diff options
-rw-r--r-- | nixos/modules/tasks/network-interfaces-systemd.nix | 12 | ||||
-rw-r--r-- | pkgs/os-specific/linux/systemd/default.nix | 164 |
2 files changed, 86 insertions, 90 deletions
diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix index 088bffd7c50..23e1e611a71 100644 --- a/nixos/modules/tasks/network-interfaces-systemd.nix +++ b/nixos/modules/tasks/network-interfaces-systemd.nix @@ -93,17 +93,7 @@ in (if i.useDHCP != null then i.useDHCP else false)); address = forEach (interfaceIps i) (ip: "${ip.address}/${toString ip.prefixLength}"); - # IPv6PrivacyExtensions=kernel seems to be broken with networkd. - # Instead of using IPv6PrivacyExtensions=kernel, configure it according to the value of - # `tempAddress`: - networkConfig.IPv6PrivacyExtensions = { - # generate temporary addresses and use them by default - "default" = true; - # generate temporary addresses but keep using the standard EUI-64 ones by default - "enabled" = "prefer-public"; - # completely disable temporary addresses - "disabled" = false; - }.${i.tempAddress}; + networkConfig.IPv6PrivacyExtensions = "kernel"; linkConfig = optionalAttrs (i.macAddress != null) { MACAddress = i.macAddress; } // optionalAttrs (i.mtu != null) { diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 421fc5986af..7e3c6d1fe51 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,3 +1,5 @@ +# NOTE: Make sure to (re-)format this file on changes with `nixpkgs-fmt`! + { stdenv , lib , fetchFromGitHub @@ -111,7 +113,7 @@ assert withCryptsetup -> let wantCurl = withRemote || withImportd; - version = "247.2"; + version = "247.3"; in stdenv.mkDerivation { inherit version pname; @@ -122,7 +124,7 @@ stdenv.mkDerivation { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "091pwrvxz3gcf80shlp28d6l4gvjzc6pb61v4mwxmk9d71qaq7ry"; + sha256 = "0zn0b74iwz3vxabqsk4yydwpgky3c5z4dl83wxbs1qi5d2dnbqa7"; }; # If these need to be regenerated, `git am path/to/00*.patch` them into a @@ -160,83 +162,87 @@ stdenv.mkDerivation { --replace \ "find_program('objcopy'" \ "find_program('${stdenv.cc.bintools.targetPrefix}objcopy'" - '' + (let - - # The folllowing dlopen patches ensure that all the features that are - # implemented via dlopen(3) are available (or explicitly deactivated) by - # pointing dlopen to the absolute store path instead of relying on the - # linkers runtime lookup code. - # - # All of the dlopen calls have to be handled. When new ones are introduced - # by upstream (or one of our patches) they must be explicitly declared, - # otherwise the build will fail. - # - # As of systemd version 247 we've seen a few errors like `libpcre2.… not - # found` when using e.g. --grep with journalctl. Those errors should - # become less unexpected now. - # - # There are generally two classes of dlopen(3) calls. Those that we want to - # support and those that should be deactivated / unsupported. This change - # enforces that we handle all dlopen calls explicitly. Meaning: There is - # not a single dlopen call in the source code tree that we did not - # explicitly handle. - # - # In order to do this we introduced a list of attributes that maps from - # shared object name to the package that contains them. The package can be - # null meaning the reference should be nuked and the shared object will - # never be loadable during runtime (because it points at an invalid store - # path location). - # - # To get a list of dynamically loaded libraries issue something like - # `grep -ri 'dlopen("lib' $src` and update the below list. - dlopenLibs = [ - # We did never provide support for libxkbcommon & qrencode - { name = "libxkbcommon.so.0"; pkg = null; } - { name = "libqrencode.so.4"; pkg = null; } - - # We did not provide libpwquality before so it is safe to disable it for - # now. - { name = "libpwquality.so.1"; pkg = null; } - - # Only include cryptsetup if it is enabled. We might not be able to - # provide it during "bootstrap" in e.g. the minimal systemd build as - # cryptsetup has udev (aka systemd) in it's dependencies. - { name = "libcryptsetup.so.12"; pkg = if withCryptsetup then cryptsetup else null; } - - # We are using libidn2 so we only provide that and ignore the others. - # Systemd does this decision during configure time and uses ifdef's to - # enable specific branches. We can safely ignore (nuke) the libidn "v1" - # libraries. - { name = "libidn2.so.0"; pkg = libidn2; } - { name = "libidn.so.12"; pkg = null; } - { name = "libidn.so.11"; pkg = null; } - - # journalctl --grep requires libpcre so lets provide it - { name = "libpcre2-8.so.0"; pkg = pcre2; } - ]; - - patchDlOpen = dl: let - library = "${lib.makeLibraryPath [dl.pkg]}/${dl.name}"; - in if dl.pkg == null then '' - # remove the dependency on the library by replacing it with an invalid path - for file in $(grep -lr 'dlopen("${dl.name}"' src); do - echo "patching dlopen(\"${dl.name}\", …) in $file to an invalid store path ("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}")…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' - done - '' else '' - # ensure that the library we provide actually exists - if ! [ -e ${library} ]; then - echo 'The shared library `${library}` does not exist but was given as subtitute for `${dl.name}`' - exit 1 - fi - # make the path to the dependency explicit - for file in $(grep -lr 'dlopen("${dl.name}"' src); do - echo "patching dlopen(\"${dl.name}\", …) in $file to ${library}…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("${library}"' - done - ''; - in # patch all the dlopen calls to contain absolute paths to the libraries - lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs) + '' + ( + let + # The folllowing dlopen patches ensure that all the features that are + # implemented via dlopen(3) are available (or explicitly deactivated) by + # pointing dlopen to the absolute store path instead of relying on the + # linkers runtime lookup code. + # + # All of the dlopen calls have to be handled. When new ones are introduced + # by upstream (or one of our patches) they must be explicitly declared, + # otherwise the build will fail. + # + # As of systemd version 247 we've seen a few errors like `libpcre2.… not + # found` when using e.g. --grep with journalctl. Those errors should + # become less unexpected now. + # + # There are generally two classes of dlopen(3) calls. Those that we want to + # support and those that should be deactivated / unsupported. This change + # enforces that we handle all dlopen calls explicitly. Meaning: There is + # not a single dlopen call in the source code tree that we did not + # explicitly handle. + # + # In order to do this we introduced a list of attributes that maps from + # shared object name to the package that contains them. The package can be + # null meaning the reference should be nuked and the shared object will + # never be loadable during runtime (because it points at an invalid store + # path location). + # + # To get a list of dynamically loaded libraries issue something like + # `grep -ri 'dlopen("lib' $src` and update the below list. + dlopenLibs = [ + # We did never provide support for libxkbcommon & qrencode + { name = "libxkbcommon.so.0"; pkg = null; } + { name = "libqrencode.so.4"; pkg = null; } + + # We did not provide libpwquality before so it is safe to disable it for + # now. + { name = "libpwquality.so.1"; pkg = null; } + + # Only include cryptsetup if it is enabled. We might not be able to + # provide it during "bootstrap" in e.g. the minimal systemd build as + # cryptsetup has udev (aka systemd) in it's dependencies. + { name = "libcryptsetup.so.12"; pkg = if withCryptsetup then cryptsetup else null; } + + # We are using libidn2 so we only provide that and ignore the others. + # Systemd does this decision during configure time and uses ifdef's to + # enable specific branches. We can safely ignore (nuke) the libidn "v1" + # libraries. + { name = "libidn2.so.0"; pkg = libidn2; } + { name = "libidn.so.12"; pkg = null; } + { name = "libidn.so.11"; pkg = null; } + + # journalctl --grep requires libpcre so lets provide it + { name = "libpcre2-8.so.0"; pkg = pcre2; } + ]; + + patchDlOpen = dl: + let + library = "${lib.makeLibraryPath [ dl.pkg ]}/${dl.name}"; + in + if dl.pkg == null then '' + # remove the dependency on the library by replacing it with an invalid path + for file in $(grep -lr 'dlopen("${dl.name}"' src); do + echo "patching dlopen(\"${dl.name}\", …) in $file to an invalid store path ("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}")…" + substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' + done + '' else '' + # ensure that the library we provide actually exists + if ! [ -e ${library} ]; then + echo 'The shared library `${library}` does not exist but was given as subtitute for `${dl.name}`' + exit 1 + fi + # make the path to the dependency explicit + for file in $(grep -lr 'dlopen("${dl.name}"' src); do + echo "patching dlopen(\"${dl.name}\", …) in $file to ${library}…" + substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("${library}"' + done + ''; + in + # patch all the dlopen calls to contain absolute paths to the libraries + lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs + ) # finally ensure that there are no left-over dlopen calls that we didn't handle + '' if grep -qr 'dlopen("[^/]' src; then |