diff options
author | Shea Levy <shea@shealevy.com> | 2018-03-28 09:36:47 -0400 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2018-03-28 09:36:47 -0400 |
commit | 05e375d7103ac51e2da917965c37246c99f1ae4f (patch) | |
tree | 7ec4e9a2f5b7b1e2dea7c3e059f5b40e1dac1569 /pkgs/os-specific/linux | |
parent | 335934a073d6024d54c71bf82d5f8baab13abe75 (diff) | |
parent | c7d7abc51e5f9b9c7481a83c47b37508bf08b05b (diff) | |
download | nixpkgs-05e375d7103ac51e2da917965c37246c99f1ae4f.tar nixpkgs-05e375d7103ac51e2da917965c37246c99f1ae4f.tar.gz nixpkgs-05e375d7103ac51e2da917965c37246c99f1ae4f.tar.bz2 nixpkgs-05e375d7103ac51e2da917965c37246c99f1ae4f.tar.lz nixpkgs-05e375d7103ac51e2da917965c37246c99f1ae4f.tar.xz nixpkgs-05e375d7103ac51e2da917965c37246c99f1ae4f.tar.zst nixpkgs-05e375d7103ac51e2da917965c37246c99f1ae4f.zip |
Merge remote-tracking branch 'origin/master' into staging
Diffstat (limited to 'pkgs/os-specific/linux')
22 files changed, 215 insertions, 344 deletions
diff --git a/pkgs/os-specific/linux/checkpolicy/default.nix b/pkgs/os-specific/linux/checkpolicy/default.nix index 8e01bb2a5c8..6ea73c9ac6c 100644 --- a/pkgs/os-specific/linux/checkpolicy/default.nix +++ b/pkgs/os-specific/linux/checkpolicy/default.nix @@ -2,27 +2,18 @@ stdenv.mkDerivation rec { name = "checkpolicy-${version}"; - version = "2.4"; + version = "2.7"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz"; - sha256 = "1m5wjm43lzp6bld8higsvdm2dkddydihhwv9qw2w9r4dm0largcv"; + sha256 = "009j9jc0hi4l7k8f21hn8fm25n0mqgzdpd4nk30nds6d3nglf4sl"; }; - # Don't build tests - postPatch = '' - sed '/-C test/d' -i Makefile - sed '1i#include <ctype.h>' -i checkpolicy.c - ''; - nativeBuildInputs = [ bison flex ]; buildInputs = [ libsepol ]; - NIX_CFLAGS_COMPILE = "-fstack-protector-all"; - preBuild = '' - makeFlagsArray+=("LEX=flex") makeFlagsArray+=("LIBDIR=${libsepol}/lib") makeFlagsArray+=("PREFIX=$out") ''; diff --git a/pkgs/os-specific/linux/dbus-broker/default.nix b/pkgs/os-specific/linux/dbus-broker/default.nix index 5d0728b7e24..67e4df3d6f9 100644 --- a/pkgs/os-specific/linux/dbus-broker/default.nix +++ b/pkgs/os-specific/linux/dbus-broker/default.nix @@ -17,8 +17,8 @@ stdenv.mkDerivation rec { buildInputs = [ dbus glib linuxHeaders systemd ]; - PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMUNITDIR = "${placeholder "out"}/lib/systemd/system"; - PKG_CONFIG_SYSTEMD_SYSTEMDUSERUNITDIR = "${placeholder "out"}/lib/systemd/user"; + PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMUNITDIR = "lib/systemd/system"; + PKG_CONFIG_SYSTEMD_SYSTEMDUSERUNITDIR = "lib/systemd/user"; postInstall = '' install -Dm644 ../README $out/share/doc/dbus-broker/README diff --git a/pkgs/os-specific/linux/ena/default.nix b/pkgs/os-specific/linux/ena/default.nix index 9ed691d69f0..e3f382ababc 100644 --- a/pkgs/os-specific/linux/ena/default.nix +++ b/pkgs/os-specific/linux/ena/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, fetchFromGitHub, kernel, kmod }: stdenv.mkDerivation rec { - version = "1.5.0"; + version = "1.5.2"; name = "ena-${version}-${kernel.version}"; src = fetchFromGitHub { owner = "amzn"; repo = "amzn-drivers"; rev = "ena_linux_${version}"; - sha256 = "1h3vnwa2129advyws69n0sqyra4nz68mng6g84whbvhzjyx810sj"; + sha256 = "18wf36092kr3zlpnqdkcdlim3vvjxy5f24zzsv4fwa7xg12mcfjm"; }; hardeningDisable = [ "pic" ]; diff --git a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix index acdba5987bb..206787ecb8b 100644 --- a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix +++ b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix @@ -2,51 +2,12 @@ stdenv.mkDerivation rec { name = "firmware-linux-nonfree-${version}"; - version = "2018-01-04-${src.iwlRev}"; + version = "2018-03-20"; - # The src runCommand automates the process of building a merged repository of both - # - # https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/ - # https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/linux-firmware.git/ - # - # This gives us up to date iwlwifi firmware as well as - # the usual set of firmware. firmware/linux-firmware usually lags kernel releases - # so iwlwifi cards will fail to load on newly released kernels. - # - # To update, go to the above repositories and look for latest tags / commits, then - # update version to the more recent commit date - - src = runCommand "firmware-linux-nonfree-src-merged-${version}" { - shallowSince = "2017-10-01"; - baseRev = "65b1c68c63f974d72610db38dfae49861117cae2"; - iwlRev = "iwlwifi-fw-2017-11-15"; - - # When updating this, you need to let it run with a wrong hash, in order to find out the desired hash - # randomly mutate the hash to break out of fixed hash, when updating - outputHash = "1anr7fblxfcrfrrgq98kzy64yrwygc2wdgi47skdmjxhi3wbrvxz"; - - outputHashAlgo = "sha256"; - outputHashMode = "recursive"; - - # Doing the download on a remote machine just duplicates network - # traffic, so don't do that. - preferLocalBuild = true; - - nativeBuildInputs = [ cacert git gnupg ]; - } '' - git init src && ( - cd src - git config user.email "build-daemon@nixos.org" - git config user.name "Nixos Build Daemon $name" - git remote add base https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git - git remote add iwl https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware.git - git fetch --shallow-since=$shallowSince base - git fetch --shallow-since=$shallowSince iwl - git checkout -b work $baseRev - git merge $iwlRev) - rm -rf src/.git - cp -a src $out - ''; + src = fetchgit { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"; + sha256 = "1gh5a2km33jj151j3q7mgkjzzhaaxlqxbb53n4ff46q658gv0wma"; + }; preInstall = '' mkdir -p $out diff --git a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix index 5aae37418ce..f5e219bc74e 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix @@ -1,15 +1,15 @@ { stdenv, buildPackages, hostPlatform, fetchgit, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.15.2018.02.09"; + version = "4.15.2018.03.22"; modDirVersion = "4.15.0"; extraMeta.branch = "master"; - extraMeta.maintainers = [ stdenv.lib.maintainers.davidak ]; + extraMeta.maintainers = [ stdenv.lib.maintainers.davidak stdenv.lib.maintainers.chiiruno ]; src = fetchgit { url = "https://evilpiepirate.org/git/bcachefs.git"; - rev = "4506cd5ead31209a6a646c2412cbc7be735ebda4"; - sha256 = "0fcyf3y27k2lga5na4dhdyc47br840gkqynv8gix297pqxgidrib"; + rev = "919a34d47a68f3e5f00a7ce5efb67748ec31bd62"; + sha256 = "1j17my3046ry8zdcvf8h2vnij89wkwmv64w3g2pf9lksh2909djw"; }; extraConfig = '' diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index bcc1ec14561..5e8e861af25 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -1,13 +1,13 @@ { stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, libelf, utillinux, ... } @ args: buildLinux (args // rec { - version = "4.16-rc6"; - modDirVersion = "4.16.0-rc6"; + version = "4.16-rc7"; + modDirVersion = "4.16.0-rc7"; extraMeta.branch = "4.16"; src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "0kwn1qj44pyb404qhwm4qr8mmfni8qfh1raf010d62i48n7pgv0d"; + sha256 = "13zpfjxd38202afjl6flc9brjw3sp4sfq3wls0v90k1i2b308qfi"; }; # Should the testing kernels ever be built on Hydra? diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix index c4c5b7cc3b9..26f3d89c662 100644 --- a/pkgs/os-specific/linux/kexectools/default.nix +++ b/pkgs/os-specific/linux/kexectools/default.nix @@ -22,5 +22,6 @@ stdenv.mkDerivation rec { homepage = http://horms.net/projects/kexec/kexec-tools; description = "Tools related to the kexec Linux feature"; platforms = platforms.linux; + badPlatforms = platforms.riscv; }; } diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix index c276f56dd8b..59d5db52ac6 100644 --- a/pkgs/os-specific/linux/libselinux/default.nix +++ b/pkgs/os-specific/linux/libselinux/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, libsepol, pcre +{ stdenv, fetchurl, pcre, pkgconfig, libsepol , enablePython ? true, swig ? null, python ? null , musl-fts }: @@ -9,12 +9,12 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "libselinux-${version}"; - version = "2.4"; + version = "2.7"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/libselinux-${version}.tar.gz"; - sha256 = "0yqg73ns97jwjh1iyv0jr5qxb8k5sqq5ywfkx11lzfn5yj8k0126"; + sha256 = "0mwcq78v6ngbq06xmb9dvilpg0jnl2vs9fgrpakhmmiskdvc1znh"; }; nativeBuildInputs = [ pkgconfig ]; @@ -22,36 +22,24 @@ stdenv.mkDerivation rec { ++ optionals enablePython [ swig python ] ++ optional stdenv.hostPlatform.isMusl musl-fts; - # Avoid this false warning: - # avc_internal.c: In function 'avc_netlink_receive': - # avc_internal.c:105:25: error: cast increases required alignment of target type [-Werror=cast-align] - # struct nlmsghdr *nlh = (struct nlmsghdr *)buf; - # ^ + # drop fortify here since package uses it by default, leading to compile error: + # command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror] + hardeningDisable = [ "fortify" ]; - NIX_CFLAGS_COMPILE = "-std=gnu89 -Wno-error=cast-align"; - - # Unreleased upstream patch that fixes Python package issue arising - # from recent SWIG changes. - patches = optional enablePython (fetchpatch { - name = "fix-python-swig.patch"; - url = "https://github.com/SELinuxProject/selinux/commit/a9604c30a5e2f71007d31aa6ba41cf7b95d94822.patch"; - sha256 = "0mjrclh0sd8m7vq0wvl6pg29ss415j3kn0266v8ixy4fprafagfp"; - stripLen = 1; - }); + NIX_CFLAGS_COMPILE = [ "-Wno-error" ]; postPatch = optionalString enablePython '' sed -i -e 's|\$(LIBDIR)/libsepol.a|${libsepol}/lib/libsepol.a|' src/Makefile - '' - + '' - sed '1i#include <sys/uio.h>' -i src/setrans_client.c ''; + # fix install locations preBuild = '' - # Build fails without this precreated - mkdir -p $out/include - makeFlagsArray+=("PREFIX=$out") makeFlagsArray+=("DESTDIR=$out") + makeFlagsArray+=("MAN3DIR=$out/share/man/man3") + makeFlagsArray+=("MAN5DIR=$out/share/man/man5") + makeFlagsArray+=("MAN8DIR=$out/share/man/man8") + makeFlagsArray+=("PYSITEDIR=$out/lib/${python.libPrefix}/site-packages") ''; installTargets = [ "install" ] ++ optional enablePython "install-pywrap"; diff --git a/pkgs/os-specific/linux/libsemanage/default.nix b/pkgs/os-specific/linux/libsemanage/default.nix index 587349e4067..45222bee6b0 100644 --- a/pkgs/os-specific/linux/libsemanage/default.nix +++ b/pkgs/os-specific/linux/libsemanage/default.nix @@ -1,31 +1,33 @@ -{ stdenv, fetchurl, bison, flex, libsepol, libselinux, ustr, bzip2, libaudit }: +{ stdenv, fetchurl, pkgconfig, bison, flex, libsepol, libselinux, bzip2, libaudit +, enablePython ? true, swig ? null, python ? null +}: + +with stdenv.lib; stdenv.mkDerivation rec { name = "libsemanage-${version}"; - version = "2.4"; + version = "2.7"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz"; - sha256 = "1134ka4mi4387ac5yv68bpp2y7ln5xxhwp07xhqnay0nxzjaqk0s"; + sha256 = "0xnlp1yg8b1aqc6kq3pss1i1nl06rfj4x4pyl5blasnf2ivlgs87"; }; - nativeBuildInputs = [ bison flex ]; - buildInputs = [ libsepol libselinux ustr bzip2 libaudit ]; - - NIX_CFLAGS_COMPILE = [ - "-fstack-protector-all" - "-std=gnu89" - # these were added to fix build with gcc7. review on update - "-Wno-error=format-truncation" - "-Wno-error=implicit-fallthrough" - ]; + nativeBuildInputs = [ bison flex pkgconfig ]; + buildInputs = [ libsepol libselinux bzip2 libaudit ] + ++ optionals enablePython [ swig python ]; preBuild = '' makeFlagsArray+=("PREFIX=$out") makeFlagsArray+=("DESTDIR=$out") + makeFlagsArray+=("MAN3DIR=$out/share/man/man3") + makeFlagsArray+=("MAN5DIR=$out/share/man/man5") + makeFlagsArray+=("PYSITEDIR=$out/lib/${python.libPrefix}/site-packages") ''; + installTargets = [ "install" ] ++ optionals enablePython [ "install-pywrap" ]; + meta = libsepol.meta // { description = "Policy management tools for SELinux"; license = stdenv.lib.licenses.lgpl21; diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index f7f393afb39..40872f7c1ac 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "libsepol-${version}"; - version = "2.4"; - se_release = "20150202"; + version = "2.7"; + se_release = "20170804"; se_url = "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases"; src = fetchurl { url = "${se_url}/${se_release}/libsepol-${version}.tar.gz"; - sha256 = "0ncnwhpc1gx4hrrb822fqkwy5h75zzngsrfkd5mlqh1jk7aib419"; + sha256 = "1rzr90d3f1g5wy1b8sh6fgnqb9migys2zgpjmpakn6lhxkc3p7fn"; }; nativeBuildInputs = [ flex ]; @@ -16,9 +16,11 @@ stdenv.mkDerivation rec { preBuild = '' makeFlagsArray+=("PREFIX=$out") makeFlagsArray+=("DESTDIR=$out") + makeFlagsArray+=("MAN8DIR=$out/share/man/man8") + makeFlagsArray+=("MAN3DIR=$out/share/man/man3") ''; - NIX_CFLAGS_COMPILE = [ "-Wno-error=implicit-fallthrough" ]; + NIX_CFLAGS_COMPILE = [ "-Wno-error" ]; passthru = { inherit se_release se_url; }; diff --git a/pkgs/os-specific/linux/nvidia-x11/builder-legacy173.sh b/pkgs/os-specific/linux/nvidia-x11/builder-legacy173.sh deleted file mode 100755 index 5d47df9a87a..00000000000 --- a/pkgs/os-specific/linux/nvidia-x11/builder-legacy173.sh +++ /dev/null @@ -1,99 +0,0 @@ -source $stdenv/setup - -dontPatchELF=1 # must keep libXv, $out in RPATH - - -unpackFile() { - sh $src -x -} - - -buildPhase() { - if test -z "$libsOnly"; then - echo "Building linux driver against kernel: " $kernel; - - cd usr/src/nv/ - - shopt -s nullglob - - for a in $kpatches; do - patch -p1 < $a - done - - # Workaround: get it to build on kernels that have CONFIG_XEN - # set. Disable the test, apply a patch to disable the Xen - # functionality. - - #substituteInPlace Makefile.kbuild --replace xen_sanity_check fnord - #patch -p1 < $xenPatch - - # Create the module. - kernelVersion=$(cd $kernel/lib/modules && ls) - sysSource=$(echo $kernel/lib/modules/$kernelVersion/source) - sysOut=$(echo $kernel/lib/modules/$kernelVersion/build) - unset src # used by the nv makefile - make SYSSRC=$sysSource SYSOUT=$sysOut module - cd ../../.. - fi -} - - -installPhase() { - - # Install libGL and friends. - mkdir -p $out/lib - cp -prd usr/lib/* usr/X11R6/lib/libXv* $out/lib/ - - ln -snf libGLcore.so.$versionNumber $out/lib/libGLcore.so - ln -snf libGLcore.so.$versionNumber $out/lib/libGLcore.so.1 - ln -snf libGL.so.$versionNumber $out/lib/libGL.so - ln -snf libGL.so.$versionNumber $out/lib/libGL.so.1 - ln -snf libnvidia-cfg.so.$versionNumber $out/lib/libnvidia-cfg.so.1 - ln -snf libnvidia-tls.so.$versionNumber $out/lib/libnvidia-tls.so.1 - ln -snf libnvidia-tls.so.$versionNumber $out/lib/tls/libnvidia-tls.so.1 - ln -snf libXvMCNVIDIA.so.$versionNumber $out/lib/libXvMCNVIDIA_dynamic.so.1 - ln -snf libcuda.so.$versionNumber $out/lib/libcuda.so.1 - - patchelf --set-rpath $out/lib:$glPath $out/lib/libGL.so.*.* - patchelf --set-rpath $out/lib:$glPath $out/lib/libXvMCNVIDIA.so.*.* - set +e - # Legacy nvidia doesn't have cuda - patchelf --set-rpath $cudaPath $out/lib/libcuda.so.*.* - set -e - - if test -z "$libsOnly"; then - - # Install the kernel module. - mkdir -p $out/lib/modules/$kernelVersion/misc - cp usr/src/nv/nvidia.ko $out/lib/modules/$kernelVersion/misc - - # Install the X driver. - mkdir -p $out/lib/xorg/modules - cp -prd usr/X11R6/lib/modules/* $out/lib/xorg/modules/ - - ln -snf libnvidia-wfb.so.$versionNumber $out/lib/xorg/modules/libnvidia-wfb.so.1 - ln -snf libglx.so.$versionNumber $out/lib/xorg/modules/extensions/libglx.so - - patchelf --set-rpath $out/lib $out/lib/xorg/modules/extensions/libglx.so.*.