From 91f2eb73aef9e9547a6dca7f9fa3ea6ffa452f67 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 13 Jan 2019 15:44:18 -0600 Subject: bcc: 0.7.0 -> 0.8.0 --- pkgs/os-specific/linux/bcc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/bcc/default.nix b/pkgs/os-specific/linux/bcc/default.nix index 5a40368f3ceb..d66c5dad7716 100644 --- a/pkgs/os-specific/linux/bcc/default.nix +++ b/pkgs/os-specific/linux/bcc/default.nix @@ -4,14 +4,14 @@ }: python.pkgs.buildPythonApplication rec { - version = "0.7.0"; + version = "0.8.0"; name = "bcc-${version}"; src = fetchFromGitHub { owner = "iovisor"; repo = "bcc"; rev = "v${version}"; - sha256 = "1ww7l0chx2ivw9d2ahxjyhxmh6hz3w5z69r4lz02f0361rnrvk7f"; + sha256 = "15vvybllmh9hdj801v3psd671c0qq2a1xdv73kabb9r4fzgaknxk"; }; format = "other"; -- cgit 1.4.1 From b147fa1cbcc0294b8e252d446eae6d0273624a49 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Wed, 16 Jan 2019 08:34:44 -0600 Subject: fwts: 18.12.00 -> 19.01.00 https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/19.01.00 --- pkgs/os-specific/linux/fwts/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/fwts/default.nix b/pkgs/os-specific/linux/fwts/default.nix index daeda5fa8c07..fb609f4a7270 100644 --- a/pkgs/os-specific/linux/fwts/default.nix +++ b/pkgs/os-specific/linux/fwts/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "fwts-${version}"; - version = "18.12.00"; + version = "19.01.00"; src = fetchzip { url = "http://fwts.ubuntu.com/release/fwts-V${version}.tar.gz"; - sha256 = "10kzn5r099i4b8m5l7s68fs885d126l9cingq9gj1g574c18hg2s"; + sha256 = "00vixb8kml5hgdqscqr9biwbvivfjwpf1fk53425kdqzyg6bqsmq"; stripRoot = false; }; -- cgit 1.4.1 From d1e838ed23a337f92abe7cbc3b945c84ba33c58e Mon Sep 17 00:00:00 2001 From: Ivan Jager Date: Wed, 16 Jan 2019 16:08:50 -0600 Subject: zfsUnstable: 0.8.0-rc2 -> 0.8.0-rc3 --- pkgs/os-specific/linux/zfs/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index 9d48ee015099..cca7e6ac5a5b 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -93,6 +93,7 @@ let configureFlags = [ "--with-config=${configFile}" + "--with-python=${python3}/bin/python3" ] ++ optionals buildUser [ "--with-dracutdir=$(out)/lib/dracut" "--with-udevdir=$(out)/lib/udev" @@ -180,10 +181,10 @@ in { # incompatibleKernelVersion = "4.19"; # this package should point to a version / git revision compatible with the latest kernel release - version = "0.8.0-rc2"; + version = "0.8.0-rc3"; - rev = "af2e8411dacbc694b1aaf9074e68a9d12270e74c"; - sha256 = "0wm7x9dwrw30jnjlnz6a224h88qd6a5794pzbjsih50lqb10g2gy"; + rev = "9b626c126e78cdc36200b66c7cd1dc6a06cf400d"; + sha256 = "0wmkis0q2gbj7sgx3ipxngbgzjcf7ay353v3mglf2ay50q4da5i7"; isUnstable = true; extraPatches = [ -- cgit 1.4.1 From 1f2a3fe040002a638d7c99da3899e088f2947b5f Mon Sep 17 00:00:00 2001 From: Ivan Jager Date: Sat, 19 Jan 2019 06:22:24 -0600 Subject: zfsUnstable: Fetch source by tag and patch by hash. --- pkgs/os-specific/linux/zfs/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index cca7e6ac5a5b..f1a2c004a75c 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -93,7 +93,7 @@ let configureFlags = [ "--with-config=${configFile}" - "--with-python=${python3}/bin/python3" + "--with-python=${python3.interpreter}" ] ++ optionals buildUser [ "--with-dracutdir=$(out)/lib/dracut" "--with-udevdir=$(out)/lib/udev" @@ -183,13 +183,12 @@ in { # this package should point to a version / git revision compatible with the latest kernel release version = "0.8.0-rc3"; - rev = "9b626c126e78cdc36200b66c7cd1dc6a06cf400d"; sha256 = "0wmkis0q2gbj7sgx3ipxngbgzjcf7ay353v3mglf2ay50q4da5i7"; isUnstable = true; extraPatches = [ (fetchpatch { - url = "https://github.com/Mic92/zfs/compare/${rev}...nixos-zfs-2018-08-13.patch"; + url = "https://github.com/Mic92/zfs/commit/bc29b5783da0af2c80c85126a1831ce1d52bfb69.patch"; sha256 = "1sdcr1w2jp3djpwlf1f91hrxxmc34q0jl388smdkxh5n5bpw5gzw"; }) ]; -- cgit 1.4.1 From 461699607ebdce98a05b414bcec4861be8c37c27 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 4 Jan 2019 12:42:20 -0600 Subject: fwupd: 1.2.2 -> 1.2.3 Drop lib output to avoid cycle. --- pkgs/os-specific/linux/firmware/fwupd/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index de0a1e2ee0d7..fca35e6ea1b3 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -8,7 +8,7 @@ }: let # Updating? Keep $out/etc synchronized with passthru.filesInstalledToEtc - version = "1.2.1"; + version = "1.2.3"; python = python3.withPackages (p: with p; [ pygobject3 pycairo pillow ]); installedTestsPython = python3.withPackages (p: with p; [ pygobject3 requests ]); @@ -19,10 +19,10 @@ in stdenv.mkDerivation { name = "fwupd-${version}"; src = fetchurl { url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz"; - sha256 = "126b3lsh4gkyajsqm2c8l6wqr4dd7m26krz2527khmlps0lxdhg1"; + sha256 = "11qpgincndahq96rbm2kgcy9kw5n9cmbbilsrqcqcyk7mvv464sl"; }; - outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ]; + outputs = [ "out" "dev" "devdoc" "man" "installedTests" ]; nativeBuildInputs = [ meson ninja gtk-doc pkgconfig gobject-introspection intltool glibcLocales shared-mime-info @@ -48,6 +48,7 @@ in stdenv.mkDerivation { patchShebangs . substituteInPlace data/installed-tests/fwupdmgr.test.in --subst-var-by installedtestsdir "$installedTests/share/installed-tests/fwupd" + substituteInPlace data/installed-tests/meson.build --replace sysconfdir sysconfdir_install ''; # /etc/os-release not available in sandbox @@ -103,6 +104,7 @@ in stdenv.mkDerivation { "fwupd/remotes.d/lvfs-testing.conf" "fwupd/remotes.d/lvfs.conf" "fwupd/remotes.d/vendor.conf" + "fwupd/remotes.d/fwupd-tests.conf" "pki/fwupd/GPG-KEY-Hughski-Limited" "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware" "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service" -- cgit 1.4.1 From 55fa570046bd26b0894e644b3f319ab060249162 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 4 Jan 2019 16:35:47 -0600 Subject: fwupd: blacklist test plugin by default Don't add the testing "webcam" device, which is unexpected to see when querying what devices fwupd believes exist :). Won't change behavior for anyone defining the blacklistPlugin option already, but doesn't seem worth making more complicated. --- nixos/modules/services/hardware/fwupd.nix | 2 +- nixos/tests/fwupd.nix | 1 + .../add-option-for-installation-sysconfdir.patch | 52 ++++++++++++++-------- pkgs/os-specific/linux/firmware/fwupd/default.nix | 1 - 4 files changed, 35 insertions(+), 21 deletions(-) (limited to 'pkgs/os-specific') diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix index 7743f81fd622..206664e4326b 100644 --- a/nixos/modules/services/hardware/fwupd.nix +++ b/nixos/modules/services/hardware/fwupd.nix @@ -40,7 +40,7 @@ in { blacklistPlugins = mkOption { type = types.listOf types.string; - default = []; + default = [ "test" ]; example = [ "udev" ]; description = '' Allow blacklisting specific plugins diff --git a/nixos/tests/fwupd.nix b/nixos/tests/fwupd.nix index 2e64149b2db3..834cf911849b 100644 --- a/nixos/tests/fwupd.nix +++ b/nixos/tests/fwupd.nix @@ -8,6 +8,7 @@ import ./make-test.nix ({ pkgs, ... }: { machine = { pkgs, ... }: { services.fwupd.enable = true; + services.fwupd.blacklistPlugins = []; # don't blacklist test plugin environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; environment.variables.XDG_DATA_DIRS = [ "${pkgs.fwupd.installedTests}/share" ]; virtualisation.memorySize = 768; diff --git a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch index 44369dc5117f..9fecb504c590 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch +++ b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch @@ -1,4 +1,4 @@ -From 2fe9625cc6dec10531482a3947ef75009eb21489 Mon Sep 17 00:00:00 2001 +From 44887227f7f617cbf84713ec45685cb4999039ff Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 30 Oct 2018 22:26:30 +0100 Subject: [PATCH] build: Add option for installation sysconfdir @@ -17,17 +17,29 @@ prefix only to `make install`, but Meson does not support anything like that. Until we manage to convince Meson to support install flags, we need to create our own install flag. --- - data/meson.build | 4 ++-- - data/pki/meson.build | 8 ++++---- - data/remotes.d/meson.build | 6 +++--- - meson.build | 6 ++++++ - meson_options.txt | 1 + - plugins/redfish/meson.build | 2 +- - plugins/uefi/meson.build | 2 +- - 7 files changed, 18 insertions(+), 11 deletions(-) + data/installed-tests/meson.build | 2 +- + data/meson.build | 4 ++-- + data/pki/meson.build | 8 ++++---- + data/remotes.d/meson.build | 6 +++--- + meson.build | 6 ++++++ + meson_options.txt | 1 + + plugins/redfish/meson.build | 2 +- + plugins/uefi/meson.build | 2 +- + 8 files changed, 19 insertions(+), 12 deletions(-) +diff --git a/data/installed-tests/meson.build b/data/installed-tests/meson.build +index eb33fa9f..b32ecb30 100644 +--- a/data/installed-tests/meson.build ++++ b/data/installed-tests/meson.build +@@ -52,5 +52,5 @@ configure_file( + output : 'fwupd-tests.conf', + configuration : con2, + install: true, +- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), ++ install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), + ) diff --git a/data/meson.build b/data/meson.build -index 8dd2ac9ad..d4ad1cbc1 100644 +index 8dd2ac9a..d4ad1cbc 100644 --- a/data/meson.build +++ b/data/meson.build @@ -9,7 +9,7 @@ if get_option('tests') and get_option('daemon') @@ -49,7 +61,7 @@ index 8dd2ac9ad..d4ad1cbc1 100644 install_data(['metadata.xml'], diff --git a/data/pki/meson.build b/data/pki/meson.build -index eefcc9142..dc801fa18 100644 +index eefcc914..dc801fa1 100644 --- a/data/pki/meson.build +++ b/data/pki/meson.build @@ -4,14 +4,14 @@ if get_option('gpg') @@ -85,7 +97,7 @@ index eefcc9142..dc801fa18 100644 endif diff --git a/data/remotes.d/meson.build b/data/remotes.d/meson.build -index 824291fc5..d0599a00a 100644 +index 824291fc..d0599a00 100644 --- a/data/remotes.d/meson.build +++ b/data/remotes.d/meson.build @@ -3,7 +3,7 @@ if get_option('daemon') and get_option('lvfs') @@ -113,10 +125,10 @@ index 824291fc5..d0599a00a 100644 + install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), ) diff --git a/meson.build b/meson.build -index 737841f1a..23bd7a2e3 100644 +index b6df98b3..d672ee37 100644 --- a/meson.build +++ b/meson.build -@@ -144,6 +144,12 @@ localstatedir = join_paths(prefix, get_option('localstatedir')) +@@ -145,6 +145,12 @@ localstatedir = join_paths(prefix, get_option('localstatedir')) mandir = join_paths(prefix, get_option('mandir')) localedir = join_paths(prefix, get_option('localedir')) @@ -130,7 +142,7 @@ index 737841f1a..23bd7a2e3 100644 if gio.version().version_compare ('>= 2.55.0') conf.set('HAVE_GIO_2_55_0', '1') diff --git a/meson_options.txt b/meson_options.txt -index 23ef8cdb8..db8f93b6c 100644 +index 23ef8cdb..db8f93b6 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -17,6 +17,7 @@ option('plugin_uefi', type : 'boolean', value : true, description : 'enable UEFI @@ -142,10 +154,10 @@ index 23ef8cdb8..db8f93b6c 100644 option('udevdir', type: 'string', value: '', description: 'Directory for udev rules') option('efi-cc', type : 'string', value : 'gcc', description : 'the compiler to use for EFI modules') diff --git a/plugins/redfish/meson.build b/plugins/redfish/meson.build -index 288f614e4..90cfe6484 100644 +index ef07bd81..d2c7e259 100644 --- a/plugins/redfish/meson.build +++ b/plugins/redfish/meson.build -@@ -22,7 +22,7 @@ shared_module('fu_plugin_redfish', +@@ -25,7 +25,7 @@ shared_module('fu_plugin_redfish', ) install_data(['redfish.conf'], @@ -155,10 +167,10 @@ index 288f614e4..90cfe6484 100644 if get_option('tests') diff --git a/plugins/uefi/meson.build b/plugins/uefi/meson.build -index c037e1b30..a0e8cd3e6 100644 +index 09ebdf82..02fc0661 100644 --- a/plugins/uefi/meson.build +++ b/plugins/uefi/meson.build -@@ -69,7 +69,7 @@ executable( +@@ -73,7 +73,7 @@ executable( ) install_data(['uefi.conf'], @@ -167,3 +179,5 @@ index c037e1b30..a0e8cd3e6 100644 ) if get_option('tests') +-- +2.19.1 diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index fca35e6ea1b3..e505dafbeb3e 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -48,7 +48,6 @@ in stdenv.mkDerivation { patchShebangs . substituteInPlace data/installed-tests/fwupdmgr.test.in --subst-var-by installedtestsdir "$installedTests/share/installed-tests/fwupd" - substituteInPlace data/installed-tests/meson.build --replace sysconfdir sysconfdir_install ''; # /etc/os-release not available in sandbox -- cgit 1.4.1 From 7dd30dd64b88a3b06a7e6d101d69e12133bb5b48 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 4 Jan 2019 21:30:13 -0600 Subject: fwupd: put plugins in "out", restore "lib" output w/o cycle --- pkgs/os-specific/linux/firmware/fwupd/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index e505dafbeb3e..47e8cd0db20e 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -22,7 +22,7 @@ in stdenv.mkDerivation { sha256 = "11qpgincndahq96rbm2kgcy9kw5n9cmbbilsrqcqcyk7mvv464sl"; }; - outputs = [ "out" "dev" "devdoc" "man" "installedTests" ]; + outputs = [ "out" "lib" "dev" "devdoc" "man" "installedTests" ]; nativeBuildInputs = [ meson ninja gtk-doc pkgconfig gobject-introspection intltool glibcLocales shared-mime-info @@ -48,6 +48,9 @@ in stdenv.mkDerivation { patchShebangs . substituteInPlace data/installed-tests/fwupdmgr.test.in --subst-var-by installedtestsdir "$installedTests/share/installed-tests/fwupd" + substituteInPlace meson.build \ + --replace "plugin_dir = join_paths(libdir, 'fwupd-plugins-3')" \ + "plugin_dir = join_paths('${placeholder "out"}', 'fwupd_plugins-3')" ''; # /etc/os-release not available in sandbox -- cgit 1.4.1 From 6df6bb42b5d221505c30d3d28c7800085d84cd84 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 27 Jan 2019 16:10:29 -0500 Subject: linux: 4.4.171 -> 4.4.172 --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 58cbd8fe4f22..335abe645beb 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.171"; + version = "4.4.172"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "187g9x2zd738s1ric8zl205b7xipvr0l5i045clnhqwl5bd78h7x"; + sha256 = "1yrrwvj260sqnn8qh7a2b31d31jjnap6qh2f6jhdy275q6rickgv"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 46067933491c3130bc220114ae0c1e0617ce4675 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 27 Jan 2019 16:10:48 -0500 Subject: linux: 4.9.152 -> 4.9.153 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 0ce7536f8602..aa32249563a5 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.152"; + version = "4.9.153"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0fcff0v488x0rylscl061dj8ylriwxg6hlg8mzppxx4sq22ppr4h"; + sha256 = "06kksywm8yjvmhmwdkqmm6546j5nqprsal3k22p981smqag94rlh"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 19505bb8d150ec650cb3837ecd52c4ac0f4b55cf Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 27 Jan 2019 16:11:05 -0500 Subject: linux: 4.14.95 -> 4.14.96 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 883c9868b05b..c1e6d1ae6101 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.95"; + version = "4.14.96"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1r2qrgwp3dfsrqshp765jjfh3frdhn9pkwml7h7544m3zkijjryf"; + sha256 = "1dgcy0wy56rqd4w6qsbzassfwbamcxnyirfwr077wss13apaw38i"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 4ab5604c857622cc3d2f3b195d374b82def782ab Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 27 Jan 2019 16:11:23 -0500 Subject: linux: 4.19.17 -> 4.19.18 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 08cee977da5d..997a54bde819 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.17"; + version = "4.19.18"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0nfb5ipr6ay7ymvjm0nbk7mwxsvyyv43nl1lcg6jq99dgahr4bc7"; + sha256 = "1wgk1zpv3nyz44zb2j3qjrp35hkh2cfjg8m8smy8nxmzz5lc1zaz"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 39fdfd0eb1c837f0a59764c54e883e7bc1bd44ac Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 27 Jan 2019 16:11:44 -0500 Subject: linux: 4.20.4 -> 4.20.5 --- pkgs/os-specific/linux/kernel/linux-4.20.