diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific')
40 files changed, 345 insertions, 519 deletions
diff --git a/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix b/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix index ca23af43229c..fdc3bd45e55e 100644 --- a/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix +++ b/nixpkgs/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix @@ -229,8 +229,8 @@ in rec { installPhase = drv.installPhase + '' # When used as a module, complains about a missing import for # Darwin.C.stdint. Apparently fixed in later SDKs. - awk -i inplace '/CFBase.h/ { print "#include <stdint.h>" } { print }' \ - $out/Library/Frameworks/CoreVideo.framework/Headers/CVBase.h + sed -e "/CFBase.h/ i #include <stdint.h>" \ + -i $out/Library/Frameworks/CoreVideo.framework/Headers/CVBase.h ''; }); diff --git a/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix b/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix index 590e6427d19b..4366e0aedebf 100644 --- a/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/rectangle/default.nix @@ -7,11 +7,11 @@ stdenvNoCC.mkDerivation rec { pname = "rectangle"; - version = "0.74"; + version = "0.75"; src = fetchurl { url = "https://github.com/rxhanson/Rectangle/releases/download/v${version}/Rectangle${version}.dmg"; - hash = "sha256-ERfzgw8R39dOc9F/dgcgCKbEVFNChC5LqDFBDzbS+Wg="; + hash = "sha256-IjEqT1PHGohuQqgS+IzZKyLoIs0P0V7z42JzNUuzh84="; }; sourceRoot = "."; diff --git a/nixpkgs/pkgs/os-specific/darwin/utm/default.nix b/nixpkgs/pkgs/os-specific/darwin/utm/default.nix index f7055d378cbb..50f84a254dfc 100644 --- a/nixpkgs/pkgs/os-specific/darwin/utm/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/utm/default.nix @@ -7,11 +7,11 @@ stdenvNoCC.mkDerivation rec { pname = "utm"; - version = "4.4.4"; + version = "4.4.5"; src = fetchurl { url = "https://github.com/utmapp/UTM/releases/download/v${version}/UTM.dmg"; - hash = "sha256-SyrqkNWRUKQS3D17XYsC/dcCKlPLGNNsG5obEiHE1Lk="; + hash = "sha256-FlIPSWqY2V1akd/InS6BPEBfc8pomJ8jgDns7wvaOm8="; }; nativeBuildInputs = [ undmg makeWrapper ]; diff --git a/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix b/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix index b5f879c1bd31..7765ce0aa52a 100644 --- a/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/android-udev-rules/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "android-udev-rules"; - version = "20231124"; + version = "20231207"; src = fetchFromGitHub { owner = "M0Rf30"; repo = "android-udev-rules"; rev = version; - hash = "sha256-pDAAC8RibPtkhVVz5WPj/eUjz0A+8bZt/pjzG8zpaE4="; + hash = "sha256-wNGIDOHbQ4qtKqtGqLOGEopWgnox3cATY77daRNVUFM="; }; installPhase = '' diff --git a/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix b/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix index 3d22720b9625..4300d576b8d9 100644 --- a/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/batman-adv/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { homepage = "https://www.open-mesh.org/projects/batman-adv/wiki/Wiki"; description = "B.A.T.M.A.N. routing protocol in a linux kernel module for layer 2"; license = lib.licenses.gpl2; - maintainers = with lib.maintainers; [ fpletz hexa ]; + maintainers = with lib.maintainers; [ fpletz hexa philiptaron ]; platforms = with lib.platforms; linux; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix b/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix index 53a255fc2157..f78191489d0f 100644 --- a/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix +++ b/nixpkgs/pkgs/os-specific/linux/batman-adv/version.nix @@ -1,9 +1,16 @@ { - version = "2023.2"; + version = "2023.3"; + # To get these, run: + # + # ``` + # for tool in alfred batctl batman-adv; do + # nix-prefetch-url https://downloads.open-mesh.org/batman/releases/batman-adv-2023.3/$tool-2023.3.tar.gz --type sha256 | xargs nix hash to-sri --type sha256 + # done + # ``` sha256 = { - batman-adv = "sha256-OQfc1X4sW/2dQHE5YLlAK/HaT4DFm1/wN3ifu7vY+iU="; - alfred = "sha256-qSBgKFZPieW/t3FK4piDoWEPYr4+YcCW4f6zYgBxjg4="; - batctl = "sha256-cLX5MfpjYyVpe9829tE0oDxJBvTBfLdlCjxxSQFDbsg="; + alfred = "sha256-rVrUFJ+uz351MCpXeqpnOxz8lAXSAksrSpFjuscMjk8="; + batctl = "sha256-mswxFwkwwXl8OHY7h73/iAVMNNHwEvu4EAaCc/7zEhI="; + batman-adv = "sha256-98bFPlk0PBYmQsubRPEBZ2XUv1E+A5ACvmEremweo2w="; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix index c6c7d9d0f509..d864f30096d7 100644 --- a/nixpkgs/pkgs/os-specific/linux/bluez/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bluez/default.nix @@ -36,6 +36,18 @@ in stdenv.mkDerivation rec { url = "https://git.alpinelinux.org/aports/plain/main/bluez/max-input.patch?id=32b31b484cb13009bd8081c4106e4cf064ec2f1f"; sha256 = "sha256-SczbXtsxBkCO+izH8XOBcrJEO2f7MdtYVT3+2fCV8wU="; }) + # Fix device pairing regression + # FIXME: remove in next release + (fetchpatch { + url = "https://github.com/bluez/bluez/commit/3a9c637010f8dc1ba3e8382abe01065761d4f5bb.patch"; + hash = "sha256-UUmYMHnxYrw663nEEC2mv3zj5e0omkLNejmmPUtgS3c="; + }) + # CVE-2023-45866 / https://github.com/skysafe/reblog/tree/main/cve-2023-45866 + (fetchpatch { + name = "CVE-2023-45866.patch"; + url = "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"; + sha256 = "sha256-IuPQ18yN0EO/PkqdT/JETyOxdZCKewBiDjGN4CG2GLo="; + }) ]; buildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/bpftools/default.nix b/nixpkgs/pkgs/os-specific/linux/bpftools/default.nix index a23c4eb7b9e6..9ec4778ca38c 100644 --- a/nixpkgs/pkgs/os-specific/linux/bpftools/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bpftools/default.nix @@ -43,6 +43,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { + homepage = "https://github.com/libbpf/bpftool"; description = "Debugging/program analysis tools for the eBPF subsystem"; license = [ licenses.gpl2 licenses.bsd2 ]; platforms = platforms.linux; diff --git a/nixpkgs/pkgs/os-specific/linux/dracut/default.nix b/nixpkgs/pkgs/os-specific/linux/dracut/default.nix index c6bf684f7fc8..e5461bddbc8f 100644 --- a/nixpkgs/pkgs/os-specific/linux/dracut/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/dracut/default.nix @@ -61,10 +61,6 @@ stdenv.mkDerivation rec { echo 'DRACUT_VERSION=${version}' >dracut-version.sh ''; - preConfigure = '' - patchShebangs ./configure - ''; - postFixup = '' wrapProgram $out/bin/dracut --prefix PATH : ${lib.makeBinPath [ coreutils diff --git a/nixpkgs/pkgs/os-specific/linux/ell/default.nix b/nixpkgs/pkgs/os-specific/linux/ell/default.nix index 789a59f751f5..4cbf950cdce4 100644 --- a/nixpkgs/pkgs/os-specific/linux/ell/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/ell/default.nix @@ -9,14 +9,14 @@ stdenv.mkDerivation rec { pname = "ell"; - version = "0.59"; + version = "0.61"; outputs = [ "out" "dev" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/ell/ell.git"; rev = version; - hash = "sha256-uJcGYT+JSdz/XTyJb/VUyedmSKJW/4BbTM3fw3ebtIc="; + hash = "sha256-spoZRT/gBCk/e/pn1AujCpCPdEM7hn/ImRyQq4hwctI="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/default.nix index c77c01df8508..e96902a13029 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -122,7 +122,7 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "fwupd"; - version = "1.9.9"; + version = "1.9.10"; # libfwupd goes to lib # daemon, plug-ins and libfwupdplugin go to out @@ -133,7 +133,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "fwupd"; repo = "fwupd"; rev = finalAttrs.version; - hash = "sha256-UUrG3CMCAC5hyy2U5I4zqvJoSP/+zuiq1P+2Pdb3QD0="; + hash = "sha256-qB7SGkjPahZmLax8HrSdLvORAXTBcuN5NohT0KUjCnM="; }; patches = [ diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix index afe371a8887b..ba042fc8b52f 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix @@ -1,6 +1,7 @@ +# This file is autogenerated! Run ./update.sh to regenerate. { - version = "20231111"; - revision = "20231111"; - sourceHash = "sha256-S9Xkj2CbamHxqjTDfqRJu91MNrSntxrQ7HYyhvdH6Jo="; - outputHash = "sha256-Qrz9fSHUQf0Gl8pfol4yfe95sD8DQV/+riT1NCFussQ="; + version = "20231211"; + revision = "20231211"; + sourceHash = "sha256-urJog0DDrJVZWsUpE4MHEQpcz7LB2vGJCcpPJKTko6k="; + outputHash = "sha256-slA0gfGR2a7002Kd46blHb9UNnMhMgaHxP91XWm8gOk="; } diff --git a/nixpkgs/pkgs/os-specific/linux/framework-laptop-kmod/default.nix b/nixpkgs/pkgs/os-specific/linux/framework-laptop-kmod/default.nix new file mode 100644 index 000000000000..088e30e91f8c --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/framework-laptop-kmod/default.nix @@ -0,0 +1,38 @@ +{ lib +, stdenv +, linuxPackages +, kernel +, fetchFromGitHub +}: + +stdenv.mkDerivation rec { + pname = "framework-laptop-kmod"; + version = "unstable-2023-12-03"; + + src = fetchFromGitHub { + owner = "DHowett"; + repo = "framework-laptop-kmod"; + rev = "d5367eb9e5b5542407494d04ac1a0e77f10cc89d"; + hash = "sha256-t8F4XHPkuCjWBrsEjW97ielYtf3V6hlLsrasvyab198="; + }; + + nativeBuildInputs = kernel.moduleBuildDependencies; + + makeFlags = kernel.makeFlags ++ [ + "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + installPhase = '' + runHook preInstall + install -D framework_laptop.ko -t $out/lib/modules/${kernel.modDirVersion}/extra + runHook postInstall + ''; + + meta = with lib; { + description = "A kernel module that exposes the Framework Laptop (13, 16)'s battery charge limit and LEDs to userspace."; + homepage = "https://github.com/DHowett/framework-laptop-kmod"; + license = licenses.gpl2; + maintainers = with maintainers; [ gaykitty ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/os-specific/linux/gasket/default.nix b/nixpkgs/pkgs/os-specific/linux/gasket/default.nix index c0790ae6a278..b9aebacca641 100644 --- a/nixpkgs/pkgs/os-specific/linux/gasket/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/gasket/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "gasket"; - version = "1.0-18"; + version = "1.0-18-unstable-2023-09-05"; src = fetchFromGitHub { owner = "google"; repo = "gasket-driver"; - rev = "97aeba584efd18983850c36dcf7384b0185284b3"; - sha256 = "pJwrrI7jVKFts4+bl2xmPIAD01VKFta2SRuElerQnTo="; + rev = "09385d485812088e04a98a6e1227bf92663e0b59"; + sha256 = "fcnqCBh04e+w8g079JyuyY2RPu34M+/X+Q8ObE+42i4="; }; makeFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix index 5bfdf61dff6b..3332699886c9 100644 --- a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix @@ -11,10 +11,6 @@ stdenv.mkDerivation rec { hash = "sha256-M1uBamN09XepOembDAcHXO/UvnM9s/OiN+eNzChF5Tw="; }; - postPatch = '' - patchShebangs ./configure - ''; - configureFlags = [ "--datadir=${placeholder "out"}/share" ]; doCheck = false; # this does build machine-specific checks (e.g. enumerates PCI bus) diff --git a/nixpkgs/pkgs/os-specific/linux/iwd/default.nix b/nixpkgs/pkgs/os-specific/linux/iwd/default.nix index 1b983bb90e1e..84813723fb05 100644 --- a/nixpkgs/pkgs/os-specific/linux/iwd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iwd/default.nix @@ -1,5 +1,6 @@ { lib, stdenv , fetchgit +, fetchpatch , autoreconfHook , pkg-config , ell @@ -8,18 +9,29 @@ , readline , openssl , python3Packages +, gitUpdater }: stdenv.mkDerivation rec { pname = "iwd"; - version = "2.8"; + version = "2.10"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - sha256 = "sha256-i+2R8smgLXooApj0Z5e03FybhYgw1X/kIsJkrDzW8y4="; + hash = "sha256-zePFmcQRFjcH6KToTpBFMQzGY+Eq7jijfn0R/MMKGrw="; }; + # Revert test that's broken on aarch64 + # FIXME: fix this properly + patches = [ + (fetchpatch { + url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=aabedeeb6c20c0c053f11ef53413d542442a8f62"; + revert = true; + hash = "sha256-hO4KzdLzW6Tn/4NNJEQO2OvgjSPVl46cwwZfv53R84U="; + }) + ]; + outputs = [ "out" "man" "doc" ] ++ lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "test"; @@ -87,6 +99,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + passthru.updateScript = gitUpdater { + # No nicer place to find latest release. + url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; + }; + meta = with lib; { homepage = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; description = "Wireless daemon for Linux"; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix b/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix index e0a3c4319b8b..652468002775 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel-headers/default.nix @@ -111,18 +111,15 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "6.5"; in + linuxHeaders = let version = "6.6"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - hash = "sha256-eldLvCCALqdrUsp/rwcmf3IEXoYbGJFcUnKpjCer+IQ="; + hash = "sha256-2SagbGPdisffP4buH/ws4qO4Gi0WhITna1s4mrqOVtA="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms - - # Fix regression turning `struct sockaddr_ll` flexible size. - ./revert-af_packet-flex.patch ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel-headers/revert-af_packet-flex.patch b/nixpkgs/pkgs/os-specific/linux/kernel-headers/revert-af_packet-flex.patch deleted file mode 100644 index ed6c8861d2fb..