diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-05-13 00:32:00 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-05-13 00:41:26 +0000 |
commit | 439d80fbdcdf6245444e99e3764f233122c86358 (patch) | |
tree | bd769aabc0c8e46d3fdf8f0cc80297463e7d0dba /pkgs/os-specific | |
parent | cc2d9c385f776f38fa37656b8440b5c4a460e9a7 (diff) | |
parent | 9f5e9ef4b71a2a1ea8efef56f5876cdc846d6387 (diff) | |
download | nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.gz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.bz2 nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.lz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.xz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.zst nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.zip |
Merge remote-tracking branch 'nixpkgs/master' into master
Diffstat (limited to 'pkgs/os-specific')
98 files changed, 2681 insertions, 368 deletions
diff --git a/pkgs/os-specific/darwin/binutils/default.nix b/pkgs/os-specific/darwin/binutils/default.nix index e31f9b91f97..fad33b21d04 100644 --- a/pkgs/os-specific/darwin/binutils/default.nix +++ b/pkgs/os-specific/darwin/binutils/default.nix @@ -16,7 +16,7 @@ in stdenv.mkDerivation { pname = "${targetPrefix}cctools-binutils-darwin"; inherit (cctools) version; - outputs = [ "out" "info" "man" ]; + outputs = [ "out" "man" ]; buildCommand = '' mkdir -p $out/bin $out/include @@ -42,12 +42,13 @@ stdenv.mkDerivation { ln -s ${cctools}/libexec $out/libexec - mkdir -p "$info/nix-support" "$man/nix-support" - printWords ${binutils-unwrapped.info} \ - >> $info/nix-support/propagated-build-inputs - # FIXME: cctools missing man pages - printWords ${binutils-unwrapped.man} \ - >> $man/nix-support/propagated-build-inputs + mkdir -p "$man"/share/man/man{1,5} + for i in ${builtins.concatStringsSep " " cmds}; do + for path in "${cctools.man}"/share/man/man?/$i.*; do + dest_path="$man''${path#${cctools.man}}" + ln -sv "$path" "$dest_path" + done + done ''; passthru = { diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix index 368f2938064..0c25f225291 100644 --- a/pkgs/os-specific/darwin/cctools/port.nix +++ b/pkgs/os-specific/darwin/cctools/port.nix @@ -1,4 +1,5 @@ { stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook +, installShellFiles , libcxxabi, libuuid , libobjc ? null, maloader ? null , enableTapiSupport ? true, libtapi @@ -28,9 +29,9 @@ let sha256 = "0h8b1my0wf1jyjq63wbiqkl2clgxsf87f6i4fjhqs431fzlq8sac"; }; - outputs = [ "out" "dev" ]; + outputs = [ "out" "dev" "man" ]; - nativeBuildInputs = [ autoconf automake libtool autoreconfHook ]; + nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ]; buildInputs = [ libuuid ] ++ stdenv.lib.optionals stdenv.isDarwin [ libcxxabi libobjc ] ++ stdenv.lib.optional enableTapiSupport libtapi; @@ -88,6 +89,8 @@ let pushd include make DSTROOT=$out/include RC_OS=common install popd + + installManPage ar/ar.{1,5} ''; passthru = { diff --git a/pkgs/os-specific/darwin/skhd/default.nix b/pkgs/os-specific/darwin/skhd/default.nix index f4a9991f8ee..d145c0d75d0 100644 --- a/pkgs/os-specific/darwin/skhd/default.nix +++ b/pkgs/os-specific/darwin/skhd/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "skhd"; - version = "0.3.0"; + version = "0.3.5"; src = fetchFromGitHub { owner = "koekeishiya"; - repo = "skhd"; + repo = pname; rev = "v${version}"; - sha256 = "13pqnassmzppy2ipv995rh8lzw9rraxvi0ph6zgy63cbsdfzbhgl"; + sha256 = "0x099979kgpim18r0vi9vd821qnv0rl3rkj0nd1nx3wljxgf7mrg"; }; buildInputs = [ Carbon ]; @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { description = "Simple hotkey daemon for macOS"; homepage = "https://github.com/koekeishiya/skhd"; platforms = platforms.darwin; - maintainers = with maintainers; [ lnl7 periklis ]; + maintainers = with maintainers; [ cmacrae lnl7 periklis ]; license = licenses.mit; }; } diff --git a/pkgs/os-specific/darwin/spacebar/default.nix b/pkgs/os-specific/darwin/spacebar/default.nix new file mode 100644 index 00000000000..9cbd6e62c7a --- /dev/null +++ b/pkgs/os-specific/darwin/spacebar/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge }: + +stdenv.mkDerivation rec { + pname = "spacebar"; + version = "0.5.0"; + + src = fetchFromGitHub { + owner = "somdoron"; + repo = pname; + rev = "v${version}"; + sha256 = "0v8v4xsc67qpzm859r93ggq7rr7hmaj6dahdlg6g3ppj81cq0khz"; + }; + + buildInputs = [ Carbon Cocoa ScriptingBridge ]; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1/ + cp ./bin/spacebar $out/bin/spacebar + cp ./doc/spacebar.1 $out/share/man/man1/spacebar.1 + ''; + + meta = with stdenv.lib; { + description = "A status bar for yabai tiling window management"; + homepage = "https://github.com/somdoron/spacebar"; + platforms = platforms.darwin; + maintainers = [ maintainers.cmacrae ]; + license = licenses.mit; + }; +} diff --git a/pkgs/os-specific/darwin/yabai/default.nix b/pkgs/os-specific/darwin/yabai/default.nix new file mode 100644 index 00000000000..7103c7825cc --- /dev/null +++ b/pkgs/os-specific/darwin/yabai/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge }: + +stdenv.mkDerivation rec { + pname = "yabai"; + version = "3.0.0"; + + src = fetchFromGitHub { + owner = "koekeishiya"; + repo = pname; + rev = "v${version}"; + sha256 = "0ajsh85p2vx18h3s4nicasyhdbh82zg97b1ryhi6l5lkbjpdl4ah"; + }; + + buildInputs = [ Carbon Cocoa ScriptingBridge ]; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1/ + cp ./bin/yabai $out/bin/yabai + cp ./doc/yabai.1 $out/share/man/man1/yabai.1 + ''; + + meta = with stdenv.lib; { + description = '' + A tiling window manager for macOS based on binary space partitioning + ''; + homepage = "https://github.com/koekeishiya/yabai"; + platforms = platforms.darwin; + maintainers = [ maintainers.cmacrae ]; + license = licenses.mit; + }; +} diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix index 95189465284..335ae204833 100644 --- a/pkgs/os-specific/linux/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-lib/default.nix @@ -1,25 +1,27 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, alsa-ucm-conf, alsa-topology-conf }: stdenv.mkDerivation rec { - name = "alsa-lib-1.1.9"; + name = "alsa-lib-1.2.2"; src = fetchurl { url = "mirror://alsa/lib/${name}.tar.bz2"; - sha256 = "0jwr9g4yxg9gj6xx0sb2r6wrdl8amrjd19hilkrq4rirynp770s8"; + sha256 = "1v5kb8jyvrpkvvq7dq8hfbmcj68lml97i4s0prxpfx2mh3c57s6q"; }; patches = [ ./alsa-plugin-conf-multilib.patch ]; + enableParallelBuilding = true; + # Fix pcm.h file in order to prevent some compilation bugs - # 2: see http://stackoverflow.com/questions/3103400/how-to-overcome-u-int8-t-vs-uint8-t-issue-efficiently postPatch = '' sed -i -e 's|//int snd_pcm_mixer_element(snd_pcm_t \*pcm, snd_mixer_t \*mixer, snd_mixer_elem_t \*\*elem);|/\*int snd_pcm_mixer_element(snd_pcm_t \*pcm, snd_mixer_t \*mixer, snd_mixer_elem_t \*\*elem);\*/|' include/pcm.h + ''; - - sed -i -e '1i#include <stdint.h>' include/pcm.h - sed -i -e 's/u_int\([0-9]*\)_t/uint\1_t/g' include/pcm.h + postInstall = '' + ln -s ${alsa-ucm-conf}/share/alsa/{ucm,ucm2} $out/share/alsa + ln -s ${alsa-topology-conf}/share/alsa/topology $out/share/alsa ''; outputs = [ "out" "dev" ]; diff --git a/pkgs/os-specific/linux/alsa-plugins/default.nix b/pkgs/os-specific/linux/alsa-plugins/default.nix index b524d7906da..a69d86c5c4d 100644 --- a/pkgs/os-specific/linux/alsa-plugins/default.nix +++ b/pkgs/os-specific/linux/alsa-plugins/default.nix @@ -9,9 +9,11 @@ stdenv.mkDerivation rec { sha256 = "0z9k3ssbfk2ky2w13avgyf202j1drsz9sv3834bp33cj1i2hc3qw"; }; + nativeBuildInputs = [ pkgconfig ]; + # ToDo: a52, etc.? buildInputs = - [ pkgconfig alsaLib libogg ] + [ alsaLib libogg ] ++ lib.optional (libpulseaudio != null) libpulseaudio ++ lib.optional (libjack2 != null) libjack2; diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-tools/default.nix index 151549aa67b..2fef5e07c63 100644 --- a/pkgs/os-specific/linux/alsa-tools/default.nix +++ b/pkgs/os-specific/linux/alsa-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "alsa-tools"; - version = "1.1.7"; + version = "1.2.2"; src = fetchurl { url = "mirror://alsa/tools/${pname}-${version}.tar.bz2"; - sha256 = "1xjfghr9s0j6n91kgs95cc4r6qrjsgc4yj2w0nir3xpnm0l36950"; + sha256 = "0jbkjmq038zapj66a7nkppdf644v2mwj581xbmh6k4i8w6mcglxz"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/os-specific/linux/alsa-topology-conf/default.nix b/pkgs/os-specific/linux/alsa-topology-conf/default.nix new file mode 100644 index 00000000000..f73bbbdba35 --- /dev/null +++ b/pkgs/os-specific/linux/alsa-topology-conf/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "alsa-topology-conf-${version}"; + version = "1.2.2"; + + src = fetchurl { + url = "mirror://alsa/lib/${name}.tar.bz2"; + sha256 = "09cls485ckdjsp4azhv3nw7chyg3r7zrqgald6yp70f7cysxcwml"; + }; + + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/alsa + cp -r topology $out/share/alsa + + runHook postInstall + ''; + + meta = with stdenv.lib; { + homepage = "https://www.alsa-project.org/"; + description = "ALSA topology configuration files"; + + longDescription = '' + The Advanced Linux Sound Architecture (ALSA) provides audio and + MIDI functionality to the Linux-based operating system. + ''; + + license = licenses.bsd3; + maintainers = [ maintainers.roastiek ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix new file mode 100644 index 00000000000..685ba3e2c3e --- /dev/null +++ b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "alsa-ucm-conf-${version}"; + version = "1.2.2"; + + src = fetchurl { + url = "mirror://alsa/lib/${name}.tar.bz2"; + sha256 = "0364fgzdm2qrsqvgqri25gzscbma7yqlv31wz8b1z9c5phlxkgvy"; + }; + + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/alsa + cp -r ucm ucm2 $out/share/alsa + + runHook postInstall + ''; + + meta = with stdenv.lib; { + homepage = "https://www.alsa-project.org/"; + description = "ALSA Use Case Manager configuration"; + + longDescription = '' + The Advanced Linux Sound Architecture (ALSA) provides audio and + MIDI functionality to the Linux-based operating system. + ''; + + license = licenses.bsd3; + maintainers = [ maintainers.roastiek ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/os-specific/linux/android-udev-rules/default.nix b/pkgs/os-specific/linux/android-udev-rules/default.nix index 0c659b41fdb..1cfa6b5856f 100644 --- a/pkgs/os-specific/linux/android-udev-rules/default.nix +++ b/pkgs/os-specific/linux/android-udev-rules/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "android-udev-rules"; - version = "20191103"; + version = "20200410"; src = fetchFromGitHub { owner = "M0Rf30"; repo = "android-udev-rules"; rev = version; - sha256 = "0x2f2sv0x0ry7kccp47s0hlxps3hbpg37dj3xjjgpdm5hmn2cjq3"; + sha256 = "1ik9a0k9gkaw5a80m25pxx5yfiwq34ffb7iqhwicz4lwz5wsw8d3"; }; installPhase = '' diff --git a/pkgs/os-specific/linux/bbswitch/default.nix b/pkgs/os-specific/linux/bbswitch/default.nix index eea8d31f24d..67cbc6e5c5e 100644 --- a/pkgs/os-specific/linux/bbswitch/default.nix +++ b/pkgs/os-specific/linux/bbswitch/default.nix @@ -15,10 +15,16 @@ stdenv.mkDerivation { sha256 = "0xql1nv8dafnrcg54f3jsi3ny3cd2ca9iv73pxpgxd2gfczvvjkn"; }; - patches = [ (fetchpatch { - url = "https://github.com/Bumblebee-Project/bbswitch/pull/102.patch"; - sha256 = "1lbr6pyyby4k9rn2ry5qc38kc738d0442jhhq57vmdjb6hxjya7m"; - }) ]; + patches = [ + (fetchpatch { + url = "https://github.com/Bumblebee-Project/bbswitch/pull/102.patch"; + sha256 = "1lbr6pyyby4k9rn2ry5qc38kc738d0442jhhq57vmdjb6hxjya7m"; + }) + (fetchpatch { + url = "https://github.com/Bumblebee-Project/bbswitch/pull/196.patch"; + sha256 = "02ihy3piws7783qbm9q0mb9s18ipn5ckdy1iar74xn31qjrsn99n"; + }) + ]; nativeBuildInputs = kernel.moduleBuildDependencies; diff --git a/pkgs/os-specific/linux/bcc/default.nix b/pkgs/os-specific/linux/bcc/default.nix index 79e32a05f46..7f95ef47ee9 100644 --- a/pkgs/os-specific/linux/bcc/default.nix +++ b/pkgs/os-specific/linux/bcc/default.nix @@ -5,11 +5,11 @@ python.pkgs.buildPythonApplication rec { pname = "bcc"; - version = "0.13.0"; + version = "0.14.0"; src = fetchurl { url = "https://github.com/iovisor/bcc/releases/download/v${version}/bcc-src-with-submodule.tar.gz"; - sha256 = "15xpwf17x2j1c1wcb84cgfs35dp5w0rjd9mllmddmdjvn303wffx"; + sha256 = "1hw02bib06fjyw61as5pmhf0qxy0wv0nw8fff2i8a9d1zcd8xf3p"; }; format = "other"; diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index 78d88d941e8..401ab39bca3 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -11,9 +11,13 @@ , readline , systemd , udev -}: - -stdenv.mkDerivation rec { +}: let + pythonPath = with python3.pkgs; [ + dbus-python + pygobject3 + recursivePthLoader + ]; +in stdenv.mkDerivation rec { pname = "bluez"; version = "5.54"; @@ -22,12 +26,6 @@ stdenv.mkDerivation rec { sha256 = "1p2ncvjz6alr9n3l5wvq2arqgc7xjs6dqyar1l9jp0z8cfgapkb8"; }; - pythonPath = with python3.pkgs; [ - dbus-python - pygobject3 - recursivePthLoader - ]; - buildInputs = [ alsaLib dbus @@ -44,7 +42,7 @@ stdenv.mkDerivation rec { python3.pkgs.wrapPython ]; - outputs = [ "out" "dev" "test" ]; + outputs = [ "out" "dev" ] ++ lib.optional doCheck "test"; postPatch = '' substituteInPlace tools/hid2hci.rules \ @@ -79,7 +77,7 @@ stdenv.mkDerivation rec { doCheck = stdenv.hostPlatform.isx86_64; - postInstall = '' + postInstall = lib.optionalString doCheck '' mkdir -p $test/{bin,test} cp -a test $test pushd $test/test @@ -94,8 +92,8 @@ stdenv.mkDerivation rec { ln -s ../test/$a $test/bin/bluez-$a done popd - wrapPythonProgramsIn $test/test "$test/test $pythonPath" - + wrapPythonProgramsIn $test/test "$test/test ${toString pythonPath}" + '' + '' # for bluez4 compatibility for NixOS mkdir $out/sbin ln -s ../libexec/bluetooth/bluetoothd $out/sbin/bluetoothd diff --git a/pkgs/os-specific/linux/bpftrace/default.nix b/pkgs/os-specific/linux/bpftrace/default.nix index 2772ecec710..0c360e60b7e 100644 --- a/pkgs/os-specific/linux/bpftrace/default.nix +++ b/pkgs/os-specific/linux/bpftrace/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "bpftrace"; - version = "0.9.3"; + version = "0.9.4"; src = fetchFromGitHub { owner = "iovisor"; repo = "bpftrace"; rev = "refs/tags/v${version}"; - sha256 = "1qkfbmksdssmm1qxcvcwdql1pz8cqy233195n9i9q5dhk876f75v"; + sha256 = "00fvkq3razwacnpb82zkpv63dgyigbqx3gj6g0ka94nwa74i5i77"; }; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/broadcom-sta/default.nix b/pkgs/os-specific/linux/broadcom-sta/default.nix index f1b560e9f8b..ecaa3896044 100644 --- a/pkgs/os-specific/linux/broadcom-sta/default.nix +++ b/pkgs/os-specific/linux/broadcom-sta/default.nix @@ -35,6 +35,8 @@ stdenv.mkDerivation { ./linux-4.12.patch ./linux-4.15.patch ./linux-5.1.patch + # source: https://salsa.debian.org/Herrie82-guest/broadcom-sta/-/commit/247307926e5540ad574a17c062c8da76990d056f + ./linux-5.6.patch ./null-pointer-fix.patch ./gcc.patch ]; diff --git a/pkgs/os-specific/linux/broadcom-sta/linux-5.6.patch b/pkgs/os-specific/linux/broadcom-sta/linux-5.6.patch new file mode 100644 index 00000000000..df5af79f77c --- /dev/null +++ b/pkgs/os-specific/linux/broadcom-sta/linux-5.6.patch @@ -0,0 +1,87 @@ +From dd057e40a167f4febb1a7c77dd32b7d36056952c Mon Sep 17 00:00:00 2001 +From: Herman van Hazendonk <github.com@herrie.org> +Date: Tue, 31 Mar 2020 17:09:55 +0200 +Subject: [PATCH] Add fixes for 5.6 kernel + +Use ioremap instead of ioremap_nocache and proc_ops instead of file_operations on Linux kernel 5.6 and above. + +Signed-off-by: Herman van Hazendonk <github.com@herrie.org> +--- + src/shared/linux_osl.c | 6 +++++- + src/wl/sys/wl_linux.c | 21 ++++++++++++++++++++- + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/shared/linux_osl.c b/src/shared/linux_osl.c +index 6157d18..dcfc075 100644 +--- a/src/shared/linux_osl.c ++++ b/src/shared/linux_osl.c +@@ -942,7 +942,11 @@ osl_getcycles(void) + void * + osl_reg_map(uint32 pa, uint size) + { +- return (ioremap_nocache((unsigned long)pa, (unsigned long)size)); ++ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++ return (ioremap((unsigned long)pa, (unsigned long)size)); ++ #else ++ return (ioremap_nocache((unsigned long)pa, (unsigned long)size)); ++ #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ + } + + void +diff --git a/src/wl/sys/wl_linux.c b/src/wl/sys/wl_linux.c +index 0d05100..6d9dd0d 100644 +--- a/src/wl/sys/wl_linux.c ++++ b/src/wl/sys/wl_linux.c +@@ -582,10 +582,17 @@ wl_attach(uint16 vendor, uint16 device, ulong regs, + } + wl->bcm_bustype = bustype; + ++ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++ if ((wl->regsva = ioremap(dev->base_addr, PCI_BAR0_WINSZ)) == NULL) { ++ WL_ERROR(("wl%d: ioremap() failed\n", unit)); ++ goto fail; ++ } ++ #else + if ((wl->regsva = ioremap_nocache(dev->base_addr, PCI_BAR0_WINSZ)) == NULL) { + WL_ERROR(("wl%d: ioremap() failed\n", unit)); + goto fail; + } ++ #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ + + wl->bar1_addr = bar1_addr; + wl->bar1_size = bar1_size; +@@ -772,8 +779,13 @@ wl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + if ((val & 0x0000ff00) != 0) + pci_write_config_dword(pdev, 0x40, val & 0xffff00ff); + bar1_size = pci_resource_len(pdev, 2); ++ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++ bar1_addr = (uchar *)ioremap(pci_resource_start(pdev, 2), ++ bar1_size); ++ #else + bar1_addr = (uchar *)ioremap_nocache(pci_resource_start(pdev, 2), + bar1_size); ++ #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ + wl = wl_attach(pdev->vendor, pdev->device, pci_resource_start(pdev, 0), PCI_BUS, pdev, + pdev->irq, bar1_addr, bar1_size); + +@@ -3335,12 +3347,19 @@ wl_proc_write(struct file *filp, const char __user *buff, size_t length, loff_t + } + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 10, 0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++static const struct proc_ops wl_fops = { ++ .proc_read = wl_proc_read, ++ .proc_write = wl_proc_write, ++}; ++#else + static const struct file_operations wl_fops = { + .owner = THIS_MODULE, + .read = wl_proc_read, + .write = wl_proc_write, + }; +-#endif ++#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ ++#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(3, 10, 0) */ + + static int + wl_reg_proc_entry(wl_info_t *wl) diff --git a/pkgs/os-specific/linux/chromium-os/crosvm/default.nix b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix index 72cb217adb9..3813e3eb75a 100644 --- a/pkgs/os-specific/linux/chromium-os/crosvm/default.nix +++ b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix @@ -1,4 +1,4 @@ -{ stdenv, rustPlatform, fetchFromGitiles, upstreamInfo +{ stdenv, lib, rustPlatform, fetchFromGitiles, upstreamInfo , pkgconfig, minijail, dtc, libusb1, libcap, linux }: @@ -58,20 +58,22 @@ in export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy ''; - CROSVM_CARGO_TEST_KERNEL_BINARY = "${linux}/bzImage"; - postInstall = '' mkdir -p $out/share/policy/ cp seccomp/${arch}/* $out/share/policy/ ''; + CROSVM_CARGO_TEST_KERNEL_BINARY = + lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform) + "${linux}/${stdenv.hostPlatform.platform.kernelTarget}"; + passthru = { inherit adhdSrc; src = crosvmSrc; updateScript = ../update.py; }; - meta = with stdenv.lib; { + meta = with lib; { description = "A secure virtual machine monitor for KVM"; homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/"; maintainers = with maintainers; [ qyliss ]; diff --git a/pkgs/os-specific/linux/conntrack-tools/default.nix b/pkgs/os-specific/linux/conntrack-tools/default.nix index 8346fb1c73c..80785015e76 100644 --- a/pkgs/os-specific/linux/conntrack-tools/default.nix +++ b/pkgs/os-specific/linux/conntrack-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "conntrack-tools"; - version = "1.4.5"; + version = "1.4.6"; src = fetchurl { url = "https://www.netfilter.org/projects/conntrack-tools/files/${pname}-${version}.tar.bz2"; - sha256 = "0qm4m78hr6a4fbmnkw5nyjm1pzzhydzx0nz7f96iv1c4fsfdkiin"; + sha256 = "0psx41bclqrh4514yzq03rvs3cq3scfpd1v4kkyxnic2hk65j22r"; }; buildInputs = [ diff --git a/pkgs/os-specific/linux/criu/default.nix b/pkgs/os-specific/linux/criu/default.nix index 4f7dae930aa..462658396c8 100644 --- a/pkgs/os-specific/linux/criu/default.nix +++ b/pkgs/os-specific/linux/criu/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "criu"; - version = "3.13"; + version = "3.14"; src = fetchurl { url = "https://download.openvz.org/criu/${pname}-${version}.tar.bz2"; - sha256 = "1yn9ix9lqvqvjrs3a3g6g1wqfniyf9n7giy0mr3jvijmrcm7y0pa"; + sha256 = "1jrr3v99g18gc0hriz0avq6ccdvyya0j6wwz888sdsc4icc30gzn"; }; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/earlyoom/default.nix b/pkgs/os-specific/linux/earlyoom/default.nix index 2585c5b3c2f..2e0f5ef7833 100644 --- a/pkgs/os-specific/linux/earlyoom/default.nix +++ b/pkgs/os-specific/linux/earlyoom/default.nix @@ -1,26 +1,31 @@ -{ lib, stdenv, fetchFromGitHub }: +{ stdenv, fetchFromGitHub, pandoc, installShellFiles, withManpage ? false }: stdenv.mkDerivation rec { - name = "earlyoom-${VERSION}"; - # This environment variable is read by make to set the build version. - VERSION = "1.5"; + pname = "earlyoom"; + version = "1.6"; src = fetchFromGitHub { owner = "rfjakob"; repo = "earlyoom"; - rev = "v${VERSION}"; - sha256 = "1wcw2lfd9ajachbrjqywkzj9x6zv32gij2r6yap26x1wdd5x7i93"; + rev = "v${version}"; + sha256 = "0g2bjsvnqq5h4g1k3a0x6ixb334wpzbm2gafl78b6ic6j45smwcs"; }; + nativeBuildInputs = stdenv.lib.optionals withManpage [ pandoc installShellFiles ]; + + makeFlags = [ "VERSION=${version}" ]; + installPhase = '' install -D earlyoom $out/bin/earlyoom + '' + stdenv.lib.optionalString withManpage '' + installManPage earlyoom.1 ''; - meta = { + meta = with stdenv.lib; { description = "Early OOM Daemon for Linux"; - homepage = "https://github.com/rfjakob/earlyoom"; - license = lib.licenses.mit; - platforms = lib.platforms.linux; - maintainers = with lib.maintainers; [ ]; + homepage = "https://github.com/rfjakob/earlyoom"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; []; }; } diff --git a/pkgs/os-specific/linux/ell/default.nix b/pkgs/os-specific/linux/ell/default.nix index 69c1f8de2ea..cb971d452d6 100644 --- a/pkgs/os-specific/linux/ell/default.nix +++ b/pkgs/os-specific/linux/ell/default.nix @@ -7,14 +7,14 @@ stdenv.mkDerivation rec { pname = "ell"; - version = "0.30"; + version = "0.31"; outputs = [ "out" "dev" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/${pname}/${pname}.git"; rev = version; - sha256 = "0kiglgc02a6hqi1nhnl4d8lxax8b1fljp50pvqswrnbh7pgb5676"; + sha256 = "1qlpc906xd78fzxvvj2kxi3aikgnw0c0h3x620s131apax4qrnqa"; }; patches = [ diff --git a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch index a13251476de..a727e5f4a85 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch +++ b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch @@ -1,5 +1,5 @@ diff --git a/data/meson.build b/data/meson.build -index 0667bd78..92d6c7b9 100644 +index bb749fd4..b611875b 100644 --- a/data/meson.build +++ b/data/meson.build @@ -17,7 +17,7 @@ endif @@ -12,41 +12,38 @@ index 0667bd78..92d6c7b9 100644 endif diff --git a/data/pki/meson.build b/data/pki/meson.build -index eefcc914..dc801fa1 100644 +index 94bb0b6f..1ea6a9ac 100644 --- a/data/pki/meson.build +++ b/data/pki/meson.build -@@ -4,14 +4,14 @@ if get_option('gpg') - 'GPG-KEY-Linux-Foundation-Firmware', - 'GPG-KEY-Linux-Vendor-Firmware-Service', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') - ) - - install_data([ - 'GPG-KEY-Linux-Foundation-Metadata', - 'GPG-KEY-Linux-Vendor-Firmware-Service', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') - ) - endif +@@ -3,24 +3,23 @@ install_data([ + 'GPG-KEY-Linux-Foundation-Firmware', + 'GPG-KEY-Linux-Vendor-Firmware-Service', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') + ) -@@ -19,12 +19,12 @@ if get_option('pkcs7') - install_data([ - 'LVFS-CA.pem', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') - ) - install_data([ - 'LVFS-CA.pem', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') - ) - endif + install_data([ + 'GPG-KEY-Linux-Foundation-Metadata', + 'GPG-KEY-Linux-Vendor-Firmware-Service', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') + ) + install_data([ + 'LVFS-CA.pem', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') + ) + install_data([ + 'LVFS-CA.pem', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') + ) +- diff --git a/data/remotes.d/meson.build b/data/remotes.d/meson.build index 826a3c1d..b78db663 100644 --- a/data/remotes.d/meson.build @@ -76,10 +73,10 @@ index 826a3c1d..b78db663 100644 + install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), ) diff --git a/meson.build b/meson.build -index b1a523d2..aacb8e0a 100644 +index 87ea67e5..3a4374db 100644 --- a/meson.build +++ b/meson.build -@@ -169,6 +169,12 @@ endif +@@ -175,6 +175,12 @@ endif mandir = join_paths(prefix, get_option('mandir')) localedir = join_paths(prefix, get_option('localedir')) @@ -93,10 +90,10 @@ index b1a523d2..aacb8e0a 100644 gio = dependency('gio-2.0', version : '>= 2.45.8') giounix = dependency('gio-unix-2.0', version : '>= 2.45.8', required: false) diff --git a/meson_options.txt b/meson_options.txt -index be0adfef..73983333 100644 +index 3da9b6c4..6c80275b 100644 --- a/meson_options.txt +++ b/meson_options.txt -@@ -26,6 +26,7 @@ option('plugin_coreboot', type : 'boolean', value : true, description : 'enable +@@ -24,6 +24,7 @@ option('plugin_coreboot', type : 'boolean', value : true, description : 'enable option('systemd', type : 'boolean', value : true, description : 'enable systemd support') option('systemdunitdir', type: 'string', value: '', description: 'Directory for systemd units') option('elogind', type : 'boolean', value : false, description : 'enable elogind support') @@ -104,6 +101,19 @@ index be0adfef..73983333 100644 option('tests', type : 'boolean', value : true, description : 'enable tests') option('udevdir', type: 'string', value: '', description: 'Directory for udev rules') option('efi-cc', type : 'string', value : 'gcc', description : 'the compiler to use for EFI modules') +diff --git a/plugins/ata/meson.build b/plugins/ata/meson.build +index 8444bb8a..fa4a8ad1 100644 +--- a/plugins/ata/meson.build ++++ b/plugins/ata/meson.build +@@ -7,7 +7,7 @@ install_data([ + ) + + install_data(['ata.conf'], +- install_dir: join_paths(sysconfdir, 'fwupd') ++ install_dir: join_paths(sysconfdir_install, 'fwupd') + ) + + shared_module('fu_plugin_ata', diff --git a/plugins/dell-esrt/meson.build b/plugins/dell-esrt/meson.build index ed4eee70..76dbdb1d 100644 --- a/plugins/dell-esrt/meson.build @@ -142,10 +152,10 @@ index 06ab34ee..297a9182 100644 # we use functions from 2.52 in the tests if get_option('tests') and umockdev.found() and gio.version().version_compare('>= 2.52') diff --git a/plugins/uefi/meson.build b/plugins/uefi/meson.build -index 7252580d..7188d1c5 100644 +index 5838cecc..9ba3d5cd 100644 --- a/plugins/uefi/meson.build +++ b/plugins/uefi/meson.build -@@ -104,7 +104,7 @@ if get_option('man') +@@ -101,7 +101,7 @@ if get_option('man') endif install_data(['uefi.conf'], diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index 86a2bfbcc9e..2a0e52c658a 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -2,6 +2,7 @@ { stdenv , fetchurl +, fetchpatch , substituteAll , gtk-doc , pkgconfig @@ -16,7 +17,7 @@ , glib-networking , libsoup , help2man -, gpgme +, libjcat , libxslt , elfutils , libsmbios @@ -31,7 +32,6 @@ , docbook_xsl , ninja , gcab -, gnutls , python3 , wrapGAppsHook , json-glib @@ -87,11 +87,11 @@ in stdenv.mkDerivation rec { pname = "fwupd"; - version = "1.3.9"; + version = "1.4.1"; src = fetchurl { url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz"; - sha256 = "ZuRG+UN8ebXv5Z8fOYWT0eCtHykGXoB8Ysu3wAeqx0A="; + sha256 = "ga8MpbY9tTwr0jsmjEAMyFxDC+yD4LBTx5gXRXig31M="; }; # libfwupd goes to lib @@ -130,9 +130,8 @@ stdenv.mkDerivation rec { libyaml libgudev colord - gpgme + libjcat libuuid - gnutls glib-networking json-glib umockdev @@ -151,15 +150,15 @@ stdenv.mkDerivation rec { ./fix-paths.patch ./add-option-for-installation-sysconfdir.patch - # install plug-ins and libfwupdplugin to out, - # they are not really part of the library + # Install plug-ins and libfwupdplugin to out, + # they are not really part of the library. ./install-fwupdplugin-to-out.patch - # installed tests are installed to different output - # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle + # Installed tests are installed to different output + # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle. (substituteAll { src = ./installed-tests-path.patch; - # needs a different set of modules than po/make-images + # Needs a different set of modules than po/make-images. inherit installedTestsPython; }) ]; @@ -172,14 +171,6 @@ stdenv.mkDerivation rec { po/make-images \ po/make-images.sh \ po/test-deps - - # we cannot use placeholder in substituteAll - # https://github.com/NixOS/nix/issues/1846 - substituteInPlace data/installed-tests/meson.build --subst-var installedTests - - substituteInPlace data/meson.build --replace \ - "install_dir: systemd.get_pkgconfig_variable('systemdshutdowndir')" \ - "install_dir: '${placeholder "out"}/lib/systemd/system-shutdown'" ''; # /etc/os-release not available in sandbox @@ -203,7 +194,8 @@ stdenv.mkDerivation rec { "-Dgtkdoc=true" "-Dplugin_dummy=true" "-Dudevdir=lib/udev" - "-Dsystemdunitdir=lib/systemd/system" + "-Dsystemd_root_prefix=${placeholder "out"}" + "-Dinstalled_test_prefix=${placeholder "installedTests"}" "-Defi-libdir=${gnu-efi}/lib" "-Defi-ldsdir=${gnu-efi}/lib" "-Defi-includedir=${gnu-efi}/include/efi" @@ -225,23 +217,19 @@ stdenv.mkDerivation rec { "-Dplugin_flashrom=true" ]; - postInstall = '' - moveToOutput share/installed-tests "$installedTests" - wrapProgram $installedTests/share/installed-tests/fwupd/hardware.py \ - --prefix GI_TYPELIB_PATH : "$out/lib/girepository-1.0:${libsoup}/lib/girepository-1.0" - ''; - FONTCONFIG_FILE = fontsConf; # Fontconfig error: Cannot load default config file # error: “PolicyKit files are missing” # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428 PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions"; - # cannot install to systemd prefix - PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMPRESETDIR = "${placeholder "out"}/lib/systemd/system-preset"; - # TODO: wrapGAppsHook wraps efi capsule even though it is not elf dontWrapGApps = true; + + preCheck = '' + addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share" + ''; + # so we need to wrap the executables manually postFixup = '' find -L "$out/bin" "$out/libexec" -type f -executable -print0 \ @@ -256,6 +244,7 @@ stdenv.mkDerivation rec { # /etc/fwupd/uefi.conf is created by the services.hardware.fwupd NixOS module passthru = { filesInstalledToEtc = [ + "fwupd/ata.conf" # "fwupd/daemon.conf" # already created by the module "fwupd/redfish.conf" "fwupd/remotes.d/dell-esrt.conf" diff --git a/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch b/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch index 6c4b6b62a0c..432056cbe7f 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch +++ b/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch @@ -1,5 +1,5 @@ ---- a/data/installed-tests/hardware.py -+++ b/data/installed-tests/hardware.py +--- a/data/device-tests/hardware.py ++++ b/data/device-tests/hardware.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!@installedTestsPython@/bin/python3 @@ -8,18 +8,23 @@ # Copyright (C) 2017 Richard Hughes <richard@hughsie.com> --- a/data/installed-tests/meson.build +++ b/data/installed-tests/meson.build -@@ -1,6 +1,6 @@ - con2 = configuration_data() - con2.set('installedtestsdir', -- join_paths(datadir, 'installed-tests', 'fwupd')) -+ join_paths('@installedTests@', 'share', 'installed-tests', 'fwupd')) - con2.set('bindir', bindir) +@@ -1,4 +1,4 @@ +-installed_test_datadir = join_paths(datadir, 'installed-tests', 'fwupd') ++installed_test_datadir = join_paths(get_option('installed_test_prefix'), 'share', 'installed-tests', 'fwupd') - configure_file( -@@ -52,5 +52,5 @@ + con2 = configuration_data() + con2.set('installedtestsdir', installed_test_datadir) +@@ -52,5 +52,5 @@ configure_file( output : 'fwupd-tests.conf', configuration : con2, install: true, - install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths('@installedTests@', 'etc', 'fwupd', 'remotes.d'), ++ install_dir: join_paths(get_option('installed_test_prefix'), 'etc', 'fwupd', 'remotes.d'), ) +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -1,3 +1,4 @@ ++option('installed_test_prefix', type: 'string', value: '', description: 'Prefix for installed tests') + option('build', type : 'combo', choices : ['all', 'standalone', 'library'], value : 'all', description : 'build type') + option('agent', type : 'boolean', value : true, description : 'enable the fwupd agent') + option('consolekit', type : 'boolean', value : true, description : 'enable ConsoleKit support') diff --git a/pkgs/os-specific/linux/firmware/fwupdate/default.nix b/pkgs/os-specific/linux/firmware/fwupdate/default.nix index c14e04dc344..bcafa7f3376 100644 --- a/pkgs/os-specific/linux/firmware/fwupdate/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupdate/default.nix @@ -1,6 +1,13 @@ { efivar, fetchurl, gettext, gnu-efi, libsmbios, pkgconfig, popt, stdenv }: + let version = "12"; + + arch = + if stdenv.hostPlatform.isx86_32 + then "ia32" + else stdenv.hostPlatform.parsed.cpu.name; + in stdenv.mkDerivation { pname = "fwupdate"; inherit version; @@ -13,7 +20,11 @@ in stdenv.mkDerivation { ./do-not-create-sharedstatedir.patch ]; - NIX_CFLAGS_COMPILE = "-I${gnu-efi}/include/efi -Wno-error=address-of-packed-member"; + NIX_CFLAGS_COMPILE = builtins.toString [ + "-I${gnu-efi}/include/efi" + "-I${gnu-efi}/include/efi/${arch}" + "-Wno-error=address-of-packed-member" + ]; # TODO: Just apply the disable to the efi subdir hardeningDisable = [ "stackprotector" ]; @@ -41,12 +52,6 @@ in stdenv.mkDerivation { efivar ]; - # TODO: fix wrt cross-compilation - preConfigure = '' - arch=$(cc -dumpmachine | cut -f1 -d- | sed 's,i[3456789]86,ia32,' ) - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${gnu-efi}/include/efi/$arch" - ''; - postInstall = '' rm -rf $out/src rm -rf $out/lib/debug diff --git a/pkgs/os-specific/linux/firmware/sof-firmware/default.nix b/pkgs/os-specific/linux/firmware/sof-firmware/default.nix new file mode 100644 index 00000000000..73ab46b3c8a --- /dev/null +++ b/pkgs/os-specific/linux/firmware/sof-firmware/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl }: + +with stdenv.lib; +stdenv.mkDerivation rec { + pname = "sof-firmware"; + version = "1.4.2"; + + src = fetchurl { + url = "https://www.alsa-project.org/files/pub/misc/sof/${pname}-${version}.tar.bz2"; + sha256 = "1nkh020gjm45vxd6fvmz63hj16ilff2nl5avvsklajjs6xci1sf5"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = '' + rm lib/firmware/intel/{sof/LICENCE,sof-tplg/LICENCE} + mkdir $out + cp -r lib $out/lib + ''; + + meta = with stdenv.lib; { + description = "Sound Open Firmware"; + homepage = "https://www.sofproject.org/"; + license = with licenses; [ bsd3 isc ]; + maintainers = with maintainers; [ lblasc ]; + platforms = with platforms; linux; + }; +} diff --git a/pkgs/os-specific/linux/g15daemon/default.nix b/pkgs/os-specific/linux/g15daemon/default.nix index d00bf2f7433..c670fc86d13 100644 --- a/pkgs/os-specific/linux/g15daemon/default.nix +++ b/pkgs/os-specific/linux/g15daemon/default.nix @@ -5,7 +5,7 @@ , fetchpatch , patchelf , freetype -, libusb +, libusb-compat-0_1 }: let license = lib.licenses.gpl2; @@ -25,7 +25,7 @@ let sha256 = "1mkrf622n0cmz57lj8w9q82a9dcr1lmyyxbnrghrxzb6gvifnbqk"; }; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/gogoclient/default.nix b/pkgs/os-specific/linux/gogoclient/default.nix index a4584304f58..d107f18c8da 100644 --- a/pkgs/os-specific/linux/gogoclient/default.nix +++ b/pkgs/os-specific/linux/gogoclient/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { name = "${baseName}-${version}"; src = fetchurl { - #url = http://gogo6.com/downloads/gogoc-1_2-RELEASE.tar.gz; + #url = "http://gogo6.com/downloads/gogoc-1_2-RELEASE.tar.gz"; url = "https://src.fedoraproject.org/repo/pkgs/gogoc/gogoc-1_2-RELEASE.tar.gz/41177ed683cf511cc206c7782c37baa9/gogoc-1_2-RELEASE.tar.gz"; sha256 = "a0ef45c0bd1fc9964dc8ac059b7d78c12674bf67ef641740554e166fa99a2f49"; }; diff --git a/pkgs/os-specific/linux/guvcview/default.nix b/pkgs/os-specific/linux/guvcview/default.nix index e87768a9ff1..d780cade786 100644 --- a/pkgs/os-specific/linux/guvcview/default.nix +++ b/pkgs/os-specific/linux/guvcview/default.nix @@ -1,6 +1,28 @@ -{ config, stdenv, fetchurl, intltool, pkgconfig -, gtk3, portaudio, SDL2, ffmpeg, udev, libusb1, libv4l, alsaLib, gsl -, pulseaudioSupport ? config.pulseaudio or stdenv.isLinux, libpulseaudio ? null }: +{ config +, stdenv +, fetchurl +, intltool +, pkgconfig +, portaudio +, SDL2 +, ffmpeg +, udev +, libusb1 +, libv4l +, alsaLib +, gsl +, libpng +, sfml +, pulseaudioSupport ? config.pulseaudio or stdenv.isLinux +, libpulseaudio ? null +, useQt ? false +, qtbase ? null +, wrapQtAppsHook ? null +# can be turned off if used as a library +, useGtk ? true +, gtk3 ? null +, wrapGAppsHook ? null +}: assert pulseaudioSupport -> libpulseaudio != null; @@ -13,19 +35,38 @@ stdenv.mkDerivation rec { sha256 = "11byyfpkcik7wvf2qic77zjamfr2rhji97dpj1gy2fg1bvpiqf4m"; }; - buildInputs = - [ SDL2 - alsaLib - ffmpeg - gtk3 - intltool - libusb1 - libv4l - pkgconfig - portaudio - udev - gsl - ] ++ stdenv.lib.optional pulseaudioSupport libpulseaudio; + nativeBuildInputs = [ + intltool + pkgconfig + ] + ++ stdenv.lib.optionals (useGtk) [ wrapGAppsHook ] + ++ stdenv.lib.optionals (useQt) [ wrapQtAppsHook ] + ; + + buildInputs = [ + SDL2 + alsaLib + ffmpeg + libusb1 + libv4l + portaudio + udev + gsl + libpng + sfml + ] + ++ stdenv.lib.optionals (pulseaudioSupport) [ libpulseaudio ] + ++ stdenv.lib.optionals (useGtk) [ gtk3 ] + ++ stdenv.lib.optionals (useQt) [ + qtbase + ] + ; + configureFlags = [ + "--enable-sfml" + ] + ++ stdenv.lib.optionals (useGtk) [ "--enable-gtk3" ] + ++ stdenv.lib.optionals (useQt) [ "--enable-qt5" ] + ; meta = with stdenv.lib; { description = "A simple interface for devices supported by the linux UVC driver"; diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix index 869a394cefb..8152655d457 100644 --- a/pkgs/os-specific/linux/hostapd/default.nix +++ b/pkgs/os-specific/linux/hostapd/default.nix @@ -17,7 +17,13 @@ stdenv.mkDerivation rec { # Note: fetchurl seems to be unhappy with openwrt git # server's URLs containing semicolons. Using the github mirror instead. url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch"; - sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";}) + sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k"; + }) + (fetchurl { + name = "CVE-2019-16275.patch"; + url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch"; + sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz"; + }) ]; outputs = [ "out" "man" ]; diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 5fcf362bc8b..46312a637da 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -1,29 +1,27 @@ -{ fetchurl, stdenv, flex, bash, bison, db, iptables, pkgconfig, libelf, libmnl }: +{ stdenv, fetchurl +, buildPackages, bison, flex, pkg-config +, db, iptables, libelf, libmnl +}: stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.5.0"; + version = "5.6.