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.20.nix b/pkgs/os-specific/linux/kernel/linux-4.20.nix index 6d267d098920..7b51fcac5cb9 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.20.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.20.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.20.4"; + version = "4.20.5"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1l9lzpn5hp4y8xvc039xjc6ah8h4fb9db6337a0s754gzgmdfzyx"; + sha256 = "057200c6wki2k29sp93gnmsq3pxjq5hs9pd2ncr66yll9abrd3gz"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From dd06999e328a40466a4db14e9547e45ca5c48002 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Mon, 28 Jan 2019 00:15:00 +0100 Subject: fwupd: fix installed tests --- nixos/modules/services/hardware/fwupd.nix | 24 +++++++++++++++- nixos/tests/fwupd.nix | 1 + .../add-option-for-installation-sysconfdir.patch | 14 +-------- pkgs/os-specific/linux/firmware/fwupd/default.nix | 33 ++++++++++++++-------- .../firmware/fwupd/installed-tests-path.patch | 25 ++++++++++++++++ 5 files changed, 72 insertions(+), 25 deletions(-) create mode 100644 pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch (limited to 'pkgs/os-specific') diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix index 206664e4326b..cad9fa20de0f 100644 --- a/nixos/modules/services/hardware/fwupd.nix +++ b/nixos/modules/services/hardware/fwupd.nix @@ -15,6 +15,19 @@ let mkName = p: "pki/fwupd/${baseNameOf (toString p)}"; mkEtcFile = p: nameValuePair (mkName p) { source = p; }; in listToAttrs (map mkEtcFile cfg.extraTrustedKeys); + + # We cannot include the file in $out and rely on filesInstalledToEtc + # to install it because it would create a cyclic dependency between + # the outputs. We also need to enable the remote, + # which should not be done by default. + testRemote = if cfg.enableTestRemote then { + "fwupd/remotes.d/fwupd-tests.conf" = { + source = pkgs.runCommand "fwupd-tests-enabled.conf" {} '' + sed "s,^Enabled=false,Enabled=true," \ + "${pkgs.fwupd.installedTests}/etc/fwupd/remotes.d/fwupd-tests.conf" > "$out" + ''; + }; + } else {}; in { ###### interface @@ -55,6 +68,15 @@ in { Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default. ''; }; + + enableTestRemote = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable test remote. This is used by + installed tests. + ''; + }; }; }; @@ -78,7 +100,7 @@ in { ''; }; - } // originalEtc // extraTrustedKeys; + } // originalEtc // extraTrustedKeys // testRemote; services.dbus.packages = [ pkgs.fwupd ]; diff --git a/nixos/tests/fwupd.nix b/nixos/tests/fwupd.nix index 834cf911849b..88dac8ccbcdb 100644 --- a/nixos/tests/fwupd.nix +++ b/nixos/tests/fwupd.nix @@ -9,6 +9,7 @@ import ./make-test.nix ({ pkgs, ... }: { machine = { pkgs, ... }: { services.fwupd.enable = true; services.fwupd.blacklistPlugins = []; # don't blacklist test plugin + services.fwupd.enableTestRemote = true; environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; environment.variables.XDG_DATA_DIRS = [ "${pkgs.fwupd.installedTests}/share" ]; virtualisation.memorySize = 768; diff --git a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch index 9fecb504c590..d77053f5d397 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch +++ b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch @@ -17,7 +17,6 @@ prefix only to `make install`, but Meson does not support anything like that. Until we manage to convince Meson to support install flags, we need to create our own install flag. --- - data/installed-tests/meson.build | 2 +- data/meson.build | 4 ++-- data/pki/meson.build | 8 ++++---- data/remotes.d/meson.build | 6 +++--- @@ -25,19 +24,8 @@ our own install flag. meson_options.txt | 1 + plugins/redfish/meson.build | 2 +- plugins/uefi/meson.build | 2 +- - 8 files changed, 19 insertions(+), 12 deletions(-) + 7 files changed, 18 insertions(+), 11 deletions(-) -diff --git a/data/installed-tests/meson.build b/data/installed-tests/meson.build -index eb33fa9f..b32ecb30 100644 ---- a/data/installed-tests/meson.build -+++ b/data/installed-tests/meson.build -@@ -52,5 +52,5 @@ configure_file( - output : 'fwupd-tests.conf', - configuration : con2, - install: true, -- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), - ) diff --git a/data/meson.build b/data/meson.build index 8dd2ac9a..d4ad1cbc 100644 --- a/data/meson.build diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index 47e8cd0db20e..cf6e2bf60407 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, gtk-doc, pkgconfig, gobject-introspection, intltool +{ stdenv, fetchurl, substituteAll, gtk-doc, pkgconfig, gobject-introspection, intltool , libgudev, polkit, libxmlb, gusb, sqlite, libarchive, glib-networking , libsoup, help2man, gpgme, libxslt, elfutils, libsmbios, efivar, glibcLocales , gnu-efi, libyaml, valgrind, meson, libuuid, colord, docbook_xml_dtd_43, docbook_xsl @@ -6,17 +6,20 @@ , shared-mime-info, umockdev, vala, makeFontsConf, freefont_ttf , cairo, freetype, fontconfig, pango }: + +# Updating? Keep $out/etc synchronized with passthru.filesInstalledToEtc + let - # Updating? Keep $out/etc synchronized with passthru.filesInstalledToEtc - version = "1.2.3"; python = python3.withPackages (p: with p; [ pygobject3 pycairo pillow ]); installedTestsPython = python3.withPackages (p: with p; [ pygobject3 requests ]); fontsConf = makeFontsConf { fontDirectories = [ freefont_ttf ]; }; -in stdenv.mkDerivation { - name = "fwupd-${version}"; +in stdenv.mkDerivation rec { + pname = "fwupd"; + version = "1.2.3"; + src = fetchurl { url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz"; sha256 = "11qpgincndahq96rbm2kgcy9kw5n9cmbbilsrqcqcyk7mvv464sl"; @@ -39,15 +42,24 @@ in stdenv.mkDerivation { patches = [ ./fix-paths.patch ./add-option-for-installation-sysconfdir.patch + + # installed tests are installed to different output + # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle + (substituteAll { + src = ./installed-tests-path.patch; + # needs a different set of modules than po/make-images + inherit installedTestsPython; + }) ]; postPatch = '' - # needs a different set of modules than po/make-images - escapedInterpreterLine=$(echo "${installedTestsPython}/bin/python3" | sed 's|\\|\\\\|g') - sed -i -e "1 s|.*|#\!