* - - # Install the programs. - mkdir -p $out/bin - - for i in nvidia-settings nvidia-xconfig; do - cp usr/bin/$i $out/bin/$i - patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ - --set-rpath $out/lib:$programPath:$glPath $out/bin/$i - done - - # Header files etc. - cp -prd usr/include usr/share $out - - # Patch the `nvidia-settings.desktop' file. - substituteInPlace $out/share/applications/nvidia-settings.desktop \ - --replace '__UTILS_PATH__' $out/bin \ - --replace '__PIXMAP_PATH__' $out/share/pixmaps - fi -} - - -genericBuild diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index d0348bd67d4..57899d6f893 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -46,12 +46,13 @@ rec { persistencedSha256 = null; useGLVND = false; useProfiles = false; + settings32Bit = true; prePatch = let debPatches = fetchurl { url = "mirror://debian/pool/non-free/n/nvidia-graphics-drivers-legacy-304xx/" - + "nvidia-graphics-drivers-legacy-304xx_304.135-2.debian.tar.xz"; - sha256 = "0mhji0ssn7075q5a650idigs48kzf11pzj2ca2n07rwxg3vj6pdr"; + + "nvidia-graphics-drivers-legacy-304xx_304.137-5.debian.tar.xz"; + sha256 = "0n8512mfcnvklfbg8gv4lzbkm3z6nncwj6ix2b8ngdkmc04f3b6l"; }; prefix = "debian/module/debian/patches"; applyPatches = pnames: if pnames == [] then null else @@ -63,6 +64,4 @@ rec { in applyPatches [ "fix-typos" ]; patches = maybePatch_drm_legacy; }; - - legacy_173 = callPackage ./legacy173.nix { }; } diff --git a/pkgs/os-specific/linux/nvidia-x11/generic.nix b/pkgs/os-specific/linux/nvidia-x11/generic.nix index bde8ad361dc..13e5d1b76ea 100644 --- a/pkgs/os-specific/linux/nvidia-x11/generic.nix +++ b/pkgs/os-specific/linux/nvidia-x11/generic.nix @@ -6,6 +6,7 @@ , useGLVND ? true , useProfiles ? true , preferGtk2 ? false +, settings32Bit ? false , prePatch ? "" , patches ? [] @@ -68,7 +69,7 @@ let disallowedReferences = optional (!libsOnly) [ kernel.dev ]; passthru = { - settings = callPackage (import ./settings.nix self settingsSha256) { + settings = (if settings32Bit then callPackage_i686 else callPackage) (import ./settings.nix self settingsSha256) { withGtk2 = preferGtk2; withGtk3 = !preferGtk2; }; @@ -79,7 +80,7 @@ let homepage = http://www.nvidia.com/object/unix.html; description = "X.org driver and kernel module for NVIDIA graphics cards"; license = licenses.unfreeRedistributable; - platforms = platforms.linux; + platforms = [ "i686-linux" "x86_64-linux" ]; maintainers = [ maintainers.vcunat ]; priority = 4; # resolves collision with xorg-server's "lib/xorg/modules/extensions/libglx.so" }; diff --git a/pkgs/os-specific/linux/nvidia-x11/legacy173.nix b/pkgs/os-specific/linux/nvidia-x11/legacy173.nix deleted file mode 100644 index 51a230974c8..00000000000 --- a/pkgs/os-specific/linux/nvidia-x11/legacy173.nix +++ /dev/null @@ -1,53 +0,0 @@ -{stdenv, fetchurl, kernel, xorg, zlib, gtk2, atk, pango, glib, gdk_pixbuf}: - -let - - versionNumber = "173.14.39"; - -in - -stdenv.mkDerivation { - name = "nvidia-x11-${versionNumber}-${kernel.version}"; - - builder = ./builder-legacy173.sh; - - src = - if stdenv.system == "i686-linux" then - fetchurl { - url = "https://download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}-pkg0.run"; - sha256 = "08xb7s7cxmj4zv4i3645kjhlhhwxiq6km9ixmsw3vv91f7rkb6d0"; - } - else if stdenv.system == "x86_64-linux" then - fetchurl { - url = "https://download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}-pkg0.run"; - sha256 = "1p2ls0xj81l8v4n6dbjj3p5wlw1iyhgzyvqcv4h5fdxhhs2cb3md"; - } - else throw "nvidia-x11 does not support platform ${stdenv.system}"; - - kernel = kernel.dev; - - hardeningDisable = [ "pic" "format" ]; - - inherit versionNumber; - - dontStrip = true; - - glPath = stdenv.lib.makeLibraryPath [xorg.libXext xorg.libX11 xorg.libXrandr]; - - cudaPath = stdenv.lib.makeLibraryPath [zlib stdenv.cc.cc]; - - programPath = stdenv.lib.makeLibraryPath [ gtk2 atk pango glib gdk_pixbuf xorg.libXv ]; - - passthru = { - settings = null; - persistenced = null; - useGLVND = false; - useProfiles = false; - }; - - meta = { - homepage = http://www.nvidia.com/object/unix.html; - description = "X.org driver and kernel module for Legacy NVIDIA graphics cards"; - license = stdenv.lib.licenses.unfree; - }; -} diff --git a/pkgs/os-specific/linux/nvidia-x11/persistenced.nix b/pkgs/os-specific/linux/nvidia-x11/persistenced.nix index 22fd1242700..21e6cb5d500 100644 --- a/pkgs/os-specific/linux/nvidia-x11/persistenced.nix +++ b/pkgs/os-specific/linux/nvidia-x11/persistenced.