 0; ++ return offset; + } + + int sd_rtnl_message_append_string(sd_rtnl_message *m, unsigned short type, const char *data) { +@@ -761,22 +768,29 @@ int sd_rtnl_message_open_container(sd_rtnl_message *m, unsigned short type) { + + assert_return(m, -EINVAL); + assert_return(!m->sealed, -EPERM); ++ assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -ERANGE); + + sd_rtnl_message_get_type(m, &rtm_type); + ++ int r = -ENOTSUP; ++ + if (rtnl_message_type_is_link(rtm_type)) { + + if ((type == IFLA_LINKINFO && m->n_containers == 0) || + (type == IFLA_INFO_DATA && m->n_containers == 1 && + GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO)) +- return add_rtattr(m, type, NULL, 0); ++ r = add_rtattr(m, type, NULL, 0); + else if (type == VETH_INFO_PEER && m->n_containers == 2 && + GET_CONTAINER(m, 1)->rta_type == IFLA_INFO_DATA && + GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO) +- return add_rtattr(m, type, NULL, sizeof(struct ifinfomsg)); ++ r= add_rtattr(m, type, NULL, sizeof(struct ifinfomsg)); + } + +- return -ENOTSUP; ++ if (r < 0) return r; ++ ++ m->container_offsets[m->n_containers ++] = r; ++ ++ return 0; + } + + int sd_rtnl_message_close_container(sd_rtnl_message *m) { +diff --git a/src/libudev/libudev-monitor.c b/src/libudev/libudev-monitor.c +index ba1b04d..85b1e40 100644 +--- a/src/libudev/libudev-monitor.c ++++ b/src/libudev/libudev-monitor.c +@@ -108,15 +108,13 @@ static struct udev_monitor *udev_monitor_new(struct udev *udev) + + /* we consider udev running when /dev is on devtmpfs */ + static bool udev_has_devtmpfs(struct udev *udev) { +- struct file_handle *h; ++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, }; + int mount_id; + _cleanup_fclose_ FILE *f = NULL; + char line[LINE_MAX], *e; + int r; + +- h = alloca(MAX_HANDLE_SZ); +- h->handle_bytes = MAX_HANDLE_SZ; +- r = name_to_handle_at(AT_FDCWD, "/dev", h, &mount_id, 0); ++ r = name_to_handle_at(AT_FDCWD, "/dev", &h.handle, &mount_id, 0); + if (r < 0) + return false; + +diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules +index e1cf897..57f619d 100644 +--- a/src/login/70-uaccess.rules ++++ b/src/login/70-uaccess.rules +@@ -12,7 +12,7 @@ ENV{MAJOR}=="", GOTO="uaccess_end" + SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess" + + # Digicams with proprietary protocol +-ENV{ID_GPHOTO2}=="*?", TAG+="uaccess" ++ENV{ID_GPHOTO2}=="?*", TAG+="uaccess" + + # SCSI and USB scanners + ENV{libsane_matched}=="yes", TAG+="uaccess" +@@ -49,13 +49,13 @@ SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess" + SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess" + + # smart-card readers +-ENV{ID_SMARTCARD_READER}=="*?", TAG+="uaccess" ++ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess" + + # (USB) authentication devices +-ENV{ID_SECURITY_TOKEN}=="*?", TAG+="uaccess" ++ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess" + + # PDA devices +-ENV{ID_PDA}=="*?", TAG+="uaccess" ++ENV{ID_PDA}=="?*", TAG+="uaccess" + + # Programmable remote control + ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" +@@ -64,10 +64,10 @@ ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" + SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess" + + # color measurement devices +-ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="uaccess" ++ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess" + + # DDC/CI device, usually high-end monitors such as the DreamColor +-ENV{DDC_DEVICE}=="*?", TAG+="uaccess" ++ENV{DDC_DEVICE}=="?*", TAG+="uaccess" + + # media player raw devices (for user-mode drivers, Android SDK, etc.) + SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" +diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c +index dc86f0f..4bbeb64 100644 +--- a/src/login/logind-acl.c ++++ b/src/login/logind-acl.c +@@ -279,7 +279,9 @@ int devnode_acl_all(struct udev *udev, + + log_debug("Fixing up ACLs at %s for seat %s", n, seat); + k = devnode_acl(n, flush, del, old_uid, add, new_uid); +- if (k < 0) ++ if (k == -ENOENT) ++ log_debug("Device %s disappeared while setting ACLs", n); ++ else if (k < 0) + r = k; + } + +diff --git a/src/login/logind-action.c b/src/login/logind-action.c +index 1928f43..d69c7ad 100644 +--- a/src/login/logind-action.c ++++ b/src/login/logind-action.c +@@ -79,14 +79,12 @@ int manager_handle_action( + return 0; + } + +- /* If we have more than one or no displays connected, +- * don't react to lid closing. The no display case we +- * treat like this under the assumption that there is +- * no modern drm driver available. */ ++ /* If we have more than one display connected, ++ * don't react to lid closing. */ + n = manager_count_displays(m); + if (n < 0) + log_warning("Display counting failed: %s", strerror(-n)); +- else if (n != 1) { ++ else if (n > 1) { + log_debug("Ignoring lid switch request, %i displays connected.", n); + return 0; + } +diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c +index 3f5efdc..1ee6ced 100644 +--- a/src/login/logind-seat.c ++++ b/src/login/logind-seat.c +@@ -275,8 +275,13 @@ int seat_switch_to(Seat *s, unsigned int num) { + if (!num) + return -EINVAL; + +- if (num >= s->position_count || !s->positions[num]) ++ if (num >= s->position_count || !s->positions[num]) { ++ /* allow switching to unused VTs to trigger auto-activate */ ++ if (seat_has_vts(s) && num < 64) ++ return chvt(num); ++ + return -EINVAL; ++ } + + return session_activate(s->positions[num]); + } +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 4ca6b5d..02a780d 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -213,7 +213,6 @@ int session_save(Session *s) { + + if (s->scope) + fprintf(f, "SCOPE=%s\n", s->scope); +- + if (s->scope_job) + fprintf(f, "SCOPE_JOB=%s\n", s->scope_job); + +@@ -229,17 +228,54 @@ int session_save(Session *s) { + if (s->display) + fprintf(f, "DISPLAY=%s\n", s->display); + +- if (s->remote_host) +- fprintf(f, "REMOTE_HOST=%s\n", s->remote_host); ++ if (s->remote_host) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(s->remote_host); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "REMOTE_HOST=%s\n", escaped); ++ } ++ ++ if (s->remote_user) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(s->remote_user); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "REMOTE_USER=%s\n", escaped); ++ } ++ ++ if (s->service) { ++ _cleanup_free_ char *escaped; + +- if (s->remote_user) +- fprintf(f, "REMOTE_USER=%s\n", s->remote_user); ++ escaped = cescape(s->service); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "SERVICE=%s\n", escaped); ++ } + +- if (s->service) +- fprintf(f, "SERVICE=%s\n", s->service); ++ if (s->desktop) { ++ _cleanup_free_ char *escaped; + +- if (s->desktop) +- fprintf(f, "DESKTOP=%s\n", s->desktop); ++ ++ escaped = cescape(s->desktop); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "DESKTOP=%s\n", escaped); ++ } + + if (s->seat && seat_has_vts(s->seat)) + fprintf(f, "VTNR=%u\n", s->vtnr); +@@ -972,6 +1008,10 @@ void session_mute_vt(Session *s) { + if (vt < 0) + return; + ++ r = fchown(vt, s->user->uid, -1); ++ if (r < 0) ++ goto error; ++ + r = ioctl(vt, KDSKBMODE, K_OFF); + if (r < 0) + goto error; +@@ -1026,6 +1066,8 @@ void session_restore_vt(Session *s) { + mode.mode = VT_AUTO; + ioctl(vt, VT_SETMODE, &mode); + ++ fchown(vt, 0, -1); ++ + s->vtfd = safe_close(s->vtfd); + } + +diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in +index b96d32d..b8e90f1 100644 +--- a/src/login/org.freedesktop.login1.policy.in ++++ b/src/login/org.freedesktop.login1.policy.in +@@ -254,7 +254,7 @@ + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> +- <allow_active>auth_admin_keep</allow_active> ++ <allow_active>yes</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate> + </action> +diff --git a/src/login/pam-module.c b/src/login/pam-module.c +index 9873dd5..1259457 100644 +--- a/src/login/pam-module.c ++++ b/src/login/pam-module.c +@@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( + } + + if (session_fd >= 0) { +- session_fd = dup(session_fd); ++ session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3); + if (session_fd < 0) { + pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m"); + return PAM_SESSION_ERR; +diff --git a/src/machine/machine.c b/src/machine/machine.c +index 9a5cc9a..de701ad 100644 +--- a/src/machine/machine.c ++++ b/src/machine/machine.c +@@ -123,17 +123,42 @@ int machine_save(Machine *m) { + "NAME=%s\n", + m->name); + +- if (m->unit) +- fprintf(f, "SCOPE=%s\n", m->unit); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */ ++ if (m->unit) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(m->unit); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "SCOPE=%s\n", escaped); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */ ++ } + + if (m->scope_job) + fprintf(f, "SCOPE_JOB=%s\n", m->scope_job); + +- if (m->service) +- fprintf(f, "SERVICE=%s\n", m->service); ++ if (m->service) { ++ _cleanup_free_ char *escaped; + +- if (m->root_directory) +- fprintf(f, "ROOT=%s\n", m->root_directory); ++ escaped = cescape(m->service); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ fprintf(f, "SERVICE=%s\n", escaped); ++ } ++ ++ if (m->root_directory) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(m->root_directory); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ fprintf(f, "ROOT=%s\n", escaped); ++ } + + if (!sd_id128_equal(m->id, SD_ID128_NULL)) + fprintf(f, "ID=" SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->id)); +@@ -330,16 +355,18 @@ static int machine_stop_scope(Machine *m) { + if (!m->unit) + return 0; + +- r = manager_stop_unit(m->manager, m->unit, &error, &job); +- if (r < 0) { +- log_error("Failed to stop machine scope: %s", bus_error_message(&error, r)); +- return r; ++ if (!m->registered) { ++ r = manager_stop_unit(m->manager, m->unit, &error, &job); ++ if (r < 0) { ++ log_error("Failed to stop machine scope: %s", bus_error_message(&error, r)); ++ return r; ++ } + } + + free(m->scope_job); + m->scope_job = job; + +- return r; ++ return 0; + } + + int machine_stop(Machine *m) { +@@ -415,6 +442,8 @@ int machine_kill(Machine *m, KillWho who, int signo) { + + if (kill(m->leader, signo) < 0) + return -errno; ++ ++ return 0; + } + + /* Otherwise make PID 1 do it for us, for the entire cgroup */ +diff --git a/src/machine/machine.h b/src/machine/machine.h +index f4aefc5..de3536d 100644 +--- a/src/machine/machine.h ++++ b/src/machine/machine.h +@@ -72,6 +72,7 @@ struct Machine { + + bool in_gc_queue:1; + bool started:1; ++ bool registered:1; + + sd_bus_message *create_message; + +diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c +index 9473105..154a335 100644 +--- a/src/machine/machined-dbus.c ++++ b/src/machine/machined-dbus.c +@@ -241,6 +241,7 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m + m->leader = leader; + m->class = c; + m->id = id; ++ m->registered = true; + + if (!isempty(service)) { + m->service = strdup(service); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 9a9ed9d..9e46e18 100644 +index 9a9ed9d..c3e6d23 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) { +@@ -769,6 +769,15 @@ static int setup_resolv_conf(const char *dest) { + return 0; + } + ++static char* id128_format_as_uuid(sd_id128_t id, char s[37]) { ++ ++ snprintf(s, 37, ++ "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", ++ SD_ID128_FORMAT_VAL(id)); ++ ++ return s; ++} ++ + static int setup_boot_id(const char *dest) { + _cleanup_free_ char *from = NULL, *to = NULL; + sd_id128_t rnd = {}; +@@ -794,10 +803,7 @@ static int setup_boot_id(const char *dest) { + return r; + } + +- snprintf(as_uuid, sizeof(as_uuid), +- "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", +- SD_ID128_FORMAT_VAL(rnd)); +- char_array_0(as_uuid); ++ id128_format_as_uuid(rnd, as_uuid); + + r = write_string_file(from, as_uuid); + if (r < 0) { +@@ -2378,7 +2384,7 @@ static int change_uid_gid(char **_home) { + _cleanup_fclose_ FILE *f = NULL; + _cleanup_close_ int fd = -1; + unsigned n_uids = 0; +- size_t sz, l; ++ size_t sz = 0, l; + uid_t uid; + gid_t gid; + pid_t pid; +@@ -2667,6 +2673,7 @@ int main(int argc, char *argv[]) { goto finish; } } else { @@ -143,7 +1592,7 @@ index 9a9ed9d..9e46e18 100644 const char *p; p = strappenda(arg_directory, -@@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) { +@@ -2676,6 +2683,7 @@ int main(int argc, char *argv[]) { goto finish; } @@ -151,6 +1600,46 @@ index 9a9ed9d..9e46e18 100644 } } else { char template[] = "/tmp/nspawn-root-XXXXXX"; +@@ -2748,8 +2756,6 @@ int main(int argc, char *argv[]) { + goto finish; + } + +- sd_notify(0, "READY=1"); +- + assert_se(sigemptyset(&mask) == 0); + sigset_add_many(&mask, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1); + assert_se(sigprocmask(SIG_BLOCK, &mask, NULL) == 0); +@@ -2966,7 +2972,9 @@ int main(int argc, char *argv[]) { + } + + if (!sd_id128_equal(arg_uuid, SD_ID128_NULL)) { +- if (asprintf((char**)(envp + n_env++), "container_uuid=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(arg_uuid)) < 0) { ++ char as_uuid[37]; ++ ++ if (asprintf((char**)(envp + n_env++), "container_uuid=%s", id128_format_as_uuid(arg_uuid, as_uuid)) < 0) { + log_oom(); + goto child_fail; + } +@@ -3086,6 +3094,8 @@ int main(int argc, char *argv[]) { + if (r < 0) + goto finish; + ++ sd_notify(0, "READY=1"); ++ + /* Notify the child that the parent is ready with all + * its setup, and thtat the child can now hand over + * control to the code to run inside the container. */ +@@ -3136,6 +3146,10 @@ int main(int argc, char *argv[]) { + + if (!arg_quiet) + log_info("Container %s is being rebooted.", arg_machine); ++ if (getenv("EXIT_ON_REBOOT") != 0) { ++ r = 10; ++ break; ++ } + continue; + } else if (status.si_code == CLD_KILLED || + status.si_code == CLD_DUMPED) { diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c index d61ecdf..228a3a4 100644 --- a/src/nss-myhostname/netlink.c @@ -166,6 +1655,88 @@ index d61ecdf..228a3a4 100644 if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED) continue; +diff --git a/src/python-systemd/_reader.c b/src/python-systemd/_reader.c +index 059b904..9a19a10 100644 +--- a/src/python-systemd/_reader.c ++++ b/src/python-systemd/_reader.c +@@ -902,7 +902,6 @@ static PyObject* get_catalog(PyObject *self, PyObject *args) { + sd_id128_t id; + _cleanup_free_ char *msg = NULL; + +- assert(!self); + assert(args); + + if (!PyArg_ParseTuple(args, "z:get_catalog", &id_)) +diff --git a/src/python-systemd/journal.py b/src/python-systemd/journal.py +index 9c7e004..dd1f229 100644 +--- a/src/python-systemd/journal.py ++++ b/src/python-systemd/journal.py +@@ -293,7 +293,7 @@ class Reader(_Reader): + monotonic = monotonic.totalseconds() + monotonic = int(monotonic * 1000000) + if isinstance(bootid, _uuid.UUID): +- bootid = bootid.get_hex() ++ bootid = bootid.hex + return super(Reader, self).seek_monotonic(monotonic, bootid) + + def log_level(self, level): +@@ -314,7 +314,7 @@ class Reader(_Reader): + Equivalent to add_match(MESSAGE_ID=`messageid`). + """ + if isinstance(messageid, _uuid.UUID): +- messageid = messageid.get_hex() ++ messageid = messageid.hex + self.add_match(MESSAGE_ID=messageid) + + def this_boot(self, bootid=None): +@@ -346,7 +346,7 @@ class Reader(_Reader): + + def get_catalog(mid): + if isinstance(mid, _uuid.UUID): +- mid = mid.get_hex() ++ mid = mid.hex + return _get_catalog(mid) + + def _make_line(field, value): +diff --git a/src/readahead/readahead-common.c b/src/readahead/readahead-common.c +index 5ffa88b..49679fc 100644 +--- a/src/readahead/readahead-common.c ++++ b/src/readahead/readahead-common.c +@@ -75,7 +75,7 @@ int fs_on_ssd(const char *p) { + if (major(st.st_dev) == 0) { + _cleanup_fclose_ FILE *f = NULL; + int mount_id; +- struct file_handle *h; ++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, }; + + /* Might be btrfs, which exposes "ssd" as mount flag if it is on ssd. + * +@@ -83,9 +83,7 @@ int fs_on_ssd(const char *p) { + * and then lookup the mount ID in mountinfo to find + * the mount options. */ + +- h = alloca(MAX_HANDLE_SZ); +- h->handle_bytes = MAX_HANDLE_SZ; +- r = name_to_handle_at(AT_FDCWD, p, h, &mount_id, AT_SYMLINK_FOLLOW); ++ r = name_to_handle_at(AT_FDCWD, p, &h.handle, &mount_id, AT_SYMLINK_FOLLOW); + if (r < 0) + return false; + +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index d27b1b7..905a2e1 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -336,8 +336,8 @@ int config_parse(const char *unit, + if (!f) { + f = ours = fopen(filename, "re"); + if (!f) { +- log_error("Failed to open configuration file '%s': %m", filename); +- return -errno; ++ log_full(errno == ENOENT ? LOG_DEBUG : LOG_ERR, "Failed to open configuration file '%s': %m", filename); ++ return errno == ENOENT ? 