diff options
Diffstat (limited to 'pkgs/os-specific/linux')
71 files changed, 502 insertions, 572 deletions
diff --git a/pkgs/os-specific/linux/alsa-project/alsa-utils/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-utils/default.nix index e8c6a2ae566..37870fb37b4 100644 --- a/pkgs/os-specific/linux/alsa-project/alsa-utils/default.nix +++ b/pkgs/os-specific/linux/alsa-project/alsa-utils/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "alsa-utils"; - version = "1.2.7"; + version = "1.2.8"; src = fetchurl { url = "mirror://alsa/utils/${pname}-${version}.tar.bz2"; - sha256 = "sha256-6Qa/JAT/BMRI6qPSJtKDpiuaKD8S5P2EV/skusJ05ng="; + sha256 = "sha256-4UD6YEw1Hza9chZ8iGDGnYG5ZK5qtTmS1kNN3jjpMzw="; }; nativeBuildInputs = [ gettext makeWrapper ]; diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 0a74554d6c6..933b4e176f7 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -18,16 +18,17 @@ , writeShellScript , closureInfo , runCommand +, libxcrypt }: let - apparmor-version = "3.0.7"; + apparmor-version = "3.1.1"; apparmor-meta = component: with lib; { homepage = "https://apparmor.net/"; description = "A mandatory access control system - ${component}"; license = licenses.gpl2; - maintainers = with maintainers; [ joachifm julm thoughtpolice ]; + maintainers = with maintainers; [ julm thoughtpolice ]; platforms = platforms.linux; }; @@ -35,7 +36,7 @@ let owner = "apparmor"; repo = "apparmor"; rev = "v${apparmor-version}"; - hash = "sha256-iLZY0wZQr+YvR8JCwTeECDuqFb1sQCQtkiUksiYCvWs="; + hash = "sha256-phEHfrza0EeX2HEM5ts8wVCFlSLlnEtZd2MwbG/XbFY="; }; aa-teardown = writeShellScript "aa-teardown" '' @@ -93,7 +94,8 @@ let perl ] ++ lib.optional withPython python; - buildInputs = lib.optional withPerl perl + buildInputs = [ libxcrypt ] + ++ lib.optional withPerl perl ++ lib.optional withPython python; # required to build apparmor-parser diff --git a/pkgs/os-specific/linux/bpftools/default.nix b/pkgs/os-specific/linux/bpftools/default.nix index 640ab5f76a9..d3bb96afb3e 100644 --- a/pkgs/os-specific/linux/bpftools/default.nix +++ b/pkgs/os-specific/linux/bpftools/default.nix @@ -8,13 +8,15 @@ stdenv.mkDerivation rec { pname = "bpftools"; - version = "5.19.8"; + version = "5.19.12"; src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1kl7fifsa6vsm34xg3kd2svhx18n771hfj67nhwnlalmb9whhqv1"; + sha256 = "sha256-xDalSMcxLOb8WjRyy+rYle749ShB++fHH9jki9/isLo="; }; + patches = [ ./strip-binary-name.patch ]; + nativeBuildInputs = [ python3 bison flex ]; buildInputs = (if (lib.versionAtLeast version "5.20") then [ libopcodes libbfd ] diff --git a/pkgs/os-specific/linux/bpftools/strip-binary-name.patch b/pkgs/os-specific/linux/bpftools/strip-binary-name.patch new file mode 100644 index 00000000000..623e90963bd --- /dev/null +++ b/pkgs/os-specific/linux/bpftools/strip-binary-name.patch @@ -0,0 +1,15 @@ +Strip path to the binary from prints. + +I see no sense in including the full path in outputs like bpftool --version +Especially as argv[0] may not include it, based on calling via $PATH or not. +--- a/tools/bpf/bpftool/main.c ++++ b/tools/bpf/bpftool/main.c +@@ -443 +443,7 @@ +- bin_name = argv[0]; ++ /* Strip the path if any. */ ++ const char *bin_name_slash = strrchr(argv[0], '/'); ++ if (bin_name_slash) { ++ bin_name = bin_name_slash + 1; ++ } else { ++ bin_name = argv[0]; ++ } diff --git a/pkgs/os-specific/linux/broadcom-sta/default.nix b/pkgs/os-specific/linux/broadcom-sta/default.nix index d7acf94e39a..661bb7fc922 100644 --- a/pkgs/os-specific/linux/broadcom-sta/default.nix +++ b/pkgs/os-specific/linux/broadcom-sta/default.nix @@ -43,6 +43,8 @@ stdenv.mkDerivation { ./linux-5.17.patch # source: https://github.com/archlinux/svntogit-community/blob/2e1fd240f9ce06f500feeaa3e4a9675e65e6b967/trunk/013-linux518.patch ./linux-5.18.patch + # source: https://gist.github.com/joanbm/207210d74637870c01ef5a3c262a597d + ./linux-6.0.patch ./pedantic-fix.patch ./null-pointer-fix.patch ./gcc.patch diff --git a/pkgs/os-specific/linux/broadcom-sta/linux-6.0.patch b/pkgs/os-specific/linux/broadcom-sta/linux-6.0.patch new file mode 100644 index 00000000000..dcb5515264d --- /dev/null +++ b/pkgs/os-specific/linux/broadcom-sta/linux-6.0.patch @@ -0,0 +1,30 @@ +From dbee29df729e543a89b3f95c1436e982eb0047c1 Mon Sep 17 00:00:00 2001 +From: Joan Bruguera <joanbrugueram@gmail.com> +Date: Thu, 30 Jun 2022 02:15:35 +0200 +Subject: [PATCH] Tentative patch for broadcom-wl 6.30.223.271 driver for Linux 6.0-rc1 + +Applies on top of all the patches applied to broadcom-wl-dkms 6.30.223.271-33 on Arch Linux. +--- + src/wl/sys/wl_cfg80211_hybrid.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/src/wl/sys/wl_cfg80211_hybrid.c +index d815b33..7faa735 100644 +--- a/src/wl/sys/wl_cfg80211_hybrid.c ++++ b/src/wl/sys/wl_cfg80211_hybrid.c +@@ -2381,7 +2381,12 @@ wl_bss_roaming_done(struct wl_cfg80211_priv *wl, struct net_device *ndev, + bss = cfg80211_get_bss(wl_to_wiphy(wl), NULL, (s8 *)&wl->bssid, + ssid->SSID, ssid->SSID_len, WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); + struct cfg80211_roam_info roam_info = { ++// Rel. commit "cfg80211: Indicate MLO connection info in connect and roam callbacks" (Veerendranath Jakkam, Wed Jun 8) ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0) + .bss = bss, ++#else ++ .links[0].bss = bss, ++#endif + .req_ie = conn_info->req_ie, + .req_ie_len = conn_info->req_ie_len, + .resp_ie = conn_info->resp_ie, +-- +2.37.0 + diff --git a/pkgs/os-specific/linux/broadcom-sta/pedantic-fix.patch b/pkgs/os-specific/linux/broadcom-sta/pedantic-fix.patch index f97709fef90..3d190b9d1f8 100644 --- a/pkgs/os-specific/linux/broadcom-sta/pedantic-fix.patch +++ b/pkgs/os-specific/linux/broadcom-sta/pedantic-fix.patch @@ -1,4 +1,4 @@ -diff --git a/src/shared/linux_osl.c b/shared/linux_osl.c +diff --git a/src/shared/linux_osl.c b/src/shared/linux_osl.c index 711b771..5a2636a 100644 --- a/src/shared/linux_osl.c +++ b/src/shared/linux_osl.c @@ -11,8 +11,8 @@ index 711b771..5a2636a 100644 if (rdlen > 0) fp->f_pos += rdlen; -diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/wl/sys/wl_cfg80211_hybrid.c -index 41c16d8..d39d9de 100644 +diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/src/wl/sys/wl_cfg80211_hybrid.c +index 2b3c290..093dce6 100644 --- a/src/wl/sys/wl_cfg80211_hybrid.c +++ b/src/wl/sys/wl_cfg80211_hybrid.c @@ -790,6 +790,7 @@ wl_set_auth_type(struct net_device *dev, struct cfg80211_connect_params *sme) @@ -23,7 +23,7 @@ index 41c16d8..d39d9de 100644 default: val = 2; WL_ERR(("invalid auth type (%d)\n", sme->auth_type)); -@@ -2347,21 +2348,20 @@ wl_bss_roaming_done(struct wl_cfg80211_priv *wl, struct net_device *ndev, +@@ -2347,26 +2348,24 @@ wl_bss_roaming_done(struct wl_cfg80211_priv *wl, struct net_device *ndev, const wl_event_msg_t *e, void *data) { struct wl_cfg80211_connect_info *conn_info = wl_to_conn(wl); @@ -36,23 +36,28 @@ index 41c16d8..d39d9de 100644 bss = cfg80211_get_bss(wl_to_wiphy(wl), NULL, (s8 *)&wl->bssid, ssid->SSID, ssid->SSID_len, WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); - struct cfg80211_roam_info roam_info = { + // Rel. commit "cfg80211: Indicate MLO connection info in connect and roam callbacks" (Veerendranath Jakkam, Wed Jun 8) + #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0) - .bss = bss, ++ roam_info.bss = bss; + #else +- .links[0].bss = bss, ++ roam_info.links[0].bss = bss; + #endif - .req_ie = conn_info->req_ie, - .req_ie_len = conn_info->req_ie_len, - .resp_ie = conn_info->resp_ie, - .resp_ie_len = conn_info->resp_ie_len, - }; -+ roam_info.bss = bss; + roam_info.req_ie = conn_info->req_ie; + roam_info.req_ie_len = conn_info->req_ie_len; + roam_info.resp_ie = conn_info->resp_ie; -+ roam_info.resp_ie_len = conn_info->resp_ie_len; #endif - s32 err = 0; wl_get_assoc_ies(wl); memcpy(wl->profile->bssid, &e->addr, ETHER_ADDR_LEN); -diff --git a/src/wl/sys/wl_iw.h b/wl/sys/wl_iw.h +diff --git a/src/wl/sys/wl_iw.h b/src/wl/sys/wl_iw.h index 3ab084f..471d11f 100644 --- a/src/wl/sys/wl_iw.h +++ b/src/wl/sys/wl_iw.h @@ -64,7 +69,7 @@ index 3ab084f..471d11f 100644 #define WL_IW_SET_ACTIVE_SCAN (SIOCIWFIRSTPRIV+1) #define WL_IW_GET_RSSI (SIOCIWFIRSTPRIV+3) #define WL_IW_SET_PASSIVE_SCAN (SIOCIWFIRSTPRIV+5) -diff --git a/src/wl/sys/wl_linux.c b/wl/sys/wl_linux.c +diff --git a/src/wl/sys/wl_linux.c b/src/wl/sys/wl_linux.c index d13fb98..97ae2a6 100644 --- a/src/wl/sys/wl_linux.c +++ b/src/wl/sys/wl_linux.c diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix index 62f3f0c4db1..1ac2ccf842a 100644 --- a/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/pkgs/os-specific/linux/cryptsetup/default.nix @@ -1,5 +1,12 @@ { lib, stdenv, fetchurl, lvm2, json_c, asciidoctor -, openssl, libuuid, pkg-config, popt }: +, openssl, libuuid, pkg-config, popt, nixosTests + + # The release tarballs contain precomputed manpage files, so we don't need + # to run asciidoctor on the man sources. By avoiding asciidoctor, we make + # the bare NixOS build hash independent of changes to the ruby ecosystem, + # saving mass-rebuilds. +, rebuildMan ? false +}: stdenv.mkDerivation rec { pname = "cryptsetup"; @@ -13,6 +20,11 @@ stdenv.mkDerivation rec { sha256 = "sha256-kYSm672c5+shEVLn90GmyC8tHMDiSoTsnFKTnu4PBUI="; }; + patches = [ + # Allow reading tokens from a relative path, see #167994 + ./relative-token-path.patch + ]; + postPatch = '' patchShebangs tests @@ -28,6 +40,8 @@ stdenv.mkDerivation rec { "--enable-cryptsetup-reencrypt" "--with-crypto_backend=openssl" "--disable-ssh-token" + ] ++ lib.optionals (!rebuildMan) [ + "--disable-asciidoc" ] ++ lib.optionals stdenv.hostPlatform.isStatic [ "--disable-external-tokens" # We have to override this even though we're removing token @@ -36,7 +50,7 @@ stdenv.mkDerivation rec { "--with-luks2-external-tokens-path=/" ]; - nativeBuildInputs = [ pkg-config asciidoctor ]; + nativeBuildInputs = [ pkg-config ] ++ lib.optionals rebuildMan [ asciidoctor ]; buildInputs = [ lvm2 json_c openssl libuuid popt ]; # The test [7] header backup in compat-test fails with a mysterious @@ -44,6 +58,19 @@ stdenv.mkDerivation rec { # Issue filed upstream: https://gitlab.com/cryptsetup/cryptsetup/-/issues/763 doCheck = !stdenv.hostPlatform.isMusl; + passthru = { + tests = { + nixos = + lib.optionalAttrs stdenv.hostPlatform.isLinux ( + lib.recurseIntoAttrs ( + lib.filterAttrs + (name: _value: lib.hasPrefix "luks" name) + nixosTests.installer + ) + ); + }; + }; + meta = { homepage = "https://gitlab.com/cryptsetup/cryptsetup/"; description = "LUKS for dm-crypt"; diff --git a/pkgs/os-specific/linux/cryptsetup/relative-token-path.patch b/pkgs/os-specific/linux/cryptsetup/relative-token-path.patch new file mode 100644 index 00000000000..dffd0ba3bb5 --- /dev/null +++ b/pkgs/os-specific/linux/cryptsetup/relative-token-path.patch @@ -0,0 +1,50 @@ +From 4f95ab1f8110a8ab9d7b0e192731ce467f6e5c26 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Janne=20He=C3=9F?= <janne@hess.ooo> +Date: Sun, 4 Sep 2022 11:15:02 -0600 +Subject: [PATCH] Allow loading token handlers from the default search path + +Since [1] landed in cryptsetup, token handlers (libcryptsetup-token-*.so) +are loaded from a fixed path defined at compile-time. This is +problematic with NixOS since it introduces a dependency cycle +between cryptsetup and systemd. + +This downstream patch [2] allows loading token plugins from the +default library search path. This approach is not accepted upstream [3] +due to security concerns, but the potential attack vectors require +root access and they are sufficiently addressed: + +* cryptsetup could be used as a setuid binary (not used in NixOS). + In this case, LD_LIBRARY_PATH is ignored because of secure-execution + mode. +* cryptsetup running as root could lead to a malicious token handler + being loaded through LD_LIBRARY_PATH. However, fixing the path + doesn't prevent the same malicious .so being loaded through LD_PRELOAD. + +[1] https://gitlab.com/cryptsetup/cryptsetup/-/commit/5b9e98f94178d3cd179d9f6e2a0a68c7d9eb6507 +[2] https://github.com/NixOS/nixpkgs/issues/167994#issuecomment-1094249369 +[3] https://gitlab.com/cryptsetup/cryptsetup/-/issues/733 +--- + lib/luks2/luks2_token.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c +index 26467253..6f8329f0 100644 +--- a/lib/luks2/luks2_token.c ++++ b/lib/luks2/luks2_token.c +@@ -151,12 +151,10 @@ crypt_token_load_external(struct crypt_device *cd, const char *name, struct cryp + + token = &ret->u.v2; + +- r = snprintf(buf, sizeof(buf), "%s/libcryptsetup-token-%s.so", crypt_token_external_path(), name); ++ r = snprintf(buf, sizeof(buf), "libcryptsetup-token-%s.so", name); + if (r < 0 || (size_t)r >= sizeof(buf)) + return -EINVAL; + +- assert(*buf == '/'); +- + log_dbg(cd, "Trying to load %s.", buf); + + h = dlopen(buf, RTLD_LAZY); +-- +2.37.2 + diff --git a/pkgs/os-specific/linux/cshatag/default.nix b/pkgs/os-specific/linux/cshatag/default.nix index dc210b017a6..64fb6f4f88f 100644 --- a/pkgs/os-specific/linux/cshatag/default.nix +++ b/pkgs/os-specific/linux/cshatag/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "cshatag"; - version = "2.0"; + version = "2.1.0"; src = fetchFromGitHub { owner = "rfjakob"; repo = pname; rev = "v${version}"; - sha256 = "sha256-jSRMNLS+JnA3coZf9zkOL/buxZubhbftXnxDJx0nwuU="; + sha256 = "sha256-Ez8zGVX10A7xuggkh3n7w/qzda8f4t6EgSc9l6SPEZQ="; }; - vendorSha256 = "sha256-BX7jbYhs3+yeOUvPvz08aV2p14bXNGTag4QYkCHr5DQ="; + vendorSha256 = "sha256-QTnwltsoyUbH4vob5go1KBrb9gwxaaPNW3S4sxVls3k="; ldflags = [ "-s" "-w" ]; diff --git a/pkgs/os-specific/linux/dpdk-kmods/default.nix b/pkgs/os-specific/linux/dpdk-kmods/default.nix index cdd643a40b6..a3e4f666386 100644 --- a/pkgs/os-specific/linux/dpdk-kmods/default.nix +++ b/pkgs/os-specific/linux/dpdk-kmods/default.nix @@ -1,14 +1,21 @@ -{ lib, stdenv, fetchzip, kernel }: +{ lib, stdenv, fetchzip, fetchpatch, kernel }: stdenv.mkDerivation rec { pname = "dpdk-kmods"; - version = "2021-04-21"; + version = "2022-08-29"; src = fetchzip { - url = "https://git.dpdk.org/dpdk-kmods/snapshot/dpdk-kmods-e13d7af77a1bf98757f85c3c4083f6ee6d0d2372.tar.xz"; - sha256 = "sha256-8ysWT3X3rIyUAo4/QbkX7cQq5iFeU18/BPsmmWugcIc="; + url = "https://git.dpdk.org/dpdk-kmods/snapshot/dpdk-kmods-4a589f7bed00fc7009c93d430bd214ac7ad2bb6b.tar.xz"; + sha256 = "sha256-l9asJuw2nl63I1BxK6udy2pNunRiMJxyoXeg9V5+WgI="; }; + patches = [ + (fetchpatch { + url = "https://git.launchpad.net/ubuntu/+source/dpdk-kmods/plain/debian/patches/0001-support-linux-5.18.patch?id=9d628c02c169d8190bc2cb6afd81e4d364c382cd"; + sha256 = "sha256-j4kpx1DOnmf5lFxOhaVFNT7prEy1jrJERX2NFaybTPU="; + }) + ]; + hardeningDisable = [ "pic" ]; makeFlags = kernel.makeFlags ++ [ @@ -32,6 +39,5 @@ stdenv.mkDerivation rec { license = licenses.gpl2Only; maintainers = [ maintainers.mic92 ]; platforms = platforms.linux; - broken = kernel.kernelAtLeast "5.18"; }; } diff --git a/pkgs/os-specific/linux/dpdk/default.nix b/pkgs/os-specific/linux/dpdk/default.nix index d9f446f7a2d..1f53dc8e834 100644 --- a/pkgs/os-specific/linux/dpdk/default.nix +++ b/pkgs/os-specific/linux/dpdk/default.nix @@ -9,14 +9,14 @@ let mod = kernel != null; - dpdkVersion = "22.03"; + dpdkVersion = "22.07"; in stdenv.mkDerivation rec { pname = "dpdk"; version = "${dpdkVersion}" + lib.optionalString mod "-${kernel.version}"; src = fetchurl { url = "https://fast.dpdk.org/rel/dpdk-${dpdkVersion}.tar.xz"; - sha256 = "sha256-st5fCLzVcz+Q1NfmwDJRWQja2PyNJnrGolNELZuDp8U="; + sha256 = "sha256-n2Tf3gdf21cIy2Leg4uP+4kVdf7R4dKusma6yj38m+o="; }; nativeBuildInputs = [ @@ -91,6 +91,6 @@ in stdenv.mkDerivation rec { license = with licenses; [ lgpl21 gpl2 bsd2 ]; platforms = platforms.linux; maintainers = with maintainers; [ magenbluten orivej mic92 zhaofengli ]; - broken = mod && kernel.kernelAtLeast "5.18"; + broken = mod && kernel.isHardened; }; } diff --git a/pkgs/os-specific/linux/exfat/default.nix b/pkgs/os-specific/linux/exfat/default.nix index d459d240844..ee6f448112d 100644 --- a/pkgs/os-specific/linux/exfat/default.nix +++ b/pkgs/os-specific/linux/exfat/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { makeFlags = [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" "ARCH=${stdenv.hostPlatform.linuxArch}" - ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [ + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "CROSS_COMPILE=${stdenv.cc.targetPrefix}" ]; diff --git a/pkgs/os-specific/linux/fan2go/default.nix b/pkgs/os-specific/linux/fan2go/default.nix new file mode 100644 index 00000000000..e7ad2774106 --- /dev/null +++ b/pkgs/os-specific/linux/fan2go/default.nix @@ -0,0 +1,31 @@ +{ buildGoModule, fetchFromGitHub, lib, lm_sensors }: + +buildGoModule rec { + pname = "fan2go"; + version = "0.8.0"; + + src = fetchFromGitHub { + owner = "markusressel"; + repo = pname; + rev = version; + sha256 = "3pnJaLD+FEQWAAwIiTkcs9VgqO0JwRaK7JLdIygeChY="; + }; + + vendorSha256 = "9EeiYPNTUEFHxTdvVb2JLU6Qi0oazH+n9MB8Dg+RLJ4="; + + postConfigure = '' + substituteInPlace vendor/github.com/md14454/gosensors/gosensors.go \ + --replace '"/etc/sensors3.conf"' '"${lm_sensors}/etc/sensors3.conf"' + ''; + + CGO_CFLAGS = "-I ${lm_sensors}/include"; + CGO_LDFLAGS = "-L ${lm_sensors}/lib"; + + meta = with lib; { + description = "A simple daemon providing dynamic fan speed control based on temperature sensors"; + homepage = "https://github.com/markusressel/fan2go"; + license = licenses.agpl3Plus; + maintainers = with maintainers; [ mtoohey ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/os-specific/linux/firmware/linux-firmware/source.nix b/pkgs/os-specific/linux/firmware/linux-firmware/source.nix index a0f049ce134..7e0f6bcefc4 100644 --- a/pkgs/os-specific/linux/firmware/linux-firmware/source.nix +++ b/pkgs/os-specific/linux/firmware/linux-firmware/source.nix @@ -1,6 +1,6 @@ # This file is autogenerated! Run ./update.sh to regenerate. { - version = "20220913"; - sourceHash = "sha256-qxSgkytJBW9ux95tEOHfz/4pvOp5TII3ICAY7dg5UC8="; - outputHash = "sha256-eVDXNyx9gwa46pBmsoTU9bQ2XBzkjVocIHydieJ9ruU="; + version = "20221012"; + sourceHash = "sha256-Lm7MHAgybnyYL668KJ2MMFNA4tGAu5NGK+jSkhOj890="; + outputHash = "sha256-xk5n9mQHpM+nNv8WqSaPpcsm9B8Gr4fGJouRWEfM2z0="; } diff --git a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix index 9181a94dcb6..f63d2095eb7 100644 --- a/pkgs/os-specific/linux/firmware/raspberrypi/default.nix +++ b/pkgs/os-specific/linux/firmware/raspberrypi/default.nix @@ -3,13 +3,13 @@ stdenvNoCC.mkDerivation rec { # NOTE: this should be updated with linux_rpi pname = "raspberrypi-firmware"; - version = "1.20220331"; + version = "1.20221028"; src = fetchFromGitHub { owner = "raspberrypi"; repo = "firmware"; rev = version; - hash = "sha256-TxlpHPEJAtVJTtDghuJpx2mLjEPiKkcAr7S9Cd/cocE="; + hash = "sha256-GgPAWFCrLrrLiUDM+pt3VV6+IvCljMN9nh7L84vTQJs="; }; installPhase = '' diff --git a/pkgs/os-specific/linux/gobi_loader/default.nix b/pkgs/os-specific/linux/gobi_loader/default.nix index b7972007719..2b251242119 100644 --- a/pkgs/os-specific/linux/gobi_loader/default.nix +++ b/pkgs/os-specific/linux/gobi_loader/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { substituteInPlace 60-gobi.rules --replace "/lib/firmware" "/run/current-system/firmware" ''; - makeFlags = "prefix=${placeholder "out"}"; + makeFlags = [ "prefix=${placeholder "out"}" ]; meta = with lib; { description = "Firmware loader for Qualcomm Gobi USB chipsets"; diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index 0b38a31fe95..d8bfb59bf12 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -57,7 +57,7 @@ let darwin-byteswap-h ]; - extraIncludeDirs = lib.optional (with stdenvNoCC.hostPlatform; isPower && is32bit && isBigEndian) ["ppc"]; + extraIncludeDirs = lib.optionals (with stdenvNoCC.hostPlatform; isPower && is32bit && isBigEndian) ["ppc"]; inherit patches; @@ -114,12 +114,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "5.19"; in + linuxHeaders = let version = "6.0"; in makeLinuxHeaders { inherit version; src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1a05a3hw4w3k530mxhns96xw7hag743xw5w967yazqcykdbhq97z"; + url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; + sha256 = "sha256-XCRDpVON5SaI77VcJ6sFOcH161jAz9FqK5+7CP2BeI4="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 2e076063458..d8841b2c961 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -78,6 +78,7 @@ let INTEL_RAPL = whenAtLeast "5.3" module; X86_INTEL_LPSS = yes; X86_INTEL_PSTATE = yes; + X86_AMD_PSTATE = whenAtLeast "5.17" module; }; external-firmware = { @@ -114,6 +115,12 @@ let