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { homepage = http://www.nvidia.com/object/unix.html; description = "Settings application for NVIDIA graphics cards"; license = licenses.unfreeRedistributable; - platforms = platforms.linux; + platforms = nvidia_x11.meta.platforms; maintainers = with maintainers; [ abbradar ]; }; } diff --git a/pkgs/os-specific/linux/nvidia-x11/settings.nix b/pkgs/os-specific/linux/nvidia-x11/settings.nix index 92577d03a51..e2ef51da380 100644 --- a/pkgs/os-specific/linux/nvidia-x11/settings.nix +++ b/pkgs/os-specific/linux/nvidia-x11/settings.nix @@ -83,7 +83,7 @@ stdenv.mkDerivation rec { homepage = http://www.nvidia.com/object/unix.html; description = "Settings application for NVIDIA graphics cards"; license = licenses.unfreeRedistributable; - platforms = platforms.linux; + platforms = nvidia_x11.meta.platforms; maintainers = with maintainers; [ abbradar ]; }; } diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index 980b77f8df2..a7cac46ae6a 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -1,64 +1,33 @@ -{ stdenv, fetchurl, pythonPackages, gettext -, setools, libsepol, libselinux, libcap_ng, libsemanage, sepolgen -}: +{ stdenv, fetchurl, gettext, libsepol, libselinux, libsemanage }: stdenv.mkDerivation rec { name = "policycoreutils-${version}"; - version = "2.4"; + version = "2.7"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz"; - sha256 = "0y9l9k60iy21hj0lcvfdfxs1fxydg6d3pxp9rhy7hwr4y5vgh6dq"; + sha256 = "1x742c7lkw30namhkw87yg7z384qzqjz0pvmqs0lk19v6958l6qa"; }; - patches = [ ./fix-printf-type.patch ]; - postPatch = '' - # Fix references to libsepol.a - find . -name Makefile -exec sed -i 's,[^ ]*/libsepol.a,${libsepol}/lib/libsepol.a,g' {} \; - # Fix install references - substituteInPlace po/Makefile --replace /usr/bin/install install - - # Fix references to /usr/share - grep -r '/usr/share' | awk -F: '{print $1}' | xargs sed -i "s,\(\$(DESTDIR)\)*/usr/share,$out/share,g" - - # Fix sepolicy install - sed -i "s,\(setup.py install\).*,\1 --prefix=$out,g" sepolicy/Makefile - - # Fix setuid install - sed -i 's|-m 4755|-m 755|' sandbox/Makefile + substituteInPlace po/Makefile \ + --replace /usr/bin/install install --replace /usr/share /share + substituteInPlace newrole/Makefile --replace /usr/share /share ''; - nativeBuildInputs = [ pythonPackages.python gettext ]; - buildInputs = [ setools libsepol libselinux libcap_ng libsemanage ]; - pythonPath = [ libselinux sepolgen ]; + nativeBuildInputs = [ gettext ]; + buildInputs = [ libsepol libselinux libsemanage ]; preBuild = '' makeFlagsArray+=("PREFIX=$out") makeFlagsArray+=("DESTDIR=$out") + makeFlagsArray+=("BASHCOMPLETIONDIR=$out/share/bash-completion/completions") + makeFlagsArray+=("LOCALEDIR=$out/share/locale") + makeFlagsArray+=("MAN5DIR=$out/share/man/man5") ''; - # Creation of the system-config-selinux directory is broken - preInstall = '' - mkdir -p $out/share/system-config-selinux - ''; - - # Fix the python scripts to include paths to libraries - # NOTE: We are not using wrapPythonPrograms or makeWrapper as these scripts - # purge the environment as a security measure - postInstall = '' - grep -r '#!.