diff options
Diffstat (limited to 'pkgs/os-specific/linux')
-rw-r--r-- | pkgs/os-specific/linux/apparmor/default.nix | 82 | ||||
-rw-r--r-- | pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh | 32 | ||||
-rw-r--r-- | pkgs/os-specific/linux/bcc/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/bpftrace/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/iproute/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/iputils/default.nix | 23 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kbd/default.nix | 42 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kbd/keymaps.nix | 36 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kbd/search-paths.patch | 71 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel-headers/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/libselinux/default.nix | 5 | ||||
-rw-r--r-- | pkgs/os-specific/linux/systemd/default.nix | 6 |
12 files changed, 155 insertions, 158 deletions
diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 1845d4a9c2b..1b1fb415451 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -10,26 +10,37 @@ , pam , libnotify , buildPackages +, coreutils +, gnugrep +, gnused +, kmod +, writeShellScript +, closureInfo +, runCommand }: let - apparmor-series = "2.13"; - apparmor-patchver = "6"; - apparmor-version = apparmor-series + "." + apparmor-patchver; + apparmor-version = "3.0.1"; apparmor-meta = component: with lib; { homepage = "https://apparmor.net/"; description = "A mandatory access control system - ${component}"; license = licenses.gpl2; - maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; + maintainers = with maintainers; [ joachifm julm phreedom thoughtpolice ]; platforms = platforms.linux; }; apparmor-sources = fetchurl { - url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "13xshy7905d9q9n8d8i0jmdi9m36wr525g4wlsp8k21n7yvvh9j4"; + url = "https://launchpad.net/apparmor/${lib.versions.majorMinor apparmor-version}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; + sha256 = "096zbg3v7b51x7f1ly61mzd3iy9alad6sd4lam98j2d6v5ragbcg"; }; + aa-teardown = writeShellScript "aa-teardown" '' + PATH="${lib.makeBinPath [coreutils gnused gnugrep]}:$PATH" + . ${apparmor-parser}/lib/apparmor/rc.apparmor.functions + remove_profiles + ''; + prePatchCommon = '' chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh patchShebangs ./common/list_capabilities.sh ./common/list_af_names.sh @@ -45,12 +56,6 @@ let name = "0003-Added-missing-typedef-definitions-on-parser.patch"; sha256 = "0yyaqz8jlmn1bm37arggprqz0njb4lhjni2d9c8qfqj0kll0bam0"; }) - (fetchpatch { - url = "https://git.alpinelinux.org/aports/plain/testing/apparmor/0007-Do-not-build-install-vim-file-with-utils-package.patch?id=74b8427cc21f04e32030d047ae92caa618105b53"; - name = "0007-Do-not-build-install-vim-file-with-utils-package.patch"; - sha256 = "1m4dx901biqgnr4w4wz8a2z9r9dxyw7wv6m6mqglqwf2lxinqmp4"; - }) - # (alpine patches {1,4,5,6,8} are needed for apparmor 2.11, but not 2.12) ]; # Set to `true` after the next FIXME gets fixed or this gets some @@ -121,7 +126,11 @@ let libapparmor.python ]; - prePatch = prePatchCommon + '' + prePatch = prePatchCommon + + # Do not build vim file + lib.optionalString stdenv.hostPlatform.isMusl '' + sed -i ./utils/Makefile -e "/\<vim\>/d" + '' + '' substituteInPlace ./utils/apparmor/easyprof.py --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser" substituteInPlace ./utils/apparmor/aa.py --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser" substituteInPlace ./utils/logprof.conf --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser" @@ -132,13 +141,21 @@ let installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "VIM_INSTALL_PATH=$(out)/share" "PYPREFIX=" ]; postInstall = '' - for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do + sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d" + for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH" done substituteInPlace $out/bin/aa-notify \ --replace /usr/bin/notify-send ${libnotify}/bin/notify-send \ --replace /usr/bin/perl "${perl}/bin/perl -I ${libapparmor}/${perl.libPrefix}" + + substituteInPlace $out/bin/aa-remove-unknown \ + --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions" + wrapProgram $out/bin/aa-remove-unknown \ + --prefix PATH : ${lib.makeBinPath [gawk]} + + ln -s ${aa-teardown} $out/bin/aa-teardown ''; inherit doCheck; @@ -166,7 +183,7 @@ let prePatch = prePatchCommon; postPatch = "cd ./binutils"; makeFlags = [ "LANGS=" "USE_SYSTEM=1" ]; - installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" ]; + installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "SBINDIR=$(out)/bin" ]; inherit doCheck; @@ -187,6 +204,9 @@ let substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h" ## techdoc.pdf still doesn't build ... substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" + substituteInPlace parser/rc.apparmor.functions \ + --replace "/sbin/apparmor_parser" "$out/bin/apparmor_parser" + sed -i parser/rc.apparmor.functions -e '2i . ${./fix-rc.apparmor.functions.sh}' ''; inherit patches; postPatch = "cd ./parser"; @@ -248,8 +268,35 @@ let meta = apparmor-meta "kernel patches"; }; + # Generate generic AppArmor rules in a file, + # from the closure of given rootPaths. + # To be included in an AppArmor profile like so: + # include "$(apparmorRulesFromClosure {} [pkgs.hello]}" + apparmorRulesFromClosure = + { # The store path of the derivation is given in $path + additionalRules ? [] + # TODO: factorize here some other common paths + # that may emerge from use cases. + , baseRules ? [ + "r $path" + "r $path/etc/**" + "r $path/share/**" + # Note that not all libraries are prefixed with "lib", + # eg. glibc-2.30/lib/ld-2.30.so + "mr $path/lib/**.so*" + # eg. glibc-2.30/lib/gconv/gconv-modules + "r $path/lib/**" + ] + , name ? "" + }: rootPaths: runCommand + ( "apparmor-closure-rules" + + lib.optionalString (name != "") "-${name}" ) {} '' + touch $out + while read -r path + do printf >>$out "%s,\n" ${lib.concatMapStringsSep " " (x: "\"${x}\"") (baseRules ++ additionalRules)} + done <${closureInfo {inherit rootPaths;}}/store-paths + ''; in - { inherit libapparmor @@ -258,5 +305,6 @@ in apparmor-parser apparmor-pam apparmor-profiles - apparmor-kernel-patches; + apparmor-kernel-patches + apparmorRulesFromClosure; } diff --git a/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh b/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh new file mode 100644 index 00000000000..ebc1baaa92d --- /dev/null +++ b/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh @@ -0,0 +1,32 @@ +aa_action() { + STRING=$1 + shift + $* + rc=$? + if [ $rc -eq 0 ] ; then + aa_log_success_msg $"$STRING " + else + aa_log_failure_msg $"$STRING " + fi + return $rc +} + +aa_log_success_msg() { + [ -n "$1" ] && echo -n $1 + echo ": done." +} + +aa_log_warning_msg() { + [ -n "$1" ] && echo -n $1 + echo ": Warning." +} + +aa_log_failure_msg() { + [ -n "$1" ] && echo -n $1 + echo ": Failed." +} + +aa_log_skipped_msg() { + [ -n "$1" ] && echo -n $1 + echo ": Skipped." +} diff --git a/pkgs/os-specific/linux/bcc/default.nix b/pkgs/os-specific/linux/bcc/default.nix index 1ecf46ad22b..221f38faa87 100644 --- a/pkgs/os-specific/linux/bcc/default.nix +++ b/pkgs/os-specific/linux/bcc/default.nix @@ -19,7 +19,7 @@ python.pkgs.buildPythonApplication rec { format = "other"; buildInputs = with llvmPackages; [ - llvm clang-unwrapped kernel + llvm llvm.dev libclang