IOSCHED_BFQ = whenAtLeast "4.12" module; }; + + timer = { + # Enable Full Dynticks System. + NO_HZ_FULL = mkIf stdenv.is64bit yes; # TODO: more precise condition? + }; + # Enable NUMA. numa = { NUMA = option yes; @@ -411,6 +418,7 @@ let XFS_QUOTA = option yes; XFS_POSIX_ACL = option yes; XFS_RT = option yes; # XFS Realtime subvolume support + XFS_ONLINE_SCRUB = option yes; OCFS2_DEBUG_MASKLOG = option no; @@ -543,7 +551,7 @@ let CGROUP_RDMA = whenAtLeast "4.11" yes; MEMCG = yes; - MEMCG_SWAP = yes; + MEMCG_SWAP = whenOlder "6.1" yes; BLK_DEV_THROTTLING = yes; CFQ_GROUP_IOSCHED = whenOlder "5.0" yes; # Removed in 5.0-RC1 diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index 056544014f4..5a4c2858f95 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -137,7 +137,7 @@ let makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags ++ extraMakeFlags; - prePatch = kernel.prePatch + '' + postPatch = kernel.postPatch + '' # Patch kconfig to print "###" after every question so that # generate-config.pl from the generic builder can answer them. sed -e '/fflush(stdout);/i\printf("###");' -i scripts/kconfig/conf.c diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 34d6a387480..a808338c987 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,61 +2,61 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.295-hardened1.patch", - "sha256": "0jync3d52qif0pxnmbx7js7zgxnrhrjxiiyp0n57cmdxi9jcjc8j", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.295-hardened1/linux-hardened-4.14.295-hardened1.patch" + "name": "linux-hardened-4.14.298-hardened1.patch", + "sha256": "1gzp5fxyv5s029s6c9zrnvj3wb02blabmdmcziaqvf6k7k178prs", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.298-hardened1/linux-hardened-4.14.298-hardened1.patch" }, - "sha256": "0svalywqmrhav63vw0ns06c25sgyvzwfngljpham3nm7jjxbkk32", - "version": "4.14.295" + "sha256": "0w8f7m3mdj6gcxdvsvxw5hqqfhwffpfl794rgianl4r6iad8w7s6", + "version": "4.14.298" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.261-hardened1.patch", - "sha256": "1hs9jg2n9i89li0p1mbkfhy8r5pv5wrl3gw3b3xvp0n8283cy631", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.261-hardened1/linux-hardened-4.19.261-hardened1.patch" + "name": "linux-hardened-4.19.264-hardened1.patch", + "sha256": "08swipghq66lx3nrww1319qwwgw3yipy5m4kvzpsz6mfhkm54aw9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.264-hardened1/linux-hardened-4.19.264-hardened1.patch" }, - "sha256": "1cicb3zydpka9yjx875hbh305bsdvni2kp674pkvaw04pnc35hxy", - "version": "4.19.261" + "sha256": "07ihf55y4xcbzpfgj9mxzchy1jmdpy46j32w15hac46a4504xcps", + "version": "4.19.264" }, "5.10": { "patch": { - "extra": "-hardened2", - "name": "linux-hardened-5.10.147-hardened2.patch", - "sha256": "0j44mfyc66vq6hncc5w3mxxw8jcpa66w4w40d3wm7ka6yr6p34sh", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.147-hardened2/linux-hardened-5.10.147-hardened2.patch" + "extra": "-hardened1", + "name": "linux-hardened-5.10.153-hardened1.patch", + "sha256": "02kw33m0j10dnl30n17ppffqh8l8v91jpz1d1pkqipfw3j40j8az", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.153-hardened1/linux-hardened-5.10.153-hardened1.patch" }, - "sha256": "16pdpjmvrdml7am7s2kydrif1l7f4aq0wh4ak0xh3dby16zkl9c5", - "version": "5.10.147" + "sha256": "0qhn5xv0m6baip1my1gp4mrjc4j6d6nbxa701vpwllg4kx8y9wiw", + "version": "5.10.153" }, "5.15": { "patch": { - "extra": "-hardened3", - "name": "linux-hardened-5.15.73-hardened3.patch", - "sha256": "1p4cm1viyryf4npbfvg72a4kpqs22vqvfqj2hl6pq5wrpgg677g0", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.73-hardened3/linux-hardened-5.15.73-hardened3.patch" + "extra": "-hardened1", + "name": "linux-hardened-5.15.77-hardened1.patch", + "sha256": "0pfa2xi64an716by3rqgn521a4igzb1y2bmbdn87icg8p79qavgx", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.77-hardened1/linux-hardened-5.15.77-hardened1.patch" }, - "sha256": "0pbi640llcdbx57vwwzc5axa75w0y5rixa9r752h725f4naz08m8", - "version": "5.15.73" + "sha256": "1yg9myqcv4kn2p7c9ap0z6xxh2qjsab2nbxf5z388skr6cgq8bql", + "version": "5.15.77" }, - "5.19": { + "5.4": { "patch": { - "extra": "-hardened2", - "name": "linux-hardened-5.19.15-hardened2.patch", - "sha256": "12si2gy6maxbvf252ircp94ci0ihqlxv3l9sf4xwxrs66gn3z2fa", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.19.15-hardened2/linux-hardened-5.19.15-hardened2.patch" + "extra": "-hardened1", + "name": "linux-hardened-5.4.223-hardened1.patch", + "sha256": "1jsnrxv9a16l5gdhbn7w4rc9ql7arggvcizmkdvnk7ymd6ni6518", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.223-hardened1/linux-hardened-5.4.223-hardened1.patch" }, - "sha256": "06zband5q6m9imyvn4y4naafdakjcj00rg23227cagnv8wwf71j6", - "version": "5.19.15" + "sha256": "1svyf4m5d3vrskylpal6npk5jj454rzij772wabg31v8vw97zw4y", + "version": "5.4.223" }, - "5.4": { + "6.0": { "patch": { - "extra": "-hardened2", - "name": "linux-hardened-5.4.217-hardened2.patch", - "sha256": "16hcwjll5dkfc8sb81w3dipqx9j1np91f5gad45b0xfcnqcn70ab", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.217-hardened2/linux-hardened-5.4.217-hardened2.patch" + "extra": "-hardened1", + "name": "linux-hardened-6.0.7-hardened1.patch", + "sha256": "0y1g4zahlq28s8grzzpxcccr7sjh6cgbviz880g1wqg7vmqpi1fz", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.0.7-hardened1/linux-hardened-6.0.7-hardened1.patch" }, - "sha256": "0qrfrk0g1dky5apg8gdxczj2ir0g0z41zmdmbwwcxkxjz76jdf1b", - "version": "5.4.217" + "sha256": "03srfv33r2vc48h051zicvn9hz78kc08vh7ljzlmcnk0g0mwrnk7", + "version": "6.0.7" } } diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 655bba0c897..97fd9d525f3 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.295"; + version = "4.14.298"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0svalywqmrhav63vw0ns06c25sgyvzwfngljpham3nm7jjxbkk32"; + sha256 = "0w8f7m3mdj6gcxdvsvxw5hqqfhwffpfl794rgianl4r6iad8w7s6"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index cd07e1a9144..902be54d30e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.261"; + version = "4.19.264"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1cicb3zydpka9yjx875hbh305bsdvni2kp674pkvaw04pnc35hxy"; + sha256 = "07ihf55y4xcbzpfgj9mxzchy1jmdpy46j32w15hac46a4504xcps"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index c9b002abd78..c58e05b485e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,12 +1,12 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.9.330"; + version = "4.9.332"; extraMeta.branch = "4.9"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0psrl8fcbp1bsanjmllic503dlyhkj8bjzfc20p2ksahlhv1j0mz"; + sha256 = "1kiqa9kw4932n5qglkyymsrak849wbbszw9rnq1aygmdinjz4c8i"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index be2e09bc6a3..b918ef7c35f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.148"; + version = "5.10.153"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0mp9qs8f50hxf72b6cgh8izkyjbhrrmij6slxja701i1w9mkylhj"; + sha256 = "0qhn5xv0m6baip1my1gp4mrjc4j6d6nbxa701vpwllg4kx8y9wiw"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.15.nix b/pkgs/os-specific/linux/kernel/linux-5.15.nix index 0bab77b4ade..8dd899d0bac 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.15.