diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific')
83 files changed, 642 insertions, 821 deletions
diff --git a/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix b/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix index ff9f4d911f03..398b2ff6fa6d 100644 --- a/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix +++ b/nixpkgs/pkgs/os-specific/bsd/freebsd/default.nix @@ -717,6 +717,10 @@ in makeScopeWithSplicing' { buildInputs = with self; [ include csu ]; env.NIX_CFLAGS_COMPILE = "-B${self.csu}/lib"; + # Suppress lld >= 16 undefined version errors + # https://github.com/freebsd/freebsd-src/commit/2ba84b4bcdd6012e8cfbf8a0d060a4438623a638 + env.NIX_LDFLAGS = lib.optionalString (stdenv.targetPlatform.linker == "lld") "--undefined-version"; + makeFlags = [ "STRIP=-s" # flag to install, not command # lib/libc/gen/getgrent.c has sketchy cast from `void *` to enum diff --git a/nixpkgs/pkgs/os-specific/darwin/xcode/default.nix b/nixpkgs/pkgs/os-specific/darwin/xcode/default.nix index ec98a0b1cfb6..54250001d9eb 100644 --- a/nixpkgs/pkgs/os-specific/darwin/xcode/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/xcode/default.nix @@ -79,6 +79,8 @@ in lib.makeExtensible (self: { xcode_13_4_1 = requireXcode "13.4.1" "sha256-Jk8fLgvnODoIhuVJqfV0KrpBBL40fRrHJbFmm44NRKE="; xcode_14 = requireXcode "14" "sha256-E+wjPgQx/lbYAsauksdmGsygL5VPBA8R9pHB93eA7T0="; xcode_14_1 = requireXcode "14.1" "sha256-QJGAUVIhuDYyzDNttBPv5lIGOfvkYqdOFSUAr5tlkfs="; + xcode_15 = requireXcode "15" "sha256-ffqISt2Ayccln5BArKIjSdzbEgoSoNwq8TPLGysAE0c="; + xcode_15_1 = requireXcode "15.1" "sha256-0djqoSamU87rCpjo50Un3cFg9wKf+pSczRko6uumGM0="; xcode = self."xcode_${lib.replaceStrings ["."] ["_"] (if (stdenv.targetPlatform ? xcodeVer) then stdenv.targetPlatform.xcodeVer else "12.3")}"; }) diff --git a/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix b/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix index f24df323ec02..f5bbf5407d50 100644 --- a/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix +++ b/nixpkgs/pkgs/os-specific/darwin/yabai/default.nix @@ -17,7 +17,7 @@ let pname = "yabai"; - version = "6.0.4"; + version = "6.0.6"; test-version = testers.testVersion { package = yabai; @@ -53,7 +53,7 @@ in src = fetchzip { url = "https://github.com/koekeishiya/yabai/releases/download/v${version}/yabai-v${version}.tar.gz"; - hash = "sha256-gxQBZ/7I2TVjoG5a8ea2+W4OwI9pJFbGSbZzcL5JY4Q="; + hash = "sha256-G4BbYU4mgV8Jap8a872/YtoXU/hwUhFyLXdcuT1jldI="; }; nativeBuildInputs = [ @@ -89,7 +89,7 @@ in owner = "koekeishiya"; repo = "yabai"; rev = "v${version}"; - hash = "sha256-U2YGgfTfhpmiBiO+S6xpsLrgI+kVUYYGLGjt8KHcBrc="; + hash = "sha256-wqGYVUDEDkrLSr0IoAO17wbtwaDeainnkDeR8O8oFqc="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/amdctl/default.nix b/nixpkgs/pkgs/os-specific/linux/amdctl/default.nix index 1fcd8fc93402..d0a15578857c 100644 --- a/nixpkgs/pkgs/os-specific/linux/amdctl/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/amdctl/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { description = "Set P-State voltages and clock speeds on recent AMD CPUs on Linux."; homepage = "https://github.com/kevinlekiller/amdctl"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ thiagokokada ]; + maintainers = with maintainers; [ ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/amdgpu-pro/default.nix b/nixpkgs/pkgs/os-specific/linux/amdgpu-pro/default.nix index 96339c1d164f..ade6da99810b 100644 --- a/nixpkgs/pkgs/os-specific/linux/amdgpu-pro/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/amdgpu-pro/default.nix @@ -9,7 +9,7 @@ , perl , zlib , expat -, libffi +, libffi_3_3 , libselinux , libdrm , udev @@ -119,7 +119,7 @@ in stdenv.mkDerivation rec { libxshmfence elfutils expat - libffi + libffi_3_3 libselinux # libudev is not listed in any dependencies, but is loaded dynamically udev diff --git a/nixpkgs/pkgs/os-specific/linux/apfs/default.nix b/nixpkgs/pkgs/os-specific/linux/apfs/default.nix index 98487799aa8a..0c8d7cb989d4 100644 --- a/nixpkgs/pkgs/os-specific/linux/apfs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/apfs/default.nix @@ -6,7 +6,7 @@ }: let - tag = "0.3.5"; + tag = "0.3.6"; in stdenv.mkDerivation { pname = "apfs"; @@ -16,7 +16,7 @@ stdenv.mkDerivation { owner = "linux-apfs"; repo = "linux-apfs-rw"; rev = "v${tag}"; - hash = "sha256-rKz9a4Z+tx63rhknQIl/zu/WIMjxxM0+NGyaxnzxLk4="; + hash = "sha256-k62PgUffBx6ZrWWLeX460adh/vv6XWxSmtEiwaWxiaU="; }; hardeningDisable = [ "pic" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/bcc/default.nix b/nixpkgs/pkgs/os-specific/linux/bcc/default.nix index acdaa6796d65..a0b91f6d778b 100644 --- a/nixpkgs/pkgs/os-specific/linux/bcc/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/bcc/default.nix @@ -20,7 +20,7 @@ python3.pkgs.buildPythonApplication rec { pname = "bcc"; - version = "0.28.0"; + version = "0.29.1"; disabled = !stdenv.isLinux; @@ -28,7 +28,7 @@ python3.pkgs.buildPythonApplication rec { owner = "iovisor"; repo = "bcc"; rev = "v${version}"; - sha256 = "sha256-+ecSaVroDC2bWbio4JsuwEvHQdCMpxLt7hIkeREMJs8="; + hash = "sha256-+HYCweAI5axx0ZNFd/jLRXkUinRLDmKWMpLTk7FrEe0="; }; format = "other"; diff --git a/nixpkgs/pkgs/os-specific/linux/cpuset/default.nix b/nixpkgs/pkgs/os-specific/linux/cpuset/default.nix deleted file mode 100644 index bb7a953c1195..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/cpuset/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ lib -, fetchFromGitHub -, fetchpatch -, pythonPackages -}: - -pythonPackages.buildPythonApplication rec { - pname = "cpuset"; - version = "1.6"; - - propagatedBuildInputs = with pythonPackages; [ - configparser - future - ]; - - # https://github.com/lpechacek/cpuset/pull/36 - patches = [ - (fetchpatch { - url = "https://github.com/MawKKe/cpuset/commit/a4b6b275d0a43d2794ab9e82922d3431aeea9903.patch"; - sha256 = "1mi1xrql81iczl67s4dk2rm9r1mk36qhsa19wn7zgryf95krsix2"; - }) - ]; - - makeFlags = [ "prefix=$(out)" ]; - - src = fetchFromGitHub { - owner = "lpechacek"; - repo = "cpuset"; - rev = "v${version}"; - sha256 = "0ig0ml2zd5542d0989872vmy7cs3qg7nxwa93k42bdkm50amhar4"; - }; - - checkPhase = '' - cd t - make - ''; - - meta = with lib; { - description = "Python application that forms a wrapper around the standard Linux filesystem calls to make using the cpusets facilities in the Linux kernel easier"; - homepage = "https://github.com/lpechacek/cpuset"; - license = licenses.gpl2; - maintainers = with maintainers; [ thiagokokada wykurz ]; - mainProgram = "cset"; - }; -} diff --git a/nixpkgs/pkgs/os-specific/linux/criu/default.nix b/nixpkgs/pkgs/os-specific/linux/criu/default.nix index 00d46591c136..66e3303890b0 100644 --- a/nixpkgs/pkgs/os-specific/linux/criu/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/criu/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, fetchpatch, protobuf, protobufc, asciidoc, iptables +{ stdenv, lib, fetchFromGitHub, protobuf, protobufc, asciidoc, iptables , xmlto, docbook_xsl, libpaper, libnl, libcap, libnet, pkg-config, iproute2, gzip , which, python3, makeWrapper, docbook_xml_dtd_45, perl, nftables, libbsd, gnutar , buildPackages @@ -6,33 +6,15 @@ stdenv.mkDerivation rec { pname = "criu"; - version = "3.17.1"; + version = "3.19"; src = fetchFromGitHub { owner = "checkpoint-restore"; repo = pname; rev = "v${version}"; - hash = "sha256-0B0cdX5bemy4glF9iWjrQIXIqilyYcCcAN9x4Jjrwzk="; + hash = "sha256-S0nxBHfm7tWmW5PhSDhSAgy1uDa0RD5GTNpMDUHKqwY="; }; - patches = [ - # Fixes redefinition of rseq headers - (fetchpatch { - url = "https://github.com/checkpoint-restore/criu/commit/1e6e826ffb7ac05f33fa123051c2fc2ddf0f68ea.patch"; - hash = "sha256-LJjk0jQ5v5wqeprvBMpxhjLXn7v+lSPldEGgazGUM44="; - }) - - # compat fixes for glibc-2.36 - (fetchpatch { - url = "https://github.com/checkpoint-restore/criu/commit/8cd5fccd6cf3d03afb5abe463134d31f54d42258.patch"; - sha256 = "sha256-b65DdLmyIuZik0dNRuWJKUPcDFA6CKq0bi4Vd26zgS4="; - }) - (fetchpatch { - url = "https://github.com/checkpoint-restore/criu/commit/517c0947050e63aac72f63a3bf373d76264723b9.patch"; - sha256 = "sha256-MPZ6oILVoZ7BQEZFjUlp3RuMC7iKTKXAtrUDFqbN4T8="; - }) - ]; - enableParallelBuilding = true; depsBuildBuild = [ protobufc buildPackages.stdenv.cc ]; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/error-inject/default.nix b/nixpkgs/pkgs/os-specific/linux/error-inject/default.nix index f4a544172176..69b90169bda0 100644 --- a/nixpkgs/pkgs/os-specific/linux/error-inject/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/error-inject/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchgit +{ lib, stdenv, fetchzip , bison, flex, rasdaemon }: @@ -9,9 +9,8 @@ pname = "mce-inject"; version = "4cbe46321b4a81365ff3aafafe63967264dbfec5"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/utils/cpu/mce/mce-inject.git"; - rev = version; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/utils/cpu/mce/mce-inject.git/snapshot/mce-inject-${version}.tar.gz"; sha256 = "0gjapg2hrlxp8ssrnhvc19i3r1xpcnql7xv0zjgbv09zyha08g6z"; }; @@ -39,9 +38,8 @@ pname = "aer-inject"; version = "9bd5e2c7886fca72f139cd8402488a2235957d41"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/gong.chen/aer-inject.git"; - rev = version; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/gong.chen/aer-inject.git/snapshot/aer-inject-${version}.tar.gz"; sha256 = "0bh6mzpk2mr4xidkammmkfk21b4dbq793qjg25ryyxd1qv0c6cg4"; }; diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd-efi/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd-efi/default.nix index a8adefc63468..fbc1398cfb71 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/fwupd-efi/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/fwupd-efi/default.nix @@ -8,15 +8,16 @@ , ninja , gnu-efi , python3 +, python3Packages }: stdenv.mkDerivation rec { pname = "fwupd-efi"; - version = "1.3"; + version = "1.4"; src = fetchurl { url = "https://people.freedesktop.org/~hughsient/releases/${pname}-${version}.tar.xz"; - sha256 = "sha256-1Ys04TwhWYZ8ORJgr04kGO6/lI1I36sC6kcrVoP/r1k="; + sha256 = "sha256-J928Ck4yCVQ+q0nmnxoBTrntlfk/9R+WbzEILTt7/7w="; }; nativeBuildInputs = [ @@ -24,6 +25,7 @@ stdenv.mkDerivation rec { ninja pkg-config python3 + python3Packages.pefile ]; buildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix index a4bbd6d2bb6b..71a7cd9e947b 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/ipu6-camera-bins/default.nix @@ -4,26 +4,19 @@ , autoPatchelfHook , expat , zlib - -# Pick one of -# - ipu6 (Tiger Lake) -# - ipu6ep (Alder Lake) -, ipuVersion ? "ipu6" }: stdenv.mkDerivation (finalAttrs: { - pname = "${ipuVersion}-camera-bin"; - version = "unstable-2023-02-08"; + pname = "ipu6-camera-bins"; + version = "unstable-2023-10-26"; src = fetchFromGitHub { owner = "intel"; repo = "ipu6-camera-bins"; - rev = "276859fc6de83918a32727d676985ec40f31af2b"; - hash = "sha256-QnedM2UBbGyd2wIF762Mi+VkDZYtC6MifK4XGGxlUzw="; + rev = "af5ba0cb4a763569ac7514635013e9d870040bcf"; + hash = "sha256-y0pT5M7AKACbquQWLZPYpTPXRC5hipLNL61nhs+cst4="; }; - sourceRoot = "${finalAttrs.src.name}/${ipuVersion}"; - nativeBuildInputs = [ autoPatchelfHook stdenv.cc.cc.lib @@ -40,32 +33,20 @@ stdenv.mkDerivation (finalAttrs: { include \ $out/ - install -m 0644 -D ../LICENSE $out/share/doc/LICENSE + install -m 0644 -D LICENSE $out/share/doc/LICENSE runHook postInstall ''; postFixup = '' - for pcfile in $out/lib/pkgconfig/*.pc; do + for pcfile in $out/lib/*/pkgconfig/*.pc; do substituteInPlace $pcfile \ - --replace 'exec_prefix=/usr' 'exec_prefix=''${prefix}' \ - --replace 'prefix=/usr' "prefix=$out" \ - --replace 'libdir=/usr/lib' 'libdir=''${prefix}/lib' \ - --replace 'includedir=/usr/include' 'includedir=''${prefix}/include' + --replace 'prefix=/usr' "prefix=$out" done ''; - passthru = { - inherit ipuVersion; - }; - - meta = let - generation = { - ipu6 = "Tiger Lake"; - ipu6ep = "Alder Lake"; - }.