kernel elfutils luajit netperf iperf systemtap.stapBuild flex bash libbpf @@ -32,7 +32,7 @@ python.pkgs.buildPythonApplication rec { ]; propagatedBuildInputs = [ python.pkgs.netaddr ]; - nativeBuildInputs = [ makeWrapper cmake flex bison ] + nativeBuildInputs = [ makeWrapper cmake flex bison llvmPackages.llvm.dev ] # libelf is incompatible with elfutils-libelf ++ lib.filter (x: x != libelf) kernel.moduleBuildDependencies; diff --git a/pkgs/os-specific/linux/bpftrace/default.nix b/pkgs/os-specific/linux/bpftrace/default.nix index 701fed06bb6..3a18202c6c0 100644 --- a/pkgs/os-specific/linux/bpftrace/default.nix +++ b/pkgs/os-specific/linux/bpftrace/default.nix @@ -16,12 +16,12 @@ stdenv.mkDerivation rec { }; buildInputs = with llvmPackages; - [ llvm clang-unwrapped + [ llvm libclang kernel elfutils libelf bcc libbpf libbfd libopcodes ]; - nativeBuildInputs = [ cmake pkg-config flex bison ] + nativeBuildInputs = [ cmake pkg-config flex bison llvmPackages.llvm.dev ] # libelf is incompatible with elfutils-libelf ++ lib.filter (x: x != libelf) kernel.moduleBuildDependencies; diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index affc18e8f37..638983d6c17 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.11.0"; + version = "5.12.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "0m2wa14rhmdb6k07minmw5lk97vz4vn56ndka5849cqjh88fmqn5"; + sha256 = "sha256-nSaNuYo27ioOP/O5Ky7/9m/BE4pR5Am972qzz+FfMm8="; }; preConfigure = '' diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index 56942d6d420..495860ef576 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -1,6 +1,7 @@ { lib, stdenv, fetchFromGitHub , meson, ninja, pkg-config, gettext, libxslt, docbook_xsl_ns , libcap, libidn2 +, apparmorRulesFromClosure }: let @@ -20,6 +21,8 @@ in stdenv.mkDerivation rec { sha256 = "08j2hfgnfh31vv9rn1ml7090j2lsvm9wdpdz13rz60rmyzrx9dq3"; }; + outputs = ["out" "apparmor"]; + mesonFlags = [ "-DBUILD_RARPD=true" "-DBUILD_TRACEROUTE6=true" @@ -34,6 +37,26 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ meson ninja pkg-config gettext libxslt.bin docbook_xsl_ns ]; buildInputs = [ libcap ] ++ lib.optional (!stdenv.hostPlatform.isMusl) libidn2; + postInstall = '' + mkdir $apparmor + cat >$apparmor/bin.ping <<EOF + include <tunables/global> + $out/bin/ping { + include <abstractions/base> + include <abstractions/consoles> + include <abstractions/nameservice> + include "${apparmorRulesFromClosure { name = "ping"; } + ([libcap] ++ lib.optional (!stdenv.hostPlatform.isMusl) libidn2)}" + include <local/bin.ping> + capability net_raw, + network inet raw, + network inet6 raw, + mr $out/bin/ping, + r $out/share/locale/**, + r @{PROC}/@{pid}/environ, + } + EOF + ''; meta = with lib; { description = "A set of small useful utilities for Linux networking"; diff --git a/pkgs/os-specific/linux/kbd/default.nix b/pkgs/os-specific/linux/kbd/default.nix index 2119c10b9cf..467de4b029a 100644 --- a/pkgs/os-specific/linux/kbd/default.nix +++ b/pkgs/os-specific/linux/kbd/default.nix @@ -1,15 +1,22 @@ -{ lib, stdenv, fetchurl, autoreconfHook, - gzip, bzip2, pkg-config, flex, check, - pam, coreutils +{ lib +, stdenv +, fetchurl +, nixosTests +, autoreconfHook +, pkg-config +, flex +, check +, pam +, coreutils }: stdenv.mkDerivation rec { pname = "kbd"; - version = "2.0.4"; + version = "2.4.0"; src = fetchurl { url = "mirror://kernel/linux/utils/kbd/${pname}-${version}.tar.xz"; - sha256 = "124swm93dm4ca0pifgkrand3r9gvj3019d4zkfxsj9djpvv0mnaz"; + sha256 = "17wvrqz2kk0w87idinhyvd31ih1dp7ldfl2yfx7ailygb0279w2m"; }; configureFlags = [ @@ -18,13 +25,8 @@ stdenv.mkDerivation rec { "--disable-nls" ]; - patches = [ ./search-paths.patch ]; - postPatch = '' - # Add Neo keymap subdirectory - sed -i -e 's,^KEYMAPSUBDIRS *= *,&i386/neo ,' data/Makefile.am - # Renaming keymaps with name clashes, because loadkeys just picks # the first keymap it sees. The clashing names lead to e.g. # "loadkeys no" defaulting to a norwegian dvorak map instead of @@ -33,21 +35,9 @@ stdenv.mkDerivation rec { mv qwertz/cz{,-qwertz}.map mv olpc/es{,-olpc}.map mv olpc/pt{,-olpc}.map - mv dvorak/{no.map,dvorak-no.map} mv fgGIod/trf{,-fgGIod}.map mv colemak/{en-latin9,colemak}.map popd - - # Fix the path to gzip/bzip2. - substituteInPlace src/libkeymap/findfile.c \ - --replace gzip ${gzip}/bin/gzip \ - --replace bzip2 ${bzip2.bin}/bin/bzip2 \ - - # We get a warning in armv5tel-linux and the fuloong2f, so we - # disable -Werror in it. - ${lib.optionalString (stdenv.isAarch32 || stdenv.hostPlatform.isMips) '' - sed -i s/-Werror// src/Makefile.am - ''} ''; postInstall = '' @@ -57,16 +47,16 @@ stdenv.mkDerivation rec { done ''; - buildInputs = [ check pam ]; nativeBuildInputs = [ autoreconfHook pkg-config flex ]; - makeFlags = [ "setowner=" ]; + passthru.tests = nixosTests.keymap; meta = with lib; { - homepage = "ftp://ftp.altlinux.org/pub/people/legion/kbd/"; - description = "Linux keyboard utilities and keyboard maps"; + homepage = "https://kbd-project.org/"; + description = "Linux keyboard tools and keyboard maps"; platforms = platforms.linux; license = licenses.gpl2Plus; + maintainers = with maintainers; [ davidak ]; }; } diff --git a/pkgs/os-specific/linux/kbd/keymaps.nix b/pkgs/os-specific/linux/kbd/keymaps.nix deleted file mode 100644 index b3d5fe1b63c..00000000000 --- a/pkgs/os-specific/linux/kbd/keymaps.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ stdenv, lib, fetchurl, gzip }: - -{ - dvp = stdenv.mkDerivation rec { - pname = "dvp"; - version = "1.2.1"; - - src = fetchurl { - url = "http://kaufmann.no/downloads/linux/dvp-${lib.replaceStrings ["."] ["_"] version}.map.gz"; - sha256 = "0e859211cfe16a18a3b9cbf2ca3e280a23a79b4e40b60d8d01d0fde7336b6d50"; - }; - - nativeBuildInputs = [ gzip ]; - - buildCommand = '' - mkdir -p $out/share/keymaps/i386/dvorak - gzip -c -d $src > $out/share/keymaps/i386/dvorak/dvp.map - ''; - }; - - neo = stdenv.mkDerivation { - pname = "neo"; - version = "2476"; - - src = fetchurl { - name = "neo.map"; - url = "https://raw.githubusercontent.com/neo-layout/neo-layout/" - + "a0dee06fed824abfad658b7f10e6d907b270be0a/linux/console/neo.map"; - sha256 = "19mfrd31vzpsjiwc7pshxm0b0sz5dd17xrz6k079cy4im1vf0r4g"; - }; - - buildCommand = '' - install -D $src $out/share/keymaps/i386/neo/neo.map - ''; - }; -} diff --git a/pkgs/os-specific/linux/kbd/search-paths.patch b/pkgs/os-specific/linux/kbd/search-paths.patch deleted file mode 100644 index c9405a56721..00000000000 --- a/pkgs/os-specific/linux/kbd/search-paths.patch +++ /dev/null @@ -1,71 +0,0 @@ ---- a/src/libkeymap/analyze.l -+++ b/src/libkeymap/analyze.l -@@ -101,6 +101,9 @@ stack_pop(struct lk_ctx *ctx, void *scan - static const char *const include_dirpath0[] = { "", 0 }; - static const char *const include_dirpath1[] = { "", "../include/", "../../include/", 0 }; - static const char *const include_dirpath3[] = { -+ "/etc/kbd/" KEYMAPDIR "/include/", -+ "/etc/kbd/" KEYMAPDIR "/i386/include/", -+ "/etc/kbd/" KEYMAPDIR "/mac/include/", - DATADIR "/" KEYMAPDIR "/include/", - DATADIR "/" KEYMAPDIR "/i386/include/", - DATADIR "/" KEYMAPDIR "/mac/include/", 0 ---- a/src/loadkeys.c -+++ b/src/loadkeys.c -@@ -27,7 +27,7 @@ - #include "keymap.h" - - static const char *progname = NULL; --static const char *const dirpath1[] = { "", DATADIR "/" KEYMAPDIR "/**", KERNDIR "/", 0 }; -+static const char *const dirpath1[] = { "", "/etc/kbd/" KEYMAPDIR "/**", DATADIR "/" KEYMAPDIR "/**", 0 }; - static