8 files changed, 231 insertions, 99 deletions
diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix
index 4300d576b8d9..ac1e1f8038dd 100644
--- a/pkgs/os-specific/linux/batman-adv/default.nix
+++ b/pkgs/os-specific/linux/batman-adv/default.nix
@@ -1,7 +1,7 @@
 { lib
 , stdenv
 , fetchurl
-, fetchpatch
+, fetchpatch2
 , kernel
 }:
 
@@ -16,6 +16,14 @@ stdenv.mkDerivation rec {
     sha256 = cfg.sha256.${pname};
   };
 
+  patches = [
+    # batman-adv: compat: Fix skb_vlan_eth_hdr conflict in stable kernels
+    (fetchpatch2 {
+      url = "https://git.open-mesh.org/batman-adv.git/commitdiff_plain/be69e50e8c249ced085d41ddd308016c1c692174?hp=74d3c5e1c682a9efe31b75e8986668081a4b5341";
+      sha256 = "sha256-yfEiU74wuMSKal/6mwzgdccqDMEv4P7CkAeiSAEwvjA=";
+    })
+  ];
+
   nativeBuildInputs = kernel.moduleBuildDependencies;
   makeFlags = kernel.makeFlags ++ [
     "KERNELPATH=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix
index e54916f45901..dab2f2290fc1 100644
--- a/pkgs/os-specific/linux/iwd/default.nix
+++ b/pkgs/os-specific/linux/iwd/default.nix
@@ -1,6 +1,5 @@
 { lib, stdenv
 , fetchgit
-, fetchpatch
 , autoreconfHook
 , pkg-config
 , ell
@@ -14,23 +13,14 @@
 
 stdenv.mkDerivation rec {
   pname = "iwd";
-  version = "2.11";
+  version = "2.12";
 
   src = fetchgit {
     url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git";
     rev = version;
-    hash = "sha256-kE9GBVTKNpgEuE9jQ7k85OhEAN3VWgjmAgifvZfq46I=";
+    hash = "sha256-XlhzPEXYGmJvQ6ZfPK1nxbHibXLdNsDKhZ0UAIRmN6U=";
   };
 
-  patches = [
-    # Fix unit/test-dpp on aarch64.
-    (fetchpatch {
-      name = "size_t-vararg.patch";
-      url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=688d27700833258a139a6fbd5661334bd2c9fa98";
-      hash = "sha256-g3gG1c25o6ODFfHL4a0HcnNJBBOKRbdo+ZuVbzoxCLs=";
-    })
-  ];
-
   outputs = [ "out" "man" "doc" ]
     ++ lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "test";
 
diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix
index 658dc4a193c3..ab5b7c04e9f6 100644
--- a/pkgs/os-specific/linux/kernel/zen-kernels.nix
+++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix
@@ -4,16 +4,16 @@ let
   # comments with variant added for update script
   # ./update-zen.py zen
   zenVariant = {
-    version = "6.6.8"; #zen
+    version = "6.6.9"; #zen
     suffix = "zen1"; #zen
-    sha256 = "1b7ji0zb0wbpl92zrjrqh69cm8n7vyq7a7smsww01agvr1nd8djc"; #zen
+    sha256 = "09vrkwyx4ri6ba48jfv8j4ssj0h0w2wgzqwwb8ribif1rkb59mw0"; #zen
     isLqx = false;
   };
   # ./update-zen.py lqx
   lqxVariant = {
-    version = "6.6.8"; #lqx
-    suffix = "lqx2"; #lqx
-    sha256 = "1hb6g657ivpnyqw6xsd6b09kwlh4vv11wv68ydcmsd5cg6qmv2zy"; #lqx
+    version = "6.6.9"; #lqx
+    suffix = "lqx1"; #lqx
+    sha256 = "1ivf4iwxjp28xmfk8y3wxs64jqrjzgn6xwxkpad3mxc9n18yl8hz"; #lqx
     isLqx = true;
   };
   zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {
diff --git a/pkgs/os-specific/linux/linux-wifi-hotspot/default.nix b/pkgs/os-specific/linux/linux-wifi-hotspot/default.nix
index 01607be58fc4..17a00496a626 100644
--- a/pkgs/os-specific/linux/linux-wifi-hotspot/default.nix
+++ b/pkgs/os-specific/linux/linux-wifi-hotspot/default.nix
@@ -26,13 +26,13 @@
 
 stdenv.mkDerivation rec {
   pname = "linux-wifi-hotspot";
-  version = "4.6.0";
+  version = "4.7.0";
 