$escapedInterpreterLine|" data/installed-tests/hardware.py - patchShebangs . - substituteInPlace data/installed-tests/fwupdmgr.test.in --subst-var-by installedtestsdir "$installedTests/share/installed-tests/fwupd" + + # we cannot use placeholder in substituteAll + # https://github.com/NixOS/nix/issues/1846 + substituteInPlace data/installed-tests/meson.build --subst-var installedTests + + # install plug-ins to out, they are not really part of the library substituteInPlace meson.build \ --replace "plugin_dir = join_paths(libdir, 'fwupd-plugins-3')" \ "plugin_dir = join_paths('${placeholder "out"}', 'fwupd_plugins-3')" @@ -106,7 +118,6 @@ in stdenv.mkDerivation { "fwupd/remotes.d/lvfs-testing.conf" "fwupd/remotes.d/lvfs.conf" "fwupd/remotes.d/vendor.conf" - "fwupd/remotes.d/fwupd-tests.conf" "pki/fwupd/GPG-KEY-Hughski-Limited" "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware" "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service" diff --git a/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch b/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch new file mode 100644 index 000000000000..6c4b6b62a0cd --- /dev/null +++ b/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch @@ -0,0 +1,25 @@ +--- a/data/installed-tests/hardware.py ++++ b/data/installed-tests/hardware.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!@installedTestsPython@/bin/python3 + # pylint: disable=wrong-import-position,too-many-locals,unused-argument,wrong-import-order + # + # Copyright (C) 2017 Richard Hughes +--- a/data/installed-tests/meson.build ++++ b/data/installed-tests/meson.build +@@ -1,6 +1,6 @@ + con2 = configuration_data() + con2.set('installedtestsdir', +- join_paths(datadir, 'installed-tests', 'fwupd')) ++ join_paths('@installedTests@', 'share', 'installed-tests', 'fwupd')) + con2.set('bindir', bindir) + + configure_file( +@@ -52,5 +52,5 @@ + output : 'fwupd-tests.conf', + configuration : con2, + install: true, +- install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), ++ install_dir: join_paths('@installedTests@', 'etc', 'fwupd', 'remotes.d'), + ) -- cgit 1.4.1 From 3bb7b3f02e884db944a8a20b4f19227482479b94 Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Wed, 3 Oct 2018 18:49:50 +0900 Subject: linux: ability to merge structured configs This should make the composability of kernel configurations more straigthforward. - now distinguish freeform options from tristate ones - will look for a structured config in kernelPatches too one can now access the structuredConfig from a kernel via linux_test.configfile.structuredConfig in order to reinject it into another kernel, no need to rewrite the config from scratch The following merge strategies are used in case of conflict: -- freeform items must be equal or they conflict (mergeEqualOption) -- for tristate (y/m/n) entries, I use the mergeAnswer strategy which takes the best available value, "best" being defined by the user (by default "y" > "m" > "n", e.g. if one entry is both marked "y" and "n", "y" wins) -- if one item is both marked optional/mandatory, mandatory wins (mergeFalseByDefault) --- lib/default.nix | 1 + lib/kernel.nix | 57 ++-------- nixos/modules/system/boot/kernel_config.nix | 137 ++++++++++++++++++++++++ pkgs/os-specific/linux/kernel/common-config.nix | 67 ++++++------ pkgs/os-specific/linux/kernel/generic.nix | 47 ++++++-- 5 files changed, 215 insertions(+), 94 deletions(-) create mode 100644 nixos/modules/system/boot/kernel_config.nix (limited to 'pkgs/os-specific') diff --git a/lib/default.nix b/lib/default.nix index d400907ebb0c..5ae3667406dd 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -32,6 +32,7 @@ let modules = callLibs ./modules.nix; options = callLibs ./options.nix; types = callLibs ./types.nix; + kernel = callLibs ./kernel.nix; # constants licenses = callLibs ./licenses.nix; diff --git a/lib/kernel.nix b/lib/kernel.nix index 45b33aea7b87..14783ae97393 100644 --- a/lib/kernel.nix +++ b/lib/kernel.nix @@ -1,57 +1,16 @@ -{ lib -# we pass the kernel version here to keep a nice syntax `whenOlder "4.13"` -# kernelVersion, e.g., config.boot.kernelPackages.version -, version -, mkValuePreprocess ? null -}: +{ lib }: with lib; rec { - # Common patterns - when = cond: opt: if cond then opt else null; - whenAtLeast = ver: when (versionAtLeast version ver); - whenOlder = ver: when (versionOlder version ver); - whenBetween = verLow: verHigh: when (versionAtLeast version verLow && versionOlder version verHigh); - # Keeping these around in case we decide to change this horrible implementation :) - option = x: if x == null then null else "?${x}"; - yes = "y"; - no = "n"; - module = "m"; - mkValue = val: - let - isNumber = c: elem c ["0" "1" "2" "3" "4" "5" "6" "7" "8" "9"]; - in - if val == "" then "\"\"" - else if val == yes || val == module || val == no then val - else if all isNumber (stringToCharacters val) then val - else if substring 0 2 val == "0x" then val - else val; # FIXME: fix quoting one day + # Keeping these around in case we decide to change this horrible implementation :) + option = x: + x // { optional = true; }; + yes = { tristate = "y"; }; + no = { tristate = "n"; }; + module = { tristate = "m"; }; + freeform = x: { freeform = x; }; - # generate nix intermediate kernel config file of the form - # - # VIRTIO_MMIO m - # VIRTIO_BLK y - # VIRTIO_CONSOLE n - # NET_9P_VIRTIO? y - # - # Use mkValuePreprocess to preprocess option values, aka mark 'modules' as - # 'yes' or vice-versa - # Borrowed from copumpkin https://github.com/NixOS/nixpkgs/pull/12158 - # returns a string, expr should be an attribute set - generateNixKConf = exprs: mkValuePreprocess: - let - mkConfigLine = key: rawval: - let - val = if builtins.isFunction mkValuePreprocess then mkValuePreprocess rawval else rawval; - in - if val == null - then "" - else if hasPrefix "?" val - then "${key}? ${mkValue (removePrefix "?" val)}\n" - else "${key} ${mkValue val}\n"; - mkConf = cfg: concatStrings (mapAttrsToList mkConfigLine cfg); - in mkConf exprs; } diff --git a/nixos/modules/system/boot/kernel_config.nix b/nixos/modules/system/boot/kernel_config.nix new file mode 100644 index 000000000000..fbbd0982b2c6 --- /dev/null +++ b/nixos/modules/system/boot/kernel_config.nix @@ -0,0 +1,137 @@ +{ lib, config, ... }: + +with lib; +let + findWinner = candidates: winner: + any (x: x == winner) candidates; + + # winners is an ordered list where first item wins over 2nd etc + mergeAnswer = winners: locs: defs: + let + values = map (x: x.value) defs; + freeformAnswer = intersectLists values winners; + inter = intersectLists values winners; + winner = head winners; + in + if defs == [] then abort "This case should never happen." + else if winner == [] then abort "Give a valid list of winner" + else if inter == [] then mergeOneOption locs defs + else if findWinner values winner then + winner + else + mergeAnswer (tail winners) locs defs; + + mergeFalseByDefault = locs: defs: + if defs == [] then abort "This case should never happen." + else if any (x: x == false) defs then false + else true; + + kernelItem = types.submodule { + options = { + tristate = mkOption { + type = types.enum [ "y" "m" "n" null ] // { + merge = mergeAnswer [ "y" "m" "n" ]; + }; + default = null; + internal = true; + visible = true; + description = '' + Use this field for tristate kernel options expecting a "y" or "m" or "n". + ''; + }; + + freeform = mkOption { + type = types.nullOr types.str // { + merge = mergeEqualOption; + }; + default = null; + example = ''MMC_BLOCK_MINORS.freeform = "32";''; + description = '' + Freeform description of a kernel configuration item value. + ''; + }; + + optional = mkOption { + type = types.bool // { merge = mergeFalseByDefault; }; + default = false; + description = '' + Wether option should generate a failure when unused. + ''; + }; + }; + }; + + mkValue = with lib; val: + let + isNumber = c: elem c ["0" "1" "2" "3" "4" "5" "6" "7" "8" "9"]; + + in + if (val == "") then "\"\"" + else if val == "y" || val == "m" || val == "n" then