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "0ywg70f98wgfai35jl47xzpjp45a6n7crja4vc8ql85cbi1l7ids"; + sha256 = "14j6n1bc09xhq8lxs40vfsx8bb8lx12a07ga4rsxl8vfrqjhwnqv"; }; preConfigure = '' - patchShebangs ./configure + # Don't try to create /var/lib/arpd: sed -e '/ARPDDIR/d' -i Makefile - # Don't build netem tools--they're not installed and require HOSTCC - substituteInPlace Makefile --replace " netem " " " ''; outputs = [ "out" "dev" ]; makeFlags = [ - "DESTDIR=" - "LIBDIR=$(out)/lib" + "PREFIX=$(out)" "SBINDIR=$(out)/sbin" - "MANDIR=$(out)/share/man" - "BASH_COMPDIR=$(out)/share/bash-completion/completions" "DOCDIR=$(TMPDIR)/share/doc/${pname}" # Don't install docs "HDRDIR=$(dev)/include/iproute2" ]; @@ -36,15 +34,12 @@ stdenv.mkDerivation rec { "CONFDIR=$(out)/etc/iproute2" ]; + depsBuildBuild = [ buildPackages.stdenv.cc ]; # netem requires $HOSTCC + nativeBuildInputs = [ bison flex pkg-config ]; buildInputs = [ db iptables libelf libmnl ]; - nativeBuildInputs = [ bison flex pkgconfig ]; enableParallelBuilding = true; - postInstall = '' - PATH=${bash}/bin:$PATH patchShebangs $out/sbin - ''; - meta = with stdenv.lib; { homepage = "https://wiki.linuxfoundation.org/networking/iproute2"; description = "A collection of utilities for controlling TCP/IP networking and traffic control in Linux"; diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix index 02bd83d9da6..be2a4ff3e56 100644 --- a/pkgs/os-specific/linux/iwd/default.nix +++ b/pkgs/os-specific/linux/iwd/default.nix @@ -13,12 +13,12 @@ stdenv.mkDerivation rec { pname = "iwd"; - version = "1.6"; + version = "1.7"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - sha256 = "0c38c7a234cwdd5y1brq4w56xszs8zlp57rr3nvgp8z8djcy1qvx"; + sha256 = "1qi25qav1rv8gm5lbrip8ayq5vwynmyv2q4ar7bbmnjh6cglvyh2"; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 2c8b8de65b3..636d174b155 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -122,6 +122,7 @@ let XDP_SOCKETS = whenAtLeast "4.19" yes; XDP_SOCKETS_DIAG = whenAtLeast "4.19" yes; WAN = yes; + TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 # Required by systemd per-cgroup firewalling CGROUP_BPF = option yes; CGROUP_NET_PRIO = yes; # Required by systemd @@ -177,6 +178,10 @@ let NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) (whenAtLeast "5.3" module) ]; + # needed for `dropwatch` + # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450 + NET_DROP_MONITOR = yes; + # needed for ss INET_DIAG = yes; INET_TCP_DIAG = module; @@ -244,10 +249,32 @@ let SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions # Support configuring jack functions via fw mechanism at boot SND_HDA_PATCH_LOADER = yes; + SND_HDA_CODEC_CA0132_DSP = whenOlder "5.8" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon SND_OSSEMUL = yes; SND_USB_CAIAQ_INPUT = yes; # Enable PSS mixer (Beethoven ADSP-16 and other compatible) PSS_MIXER = whenOlder "4.12" yes; + # Enable Sound Open Firmware support + } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" && + versionAtLeast version "5.5") { + SND_SOC_SOF_TOPLEVEL = yes; + SND_SOC_SOF_ACPI = module; + SND_SOC_SOF_PCI = module; + SND_SOC_SOF_APOLLOLAKE_SUPPORT = yes; + SND_SOC_SOF_CANNONLAKE_SUPPORT = yes; + SND_SOC_SOF_COFFEELAKE_SUPPORT = yes; + SND_SOC_SOF_COMETLAKE_H_SUPPORT = yes; + SND_SOC_SOF_COMETLAKE_LP_SUPPORT = yes; + SND_SOC_SOF_ELKHARTLAKE_SUPPORT = yes; + SND_SOC_SOF_GEMINILAKE_SUPPORT = yes; + SND_SOC_SOF_HDA_AUDIO_CODEC = yes; + SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = yes; + SND_SOC_SOF_HDA_LINK = yes; + SND_SOC_SOF_ICELAKE_SUPPORT = yes; + SND_SOC_SOF_INTEL_TOPLEVEL = yes; + SND_SOC_SOF_JASPERLAKE_SUPPORT = yes; + SND_SOC_SOF_MERRIFIELD_SUPPORT = yes; + SND_SOC_SOF_TIGERLAKE_SUPPORT = yes; }; usb-serial = { @@ -603,10 +630,15 @@ let misc = { HID_BATTERY_STRENGTH = yes; + # enabled by default in x86_64 but not arm64, so we do that here + HIDRAW = yes; + MODULE_COMPRESS = yes; MODULE_COMPRESS_XZ = yes; KERNEL_XZ = yes; + SYSVIPC = yes; # System-V IPC + UNIX = yes; # Unix domain sockets. MD = yes; # Device mapper (RAID, LVM, etc.) diff --git a/pkgs/os-specific/linux/kernel/gpio-utils.nix b/pkgs/os-specific/linux/kernel/gpio-utils.nix new file mode 100644 index 00000000000..447704eedc8 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/gpio-utils.nix @@ -0,0 +1,24 @@ +{ lib, stdenv, linux }: + +with lib; + +assert versionAtLeast linux.version "4.6"; + +stdenv.mkDerivation { + name = "gpio-utils-${linux.version}"; + + inherit (linux) src makeFlags; + + preConfigure = '' + cd tools/gpio + ''; + + separateDebugInfo = true; + installFlags = [ "install" "DESTDIR=$(out)" "bindir=/bin" ]; + + meta = { + description = "Linux tools to inspect the gpiochip interface"; + maintainers = with stdenv.lib.maintainers; [ kwohlfahrt ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc new file mode 100644 index 00000000000..101ccfbf0f2 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc @@ -0,0 +1,325 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBE64OEUBEADPS1v+zoCdKA6zyfUtVIaBoIwMhCibqurXi30tVoC9LgM6W1ve +HwPFukWq7DAS0mZUPE3mSV63JFLaTy0bY/6GO1D4wLdWZx4ppH7XKNCvKCbsi70k +UozFykNVf+83WEskuF1oYzXlF3aB5suz2IWJl7ey1EXgIpehwQaTJUA5JIWYFp9A +566LRNJefYMzUR33xc4dRKj6Etg0xdLVq7/vZoo8HpLCBGNWiP0AKqFWEwTg0xQL +7nsJA5tfJJdwAJvrzjpFsvb63PKG6waAtdHhON4q7E2Udak9fz2tRjxA5l9l2zXk +aqsysUzkxPhNjwMENoQ04KZg4aT+ZhhBzTowSWLp3KV2uaZ66kdPUO3s+/1bPp5/ +N/IlykaUwyL773iYOZ5dOY/9hIuX/zssihcrGEMW6yIyZR5uKhzYdaM9ExTXP637 +UccgNS9/pskPGPx/xK23NDCfeHzL9YHS5KokA2wb/b9hqpwvLaeblbMl2pt79F1R +ac+rZlrRyX3NvlTQP4hqM9Ei2YBAU7QFDJEjH8pVIceL7grxi1Ju1iD5QiSK+je5 +Jj5EAikfwSeAttSzsqNvaXJHfABrv5mkkVt1z3icP3HIHTYnG+uj+t8kvW+o9/1i +pD6e6LUh4w5v1aY9kaK/M3+eBH59yNYI99crPUKUBVfW4gv4DBUJAQTWRQARAQAB +tDVMZXZlbnRlIFBvbHlhayAoYW50aHJheHgpIDxsZXZlbnRlQGxldmVudGVwb2x5 +YWsubmV0PokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEF +AlSXU9QFCQfATw8ACgkQ/BtUfI2BcsjPbxAAs+UR/bJz/HeYTpPy+HnKwDJgI9GP +AZlNvp+QSIhOTtKCYkQ/Iu+5scY5J0Qyv0pcJW5Rxjx+l7KGovw84jzVznnYsJoy +UQ5H3Ev9T2xW1nrZT3abJ7j6ZIck+Q+WFHu5Plsq6doSXOXmJNoehvT3BVolvc6w +S1+CAoyA5Wm1yfocZgVOvWPWQaa1T4XA7OwxFWrvNWEZwAzTSjkGHkwmji+DxdBd +RPam9+qm/rcN1IJTu6xJPr38a9LydWonsUpTR2Qn7Bo4EJp8yHJLaiLEMV/Nmgrr +1orBYw/OzDzhbdMl+2zzwEBLUMPABdgnPM6ZCZ5PWyWnCU4jsBGyVd0IC5xEu3Eg +a0EtIdvx2lXiLfh2dulpMn52uJY5iNwaTleO+z9CENQVhh5R4FuN9H0BLiyAxf1+ +MkD3jLT+DGl02hQghtxz18iTkRk7KOw/NFn4z0is+TRl4/ocNt1LiWQXt8dr7qdx +zvUpDnxCSYZkeutzopo1TA4lKpnsS2mHabx6CbrUmF+wOIr8gHUfpBFeEQ8BHebU +5X0JrFF5mjeNl4uK9l9lD9ng74rsSpKPr15DU41jIuQDHJYd6H3TXQ4K1z7Ciivy +r4vgsruAFX/GduKseOx1obWW3GfIQzLAIuVdjldgREl61GWoLiGFqlcveiAIkN5p +Bxc20hSrHgZP9ZyIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GTK7AKC8Sd1ndNvc +1ispBaECbHT/JPfGrQCgvkfGBsFn/KBrgC5hTm0mSxdy942JAkEEEwECACsCGwMF +CQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOuD2qAhkBAAoJEPwbVHyN +gXLIXL4QAJtbs62EpOIFld0N+tTEFn1qQPPaExAXmH/RF5Epf+0rSS6B0OXEZBXz +cWtMPbHxoLjN1iY8o0QC1ex7/KDfYq8Ho18M9P+Lf6XfW0sJ9d021U5MJWGPs4zA +lNFXJqeMgfJZAno2N6dO/azcYHq1wmSgUbTb9Oyi1PHfn3g0UAW59dfkB8d2jEvY +Yed1X0mBPPXcbgnYNZ514JQtm9wuDdVWrh/Si9EhKg6+MPcbv18G4lpPGR+yNq9y +3Jze4vmmWen0ceDJEp06IAeTfJzzD80Oui2WXtLfaQxgf9uuZtGjrMX5l+mq7rBS +VH/dsHP1VYI0efKIs7qbmiLcMRVWYIGix9I1C3UYr3ImYiCGlBG/uQ929xbjWAHa +hy4W6rzruUWjyi/Kz7QRnyBgtHfhDO7hYziTr5hoGhd4VeUpcbxL+MegXFZsWJlE +kz8TOOsZ/4XxXHVoalg8fYOcA7j/aoszsPMQUOL/5jsVRhyP3evtVxb3m1EwvYDK +Lii4IkVxGztlBOIgeT4kwXgoJEASSZHgcd6tDv9q7o33n2I1DGL8X3axcHES2/C7 +cP+li3KL3Hc9vjgaJ9HfcQLuMcHqfoHn+YzVfbG5XeFcxhgQpwpYsZv3MTbXAQwI +fRHXRuIfOiFwqUXahi5N1WSIXNBGSyI7pu9ht5I7gIIOINE+VS7FiQJBBBMBAgAr +AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCUNol8QUJA/yTqwAKCRD8 +G1R8jYFyyIqUD/9yWw7WBQiWyIMpVuX9c2Ov1fAkDya43fDm0gqIgNsdaxCt5ATh +XaXZ/p2jglWwon5jDLDNsVR0/Q/t8ugdcP3bcwRtW2YYQ2F1PaNjfr5WsuPEadyc +J62DIobY4IzqBpDuqGLYdbzZeKr49VwbRRvIJpphrk3+CekFvdIs1ofEpA2Kn2oA +DXfYuaWoVBF7fTwAZmc3hYPOI1jK7nrFZbCnAT4WZPzZ4IY9lsaNTF/4mQ8vV1xF +De6HjfslHURlZWsWtQIKhIPBKoZC1nP5VRK3IHYgKw8toq780kalLH8ofv9BkSrs +t98JOoJX4etdmE8Ta/+Wg5C9EzR+909tQfdWdkaRbhvbtl/x7X76HU4ItefLR5pW +d0OSo488QZMQjCUWlzgPMsmnYMQm6ckNOp0B/RtMfbJV7t5H+JE3PLfFG55jcz3w +uNGhfZyl/ZhV9fvGLU/sPyhIW7ewuIwd+7i12fH9r4NAGB/mkSKK+tHGcTZvXxux +5QMKE+a9u6NMJRrbsIiTFwhrCLMgzLYL0mtX8FZXNFFZzGFYkiXymBR0ze4LKzRo +dMFpyP/w/IIjYBhVpgboT2EMMIgJHSsMJDCdDjI+9cAykVF6ccSiUQ11devHL6Pv +WwlT2Ub4TP4yCScHDPyfWq+tfdQlWFVRZMRJ7kmq0VagqomdRHgLPyPgDYkCHAQQ +AQIABgUCUtgrXgAKCRBH1QFsQv98LACcEACFq3Oz8nHAa6KsyspIWo0+HjzCtTv0 +G6TB+svf3fl24C93IfFhpSyxNf8XVa9h9kCU5ZImYN+LaoUGiz3lcYxjdOeFYDc4 +GU5TFrJwY9eOYYCsr+z+NLn7wlLZEO772lGUDPJMWxSGqR9yOGhQCTIADLLcp6mt +07zdejESYxMT6IjYR+rX6miWG5Hr9/lBdh/X4XhGpHEY64IL8vVB3C+FQfG3hiMB +bHbvJ4/S/cjfNM1T9oKiA0H6jklRHIdstj+2eeWA7lS+GE3Mpkra+8KmkEjV4O03 +izcRpMm1yTGoTjp9UddTNYErb/sha5YigYAqK8bj3gh6tTFNJHbN4RWgtPDyc5Va +1u+sH2ob6JS5tez8/Z6pMarGpTQujIGAlntP4igi0Q4hxyLof6Vtc6XF80uSwTvN +RRmQrcq+kLPwX0NbyZCBCI+kjBPu2b932JDTfVBKwJCLF3e1zvQqN0C7EZnIzveX +r7VtJ4WHIfSyi/HQP7xm5L0uQj+KRr+/LMaxkCDgrlqoWTgAoxCAPYH1XCvBoJRc +DHjNikyEAS8WUGl9ZHQyAoFngi/jqH6WoDAmfBUKRoBMR2hXLOKUBmObw0DHgauM +kk4kD6CW4UEy0SM/i9JD7sk9KiKoHMip1jguKRJkHJ1WSkNl7nZpeo+KG0WbGHXN +b7hnrQsNyqJkUokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AC +GQEFAlLV0QIFCQXdHmsACgkQ/BtUfI2Bcsj8DA//b8wZrFY/Fj/iR5ZaO0AjmMV1 +hM7lAFWLfDiLyYofuiGLUg9rqFWj+Ks2kedVN7+22Bjgi5fvpXv3Uy4trZKKw8Xs +FJ/s8HQ6jzIv6pFdIYPLFQBqS2tEgfsanPZWIqJI9fbhOrRGN7WV5tXiksCaRO+u +rLjIhAYmsDb//BD2xqsY54ouRdrz5nRG3qG2odq2Lw8XquW6srouGaSm+BI3sow6 +l2eAW8UjbxwICQg2ZPZYCBc9ArbgLS1ha+yPhp65nGpVbqDA8rUKC11op1ArAbY3 +Yt6xzLg+RCuCHBa1gNPpDoYV9V8Zve03mEIcsK10X0RhJQ+z4INvrjtelPRCOLpN +179JmsyxwOzwAPg773SK1Z31jSirsiEke/q8j13PGNDBCb4ZKpm/KOht+4d0jJLK +GLqD85cv3/uAeSh2zWkoKcVW6uVZpiz3KA3i4YMWnteOlrlZH28nIrDXevPzkOxo +pZlhuLboCD6g6yuZI4Wm9fEiga8xmRDw4RrOIuDXWjNW6IVaeFGvnYaNf0wnmBD+ +FE1SMWwcmqgB1yIylmKqH0lYce8SVAMLkkOlaijhWrfCO5iS7zjWaVz98HCqFfwR +gHuJTxOwwlf9Qb6cyC3bGsfILBUuE0L5vUAZUAc61H+6Sv88CDDUO1EOKaqAAYhR +plvoyYZ3xiSMgzYKGZ+0OkxldmVudGUgUG9seWFrIChKYWJiZXIvWE1QUCBvbmx5 +KSA8YW50aHJheHhAamFiYmVyLmNjYy5kZT6JAj4EEwECACgCGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheABQJUl1PaBQkHwE8PAAoJEPwbVHyNgXLIQokQAKxJB9/F +TfBae6eqcT+izxGSnsvbc2bcrtsmKkhu9HwpsJ4IDutphXFB0wFalI40BL0o1k54 +Wlfv5GHbq7Ju3kW2dmTMP0WpfFytV7rr2yqSmik+skJw27BDk74rP0v4TNOHaTrP +nokfTnlaKuv1bqlwbIwV7rJ5jbAtw5hueeN4jghGU8SGlCOEZ/xGxYYsvtyPhZhn +kmsAzcPr/BpW4NkSb2SnRIO8KzcPnzxz7JDdeIusq/YW7P5OlhDx4ejdh0Wg6ISl +zxB5VoqFqNuKTBQNz4HHpqDVQqEDE4JngMerDr+4qAiDYI4w6kN3Ce2LqciRyMVh +YYnTqyyjXYY3C1WwXIa1tZb2Cw2DorshNFdACr7wKQMOoJtAFpdd3d/DRKQWCc3x +jkBERqZ+55unTY0/0uyNPoK0noAcGydiU8WGh6wyi+Do+Zxq4QJEcqL/FHrhlaiw +LTmgDS+XDl7zRtQia7ykpi/xqe74ujOHcJO8tpY0ZCdR2A13xiOi+11wndbOkBFv +dQ0vgih9ROzwe3hBbBQQOdF4hkA9vEd2Ks4gF8IR+5ixWAIyZAVbnDiLelWgQgnE +aeEwTtfcXRNAxuj+MgMPQhXQ2/cK0dPD4z51DchVRIf9G3hAuBT/CEhTqNkkm5F0 +og7azwd75+vh5RxwVld3ES6CMXKaiV4csQkdiEYEEBECAAYFAk64PygACgkQvnQP +QT8iuxlligCeNgfNE4w1AQuOC4ef3HNNY0GXgVMAnjmtCVIUJv/w6PDimvf20rgF +GVHxiQI+BBMBAgAoBQJOuD0KAhsDBQkCHIcABgsJCAcDAgYVCAIJCgsEFgIDAQIe +AQIXgAAKCRD8G1R8jYFyyPv3D/wJ+sYXqSxoo8OriGMUzG5LXs2Hf1YULdlysGa8 +mxWTwCIEMSSx8AoOKf/FyXglDVl9msfOgv6jRiN+UyNCQEv+6a5ZCL7BlAVU0Q4W +w2/UUlOUlLMC1QAodGcC3kiPSy41jnDVswKYRrICuiW1Pqgad3h7u7caqvqG1D/A +YOR2Q8JjY15j6Qf62Xx+YANx2tPWKeDyPUAN/x1W6RrEDbN5F+1qOpPFuTnpPmqH +q4zxm4Dz4szypmAKsN+5/q8T6DJtSnP7COtsY467oX2XtNTTuCIsU79lBVo/yan9 +ofB6hu12KyXwJIl1OK34g9VEP5suU3hcEw7uVAvxyMYJQlxORUCG0DAFc/oPm3d0 +ypRdbxXJMjoS3pmCf7kwnEA9PIAjZDYuVHGZkAdmYYInTIH6ipjkVxDHEF1en0h2 +zHJEZC7NIYgPyzHXmH7Xy3VZVhhKKKM12VDOuIOOecQPuFIw3hG7dymjn5e9dMzv ++DMkbEZzoFahLYkbVGG1FGzhE6Uvb/IG0UJCC4nDz0pzZpV++QHvgEvbY/HLbHJ4 +o3CT5aVE0YIhTP+zqXNFMOao8yZy+AzdMzdX+Y3ADZfY0oiZ+JH1Zo++rdrgXUhg +Y98QgMwVwESbwaBKjsC0JnlmWyNivhIOS6NRyqR75E7j7JSvgJdxhvpQXXkQ/BzL +FM1Ej4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlDaJfoF +CQP8k6sACgkQ/BtUfI2BcsiEahAArZfD1yJK385eqgCZ5LryVLRXrocuF1zlHl/6 +ugRy2TEe43ex4eTOY+mv4ZJVSxbDzUqMbBv0m3IETbM0CSESjGD+i5I7K3IToZO9 +ZgIXDbpoy9x2KWjU+R5oaxCTmZ9jk1p+f4zHxc8lJdgOXPwcIIT5Euwk4LAFN+wn +CUHkO/D0xzP2ivTrM+VHNWqSUcNInAGRx+R0NvdSryIAsdA/5E3ql786WQhPy6L6 +1d7cmxaLsfAKIOf8ydNyoiqmJkT62omLLnqyERfLZRa9RKt5EgnxX6kR2BA+h/Gn +KVV18bCIJjF3Gjnh3qjJehKRaw9nmzrB9KtGQAHdIp8ivNvjMitc1ijRIECfidWd +lGxgmuI/gX58eaV3scjbs5YUFmGhcZIgjCxWWxFSwmzJTUVT5XqBpXFQB4dokj9m +NNMpM3YH8T9QaaS/m9j7cmCJ4gxp7i1bJsqsVG5BjRLiZv701eVKVmU6vqhubR0R +eSZghqho9e44ZMbn4rJ5kTQhGc7ZGNsIyChMSaYVreB8IBLDC7rg8dB/umg1OYOp +8EqRLJyXdtpa4DN3X0e4WcWb0Toj4QuyCh/es1CtBldhdqHr0aLZYCX4i/KuGTXI +kA8LTOJmZsE+K+/NCux1VHK9DADKcNjhSV0QTf+8ntGlNW6i2Mlt34thZK5eeB6W +Bbo1zl6JAhwEEAECAAYFAlLYK14ACgkQR9UBbEL/fCyyQBAA0931q8dBD/6COmat +8S+JSgcuIpylukFxU2vySBWSGRHFmFzwbokUE4bbNyutwNO2cNBa9zcxRPrkIg+7 +d65QjdZNDV2zWTjv5GwzEMjWxhP7VpTwTouYgx9j2d2KpFo2jfhTtZ7OU7DDF9YT +FsaRiZHHZT+W/JHuB9Lxc55HkSagu00yTaZURc0olBui5c/hqBte1b3OWTjCmysG +mwDL2FwdmFi9mbEm77sdD8PSVfkZaBv5rIaet+Xe/JMZoz0WUkZRCFXMr6B7aOdS +WeB7kUsPh2J5dhf4x4YaxKLOHod9JQF/DGJsdexKqMTqM/xOMSQ1FTUMCQ5SBWJc +3PywqMB/0eqlteHydlk7bb9HLCT3M6vVxTkpj834wGRsoVXPqWKzAHPpO2kjxXtc +4DBh7T88YGE2k5rxdJHb3MjWVJQzHGhrO5Ji8CQaHjUJ4BTyim++RDisDi4C/QJ4 +qPOrafw/+KyJoWyfmAUpxplPvY/LKJlvKaKxmpwlildYjH7HjoYvCjagbSCUOnzo +uM//YIJ8/o8QdxEDdYiTd7cwskYWphrAlV8+vCl/Y0lepRf+hsUS+uZi/NX4qYMx +CTsewnnqJQduuehQl9/RnoBX9T04kS64cWNaPZ4dxZUYJm3us5QFcQJMysZ4tT1Y +A0oEUX1KUTDzTQXT/kFi8MtmXauJAj4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheABQJS1dELBQkF3R5rAAoJEPwbVHyNgXLIV98P/jcu/DiP/muH2Qsy +FtjscyLu1NzBbSFB9q1jMVfx3VbaIT22Ly6BIQNHF7L2fpjf36EWpdJzpfR+Glp5 +1+KqZgIMAW5CGguSy8v7iHs6Rh5hzChiF48wCqxUmMdQ0ITTrnAXIYq6H6s8ytKF +Y31znXmne1XYBg8e4yb3pcBhkzIPeVU7rMz9PjPB0+Q2jWCpqPA4eUSV8rL2TxFR +KbEt8XlkZ6yuCLnkN84aLZFxfZA1tIGifi0PpeaO2z/IwOmftbQRiljMdnsPye49 +j4wlJS7yRIpnH3nH9Zku/MrDV/M0z7BVwKfF2F95/2QX4Tdyd/UESTdLqGtXpX4c +axahZKrOhNr+k60qSBxoBqKauZkSbZunRnbYmVa3nA2kQuIPF9/QmoZgDUfdkKZJ +u1RjwcRUGKd1XV19QjUvBMD3oHA4G6Jbi5vWKQZ40KVcL78YIL7C8dUOiPIasA45 +olaGpCSsGsfrMp5ngegxM+uh9Tc2kTFC9bTqp17VYI96cAqGrEBUQrmLmZLk0HUm +a6MNZO/+vKN4UTlgjpjxZon+/yK8bsmT/VNie5hzqZim6tfztl3rpJ9jPUeLgr5x +oGePYV02inapzNHdWFHk0L9zR/3KKfJ3IRJwUXp00Eya28hEepIvdxgLYcN1UqVn +VuFuMY8zYSl/VXtPxySCLENJHxvdtClMZXZlbnRlIFBvbHlhayA8bGV2ZW50ZUBs +ZXZlbnRlcG9seWFrLmRlPokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC +HgECF4AFAlSXU9oFCQfATw8ACgkQ/BtUfI2BcsiPxw//X2xUctIrd1O7UOk7LHBX +/xI7xXoWQcA7l/1XMuZhM8yC8yIoAgvFrWBP1a29I0P3/yigkQXs+eTDTdvb0QP2 +q72q7Azt852v5u8+dHzoOXDpbo+4lfX+0OBDWimwJuChD8LQH7b7jO0oqWIV0AzM +vegFJVp3cDbyqw08lBz3xZ79A9JtBeewf6PLpXKjEVS8bEAZjZKjsjAY+5ShtJAf +PsD8r353dmkaHgC5Aji74ijZeY3PUCvGVVCGeN9isLnRpTEn7qUvN2DfHJU4w6aw +sXu7m7zidISo6dQLUzo54dHKWPGFy6INNkzXPOgrlbYnjt7v0Ou21/R6HrhdmsSw +lt7GALJcgAUxrcT/ljB3SZhSB0BdH0DXPcUziEdfhgMhhrXYpMjwH2XFBD1MLusW +GaVDbpPrSoEnmPVePcDUonDHePcuLjfOl13mOER1Kf6WFapOCa+4HCLakfKcPnGY +eyfD7Dbz3/046MmfQ8/Iyf8ipFXN6tI2WkRKj8uq9IFYrX3yoCBxZJN837DM3Grq +h48/T3pYU1f9LiekxbsgXmcHoGNdXX5+EsuO+QILZPttlG5QLuqFdJHei77uvW+B +4u8mgzi1Zhh0hRLm4K6UaJ/fBJ87BZSHShPKI9PI073U1O/CcYXnb8cdPLu3UgSQ +FM/bxT70TSYKI01Dt4KXRfWIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GT9FAJ47 +X5+0dQaOFkfy3WnMgX3AmIXJYQCfR4XL47rZ9a66jWaD0IbcXMK4oE2JAj4EEwEC +ACgFAk64PJ4CGwMFCQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwb +VHyNgXLI2U8QAJGKPv1gWLn7P1KeHVsKkfRf+zgdsoY4mF3bUjX/03z1h1OKp+S7 +gZD/ZI80ckw/ElgFt9sr8J+pOgHk+aGHW+V0cZNgDHXCINb17s+Ra7SA/SWeJOrr +d4IpvTnjGc88C/j+bzRFagfnGXU601PeJdXIe6H75xVGIb0DgQBfPB9m+7p3sq/R +6UigzLwwhIQRW/l77hq79v5Rm77e0GTfcYHSuKu2Itim8p5OYCNchr4ZpBzrv5cF +/nH+HyD0AnM1q4a3mT9y4abNgtxJMGJBoIUEDT5vaTRpPowVHIGg9QroHkrYkMWA +ffIBzoq38WLnPjvjNtTncyP7sjbP8KS7NfjxZ6RAcNO6m6BTDYG/lM9jwCcOma90 +RZDVYD8hy+z1hXWFfB7zB+5TYuuKV5SXZpS9/JUR1BuI44WkY0hLHUa7inpqLlqc +b9O7KYikgyaeUKAN5LkF8A7rMVzuhrSItNzJVOs7WLnNAe9+Frzqx/jZ9aU04avS +r5OlWLdL7k9JNDnsLFqNtG/XQ7Hc8CPl0HvY3YXYGD3xwW6Ua6+ykxZGmQGPB68W +6a7G5EX+MEWKZgMQYsl1HgU49/sOD6QnCG3m2IB7bRAf5Kd527BnSgAaYHjVug8G ++X9opDwUW1b73Ut5tWfZJqQ4XBjl0Hc7Zi7OtlqdBeKGu/65QU+N9x33iQI+BBMB +AgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8 +G1R8jYFyyPv+D/9lA9yMXPBROLaCRab8Ca2QJBEtpT6lGVlkQ5Am2C8xdoLGiuJF +E7Cn/lS1j4RSVDK6DELeaBMXaY2g1eun8g2ERJIUGC98zrPjZXs/ZtCZtX8vYr1X +Bf9U8Ty6N3rKgt1XHc1oMgzkKLUc72RC+P/fkDsiAg62nVcmOFFykyTXnpM/5Ux/ +9kaahjf4LwGeRqkDIoLrXdZ7FHPjei8VlKSiHTkl4F+UCzEySxiInV+BWAhL5Lvb +zHxHaNDCquOb2zbgafVKON3oa8nCZoUw3iwpjrEy/JT+1BG6vxyT/LX7wPG3SKEw +8QTl8YBF8wvHS0JHW4KTc4grCMNWDwfkrlXnp6ZzTpy4JXZfYs/ltR4FH3atDG2C +xRCSAWXkGyTPMZkougdDbJ3jjViYcWO6B//LE1qDjeC05O9G3MXVxu16M5U8nVA2 +B3bo5cVv7+ECBTKaAvG3ZV6eOaeJ63gHRY8qI7y5OgzuNfxUXMTIAjHfO2mvSy5M +qFgDI10F8rYevGOKxvPVE1F8aiD1uRAOMCcLTy3oUKHIdaskSytL1D/bT9WqWzii +OXhLhSjMzkdPSUWVABeC6KM+Jcll0A0sHTkKWS3mavx3dUacB+O4efuTKNhSvo7n +XhUvSOOikRityipE5Ma5WlXBiu54DdIMGFzANHFdb5GmC7da9F1aALkshokCHAQQ +AQIABgUCUtgrXgAKCRBH1QFsQv98LMmaD/9W2qJyFlZAsjOWgNQPwUU4vV9/Ursj +kt4RI/oS0Gzovw2bmL0a+Q/dp6wM4PBMuYQXCepF8V+o4uKzL2OjVZDVtU/KqGCY +rEigiAhG0gHxgF1ukc9JQzhShFeq7/wkY+FQ4MOhuhuUsSMlvFzAd1hY+xlvckol +DEeS54loDspUh4EwxsWlopaA1rs5dzVXrYcinz9iDzLj6ujb6uJzCQVogk9w3dv8 +smKn81TVhtR4RFecqL9mURZcGnj7NV3n2Lrl2Pe0u/DiTtpavCkzVx7v9qiB/2Di +dqWR7OtYcywUr6lZeZsNabNwntPxSP7V6EcNXF3Qpi2IkAcwdJKb+aIG1v7/Wx77 +GhpBhbtdgKEebttzO4EVVeE8a2kmgqc8VXeAeqI89egU53dUdAinejFVDyemxHnJ +L4L6uVnSxbk/vRzu+fr6EaPyBsqORGXj2OuwxlWcnWs/N9XzNaiq6funedUSYtbP +trdpt7ogvzrQew7wetcwfxSB3IWcVwA9QvGDIBHTWPrb87jKV153w9I+cSfz9jg8 +qTIOw4qad7VOC4L1oaoRsLq6VFgnoW5DLsuhaVd6fgdY/byL6H5q2FPYJ+F8ovhR +2yPlQm8UYIFwmnwzpnuGBaPtU0bP7C+SNMK+G/9+b5q4psh1MnK8sg1RfSr1w7sw +b+Tur045QrUDu4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AF +AlLV0QsFCQXdHmsACgkQ/BtUfI2BcsitRA/7BbFuuAXPJMA4XtPhlYbfhNkYQ7+v +vx9HIZ1SgJfhpYwt/vbNTVclO79XD65v5JSWx+0gVJfHNolP5umB0++giIw9NCIx +uVa5eh3kS5NFfJ0YHrYgpFDdZPHRA9wI+oZgJBC/Cm40kafgTUoPFqXb0Sdlcz3R +hciLZBgYXV/uYubczfmAaJpmrVI1UuUWYrdPnmUkgitp9e6IePYiKVDeIGhBW8Bc +7Nbs2hc9yH1zwv3Affs8m+4tQQiwQHsB29WEZcmBuFllTbA5g5bvTvhfCRmYVgWC +Ti4SW+uA0B05a/aVP8fDXk82qCQ4cRB1BOwVNn+1/Aqcw+Zh8KKzH8gpPcsKGGP6 +uNg9uinuxYDneEY8cG7FSpm3XsXu4q4N6j5R63U6hz39pY/5Ib8mzYMEoLEZOLPu +CkVH9OOQc8zuiRL/wGc0pbMiGPEp13rAI0WbIFahrWS60bwtM1YEM5Ep8vD3TLl1 +pTWlF/zWpM/uJ6n/4nDXGQsGzKQn5D5Nsu7+55C0du0d1VRvYd8oG3AaNqhtM46V +C4eOqxH8XZtkJ3WMxhsHnV9acuDTpn5E5JKL7vEq0btN2UQ69lpKv7PmV/TgOJhf +KKvHZ0dh6KYY7iKW7NUCouLGibBoxDa+K4reh0i0M5UcsNiPkCqDIHUAIxW6FrvQ +xBr7NgCls+B9Kwu0JExldmVudGUgUG9seWFrIDxaM3IwLjB4MDBAZ21haWwuY29t +PokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlSXU9oFCQfA +Tw8ACgkQ/BtUfI2Bcsg4cw/5Af5/cxr5s8qiPvcGDglJyzFj8VBk0d7hpgdxcOi3 +VCOJY4YRoliu8WKThwxt7sD03fSZurFDDx+X27y3zPtgH/qBohmcr51jbSNom4mH +Gf8gpViFqbQlFh7tYz4kSQExgmpFx/FIaxmwFoEqiVrp6VpM2DZ6kg//4M+Ka2Mt +nuzV3C631A0eoMCJhPWPTgkGGknURvzhw6m2aGFWC/HE1yzf7Ej7fQeaqIxIG4Wy +Fk3lMV9rxMxGuUZTqIhvcU85JSriHowfX1VsAI2LXJYQ9c0jI737FcLwHv8VCa5s +NKDkLkb5S83/4Ep8e9M+a7u4WvkAqzmPfSna7bLxdsTS5gKGqEtMvMP2YGWWQxSR +GRSttiMmIC8Cnd45S8cASA2mR/ebNcrYOpa48cjYpBKDG2BIYU7oSLNulsM1qbxL +WJ0QM/g7iKHcrXhyIBaI22GS9hvmYcS960cox9oPCvNZcOKA6FBklnUg/ReJ3JTj +6D6v9SUxOOfXPQIon8EzB7BNKGedHxCFgniZnl10k+pP34YGyphMZTYGdhtAm6zq +T7PlraHQaFgQ3ba78lJcn3cWVZYpbCNJiH+Nna/Akm3/qQKTst3eW1lqopffCs1m +F6G6wjiHCw2bio5uX1c/gDr4Peh0E28heAqKopjultPXPZbSZL4D3fJIGP2j6e1B +wvmIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GcYrAKCgKW+qFwbMNeh4ikFg9fJx +4/lH9wCdGevT7dwBzPe6L+aWZxipEXYmjx6JAj4EEwECACgFAk64PN0CGwMFCQIc +hwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwbVHyNgXLIThYP/AnoLpQl +whEEKaIhOSOKXegfdUHK6cL4cHRACzRIbBk/S4G2Vg/bnUW8tvWZDQLZ3CGL8Z0F +tNQ6GusUxt7mcYdSj7xynbi7bZiurgYp7B7hh1hVG3pAXEwlDnJgfoc0YZHrHZwt +HnNVYOfGEQF4zyplmUUxDyp/ZMYcXMr3PVJkYBJhYKCHOkMUtzzNjSSginaqZY1p +fgbP+Gou/9qgotkYiH84oUG9yTSKLIO5x0WzQYuoPNJyOdSHaLPfEqCC435vCYT5 +YLZB1YI5xzQiGsAL//cUCe267oiFmO9Ioky/azeX1Ouy2DH8uEDQPQFTJYXt3CbL +i10HkoBWdmncPC6+b0IJjDUo8Iv4yk0xFt2/DGkGK3h6jJxJ9pzx5KBT46iLfU50 +iTWMTguXn9ud/UJV0MpKgKjvO9hB4fae60n2UootknzEw6Y5W55PfGkT14WcrGGo +WHLSbpR6+gA9apU1cdoOC8nXlf3Eb2No6LP3X7RJXqiRsdP0s6QXkZGfR/qyNXI9 +S5j6wIyqNFU0cX21UgI9oJSKEKIKEFacgyD9za0gswEI+DZr8/p3cJE89ZX8ySgO +FG148wgaakTNGyGwR6aogGZ8IAHc83bnwGCgTeK6ZPSKNLSE/sImcTOrxIN1/x39 +r8o0TxuZjqFH+zKWfpdHX+sJLyi8Gs29CsUhiQI+BBMBAgAoAhsDBgsJCAcDAgYV +CAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8G1R8jYFyyLl/EACG6QRV +kKVBoI2Ycr4UISk2+gCD2r4xSK/QLEhDFcZRgMctvPVnhod3uJOsMGJCk3aPGu91 +Jtwuj0CkeURa/cVzOjC+f7baveTuWQaAqW+r70m6F4gYHU0aDD/uQ75rTCcrsmt2 +pnZCyA9jLJxQGG11AvbOcV+7K7BuIvXs4iAactZ0hRvDVuGXuup2LnUbxyBU2oj7 +OWCXKTpZcJ0KGTWapMf8ClYYsEgS0wvMWotJzAov7ijkoP2DyEQVOPTnGWcfjsTk +QgbyqiFeBl+3IT4+xSzkPsd75dCYhsHBvCoT8cfUH4wvDXzU2CwpC1CDfHit6Hw5 +UigvZ8HXyn00Bm0UjLHGW+haS3kyOoz+z09gVFYd33cpjSnFr5is8ZMBPW31PE15 +q9/l6G/o6OGJCtOax3Yi6ttqn+KbDXIooZoRPZlayOSghyjoD40+ErevmqZPfJ3E +o1kHz62B1YpoXmhUm2Ihf2SbjWJRaW9Hp2nd81kAAXjr+8k4yvOuHxwYPFnpBjfV +cfYNQ3Zf5xF4nfszFuZMc5JYrIR3EYVgEk+n8VpulAqd0rXUEODwGy7rPjdxLY7w +DhUEZMQN3xweIb4vjPDBb0Ax3ACyfWKIdT0kC3rGOy9xyCzxWO2CjHMjrbxy4jL7 +B0WIQ5fpRcV2+wozs2WYgJKVKJgJZGYsW8dDLYkCHAQQAQIABgUCUtgrXgAKCRBH +1QFsQv98LIX0EADVefJUEMGKiTFLwUmWNF2X4oCzEZEMsQ6NliiQFvtNkKrT+OzZ +zggxfINUr0XEKgjjoGZ03Hmm7xAFc1Y51QZEr25H18PuSixz2YSHPqYwwVgLUh0v +u2AqaP0mQckssK+ZAQVvoZ7ZOI22ZXIZ6CPEPY6aJawHov8Strlm8oTbFgLfZ5Wo +3NCxMkkq3NFNHuwesccelNPefgnFZWhwr1mkUeX+rCAbQF/QHYEAi7KjfKyY+XKs +ccjYS+RWxpte21ejngp7pRYli3M8cZoaWKCzLTrD8gKztlo3op9Zc2+hjOY9gZtG +CaXkN8lchJ1yMyWju61ZO++AJq6S2OdBVxgsj9xPm+x91RbZRHQmUuq8mefUzaEm +NHE29udVFfuV//Fpabi04IrOuabkrSvP27eX9FT1y25tKFHuJdL5fDUFGnNnTvcR +X51lJmvnuIKJQ+Lthup7npS0L06+dPIDoqyxF8hmdu3RtwEsvkboPaxx5XTB5d8y +3wzBFWd4ePwBIumrY1YHSzdJCvyyLRXZbSOsHXgZfhfQ1LVgxxebP7E+stWqGLLC +Fry0WGG8f/UUgVr1QpluT6NjioUnuI/ZmKR/aKewqVYWAnr54fF+np4VdxPfYwci +lpbXpkamORZqPfq/nyoWgnp+y4AptDdDkSWnFxfcJ1wnFFcrHVUSFQ1wBYkCPgQT +AQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlLV0QsFCQXdHmsACgkQ +/BtUfI2BcsjV6w/9Fe1+3Mc6wG3R9VbxiYo13/JV4t+tA9/tcJ1R/Y96eAqVajoK +c2ZQ7FrimmlzvLIvxpH4Z76h3NmPWfOQ6qEumZQ5BM3QwBfQQ3Tmj10gfiL5vOZJ +6dUaJjwXgjz0Qyk1G3gw7K1xmtnXgBPyGT9T9q3OAhHHdV2b6xS9dWoNKhUV8GUn +HfIKwq+87aZqexjFE7ubZdOAe+5nrqnlMEfJKgDjXbazES9IYvPQiSjwR3xaIPOa +ma5WfQV0SHg3Vkhtv2PjuoYWNfNy17N7u+dfg7nAtKLIQCPht45uKk66BYWYBoDI +VQfg6zcFLpdNcFzzwmgrYRZvEvBf5aSG3KFD7UReT0695/lHheRxEAA3thsx8gaM +CCavtVxbVUluEfYZ7TgXLMuIO9OBKhi7MwB3iL5qacrNShMB+1J5FxieJBmWXdla ++kCdCdS+9kIZH+mnQ8daGEJ5R9mNcVwcWasI0o9NObqIZwhKw4obrC5Q7m2NfXL6 +FUScfA7yn7+/icdQB9fH2ZXGJVuNm1b8OBN6Nbz0QauaCystWzKXKwpVb/5M623v +Vw75RfnqCFiAf4tX58nL/QalJc4C0E+TvQ2pXC47VQvHmiAB31vKvU0nbo+lzi64 +hAPWJnhr2pmTvglquTFzLwEsWfO4zDtUwFo8KM1XFsonaoX5UzGTXPmIN5+0J0xl +dmVudGUgUG9seWFrIDxhbnRocmF4eEBhcmNobGludXgub3JnPokCPwQTAQIAKQIb +AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheABQJUl1PbBQkHwE8PAAoJEPwbVHyN +gXLIdGAP/0ch1NeFyXWszqA5ow+itBn6iyUaplXB5I56Q77cTIFB6LqJ5+2kdUuO +UqPvOilGS3dxbyDsSdWDLs+bHRFG4uqZyGUDhmu2mvS+uDqPFwcKJUNDlgdccxph +sA5HJFGg1ca0TWWg8vjwANdU4sL9Ujbaw93v0Mx/1+aSIxyEJBNxc6DJWEfCjpSy +R9JB8WTHgvxEAImVNsT1OGNTvd2DN+17WBhxBktLHDocIGJ/fttzFgKkv6NTPwt+ +y4QyP3UgeYRZR21B6MVckk2/UuCuCY7gAGruTFVoINa/Wqn2YPPZhJYrTX7ysDaV +QLObxlepeo0UWC7wFEiuqu5OM75MWLUX8j/1OAIE6my85vrlcWSf0Z3jOAgPTjJw +VT5h7T/7NPP2azoIlOE2bh5UcKXFkT0xDYPcMr2hV2Ih+jU+Ygiyg/1yIIxearmm +PFjfIHMLepa+7RPtTlHwu4fpNPXzL13W6PXSoCTTi/suGlYmSyLtOwxq15GGT3vg +1Xh8wfkuWwbWJnBKXtt8HkteQRgDngDnRSJwsO2nnQ7+sr+F8J3rQDdlVdVcolic +ekup8ZgSjJYinfcpF+H+qy2kK2jOYyyHI/+zHQtwy1R7MbLwPJe7WNWrBmEvmazB +2//Iu5EVIfFX3flPjeRQbKX4B/SuXF48uo0/8WfdgaMW8glRWJnbiQI/BBMBAgAp +BQJUSwOnAhsDBQkF3R5rBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ/BtU +fI2Bcsj5ihAAg0d0A8OUsNWG7TiPQTuC/D4e/5JTkJARmQ5xO6gMPxTpjSZCyWEl +7gQOg/liU8nz5HZGaJgg4HuBwTs6euqdnVi6zhW1c1wye2thGTQ7DeSPJnhju3Qe +mPS1jEdC34lXCo6eGjdKnGb7TV7hkptHKHh7XCU9n6qcXQ2cNQQbdqSCRsfVm1XD ++p+mM/FGOz8uFOrhERAUl99WkVZ4NKTdws8U6FXulbdWrWwI4eRggIdwI/Tl7zuy +ja7KxBCCeJ/gFY6g+iOYmIo6//bJITgmAG60hFHJ9JigcN6xglYFI28TCdNqM0+C +hgbZUner0vLmaxRNoXqV9Xw8ihNMQa7fUFYkX8VrXOdLdVvee7OaeLuWWE8x6usQ +NzgLDQQx9fmxtrQY+dC6Y25IPMm094z0nrbM1wtfG2+8Vw4mQ2U099fT5t3Yl7fE +PlanhgQxRZE78PxezyYxms4HV+wqvrhlBzFnWAd6H27uDPfUfO9cLgbmFTUlwFhg +gsDeIFRFx8+h4/0xAIPqUODmTiN0mj5sLRW7zvqZW6zhsGIMdPd+IkhHiGjeJqme +Ai0iOjpV3tRteoW51/+/ajPmyUBbvOxiFJNADHH2NvqoBMU1pkTvpc7Wy+2J9VcF +4TFdWBbwjU8BoC3ZgixTrT0zCSwabnKriglOhA5Ik/n5HsR7S76V13y0KExldmVu +dGUgUG9seWFrIDxhbnRocmF4eEBoYW1idXJnLmNjYy5kZT6JAj0EEwEIACcFAlSX +VHICGwMFCQfATw8FCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ/BtUfI2Bcsia +Wg//SKLFNUTEBQG11cV/AljxmI2s8y+cPKs3VqlwEjiuRMu4DRkFVaZNEuPq0b8q +8pwcHIJ5/nZvOticm9M/g7TrTp3pOxmSYf7WG31vVrprig22dz8WxQAy76srNn1z +stg0TFO7nKNVjZOFz5D0RpWazwnXyDed3l2/7RZ1CMv7ue/rZez8FnDHN7Di3daX +AJ5XkvDAsD6AITYQd+4XEbh2rt9p8G6qUUjwzoVU/aGVgo1CGZydYMJQVccNL7kv +fumnwkAED8u9j0ZI+xfaD3c1rP98bnqk9u8rJPCAeIkA4ppisDb7noz0NaO7dDyM +ywBK4OR478fw5h7GfiIwZdVAHkCoEHNvF1ON8JnYgyplLvZvxZ0dtYGDYDiFdORN +gVgGMU12kemPws4hEx3WMgUu/BBkF58XyQyqcwt7q+WGI2lQ88UzZ/FAsu8i8r/J +jkV8FsiCJ2rSHEMddmOHoaTM+6oB2i9kZo7KmToSZu7DxuemlHpuOO3kG/iRga2y +NeancRJwbxgZhNGBbhrA/7k5UOcXkmfW74oBkbCci0ncVhHu12dsJXhk+eprkOXv +nD1vEIeuzL4V/SMDar3SxFlfLFwQk4cn9+pdeP3LxwHKBn74pABsbEBhEY4IjUEL +YOTEVoP6s+Ou1NcLxFl3elmniwL2+GV5rDM8pctkKNemtZa5Ag0ETrg4RQEQALfu +qEihKS+DTVlWUujzSq5zK/5oQ1ZL8AiTUTZuVtrRWCq0HE8tWaVxEP3Vt9FCo7yF +afXigokChzHOgzczg80tctrlv+vbFyaZnjGQH20Nlz8EnZP102zudx/RdFXG/up8 +PX50Eck2lH+IvvosMLdvrZTkFJ4SgqMGSoAgMhJHZdZB5N0y8yPPAjcEnSXp8L2A +mo9e0egCrEuqBrCZld00nIoipyDlYNZkLjPf0JRgFPO/AWWgBZLvLlteLu0emq8N +96bT3QTdXpRVPM0qeX94+2gIj+0V1uQ9+k5Xkslbbii9TnOzMnLRO6dBAONVTTb3 +ajzdXK71iv2a8Y9lKShxhYWP9JNOFlXkAp+ZoD7EZex4dgu6giV3PrTDJLyWSu41 +WfqOz6cJGpJSTacrenC542ynAaSVKXH+1plqB9kq/M7HtE/P4GveQXIVT9Sho394 +4hwkuETo20KwCgFPMmiNaBysnOykIcDsDutBOyygdovzdGEyHVsM8/kz007QFgJf +hKy91H6O/Cg7VH+yaUKllRZ+kFsoSy8/E0IqLzqBHG3sUGM6lJ0Q9fgSnpzIZsdE +jRhczNCvlovGLa/kBHcEUWQ2zrjnfjsLkxvamKJ8N6LLIXIDRv5dE2smpdi3oiVg +XdOKshyXB+obhRFlWtirK4udX5yYzUpcB0zBoo1hABEBAAGJAiUEGAECAA8CGwwF +AlSXVAEFCQfATzwACgkQ/BtUfI2Bcsj0Tw//dyDYwcnh0BIb+nDCXFC91KiPUILa +f+wI5w6c9YYEo6TR89q6Wsq8EDiqcqSJcztuNvw3MZGHWA25nNB/0046CGM/tUBd +Jyudd3TxQBi6XMMSTbG1EMtSN1UMV4guuUfYcAGW38oZ+YJACCBFFz/Kt0aa/hhi +/hBNyvI73vZfQ/fsScFDewkxikUEspRsLVmX6gaEmumOxOhJP3HBoxeBCM4Z3IXo +dON2SiiMxt9BPIPJOyKNkFQGQ3dqJIag3GnsZ1s0CEoi8iqF7uS4RjC7uOJtvn74 +CODxg1Ibl1IweyAuBEA80wUh9DGLAdRJpxWy1B2fDhIROvpcg0R5p6j9UX0b0esc +jKLQEiE1wRswjXhWpZhe7Pjl38KhwqMyaeR3OnDtP7JXazIG6HiBIp4cx4k5A2TT +X+LhvG3NHCeuxIyjLTRTWgv241kf7uAu+qgjHDSKXQqpjvo+cUYQgSxQZZXnmlz0 +sz/tEeiWl+i8kW/RNKQvNNR8ghWDW3YRak/zS+WFNoLZchecIzMj+je1vSg411o4 +Xd3LHDur6boCetaq7ZkqoS+NcX9n8MnKhHKYJblvXyc1h67s90+wSwhlumA8WqlM +yqn99m13aF8GuGZbw5B2/x/Cd7WW5wZV6ioola/yqDXB1XtDFBy2Hxr/VMRlE3Cu +kekzzVjVTZxOgZE= +=yRuG +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index 3010d87a178..95510fe218e 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -16,32 +16,10 @@ with (stdenv.lib.kernel.whenHelpers version); assert (versionAtLeast version "4.9"); -optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { - DEFAULT_MMAP_MIN_ADDR = freeform "65536"; # Prevent allocation of first 64K of memory - - # Reduce attack surface by disabling X32 - X86_X32 = no; - # Note: this config depends on EXPERT y and so will not take effect, hence - # it is left "optional" for now. - MODIFY_LDT_SYSCALL = option no; - VMAP_STACK = yes; # Catch kernel stack overflows - - # Randomize position of kernel and memory. - RANDOMIZE_BASE = yes; - RANDOMIZE_MEMORY = yes; - - # Disable legacy virtual syscalls by default (modern glibc use vDSO instead). - # - # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism, - # which is supposed to be safer than the native variant (wrt. ret2libc), so - # disabling it mainly helps reduce surface. - LEGACY_VSYSCALL_NONE = yes; -} // { +{ # Report BUG() conditions and kill the offending process. BUG = yes; - BUG_ON_DATA_CORRUPTION = whenAtLeast "4.10" yes; - # Safer page access permissions (wrt. code injection). Default on >=4.11. DEBUG_RODATA = whenOlder "4.11" yes; DEBUG_SET_MODULE_RONX = whenOlder "4.11" yes; @@ -57,32 +35,17 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { SECURITY_SELINUX_DISABLE = whenAtLeast "4.12" no; SECURITY_WRITABLE_HOOKS = whenAtLeast "4.12" (option no); - DEBUG_WX = yes; # boot-time warning on RWX mappings STRICT_KERNEL_RWX = whenAtLeast "4.11" yes; - # Stricter /dev/mem - STRICT_DEVMEM = option yes; - IO_STRICT_DEVMEM = option yes; - # Perform additional validation of commonly targeted structures. DEBUG_CREDENTIALS = yes; DEBUG_NOTIFIERS = yes; - DEBUG_LIST = yes; DEBUG_PI_LIST = yes; # doesn't BUG() DEBUG_SG = yes; SCHED_STACK_END_CHECK = yes; REFCOUNT_FULL = whenAtLeast "4.13" yes; - # Perform usercopy bounds checking. - HARDENED_USERCOPY = yes; - HARDENED_USERCOPY_FALLBACK = whenAtLeast "4.16" no; # for full whitelist enforcement - - # Randomize allocator freelists. - SLAB_FREELIST_RANDOM = yes; - - SLAB_FREELIST_HARDENED = whenAtLeast "4.14" yes; - # Randomize page allocator when page_alloc.shuffle=1 SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; @@ -98,7 +61,6 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { SECURITY_SAFESETID = whenAtLeast "5.1" yes; # Reboot devices immediately if kernel experiences an Oops. - PANIC_ON_OOPS = yes; PANIC_TIMEOUT = freeform "-1"; GCC_PLUGINS = yes; # Enable gcc plugin options @@ -120,7 +82,4 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { CC_STACKPROTECTOR_REGULAR = whenOlder "4.18" no; CC_STACKPROTECTOR_STRONG = whenOlder "4.18" yes; - # Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE - FORTIFY_SOURCE = whenAtLeast "4.13" yes; - } diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json new file mode 100644 index 00000000000..76d27e29508 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -0,0 +1,27 @@ +{ + "4.14": { + "name": "linux-hardened-4.14.180.a.patch", + "sha256": "0rpk5lq947i4v48d6jv75rgwpncayr4agc3f2iich3hlkh5p72p3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.180.a/linux-hardened-4.14.180.a.patch" + }, + "4.19": { + "name": "linux-hardened-4.19.122.a.patch", + "sha256": "0jh5wyrwrmm9rqqi8fn6d6bd8lzkhj1aylnphsajyyx5v28hn1b2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.122.a/linux-hardened-4.19.122.a.patch" + }, + "5.4": { + "name": "linux-hardened-5.4.40.a.patch", + "sha256": "1w9yc0j8vshjyvb2qgxjvrdgwiy5lmjn3s1rmlch649vqp97j9w7", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.40.a/linux-hardened-5.4.40.a.patch" + }, + "5.5": { + "name": "linux-hardened-5.5.19.a.patch", + "sha256": "1ya5nsfhr3nwz6qiz4pdhvm6k9mx1kr0prhdvhx3p40f1vk281sc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" + }, + "5.6": { + "name": "linux-hardened-5.6.12.a.patch", + "sha256": "1b6cwffb2b21h9xh2acm9q9j55cay87zbv9jjayv69znry4mzsx3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.12.a/linux-hardened-5.6.12.a.patch" + } +} diff --git a/pkgs/os-specific/linux/kernel/tag-hardened.patch b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch index ff8a3a12797..ff8a3a12797 100644 --- a/pkgs/os-specific/linux/kernel/tag-hardened.patch +++ b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py new file mode 100755 index 00000000000..d6443d2e751 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -0,0 +1,276 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i python -p "python38.withPackages (ps: [ps.PyGithub])" git gnupg + +# This is automatically called by ../update.sh. + +from __future__ import annotations + +import json +import os +import re +import subprocess +import sys +from dataclasses import dataclass +from pathlib import Path +from tempfile import TemporaryDirectory +from typing import ( + Dict, + Iterator, + List, + Optional, + Sequence, + Tuple, + TypedDict, + Union, +) + +from github import Github +from github.GitRelease import GitRelease + +VersionComponent = Union[int, str] +Version = List[VersionComponent] + + +Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str}) + + +@dataclass +class ReleaseInfo: + version: Version + release: GitRelease + + +HERE = Path(__file__).resolve().parent +NIXPKGS_KERNEL_PATH = HERE.parent +NIXPKGS_PATH = HERE.parents[4] +HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" +HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" +HARDENED_PATCHES_PATH = HERE / "patches.json" +MIN_KERNEL_VERSION: Version = [4, 14] + + +def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]: + try: + return subprocess.run( + args, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + encoding="utf-8", + ) + except subprocess.CalledProcessError as err: + print( + f"error: `{err.cmd}` failed unexpectedly\n" + f"status code: {err.returncode}\n" + f"stdout:\n{err.stdout.strip()}\n" + f"stderr:\n{err.stderr.strip()}", + file=sys.stderr, + ) + sys.exit(1) + + +def nix_prefetch_url(url: str) -> Tuple[str, Path]: + output = run("nix-prefetch-url", "--print-path", url).stdout + sha256, path = output.strip().split("\n") + return sha256, Path(path) + + +def verify_openpgp_signature( + *, name: str, trusted_key: Path, sig_path: Path, data_path: Path, +) -> bool: + with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str: + gnupg_home = Path(gnupg_home_str) + run("gpg", "--homedir", gnupg_home, "--import", trusted_key) + keyring = gnupg_home / "pubring.kbx" + try: + subprocess.run( + ("gpgv", "--keyring", keyring, sig_path, data_path), + check=True, + stderr=subprocess.PIPE, + encoding="utf-8", + ) + return True + except subprocess.CalledProcessError as err: + print( + f"error: signature for {name} failed to verify!", + file=sys.stderr, + ) + print(err.stderr, file=sys.stderr, end="") + return False + + +def fetch_patch(*, name: str, release: GitRelease) -> Optional[Patch]: + def find_asset(filename: str) -> str: + try: + it: Iterator[str] = ( + asset.browser_download_url + for asset in release.get_assets() + if asset.name == filename + ) + return next(it) + except StopIteration: + raise KeyError(filename) + + patch_filename = f"{name}.patch" + try: + patch_url = find_asset(patch_filename) + sig_url = find_asset(patch_filename + ".sig") + except KeyError: + print(f"error: {patch_filename}{{,.sig}} not present", file=sys.stderr) + return None + + sha256, patch_path = nix_prefetch_url(patch_url) + _, sig_path = nix_prefetch_url(sig_url) + sig_ok = verify_openpgp_signature( + name=name, + trusted_key=HARDENED_TRUSTED_KEY, + sig_path=sig_path, + data_path=patch_path, + ) + if not sig_ok: + return None + + return Patch(name=patch_filename, url=patch_url, sha256=sha256) + + +def parse_version(version_str: str) -> Version: + version: Version = [] + for component in version_str.split("."): + try: + version.append(int(component)) + except ValueError: + version.append(component) + return version + + +def version_string(version: Version) -> str: + return ".".join(str(component) for component in version) + + +def major_kernel_version_key(kernel_version: Version) -> str: + return version_string(kernel_version[:-1]) + + +def commit_patches(*, kernel_key: str, message: str) -> None: + new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new") + with open(new_patches_path, "w") as new_patches_file: + json.dump(patches, new_patches_file, indent=4, sort_keys=True) + new_patches_file.write("\n") + os.rename(new_patches_path, HARDENED_PATCHES_PATH) + message = f"linux/hardened/patches/{kernel_key}: {message}" + print(message) + if os.environ.get("COMMIT"): + run( + "git", + "-C", + NIXPKGS_PATH, + "commit", + f"--message={message}", + HARDENED_PATCHES_PATH, + ) + + +# Load the existing patches. +patches: Dict[str, Patch] +with open(HARDENED_PATCHES_PATH) as patches_file: + patches = json.load(patches_file) + +# Get the set of currently packaged kernel versions. +kernel_versions = {} +for filename in os.listdir(NIXPKGS_KERNEL_PATH): + filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) + if filename_match: + nix_version_expr = f""" + with import {NIXPKGS_PATH} {{}}; + (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version + """ + kernel_version_json = run( + "nix-instantiate", "--eval", "--json", "--expr", nix_version_expr, + ).stdout + kernel_version = parse_version(json.loads(kernel_version_json)) + if kernel_version < MIN_KERNEL_VERSION: + continue + kernel_key = major_kernel_version_key(kernel_version) + kernel_versions[kernel_key] = kernel_version + +# Remove patches for unpackaged kernel versions. +for kernel_key in sorted(patches.keys() - kernel_versions.keys()): + commit_patches(kernel_key=kernel_key, message="remove") + +g = Github(os.environ.get("GITHUB_TOKEN")) +repo = g.get_repo(HARDENED_GITHUB_REPO) +failures = False + +# Match each kernel version with the best patch version. +releases = {} +for release in repo.get_releases(): + version = parse_version(release.tag_name) + # needs to look like e.g. 5.6.3.a + if len(version) < 