0 : -errno; + } + } + diff --git a/src/shared/generator.c b/src/shared/generator.c index 6110303..e679cb1 100644 --- a/src/shared/generator.c @@ -179,10 +1750,359 @@ index 6110303..e679cb1 100644 r = access(checker, X_OK); if (r < 0) { log_warning("Checking was requested for %s, but %s cannot be used: %m", what, checker); +diff --git a/src/shared/install.c b/src/shared/install.c +index 7409046..4517c9c 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -560,7 +560,7 @@ int unit_file_mask( + unsigned *n_changes) { + + char **i; +- _cleanup_free_ char *prefix; ++ _cleanup_free_ char *prefix = NULL; + int r; + + assert(scope >= 0); +diff --git a/src/shared/log.c b/src/shared/log.c +index a4b3b68..890a9fa 100644 +--- a/src/shared/log.c ++++ b/src/shared/log.c +@@ -878,6 +878,9 @@ void log_parse_environment(void) { + if (l == 5 && startswith(w, "debug")) { + log_set_max_level(LOG_DEBUG); + break; ++ } else if (l == 5 && startswith(w, "quiet")) { ++ log_set_max_level(LOG_WARNING); ++ break; + } + } + } +diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c +index 9d14933..b0b66f6 100644 +--- a/src/shared/logs-show.c ++++ b/src/shared/logs-show.c +@@ -547,7 +547,9 @@ static int output_export( + startswith(data, "_BOOT_ID=")) + continue; + +- if (!utf8_is_printable(data, length)) { ++ if (utf8_is_printable_newline(data, length, false)) ++ fwrite(data, length, 1, f); ++ else { + const char *c; + uint64_t le64; + +@@ -562,8 +564,7 @@ static int output_export( + le64 = htole64(length - (c - (const char*) data) - 1); + fwrite(&le64, sizeof(le64), 1, f); + fwrite(c + 1, length - (c - (const char*) data) - 1, 1, f); +- } else +- fwrite(data, length, 1, f); ++ } + + fputc('\n', f); + } +diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c +index 6c167b4..d0e71f2 100644 +--- a/src/shared/unit-name.c ++++ b/src/shared/unit-name.c +@@ -332,7 +332,7 @@ char *unit_name_path_unescape(const char *f) { + } + + bool unit_name_is_template(const char *n) { +- const char *p; ++ const char *p, *e; + + assert(n); + +@@ -340,11 +340,15 @@ bool unit_name_is_template(const char *n) { + if (!p) + return false; + +- return p[1] == '.'; ++ e = strrchr(p+1, '.'); ++ if (!e) ++ return false; ++ ++ return e == p + 1; + } + + bool unit_name_is_instance(const char *n) { +- const char *p; ++ const char *p, *e; + + assert(n); + +@@ -352,7 +356,11 @@ bool unit_name_is_instance(const char *n) { + if (!p) + return false; + +- return p[1] != '.'; ++ e = strrchr(p+1, '.'); ++ if (!e) ++ return false; ++ ++ return e > p + 1; + } + + char *unit_name_replace_instance(const char *f, const char *i) { +diff --git a/src/shared/utf8.c b/src/shared/utf8.c +index 0b524d8..c559c13 100644 +--- a/src/shared/utf8.c ++++ b/src/shared/utf8.c +@@ -136,7 +136,7 @@ int utf8_encoded_to_unichar(const char *str) { + return unichar; + } + +-bool utf8_is_printable(const char* str, size_t length) { ++bool utf8_is_printable_newline(const char* str, size_t length, bool newline) { + const uint8_t *p; + + assert(str); +@@ -145,7 +145,8 @@ bool utf8_is_printable(const char* str, size_t length) { + int encoded_len = utf8_encoded_valid_unichar((const char *)p); + int val = utf8_encoded_to_unichar((const char*)p); + +- if (encoded_len < 0 || val < 0 || is_unicode_control(val)) ++ if (encoded_len < 0 || val < 0 || is_unicode_control(val) || ++ (!newline && val == '\n')) + return false; + + length -= encoded_len; +diff --git a/src/shared/utf8.h b/src/shared/utf8.h +index c0eb73a..c087995 100644 +--- a/src/shared/utf8.h ++++ b/src/shared/utf8.h +@@ -31,7 +31,10 @@ const char *utf8_is_valid(const char *s) _pure_; + char *ascii_is_valid(const char *s) _pure_; + char *utf8_escape_invalid(const char *s); + +-bool utf8_is_printable(const char* str, size_t length) _pure_; ++bool utf8_is_printable_newline(const char* str, size_t length, bool newline) _pure_; ++_pure_ static inline bool utf8_is_printable(const char* str, size_t length) { ++ return utf8_is_printable_newline(str, length, true); ++} + + char *utf16_to_utf8(const void *s, size_t length); + +diff --git a/src/shared/util.c b/src/shared/util.c +index ffe6624..2a2b2b2 100644 +--- a/src/shared/util.c ++++ b/src/shared/util.c +@@ -166,19 +166,19 @@ int close_nointr(int fd) { + + assert(fd >= 0); + r = close(fd); +- +- /* Just ignore EINTR; a retry loop is the wrong +- * thing to do on Linux. +- * +- * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html +- * https://bugzilla.gnome.org/show_bug.cgi?id=682819 +- * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR +- * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain +- */ +- if (_unlikely_(r < 0 && errno == EINTR)) +- return 0; +- else if (r >= 0) ++ if (r >= 0) + return r; ++ else if (errno == EINTR) ++ /* ++ * Just ignore EINTR; a retry loop is the wrong ++ * thing to do on Linux. ++ * ++ * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html ++ * https://bugzilla.gnome.org/show_bug.cgi?id=682819 ++ * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR ++ * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain ++ */ ++ return 0; + else + return -errno; + } +@@ -195,7 +195,13 @@ int safe_close(int fd) { + + if (fd >= 0) { + PROTECT_ERRNO; +- assert_se(close_nointr(fd) == 0); ++ ++ /* The kernel might return pretty much any error code ++ * via close(), but the fd will be closed anyway. The ++ * only condition we want to check for here is whether ++ * the fd was invalid at all... */ ++ ++ assert_se(close_nointr(fd) != -EBADF); + } + + return -1; +@@ -1365,7 +1371,7 @@ bool ignore_file(const char *filename) { + assert(filename); + + if (endswith(filename, "~")) +- return false; ++ return true; + + return ignore_file_allow_backup(filename); + } +@@ -1495,6 +1501,7 @@ bool fstype_is_network(const char *fstype) { + static const char table[] = + "cifs\0" + "smbfs\0" ++ "sshfs\0" + "ncpfs\0" + "ncp\0" + "nfs\0" +@@ -1581,8 +1588,9 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { + if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) + return -ETIMEDOUT; + ++ errno = 0; + if (!fgets(line, sizeof(line), f)) +- return -EIO; ++ return errno ? -errno : -EIO; + + truncate_nl(line); + +@@ -5327,6 +5335,9 @@ bool string_is_safe(const char *p) { + if (*t > 0 && *t < ' ') + return false; + ++ if (*t == 127) ++ return false; ++ + if (strchr("\\\"\'", *t)) + return false; + } +@@ -5343,10 +5354,14 @@ bool string_has_cc(const char *p) { + + assert(p); + +- for (t = p; *t; t++) ++ for (t = p; *t; t++) { + if (*t > 0 && *t < ' ' && *t != '\t') + return true; + ++ if (*t == 127) ++ return true; ++ } ++ + return false; + } + +@@ -6391,3 +6406,19 @@ void hexdump(FILE *f, const void *p, size_t s) { + s -= 16; + } + } ++ ++int update_reboot_param_file(const char *param) ++{ ++ int r = 0; ++ ++ if (param) { ++ ++ r = write_string_file(REBOOT_PARAM_FILE, param); ++ if (r < 0) ++ log_error("Failed to write reboot param to " ++ REBOOT_PARAM_FILE": %s", strerror(-r)); ++ } else ++ unlink(REBOOT_PARAM_FILE); ++ ++ return r; ++} +diff --git a/src/shared/util.h b/src/shared/util.h +index 90464c9..122ac91 100644 +--- a/src/shared/util.h ++++ b/src/shared/util.h +@@ -22,6 +22,7 @@ + ***/ + + #include <alloca.h> ++#include <fcntl.h> + #include <inttypes.h> + #include <time.h> + #include <sys/time.h> +@@ -922,3 +923,10 @@ uint64_t physical_memory(void); + char* mount_test_option(const char *haystack, const char *needle); + + void hexdump(FILE *f, const void *p, size_t s); ++ ++union file_handle_union { ++ struct file_handle handle; ++ char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ]; ++}; ++ ++int update_reboot_param_file(const char *param); +diff --git a/src/shared/virt.c b/src/shared/virt.c +index ec2ddcf..f03e790 100644 +--- a/src/shared/virt.c ++++ b/src/shared/virt.c +@@ -149,7 +149,7 @@ static int detect_vm_dmi(const char **_id) { + + /* Returns a short identifier for the various VM implementations */ + int detect_vm(const char **id) { +- _cleanup_free_ char *hvtype = NULL, *cpuinfo_contents = NULL; ++ _cleanup_free_ char *domcap = NULL, *cpuinfo_contents = NULL; + static thread_local int cached_found = -1; + static thread_local const char *cached_id = NULL; + const char *_id = NULL; +@@ -163,17 +163,37 @@ int detect_vm(const char **id) { + return cached_found; + } + +- /* Try high-level hypervisor sysfs file first: ++ /* Try xen capabilities file first, if not found try high-level hypervisor sysfs file: + * +- * https://bugs.freedesktop.org/show_bug.cgi?id=61491 */ +- r = read_one_line_file("/sys/hypervisor/type", &hvtype); ++ * https://bugs.freedesktop.org/show_bug.cgi?id=77271 */ ++ r = read_one_line_file("/proc/xen/capabilities", &domcap); + if (r >= 0) { +- if (streq(hvtype, "xen")) { ++ char *cap, *i = domcap; ++ ++ while ((cap = strsep(&i, ","))) ++ if (streq(cap, "control_d")) ++ break; ++ ++ if (!i) { + _id = "xen"; + r = 1; +- goto finish; + } +- } else if (r != -ENOENT) ++ ++ goto finish; ++ ++ } else if (r == -ENOENT) { ++ _cleanup_free_ char *hvtype = NULL; ++ ++ r = read_one_line_file("/sys/hypervisor/type", &hvtype); ++ if (r >= 0) { ++ if (streq(hvtype, "xen")) { ++ _id = "xen"; ++ r = 1; ++ goto finish; ++ } ++ } else if (r != -ENOENT) ++ return r; ++ } else + return r; + + /* this will set _id to "other" and return 0 for unknown hypervisors */ diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 0887bc3..6b502ce 100644 +index 0887bc3..d02ee2b 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c +@@ -461,7 +461,7 @@ static int output_units_list(const UnitInfo *unit_infos, unsigned c) { + } + + if (circle_len > 0) +- printf("%s%s%s", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle); ++ printf("%s%s%s ", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle); + + printf("%s%-*s%s %s%-*s%s %s%-*s %-*s%s %-*s", + on_active, id_len, id, off_active, @@ -2561,7 +2561,7 @@ static int start_unit_one( log_debug("Adding %s to the set", p); @@ -192,6 +2112,523 @@ index 0887bc3..6b502ce 100644 return log_oom(); } +@@ -4240,7 +4240,7 @@ static int show_all( + _cleanup_free_ UnitInfo *unit_infos = NULL; + const UnitInfo *u; + unsigned c; +- int r; ++ int r, ret = 0; + + r = get_unit_list(bus, NULL, NULL, &unit_infos, 0, &reply); + if (r < 0) +@@ -4262,9 +4262,11 @@ static int show_all( + r = show_one(verb, bus, p, show_properties, new_line, ellipsized); + if (r < 0) + return r; ++ else if (r > 0 && ret == 0) ++ ret = r; + } + +- return 0; ++ return ret; + } + + static int show_system_status(sd_bus *bus) { +@@ -4386,7 +4388,12 @@ static int show(sd_bus *bus, char **args) { + } + } + +- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized); ++ r = show_one(args[0], bus, unit, show_properties, ++ &new_line, &ellipsized); ++ if (r < 0) ++ return r; ++ else if (r > 0 && ret == 0) ++ ret = r; + } + + if (!strv_isempty(patterns)) { +@@ -4403,7 +4410,12 @@ static int show(sd_bus *bus, char **args) { + if (!unit) + return log_oom(); + +- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized); ++ r = show_one(args[0], bus, unit, show_properties, ++ &new_line, &ellipsized); ++ if (r < 0) ++ return r; ++ else if (r > 0 && ret == 0) ++ ret = r; + } + } + } +@@ -5403,15 +5415,15 @@ static int systemctl_help(void) { + " otherwise restart if active\n" + " isolate NAME Start one unit and stop all others\n" + " kill NAME... Send signal to processes of a unit\n" +- " is-active NAME... Check whether units are active\n" +- " is-failed NAME... Check whether units are failed\n" +- " status [NAME...|PID...] Show runtime status of one or more units\n" +- " show [NAME...|JOB...] Show properties of one or more\n" ++ " is-active PATTERN... Check whether units are active\n" ++ " is-failed PATTERN... Check whether units are failed\n" ++ " status [PATTERN...|PID...] Show runtime status of one or more units\n" ++ " show [PATTERN...|JOB...] Show properties of one or more\n" + " units/jobs or the manager\n" +- " cat NAME... Show files and drop-ins of one or more units\n" ++ " cat PATTERN... Show files and drop-ins of one or more units\n" + " set-property NAME ASSIGNMENT... Sets one or more properties of a unit\n" +- " help NAME...|PID... Show manual for one or more units\n" +- " reset-failed [NAME...] Reset failed state for all, one, or more\n" ++ " help PATTERN...|PID... Show manual for one or more units\n" ++ " reset-failed [PATTERN...] Reset failed state for all, one, or more\n" + " units\n" + " list-dependencies [NAME] Recursively show units which are required\n" + " or wanted by this unit or by which this\n" +@@ -5973,13 +5985,10 @@ static int halt_parse_argv(int argc, char *argv[]) { + } + } + +- if (arg_action == ACTION_REBOOT && argc == optind + 1) { +- r = write_string_file(REBOOT_PARAM_FILE, argv[optind]); +- if (r < 0) { +- log_error("Failed to write reboot param to " +- REBOOT_PARAM_FILE": %s", strerror(-r)); ++ if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) { ++ r = update_reboot_param_file(argc == optind + 1 ? argv[optind] : NULL); ++ if (r < 0) + return r; +- } + } else if (optind < argc) { + log_error("Too many arguments."); + return -EINVAL; +diff --git a/src/test/test-udev.c b/src/test/test-udev.c +index b064744..b057cc8 100644 +--- a/src/test/test-udev.c ++++ b/src/test/test-udev.c +@@ -155,9 +155,8 @@ int main(int argc, char *argv[]) { + } + } + +- err = udev_event_execute_rules(event, rules, &sigmask_orig); +- if (err == 0) +- udev_event_execute_run(event, NULL); ++ udev_event_execute_rules(event, rules, &sigmask_orig); ++ udev_event_execute_run(event, NULL); + out: + if (event != NULL && event->fd_signal >= 0) + close(event->fd_signal); +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 33e7cbc..04b472d 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -217,19 +217,16 @@ static bool unix_socket_alive(const char *fn) { + } + + static int dir_is_mount_point(DIR *d, const char *subdir) { +- struct file_handle *h; ++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ }; + int mount_id_parent, mount_id; + int r_p, r; + +- h = alloca(MAX_HANDLE_SZ); +- +- h->handle_bytes = MAX_HANDLE_SZ; +- r_p = name_to_handle_at(dirfd(d), ".", h, &mount_id_parent, 0); ++ r_p = name_to_handle_at(dirfd(d), ".", &h.handle, &mount_id_parent, 0); + if (r_p < 0) + r_p = -errno; + +- h->handle_bytes = MAX_HANDLE_SZ; +- r = name_to_handle_at(dirfd(d), subdir, h, &mount_id, 0); ++ h.handle.handle_bytes = MAX_HANDLE_SZ; ++ r = name_to_handle_at(dirfd(d), subdir, &h.handle, &mount_id, 0); + if (r < 0) + r = -errno; + +diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c +index 1d067af..3203474 100644 +--- a/src/tty-ask-password-agent/tty-ask-password-agent.c ++++ b/src/tty-ask-password-agent/tty-ask-password-agent.c +@@ -432,7 +432,7 @@ static int wall_tty_block(void) { + + r = get_ctty_devnr(0, &devnr); + if (r < 0) +- return -r; ++ return r; + + if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0) + return -ENOMEM; +diff --git a/src/udev/accelerometer/accelerometer.c b/src/udev/accelerometer/accelerometer.c +index 925d38d..32adf27 100644 +--- a/src/udev/accelerometer/accelerometer.c ++++ b/src/udev/accelerometer/accelerometer.c +@@ -180,7 +180,7 @@ get_prev_orientation(struct udev_device *dev) + return string_to_orientation(value); + } + +-#define SET_AXIS(axis, code_) if (ev[i].code == code_) { if (got_##axis == 0) { axis = ev[i].value; got_##axis = true; } } ++#define READ_AXIS(axis, var) { memzero(&abs_info, sizeof(abs_info)); r = ioctl(fd, EVIOCGABS(axis), &abs_info); if (r < 0) return; var = abs_info.value; } + + /* accelerometers */ + static void test_orientation(struct udev *udev, +@@ -189,10 +189,9 @@ static void