*python' $out/bin | awk -F: '{print $1}' | xargs sed -i "1a \ - import sys; \ - sys.path.append('$(toPythonPath "$out")'); \ - ${stdenv.lib.flip stdenv.lib.concatMapStrings pythonPath (lib: '' - sys.path.append('$(toPythonPath "${lib}")'); \ - '')}" - ''; - - NIX_CFLAGS_COMPILE = "-fstack-protector-all"; - meta = with stdenv.lib; { description = "SELinux policy core utilities"; license = licenses.gpl2; diff --git a/pkgs/os-specific/linux/policycoreutils/fix-printf-type.patch b/pkgs/os-specific/linux/policycoreutils/fix-printf-type.patch deleted file mode 100644 index 6ab2d6dccc7..00000000000 --- a/pkgs/os-specific/linux/policycoreutils/fix-printf-type.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nru policycoreutils-2.4/setfiles/restore.c policycoreutils-2.4.new/setfiles/restore.c ---- policycoreutils-2.4/setfiles/restore.c 2015-02-02 09:38:10.000000000 -0500 -+++ policycoreutils-2.4.new/setfiles/restore.c 2015-08-29 20:44:13.693023222 -0400 -@@ -118,7 +118,7 @@ - r_opts->count++; - if (r_opts->count % STAR_COUNT == 0) { - if (r_opts->progress == 1) { -- fprintf(stdout, "\r%luk", (size_t) r_opts->count / STAR_COUNT ); -+ fprintf(stdout, "\r%zuk", (size_t) r_opts->count / STAR_COUNT ); - } else { - if (r_opts->nfile > 0) { - progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100; diff --git a/pkgs/os-specific/linux/selinux-python/default.nix b/pkgs/os-specific/linux/selinux-python/default.nix new file mode 100644 index 00000000000..8ac207d6421 --- /dev/null +++ b/pkgs/os-specific/linux/selinux-python/default.nix @@ -0,0 +1,49 @@ +{ stdenv, fetchurl, python3 +, libselinux, libsemanage, libsepol, setools }: + +# this is python3 only because setools only supports python3 + +with stdenv.lib; +with python3.pkgs; + +stdenv.mkDerivation rec { + name = "selinux-python-${version}"; + version = "2.7"; + se_release = "20170804"; + se_url = "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases"; + + src = fetchurl { + url = "${se_url}/${se_release}/selinux-python-${version}.tar.gz"; + sha256 = "1va0y4b7cah7rprh04b3ylmwqgnivpkw5z2zw68nrafdbsbcn5s2"; + }; + + nativeBuildInputs = [ wrapPython ]; + buildInputs = [ libsepol python3 ]; + propagatedBuildInputs = [ libselinux libsemanage setools ipy ]; + + postPatch = '' + substituteInPlace sepolicy/Makefile --replace "echo --root" "echo --prefix" + ''; + + preBuild = '' + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") + makeFlagsArray+=("LOCALEDIR=$out/share/locale") + makeFlagsArray+=("LIBSEPOLA=${libsepol}/lib/libsepol.a") + makeFlagsArray+=("BASHCOMPLETIONDIR=$out/share/bash-completion/completions") + makeFlagsArray+=("PYTHON=${python3}/bin/python") + makeFlagsArray+=("PYTHONLIBDIR=lib/${python3.libPrefix}/site-packages") + ''; + + postFixup = '' + wrapPythonPrograms + ''; + + meta = { + description = "SELinux policy core utilities written in Python"; + license = licenses.gpl2; + homepage = https://selinuxproject.org; + platforms = platforms.linux; + }; +} + diff --git a/pkgs/os-specific/linux/selinux-sandbox/default.nix b/pkgs/os-specific/linux/selinux-sandbox/default.nix new file mode 100644 index 00000000000..71d2ee6e80a --- /dev/null +++ b/pkgs/os-specific/linux/selinux-sandbox/default.nix @@ -0,0 +1,61 @@ +{ stdenv, fetchurl, bash, coreutils, python3 +, libcap_ng, policycoreutils, selinux-python, dbus +, xorgserver, openbox, xmodmap }: + +# this is python3 only as it depends on selinux-python + +with stdenv.lib; +with python3.pkgs; + +stdenv.mkDerivation rec { + name = "selinux-sandbox-${version}"; + version = "2.7"; + se_release = "20170804"; + + src = fetchurl { + url = "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${se_release}/selinux-sandbox-${version}.tar.gz"; + sha256 = "0hf5chm90iapb42njaps6p5460ys3ajh5446ja544vdbh01n544l"; + }; + + nativeBuildInputs = [ wrapPython ]; + buildInputs = [ bash coreutils libcap_ng policycoreutils python3 xorgserver openbox xmodmap dbus ]; + propagatedBuildInputs = [ pygobject3 selinux-python ]; + + postPatch = '' + # Fix setuid install + substituteInPlace Makefile --replace "-m 4755" "-m 755" + substituteInPlace sandboxX.sh \ + --replace "#!/bin/sh" "#!