diff options
30 files changed, 539 insertions, 277 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 5b3a91662e8..f88dcb5d6f2 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -53,6 +53,11 @@ bash now defaults to major version 5. </para> </listitem> + <listitem> + <para> + Systemd was updated to version 249 (from 247). + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-new-services"> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 17d3afd5cea..a0b78f5a889 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -20,6 +20,8 @@ In addition to numerous new and upgraded packages, this release has the followin - bash now defaults to major version 5. +- Systemd was updated to version 249 (from 247). + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). diff --git a/nixos/modules/services/ttys/getty.nix b/nixos/modules/services/ttys/getty.nix index 7cf2ff87da2..eb966c37ce7 100644 --- a/nixos/modules/services/ttys/getty.nix +++ b/nixos/modules/services/ttys/getty.nix @@ -131,6 +131,14 @@ in restartIfChanged = false; }; + systemd.services."autovt@" = + { serviceConfig.ExecStart = [ + "" # override upstream default with an empty ExecStart + (gettyCmd "--noclear %I $TERM") + ]; + restartIfChanged = false; + }; + systemd.services."container-getty@" = { serviceConfig.ExecStart = [ "" # override upstream default with an empty ExecStart diff --git a/nixos/tests/systemd-confinement.nix b/nixos/tests/systemd-confinement.nix index e6a308f46d2..8fafb11e1e8 100644 --- a/nixos/tests/systemd-confinement.nix +++ b/nixos/tests/systemd-confinement.nix @@ -44,30 +44,26 @@ import ./make-test-python.nix { { config.confinement.mode = "chroot-only"; testScript = '' with subtest("chroot-only confinement"): - machine.succeed( - 'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix', - 'test "$(chroot-exec id -u)" = 0', - "chroot-exec chown 65534 /bin", - ) + paths = machine.succeed('chroot-exec ls -1 / | paste -sd,').strip() + assert_eq(paths, "bin,nix,run") + uid = machine.succeed('chroot-exec id -u').strip() + assert_eq(uid, "0") + machine.succeed("chroot-exec chown 65534 /bin") ''; } { testScript = '' with subtest("full confinement with APIVFS"): - machine.fail( - "chroot-exec ls -l /etc", - "chroot-exec ls -l /run", - "chroot-exec chown 65534 /bin", - ) - machine.succeed( - 'test "$(chroot-exec id -u)" = 0', - "chroot-exec chown 0 /bin", - ) + machine.fail("chroot-exec ls -l /etc") + machine.fail("chroot-exec chown 65534 /bin") + assert_eq(machine.succeed('chroot-exec id -u').strip(), "0") + machine.succeed("chroot-exec chown 0 /bin") ''; } { config.serviceConfig.BindReadOnlyPaths = [ "/etc" ]; testScript = '' with subtest("check existence of bind-mounted /etc"): - machine.succeed('test -n "$(chroot-exec cat /etc/passwd)"') + passwd = machine.succeed('chroot-exec cat /etc/passwd').strip() + assert len(passwd) > 0, "/etc/passwd must not be empty" ''; } { config.serviceConfig.User = "chroot-testuser"; @@ -75,7 +71,8 @@ import ./make-test-python.nix { testScript = '' with subtest("check if User/Group really runs as non-root"): machine.succeed("chroot-exec ls -l /dev") - machine.succeed('test "$(chroot-exec id -u)" != 0') + uid = machine.succeed('chroot-exec id -u').strip() + assert uid != "0", "UID of chroot-testuser shouldn't be 0" machine.fail("chroot-exec touch /bin/test") ''; } @@ -88,10 +85,8 @@ import ./make-test-python.nix { testScript = '' with subtest("check if symlinks are properly bind-mounted"): machine.fail("chroot-exec test -e /etc") - machine.succeed( - "chroot-exec cat ${symlink} >&2", - 'test "$(chroot-exec cat ${symlink})" = "got me"', - ) + text = machine.succeed('chroot-exec cat ${symlink}').strip() + assert_eq(text, "got me") ''; }) { config.serviceConfig.User = "chroot-testuser"; @@ -158,6 +153,9 @@ import ./make-test-python.nix { }; testScript = { nodes, ... }: '' + def assert_eq(a, b): + assert a == b, f"{a} != {b}" + machine.wait_for_unit("multi-user.target") '' + nodes.machine.config.__testSteps; } diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index d367a56010b..06e1ac9409a 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -3,6 +3,14 @@ , openssl, json_c, curl, libgcrypt , cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which }: +let + # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss, + # tpm2-tss tests depend on procps, procps depends on systemd by default). This + # needs to be conditional based on isLinux because procps for other systems + # might not support the withSystemd option. + procpsWithoutSystemd = procps.override { withSystemd = false; }; + procps_pkg = if stdenv.isLinux then procpsWithoutSystemd else procps; +in stdenv.mkDerivation rec { pname = "tpm2-tss"; @@ -20,7 +28,7 @@ stdenv.mkDerivation rec { ]; buildInputs = [ openssl json_c curl libgcrypt ]; checkInputs = [ - cmocka uthash ibm-sw-tpm2 iproute2 procps which + cmocka uthash ibm-sw-tpm2 iproute2 procps_pkg which ]; preAutoreconf = "./bootstrap"; diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index ac2d0018160..8a1cdc1da84 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -1,4 +1,4 @@ -From 2f4a5e9c9ef1cd57662e8bd4c24e1029a00d55b5 Mon Sep 17 00:00:00 2001 +From 57e31a2d4a5d5bd7a9e1cd8a0d8bc6a00624ad68 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue, 8 Jan 2013 15:46:30 +0100 Subject: [PATCH 01/19] Start device units for uninitialised encrypted devices @@ -13,7 +13,7 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index 7c22eefdb7..e3a55e00b5 100644 +index 25b8a590a6..d18999ea87 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in @@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" @@ -28,5 +28,5 @@ index 7c22eefdb7..e3a55e00b5 100644 SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index f54430f764e..129e0825d9f 100644 --- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -1,4 +1,4 @@ -From 4e96b2e074c4a4f4ce900409872ce2f86704ee5b Mon Sep 17 00:00:00 2001 +From 43465a392b47238a32f8719f603ed9e2c9bb0363 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri, 12 Apr 2013 13:16:57 +0200 Subject: [PATCH 02/19] Don't try to unmount /nix or /nix/store @@ -12,7 +12,7 @@ https://github.com/NixOS/nixos/issues/126 2 files changed, 4 insertions(+) diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c -index 292b97cd69..791b8e6b7e 100644 +index f683f05981..5a04c2c2a6 100644 --- a/src/shared/fstab-util.c +++ b/src/shared/fstab-util.c @@ -40,6 +40,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { @@ -25,10 +25,10 @@ index 292b97cd69..791b8e6b7e 100644 "/etc")) return true; diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 3a72a13e1a..541320dc9d 100644 +index c2a26242c0..9936398f32 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c -@@ -500,6 +500,8 @@ static int delete_md(MountPoint *m) { +@@ -496,6 +496,8 @@ static int delete_md(MountPoint *m) { static bool nonunmountable_path(const char *path) { return path_equal(path, "/") @@ -38,5 +38,5 @@ index 3a72a13e1a..541320dc9d 100644 || path_equal(path, "/usr") #endif -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index 37caffb97d7..91fdebc7ad3 100644 --- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -1,4 +1,4 @@ -From 3d1b2e56a6ed6cc86a64f6f89765a2900e576402 Mon Sep 17 00:00:00 2001 +From a99666d3d7012c2162fdacf84a57fc0b848fd957 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed, 16 Apr 2014 10:59:28 +0200 Subject: [PATCH 03/19] Fix NixOS containers @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 7515380fcd..14f8a82eb8 100644 +index 04685fecba..0e5ece5f91 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5323,6 +5323,7 @@ static int run(int argc, char *argv[]) { +@@ -5590,6 +5590,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index 7515380fcd..14f8a82eb8 100644 const char *p, *q; if (arg_pivot_root_new) -@@ -5337,6 +5338,7 @@ static int run(int argc, char *argv[]) { +@@ -5604,6 +5605,7 @@ static int run(int argc, char *argv[]) { r = -EINVAL; goto finish; } @@ -30,5 +30,5 @@ index 7515380fcd..14f8a82eb8 100644 } else { -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch index 2f14a9d6a7e..bdd205dd29e 100644 --- a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch +++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -1,4 +1,4 @@ -From 3a721cf70e952e933ef5374006bbb11a3a0ad36a Mon Sep 17 00:00:00 2001 +From 3f0780b25bdbe4156a2f761c90083bbba5f4d473 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu, 1 May 2014 14:10:10 +0200 Subject: [PATCH 04/19] Look for fsck in the right place @@ -8,7 +8,7 @@ Subject: [PATCH 04/19] Look for fsck in the right place 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c -index 510689f3b7..25cab5acae 100644 +index cd7adfaeb9..68cebdd158 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c @@ -368,7 +368,7 @@ static int run(int argc, char *argv[]) { @@ -21,5 +21,5 @@ index 510689f3b7..25cab5acae 100644 cmdline[i++] = "-T"; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch index 0acccacd613..8680d147ad1 100644 --- a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch +++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -1,4 +1,4 @@ -From 8b7f881cf22e98e907506f4c403b9e304e332bf9 Mon Sep 17 00:00:00 2001 +From 82698c6a5142e710c302f9c38367ed00d8ec94ba Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri, 19 Dec 2014 14:46:17 +0100 Subject: [PATCH 05/19] Add some NixOS-specific unit directories @@ -10,14 +10,14 @@ units provided by packages installed into the default profile via Also, remove /usr and /lib as these don't exist on NixOS. --- src/basic/path-lookup.c | 17 ++--------------- - src/core/systemd.pc.in | 5 +++-- - 2 files changed, 5 insertions(+), 17 deletions(-) + src/core/systemd.pc.in | 8 ++++---- + 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 96b82170d0..bf66bd6b77 100644 +index 05eb17d66c..1cd141d012 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c -@@ -94,11 +94,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { +@@ -91,11 +91,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { } static const char* const user_data_unit_paths[] = { @@ -29,7 +29,7 @@ index 96b82170d0..bf66bd6b77 100644 NULL }; -@@ -616,15 +612,13 @@ int lookup_paths_init( +@@ -613,15 +609,13 @@ int lookup_paths_init( persistent_config, SYSTEM_CONFIG_UNIT_DIR, "/etc/systemd/system", @@ -40,13 +40,13 @@ index 96b82170d0..bf66bd6b77 100644 STRV_IFNOTNULL(runtime_attached), STRV_IFNOTNULL(generator), - "/usr/local/lib/systemd/system", - SYSTEM_DATA_UNIT_PATH, + SYSTEM_DATA_UNIT_DIR, - "/usr/lib/systemd/system", - STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), STRV_IFNOTNULL(generator_late)); break; -@@ -640,14 +634,11 @@ int lookup_paths_init( +@@ -637,14 +631,11 @@ int lookup_paths_init( persistent_config, USER_CONFIG_UNIT_DIR, "/etc/systemd/user", @@ -62,7 +62,7 @@ index 96b82170d0..bf66bd6b77 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -797,7 +788,6 @@ char **generator_binary_paths(UnitFileScope scope) { +@@ -794,7 +785,6 @@ char **generator_binary_paths(UnitFileScope scope) { case UNIT_FILE_SYSTEM: add = strv_new("/run/systemd/system-generators", "/etc/systemd/system-generators", @@ -70,7 +70,7 @@ index 96b82170d0..bf66bd6b77 100644 SYSTEM_GENERATOR_DIR); break; -@@ -805,7 +795,6 @@ char **generator_binary_paths(UnitFileScope scope) { +@@ -802,7 +792,6 @@ char **generator_binary_paths(UnitFileScope scope) { case UNIT_FILE_USER: add = strv_new("/run/systemd/user-generators", "/etc/systemd/user-generators", @@ -78,7 +78,7 @@ index 96b82170d0..bf66bd6b77 100644 USER_GENERATOR_DIR); break; -@@ -844,12 +833,10 @@ char **env_generator_binary_paths(bool is_system) { +@@ -841,12 +830,10 @@ char **env_generator_binary_paths(bool is_system) { if (is_system) add = strv_new("/run/systemd/system-environment-generators", "/etc/systemd/system-environment-generators", @@ -92,10 +92,10 @@ index 96b82170d0..bf66bd6b77 100644 if (!add) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index b5cc8f94a5..a701cd05f8 100644 +index fc0f8c34fa..ded74ce50a 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in -@@ -38,10 +38,11 @@ systemdsystemconfdir=${systemd_system_conf_dir} +@@ -38,10 +38,10 @@ systemdsystemconfdir=${systemd_system_conf_dir} systemd_user_conf_dir=${sysconfdir}/systemd/user systemduserconfdir=${systemd_user_conf_dir} @@ -105,10 +105,22 @@ index b5cc8f94a5..a701cd05f8 100644 -systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemd_user_unit_dir}:/usr/lib/systemd/user:/usr/share/systemd/user +systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/user:${systemduserunitdir} -+ systemduserunitpath=${systemd_user_unit_path} systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators +@@ -50,10 +50,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir} + systemd_user_generator_dir=${prefix}/lib/systemd/user-generators + systemdusergeneratordir=${systemd_user_generator_dir} + +-systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir} ++systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:${systemd_system_generator_dir} + systemdsystemgeneratorpath=${systemd_system_generator_path} + +-systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:/usr/local/lib/systemd/user-generators:${systemd_user_generator_dir} ++systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:${systemd_user_generator_dir} + systemdusergeneratorpath=${systemd_user_generator_path} + + systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch index bda27ac1762..f6fa5833518 100644 --- a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -1,4 +1,4 @@ -From 7a6529ee27028860b93bc539e8bbf3f2374d712f Mon Sep 17 00:00:00 2001 +From e2a8db60ebfb1e0477ce989f6c3d4a95f2e08120 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon, 11 May 2015 15:39:38 +0200 Subject: [PATCH 06/19] Get rid of a useless message in user sessions @@ -9,23 +9,23 @@ Namely lots of variants of