val + else if all isNumber (stringToCharacters val) then val + else if substring 0 2 val == "0x" then val + else val; # FIXME: fix quoting one day + + + # generate nix intermediate kernel config file of the form + # + # VIRTIO_MMIO m + # VIRTIO_BLK y + # VIRTIO_CONSOLE n + # NET_9P_VIRTIO? y + # + # Borrowed from copumpkin https://github.com/NixOS/nixpkgs/pull/12158 + # returns a string, expr should be an attribute set + # Use mkValuePreprocess to preprocess option values, aka mark 'modules' as 'yes' or vice-versa + # use the identity if you don't want to override the configured values + generateNixKConf = exprs: + let + mkConfigLine = key: item: + let + val = if item.freeform != null then item.freeform else item.tristate; + in + if val == null + then "" + else if (item.optional) + then "${key}? ${mkValue val}\n" + else "${key} ${mkValue val}\n"; + + mkConf = cfg: concatStrings (mapAttrsToList mkConfigLine cfg); + in mkConf exprs; + +in +{ + + options = { + + intermediateNixConfig = mkOption { + readOnly = true; + type = types.lines; + example = '' + USB? y + DEBUG n + ''; + description = '' + The result of converting the structured kernel configuration in settings + to an intermediate string that can be parsed by generate-config.pl to + answer the kernel `make defconfig`. + ''; + }; + + settings = mkOption { + type = types.attrsOf kernelItem; + example = literalExample '' with lib.kernel; { + "9P_NET" = yes; + USB = optional yes; + MMC_BLOCK_MINORS = freeform "32"; + }''; + description = '' + Structured kernel configuration. + ''; + }; + }; + + config = { + intermediateNixConfig = generateNixKConf config.settings; + }; +} diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index ddd1e9828d51..bdcad8c2383c 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -12,25 +12,19 @@ # Configuration { stdenv, version -# to let user override values, aka converting modules to included and vice-versa -, mkValueOverride ? null - -# new extraConfig as a flattened set -, structuredExtraConfig ? {} - -# legacy extraConfig as string -, extraConfig ? "" - , features ? { grsecurity = false; xen_dom0 = false; } }: -assert (mkValueOverride == null) || (builtins.isFunction mkValueOverride); - with stdenv.lib; -with import ../../../../lib/kernel.nix { inherit (stdenv) lib; inherit version; }; + with import ../../../../lib/kernel.nix { inherit (stdenv) lib; }; let + # Common patterns/legacy + when = cond: opt: if cond then opt else null; + whenAtLeast = ver: mkIf (versionAtLeast version ver); + whenOlder = ver: mkIf (versionOlder version ver); + whenBetween = verLow: verHigh: mkIf (versionAtLeast version verLow && versionOlder version verHigh); # configuration items have to be part of a subattrs flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); @@ -46,7 +40,7 @@ let DEBUG_NX_TEST = whenOlder "4.11" no; CPU_NOTIFIER_ERROR_INJECT = whenOlder "4.4" (option no); DEBUG_STACK_USAGE = no; - DEBUG_STACKOVERFLOW = when (!features.grsecurity) no; + DEBUG_STACKOVERFLOW = mkIf (!features.grsecurity) no; RCU_TORTURE_TEST = no; SCHEDSTATS = no; DETECT_HUNG_TASK = yes; @@ -114,7 +108,7 @@ let IP_DCCP_CCID3 = no; # experimental CLS_U32_PERF = yes; CLS_U32_MARK = yes; - BPF_JIT = when (stdenv.hostPlatform.system == "x86_64-linux") yes; + BPF_JIT = mkIf (stdenv.hostPlatform.system == "x86_64-linux") yes; WAN = yes; # Required by systemd per-cgroup firewalling CGROUP_BPF = option yes; @@ -184,7 +178,7 @@ let FB_VESA = yes; FRAMEBUFFER_CONSOLE = yes; FRAMEBUFFER_CONSOLE_ROTATION = yes; - FB_GEODE = when (stdenv.hostPlatform.system == "i686-linux") yes; + FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; }; video = { @@ -239,7 +233,7 @@ let }; usb = { - USB_DEBUG = option (whenOlder "4.18" no); + USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";}; USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling }; @@ -250,7 +244,7 @@ let FANOTIFY = yes; TMPFS = yes; TMPFS_POSIX_ACL = yes; - FS_ENCRYPTION = option (whenAtLeast "4.9" module); + FS_ENCRYPTION = { optional = true; tristate = whenAtLeast "4.9" "m"; }; EXT2_FS_XATTR = yes; EXT2_FS_POSIX_ACL = yes; @@ -262,7 +256,7 @@ let EXT4_FS_POSIX_ACL = yes; EXT4_FS_SECURITY = yes; - EXT4_ENCRYPTION = option ((if (versionOlder version "4.8") then module else yes)); + EXT4_ENCRYPTION = { optional = true; tristate = if (versionOlder version "4.8") then "m" else "y"; }; REISERFS_FS_XATTR = option yes; REISERFS_FS_POSIX_ACL = option yes; @@ -324,7 +318,7 @@ let # Native Language Support modules, needed by some filesystems NLS = yes; - NLS_DEFAULT = "utf8"; + NLS_DEFAULT = freeform "utf8"; NLS_UTF8 = module; NLS_CODEPAGE_437 = module; # VFAT default for the codepage= mount option NLS_ISO8859_1 = module; # VFAT default for the iocharset= mount option @@ -334,13 +328,13 @@ let security = { # Detect writes to read-only module pages - DEBUG_SET_MODULE_RONX = option (whenOlder "4.11" yes); + DEBUG_SET_MODULE_RONX = { optional = true; tristate = whenOlder "4.11" "y"; }; RANDOMIZE_BASE = option yes; STRICT_DEVMEM = option yes; # Filter access to /dev/mem - SECURITY_SELINUX_BOOTPARAM_VALUE = "0"; # Disable SELinux by default + SECURITY_SELINUX_BOOTPARAM_VALUE = freeform "0"; # Disable SELinux by default # Prevent processes from ptracing non-children processes SECURITY_YAMA = option yes; - DEVKMEM = when (!features.grsecurity) no; # Disable /dev/kmem + DEVKMEM = mkIf (!features.grsecurity) no; # Disable /dev/kmem USER_NS = yes; # Support for user namespaces @@ -350,7 +344,7 @@ let } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { # Detect buffer overflows on the stack - CC_STACKPROTECTOR_REGULAR = option (whenOlder "4.18" yes); + CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";}; }; microcode = { @@ -407,8 +401,8 @@ let FTRACE_SYSCALLS = yes; SCHED_TRACER = yes; STACK_TRACER = yes; - UPROBE_EVENT = option (whenOlder "4.11" yes); - UPROBE_EVENTS = option (whenAtLeast "4.11" yes); + UPROBE_EVENT = { optional = true; tristate = whenOlder "4.11" "y";}; + UPROBE_EVENTS = { optional = true; tristate = whenAtLeast "4.11" "y";}; BPF_SYSCALL = whenAtLeast "4.4" yes; BPF_EVENTS = whenAtLeast "4.4" yes; FUNCTION_PROFILER = yes; @@ -418,13 +412,13 @@ let virtualisation = { PARAVIRT = option yes; - HYPERVISOR_GUEST = when (!features.grsecurity) yes; + HYPERVISOR_GUEST = mkIf (!features.grsecurity) yes; PARAVIRT_SPINLOCKS = option yes; KVM_APIC_ARCHITECTURE = whenOlder "4.8" yes; KVM_ASYNC_PF = yes; - KVM_COMPAT = option (whenBetween "4.0" "4.12" yes); - KVM_DEVICE_ASSIGNMENT = option (whenBetween "3.10" "4.12" yes); + KVM_COMPAT = { optional = true; tristate = whenBetween "4.0" "4.12" "y"; }; + KVM_DEVICE_ASSIGNMENT = { optional = true; tristate = whenBetween "3.10" "4.12" "y"; }; KVM_GENERIC_DIRTYLOG_READ_PROTECT = whenAtLeast "4.0" yes; KVM_GUEST = when (!features.grsecurity) yes; KVM_MMIO = yes; @@ -432,9 +426,9 @@ let KSM = yes; VIRT_DRIVERS = yes; # We nneed 64 GB (PAE) support for Xen guest support - HIGHMEM64G = option (when (!stdenv.is64bit) yes); + HIGHMEM64G = { optional = true; tristate = mkIf (!stdenv.is64bit) "y";}; - VFIO_PCI_VGA = when stdenv.is64bit yes; + VFIO_PCI_VGA = mkIf stdenv.is64bit yes; } // optionalAttrs (stdenv.isx86_64 || stdenv.isi686) ({ XEN = option yes; @@ -542,8 +536,8 @@ let CRYPTO_TEST = option no; EFI_TEST = option no; GLOB_SELFTEST = option no; - DRM_DEBUG_MM_SELFTEST = option (whenOlder "4.18" no); - LNET_SELFTEST = option (whenOlder "4.18" no); + DRM_DEBUG_MM_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; + LNET_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; LOCK_TORTURE_TEST = option no; MTD_TESTS = option no; NOTIFIER_ERROR_INJECTION = option no; @@ -598,7 +592,7 @@ let AIC79XX_DEBUG_ENABLE = no; AIC7XXX_DEBUG_ENABLE = no; AIC94XX_DEBUG = no; - B43_PCMCIA = option (whenOlder "4.4" yes); + B43_PCMCIA = { optional=true; tristate = whenOlder "4.4" "y";}; BLK_DEV_INTEGRITY = yes; @@ -651,7 +645,7 @@ let # GPIO on Intel Bay Trail, for some Chromebook internal eMMC disks PINCTRL_BAYTRAIL = yes; # 8 is default. Modern gpt tables on eMMC may go far beyond 8. - MMC_BLOCK_MINORS = "32"; + MMC_BLOCK_MINORS = freeform "32"; REGULATOR = yes; # Voltage and Current Regulator Support RC_DEVICES = option yes; # Enable IR devices @@ -698,7 +692,8 @@ let # Bump the maximum number of CPUs to support systems like EC2 x1.