${ipuVersion}; - in with lib; { - description = "${generation} IPU firmware and proprietary image processing libraries"; + meta = with lib; { + description = "IPU firmware and proprietary image processing libraries"; homepage = "https://github.com/intel/ipu6-camera-bins"; license = licenses.issl; sourceProvenance = with sourceTypes; [ diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix index fb2f940ddce6..1a90380838a9 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/ivsc-firmware/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation { pname = "ivsc-firmware"; - version = "unstable-2022-11-02"; + version = "unstable-2023-08-11"; src = fetchFromGitHub { owner = "intel"; repo = "ivsc-firmware"; - rev = "29c5eff4cdaf83e90ef2dcd2035a9cdff6343430"; - hash = "sha256-GuD1oTnDEs0HslJjXx26DkVQIe0eS+js4UoaTDa77ME="; + rev = "10c214fea5560060d387fbd2fb8a1af329cb6232"; + hash = "sha256-kEoA0yeGXuuB+jlMIhNm+SBljH+Ru7zt3PzGb+EPBPw="; }; dontBuild = true; diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix index ba042fc8b52f..e3a85f250cb6 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/linux-firmware/source.nix @@ -1,7 +1,7 @@ # This file is autogenerated! Run ./update.sh to regenerate. { - version = "20231211"; - revision = "20231211"; - sourceHash = "sha256-urJog0DDrJVZWsUpE4MHEQpcz7LB2vGJCcpPJKTko6k="; - outputHash = "sha256-slA0gfGR2a7002Kd46blHb9UNnMhMgaHxP91XWm8gOk="; + version = "20240115"; + revision = "20240115"; + sourceHash = "sha256-aiEYBqjUs48GaDKQ/0DRLm9cmfoWiaUKVGhdtfVlgjk="; + outputHash = "sha256-iOQGK1vE05Wcx17hbFJVEW8PcmkHGPcCmO5xZaVQRog="; } diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix index 428fbf9dc900..70f9d7a6c69e 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix @@ -2,22 +2,22 @@ stdenvNoCC.mkDerivation { pname = "raspberrypi-wireless-firmware"; - version = "unstable-2023-05-04"; + version = "unstable-2023-11-15"; srcs = [ (fetchFromGitHub { name = "bluez-firmware"; owner = "RPi-Distro"; repo = "bluez-firmware"; - rev = "9556b08ace2a1735127894642cc8ea6529c04c90"; - hash = "sha256-gKGK0XzNrws5REkKg/JP6SZx3KsJduu53SfH3Dichkc="; + rev = "d9d4741caba7314d6500f588b1eaa5ab387a4ff5"; + hash = "sha256-CjbZ3t3TW/iJ3+t9QKEtM9NdQU7SwcUCDYuTmFEwvhU="; }) (fetchFromGitHub { name = "firmware-nonfree"; owner = "RPi-Distro"; repo = "firmware-nonfree"; - rev = "2b465a10b04555b7f45b3acb85959c594922a3ce"; - hash = "sha256-9UgB8f2AaxG7S5Px46jOP9wUeO1VXKB0uJiPWh32oDI="; + rev = "88aa085bfa1a4650e1ccd88896f8343c22a24055"; + hash = "sha256-Yynww79LPPkau4YDSLI6IMOjH64nMpHUdGjnCfIR2+M="; }) ]; @@ -35,7 +35,7 @@ stdenvNoCC.mkDerivation { cp -rv "$NIX_BUILD_TOP/firmware-nonfree/debian/config/brcm80211/." "$out/lib/firmware/" # Bluetooth firmware - cp -rv "$NIX_BUILD_TOP/bluez-firmware/broadcom/." "$out/lib/firmware/brcm" + cp -rv "$NIX_BUILD_TOP/bluez-firmware/debian/firmware/broadcom/." "$out/lib/firmware/brcm" # brcmfmac43455-stdio.bin is a symlink to the non-existent path: ../cypress/cyfmac43455-stdio.bin. # See https://github.com/RPi-Distro/firmware-nonfree/issues/26 @@ -43,8 +43,6 @@ stdenvNoCC.mkDerivation { pushd $out/lib/firmware/brcm &>/dev/null # Symlinks for Zero 2W - ln -s "./brcmfmac43436-sdio.bin" "$out/lib/firmware/brcm/brcmfmac43430b0-sdio.raspberrypi,model-zero-2-w.bin" - ln -s "./brcmfmac43436-sdio.txt" "$out/lib/firmware/brcm/brcmfmac43430b0-sdio.raspberrypi,model-zero-2-w.txt" ln -s "./brcmfmac43436-sdio.clm_blob" "$out/lib/firmware/brcm/brcmfmac43430b0-sdio.clm_blob" popd &>/dev/null diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix index 46f05c4029b7..0aea94bca067 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/raspberrypi/default.nix @@ -3,13 +3,16 @@ stdenvNoCC.mkDerivation rec { # NOTE: this should be updated with linux_rpi pname = "raspberrypi-firmware"; - version = "1.20230405"; + # raspberrypi/firmware no longers tag the releases. However, since each commit + # on the stable branch corresponds to a tag in raspberrypi/linux repo, we + # assume they are cut together. + version = "stable_20231123"; src = fetchFromGitHub { owner = "raspberrypi"; repo = "firmware"; - rev = version; - hash = "sha256-UtUd1MbsrDFxd/1C3eOAMDKPZMx+kSMFYOJP+Kc6IU8="; + rev = "524247ac6d8b1f4ddd53730e978a70c76a320bd6"; + hash = "sha256-rESwkR7pc5MTwIZ8PaMUPXuzxfv+jVpdRp8ijvxHGcg="; }; installPhase = '' diff --git a/nixpkgs/pkgs/os-specific/linux/firmware/zd1211/default.nix b/nixpkgs/pkgs/os-specific/linux/firmware/zd1211/default.nix index 6b86277ebc6e..eb6276d36ac9 100644 --- a/nixpkgs/pkgs/os-specific/linux/firmware/zd1211/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/firmware/zd1211/default.nix @@ -16,7 +16,7 @@ stdenvNoCC.mkDerivation rec { runHook preInstall mkdir -p $out/lib/firmware/zd1211 - cp * $out/lib/firmware/zd1211 + cp zd1211* $out/lib/firmware/zd1211 runHook postInstall ''; @@ -24,7 +24,7 @@ stdenvNoCC.mkDerivation rec { meta = { description = "Firmware for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip"; homepage = "https://sourceforge.net/projects/zd1211/"; - license = "GPL"; + license = lib.licenses.gpl2; platforms = lib.platforms.linux; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/fnotifystat/default.nix b/nixpkgs/pkgs/os-specific/linux/fnotifystat/default.nix index fabfd47bca12..c943ce26f91e 100644 --- a/nixpkgs/pkgs/os-specific/linux/fnotifystat/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/fnotifystat/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "fnotifystat"; - version = "0.02.10"; + version = "0.02.11"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-bcb1kSpNZV7eTcEIcaoiqxB68kTc0TGFMIr1Aehy/Rc="; + hash = "sha256-CwjaDL5pt2HMUhq0Q3s6Ssp3jr9uwCdVhT1JzlKcQQw="; }; installFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/forkstat/default.nix b/nixpkgs/pkgs/os-specific/linux/forkstat/default.nix index c8a3276f5d81..c87c69c07708 100644 --- a/nixpkgs/pkgs/os-specific/linux/forkstat/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/forkstat/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "forkstat"; - version = "0.03.01"; + version = "0.03.02"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-T7O+PIWmFC4wi4nnmNsAH8H0SazixBoCx5ZdBV2wL+E="; + hash = "sha256-lwJIs5knNzkwgIkSdMSVVtrzqnxGy6uOTKsBDkS3xy4="; }; installFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/freeipa/default.nix b/nixpkgs/pkgs/os-specific/linux/freeipa/default.nix index 99d8527fc1d8..e94f6370da98 100644 --- a/nixpkgs/pkgs/os-specific/linux/freeipa/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/freeipa/default.nix @@ -64,11 +64,11 @@ let in stdenv.mkDerivation rec { pname = "freeipa"; - version = "4.11.0"; + version = "4.11.1"; src = fetchurl { url = "https://releases.pagure.org/freeipa/freeipa-${version}.tar.gz"; - sha256 = "sha256-l/e2Dq/ako41QWEZyJCD+PA44PzTnzC8B7jYAm/Tt6Q="; + sha256 = "sha256-Ubq2xAqBvjUwrzD2R6tB0i1WsdA0Y0jnJLgi4p4r8D4="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/fsverity-utils/default.nix b/nixpkgs/pkgs/os-specific/linux/fsverity-utils/default.nix index c5bed075338f..b0b6286c8cfa 100644 --- a/nixpkgs/pkgs/os-specific/linux/fsverity-utils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/fsverity-utils/default.nix @@ -1,6 +1,6 @@ { stdenv , lib -, fetchgit +, fetchzip , openssl , enableShared ? !stdenv.hostPlatform.isStatic , enableManpages ? false @@ -13,9 +13,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "lib" "dev" ] ++ lib.optional enableManpages "man"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git"; - rev = "v${version}"; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git/snapshot/fsverity-utils-v${version}.tar.gz"; sha256 = "sha256-ygBOkp2PBe8Z2ak6SXEJ6HHuT4NRKmIsbJDHcY+h8PQ="; }; @@ -42,7 +41,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#userspace-utility"; - changelog = "https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git/tree/NEWS.md"; + changelog = "https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git/tree/NEWS.md"; description = "A set of userspace utilities for fs-verity"; license = licenses.mit; maintainers = with maintainers; [ jk ]; diff --git a/nixpkgs/pkgs/os-specific/linux/health-check/default.nix b/nixpkgs/pkgs/os-specific/linux/health-check/default.nix index 9e85281ea4c0..4d1d634ff83d 100644 --- a/nixpkgs/pkgs/os-specific/linux/health-check/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/health-check/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "health-check"; - version = "0.03.11"; + version = "0.03.12"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-QLa/7kA0juefzOba7ELopDmOVfiGJReo4LCfhnxW1tk="; + hash = "sha256-LuUCs6GLaxI5ywv6dr8dlvAXfcLbr1t7y6s/pb6JDpg="; }; buildInputs = [ json_c libbsd ]; diff --git a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix index 3332699886c9..83dd82e6ab26 100644 --- a/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/hwdata/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hwdata"; - version = "0.376"; + version = "0.377-2"; src = fetchFromGitHub { owner = "vcrhonek"; repo = "hwdata"; rev = "v${version}"; - hash = "sha256-M1uBamN09XepOembDAcHXO/UvnM9s/OiN+eNzChF5Tw="; + hash = "sha256-Nh+EIsJ/98NnflndQeSgiV2iOC0icTEfgwAySPbG6Lo="; }; configureFlags = [ "--datadir=${placeholder "out"}/share" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/i2c-tools/default.nix b/nixpkgs/pkgs/os-specific/linux/i2c-tools/default.nix index 556bc2d89787..e682bb398f91 100644 --- a/nixpkgs/pkgs/os-specific/linux/i2c-tools/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/i2c-tools/default.nix @@ -1,6 +1,6 @@ { lib , stdenv -, fetchgit +, fetchzip , perl , read-edid }: @@ -9,9 +9,8 @@ stdenv.mkDerivation rec { pname = "i2c-tools"; version = "4.3"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git"; - rev = "v${version}"; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/snapshot/i2c-tools-v${version}.tar.gz"; sha256 = "sha256-HlmIocum+HZEKNiS5BUwEIswRfTMUhD1vCPibAuAK0Q="; }; diff --git a/nixpkgs/pkgs/os-specific/linux/iproute/default.nix b/nixpkgs/pkgs/os-specific/linux/iproute/default.nix index a86af7e6db26..1fae93c53251 100644 --- a/nixpkgs/pkgs/os-specific/linux/iproute/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "6.5.0"; + version = "6.6.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-pwF5CF+huW08M7BAyAm3XitXVjrcUFpK0F4mCd83NGM="; + hash = "sha256-hzjIBK/Qnwv3VpN/DD3iMReDKpjYy79QOGz1AFzWE84="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/ipu6-drivers/default.nix b/nixpkgs/pkgs/os-specific/linux/ipu6-drivers/default.nix index bc85ffd9aa32..fe9cb1da018c 100644 --- a/nixpkgs/pkgs/os-specific/linux/ipu6-drivers/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/ipu6-drivers/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation { pname = "ipu6-drivers"; - version = "unstable-2023-08-28"; + version = "unstable-2023-11-24"; src = fetchFromGitHub { owner = "intel"; repo = "ipu6-drivers"; - rev = "7c3d6ab1e9e234563a0af51286b0a8d60445f2a3"; - hash = "sha256-D782v6hIqAl2EO1+zKeakURD3UGVP3c7p3ba/61yfW4="; + rev = "07f0612eabfdc31df36f5e316a9eae115807804f"; + hash = "sha256-8JRZG6IKJT0qtoqJHm8641kSQMLc4Z+DRzK6FpL9Euk="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/iputils/default.nix b/nixpkgs/pkgs/os-specific/linux/iputils/default.nix index 8396fd5e3d33..56ac85fa0b7a 100644 --- a/nixpkgs/pkgs/os-specific/linux/iputils/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iputils/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "iputils"; - version = "20221126"; + version = "20231222"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - hash = "sha256-XVoQhdjBmEK8TbCpaKLjebPw7ZT8iEvyLJDTCkzezeE="; + hash = "sha256-/blxT6k79fgbxX8qCQuJMf7zDPwMjJUt7FCscaMXx6U="; }; outputs = [ "out" "apparmor" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/ivsc-driver/default.nix b/nixpkgs/pkgs/os-specific/linux/ivsc-driver/default.nix index 0491b1d548b4..72173de49baa 100644 --- a/nixpkgs/pkgs/os-specific/linux/ivsc-driver/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/ivsc-driver/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation { pname = "ivsc-driver"; - version = "unstable-2023-03-10"; + version = "unstable-2023-11-09"; src = fetchFromGitHub { owner = "intel"; repo = "ivsc-driver"; - rev = "c8db12b907e2e455d4d5586e5812d1ae0eebd571"; - hash = "sha256-OM9PljvaMKrk72BFeSCqaABFeAws+tOdd3oC2jyNreE="; + rev = "73a044d9633212fac54ea96cdd882ff5ab40573e"; + hash = "sha256-vE5pOtVqjiWovlUMSEoBKTk/qvs8K8T5oY2r7njh0wQ="; }; nativeBuildInputs = kernel.moduleBuildDependencies; diff --git a/nixpkgs/pkgs/os-specific/linux/iwd/default.nix b/nixpkgs/pkgs/os-specific/linux/iwd/default.nix index dab2f2290fc1..762678141bde 100644 --- a/nixpkgs/pkgs/os-specific/linux/iwd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/iwd/default.nix @@ -13,12 +13,12 @@ stdenv.mkDerivation rec { pname = "iwd"; - version = "2.12"; + version = "2.13"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - hash = "sha256-XlhzPEXYGmJvQ6ZfPK1nxbHibXLdNsDKhZ0UAIRmN6U="; + hash = "sha256-Nyp7Gm3JK6bLzAZxuEjxKnzAK/eAYUO5owMbG90WQ8E="; }; outputs = [ "out" "man" "doc" ] diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/README.md b/nixpkgs/pkgs/os-specific/linux/kernel/README.md index 92d5308e1c05..84fb05fc07a2 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/README.md +++ b/nixpkgs/pkgs/os-specific/linux/kernel/README.md @@ -4,23 +4,37 @@ 2. Add the new kernel to the `kernels` attribute set in [`linux-kernels.nix`](./linux-kernels.nix) (e.g., create an attribute `kernel_2_6_22`). -3. Update the kernel configuration. First unpack the kernel. Then for each supported platform (`i686`, `x86_64`, `uml`) do the following: +3. Update the kernel configuration: - 1. Make a copy from the old config (e.g., `config-2.6.21-i686-smp`) to the new one (e.g., `config-2.6.22-i686-smp`). + 1. While in the Nixpkgs repository, enter the development shell for that kernel: - 2. Copy the config file for this platform (e.g., `config-2.6.22-i686-smp`) to `.config` in the kernel source tree. + ```console + $ nix-shell -A linuxKernel.kernels.linux_2_6_22 + ``` - 3. Run `make oldconfig ARCH={i386,x86_64,um}` and answer all questions. (For the uml configuration, also add `SHELL=bash`.) Make sure to keep the configuration consistent between platforms (i.e., don’t enable some feature on `i686` and disable it on `x86_64`). + 2. Unpack the kernel: - 4. If needed, you can also run `make menuconfig`: + ```console + [nix-shell]$ pushd $(mktemp -d) + [nix-shell]$ unpackPhase + ``` - ```ShellSession - $ nix-env -f "<nixpkgs>" -iA ncurses - $ export NIX_CFLAGS_LINK=-lncurses - $ make menuconfig ARCH=arch - ``` + 3. For each supported platform (`i686`, `x86_64`, `uml`) do the following: - 5. Copy `.config` over the new config file (e.g., `config-2.6.22-i686-smp`). + 1. Make a copy from the old config (e.g., `config-2.6.21-i686-smp`) to the new one (e.g., `config-2.6.22-i686-smp`). + + 2. Copy the config file for this platform (e.g., `config-2.6.22-i686-smp`) to `.config` in the unpacked kernel source tree. + + 3. Run `make oldconfig ARCH={i386,x86_64,um}` and answer all questions. (For the uml configuration, also add `SHELL=bash`.) Make sure to keep the configuration consistent between platforms (i.e., don’t enable some feature on `i686` and disable it on `x86_64`). + + 4. If needed, you can also run `make menuconfig`: + + ```ShellSession + $ nix-shell -p ncurses pkg-config + $ make menuconfig ARCH=arch + ``` + + 5. Copy `.config` over the new config file (e.g., `config-2.6.22-i686-smp`). 