in containers. --- - src/core/unit.c | 3 ++- + src/core/manager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/src/core/unit.c b/src/core/unit.c -index 45a417a090..8af3cb08d6 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2163,7 +2163,8 @@ static void unit_check_binds_to(Unit *u) { - } +diff --git a/src/core/manager.c b/src/core/manager.c +index 8884437347..e23d47b4a4 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1375,7 +1375,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { + if (!unit_is_bound_by_inactive(u, &culprit)) + continue; - assert(other); -- log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); -+ if (u->type != UNIT_MOUNT || detect_container() <= 0) -+ log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); +- log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id); ++ if (u->type != UNIT_MOUNT || detect_container() <= 0) ++ log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id); - /* A unit we need to run is gone. Sniff. Let's stop this. */ - r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); + /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the + * service being unnecessary after a while. */ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch index d51e1c0f566..17c53e2e518 100644 --- a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -1,4 +1,4 @@ -From 5580303956ca7d8eb431d23c2af0030c9cc0e6e9 Mon Sep 17 00:00:00 2001 +From 56ae06b48c6852071dfc57c1203c04f07309d757 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner <gebner@gebner.org> Date: Sun, 6 Dec 2015 14:26:36 +0100 Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that @@ -11,10 +11,10 @@ Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that 3 files changed, 25 insertions(+) diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index a1794bdab1..77134731e1 100644 +index 36702f2fb0..669257ea2f 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c -@@ -643,6 +643,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ +@@ -797,6 +797,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ if (r < 0) return r; @@ -24,7 +24,7 @@ index a1794bdab1..77134731e1 100644 name = empty_to_null(name); context_read_etc_hostname(c); -@@ -702,6 +705,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess +@@ -860,6 +863,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess if (r < 0) return r; @@ -35,20 +35,20 @@ index a1794bdab1..77134731e1 100644 context_read_machine_info(c); diff --git a/src/locale/localed.c b/src/locale/localed.c -index 736dacdee9..53e0ee935e 100644 +index df0eb030d4..d026eae97e 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c -@@ -317,6 +317,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er +@@ -360,6 +360,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er if (r < 0) return r; + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); ++ "Changing system settings via systemd is not supported on NixOS."); + + use_localegen = locale_gen_check_available(); + /* If single locale without variable name is provided, then we assume it is LANG=. */ - if (strv_length(l) == 1 && !strchr(l[0], '=')) { - if (!locale_is_valid(l[0])) -@@ -432,6 +435,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro +@@ -485,6 +488,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro if (r < 0) return r; @@ -58,7 +58,7 @@ index 736dacdee9..53e0ee935e 100644 keymap = empty_to_null(keymap); keymap_toggle = empty_to_null(keymap_toggle); -@@ -606,6 +612,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err +@@ -665,6 +671,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err if (r < 0) return r; @@ -69,10 +69,10 @@ index 736dacdee9..53e0ee935e 100644 model = empty_to_null(model); variant = empty_to_null(variant); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 76fe04900d..e87c4c8919 100644 +index 66b454269d..0a8fe25d0f 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -646,6 +646,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * +@@ -668,6 +668,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * if (r < 0) return r; @@ -83,7 +83,7 @@ index 76fe04900d..e87c4c8919 100644 if (!timezone_is_valid(z, LOG_DEBUG)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); -@@ -725,6 +729,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error +@@ -747,6 +751,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error if (r < 0) return r; @@ -93,7 +93,7 @@ index 76fe04900d..e87c4c8919 100644 if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -907,6 +914,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -930,6 +937,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; @@ -104,5 +104,5 @@ index 76fe04900d..e87c4c8919 100644 if (r < 0) return r; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch index 2b1c02b233c..f272ef23dc0 100644 --- a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch +++ b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch @@ -1,32 +1,28 @@ -From 874698425f6d68fc0d662cb17c7c29e0af3e8c25 Mon Sep 17 00:00:00 2001 +From b783b2da164482f26ac5e6e347dc41930c072ea5 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Thu, 7 Jul 2016 02:47:13 +0300 Subject: [PATCH 08/19] Fix hwdb paths Patch by vcunat. --- - src/libsystemd/sd-hwdb/sd-hwdb.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) + src/libsystemd/sd-hwdb/hwdb-internal.h | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) -diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c -index cb3c77ce96..7b8c80071f 100644 ---- a/src/libsystemd/sd-hwdb/sd-hwdb.c -+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c -@@ -297,13 +297,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { - } +diff --git a/src/libsystemd/sd-hwdb/hwdb-internal.h b/src/libsystemd/sd-hwdb/hwdb-internal.h +index 5ddc2211e6..ee621eec46 100644 +--- a/src/libsystemd/sd-hwdb/hwdb-internal.h ++++ b/src/libsystemd/sd-hwdb/hwdb-internal.h +@@ -82,8 +82,5 @@ struct trie_value_entry2_f { + } _packed_; - static const char hwdb_bin_paths[] = -- "/etc/systemd/hwdb/hwdb.bin\0" - "/etc/udev/hwdb.bin\0" -- "/usr/lib/systemd/hwdb/hwdb.bin\0" --#if HAVE_SPLIT_USR -- "/lib/systemd/hwdb/hwdb.bin\0" --#endif -- UDEVLIBEXECDIR "/hwdb.bin\0"; -+ ; - - _public_ int sd_hwdb_new(sd_hwdb **ret) { - _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; + #define hwdb_bin_paths \ +- "/etc/systemd/hwdb/hwdb.bin\0" \ +- "/etc/udev/hwdb.bin\0" \ +- "/usr/lib/systemd/hwdb/hwdb.bin\0" \ +- _CONF_PATHS_SPLIT_USR_NULSTR("systemd/hwdb/hwdb.bin") \ +- UDEVLIBEXECDIR "/hwdb.bin\0" ++ "/etc/udev/hwdb.bin\0" ++ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index a1e8ec963c7..791e47065d6 100644 --- a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -1,4 +1,4 @@ -From 367d0dad3d1853048569e315931cb8a27e16a098 Mon Sep 17 00:00:00 2001 +From e24c05ef8cfe48c4f0ebdb92e8147ae2151e4c87 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Tue, 11 Oct 2016 13:12:08 +0300 Subject: [PATCH 09/19] Change /usr/share/zoneinfo to /etc/zoneinfo @@ -6,11 +6,11 @@ Subject: [PATCH 09/19] Change /usr/share/zoneinfo to /etc/zoneinfo NixOS uses this path. --- man/localtime.xml | 4 ++-- - src/basic/time-util.c | 6 +++--- + src/basic/time-util.c | 8 ++++---- src/firstboot/firstboot.c | 2 +- src/nspawn/nspawn.c | 4 ++-- src/timedate/timedated.c | 8 ++++---- - 5 files changed, 12 insertions(+), 12 deletions(-) + 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/man/localtime.xml b/man/localtime.xml index e486474c44..5f373d0723 100644 @@ -35,28 +35,37 @@ index e486474c44..5f373d0723 100644 <literal>Etc/UTC</literal>. