diff options
Diffstat (limited to 'pkgs/os-specific')
20 files changed, 261 insertions, 71 deletions
diff --git a/pkgs/os-specific/bsd/freebsd/default.nix b/pkgs/os-specific/bsd/freebsd/default.nix index 3a53916a46de..e7252ab35e63 100644 --- a/pkgs/os-specific/bsd/freebsd/default.nix +++ b/pkgs/os-specific/bsd/freebsd/default.nix @@ -2,7 +2,7 @@ , makeScopeWithSplicing, generateSplicesForMkScope , buildPackages , bsdSetupHook, makeSetupHook -, fetchgit, fetchurl, coreutils, groff, mandoc, byacc, flex, which, m4, gawk, substituteAll, runtimeShell +, fetchgit, fetchzip, coreutils, groff, mandoc, byacc, flex, which, m4, gawk, substituteAll, runtimeShell , zlib, expat, libmd , runCommand, writeShellScript, writeText, symlinkJoin }: @@ -75,6 +75,11 @@ in makeScopeWithSplicing in { inherit freebsdSrc; + ports = fetchzip { + url = "https://cgit.freebsd.org/ports/snapshot/ports-dde3b2b456c3a4bdd217d0bf3684231cc3724a0a.tar.gz"; + sha256 = "BpHqJfnGOeTE7tkFJBx0Wk8ryalmf4KNTit/Coh026E="; + }; + # Why do we have splicing and yet do `nativeBuildInputs = with self; ...`? # See note in ../netbsd/default.nix. @@ -388,6 +393,12 @@ in makeScopeWithSplicing outputs = [ "out" "man" "test" ]; }; + sed = mkDerivation { + path = "usr.bin/sed"; + TESTSRC = "${freebsdSrc}/contrib/netbsd-tests"; + MK_TESTS = "no"; + }; + # Don't add this to nativeBuildInputs directly. Use statHook instead. stat = mkDerivation { path = "usr.bin/stat"; diff --git a/pkgs/os-specific/bsd/freebsd/evdev-proto/default.nix b/pkgs/os-specific/bsd/freebsd/evdev-proto/default.nix new file mode 100644 index 000000000000..3c3dcb6d5d67 --- /dev/null +++ b/pkgs/os-specific/bsd/freebsd/evdev-proto/default.nix @@ -0,0 +1,64 @@ +{ lib, stdenv, linuxHeaders, freebsd, runCommandCC, buildPackages }: + +stdenv.mkDerivation { + pname = "evdev-proto"; + inherit (linuxHeaders) version; + + src = freebsd.ports; + + sourceRoot = "source/devel/evdev-proto"; + + useTempPrefix = true; + + nativeBuildInputs = [ freebsd.makeMinimal ]; + + ARCH = freebsd.makeMinimal.MACHINE_ARCH; + OPSYS = "FreeBSD"; + _OSRELEASE = "${lib.versions.majorMinor freebsd.makeMinimal.version}-RELEASE"; + + AWK = "awk"; + CHMOD = "chmod"; + FIND = "find"; + MKDIR = "mkdir -p"; + PKG_BIN = "${buildPackages.pkg}/bin/pkg"; + RM = "rm -f"; + SED = "${buildPackages.freebsd.sed}/bin/sed"; + SETENV = "env"; + SH = "sh"; + TOUCH = "touch"; + XARGS = "xargs"; + + ABI_FILE = runCommandCC "abifile" {} "$CC -shared -o $out"; + CLEAN_FETCH_ENV = true; + INSTALL_AS_USER = true; + NO_CHECKSUM = true; + NO_MTREE = true; + SRC_BASE = freebsd.freebsdSrc; + + preUnpack = '' + export MAKE_JOBS_NUMBER="$NIX_BUILD_CORES" + + export DISTDIR="$PWD/distfiles" + export PKG_DBDIR="$PWD/pkg" + export PREFIX="$prefix" + + mkdir -p "$DISTDIR/evdev-proto" + tar -C "$DISTDIR/evdev-proto" \ + -xf ${linuxHeaders.src} \ + --strip-components 4 \ + linux-${linuxHeaders.version}/include/uapi/linux + ''; + + makeFlags = [ "DIST_SUBDIR=evdev-proto" ]; + + postInstall = '' + mv $prefix $out + ''; + + meta = with lib; { + description = "Input event device header files for FreeBSD"; + maintainers = with maintainers; [ qyliss ]; + platforms = platforms.freebsd; + license = licenses.gpl2Only; + }; +} diff --git a/pkgs/os-specific/bsd/netbsd/default.nix b/pkgs/os-specific/bsd/netbsd/default.nix