4: + continue + + kernel_version = version[:-1] + kernel_key = major_kernel_version_key(kernel_version) + try: + packaged_kernel_version = kernel_versions[kernel_key] + except KeyError: + continue + + release_info = ReleaseInfo(version=version, release=release) + + if kernel_version == packaged_kernel_version: + releases[kernel_key] = release_info + else: + # Fall back to the latest patch for this major kernel version, + # skipping patches for kernels newer than the packaged one. + if kernel_version > packaged_kernel_version: + continue + elif ( + kernel_key not in releases or releases[kernel_key].version < version + ): + releases[kernel_key] = release_info + +# Update hardened-patches.json for each release. +for kernel_key in sorted(releases.keys()): + release_info = releases[kernel_key] + release = release_info.release + version = release_info.version + version_str = release.tag_name + name = f"linux-hardened-{version_str}" + + old_version: Optional[Version] = None + old_version_str: Optional[str] = None + update: bool + try: + old_filename = patches[kernel_key]["name"] + old_version_str = old_filename.replace("linux-hardened-", "").replace( + ".patch", "" + ) + old_version = parse_version(old_version_str) + update = old_version < version + except KeyError: + update = True + + if update: + patch = fetch_patch(name=name, release=release) + if patch is None: + failures = True + else: + patches[kernel_key] = patch + if old_version: + message = f"{old_version_str} -> {version_str}" + else: + message = f"init at {version_str}" + commit_patches(kernel_key=kernel_key, message=message) + +missing_kernel_versions = kernel_versions.keys() - patches.keys() + +if missing_kernel_versions: + print( + f"warning: no patches for kernel versions " + + ", ".join(missing_kernel_versions), + file=sys.stderr, + ) + +if failures: + sys.exit(1) diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 70083eb6cc4..8629eb8cf72 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.175"; + version = "4.14.180"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0b12w0d21sk261jr4p1pm32v0r20a5c2j1p5hasdqw80sb2hli6b"; + sha256 = "03pd4wpg526n391jwc0kbmbxi059mvq8d42a9qbym9mnv5rzjkj4"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index c7e55b1c9f8..577138542b3 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.114"; + version = "4.19.122"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "03hz6vg5bg728ilbm4z997pf52cgxzsxb03vz5cs55gwdbfa0h0y"; + sha256 = "1980vza1vf6cl772dynn4m0rgdjazbn125kd6sb3s06gqn72cl2h"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 6f0baf2a53b..58131815e0f 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.218"; + version = "4.4.223"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0qzhcy8i111jbpnkpzq7hqf9nkwq4s7smi820hfvnmd2ky7cns7a"; + sha256 = "09fln0sdfif2zv2jifp24yiqi0vcyj8fqx2jz91g21zvsxk3x5nd"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 3b6a68b7c03..9f2c7659abb 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.218"; + version = "4.9.223"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1ka98c8sbfipzll6ss9fcsn26lh4cy60372yfw27pif4brhnwfnz"; + sha256 = "1r9ag1fhy0g429q44qlqh0qkf42qkhzxa04gxlmnrinqypk00lyg"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index e18048ef4c9..ffe59480915 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.31"; + version = "5.4.40"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1svf4wf4j1vqhdpgx63ry4c99fc54d9nfi4d1xm7z209z3w86451"; + sha256 = "1ar001rljlr15rcl77la5y1cj3plaqhdblnh87xsmv47fq13yml3"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.5.nix b/pkgs/os-specific/linux/kernel/linux-5.5.nix index 3b6555bde53..96a349d985c 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.5.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.5.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.5.16"; + version = "5.5.19"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0207yw1vkyzvnvbfbkyam6nac1dd9p4hmmbqw09ljki0ia531yw5"; + sha256 = "1sqiw9d25sqqzdh04dd722i7ff6kchj869jp4l8zalpvf51k6j0l"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index 052343467db..844fb18c21a 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.3"; + version = "5.6.12"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1ajh1iw3bplm6ckcycg45wfmmqkvfiqmh6i3m1895dfapfd6h4qx"; + sha256 = "0892ar2irfhd612sb8jpx85w0wwh4n76jgsv8wb92fp6mim37sns"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index d167a89ea83..b13791ccb99 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "17402"; - sha256 = "1g151h6hdiwpvpip1r2rhbma8j13xghcyxddh0ppg9h548wwwack"; + rev = "17445"; + sha256 = "0d2gd2w4pbb728a7mw9dnq3aicwpjzg8zahg80ismvc9l1sym50a"; } , ... }: diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index e63fe96be6b..8b5f1e58d14 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,15 +3,15 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6-rc7"; - extraMeta.branch = "5.6"; + version = "5.7-rc4"; + extraMeta.branch = "5.7"; # modDirVersion needs to be x.y.z, will always add .0 modDirVersion = if (modDirVersionArg == null) then builtins.replaceStrings ["-"] [".0-"] version else modDirVersionArg; src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "0wv3ipfm970y2pyadwn5g7hd9bj117qk8jl8sdhrasbsy1p8936i"; + sha256 = "1mnknjiax24iaj9n5k0s55vp6fvmb40s931qxj24v5p1lc5fznvb"; }; # Should the testing kernels ever be built on Hydra? diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 71505840b86..d73e0a8ac90 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,6 +1,6 @@ { buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl , libelf, cpio -, utillinux +, utillinuxMinimal , writeTextFile }: @@ -281,7 +281,7 @@ let in assert stdenv.lib.versionAtLeast version "4.14" -> libelf != null; -assert stdenv.lib.versionAtLeast version "4.15" -> utillinux != null; +assert stdenv.lib.versionAtLeast version "4.15" -> utillinuxMinimal != null; stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.platform kernelPatches configfile) // { pname = "linux"; inherit version; @@ -292,7 +292,7 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.platform kernelPatches nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr ] ++ optional (stdenv.hostPlatform.platform.kernelTarget == "uImage") buildPackages.ubootTools ++ optional (stdenv.lib.versionAtLeast version "4.14") libelf - ++ optional (stdenv.lib.versionAtLeast version "4.15") utillinux + ++ optional (stdenv.lib.versionAtLeast version "4.15") utillinuxMinimal ++ optionals (stdenv.lib.versionAtLeast version "4.16") [ bison flex ] ++ optional (stdenv.lib.versionAtLeast version "5.2") cpio ; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 2b718551cc7..8ce1ac2b587 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -1,4 +1,4 @@ -{ fetchpatch }: +{ lib, fetchpatch, fetchurl }: { bridge_stp_helper = @@ -35,9 +35,17 @@ tag_hardened = { name = "tag-hardened"; - patch = ./tag-hardened.patch; + patch = ./hardened/tag-hardened.patch; }; + hardened = let + mkPatch = kernelVersion: src: { + name = lib.removeSuffix ".patch" src.name; + patch = fetchurl src; + }; + patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json); + in lib.mapAttrs mkPatch patches; + # https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6 iwlwifi_mvm_support_version_7_scan_req_umac_fw_command = rec { name = "iwlwifi_mvm_support_version_7_scan_req_umac_fw_command"; diff --git a/pkgs/os-specific/linux/kernel/update.sh b/pkgs/os-specific/linux/kernel/update.sh index c7fcc07ea0a..55fdce06c97 100755 --- a/pkgs/os-specific/linux/kernel/update.sh +++ b/pkgs/os-specific/linux/kernel/update.sh @@ -60,3 +60,6 @@ done # Update linux-libre COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh + +# Update linux-hardened +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py diff --git a/pkgs/os-specific/linux/ldm/default.nix b/pkgs/os-specific/linux/ldm/default.nix index 603d2855f56..bbc341caf11 100644 --- a/pkgs/os-specific/linux/ldm/default.nix +++ b/pkgs/os-specific/linux/ldm/default.nix @@ -38,7 +38,6 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.mit; platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.the-kenny ]; repositories.git = git; }; } diff --git a/pkgs/os-specific/linux/libbpf/default.nix b/pkgs/os-specific/linux/libbpf/default.nix index b9626aac22d..aefb5ff6835 100644 --- a/pkgs/os-specific/linux/libbpf/default.nix +++ b/pkgs/os-specific/linux/libbpf/default.nix @@ -6,13 +6,13 @@ with builtins; stdenv.mkDerivation rec { pname = "libbpf"; - version = "0.0.7"; + version = "0.0.8"; src = fetchFromGitHub { owner = "libbpf"; repo = "libbpf"; rev = "v${version}"; - sha256 = "1jcqhqvfbnbijm4jn949ibw1qywai9rwhyijf6lg8cvnyxkib2bs"; + sha256 = "02vbpg9v5sjcw7ihximy63cjmz82q5izkp91i44m1qp6qj5qn4sr"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/os-specific/linux/libcgroup/default.nix b/pkgs/os-specific/linux/libcgroup/default.nix index 026b43fc615..4d93c3bb4fe 100644 --- a/pkgs/os-specific/linux/libcgroup/default.nix +++ b/pkgs/os-specific/linux/libcgroup/default.nix @@ -13,6 +13,7 @@ stdenv.mkDerivation rec { patches = [ (fetchpatch { + name = "CVE-2018-14348.patch"; url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch?id=33e9f4c81de754bbf76b893ea1133ed023f2a0e5"; sha256 = "1x0x29ld0cgmfwq4qy13s6d5c8sym1frfh1j2q47d8gfw6qaxka5"; }) diff --git a/pkgs/os-specific/linux/libfabric/default.nix b/pkgs/os-specific/linux/libfabric/default.nix new file mode 100644 index 00000000000..6383832a7e7 --- /dev/null +++ b/pkgs/os-specific/linux/libfabric/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, libpsm2 }: + +stdenv.mkDerivation rec { + pname = "libfabric"; + version = "1.10.0"; + + enableParallelBuilding = true; + + src = fetchFromGitHub { + owner = "ofiwg"; + repo = pname; + rev = "v${version}"; + sha256 = "0amgc5w7qg96r9a21jl92m6jzn4z2j3iyk7jf7kwyzfi4jhlkv89"; + }; + + nativeBuildInputs = [ pkgconfig autoreconfHook ] ; + + buildInputs = [ libpsm2 ] ; + + configureFlags = [ "--enable-psm2=${libpsm2}" ] ; + + meta = with stdenv.lib; { + homepage = "http://libfabric.org/"; + description = "Open Fabric Interfaces"; + license = with licenses; [ gpl2 bsd2 ]; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.bzizou ]; + }; +} diff --git a/pkgs/os-specific/linux/libpsm2/default.nix b/pkgs/os-specific/linux/libpsm2/default.nix new file mode 100644 index 00000000000..b9e41380da8 --- /dev/null +++ b/pkgs/os-specific/linux/libpsm2/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, numactl, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "libpsm2"; + version = "11.2.156"; + ifs_version = "10_10_2_0_44"; + + preConfigure= '' + export UDEVDIR=$out/etc/udev + substituteInPlace ./Makefile --replace "udevrulesdir}" "prefix}/etc/udev"; + ''; + + enableParallelBuilding = true; + + buildInputs = [ numactl pkgconfig ]; + + installFlags = [ + "DESTDIR=$(out)" + "UDEVDIR=/etc/udev" + "LIBPSM2_COMPAT_CONF_DIR=/etc" + ]; + + src = fetchFromGitHub { + owner = "intel"; + repo = "opa-psm2"; + rev = "IFS_RELEASE_${ifs_version}"; + sha256 = "0ckrfzih1ga9yvximxjdh0z05kn9l858ykqiblv18w6ka3gra1xz"; + }; + + postInstall = '' + mv $out/usr/* $out + rmdir $out/usr + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/intel/opa-psm2"; + description = "The PSM2 library supports a number of fabric media and stacks"; + license = with licenses; [ gpl2 bsd3 ]; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.bzizou ]; + }; +} diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix index d8aff40eefd..cc25f90f248 100644 --- a/pkgs/os-specific/linux/lxc/default.nix +++ b/pkgs/os-specific/linux/lxc/default.nix @@ -9,11 +9,11 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "lxc"; - version = "4.0.1"; + version = "4.0.2"; src = fetchurl { url = "https://linuxcontainers.org/downloads/lxc/lxc-${version}.tar.gz"; - sha256 = "178kqjz0n5nnjw0z8ac5lbfpqprna9xfd9ckakp34zq9vz0smfvh"; + sha256 = "1c2wbbcvs58slyq0skxizx61q1lb4yvak28x4gzsbzh3yg6nscya"; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix index 65615f5c240..68d05f0be65 100644 --- a/pkgs/os-specific/linux/lxcfs/default.nix +++ b/pkgs/os-specific/linux/lxcfs/default.nix @@ -3,13 +3,13 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "lxcfs-4.0.1"; + name = "lxcfs-4.0.3"; src = fetchFromGitHub { owner = "lxc"; repo = "lxcfs"; rev = name; - sha256 = "09y26ln2wxpi809kd3r352my64aal0yz2a5kin0i25gnvivl32cs"; + sha256 = "0v6c5vc3i1l4sy4iamzdqvwibj6xr1lna4w1hxkn3s6jggcbxwca"; }; nativeBuildInputs = [ pkgconfig help2man autoreconfHook ]; diff --git a/pkgs/os-specific/linux/mcelog/default.nix b/pkgs/os-specific/linux/mcelog/default.nix index c224595a984..9ead1f6ad4b 100644 --- a/pkgs/os-specific/linux/mcelog/default.nix +++ b/pkgs/os-specific/linux/mcelog/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mcelog"; - version = "168"; + version = "169"; src = fetchFromGitHub { owner = "andikleen"; repo = "mcelog"; rev = "v${version}"; - sha256 = "0mcmmjvvc80nk20n4dknimv0jzvdkj1ajgyq33b2i4v6xq0bz1pb"; + sha256 = "0ghkwfaky026qwj6hmcvz2w2hm8qqj3ysbkxxi603vslmwj56chv"; }; postPatch = '' diff --git a/pkgs/os-specific/linux/microcode/intel.nix b/pkgs/os-specific/linux/microcode/intel.nix index 4bf1c02d2df..b57c97c99e5 100644 --- a/pkgs/os-specific/linux/microcode/intel.nix +++ b/pkgs/os-specific/linux/microcode/intel.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "microcode-intel"; - version = "20191115"; + version = "20200508"; src = fetchFromGitHub { owner = "intel"; repo = "Intel-Linux-Processor-Microcode-Data-Files"; rev = "microcode-${version}"; - sha256 = "0pzi5qmrcrdf6nsds4bvyq1hnvv9d1dlrvqrbzcrpxk84rcjwq1x"; + sha256 = "1cs4b7q9j2lw2y09rfa82aijbfmy4lddahz8qlz9gwajf2ziqns8"; }; nativeBuildInputs = [ iucode-tool libarchive ]; diff --git a/pkgs/os-specific/linux/nvidia-x11/builder.sh b/pkgs/os-specific/linux/nvidia-x11/builder.sh index 30e5d16b60f..dbe18ace40a 100755 --- a/pkgs/os-specific/linux/nvidia-x11/builder.sh +++ b/pkgs/os-specific/linux/nvidia-x11/builder.sh @@ -45,6 +45,17 @@ installPhase() { cp -prd tls "$out/lib/" fi + # Install systemd power management executables + if [ -e nvidia-sleep.sh ]; then + sed -E 's#(PATH=).*#\1"$PATH"#' nvidia-sleep.sh > nvidia-sleep.sh.fixed + install -Dm755 nvidia-sleep.sh.fixed $out/bin/nvidia-sleep.sh + fi + + if [ -e nvidia ]; then + sed -E "s#/usr(/bin/nvidia-sleep.sh)#$out\\1#" nvidia > nvidia.fixed + install -Dm755 nvidia.fixed $out/lib/systemd/system-sleep/nvidia + fi + for i in $lib32 $out; do rm -f $i/lib/lib{glx,nvidia-wfb}.so.* # handled separately rm -f $i/lib/libnvidia-gtk* # built from source @@ -91,7 +102,6 @@ installPhase() { done - if [ -n "$bin" ]; then # Install the X drivers. mkdir -p $bin/lib/xorg/modules @@ -167,5 +177,4 @@ installPhase() { fi } - genericBuild diff --git a/pkgs/os-specific/linux/nvme-cli/default.nix b/pkgs/os-specific/linux/nvme-cli/default.nix index d0aca3bbc82..616ad9c6764 100644 --- a/pkgs/os-specific/linux/nvme-cli/default.nix +++ b/pkgs/os-specific/linux/nvme-cli/default.nix @@ -1,17 +1,17 @@ -{ lib, stdenv, fetchFromGitHub, pkgconfig }: +{ lib, stdenv, fetchFromGitHub, pkg-config }: stdenv.mkDerivation rec { pname = "nvme-cli"; - version = "1.10.1"; + version = "1.11.1"; src = fetchFromGitHub { owner = "linux-nvme"; repo = "nvme-cli"; rev = "v${version}"; - sha256 = "12wp2wxmsw2v8m9bhvwvdbhdgx1md8iilhbl19sfzz2araiwi2x8"; + sha256 = "06cxs41biqx230grvpk7zid3apcaajjywrccag50krb6h2wqafdl"; }; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkg-config ]; makeFlags = [ "DESTDIR=$(out)" "PREFIX=" ]; @@ -20,8 +20,16 @@ stdenv.mkDerivation rec { installTargets = [ "install-spec" ]; meta = with lib; { - inherit (src.meta) homepage; + inherit (src.meta) homepage; # https://nvmexpress.org/ description = "NVM-Express user space tooling for Linux"; + longDescription = '' + NVM-Express is a fast, scalable host controller interface designed to + address the needs for not only PCI Express based solid state drives, but + also NVMe-oF(over fabrics). + This nvme program is a user space utility to provide standards compliant + tooling for NVM-Express drives. It was made specifically for Linux as it + relies on the IOCTLs defined by the mainline kernel driver. + ''; license = licenses.gpl2Plus; platforms = platforms.linux; maintainers = with maintainers; [ primeos tavyc ]; diff --git a/pkgs/os-specific/linux/pam_krb5/default.nix b/pkgs/os-specific/linux/pam_krb5/default.nix index 1f7562b987e..7a384c793d2 100644 --- a/pkgs/os-specific/linux/pam_krb5/default.nix +++ b/pkgs/os-specific/linux/pam_krb5/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, pam, kerberos }: stdenv.mkDerivation rec { - name = "pam-krb5-4.8"; + name = "pam-krb5-4.9"; src = fetchurl { url = "https://archives.eyrie.org/software/kerberos/${name}.tar.gz"; - sha256 = "0j96jfaxzkj1ifc3qxagjmaxvgda7ndqaaxx2ka018is9f5lbfrs"; + sha256 = "0kzz6mjkzw571pkv684vyczhl874f6p7lih3dj7s764gxdxnv4y5"; }; buildInputs = [ pam kerberos ]; diff --git a/pkgs/os-specific/linux/pax-utils/default.nix b/pkgs/os-specific/linux/pax-utils/default.nix index f8c75b1913b..f69b2bd7fce 100644 --- a/pkgs/os-specific/linux/pax-utils/default.nix +++ b/pkgs/os-specific/linux/pax-utils/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pax-utils"; - version = "1.2.5"; + version = "1.2.6"; src = fetchurl { url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz"; - sha256 = "1v4jwbda25w07qhlx5xc5i0hwsv3pjy8hfy0r93vnmfjxq61grvw"; + sha256 = "08bzvgv1z3371sqf7zlm9i0b1y3wdymj2dqdvzvf192k3nix4hlp"; }; makeFlags = [ "PREFIX=$(out)" ]; diff --git a/pkgs/os-specific/linux/plymouth/default.nix b/pkgs/os-specific/linux/plymouth/default.nix index b4c4909cac5..7a6c227f401 100644 --- a/pkgs/os-specific/linux/plymouth/default.nix +++ b/pkgs/os-specific/linux/plymouth/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, autoreconfHook, pkgconfig, libxslt, docbook_xsl -, gtk3, udev, systemd +, gtk3, udev, systemd, lib }: stdenv.mkDerivation rec { @@ -44,6 +44,7 @@ stdenv.mkDerivation rec { "--enable-pango" "--enable-gdm-transition" "--enable-gtk" + "ac_cv_path_SYSTEMD_ASK_PASSWORD_AGENT=${lib.getBin systemd}/bin/systemd-tty-ask-password-agent" ]; configurePlatforms = [ "host" ]; diff --git a/pkgs/os-specific/linux/rdma-core/default.nix b/pkgs/os-specific/linux/rdma-core/default.nix index 2d929707859..a9cf7fe03b4 100644 --- a/pkgs/os-specific/linux/rdma-core/default.nix +++ b/pkgs/os-specific/linux/rdma-core/default.nix @@ -4,7 +4,7 @@ } : let - version = "28.0"; + version = "29.0"; in stdenv.mkDerivation { pname = "rdma-core"; @@ -14,7 +14,7 @@ in stdenv.mkDerivation { owner = "linux-rdma"; repo = "rdma-core"; rev = "v${version}"; - sha256 = "0az2is6p5gkyphi2b978kwn7knry60y33kn6p7cxz49ca79a42cy"; + sha256 = "03r7jbhw64siyrna9mz0qzppfzp8ilwi7iqdkxgyy33rndncqqnq"; }; nativeBuildInputs = [ cmake pkgconfig pandoc docutils makeWrapper ]; diff --git a/pkgs/os-specific/linux/rtkit/default.nix b/pkgs/os-specific/linux/rtkit/default.nix index 