diff options
author | Robin Gloster <mail@glob.in> | 2016-07-15 14:41:01 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-15 14:41:01 +0000 |
commit | 5185bc177309c62e53dad1ad346d1220f0e77bd4 (patch) | |
tree | 52f5878b394abf2ef326765d46880ccbabd84903 /pkgs/os-specific | |
parent | 07615735077db344539eb9131823600593f0eddf (diff) | |
parent | f402c6321aa3c6e56f5e1f1e36c4ad459c881309 (diff) | |
download | nixpkgs-5185bc177309c62e53dad1ad346d1220f0e77bd4.tar nixpkgs-5185bc177309c62e53dad1ad346d1220f0e77bd4.tar.gz nixpkgs-5185bc177309c62e53dad1ad346d1220f0e77bd4.tar.bz2 nixpkgs-5185bc177309c62e53dad1ad346d1220f0e77bd4.tar.lz nixpkgs-5185bc177309c62e53dad1ad346d1220f0e77bd4.tar.xz nixpkgs-5185bc177309c62e53dad1ad346d1220f0e77bd4.tar.zst nixpkgs-5185bc177309c62e53dad1ad346d1220f0e77bd4.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/os-specific')
62 files changed, 695 insertions, 329 deletions
diff --git a/pkgs/os-specific/linux/acpitool/default.nix b/pkgs/os-specific/linux/acpitool/default.nix index 6fc3bbe7c08..083ff3213fe 100644 --- a/pkgs/os-specific/linux/acpitool/default.nix +++ b/pkgs/os-specific/linux/acpitool/default.nix @@ -1,13 +1,46 @@ -{stdenv, fetchurl}: +{stdenv, fetchurl, fetchpatch}: -stdenv.mkDerivation rec { +let + acpitool-patch-051-4 = params: fetchpatch rec { + inherit (params) name sha256; + url = "https://anonscm.debian.org/cgit/pkg-acpi/acpitool.git/plain/debian/patches/${name}?h=debian/0.5.1-4&id=3fd9f396f12ec9c1cae3337a2a25026b7faad2ae"; + }; + +in stdenv.mkDerivation rec { name = "acpitool-0.5.1"; - + src = fetchurl { url = "mirror://sourceforge/acpitool/${name}.tar.bz2"; sha256 = "004fb6cd43102918b6302cf537a2db7ceadda04aef2e0906ddf230f820dad34f"; }; + patches = [ + (acpitool-patch-051-4 { + name = "ac_adapter.patch"; + sha256 = "0rn14vfv9x5gmwyvi6bha5m0n0pm4wbpg6h8kagmy3i1f8lkcfi8"; + }) + (acpitool-patch-051-4 { + name = "battery.patch"; + sha256 = "190msm5cgqgammxp1j4dycfz206mggajm5904r7ifngkcwizh9m7"; + }) + (acpitool-patch-051-4 { + name = "kernel3.patch"; + sha256 = "1qb47iqnv09i7kgqkyk9prr0pvlx0yaip8idz6wc03wci4y4bffg"; + }) + (acpitool-patch-051-4 { + name = "wakeup.patch"; + sha256 = "1mmzf8n4zsvc7ngn51map2v42axm9vaf8yknbd5amq148sjf027z"; + }) + (acpitool-patch-051-4 { + name = "0001-Do-not-assume-fixed-line-lengths-for-proc-acpi-wakeu.patch"; + sha256 = "10wwh7l3jbmlpa80fzdr18nscahrg5krl18pqwy77f7683mg937m"; + }) + (acpitool-patch-051-4 { + name = "typos.patch"; + sha256 = "1178fqpk6sbqp1cyb1zf9qv7ahpd3pidgpid3bbpms7gyhqvvdpa"; + }) + ]; + meta = { description = "A small, convenient command-line ACPI client with a lot of features"; homepage = http://freeunix.dyndns.org:8000/site2/acpitool.shtml; diff --git a/pkgs/os-specific/linux/batman-adv/alfred.nix b/pkgs/os-specific/linux/batman-adv/alfred.nix index a461a722915..b58beab94b3 100644 --- a/pkgs/os-specific/linux/batman-adv/alfred.nix +++ b/pkgs/os-specific/linux/batman-adv/alfred.nix @@ -1,14 +1,14 @@ { stdenv, fetchurl, pkgconfig, gpsd, libcap }: let - ver = "2016.1"; + ver = "2016.2"; in stdenv.mkDerivation rec { name = "alfred-${ver}"; src = fetchurl { url = "http://downloads.open-mesh.org/batman/releases/batman-adv-${ver}/${name}.tar.gz"; - sha256 = "02963m1vk9skmvdyd0j3281wslb9cwzr7bdx4dg2wxyncgrgl3ky"; + sha256 = "19025arn926lhn54ss4gmmdss9z4a3yxk4ja5kyv17mi5i4yg7j6"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/os-specific/linux/batman-adv/batctl.nix b/pkgs/os-specific/linux/batman-adv/batctl.nix index 2c8eea331cd..5dafc3d2668 100644 --- a/pkgs/os-specific/linux/batman-adv/batctl.nix +++ b/pkgs/os-specific/linux/batman-adv/batctl.nix @@ -1,14 +1,14 @@ { stdenv, fetchurl, pkgconfig, libnl }: let - ver = "2016.1"; + ver = "2016.2"; in stdenv.mkDerivation rec { name = "batctl-${ver}"; src = fetchurl { url = "http://downloads.open-mesh.org/batman/releases/batman-adv-${ver}/${name}.tar.gz"; - sha256 = "1j83dzz12c0k7qqd01vmng64h1iq36c86r8ybp8vhb6x5mxkjm68"; + sha256 = "0bf5zlpwxvq4blcgpwjgh8ms4lfapwjpjl4sczwf3i1rv7f4p05q"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix index 495fdc511eb..627cb8794af 100644 --- a/pkgs/os-specific/linux/batman-adv/default.nix +++ b/pkgs/os-specific/linux/batman-adv/default.nix @@ -2,14 +2,14 @@ #assert stdenv.lib.versionOlder kernel.version "3.17"; -let base = "batman-adv-2016.1"; in +let base = "batman-adv-2016.2"; in stdenv.mkDerivation rec { name = "${base}-${kernel.version}"; src = fetchurl { url = "http://downloads.open-mesh.org/batman/releases/${base}/${base}.tar.gz"; - sha256 = "0wm0v82kdkli713q4gcq21wbd6mirqmc7xva3kmc3z6kvwlc53ai"; + sha256 = "0pj6jans75pxw9arp1747kmmk72zbc2vgkf2a0w565pj98x1nlk1"; }; hardeningDisable = [ "pic" ]; diff --git a/pkgs/os-specific/linux/btfs/default.nix b/pkgs/os-specific/linux/btfs/default.nix index a0197c58095..f0d1b3d7357 100644 --- a/pkgs/os-specific/linux/btfs/default.nix +++ b/pkgs/os-specific/linux/btfs/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { name = "btfs-${version}"; - version = "2.9"; + version = "2.10"; src = fetchFromGitHub { owner = "johang"; repo = "btfs"; - rev = "3ee6671eca2c0e326ac38d07cab4989ebad3495c"; - sha256 = "0f7yc7hkfwdj9hixsyswf17yrpcpwxxb0svj5lfqcir8a45kf100"; + rev = "2eac5e70a1ed22fa0761b6357c54fd90eea02de6"; + sha256 = "146vgwn79dnbkkn35safga55lkwhvarkmilparmr26hjb56cs1dk"; }; buildInputs = [ diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index 2785a57ac8a..ec374d9b1d3 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -58,6 +58,9 @@ stdenv.mkDerivation rec { CONFIG_FEATURE_MOUNT_CIFS n CONFIG_FEATURE_MOUNT_HELPERS y + # Set paths for console fonts. + CONFIG_DEFAULT_SETFONT_DIR "/etc/kbd" + ${extraConfig} $extraCrossConfig EOF diff --git a/pkgs/os-specific/linux/cgmanager/default.nix b/pkgs/os-specific/linux/cgmanager/default.nix index 2260ac08b63..e46aecbd414 100644 --- a/pkgs/os-specific/linux/cgmanager/default.nix +++ b/pkgs/os-specific/linux/cgmanager/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = https://linuxcontainers.org/cgmanager/introduction/; - description = "a central privileged daemon that manages all your cgroups"; + description = "A central privileged daemon that manages all your cgroups"; license = licenses.lgpl21; platforms = platforms.linux; maintainers = with maintainers; [ wkennington ]; diff --git a/pkgs/os-specific/linux/conky/default.nix b/pkgs/os-specific/linux/conky/default.nix index 8943f3276d7..37ad34d8b64 100644 --- a/pkgs/os-specific/linux/conky/default.nix +++ b/pkgs/os-specific/linux/conky/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchFromGitHub, pkgconfig, cmake # dependencies -, glib +, glib, libXinerama # optional features without extra dependencies , mpdSupport ? true @@ -17,6 +17,7 @@ , ncursesSupport ? true , ncurses ? null , x11Support ? true , xlibsWrapper ? null , xdamageSupport ? x11Support, libXdamage ? null +, doubleBufferSupport ? x11Support , imlib2Support ? x11Support, imlib2 ? null , luaSupport ? true , lua ? null @@ -61,13 +62,13 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "conky-${version}"; - version = "1.10.1"; + version = "1.10.3"; src = fetchFromGitHub { owner = "brndnmtthws"; repo = "conky"; rev = "v${version}"; - sha256 = "0k93nqx8mxz2z84zzwpwfp7v7dwxwg1di1a2yb137lk7l157azw6"; + sha256 = "0sa2jl159jk5p2hr37adwq84m0ynva7v87qrwj1xv0kw8l4qzhjs"; }; postPatch = '' @@ -86,7 +87,7 @@ stdenv.mkDerivation rec { NIX_LDFLAGS = "-lgcc_s"; - buildInputs = [ pkgconfig glib cmake ] + buildInputs = [ pkgconfig glib cmake libXinerama ] ++ optionals docsSupport [ docbook2x libxslt man less ] ++ optional ncursesSupport ncurses ++ optional x11Support xlibsWrapper @@ -113,6 +114,7 @@ stdenv.mkDerivation rec { ++ optional rssSupport "-DBUILD_RSS=ON" ++ optional (!x11Support) "-DBUILD_X11=OFF" ++ optional xdamageSupport "-DBUILD_XDAMAGE=ON" + ++ optional doubleBufferSupport "-DBUILD_XDBE=ON" ++ optional weatherMetarSupport "-DBUILD_WEATHER_METAR=ON" ++ optional weatherXoapSupport "-DBUILD_WEATHER_XOAP=ON" ++ optional wirelessSupport "-DBUILD_WLAN=ON" diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix index 3222ddbd7d9..8e92aaf6346 100644 --- a/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/pkgs/os-specific/linux/cryptsetup/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { ++ stdenv.lib.optional enablePython python; meta = { - homepage = http://code.google.com/p/cryptsetup/; + homepage = https://gitlab.com/cryptsetup/cryptsetup/; description = "LUKS for dm-crypt"; license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ viric chaoflow ]; diff --git a/pkgs/os-specific/linux/dpdk/default.nix b/pkgs/os-specific/linux/dpdk/default.nix index 907bb70e738..e0c164e6232 100644 --- a/pkgs/os-specific/linux/dpdk/default.nix +++ b/pkgs/os-specific/linux/dpdk/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { RTE_KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; RTE_TARGET = "x86_64-native-linuxapp-gcc"; - # we need ssse3 instructions to build + # we need sse3 instructions to build NIX_CFLAGS_COMPILE = [ "-march=core2" ]; enableParallelBuilding = true; @@ -24,8 +24,11 @@ stdenv.mkDerivation rec { hardeningDisable = [ "pic" ]; - buildPhase = '' + configurePhase = '' make T=x86_64-native-linuxapp-gcc config + ''; + + buildPhase = '' make T=x86_64-native-linuxapp-gcc install make T=x86_64-native-linuxapp-gcc examples ''; diff --git a/pkgs/os-specific/linux/dstat/default.nix b/pkgs/os-specific/linux/dstat/default.nix index 619e37c2c4b..8f7772de1fd 100644 --- a/pkgs/os-specific/linux/dstat/default.nix +++ b/pkgs/os-specific/linux/dstat/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl, python, pythonPackages }: stdenv.mkDerivation rec { - name = "dstat-0.7.2"; + name = "dstat-${version}"; + version = "0.7.3"; src = fetchurl { - url = "http://dag.wieers.com/home-made/dstat/${name}.tar.bz2"; - sha256 = "1bivnciwlamnl9q6i5ygr7jhs8pp833z2bkbrffvsa60szcqda9l"; + url = "https://github.com/dagwieers/dstat/archive/${version}.tar.gz"; + sha256 = "16286z3y2lc9nsq8njzjkv6k2vyxrj9xiixj1k3gnsbvhlhkirj6"; }; buildInputs = with pythonPackages; [ python-wifi wrapPython ]; diff --git a/pkgs/os-specific/linux/ena/default.nix b/pkgs/os-specific/linux/ena/default.nix new file mode 100644 index 00000000000..7a047e9f233 --- /dev/null +++ b/pkgs/os-specific/linux/ena/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub, kernel, kmod }: + +stdenv.mkDerivation rec { + name = "ena-20160629-${kernel.version}"; + + src = fetchFromGitHub { + owner = "amzn"; + repo = "amzn-drivers"; + rev = "b594ac1ea9e0c70e8e95803a0cfd9f5f06ac097e"; + sha256 = "03w6xgv3lfn28n38mj9cdi3px5zjyrbxnflpd3ggivkv6grf9fp7"; + }; + + configurePhase = + '' + cd kernel/linux/ena + substituteInPlace Makefile --replace '/lib/modules/$(BUILD_KERNEL)' ${kernel.dev}/lib/modules/${kernel.modDirVersion} + ''; + + installPhase = + '' + strip -S ena.ko + dest=$out/lib/modules/${kernel.modDirVersion}/misc + mkdir -p $dest + cp ena.ko $dest/ + xz $dest/ena.ko + ''; + + meta = { + description = "Amazon Elastic Network Adapter (ENA) driver for Linux"; + homepage = https://github.com/amzn/amzn-drivers; + license = lib.licenses.gpl2; + maintainers = [ lib.maintainers.eelco ]; + }; +} diff --git a/pkgs/os-specific/linux/eventstat/default.nix b/pkgs/os-specific/linux/eventstat/default.nix index d6122202b82..49eab1fe254 100644 --- a/pkgs/os-specific/linux/eventstat/default.nix +++ b/pkgs/os-specific/linux/eventstat/default.nix @@ -1,12 +1,13 @@ -{ stdenv, lib, fetchzip }: +{ stdenv, lib, fetchzip, ncurses }: stdenv.mkDerivation rec { name = "eventstat-${version}"; - version = "0.02.02"; + version = "0.03.02"; src = fetchzip { url = "http://kernel.ubuntu.com/~cking/tarballs/eventstat/eventstat-${version}.tar.gz"; - sha256 = "1l1shcj3c0pxv1g6sqc10ka1crbx0cm2gldxbyrzqv2lmlfnmm44"; + sha256 = "1bwv0m9pk9l0jfibvsfjggc5pp9lyyrsfr10h6jm6kf1v6r6hf5s"; }; + buildInputs = [ ncurses ]; installFlags = [ "DESTDIR=$(out)" ]; postInstall = '' mv $out/usr/* $out diff --git a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix index 98bf27d3c4a..992d42e2e12 100644 --- a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix +++ b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { name = "firmware-linux-nonfree-${version}"; - version = "2016-01-26"; + version = "2016-05-18"; # This repo is built by merging the latest versions of # http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/ @@ -14,8 +14,8 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "wkennington"; repo = "linux-firmware"; - rev = "0922e78fc8431c2cc6585eb66e5b75f566644ac8"; - sha256 = "07hv4kgbsxndhm1va6k6scy083886aap3naq1l4jdz7dnph4ir02"; + rev = "19495832c6899bd811874439376d513290773c31"; + sha256 = "1700a24sfw6xa3q3r8aa5wfhydgix83m57plpfirdmc9qr4isrr0"; }; preInstall = '' diff --git a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix index 0c61aee9713..4787eb57afd 100644 --- a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix +++ b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix @@ -1,15 +1,14 @@ -{stdenv, fetchurl }: +{ stdenv, fetchFromGitHub }: -let +stdenv.mkDerivation rec { + name = "raspberrypi-firmware-${version}"; + version = "1.20160620"; - rev = "1.20160315"; - -in stdenv.mkDerivation { - name = "raspberrypi-firmware-${rev}"; - - src = fetchurl { - url = "https://github.com/raspberrypi/firmware/archive/${rev}.tar.gz"; - sha256 = "0a7ycv01s0kk84szsh51hy2mjjil1dzdk0g7k83h50d5nya090fl"; + src = fetchFromGitHub { + owner = "raspberrypi"; + repo = "firmware"; + rev = version; + sha256 = "06g691px0abndp5zvz2ba1g675rcqb64n055h5ahgnlck5cdpawg"; }; installPhase = '' @@ -19,8 +18,10 @@ in stdenv.mkDerivation { cp opt/vc/LICENCE $out/share/raspberrypi for f in $out/bin/*; do - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$f" - patchelf --set-rpath "$out/lib" "$f" + if isELF "$f"; then + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$f" + patchelf --set-rpath "$out/lib" "$f" + fi done ''; diff --git a/pkgs/os-specific/linux/fswebcam/default.nix b/pkgs/os-specific/linux/fswebcam/default.nix index fa0797bf7a3..fd37d35623e 100644 --- a/pkgs/os-specific/linux/fswebcam/default.nix +++ b/pkgs/os-specific/linux/fswebcam/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { [ libv4l gd ]; meta = { - description = "neat and simple webcam app"; + description = "Neat and simple webcam app"; homepage = http://www.sanslogic.co.uk/fswebcam; platforms = stdenv.lib.platforms.linux; license = stdenv.lib.licenses.gpl2; diff --git a/pkgs/os-specific/linux/fusionio/vsl.nix b/pkgs/os-specific/linux/fusionio/vsl.nix index f3909950cb9..8e24b5061cd 100644 --- a/pkgs/os-specific/linux/fusionio/vsl.nix +++ b/pkgs/os-specific/linux/fusionio/vsl.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = http://fusionio.com; - description = "kernel driver for accessing fusion-io cards"; + description = "Kernel driver for accessing fusion-io cards"; license = licenses.unfree; platforms = [ "x86_64-linux" ]; broken = stdenv.system != "x86_64-linux"; diff --git a/pkgs/os-specific/linux/guvcview/default.nix b/pkgs/os-specific/linux/guvcview/default.nix index 40c9bdaaeac..40af8c8553a 100644 --- a/pkgs/os-specific/linux/guvcview/default.nix +++ b/pkgs/os-specific/linux/guvcview/default.nix @@ -5,12 +5,12 @@ assert pulseaudioSupport -> libpulseaudio != null; stdenv.mkDerivation rec { - version = "2.0.2"; + version = "2.0.4"; name = "guvcview-${version}"; src = fetchurl { url = "mirror://sourceforge/project/guvcview/source/guvcview-src-${version}.tar.gz"; - sha256 = "1hnx6h2d3acwpw93ahj54nhizd6qrmylylq6qbjxvilbfprg6y34"; + sha256 = "18jg6dlqallpvjkb09dyn1v6prdmim4rrw22mhv8vdd9d18z83k7"; }; buildInputs = diff --git a/pkgs/os-specific/linux/ixgbevf/default.nix b/pkgs/os-specific/linux/ixgbevf/default.nix new file mode 100644 index 00000000000..eb90c9fb1eb --- /dev/null +++ b/pkgs/os-specific/linux/ixgbevf/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, kernel, kmod }: + +stdenv.mkDerivation rec { + name = "ixgbevf-${version}-${kernel.version}"; + version = "3.2.2"; + + src = fetchurl { + url = "mirror://sourceforge/e1000/ixgbevf-${version}.tar.gz"; + sha256 = "1i6ry3vd77190sxb47xhbz3v30gighwax6prav4ggs3q80a389c8"; + }; + + configurePhase = '' + cd src + makeFlagsArray+=(KSRC=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build