test_orientation(struct udev *udev, + { + OrientationUp old, new; + _cleanup_close_ int fd = -1; +- struct input_event ev[64]; +- bool got_syn = false; +- bool got_x = false, got_y = false, got_z = false; ++ struct input_absinfo abs_info; + int x = 0, y = 0, z = 0; ++ int r; + char text[64]; + + old = get_prev_orientation(dev); +@@ -201,30 +200,10 @@ static void test_orientation(struct udev *udev, + if (fd < 0) + return; + +- while (1) { +- int i, r; +- +- r = read(fd, ev, sizeof(struct input_event) * 64); +- +- if (r < (int) sizeof(struct input_event)) +- return; +- +- for (i = 0; i < r / (int) sizeof(struct input_event); i++) { +- if (got_syn) { +- if (ev[i].type == EV_ABS) { +- SET_AXIS(x, ABS_X); +- SET_AXIS(y, ABS_Y); +- SET_AXIS(z, ABS_Z); +- } +- } +- if (ev[i].type == EV_SYN && ev[i].code == SYN_REPORT) +- got_syn = true; +- if (got_x && got_y && got_z) +- goto read_dev; +- } +- } ++ READ_AXIS(ABS_X, x); ++ READ_AXIS(ABS_Y, y); ++ READ_AXIS(ABS_Z, z); + +-read_dev: + new = orientation_calc(old, x, y, z); + snprintf(text, sizeof(text), + "ID_INPUT_ACCELEROMETER_ORIENTATION=%s", orientation_to_string(new)); +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index 5bb6b02..b31ad80 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -184,7 +184,7 @@ failure: + } + + static bool enable_name_policy(void) { +- _cleanup_free_ char *line; ++ _cleanup_free_ char *line = NULL; + char *w, *state; + int r; + size_t l; +@@ -391,7 +391,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev + case MACPOLICY_PERSISTENT: + if (!mac_is_permanent(device)) { + r = get_mac(device, false, &generated_mac); +- if (r < 0) ++ if (r == -ENOENT) ++ break; ++ else if (r < 0) + return r; + mac = &generated_mac; + } +@@ -399,7 +401,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev + case MACPOLICY_RANDOM: + if (!mac_is_random(device)) { + r = get_mac(device, true, &generated_mac); +- if (r < 0) ++ if (r == -ENOENT) ++ break; ++ else if (r < 0) + return r; + mac = &generated_mac; + } +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index 5998be2..5213a4a 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -771,18 +771,17 @@ static int rename_netif(struct udev_event *event) + log_error("error changing net interface name %s to %s: %s", + oldname, name, strerror(-r)); + else +- print_kmsg("renamed network interface %s to %s", oldname, name); ++ print_kmsg("renamed network interface %s to %s\n", oldname, name); + + return r; + } + +-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask) ++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask) + { + struct udev_device *dev = event->dev; +- int err = 0; + + if (udev_device_get_subsystem(dev) == NULL) +- return -1; ++ return; + + if (streq(udev_device_get_action(dev), "remove")) { + udev_device_read_db(dev, NULL); +@@ -816,9 +815,10 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, + event->name != NULL && !streq(event->name, udev_device_get_sysname(dev))) { + char syspath[UTIL_PATH_SIZE]; + char *pos; ++ int r; + +- err = rename_netif(event); +- if (err == 0) { ++ r = rename_netif(event); ++ if (r >= 0) { + log_debug("renamed netif to '%s'", event->name); + + /* remember old name */ +@@ -881,7 +881,6 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, + udev_device_unref(event->dev_db); + event->dev_db = NULL; + } +- return err; + } + + void udev_event_execute_run(struct udev_event *event, const sigset_t *sigmask) +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 2630264..17f47f2 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -2555,10 +2555,15 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules) + struct stat stats; + + /* we assure, that the permissions tokens are sorted before the static token */ ++ + if (mode == 0 && uid == 0 && gid == 0 && tags == NULL) + goto next; + + strscpyl(device_node, sizeof(device_node), "/dev/", rules_str(rules, cur->key.value_off), NULL); ++ if (stat(device_node, &stats) != 0) ++ break; ++ if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode)) ++ break; + + /* export the tags to a directory as symlinks, allowing otherwise dead nodes to be tagged */ + if (tags) { +@@ -2588,11 +2593,6 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules) + if (mode == 0 && uid == 0 && gid == 0) + break; + +- if (stat(device_node, &stats) != 0) +- break; +- if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode)) +- break; +- + if (mode == 0) { + if (gid > 0) + mode = 0660; +diff --git a/src/udev/udev.h b/src/udev/udev.h +index 936adfb..62538bc 100644 +--- a/src/udev/udev.h ++++ b/src/udev/udev.h +@@ -84,7 +84,7 @@ int udev_event_apply_subsys_kernel(struct udev_event *event, const char *string, + int udev_event_spawn(struct udev_event *event, + const char *cmd, char **envp, const sigset_t *sigmask, + char *result, size_t ressize); +-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset); ++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset); + void udev_event_execute_run(struct udev_event *event, const sigset_t *sigset); + int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]); + +diff --git a/src/udev/udevadm-test.c b/src/udev/udevadm-test.c +index 6cd311b..6a2f548 100644 +--- a/src/udev/udevadm-test.c ++++ b/src/udev/udevadm-test.c +@@ -43,7 +43,6 @@ static int adm_test(struct udev *udev, int argc, char *argv[]) + _cleanup_udev_device_unref_ struct udev_device *dev = NULL; + _cleanup_udev_event_unref_ struct udev_event *event = NULL; + sigset_t mask, sigmask_orig; +- int err; + int rc = 0, c; + + static const struct option options[] = { +@@ -139,18 +138,16 @@ static int adm_test(struct udev *udev, int argc, char *argv[]) + goto out; + } + +- err = udev_event_execute_rules(event, rules, &sigmask_orig); ++ udev_event_execute_rules(event, rules, &sigmask_orig); + + udev_list_entry_foreach(entry, udev_device_get_properties_list_entry(dev)) + printf("%s=%s\n", udev_list_entry_get_name(entry), udev_list_entry_get_value(entry)); + +- if (err == 0) { +- udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) { +- char program[UTIL_PATH_SIZE]; ++ udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) { ++ char program[UTIL_PATH_SIZE]; + +- udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program)); +- printf("run: '%s'\n", program); +- } ++ udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program)); ++ printf("run: '%s'\n", program); + } + out: + if (event != NULL && event->fd_signal >= 0) +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index f21c227..93afca1 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -288,10 +288,9 @@ static void worker_new(struct event *event) + udev_event->exec_delay = exec_delay; + + /* apply rules, create node, symlinks */ +- err = udev_event_execute_rules(udev_event, rules, &sigmask_orig); ++ udev_event_execute_rules(udev_event, rules, &sigmask_orig); + +- if (err == 0) +- udev_event_execute_run(udev_event, &sigmask_orig); ++ udev_event_execute_run(udev_event, &sigmask_orig); + + /* apply/restore inotify watch */ + if (err == 0 && udev_event->inotify_watch) { +diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c +index 0f2b706..645b1e6 100644 +--- a/src/vconsole/vconsole-setup.c ++++ b/src/vconsole/vconsole-setup.c +@@ -180,6 +180,10 @@ static int font_load(const char *vc, const char *font, const char *map, const ch + */ + static void font_copy_to_all_vcs(int fd) { + struct vt_stat vcs = {}; ++ unsigned char map8[E_TABSZ]; ++ unsigned short map16[E_TABSZ]; ++ struct unimapdesc unimapd; ++ struct unipair unipairs[USHRT_MAX]; + int i, r; + + /* get active, and 16 bit mask of used VT numbers */ +@@ -209,17 +213,35 @@ static void font_copy_to_all_vcs(int fd) { + cfo.op = KD_FONT_OP_COPY; + cfo.height = vcs.v_active-1; /* tty1 == index 0 */ + ioctl(vcfd, KDFONTOP, &cfo); ++ ++ /* copy map of 8bit chars */ ++ if (ioctl(fd, GIO_SCRNMAP, map8) >= 0) ++ ioctl(vcfd, PIO_SCRNMAP, map8); ++ ++ /* copy map of 8bit chars -> 16bit Unicode values */ ++ if (ioctl(fd, GIO_UNISCRNMAP, map16) >= 0) ++ ioctl(vcfd, PIO_UNISCRNMAP, map16); ++ ++ /* copy unicode translation table */ ++ /* unimapd is a ushort count and a pointer to an ++ array of struct unipair { ushort, ushort } */ ++ unimapd.entries = unipairs; ++ unimapd.entry_ct = USHRT_MAX; ++ if (ioctl(fd, GIO_UNIMAP, &unimapd) >= 0) { ++ struct unimapinit adv = { 0, 0, 0 }; ++ ++ ioctl(vcfd, PIO_UNIMAPCLR, &adv); ++ ioctl(vcfd, PIO_UNIMAP, &unimapd); ++ } + } + } + + int main(int argc, char **argv) { + const char *vc; +- char *vc_keymap = NULL; +- char *vc_keymap_toggle = NULL; +- char *vc_font = NULL; +- char *vc_font_map = NULL; +- char *vc_font_unimap = NULL; +- int fd = -1; ++ _cleanup_free_ char ++ *vc_keymap = NULL, *vc_keymap_toggle = NULL, ++ *vc_font = NULL, *vc_font_map = NULL, *vc_font_unimap = NULL; ++ _cleanup_close_ int fd = -1; + bool utf8; + pid_t font_pid = 0, keymap_pid = 0; + bool font_copy = false; +@@ -241,12 +263,12 @@ int main(int argc, char **argv) { + fd = open_terminal(vc, O_RDWR|O_CLOEXEC); + if (fd < 0) { + log_error("Failed to open %s: %m", vc); +- goto finish; ++ return EXIT_FAILURE; + } + + if (!is_vconsole(fd)) { + log_error("Device %s is not a virtual console.", vc); +- goto finish; ++ return EXIT_FAILURE; + } + + utf8 = is_locale_utf8(); +@@ -281,27 +303,27 @@ int main(int argc, char **argv) { + else + disable_utf8(fd); + +- r = EXIT_FAILURE; +- if (keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid) >= 0 && +- font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0) +- r = EXIT_SUCCESS; +- +-finish: +- if (keymap_pid > 0) +- wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid); ++ r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid); ++ if (r < 0) { ++ log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r)); ++ return EXIT_FAILURE; ++ } + +- if (font_pid > 0) { ++ if (font_pid > 0) + wait_for_terminate_and_warn(KBD_SETFONT, font_pid); +- if (font_copy) +- font_copy_to_all_vcs(fd); ++ ++ r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid); ++ if (r < 0) { ++ log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r)); ++ return EXIT_FAILURE; + } + +- free(vc_keymap); +- free(vc_font); +- free(vc_font_map); +- free(vc_font_unimap); ++ if (keymap_pid > 0) ++ wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid); + +- safe_close(fd); ++ /* Only copy the font when we started setfont successfully */ ++ if (font_copy && font_pid > 0) ++ font_copy_to_all_vcs(fd); + +- return r; ++ return EXIT_SUCCESS; + } +diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf +index 7c6d6b9..c470045 100644 +--- a/tmpfiles.d/systemd.conf ++++ b/tmpfiles.d/systemd.conf +@@ -23,6 +23,6 @@ d /run/systemd/machines 0755 root root - + d /run/systemd/shutdown 0755 root root - + + m /var/log/journal 2755 root systemd-journal - - +-m /var/log/journal/%m 2755 root systemd-journal - - ++Z /var/log/journal/%m 2755 root systemd-journal - - + m /run/log/journal 2755 root systemd-journal - - +-m /run/log/journal/%m 2755 root systemd-journal - - ++Z /run/log/journal/%m 2755 root systemd-journal - - diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in index 8ac51a4..cae9fb5 100644 --- a/units/console-getty.service.m4.in @@ -294,17 +2731,20 @@ index 552ef89..af3915f 100644 ExecStart=-/sbin/sulogin ExecStopPost=-@SYSTEMCTL@ --fail --no-block default diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4 -index 4ac51e7..86a3b59 100644 +index 4ac51e7..96daa5c 100644 --- a/units/serial-getty@.service.m4 +++ b/units/serial-getty@.service.m4 -@@ -22,7 +22,6 @@ Before=getty.target +@@ -22,10 +22,8 @@ Before=getty.target IgnoreOnIsolate=yes [Service] -ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM Type=idle Restart=always - RestartSec=0 +-RestartSec=0 + UtmpIdentifier=%I + TTYPath=/dev/%I + TTYReset=yes diff --git a/units/sysinit.target b/units/sysinit.target index 8f4fb8f..e0f0147 100644 --- a/units/sysinit.target @@ -354,6 +2794,18 @@ index de93879..c9a49f3 100644 +# journald to stop logging (see +# https://bugs.freedesktop.org/show_bug.cgi?id=56043). +X-RestartIfChanged=no +diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in +index ff36e90..e373628 100644 +--- a/units/systemd-nspawn@.service.in ++++ b/units/systemd-nspawn@.service.in +@@ -11,6 +11,7 @@ Documentation=man:systemd-nspawn(1) + + [Service] + ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i ++KillMode=mixed + Type=notify + + [Install] diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in index 1879b2f..9b895b9 100644 --- a/units/systemd-random-seed.service.in diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index c4dfa983f55f..5dd7c0fa75dd 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -915,11 +915,11 @@ let }) // {inherit ;}; libxcb = (mkDerivation "libxcb" { - name = "libxcb-1.10"; + name = "libxcb-1.11"; builder = ./builder.sh; src = fetchurl { - url = http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2; - sha256 = "1dfmyb1zjx6n0zhr4y40mc1crlmj3bfjjhmn0f30ip9nnq2spncq"; + url = http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2; + sha256 = "1xqgc81krx14f2c8yl5chzg5g2l26mhm2rwffy8dx7jv0iq5sqq3"; }; buildInputs = [pkgconfig libxslt libpthreadstubs python libXau xcbproto libXdmcp ]; }) // {inherit libxslt libpthreadstubs python libXau xcbproto libXdmcp ;}; @@ -1175,11 +1175,11 @@ let }) // {inherit ;}; xcbproto = (mkDerivation "xcbproto" { - name = "xcb-proto-1.10"; + name = "xcb-proto-1.11"; builder = ./builder.sh; src = fetchurl { - url = http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2; - sha256 = "01dgp802i4ic9wkmpa7g1wm50pp547d3b96jjz2hnxavhpfhvx3y"; + url = http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2; + sha256 = "0bp3f53l9fy5x3mn1rkj1g81aiyzl90wacwvqdgy831aa3kfxb5l"; }; buildInputs = [pkgconfig python ]; }) // {inherit python ;}; @@ -1405,11 +1405,11 @@ let }) // {inherit inputproto xorgserver xproto ;}; xf86inputmouse = (mkDerivation "xf86inputmouse" { - name = "xf86-input-mouse-1.9.0"; + name = "xf86-input-mouse-1.9.1"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2; - sha256 = "12344w0cxac1ld54qqwynxwazbmmpvqh1mzcskmfkmakmr5iwq2x"; + url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2; + sha256 = "1kn5kx3qyn9qqvd6s24a2l1wfgck2pgfvzl90xpl024wfxsx719l"; }; buildInputs = [pkgconfig inputproto xorgserver xproto ]; }) // {inherit inputproto xorgserver xproto ;}; @@ -1515,11 +1515,11 @@ let }) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xorgserver xproto ;}; xf86videogeode = (mkDerivation "xf86videogeode" { - name = "xf86-video-geode-2.11.15"; + name = "xf86-video-geode-2.11.16"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2; - sha256 = "1w4ghr2a41kaw4g9na8ws5fjbmy8zkbxpxa21vmqc8mkjzb3pnq0"; + url = mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2; + sha256 = "19y13xl7yfrgyis92rmxi0ld95ajgr5il0n9j1dridwzw9aizz1q"; }; buildInputs = [pkgconfig fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ]; }) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ;}; @@ -2035,11 +2035,11 @@ let }) // {inherit ;}; xrandr = (mkDerivation "xrandr" { - name = "xrandr-1.4.2"; + name = "xrandr-1.4.3"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2; - sha256 = "1g4hnj53wknsjwiqivyy3jl4qw7jwrpncz7d5p2z29zq5zlnxrxj"; + url = mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2; + sha256 = "06xy0kr6ih7ilrwl6b5g6ay75vm2j4lxnv1d5xlj6sdqhqsaqm3i"; }; buildInputs = [pkgconfig libX11 xproto libXrandr libXrender ]; }) // {inherit libX11 xproto libXrandr libXrender ;}; diff --git a/pkgs/servers/x11/xorg/extra.list b/pkgs/servers/x11/xorg/extra.list index 2d105241c2d1..84795ed980b3 100644 --- a/pkgs/servers/x11/xorg/extra.list +++ b/pkgs/servers/x11/xorg/extra.list @@ -1,6 +1,6 @@ http://xcb.freedesktop.org/dist/libpthread-stubs-0.3.tar.bz2 -http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2 -http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2 +http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2 +http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2 http://xcb.freedesktop.org/dist/xcb-util-0.3.9.tar.bz2 http://xcb.freedesktop.org/dist/xcb-util-image-0.3.9.tar.bz2 http://xcb.freedesktop.org/dist/xcb-util-keysyms-0.3.9.tar.bz2 