   src = fetchFromGitHub {
     owner = "lakinduakash";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-u9OdSpdxnjHOrK6PP/SFvGRtezssoZSoJFGVdRbOIPU=";
+    sha256 = "sha256-YwxVQNuxZib0yjG/+W0BZu39iS96UPYITV1vWsR7MzQ=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/os-specific/linux/lxc/add-meson-options.patch b/pkgs/os-specific/linux/lxc/add-meson-options.patch
new file mode 100644
index 000000000000..01aea4df2747
--- /dev/null
+++ b/pkgs/os-specific/linux/lxc/add-meson-options.patch
@@ -0,0 +1,153 @@
+diff --git a/meson.build b/meson.build
+index 21a8705d0..f12b81442 100644
+--- a/meson.build
++++ b/meson.build
+@@ -50,7 +50,7 @@ rootfsmount = get_option('rootfs-mount-path')
+ user_network_db_opt = get_option('usernet-db-path')
+ user_network_conf_opt = get_option('usernet-config-path')
+ 
+-bashcompletiondir = join_paths('/', 'usr', 'share', 'bash-completion', 'completions')
++bashcompletiondir = join_paths(prefixdir, get_option('datadir'), 'bash-completion', 'completions')
+ bindir = join_paths(prefixdir, get_option('bindir'))
+ datadir = join_paths(prefixdir, get_option('datadir'))
+ mandir = join_paths(prefixdir, get_option('mandir'))
+@@ -123,22 +123,6 @@ conf.set('PACKAGE_VERSION', meson.project_version())
+ conf.set('RUNTIME_PATH', runtimepath)
+ conf.set('SYSCONFDIR', sysconfdir)
+ 
+-# Set sysconfdir
+-fs = import('fs')
+-distrosysconfdir = get_option('distrosysconfdir')
+-if distrosysconfdir != ''
+-    distrosysconfdir = join_paths(sysconfdir, distrosysconfdir)
+-    conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir)
+-elif fs.is_dir('/etc/sysconfig')
+-    distrosysconfdir = join_paths(sysconfdir, 'sysconfig')
+-    conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir)
+-elif fs.is_dir('/etc/default')
+-    distrosysconfdir = join_paths(sysconfdir, 'default')
+-    conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir)
+-else
+-    error('"distrosysconfdir" is not set')
+-endif
+-
+ # Cross-compile on Android.
+ srcconf.set10('IS_BIONIC', host_machine.system() == 'android')
+ 
+@@ -148,6 +132,7 @@ coverity = get_option('coverity-build')
+ init_script = get_option('init-script')
+ sanitize = get_option('b_sanitize')
+ want_examples = get_option('examples')
++want_install_init = get_option('install-init-files')
+ want_io_uring = get_option('io-uring-event-loop')
+ want_pam_cgroup = get_option('pam-cgroup')
+ want_mans = get_option('man')
+@@ -160,10 +145,30 @@ want_openssl = get_option('openssl')
+ want_selinux = get_option('selinux')
+ want_oss_fuzz = get_option('oss-fuzz')
+ want_seccomp = get_option('seccomp')
++want_spec = get_option('specfile')
++want_state_dirs = get_option('install-state-dirs')
+ want_thread_safety = get_option('thread-safety')
+ want_memfd_rexec = get_option('memfd-rexec')
+ want_sd_bus = get_option('sd-bus')
+ 
++# Set sysconfdir
++fs = import('fs')
++if want_install_init
++    distrosysconfdir = get_option('distrosysconfdir')
++    if distrosysconfdir != ''
++        distrosysconfdir = join_paths(sysconfdir, distrosysconfdir)
++        conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir)
++    elif fs.is_dir('/etc/sysconfig')
++        distrosysconfdir = join_paths(sysconfdir, 'sysconfig')
++        conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir)
++    elif fs.is_dir('/etc/default')
++        distrosysconfdir = join_paths(sysconfdir, 'default')
++        conf.set('LXC_DISTRO_SYSCONF', distrosysconfdir)
++    else
++        error('"distrosysconfdir" is not set')
++    endif
++endif
++
+ srcconf.set_quoted('DEFAULT_CGROUP_PATTERN', cgrouppattern)
+ if coverity
+     srcconf.set('ENABLE_COVERITY_BUILD', 1)
+@@ -926,14 +931,16 @@ if want_apparmor
+ endif
+ subdir('config/bash')
+ subdir('config/etc')
+-subdir('config/init/common')
+-subdir('config/init/systemd')
+-subdir('config/init/sysvinit')
+-subdir('config/init/upstart')
++if want_install_init
++    subdir('config/init/common')
++    subdir('config/init/systemd')
++    subdir('config/init/sysvinit')
++    subdir('config/init/upstart')
++    subdir('config/sysconfig')
++endif
+ if want_selinux
+     subdir('config/selinux')
+ endif
+-subdir('config/sysconfig')
+ subdir('config/templates')
+ subdir('config/templates/common.conf.d')
+ subdir('config/yum')
+@@ -963,21 +970,25 @@ pkg_config_file = pkgconfig.generate(liblxc,
+ )
+ 
+ # Empty dirs.
+-install_emptydir(join_paths(localstatedir, 'cache', 'lxc'))
+-install_emptydir(join_paths(localstatedir, 'lib', 'lxc'))
++if want_state_dirs
++    install_emptydir(join_paths(localstatedir, 'cache', 'lxc'))
++    install_emptydir(join_paths(localstatedir, 'lib', 'lxc'))
++endif
+ 
+ # RPM spec file.
+-specconf = configuration_data()
+-specconf.set('LXC_VERSION_BASE', meson.project_version())
+-specconf.set('LXC_VERSION_BETA', version_data.get('LXC_VERSION_BETA'))
+-specconf.set('PACKAGE', meson.project_name())
+-specconf.set('LXC_DISTRO_SYSCONF', conf.get('LXC_DISTRO_SYSCONF'))
+-
+-configure_file(
+-    configuration: specconf,
+-    input: 'lxc.spec.in',
+-    output: 'lxc.spec',
+-    install: false)
++if want_spec
++    specconf = configuration_data()
++    specconf.set('LXC_VERSION_BASE', meson.project_version())
++    specconf.set('LXC_VERSION_BETA', version_data.get('LXC_VERSION_BETA'))
++    specconf.set('PACKAGE', meson.project_name())
++    specconf.set('LXC_DISTRO_SYSCONF', conf.get('LXC_DISTRO_SYSCONF'))
++
++    configure_file(
++        configuration: specconf,
++        input: 'lxc.spec.in',
++        output: 'lxc.spec',
++        install: false)
++endif
+ 
+ # Build overview.
+ status = [
+diff --git a/meson_options.txt b/meson_options.txt
+index 9803473d2..84a6d45b5 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -120,3 +120,12 @@ option('memfd-rexec', type : 'boolean', value : 'true',
+ 
+ option('distrosysconfdir', type : 'string', value: '',
+        description: 'relative path to sysconfdir for distro default configuration')
++
++option('specfile', type : 'boolean', value: true,
++       description: 'whether to prepare RPM spec')
++
++option('install-init-files', type : 'boolean', value: true,
++       description: 'whether to install init files for local init (e.g. systemd, sysvinit)')
++
++option('install-state-dirs', type : 'boolean', value: true,
++       description: 'whether to create state directories on install')
diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix
index 4192de0cfeab..4caf5b9aa943 100644
--- a/pkgs/os-specific/linux/lxc/default.nix
+++ b/pkgs/os-specific/linux/lxc/default.nix
@@ -1,102 +1,81 @@
-{ lib, stdenv, fetchurl, autoreconfHook, pkg-config, perl, docbook2x
-, docbook_xml_dtd_45, python3Packages, pam, fetchpatch
-
-# Optional Dependencies
-, libapparmor ? null, gnutls ? null, libselinux ? null, libseccomp ? null
-, libcap ? null, systemd ? null
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  docbook2x,
+  libapparmor,
+  libcap,
+  libseccomp,
+  libselinux,
+  meson,
+  ninja,
+  nix-update-script,
+  nixosTests,
+  openssl,
+  pam,
+  pkg-config,
+  systemd,
 }:
 