* # instances and Xeon Phi. - NR_CPUS = "384"; + NR_CPUS = freeform "384"; }; }; -in (generateNixKConf ((flattenKConf options) // structuredExtraConfig) mkValueOverride) + extraConfig +in + flattenKConf options diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index 30878d1b96c6..a41f1eb989bb 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -47,7 +47,6 @@ , preferBuiltin ? stdenv.hostPlatform.platform.kernelPreferBuiltin or false , kernelArch ? stdenv.hostPlatform.platform.kernelArch -, mkValueOverride ? null , ... }: @@ -68,20 +67,26 @@ let ia32Emulation = true; } // features) kernelPatches; - intermediateNixConfig = import ./common-config.nix { - inherit stdenv version structuredExtraConfig mkValueOverride; - - # append extraConfig for backwards compatibility but also means the user can't override the kernelExtraConfig part - extraConfig = extraConfig + lib.optionalString (stdenv.hostPlatform.platform ? kernelExtraConfig) stdenv.hostPlatform.platform.kernelExtraConfig; + commonStructuredConfig = import ./common-config.nix { + inherit stdenv version ; features = kernelFeatures; # Ensure we know of all extra patches, etc. }; - kernelConfigFun = baseConfig: + # extra config in legacy string format + extraConfig = extraConfig + lib.optionalString (stdenv.hostPlatform.platform ? kernelExtraConfig) stdenv.hostPlatform.platform.kernelExtraConfig; + + intermediateNixConfig = configfile.moduleStructuredConfig.intermediateNixConfig; + + structuredConfigFromPatches = + map ({extraStructuredConfig ? {}, ...}: {settings=extraStructuredConfig;}) kernelPatches; + + # appends kernel patches extraConfig + kernelConfigFun = baseConfigStr: let configFromPatches = map ({extraConfig ? "", ...}: extraConfig) kernelPatches; - in lib.concatStringsSep "\n" ([baseConfig] ++ configFromPatches); + in lib.concatStringsSep "\n" ([baseConfigStr] ++ configFromPatches); configfile = stdenv.mkDerivation { inherit ignoreConfigErrors autoModules preferBuiltin kernelArch; @@ -131,7 +136,30 @@ let installPhase = "mv $buildRoot/.config $out"; enableParallelBuilding = true; - }; + + passthru = rec { + + module = import ../../../../nixos/modules/system/boot/kernel_config.nix; + # used also in apache + # { modules = [ { options = res.options; config = svc.config or svc; } ]; + # check = false; + # The result is a set of two attributes + moduleStructuredConfig = (lib.evalModules { + modules = [ + module + { settings = commonStructuredConfig; } + { settings = structuredExtraConfig; } + ] + ++ structuredConfigFromPatches + ; + }).config; + + # + structuredConfig = moduleStructuredConfig.settings; + }; + + + }; # end of configfile derivation kernel = (callPackage ./manual-config.nix {}) { inherit version modDirVersion src kernelPatches stdenv extraMeta configfile; @@ -141,6 +169,7 @@ let passthru = { features = kernelFeatures; + inherit commonStructuredConfig; passthru = kernel.passthru // (removeAttrs passthru [ "passthru" ]); }; -- cgit 1.4.1 From 7aacbdb8986f0d75c3770e70a39147c272e1eac8 Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Wed, 3 Oct 2018 18:53:23 +0900 Subject: linux: convert hardened-config to a structured one --- lib/default.nix | 1 - lib/kernel.nix | 7 +- pkgs/os-specific/linux/kernel/common-config.nix | 9 +- pkgs/os-specific/linux/kernel/hardened-config.nix | 212 ++++++++++------------ pkgs/top-level/all-packages.nix | 1 + 5 files changed, 101 insertions(+), 129 deletions(-) (limited to 'pkgs/os-specific') diff --git a/lib/default.nix b/lib/default.nix index 5ae3667406dd..d400907ebb0c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -32,7 +32,6 @@ let modules = callLibs ./modules.nix; options = callLibs ./options.nix; types = callLibs ./types.nix; - kernel = callLibs ./kernel.nix; # constants licenses = callLibs ./licenses.nix; diff --git a/lib/kernel.nix b/lib/kernel.nix index 14783ae97393..5923011774b1 100644 --- a/lib/kernel.nix +++ b/lib/kernel.nix @@ -1,7 +1,12 @@ -{ lib }: +{ lib, version }: with lib; rec { + # Common patterns/legacy + whenAtLeast = ver: mkIf (versionAtLeast version ver); + whenOlder = ver: mkIf (versionOlder version ver); + # range is (inclusive, exclusive) + whenBetween = verLow: verHigh: mkIf (versionAtLeast version verLow && versionOlder version verHigh); # Keeping these around in case we decide to change this horrible implementation :) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index bdcad8c2383c..1a56e68fa4bf 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -17,14 +17,9 @@ with stdenv.lib; - with import ../../../../lib/kernel.nix { inherit (stdenv) lib; }; + with import ../../../../lib/kernel.nix { inherit (stdenv) lib; inherit version; }; let - # Common patterns/legacy - when = cond: opt: if cond then opt else null; - whenAtLeast = ver: mkIf (versionAtLeast version ver); - whenOlder = ver: mkIf (versionOlder version ver); - whenBetween = verLow: verHigh: mkIf (versionAtLeast version verLow && versionOlder version verHigh); # configuration items have to be part of a subattrs flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); @@ -420,7 +415,7 @@ let KVM_COMPAT = { optional = true; tristate = whenBetween "4.0" "4.12" "y"; }; KVM_DEVICE_ASSIGNMENT = { optional = true; tristate = whenBetween "3.10" "4.12" "y"; }; KVM_GENERIC_DIRTYLOG_READ_PROTECT = whenAtLeast "4.0" yes; - KVM_GUEST = when (!features.grsecurity) yes; + KVM_GUEST = mkIf (!features.grsecurity) yes; KVM_MMIO = yes; KVM_VFIO = yes; KSM = yes; diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index ed540a9e7518..f1f18c64130c 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -11,138 +11,110 @@ { stdenv, version }: with stdenv.lib; +with import ../../../../lib/kernel.nix { inherit (stdenv) lib; inherit version; }; assert (versionAtLeast version "4.9"); -'' -# Report BUG() conditions and kill the offending process. -BUG y - -${optionalString (versionAtLeast version "4.10") '' - BUG_ON_DATA_CORRUPTION y -''} - -${optionalString (stdenv.hostPlatform.platform.kernelArch == "x86_64") '' - DEFAULT_MMAP_MIN_ADDR 65536 # Prevent allocation of first 64K of memory +optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { + DEFAULT_MMAP_MIN_ADDR = freeform "65536"; # Prevent allocation of first 64K of memory # Reduce attack surface by disabling various emulations - IA32_EMULATION n - X86_X32 n + IA32_EMULATION = no; + X86_X32 = no; # Note: this config depends on EXPERT y and so will not take effect, hence # it is left "optional" for now. - MODIFY_LDT_SYSCALL? n - - VMAP_STACK y # Catch kernel stack overflows + MODIFY_LDT_SYSCALL = option no; + VMAP_STACK = yes; # Catch kernel stack overflows # Randomize position of kernel and memory. - RANDOMIZE_BASE y - RANDOMIZE_MEMORY y + RANDOMIZE_BASE = yes; + RANDOMIZE_MEMORY = yes; # Disable legacy virtual syscalls by default (modern