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/kernel-headers/revert-af_packet-flex.patch +++ /dev/null @@ -1,31 +0,0 @@ -Revert commit https://github.com/torvalds/linux/commit/a0ade8404c3bc2bf2631cb0f20d372eed22d9d96 - -The change caused API regression by turning fixed size struct to -flexible size struct. It was an unintentional change, broke `udp2raw`: - https://github.com/NixOS/nixpkgs/pull/252587#issuecomment-1744427473 ---- a/include/uapi/linux/if_packet.h -+++ b/include/uapi/linux/if_packet.h -@@ -18,11 +18,7 @@ struct sockaddr_ll { - unsigned short sll_hatype; - unsigned char sll_pkttype; - unsigned char sll_halen; -- union { -- unsigned char sll_addr[8]; -- /* Actual length is in sll_halen. */ -- __DECLARE_FLEX_ARRAY(unsigned char, sll_addr_flex); -- }; -+ unsigned char sll_addr[8]; - }; - - /* Packet types */ ---- a/net/packet/af_packet.c -+++ b/net/packet/af_packet.c -@@ -3607,7 +3607,7 @@ static int packet_getname(struct socket *sock, struct sockaddr *uaddr, - if (dev) { - sll->sll_hatype = dev->type; - sll->sll_halen = dev->addr_len; -- memcpy(sll->sll_addr_flex, dev->dev_addr, dev->addr_len); -+ memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len); - } else { - sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */ - sll->sll_halen = 0; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 4b38ffc5069c..746991c00b7e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -678,23 +678,23 @@ let VBOXGUEST = option no; DRM_VBOXVIDEO = option no; - XEN = option yes; - XEN_DOM0 = option yes; - PCI_XEN = option yes; - HVC_XEN = option yes; - HVC_XEN_FRONTEND = option yes; - XEN_SYS_HYPERVISOR = option yes; - SWIOTLB_XEN = option yes; - XEN_BACKEND = option yes; - XEN_BALLOON = option yes; - XEN_BALLOON_MEMORY_HOTPLUG = option yes; - XEN_EFI = option yes; - XEN_HAVE_PVMMU = option yes; - XEN_MCE_LOG = option yes; - XEN_PVH = option yes; - XEN_PVHVM = option yes; - XEN_SAVE_RESTORE = option yes; - XEN_SELFBALLOONING = whenOlder "5.3" yes; + XEN = mkIf stdenv.is64bit (option yes); + XEN_DOM0 = mkIf stdenv.is64bit (option yes); + PCI_XEN = mkIf stdenv.is64bit (option yes); + HVC_XEN = mkIf stdenv.is64bit (option yes); + HVC_XEN_FRONTEND = mkIf stdenv.is64bit (option yes); + XEN_SYS_HYPERVISOR = mkIf stdenv.is64bit (option yes); + SWIOTLB_XEN = mkIf stdenv.is64bit (option yes); + XEN_BACKEND = mkIf stdenv.is64bit (option yes); + XEN_BALLOON = mkIf stdenv.is64bit (option yes); + XEN_BALLOON_MEMORY_HOTPLUG = mkIf stdenv.is64bit (option yes); + XEN_EFI = mkIf stdenv.is64bit (option yes); + XEN_HAVE_PVMMU = mkIf stdenv.is64bit (option yes); + XEN_MCE_LOG = mkIf stdenv.is64bit (option yes); + XEN_PVH = mkIf stdenv.is64bit (option yes); + XEN_PVHVM = mkIf stdenv.is64bit (option yes); + XEN_SAVE_RESTORE = mkIf stdenv.is64bit (option yes); + XEN_SELFBALLOONING = mkIf stdenv.is64bit (whenOlder "5.3" yes); # Enable device detection on virtio-mmio hypervisors VIRTIO_MMIO_CMDLINE_DEVICES = yes; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index d8f8bb2fa73f..c10c3e8286ff 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,82 +1,72 @@ { - "4.14": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-4.14.328-hardened1.patch", - "sha256": "1qq2l4nwhxgl4drx6isc1ly892kffjq4hqb4zadqs6sxvsdm7x57", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.328-hardened1/linux-hardened-4.14.328-hardened1.patch" - }, - "sha256": "1igcpvnhwwrczfdsafmszvi0456k7f6j4cgpfw6v6afw09p95d8x", - "version": "4.14.328" - }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.297-hardened1.patch", - "sha256": "1qj09bynl7ml880xpc2956jn0b1gmm77yf3jc45v3jq3610jhna4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.297-hardened1/linux-hardened-4.19.297-hardened1.patch" + "name": "linux-hardened-4.19.302-hardened1.patch", + "sha256": "1qr0i1swrvbwxd7sx0fy6cg85k0aya518cdnmx2v1jpydvlkhn1a", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.302-hardened1/linux-hardened-4.19.302-hardened1.patch" }, - "sha256": "0c9xxqgv2i36hrr06dwz7f3idc04xpv0a5pxg08xdh03cnyf12cx", - "version": "4.19.297" + "sha256": "1kkkpm34p5rq0iijzrzwaq0cb62w543argargw5p1wzg8803rlsk", + "version": "4.19.302" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.199-hardened1.patch", - "sha256": "10vwd5wygfnxpbz15bq56pjygba3vqqal0d7xry2bch4p444pp5f", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.199-hardened1/linux-hardened-5.10.199-hardened1.patch" + "name": "linux-hardened-5.10.204-hardened1.patch", + "sha256": "0a1hyf7sjsv9g47x7nznpn5nq7p5jkzy2f4nsiy3pp1853f00v1d", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.204-hardened1/linux-hardened-5.10.204-hardened1.patch" }, - "sha256": "1h944syk7n6c4j1djlx19n77alzwbxcdza77c9ykicgfynhpgsm0", - "version": "5.10.199" + "sha256": "1vnamiyr378q52xgkg7kvpx80zck729dim77vp06a3q6n580g5gz", + "version": "5.10.204" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.137-hardened1.patch", - "sha256": "19gs1w380qgvazwjwhxypizpfx71faa7hsji0x5cgyw6vxhi6l1b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.137-hardened1/linux-hardened-5.15.137-hardened1.patch" + "name": "linux-hardened-5.15.143-hardened1.patch", + "sha256": "0rg37d21k0ab3nzaif46qc2ql9wd3v50n800kbpfa4g9qsq51j99", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.143-hardened1/linux-hardened-5.15.143-hardened1.patch" }, - "sha256": "1xxjbxldrhmnh2q6rykpxyfbj8xqgl82q30n8sfavrzr14bb4jcp", - "version": "5.15.137" + "sha256": "00lyv7zsj97mkg9i7dkb1a6km22mnr0qr687d9zz4ckjq1pb2sq9", + "version": "5.15.143" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.259-hardened1.patch", - "sha256": "1w8ipflgisd127gmx6wyz8p5qfi8cfd2a5j2xgibspkf45nzfwi8", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.259-hardened1/linux-hardened-5.4.259-hardened1.patch" + "name": "linux-hardened-5.4.264-hardened1.patch", + "sha256": "1rb3bc6c4qgdy1yysdl72qpizippimk1rfshajcsn7i034c9g4ca", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.264-hardened1/linux-hardened-5.4.264-hardened1.patch" }, - "sha256": "195v4fidavzm637glj6580006mrcaygnbj4za874imb62bxf9rpz", - "version": "5.4.259" + "sha256": "1c5n47dq9khb15hz24a000k3hj913vv1dda6famnm8wpjbfr176k", + "version": "5.4.264" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.61-hardened1.patch", - "sha256": "0d9zhh32dx1q828q50kmznmsa6yinppbklhgg8ix7b7k23857ha6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.61-hardened1/linux-hardened-6.1.61-hardened1.patch" + "name": "linux-hardened-6.1.68-hardened1.patch", + "sha256": "020xh7zsdfyp7g1n3fp8mmsy4ayhw309fcb65jwmkd8ha2mzm1yc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.68-hardened1/linux-hardened-6.1.68-hardened1.patch" }, - "sha256": "1kk4d7ph6pvgdrdmaklg15wf58nw9n7yqgkag7jdvqinzh99sb5d", - "version": "6.1.61" + "sha256": "1qc4cwqlfni9i6mzh6arghdsd842hp9lb7s832dxw1p261mg4prn", + "version": "6.1.68" }, - "6.4": { + "6.5": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.4.16-hardened1.patch", - "sha256": "10lydnnhhq9ynng1gfaqh1mncsb0dmr27zzcbygs1xigy2bl70n9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.16-hardened1/linux-hardened-6.4.16-hardened1.patch" + "name": "linux-hardened-6.5.13-hardened1.patch", + "sha256": "1fj6yaq2gdjlj2h19vkm13jrx0yiczj6pvric1kq1r6cprqrkkki", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.13-hardened1/linux-hardened-6.5.13-hardened1.patch" }, - "sha256": "0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln", - "version": "6.4.16" + "sha256": "1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq", + "version": "6.5.13" }, - "6.5": { + "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.5.10-hardened1.patch", - "sha256": "0p2lj7ryiizr1sxvm2kgds3l8sg9fns35y2fcyqq61lg7ymzj1fi", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.10-hardened1/linux-hardened-6.5.10-hardened1.patch" + "name": "linux-hardened-6.6.7-hardened1.patch", + "sha256": "16yk9wz19wn0fkxdwl05qw1hwnfvidh3nmj0pnf61hgwif4kg7l3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.7-hardened1/linux-hardened-6.6.7-hardened1.patch" }, - "sha256": "12sswml8jvabv6bqx35lg3jj6gq8jjk365rghjngdy5d0j34jpx1", - "version": "6.5.10" + "sha256": "0hfqdyxl4nqmm4pspfm1ang8616dbsaj0d968c0186ch0738xrhc", + "version": "6.6.7" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json index dfbd892615fd..8940d8a08f2c 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json @@ -1,38 +1,38 @@ { "testing": { - "version": "6.7-rc4", - "hash": "sha256:1igynlm5pv62brfkyjh6w8lzvmmy8c3g8phrn5wgdyy8svc48r8h" + "version": "6.7-rc5", + "hash": "sha256:125zdj2sxcwkfvm2ckjk3mbwfll8950bn7kr38s5pvlx2a10zv04" }, "6.5": { "version": "6.5.13", "hash": "sha256:1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq" }, "6.1": { - "version": "6.1.65", - "hash": "sha256:02mj394ina3npp6qqinc4pc6afp5pg1rlbjc90g4p902d29jjwj0" + "version": "6.1.68", + "hash": "sha256:1qc4cwqlfni9i6mzh6arghdsd842hp9lb7s832dxw1p261mg4prn" }, "5.15": { - "version": "5.15.141", - "hash": "sha256:1yicgvq413801qrfzr0rdzwgg45dszrvfd6y9dmrhak9bk36lvck" + "version": "5.15.143", + "hash": "sha256:00lyv7zsj97mkg9i7dkb1a6km22mnr0qr687d9zz4ckjq1pb2sq9" }, "5.10": { - "version": "5.10.202", - "hash": "sha256:12zs2bz2plps6xp80sdg36zkyr00rf5l5c85jl4dd7b9klly04ij" + "version": "5.10.204", + "hash": "sha256:1vnamiyr378q52xgkg7kvpx80zck729dim77vp06a3q6n580g5gz" }, "5.4": { - "version": "5.4.262", - "hash": "sha256:1p34x33gkvpv26zcrpx1i6dr7dknyxj8gnp6caqb8sj58h3slgkx" + "version": "5.4.264", + "hash": "sha256:1c5n47dq9khb15hz24a000k3hj913vv1dda6famnm8wpjbfr176k" }, "4.19": { - "version": "4.19.300", - "hash": "sha256:0ilksl94gjpc4pzc90swfawsl8lvibpq14nkaxzl0831i219ahd8" + "version": "4.19.302", + "hash": "sha256:1kkkpm34p5rq0iijzrzwaq0cb62w543argargw5p1wzg8803rlsk" }, "4.14": { - "version": "4.14.331", - "hash": "sha256:03sk82dgvccv70i3hy8gf2hw0n4m305f7rxjw93p7jnjrbpdrp1r" + "version": "4.14.333", + "hash": "sha256:0j5nrankrhi56qzmyjg1pznqx1zgk5f7cfa154smjbn3zlm7lcv6" }, "6.6": { - "version": "6.6.4", - "hash": "sha256:0i9ym5nqf704iz5674k66kn9a5hkm0y0sdhqy5c6v39xr5h9dr29" + "version": "6.6.7", + "hash": "sha256:0hfqdyxl4nqmm4pspfm1ang8616dbsaj0d968c0186ch0738xrhc" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix index bc45a86905c1..497fb09ab4d1 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.15.137-rt71"; # updated by ./update-rt.sh + version = "5.15.141-rt72"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1xxjbxldrhmnh2q6rykpxyfbj8xqgl82q30n8sfavrzr14bb4jcp"; + sha256 = "1yicgvq413801qrfzr0rdzwgg45dszrvfd6y9dmrhak9bk36lvck"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "11zk02ni3b0l1wwrfvyc1q92bd9as61hwgbwlj42xv5gbpd39jlw"; + sha256 = "0qlk43g5c0apspdg56ccb4259903nvadv4pnga07i4lg6xwb5xjw"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix index 8aaf8c5ecb16..e57b2859b8cb 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "6.1.64-rt17"; # updated by ./update-rt.sh + version = "6.1.65-rt18"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "1ry7dp39010hfja1wial6r6q6ilgygwm7gdz22bg4rzaycwam7b2"; + sha256 = "02mj394ina3npp6qqinc4pc6afp5pg1rlbjc90g4p902d29jjwj0"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1vvn21bprsqqzmqvcmj1jx3xn1dc6kih5fib9qpcyrh0j1c7s077"; + sha256 = "0axy543q47xv5nsrw6prmy9dqvbp27wkn2brwygl05nl8grjvhr8"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 97e5512e4452..3cad13a68fde 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -6,14 +6,14 @@ let # NOTE: When updating these, please also take a look at the changes done to # kernel config in the xanmod version commit ltsVariant = { - version = "6.1.63"; - hash = "sha256-WBMKJCLYexWJuTpli8vjvdms2ZYPXIS0yUxTgAL00io="; + version = "6.1.66"; + hash = "sha256-H3RTbBctvbKdsD1+G7zXVcTFb2NRON6nOzUgUW+zGxs="; variant = "lts"; }; mainVariant = { - version = "6.5.12"; - hash = "sha256-zG9+d+hKg0S0qCX2hOc02CowC6s9u82MB45+X1bGYpE="; + version = "6.6.5"; + hash = "sha256-lmJ5Gix+CEqIu+cyBeqBq6xLZ94PjhU+6SbzAE0D8SY="; variant = "main"; }; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix index 4a1bd7543b1b..55d32587766c 