1b1e99e752b..b3f73e6c3bb 100644 --- a/pkgs/os-specific/linux/rtkit/default.nix +++ b/pkgs/os-specific/linux/rtkit/default.nix @@ -1,43 +1,46 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, dbus, libcap }: +{ stdenv, fetchFromGitHub, fetchpatch +, meson, ninja, pkgconfig, unixtools +, dbus, libcap, polkit, systemd +}: stdenv.mkDerivation rec { - name = "rtkit-0.11"; - - src = fetchurl { - url = "http://0pointer.de/public/${name}.tar.xz"; - sha256 = "1l5cb1gp6wgpc9vq6sx021qs6zb0nxg3cn1ba00hjhgnrw4931b8"; + pname = "rtkit"; + version = "0.13"; + + src = fetchFromGitHub { + owner = "heftig"; + repo = "rtkit"; + rev = "c295fa849f52b487be6433e69e08b46251950399"; + sha256 = "0yfsgi3pvg6dkizrww1jxpkvcbhzyw9110n1dypmzq0c5hlzjxcd"; }; - configureFlags = [ - "--with-systemdsystemunitdir=$(out)/etc/systemd/system" - ]; - patches = [ - # Drop removed ControlGroup stanza (fetchpatch { - url = "http://git.0pointer.net/rtkit.git/patch/?id=6c28e20c0be2f616a025059fda0ffac84e7f4f17"; - sha256 = "0lsxk5nv08i1wjb4xh20i5fcwg3x0qq0k4f8bc0r9cczph2sv7ck"; + url = "https://github.com/heftig/rtkit/commit/7d62095b94f8df3891c984a1535026d2658bb177.patch"; + sha256 = "17acv549zqcgh7sgprfagbf6drqsr0zdwvf1dsqda7wlqc2h9zn7"; }) - # security patch: Pass uid of caller to polkit (fetchpatch { - url = "http://git.0pointer.net/rtkit.git/patch/?id=88d4082ef6caf6b071d749dca1c50e7edde914cc"; - sha256 = "0hp1blbi359qz8fmr6nj4w9yc0jf3dd176f8pn25wdj38n13qkix"; - }) - - # Fix format string errors due to -Werror=format-security - (fetchpatch { - url = "https://sources.debian.org/data/main/r/rtkit/0.11-6/debian/patches/0006-fix-format-strings.patch"; - sha256 = "09mr89lh16jvz6cqw00zmh0xk919bjfhjkvna1czwmafwy9p7kgp"; + url = "https://github.com/heftig/rtkit/commit/98f70edd8f534c371cb4308b9720739c5178918d.patch"; + sha256 = "18mnjjsdjfr184nkzi01xyphpdngi31ry4bmkv9ysjxf9wilv4nl"; }) ]; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ dbus libcap ]; - NIX_LDFLAGS = "-lrt"; + nativeBuildInputs = [ meson ninja pkgconfig unixtools.xxd ]; + buildInputs = [ dbus libcap polkit systemd ]; + + mesonFlags = [ + "-Dinstalled_tests=false" + + "-Ddbus_systemservicedir=${placeholder "out"}/share/dbus-1/system-services" + "-Ddbus_interfacedir=${placeholder "out"}/share/dbus-1/interfaces" + "-Ddbus_rulesdir=${placeholder "out"}/etc/dbus-1/system.d" + "-Dpolkit_actiondir=${placeholder "out"}/share/polkit-1/actions" + "-Dsystemd_systemunitdir=${placeholder "out"}/etc/systemd/system" + ]; meta = with stdenv.lib; { - homepage = "http://0pointer.de/blog/projects/rtkit"; + homepage = "https://github.com/heftig/rtkit"; description = "A daemon that hands out real-time priority to processes"; license = with licenses; [ gpl3 bsd0 ]; # lib is bsd license platforms = platforms.linux; diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix index 99afd575eee..cb93c635afe 100644 --- a/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/pkgs/os-specific/linux/rtl8812au/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "rtl8812au-${kernel.version}-${version}"; - version = "5.2.20.2_28373.20190903"; + version = "5.6.4.2_35491.20200318"; src = fetchFromGitHub { - owner = "zebulon2"; - repo = "rtl8812au-driver-5.2.20"; - rev = "30d47a0a3f43ccb19e8fd59fe93d74a955147bf2"; - sha256 = "1fy0f8ihxd0i5kr8gmky8v8xl0ns6bhxfdn64c97c5irzdvg37sr"; + owner = "gordboy"; + repo = "rtl8812au-5.6.4.2"; + rev = "49e98ff9bfdbe2ddce843808713de383132002e0"; + sha256 = "0f4isqasm9rli5v6a7xpphyh509wdxs1zcfvgdsnyhnv8amhqxgs"; }; nativeBuildInputs = [ bc nukeReferences ]; diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix index ae632c072cb..c0ed4102aaf 100644 --- a/pkgs/os-specific/linux/setools/default.nix +++ b/pkgs/os-specific/linux/setools/default.nix @@ -8,13 +8,13 @@ with python3.pkgs; buildPythonApplication rec { pname = "setools"; - version = "4.2.2"; + version = "4.3.0"; src = fetchFromGitHub { owner = "SELinuxProject"; repo = pname; rev = version; - sha256 = "18kklv26dwm2fdjjzfflvxsq83b2svnwf4g18xq7wsfsri121a90"; + sha256 = "0vr20bi8w147z5lclqz1l0j1b34137zg2r04pkafkgqqk7qbyjk6"; }; nativeBuildInputs = [ cython ]; diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix index b0becd82d19..59577eb8d51 100644 --- a/pkgs/os-specific/linux/sysdig/default.nix +++ b/pkgs/os-specific/linux/sysdig/default.nix @@ -5,13 +5,13 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "sysdig"; - version = "0.26.6"; + version = "0.26.7"; src = fetchFromGitHub { owner = "draios"; repo = "sysdig"; rev = version; - sha256 = "1rw9s5lamr02036z26vfmnp5dnn97f00hcnp4xv6gdxim6rpmbz7"; + sha256 = "09m6j2cl70jxb0k4ydsgrida381bipf0v026xz661152cy23r3ff"; }; nativeBuildInputs = [ cmake perl ]; diff --git a/pkgs/os-specific/linux/syslinux/default.nix b/pkgs/os-specific/linux/syslinux/default.nix index ddeb9ed6de0..edb951dae3d 100644 --- a/pkgs/os-specific/linux/syslinux/default.nix +++ b/pkgs/os-specific/linux/syslinux/default.nix @@ -1,14 +1,16 @@ -{ stdenv, fetchFromRepoOrCz, fetchurl, nasm, perl, python3, libuuid, mtools, makeWrapper }: +{ stdenv, fetchgit, fetchurl, fetchpatch, nasm, perl, python3, libuuid, mtools, makeWrapper }: stdenv.mkDerivation { - name = "syslinux-2019-02-07"; + pname = "syslinux"; + version = "unstable-20190207"; # This is syslinux-6.04-pre3^1; syslinux-6.04-pre3 fails to run. # Same issue here https://www.syslinux.org/archives/2019-February/026330.html - src = fetchFromRepoOrCz { - repo = "syslinux"; + src = fetchgit { + url = "https://repo.or.cz/syslinux"; rev = "b40487005223a78c3bb4c300ef6c436b3f6ec1f7"; - sha256 = "1qrxl1114sr2i2791z9rf8v53g200aq30f08808d7i8qnmgvxl2w"; + sha256 = "1acf6byx7i6vz8hq6mra526g8mf7fmfhid211y8nq0v6px7d3aqs"; + fetchSubmodules = true; }; patches = let @@ -20,9 +22,9 @@ stdenv.mkDerivation { url = mkURL "fa1349f1" "0002-gfxboot-menu-label.patch"; sha256 = "06ifgzbpjj4picpj17zgprsfi501zf4pp85qjjgn29i5rs291zni"; }) - (fetchurl { - url = mkURL "477e56d2" "0005-gnu-efi-version-compatibility.patch"; - sha256 = "041568b4abb79wynyps1n04lg4fr26rc3sbjncz99pp0mbz0ajlm"; + (fetchpatch { + url = "https://git.archlinux.org/svntogit/packages.git/plain/trunk/0005-gnu-efi-version-compatibility.patch?h=packages/syslinux"; + sha256 = "0fbqz56hj8az8ws26m39hyp3l5fvcbzvzdddqz3x6n56hzdpz1p6"; }) (fetchurl { # mbr.bin: too big (452 > 440) @@ -48,6 +50,10 @@ stdenv.mkDerivation { # fix tests substituteInPlace tests/unittest/include/unittest/unittest.h \ --replace /usr/include/ "" + + # Hack to get `gcc -m32' to work without having 32-bit Glibc headers. + mkdir gnu-efi/inc/ia32/gnu + touch gnu-efi/inc/ia32/gnu/stubs-32.h ''; nativeBuildInputs = [ nasm perl python3 ]; @@ -56,18 +62,16 @@ stdenv.mkDerivation { enableParallelBuilding = false; # Fails very rarely with 'No rule to make target: ...' hardeningDisable = [ "pic" "stackprotector" "fortify" ]; - stripDebugList = "bin sbin share/syslinux/com32"; + stripDebugList = [ "bin" "sbin" "share/syslinux/com32" ]; makeFlags = [ "BINDIR=$(out)/bin" "SBINDIR=$(out)/sbin" - "LIBDIR=$(out)/lib" - "INCDIR=$(out)/include" "DATADIR=$(out)/share" "MANDIR=$(out)/share/man" "PERL=perl" - "bios" - ]; + ] + ++ stdenv.lib.optionals stdenv.hostPlatform.isi686 [ "bios" "efi32" ]; doCheck = false; # fails. some fail in a sandbox, others require qemu diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch new file mode 100644 index 00000000000..c88d0eeeff2 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -0,0 +1,32 @@ +From b873e4c0de3e24f2ec9370e5a217247217e90587 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra <eelco.dolstra@logicblox.com> +Date: Tue, 8 Jan 2013 15:46:30 +0100 +Subject: [PATCH 01/18] Start device units for uninitialised encrypted devices + +This is necessary because the NixOS service that initialises the +filesystem depends on the appearance of the device unit. Also, this +makes more sense to me: the device is ready; it's the filesystem +that's not, but taking care of that is the responsibility of the mount +unit. (However, this ignores the fsck unit, so it's not perfect...) +--- + rules.d/99-systemd.rules.in | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in +index c34b606216..3ab8c1c3fe 100644 +--- a/rules.d/99-systemd.rules.in ++++ b/rules.d/99-systemd.rules.in +@@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" + SUBSYSTEM=="block", TAG+="systemd" + SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" + +-# Ignore encrypted devices with no identified superblock on it, since +-# we are probably still calling mke2fs or mkswap on it. +-SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" +- + # add symlink to GPT root disk + SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" + SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch new file mode 100644 index 00000000000..4f94cb465d4 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -0,0 +1,42 @@ +From bdd3ff777dd8253ff5732118dd6de0fa9a9b95fe Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra <eelco.dolstra@logicblox.com> +Date: Fri, 12 Apr 2013 13:16:57 +0200 +Subject: [PATCH 02/18] Don't try to unmount /nix or /nix/store + +They'll still be remounted read-only. + +https://github.com/NixOS/nixos/issues/126 +--- + src/core/mount.c | 2 ++ + src/shutdown/umount.c | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 1c4aefd734..a5553226f8 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -412,6 +412,8 @@ static bool mount_is_extrinsic(Mount *m) { + + if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */ + "/", /* (strictly speaking redundant: should already be covered by the perpetual flag check above) */ ++ "/nix", ++ "/nix/store", + "/usr", + "/etc")) + return true; +diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c +index 8a5e80eeaa..fab35ed6f3 100644 +--- a/src/shutdown/umount.c ++++ b/src/shutdown/umount.c +@@ -414,6 +414,8 @@ static int delete_dm(dev_t devnum) { + + static bool nonunmountable_path(const char *path) { + return path_equal(path, "/") ++ || path_equal(path, "/nix") ++ || path_equal(path, "/nix/store") + #if ! HAVE_SPLIT_USR + || path_equal(path, "/usr") + #endif +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch new file mode 100644 index 00000000000..73aab8dd91c --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -0,0 +1,34 @@ +From c28b3b2e254433e93549ee6fe8c93b43ce455776 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra <eelco.dolstra@logicblox.com> +Date: Wed, 16 Apr 2014 10:59:28 +0200 +Subject: [PATCH 03/18] Fix NixOS containers + +In NixOS containers, the init script is bind-mounted into the +container, so checking early whether it exists will fail. +--- + src/nspawn/nspawn.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 734dee1130..a97b1a4bc9 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -5018,6 +5018,7 @@ static int run(int argc, char *argv[]) { + goto finish; + } + } else { ++#if 0 + const char *p, *q; + + if (arg_pivot_root_new) +@@ -5032,6 +5033,7 @@ static int run(int argc, char *argv[]) { + r = -EINVAL; + goto finish; + } ++#endif + } + + } else { +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch new file mode 100644 index 00000000000..e10726a2cb1 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -0,0 +1,25 @@ +From baf52609ad18785aa1d2cd043185ae9438d59411 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra <eelco.dolstra@logicblox.com> +Date: Thu, 1 May 2014 14:10:10 +0200 +Subject: [PATCH 04/18] Look for fsck in the right place + +--- + src/fsck/fsck.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c +index 80f7107b9d..74e48a385f 100644 +--- a/src/fsck/fsck.c ++++ b/src/fsck/fsck.c +@@ -370,7 +370,7 @@ static int run(int argc, char *argv[]) { + } else + dash_c[0] = 0; + +- cmdline[i++] = "/sbin/fsck"; ++ cmdline[i++] = "/run/current-system/sw/bin/fsck"; + cmdline[i++] = arg_repair; + cmdline[i++] = "-T"; + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch new file mode 100644 index 00000000000..23aa893362b --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -0,0 +1,107 @@ +From 45f80155b7c2edb1e73c233283f1ab1582e1cfbe Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra <eelco.dolstra@logicblox.com> +Date: Fri, 19 Dec 2014 14:46:17 +0100 +Subject: [PATCH 05/18] Add some NixOS-specific unit directories + +Look in `/nix/var/nix/profiles/default/lib/systemd` for units provided +by packages installed into the default profile via +`nix-env -iA nixos.$package`, and into `/etc/systemd-mutable/system` for +persistent, mutable units (used for Dysnomia). + +Also, remove /usr and /lib as these don't exist on NixOS. +--- + src/core/systemd.pc.in | 4 ++-- + src/shared/path-lookup.c | 18 +++++------------- + 2 files changed, 7 insertions(+), 15 deletions(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index 8331832c7a..bedb97115d 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -17,8 +17,8 @@ systemduserunitdir=${prefix}/lib/systemd/user + systemduserpresetdir=${prefix}/lib/systemd/user-preset + systemdsystemconfdir=${sysconfdir}/systemd/system + systemduserconfdir=${sysconfdir}/systemd/user +-systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/run/systemd/system:/usr/local/lib/systemd/system:${systemdsystemunitdir}:/usr/lib/systemd/system:/lib/systemd/system +-systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemduserunitdir}:/usr/lib/systemd/user:/usr/share/systemd/user ++systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/etc/systemd-mutable/system:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/system:${systemdsystemunitdir} ++systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/etc/systemd-mutable/user:/nix/var/nix/profiles/default/lib/systemd/system:/run/systemd/user:${systemduserunitdir} + systemdsystemgeneratordir=${rootprefix}/lib/systemd/system-generators + systemdusergeneratordir=${prefix}/lib/systemd/user-generators + systemdsystemgeneratorpath=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemdsystemgeneratordir} +diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c +index 48e0eec09a..a9d38f16d0 100644 +--- a/src/shared/path-lookup.c ++++ b/src/shared/path-lookup.c +@@ -98,17 +98,14 @@ int xdg_user_data_dir(char **ret, const char *suffix) { + } + + static const char* const user_data_unit_paths[] = { +- "/usr/local/lib/systemd/user", +- "/usr/local/share/systemd/user", + USER_DATA_UNIT_PATH, +- "/usr/lib/systemd/user", +- "/usr/share/systemd/user", + NULL + }; + + static const char* const user_config_unit_paths[] = { + USER_CONFIG_UNIT_PATH, + "/etc/systemd/user", ++ "/etc/systemd-mutable/user", + NULL + }; + +@@ -604,15 +601,14 @@ int lookup_paths_init( + persistent_config, + SYSTEM_CONFIG_UNIT_PATH, + "/etc/systemd/system", ++ "/etc/systemd-mutable/system", ++ "/nix/var/nix/profiles/default/lib/systemd/system", + STRV_IFNOTNULL(persistent_attached), + runtime_config, + "/run/systemd/system", + STRV_IFNOTNULL(runtime_attached), + STRV_IFNOTNULL(generator), +- "/usr/local/lib/systemd/system", + SYSTEM_DATA_UNIT_PATH, +- "/usr/lib/systemd/system", +- STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), + STRV_IFNOTNULL(generator_late)); + break; + +@@ -628,14 +624,12 @@ int lookup_paths_init( + persistent_config, + USER_CONFIG_UNIT_PATH, + "/etc/systemd/user", ++ "/etc/systemd-mutable/user", ++ "/nix/var/nix/profiles/default/lib/systemd/user", + runtime_config, + "/run/systemd/user", + STRV_IFNOTNULL(generator), +- "/usr/local/share/systemd/user", +- "/usr/share/systemd/user", +- "/usr/local/lib/systemd/user", + USER_DATA_UNIT_PATH, +- "/usr/lib/systemd/user", + STRV_IFNOTNULL(generator_late)); + break; + +@@ -824,14 +818,12 @@ char **generator_binary_paths(UnitFileScope scope) { + case UNIT_FILE_SYSTEM: + return strv_new("/run/systemd/system-generators", + "/etc/systemd/system-generators", +- "/usr/local/lib/systemd/system-generators", + SYSTEM_GENERATOR_PATH); + + case UNIT_FILE_GLOBAL: + case UNIT_FILE_USER: + return strv_new("/run/systemd/user-generators", + "/etc/systemd/user-generators", +- "/usr/local/lib/systemd/user-generators", + USER_GENERATOR_PATH); + + default: +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch new file mode 100644 index 00000000000..0b57dc1f9c8 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -0,0 +1,31 @@ +From d52058070c0c12bb05f82460f0b4b55678b724e9 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra <eelco.dolstra@logicblox.com> +Date: Mon, 11 May 2015 15:39:38 +0200 +Subject: [PATCH 06/18] Get rid of a useless message in user sessions + +Namely lots of variants of + + Unit nix-var-nix-db.mount is bound to inactive unit dev-disk-by\x2dlabel-nixos.device. Stopping, too. + +in containers. +--- + src/core/unit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 97e1b0004c..d3cc2ba9ec 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2043,7 +2043,8 @@ static void unit_check_binds_to(Unit *u) { + } + + assert(other); +- log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); ++ if (u->type != UNIT_MOUNT || detect_container() <= 0) ++ log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); + + /* A unit we need to run is gone. Sniff. Let's stop this. */ + r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch new file mode 100644 index 00000000000..5703c4f43fd --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -0,0 +1,118 @@ +From 409fc808794942ad1736c2cc74853d9792e4ad02 Mon Sep 17 00:00:00 2001 +From: Gabriel Ebner <gebner@gebner.org> +Date: Sun, 6 Dec 2015 14:26:36 +0100 +Subject: [PATCH 07/18] hostnamed, localed, timedated: disable methods that + change system settings. + +--- + src/hostname/hostnamed.c | 9 +++++++++ + src/locale/localed.c | 9 +++++++++ + src/timedate/timedated.c | 10 ++++++++++ + 3 files changed, 28 insertions(+) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index 21f6471495..8c5af7619f 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -422,6 +422,9 @@ static int method_set_hostname(sd_bus_message *m, void *userdata, sd_bus_error * + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + if (isempty(name)) + name = c->data[PROP_STATIC_HOSTNAME]; + +@@ -478,6 +481,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + name = empty_to_null(name); + + if (streq_ptr(name, c->data[PROP_STATIC_HOSTNAME])) +@@ -535,6 +541,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + name = empty_to_null(name); + + if (streq_ptr(name, c->data[prop])) +diff --git a/src/locale/localed.c b/src/locale/localed.c +index 09f16d25f4..c1cb87cef1 100644 +--- a/src/locale/localed.c ++++ b/src/locale/localed.c +@@ -275,6 +275,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + /* If single locale without variable name is provided, then we assume it is LANG=. */ + if (strv_length(l) == 1 && !strchr(*l, '=')) { + if (!locale_is_valid(*l)) +@@ -410,6 +413,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + keymap = empty_to_null(keymap); + keymap_toggle = empty_to_null(keymap_toggle); + +@@ -586,6 +592,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + layout = empty_to_null(layout); + model = empty_to_null(model); + variant = empty_to_null(variant); +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 5e2fb50d83..63865f557c 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -652,6 +652,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * + if (r < 0) + return r; + ++ if (getenv("NIXOS_STATIC_TIMEZONE")) ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing timezone via systemd is not supported when it is set in NixOS configuration."); ++ + if (!timezone_is_valid(z, LOG_DEBUG)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); + +@@ -731,6 +735,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + if (lrtc == c->local_rtc) + return sd_bus_reply_method_return(m, NULL); + +@@ -923,6 +930,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + r = context_update_ntp_status(c, bus, m); + if (r < 0) + return r; +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch new file mode 100644 index 00000000000..a9bf9abee52 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch @@ -0,0 +1,32 @@ +From b56fc7b6ae8014eb2f71924c89498f395a1a81bd Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov <ab@fmap.me> +Date: Thu, 7 Jul 2016 02:47:13 +0300 +Subject: [PATCH 08/18] Fix hwdb paths + +Patch by vcunat. +--- + src/libsystemd/sd-hwdb/sd-hwdb.