4. Test building the kernel: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 06668abdccc7..2aacb88dc87e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -123,6 +123,7 @@ let }; optimization = { + X86_GENERIC = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; # Optimize with -O2, not -Os CC_OPTIMIZE_FOR_SIZE = no; }; @@ -296,6 +297,7 @@ let # At the time of writing (25-06-2023): this is only used in a "correct" way by ath drivers for initiating DFS radiation # for "certified devices" EXPERT = option yes; # this is needed for offering the certification option + RFKILL_INPUT = option yes; # counteract an undesired effect of setting EXPERT CFG80211_CERTIFICATION_ONUS = option yes; # DFS: "Dynamic Frequency Selection" is a spectrum-sharing mechanism that allows # you to use certain interesting frequency when your local regulatory domain mandates it. @@ -994,6 +996,9 @@ let # > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production. # https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html KUNIT = whenAtLeast "5.5" no; + + # Set system time from RTC on startup and resume + RTC_HCTOSYS = option yes; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { # Enable CPU/memory hotplug support # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index 3d95407fbe81..345d25e6e4c4 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,52 +2,52 @@ "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.303-hardened1.patch", - "sha256": "0bmf88vid8312rrdy4b1bnq4x2rhkiihp01b2j2jmpjbdsj2qbya", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.303-hardened1/linux-hardened-4.19.303-hardened1.patch" + "name": "linux-hardened-4.19.304-hardened1.patch", + "sha256": "0bv6abcx8sknhsnijs176yq7q2mgrlyrv5xysnxa0l6wqpl2gqif", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.304-hardened1/linux-hardened-4.19.304-hardened1.patch" }, - "sha256": "0dlbl47xs7z4yf9cxbxqzd7zs1f9070jr6ck231wgppa6lwwwb82", - "version": "4.19.303" + "sha256": "165mljr8v1cf4vf4a4b44hx089rprkssvi2azq5wbxxg3basbind", + "version": "4.19.304" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.205-hardened1.patch", - "sha256": "0viz1pybmh8vld40s2gh73a63743c3v7g2dbrsbqqjkh8xvn28zk", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.205-hardened1/linux-hardened-5.10.205-hardened1.patch" + "name": "linux-hardened-5.10.206-hardened1.patch", + "sha256": "14xmp28grpwpgrsg88bnv164kk54k6akw5jydrs8447mqfyw7sqr", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.206-hardened1/linux-hardened-5.10.206-hardened1.patch" }, - "sha256": "0qw8g0h4k0b4dyvspbj51cwr68ihwjzsi2b2261ipy3l1nl1fln5", - "version": "5.10.205" + "sha256": "0ns8qxcrxj9i76b93xcghl002l8vbkg7ksd435sikig62qr62gf4", + "version": "5.10.206" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.145-hardened1.patch", - "sha256": "0jip4c7r41a3nzgv6zzrkjg4flb0ri6ar60l246ixzyp9sv19x9r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.145-hardened1/linux-hardened-5.15.145-hardened1.patch" + "name": "linux-hardened-5.15.146-hardened1.patch", + "sha256": "0cd8gzixkc89n647g108f9r9dn8a3vw9ajdh4g7w7bq6vq71gglj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.146-hardened1/linux-hardened-5.15.146-hardened1.patch" }, - "sha256": "086nssif66s86wkixz4yb7xilz1k49g32l0ib28r8fjzc23rv95j", - "version": "5.15.145" + "sha256": "14nijbspmzd4r38l8cpl4vn9dhawzcfnhyc0gnaxl2m8l9gpm02s", + "version": "5.15.146" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.265-hardened1.patch", - "sha256": "17bs86fxv5l1dm0knvcnj5940r06pq41gd3fp71rn1p1kwk622y3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.265-hardened1/linux-hardened-5.4.265-hardened1.patch" + "name": "linux-hardened-5.4.266-hardened1.patch", + "sha256": "1gbyxz788j5lirjc62b56didnwq5s69cfindzndsj1r5wm0hknp4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.266-hardened1/linux-hardened-5.4.266-hardened1.patch" }, - "sha256": "05cvvwjiznn7hfd02qklklalg0chahvh5v18w64lcva6kzj9kbjd", - "version": "5.4.265" + "sha256": "1dmcn9i3nvf1gldm1a32gnl5ybwbk2lizb3wa4gc06g7dxz2y1ys", + "version": "5.4.266" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.69-hardened1.patch", - "sha256": "1dbwnf6bsxl9m03cngfpf3yb95j719r46dy9x8al59d9p8k0h9bn", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.69-hardened1/linux-hardened-6.1.69-hardened1.patch" + "name": "linux-hardened-6.1.72-hardened1.patch", + "sha256": "0zp6i44y3fi2xsk4jbwhk8w688ci34p5ymmk3kkb8s1cvhqzgddy", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.72-hardened1/linux-hardened-6.1.72-hardened1.patch" }, - "sha256": "0hdm28k49kmy9r96hckps0bvvaq9m06l72n8ih305rccs6a2cgby", - "version": "6.1.69" + "sha256": "09h9kzv2xfrn369ynl09dfnjl9025b9vpkcxg75gyp63fy8fdp4q", + "version": "6.1.72" }, "6.5": { "patch": { @@ -62,11 +62,11 @@ "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.8-hardened1.patch", - "sha256": "0mjrp3bxvb1pprc5v2grxk1r3ifldch35lqsxyky1nvlzhphhgb9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.8-hardened1/linux-hardened-6.6.8-hardened1.patch" + "name": "linux-hardened-6.6.11-hardened1.patch", + "sha256": "07l4fvc115iqiwbaq916g1l1jpmcg8injr5z5dx6jp2h635w72n3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.11-hardened1/linux-hardened-6.6.11-hardened1.patch" }, - "sha256": "05i4ayj9wyjkd1s8ixx7bxwcyagqyx8rhj1zvbc3cjqyw4sc8djh", - "version": "6.6.8" + "sha256": "0lhyczcj1fhh52fjf06ikp5yh7kxc1qymsw44rv6v25vc6kfbqmg", + "version": "6.6.11" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json index 836d1a359589..197b5d638861 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/kernels-org.json @@ -8,27 +8,31 @@ "hash": "sha256:1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq" }, "6.1": { - "version": "6.1.71", - "hash": "sha256:0hghnwsa282js9hy4krhdbgrb4khjzslr05zgvjx9zzragfp9xrd" + "version": "6.1.73", + "hash": "sha256:11vyblm4nkjncdi3akcyizw7jkyxsqn2mjixc51f7kgiddq4ibbc" }, "5.15": { - "version": "5.15.146", - "hash": "sha256:14nijbspmzd4r38l8cpl4vn9dhawzcfnhyc0gnaxl2m8l9gpm02s" + "version": "5.15.147", + "hash": "sha256:1m7wznqiakarpar4a0nbwxql0hkvds0s79zx3r1xn0fj4mbfdhan" }, "5.10": { - "version": "5.10.206", - "hash": "sha256:0ns8qxcrxj9i76b93xcghl002l8vbkg7ksd435sikig62qr62gf4" + "version": "5.10.208", + "hash": "sha256:0vpvy47cmcinhs76cjl2n81zrlhbqgpi4v29izn2hzsl15x189ch" }, "5.4": { - "version": "5.4.265", - "hash": "sha256:05cvvwjiznn7hfd02qklklalg0chahvh5v18w64lcva6kzj9kbjd" + "version": "5.4.267", + "hash": "sha256:0hqw8ww7y9mjrh1wgdkiwk8llxpf4lxwmsmzxm8j4l615kpqvlj2" }, "4.19": { - "version": "4.19.303", - "hash": "sha256:0dlbl47xs7z4yf9cxbxqzd7zs1f9070jr6ck231wgppa6lwwwb82" + "version": "4.19.305", + "hash": "sha256:1s6srmhd3visqchshg566c7gq5wnxr3m74854kxksqhhfif450ns" }, "6.6": { - "version": "6.6.10", - "hash": "sha256:0v2l0l90w7scv7bxkxxjgqnay0fjh678k9gdlgycgbh9q7j2grly" + "version": "6.6.12", + "hash": "sha256:01a6czk6xz9syxvkb2yhbn3vypqy2mnjq7ni84x4nklw7n6frmqz" + }, + "6.7": { + "version": "6.7", + "hash": "sha256:0s8hbcsg7fdvspqam8kzcxygjsznr4zfi60nqgc81l3n4m518cgg" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix index b41551b24593..05b18383303f 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19459"; - sha256 = "12qx165i6dp9mrsbmizw6ynyxwvq11dmwz00xgy5qgr4ag3y4z4c"; + rev = "19473"; + sha256 = "0k9pgjg6k9j00x4m3g6chnhgznr5r1yyqd9x8q7a9q9j88vygszs"; } , ... }: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix index 1bea61975297..ee6516045470 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rpi.nix @@ -2,8 +2,8 @@ let # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this - modDirVersion = "6.1.21"; - tag = "1.20230405"; + modDirVersion = "6.1.63"; + tag = "stable_20231123"; in lib.overrideDerivation (buildLinux (args // { version = "${modDirVersion}-${tag}"; @@ -13,7 +13,7 @@ lib.overrideDerivation (buildLinux (args // { owner = "raspberrypi"; repo = "linux"; rev = tag; - hash = "sha256-ILwecHZ1BN6GhZAUB6/UwiN/rZ8gHndKON6DUhidtxI="; + hash = "sha256-4Rc57y70LmRFwDnOD4rHoHGmfxD9zYEAwYm9Wvyb3no="; }; defconfig = { diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index a8b13179c2f8..bf163701f331 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -6,14 +6,14 @@ let # NOTE: When updating these, please also take a look at the changes done to # kernel config in the xanmod version commit ltsVariant = { - version = "6.1.70"; - hash = "sha256-SXXg0fIfqtOwjRC0m963rbB5J42T+Q/1iB5ombtLn0s="; + version = "6.1.72"; + hash = "sha256-S8Ilrce7xQb549NPIBRIMMIng4xY77Hbq58rE5LOow8="; variant = "lts"; }; mainVariant = { - version = "6.6.9"; - hash = "sha256-ugcmPGnOHRfkNu15v0hX56TPt9LN4B73yzwByaKvLUQ="; + version = "6.6.10"; + hash = "sha256-5BymQhVWMHg4zlQIPxf40JQI9iSWQqTZfbDd6+G3RsQ="; variant = "main"; }; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix index 526533e44222..40538920d100 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.6.10"; #zen - suffix = "zen1"; #zen - sha256 = "1hhy5jp1s65vpvrw9xylx3xl7mmagzmm5r9bq81hvvr7bhf754ny"; #zen + version = "6.7"; #zen + suffix = "zen3"; #zen + sha256 = "0iflyip1a70i7bhll5bpls513g3q1hwsi1irm42rmjsysh4fb188"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "6.6.10"; #lqx + version = "6.6.12"; #lqx suffix = "lqx1"; #lqx - sha256 = "1rfia3cbs81gjvr8r1w4kgi3ghr3plqyzaiglifbdr1zkxjias44"; #lqx + sha256 = "13wj7w66mrkabf7f03svq8x9dqy7w3dnh9jqpkr2hdkd6l2nf6c3"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { diff --git a/nixpkgs/pkgs/os-specific/linux/kmod-blacklist-ubuntu/default.nix b/nixpkgs/pkgs/os-specific/linux/kmod-blacklist-ubuntu/default.nix index 3964538a4096..464b77ce969e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kmod-blacklist-ubuntu/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kmod-blacklist-ubuntu/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchurl }: let - version = "28-1ubuntu4"; # impish 2021-06-24 + version = "30+20230519-1ubuntu3"; # mantic 2023-08-26 in stdenv.mkDerivation { pname = "kmod-blacklist"; @@ -9,7 +9,7 @@ in stdenv.mkDerivation { src = fetchurl { url = "https://launchpad.net/ubuntu/+archive/primary/+files/kmod_${version}.debian.tar.xz"; - sha256 = "sha256-K8tWpaLmCm3Jcxw3OZ+D7Koiug7epooRn1YMfqjGAiw="; + hash = "sha256-VGw1/rUjl9/j6026ut0dvC0/8maAAz8umb0D3YGf8p4="; }; installPhase = '' @@ -22,7 +22,6 @@ in stdenv.mkDerivation { done substituteInPlace "$out"/modprobe.conf \ - --replace "blacklist bochs-drm" "" \ --replace /sbin/lsmod /run/booted-system/sw/bin/lsmod \ --replace /sbin/rmmod /run/booted-system/sw/bin/rmmod \ --replace /sbin/modprobe /run/booted-system/sw/bin/modprobe \ diff --git a/nixpkgs/pkgs/os-specific/linux/kmod-debian-aliases/default.nix b/nixpkgs/pkgs/os-specific/linux/kmod-debian-aliases/default.nix index 15f7251f9961..a4474f7c08fa 100644 --- a/nixpkgs/pkgs/os-specific/linux/kmod-debian-aliases/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kmod-debian-aliases/default.nix @@ -2,16 +2,15 @@ stdenv.mkDerivation rec { pname = "kmod-debian-aliases.conf"; - version = "22-1.1"; + version = "30+20230601-2"; src = fetchurl { - url = "https://snapshot.debian.org/archive/debian/20160404T220610Z/pool/main/k/kmod/kmod_${version}.debian.tar.xz"; - sha256 = "0daap2n4bvjqcnksaayy6csmdb1px4r02w3xp36bcp6w3lbnqamh"; + url = "https://snapshot.debian.org/archive/debian/20231117T085632Z/pool/main/k/kmod/kmod_${version}.debian.tar.xz"; + hash = "sha256-xJMGKht8hu0aQjN9TER87Rv5EYkVMeDfX/jJ8+UjAqM="; }; installPhase = '' - patch -i patches/aliases_conf - cp aliases.conf $out + cp extra/aliases.conf $out ''; meta = with lib; { diff --git a/nixpkgs/pkgs/os-specific/linux/kmscube/default.nix b/nixpkgs/pkgs/os-specific/linux/kmscube/default.nix index b9da37901700..a416e2aa14bd 100644 --- a/nixpkgs/pkgs/os-specific/linux/kmscube/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kmscube/default.nix @@ -1,26 +1,27 @@ -{ lib, stdenv, fetchgit, fetchpatch, autoreconfHook, libdrm, libX11, libGL, mesa, pkg-config }: +{ lib, stdenv, fetchFromGitLab, meson, ninja, libdrm, libX11, libGL, mesa, pkg-config, gst_all_1 }: stdenv.mkDerivation { pname = "kmscube"; - version = "unstable-2018-06-17"; + version = "unstable-2023-09-25"; - src = fetchgit { - url = "git://anongit.freedesktop.org/mesa/kmscube"; - rev = "9dcce71e603616ee7a54707e932f962cdf8fb20a"; - sha256 = "1q5b5yvyfj3127385mp1bfmcbnpnbdswdk8gspp7g4541xk4k933"; + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "mesa"; + repo = "kmscube"; + rev = "96d63eb59e34c647cda1cbb489265f8c536ae055"; + hash = "sha256-kpnn4JBNvwatrcCF/RGk/fQ7qiKD26iLBr9ovDmAKBo="; }; - patches = [ - # Pull upstream patch for -fno-common toolchains. - (fetchpatch { - name = "fno-common.patch"; - url = "https://gitlab.freedesktop.org/mesa/kmscube/-/commit/908ef39864442c0807954af5d3f88a3da1a6f8a5.patch"; - sha256 = "1gxn3b50mvjlc25234839v5z29r8fd9di4176a3yx4gbsz8cc5vi"; - }) - ]; - - nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ libdrm libX11 libGL mesa ]; + nativeBuildInputs = [ meson pkg-config ninja ]; + buildInputs = [ + libdrm + libX11 + libGL + mesa + ] ++ (with gst_all_1; [ + gstreamer + gst-plugins-base + ]); meta = with lib; { description = "Example OpenGL app using KMS/GBM"; diff --git a/nixpkgs/pkgs/os-specific/linux/ksmbd-tools/default.nix b/nixpkgs/pkgs/os-specific/linux/ksmbd-tools/default.nix index edb9ce3fb8b7..dd429b295990 100644 --- a/nixpkgs/pkgs/os-specific/linux/ksmbd-tools/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/ksmbd-tools/default.nix @@ -28,6 +28,7 @@ stdenv.mkDerivation rec { patches = [ ./0001-skip-installing-example-configuration.patch ]; mesonFlags = [ "-Drundir=/run" + "-Dsystemdsystemunitdir=lib/systemd/system" "--sysconfdir /etc" ]; diff --git a/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix b/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix index 51f6ea471a6a..995bfba34a7f 100644 --- a/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libbpf/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "libbpf"; - version = "1.2.2"; + version = "1.3.0"; src = fetchFromGitHub { owner = "libbpf"; repo = "libbpf"; rev = "v${version}"; - sha256 = "sha256-SDDdz2HKEfzHloLkb0sv5ldTo+1yJDVc9O7nj4Cjznk="; + sha256 = "sha256-wVCBLJK9nlS1N9/DrQtogoZmgWW4ECqInSeQTjUFhcY="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/nixpkgs/pkgs/os-specific/linux/libnl/default.nix b/nixpkgs/pkgs/os-specific/linux/libnl/default.nix index 5248c263b3b2..68f4ee20df88 100644 --- a/nixpkgs/pkgs/os-specific/linux/libnl/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libnl/default.nix @@ -1,23 +1,48 @@ -{ stdenv, file, lib, fetchFromGitHub, autoreconfHook, bison, flex, pkg-config -, pythonSupport ? false, swig ? null, python ? null}: +{ stdenv +, file +, lib +, fetchFromGitHub +, autoreconfHook +, bison +, flex +, pkg-config +, doxygen +, graphviz +, mscgen +, asciidoc +, sourceHighlight +, pythonSupport ? false +, swig ? null +, python ? null +}: stdenv.mkDerivation rec { pname = "libnl"; - version = "3.7.0"; + version = "3.8.0"; src = fetchFromGitHub { repo = "libnl"; owner = "thom311"; rev = "libnl${lib.replaceStrings ["."] ["_"] version}"; - sha256 = "sha256-Ty9NdWKWB29MTRfG5OJlSE0mSTN3Wy+sR4KtuExXcB4="; + hash = "sha256-zVpoRlB5xDfo6wJkCJGGptuCXkNkriudtZF2Job9YD4="; }; outputs = [ "bin" "dev" "out" "man" ] ++ lib.optional pythonSupport "py"; enableParallelBuilding = true; - nativeBuildInputs = [ autoreconfHook bison flex pkg-config file ] - ++ lib.optional pythonSupport swig; + nativeBuildInputs = [ + autoreconfHook + bison + flex + pkg-config + file + doxygen + graphviz + mscgen + asciidoc + sourceHighlight + ] ++ lib.optional pythonSupport swig; postBuild = lib.optionalString (pythonSupport) '' cd python diff --git a/nixpkgs/pkgs/os-specific/linux/libtraceevent/default.nix b/nixpkgs/pkgs/os-specific/linux/libtraceevent/default.nix index 74d7ce3a9153..6571c46eb680 100644 --- a/nixpkgs/pkgs/os-specific/linux/libtraceevent/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libtraceevent/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "libtraceevent"; - version = "1.8.1"; + version = "1.8.2"; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git"; rev = "libtraceevent-${version}"; - hash = "sha256-zib2IrgtaDGDEO/2Kp9ytHuceW/7slRPDUClYgqemOE="; + hash = "sha256-2oa3pR8DOPaeHcoqcLX00ihx1lpXablnsf0IZR2sOm8="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/libtracefs/default.nix b/nixpkgs/pkgs/os-specific/linux/libtracefs/default.nix index 3e9c9115645d..2432a28e0c7b 100644 --- a/nixpkgs/pkgs/os-specific/linux/libtracefs/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/libtracefs/default.nix @@ -1,6 +1,6 @@ { lib , stdenv -, fetchgit +, fetchzip , pkg-config , libtraceevent , asciidoc @@ -21,10 +21,9 @@ stdenv.mkDerivation rec { pname = "libtracefs"; version = "1.7.0"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git"; - rev = "libtracefs-${version}"; - sha256 = "sha256-64eXFFdnZHHf4C3vbADtPuIMsfJ85VZ6t8A1gIc1CW0="; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/snapshot/libtracefs-libtracefs-${version}.tar.gz"; + hash = "sha256-64eXFFdnZHHf4C3vbADtPuIMsfJ85VZ6t8A1gIc1CW0="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/mingetty/default.nix b/nixpkgs/pkgs/os-specific/linux/mingetty/default.nix index eb58dc553676..eff1bf50a361 100644 --- a/nixpkgs/pkgs/os-specific/linux/mingetty/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/mingetty/default.nix @@ -9,9 +9,14 @@ stdenv.mkDerivation rec { sha256 = "05yxrp44ky2kg6qknk1ih0kvwkgbn9fbz77r3vci7agslh5wjm8g"; }; + makeFlags = [ + "CC:=$(CC)" + "SBINDIR=${placeholder "out"}/sbin" + "MANDIR=${placeholder "out"}/share/man/man8" + ]; + preInstall = '' mkdir -p $out/sbin $out/share/man/man8 - makeFlagsArray=(SBINDIR=$out/sbin MANDIR=$out/share/man/man8) ''; meta = with lib; { diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix index 6c150b1b8cdb..9a7cca68bfd7 100644 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/default.nix @@ -38,6 +38,7 @@ substituteAll { install-bootloader = nixosTests.nixos-rebuild-install-bootloader; simple-installer = nixosTests.installer.simple; specialisations = nixosTests.nixos-rebuild-specialisations; + target-host = nixosTests.nixos-rebuild-target-host; }; meta = { diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 index 9eca8163feda..8df05f9310f2 100644 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 @@ -363,11 +363,9 @@ is also set. This is useful when the target-host connection to cache.nixos.org is faster than the connection between hosts. . .It Fl -use-remote-sudo -When set, nixos-rebuild prefixes remote commands that run on the -.Fl -build-host -and +When set, nixos-rebuild prefixes activation commands that run on the .Fl -target-host -systems with +system with .Ic sudo Ns \&. Setting this option allows deploying as a non-root user. . diff --git a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index f9bda1a64b62..006b5db6320c 100755 --- a/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/nixpkgs/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -157,8 +157,10 @@ while [ "$#" -gt 0 ]; do esac done -if [[ -n "$SUDO_USER" || -n $remoteSudo ]]; then - maybeSudo=(sudo --preserve-env="$preservedSudoVars" --) +sudoCommand=(sudo --preserve-env="$preservedSudoVars" --) + +if [[ -n "$SUDO_USER" ]]; then + useSudo=1 fi # log the given argument to stderr if verbose mode is on @@ -175,20 +177,44 @@ runCmd() { } buildHostCmd() { + local c + if [[ "${useSudo:-x}" = 1 ]]; then + c=("${sudoCommand[@]}") + else + c=() + fi + if [ -z "$buildHost" ]; then runCmd "$@" elif [ -n "$remoteNix" ]; then - runCmd ssh $SSHOPTS "$buildHost" "${maybeSudo[@]}" env PATH="$remoteNix":'$PATH' "$@" + runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" env PATH="$remoteNix":'$PATH' "$@" else - runCmd ssh $SSHOPTS "$buildHost" "${maybeSudo[@]}" "$@" + runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" "$@" fi } targetHostCmd() { + local c + if [[ "${useSudo:-x}" = 1 ]]; then + c=("${sudoCommand[@]}") + else + c=() + fi + if [ -z "$targetHost" ]; then - runCmd "${maybeSudo[@]}" "$@" + runCmd "${c[@]}" "$@" + else + runCmd ssh $SSHOPTS "$targetHost" "${c[@]}" "$@" + fi +} + +targetHostSudoCmd() { + if [ -n "$remoteSudo" ]; then + useSudo=1 SSHOPTS="$SSHOPTS -t" targetHostCmd "$@" else - runCmd ssh $SSHOPTS "$targetHost" "${maybeSudo[@]}" "$@" + # While a tty might not be necessary, we apply it to be consistent with + # sudo usage, and an experience that is more consistent with local deployment. + SSHOPTS="$SSHOPTS -t" targetHostCmd "$@" fi } @@ -667,7 +693,7 @@ if [ -z "$rollback" ]; then pathToConfig="$(nixFlakeBuild "$flake#$flakeAttr.config.system.build.toplevel" "${extraBuildFlags[@]}" "${lockFlags[@]}")" fi copyToTarget "$pathToConfig" - targetHostCmd nix-env -p "$profile" --set "$pathToConfig" + targetHostSudoCmd nix-env -p "$profile" --set "$pathToConfig" elif [[ "$action" = test || "$action" = build || "$action" = dry-build || "$action" = dry-activate ]]; then if [[ -z $flake ]]; then pathToConfig="$(nixBuild '<nixpkgs/nixos>' -A system -k "${extraBuildFlags[@]}")" @@ -695,7 +721,7 @@ if [ -z "$rollback" ]; then fi else # [ -n "$rollback" ] if [[ "$action" = switch || "$action" = boot ]]; then - targetHostCmd nix-env --rollback -p "$profile" + targetHostSudoCmd nix-env --rollback -p "$profile" pathToConfig="$profile" elif [[ "$action" = test || "$action" = build ]]; then systemNumber=$( @@ -740,7 +766,7 @@ if [[ "$action" = switch || "$action" = boot || "$action" = test || "$action" = if [[ -n "$NIXOS_SWITCH_USE_DIRTY_ENV" ]]; then log "warning: skipping systemd-run since NIXOS_SWITCH_USE_DIRTY_ENV is set. This environment variable will be ignored in the future" cmd=() - elif ! targetHostCmd "${cmd[@]}" true &>/dev/null; then + elif ! targetHostSudoCmd "${cmd[@]}" true; then logVerbose "Skipping systemd-run to switch configuration since it is not working in target host." cmd=( "env" @@ -762,7 +788,7 @@ if [[ "$action" = switch || "$action" = boot || "$action" = test || "$action" = fi fi - if ! targetHostCmd "${cmd[@]}" "$action"; then + if ! targetHostSudoCmd "${cmd[@]}" "$action"; then log "warning: error(s) occurred while switching to the new configuration" exit 1 fi diff --git a/nixpkgs/pkgs/os-specific/linux/nss_ldap/default.nix b/nixpkgs/pkgs/os-specific/linux/nss_ldap/default.nix index 23bc8ff0dfad..7366932d1e67 100644 --- a/nixpkgs/pkgs/os-specific/linux/nss_ldap/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nss_ldap/default.nix @@ -29,7 +29,13 @@ stdenv.mkDerivation rec { mkdir -p $out/etc ''; - buildInputs = [ openldap perl ]; + nativeBuildInputs = [ + perl # shebang of vers_string + ]; + + buildInputs = [ + openldap + ]; meta = with lib; { description = "LDAP module for the Solaris Nameservice Switch (NSS)"; diff --git a/nixpkgs/pkgs/os-specific/linux/numactl/default.nix b/nixpkgs/pkgs/os-specific/linux/numactl/default.nix index 998b7d052b35..a65d4ed041b4 100644 --- a/nixpkgs/pkgs/os-specific/linux/numactl/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/numactl/default.nix @@ -19,8 +19,6 @@ stdenv.mkDerivation rec { patchShebangs test ''; - LDFLAGS = lib.optionalString stdenv.hostPlatform.isRiscV "-latomic"; - # You probably shouldn't ever run these! They will reconfigure Linux # NUMA settings, which on my build machine makes the rest of package # building ~5% slower until reboot. Ugh! diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix index 1b3847a0aad8..bd57c19db335 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -27,12 +27,12 @@ rec { stable = if stdenv.hostPlatform.system == "i686-linux" then legacy_390 else latest; production = generic { - version = "535.146.02"; - sha256_64bit = "sha256-Sf0cyeRFyYspP3xm82vs/hLMwd6WDf/z8dyWujqcv3A="; - sha256_aarch64 = "sha256-8G0oNdaVWxIGwVaQSw/cojy4TIAuiUBF3B98BI4hEec="; - openSha256 = "sha256-Oyllcy3uYYK912CIusMwjKKHtMgoyOxpZWQQ8hIycuk="; - settingsSha256 = "sha256-IrN2NaPrZSN0sCZqYNJ43iCicX3ziwUgyLLSRzp9sHQ="; - persistencedSha256 = "sha256-trIddaTgKXszEJunK+t6D+e3HbLDTfAsitdEYRgwRNQ="; + version = "535.154.05"; + sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg="; + sha256_aarch64 = "sha256-G0/GiObf/BZMkzzET8HQjdIcvCSqB1uhsinro2HLK9k="; + openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo="; + settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10="; + persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE="; }; latest = selectHighestVersion production (generic { diff --git a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix index d9865f00d22c..11122d58ac80 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvidia-x11/fabricmanager.nix @@ -16,7 +16,6 @@ stdenv.mkDerivation rec { "${sys}/${pname}-${sys}-${fmver}-archive.tar.xz"; inherit sha256; }; - phases = [ "unpackPhase" "installPhase" ]; installPhase = '' find . diff --git a/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix b/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix index d10900d3958a..b7e94d3938aa 100644 --- a/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/nvme-cli/default.