diff --git a/pkgs/servers/x11/xorg/tarballs-7.7.list b/pkgs/servers/x11/xorg/tarballs-7.7.list index 93acd927f3bf..1cc028e60d76 100644 --- a/pkgs/servers/x11/xorg/tarballs-7.7.list +++ b/pkgs/servers/x11/xorg/tarballs-7.7.list @@ -118,7 +118,7 @@ mirror://xorg/X11R7.7/src/everything/xf86driproto-2.1.1.tar.bz2 mirror://xorg/individual/driver/xf86-input-evdev-2.8.4.tar.bz2 mirror://xorg/individual/driver/xf86-input-joystick-1.6.2.tar.bz2 mirror://xorg/individual/driver/xf86-input-keyboard-1.8.0.tar.bz2 -mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2 +mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2 mirror://xorg/individual/driver/xf86-input-synaptics-1.7.6.tar.bz2 mirror://xorg/individual/driver/xf86-input-vmmouse-13.0.0.tar.bz2 mirror://xorg/individual/driver/xf86-input-void-1.4.0.tar.bz2 @@ -130,7 +130,7 @@ mirror://xorg/individual/driver/xf86-video-nouveau-1.0.10.tar.bz2 mirror://xorg/individual/driver/xf86-video-cirrus-1.5.2.tar.bz2 mirror://xorg/individual/driver/xf86-video-dummy-0.3.7.tar.bz2 mirror://xorg/individual/driver/xf86-video-fbdev-0.4.4.tar.bz2 -mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2 +mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2 mirror://xorg/individual/driver/xf86-video-glide-1.2.2.tar.bz2 mirror://xorg/individual/driver/xf86-video-glint-1.2.8.tar.bz2 mirror://xorg/individual/driver/xf86-video-i128-1.3.6.tar.bz2 @@ -176,7 +176,7 @@ mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2 mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2 mirror://xorg/individual/app/xprop-1.2.2.tar.bz2 mirror://xorg/individual/proto/xproto-7.0.26.tar.bz2 -mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2 +mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2 mirror://xorg/individual/app/xrdb-1.1.0.tar.bz2 mirror://xorg/individual/app/xrefresh-1.0.5.tar.bz2 mirror://xorg/individual/app/xset-1.2.3.tar.bz2 diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 11731c1c1c10..29e4455f7cb3 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -154,7 +154,8 @@ let || system == "x86_64-kfreebsd-gnu"; isSunOS = system == "i686-solaris" || system == "x86_64-solaris"; - isCygwin = system == "i686-cygwin"; + isCygwin = system == "i686-cygwin" + || system == "x86_64-cygwin"; isFreeBSD = system == "i686-freebsd" || system == "x86_64-freebsd"; isOpenBSD = system == "i686-openbsd" diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 23cccf223f4f..6f8b42c2266a 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -35,8 +35,8 @@ rec { # The bootstrap process proceeds in several steps. - # 1) Create a standard environment by downloading pre-built binaries - # of coreutils, GCC, etc. + # Create a standard environment by downloading pre-built binaries of + # coreutils, GCC, etc. # Download and unpack the bootstrap tools (coreutils, GCC, Glibc, ...). @@ -46,7 +46,7 @@ rec { builder = bootstrapFiles.sh; args = - if system == "armv5tel-linux" || system == "armv6l-linux" + if system == "armv5tel-linux" || system == "armv6l-linux" || system == "armv7l-linux" then [ ./scripts/unpack-bootstrap-tools-arm.sh ] else [ ./scripts/unpack-bootstrap-tools.sh ]; @@ -66,137 +66,136 @@ rec { }; - # This function builds the various standard environments used during - # the bootstrap. - stdenvBootFun = - {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? [], fetchurl}: - - import ../generic { - inherit system config; - name = "stdenv-linux-boot"; - preHook = - '' - # Don't patch #!/interpreter because it leads to retained - # dependencies on the bootstrapTools in the final stdenv. - dontPatchShebangs=1 - ${commonPreHook} - ''; - shell = "${bootstrapTools}/bin/sh"; - initialPath = [bootstrapTools] ++ extraPath; - fetchurlBoot = fetchurl; - inherit gcc; - # Having the proper 'platform' in all the stdenvs allows getting proper - # linuxHeaders for example. - extraAttrs = extraAttrs // { inherit platform; }; - overrides = pkgs: (overrides pkgs) // { - inherit fetchurl; - }; - }; + # A helper function to call gcc-wrapper. + wrapGCC = + { gcc, libc, binutils, coreutils, name }: - # Build a dummy stdenv with no GCC or working fetchurl. This is - # because we need a stdenv to build the GCC wrapper and fetchurl. - stdenvLinuxBoot0 = stdenvBootFun { - gcc = "/no-such-path"; - fetchurl = null; - }; + lib.makeOverridable (import ../../build-support/gcc-wrapper) { + nativeTools = false; + nativeLibc = false; + inherit gcc binutils coreutils libc name; + stdenv = stage0.stdenv; + }; - fetchurl = import ../../build-support/fetchurl { - stdenv = stdenvLinuxBoot0; - curl = bootstrapTools; - }; + # This function builds the various standard environments used during + # the bootstrap. In all stages, we build an stdenv and the package + # set that can be built with that stdenv. + stageFun = + {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? []}: + + let + + thisStdenv = import ../generic { + inherit system config; + name = "stdenv-linux-boot"; + preHook = + '' + # Don't patch #!/interpreter because it leads to retained + # dependencies on the bootstrapTools in the final stdenv. + dontPatchShebangs=1 + ${commonPreHook} + ''; + shell = "${bootstrapTools}/bin/sh"; + initialPath = [bootstrapTools] ++ extraPath; + fetchurlBoot = import ../../build-support/fetchurl { + stdenv = stage0.stdenv; + curl = bootstrapTools; + }; + inherit gcc; + # Having the proper 'platform' in all the stdenvs allows getting proper + # linuxHeaders for example. + extraAttrs = extraAttrs // { inherit platform; }; + overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; }; + }; + thisPkgs = allPackages { + inherit system platform; + bootStdenv = thisStdenv; + }; - # The Glibc include directory cannot have the same prefix as the GCC - # include directory, since GCC gets confused otherwise (it will - # search the Glibc headers before the GCC headers). So create a - # dummy Glibc. - bootstrapGlibc = stdenvLinuxBoot0.mkDerivation { - name = "bootstrap-glibc"; - buildCommand = '' - mkdir -p $out - ln -s ${bootstrapTools}/lib $out/lib - ln -s ${bootstrapTools}/include-glibc $out/include - ''; - }; + in { stdenv = thisStdenv; pkgs = thisPkgs; }; - # A helper function to call gcc-wrapper. - wrapGCC = - { gcc ? bootstrapTools, libc, binutils, coreutils, shell ? "", name ? "bootstrap-gcc-wrapper" }: + # Build a dummy stdenv with no GCC or working fetchurl. This is + # because we need a stdenv to build the GCC wrapper and fetchurl. + stage0 = stageFun { + gcc = "/no-such-path"; - lib.makeOverridable (import ../../build-support/gcc-wrapper) { - nativeTools = false; - nativeLibc = false; - inherit gcc binutils coreutils libc shell name; - stdenv = stdenvLinuxBoot0; + overrides = pkgs: { + # The Glibc include directory cannot have the same prefix as the + # GCC include directory, since GCC gets confused otherwise (it + # will search the Glibc headers before the GCC headers). So + # create a dummy Glibc here, which will be used in the stdenv of + # stage1. + glibc = stage0.stdenv.mkDerivation { + name = "bootstrap-glibc"; + buildCommand = '' + mkdir -p $out + ln -s ${bootstrapTools}/lib $out/lib + ln -s ${bootstrapTools}/include-glibc $out/include + ''; + }; }; + }; # Create the first "real" standard environment. This one consists # of bootstrap tools only, and a minimal Glibc to keep the GCC # configure script happy. - stdenvLinuxBoot1 = stdenvBootFun { + # + # For clarity, we only use the previous stage when specifying these + # stages. So stageN should only ever have references for stage{N-1}. + # + # If we ever need to use a package from more than one stage back, we + # simply re-export those packages in the middle stage(s) using the + # overrides attribute and the inherit syntax. + stage1 = stageFun { gcc = wrapGCC { - libc = bootstrapGlibc; + gcc = bootstrapTools; + libc = stage0.pkgs.glibc; binutils = bootstrapTools; coreutils = bootstrapTools; + name = "bootstrap-gcc-wrapper"; + }; + # Rebuild binutils to use from stage2 onwards. + overrides = pkgs: { + binutils = pkgs.binutils.override { gold = false; }; + inherit (stage0.pkgs) glibc; }; - inherit fetchurl; - }; - - - # 2) These are the packages that we can build with the first - # stdenv. We only need binutils, because recent Glibcs - # require recent Binutils, and those in bootstrap-tools may - # be too old. - stdenvLinuxBoot1Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot1; }; - binutils1 = stdenvLinuxBoot1Pkgs.binutils.override { gold = false; }; - - # 3) 2nd stdenv that we will use to build only Glibc. - stdenvLinuxBoot2 = stdenvBootFun { + # 2nd stdenv that contains our own rebuilt binutils and is used for + # compiling our own Glibc. + stage2 = stageFun { gcc = wrapGCC { - libc = bootstrapGlibc; - binutils = binutils1; + gcc = bootstrapTools; + libc = stage1.pkgs.glibc; + binutils = stage1.pkgs.binutils; coreutils = bootstrapTools; + name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { - inherit (stdenvLinuxBoot1Pkgs) perl; + inherit (stage1.pkgs) perl binutils paxctl; + # This also contains the full, dynamically linked, final Glibc. }; - inherit fetchurl; - }; - - - # 4) These are the packages that we can build with the 2nd - # stdenv. - stdenvLinuxBoot2Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot2; }; - # 5) Build Glibc with the bootstrap tools. The result is the full, - # dynamically linked, final Glibc. - stdenvLinuxGlibc = stdenvLinuxBoot2Pkgs.glibc; - - - # 6) Construct a third stdenv identical to the 2nd, except that this - # one uses the Glibc built in step 5. It still uses the recent - # binutils and rest of the bootstrap tools, including GCC. - stdenvLinuxBoot3 = stdenvBootFun { + # Construct a third stdenv identical to the 2nd, except that this + # one uses the rebuilt Glibc from stage2. It still uses the recent + # binutils and rest of the bootstrap tools, including GCC. + stage3 = stageFun { gcc = wrapGCC { - binutils = binutils1; + gcc = bootstrapTools; + libc = stage2.pkgs.glibc; + binutils = stage2.pkgs.binutils; coreutils = bootstrapTools; - libc = stdenvLinuxGlibc; + name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { - glibc = stdenvLinuxGlibc; - inherit (stdenvLinuxBoot1Pkgs) perl; + inherit (stage2.pkgs) binutils glibc perl; # Link GCC statically against GMP etc. This makes sense because # these builds of the libraries are only used by GCC, so it # reduces the size of the stdenv closure. @@ -208,54 +207,40 @@ rec { ppl = pkgs.ppl.override { stdenv = pkgs.makeStaticLibraries pkgs.stdenv; }; }; extraAttrs = { - glibc = stdenvLinuxGlibc; # Required by gcc47 build + glibc = stage2.pkgs.glibc; # Required by gcc47 build }; - extraPath = [ stdenvLinuxBoot1Pkgs.paxctl ]; - inherit fetchurl; + extraPath = [ stage2.pkgs.paxctl ]; }; - # 7) The packages that can be built using the third stdenv. - stdenvLinuxBoot3Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot3; - }; - - - # 8) Construct a fourth stdenv identical to the second, except that - # this one uses the new GCC from step 7. The other tools - # (e.g. coreutils) are still from the bootstrap tools. - stdenvLinuxBoot4 = stdenvBootFun { - gcc = wrapGCC rec { - binutils = binutils1; + # Construct a fourth stdenv that uses the new GCC. But coreutils is + # still from the bootstrap tools. + stage4 = stageFun { + gcc = wrapGCC { + gcc = stage3.pkgs.gcc.gcc; + libc = stage3.pkgs.glibc; + binutils = stage3.pkgs.binutils; coreutils = bootstrapTools; - libc = stdenvLinuxGlibc; - gcc = stdenvLinuxBoot3Pkgs.gcc.gcc; name = ""; }; - extraPath = [ stdenvLinuxBoot3Pkgs.xz ]; + extraPath = [ stage3.pkgs.xz ]; overrides = pkgs: { - inherit (stdenvLinuxBoot1Pkgs) perl; - inherit (stdenvLinuxBoot3Pkgs) gettext gnum4 gmp; + # Zlib has to be inherited and not rebuilt in this stage, + # because gcc (since JAR support) already depends on zlib, and + # then if we already have a zlib we want to use that for the + # other purposes (binutils and top-level pkgs) too. + inherit (stage3.pkgs) gettext gnum4 gmp perl glibc zlib; }; - inherit fetchurl; }; - # 9) The packages that can be built using the fourth stdenv. - stdenvLinuxBoot4Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot4; - }; - - - # 10) Construct the final stdenv. It uses the Glibc and GCC, and - # adds in a new binutils that doesn't depend on bootstrap-tools, - # as well as dynamically linked versions of all other tools. + # Construct the final stdenv. It uses the Glibc and GCC, and adds + # in a new binutils that doesn't depend on bootstrap-tools, as well + # as dynamically linked versions of all other tools. # - # When updating stdenvLinux, make sure that the result has no - # dependency (`nix-store -qR') on bootstrapTools or the - # first binutils built. + # When updating stdenvLinux, make sure that the result has no + # dependency (`nix-store -qR') on bootstrapTools or the first + # binutils built. stdenvLinux = import ../generic rec { inherit system config; @@ -268,35 +253,32 @@ rec { ''; initialPath = - ((import ../common-path.nix) {pkgs = stdenvLinuxBoot4Pkgs;}) - ++ [stdenvLinuxBoot4Pkgs.patchelf stdenvLinuxBoot4Pkgs.paxctl ]; - - gcc = wrapGCC rec { - inherit (stdenvLinuxBoot4Pkgs) binutils coreutils; - libc = stdenvLinuxGlibc; - gcc = stdenvLinuxBoot4.gcc.gcc; - shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash"; - name = ""; - }; + ((import ../common-path.nix) {pkgs = stage4.pkgs;}) + ++ [stage4.pkgs.patchelf stage4.pkgs.paxctl ]; + + shell = stage4.pkgs.bash + "/bin/bash"; - shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash"; + gcc = (wrapGCC rec { + gcc = stage4.stdenv.gcc.gcc; + libc = stage4.pkgs.glibc; + inherit (stage4.pkgs) binutils coreutils; + name = ""; + }).override { inherit shell; }; - fetchurlBoot = fetchurl; + inherit (stage4.stdenv) fetchurlBoot; extraAttrs = { - inherit (stdenvLinuxBoot3Pkgs) glibc; + inherit (stage4.pkgs) glibc; inherit platform bootstrapTools; - shellPackage = stdenvLinuxBoot4Pkgs.bash; + shellPackage = stage4.pkgs.bash; }; overrides = pkgs: { inherit gcc; - inherit (stdenvLinuxBoot3Pkgs) glibc; - inherit (stdenvLinuxBoot4Pkgs) binutils; - inherit (stdenvLinuxBoot4Pkgs) - gzip bzip2 xz bash coreutils diffutils findutils gawk - gnumake gnused gnutar gnugrep gnupatch patchelf - attr acl paxctl; + inherit (stage4.pkgs) + gzip bzip2 xz bash binutils coreutils diffutils findutils gawk + glibc gnumake gnused gnutar gnugrep gnupatch patchelf + attr acl paxctl zlib; }; }; diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index b644f46dff86..e1d7c26fa430 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -10,6 +10,9 @@ stdenv.mkDerivation rec { doCheck = true; + # In stdenv-linux, prevent a dependency on bootstrap-tools. + preHook = "unset CONFIG_SHELL"; + meta = { homepage = http://tukaani.org/xz/; description = "XZ, general-purpose data compression software, successor of LZMA"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0754239b849f..48a4f8b1ba90 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2573,7 +2573,6 @@ let bashInteractive = appendToName "interactive" (callPackage ../shells/bash { interactive = true; - readline = readline63; # Includes many vi mode fixes }); bashCompletion = callPackage ../shells/bash-completion { }; @@ -3588,7 +3587,6 @@ let suitesparse = null; openjdk = null; gnuplot = null; - readline = readline63; }; octaveFull = (lowPrio (callPackage ../development/interpreters/octave { fltk = fltk13; @@ -4265,7 +4263,6 @@ let gdb = callPackage ../development/tools/misc/gdb { hurd = gnu.hurdCross; - readline = readline63; inherit (gnu) mig; }; @@ -6104,13 +6101,10 @@ let raul = callPackage ../development/libraries/audio/raul { }; - readline = readline6; # 6.2 works, 6.3 breaks python, parted + readline = readline6; + readline6 = readline63; - readline4 = callPackage ../development/libraries/readline/readline4.nix { }; - - readline5 = callPackage ../development/libraries/readline/readline5.nix { }; - - readline6 = callPackage ../development/libraries/readline/readline6.nix { }; + readline62 = callPackage ../development/libraries/readline/readline6.nix { }; readline63 = callPackage ../development/libraries/readline/readline6.3.nix { }; |