7 files changed, 76 insertions, 47 deletions

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 0aca39fd6bed..c051b7d49e3f 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -177,6 +177,35 @@ in
           # programs to be wrapped.
           WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin
 
+          # Remove the old /var/setuid-wrappers path from the system...
+          #
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if [ -d /var/setuid-wrappers ]; then
+            rm -rf /var/setuid-wrappers
+            ln -s /run/wrappers/bin /var/setuid-wrappers
+          fi
+
+          # Remove the old /run/setuid-wrappers-dir path from the
+          # system as well...
+          #
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if [ -d /run/setuid-wrapper-dirs ]; then
+            rm -rf /run/setuid-wrapper-dirs
+            ln -s /run/wrappers/bin /run/setuid-wrapper-dirs
+          fi
+
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if readlink -f /run/booted-system | grep nixos-17 > /dev/null; then
+            rm -rf /run/setuid-wrapper-dirs
+            rm -rf /var/setuid-wrappers
+          fi
+
           # We want to place the tmpdirs for the wrappers to the parent dir.
           wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
           chmod a+rx $wrapperDir
diff --git a/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix
index 38e24e9b709a..b02eaf861a0d 100644
--- a/nixos/modules/services/x11/desktop-managers/enlightenment.nix
+++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix
@@ -64,7 +64,7 @@ in
     security.wrappers.e_freqset.source = "${e.enlightenment.out}/bin/e_freqset";
 
     environment.etc = singleton
-      { source = "${pkgs.xkeyboard_config}/etc/X11/xkb";
+      { source = xcfg.xkbDir;
         target = "X11/xkb";
       };
 
diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix
index 918841e8f168..d981cd5328e1 100644
--- a/nixos/modules/services/x11/desktop-managers/plasma5.nix
+++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix
@@ -176,7 +176,7 @@ in
       environment.pathsToLink = [ "/share" ];
 
       environment.etc = singleton {
-        source = "${pkgs.xkeyboard_config}/etc/X11/xkb";
+        source = xcfg.xkbDir;
         target = "X11/xkb";
       };
 
diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl
index c7559cd634a2..5fcac5c8c6a4 100644
--- a/nixos/modules/system/boot/loader/grub/install-grub.pl
+++ b/nixos/modules/system/boot/loader/grub/install-grub.pl
@@ -443,9 +443,40 @@ my $confFile = $grubVersion == 1 ? "$bootPath/grub/menu.lst" : "$bootPath/grub/g
 my $tmpFile = $confFile . ".tmp";
 writeFile($tmpFile, $conf);
 
+
+# check whether to install GRUB EFI or not
+sub getEfiTarget {
+    if ($grubVersion == 1) {
+        return "no"
+    } elsif (($grub ne "") && ($grubEfi ne "")) {
+        # EFI can only be installed when target is set;
+        # A target is also required then for non-EFI grub
+        if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die }
+        else { return "both" }
+    } elsif (($grub ne "") && ($grubEfi eq "")) {
+        # TODO: It would be safer to disallow non-EFI grub installation if no taget is given.
+        #       If no target is given, then grub auto-detects the target which can lead to errors.
+        #       E.g. it seems as if grub would auto-detect a EFI target based on the availability
+        #       of a EFI partition.
+        #       However, it seems as auto-detection is currently relied on for non-x86_64 and non-i386
+        #       architectures in NixOS. That would have to be fixed in the nixos modules first.
+        return "no"
+    } elsif (($grub eq "") && ($grubEfi ne "")) {
+        # EFI can only be installed when target is set;
+        if ($grubTargetEfi eq "") { die }
+        else {return "only" }
+    } else {
+        # prevent an installation if neither grub nor grubEfi is given
+        return "neither"
+    }
+}
+
+my $efiTarget = getEfiTarget();
+
 # Append entries detected by os-prober
 if (get("useOSProber") eq "true") {
-    system(get("shell"), "-c", "pkgdatadir=$grub/share/grub $grub/etc/grub.d/30_os-prober >> $tmpFile");
+    my $targetpackage = ($efiTarget eq "no") ? $grub : $grubEfi;
+    system(get("shell"), "-c", "pkgdatadir=$targetpackage/share/grub $targetpackage/etc/grub.d/30_os-prober >> $tmpFile");
 }
 