${bash}/bin/sh" \ + --replace "/usr/share/sandbox/start" "${placeholder "out"}/share/sandbox/start" \ + --replace "/usr/bin/cut" "${coreutils}/bin/cut" \ + --replace "/usr/bin/Xephyr" "${xorgserver}/bin/Xepyhr" \ + --replace "secon" "${policycoreutils}/bin/secon" + substituteInPlace sandbox \ + --replace "/usr/sbin/seunshare" "$out/bin/seunshare" \ + --replace "/usr/share/sandbox" "$out/share/sandbox" \ + --replace "/usr/share/locale" "${policycoreutils}/share/locale" \ + --replace "/usr/bin/openbox" "${openbox}/bin/openbox" \ + --replace "#!/bin/sh" "#!${bash}/bin/sh" \ + --replace "dbus-" "${dbus}/bin/dbus-" \ + --replace "/usr/bin/xmodmap" "${xmodmap}/bin/xmodmap" \ + --replace "/usr/bin/shred" "${coreutils}/bin/shred" \ + --replace "/usr/bin/test" "${coreutils}/bin/test" \ + ''; + + preBuild = '' + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") + ''; + + postFixup = '' + wrapPythonPrograms + ''; + + meta = { + description = "SELinux sandbox utility"; + license = licenses.gpl2; + homepage = https://selinuxproject.org; + platforms = platforms.linux; + }; +} + diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix index 8262c03e1e5..9cb5785ca98 100644 --- a/pkgs/os-specific/linux/setools/default.nix +++ b/pkgs/os-specific/linux/setools/default.nix @@ -1,35 +1,42 @@ -{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, bison, flex -, python, swig2, tcl, libsepol, libselinux, libxml2, sqlite, bzip2 }: +{ stdenv, fetchFromGitHub, bison, flex, python3 , swig +, libsepol, libselinux, checkpolicy +, withGraphics ? false +}: -stdenv.mkDerivation rec { - name = "setools-2015-02-12"; +with stdenv.lib; +with python3.pkgs; + +buildPythonApplication rec { + pname = "setools"; + version = "2017-11-10"; src = fetchFromGitHub { owner = "TresysTechnology"; - repo = "setools3"; - rev = "f1e5b208d507171968ca4d2eeefd7980f1004a3c"; - sha256 = "02gzy2kpszhr13f0d9qfiwh2hj4201g2x366j53v5n5qz481aykd"; + repo = pname; + rev = "a1aa0f33f5c428d3f9fe82960ed5de36f38047f7"; + sha256 = "0iyj35fff93cprjkzbkg9dn5xz8dg5h2kjx3476fl625nxxskndn"; }; - configureFlags = [ - "--disable-gui" - "--with-sepol-devel=${libsepol}" - "--with-selinux-devel=${libselinux}" - "--with-tcl=${tcl}/lib" - ]; + nativeBuildInputs = [ bison flex ]; + buildInputs = [ libsepol swig ]; + propagatedBuildInputs = [ enum34 libselinux networkx ] + ++ optionals withGraphics [ pyqt5 ]; - hardeningDisable = [ "format" ]; + checkInputs = [ tox checkpolicy ]; + preCheck = '' + export CHECKPOLICY=${checkpolicy}/bin/checkpolicy + ''; - NIX_CFLAGS_COMPILE = "-fstack-protector-all"; - NIX_LDFLAGS = "-L${libsepol}/lib -L${libselinux}/lib"; + setupPyBuildFlags = [ "-i" ]; - nativeBuildInputs = [ autoreconfHook pkgconfig python swig2 bison flex ]; - buildInputs = [ tcl libxml2 sqlite bzip2 ]; + preBuild = '' + export SEPOL="${libsepol}/lib/libsepol.a" + ''; meta = { description = "SELinux Tools"; - homepage = http://oss.tresys.com/projects/setools/; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; + homepage = https://github.com/TresysTechnology/setools/wiki; + license = licenses.gpl2; + platforms = platforms.linux; }; } diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index d815203f845..43eb8331730 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -10,6 +10,7 @@ , getent , hostPlatform , buildPackages +, withSelinux ? false, libselinux }: assert stdenv.isLinux; @@ -42,11 +43,14 @@ in stdenv.mkDerivation rec { buildInputs = [ linuxHeaders libcap kmod xz pam acl /* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2 - libmicrohttpd kexectools libseccomp libffi audit lz4 bzip2 libapparmor + libmicrohttpd ] ++ + stdenv.lib.meta.enableIfAvailable kexectools ++ + stdenv.lib.meta.enableIfAvailable libseccomp ++ + [ libffi audit lz4 bzip2 libapparmor iptables gnu-efi # This is actually native, but we already pull it from buildPackages pythonLxmlEnv - ]; + ] ++ stdenv.lib.optionals withSelinux [ libselinux ]; #dontAddPrefix = true; |