const char *const suffixes[] = { "", ".kmap", ".map", 0 }; - - static void __attribute__((noreturn)) ---- a/src/loadunimap.c -+++ b/src/loadunimap.c -@@ -30,7 +30,7 @@ - extern char *progname; - extern int force; - --static const char *const unidirpath[] = { "", DATADIR "/" UNIMAPDIR "/", 0 }; -+static const char *const unidirpath[] = { "", "/etc/kbd/" UNIMAPDIR "/", DATADIR "/" UNIMAPDIR "/", 0 }; - static const char *const unisuffixes[] = { "", ".uni", ".sfm", 0 }; - - #ifdef MAIN ---- a/src/mapscrn.c -+++ b/src/mapscrn.c -@@ -27,7 +27,7 @@ void loadnewmap(int fd, char *mfil); - static int ctoi(char *); - - /* search for the map file in these directories (with trailing /) */ --static const char *const mapdirpath[] = { "", DATADIR "/" TRANSDIR "/", 0 }; -+static const char *const mapdirpath[] = { "", "/etc/kbd/" TRANSDIR "/", DATADIR "/" TRANSDIR "/", 0 }; - static const char *const mapsuffixes[] = { "", ".trans", "_to_uni.trans", ".acm", 0 }; - - #ifdef MAIN ---- a/src/resizecons.c -+++ b/src/resizecons.c -@@ -101,7 +101,7 @@ static int vga_get_fontheight(void); - static void vga_set_cursor(int, int); - static void vga_set_verticaldisplayend_lowbyte(int); - --const char *const dirpath[] = { "", DATADIR "/" VIDEOMODEDIR "/", 0 }; -+const char *const dirpath[] = { "", "/etc/kbd/" VIDEOMODEDIR "/", DATADIR "/" VIDEOMODEDIR "/", 0}; - const char *const suffixes[] = { "", 0 }; - - int main(int argc, char **argv) ---- a/src/setfont.c -+++ b/src/setfont.c -@@ -53,10 +53,10 @@ int force = 0; - int debug = 0; - - /* search for the font in these directories (with trailing /) */ --const char *const fontdirpath[] = { "", DATADIR "/" FONTDIR "/", 0 }; -+const char *const fontdirpath[] = { "", "/etc/kbd/" FONTDIR "/", DATADIR "/" FONTDIR "/", 0 }; - const char *const fontsuffixes[] = { "", ".psfu", ".psf", ".cp", ".fnt", 0 }; - /* hide partial fonts a bit - loading a single one is a bad idea */ --const char *const partfontdirpath[] = { "", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 }; -+const char *const partfontdirpath[] = { "", "/etc/kbd/" FONTDIR "/" PARTIALDIR "/", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 }; - const char *const partfontsuffixes[] = { "", 0 }; - - static inline int diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index a2a63e2bcab..34e80ac8222 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -69,12 +69,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "5.11"; in + linuxHeaders = let version = "5.12"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1d37w0zvmf8c1l99xvy1hy6p55icjhmbsv7f0amxy2nly1a7pw04"; + sha256 = "sha256-fQ328r8jhNaNC9jh/j4HHWQ2Tc3GAC57XIfJLUj6w2Y="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix index 2c9239b2e7d..fbf7e4bd995 100644 --- a/pkgs/os-specific/linux/libselinux/default.nix +++ b/pkgs/os-specific/linux/libselinux/default.nix @@ -44,6 +44,11 @@ stdenv.mkDerivation rec { "PYTHONLIBDIR=$(py)/${python3.sitePackages}" ]; + postPatch = lib.optionalString stdenv.hostPlatform.isMusl '' + substituteInPlace src/procattr.c \ + --replace "#include <unistd.h>" "" + ''; + preInstall = optionalString enablePython '' mkdir -p $py/${python3.sitePackages}/selinux ''; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 7302b363ecf..b7beeb727c4 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -151,6 +151,12 @@ stdenv.mkDerivation { ./0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch ./0018-logind-seat-debus-show-CanMultiSession-again.patch ./0019-pkg-config-derive-prefix-from-prefix.patch + + # Fix -Werror=format. + (fetchpatch { + url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch"; + sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add"; + }) ]; postPatch = '' |