INSTALL_MOD_PATH=$out MANDIR=/share/man) + substituteInPlace common.mk --replace /sbin/depmod ${kmod}/bin/depmod + ''; + + enableParallelBuilding = true; + + meta = { + description = "Intel 82599 Virtual Function Driver"; + homepage = https://sourceforge.net/projects/e1000/files/ixgbevf%20stable/; + license = stdenv.lib.licenses.gpl2; + priority = 20; + }; +} diff --git a/pkgs/os-specific/linux/jfbview/default.nix b/pkgs/os-specific/linux/jfbview/default.nix index 31ba5e1152c..bad64a20cac 100644 --- a/pkgs/os-specific/linux/jfbview/default.nix +++ b/pkgs/os-specific/linux/jfbview/default.nix @@ -31,6 +31,10 @@ stdenv.mkDerivation rec { imlib2 ]; + patches = [ + ./mupdf-1.9.patch + ]; + configurePhase = '' # Hack. Probing (`ldconfig -p`) fails with ‘cannot execute binary file’. # Overriding `OPENJP2 =` later works, but makes build output misleading: diff --git a/pkgs/os-specific/linux/jfbview/mupdf-1.9.patch b/pkgs/os-specific/linux/jfbview/mupdf-1.9.patch new file mode 100644 index 00000000000..99d7377239b --- /dev/null +++ b/pkgs/os-specific/linux/jfbview/mupdf-1.9.patch @@ -0,0 +1,28 @@ +--- JFBView-0.5.2-src/Makefile 2016-06-11 23:27:54.969894750 -0700 ++++ JFBView-0.5.2-src/Makefile 2016-06-11 23:24:45.181142832 -0700 +@@ -134,13 +134,22 @@ + + .PHONY: detect_libopenjp2 + detect_libopenjp2: +- $(eval OPENJP2 = $(shell ldconfig -p | grep -q libopenjp2 && echo 'openjp2' || echo 'openjpeg')) ++ $(eval OPENJP2 = $(shell echo libopenjp2 | grep -q libopenjp2 && echo 'openjp2' || echo 'openjpeg')) + @echo "OPENJP2 = $(OPENJP2)" >> $(CONFIG_MK) + + # mupdf_version only depends on -lmupdf. + mupdf_version: mupdf_version.cpp +- $(CXX) $(CXXFLAGS) -o $@ $^ $(LDLIBS) -lmupdf +- ++ $(CXX) $(CXXFLAGS) -o $@ $^ $(LDLIBS) -lmupdf \ ++ -lpthread \ ++ -lform \ ++ -lncurses \ ++ -lfreetype \ ++ -lharfbuzz \ ++ -lz \ ++ -ljbig2dec \ ++ -ljpeg \ ++ -lmujs \ ++ -lopenjp2 + endif + + diff --git a/pkgs/os-specific/linux/kbd/default.nix b/pkgs/os-specific/linux/kbd/default.nix index fddaa84a824..a3f21b51b06 100644 --- a/pkgs/os-specific/linux/kbd/default.nix +++ b/pkgs/os-specific/linux/kbd/default.nix @@ -1,42 +1,27 @@ -{ stdenv, fetchurl, autoreconfHook, gzip, bzip2, pkgconfig, check, pam }: +{ stdenv, fetchurl, autoreconfHook, gzip, bzip2, pkgconfig, flex, check, pam }: stdenv.mkDerivation rec { - name = "kbd-2.0.3"; + name = "kbd-${version}"; + version = "2.0.3"; src = fetchurl { url = "mirror://kernel/linux/utils/kbd/${name}.tar.xz"; sha256 = "0ppv953gn2zylcagr4z6zg5y2x93dxrml29plypg6xgbq3hrv2bs"; }; - /* Get the dvorak programmer keymap (present in X but not in kbd) */ - dvpSrc = fetchurl { - url = "http://kaufmann.no/downloads/linux/dvp-1_2_1.map.gz"; - sha256 = "0e859211cfe16a18a3b9cbf2ca3e280a23a79b4e40b60d8d01d0fde7336b6d50"; - }; - - neoSrc = fetchurl { - name = "neo.map"; - url = "https://svn.neo-layout.org/linux/console/neo.map?r=2455"; - sha256 = "1wlgp09wq84hml60hi4ls6d4zna7vhycyg40iipyh1279i91hsx7"; - }; - configureFlags = [ "--enable-optional-progs" "--enable-libkeymap" "--disable-nls" ]; - patches = [ ./console-fix.patch ]; + patches = [ ./console-fix.patch ./search-paths.patch ]; postPatch = '' - mkdir -p data/keymaps/i386/neo - cat "$neoSrc" > data/keymaps/i386/neo/neo.map + # Add Neo keymap subdirectory sed -i -e 's,^KEYMAPSUBDIRS *= *,&i386/neo ,' data/Makefile.am - # Add the dvp keyboard in the dvorak folder - ${gzip}/bin/gzip -c -d ${dvpSrc} > data/keymaps/i386/dvorak/dvp.map - # Fix the path to gzip/bzip2. substituteInPlace src/libkeymap/findfile.c \ --replace gzip ${gzip}/bin/gzip \ @@ -49,13 +34,15 @@ stdenv.mkDerivation rec { ''} ''; - buildInputs = [ autoreconfHook pkgconfig check pam ]; + buildInputs = [ check pam ]; + nativeBuildInputs = [ autoreconfHook pkgconfig flex ]; - makeFlags = "setowner= "; + makeFlags = [ "setowner=" ]; - meta = { + meta = with stdenv.lib; { homepage = ftp://ftp.altlinux.org/pub/people/legion/kbd/; description = "Linux keyboard utilities and keyboard maps"; - platforms = stdenv.lib.platforms.linux; + platforms = platforms.linux; + licenses = licenses.gpl2Plus; }; } diff --git a/pkgs/os-specific/linux/kbd/keymaps.nix b/pkgs/os-specific/linux/kbd/keymaps.nix new file mode 100644 index 00000000000..ecb7045ed27 --- /dev/null +++ b/pkgs/os-specific/linux/kbd/keymaps.nix @@ -0,0 +1,35 @@ +{ stdenv, lib, fetchurl, gzip }: + +{ + dvp = stdenv.mkDerivation rec { + name = "dvp-${version}"; + version = "1.2.1"; + + src = fetchurl { + url = "http://kaufmann.no/downloads/linux/dvp-${lib.replaceStrings ["."] ["_"] version}.map.gz"; + sha256 = "0e859211cfe16a18a3b9cbf2ca3e280a23a79b4e40b60d8d01d0fde7336b6d50"; + }; + + nativeBuildInputs = [ gzip ]; + + buildCommand = '' + mkdir -p $out/share/keymaps/i386/dvorak + gzip -c -d $src > $out/share/keymaps/i386/dvorak/dvp.map + ''; + }; + + neo = stdenv.mkDerivation rec { + name = "neo-${version}"; + version = "2476"; + + src = fetchurl { + name = "neo.map"; + url = "https://svn.neo-layout.org/linux/console/neo.map?r=${version}"; + sha256 = "19mfrd31vzpsjiwc7pshxm0b0sz5dd17xrz6k079cy4im1vf0r4g"; + }; + + buildCommand = '' + install -D $src $out/share/keymaps/i386/neo/neo.map + ''; + }; +} diff --git a/pkgs/os-specific/linux/kbd/search-paths.patch b/pkgs/os-specific/linux/kbd/search-paths.patch new file mode 100644 index 00000000000..66a56041481 --- /dev/null +++ b/pkgs/os-specific/linux/kbd/search-paths.patch @@ -0,0 +1,77 @@ +diff -ru3 kbd-2.0.3-old/src/libkeymap/analyze.l kbd-2.0.3/src/libkeymap/analyze.l +--- kbd-2.0.3-old/src/libkeymap/analyze.l 2016-07-03 02:31:28.258958092 +0300 ++++ kbd-2.0.3/src/libkeymap/analyze.l 2016-07-03 02:44:53.042592223 +0300 +@@ -99,6 +99,9 @@ + static const char *const include_dirpath0[] = { "", 0 }; + static const char *const include_dirpath1[] = { "", "../include/", "../../include/", 0 }; + static const char *const include_dirpath3[] = { ++ "/etc/kbd/" KEYMAPDIR "/include/", ++ "/etc/kbd/" KEYMAPDIR "/i386/include/", ++ "/etc/kbd/" KEYMAPDIR "/mac/include/", + DATADIR "/" KEYMAPDIR "/include/", + DATADIR "/" KEYMAPDIR "/i386/include/", + DATADIR "/" KEYMAPDIR "/mac/include/", 0 +diff -ru3 kbd-2.0.3-old/src/loadkeys.c kbd-2.0.3/src/loadkeys.c +--- kbd-2.0.3-old/src/loadkeys.c 2016-07-03 02:31:28.260958091 +0300 ++++ kbd-2.0.3/src/loadkeys.c 2016-07-03 02:34:34.123871103 +0300 +@@ -26,7 +26,7 @@ + #include "keymap.h" + + static const char *progname = NULL; +-static const char *const dirpath1[] = { "", DATADIR "/" KEYMAPDIR "/**", KERNDIR "/", 0 }; ++static const char *const dirpath1[] = { "", "/etc/kbd/" KEYMAPDIR "/**", DATADIR "/" KEYMAPDIR "/**", 0 }; + static const char *const suffixes[] = { "", ".kmap", ".map", 0 }; + + static void __attribute__ ((noreturn)) +diff -ru3 kbd-2.0.3-old/src/loadunimap.c kbd-2.0.3/src/loadunimap.c +--- kbd-2.0.3-old/src/loadunimap.c 2016-07-03 02:31:28.259958091 +0300 ++++ kbd-2.0.3/src/loadunimap.c 2016-07-03 02:33:06.803911971 +0300 +@@ -28,7 +28,7 @@ + extern char *progname; + extern int force; + +-static const char *const unidirpath[] = { "", DATADIR "/" UNIMAPDIR "/", 0 }; ++static const char *const unidirpath[] = { "", "/etc/kbd/" UNIMAPDIR "/", DATADIR "/" UNIMAPDIR "/", 0 }; + static const char *const unisuffixes[] = { "", ".uni", ".sfm", 0 }; + + #ifdef MAIN +diff -ru3 kbd-2.0.3-old/src/mapscrn.c kbd-2.0.3/src/mapscrn.c +--- kbd-2.0.3-old/src/mapscrn.c 2016-07-03 02:31:28.260958091 +0300 ++++ kbd-2.0.3/src/mapscrn.c 2016-07-03 02:33:21.119905270 +0300 +@@ -25,7 +25,7 @@ + static int ctoi (char *); + + /* search for the map file in these directories (with trailing /) */ +-static const char *const mapdirpath[] = { "", DATADIR "/" TRANSDIR "/", 0 }; ++static const char *const mapdirpath[] = { "", "/etc/kbd/" TRANSDIR "/", DATADIR "/" TRANSDIR "/", 0 }; + static const char *const mapsuffixes[] = { "", ".trans", "_to_uni.trans", ".acm", 0 }; + + #ifdef MAIN +diff -ru3 kbd-2.0.3-old/src/resizecons.c kbd-2.0.3/src/resizecons.c +--- kbd-2.0.3-old/src/resizecons.c 2016-07-03 02:31:28.260958091 +0300 ++++ kbd-2.0.3/src/resizecons.c 2016-07-03 02:33:32.253900060 +0300 +@@ -100,7 +100,7 @@ + static