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c +index b3febdbb31..eba00a5bc7 100644 +--- a/src/libsystemd/sd-hwdb/sd-hwdb.c ++++ b/src/libsystemd/sd-hwdb/sd-hwdb.c +@@ -297,13 +297,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { + } + + static const char hwdb_bin_paths[] = +- "/etc/systemd/hwdb/hwdb.bin\0" + "/etc/udev/hwdb.bin\0" +- "/usr/lib/systemd/hwdb/hwdb.bin\0" +-#if HAVE_SPLIT_USR +- "/lib/systemd/hwdb/hwdb.bin\0" +-#endif +- UDEVLIBEXECDIR "/hwdb.bin\0"; ++ ; + + _public_ int sd_hwdb_new(sd_hwdb **ret) { + _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch new file mode 100644 index 00000000000..12a9dd5a77f --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -0,0 +1,132 @@ +From 4d304a321796db4de827aa39a149bea23d039214 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov <ab@fmap.me> +Date: Tue, 11 Oct 2016 13:12:08 +0300 +Subject: [PATCH 09/18] Change /usr/share/zoneinfo to /etc/zoneinfo + +NixOS uses this path. +--- + man/localtime.xml | 4 ++-- + src/basic/time-util.c | 6 +++--- + src/firstboot/firstboot.c | 2 +- + src/nspawn/nspawn.c | 4 ++-- + src/timedate/timedated.c | 8 ++++---- + 5 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/man/localtime.xml b/man/localtime.xml +index 0f1652ee2e..71c4f95c2e 100644 +--- a/man/localtime.xml ++++ b/man/localtime.xml +@@ -20,7 +20,7 @@ + </refnamediv> + + <refsynopsisdiv> +- <para><filename>/etc/localtime</filename> -> <filename>../usr/share/zoneinfo/…</filename></para> ++ <para><filename>/etc/localtime</filename> -> <filename>zoneinfo/…</filename></para> + </refsynopsisdiv> + + <refsect1> +@@ -30,7 +30,7 @@ + system-wide timezone of the local system that is used by + applications for presentation to the user. It should be an + absolute or relative symbolic link pointing to +- <filename>/usr/share/zoneinfo/</filename>, followed by a timezone ++ <filename>/etc/zoneinfo/</filename>, followed by a timezone + identifier such as <literal>Europe/Berlin</literal> or + <literal>Etc/UTC</literal>. The resulting link should lead to the + corresponding binary +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index 105584e2e7..5238f69931 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1217,7 +1217,7 @@ int get_timezones(char ***ret) { + n_allocated = 2; + n_zones = 1; + +- f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); ++ f = fopen("/etc/zoneinfo/zone1970.tab", "re"); + if (f) { + for (;;) { + _cleanup_free_ char *line = NULL; +@@ -1312,7 +1312,7 @@ bool timezone_is_valid(const char *name, int log_level) { + if (p - name >= PATH_MAX) + return false; + +- t = strjoina("/usr/share/zoneinfo/", name); ++ t = strjoina("/etc/zoneinfo/", name); + + fd = open(t, O_RDONLY|O_CLOEXEC); + if (fd < 0) { +@@ -1410,7 +1410,7 @@ int get_timezone(char **ret) { + if (r < 0) + return r; /* returns EINVAL if not a symlink */ + +- e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); ++ e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/"); + if (!e) + return -EINVAL; + +diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c +index 901fbf0815..b57bdd8fbe 100644 +--- a/src/firstboot/firstboot.c ++++ b/src/firstboot/firstboot.c +@@ -431,7 +431,7 @@ static int process_timezone(void) { + if (isempty(arg_timezone)) + return 0; + +- e = strjoina("../usr/share/zoneinfo/", arg_timezone); ++ e = strjoina("zoneinfo/", arg_timezone); + + (void) mkdir_parents(etc_localtime, 0755); + if (symlink(e, etc_localtime) < 0) +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index a97b1a4bc9..aed60439e3 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1657,8 +1657,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u + static const char *timezone_from_path(const char *path) { + return PATH_STARTSWITH_SET( + path, +- "../usr/share/zoneinfo/", +- "/usr/share/zoneinfo/"); ++ "../etc/zoneinfo/", ++ "/etc/zoneinfo/"); + } + + static bool etc_writable(void) { +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 63865f557c..8021a8b753 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -264,7 +264,7 @@ static int context_read_data(Context *c) { + + r = get_timezone(&t); + if (r == -EINVAL) +- log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /usr/share/zoneinfo/."); ++ log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /etc/zoneinfo/."); + else if (r < 0) + log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); + +@@ -288,7 +288,7 @@ static int context_write_data_timezone(Context *c) { + + if (isempty(c->zone) || streq(c->zone, "UTC")) { + +- if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) { ++ if (access("/etc/zoneinfo/UTC", F_OK) < 0) { + + if (unlink("/etc/localtime") < 0 && errno != ENOENT) + return -errno; +@@ -296,9 +296,9 @@ static int context_write_data_timezone(Context *c) { + return 0; + } + +- source = "../usr/share/zoneinfo/UTC"; ++ source = "../etc/zoneinfo/UTC"; + } else { +- p = path_join("../usr/share/zoneinfo", c->zone); ++ p = path_join("../etc/zoneinfo", c->zone); + if (!p) + return -ENOMEM; + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch new file mode 100644 index 00000000000..7e6453f2ddd --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -0,0 +1,27 @@ +From cb3f1ec1793cbf74c4b5663e038bd49ff4576192 Mon Sep 17 00:00:00 2001 +From: Imuli <i@imu.li> +Date: Wed, 19 Oct 2016 08:46:47 -0400 +Subject: [PATCH 10/18] localectl: use /etc/X11/xkb for list-x11-* + +NixOS has an option to link the xkb data files to /etc/X11, but not to +/usr/share/X11. +--- + src/locale/localectl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/locale/localectl.c b/src/locale/localectl.c +index 6f2d37d222..7aa2310d48 100644 +--- a/src/locale/localectl.c ++++ b/src/locale/localectl.c +@@ -286,7 +286,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { + } state = NONE, look_for; + int r; + +- f = fopen("/usr/share/X11/xkb/rules/base.lst", "re"); ++ f = fopen("/etc/X11/xkb/rules/base.lst", "re"); + if (!f) + return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch new file mode 100644 index 00000000000..080cd4670e6 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -0,0 +1,26 @@ +From 0ffb786d0e12a61899af448b1e4dd32a53ea5a8e Mon Sep 17 00:00:00 2001 +From: Franz Pletz <fpletz@fnordicwalking.de> +Date: Sun, 11 Feb 2018 04:37:44 +0100 +Subject: [PATCH 11/18] build: don't create statedir and don't touch prefixdir + +--- + meson.build | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/meson.build b/meson.build +index fc216d22da..078db3bb5d 100644 +--- a/meson.build ++++ b/meson.build +@@ -3176,9 +3176,6 @@ install_data('LICENSE.GPL2', + 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', + install_dir : docdir) + +-meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) +-meson.add_install_script('sh', '-c', 'touch $DESTDIR@0@'.format(prefixdir)) +- + ############################################################ + + meson_check_help = find_program('tools/meson-check-help.sh') +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch new file mode 100644 index 00000000000..2961a2ebe56 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch @@ -0,0 +1,313 @@ +From 3dbcdab1ba22c4eeca6d61718c09bcb9b5551764 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Mon, 26 Feb 2018 14:25:57 +0000 +Subject: [PATCH 12/18] Install default configuration into $out/share/factory + +By default systemd should read all its configuration from /etc. Therefor +we rely on -Dsysconfdir=/etc in meson as default value. Unfortunately +this would also lead to installation of systemd's own configuration +files to `/etc` whereas we are limited to /nix/store. To counter that +this commit introduces two new configuration variables `factoryconfdir` +and `factorypkgconfdir` to install systemd's own configuration into nix +store again, while having executables looking up files in /etc. +--- + hwdb.d/meson.build | 2 +- + meson.build | 11 +++++++---- + network/meson.build | 2 +- + src/core/meson.build | 10 +++++----- + src/coredump/meson.build | 2 +- + src/journal-remote/meson.build | 4 ++-- + src/journal/meson.build | 2 +- + src/kernel-install/meson.build | 2 +- + src/login/meson.build | 2 +- + src/network/meson.build | 2 +- + src/pstore/meson.build | 2 +- + src/resolve/meson.build | 2 +- + src/timesync/meson.build | 2 +- + src/udev/meson.build | 4 ++-- + sysctl.d/meson.build | 2 +- + tmpfiles.d/meson.build | 2 +- + units/meson.build | 2 +- + 17 files changed, 29 insertions(+), 26 deletions(-) + +diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build +index 4df6dabf89..02d8d69095 100644 +--- a/hwdb.d/meson.build ++++ b/hwdb.d/meson.build +@@ -27,7 +27,7 @@ if conf.get('ENABLE_HWDB') == 1 + install_dir : udevhwdbdir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'udev/hwdb.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'udev/hwdb.d'))) + + meson.add_install_script('sh', '-c', + 'test -n "$DESTDIR" || @0@/systemd-hwdb update' +diff --git a/meson.build b/meson.build +index 078db3bb5d..6e1a6483fc 100644 +--- a/meson.build ++++ b/meson.build +@@ -154,6 +154,9 @@ udevhwdbdir = join_paths(udevlibexecdir, 'hwdb.d') + catalogdir = join_paths(prefixdir, 'lib/systemd/catalog') + kernelinstalldir = join_paths(prefixdir, 'lib/kernel/install.d') + factorydir = join_paths(datadir, 'factory') ++factoryconfdir = join_paths(datadir, 'factory/etc') ++factorypkgconfdir = join_paths(datadir, 'factory/etc/systemd') ++factoryxinitrcdir = join_paths(datadir, 'factory/etc/X11/xinit/xinitrc.d') + bootlibdir = join_paths(prefixdir, 'lib/systemd/boot/efi') + testsdir = join_paths(prefixdir, 'lib/systemd/tests') + systemdstatedir = join_paths(localstatedir, 'lib/systemd') +@@ -2503,7 +2506,7 @@ if conf.get('ENABLE_BINFMT') == 1 + meson.add_install_script('sh', '-c', + mkdir_p.format(binfmtdir)) + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'binfmt.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'binfmt.d'))) + endif + + if conf.get('ENABLE_REPART') == 1 +@@ -2604,7 +2607,7 @@ executable('systemd-sleep', + install_dir : rootlibexecdir) + + install_data('src/sleep/sleep.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + exe = executable('systemd-sysctl', + 'src/sysctl/sysctl.c', +@@ -2916,7 +2919,7 @@ if conf.get('HAVE_KMOD') == 1 + meson.add_install_script('sh', '-c', + mkdir_p.format(modulesloaddir)) + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'modules-load.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'modules-load.d'))) + endif + + exe = executable('systemd-nspawn', +@@ -3159,7 +3162,7 @@ install_subdir('factory/etc', + install_dir : factorydir) + + install_data('xorg/50-systemd-user.sh', +- install_dir : xinitrcdir) ++ install_dir : factoryxinitrcdir) + install_data('modprobe.d/systemd.conf', + install_dir : modprobedir) + install_data('LICENSE.GPL2', +diff --git a/network/meson.build b/network/meson.build +index 544dcf4387..1828c50863 100644 +--- a/network/meson.build ++++ b/network/meson.build +@@ -10,7 +10,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + install_dir : networkdir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'systemd/network'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'systemd/network'))) + endif + + install_data('99-default.link', +diff --git a/src/core/meson.build b/src/core/meson.build +index 3586838f59..02ddf1a123 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -179,8 +179,8 @@ libcore = static_library( + systemd_sources = files('main.c') + + in_files = [['macros.systemd', rpmmacrosdir], +- ['system.conf', pkgsysconfdir], +- ['user.conf', pkgsysconfdir], ++ ['system.conf', factorypkgconfdir], ++ ['user.conf', factorypkgconfdir], + ['systemd.pc', pkgconfigdatadir], + ['triggers.systemd', '']] + +@@ -212,6 +212,6 @@ meson.add_install_script('sh', '-c', mkdir_p.format(systemsleepdir)) + meson.add_install_script('sh', '-c', mkdir_p.format(systemgeneratordir)) + meson.add_install_script('sh', '-c', mkdir_p.format(usergeneratordir)) + +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'system'))) +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'user'))) +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(sysconfdir, 'xdg/systemd'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'system'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'user'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'xdg/systemd'))) +diff --git a/src/coredump/meson.build b/src/coredump/meson.build +index 7fa5942697..34c865dfa0 100644 +--- a/src/coredump/meson.build ++++ b/src/coredump/meson.build +@@ -15,7 +15,7 @@ coredumpctl_sources = files('coredumpctl.c') + + if conf.get('ENABLE_COREDUMP') == 1 + install_data('coredump.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif + + tests += [ +diff --git a/src/journal-remote/meson.build b/src/journal-remote/meson.build +index 87b8ba6495..daff8ec967 100644 +--- a/src/journal-remote/meson.build ++++ b/src/journal-remote/meson.build +@@ -49,7 +49,7 @@ if conf.get('ENABLE_REMOTE') ==1 and conf.get('HAVE_LIBCURL') == 1 + output : 'journal-upload.conf', + configuration : substs) + install_data(journal_upload_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif + + if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 +@@ -58,7 +58,7 @@ if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 + output : 'journal-remote.conf', + configuration : substs) + install_data(journal_remote_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('browse.html', + install_dir : join_paths(pkgdatadir, 'gatewayd')) +diff --git a/src/journal/meson.build b/src/journal/meson.build +index 5796f77cac..75d975c260 100644 +--- a/src/journal/meson.build ++++ b/src/journal/meson.build +@@ -109,7 +109,7 @@ if conf.get('HAVE_QRENCODE') == 1 + endif + + install_data('journald.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + if get_option('create-log-dirs') + meson.add_install_script( +diff --git a/src/kernel-install/meson.build b/src/kernel-install/meson.build +index 261c3aaae4..dbc5e23513 100644 +--- a/src/kernel-install/meson.build ++++ b/src/kernel-install/meson.build +@@ -11,4 +11,4 @@ install_data('00-entry-directory.install', + install_dir : kernelinstalldir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'kernel/install.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'kernel/install.d'))) +diff --git a/src/login/meson.build b/src/login/meson.build +index 0a7d3d5440..ff90149c1c 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -75,7 +75,7 @@ if conf.get('ENABLE_LOGIND') == 1 + output : 'logind.conf', + configuration : substs) + install_data(logind_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('org.freedesktop.login1.conf', + install_dir : dbuspolicydir) +diff --git a/src/network/meson.build b/src/network/meson.build +index c1c02cfda1..1bfa79a03b 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -201,7 +201,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + endif + + install_data('networkd.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + fuzzers += [ + [['src/network/fuzz-netdev-parser.c', +diff --git a/src/pstore/meson.build b/src/pstore/meson.build +index adbac24b54..e9dc88dfa2 100644 +--- a/src/pstore/meson.build ++++ b/src/pstore/meson.build +@@ -6,5 +6,5 @@ systemd_pstore_sources = files(''' + + if conf.get('ENABLE_PSTORE') == 1 + install_data('pstore.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif +diff --git a/src/resolve/meson.build b/src/resolve/meson.build +index c4d8d4e5d9..f550c289a5 100644 +--- a/src/resolve/meson.build ++++ b/src/resolve/meson.build +@@ -170,7 +170,7 @@ if conf.get('ENABLE_RESOLVE') == 1 + output : 'resolved.conf', + configuration : substs) + install_data(resolved_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('resolv.conf', + install_dir : rootlibexecdir) +diff --git a/src/timesync/meson.build b/src/timesync/meson.build +index e5c118c8db..19235df9ca 100644 +--- a/src/timesync/meson.build ++++ b/src/timesync/meson.build +@@ -27,7 +27,7 @@ if conf.get('ENABLE_TIMESYNCD') == 1 + output : 'timesyncd.conf', + configuration : substs) + install_data(timesyncd_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + install_data('org.freedesktop.timesync1.conf', + install_dir : dbuspolicydir) + install_data('org.freedesktop.timesync1.service', +diff --git a/src/udev/meson.build b/src/udev/meson.build +index 173b10be50..82638cf5a9 100644 +--- a/src/udev/meson.build ++++ b/src/udev/meson.build +@@ -187,7 +187,7 @@ foreach prog : [['ata_id/ata_id.c'], + endforeach + + install_data('udev.conf', +- install_dir : join_paths(sysconfdir, 'udev')) ++ install_dir : join_paths(factoryconfdir, 'udev')) + + configure_file( + input : 'udev.pc.in', +@@ -196,7 +196,7 @@ configure_file( + install_dir : pkgconfigdatadir == 'no' ? '' : pkgconfigdatadir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'udev/rules.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'udev/rules.d'))) + + fuzzers += [ + [['src/udev/net/fuzz-link-parser.c', +diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build +index 3f072e3db7..bd9f843eba 100644 +--- a/sysctl.d/meson.build ++++ b/sysctl.d/meson.build +@@ -27,4 +27,4 @@ foreach file : in_files + endforeach + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'sysctl.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'sysctl.d'))) +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index e77f46d06b..04d2ef621d 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -57,5 +57,5 @@ endforeach + if enable_tmpfiles + meson.add_install_script( + 'sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'tmpfiles.