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation rec { pname = "nvme-cli"; - version = "2.7"; + version = "2.7.1"; src = fetchFromGitHub { owner = "linux-nvme"; repo = "nvme-cli"; rev = "v${version}"; - hash = "sha256-qijzXucNE+M8fOEtNaoQYX41HeJOMtg/cJFCUJyS6Ew="; + hash = "sha256-Gm+1tb/Nh+Yg2PgSUn/1hR4CZYnfTWRwcQU0A8UeQwI="; }; mesonFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/otpw/default.nix b/nixpkgs/pkgs/os-specific/linux/otpw/default.nix index 6c53bf16efc1..c379c149a358 100644 --- a/nixpkgs/pkgs/os-specific/linux/otpw/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/otpw/default.nix @@ -1,20 +1,38 @@ -{ lib, stdenv, fetchurl, pam, libxcrypt }: +{ lib +, stdenv +, coreutils +, fetchurl +, libxcrypt +, pam +, procps +, unixtools +, util-linux +}: stdenv.mkDerivation rec { pname = "otpw"; - version = "1.3"; + version = "1.5"; src = fetchurl { url = "https://www.cl.cam.ac.uk/~mgk25/download/otpw-${version}.tar.gz"; - sha256 = "1k3hc7xbxz6hkc55kvddi3cibafwf93ivn58sy1l888d3l5dwmrk"; + hash = "sha256-mKyjimHHcTZ3uW8kQmynBTSAwP0HfZGx6ZvJ+SzLgyo="; }; patchPhase = '' sed -i 's/^CFLAGS.*/CFLAGS=-O2 -fPIC/' Makefile - sed -i -e 's,PATH=.*;,,' conf.h - sed -i -e '/ENTROPY_ENV/d' otpw-gen.c + substituteInPlace otpw-gen.c \ + --replace "head -c 20 /dev/urandom 2>&1" "${coreutils}/bin/head -c 20 /dev/urandom 2>&1" \ + --replace "ls -lu /etc/. /tmp/. / /usr/. /bin/. /usr/bin/." "${coreutils}/bin/ls -lu /etc/. /tmp/. / /usr/. /bin/. /usr/bin/." \ + --replace "PATH=/usr/ucb:/bin:/usr/bin;ps lax" "PATH=/usr/ucb:/bin:/usr/bin;${unixtools.procps}/bin/ps lax" \ + --replace "last | head -50" "${util-linux}/bin/last | ${coreutils}/bin/head -50" \ + --replace "uptime;netstat -n;hostname;date;w" "${coreutils}/bin/uptime; ${unixtools.nettools}/bin/netstat -n; ${unixtools.nettools}/bin/hostname; ${coreutils}/bin/date; ${procps}/bin/w" ''; + buildInputs = [ + libxcrypt + pam + ]; + installPhase = '' mkdir -p $out/bin $out/lib/security $out/share/man/man{1,8} cp pam_*.so $out/lib/security @@ -23,14 +41,15 @@ stdenv.mkDerivation rec { cp *.8 $out/share/man/man8 ''; - buildInputs = [ pam libxcrypt ]; - - hardeningDisable = [ "stackprotector" ]; + hardeningDisable = [ + "stackprotector" + ]; - meta = { - homepage = "http://www.cl.cam.ac.uk/~mgk25/otpw.html"; + meta = with lib; { description = "A one-time password login package"; - license = lib.licenses.gpl2Plus; - platforms = lib.platforms.linux; + homepage = "http://www.cl.cam.ac.uk/~mgk25/otpw.html"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ]; + platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix b/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix index 90f400defc2d..02245a108611 100644 --- a/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/plymouth/default.nix @@ -2,6 +2,7 @@ , stdenv , fetchFromGitLab , writeText +, substituteAll , meson , pkg-config , ninja @@ -16,11 +17,12 @@ , pango , systemd , xorg +, fontconfig }: stdenv.mkDerivation (finalAttrs: { pname = "plymouth"; - version = "23.360.11"; + version = "24.004.60"; outputs = [ "out" "dev" ]; @@ -29,7 +31,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "plymouth"; repo = "plymouth"; rev = finalAttrs.version; - hash = "sha256-Uun4KtrbkFCiGq3WpZlZ8NKKCOnM+jcgYa8qoqAYdaw="; + hash = "sha256-9JmZCm8bjteJTQrMSJeL4x2CAI6RpKowFUDSCcMS4MM="; }; patches = [ @@ -37,6 +39,11 @@ stdenv.mkDerivation (finalAttrs: { ./dont-create-broken-symlink.patch # add support for loading plugins from /run to assist NixOS module ./add-runtime-plugin-path.patch + # fix FHS hardcoded paths + (substituteAll { + src = ./fix-paths.patch; + fcmatch = "${fontconfig}/bin/fc-match"; + }) ]; strictDeps = true; diff --git a/nixpkgs/pkgs/os-specific/linux/plymouth/fix-paths.patch b/nixpkgs/pkgs/os-specific/linux/plymouth/fix-paths.patch new file mode 100644 index 000000000000..5f930403f8ac --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/plymouth/fix-paths.patch @@ -0,0 +1,21 @@ +diff --git a/src/plugins/controls/label-freetype/plugin.c b/src/plugins/controls/label-freetype/plugin.c +index 917b04c0..83f2bec2 100644 +--- a/src/plugins/controls/label-freetype/plugin.c ++++ b/src/plugins/controls/label-freetype/plugin.c +@@ -127,7 +127,7 @@ find_default_font_path (void) + FILE *fp; + static char fc_match_out[PATH_MAX]; + +- fp = popen ("/usr/bin/fc-match -f %{file}", "r"); ++ fp = popen ("@fcmatch@ -f %{file}", "r"); + if (!fp) + return FONT_FALLBACK; + +@@ -144,7 +144,7 @@ find_default_monospace_font_path (void) + FILE *fp; + static char fc_match_out[PATH_MAX]; + +- fp = popen ("/usr/bin/fc-match -f %{file} monospace", "r"); ++ fp = popen ("@fcmatch@ -f %{file} monospace", "r"); + if (!fp) + return MONOSPACE_FONT_FALLBACK; diff --git a/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix b/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix index 884b2d0e01cd..7b8b4683cbd7 100644 --- a/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/power-calibrate/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "power-calibrate"; - version = "0.01.34"; + version = "0.01.35"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-T2fCTE+snNt1ylOpVR0JfT2x0lWrgItpfjtUx/zjaQw="; + hash = "sha256-6ggxerWWBfjVgkgwLmIv/kPb04JIsJxPcVBrRQAG/ZM="; }; installFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/powerstat/default.nix b/nixpkgs/pkgs/os-specific/linux/powerstat/default.nix index 605b97e4be2f..578b0ef4d686 100644 --- a/nixpkgs/pkgs/os-specific/linux/powerstat/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/powerstat/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "powerstat"; - version = "0.04.01"; + version = "0.04.02"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-Wf6V2zaUrirzd3hfkq74mHNqlzxyr8p4B4qe0kLozM8="; + hash = "sha256-bFk2Zga7ZrQFxdaIV+E6N8EuT/20SRVnPihn/5wF8JA="; }; installFlags = [ diff --git a/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix b/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix index 56a92ffa44ef..e4d245fdc7ce 100644 --- a/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/procps-ng/default.nix @@ -48,8 +48,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - # Too red - configureFlags = [ "--disable-modern-top" ] + # Too red; 8bit support for fixing https://github.com/NixOS/nixpkgs/issues/275220 + configureFlags = [ "--disable-modern-top" "--enable-watch8bit" ] ++ lib.optional withSystemd "--with-systemd" ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "ac_cv_func_malloc_0_nonnull=yes" diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix index eed99122cd64..cd3d2f94d6f3 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/default.nix @@ -1,6 +1,5 @@ { stdenv , fetchFromGitHub -, fetchurl , lib , curl , nlohmann_json @@ -9,7 +8,6 @@ , linkFarmFromDrvs , callPackage }: - let # Although those headers are also included in the source of `sgx-psw`, the `azure-dcap-client` build needs specific versions filterSparse = list: '' @@ -21,16 +19,8 @@ let (fetchFromGitHub rec { name = "${repo}-headers"; owner = "intel"; - repo = "SGXDataCenterAttestationPrimitives"; - rev = "0436284f12f1bd5da7e7a06f6274d36b4c8d39f9"; - sparseCheckout = [ "QuoteGeneration/quote_wrapper/common/inc/sgx_ql_lib_common.h" ]; - hash = "sha256-ipKpYHbiwjCUXF/pCArJZy5ko1YX2wqMMdSnMUzhkgY="; - postFetch = filterSparse sparseCheckout; - }) - (fetchFromGitHub rec { - name = "${repo}-headers"; - owner = "intel"; repo = "linux-sgx"; + # See: <src/Linux/configure> for the revision `azure-dcap-client` uses. rev = "1ccf25b64abd1c2eff05ead9d14b410b3c9ae7be"; hash = "sha256-WJRoS6+NBVJrFmHABEEDpDhW+zbWFUl65AycCkRavfs="; sparseCheckout = [ @@ -44,13 +34,13 @@ let in stdenv.mkDerivation rec { pname = "azure-dcap-client"; - version = "1.11.2"; + version = "1.12.1"; src = fetchFromGitHub { owner = "microsoft"; repo = pname; rev = version; - hash = "sha256-EYj3jnzTyJRl6N7avNf9VrB8r9U6zIE6wBNeVsMtWCA="; + hash = "sha256-q0dI4WdA1ue4sw+QfSherh31Ldf9gnhoft66o3E9gnU="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix index 71fdb2bab39c..1e4432ecc642 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/test-suite.nix @@ -3,12 +3,16 @@ , gtest , makeWrapper }: -sgx-azure-dcap-client.overrideAttrs (oldAttrs: { - nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ +sgx-azure-dcap-client.overrideAttrs (old: { + nativeBuildInputs = old.nativeBuildInputs ++ [ makeWrapper gtest ]; + patches = [ + ./tests-missing-includes.patch + ]; + buildFlags = [ "tests" ]; @@ -22,6 +26,7 @@ sgx-azure-dcap-client.overrideAttrs (oldAttrs: { ''; postFixup = '' - wrapProgram "$out/bin/tests" --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-azure-dcap-client ]}" + wrapProgram "$out/bin/tests" \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ sgx-azure-dcap-client ]}" ''; }) diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/tests-missing-includes.patch b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/tests-missing-includes.patch new file mode 100644 index 000000000000..287fbd39af41 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/sgx/azure-dcap-client/tests-missing-includes.patch @@ -0,0 +1,12 @@ +diff --git a/src/UnitTest/test_local_cache.cpp b/src/UnitTest/test_local_cache.cpp +index 5fbc31b..6b8d52e 100644 +--- a/src/UnitTest/test_local_cache.cpp ++++ b/src/UnitTest/test_local_cache.cpp +@@ -5,6 +5,7 @@ + #include <gtest/gtest.h> + + #undef NDEBUG // ensure that asserts are never compiled out ++#include <array> + #include <cassert> + #include <cstdio> + #include <cstring> diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/psw/default.nix b/nixpkgs/pkgs/os-specific/linux/sgx/psw/default.nix index fa4a7be01cf5..22e52b6ec9fd 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/psw/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/psw/default.nix @@ -5,15 +5,11 @@ , coreutils , curl , file -, glibc , makeWrapper , nixosTests , protobuf , python3 , sgx-sdk -, shadow -, systemd -, util-linux , which , debug ? false }: @@ -23,16 +19,21 @@ stdenv.mkDerivation rec { postUnpack = let + # Fetch the pre-built, Intel-signed Architectural Enclaves (AE). They help + # run user application enclaves, verify launch policies, produce remote + # attestation quotes, and do platform certification. ae.prebuilt = fetchurl { url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz"; - hash = "sha256-JriA9UGYFkAPuCtRizk8RMM1YOYGR/eO9ILnx47A40s="; + hash = "sha256-IckW4p1XWkWCDCErXyTtnKYKeAUaCrp5iAMsRBMjLX0="; }; + # Also include the Data Center Attestation Primitives (DCAP) platform + # enclaves. dcap = rec { - version = "1.13"; + version = "1.18"; filename = "prebuilt_dcap_${version}.tar.gz"; prebuilt = fetchurl { url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}"; - hash = "sha256-0kD6hxN8qZ/7/H99aboQx7Qg7ewmYPEexoU6nqczAik="; + hash = "sha256-9ceys7ozOEienug+9MTZ6dw3nx7VBfxLNiwhZYv4SzY="; }; }; in @@ -75,9 +76,6 @@ stdenv.mkDerivation rec { dontUseCmakeConfigure = true; - # Randomly fails if enabled - enableParallelBuilding = false; - buildFlags = [ "psw_install_pkg" ] ++ lib.optionals debug [ @@ -120,8 +118,18 @@ stdenv.mkDerivation rec { rm $sgxPswDir/{cleanup.sh,startup.sh} rm -r $sgxPswDir/scripts + # Move aesmd binaries/libraries/enclaves mv $sgxPswDir/aesm/ $out/ + # We absolutely MUST avoid stripping or patching these ".signed.so" SGX + # enclaves. Stripping would change each enclave measurement (hash of the + # binary). + # + # We're going to temporarily move these enclave libs to another directory + # until after stripping/patching in the fixupPhase. + mkdir $TMPDIR/enclaves + mv $out/aesm/*.signed.so* $TMPDIR/enclaves + mkdir $out/bin makeWrapper $out/aesm/aesm_service $out/bin/aesm_service \ --suffix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ protobuf ]}:$out/aesm \ @@ -131,10 +139,23 @@ stdenv.mkDerivation rec { rmdir $sgxPswDir || (echo "Error: The directory $installDir still contains unhandled files: $(ls -A $installDir)" >&2 && exit 1) ''; - # Most—if not all—of those fixups are not relevant for NixOS as we have our own - # NixOS module which is based on those files without relying on them. Still, it - # is helpful to have properly patched versions for non-NixOS distributions. + stripDebugList = [ + "lib" + "bin" + # Also strip binaries/libs in the `aesm` directory + "aesm" + ]; + postFixup = '' + # Move the SGX enclaves back after everything else has been stripped. + mv $TMPDIR/enclaves/*.signed.so* $out/aesm/ + rmdir $TMPDIR/enclaves + + # Fixup the aesmd systemd service + # + # Most—if not all—of those fixups are not relevant for NixOS as we have our own + # NixOS module which is based on those files without relying on them. Still, it + # is helpful to have properly patched versions for non-NixOS distributions. echo "Fixing aesmd.service" substituteInPlace $out/lib/systemd/system/aesmd.service \ --replace '@aesm_folder@' \ @@ -151,11 +172,6 @@ stdenv.mkDerivation rec { "${coreutils}/bin/chmod" \ --replace "/bin/kill" \ "${coreutils}/bin/kill" - - echo "Fixing remount-dev-exec.service" - substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \ - --replace '/bin/mount' \ - "${util-linux}/bin/mount" ''; passthru.tests = { diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/samples/default.nix b/nixpkgs/pkgs/os-specific/linux/sgx/samples/default.nix index 2afd62de75d4..0cbd6db02838 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/samples/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/samples/default.nix @@ -1,6 +1,7 @@ { stdenv , lib , makeWrapper +, openssl , sgx-sdk , sgx-psw , which @@ -18,6 +19,7 @@ let nativeBuildInputs = [ makeWrapper + openssl which ]; @@ -66,7 +68,9 @@ let in { cxx11SGXDemo = buildSample "Cxx11SGXDemo"; - localAttestation = (buildSample "LocalAttestation").overrideAttrs (oldAttrs: { + cxx14SGXDemo = buildSample "Cxx14SGXDemo"; + cxx17SGXDemo = buildSample "Cxx17SGXDemo"; + localAttestation = (buildSample "LocalAttestation").overrideAttrs (old: { installPhase = '' runHook preInstall @@ -86,7 +90,7 @@ in }); powerTransition = buildSample "PowerTransition"; protobufSGXDemo = buildSample "ProtobufSGXDemo"; - remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: { + remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (old: { # Makefile sets rpath to point to $TMPDIR preFixup = '' patchelf --remove-rpath $out/bin/app @@ -97,13 +101,40 @@ in ''; }); sampleEnclave = buildSample "SampleEnclave"; - sampleEnclavePCL = buildSample "SampleEnclavePCL"; sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP"; - sealUnseal = (buildSample "SealUnseal").overrideAttrs (oldAttrs: { + sampleMbedCrypto = buildSample "SampleMbedCrypto"; + sealUnseal = (buildSample "SealUnseal").overrideAttrs (old: { prePatch = '' substituteInPlace App/App.cpp \ --replace '"sealed_data_blob.txt"' '"/tmp/sealed_data_blob.txt"' ''; }); switchless = buildSample "Switchless"; + # # Requires SGX-patched openssl (sgxssl) build + # sampleAttestedTLS = buildSample "SampleAttestedTLS"; +} // lib.optionalAttrs (!isSimulation) { + # # Requires kernel >= v6.2 && HW SGX + # sampleAEXNotify = buildSample "SampleAEXNotify"; + + # Requires HW SGX + sampleCommonLoader = (buildSample "SampleCommonLoader").overrideAttrs (old: { + nativeBuildInputs = [ sgx-psw ] ++ old.nativeBuildInputs; + + installPhase = '' + runHook preInstall + + mkdir -p $out/{bin,lib} + mv sample app + install -m 755 app $out/bin + + wrapProgram "$out/bin/app" \ + --chdir "$out/lib" \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [sgx-psw]}" + + runHook postInstall + ''; + }); + + # # SEGFAULTs in simulation mode? + # sampleEnclavePCL = buildSample "SampleEnclavePCL"; } diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/sdk/default.nix b/nixpkgs/pkgs/os-specific/linux/sgx/sdk/default.nix index 053aaecbcbb7..2570406a7112 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/sdk/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/sdk/default.nix @@ -2,7 +2,6 @@ , stdenv , fetchFromGitHub , fetchpatch -, fetchzip , autoconf , automake , binutils @@ -13,10 +12,9 @@ , git , libtool , linkFarmFromDrvs -, nasm , ocaml , ocamlPackages -, openssl_1_1 +, openssl , perl , python3 , texinfo @@ -29,15 +27,15 @@ stdenv.mkDerivation rec { pname = "sgx-sdk"; # Version as given in se_version.h - version = "2.16.100.4"; + version = "2.21.100.1"; # Version as used in the Git tag - versionTag = "2.16"; + versionTag = "2.21"; src = fetchFromGitHub { owner = "intel"; repo = "linux-sgx"; rev = "sgx_${versionTag}"; - hash = "sha256-qgXuJJWiqmcU11umCsE3DnlK4VryuTDAsNf53YPw6UY="; + hash = "sha256-Yo2G0H0XUI2p9W7lDRLkFHw2t8X1220brGohQJ0r2WY="; fetchSubmodules = true; }; @@ -55,10 +53,32 @@ stdenv.mkDerivation rec { }) ]; + # There's a `make preparation` step that downloads some prebuilt binaries and + # applies some patches to the in-repo git submodules. We can't just run it, + # since it downloads things, so this step just extracts the patching steps. postPatch = '' patchShebangs linux/installer/bin/build-installpkg.sh \ linux/installer/common/sdk/createTarball.sh \ - linux/installer/common/sdk/install.sh + linux/installer/common/sdk/install.sh \ + external/sgx-emm/create_symlink.sh + + echo "Running 'make preparation' but without download steps" + + # Seems to download something. Build currently uses ipp-crypto and not + # sgxssl so probably not an issue. + # $ ./external/dcap_source/QuoteVerification/prepare_sgxssl.sh nobuild + + pushd external/openmp/openmp_code + git apply ../0001-Enable-OpenMP-in-SGX.patch >/dev/null 2>&1 \ + || git apply ../0001-Enable-OpenMP-in-SGX.patch --check -R + popd + + pushd external/protobuf/protobuf_code + git apply ../sgx_protobuf.patch >/dev/null 2>&1 \ + || git apply ../sgx_protobuf.patch --check -R + popd + + ./external/sgx-emm/create_symlink.sh ''; # We need `cmake` as a build input but don't use it to kick off the build phase @@ -84,7 +104,7 @@ stdenv.mkDerivation rec { buildInputs = [ libtool - openssl_1_1 + openssl ]; BINUTILS_DIR = "${binutils}/bin"; @@ -123,7 +143,7 @@ stdenv.mkDerivation rec { lib/linux/intel64/cve_2020_0551_cf/libippcp.a rm inc/ippcp.h - patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u3.patch -o inc/ippcp.h + patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u7.patch -o inc/ippcp.h install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE @@ -136,8 +156,6 @@ stdenv.mkDerivation rec { "DEBUG=1" ]; - enableParallelBuilding = true; - postBuild = '' patchShebangs linux/installer/bin/sgx_linux_x64_sdk_${version}.bin ''; @@ -166,6 +184,11 @@ stdenv.mkDerivation rec { mv $installDir/lib64 lib ln -s lib/ lib64 + # Fixup the symlinks for libsgx_urts.so.* -> libsgx_urts.so + for file in lib/libsgx_urts.so.*; do + ln -srf lib/libsgx_urts.so $file + done + mv $installDir/include/ . mkdir -p share/ @@ -204,7 +227,6 @@ stdenv.mkDerivation rec { runHook postInstall ''; - preFixup = '' echo "Strip sgxsdk prefix" for path in "$out/share/bin/environment" "$out/bin/sgx-gdb"; do diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix b/nixpkgs/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix index b9f682f5319b..5a4c941a22b9 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix @@ -1,36 +1,28 @@ -{ lib -, gcc11Stdenv +{ gcc11Stdenv , fetchFromGitHub , cmake , nasm -, openssl_1_1 +, openssl , python3 , extraCmakeFlags ? [ ] }: - gcc11Stdenv.mkDerivation rec { pname = "ipp-crypto"; - version = "2021.3"; + version = "2021.9.0"; src = fetchFromGitHub { owner = "intel"; repo = "ipp-crypto"; rev = "ippcp_${version}"; - hash = "sha256-QEJXvQ//zhQqibFxXwPMdS1MHewgyb24LRmkycVSGrM="; + hash = "sha256-+ITnxyrkDQp4xRa+PVzXdYsSkI5sMNwQGfGU+lFJ6co="; }; - # Fix typo: https://github.com/intel/ipp-crypto/pull/33 - postPatch = '' - substituteInPlace sources/cmake/ippcp-gen-config.cmake \ - --replace 'ippcpo-config.cmake' 'ippcp-config.cmake' - ''; - cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags; nativeBuildInputs = [ cmake nasm - openssl_1_1 + openssl python3 ]; } diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/ssl/default.nix b/nixpkgs/pkgs/os-specific/linux/sgx/ssl/default.nix index f3f6ce485063..9d1905e09d1f 100644 --- a/nixpkgs/pkgs/os-specific/linux/sgx/ssl/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sgx/ssl/default.nix @@ -1,8 +1,8 @@ { stdenv , fetchFromGitHub -, fetchpatch , fetchurl , lib +, openssl , perl , sgx-sdk , which @@ -10,9 +10,9 @@ }: let sgxVersion = sgx-sdk.versionTag; - opensslVersion = "1.1.1l"; + opensslVersion = "1.1.1u"; in -stdenv.mkDerivation rec { +stdenv.mkDerivation { pname = "sgx-ssl" + lib.optionalString debug "-debug"; version = "${sgxVersion}_${opensslVersion}"; @@ -20,25 +20,20 @@ stdenv.mkDerivation rec { owner = "intel"; repo = "intel-sgx-ssl"; rev = "lin_${sgxVersion}_${opensslVersion}"; - hash = "sha256-ibPXs90ni2fkxJ09fNO6wWVpfCFdko6MjBFkEsyIih8="; + hash = "sha256-zbXEQz72VUPqnGrboX6oXliaLpbcos7tV6K9lX+zleg="; }; postUnpack = let opensslSourceArchive = fetchurl { url = "https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz"; - hash = "sha256-C3o+XlnDSCf+DDp0t+yLrvMCuY+oAIjX+RU6oW+na9E="; + hash = "sha256-4vjYS1I+7NBse+diaDA3AwD7zBU4a/UULXJ1j2lj68Y="; }; in '' ln -s ${opensslSourceArchive} $sourceRoot/openssl_source/openssl-${opensslVersion}.tar.gz ''; - patches = [ - # https://github.com/intel/intel-sgx-ssl/pull/111 - ./intel-sgx-ssl-pr-111.patch - ]; - postPatch = '' patchShebangs Linux/build_openssl.sh @@ -48,8 +43,6 @@ stdenv.mkDerivation rec { 'bash -c "true"' ''; - enableParallelBuilding = true; - nativeBuildInputs = [ perl sgx-sdk @@ -68,28 +61,21 @@ stdenv.mkDerivation rec { ]; # Build the test app - # - # Running the test app is currently only supported on Intel CPUs - # and will fail on non-Intel CPUs even in SGX simulation mode. - # Therefore, we only build the test app without running it until - # upstream resolves the issue: https://github.com/intel/intel-sgx-ssl/issues/113 doInstallCheck = true; - installCheckTarget = "all"; + installCheckTarget = "test"; installCheckFlags = [ "SGX_MODE=SIM" - "-C sgx/test_app" "-j 1" # Makefile doesn't support multiple jobs ]; - preInstallCheck = '' - # Expects the enclave file in the current working dir - ln -s sgx/test_app/TestEnclave.signed.so . - ''; + nativeInstallCheckInputs = [ + openssl + ]; meta = with lib; { description = "Cryptographic library for Intel SGX enclave applications based on OpenSSL"; homepage = "https://github.com/intel/intel-sgx-ssl"; maintainers = with maintainers; [ trundle veehaitch ]; platforms = [ "x86_64-linux" ]; - license = with licenses; [ bsd3 openssl ]; + license = [ licenses.bsd3 licenses.openssl ]; }; } diff --git a/nixpkgs/pkgs/os-specific/linux/sgx/ssl/intel-sgx-ssl-pr-111.patch b/nixpkgs/pkgs/os-specific/linux/sgx/ssl/intel-sgx-ssl-pr-111.patch deleted file mode 100644 index 6ef06d7e231b..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/sgx/ssl/intel-sgx-ssl-pr-111.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 1683c336e11b3cbe2b48c1be1c9460a661523c71 Mon Sep 17 00:00:00 2001 -From: Vincent Haupert <mail@vincent-haupert.de> -Date: Sat, 8 Jan 2022 17:22:31 +0100 -Subject: [PATCH 1/3] Linux: fix Nix detection - -Detect the `OS_ID` of Nix by probing for the presence of the `NIX_STORE` -environment variable instead of `NIX_PATH`. The latter is only set in a -`nix-shell` session but isn't when building a derivation through -`nix-build`. In contrast, the `NIX_STORE` environment variable is set in -both cases. - -Signed-off-by: Vincent Haupert <mail@vincent-haupert.de> ---- - Linux/sgx/buildenv.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Linux/sgx/buildenv.mk b/Linux/sgx/buildenv.mk -index cd8818e..dac23c7 100644 ---- a/Linux/sgx/buildenv.mk -+++ b/Linux/sgx/buildenv.mk -@@ -65,7 +65,7 @@ $(shell mkdir -p $(PACKAGE_LIB)) - UBUNTU_CONFNAME:=/usr/include/x86_64-linux-gnu/bits/confname.h - ifneq ("$(wildcard $(UBUNTU_CONFNAME))","") - OS_ID=1 --else ifeq ($(origin NIX_PATH),environment) -+else ifeq ($(origin NIX_STORE),environment) - OS_ID=3 - else - OS_ID=2 - -From f493525face589d759223bfa45bb802c31ddce4f Mon Sep 17 00:00:00 2001 -From: Vincent Haupert <mail@vincent-haupert.de> -Date: Sat, 8 Jan 2022 17:33:22 +0100 -Subject: [PATCH 2/3] Linux: call binaries relative to PATH - -Using an absolute path to call binaries is incompatible with -distributions which do not follow the Filesystem Hierachy Standard; -Nix is an example. Also, it is inconsistent with the rest of the code -base, let alone superfluous. - -Signed-off-by: Vincent Haupert <mail@vincent-haupert.de> ---- - Linux/build_openssl.