void vga_set_cursor(int, int); + static void vga_set_verticaldisplayend_lowbyte(int); + +-const char *const dirpath[] = { "", DATADIR "/" VIDEOMODEDIR "/", 0}; ++const char *const dirpath[] = { "", "/etc/kbd/" VIDEOMODEDIR "/", DATADIR "/" VIDEOMODEDIR "/", 0}; + const char *const suffixes[] = { "", 0 }; + + int +diff -ru3 kbd-2.0.3-old/src/setfont.c kbd-2.0.3/src/setfont.c +--- kbd-2.0.3-old/src/setfont.c 2016-07-03 02:31:28.260958091 +0300 ++++ kbd-2.0.3/src/setfont.c 2016-07-03 02:33:54.315889734 +0300 +@@ -51,10 +51,10 @@ + int debug = 0; + + /* search for the font in these directories (with trailing /) */ +-const char *const fontdirpath[] = { "", DATADIR "/" FONTDIR "/", 0 }; ++const char *const fontdirpath[] = { "", "/etc/kbd/" FONTDIR "/", DATADIR "/" FONTDIR "/", 0 }; + const char *const fontsuffixes[] = { "", ".psfu", ".psf", ".cp", ".fnt", 0 }; + /* hide partial fonts a bit - loading a single one is a bad idea */ +-const char *const partfontdirpath[] = { "", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 }; ++const char *const partfontdirpath[] = { "", "/etc/kbd/" FONTDIR "/" PARTIALDIR "/", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 }; + const char *const partfontsuffixes[] = { "", 0 }; + + static inline int diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 3ce65a3f6e1..37e3859cd05 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -10,7 +10,7 @@ `versionAtLeast`. Then do test your change by building all the kernels (or at least - their configs) in nixpkgs or else you will guarantee lots and lots + their configs) in Nixpkgs or else you will guarantee lots and lots of pain to users trying to switch to an older kernel because of some hardware problems with a new one. @@ -42,6 +42,12 @@ with stdenv.lib; SCHEDSTATS n DETECT_HUNG_TASK y + # Bump the maximum number of CPUs to support systems like EC2 x1.* + # instances and Xeon Phi. + ${optionalString (stdenv.system == "x86_64-linux") '' + NR_CPUS 384 + ''} + # Unix domain sockets. UNIX y @@ -61,6 +67,7 @@ with stdenv.lib; ${optionalString (versionOlder version "3.10") '' USB_SUSPEND y ''} + PM_WAKELOCKS y # Support drivers that need external firmware. STANDALONE n @@ -92,9 +99,6 @@ with stdenv.lib; DONGLE y # Serial dongle support HIPPI y MTD_COMPLEX_MAPPINGS y # needed for many devices - ${optionalString (versionOlder version "3.2") '' - NET_POCKET y # enable pocket and portable adapters - ''} SCSI_LOWLEVEL y # enable lots of SCSI devices SCSI_LOWLEVEL_PCMCIA y SCSI_SAS_ATA y # added to enable detection of hard drive @@ -131,9 +135,7 @@ with stdenv.lib; HOSTAP_FIRMWARE_NVRAM? y ATH9K_PCI? y # Detect Atheros AR9xxx cards on PCI(e) bus ATH9K_AHB? y # Ditto, AHB bus - ${optionalString (versionAtLeast version "3.2") '' - B43_PHY_HT? y - ''} + B43_PHY_HT? y BCMA_HOST_PCI? y # Enable various FB devices. @@ -151,7 +153,7 @@ with stdenv.lib; FB_VESA y FRAMEBUFFER_CONSOLE y FRAMEBUFFER_CONSOLE_ROTATION y - ${optionalString (versionOlder version "3.9" || stdenv.system == "i686-linux") '' + ${optionalString (stdenv.system == "i686-linux") '' FB_GEODE y ''} @@ -162,11 +164,7 @@ with stdenv.lib; ''} # Allow specifying custom EDID on the kernel command line DRM_LOAD_EDID_FIRMWARE y - ${optionalString (versionOlder version "3.9") '' - DRM_RADEON_KMS? y - ''} - # Hybrid graphics support - VGA_SWITCHEROO y + VGA_SWITCHEROO y # Hybrid graphics support # Sound. SND_DYNAMIC_MINORS y @@ -225,9 +223,7 @@ with stdenv.lib; NFSD_V4_SECURITY_LABEL y ''} NFS_FSCACHE y - ${optionalString (versionAtLeast version "3.6") '' - NFS_SWAP y - ''} + NFS_SWAP y NFS_V3_ACL y ${optionalString (versionAtLeast version "3.11") '' NFS_V4_1 y # NFSv4.1 client support @@ -259,11 +255,10 @@ with stdenv.lib; DEBUG_SET_MODULE_RONX? y # Detect writes to read-only module pages # Security related features. + RANDOMIZE_BASE y STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default - ${optionalString (!(features.grsecurity or false)) '' - DEVKMEM n # Disable /dev/kmem - ''} + DEVKMEM n # Disable /dev/kmem ${if versionOlder version "3.14" then '' CC_STACKPROTECTOR? y # Detect buffer overflows on the stack '' else '' @@ -299,34 +294,31 @@ with stdenv.lib; ${optionalString (versionOlder version "4.4") '' B43_PCMCIA? y ''} - BLK_DEV_CMD640_ENHANCED y # CMD640 enhanced support - BLK_DEV_IDEACPI y # IDE ACPI support BLK_DEV_INTEGRITY y BSD_PROCESS_ACCT_V3 y BT_HCIUART_BCSP? y BT_HCIUART_H4? y # UART (H4) protocol support BT_HCIUART_LL? y - ${optionalString (versionAtLeast version "3.4") '' - BT_RFCOMM_TTY? y # RFCOMM TTY support - ''} + BT_RFCOMM_TTY? y # RFCOMM TTY support + CLEANCACHE? y CRASH_DUMP? n - ${optionalString (versionOlder version "3.1") '' - DMAR? n # experimental - ''} DVB_DYNAMIC_MINORS? y # we use udev - ${optionalString (versionAtLeast version "3.3") '' - EFI_STUB y # EFI bootloader in the bzImage itself - ''} + EFI_STUB y # EFI bootloader in the bzImage itself FHANDLE y # used by systemd + FRONTSWAP y FUSION y # Fusion MPT device support - IDE_GD_ATAPI y # ATAPI floppy support + IDE n # deprecated IDE support + ${optionalString (versionAtLeast version "4.3") '' + IDLE_PAGE_TRACKING y + ''} IRDA_ULTRA y # Ultra (connectionless) protocol JOYSTICK_IFORCE_232? y # I-Force Serial joysticks and wheels JOYSTICK_IFORCE_USB? y # I-Force USB joysticks and wheels JOYSTICK_XPAD_FF? y # X-Box gamepad rumble support JOYSTICK_XPAD_LEDS? y # LED Support for Xbox360 controller 'BigX' LED + KEXEC_FILE? y + KEXEC_JUMP? y LDM_PARTITION y # Windows Logical Disk Manager (Dynamic Disk) support - LEDS_TRIGGER_IDE_DISK y # LED IDE Disk Trigger LOGIRUMBLEPAD2_FF y # Logitech Rumblepad 2 force feedback LOGO n # not needed MEDIA_ATTACH y @@ -345,12 +337,9 @@ with stdenv.lib; PPP_MULTILINK y # PPP multilink support PPP_FILTER y REGULATOR y # Voltage and Current Regulator Support - ${optionalString (versionAtLeast version "3.6") '' - RC_DEVICES? y # Enable IR devices - ''} - ${optionalString (versionAtLeast version "3.10") '' - RT2800USB_RT55XX y - ''} + RC_DEVICES? y # Enable IR devices + RT2800USB_RT55XX y + SCHED_AUTOGROUP y SCSI_LOGGING y # SCSI logging facility SERIAL_8250 y # 8250/16550 and compatible serial support SLIP_COMPRESSED y # CSLIP compressed headers @@ -365,6 +354,9 @@ with stdenv.lib; ''} USB_EHCI_ROOT_HUB_TT y # Root Hub Transaction Translators USB_EHCI_TT_NEWSCHED y # Improved transaction translator scheduling + ${optionalString (versionAtLeast version "4.3") '' + USERFAULTFD y + ''} X86_CHECK_BIOS_CORRUPTION y X86_MCE y @@ -375,16 +367,14 @@ with stdenv.lib; NAMESPACES? y # Required by 'unshare' used by 'nixos-install' RT_GROUP_SCHED? y CGROUP_DEVICE? y - ${if versionAtLeast version "3.6" then '' - MEMCG y - MEMCG_SWAP y - '' else '' - CGROUP_MEM_RES_CTLR y - CGROUP_MEM_RES_CTLR_SWAP y - ''} - DEVPTS_MULTIPLE_INSTANCES y + MEMCG y + MEMCG_SWAP y + ${optionalString (versionOlder version "4.7") "DEVPTS_MULTIPLE_INSTANCES y"} BLK_DEV_THROTTLING y CFQ_GROUP_IOSCHED y + ${optionalString (versionAtLeast version "4.3") '' + CGROUP_PIDS y + ''} # Enable staging drivers. These are somewhat experimental, but # they generally don't hurt. @@ -402,9 +392,7 @@ with stdenv.lib; FTRACE_SYSCALLS y SCHED_TRACER y STACK_TRACER y - ${optionalString (versionAtLeast version "3.10") '' - UPROBE_EVENT y - ''} + UPROBE_EVENT y ${optionalString (versionAtLeast version "4.4") '' BPF_SYSCALL y BPF_EVENTS y @@ -416,36 +404,22 @@ with stdenv.lib; DEVTMPFS y # Easier debugging of NFS issues. - ${optionalString (versionAtLeast version "3.4") '' - SUNRPC_DEBUG y - ''} + SUNRPC_DEBUG y # Virtualisation. PARAVIRT? y - ${optionalString (!