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 5318d6378d..04069dc27b 100644 +index 5d162e8ffe..1bec83e555 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c -@@ -1277,7 +1277,7 @@ int get_timezones(char ***ret) { - n_allocated = 2; - n_zones = 1; +@@ -1269,7 +1269,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { + + assert(ret); - f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); + f = fopen("/etc/zoneinfo/zone1970.tab", "re"); - if (f) { - for (;;) { - _cleanup_free_ char *line = NULL; -@@ -1372,7 +1372,7 @@ bool timezone_is_valid(const char *name, int log_level) { + if (!f) + return -errno; + +@@ -1308,7 +1308,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { + _cleanup_strv_free_ char **zones = NULL; + int r; + +- f = fopen("/usr/share/zoneinfo/tzdata.zi", "re"); ++ f = fopen("/etc/zoneinfo/tzdata.zi", "re"); + if (!f) + return -errno; + +@@ -1421,7 +1421,7 @@ int verify_timezone(const char *name, int log_level) { if (p - name >= PATH_MAX) - return false; + return -ENAMETOOLONG; - t = strjoina("/usr/share/zoneinfo/", name); + t = strjoina("/etc/zoneinfo/", name); fd = open(t, O_RDONLY|O_CLOEXEC); - if (fd < 0) { -@@ -1470,7 +1470,7 @@ int get_timezone(char **ret) { + if (fd < 0) +@@ -1512,7 +1512,7 @@ int get_timezone(char **ret) { if (r < 0) return r; /* returns EINVAL if not a symlink */ @@ -66,10 +75,10 @@ index 5318d6378d..04069dc27b 100644 return -EINVAL; diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index 742b43f9fc..f2cb121816 100644 +index 2cb4f80d5d..ebeaeac52f 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c -@@ -459,7 +459,7 @@ static int process_timezone(void) { +@@ -491,7 +491,7 @@ static int process_timezone(void) { if (isempty(arg_timezone)) return 0; @@ -79,10 +88,10 @@ index 742b43f9fc..f2cb121816 100644 (void) mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 14f8a82eb8..8632dadec6 100644 +index 0e5ece5f91..cc46435472 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -1810,8 +1810,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u +@@ -1887,8 +1887,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid static const char *timezone_from_path(const char *path) { return PATH_STARTSWITH_SET( path, @@ -94,10 +103,10 @@ index 14f8a82eb8..8632dadec6 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index e87c4c8919..964a40ba81 100644 +index 0a8fe25d0f..2f02b9a520 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -269,7 +269,7 @@ static int context_read_data(Context *c) { +@@ -279,7 +279,7 @@ static int context_read_data(Context *c) { r = get_timezone(&t); if (r == -EINVAL) @@ -106,7 +115,7 @@ index e87c4c8919..964a40ba81 100644 else if (r < 0) log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); -@@ -293,7 +293,7 @@ static int context_write_data_timezone(Context *c) { +@@ -303,7 +303,7 @@ static int context_write_data_timezone(Context *c) { if (isempty(c->zone) || streq(c->zone, "UTC")) { @@ -115,7 +124,7 @@ index e87c4c8919..964a40ba81 100644 if (unlink("/etc/localtime") < 0 && errno != ENOENT) return -errno; -@@ -301,9 +301,9 @@ static int context_write_data_timezone(Context *c) { +@@ -311,9 +311,9 @@ static int context_write_data_timezone(Context *c) { return 0; } @@ -128,5 +137,5 @@ index e87c4c8919..964a40ba81 100644 return -ENOMEM; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch index 334156495fc..d9b04811386 100644 --- a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -1,4 +1,4 @@ -From bf285fe7e12bd22f95c14bcefbb5008888c32bfa Mon Sep 17 00:00:00 2001 +From 09f6ca91b4131637038686dafd57b5da642c100e Mon Sep 17 00:00:00 2001 From: Imuli <i@imu.li> Date: Wed, 19 Oct 2016 08:46:47 -0400 Subject: [PATCH 10/19] localectl: use /etc/X11/xkb for list-x11-* @@ -10,10 +10,10 @@ NixOS has an option to link the xkb data files to /etc/X11, but not to 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/localectl.c b/src/locale/localectl.c -index 7d2e887660..91c5139eed 100644 +index 548ac8eb2c..5e372f1566 100644 --- a/src/locale/localectl.c +++ b/src/locale/localectl.c -@@ -277,7 +277,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { +@@ -280,7 +280,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { } state = NONE, look_for; int r; @@ -23,5 +23,5 @@ index 7d2e887660..91c5139eed 100644 return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch index 902018ee4b9..f88b802b298 100644 --- a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -1,4 +1,4 @@ -From 293b19c5fdbda1b4ee579a7e8ba12f024a6f34c9 Mon Sep 17 00:00:00 2001 +From d5716cd93fdaad16b590a581f39d95954f40748e Mon Sep 17 00:00:00 2001 From: Franz Pletz <fpletz@fnordicwalking.de> Date: Sun, 11 Feb 2018 04:37:44 +0100 Subject: [PATCH 11/19] build: don't create statedir and don't touch prefixdir @@ -8,11 +8,11 @@ Subject: [PATCH 11/19] build: don't create statedir and don't touch prefixdir 1 file changed, 3 deletions(-) diff --git a/meson.build b/meson.build -index 580964c3fa..f99d4f3ab5 100644 +index 738879eb21..453ee4b1c0 100644 --- a/meson.build +++ b/meson.build -@@ -3518,9 +3518,6 @@ install_data('LICENSE.GPL2', - 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', +@@ -3538,9 +3538,6 @@ install_data('LICENSE.GPL2', + 'docs/GVARIANT-SERIALIZATION.md', install_dir : docdir) -meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) @@ -20,7 +20,7 @@ index 580964c3fa..f99d4f3ab5 100644 - ############################################################ - check_help = find_program('tools/check-help.sh') + # Ensure that changes to the docs/ directory do not break the -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch index 05fce10e856..f5a6fde26b1 100644 --- a/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch +++ b/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch @@ -1,4 +1,4 @@ -From 63777e7f690b67952bf4571f8e09e5d8e769d3c0 Mon Sep 17 00:00:00 2001 +From 40a5df71e7af5feefacae9fc95bf94e72c6c12f4 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold <andreas@rammhold.de> Date: Fri, 2 Nov 2018 21:15:42 +0100 Subject: [PATCH 12/19] inherit systemd environment when calling generators. @@ -12,19 +12,20 @@ tries to gather environments with that they call "environment-generators" and then seems to pass that on to all the other executables that are being called from managers. --- - src/core/manager.