index 8903db9f36b7..1033927ce675 100644 --- a/pkgs/os-specific/bsd/netbsd/default.nix +++ b/pkgs/os-specific/bsd/netbsd/default.nix @@ -680,6 +680,13 @@ in makeScopeWithSplicing ## ## START LIBRARIES ## + libarch = mkDerivation { + path = "lib/libarch"; + version = "9.2"; + sha256 = "6ssenRhuSwp0Jn71ErT0PrEoCJ+cIYRztwdL4QTDZsQ="; + meta.platforms = lib.platforms.netbsd; + }; + libutil = mkDerivation { path = "lib/libutil"; version = "9.2"; @@ -809,6 +816,16 @@ in makeScopeWithSplicing meta.platforms = lib.platforms.netbsd; }; + libpci = mkDerivation { + pname = "libpci"; + path = "lib/libpci"; + version = "9.2"; + sha256 = "+IOEO1Bw3/H3iCp3uk3bwsFZbvCqN5Ciz70irnPl8E8="; + NIX_CFLAGS_COMPILE = [ "-I." ]; + meta.platforms = lib.platforms.netbsd; + extraPaths = with self; [ sys.src ]; + }; + libpthread-headers = mkDerivation { pname = "libpthread-headers"; path = "lib/libpthread"; diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix index d7ac5d9fd904..839548ae8ffd 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix @@ -45,12 +45,20 @@ let cp -r ${MacOSX-SDK}${standardFrameworkPath name private} $out/Library/Frameworks + if [[ -d ${MacOSX-SDK}/usr/lib/swift/${name}.swiftmodule ]]; then + mkdir -p $out/lib/swift + cp -r -t $out/lib/swift \ + ${MacOSX-SDK}/usr/lib/swift/${name}.swiftmodule \ + ${MacOSX-SDK}/usr/lib/swift/libswift${name}.tbd + fi + # Fix and check tbd re-export references chmod u+w -R $out find $out -name '*.tbd' -type f | while read tbd; do echo "Fixing re-exports in $tbd" rewrite-tbd \ -p ${standardFrameworkPath name private}/:$out/Library/Frameworks/${name}.framework/ \ + -p /usr/lib/swift/:$out/lib/swift/ \ ${mkDepsRewrites deps} \ -r ${builtins.storeDir} \ "$tbd" @@ -163,6 +171,15 @@ in rec { # Seems to be appropriate given https://developer.apple.com/forums/thread/666686 JavaVM = super.JavaNativeFoundation; + + CoreVideo = lib.overrideDerivation super.CoreVideo (drv: { + installPhase = drv.installPhase + '' + # When used as a module, complains about a missing import for + # Darwin.C.stdint. Apparently fixed in later SDKs. + awk -i inplace '/CFBase.h/ { print "#include <stdint.h>" } { print }' \ + $out/Library/Frameworks/CoreVideo.framework/Headers/CVBase.h + ''; + }); }; bareFrameworks = ( diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix index a4f71f12821d..dfa52606c817 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix @@ -3,16 +3,7 @@ , xar, cpio, python3, pbzx }: let - MacOSX-SDK = stdenvNoCC.mkDerivation rec { - pname = "MacOSX-SDK"; - version = "11.0.0"; - - # https://swscan.apple.com/content/catalogs/others/index-11-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog - src = fetchurl { - url = "http://swcdn.apple.com/content/downloads/46/21/001-89745-A_56FM390IW5/v1um2qppgfdnam2e9cdqcqu2r6k8aa3lis/CLTools_macOSNMOS_SDK.pkg"; - sha256 = "0n425smj4q1vxbza8fzwnk323fyzbbq866q32w288c44hl5yhwsf"; - }; - + mkSusDerivation = args: stdenvNoCC.mkDerivation (args // { dontBuild = true; darwinDontCodeSign = true; @@ -24,16 +15,45 @@ let pbzx $src | cpio -idm ''; + passthru = { + inherit (args) version; + }; + }); + + MacOSX-SDK = mkSusDerivation { + pname = "MacOSX-SDK"; + version = "11.0.0"; + + # https://swscan.apple.com/content/catalogs/others/index-11-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog + src = fetchurl { + url = "http://swcdn.apple.com/content/downloads/46/21/001-89745-A_56FM390IW5/v1um2qppgfdnam2e9cdqcqu2r6k8aa3lis/CLTools_macOSNMOS_SDK.pkg"; + sha256 = "0n425smj4q1vxbza8fzwnk323fyzbbq866q32w288c44hl5yhwsf"; + }; + installPhase = '' cd Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk mkdir $out cp -r System usr $out/ ''; + }; - passthru = { - inherit version; + CLTools_Executables = mkSusDerivation { + pname = "CLTools_Executables"; + version = "11.0.0"; + + # https://swscan.apple.com/content/catalogs/others/index-11-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog + src = fetchurl { + url = "http://swcdn.apple.com/content/downloads/46/21/001-89745-A_56FM390IW5/v1um2qppgfdnam2e9cdqcqu2r6k8aa3lis/CLTools_Executables.pkg"; + sha256 = "0nvb1qx7l81l2wcl8wvgbpsg5rcn51ylhivqmlfr2hrrv3zrrpl0"; }; + + installPhase = '' + cd Library/Developer/CommandLineTools + + mkdir $out + cp -r Library usr $out/ + ''; }; callPackage = newScope (packages // pkgs.darwin // { inherit MacOSX-SDK; }); @@ -43,7 +63,7 @@ let # TODO: this is nice to be private. is it worth the callPackage above? # Probably, I don't think that callPackage costs much at all. - inherit MacOSX-SDK; + inherit MacOSX-SDK CLTools_Executables; Libsystem = callPackage ./libSystem.nix {}; LibsystemCross = pkgs.darwin.Libsystem; diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix index dc4ab1955b50..2cf1c5dd0fc8 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix @@ -75,7 +75,7 @@ FileProviderUI = {}; FinderSync = {}; ForceFeedback = { inherit IOKit; }; - Foundation = { inherit ApplicationServices CoreFoundation Security SystemConfiguration libobjc; }; + Foundation = { inherit ApplicationServices CoreFoundation Security SystemConfiguration Combine libobjc; }; GLKit = {}; GLUT = { inherit OpenGL; }; GSS = {}; @@ -159,7 +159,7 @@ ScreenSaver = {}; ScreenTime = {}; ScriptingBridge = {}; - Security = { inherit IOKit libDER; }; + Security = { inherit IOKit libDER xpc; }; SecurityFoundation = { inherit Security; }; SecurityInterface = { inherit Security SecurityFoundation; }; SensorKit = {}; @@ -169,7 +169,7 @@ Speech = {}; SpriteKit = {}; StoreKit = {}; - SwiftUI = {}; + SwiftUI = { inherit AppKit DeveloperToolsSupport UniformTypeIdentifiers; }; SyncServices = {}; System = {}; SystemConfiguration = { inherit Security; }; diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix index 0297f8897f12..7be670425d7a 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix @@ -26,7 +26,7 @@ stdenvNoCC.mkDerivation { ]; installPhase = '' - mkdir -p $out/{include,lib} + mkdir -p $out/{include,lib/swift} for dir in $includeDirs; do from=${MacOSX-SDK}/usr/include/$dir @@ -57,6 +57,13 @@ stdenvNoCC.mkDerivation { $out/lib done + for name in os Dispatch; do + cp -dr \ + ${MacOSX-SDK}/usr/lib/swift/$name.swiftmodule \ + ${MacOSX-SDK}/usr/lib/swift/libswift$name.tbd \ + $out/lib/swift + done + for f in $csu; do from=${MacOSX-SDK}/usr/lib/$f if [ -e "$from" ]; then @@ -71,6 +78,7 @@ stdenvNoCC.mkDerivation { rewrite-tbd \ -c /usr/lib/libsystem.dylib:$out/lib/libsystem.dylib \ -p /usr/lib/system/:$out/lib/system/ \ + -p /usr/lib/swift/:$out/lib/swift/ \ -r ${builtins.storeDir} \ "$tbd" done diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix index 63ef2a1c263e..9288097ef369 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix @@ -8,14 +8,17 @@ let self = stdenvNoCC.mkDerivation { dontBuild = true; installPhase = '' - mkdir -p $out/{include,lib} + mkdir -p $out/{include,lib/swift} cp -r ${MacOSX-SDK}/usr/include/objc $out/include cp ${MacOSX-SDK}/usr/lib/libobjc* $out/lib + cp -r ${MacOSX-SDK}/usr/lib/swift/ObjectiveC.swiftmodule $out/lib/swift + cp ${MacOSX-SDK}/usr/lib/swift/libswiftObjectiveC.tbd $out/lib/swift ''; passthru = { tbdRewrites = { const."