(features.grsecurity or false)) - (if versionAtLeast version "3.10" then '' - HYPERVISOR_GUEST y - '' else '' - PARAVIRT_GUEST? y - '') - } + HYPERVISOR_GUEST y + PARAVIRT_SPINLOCKS? y KVM_APIC_ARCHITECTURE y KVM_ASYNC_PF y - ${optionalString (versionOlder version "3.7") '' - KVM_CLOCK? y - ''} ${optionalString (versionAtLeast version "4.0") '' KVM_COMPAT? y ''} - ${optionalString (versionAtLeast version "3.10") '' - KVM_DEVICE_ASSIGNMENT? y - ''} + KVM_DEVICE_ASSIGNMENT? y ${optionalString (versionAtLeast version "4.0") '' KVM_GENERIC_DIRTYLOG_READ_PROTECT y ''} - ${optionalString (!features.grsecurity or true) '' - KVM_GUEST y - ''} + KVM_GUEST y KVM_MMIO y ${optionalString (versionAtLeast version "3.13") '' KVM_VFIO y @@ -476,28 +450,22 @@ with stdenv.lib; ${optionalString (!stdenv.is64bit) '' HIGHMEM64G? y # We need 64 GB (PAE) support for Xen guest support. ''} - ${optionalString (versionAtLeast version "3.9" && stdenv.is64bit) '' + ${optionalString (stdenv.is64bit) '' VFIO_PCI_VGA y ''} VIRT_DRIVERS y # Media support. - ${optionalString (versionAtLeast version "3.6") '' - MEDIA_DIGITAL_TV_SUPPORT y - MEDIA_CAMERA_SUPPORT y - MEDIA_RC_SUPPORT y - ''} - ${optionalString (versionAtLeast version "3.7") '' - MEDIA_USB_SUPPORT y - ${optionalString (!(features.chromiumos or false)) '' - MEDIA_PCI_SUPPORT y - ''} + MEDIA_DIGITAL_TV_SUPPORT y + MEDIA_CAMERA_SUPPORT y + MEDIA_RC_SUPPORT y + MEDIA_USB_SUPPORT y + ${optionalString (!(features.chromiumos or false)) '' + MEDIA_PCI_SUPPORT y ''} # Our initrd init uses shebang scripts, so can't be modular. - ${optionalString (versionAtLeast version "3.10") '' - BINFMT_SCRIPT y - ''} + BINFMT_SCRIPT y # For systemd-binfmt BINFMT_MISC? y @@ -512,10 +480,9 @@ with stdenv.lib; TRANSPARENT_HUGEPAGE_MADVISE? y # zram support (e.g for in-memory compressed swap). - ${optionalString (versionAtLeast version "3.4") '' - ZSMALLOC y - ''} + ZSMALLOC y ZRAM m + ZSWAP y # Enable PCIe and USB for the brcmfmac driver BRCMFMAC_USB? y diff --git a/pkgs/os-specific/linux/kernel/ecryptfs-fix-mmap-bug.patch b/pkgs/os-specific/linux/kernel/ecryptfs-fix-mmap-bug.patch new file mode 100644 index 00000000000..7f94669a9f4 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/ecryptfs-fix-mmap-bug.patch @@ -0,0 +1,20 @@ +Signed-off-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxx> +Tested-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxx> # 4.4.y, 3.18.y +Cc: <stable@xxxxxxxxxxxxxxx> # 4.5- +--- + fs/ecryptfs/kthread.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c +index e818f5a..b9faeab 100644 +--- a/fs/ecryptfs/kthread.c ++++ b/fs/ecryptfs/kthread.c +@@ -171,7 +171,7 @@ int ecryptfs_privileged_open(struct file **lower_file, + goto out; + } + have_file: +- if ((*lower_file)->f_op->mmap == NULL) { ++ if ((*lower_file)->f_op->mmap == NULL && !d_is_dir(lower_dentry)) { + fput(*lower_file); + *lower_file = NULL; + rc = -EMEDIUMTYPE; diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix new file mode 100644 index 00000000000..894f2d8e364 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix @@ -0,0 +1,43 @@ +{ stdenv }: + +with stdenv.lib; + +'' +GRKERNSEC y +PAX y + +GRKERNSEC_CONFIG_AUTO y +GRKERNSEC_CONFIG_DESKTOP y +GRKERNSEC_CONFIG_VIRT_HOST y +GRKERNSEC_CONFIG_VIRT_EPT y +GRKERNSEC_CONFIG_VIRT_KVM y +GRKERNSEC_CONFIG_PRIORITY_SECURITY y + +PAX_PT_PAX_FLAGS y +PAX_XATTR_PAX_FLAGS n +PAX_EI_PAX n + +GRKERNSEC_PROC_GID 0 + +PAX_LATENT_ENTROPY n +PAX_SIZE_OVERFLOW n +GRKERNSEC_HIDESYM n +GRKERNSEC_RANDSTRUCT n +GRKERNSEC_PROC n +GRKERNSEC_SYSFS_RESTRICT n +GRKERNSEC_KMEM n +GRKERNSEC_MODHARDEN n +GRKERNSEC_NO_SIMULT_CONNECT n + +PAX_KERNEXEC_PLUGIN_METHOD_BTS y + +GRKERNSEC_ACL_HIDEKERN y +GRKERNSEC_IO y + +GRKERNSEC_AUDIT_PTRACE y +GRKERNSEC_FORKFAIL y + +GRKERNSEC_SYSCTL y +GRKERNSEC_SYSCTL_DISTRO y +GRKERNSEC_SYSCTL_ON y +'' diff --git a/pkgs/os-specific/linux/kernel/grsecurity-path-4.5.patch b/pkgs/os-specific/linux/kernel/grsecurity-nixos-kmod.patch index e0430a69c95..e0430a69c95 100644 --- a/pkgs/os-specific/linux/kernel/grsecurity-path-4.5.patch +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-kmod.patch diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix index 3fe7df6b40e..27b97054d1a 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.10.101"; + version = "3.10.102"; extraMeta.branch = "3.10"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "1g8jx6vla8bjhy3xn0s7r6awinxpfr1w8zqfzjsx88pkqbf8qd9n"; + sha256 = "0hvymhmbvpmpz1jk0xwhxyskijdh6bzakqj7k0gaa2y0wdj33pxi"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix index 49de2c2ab0f..278548f09e9 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.12.57"; + version = "3.12.61"; extraMeta.branch = "3.12"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0qv88rvi0n45z3888w2gis35lxdx34qg2p7c2cac2szbrzv664s8"; + sha256 = "1q44z8gdbrw76vl5wbm8y2vy119lacxyaf2xi6q9jasvwkjc4h36"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-3.14.nix b/pkgs/os-specific/linux/kernel/linux-3.14.nix index f69fa93ea2f..f06526ea52d 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.14.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.14.65"; + version = "3.14.73"; extraMeta.branch = "3.14"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0pqfgzinwgllvyx0cfv0vnllgvzrrpbr2yi21zgppdd1iw6nipsd"; + sha256 = "17wpb2za3kymk88xk68k8qhlc4vvhky9wvcwyfbiq5hblf98ghgy"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index 28893ce3f9f..975a60ff6bf 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.18.29"; + version = "3.18.36"; extraMeta.branch = "3.18"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0g8vlhifl31dyghiamykrpgj6n8h5w6gh6n88ir57z6lj188vaj8"; + sha256 = "0iqyll1p1pkyl5rj440kjg483gqhhg6z7r61ln6rzbqm5g943fvq"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.1.nix b/pkgs/os-specific/linux/kernel/linux-4.1.nix index 1e8932ad598..478e0d7ce24 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.1.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.1.25"; + version = "4.1.27"; extraMeta.branch = "4.1"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0rfs5vn9ggymd426jr4gkhgk9bnn1g9c5x7k3xgfh4i08mq1920f"; + sha256 = "02gkmn3j15wih6aq94p6mbivv996lr7zcj6vz4wh8wr7wmmy1kmv"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.3.nix b/pkgs/os-specific/linux/kernel/linux-4.3.nix deleted file mode 100644 index 0bdc2d08d8a..00000000000 --- a/pkgs/os-specific/linux/kernel/linux-4.3.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ stdenv, fetchurl, perl, buildLinux, ... } @ args: - -import ./generic.nix (args // rec { - version = "4.3.6"; - - extraMeta.branch = "4.3"; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0wdd8z4ykjz1rkizlv9dm70vjd87fly4km4bs7av4p5w5xfp98z0"; - }; - - features.iwlwifi = true; - features.efiBootStub = true; - features.needsCifsUtils = true; - features.canDisableNetfilterConntrackHelpers = true; - features.netfilterRPFilter = true; -} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 4bc501a3ba2..e563a5bee62 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.4.12"; + version = "4.4.14"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1r96jyvm44615f5zh5sn04zx7y8bllpx12lx1zjkns66i4ddv0rq"; + sha256 = "1yam0lmj465xsdv3h9zkz2ca5j6sdn18ydv8225scq3ig49bllsr"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.6.nix b/pkgs/os-specific/linux/kernel/linux-4.6.nix index b93550b6ea6..c0849942f4f 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.6.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.6.1"; + version = "4.6.4"; extraMeta.branch = "4.6"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "073vpwidl28ka3y2rd7n6dcckrppi5kalh48vsz980k9z12g9pfm"; + sha256 = "0zpz29hgwdwkil6rakn08bdq77qjcz8q18qlkfc43s84f4fd8s45"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.5.