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index 7d77b79..e8b59a1 100755 ---- a/Linux/build_openssl.sh -+++ b/Linux/build_openssl.sh -@@ -38,7 +38,7 @@ SGXSSL_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - echo $SGXSSL_ROOT - - OPENSSL_INSTALL_DIR="$SGXSSL_ROOT/../openssl_source/OpenSSL_install_dir_tmp" --OPENSSL_VERSION=`/bin/ls $SGXSSL_ROOT/../openssl_source/*1.1.1*.tar.gz | /usr/bin/head -1 | /bin/grep -o '[^/]*$' | /bin/sed -s -- 's/\.tar\.gz//'` -+OPENSSL_VERSION=`ls $SGXSSL_ROOT/../openssl_source/*1.1.1*.tar.gz | head -1 | grep -o '[^/]*$' | sed -s -- 's/\.tar\.gz//'` - if [ "$OPENSSL_VERSION" == "" ] - then - echo "In order to run this script, OpenSSL tar.gz package must be located in openssl_source/ directory." - -From fdb883d30fff72b5cfb8c61a2288d3d948f64224 Mon Sep 17 00:00:00 2001 -From: Vincent Haupert <mail@vincent-haupert.de> -Date: Tue, 11 Jan 2022 10:56:39 +0100 -Subject: [PATCH 3/3] Linux: properly extract GCC major version - -Calling `gcc -dumpversion` yields the full version string, e.g., -`10.3.0`. The `build_openssl.sh` bash script uses the `-ge` number -comparison operator to check if the returned version is at least -8. This results in an error if the returned GCC version includes a patch -version; "10.3.0" isn't a valid number. - -This commit fixes the version detection by only extracting the relevant -major version of GCC. - -Signed-off-by: Vincent Haupert <mail@vincent-haupert.de> ---- - Linux/build_openssl.sh | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index e8b59a1..6e4046f 100755 ---- a/Linux/build_openssl.sh -+++ b/Linux/build_openssl.sh -@@ -82,6 +82,7 @@ fi - MITIGATION_OPT="" - MITIGATION_FLAGS="" - CC_VERSION=`gcc -dumpversion` -+CC_VERSION_MAJOR=`echo "$CC_VERSION" | cut -f1 -d.` - for arg in "$@" - do - case $arg in -@@ -99,7 +100,7 @@ do - ;; - -mfunction-return=thunk-extern) - MITIGATION_FLAGS+=" $arg" -- if [[ $CC_VERSION -ge 8 ]] ; then -+ if [[ "$CC_VERSION_MAJOR" -ge 8 ]] ; then - MITIGATION_FLAGS+=" -fcf-protection=none" - fi - shift diff --git a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix index f52342f5af36..d6319fd0dcf3 100644 --- a/nixpkgs/pkgs/os-specific/linux/shadow/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/shadow/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub +{ lib, stdenv, fetchFromGitHub, fetchpatch , runtimeShell, nixosTests , autoreconfHook, bison, flex , docbook_xml_dtd_45, docbook_xsl @@ -47,6 +47,13 @@ stdenv.mkDerivation rec { ./respect-xml-catalog-files-var.patch ./runtime-shell.patch ./fix-install-with-tcb.patch + # Fix build against `clang-16` and upcoming `gcc-14`: + # https://github.com/shadow-maint/shadow/pull/857 + (fetchpatch { + name = "fix-implicit-getdef_bool.patch"; + url = "https://github.com/shadow-maint/shadow/commit/5abe0811b880208600f646356549b7e5cad89060.patch"; + hash = "sha256-XqvVv8mYY58uXJBKRwncHQRSI45PUkp3dQNn44gzezU="; + }) ]; # The nix daemon often forbids even creating set[ug]id files. diff --git a/nixpkgs/pkgs/os-specific/linux/smemstat/default.nix b/nixpkgs/pkgs/os-specific/linux/smemstat/default.nix index d8f8c1bc025f..e5d7fb1a13b6 100644 --- a/nixpkgs/pkgs/os-specific/linux/smemstat/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/smemstat/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "smemstat"; - version = "0.02.12"; + version = "0.02.13"; src = fetchFromGitHub { owner = "ColinIanKing"; repo = pname; rev = "V${version}"; - hash = "sha256-5gO26F80nZvZ6RIqX8o7bDSNo38EL8XywR8wMPFqHA8="; + hash = "sha256-wxgw5tPdZAhhISbay8BwoL5zxZJV4WstDpOtv9umf54="; }; buildInputs = [ ncurses ]; diff --git a/nixpkgs/pkgs/os-specific/linux/sssd/default.nix b/nixpkgs/pkgs/os-specific/linux/sssd/default.nix index ddae189f6528..a4a0d1dd49ff 100644 --- a/nixpkgs/pkgs/os-specific/linux/sssd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/sssd/default.nix @@ -13,13 +13,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "sssd"; - version = "2.9.3"; + version = "2.9.4"; src = fetchFromGitHub { owner = "SSSD"; repo = "sssd"; rev = "refs/tags/${finalAttrs.version}"; - hash = "sha256-WTVOt2TpTCyMmFYzWJMBQdwgmov7m1Sd8CwyL4ywPUY="; + hash = "sha256-VJXZndbmC6mAVxzvv5Wjb4adrQkP16Rt4cgjl4qGDIc="; }; postPatch = '' diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch b/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch new file mode 100644 index 000000000000..68ae22644835 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch @@ -0,0 +1,46 @@ +From 7a27556920fe1feefd17096841c8f3ca1294a1b3 Mon Sep 17 00:00:00 2001 +From: Yuri Nesterov <yuriy.nesterov@unikie.com> +Date: Wed, 21 Jun 2023 17:17:38 +0300 +Subject: [PATCH] timesyncd: disable NSCD when DNSSEC validation is disabled + +Systemd-timesyncd sets SYSTEMD_NSS_RESOLVE_VALIDATE=0 in the unit file +to disable DNSSEC validation but it doesn't work when NSCD is used in +the system. This patch disabes NSCD in systemd-timesyncd when +SYSTEMD_NSS_RESOLVE_VALIDATE is set to 0 so that it uses NSS libraries +directly. +--- + src/timesync/timesyncd.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c +index 1d8ebecc91..2b0ae361ff 100644 +--- a/src/timesync/timesyncd.c ++++ b/src/timesync/timesyncd.c +@@ -21,6 +21,11 @@ + #include "timesyncd-conf.h" + #include "timesyncd-manager.h" + #include "user-util.h" ++#include "env-util.h" ++ ++struct traced_file; ++extern void __nss_disable_nscd(void (*)(size_t, struct traced_file *)); ++static void register_traced_file(size_t dbidx, struct traced_file *finfo) {} + + static int advance_tstamp(int fd, const struct stat *st) { + assert_se(fd >= 0); +@@ -198,6 +203,12 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Failed to parse fallback server strings: %m"); + ++ r = getenv_bool_secure("SYSTEMD_NSS_RESOLVE_VALIDATE"); ++ if (r == 0) { ++ log_info("Disabling NSCD because DNSSEC validation is turned off"); ++ __nss_disable_nscd(register_traced_file); ++ } ++ + log_debug("systemd-timesyncd running as pid " PID_FMT, getpid_cached()); + + notify_message = notify_start("READY=1\n" +-- +2.34.1 + diff --git a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix index f57e4039d203..23f875d2dc46 100644 --- a/nixpkgs/pkgs/os-specific/linux/systemd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/systemd/default.nix @@ -55,6 +55,7 @@ , e2fsprogs , elfutils , linuxHeaders ? stdenv.cc.libc.linuxHeaders +, gnutls , iptables , withSelinux ? false , libselinux @@ -207,6 +208,8 @@ stdenv.mkDerivation (finalAttrs: { ./0017-core-don-t-taint-on-unmerged-usr.patch ./0018-tpm2_context_init-fix-driver-name-checking.patch ./0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch + ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [ + ./0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { @@ -436,7 +439,7 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional withPam pam ++ lib.optional withPCRE2 pcre2 ++ lib.optional withSelinux libselinux - ++ lib.optional withRemote libmicrohttpd + ++ lib.optionals withRemote [ libmicrohttpd gnutls ] ++ lib.optionals (withHomed || withCryptsetup) [ p11-kit ] ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ] ++ lib.optionals withLibBPF [ libbpf ] @@ -773,7 +776,11 @@ stdenv.mkDerivation (finalAttrs: { inherit withCryptsetup withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; tests = { - inherit (nixosTests) switchTest; + inherit (nixosTests) + switchTest + systemd-journal + systemd-journal-gateway + systemd-journal-upload; cross = pkgsCross.${if stdenv.buildPlatform.isAarch64 then "gnu64" else "aarch64-multiplatform"}.systemd; }; }; diff --git a/nixpkgs/pkgs/os-specific/linux/trace-cmd/default.nix b/nixpkgs/pkgs/os-specific/linux/trace-cmd/default.nix index 371f66856de5..d19754cdb5e0 100644 --- a/nixpkgs/pkgs/os-specific/linux/trace-cmd/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/trace-cmd/default.nix @@ -1,14 +1,21 @@ -{ lib, stdenv, fetchgit, pkg-config, asciidoc, xmlto, docbook_xsl, docbook_xml_dtd_45, libxslt, libtraceevent, libtracefs, zstd, sourceHighlight }: +{ lib, stdenv, fetchpatch, fetchzip, pkg-config, asciidoc, xmlto, docbook_xsl, docbook_xml_dtd_45, libxslt, libtraceevent, libtracefs, zstd, sourceHighlight }: stdenv.mkDerivation rec { pname = "trace-cmd"; version = "3.2"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/"; - rev = "trace-cmd-v${version}"; - sha256 = "sha256-KlykIYF4uy1phgWRG5j76FJqgO7XhNnyrTDVTs8YOXY="; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/snapshot/trace-cmd-v${version}.tar.gz"; + hash = "sha256-rTcaaEQ3Y4cneNnZSGiMZNp+Z7dyAa3oNTNMAEXr28g="; }; + patches = [ + # Upstream patches to be released in the next version + (fetchpatch { + sha256 = "sha256-eGuHODm29M7rbGYsyXUPoNe1xsIG3eJYhwXQDakRJHA="; + url = "https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/patch/?id=6b07a7df871342068604b204711ab741d421d051"; + }) + ]; + # Don't build and install html documentation postPatch = '' sed -i -e '/^all:/ s/html//' -e '/^install:/ s/install-html//' \ diff --git a/nixpkgs/pkgs/os-specific/linux/trace-cmd/kernelshark.nix b/nixpkgs/pkgs/os-specific/linux/trace-cmd/kernelshark.nix index 23ebbae8d1cb..1eda219013da 100644 --- a/nixpkgs/pkgs/os-specific/linux/trace-cmd/kernelshark.nix +++ b/nixpkgs/pkgs/os-specific/linux/trace-cmd/kernelshark.nix @@ -1,4 +1,4 @@ -{ lib, mkDerivation, fetchgit, qtbase, cmake, asciidoc +{ lib, mkDerivation, fetchzip, qtbase, cmake, asciidoc , docbook_xsl, json_c, mesa_glu, freeglut, trace-cmd, pkg-config , libtraceevent, libtracefs, freefont_ttf }: @@ -7,9 +7,8 @@ mkDerivation rec { pname = "kernelshark"; version = "2.2.1"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/utils/trace-cmd/kernel-shark.git/"; - rev = "kernelshark-v${version}"; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/utils/trace-cmd/kernel-shark.git/snapshot/kernelshark-v${version}.tar.gz"; hash = "sha256-V25IzPDOt6V03wgIa/AJ0T8mRaGmXYuMCcvbSOKleY0="; }; diff --git a/nixpkgs/pkgs/os-specific/linux/tuna/default.nix b/nixpkgs/pkgs/os-specific/linux/tuna/default.nix index 0e621a24f081..e3101cded09f 100644 --- a/nixpkgs/pkgs/os-specific/linux/tuna/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/tuna/default.nix @@ -1,6 +1,6 @@ { lib , buildPythonApplication -, fetchgit +, fetchzip , pygobject3 , pytestCheckHook , gdk-pixbuf @@ -16,13 +16,12 @@ buildPythonApplication rec { pname = "tuna"; version = "0.15"; - src = fetchgit { - url = "https://git.kernel.org/pub/scm/utils/${pname}/${pname}.git"; - rev = "v${version}"; - sha256 = "sha256-lRHlbdCQ0NcjcWgLvCze67kN8NsK0f5RmKfPbkHhk78="; + src = fetchzip { + url = "https://git.kernel.org/pub/scm/utils/tuna/tuna.git/snapshot/tuna-v${version}.tar.gz"; + sha256 = "MwyLBwKz5ur1sBXHiCLq/Nq2u5aaiC+KzXqvGBmQii8="; }; - patchPhase = '' + postPatch = '' mv tuna-cmd.py tuna/cmd.py substituteInPlace setup.py \ diff --git a/nixpkgs/pkgs/os-specific/linux/usbguard-notifier/default.nix b/nixpkgs/pkgs/os-specific/linux/usbguard-notifier/default.nix index c5b296809da1..a9eaa6651f99 100644 --- a/nixpkgs/pkgs/os-specific/linux/usbguard-notifier/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/usbguard-notifier/default.nix @@ -2,6 +2,7 @@ lib, stdenv, fetchFromGitHub, + fetchpatch, autoreconfHook, pkg-config, libqb, @@ -23,6 +24,16 @@ stdenv.mkDerivation rec { hash = "sha256-gWvCGSbOuey2ELAPD2WCG4q77IClL0S7rE2RaUJDc1I="; }; + patches = [ + # gcc-13 compatibility upstream fix: + # https://github.com/Cropi/usbguard-notifier/pull/74 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/Cropi/usbguard-notifier/commit/f4586b732c8a7379aacbc9899173beeacfd54793.patch"; + hash = "sha256-2q/qD6yEQUPxA/UutGIZKFJ3hHJ8ZlGMZI1wJyMRbmo="; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkg-config asciidoc ]; buildInputs = [ libqb usbguard librsvg libnotify ]; diff --git a/nixpkgs/pkgs/os-specific/linux/usbguard/default.nix b/nixpkgs/pkgs/os-specific/linux/usbguard/default.nix index 46e9ee3d0a55..e43ee0b421dc 100644 --- a/nixpkgs/pkgs/os-specific/linux/usbguard/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/usbguard/default.nix @@ -1,6 +1,7 @@ { stdenv , lib , fetchFromGitHub +, fetchpatch , autoreconfHook , installShellFiles , nixosTests @@ -32,6 +33,16 @@ stdenv.mkDerivation rec { fetchSubmodules = true; }; + patches = [ + # Pull upstream fix for gcc-13: + # https://github.com/USBGuard/usbguard/pull/586 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/USBGuard/usbguard/commit/22b1e0897af977cc96af926c730ff948bd120bb5.patch"; + hash = "sha256-yw0ZHcn6naHcsfsqdBB/aTgCwvEHecew/6HDmjyY2ZA="; + }) + ]; + nativeBuildInputs = [ autoreconfHook installShellFiles diff --git a/nixpkgs/pkgs/os-specific/linux/util-linux/bcachefs-patch-set.patch b/nixpkgs/pkgs/os-specific/linux/util-linux/bcachefs-patch-set.patch deleted file mode 100644 index 068744d4f32d..000000000000 --- a/nixpkgs/pkgs/os-specific/linux/util-linux/bcachefs-patch-set.patch +++ /dev/null @@ -1,277 +0,0 @@ -commit 68564ebb50f8afab5a9527c534417e247cca0b27 -Author: Filipe Manana <fdmanana@kernel.org> -Date: Thu Aug 17 10:20:13 2023 +0100 - - libmount: Fix regression when mounting with atime - - A regression was introduced in