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) + src/core/manager.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 6858950107..07a599ede7 100644 +index e23d47b4a4..1047aadebc 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -4142,9 +4142,14 @@ static int manager_run_generators(Manager *m) { +@@ -4145,10 +4145,15 @@ static int manager_run_generators(Manager *m) { argv[4] = NULL; RUN_WITH_UMASK(0022) - (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, NULL, NULL, -- (char**) argv, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); +- (char**) argv, m->transient_environment, +- EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID); - + (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, + // On NixOS we must propagate PATH to generators so they are @@ -33,10 +34,11 @@ index 6858950107..07a599ede7 100644 + // function (envp) is set to NULL. This propagates systemd's + // environment (e.g. PATH) that was setup + // before calling systemd from stage-2-init.sh. -+ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); ++ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, ++ EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID); r = 0; finish: -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch index b9bab2d387e..da6aa2627ff 100644 --- a/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch +++ b/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch @@ -1,4 +1,4 @@ -From 561dc3b864d96753b5dc448e6e1a80460d5f0bc4 Mon Sep 17 00:00:00 2001 +From fe3aff271cf127c1484533237fe0a024e07ae7bc Mon Sep 17 00:00:00 2001 From: Andreas Rammhold <andreas@rammhold.de> Date: Thu, 9 May 2019 11:15:22 +0200 Subject: [PATCH 13/19] add rootprefix to lookup dir paths @@ -34,5 +34,5 @@ index 2e60abb4f1..732ec51d36 100644 #define CONF_PATHS(n) \ CONF_PATHS_USR(n) \ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index c737b61e749..1ed19358a15 100644 --- a/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -1,4 +1,4 @@ -From 8f619304804b02f4e9d7a340ca90359f96adc6e8 Mon Sep 17 00:00:00 2001 +From 31732478745f7a200004fb8ec013f54dbc536f2e Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Thu, 25 Jul 2019 20:45:55 +0300 Subject: [PATCH 14/19] systemd-shutdown: execute scripts in @@ -10,7 +10,7 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 0d07865542..26d974ef73 100644 +index a98cfc4d8a..b0b34edda7 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c @@ -312,7 +312,7 @@ int main(int argc, char *argv[]) { @@ -23,5 +23,5 @@ index 0d07865542..26d974ef73 100644 /* The log target defaults to console, but the original systemd process will pass its log target in through a * command line argument, which will override this default. Also, ensure we'll never log to the journal or -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index 3059216f7c5..2777de09fad 100644 --- a/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -1,4 +1,4 @@ -From 577b11afe38fc185d785ca8f125f518a4eb21a00 Mon Sep 17 00:00:00 2001 +From 3f2277b86f39cb55936ae11c2365feb283b547cb Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov <ab@fmap.me> Date: Thu, 25 Jul 2019 20:46:58 +0300 Subject: [PATCH 15/19] systemd-sleep: execute scripts in @@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index 39ab554290..880ac7ccb0 100644 +index a3aeb24633..0ed6a34d79 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -178,6 +178,7 @@ static int execute(char **modes, char **states) { +@@ -182,6 +182,7 @@ static int execute( }; static const char* const dirs[] = { SYSTEM_SLEEP_PATH, @@ -22,5 +22,5 @@ index 39ab554290..880ac7ccb0 100644 }; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch index ad19d910e1e..6ef53e95d02 100644 --- a/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch +++ b/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch @@ -1,4 +1,4 @@ -From ba19f629c1806ca2d2ab58154e45bce4ae4a3f0c Mon Sep 17 00:00:00 2001 +From 330490aa8a44206bc03205654680913ab01408a1 Mon Sep 17 00:00:00 2001 From: Florian Klink <flokli@flokli.de> Date: Sat, 7 Mar 2020 22:40:27 +0100 Subject: [PATCH 16/19] kmod-static-nodes.service: Update ConditionFileNotEmpty @@ -10,10 +10,10 @@ On NixOS, kernel modules of the currently booted systems are located at 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in -index f4170d6a99..9a6a591bea 100644 +index 777e82d16b..b6abc2bba0 100644 --- a/units/kmod-static-nodes.service.in +++ b/units/kmod-static-nodes.service.in -@@ -12,7 +12,7 @@ Description=Create list of static device nodes for the current kernel +@@ -12,7 +12,7 @@ Description=Create List of Static Device Nodes DefaultDependencies=no Before=sysinit.target systemd-tmpfiles-setup-dev.service ConditionCapability=CAP_SYS_MODULE @@ -23,5 +23,5 @@ index f4170d6a99..9a6a591bea 100644 [Service] Type=oneshot -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index 585a0aa112e..775c8e09847 100644 --- a/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -1,4 +1,4 @@ -From c639f311bd27c2bff62a22c34bc92613aaf77587 Mon Sep 17 00:00:00 2001 +From 216018be7b422586b937dae8fd83f51989479a41 Mon Sep 17 00:00:00 2001 From: Florian Klink <flokli@flokli.de> Date: Sun, 8 Mar 2020 01:05:54 +0100 Subject: [PATCH 17/19] path-util.h: add placeholder for DEFAULT_PATH_NORMAL @@ -10,7 +10,7 @@ systemd itself uses extensively. 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index d613709f0b..5cced4c115 100644 +index 26e7362d1f..a8f8a863ec 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -24,11 +24,11 @@ @@ -29,5 +29,5 @@ index d613709f0b..5cced4c115 100644 #if HAVE_SPLIT_USR # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch b/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch index f634e74e663..21d466b02bb 100644 --- a/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch +++ b/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch @@ -1,4 +1,4 @@ -From ebb37f81c28aaa80acd9187a7d77dcb3cb3828db Mon Sep 17 00:00:00 2001 +From beb594ff3bceb95598ffa8ec47c31bacb2449473 Mon Sep 17 00:00:00 2001 From: Thomas Tuegel <ttuegel@mailbox.org> Date: Mon, 26 Oct 2020 21:21:38 +0100 Subject: [PATCH 18/19] logind-seat-debus: show CanMultiSession again @@ -9,10 +9,10 @@ Fixes the "switch user" function in Plasma < 5.20. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c -index a60ed2d3c2..69b6271075 100644 +index cceb3b1d2d..94b4723bb9 100644 --- a/src/login/logind-seat-dbus.c +++ b/src/login/logind-seat-dbus.c -@@ -450,7 +450,7 @@ static const sd_bus_vtable seat_vtable[] = { +@@ -419,7 +419,7 @@ static const sd_bus_vtable seat_vtable[] = { SD_BUS_PROPERTY("Id", "s", NULL, offsetof(Seat, id), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ActiveSession", "(so)", property_get_active_session, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), @@ -22,5 +22,5 @@ index a60ed2d3c2..69b6271075 100644 SD_BUS_PROPERTY("CanGraphical", "b", property_get_can_graphical, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("Sessions", "a(so)", property_get_sessions, 0, 0), -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch b/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch index 2d93cdef9a3..da071603557 100644 --- a/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch +++ b/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch @@ -1,4 +1,4 @@ -From 5439a516995f9fd57fc91c2cdd016bb18f31aadf Mon Sep 17 00:00:00 2001 +From 2e7477dc29095141a0556ded11f0ee370d82bfbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> Date: Sun, 6 Dec 2020 08:34:19 +0100 Subject: [PATCH 19/19] pkg-config: derive prefix from --prefix @@ -16,7 +16,7 @@ Co-Authored-By: Florian Klink <flokli@flokli.de> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index a701cd05f8..85d6911bdf 100644 +index ded74ce50a..0262f53154 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in @@ -11,7 +11,7 @@ @@ -24,10 +24,10 @@ index a701cd05f8..85d6911bdf 100644 # shall have underscores. -prefix=/usr -+prefix=@prefix@ - root_prefix=@rootprefix_noslash@ ++prefix={{PREFIX}} + root_prefix={{ROOTPREFIX_NOSLASH}} rootprefix=${root_prefix} - sysconf_dir=@sysconfdir@ + sysconf_dir={{SYSCONF_DIR}} -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch b/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch new file mode 100644 index 00000000000..4567c2fa316 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch @@ -0,0 +1,31 @@ +From 1a2d24d210c9329e8b900fdb01576c57374581d8 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold <andreas@rammhold.de> +Date: Mon, 26 Jul 2021 16:57:43 +0200 +Subject: [PATCH 20/20] core: respect install_sysconfdir_samples in meson file + +The refactoring done in e11a25cadbe caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicated whether or not the +sample files should be installed. +--- + src/core/meson.build | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/meson.build b/src/core/meson.build +index f0d2c6f642..4ff7e00e36 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -187,6 +187,10 @@ foreach item : in_files + file = item[0] + dir = item[1] + ++ if not install_sysconfdir_samples and dir == pkgsysconfdir ++ continue ++ endif ++ + custom_target( + file, + input : file + '.in', +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch b/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch new file mode 100644 index 00000000000..b048249e051 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch @@ -0,0 +1,29 @@ +From 189ba3af8b21cfc53527453907e800a2917b1bfd Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold <andreas@rammhold.de> +Date: Mon, 26 Jul 2021 17:20:34 +0200 +Subject: [PATCH] login: respect install_sysconfdir_samples in meson file + +The refactoring done in c900d89faa0 caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicates whether or not the +sample files should be installed. +--- + src/login/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/meson.build b/src/login/meson.build +index 8c20e6be65..b637adc9a2 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -67,7 +67,7 @@ pam_systemd_c = files('pam_systemd.c') + + enable_logind = conf.get('ENABLE_LOGIND') == 1 + in_files = [ +- ['logind.conf', pkgsysconfdir, enable_logind], ++ ['logind.conf', pkgsysconfdir, enable_logind and install_sysconfdir_samples], + ['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1], + ['71-seat.rules', udevrulesdir, enable_logind], + ['73-seat-late.rules', udevrulesdir, enable_logind], +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch b/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch new file mode 100644 index 00000000000..c7d022b1ffd --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch @@ -0,0 +1,80 @@ +From 5f17b65d30480e489e135b403a072b38535b2911 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold <andreas@rammhold.de> +Date: Wed, 18 Aug 2021 19:10:08 +0200 +Subject: [PATCH] core: handle lookup paths being symlinks + +With a recent change paths leaving the statically known lookup paths +would be treated differently then those that remained within those. That +was done (AFAIK) to consistently handle alias names. Unfortunately that +means that on some distributions, especially those where /etc/ consists +mostly of symlinks, would trigger that new detection for every single +unit in /etc/systemd/system. The reason for that is that the units +directory itself is already a symlink. +--- + src/basic/unit-file.c | 33 +++++++++++++++++++++++++++++++-- + 1 file changed, 31 insertions(+), 2 deletions(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 884a0674a9..3ae2a115d0 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -254,6 +254,7 @@ int unit_file_build_name_map( + + _cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL; + _cleanup_set_free_free_ Set *paths = NULL; ++ _cleanup_strv_free_ char **expanded_search_paths = NULL; + uint64_t timestamp_hash; + char **dir; + int r; +@@ -273,6 +274,34 @@ int unit_file_build_name_map( + return log_oom(); + } + ++ /* Go over all our search paths, chase their symlinks and store the ++ * result in the expanded_search_paths list. ++ * ++ * This is important for cases where any of the unit directories itself ++ * are symlinks into other directories and would therefore cause all of ++ * the unit files to be recognized as linked units. ++ * ++ * This is important for distributions such as NixOS where most paths ++ * in /etc/ are symlinks to some other location on the filesystem (e.g. ++ * into /nix/store/). ++ */ ++ STRV_FOREACH(dir, (char**) lp->search_path) { ++ _cleanup_free_ char *resolved_dir = NULL; ++ r = strv_extend(&expanded_search_paths, *dir); ++ if (r < 0) ++ return log_oom(); ++ ++ r = chase_symlinks(*dir, NULL, 0, &resolved_dir, NULL); ++ if (r < 0) { ++ if (r != -ENOENT) ++ log_warning_errno(r, "Failed to resolve symlink %s, ignoring: %m", *dir); ++ continue; ++ } ++ ++ if (strv_consume(&expanded_search_paths, TAKE_PTR(resolved_dir)) < 0) ++ return log_oom(); ++ } ++ + STRV_FOREACH(dir, (char**) lp->search_path) { + struct dirent *de; + _cleanup_closedir_ DIR *d = NULL; +@@ -351,11 +380,11 @@ int unit_file_build_name_map( + continue; + } + +- /* Check if the symlink goes outside of our search path. ++ /* Check if the symlink goes outside of our (expanded) search path. + * If yes, it's a linked unit file or mask, and we don't care about the target name. + * Let's just store the link source directly. + * If not, let's verify that it's a good symlink. */ +- char *tail = path_startswith_strv(simplified, lp->search_path); ++ char *tail = path_startswith_strv(simplified, expanded_search_paths); + if (!tail) { + log_debug("%s: linked unit file: %s → %s", + __func__, filename, simplified); +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch b/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch new file mode 100644 index 00000000000..026d0278797 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch @@ -0,0 +1,29 @@ +From 93413acd3ef3a637a0f31a1d133b103e1dc81fd6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 23 Aug 2021 06:16:48 +0900 +Subject: [PATCH] path-util: make find_executable() work without /proc mounted + +Follow-up for 888f65ace6296ed61285d31db846babf1c11885e. + +Hopefully fixes #20514. +--- + src/basic/path-util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/basic/path-util.c b/src/basic/path-util.c +index d11f254a9f6a..a21981616b59 100644 +--- a/src/basic/path-util.c ++++ b/src/basic/path-util.c +@@ -630,7 +630,11 @@ static int check_x_access(const char *path, int *ret_fd) { + return r; + + r = access_fd(fd, X_OK); +- if (r < 0) ++ if (r == -ENOSYS) { ++ /* /proc is not mounted. Fallback to access(). */ ++ if (access(path, X_OK) < 0) ++ return -errno; ++ } else if (r < 0) + return r; + + if (ret_fd) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 63f82923cb7..9f92c34cee6 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -39,6 +39,7 @@ , gnupg , zlib , xz +, tpm2-tss , libuuid , libapparmor , intltool @@ -57,6 +58,12 @@ , bashInteractive , libmicrohttpd + # the (optional) BPF feature requires bpftool, libbpf, clang and llmv-strip to be avilable during build time. + # Only libbpf should be a runtime dependency. +, bpftools +, libbpf +, llvmPackages + , withAnalyze ? true , withApparmor ? true , withCompression ? true # adds bzip2, lz4 and xz @@ -64,10 +71,12 @@ , withCryptsetup ? true , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi +, withFido2 ? true , withHomed ? false , withHostnamed ? true , withHwdb ? true , withImportd ? true +, withLibBPF ? false # currently fails while generating BPF objects , withLocaled ? true , withLogind ? true , withMachined ? true @@ -82,6 +91,7 @@ , withShellCompletions ? true , withTimedated ? true , withTimesyncd ? true +, withTpm2Tss ? true , withUserDb ? true , libfido2 , p11-kit @@ -106,15 +116,13 @@ assert withCoredump -> withCompression; assert withHomed -> withCryptsetup; -assert withCryptsetup -> -(cryptsetup != null); +assert withCryptsetup -> (cryptsetup != null); let wantCurl = withRemote || withImportd; - + version = "249.4"; in -stdenv.mkDerivation rec { - inherit pname; - version = "247.6"; +stdenv.mkDerivation { + inherit pname version; # We use systemd/systemd-stable for src, and ship NixOS-specific patches inside nixpkgs directly # This has proven to be less error-prone than the previous systemd fork. @@ -122,7 +130,7 @@ stdenv.mkDerivation rec { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "sha256-7XYEq3Qw25suwjbtPzx9lVPHUu9ZY/1bADXl2wQbkJc="; + sha256 = "0pqi9gbk9kgwvd0idf13ybxz7s4h5przn01bwj6fna44jr0wy41c"; }; # If these need to be regenerated, `git am path/to/00*.patch` them into a @@ -150,18 +158,26 @@ stdenv.mkDerivation rec { ./0018-logind-seat-debus-show-CanMultiSession-again.patch ./0019-pkg-config-derive-prefix-from-prefix.patch - # Fix -Werror=format. - (fetchpatch { - url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch"; - sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add"; - }) - - # Fix CVE-2021-33910, disclosed 2021-07-20 - (fetchpatch { - name = "CVE-2021-33910.patch"; - url = "https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9.patch"; - sha256 = "1g1lk95igaadg67kah9bpi4zsc01rg398sd1247ghjsvl5hxn4v4"; - }) + # In v249 a bunch of meson files had been touched as part of the migration to + # jinja2 for templating. Unfortunately some of those files lost the `install_sysconfdir_samples` check. + # The following two patches are part of a PR that was filed to fix those cases. + # https://github.com/systemd/systemd/pull/20303 + ./0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch + ./0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch + + # In v248 or v249 we started to get in trouble due to our /etc/systemd/sytem being + # a symlink and thus being treated differently by systemd. With the below + # patch we mitigate that effect by special casing all our root unit dirs + # if they are symlinks. This does exactly what we need (AFAICT). + ./0022-core-Handle-lookup-paths-being-symlinks.patch + + # The way files are being tested for being executable changed in v248/v249 + # which caused our confinement setup to fail as we do not mount /proc by + # default. + # The issue has been reported upstream and this patch carries the upstream + # fix for the same. Upstream now has a test for this scenario. + # https://github.com/systemd/systemd/issues/20514 + ./0023-path-util-make-find_executable-work-without-proc-mounted.patch ]; postPatch = '' @@ -175,14 +191,14 @@ stdenv.mkDerivation rec { "find_program('${stdenv.cc.bintools.targetPrefix}objcopy'" '' + ( let - # The folllowing dlopen patches ensure that all the features that are - # implemented via dlopen(3) are available (or explicitly deactivated) by - # pointing dlopen to the absolute store path instead of relying on the - # linkers runtime lookup code. + # The folllowing patches references to dynamic libraries to ensure that + # all the features that are implemented via dlopen(3) are available (or + # explicitly deactivated) by pointing dlopen to the absolute store path + # instead of relying on the linkers runtime lookup code. # - # All of the dlopen calls have to be handled. When new ones are introduced - # by upstream (or one of our patches) they must be explicitly declared, - # otherwise the build will fail. + # All of the shared library references have to be handled. When new ones + # are introduced by upstream (or one of our patches) they must be + # explicitly declared, otherwise the build will fail. # # As of systemd version 247 we've seen a few errors like `libpcre2.… not # found` when using e.g. --grep with journalctl. Those errors should @@ -201,32 +217,45 @@ stdenv.mkDerivation rec { # path location). # # To get a list of dynamically loaded libraries issue something like - # `grep -ri 'dlopen("lib' $src` and update the below list. - dlopenLibs = [ - # We did never provide support for libxkbcommon & qrencode - { name = "libxkbcommon.so.0"; pkg = null; } - { name = "libqrencode.so.4"; pkg = null; } - - # We did not provide libpwquality before so it is safe to disable it for - # now. - { name = "libpwquality.so.1"; pkg = null; } - - # Only include cryptsetup if it is enabled. We might not be able to - # provide it during "bootstrap" in e.g. the minimal systemd build as - # cryptsetup has udev (aka systemd) in it's dependencies. - { name = "libcryptsetup.so.12"; pkg = if withCryptsetup then cryptsetup else null; } - - # We are using libidn2 so we only provide that and ignore the others. - # Systemd does this decision during configure time and uses ifdef's to - # enable specific branches. We can safely ignore (nuke) the libidn "v1" - # libraries. - { name = "libidn2.so.0"; pkg = libidn2; } - { name = "libidn.so.12"; pkg = null; } - { name = "libidn.so.11"; pkg = null; } - - # journalctl --grep