 stdenv.mkDerivation rec {
   pname = "lxc";
-  version = "4.0.12";
+  version = "5.0.3";
 
-  src = fetchurl {
-    url = "https://linuxcontainers.org/downloads/lxc/lxc-${version}.tar.gz";
-    sha256 = "1vyk2j5w9gfyh23w3ar09cycyws16mxh3clbb33yhqzwcs1jy96v";
+  src = fetchFromGitHub {
+    owner = "lxc";
+    repo = "lxc";
+    rev = "refs/tags/lxc-${version}";
+    hash = "sha256-lnLmLgWXt3pI2S+4OeHRlPP5gui7S7ZXXClFt+n/8sY=";
   };
 
   nativeBuildInputs = [
-    autoreconfHook pkg-config perl docbook2x python3Packages.wrapPython
+    docbook2x
+    meson
+    ninja
+    pkg-config
   ];
+
   buildInputs = [
-    pam libapparmor gnutls libselinux libseccomp libcap
-    python3Packages.python python3Packages.setuptools systemd
+    libapparmor
+    libcap
+    libseccomp
+    libselinux
+    openssl
+    pam
+    systemd
   ];
 
-  patches = [
-    ./support-db2x.patch
+  patches = [ ./add-meson-options.patch ];
 
-    # Backport of https://github.com/lxc/lxc/pull/4179 for glibc-2.36 build
-    (fetchpatch {
-      url = "https://github.com/lxc/lxc/commit/c1115e1503bf955c97f4cf3b925a6a9f619764c3.patch";
-      sha256 = "sha256-aC1XQesRJfkyQnloB3NvR4p/1WITrqkGYzw50PDxDrs=";
-      excludes = [ "meson.build" ];
-    })
+  mesonFlags = [
+    "-Dinstall-init-files=false"
+    "-Dinstall-state-dirs=false"
+    "-Dspecfile=false"
   ];
 