/usr/lib/libobjc.A.dylib" = "${self}/lib/libobjc.A.dylib"; + const."/usr/lib/swift/libswiftObjectiveC.dylib" = "${self}/lib/swift/libswiftObjectiveC.dylib"; }; }; }; in self diff --git a/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix b/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix index b413744677d2..74f1160e4306 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix @@ -5,8 +5,6 @@ appleDerivation' stdenv { srcs = lib.attrValues IOKitSrcs; sourceRoot = "."; - phases = [ "unpackPhase" "installPhase" ]; - __propagatedImpureHostDeps = [ "/System/Library/Frameworks/IOKit.framework/IOKit" "/System/Library/Frameworks/IOKit.framework/Resources" diff --git a/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix b/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix index bb09adce252e..f4fe65b8066c 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix @@ -1,8 +1,6 @@ { appleDerivation', stdenv, darwin-stubs }: appleDerivation' stdenv { - phases = [ "unpackPhase" "installPhase" ]; - __propagatedImpureHostDeps = [ "/System/Library/Frameworks/Security.framework/Security" "/System/Library/Frameworks/Security.framework/Resources" diff --git a/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix b/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix index 64de728805fd..4082f5b760cf 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix @@ -1,8 +1,7 @@ { appleDerivation', stdenvNoCC }: appleDerivation' stdenvNoCC { - phases = [ "unpackPhase" "installPhase" ]; - + dontBuild = true; installPhase = '' mkdir -p $out/include cp mDNSShared/dns_sd.h $out/include diff --git a/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix b/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix index 2fc4afa77d9f..315f0fb06219 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix @@ -1,8 +1,6 @@ { appleDerivation, darwin-stubs }: appleDerivation { - phases = [ "unpackPhase" "installPhase" ]; - # Not strictly necessary, since libSystem depends on it, but it's nice to be explicit so we # can easily find out what's impure. __propagatedImpureHostDeps = [ diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index 020aee04af79..303eb801478c 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -130,6 +130,10 @@ in stdenv.mkDerivation rec { mkdir $out/etc/bluetooth ln -s /etc/bluetooth/main.conf $out/etc/bluetooth/main.conf + # https://github.com/NixOS/nixpkgs/issues/204418 + ln -s /etc/bluetooth/input.conf $out/etc/bluetooth/input.conf + ln -s /etc/bluetooth/network.conf $out/etc/bluetooth/network.conf + # Add missing tools, ref https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/bluez for files in `find tools/ -type f -perm -755`; do filename=$(basename $files) diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index 951c84eaf492..8396fd5e3d33 