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'tmpfiles.d'))) + endif +diff --git a/units/meson.build b/units/meson.build +index ea91f0cc9e..8622054ca5 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -323,7 +323,7 @@ install_data('user-.slice.d/10-defaults.conf', + + meson.add_install_script(meson_make_symlink, + join_paths(pkgsysconfdir, 'user'), +- join_paths(sysconfdir, 'xdg/systemd/user')) ++ join_paths(factorypkgconfdir, 'xdg/systemd/user')) + meson.add_install_script(meson_make_symlink, + join_paths(dbussystemservicedir, 'org.freedesktop.systemd1.service'), + join_paths(dbussessionservicedir, 'org.freedesktop.systemd1.service')) +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch new file mode 100644 index 00000000000..5aa397afe8e --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch @@ -0,0 +1,42 @@ +From 0b0510aa72cf8026f34f300efa3f150f45971404 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold <andreas@rammhold.de> +Date: Fri, 2 Nov 2018 21:15:42 +0100 +Subject: [PATCH 13/18] inherit systemd environment when calling generators. + +Systemd generators need access to the environment configured in +stage-2-init.sh since it schedules fsck and mkfs executions based on +being able to find an appropriate binary for the target filesystem. + +With this commit I am altering the systemd behaviour since upstream +tries to gather environments with that they call +"environment-generators" and then seems to pass that on to all the other +executables that are being called from managers. +--- + src/core/manager.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 25afdbea04..7afd5e5a37 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3896,9 +3896,14 @@ static int manager_run_generators(Manager *m) { + argv[4] = NULL; + + RUN_WITH_UMASK(0022) +- (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, NULL, NULL, +- (char**) argv, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); +- ++ (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, ++ // On NixOS we must propagate PATH to generators so they are ++ // able to find binaries such as `fsck.${fstype}` and ++ // `mkfs.${fstype}`. That is why the last argument of the ++ // function (envp) is set to NULL. This propagates systemd's ++ // environment (e.g. PATH) that was setup ++ // before calling systemd from stage-2-init.sh. ++ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); + r = 0; + + finish: +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch new file mode 100644 index 00000000000..91c091baa9e --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch @@ -0,0 +1,38 @@ +From 4bd20cf0450455e2f9831b09ba91811ba3d58961 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold <andreas@rammhold.de> +Date: Thu, 9 May 2019 11:15:22 +0200 +Subject: [PATCH 14/18] add rootprefix to lookup dir paths + +systemd does not longer use the UDEVLIBEXEC directory as root for +discovery default udev rules. By adding `$out/lib` to the lookup paths +we should again be able to discover the udev rules amongst other default +files that I might have missed. +--- + src/basic/def.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/basic/def.h b/src/basic/def.h +index 970654a1ad..bb261040f8 100644 +--- a/src/basic/def.h ++++ b/src/basic/def.h +@@ -39,13 +39,15 @@ + "/run/" n "\0" \ + "/usr/local/lib/" n "\0" \ + "/usr/lib/" n "\0" \ +- _CONF_PATHS_SPLIT_USR_NULSTR(n) ++ _CONF_PATHS_SPLIT_USR_NULSTR(n) \ ++ ROOTPREFIX "/lib/" n "\0" + + #define CONF_PATHS_USR(n) \ + "/etc/" n, \ + "/run/" n, \ + "/usr/local/lib/" n, \ +- "/usr/lib/" n ++ "/usr/lib/" n, \ ++ ROOTPREFIX "/lib/" n + + #define CONF_PATHS(n) \ + CONF_PATHS_USR(n) \ +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch new file mode 100644 index 00000000000..2bc75e27928 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -0,0 +1,27 @@ +From f23a1e00de028048a2a21d322493039cce7ee214 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov <ab@fmap.me> +Date: Thu, 25 Jul 2019 20:45:55 +0300 +Subject: [PATCH 15/18] systemd-shutdown: execute scripts in + /etc/systemd/system-shutdown + +This is needed for NixOS to use such scripts as systemd directory is immutable. +--- + src/shutdown/shutdown.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index 15e6c1799e..412bdefe74 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -298,7 +298,7 @@ int main(int argc, char *argv[]) { + _cleanup_free_ char *cgroup = NULL; + char *arguments[3], *watchdog_device; + int cmd, r, umount_log_level = LOG_INFO; +- static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL}; ++ static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, "/etc/systemd/system-shutdown", NULL}; + + /* The log target defaults to console, but the original systemd process will pass its log target in through a + * command line argument, which will override this default. Also, ensure we'll never log to the journal or +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch new file mode 100644 index 00000000000..97f63c02c38 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -0,0 +1,26 @@ +From 758b8211e6e76524d62a2e0ffcf37dcf55e3be87 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov <ab@fmap.me> +Date: Thu, 25 Jul 2019 20:46:58 +0300 +Subject: [PATCH 16/18] systemd-sleep: execute scripts in + /etc/systemd/system-sleep + +This is needed for NixOS to use such scripts as systemd directory is immutable. +--- + src/sleep/sleep.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index fbfddc0262..d2530b9421 100644 +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -178,6 +178,7 @@ static int execute(char **modes, char **states) { + }; + static const char* const dirs[] = { + SYSTEM_SLEEP_PATH, ++ "/etc/systemd/system-sleep", + NULL + }; + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch new file mode 100644 index 00000000000..2a0bb0103f5 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch @@ -0,0 +1,27 @@ +From ce9fe2249c91fdfb224eaffce63e3dbdb4a5c25d Mon Sep 17 00:00:00 2001 +From: Florian Klink <flokli@flokli.de> +Date: Sat, 7 Mar 2020 22:40:27 +0100 +Subject: [PATCH 17/18] kmod-static-nodes.service: Update ConditionFileNotEmpty + +On NixOS, kernel modules of the currently booted systems are located at +/run/booted-system/kernel-modules/lib/modules/%v/, not /lib/modules/%v/. +--- + units/kmod-static-nodes.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in +index 0971edf9ec..87105a87b9 100644 +--- a/units/kmod-static-nodes.service.in ++++ b/units/kmod-static-nodes.service.in +@@ -12,7 +12,7 @@ Description=Create list of static device nodes for the current kernel + DefaultDependencies=no + Before=sysinit.target systemd-tmpfiles-setup-dev.service + ConditionCapability=CAP_SYS_MODULE +-ConditionFileNotEmpty=/lib/modules/%v/modules.devname ++ConditionFileNotEmpty=/run/booted-system/kernel-modules/lib/modules/%v/modules.devname + + [Service] + Type=oneshot +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch new file mode 100644 index 00000000000..08b2fa056f8 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -0,0 +1,33 @@ +From 55b69fc1b5441e3aff8f1ab684ba8eed3718a32d Mon Sep 17 00:00:00 2001 +From: Florian Klink <flokli@flokli.de> +Date: Sun, 8 Mar 2020 01:05:54 +0100 +Subject: [PATCH 18/18] path-util.h: add placeholder for DEFAULT_PATH_NORMAL + +This will be the $PATH used to lookup ExecStart= etc. options, which +systemd itself uses extensively. +--- + src/basic/path-util.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/basic/path-util.h b/src/basic/path-util.h +index 30031fca8e..d97145539a 100644 +--- a/src/basic/path-util.h ++++ b/src/basic/path-util.h +@@ -24,11 +24,11 @@ + # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) + #endif + +-#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") +-#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") ++#define DEFAULT_PATH_NORMAL "@defaultPathNormal@" ++#define DEFAULT_PATH_NORMAL_NULSTR "@defaultPathNormal@\0" + #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") + #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") +-#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") ++#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL + + #if HAVE_SPLIT_USR + # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 1dd2f30b9bf..00a545ed3f5 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -7,6 +7,7 @@ , gettext, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45 , ninja, meson, python3Packages, glibcLocales , patchelf +, substituteAll , getent , buildPackages , perl @@ -23,25 +24,50 @@ let gnupg-minimal = gnupg.override { pinentry = null; adns = null; gnutls = null; - libusb = null; + libusb1 = null; openldap = null; readline = null; zlib = null; bzip2 = null; }; in stdenv.mkDerivation { - version = "243.7"; + version = "245.5"; pname = "systemd"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! # Also fresh patches should be cherry-picked from that tree to our current one. src = fetchFromGitHub { - owner = "nixos"; - repo = "systemd"; - rev = "e7d881488292fc8bdf96acd12767eca1bd65adae"; - sha256 = "0haj3iff3y13pm4w5dbqj1drp5wryqfad58jbbmnb6zdgis56h8f"; + owner = "systemd"; + repo = "systemd-stable"; + rev = "9a506b7e9291d997a920af9ac299e7b834368119"; + sha256 = "19qd92hjlsljr6x5mbw1l2vdzz5y9hy7y7g0dwgpfifb0lwkxqbr"; }; + patches = [ + ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch + ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch + ./0003-Fix-NixOS-containers.patch + ./0004-Look-for-fsck-in-the-right-place.patch + ./0005-Add-some-NixOS-specific-unit-directories.patch + ./0006-Get-rid-of-a-useless-message-in-user-sessions.patch + ./0007-hostnamed-localed-timedated-disable-methods-that-cha.patch + ./0008-Fix-hwdb-paths.patch + ./0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch + ./0010-localectl-use-etc-X11-xkb-for-list-x11.patch + ./0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch + ./0012-Install-default-configuration-into-out-share-factory.patch + ./0013-inherit-systemd-environment-when-calling-generators.patch + ./0014-add-rootprefix-to-lookup-dir-paths.patch + ./0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch + ./0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch + ./0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch + ./0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch + ]; + + postPatch = '' + substituteInPlace src/basic/path-util.h --replace "@defaultPathNormal@" "${placeholder "out"}/bin/" + ''; + outputs = [ "out" "lib" "man" "dev" ]; nativeBuildInputs = @@ -83,8 +109,10 @@ in stdenv.mkDerivation { "-Dtests=false" "-Dimportd=true" "-Dlz4=true" + "-Dhomed=false" "-Dhostnamed=true" "-Dnetworkd=true" + "-Dportabled=false" "-Dsysusers=false" "-Dtimedated=true" "-Dtimesyncd=true" @@ -195,6 +223,11 @@ in stdenv.mkDerivation { doCheck = false; # fails a bunch of tests + # trigger the test -n "$DESTDIR" || mutate in upstreams build system + preInstall = '' + export DESTDIR=/ + ''; + postInstall = '' # sysinit.target: Don't depend on # systemd-tmpfiles-setup.service. This interferes with NixOps's @@ -263,6 +296,6 @@ in stdenv.mkDerivation { license = licenses.lgpl21Plus; platforms = platforms.linux; priority = 10; - maintainers = with maintainers; [ andir eelco flokli mic92 ]; + maintainers = with maintainers; [ andir eelco flokli ]; }; } diff --git a/pkgs/os-specific/linux/uclibc/default.nix b/pkgs/os-specific/linux/uclibc/default.nix index 5f401411074..c9da86b7898 100644 --- a/pkgs/os-specific/linux/uclibc/default.nix +++ b/pkgs/os-specific/linux/uclibc/default.nix @@ -48,7 +48,7 @@ let UCLIBC_HAS_FPU n ''; - version = "1.0.32"; + version = "1.0.33"; in stdenv.mkDerivation { @@ -58,7 +58,7 @@ stdenv.mkDerivation { src = fetchurl { url = "https://downloads.uclibc-ng.org/releases/${version}/uClibc-ng-${version}.tar.bz2"; # from "${url}.sha256"; - sha256 = "0cp4xf3k0ib76xaz6n6i7yybw7s92s607ak8svq1kakwk0d1jjbv"; + sha256 = "0qy9xsqacrhhrxd16azm26pqb2ks6c43wbrlq3i8xmq2917kw3xi"; }; # 'ftw' needed to build acl, a coreutils dependency diff --git a/pkgs/os-specific/linux/usermount/default.nix b/pkgs/os-specific/linux/usermount/default.nix index 4acf1e3faa1..85f769d9dba 100644 --- a/pkgs/os-specific/linux/usermount/default.nix +++ b/pkgs/os-specific/linux/usermount/default.nix @@ -24,6 +24,5 @@ stdenv.mkDerivation { description = "A simple tool to automatically mount removable drives using UDisks2 and D-Bus"; license = stdenv.lib.licenses.mit; platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index f0cc6fd5a9b..aa23a162a92 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "util-linux"; - version = "2.33.2"; + version = "2.35.1"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "15yf2dh4jd1kg6066hydlgdhhs2j3na13qld8yx30qngqvmfh6v3"; + sha256 = "1yfpy6bkab4jw61mpx48gfy24yrqp4a7arvpis8csrkk53fkxpnr"; }; patches = [ diff --git a/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch b/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch index 5f38861bf68..52c970a18f3 100644 --- a/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch +++ b/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch @@ -2,26 +2,68 @@ Search $PATH for the shutdown binary instead of hard-coding /sbin/shutdown, which isn't valid on NixOS (and a compatibility link on most other modern distros anyway). - -- nckx <github@tobias.gr> --- a/include/pathnames.h +++ b/include/pathnames.h -@@ -53,7 +53,7 @@ +@@ -50,8 +50,8 @@ #ifndef _PATH_LOGIN - #define _PATH_LOGIN "/bin/login" + # define _PATH_LOGIN "/bin/login" #endif -#define _PATH_SHUTDOWN "/sbin/shutdown" -+#define _PATH_SHUTDOWN "shutdown" - +-#define _PATH_POWEROFF "/sbin/poweroff" ++#define _PATH_SHUTDOWN "shutdown" ++#define _PATH_POWEROFF "poweroff" + #define _PATH_TERMCOLORS_DIRNAME "terminal-colors.d" #define _PATH_TERMCOLORS_DIR "/etc/" _PATH_TERMCOLORS_DIRNAME --- a/sys-utils/rtcwake.c +++ b/sys-utils/rtcwake.c -@@ -575,7 +575,7 @@ int main(int argc, char **argv) - arg[i++] = "now"; - arg[i] = NULL; - if (!ctl.dryrun) { -- execv(arg[0], arg); +@@ -587,29 +587,29 @@ int main(int argc, char **argv) + char *arg[5]; + int i = 0; + +- if (!access(_PATH_SHUTDOWN, X_OK)) { +- arg[i++] = _PATH_SHUTDOWN; +- arg[i++] = "-h"; +- arg[i++] = "-P"; +- arg[i++] = "now"; +- arg[i] = NULL; +- } else if (!access(_PATH_POWEROFF, X_OK)) { +- arg[i++] = _PATH_POWEROFF; +- arg[i] = NULL; +- } else { +- arg[i] = NULL; +- } ++ arg[i++] = _PATH_SHUTDOWN; ++ arg[i++] = "-h"; ++ arg[i++] = "-P"; ++ arg[i++] = "now"; ++ arg[i] = NULL; + +- if (arg[0]) { +- if (ctl.verbose) +- printf(_("suspend mode: off; executing %s\n"), +- arg[0]); +- if (!ctl.dryrun) { +- execv(arg[0], arg); ++ if (ctl.verbose) ++ printf(_("suspend mode: off; executing %s\n"), ++ arg[0]); ++ ++ if (!ctl.dryrun) { ++ execvp(arg[0], arg); ++ if (ctl.verbose) { + warn(_("failed to execute %s"), arg[0]); +- rc = EX_EXEC_ENOENT; ++ // Reuse translations. ++ printf(_("suspend mode: off; executing %s\n"), ++ _PATH_POWEROFF); + } +- } else { ++ ++ i = 0; ++ arg[i++] = _PATH_POWEROFF; ++ arg[i] = NULL; + execvp(arg[0], arg); - warn(_("failed to execute %s"), _PATH_SHUTDOWN); - rc = EXIT_FAILURE; - } + /* Failed to find shutdown command */ + warn(_("failed to find shutdown command")); + rc = EX_EXEC_ENOENT; diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index e56f9b51dbd..32ae45fbb0e 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "v4l2loopback-${version}-${kernel.version}"; - version = "0.12.3"; + version = "0.12.5"; src = fetchFromGitHub { owner = "umlaeute"; repo = "v4l2loopback"; rev = "v${version}"; - sha256 = "01wahmrh4iw27cfmypik6frapq14vn7m9shmj5g7cr1apz2523aq"; + sha256 = "1qi4l6yam8nrlmc3zwkrz9vph0xsj1cgmkqci4652mbpbzigg7vn"; }; hardeningDisable = [ "format" "pic" ]; diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 890c774081b..c68dfd5fc5e 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchzip, kernel, perl, wireguard-tools }: +{ stdenv, fetchzip, kernel, perl, wireguard-tools, bc }: # module requires Linux >= 3.10 https://www.wireguard.io/install/#kernel-requirements assert stdenv.lib.versionAtLeast kernel.version "3.10"; @@ -7,29 +7,31 @@ assert stdenv.lib.versionOlder kernel.version "5.6"; stdenv.mkDerivation rec { pname = "wireguard"; - version = "1.0.20200401"; + version = "1.0.20200506"; src = fetchzip { url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz"; - sha256 = "1q4gfpbvbyracnl219xqfz5yqfc08i6g41z6bn2skx5x8jbll3aq"; + sha256 = "05dphmcxm3lg860r5bj1b995avh43d1pap8p18p4ig4kv2r2g9nq"; }; - preConfigure = '' - cd src - sed -i '/depmod/,+1d' Makefile - ''; - hardeningDisable = [ "pic" ]; KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; - INSTALL_MOD_PATH = "\${out}"; - - NIX_CFLAGS = ["-Wno-error=cpp"]; - nativeBuildInputs = [ perl ] ++ kernel.moduleBuildDependencies; + nativeBuildInputs = [ perl bc ] ++ kernel.moduleBuildDependencies; + preBuild = "cd src"; buildFlags = [ "module" ]; - installTargets = [ "module-install" ]; + + INSTALL_MOD_PATH = placeholder "out"; + installFlags = [ "DEPMOD=true" ]; + enableParallelBuilding = true; + + passthru = { + # remove this when our kernel comes with native wireguard support + # and our tests no longer tests this package + inherit (wireguard-tools) tests; + }; meta = with stdenv.lib; { inherit (wireguard-tools.meta) homepage license maintainers; diff --git a/pkgs/os-specific/linux/zenstates/default.nix b/pkgs/os-specific/linux/zenstates/default.nix new file mode 100644 index 00000000000..4ac77c00aa3 --- /dev/null +++ b/pkgs/os-specific/linux/zenstates/default.nix @@ -0,0 +1,54 @@ +# Zenstates provides access to a variety of CPU tunables no Ryzen processors. +# +# In particular, I am adding Zenstates because I need it to disable the C6 +# sleep state to stabilize wake from sleep on my Lenovo x395 system. After +# installing Zenstates, I need a before-sleep script like so: +# +# before-sleep = pkgs.writeScript "before-sleep" '' +# #!${pkgs.bash}/bin/bash +# ${pkgs.zenstates}/bin/zenstates --c6-disable +# ''; +# +# ... +# +# systemd.services.before-sleep = { +# description = "Jobs to run before going to sleep"; +# serviceConfig = { +# Type = "oneshot"; +# ExecStart = "${before-sleep}"; +# }; +# wantedBy = [ "sleep.target" ]; +# before = [ "sleep.target" ]; +# }; + +{ stdenv, fetchFromGitHub, python3 }: +stdenv.mkDerivation rec { + pname = "zenstates"; + version = "0.0.1"; + + src = fetchFromGitHub { + owner = "r4m0n"; + repo = "ZenStates-Linux"; + rev = "0bc27f4740e382f2a2896dc1dabfec1d0ac96818"; + sha256 = "1h1h2n50d2cwcyw3zp4lamfvrdjy1gjghffvl3qrp6arfsfa615y"; + }; + + buildInputs = [ python3 ]; + + phases = [ "installPhase" ]; + + installPhase = '' + mkdir -p $out/bin + cp $src/zenstates.py $out/bin/zenstates + chmod +x $out/bin/zenstates + patchShebangs --build $out/bin/zenstates + ''; + + meta = with stdenv.lib; { + description = "Linux utility for Ryzen processors and motherboards"; + homepage = "https://github.com/r4m0n/ZenStates-Linux"; + license = licenses.mit; + maintainers = with maintainers; [ savannidgerinel ]; + platforms = platforms.linux; + }; +} |