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.6.4"; #zen + version = "6.6.6"; #zen suffix = "zen1"; #zen - sha256 = "1zks4fpbw788aaw9rysdpfhmqzr8l5y6afq92md1gizyyl1rjhq1"; #zen + sha256 = "13lxj1841mykfmbd8pwshr8jjxpxw1d8dyzkzq4ks6nviivnqfsn"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "6.6.4"; #lqx + version = "6.6.6"; #lqx suffix = "lqx1"; #lqx - sha256 = "049pga9bc5pbnwki5vmnz9pdx0p5r7sssb66b4580h9x9skzi9m2"; #lqx + sha256 = "0p3ilsikd0v2k6d40n5s3smipww817yw2y47ayi1xj8m44rlp8gg"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { diff --git a/nixpkgs/pkgs/os-specific/linux/kmscon/default.nix b/nixpkgs/pkgs/os-specific/linux/kmscon/default.nix index 4762b63eda9b..2a60864ea6bf 100644 --- a/nixpkgs/pkgs/os-specific/linux/kmscon/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kmscon/default.nix @@ -16,6 +16,7 @@ , libxslt , mesa , ninja +, buildPackages }: stdenv.mkDerivation rec { @@ -29,13 +30,18 @@ stdenv.mkDerivation rec { sha256 = "sha256-8owyyzCrZVbWXcCR+RA+m0MOrdzW+efI+rIMWEVEZ1o="; }; + strictDeps = true; + + depsBuildBuild = [ + buildPackages.stdenv.cc + ]; + buildInputs = [ libGLU libGL libdrm libtsm libxkbcommon - libxslt pango pixman systemd @@ -47,6 +53,7 @@ stdenv.mkDerivation rec { ninja docbook_xsl pkg-config + libxslt # xsltproc ]; patches = [ diff --git a/nixpkgs/pkgs/os-specific/linux/libnvme/default.nix b/nixpkgs/pkgs/os-specific/linux/libnvme/default.nix index 129bb49e81e9..321d15ce6c5d 100644 --- a/nixpkgs/pkgs/os-specific/linux/libnvme/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libnvme/default.nix @@ -35,6 +35,16 @@ stdenv.mkDerivation (finalAttrs: { url = "https://github.com/linux-nvme/libnvme/commit/ff742e792725c316ba6de0800188bf36751bd1d1.patch"; hash = "sha256-IUjPUBmGQC4oAKFFlBrjonqD2YdyNPC9siK4t/t2slE="; }) + # included in next release + (fetchpatch { + url = "https://github.com/linux-nvme/libnvme/commit/a2b8e52e46cfd888ac5a48d8ce632bd70a5caa93.patch"; + hash = "sha256-AVSWraFriErfz7dA2CjU8+ehJtAmuLxBZyBALygmrf0="; + }) + # included in next release + (fetchpatch { + url = "https://github.com/linux-nvme/libnvme/commit/68c6ffb11d40a427fc1fd70ac2ac97fd01952913.patch"; + hash = "sha256-dvc1sjgCFU31/LornvJ/aRVYtPOsewkas0jS+/AwFuU="; + }) ]; postPatch = '' @@ -60,7 +70,7 @@ stdenv.mkDerivation (finalAttrs: { mesonFlags = [ "-Ddocs=man" - (lib.mesonBool "tests" finalAttrs.doCheck) + (lib.mesonBool "tests" finalAttrs.finalPackage.doCheck) (lib.mesonBool "docs-build" withDocs) ]; diff --git a/nixpkgs/pkgs/os-specific/linux/lxc/default.nix b/nixpkgs/pkgs/os-specific/linux/lxc/default.nix index 49f16db002f3..4192de0cfeab 100644 --- a/nixpkgs/pkgs/os-specific/linux/lxc/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/lxc/default.nix @@ -6,7 +6,6 @@ , libcap ? null, systemd ? null }: -with lib; stdenv.mkDerivation rec { pname = "lxc"; version = "4.0.12"; @@ -48,10 +47,10 @@ stdenv.mkDerivation rec { "--disable-api-docs" "--with-init-script=none" "--with-distro=nixos" # just to be sure it is "unknown" - ] ++ optional (libapparmor != null) "--enable-apparmor" - ++ optional (libselinux != null) "--enable-selinux" - ++ optional (libseccomp != null) "--enable-seccomp" - ++ optional (libcap != null) "--enable-capabilities" + ] ++ lib.optional (libapparmor != null) "--enable-apparmor" + ++ lib.optional (libselinux != null) "--enable-selinux" + ++ lib.optional (libseccomp != null) "--enable-seccomp" + ++ lib.optional (libcap != null) "--enable-capabilities" ++ [ "--disable-examples" "--enable-python" @@ -90,7 +89,7 @@ stdenv.mkDerivation rec { meta = { homepage = "https://linuxcontainers.org/"; description = "Userspace tools for Linux Containers, a lightweight virtualization system"; - license = licenses.lgpl21Plus; + license = lib.licenses.lgpl21Plus; longDescription = '' LXC is the userspace control package for Linux Containers, a @@ -100,7 +99,7 @@ stdenv.mkDerivation rec { mechanisms to Linux’s existing process management infrastructure. ''; - platforms = platforms.linux; - maintainers = with maintainers; [ ]; + platforms = lib.platforms.linux; + maintainers = lib.teams.lxc.members; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/lxcfs/default.nix b/nixpkgs/pkgs/os-specific/linux/lxcfs/default.nix index 96477c5f4426..28777d36e6be 100644 --- a/nixpkgs/pkgs/os-specific/linux/lxcfs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/lxcfs/default.nix @@ -2,7 +2,6 @@ , util-linux, makeWrapper , enableDebugBuild ? config.lxcfs.enableDebugBuild or false }: -with lib; stdenv.mkDerivation rec { pname = "lxcfs"; version = "4.0.12"; @@ -48,8 +47,8 @@ stdenv.mkDerivation rec { description = "FUSE filesystem for LXC"; homepage = "https://linuxcontainers.org/lxcfs"; changelog = "https://linuxcontainers.org/lxcfs/news/"; - license = licenses.asl20; - platforms = platforms.linux; - maintainers = with maintainers; [ ]; + license = lib.licenses.asl20; + platforms = lib.platforms.linux; + maintainers = lib.teams.lxc.members; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/nftables/default.nix b/nixpkgs/pkgs/os-specific/linux/nftables/default.nix index 4482170d346b..03e99441ec67 100644 --- a/nixpkgs/pkgs/os-specific/linux/nftables/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nftables/default.nix @@ -35,6 +35,13 @@ stdenv.mkDerivation rec { python3.pkgs.setuptools ]; + patches = [ ./fix-py-libnftables.patch ]; + + postPatch = '' + substituteInPlace "py/src/nftables.py" \ + --subst-var-by "out" "$out" + ''; + configureFlags = [ "--with-json" (lib.withFeatureAs withCli "cli" "editline") diff --git a/nixpkgs/pkgs/os-specific/linux/nftables/fix-py-libnftables.patch b/nixpkgs/pkgs/os-specific/linux/nftables/fix-py-libnftables.patch new file mode 100644 index 000000000000..3ab1e5363019 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/nftables/fix-py-libnftables.patch @@ -0,0 +1,13 @@ +diff --git a/py/src/nftables.py b/py/src/nftables.py +index f1e43ade..9adcd1be 100644 +--- a/py/src/nftables.py ++++ b/py/src/nftables.py +@@ -69,7 +69,7 @@ class Nftables: + + validator = None + +- def __init__(self, sofile="libnftables.so.1"): ++ def __init__(self, sofile="@out@/lib/libnftables.so.1"): + """Instantiate a new Nftables class object. + + Accepts a shared object file to open, by default