-  postPatch = ''
-    sed -i '/chmod u+s/d' src/lxc/Makefile.am
-  '';
-
-  XML_CATALOG_FILES = "${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml";
-
-  configureFlags = [
-    "--enable-pam"
-    "--localstatedir=/var"
-    "--sysconfdir=/etc"
-    "--disable-api-docs"
-    "--with-init-script=none"
-    "--with-distro=nixos" # just to be sure it is "unknown"
-  ] ++ lib.optional (libapparmor != null) "--enable-apparmor"
-    ++ lib.optional (libselinux != null) "--enable-selinux"
-    ++ lib.optional (libseccomp != null) "--enable-seccomp"
-    ++ lib.optional (libcap != null) "--enable-capabilities"
-    ++ [
-    "--disable-examples"
-    "--enable-python"
-    "--disable-lua"
-    "--enable-bash"
-    (if doCheck then "--enable-tests" else "--disable-tests")
-    "--with-rootfs-path=/var/lib/lxc/rootfs"
-  ];
+  enableParallelBuilding = true;
 
-  doCheck = false;
+  doCheck = true;
 
-  installFlags = [
-    "localstatedir=\${TMPDIR}"
-    "sysconfdir=\${out}/etc"
-    "sysconfigdir=\${out}/etc/default"
-    "bashcompdir=\${out}/share/bash-completion/completions"
-    "READMEdir=\${TMPDIR}/var/lib/lxc/rootfs"
-    "LXCPATH=\${TMPDIR}/var/lib/lxc"
-  ];
-
-  postInstall = ''
-    wrapPythonPrograms
-
-    completions=(
-      lxc-attach lxc-cgroup lxc-console lxc-destroy lxc-device lxc-execute
-      lxc-freeze lxc-info lxc-monitor lxc-snapshot lxc-stop lxc-unfreeze
-    )
-    pushd $out/share/bash-completion/completions/
-      mv lxc lxc-start
-      for completion in ''${completions[@]}; do
-        ln -sfn lxc-start $completion
-      done
-    popd
-  '';
+  passthru = {
+    tests.incus = nixosTests.incus.container;
+    updateScript = nix-update-script {
+      extraArgs = [
+        "-vr"
+        "lxc-(.*)"
+      ];
+    };
+  };
 
   meta = {
     homepage = "https://linuxcontainers.org/";
     description = "Userspace tools for Linux Containers, a lightweight virtualization system";
-    license = lib.licenses.lgpl21Plus;
+    license = lib.licenses.gpl2;
 
     longDescription = ''
-      LXC is the userspace control package for Linux Containers, a
-      lightweight virtual system mechanism sometimes described as
-      "chroot on steroids". LXC builds up from chroot to implement
-      complete virtual systems, adding resource management and isolation
-      mechanisms to Linux’s existing process management infrastructure.
+      LXC containers are often considered as something in the middle between a chroot and a
+      full fledged virtual machine. The goal of LXC is to create an environment as close as
+      possible to a standard Linux installation but without the need for a separate kernel.
     '';
 
     platforms = lib.platforms.linux;
diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
index f28cb28ef373..46587028f296 100644
--- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
+++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }:
+{ lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, pam, openssl, perl }:
 
 stdenv.mkDerivation rec {
   pname = "pam_ssh_agent_auth";
@@ -46,6 +46,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  passthru.tests.sudo = nixosTests.ssh-agent-auth;
+
   meta = {
     homepage = "https://github.com/jbeverly/pam_ssh_agent_auth";
     description = "PAM module for authentication through the SSH agent";
diff --git a/pkgs/os-specific/linux/plymouth/default.nix b/pkgs/os-specific/linux/plymouth/default.nix
index deee6ad2b68d..90f400defc2d 100644
--- a/pkgs/os-specific/linux/plymouth/default.nix
+++ b/pkgs/os-specific/linux/plymouth/default.nix
@@ -20,7 +20,7 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "plymouth";
-  version = "23.356.9";
+  version = "23.360.11";
 
   outputs = [ "out" "dev" ];
 
@@ -29,7 +29,7 @@ stdenv.mkDerivation (finalAttrs: {
     owner = "plymouth";
     repo = "plymouth";
     rev = finalAttrs.version;
-    hash = "sha256-71QMhQqWpa4FID9vPEL2QuOaGxuk7+sXKRynCa1n2tw=";
+    hash = "sha256-Uun4KtrbkFCiGq3WpZlZ8NKKCOnM+jcgYa8qoqAYdaw=";
   };
 
   patches = [