requires libpcre so lets provide it - { name = "libpcre2-8.so.0"; pkg = pcre2; } - ]; + # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list. + dlopenLibs = + let + opt = condition: pkg: if condition then pkg else null; + in + [ + # bpf compilation support + { name = "libbpf.so.0"; pkg = opt withLibBPF libbpf; } + + # We did never provide support for libxkbcommon & qrencode + { name = "libxkbcommon.so.0"; pkg = null; } + { name = "libqrencode.so.4"; pkg = null; } + + # We did not provide libpwquality before so it is safe to disable it for + # now. + { name = "libpwquality.so.1"; pkg = null; } + + # Only include cryptsetup if it is enabled. We might not be able to + # provide it during "bootstrap" in e.g. the minimal systemd build as + # cryptsetup has udev (aka systemd) in it's dependencies. + { name = "libcryptsetup.so.12"; pkg = opt withCryptsetup cryptsetup; } + + # We are using libidn2 so we only provide that and ignore the others. + # Systemd does this decision during configure time and uses ifdef's to + # enable specific branches. We can safely ignore (nuke) the libidn "v1" + # libraries. + { name = "libidn2.so.0"; pkg = libidn2; } + { name = "libidn.so.12"; pkg = null; } + { name = "libidn.so.11"; pkg = null; } + + # journalctl --grep requires libpcre so lets provide it + { name = "libpcre2-8.so.0"; pkg = pcre2; } + + # Support for TPM2 in systemd-cryptsetup, systemd-repart and systemd-cryptenroll + { name = "libtss2-esys.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libtss2-rc.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libtss2-mu.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libfido2.so.1"; pkg = opt withFido2 libfido2; } + ]; patchDlOpen = dl: let @@ -234,9 +263,9 @@ stdenv.mkDerivation rec { in if dl.pkg == null then '' # remove the dependency on the library by replacing it with an invalid path - for file in $(grep -lr 'dlopen("${dl.name}"' src); do + for file in $(grep -lr '"${dl.name}"' src); do echo "patching dlopen(\"${dl.name}\", …) in $file to an invalid store path ("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}")…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' + substituteInPlace "$file" --replace '"${dl.name}"' '"/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' done '' else '' # ensure that the library we provide actually exists @@ -245,76 +274,94 @@ stdenv.mkDerivation rec { exit 1 fi # make the path to the dependency explicit - for file in $(grep -lr 'dlopen("${dl.name}"' src); do + for file in $(grep -lr '"${dl.name}"' src); do echo "patching dlopen(\"${dl.name}\", …) in $file to ${library}…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("${library}"' + substituteInPlace "$file" --replace '"${dl.name}"' '"${library}"' done + ''; in # patch all the dlopen calls to contain absolute paths to the libraries lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs ) - # finally ensure that there are no left-over dlopen calls that we didn't handle + # finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle + '' - if grep -qr 'dlopen("[^/]' src; then - echo "Found unhandled dlopen calls: " - grep -r 'dlopen("[^/]' src + if grep -qr '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src; then + echo "Found unhandled dynamic library calls: " + grep -r '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src exit 1 fi + '' + # Finally patch shebangs that might need patching. + # Should no longer be necessary with v250. + # https://github.com/systemd/systemd/pull/19638 + + '' + patchShebangs . ''; outputs = [ "out" "man" "dev" ]; - nativeBuildInputs = [ - pkg-config - gperf - ninja - meson - glibcLocales - getent - m4 - - intltool - gettext - - libxslt - docbook_xsl - docbook_xml_dtd_42 - docbook_xml_dtd_45 - (buildPackages.python3Packages.python.withPackages (ps: with ps; [ python3Packages.lxml ])) - ]; + nativeBuildInputs = + [ + pkg-config + gperf + ninja + meson + glibcLocales + getent + m4 + + intltool + gettext + + libxslt + docbook_xsl + docbook_xml_dtd_42 + docbook_xml_dtd_45 + (buildPackages.python3Packages.python.withPackages (ps: with ps; [ lxml jinja2 ])) + ] + ++ lib.optional withLibBPF [ + bpftools + llvmPackages.clang + llvmPackages.libllvm + ] + ; - buildInputs = [ - acl - audit - glib - kmod - libcap - libgcrypt - libidn2 - libuuid - linuxHeaders - pam - ] - - ++ lib.optional withApparmor libapparmor - ++ lib.optional wantCurl (lib.getDev curl) - ++ lib.optionals withCompression [ bzip2 lz4 xz ] - ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev) - ++ lib.optional withEfi gnu-efi - ++ lib.optional withKexectools kexec-tools - ++ lib.optional withLibseccomp libseccomp - ++ lib.optional withNetworkd iptables - ++ lib.optional withPCRE2 pcre2 - ++ lib.optional withResolved libgpgerror - ++ lib.optional withSelinux libselinux - ++ lib.optional withRemote libmicrohttpd - ++ lib.optionals withHomed [ p11-kit libfido2 ] + buildInputs = + [ + acl + audit + glib + kmod + libcap + libgcrypt + libidn2 + libuuid + linuxHeaders + pam + ] + + ++ lib.optional withApparmor libapparmor + ++ lib.optional wantCurl (lib.getDev curl) + ++ lib.optionals withCompression [ bzip2 lz4 xz ] + ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev) + ++ lib.optional withEfi gnu-efi + ++ lib.optional withKexectools kexec-tools + ++ lib.optional withLibseccomp libseccomp + ++ lib.optional withNetworkd iptables + ++ lib.optional withPCRE2 pcre2 + ++ lib.optional withResolved libgpgerror + ++ lib.optional withSelinux libselinux + ++ lib.optional withRemote libmicrohttpd + ++ lib.optionals withHomed [ p11-kit ] + ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ] + ++ lib.optionals withLibBPF [ libbpf ] ; #dontAddPrefix = true; mesonFlags = [ + "-Dversion-tag=${version}" "-Ddbuspolicydir=${placeholder "out"}/share/dbus-1/system.d" "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" @@ -405,6 +452,8 @@ stdenv.mkDerivation rec { "-Dnss-mymachines=false" "-Dnss-resolve=false" "-Dnss-systemd=false" + ] ++ lib.optionals withLibBPF [ + "-Dbpf-framework=true" ]; preConfigure = '' @@ -453,7 +502,8 @@ stdenv.mkDerivation rec { --replace '"tar"' '"${gnutar}/bin/tar"' done - substituteInPlace src/journal/catalog.c \ + + substituteInPlace src/libsystemd/sd-journal/catalog.c \ --replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/ ''; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cb8c5f69a71..9d65e40dadf 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21870,9 +21870,11 @@ with pkgs; withCryptsetup = false; withDocumentation = false; withEfi = false; + withFido2 = false; withHostnamed = false; withHwdb = false; withImportd = false; + withLibBPF = false; withLocaled = false; withLogind = false; withMachined = false; @@ -21886,6 +21888,7 @@ with pkgs; withShellCompletions = false; withTimedated = false; withTimesyncd = false; + withTpm2Tss = false; withUserDb = false; glib = null; libgcrypt = null; |