standard search path diff --git a/nixpkgs/pkgs/os-specific/linux/nix-ld/default.nix b/nixpkgs/pkgs/os-specific/linux/nix-ld/default.nix index 5eebe6773147..bb6489ecdb17 100644 --- a/nixpkgs/pkgs/os-specific/linux/nix-ld/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nix-ld/default.nix @@ -5,11 +5,7 @@ , ninja , nixosTests }: -let - libDir = if builtins.elem stdenv.system [ "x86_64-linux" "mips64-linux" "powerpc64le-linux" ] - then "/lib64" - else "/lib"; -in + stdenv.mkDerivation rec { pname = "nix-ld"; version = "1.2.2"; @@ -36,7 +32,7 @@ stdenv.mkDerivation rec { postInstall = '' mkdir -p $out/nix-support - ldpath=${libDir}/$(basename $(< ${stdenv.cc}/nix-support/dynamic-linker)) + ldpath=/${stdenv.hostPlatform.libDir}/$(basename $(< ${stdenv.cc}/nix-support/dynamic-linker)) echo "$ldpath" > $out/nix-support/ldpath mkdir -p $out/lib/tmpfiles.d/ cat > $out/lib/tmpfiles.d/nix-ld.conf <<EOF diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 index 124c01046ea3..9eca8163feda 100644 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 @@ -10,7 +10,7 @@ .Sh SYNOPSIS .Nm .Bro -.Cm switch | boot | test | build | dry-build | dry-activate | edit | build-vm | build-vm-with-bootloader | list-generations Op Fl -json +.Cm switch | boot | test | build | dry-build | dry-activate | edit | repl | build-vm | build-vm-with-bootloader | list-generations Op Fl -json .Brc .br .Op Fl -upgrade | -upgrade-all @@ -34,6 +34,7 @@ .Op Fl -show-trace .Op Fl I Va NIX_PATH .Op Fl -verbose | v +.Op Fl -accept-flake-config .Op Fl -impure .Op Fl -max-jobs | j Va number .Op Fl -keep-failed | K @@ -143,6 +144,10 @@ Opens .Pa configuration.nix in the default editor. . +.It Cm repl +Opens the configuration in +.Ic nix repl Ns . +. .It Cm build-vm Build a script that starts a NixOS virtual machine with the desired configuration. It leaves a symlink @@ -391,6 +396,7 @@ accepts various Nix-related flags, including .Fl -max-jobs Ns , .Fl j Ns , .Fl I Ns , +.Fl -accept-flake-config Ns , .Fl -show-trace Ns , .Fl -keep-failed Ns , .Fl -keep-going Ns , diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index dddae8da2068..f9bda1a64b62 100755 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -49,7 +49,7 @@ while [ "$#" -gt 0 ]; do --help) showSyntax ;; - switch|boot|test|build|edit|dry-build|dry-run|dry-activate|build-vm|build-vm-with-bootloader|list-generations) + switch|boot|test|build|edit|repl|dry-build|dry-run|dry-activate|build-vm|build-vm-with-bootloader|list-generations) if [ "$i" = dry-run ]; then i=dry-build; fi # exactly one action mandatory, bail out if multiple are given if [ -n "$action" ]; then showSyntax; fi @@ -82,7 +82,7 @@ while [ "$#" -gt 0 ]; do j="$1"; shift 1 extraBuildFlags+=("$i" "$j") ;; - -j*|--quiet|--print-build-logs|-L|--no-build-output|-Q| --show-trace|--keep-going|-k|--keep-failed|-K|--fallback|--refresh|--repair|--impure|--offline|--no-net) + --accept-flake-config|-j*|--quiet|--print-build-logs|-L|--no-build-output|-Q| --show-trace|--keep-going|-k|--keep-failed|-K|--fallback|--refresh|--repair|--impure|--offline|--no-net) extraBuildFlags+=("$i") ;; --verbose|-v|-vv|-vvv|-vvvv|-vvvvv) @@ -511,6 +511,68 @@ if [ "$action" = dry-build ]; then extraBuildFlags+=(--dry-run) fi +if [ "$action" = repl ]; then + # This is a very end user command, implemented using sub-optimal means. + # You should feel free to improve its behavior, as well as resolve tech + # debt in "breaking" ways. Humans adapt quite well. + if [[ -z $flake ]]; then + exec nix repl '<nixpkgs/nixos>' "${extraBuildFlags[@]}" + else + if [[ -n "${lockFlags[0]}" ]]; then + # nix repl itself does not support locking flags + log "nixos-rebuild repl does not support locking flags yet" + exit 1 + fi + d='$' + q='"' + bold="$(echo -e '\033[1m')" + blue="$(echo -e '\033[34;1m')" + attention="$(echo -e '\033[35;1m')" + reset="$(echo -e '\033[0m')" + # This nix repl invocation is impure, because usually the flakeref is. + # For a solution that preserves the motd and custom scope, we need + # something like https://github.com/NixOS/nix/issues/8679. + exec nix repl --impure --expr " + let flake = builtins.getFlake ''$flake''; + configuration = flake.$flakeAttr; + motd = '' + $d{$q\n$q} + Hello and welcome to the NixOS configuration + $flakeAttr + in $flake + + The following is loaded into nix repl's scope: + + - ${blue}config${reset} All option values + - ${blue}options${reset} Option data and metadata + - ${blue}pkgs${reset} Nixpkgs package set + - other module arguments + + - ${blue}flake${reset} Flake outputs, inputs and source info of $flake + + Use tab completion to browse around ${blue}config${reset}. + + Use ${bold}:r${reset} to ${bold}reload${reset} everything after making a change in the flake. + (assuming $flake is a mutable flake ref) + + See ${bold}:?${reset} for more repl commands. + + ${attention}warning:${reset} nixos-rebuild repl does not currently enforce pure evaluation. + ''; + scope = + assert configuration._type or null == ''configuration''; + assert configuration.class or ''nixos'' == ''nixos''; + configuration._module.args // + configuration._module.specialArgs // + { + inherit (configuration) config options; + inherit flake; + }; + in builtins.seq scope builtins.trace motd scope + " "${extraBuildFlags[@]}" + fi +fi + if [ "$action" = list-generations ]; then if [ ! -L "$profile" ]; then log "No profile \`$(basename "$profile")' found" diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix index d9caae7f457f..54df7cbc6271 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -27,12 +27,12 @@ rec { stable = if stdenv.hostPlatform.system == "i686-linux" then legacy_390 else latest; production = generic { - version = "535.129.03"; - sha256_64bit = "sha256-5tylYmomCMa7KgRs/LfBrzOLnpYafdkKwJu4oSb/AC4="; - sha256_aarch64 = "sha256-i6jZYUV6JBvN+Rt21v4vNstHPIu9sC+2ZQpiLOLoWzM="; - openSha256 = "sha256-/Hxod/LQ4CGZN1B1GRpgE/xgoYlkPpMh+n8L7tmxwjs="; - settingsSha256 = "sha256-QKN/gLGlT+/hAdYKlkIjZTgvubzQTt4/ki5Y+2Zj3pk="; - persistencedSha256 = "sha256-FRMqY5uAJzq3o+YdM2Mdjj8Df6/cuUUAnh52Ne4koME="; + version = "535.146.02"; + sha256_64bit = "sha256-Sf0cyeRFyYspP3xm82vs/hLMwd6WDf/z8dyWujqcv3A="; + sha256_aarch64 = "sha256-8G0oNdaVWxIGwVaQSw/cojy4TIAuiUBF3B98BI4hEec="; + openSha256 = "sha256-Oyllcy3uYYK912CIusMwjKKHtMgoyOxpZWQQ8hIycuk="; + settingsSha256 = "sha256-IrN2NaPrZSN0sCZqYNJ43iCicX3ziwUgyLLSRzp9sHQ="; + persistencedSha256 = "sha256-trIddaTgKXszEJunK+t6D+e3HbLDTfAsitdEYRgwRNQ="; }; latest = selectHighestVersion production (generic { @@ -59,14 +59,14 @@ rec { # Vulkan developer beta driver # See here for more information: https://developer.nvidia.com/vulkan-driver vulkan_beta = generic rec { - version = "535.43.19"; + version = "535.43.20"; persistencedVersion = "535.98"; settingsVersion = "535.98"; - sha256_64bit = "sha256-zxyZnXpNQuYJ17NDm3s8P/7GzQ4xD4Q4oCZA0ei+Wqs="; - openSha256 = "sha256-K14Av5fCda1J9o5pkQBhmwW34d2hgqrF3J99FWPsNjM="; + sha256_64bit = "sha256-PVs+AnVbJhriAHlxVEV81fqT4n92edv0cQyAGvuUgPw="; + openSha256 = "sha256-xqjitZRsIvbE98zzSQNorkCguDJt53eCxKYBxIZQwVM="; settingsSha256 = "sha256-jCRfeB1w6/dA27gaz6t5/Qo7On0zbAPIi74LYLel34s="; persistencedSha256 = "sha256-WviDU6B50YG8dO64CGvU3xK8WFUX8nvvVYm/fuGyroM="; - url = "https://developer.nvidia.com/downloads/vulkan-beta-${lib.concatStrings (lib.splitString "." version)}-linux"; + url = "https://developer.nvidia.com/downloads/vulkan-beta-${lib.concatStrings (lib.splitVersion version)}-linux"; }; # data center driver compatible with current default cudaPackages diff --git a/nixpkgs/pkgs/os-specific/linux/raspberrypi-eeprom/default.nix b/nixpkgs/pkgs/os-specific/linux/raspberrypi-eeprom/default.nix index 6a429a77c57b..6cc93b8dd3c6 100644 --- a/nixpkgs/pkgs/os-specific/linux/raspberrypi-eeprom/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/raspberrypi-eeprom/default.nix @@ -3,13 +3,13 @@ }: stdenvNoCC.mkDerivation rec { pname = "raspberrypi-eeprom"; - version = "2023.01.11-138c0"; + version = "2023.10.30-2712"; src = fetchFromGitHub { owner = "raspberrypi"; repo = "rpi-eeprom"; - rev = "v${version}"; - hash = "sha256-z3VyqdSkvxAgVmtMI/Is9qYrOeDXlyVLwHSSC2+AxcA="; + rev = "refs/tags/v${version}"; + hash = "sha256-TKvby0qIXidM5Qk7q+ovLk0DpHsCbdQe7xndrgKrSXk="; }; buildInputs = [ python3 ]; @@ -24,18 +24,21 @@ stdenvNoCC.mkDerivation rec { ''; installPhase = '' - mkdir -p $out/bin $out/share/rpi-eeprom + mkdir -p "$out/bin" + cp rpi-eeprom-config rpi-eeprom-update rpi-eeprom-digest "$out/bin" - cp rpi-eeprom-config rpi-eeprom-update rpi-eeprom-digest $out/bin - cp -r firmware/{beta,critical,old,stable} $out/share/rpi-eeprom - cp -P firmware/default firmware/latest $out/share/rpi-eeprom + mkdir -p "$out/lib/firmware/raspberrypi" + for dirname in firmware-*; do + dirname_suffix="''${dirname/#firmware-}" + cp -rP "$dirname" "$out/lib/firmware/raspberrypi/bootloader-$dirname_suffix" + done ''; fixupPhase = '' patchShebangs $out/bin for i in rpi-eeprom-update rpi-eeprom-config; do wrapProgram $out/bin/$i \ - --set FIRMWARE_ROOT $out/share/rpi-eeprom \ + --set FIRMWARE_ROOT "$out/lib/firmware/raspberrypi/bootloader" \ ${lib.optionalString stdenvNoCC.isAarch64 "--set VCMAILBOX ${libraspberrypi}/bin/vcmailbox"} \ --prefix PATH : "${lib.makeBinPath ([ binutils-unwrapped @@ -51,9 +54,9 @@ stdenvNoCC.mkDerivation rec { ''; meta = with lib; { - description = "Installation scripts and binaries for the closed sourced Raspberry Pi 4 EEPROMs"; - homepage = "https://www.raspberrypi.org/documentation/hardware/raspberrypi/booteeprom.md"; + description = "Installation scripts and binaries for the closed sourced Raspberry Pi 4 and 5 bootloader EEPROMs"; + homepage = "https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-4-boot-eeprom"; license = with licenses; [ bsd3 unfreeRedistributableFirmware ]; - maintainers = with maintainers; [ das_j ]; + maintainers = with maintainers; [ das_j Luflosi ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix index 38fec65b3334..f52342f5af36 100644 --- a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix @@ -17,13 +17,13 @@ in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.14.1"; + version = "4.14.2"; src = fetchFromGitHub { owner = "shadow-maint"; repo = pname; rev = version; - hash = "sha256-DzPPnttnJSOMQwXWyFcz6fEtjwBC3p2PpZpBAQ/Ew18="; + hash = "sha256-8sFXxP4MPFzKfBHzlKlsibj0lVQKJbC/Z7pWCy3WEuc="; }; outputs = [ "out" "su" "dev" "man" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix index e6872782b832..afb10b3c2fcb 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix @@ -160,7 +160,7 @@ assert !withPasswordQuality; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "254.3"; + version = "254.6"; # Bump this variable on every (major) version change. See below (in the meson options list) for why. # command: @@ -177,7 +177,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - hash = "sha256-ObnsAiKwhwEb4ti611eS/wGpg3Sss/pUy/gANPAbXbs="; + hash = "sha256-Ku24ecDeQt0t7A8/adR3Jm47QZ19+wdMPyJRzCxU4uU="; }; # On major changes, or when otherwise required, you *must* reformat the patches, @@ -205,14 +205,6 @@ stdenv.mkDerivation (finalAttrs: { ./0017-core-don-t-taint-on-unmerged-usr.patch ./0018-tpm2_context_init-fix-driver-name-checking.patch ./0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch - - # Fix for `RuntimeError: ELF .dynamic section is missing.` - # https://github.com/systemd/systemd/issues/29381 - # https://github.com/systemd/systemd/pull/29392 - (fetchpatch { - url = "https://github.com/systemd/systemd/commit/cecbb162a3134b43d2ca160e13198c73ff34c3ef.patch"; - hash = "sha256-hWpUosTDA18mYm5nIb9KnjwOlnzbEHgzha/WpyHoC54="; - }) ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { @@ -254,7 +246,10 @@ stdenv.mkDerivation (finalAttrs: { substituteInPlace src/ukify/ukify.py \ --replace \ "'readelf'" \ - "'${targetPackages.stdenv.cc.bintools.targetPrefix}readelf'" + "'${targetPackages.stdenv.cc.bintools.targetPrefix}readelf'" \ + --replace \ + "/usr/lib/systemd/boot/efi" \ + "$out/lib/systemd/boot/efi" '' + ( let # The following patches references to dynamic libraries to ensure that diff --git a/nixpkgs/pkgs/os-specific/linux/tcp-wrappers/tcp-wrappers-7.6-headers.patch b/nixpkgs/pkgs/os-specific/linux/tcp-wrappers/tcp-wrappers-7.6-headers.patch deleted file mode 100644 index 328a4a102618..