glibc use vDSO instead). # # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism, # which is supposed to be safer than the native variant (wrt. ret2libc), so # disabling it mainly helps reduce surface. - LEGACY_VSYSCALL_NONE y -''} - -# Safer page access permissions (wrt. code injection). Default on >=4.11. -${optionalString (versionOlder version "4.11") '' - DEBUG_RODATA y - DEBUG_SET_MODULE_RONX y -''} - -# Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n -# conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter -# implicitly marks LSM hooks read-only after init. -# -# SELinux can only be disabled at boot via selinux=0 -# -# We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the -# config builder fails to detect that it has indeed been unset. -${optionalString (versionAtLeast version "4.12") '' - SECURITY_SELINUX_DISABLE n - SECURITY_WRITABLE_HOOKS? n -''} - -DEBUG_WX y # boot-time warning on RWX mappings -${optionalString (versionAtLeast version "4.11") '' - STRICT_KERNEL_RWX y -''} - -# Stricter /dev/mem -STRICT_DEVMEM? y -IO_STRICT_DEVMEM? y - -# Perform additional validation of commonly targeted structures. -DEBUG_CREDENTIALS y -DEBUG_NOTIFIERS y -DEBUG_LIST y -DEBUG_PI_LIST y # doesn't BUG() -DEBUG_SG y -SCHED_STACK_END_CHECK y - -${optionalString (versionAtLeast version "4.13") '' - REFCOUNT_FULL y -''} - -# Perform usercopy bounds checking. -HARDENED_USERCOPY y -${optionalString (versionAtLeast version "4.16") '' - HARDENED_USERCOPY_FALLBACK n # for full whitelist enforcement -''} - -# Randomize allocator freelists. -SLAB_FREELIST_RANDOM y - -${optionalString (versionAtLeast version "4.14") '' - SLAB_FREELIST_HARDENED y -''} - -# Allow enabling slub/slab free poisoning with slub_debug=P -SLUB_DEBUG y - -# Wipe higher-level memory allocations on free() with page_poison=1 -PAGE_POISONING y -PAGE_POISONING_NO_SANITY y -PAGE_POISONING_ZERO y - -# Reboot devices immediately if kernel experiences an Oops. -PANIC_ON_OOPS y -PANIC_TIMEOUT -1 - -GCC_PLUGINS y # Enable gcc plugin options -# Gather additional entropy at boot time for systems that may not have appropriate entropy sources. -GCC_PLUGIN_LATENT_ENTROPY y - -${optionalString (versionAtLeast version "4.11") '' - GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin -''} -${optionalString (versionAtLeast version "4.14") '' - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address -''} -${optionalString (versionAtLeast version "4.20") '' - GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin -''} - -${optionalString (versionAtLeast version "4.13") '' - GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin - GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y -''} - -# Disable various dangerous settings -ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory -PROC_KCORE n # Exposes kernel text image layout -INET_DIAG n # Has been used for heap based attacks in the past - -# Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. -${optionalString (versionOlder version "4.18") '' - CC_STACKPROTECTOR_REGULAR n - CC_STACKPROTECTOR_STRONG y -''} - -# Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE -${optionalString (versionAtLeast version "4.13") '' - FORTIFY_SOURCE y -''} -'' + LEGACY_VSYSCALL_NONE = yes; +} // { + # Report BUG() conditions and kill the offending process. + BUG = yes; + + BUG_ON_DATA_CORRUPTION = whenAtLeast "4.10" yes; + + # Safer page access permissions (wrt. code injection). Default on >=4.11. + DEBUG_RODATA = whenOlder "4.11" yes; + DEBUG_SET_MODULE_RONX = whenOlder "4.11" yes; + + # Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n + # conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter + # implicitly marks LSM hooks read-only after init. + # + # SELinux can only be disabled at boot via selinux=0 + # + # We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the + # config builder fails to detect that it has indeed been unset. + SECURITY_SELINUX_DISABLE = whenAtLeast "4.12" no; + SECURITY_WRITABLE_HOOKS = whenAtLeast "4.12" (option no); + + DEBUG_WX = yes; # boot-time warning on RWX mappings + STRICT_KERNEL_RWX = whenAtLeast "4.11" yes; + + # Stricter /dev/mem + STRICT_DEVMEM = option yes; + IO_STRICT_DEVMEM = option yes; + + # Perform additional validation of commonly targeted structures. + DEBUG_CREDENTIALS = yes; + DEBUG_NOTIFIERS = yes; + DEBUG_LIST = yes; + DEBUG_PI_LIST = yes; # doesn't BUG() + DEBUG_SG = yes; + SCHED_STACK_END_CHECK = yes; + + REFCOUNT_FULL = whenAtLeast "4.13" yes; + + # Perform usercopy bounds checking. + HARDENED_USERCOPY = yes; + HARDENED_USERCOPY_FALLBACK = whenAtLeast "4.16" no; # for full whitelist enforcement + + # Randomize allocator freelists. + SLAB_FREELIST_RANDOM = yes; + + SLAB_FREELIST_HARDENED = whenAtLeast "4.14" yes; + + # Allow enabling slub/slab free poisoning with slub_debug=P + SLUB_DEBUG = yes; + + # Wipe higher-level memory allocations on free() with page_poison=1 + PAGE_POISONING = yes; + PAGE_POISONING_NO_SANITY = yes; + PAGE_POISONING_ZERO = yes; + + # Reboot devices immediately if kernel experiences an Oops. + PANIC_ON_OOPS = yes; + PANIC_TIMEOUT = freeform "-1"; + + GCC_PLUGINS = yes; # Enable gcc plugin options + # Gather additional entropy at boot time for systems that may = no;ot have appropriate entropy sources. + GCC_PLUGIN_LATENT_ENTROPY = yes; + + GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address + GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin + GCC_PLUGIN_RANDSTRUCT = whenAtLeast "4.13" yes; # A port of the PaX randstruct plugin + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenAtLeast "4.13" yes; + + # Disable various dangerous settings + ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory + PROC_KCORE = no; # Exposes kernel text image layout + INET_DIAG = no; # Has been used for heap based attacks in the past + + # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. + CC_STACKPROTECTOR_REGULAR = whenOlder "4.18" no; + CC_STACKPROTECTOR_STRONG = whenOlder "4.18" yes; + + # Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE + FORTIFY_SOURCE = whenAtLeast "4.13" yes; + +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 510018c2301e..484a821b94e6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14757,6 +14757,7 @@ in hardenedLinuxPackagesFor = kernel: linuxPackagesFor (kernel.override { features.ia32Emulation = false; extraConfig = import ../os-specific/linux/kernel/hardened-config.nix { + structuredExtraConfig = import ../os-specific/linux/kernel/hardened-config.nix { inherit stdenv; inherit (kernel) version; }; -- cgit 1.4.1 From e1ddb90ca8c99749d573054c0fc0b23372630ff1 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 27 Jan 2019 20:55:57 -0500 Subject: linux: 4.20-rc4 -> 4.20-rc5 --- pkgs/os-specific/linux/kernel/linux-testing.