 # Atomically switch to the new config
@@ -498,36 +529,7 @@ sub getDeviceTargets {
     }
     return @devices;
 }
-
-# check whether to install GRUB EFI or not
-sub getEfiTarget {
-    if ($grubVersion == 1) {
-        return "no"
-    } elsif (($grub ne "") && ($grubEfi ne "")) {
-        # EFI can only be installed when target is set;
-        # A target is also required then for non-EFI grub
-        if (($grubTarget eq "") || ($grubTargetEfi eq "")) { die }
-        else { return "both" }
-    } elsif (($grub ne "") && ($grubEfi eq "")) {
-        # TODO: It would be safer to disallow non-EFI grub installation if no taget is given.
-        #       If no target is given, then grub auto-detects the target which can lead to errors.
-        #       E.g. it seems as if grub would auto-detect a EFI target based on the availability
-        #       of a EFI partition.
-        #       However, it seems as auto-detection is currently relied on for non-x86_64 and non-i386
-        #       architectures in NixOS. That would have to be fixed in the nixos modules first.
-        return "no"
-    } elsif (($grub eq "") && ($grubEfi ne "")) {
-        # EFI can only be installed when target is set;
-        if ($grubTargetEfi eq "") { die }
-        else {return "only" }
-    } else {
-        # prevent an installation if neither grub nor grubEfi is given
-        return "neither"
-    }
-}
-
 my @deviceTargets = getDeviceTargets();
-my $efiTarget = getEfiTarget();
 my $prevGrubState = readGrubState();
 my @prevDeviceTargets = split/,/, $prevGrubState->devices;
 
diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix
index 57487f704519..1f5b6bd1d808 100644
--- a/nixos/modules/virtualisation/xen-dom0.nix
+++ b/nixos/modules/virtualisation/xen-dom0.nix
@@ -29,7 +29,6 @@ in
 
     virtualisation.xen.package = mkOption {
       type = types.package;
-      default = pkgs.xen;
       defaultText = "pkgs.xen";
       example = literalExample "pkgs.xen-light";
       description = ''
@@ -39,7 +38,6 @@ in
 
     virtualisation.xen.qemu = mkOption {
       type = types.path;
-      default = "${pkgs.xen}/lib/xen/bin/qemu-system-i386";
       defaultText = "\${pkgs.xen}/lib/xen/bin/qemu-system-i386";
       example = literalExample "''${pkgs.qemu_xen-light}/bin/qemu-system-i386";
       description = ''
@@ -49,7 +47,6 @@ in
 
     virtualisation.xen.qemu-package = mkOption {
       type = types.package;
-      default = pkgs.xen;
       defaultText = "pkgs.xen";
       example = literalExample "pkgs.qemu_xen-light";
       description = ''
@@ -136,6 +133,9 @@ in
       message = "Xen currently does not support EFI boot";
     } ];
 
+    virtualisation.xen.package = mkDefault pkgs.xen;
+    virtualisation.xen.qemu = mkDefault "${pkgs.xen}/lib/xen/bin/qemu-system-i386";
+    virtualisation.xen.qemu-package = mkDefault pkgs.xen;
     virtualisation.xen.stored = mkDefault "${cfg.package}/bin/oxenstored";
 
     environment.systemPackages = [ cfg.package ];
diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix
index 63ca39a9b602..00abbcacf8c9 100644
--- a/nixos/release-combined.nix
+++ b/nixos/release-combined.nix
@@ -72,7 +72,7 @@ in rec {
         (all nixos.tests.ecryptfs)
         (all nixos.tests.ipv6)
         (all nixos.tests.i3wm)
-        (all nixos.tests.plasma5)
+        #(all nixos.tests.plasma5) # temporarily, see #24240
         #(all nixos.tests.lightdm)
         (all nixos.tests.login)
         (all nixos.tests.misc)
diff --git a/nixos/tests/sddm.nix b/nixos/tests/sddm.nix
index 041d88fbeae6..a1bd8f14d23b 100644
--- a/nixos/tests/sddm.nix
+++ b/nixos/tests/sddm.nix
@@ -1,26 +1,24 @@
 import ./make-test.nix ({ pkgs, ...} : {
   name = "sddm";
-  meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ ttuegel ];
-  };
 
   machine = { lib, ... }: {
     imports = [ ./common/user-account.nix ];
     services.xserver.enable = true;
-    services.xserver.displayManager.sddm = {
-      enable = true;
-      autoLogin = {
-        enable = true;
-        user = "alice";
-      };
-    };
+    services.xserver.displayManager.sddm.enable = true;
     services.xserver.windowManager.default = "icewm";
     services.xserver.windowManager.icewm.enable = true;
     services.xserver.desktopManager.default = "none";
   };
 
-  testScript = { nodes, ... }: ''
+  enableOCR = true;
+
+  testScript = { nodes, ... }: let
+    user = nodes.machine.config.users.extraUsers.alice;
+  in ''
     startAll;
+    $machine->waitForText(qr/ALICE/);
+    $machine->screenshot("sddm");
+    $machine->sendChars("${user.password}\n");
     $machine->waitForFile("/home/alice/.Xauthority");
     $machine->succeed("xauth merge ~alice/.Xauthority");
     $machine->waitForWindow("^IceWM ");