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix index 63db1779014..c0849942f4f 100644 --- a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.5.nix +++ b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.5.7"; - extraMeta.branch = "4.5"; + version = "4.6.4"; + extraMeta.branch = "4.6"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0azvh7lf9kak1xcs5f9smlvx4gkf45vyandizmxhx0zyjlhacw60"; + sha256 = "0zpz29hgwdwkil6rakn08bdq77qjcz8q18qlkfc43s84f4fd8s45"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-mptcp.nix b/pkgs/os-specific/linux/kernel/linux-mptcp.nix index 6a1d8da5a92..981e6a97c2a 100644 --- a/pkgs/os-specific/linux/kernel/linux-mptcp.nix +++ b/pkgs/os-specific/linux/kernel/linux-mptcp.nix @@ -1,8 +1,8 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - mptcpVersion = "0.90"; - modDirVersion = "3.18.20"; + mptcpVersion = "0.90.1"; + modDirVersion = "3.18.25"; version = "${modDirVersion}-mptcp_v${mptcpVersion}"; extraMeta = { @@ -12,7 +12,7 @@ import ./generic.nix (args // rec { src = fetchurl { url = "https://github.com/multipath-tcp/mptcp/archive/v${mptcpVersion}.tar.gz"; - sha256 = "1wzdvd1j1wqjkysj98g451y6mxr9a5hff5kn9inxwbzm9yg4icj5"; + sha256 = "088cpxl960xzrsz7x2lkq28ksa4gzjb1hp5yf8hxshihyhdaspwl"; }; extraConfig = '' diff --git a/pkgs/os-specific/linux/kernel/linux-rpi.nix b/pkgs/os-specific/linux/kernel/linux-rpi.nix index 777662718af..a069e7606cc 100644 --- a/pkgs/os-specific/linux/kernel/linux-rpi.nix +++ b/pkgs/os-specific/linux/kernel/linux-rpi.nix @@ -1,21 +1,47 @@ -{ stdenv, fetchurl, perl, buildLinux, ... } @ args: +{ stdenv, fetchFromGitHub, perl, buildLinux, ... } @ args: let + modDirVersion = "4.4.13"; + tag = "1.20160620-1"; +in +stdenv.lib.overrideDerivation (import ./generic.nix (args // rec { + version = "${modDirVersion}-${tag}"; + inherit modDirVersion; - rev = "f4b20d47d7df7927967fcd524324b145cfc9e2f9"; - -in import ./generic.nix (args // rec { - version = "4.1.y-${rev}"; - - modDirVersion = "4.1.20-v7"; - - src = fetchurl { - url = "https://api.github.com/repos/raspberrypi/linux/tarball/${rev}"; - name = "linux-raspberrypi-${version}.tar.gz"; - sha256 = "0x17hlbi7lpmmnp24dnkync5gzj57j84j0nlrcv1lv9fahjkqsm2"; + src = fetchFromGitHub { + owner = "raspberrypi"; + repo = "linux"; + rev = "raspberrypi-kernel_${tag}"; + sha256 = "0bydlzmd9mar07j6dihhzn1xm6vpn92y33vf1qsdkl3hjil6brfc"; }; features.iwlwifi = true; extraMeta.hydraPlatforms = []; +})) (oldAttrs: { + postConfigure = '' + # The v7 defconfig has this set to '-v7' which screws up our modDirVersion. + sed -i $buildRoot/.config -e 's/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=""/' + ''; + + postFixup = '' + # Make copies of the DTBs so that U-Boot finds them, as it is looking for the upstream names. + # This is ugly as heck. + copyDTB() { + if [ -f "$out/dtbs/$1" ]; then + cp -v "$out/dtbs/$1" "$out/dtbs/$2" + fi + } + + # I am not sure if all of these are correct... + copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-a.dtb + copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-b.dtb + copyDTB bcm2708-rpi-b.dtb bcm2835-rpi-b-rev2.dtb + copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-a-plus.dtb + copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-b-plus.dtb + copyDTB bcm2708-rpi-b-plus.dtb bcm2835-rpi-zero.dtb + copyDTB bcm2708-rpi-cm.dtb bcm2835-rpi-cm.dtb + copyDTB bcm2709-rpi-2-b.dtb bcm2836-rpi-2-b.dtb + copyDTB bcm2710-rpi-3-b.dtb bcm2837-rpi-3-b.dtb + ''; }) diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index 9a948a68c4c..37e5da5a905 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.6-rc6"; - modDirVersion = "4.6.0-rc6"; - extraMeta.branch = "4.6"; + version = "4.7-rc7"; + modDirVersion = "4.7.0-rc7"; + extraMeta.branch = "4.7"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/testing/linux-${version}.tar.xz"; - sha256 = "040sk87zdgqsbma5sk1hk4graga8yafh4rn89vkznkwzdlwa3gyx"; + sha256 = "11c87rhxlrmag9hhg1m8zfff0d52yrzvhyjj9dxfa3nmxj4sfbb7"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 877e51565ac..7b2feaf84a8 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgs }: +{ stdenv, fetchurl, fetchpatch, pkgs }: let @@ -18,20 +18,20 @@ let }; }; - grsecPatch = { grversion ? "3.1", kernel, patches, kversion, revision, branch ? "test", sha256 }: - assert kversion == kernel.version; - { name = "grsecurity-${grversion}-${kversion}"; - inherit grversion kernel patches kversion revision; + grsecPatch = { grbranch ? "test", grver ? "3.1", kver, grrev, sha256 }: rec { + name = "grsecurity-${grver}-${kver}-${grrev}"; + + # Pass these along to allow the caller to determine compatibility + inherit grver kver grrev; + + patch = fetchurl { # When updating versions/hashes, ALWAYS use the official version; we use # this mirror only because upstream removes sources files immediately upon # releasing a new version ... - patch = fetchurl { - url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/test/grsecurity-${grversion}-${kversion}-${revision}.patch"; - inherit sha256; - }; - features.grsecurity = true; + url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/${grbranch}/${name}.patch"; + inherit sha256; }; - + }; in rec { @@ -92,19 +92,18 @@ rec { grsecurity_4_4 = throw "grsecurity stable is no longer supported"; - grsecurity_4_5 = grsecPatch - { kernel = pkgs.grsecurity_base_linux_4_5; - patches = [ grsecurity_fix_path_4_5 ]; - kversion = "4.5.7"; - revision = "201606080852"; - sha256 = "1vgc314nh6bd7zw9r927lnbjq29z32g0s02jgvf635y9zz550nsh"; + grsecurity_testing = grsecPatch + { kver = "4.6.4"; + grrev = "201607112205"; + sha256 = "16j01qqa7yi5yvli1lkl8ffybhy4697nyi18lbl5329zd09xq2ww"; }; - grsecurity_latest = grsecurity_4_5; - - grsecurity_fix_path_4_5 = - { name = "grsecurity-fix-path-4.5"; - patch = ./grsecurity-path-4.5.patch; + # This patch relaxes grsec constraints on the location of usermode helpers, + # e.g., modprobe, to allow calling into the Nix store. + grsecurity_nixos_kmod = + { + name = "grsecurity-nixos-kmod"; + patch = ./grsecurity-nixos-kmod.patch; }; crc_regression = @@ -141,4 +140,16 @@ rec { { name = "qat_common_Makefile"; patch = ./qat_common_Makefile.patch; }; + + hiddev_CVE_2016_5829 = + { name = "hiddev_CVE_2016_5829"; + patch = fetchpatch { + url = "https://sources.debian.net/data/main/l/linux/4.6.3-1/debian/patches/bugfix/all/HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch"; + sha256 = "14rm1qr87p7a5prz8g5fwbpxzdp3ighj095x8rvhm8csm20wspyy"; + }; + }; + ecryptfs_fix_mmap_bug = + { name = "ecryptfs_fix_mmap_bug"; + patch = ./ecryptfs-fix-mmap-bug.patch; + }; } diff --git a/pkgs/os-specific/linux/kmod-debian-aliases/default.nix b/pkgs/os-specific/linux/kmod-debian-aliases/default.nix index 13fe500286d..0fbf7821147 100644 --- a/pkgs/os-specific/linux/kmod-debian-aliases/default.nix +++ b/pkgs/os-specific/linux/kmod-debian-aliases/default.nix @@ -1,13 +1,12 @@ { stdenv, fetchurl, lib }: -let - version = "21-1"; -in -stdenv.mkDerivation { + +stdenv.mkDerivation rec { name = "kmod-debian-aliases-${version}.conf"; + version = "22-1.1"; src = fetchurl { url = "mirror://debian/pool/main/k/kmod/kmod_${version}.debian.tar.xz"; - sha256 = "1abpf8g3yx972by2xpmz6dwwyc1pgh6gjbvrivmrsws69vs0xjsy"; + sha256 = "0daap2n4bvjqcnksaayy6csmdb1px4r02w3xp36bcp6w3lbnqamh"; }; installPhase = '' diff --git a/pkgs/os-specific/linux/libsmbios/default.nix b/pkgs/os-specific/linux/libsmbios/default.nix index 8d05a0d7d23..a3d212dda53 100644 --- a/pkgs/os-specific/linux/libsmbios/default.nix +++ b/pkgs/os-specific/linux/libsmbios/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation { meta = { homepage = "http://linux.dell.com/libsmbios/main"; - description = "a library to obtain BIOS information"; + description = "A library to obtain BIOS information"; license = stdenv.lib.licenses.gpl2Plus; # alternatively, under the Open Software License version 2.1 platforms = stdenv.lib.platforms.linux; }; diff --git a/pkgs/os-specific/linux/lockdep/default.nix b/pkgs/os-specific/linux/lockdep/default.nix index 7765f5f8b9c..3c7ceb1270c 100644 --- a/pkgs/os-specific/linux/lockdep/default.nix +++ b/pkgs/os-specific/linux/lockdep/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { ''; meta = { - description = "userspace locking validation tool built on the Linux kernel"; + description = "Userspace locking validation tool built on the Linux kernel"; homepage = "https://kernel.org/"; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix index 82ea72af160..eda1863ec97 100644 --- a/pkgs/os-specific/linux/lxc/default.nix +++ b/pkgs/os-specific/linux/lxc/default.nix @@ -68,7 +68,7 @@ stdenv.mkDerivation rec { meta = { homepage = "http://lxc.sourceforge.net"; - description = "userspace tools for Linux Containers, a lightweight virtualization system"; + description = "Userspace tools for Linux Containers, a lightweight virtualization system"; license = licenses.lgpl21Plus; longDescription = '' diff --git a/pkgs/os-specific/linux/netatop/default.nix