diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2018-11-03 15:47:44 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2018-11-04 11:08:04 +0100 |
commit | 179b8146e668636fe59ef7663a6c8cd15d00db7e (patch) | |
tree | 5cb3a50f0f2d90d67e8777a9a3c899a879acdcfb /pkgs/os-specific/linux/systemd | |
parent | 587c3774abc075f117eb73bf01ef4d582de03411 (diff) | |
download | nixpkgs-179b8146e668636fe59ef7663a6c8cd15d00db7e.tar nixpkgs-179b8146e668636fe59ef7663a6c8cd15d00db7e.tar.gz nixpkgs-179b8146e668636fe59ef7663a6c8cd15d00db7e.tar.bz2 nixpkgs-179b8146e668636fe59ef7663a6c8cd15d00db7e.tar.lz nixpkgs-179b8146e668636fe59ef7663a6c8cd15d00db7e.tar.xz nixpkgs-179b8146e668636fe59ef7663a6c8cd15d00db7e.tar.zst nixpkgs-179b8146e668636fe59ef7663a6c8cd15d00db7e.zip |
systemd: apply patches from Debian
There are some security fixes among those.
Diffstat (limited to 'pkgs/os-specific/linux/systemd')
-rw-r--r-- | pkgs/os-specific/linux/systemd/default.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index db64b8e6f6d..1d45109ac85 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap, kmod +{ stdenv, lib, fetchFromGitHub, fetchpatch, fetchurl, pkgconfig, intltool, gperf, libcap, kmod , xz, pam, acl, libuuid, m4, utillinux, libffi , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor , audit, lz4, bzip2, libmicrohttpd, pcre2 @@ -30,6 +30,22 @@ in stdenv.mkDerivation rec { sha256 = "1xci0491j95vdjgs397n618zii3sgwnvanirkblqqw6bcvcjvir1"; }; + prePatch = let + # Upstream's maintenance branches are still too intrusive: + # https://github.com/systemd/systemd-stable/tree/v239-stable + patches-deb = fetchurl { + # When the URL disappears, it typically means that Debian has new patches + # (probably security) and updating to new tarball will apply them as well. + name = "systemd-debian-patches.tar.xz"; + url = mirror://debian/pool/main/s/systemd/systemd_239-11~bpo9+1.debian.tar.xz; + sha256 = "136f6p4jbi4z94mf4g099dfcacwka8jwhza0wxxw2q5l5q3xiysh"; + }; + # Note that we skip debian-specific patches, i.e. ./debian/patches/debian/* + in '' + tar xf ${patches-deb} + patches="$patches $(cat debian/patches/series | grep -v '^debian/' | sed 's|^|debian/patches/|')" + ''; + outputs = [ "out" "lib" "man" "dev" ]; nativeBuildInputs = |