v2.39 that causes mounting with the atime - option to fail: - - $ mkfs.ext4 -F /dev/sdi - $ mount -o atime /dev/sdi /mnt/sdi - mount: /mnt/sdi: not mount point or bad option. - dmesg(1) may have more information after failed mount system call. - - The failure comes from the mount_setattr(2) call returning -EINVAL. This - is because we pass an invalid value for the attr_clr argument. From a - strace capture we have: - - mount_setattr(4, "", AT_EMPTY_PATH, {attr_set=0, attr_clr=MOUNT_ATTR_NOATIME, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) - - We can't pass MOUNT_ATTR_NOATIME to mount_setattr(2) through the attr_clr - argument because all atime options are exclusive, so in order to set atime - one has to pass MOUNT_ATTR__ATIME to attr_clr and leave attr_set as - MOUNT_ATTR_RELATIME (which is defined as a value of 0). - - This can be read from the man page for mount_setattr(2) and also from the - kernel source: - - $ cat fs/namespace.c - static int build_mount_kattr(const struct mount_attr *attr, size_t usize, - struct mount_kattr *kattr, unsigned int flags) - { - (...) - /* - * Since the MOUNT_ATTR_<atime> values are an enum, not a bitmap, - * users wanting to transition to a different atime setting cannot - * simply specify the atime setting in @attr_set, but must also - * specify MOUNT_ATTR__ATIME in the @attr_clr field. - * So ensure that MOUNT_ATTR__ATIME can't be partially set in - * @attr_clr and that @attr_set can't have any atime bits set if - * MOUNT_ATTR__ATIME isn't set in @attr_clr. - */ - if (attr->attr_clr & MOUNT_ATTR__ATIME) { - if ((attr->attr_clr & MOUNT_ATTR__ATIME) != MOUNT_ATTR__ATIME) - return -EINVAL; - - /* - * Clear all previous time settings as they are mutually - * exclusive. - */ - kattr->attr_clr |= MNT_RELATIME | MNT_NOATIME; - switch (attr->attr_set & MOUNT_ATTR__ATIME) { - case MOUNT_ATTR_RELATIME: - kattr->attr_set |= MNT_RELATIME; - break; - case MOUNT_ATTR_NOATIME: - kattr->attr_set |= MNT_NOATIME; - break; - case MOUNT_ATTR_STRICTATIME: - break; - default: - return -EINVAL; - } - (...) - - So fix this by setting attr_clr MOUNT_ATTR__ATIME if we want to clear any - atime related option. - - Signed-off-by: Filipe Manana <fdmanana@kernel.org> - -diff --git a/libmount/src/optlist.c b/libmount/src/optlist.c -index 1e962ec6d..0702adae7 100644 ---- a/libmount/src/optlist.c -+++ b/libmount/src/optlist.c -@@ -875,7 +875,18 @@ int mnt_optlist_get_attrs(struct libmnt_optlist *ls, uint64_t *set, uint64_t *cl - - if (opt->ent->mask & MNT_INVERT) { - DBG(OPTLIST, ul_debugobj(ls, " clr: %s", opt->ent->name)); -- *clr |= x; -+ /* -+ * All atime settings are mutually exclusive so *clr must -+ * have MOUNT_ATTR__ATIME set. -+ * -+ * See the function fs/namespace.c:build_mount_kattr() -+ * in the linux kernel source. -+ */ -+ if (x == MOUNT_ATTR_RELATIME || x == MOUNT_ATTR_NOATIME || -+ x == MOUNT_ATTR_STRICTATIME) -+ *clr |= MOUNT_ATTR__ATIME; -+ else -+ *clr |= x; - } else { - DBG(OPTLIST, ul_debugobj(ls, " set: %s", opt->ent->name)); - *set |= x; -diff --git a/tests/expected/libmount/context-mount-flags b/tests/expected/libmount/context-mount-flags -index 960641863..eb71323dd 100644 ---- a/tests/expected/libmount/context-mount-flags -+++ b/tests/expected/libmount/context-mount-flags -@@ -3,3 +3,6 @@ ro,nosuid,noexec - successfully mounted - rw,nosuid,noexec - successfully umounted -+successfully mounted -+rw,relatime -+successfully umounted -diff --git a/tests/ts/libmount/context b/tests/ts/libmount/context -index f5b47185e..a5d2e81a3 100755 ---- a/tests/ts/libmount/context -+++ b/tests/ts/libmount/context -@@ -116,8 +116,15 @@ $TS_CMD_FINDMNT --kernel --mountpoint $MOUNTPOINT -o VFS-OPTIONS -n >> $TS_OUTPU - - ts_run $TESTPROG --umount $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG - is_mounted $DEVICE && echo "$DEVICE still mounted" >> $TS_OUTPUT 2>> $TS_ERRLOG --ts_finalize_subtest - -+# Test that the atime option works after the migration to use the new kernel mount APIs. -+ts_run $TESTPROG --mount -o atime $DEVICE $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG -+$TS_CMD_FINDMNT --kernel --mountpoint $MOUNTPOINT -o VFS-OPTIONS -n >> $TS_OUTPUT 2>> $TS_ERRLOG -+is_mounted $DEVICE || echo "$DEVICE not mounted" >> $TS_OUTPUT 2>> $TS_ERRLOG -+ts_run $TESTPROG --umount $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG -+is_mounted $DEVICE && echo "$DEVICE still mounted" >> $TS_OUTPUT 2>> $TS_ERRLOG -+ -+ts_finalize_subtest - - ts_init_subtest "mount-loopdev" - mkdir -p $MOUNTPOINT &> /dev/null - -commit 1ec71634aa4ef5ddca23d65c8a296f3614231e8a -Author: Colin Gillespie <colin@cgillespie.xyz> -Date: Wed Aug 9 18:28:07 2023 +1000 - - libblkid: (bcachefs) fix not detecting large superblocks - - Probing does not detect bcachefs filesystems with a superblock larger - than 4KiB. Bcachefs superblocks grow in size and can become much larger - than this. - - Increase the superblock maximum size limit to 1MiB. - - Validate the superblock isn't larger than the maximum size defined in - the superblocks layout section. - - (cherry picked from commit 48d573797797650d96456979797c0155d58f61cb) - -diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c -index 40e702d75..236877042 100644 ---- a/libblkid/src/superblocks/bcache.c -+++ b/libblkid/src/superblocks/bcache.c -@@ -102,6 +102,15 @@ union bcachefs_sb_csum { - uint8_t raw[16]; - } __attribute__((packed)); - -+struct bcachefs_sb_layout { -+ uint8_t magic[16]; -+ uint8_t layout_type; -+ uint8_t sb_max_size_bits; -+ uint8_t nr_superblocks; -+ uint8_t pad[5]; -+ uint64_t sb_offset[61]; -+} __attribute__((packed)); -+ - struct bcachefs_super_block { - union bcachefs_sb_csum csum; - uint16_t version; -@@ -123,7 +132,7 @@ struct bcachefs_super_block { - uint64_t flags[8]; - uint64_t features[2]; - uint64_t compat[2]; -- uint8_t layout[512]; -+ struct bcachefs_sb_layout layout; - struct bcachefs_sb_field _start[]; - } __attribute__((packed)); - -@@ -143,7 +152,7 @@ struct bcachefs_super_block { - /* granularity of offset and length fields within superblock */ - #define BCACHEFS_SECTOR_SIZE 512 - /* maximum superblock size */ --#define BCACHEFS_SB_MAX_SIZE 4096 -+#define BCACHEFS_SB_MAX_SIZE 0x100000 - /* fields offset within super block */ - #define BCACHEFS_SB_FIELDS_OFF offsetof(struct bcachefs_super_block, _start) - /* tag value for members field */ -@@ -302,6 +311,9 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag) - return BLKID_PROBE_NONE; - - sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs); -+ if (sb_size > BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits) -+ return BLKID_PROBE_NONE; -+ - if (sb_size > BCACHEFS_SB_MAX_SIZE) - return BLKID_PROBE_NONE; - - -commit acbf17ae8f8ee0f941fe98ed12f115f2b349bba8 -Author: Karel Zak <kzak@redhat.com> -Date: Wed Aug 23 11:53:45 2023 +0200 - - libblkid: (bcachefs) fix compiler warning [-Werror=sign-compare] - - Addresses: https://github.com/util-linux/util-linux/pull/2427 - Signed-off-by: Karel Zak <kzak@redhat.com> - (cherry picked from commit 17873d38fc97913c0a31d4bd08cfbfe45c4de5be) - -diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c -index 236877042..6ab3fe9d4 100644 ---- a/libblkid/src/superblocks/bcache.c -+++ b/libblkid/src/superblocks/bcache.c -@@ -311,7 +311,7 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag) - return BLKID_PROBE_NONE; - - sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs); -- if (sb_size > BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits) -+ if (sb_size > ((uint64_t) BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits)) - return BLKID_PROBE_NONE; - - if (sb_size > BCACHEFS_SB_MAX_SIZE) - -commit 6b9fda87c4e5d0c6f945d7565197f157b9fa3d5f -Author: Thomas Weißschuh <thomas@t-8ch.de> -Date: Wed Aug 23 11:58:33 2023 +0200 - - libblkid: (bcachefs) fix size validation - - Avoid signed shift out-of-bounds. - - Also mark the constants explitly as unsigned instead of casting. - - Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de> - (cherry picked from commit befe455f59de8c7bc66b85ed52aae8cbc95325fa) - -diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c -index 6ab3fe9d4..28ac4b52b 100644 ---- a/libblkid/src/superblocks/bcache.c -+++ b/libblkid/src/superblocks/bcache.c -@@ -142,17 +142,19 @@ struct bcachefs_super_block { - /* magic string len */ - #define BCACHE_SB_MAGIC_LEN (sizeof(BCACHE_SB_MAGIC) - 1) - /* super block offset */ --#define BCACHE_SB_OFF 0x1000 -+#define BCACHE_SB_OFF 0x1000U - /* supper block offset in kB */ - #define BCACHE_SB_KBOFF (BCACHE_SB_OFF >> 10) - /* magic string offset within super block */ - #define BCACHE_SB_MAGIC_OFF offsetof(struct bcache_super_block, magic) - /* start of checksummed data within superblock */ --#define BCACHE_SB_CSUMMED_START 8 -+#define BCACHE_SB_CSUMMED_START 8U - /* granularity of offset and length fields within superblock */ --#define BCACHEFS_SECTOR_SIZE 512 -+#define BCACHEFS_SECTOR_SIZE 512U -+/* maximum superblock size shift */ -+#define BCACHEFS_SB_MAX_SIZE_SHIFT 0x10U - /* maximum superblock size */ --#define BCACHEFS_SB_MAX_SIZE 0x100000 -+#define BCACHEFS_SB_MAX_SIZE (1U << BCACHEFS_SB_MAX_SIZE_SHIFT) - /* fields offset within super block */ - #define BCACHEFS_SB_FIELDS_OFF offsetof(struct bcachefs_super_block, _start) - /* tag value for members field */ -@@ -311,12 +313,16 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag) - return BLKID_PROBE_NONE; - - sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs); -- if (sb_size > ((uint64_t) BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits)) -- return BLKID_PROBE_NONE; - - if (sb_size > BCACHEFS_SB_MAX_SIZE) - return BLKID_PROBE_NONE; - -+ if (bcs->layout.sb_max_size_bits > BCACHEFS_SB_MAX_SIZE_SHIFT) -+ return BLKID_PROBE_NONE; -+ -+ if (sb_size > (BCACHEFS_SECTOR_SIZE << bcs->layout.sb_max_size_bits)) -+ return BLKID_PROBE_NONE; -+ - sb = blkid_probe_get_sb_buffer(pr, mag, sb_size); - if (!sb) - return BLKID_PROBE_NONE; diff --git a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix index d710fabb7ace..ba989b41a6ca 100644 --- a/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/util-linux/default.nix @@ -20,16 +20,15 @@ stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; - version = "2.39.2"; + version = "2.39.3"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/util-linux-${version}.tar.xz"; - hash = "sha256-h6vfqo5JD4vm3el298gLm1/58wHhtn44meHwWlmhUx8="; + hash = "sha256-e2YF5I0aSfQ8xLTPxZ8xPQ3VQC+kC5aBC9Vy4Wff7Q8="; }; patches = [ ./rtcwake-search-PATH-for-shutdown.patch - ./bcachefs-patch-set.patch ]; # We separate some of the utilities into their own outputs. This diff --git a/nixpkgs/pkgs/os-specific/linux/v4l2loopback/default.nix b/nixpkgs/pkgs/os-specific/linux/v4l2loopback/default.nix index e17fda67218e..3d16748f05a2 100644 --- a/nixpkgs/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -1,21 +1,16 @@ { lib, stdenv, fetchFromGitHub, kernel, kmod }: -stdenv.mkDerivation rec { +stdenv.mkDerivation { pname = "v4l2loopback"; - version = "unstable-2023-02-19-${kernel.version}"; + version = "unstable-2023-11-23-${kernel.version}"; src = fetchFromGitHub { owner = "umlaeute"; repo = "v4l2loopback"; - rev = "fb410fc7af40e972058809a191fae9517b9313af"; - hash = "sha256-gLFtR7s+3LUQ0BZxHbmaArHbufuphbtAX99nxJU3c84="; + rev = "850a2e36849f6ad3c9bf74f2ae3f603452bd8a71"; + hash = "sha256-LqP5R3oKbjUQUfDZUWpkrmyopWhOt4wlgSgGywTPJXM="; }; - patches = [ - # fix bug https://github.com/umlaeute/v4l2loopback/issues/535 - ./revert-pr518.patch - ]; - hardeningDisable = [ "format" "pic" ]; preBuild = '' diff --git a/nixpkgs/pkgs/os-specific/windows/mcfgthreads/default.nix b/nixpkgs/pkgs/os-specific/windows/mcfgthreads/default.nix index e0635efd0a54..5075107c5a3f 100644 --- a/nixpkgs/pkgs/os-specific/windows/mcfgthreads/default.nix +++ b/nixpkgs/pkgs/os-specific/windows/mcfgthreads/default.nix @@ -1,14 +1,18 @@ -{ stdenv, fetchFromGitHub, autoreconfHook }: +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +}: -stdenv.mkDerivation { - pname = "mcfgthreads"; - version = "unstable-2023-06-06"; +stdenv.mkDerivation rec { + pname = "mcfgthread"; + version = "1.6.1"; src = fetchFromGitHub { owner = "lhmouse"; repo = "mcfgthread"; - rev = "f0a335ce926906d634c787249a89220045bf0f7e"; - hash = "sha256-PLGIyoLdWgWvkHgRe0vHLIvnCxFpmHtbjS8xRhNM9Xw="; + rev = "v${lib.versions.majorMinor version}-ga.${lib.versions.patch version}"; + hash = "sha256-FrmeaQhwLrNewS0HDlbWgCvVQ5U1l0jrw0YVuQdt9Ck="; }; outputs = [ "out" "dev" ]; @@ -16,4 +20,12 @@ stdenv.mkDerivation { nativeBuildInputs = [ autoreconfHook ]; + + meta = { + description = "A threading support library for Windows 7 and above"; + homepage = "https://github.com/lhmouse/mcfgthread/wiki"; + license = lib.licenses.gpl3Plus; + maintainers = with lib.maintainers; [ wegank ]; + platforms = lib.platforms.windows; + }; } |