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -1,42 +1,43 @@ -{ lib, stdenv, fetchFromGitHub -, meson, ninja, pkg-config, gettext, libxslt, docbook_xsl_ns -, libcap, libidn2 +{ lib +, stdenv +, fetchFromGitHub +, meson +, ninja +, pkg-config +, gettext +, libxslt +, docbook_xsl_ns +, libcap +, libidn2 , iproute2 , apparmorRulesFromClosure }: -let - version = "20211215"; - sunAsIsLicense = { - fullName = "AS-IS, SUN MICROSYSTEMS license"; - url = "https://github.com/iputils/iputils/blob/s${version}/rdisc.c"; - }; -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { pname = "iputils"; - inherit version; + version = "20221126"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "1vzdch1xi2x2j8mvnsr4wwwh7kdkgf926xafw5kkb74yy1wac5qv"; + hash = "sha256-XVoQhdjBmEK8TbCpaKLjebPw7ZT8iEvyLJDTCkzezeE="; }; - outputs = ["out" "apparmor"]; + outputs = [ "out" "apparmor" ]; # We don't have the required permissions inside the build sandbox: # /build/source/build/ping/ping: socket: Operation not permitted doCheck = false; mesonFlags = [ - "-DBUILD_RARPD=true" "-DNO_SETCAP_OR_SUID=true" "-Dsystemdunitdir=etc/systemd/system" "-DINSTALL_SYSTEMD_UNITS=true" "-DSKIP_TESTS=${lib.boolToString (!doCheck)}" ] - # Disable idn usage w/musl (https://github.com/iputils/iputils/pull/111): - ++ lib.optional stdenv.hostPlatform.isMusl "-DUSE_IDN=false"; + # Disable idn usage w/musl (https://github.com/iputils/iputils/pull/111): + ++ lib.optional stdenv.hostPlatform.isMusl "-DUSE_IDN=false"; nativeBuildInputs = [ meson ninja pkg-config gettext libxslt.bin docbook_xsl_ns ]; buildInputs = [ libcap ] @@ -65,23 +66,19 @@ in stdenv.mkDerivation rec { ''; meta = with lib; { + homepage = "https://github.com/iputils/iputils"; + changelog = "https://github.com/iputils/iputils/releases/tag/${version}"; description = "A set of small useful utilities for Linux networking"; - inherit (src.meta) homepage; - changelog = "https://github.com/iputils/iputils/releases/tag/s${version}"; - license = with licenses; [ gpl2Plus bsd3 sunAsIsLicense ]; - platforms = platforms.linux; - maintainers = with maintainers; [ primeos lheckemann ]; - longDescription = '' A set of small useful utilities for Linux networking including: - arping - clockdiff - ninfod - ping - rarpd - rdisc - tracepath + - arping: send ARP REQUEST to a neighbour host + - clockdiff: measure clock difference between hosts + - ping: send ICMP ECHO_REQUEST to network hosts + - tracepath: traces path to a network host discovering MTU along this path ''; + license = with licenses; [ gpl2Plus bsd3 ]; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos lheckemann ]; }; } diff --git a/pkgs/os-specific/linux/lvm2/2_03.nix b/pkgs/os-specific/linux/lvm2/2_03.nix index 2f48448541b3..5a5193997be0 100644 --- a/pkgs/os-specific/linux/lvm2/2_03.nix +++ b/pkgs/os-specific/linux/lvm2/2_03.nix @@ -1,4 +1,4 @@ import ./common.nix { - version = "2.03.17"; - hash = "sha256-cobPqWUYKMWJOJUJVGMzuNqWXfqEoaTIqz5oGkf6uuc="; + version = "2.03.18"; + hash = "sha256-n2g+KYDZXA3Ou9JcfBdwMsVhXXJnv8iF6r/OWSgPR2k="; } diff --git a/pkgs/os-specific/linux/sgx/psw/default.nix b/pkgs/os-specific/linux/sgx/psw/default.nix index ba2d0967e45d..4a5e50d9c6ab 100644 --- a/pkgs/os-specific/linux/sgx/psw/default.nix +++ b/pkgs/os-specific/linux/sgx/psw/default.nix @@ -132,7 +132,7 @@ stdenv.mkDerivation rec { # NixOS module which is based on those files without relying on them. Still, it # is helpful to have properly patched versions for non-NixOS distributions. postFixup = '' - header "Fixing aesmd.service" + echo "Fixing aesmd.service" substituteInPlace $out/lib/systemd/system/aesmd.service \ --replace '@aesm_folder@' \ "$out/aesm" \ @@ -149,7 +149,7 @@ stdenv.mkDerivation rec { --replace "/bin/kill" \ "${coreutils}/bin/kill" - header "Fixing remount-dev-exec.service" + echo "Fixing remount-dev-exec.service" substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \ --replace '/bin/mount' \ "${util-linux}/bin/mount" diff --git a/pkgs/os-specific/linux/sgx/sdk/default.nix b/pkgs/os-specific/linux/sgx/sdk/default.nix index 5213dc1e4fda..053aaecbcbb7 100644 --- a/pkgs/os-specific/linux/sgx/sdk/default.nix +++ b/pkgs/os-specific/linux/sgx/sdk/default.nix @@ -109,7 +109,7 @@ stdenv.mkDerivation rec { }; in '' - header "Setting up IPP crypto build artifacts" + echo "Setting up IPP crypto build artifacts" pushd 'external/ippcp_internal' @@ -149,7 +149,7 @@ stdenv.mkDerivation rec { ./linux/installer/bin/sgx_linux_x64_sdk_${version}.bin -prefix $installDir installDir=$installDir/sgxsdk - header "Move files created by installer" + echo "Move files created by installer" mkdir -p $out/bin pushd $out @@ -206,15 +206,15 @@ stdenv.mkDerivation rec { preFixup = '' - header "Strip sgxsdk prefix" + echo "Strip sgxsdk prefix" for path in "$out/share/bin/environment" "$out/bin/sgx-gdb"; do substituteInPlace $path --replace "$TMPDIR/sgxsdk" "$out" done - header "Fixing pkg-config files" + echo "Fixing pkg-config files" sed -i "s|prefix=.*|prefix=$out|g" $out/lib/pkgconfig/*.pc - header "Fixing SGX_SDK default in samples" + echo "Fixing SGX_SDK default in samples" substituteInPlace $out/share/SampleCode/LocalAttestation/buildenv.mk \ --replace '/opt/intel/sgxsdk' "$out" for file in $out/share/SampleCode/*/Makefile; do @@ -222,12 +222,12 @@ stdenv.mkDerivation rec { --replace '/opt/intel/sgxsdk' "$out" done - header "Fixing BINUTILS_DIR in buildenv.mk" + echo "Fixing BINUTILS_DIR in buildenv.mk" substituteInPlace $out/share/bin/buildenv.mk \ --replace 'BINUTILS_DIR ?= /usr/local/bin' \ 'BINUTILS_DIR ?= ${BINUTILS_DIR}' - header "Fixing GDB path in bin/sgx-gdb" + echo "Fixing GDB path in bin/sgx-gdb" substituteInPlace $out/bin/sgx-gdb --replace '/usr/local/bin/gdb' '${gdb}/bin/gdb' ''; diff --git a/pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch b/pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch new file mode 100644 index 000000000000..c64fdd8d34c0 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0019-tpm2_context_init-fix-driver-name-checking.patch @@ -0,0 +1,44 @@ +From 236e9281cb158be3191c500524fbc5f397a25e03 Mon Sep 17 00:00:00 2001 +From: Nick Cao <nickcao@nichi.co> +Date: Sun, 15 Jan 2023 20:15:55 +0800 +Subject: [PATCH] tpm2_context_init: fix driver name checking + +https://github.com/systemd/systemd/commit/542dbc623e introduced +additional checks for tpm2 driver names, namely ensuring the driver +name, when concated with "libtss2-tcti-" and ".so.0", generates a valid +filename (with no '/' inside). + +For example, if the driver is name "device", the line + fn = strjoina("libtss2-tcti-", driver, ".so.0") +would yield "libtss2-tcti-device.so.0", passing the check. And the +filename is then passed to dlopen for loading the driver. + +Our current approach for systemd to correctly locate these dynamically +loaded libraries is to patch the filenames to include their absolute +path. Thus the line mentioned above is patched into + fn = strjoina("/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-", driver, ".so.0") +yielding "/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-device.so.0", +tripping the check. + +This patch relaxes the check to also accept absolute paths, by replacing +filename_is_valid with path_is_valid. +--- + src/shared/tpm2-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c +index ba8dfb041d..7de5d5fc77 100644 +--- a/src/shared/tpm2-util.c ++++ b/src/shared/tpm2-util.c +@@ -192,7 +192,7 @@ int tpm2_context_init(const char *device, struct tpm2_context *ret) { + fn = strjoina("libtss2-tcti-", driver, ".so.0"); + + /* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */ +- if (!filename_is_valid(fn)) ++ if (!path_is_valid(fn)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver); + + dl = dlopen(fn, RTLD_NOW); +-- +2.39.0 + diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index fadb6a486c82..4af13ea26af5 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -174,6 +174,7 @@ stdenv.mkDerivation { ./0016-pkg-config-derive-prefix-from-prefix.patch ./0017-inherit-systemd-environment-when-calling-generators.patch ./0018-core-don-t-taint-on-unmerged-usr.patch + ./0019-tpm2_context_init-fix-driver-name-checking.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix index 2d954d83ecf3..ba4fe8356ce7 100644 --- a/pkgs/os-specific/linux/wpa_supplicant/default.nix +++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix @@ -1,8 +1,8 @@ { lib, stdenv, fetchurl, openssl, pkg-config, libnl , nixosTests, wpa_supplicant_gui -, dbusSupport ? true, dbus +, dbusSupport ? !stdenv.hostPlatform.isStatic, dbus , withReadline ? true, readline -, withPcsclite ? true, pcsclite +, withPcsclite ? !stdenv.hostPlatform.isStatic, pcsclite , readOnlyModeSSIDs ? false }: @@ -73,6 +73,15 @@ stdenv.mkDerivation rec { CONFIG_CTRL_IFACE_DBUS=y CONFIG_CTRL_IFACE_DBUS_NEW=y CONFIG_CTRL_IFACE_DBUS_INTRO=y + '' + # Upstream uses conditionals based on ifdef, so opposite of =y is + # not =n, as one may expect, but undefine. + # + # This config is sourced into makefile. + + optionalString (!dbusSupport) '' + undefine CONFIG_CTRL_IFACE_DBUS + undefine CONFIG_CTRL_IFACE_DBUS_NEW + undefine CONFIG_CTRL_IFACE_DBUS_INTRO '' + (if withReadline then '' CONFIG_READLINE=y '' else '' @@ -104,13 +113,15 @@ stdenv.mkDerivation rec { mkdir -p $out/share/man/man5 $out/share/man/man8 cp -v "doc/docbook/"*.5 $out/share/man/man5/ cp -v "doc/docbook/"*.8 $out/share/man/man8/ - + '' + + lib.optionalString dbusSupport '' mkdir -p $out/share/dbus-1/system.d $out/share/dbus-1/system-services $out/etc/systemd/system cp -v "dbus/"*service $out/share/dbus-1/system-services sed -e "s@/sbin/wpa_supplicant@$out&@" -i "$out/share/dbus-1/system-services/"* cp -v dbus/dbus-wpa_supplicant.conf $out/share/dbus-1/system.d cp -v "systemd/"*.service $out/etc/systemd/system - + '' + + '' rm $out/share/man/man8/wpa_priv.8 install -Dm444 wpa_supplicant.conf $out/share/doc/wpa_supplicant/wpa_supplicant.conf.example ''; |