b/pkgs/os-specific/linux/netatop/default.nix index 35781dc7f95..5177ea45e7a 100644 --- a/pkgs/os-specific/linux/netatop/default.nix +++ b/pkgs/os-specific/linux/netatop/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, kernel, zlib }: let - version = "0.7"; + version = "1.0"; in stdenv.mkDerivation { @@ -9,7 +9,7 @@ stdenv.mkDerivation { src = fetchurl { url = "http://www.atoptool.nl/download/netatop-${version}.tar.gz"; - sha256 = "11v9lvlshn7mwsbr69xrm7gfhxbgdczcf3cf9fssbd9qgv9abifl"; + sha256 = "1l7xs3hnfbk6h5gdrw1ikfa0fvfpb5vd447xhwfllvicblqyip8b"; }; buildInputs = [ zlib ]; diff --git a/pkgs/os-specific/linux/nftables/default.nix b/pkgs/os-specific/linux/nftables/default.nix index e0b16eb24f5..4b3e078cb57 100644 --- a/pkgs/os-specific/linux/nftables/default.nix +++ b/pkgs/os-specific/linux/nftables/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig docbook2x flex bison libmnl libnftnl gmp readline ]; meta = with stdenv.lib; { - description = "the project that aims to replace the existing {ip,ip6,arp,eb}tables framework"; + description = "The project that aims to replace the existing {ip,ip6,arp,eb}tables framework"; homepage = http://netfilter.org/projects/nftables; license = licenses.gpl2; platforms = platforms.linux; diff --git a/pkgs/os-specific/linux/nvidia-x11/nvidia-340.76-kernel-4.0.patch b/pkgs/os-specific/linux/nvidia-x11/nvidia-340.76-kernel-4.0.patch deleted file mode 100644 index 5fdc1fed727..00000000000 --- a/pkgs/os-specific/linux/nvidia-x11/nvidia-340.76-kernel-4.0.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- a/kernel/nv-pat.c 2015-07-03 08:39:35.417031728 +0200 -+++ b/kernel/nv-pat.c 2015-07-03 08:42:15.631838988 +0200 -@@ -35,8 +35,13 @@ - unsigned long cr0 = read_cr0(); - write_cr0(((cr0 & (0xdfffffff)) | 0x40000000)); - wbinvd(); -+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 18, 0) - *cr4 = read_cr4(); - if (*cr4 & 0x80) write_cr4(*cr4 & ~0x80); -+#else -+ *cr4 = __read_cr4(); -+ if (*cr4 & 0x80) __write_cr4(*cr4 & ~0x80); -+#endif - __flush_tlb(); - } - -@@ -46,7 +51,11 @@ - wbinvd(); - __flush_tlb(); - write_cr0((cr0 & 0x9fffffff)); -+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 18, 0) - if (cr4 & 0x80) write_cr4(cr4); -+#else -+ if (cr4 & 0x80) __write_cr4(cr4); -+#endif - } - - static int nv_determine_pat_mode(void) diff --git a/pkgs/os-specific/linux/odp-dpdk/default.nix b/pkgs/os-specific/linux/odp-dpdk/default.nix new file mode 100644 index 00000000000..faf57450ce1 --- /dev/null +++ b/pkgs/os-specific/linux/odp-dpdk/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchgit, autoreconfHook, openssl, libpcap, dpdk, bash }: + +stdenv.mkDerivation rec { + name = "odp-dpdk-${version}"; + version = "1.10.1.0"; + + src = fetchgit { + url = "https://git.linaro.org/lng/odp-dpdk.git"; + rev = "0ed1ced007d98980f90604675083bf30c354e867"; + sha256 = "1kf090bizr0p0cxn525qpmypb5j86imvxrfpmwbl7vqqfh74j5ax"; + }; + + nativeBuildInputs = [ autoreconfHook bash ]; + buildInputs = [ stdenv openssl dpdk libpcap ]; + + RTE_SDK = "${dpdk}"; + RTE_TARGET = "x86_64-native-linuxapp-gcc"; + + patchPhase = '' + substituteInPlace scripts/git_hash.sh --replace /bin/bash /bin/sh + substituteInPlace scripts/get_impl_str.sh --replace /bin/bash /bin/sh + echo -n ${version} > .scmversion + ''; + + dontDisableStatic = true; + + configureFlags = [ + "--with-platform=linux-dpdk" + "--disable-shared" + "--with-sdk-install-path=${dpdk}/${RTE_TARGET}" + ]; + + meta = with stdenv.lib; { + description = "Open Data Plane optimized for DPDK"; + homepage = http://www.opendataplane.org; + license = licenses.bsd3; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.abuibrahim ]; + }; +} diff --git a/pkgs/os-specific/linux/perf-tools/default.nix b/pkgs/os-specific/linux/perf-tools/default.nix index d0776ce546a..873cb7b2b7d 100644 --- a/pkgs/os-specific/linux/perf-tools/default.nix +++ b/pkgs/os-specific/linux/perf-tools/default.nix @@ -1,13 +1,13 @@ { lib, stdenv, fetchFromGitHub, perl }: stdenv.mkDerivation { - name = "perf-tools-20150723"; + name = "perf-tools-20160418"; src = fetchFromGitHub { owner = "brendangregg"; repo = "perf-tools"; - rev = "80e25785e16acfbc0f048cae86a69006fa45148d"; - sha256 = "13g98vqwy50yf2h0w6iav80kzwfz29mvnjw8akbjv4v36r9hcb69"; + rev = "5a511f5f775cfbc0569e6039435361cecd22dd86"; + sha256 = "1ab735idi0h62yvhzd7822jj3555vygixv4xjrfrdvi8d2hhz6qn"; }; buildInputs = [ perl ]; diff --git a/pkgs/os-specific/linux/pktgen/default.nix b/pkgs/os-specific/linux/pktgen/default.nix index 456e9a4679c..5154ccce1b4 100644 --- a/pkgs/os-specific/linux/pktgen/default.nix +++ b/pkgs/os-specific/linux/pktgen/default.nix @@ -1,26 +1,34 @@ -{ stdenv, fetchurl, dpdk, libpcap, utillinux }: +{ stdenv, fetchurl, dpdk, libpcap, utillinux +, pkgconfig +, gtk, withGtk ? false +}: stdenv.mkDerivation rec { name = "pktgen-${version}"; - version = "3.0.00"; + version = "3.0.04"; src = fetchurl { url = "http://dpdk.org/browse/apps/pktgen-dpdk/snapshot/pktgen-${version}.tar.gz"; - sha256 = "703f8bd615aa4ae3a3085055483f9889dda09d082abb58afd33c1ba7c766ea65"; + sha256 = "0vrmbpl8zaal5zjwyzlx0y3d6jydfxdmf0psdj7ic37h5yh2iv2q"; }; - buildInputs = [ dpdk libpcap ]; + nativeBuildInputs = stdenv.lib.optionals withGtk [ pkgconfig ]; + + buildInputs = + [ dpdk libpcap ] + ++ stdenv.lib.optionals withGtk [gtk]; RTE_SDK = "${dpdk}"; RTE_TARGET = "x86_64-native-linuxapp-gcc"; + GUI = stdenv.lib.optionalString withGtk "true"; enableParallelBuilding = true; NIX_CFLAGS_COMPILE = [ "-march=core2" ]; - patchPhase = '' - sed -i -e s:/usr/local:$out:g lib/lua/src/luaconf.h - sed -i -e s:/usr/bin/lscpu:${utillinux}/bin/lscpu:g lib/common/wr_lscpu.h + postPatch = '' + substituteInPlace lib/lua/src/luaconf.h --replace /usr/local $out + substituteInPlace lib/common/wr_lscpu.h --replace /usr/bin/lscpu ${utillinux}/bin/lscpu ''; installPhase = '' diff --git a/pkgs/os-specific/linux/plymouth/default.nix b/pkgs/os-specific/linux/plymouth/default.nix index 00d330ca955..b1b1a4649ba 100644 --- a/pkgs/os-specific/linux/plymouth/default.nix +++ b/pkgs/os-specific/linux/plymouth/default.nix @@ -1,27 +1,32 @@ -{ stdenv, fetchurl, autoreconfHook, cairo, docbook_xsl, gtk -, libdrm, libpng, libxslt, makeWrapper, pango, pkgconfig, udev +{ stdenv, fetchurl, autoreconfHook, pkgconfig, libxslt, docbook_xsl +, gtk3, udev, systemd }: stdenv.mkDerivation rec { name = "plymouth-${version}"; - version = "0.9.0"; + version = "0.9.2"; src = fetchurl { url = "http://www.freedesktop.org/software/plymouth/releases/${name}.tar.bz2"; - sha256 = "0kfdwv179brg390ma003pmdqfvqlbybqiyp9fxrxx0wa19sjxqnk"; + sha256 = "0zympsgy5bbfl2ag5nc1jxlshpx8r1s1yyjisanpx76g88hfh31g"; }; - buildInputs = [ - autoreconfHook cairo docbook_xsl gtk libdrm libpng - libxslt makeWrapper pango pkgconfig udev + nativeBuildInputs = [ + autoreconfHook pkgconfig libxslt docbook_xsl ]; - prePatch = '' - sed -e "s#\$(\$PKG_CONFIG --variable=systemdsystemunitdir systemd)#$out/etc/systemd/system#g" \ - -i configure.ac - ''; + buildInputs = [ + gtk3 udev systemd + ]; postPatch = '' + sed -i \ + -e "s#\$(\$PKG_CONFIG --variable=systemdsystemunitdir systemd)#$out/etc/systemd/system#g" \ + -e "s#plymouthplugindir=.*#plymouthplugindir=/etc/plymouth/plugins/#" \ + -e "s#plymouththemedir=.*#plymouththemedir=/etc/plymouth/themes#" \ + -e "s#plymouthpolicydir=.