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index c3f3d3ce0cbc..22e31f2aec1c 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -1,13 +1,13 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, libelf, utillinux, ... } @ args: buildLinux (args // rec { - version = "5.0-rc3"; - modDirVersion = "5.0.0-rc3"; + version = "5.0-rc4"; + modDirVersion = "5.0.0-rc4"; extraMeta.branch = "5.0"; src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "03xw2zfa6cxy5vdfrfh536mh3gcm8hvj69ggpqixm8d1gqg0nln6"; + sha256 = "061afxv1d29w5kkb1rxrz3ax7pc5x8yhx5yjf9p1dbh7lw64rglh"; }; # Should the testing kernels ever be built on Hydra? -- cgit 1.4.1 From d80651d5d915f03b0c9520432e9cb98043c8c878 Mon Sep 17 00:00:00 2001 From: Tadeo Kondrak Date: Mon, 28 Jan 2019 01:04:03 -0700 Subject: libratbag: 0.9.903 -> 0.9.904 --- pkgs/os-specific/linux/libratbag/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/libratbag/default.nix b/pkgs/os-specific/linux/libratbag/default.nix index c614b39255d6..edba8b090df8 100644 --- a/pkgs/os-specific/linux/libratbag/default.nix +++ b/pkgs/os-specific/linux/libratbag/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { name = "libratbag-${version}"; - version = "0.9.903"; + version = "0.9.904"; src = fetchFromGitHub { owner = "libratbag"; repo = "libratbag"; rev = "v${version}"; - sha256 = "0cr5skrb7a5mgj7dkm647ib8336hb88bf11blaf6xldafi8b0jlj"; + sha256 = "0d2gw4bviy6zf1q9a18chlsbqylhppbby336fznh6nkpdl3jckfd"; }; nativeBuildInputs = [ -- cgit 1.4.1 From ef729e46d0b40ca974787fd3c6122cf6af2ae24b Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 28 Jan 2019 16:05:10 +0100 Subject: rdma-core: 21 -> 22 --- pkgs/os-specific/linux/rdma-core/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/rdma-core/default.nix b/pkgs/os-specific/linux/rdma-core/default.nix index 8f2c834672f5..1316775775ee 100644 --- a/pkgs/os-specific/linux/rdma-core/default.nix +++ b/pkgs/os-specific/linux/rdma-core/default.nix @@ -3,7 +3,7 @@ } : let - version = "21"; + version = "22"; in stdenv.mkDerivation { name = "rdma-core-${version}"; @@ -12,7 +12,7 @@ in stdenv.mkDerivation { owner = "linux-rdma"; repo = "rdma-core"; rev = "v${version}"; - sha256 = "0q4hdm14f1xz2h0m5d821fdyp7i917rvmkas5axmfr1myv5422fl"; + sha256 = "1xkd51bz6p85gahsw18knrvirn404ca98lqmp1assyn4irs7khx8"; }; nativeBuildInputs = [ cmake pkgconfig pandoc ]; -- cgit 1.4.1 From febda2b127ce34b6b408fe65a7c6b86923e97114 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Mon, 28 Jan 2019 10:42:04 -0500 Subject: Revert "mingw: use current package set for headers" This reverts commit 03072036937c250976f0522b070eefe96e8ab0f1. --- pkgs/os-specific/windows/mingw-w64/default.nix | 2 +- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/windows/mingw-w64/default.nix b/pkgs/os-specific/windows/mingw-w64/default.nix index 61a7fb149427..a7d4f09b90e9 100644 --- a/pkgs/os-specific/windows/mingw-w64/default.nix +++ b/pkgs/os-specific/windows/mingw-w64/default.nix @@ -21,6 +21,6 @@ in stdenv.mkDerivation { patches = [ ./osvi.patch ]; meta = { - platforms = stdenv.lib.platforms.all; + platforms = stdenv.lib.platforms.windows; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index eae1a744f1d5..735f69bad491 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6762,7 +6762,7 @@ in # built with, and use, that cross-compiled libc. gccCrossStageStatic = assert stdenv.targetPlatform != stdenv.hostPlatform; let libcCross1 = - if stdenv.targetPlatform.libc == "msvcrt" then windows.mingw_w64_headers + if stdenv.targetPlatform.libc == "msvcrt" then targetPackages.windows.mingw_w64_headers else if stdenv.targetPlatform.libc == "libSystem" then darwin.xcode else null; binutils1 = wrapBintoolsWith { -- cgit 1.4.1 From a5a796222bdc47d03b2af92e930fd9849d9d1fd9 Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Thu, 31 Jan 2019 13:34:42 +0900 Subject: linux: (re)take into account extraConfig PR #42838 wrongly started to ignore extraConfig. This fixes that. --- pkgs/os-specific/linux/kernel/generic.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index a41f1eb989bb..df9a628f83da 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -73,10 +73,10 @@ let features = kernelFeatures; # Ensure we know of all extra patches, etc. }; - # extra config in legacy string format - extraConfig = extraConfig + lib.optionalString (stdenv.hostPlatform.platform ? kernelExtraConfig) stdenv.hostPlatform.platform.kernelExtraConfig; - - intermediateNixConfig = configfile.moduleStructuredConfig.intermediateNixConfig; + intermediateNixConfig = configfile.moduleStructuredConfig.intermediateNixConfig + # extra config in legacy string format + + extraConfig + + lib.optionalString (stdenv.hostPlatform.platform ? kernelExtraConfig) stdenv.hostPlatform.platform.kernelExtraConfig; structuredConfigFromPatches = map ({extraStructuredConfig ? {}, ...}: {settings=extraStructuredConfig;}) kernelPatches; -- cgit 1.4.1 From 468b6cea72d40676a7d113008144990569895aea Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 31 Jan 2019 07:17:38 -0500 Subject: linux: 4.9.153 -> 4.9.154 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index aa32249563a5..c63fa6189eff 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.153"; + version = "4.9.154"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "06kksywm8yjvmhmwdkqmm6546j5nqprsal3k22p981smqag94rlh"; + sha256 = "15jnkpf6kg061970cwh2z0l6nscffl63y1d0rq5f2y3gq4d4ycav"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From f623daca2115815eefe51fd4dcf76eedbe8e78d1 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 31 Jan 2019 07:18:23 -0500 Subject: linux: 4.14.96 -> 4.14.97 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index c1e6d1ae6101..a63dd96a7b62 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.96"; + version = "4.14.97"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1dgcy0wy56rqd4w6qsbzassfwbamcxnyirfwr077wss13apaw38i"; + sha256 = "1x25x6scd81npiald8i5ybb5yy3n0dh6x56avm0n5z5bvlqwilld"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From e4c1ce97c38a6a2501cc46e332dbefe43cce5a4d Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 31 Jan 2019 07:18:36 -0500 Subject: linux: 4.19.18 -> 4.19.19 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 997a54bde819..05cfbb781734 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.18"; + version = "4.19.19"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1wgk1zpv3nyz44zb2j3qjrp35hkh2cfjg8m8smy8nxmzz5lc1zaz"; + sha256 = "1gb98s14w8gzbgd9r6hmppal92lqfjhf1s1rn1p6k7a7f3vcmbwr"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 705207ec9bb400d2ce0f3ebffd6cb5c2b0327ac2 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 31 Jan 2019 07:19:07 -0500 Subject: linux: 4.20.5 -> 4.20.6 --- pkgs/os-specific/linux/kernel/linux-4.20.nix | 4 ++-- pkgs/os-specific/linux/kernel/patches.nix | 8 -------- pkgs/top-level/all-packages.nix | 1 - 3 files changed, 2 insertions(+), 11 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.20.nix b/pkgs/os-specific/linux/kernel/linux-4.20.nix index 7b51fcac5cb9..9f2c3719f9fc 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.20.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.20.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.20.5"; + version = "4.20.6"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "057200c6wki2k29sp93gnmsq3pxjq5hs9pd2ncr66yll9abrd3gz"; + sha256 = "09fzspfs1hhbqgb3fh54q1i5jmakmxb1y180m5dn1zqwsxayx1a1"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 7aecea25625b..2ff0d5d26205 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -68,12 +68,4 @@ rec { sha256 = "0bp4jryihg1y2sl8zlj6w7vvnxj0kmb6xdy42hpvdv43kb6ngiaq"; }; }; - - raspberry_pi_wifi_fix = rec { - name = "raspberry-pi-wifi-fix"; - patch = fetchpatch { - url = https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/730522ae76aa57b89fa317c5084613d3d50cf3b8/core/linux-aarch64/0005-mmc-sdhci-iproc-handle-mmc_of_parse-errors-during-pr.patch; - sha256 = "0gbfycky28vbdjgys1z71wl5q073dmbrkvbnr6693jsda3qhp6za"; - }; - }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b398e4f51e70..ef3d4103338c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14555,7 +14555,6 @@ in [ kernelPatches.bridge_stp_helper kernelPatches.modinst_arg_list_too_long kernelPatches.revert-vfs-dont-open-real - kernelPatches.raspberry_pi_wifi_fix ]; }; -- cgit 1.4.1