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/tcp-wrappers/tcp-wrappers-7.6-headers.patch +++ /dev/null @@ -1,295 +0,0 @@ ---- a/options.c -+++ b/options.c -@@ -34,6 +34,8 @@ - - /* System libraries. */ - -+#include <unistd.h> -+#include <stdlib.h> - #include <sys/types.h> - #include <sys/param.h> - #include <sys/socket.h> ---- a/safe_finger.c -+++ b/safe_finger.c -@@ -20,6 +20,11 @@ - - /* System libraries */ - -+#include <unistd.h> -+#include <fcntl.h> -+#include <stdlib.h> -+#include <sys/wait.h> -+#include <grp.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <signal.h> -@@ -27,7 +31,7 @@ - #include <ctype.h> - #include <pwd.h> - --extern void exit(); -+int pipe_stdin(char **argv); - - /* Local stuff */ - ---- a/scaffold.c -+++ b/scaffold.c -@@ -10,6 +10,7 @@ - - /* System libraries. */ - -+#include <stdlib.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <sys/socket.h> -@@ -27,7 +27,4 @@ - #endif - --#ifndef INET6 --extern char *malloc(); --#endif - - /* Application-specific. */ ---- a/shell_cmd.c -+++ b/shell_cmd.c -@@ -14,6 +14,10 @@ - - /* System libraries. */ - -+#include <unistd.h> -+#include <stdlib.h> -+#include <fcntl.h> -+#include <sys/wait.h> - #include <sys/types.h> - #include <sys/param.h> - #include <signal.h> -@@ -25,8 +25,6 @@ - #include <syslog.h> - #include <string.h> - --extern void exit(); -- - /* Local stuff. */ - - #include "tcpd.h" ---- a/tcpdchk.c -+++ b/tcpdchk.c -@@ -20,6 +20,8 @@ - - /* System libraries. */ - -+#include <unistd.h> -+#include <stdlib.h> - #include <sys/types.h> - #include <sys/stat.h> - #ifdef INET6 -@@ -35,10 +36,7 @@ - #include <netdb.h> - #include <string.h> - --extern int errno; --extern void exit(); --extern int optind; --extern char *optarg; -+int cidr_mask_addr(char *str); - - #ifndef INADDR_NONE - #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ ---- a/clean_exit.c -+++ b/clean_exit.c -@@ -13,8 +13,8 @@ - #endif - - #include <stdio.h> -- --extern void exit(); -+#include <unistd.h> -+#include <stdlib.h> - - #include "tcpd.h" - ---- a/hosts_access.c -+++ b/hosts_access.c -@@ -23,6 +23,7 @@ - - /* System libraries. */ - -+#include <stdlib.h> - #include <sys/types.h> - #ifdef INT32_T - typedef uint32_t u_int32_t; -@@ -43,8 +44,8 @@ - #include <netdb.h> - #endif - --extern char *fgets(); --extern int errno; -+static int match_pattern_ylo(const char *s, const char *pattern); -+int cidr_mask_addr(char *str); - - #ifndef INADDR_NONE - #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ ---- a/inetcf.c -+++ b/inetcf.c -@@ -9,15 +9,14 @@ - static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23"; - #endif - -+#include <stdlib.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <stdio.h> - #include <errno.h> - #include <string.h> - --extern int errno; --extern void exit(); -- -+#include "scaffold.h" - #include "tcpd.h" - #include "inetcf.h" - ---- a/percent_x.c -+++ b/percent_x.c -@@ -16,12 +16,12 @@ - - /* System libraries. */ - -+#include <unistd.h> -+#include <stdlib.h> - #include <stdio.h> - #include <syslog.h> - #include <string.h> - --extern void exit(); -- - /* Local stuff. */ - - #include "tcpd.h" ---- a/rfc931.c -+++ b/rfc931.c -@@ -15,6 +15,7 @@ - - /* System libraries. */ - -+#include <unistd.h> - #include <stdio.h> - #include <syslog.h> - #include <sys/types.h> ---- a/tcpd.c -+++ b/tcpd.c -@@ -16,6 +16,7 @@ - - /* System libraries. */ - -+#include <unistd.h> - #include <sys/types.h> - #include <sys/param.h> - #include <sys/stat.h> -@@ -39,6 +39,8 @@ - #include "patchlevel.h" - #include "tcpd.h" - -+void fix_options(struct request_info *request); -+ - int allow_severity = SEVERITY; /* run-time adjustable */ - int deny_severity = LOG_WARNING; /* ditto */ - ---- a/tcpdmatch.c -+++ b/tcpdmatch.c -@@ -19,6 +19,8 @@ - - /* System libraries. */ - -+#include <unistd.h> -+#include <stdlib.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <sys/socket.h> -@@ -30,9 +32,6 @@ - #include <setjmp.h> - #include <string.h> - --extern void exit(); --extern int optind; --extern char *optarg; - - #ifndef INADDR_NONE - #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ ---- a/update.c -+++ b/update.c -@@ -19,6 +19,7 @@ - - /* System libraries */ - -+#include <unistd.h> - #include <stdio.h> - #include <syslog.h> - #include <string.h> ---- a/misc.c -+++ b/misc.c -@@ -14,11 +14,10 @@ - #include <arpa/inet.h> - #include <stdio.h> - #include <string.h> -+#include <stdlib.h> - - #include "tcpd.h" - --extern char *fgets(); -- - #ifndef INADDR_NONE - #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ - #endif ---- a/fix_options.c -+++ b/fix_options.c -@@ -32,6 +32,7 @@ - - /* fix_options - get rid of IP-level socket options */ - -+void - fix_options(request) - struct request_info *request; - { -@@ -38,11 +38,8 @@ - #ifdef IP_OPTIONS - unsigned char optbuf[BUFFER_SIZE / 3], *cp; - char lbuf[BUFFER_SIZE], *lp; --#ifdef __GLIBC__ -- size_t optsize = sizeof(optbuf), ipproto; --#else -- int optsize = sizeof(optbuf), ipproto; --#endif -+ socklen_t optsize = sizeof(optbuf); -+ int ipproto; - struct protoent *ip; - int fd = request->fd; - unsigned int opt; ---- a/socket.c -+++ b/socket.c -@@ -95,11 +95,7 @@ - static struct sockaddr_in client; - static struct sockaddr_in server; - #endif --#ifdef __GLIBC__ -- size_t len; --#else -- int len; --#endif -+ socklen_t len; - char buf[BUFSIZ]; - int fd = request->fd; - -@@ -430,11 +426,7 @@ - #else - struct sockaddr_in sin; - #endif --#ifdef __GLIBC__ -- size_t size = sizeof(sin); --#else -- int size = sizeof(sin); --#endif -+ socklen_t size; - - /* - * Eat up the not-yet received datagram. Some systems insist on a diff --git a/nixpkgs/pkgs/os-specific/linux/zsa-udev-rules/default.nix b/nixpkgs/pkgs/os-specific/linux/zsa-udev-rules/default.nix index c015da7456a0..66485ab51dd8 100644 --- a/nixpkgs/pkgs/os-specific/linux/zsa-udev-rules/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/zsa-udev-rules/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "zsa-udev-rules"; - version = "unstable-2022-10-26"; + version = "unstable-2023-11-30"; src = fetchFromGitHub { owner = "zsa"; repo = "wally"; - rev = "623a50d0e0b90486e42ad8ad42b0a7313f7a37b3"; - hash = "sha256-meR2V7T4hrJFXFPLENHoAgmOILxxynDBk0BLqzsAZvQ="; + rev = "a6648f6b543b703e3902faf5c08e997e0d58c909"; + hash = "sha256-j9n3VoX+UngX12DF28rtNh+oy80Th1BINPQqk053lvE="; }; # Only copies udevs rules |