*#plymouthpolicydir=/etc/plymouth/#" \ + configure.ac + configureFlags=" --prefix=$out --bindir=$out/bin @@ -29,15 +34,24 @@ stdenv.mkDerivation rec { --exec-prefix=$out --libdir=$out/lib --libexecdir=$out/lib - --sysconfdir=$out/etc + --sysconfdir=/etc --localstatedir=/var - --with-log-viewer + --with-logo=/etc/plymouth/logo.png + --with-background-color=0x000000 + --with-background-start-color-stop=0x000000 + --with-background-end-color-stop=0x000000 + --with-release-file=/etc/os-release --without-system-root-install --without-rhgb-compat-link --enable-tracing --enable-systemd-integration --enable-pango + --enable-gdm-transition --enable-gtk" + + installFlags=" + plymouthd_defaultsdir=$out/share/plymouth + plymouthd_confdir=$out/etc/plymouth" ''; meta = with stdenv.lib; { diff --git a/pkgs/os-specific/linux/radeontop/default.nix b/pkgs/os-specific/linux/radeontop/default.nix index 0ed76e790cc..adf02dfa9d7 100644 --- a/pkgs/os-specific/linux/radeontop/default.nix +++ b/pkgs/os-specific/linux/radeontop/default.nix @@ -1,18 +1,19 @@ -{ stdenv, fetchFromGitHub, pkgconfig, gettext, ncurses, libdrm, libpciaccess }: +{ stdenv, fetchFromGitHub, pkgconfig, gettext, makeWrapper +, ncurses, libdrm, libpciaccess, libxcb }: stdenv.mkDerivation rec { name = "radeontop-${version}"; - version = "2015-11-24"; + version = "2016-07-04"; src = fetchFromGitHub { - sha256 = "0irwq6rps5mnban8cxbrm59wpyv4j80q3xdjm9fxvfpiyys2g2hz"; - rev = "0e82272f3e8f2287c1bc1d8a0c7bdbd5c4818b37"; + sha256 = "07pj5c3shnxljwq0hkksw7qnp8kb3n5ngihdmi4fqbmyz8in2vm5"; + rev = "bb3ed18aa8877f2816348ca9f016bb61d67e636f"; repo = "radeontop"; owner = "clbr"; }; - buildInputs = [ ncurses libdrm libpciaccess ]; - nativeBuildInputs = [ pkgconfig gettext ]; + buildInputs = [ ncurses libdrm libpciaccess libxcb ]; + nativeBuildInputs = [ pkgconfig gettext makeWrapper ]; enableParallelBuilding = true; @@ -22,6 +23,11 @@ stdenv.mkDerivation rec { makeFlags = [ "PREFIX=$(out)" ]; + postInstall = '' + wrapProgram $out/sbin/radeontop \ + --prefix LD_LIBRARY_PATH : $out/lib + ''; + meta = with stdenv.lib; { description = "Top-like tool for viewing AMD Radeon GPU utilization"; longDescription = '' diff --git a/pkgs/os-specific/linux/rtl8723bs/default.nix b/pkgs/os-specific/linux/rtl8723bs/default.nix index 0010d6dc717..39f6a3826c2 100644 --- a/pkgs/os-specific/linux/rtl8723bs/default.nix +++ b/pkgs/os-specific/linux/rtl8723bs/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { description = "Realtek SDIO Wi-Fi driver"; homepage = "https://github.com/hadess/rtl8723bs"; license = stdenv.lib.licenses.gpl2; - platforms = [ "x86_64-linux" "i686-linux" "armv7l-linux" ]; + platforms = stdenv.lib.platforms.linux; broken = ! versionAtLeast kernel.version "3.19"; maintainers = with maintainers; [ elitak ]; }; diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 321e94e3aaf..ec3e9b14d2a 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -54,4 +54,8 @@ stdenv.mkDerivation rec { homepage = http://pkg-shadow.alioth.debian.org/; description = "Suite containing authentication-related tools such as passwd and su"; }; + + passthru = { + shellPath = "/bin/nologin"; + }; } diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix index 99b869abcb0..18c0c16cef6 100644 --- a/pkgs/os-specific/linux/sysdig/default.nix +++ b/pkgs/os-specific/linux/sysdig/default.nix @@ -18,6 +18,10 @@ stdenv.mkDerivation { hardeningDisable = [ "pic" ]; + postPatch = '' + sed '1i#include <cmath>' -i userspace/libsinsp/{cursesspectro,filterchecks}.cpp + ''; + cmakeFlags = [ "-DUSE_BUNDLED_DEPS=OFF" ] ++ optional (kernel == null) "-DBUILD_DRIVER=OFF"; diff --git a/pkgs/os-specific/linux/sysstat/default.nix b/pkgs/os-specific/linux/sysstat/default.nix index 16431c465c1..adfcc76c31c 100644 --- a/pkgs/os-specific/linux/sysstat/default.nix +++ b/pkgs/os-specific/linux/sysstat/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, gettext, bzip2 }: stdenv.mkDerivation rec { - name = "sysstat-11.0.7"; + name = "sysstat-11.2.5"; src = fetchurl { url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz"; - sha256 = "12j55rdx1hyhsc5qm0anx9h9siaa58lhh9dchp40q4ag2wxamp1r"; + sha256 = "1r7869pnylamjry5f5l5m1jn68v61js9wdkz8yn37a9a2bcrqp2d"; }; buildInputs = [ gettext ]; @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { export SYSTEMCTL=systemctl ''; - makeFlags = "SYSCONFIG_DIR=$(out)/etc IGNORE_MAN_GROUP=y CHOWN=true"; + makeFlags = "SYSCONFIG_DIR=$(out)/etc IGNORE_FILE_ATTRIBUTES=y CHOWN=true"; installTargets = "install_base install_nls install_man"; patches = [ ./install.patch ]; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 748f180fe37..1dcbb8d8e18 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -16,12 +16,10 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "NixOS"; repo = "systemd"; - rev = "4ccee551f2ba8383c8b9bd06590a3cd1dfdf690f"; - sha256 = "1i4my5z7f8g5bykv1vxyw1az66s087lfqrck79kdm4hgvb4lsk6y"; + rev = "81d5aaac06b43fd72f5ab02734a17cbfb55d1f5b"; + sha256 = "1ig7jwmvaa1r4qlngjpnvvvvxhmzbxr171d257q4ryf87l93g1an"; }; - patches = [ ./hwdb-location.diff ]; - /* gave up for now! outputs = [ "out" "libudev" "doc" ]; # maybe: "dev" # note: there are many references to ${systemd}/... @@ -101,7 +99,8 @@ stdenv.mkDerivation rec { --replace /bin/echo ${coreutils}/bin/echo \ --replace /bin/cat ${coreutils}/bin/cat \ --replace /sbin/sulogin ${utillinux.bin}/sbin/sulogin \ - --replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck + --replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck \ + --replace /bin/plymouth /run/current-system/sw/bin/plymouth # To avoid dependency done substituteInPlace src/journal/catalog.c \ diff --git a/pkgs/os-specific/linux/systemd/hwdb-location.diff b/pkgs/os-specific/linux/systemd/hwdb-location.diff deleted file mode 100644 index 31e7a027f50..00000000000 --- a/pkgs/os-specific/linux/systemd/hwdb-location.diff +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c -index 06c9831..e74825c 100644 ---- a/src/libsystemd/sd-hwdb/sd-hwdb.c -+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c -@@ -268,13 +268,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { - } - - static const char hwdb_bin_paths[] = -- "/etc/systemd/hwdb/hwdb.bin\0" - "/etc/udev/hwdb.bin\0" -- "/usr/lib/systemd/hwdb/hwdb.bin\0" --#ifdef HAVE_SPLIT_USR -- "/lib/systemd/hwdb/hwdb.bin\0" --#endif -- UDEVLIBEXECDIR "/hwdb.bin\0"; -+ ; - - _public_ int sd_hwdb_new(sd_hwdb **ret) { - _cleanup_hwdb_unref_ sd_hwdb *hwdb = NULL; diff --git a/pkgs/os-specific/linux/trace-cmd/default.nix b/pkgs/os-specific/linux/trace-cmd/default.nix index c50f0185eb5..1d1712f6b47 100644 --- a/pkgs/os-specific/linux/trace-cmd/default.nix +++ b/pkgs/os-specific/linux/trace-cmd/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { installPhase = "make prefix=$out install install_doc"; meta = { - description = "user-space tools for the Linux kernel ftrace subsystem"; + description = "User-space tools for the Linux kernel ftrace subsystem"; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.linux; maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; diff --git a/pkgs/os-specific/linux/v4l-utils/default.nix b/pkgs/os-specific/linux/v4l-utils/default.nix index 476f3ffcac6..dbb3e60c335 100644 --- a/pkgs/os-specific/linux/v4l-utils/default.nix +++ b/pkgs/os-specific/linux/v4l-utils/default.nix @@ -16,11 +16,11 @@ let in stdenv.mkDerivation rec { - name = "v4l-utils-1.6.3"; + name = "v4l-utils-1.10.1"; src = fetchurl { url = "http://linuxtv.org/downloads/v4l-utils/${name}.tar.bz2"; - sha256 = "0k46z5gqjzg702m2vs4sv6sxynq1sj14m0pgwvl2gkgg3dfbyjhn"; + sha256 = "1h1nhg5cmmzlbipak526nk4bm6d0yb217mll75f3rpg7kz1cqiv1"; }; outputs = [ "dev" "out" ]; diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix new file mode 100644 index 00000000000..3e5f6ae7480 --- /dev/null +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -0,0 +1,55 @@ +{ stdenv, fetchgit, libmnl, kernel ? null }: + +let + name = "wireguard-${version}"; + + version = "20160708"; + + src = fetchgit { + url = "https://git.zx2c4.com/WireGuard"; + rev = "dcc2583fe0618931e51aedaeeddde356d123acb2"; + sha256 = "1ciyjpp8c3fv95y1cypk9qyqynp8cqyh2676afq2hd33110d37ni"; + }; + + meta = with stdenv.lib; { + homepage = https://www.wireguard.io/; + description = "Fast, modern, secure VPN tunnel"; + license = licenses.gpl2; + platforms = platforms.linux; + }; + + module = stdenv.mkDerivation { + inherit src meta name; + + preConfigure = '' + cd src + sed -i '/depmod/,+1d' Makefile + ''; + + KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + INSTALL_MOD_PATH = "\${out}"; + + buildPhase = "make module"; + + }; + + tools = stdenv.mkDerivation { + inherit src meta name; + + preConfigure = "cd src"; + + buildInputs = [ libmnl ]; + + makeFlags = [ + "DESTDIR=$(out)" + "PREFIX=/" + "-C" "tools" + ]; + + buildPhase = "make tools"; + + }; + +in if kernel == null + then tools + else module |