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.15.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.15.74"; + version = "5.15.77"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0ra2ijpw7w07gm3kjwyszlwfq2rbnmq84z50qhv5r0svz2i3j59c"; + sha256 = "1yg9myqcv4kn2p7c9ap0z6xxh2qjsab2nbxf5z388skr6cgq8bql"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-5.19.nix b/pkgs/os-specific/linux/kernel/linux-5.19.nix deleted file mode 100644 index 4dc67c2b90c..00000000000 --- a/pkgs/os-specific/linux/kernel/linux-5.19.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, buildPackages, fetchurl, perl, buildLinux, nixosTests, modDirVersionArg ? null, ... } @ args: - -with lib; - -buildLinux (args // rec { - version = "5.19.16"; - - # modDirVersion needs to be x.y.z, will automatically add .0 if needed - modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; - - # branchVersion needs to be x.y - extraMeta.branch = versions.majorMinor version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "13g0c6ljxk3sd0ja39ndih5vrzp2ssj78qxaf8nswn8hgrkazsx1"; - }; -} // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index a39e28bfc91..f617ba6f0e3 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.218"; + version = "5.4.223"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0f7lm5qq763zrnwwq9jmfpgvskhzi3gwy5rbq2q7gmiphl179p9x"; + sha256 = "1svyf4m5d3vrskylpal6npk5jj454rzij772wabg31v8vw97zw4y"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-6.0.nix b/pkgs/os-specific/linux/kernel/linux-6.0.nix index 27f8166ecef..0661da8d338 100644 --- a/pkgs/os-specific/linux/kernel/linux-6.0.nix +++ b/pkgs/os-specific/linux/kernel/linux-6.0.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.0.2"; + version = "6.0.7"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "17awx4c5fz7f656ig5bydccci052jsai0lczrn2bdk5cihw2cg51"; + sha256 = "03srfv33r2vc48h051zicvn9hz78kc08vh7ljzlmcnk0g0mwrnk7"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index 1814d4cee06..0a397d63936 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "18950"; - sha256 = "1k84mqvi71bmd7x0km980z1y7cm71fc6jvnf2rzhxss9pjscrh2j"; + rev = "18978"; + sha256 = "12mvj5c2k774fpmixcv7i4ciw7xqjaxqd20ryn8xw8vgrnb4h6fi"; } , ... }: diff --git a/pkgs/os-specific/linux/kernel/linux-rpi.nix b/pkgs/os-specific/linux/kernel/linux-rpi.nix index 8654bc432ce..ef742be0de8 100644 --- a/pkgs/os-specific/linux/kernel/linux-rpi.nix +++ b/pkgs/os-specific/linux/kernel/linux-rpi.nix @@ -2,8 +2,8 @@ let # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this - modDirVersion = "5.15.32"; - tag = "1.20220331"; + modDirVersion = "5.15.74"; + tag = "1.20221028"; in lib.overrideDerivation (buildLinux (args // { version = "${modDirVersion}-${tag}"; @@ -13,7 +13,7 @@ lib.overrideDerivation (buildLinux (args // { owner = "raspberrypi"; repo = "linux"; rev = tag; - hash = "sha256-dJtOXe4yvZz/iu0Ly5F9/E/2GbpTJF/9ZMU3rC1nKMw="; + hash = "sha256-2UdSW9X9prAya9mvEp3i0l3Uim0wtDYEY0WrD2wntaI="; }; defconfig = { diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 755a058c1f9..8ed22d7a8cc 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.145-rt74"; # updated by ./update-rt.sh + version = "5.10.152-rt75"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0qdcqmwvc70hfgj8hb8ccwmnvwl41dvdffqrmyg3cyblwprr0ngw"; + sha256 = "19nq2pgy4vmn30nywdvcvsx4vhmndrj97iiclpqakzgblj1mq2zs"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "16a2cnvn1azxsw1qjwbygkych0jzkfpmj0kx08jdz3fx3xbmqpr4"; + sha256 = "0sg78zrkk7scg6b2xcvdymmhfdrlzcajhzzway5gjdi04x4vy4k0"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix index 6c3e739e27d..a80642334f3 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix @@ -1,9 +1,9 @@ { lib , fetchpatch , kernel -, commitDate ? "2022-09-28" -, currentCommit ? "24c6361e202cc09de0159505eb3ab3ca265520d8" -, diffHash ? "sha256-Y3uKkVMCaLGJpYb27ef3FfbqEQ32mgCVpWtYzvYamr8=" +, commitDate ? "2022-10-31" +, currentCommit ? "77c27f28aa58e9d9037eb68c87d3283f68c371f7" +, diffHash ? "sha256-TUpI9z0ac3rjn2oT5Z7oQXevDKbGwTVjyigS5/aGwgQ=" , kernelPatches # must always be defined in bcachefs' all-packages.nix entry because it's also a top-level attribute supplied by callPackage , argsOverride ? {} , ... diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index 3d07fd3175b..2e07f957efe 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.0-rc5"; + version = "6.1-rc3"; extraMeta.branch = lib.versions.majorMinor version; # modDirVersion needs to be x.y.z, will always add .0 @@ -11,7 +11,7 @@ buildLinux (args // rec { src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - hash = "sha256-GELU1ZEOM5gGUJxG54JoiI9qLQXJ2Cd/kyOLcp0AWgc="; + hash = "sha256-qz863wvIe/JJjqSYoxxbt+2xTqgNNZJpAfWr8nG8wKk="; }; # Should the testing kernels ever be built on Hydra? diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 1049d1c62a9..f9aa1880104 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -105,7 +105,7 @@ let # Fixes determinism by normalizing metadata for the archive of kheaders ++ optional (lib.versionAtLeast version "5.2" && lib.versionOlder version "5.4") ./gen-kheaders-metadata.patch; - prePatch = '' + postPatch = '' sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' # fixup for pre-5.4 kernels using the $(cd $foo && /bin/pwd) pattern @@ -118,14 +118,9 @@ let # See also https://kernelnewbies.org/BuildId sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' - # Some linux-hardened patches now remove certain files in the scripts directory, so we cannot - # patch all scripts until after patches are applied. - # However, scripts/ld-version.sh is still ran when generating a configfile for a kernel, so it needs - # to be patched prior to patchPhase - patchShebangs scripts/ld-version.sh - ''; + # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. + [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh - postPatch = '' # Set randstruct seed to a deterministic but diversified value. Note: # we could have instead patched gen-random-seed.sh to take input from # the buildFlags, but that would require also patching the kernel's @@ -135,7 +130,7 @@ let if [ -f "$file" ]; then substituteInPlace "$file" \ --replace NIXOS_RANDSTRUCT_SEED \ - $(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') + $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') break fi done diff --git a/pkgs/os-specific/linux/kernel/perf/default.nix b/pkgs/os-specific/linux/kernel/perf/default.nix index 5e0b5850f01..969d1e2bb65 100644 --- a/pkgs/os-specific/linux/kernel/perf/default.nix +++ b/pkgs/os-specific/linux/kernel/perf/default.nix @@ -73,10 +73,17 @@ stdenv.mkDerivation { separateDebugInfo = true; installFlags = [ "install" "install-man" "ASCIIDOC8=1" "prefix=$(out)" ]; + postInstall ='' + # Same as perf. Remove. + rm -f $out/bin/trace + ''; + preFixup = '' - # pull in 'objdump' into PATH to make annotations work + # Pull in 'objdump' into PATH to make annotations work. + # The embeded Python interpreter will search PATH to calculate the Python path configuration(Should be fixed by upstream). + # Add python.interpreter to PATH for now. wrapProgram $out/bin/perf \ - --prefix PATH : "${binutils-unwrapped}/bin" + --prefix PATH : ${lib.makeBinPath ([ binutils-unwrapped ] ++ (if (lib.versionAtLeast kernel.version "4.19") then [ python3 ] else [ python2 ]))} ''; meta = with lib; { diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 8ec761a701a..2f6545c3d48 100644 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -3,28 +3,15 @@ let # These names are how they are designated in https://xanmod.org. ltsVariant = { - version = "5.15.70"; - hash = "sha256-gMtGoj/HzMqd6Y3PSc6QTsu/PI7vfb+1pg4mt878cxs="; + version = "5.15.75"; + hash = "sha256-tgm5nmguEfRFq3OhmZgRgFLIW7E798Rv1basxnfdqLI="; variant = "lts"; }; - currentVariant = { - version = "5.19.13"; - hash = "sha256-BzQH4c24CtE3R5HNe2sOc3McVkRmf/RKOOjuf1W4YfE="; - variant = "current"; - }; - - nextVariant = { - version = "6.0.0"; - hash = "sha256-E7T8eHwMKYShv4KWdCbHQmpn+54edJoKdimZY3GFbPU="; - variant = "next"; - }; - - ttVariant = { - version = "5.15.54"; - suffix = "xanmod1-tt"; - hash = "sha256-4ck9PAFuIt/TxA/U+moGlVfCudJnzSuAw7ooFG3OJis="; - variant = "tt"; + mainVariant = { + version = "6.0.7"; + hash = "sha256-qeM2oswuop42rvyBGlrH6VvODScLCpAOjTc4KR5a2Ec="; + variant = "main"; }; xanmodKernelFor = { version, suffix ? "xanmod1", hash, variant }: buildLinux (args // rec { @@ -40,12 +27,16 @@ let structuredExtraConfig = with lib.kernel; { # AMD P-state driver - X86_AMD_PSTATE = yes; + X86_AMD_PSTATE = lib.mkOverride 60 yes; # Google's BBRv2 TCP congestion Control TCP_CONG_BBR2 = yes; DEFAULT_BBR2 = yes; + # Google's Multigenerational LRU framework + LRU_GEN = yes; + LRU_GEN_ENABLED = yes; + # FQ-PIE Packet Scheduling NET_SCH_DEFAULT = yes; DEFAULT_FQ_PIE = yes; @@ -56,12 +47,11 @@ let # WineSync driver for fast kernel-backed Wine WINESYNC = module; - } // lib.optionalAttrs (variant == "tt") { - # removed options - CFS_BANDWIDTH = lib.mkForce (option no); - RT_GROUP_SCHED = lib.mkForce (option no); - SCHED_AUTOGROUP = lib.mkForce (option no); - SCHED_CORE = lib.mkForce (option no); + + # Preemptive Full Tickless Kernel at 500Hz + HZ = freeform "500"; + HZ_500 = yes; + HZ_1000 = no; }; extraMeta = { @@ -74,7 +64,5 @@ let in { lts = xanmodKernelFor ltsVariant; - current = xanmodKernelFor currentVariant; - next = xanmodKernelFor nextVariant; - tt = xanmodKernelFor ttVariant; + main = xanmodKernelFor mainVariant; } diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 37095205473..2fc9d8fe3c0 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.0.2"; #zen + version = "6.0.7"; #zen suffix = "zen1"; #zen - sha256 = "1x80ah2cszj3fbxfpdnlr30r1fblgrhydslfh9vrk48l0z3z80a7"; #zen + sha256 = "011wlc0h99vx830qmgy569srhb3rzhyy5j235pf7m541392vh41g"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "5.19.16"; #lqx - suffix = "lqx2"; #lqx - sha256 = "1n4hbkb1af9gzdvk7cp73i004j2slb0im9yk1b869h27pxs4il6s"; #lqx + version = "6.0.7"; #lqx + suffix = "lqx1"; #lqx + sha256 = "09h99fdzicbc4kkl51dqwgqqa9416hd7bvrghr4pdjqrw4z15557"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { diff --git a/pkgs/os-specific/linux/kexec-tools/default.nix b/pkgs/os-specific/linux/kexec-tools/default.nix index 6faa401eccc..e10f3e4defb 100644 --- a/pkgs/os-specific/linux/kexec-tools/default.nix +++ b/pkgs/os-specific/linux/kexec-tools/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "kexec-tools"; - version = "2.0.23"; + version = "2.0.25"; src = fetchurl { urls = [ "mirror://kernel/linux/utils/kernel/kexec/${pname}-${version}.tar.xz" "http://horms.net/projects/kexec/kexec-tools/${pname}-${version}.tar.xz" ]; - sha256 = "qmPNbH3ZWwbOumJAp/3GeSeJytp1plXmcUmHF1IkJBs="; + sha256 = "sha256-fOLl3vOOwE95/rEH0CJD3VhvvGhWnszwL0S606E+wH0="; }; patches = [ diff --git a/pkgs/os-specific/linux/libaio/default.nix b/pkgs/os-specific/linux/libaio/default.nix index 046bba5dda0..fe2e69e06fd 100644 --- a/pkgs/os-specific/linux/libaio/default.nix +++ b/pkgs/os-specific/linux/libaio/default.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { - version = "0.3.112"; + version = "0.3.113"; pname = "libaio"; src = fetchurl { url = "https://pagure.io/libaio/archive/${pname}-${version}/${pname}-${pname}-${version}.tar.gz"; - sha256 = "0wi2myh191sja13qj3claxhpfkngvy10x30f78hm9cxzkfr97kxp"; + sha256 = "sha256-cWxwWXAyRzROsGa1TsvDyiE08BAzBxkubCt9q1+VKKs="; }; postPatch = '' diff --git a/pkgs/os-specific/linux/libnvme/default.nix b/pkgs/os-specific/linux/libnvme/default.nix index 6c2ece4b8cb..cef966d7bfc 100644 --- a/pkgs/os-specific/linux/libnvme/default.nix +++ b/pkgs/os-specific/linux/libnvme/default.nix @@ -1,7 +1,6 @@ { fetchFromGitHub , json_c , lib -, libuuid , meson , ninja , openssl @@ -14,7 +13,7 @@ stdenv.mkDerivation rec { pname = "libnvme"; - version = "1.1"; + version = "1.2"; outputs = [ "out" "man" ]; @@ -22,7 +21,7 @@ stdenv.mkDerivation rec { owner = "linux-nvme"; repo = "libnvme"; rev = "v${version}"; - sha256 = "EPAPWY6/Bh8I1eLslKJAofLn0IAizmGn00Q5PJPtdRw="; + sha256 = "sha256-U9Fj3OcBe32C0PKhI05eF/6jikHAvdyvXH16IY0rWxI="; }; postPatch = '' @@ -40,7 +39,6 @@ stdenv.mkDerivation rec { buildInputs = [ json_c - libuuid openssl python3 systemd diff --git a/pkgs/os-specific/linux/mdevd/default.nix b/pkgs/os-specific/linux/mdevd/default.nix deleted file mode 100644 index 2a55676fc76..00000000000 --- a/pkgs/os-specific/linux/mdevd/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib, skawarePackages }: - -with skawarePackages; - -buildPackage { - pname = "mdevd"; - version = "0.1.5.2"; - sha256 = "sha256-RgNys9O6yfNXQVbtfkhhj59KNhy1LESUrZBjJIq0pP8="; - - description = "mdev-compatible Linux hotplug manager daemon"; - platforms = lib.platforms.linux; - - outputs = [ "bin" "out" "dev" "doc" ]; - - configureFlags = [ - "--with-sysdeps=${skalibs.lib}/lib/skalibs/sysdeps" - "--with-include=${skalibs.dev}/include" - "--with-lib=${skalibs.lib}/lib" - ]; - - postInstall = '' - # remove all mdevd executables from build directory - rm $(find -type f -mindepth 1 -maxdepth 1 -executable) - - mv doc $doc/share/doc/mdevd/html - mv examples $doc/share/doc/mdevd/examples - ''; -} diff --git a/pkgs/os-specific/linux/mxu11x0/srcs.nix b/pkgs/os-specific/linux/mxu11x0/srcs.nix index 5c4e9137c6a..1f7b75e6bc1 100644 --- a/pkgs/os-specific/linux/mxu11x0/srcs.nix +++ b/pkgs/os-specific/linux/mxu11x0/srcs.nix @@ -5,14 +5,14 @@ version = "4.1"; src = fetchurl { url = "https://www.moxa.com/getmedia/b152d8c2-b9d6-4bc7-b0f4-420633b4bc2d/moxa-uport-1100-series-linux-kernel-4.x-driver-v4.1.tgz"; - sha256 = "sha256-sbq5M5FQjrrORtSS07PQHf+MAZArxFcUDN5wszBwbnc="; + sha256 = "sha256-cM3imuMG483ZinFazVa8V4Id0kUGlHaezDHnYtSSb28="; }; }; mxu11x0_5 = { version = "5.1"; src = fetchurl { url = "https://www.moxa.com/getmedia/57dfa4c1-8a2a-4da6-84c1-a36944ead74d/moxa-uport-1100-series-linux-kernel-5.x-driver-v5.1.tgz"; - sha256 = "sha256-pdFIiD5naSDdYwRz8ww8Mg8z1gDOfZ/OeO6Q5n+kjDQ="; + sha256 = "sha256-P1YMlyAhS955CSBiZ/tyu5m6ds2PiFMcHmyrdTjloPs="; }; }; } diff --git a/pkgs/os-specific/linux/nftables/default.nix b/pkgs/os-specific/linux/nftables/default.nix index 12c5b40ea4a..abbb3d04a06 100644 --- a/pkgs/os-specific/linux/nftables/default.nix +++ b/pkgs/os-specific/linux/nftables/default.nix @@ -43,5 +43,6 @@ stdenv.mkDerivation rec { license = licenses.gpl2Only; platforms = platforms.linux; maintainers = with maintainers; [ izorkin ajs124 ]; + mainProgram = "nft"; }; } diff --git a/pkgs/os-specific/linux/nsncd/default.nix b/pkgs/os-specific/linux/nsncd/default.nix new file mode 100644 index 00000000000..f2005f50a58 --- /dev/null +++ b/pkgs/os-specific/linux/nsncd/default.nix @@ -0,0 +1,30 @@ +{ lib +, stdenv +, fetchFromGitHub +, rustPlatform +, nix-gitignore +}: + +rustPlatform.buildRustPackage rec { + pname = "nsncd"; + version = "unstable-2021-10-20"; + + src = fetchFromGitHub { + owner = "nix-community"; + repo = "nsncd"; + rev = "b9425070bb308565a6e4dc5aefd568952a07a4ed"; + hash = "sha256-ZjInzPJo+PWAM2gAKhlasLXiqo+2Df4DIXpNwtqQVc8="; + }; + + cargoSha256 = "sha256-hxdI+HHB0PB/zDMI21Pg5Xr9mTDn4T+OcAAenUox4bs="; + + meta = with lib; { + description = "the name service non-caching daemon"; + longDescription = '' + nsncd is a nscd-compatible daemon that proxies lookups, without caching. + ''; + homepage = "https://github.com/twosigma/nsncd"; + license = licenses.asl20; + maintainers = with maintainers; [ flokli ninjatrappeur ]; + }; +} diff --git a/pkgs/os-specific/linux/numactl/default.nix b/pkgs/os-specific/linux/numactl/default.nix index ac17a18273a..28157ffe167 100644 --- a/pkgs/os-specific/linux/numactl/default.nix +++ b/pkgs/os-specific/linux/numactl/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "numactl"; - version = "2.0.15"; + version = "2.0.16"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-mowDqCkAHDEV9AWCgAEWL0//sNMUk/K8w3eO7Wg+AwQ="; + sha256 = "sha256-aDKzkmvrPDzQl4n0KgeiU5LOLhQA0tmwzGiXvJDp7ZI="; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 99382ad4aae..2a0f1457425 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -55,11 +55,11 @@ rec { # Vulkan developer beta driver # See here for more information: https://developer.nvidia.com/vulkan-driver vulkan_beta = generic rec { - version = "515.49.15"; + version = "515.49.24"; persistencedVersion = "515.48.07"; settingsVersion = "515.48.07"; - sha256_64bit = "sha256-yQbNE+YsbHUc4scXvMZFGuuBRrFTa42g1XoMVZEO/zo="; - openSha256 = "sha256-2RvogIdTA7Rg4oq14TG7Kh31HWuj860xsK7/MYFitpQ="; + sha256_64bit = "sha256-hiTG1gZr02hyetOGvHzY8Be9jaWklhteqe24BRvpw+c="; + openSha256 = "sha256-4NFR4oY728E/yE3FoD3vph8NvSHGD0f0iK2FHqlgK94="; settingsSha256 = "sha256-XwdMsAAu5132x2ZHqjtFvcBJk6Dao7I86UksxrOkknU="; persistencedSha256 = "sha256-BTfYNDJKe4tOvV71/1JJSPltJua0Mx/RvDcWT5ccRRY="; url = "https://developer.nvidia.com/vulkan-beta-${lib.concatStrings (lib.splitString "." version)}-linux"; @@ -77,6 +77,8 @@ rec { sha256_64bit = "sha256-vpjSR6Q9dJGmW/3Jl/tlMeFZQ0brEqD6qgRGcs21cJ8="; settingsSha256 = "sha256-OWSUmUBqAxsR3e6EPzcIotpd6nm4Le8hIj4pzJ5WnhE="; persistencedSha256 = "sha256-XsGYGgucDhvPpqtM9IBLfo3tbn7sIobpo5JW/XqOkTo="; + + broken = kernel.kernelAtLeast "6.0"; }; # Last one supporting x86 diff --git a/pkgs/os-specific/linux/nvidia-x11/generic.nix b/pkgs/os-specific/linux/nvidia-x11/generic.nix index 351d71ab8e2..ea9dbcabd0e 100644 --- a/pkgs/os-specific/linux/nvidia-x11/generic.nix +++ b/pkgs/os-specific/linux/nvidia-x11/generic.nix @@ -101,7 +101,7 @@ let nativeBuildInputs = [ perl nukeReferences ] ++ optionals (!libsOnly) kernel.moduleBuildDependencies; - disallowedReferences = optional (!libsOnly) [ kernel.dev ]; + disallowedReferences = optionals (!libsOnly) [ kernel.dev ]; passthru = { open = mapNullable (hash: callPackage ./open.nix { diff --git a/pkgs/os-specific/linux/nvme-cli/default.nix b/pkgs/os-specific/linux/nvme-cli/default.nix index c7819afe3ef..a0f0b31e9c0 100644 --- a/pkgs/os-specific/linux/nvme-cli/default.nix +++ b/pkgs/os-specific/linux/nvme-cli/default.nix @@ -1,26 +1,38 @@ { lib, stdenv, fetchFromGitHub, pkg-config -, libuuid +, meson +, ninja +, libnvme +, json_c +, zlib +, python3 }: stdenv.mkDerivation rec { pname = "nvme-cli"; - version = "1.16"; + version = "2.2.1"; src = fetchFromGitHub { owner = "linux-nvme"; repo = "nvme-cli"; rev = "v${version}"; - sha256 = "sha256-/wDQxsN1sji56zfcvqx02iciYnyxjIbL85bNaRwrHYw="; + hash = "sha256-okYtGiKUPNO31ntD9j5iAgdcnS5OQ/g1QAY+svhga4c="; }; - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libuuid ]; + mesonFlags = [ + "-Dversion-tag=${version}" + ]; - makeFlags = [ "DESTDIR=$(out)" "PREFIX=" ]; - - # To omit the hostnqn and hostid files that are impure and should be unique - # for each target host: - installTargets = [ "install-spec" ]; + nativeBuildInputs = [ + meson + ninja + pkg-config + python3.pkgs.nose2 + ]; + buildInputs = [ + libnvme + json_c + zlib + ]; meta = with lib; { inherit (src.meta) homepage; # https://nvmexpress.org/ diff --git a/pkgs/os-specific/linux/otpw/default.nix b/pkgs/os-specific/linux/otpw/default.nix index 14381ac68c1..6c53bf16efc 100644 --- a/pkgs/os-specific/linux/otpw/default.nix +++ b/pkgs/os-specific/linux/otpw/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pam }: +{ lib, stdenv, fetchurl, pam, libxcrypt }: stdenv.mkDerivation rec { pname = "otpw"; @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { cp *.8 $out/share/man/man8 ''; - buildInputs = [ pam ]; + buildInputs = [ pam libxcrypt ]; hardeningDisable = [ "stackprotector" ]; diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 72f91e89c74..22e7057e343 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext, audit , nixosTests -, withLibxcrypt ? false, libxcrypt +, withLibxcrypt ? true, libxcrypt }: stdenv.mkDerivation rec { diff --git a/pkgs/os-specific/linux/pam_mysql/default.nix b/pkgs/os-specific/linux/pam_mysql/default.nix index 807899cf2b2..036d4b20cb4 100644 --- a/pkgs/os-specific/linux/pam_mysql/default.nix +++ b/pkgs/os-specific/linux/pam_mysql/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, meson, ninja, pam, pkg-config, libmysqlclient, mariadb }: +{ lib, stdenv, fetchFromGitHub, meson, ninja, pam, pkg-config, libmysqlclient, mariadb, libxcrypt }: stdenv.mkDerivation rec { pname = "pam_mysql"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ meson pkg-config ninja ]; - buildInputs = [ pam libmysqlclient mariadb ]; + buildInputs = [ pam libmysqlclient mariadb libxcrypt ]; meta = with lib; { description = "PAM authentication module against a MySQL database"; diff --git a/pkgs/os-specific/linux/pam_pgsql/default.nix b/pkgs/os-specific/linux/pam_pgsql/default.nix index 3cfa6733efa..2eabcefe584 100644 --- a/pkgs/os-specific/linux/pam_pgsql/default.nix +++ b/pkgs/os-specific/linux/pam_pgsql/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, postgresql, libgcrypt, pam }: +{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, postgresql, libgcrypt, pam, libxcrypt }: stdenv.mkDerivation rec { pname = "pam_pgsql"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ libgcrypt pam postgresql ]; + buildInputs = [ libgcrypt pam postgresql libxcrypt ]; meta = with lib; { description = "Support to authenticate against PostgreSQL for PAM-enabled appliations"; diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index c066dd4c4c5..33875049747 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, gettext, libsepol, libselinux, libsemanage }: +{ lib, stdenv, fetchurl, gettext, libsepol, libselinux, libsemanage, libxcrypt }: stdenv.mkDerivation rec { pname = "policycoreutils"; @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { ''; nativeBuildInputs = [ gettext ]; - buildInputs = [ libsepol libselinux libsemanage ]; + buildInputs = [ libsepol libselinux libsemanage libxcrypt ]; makeFlags = [ "PREFIX=$(out)" diff --git a/pkgs/os-specific/linux/prl-tools/default.nix b/pkgs/os-specific/linux/prl-tools/default.nix index ee66dca354c..e3d70f04675 100644 --- a/pkgs/os-specific/linux/prl-tools/default.nix +++ b/pkgs/os-specific/linux/prl-tools/default.nix @@ -24,20 +24,16 @@ assert (!libsOnly) -> kernel != null; stdenv.mkDerivation rec { - version = "18.0.2-53077"; + version = "18.1.0-53311"; pname = "prl-tools"; # We download the full distribution to extract prl-tools-lin.iso from # => ${dmg}/Parallels\ Desktop.app/Contents/Resources/Tools/prl-tools-lin.iso src = fetchurl { url = "https://download.parallels.com/desktop/v${lib.versions.major version}/${version}/ParallelsDesktop-${version}.dmg"; - sha256 = "sha256-yrCg3qr96SUCHmT3IAF79/Ha+L82V3nIC6Hb5ugXoGk="; + sha256 = "sha256-2ROPFIDoV2/sMVsVhcSyn0m1QVMCNb399WzKd/cozws="; }; - patches = lib.optionals (lib.versionAtLeast kernel.version "6.0") [ - ./prl-tools-6.0.patch - ]; - hardeningDisable = [ "pic" "format" ]; nativeBuildInputs = [ p7zip undmg perl bbe autoPatchelfHook ] @@ -51,7 +47,7 @@ stdenv.mkDerivation rec { inherit libsOnly; unpackPhase = '' - undmg "${src}" + undmg $src export sourceRoot=prl-tools-build 7z x "Parallels Desktop.app/Contents/Resources/Tools/prl-tools-lin${lib.optionalString stdenv.isAarch64 "-arm"}.iso" -o$sourceRoot if test -z "$libsOnly"; then diff --git a/pkgs/os-specific/linux/prl-tools/prl-tools-6.0.patch b/pkgs/os-specific/linux/prl-tools/prl-tools-6.0.patch deleted file mode 100644 index f0bd00d24e0..00000000000 --- a/pkgs/os-specific/linux/prl-tools/prl-tools-6.0.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/kmods/prl_fs_freeze/Snapshot/Guest/Linux/prl_freeze/prl_fs_freeze.c b/kmods/prl_fs_freeze/Snapshot/Guest/Linux/prl_freeze/prl_fs_freeze.c -index baa8a19..6788791 100644 ---- a/kmods/prl_fs_freeze/Snapshot/Guest/Linux/prl_freeze/prl_fs_freeze.c -+++ b/kmods/prl_fs_freeze/Snapshot/Guest/Linux/prl_freeze/prl_fs_freeze.c -@@ -306,7 +306,7 @@ int seq_show(struct seq_file *file, void *data) - char buf[BDEVNAME_SIZE]; - - fsb = list_entry((struct list_head*)data, struct frozen_sb, list); -- bdevname(fsb->sb->s_bdev, buf); -+ snprintf(buf, sizeof(buf), "%pg", fsb->sb->s_bdev); - seq_printf(file, "%s\n", buf); - return 0; - } diff --git a/pkgs/os-specific/linux/rdma-core/default.nix b/pkgs/os-specific/linux/rdma-core/default.nix index 25bdce3b902..2506b654fb4 100644 --- a/pkgs/os-specific/linux/rdma-core/default.nix +++ b/pkgs/os-specific/linux/rdma-core/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "rdma-core"; - version = "42.0"; + version = "43.0"; src = fetchFromGitHub { owner = "linux-rdma"; repo = "rdma-core"; rev = "v${version}"; - sha256 = "sha256-MtvrKdo6Lkt064ol7+hlU7b1r+Dt5236bmE21wM5aDo="; + sha256 = "sha256-tqlanUZpDYT3wgvD0hA1D5RrMdzPzOqoELzuXGhjnz8="; }; strictDeps = true; diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix index 03a5c0f4aeb..6a1c4fc80da 100644 --- a/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/pkgs/os-specific/linux/rtl8812au/default.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { "KSRC=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" ("CONFIG_PLATFORM_I386_PC=" + (if stdenv.hostPlatform.isx86 then "y" else "n")) ("CONFIG_PLATFORM_ARM_RPI=" + (if stdenv.hostPlatform.isAarch then "y" else "n")) - ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [ + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "CROSS_COMPILE=${stdenv.cc.targetPrefix}" ]; diff --git a/pkgs/os-specific/linux/s6-linux-init/default.nix b/pkgs/os-specific/linux/s6-linux-init/default.nix deleted file mode 100644 index 27773a90e28..00000000000 --- a/pkgs/os-specific/linux/s6-linux-init/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, skawarePackages }: - -with skawarePackages; - -buildPackage { - pname = "s6-linux-init"; - version = "1.0.8.0"; - sha256 = "sha256-kgVaeWTPZmBAZq2WSiwjku58XmSCG+AxRsE0Hg2MPcY="; - - description = "A set of minimalistic tools used to create a s6-based init system, including a /sbin/init binary, on a Linux kernel"; - platforms = lib.platforms.linux; - - outputs = [ "bin" "dev" "doc" "out" ]; - - configureFlags = [ - "--bindir=\${bin}/bin" - "--includedir=\${dev}/include" - "--with-sysdeps=${skalibs.lib}/lib/skalibs/sysdeps" - "--with-include=${skalibs.dev}/include" - "--with-include=${execline.dev}/include" - "--with-include=${s6.dev}/include" - "--with-lib=${skalibs.lib}/lib" - "--with-lib=${s6.out}/lib" - "--with-lib=${execline.lib}/lib" - "--with-dynlib=${skalibs.lib}/lib" - "--with-dynlib=${execline.lib}/lib" - "--with-dynlib=${s6.out}/lib" - ]; - - postInstall = '' - # remove all s6 executables from build directory - rm $(find -name "s6-*" -type f -mindepth 1 -maxdepth 1 -executable) - rm libs6_linux_init.* libhpr.* - rm -rf skel - - mv doc $doc/share/doc/s6-linux-init/html - ''; - -} diff --git a/pkgs/os-specific/linux/s6-linux-utils/default.nix b/pkgs/os-specific/linux/s6-linux-utils/default.nix deleted file mode 100644 index 98199516a04..00000000000 --- a/pkgs/os-specific/linux/s6-linux-utils/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, skawarePackages }: - -with skawarePackages; - -buildPackage { - pname = "s6-linux-utils"; - version = "2.6.0.0"; - sha256 = "sha256-bHEyc0oMgocALuaRDEafF1qX12aoAjwMM6+LqSZD7Vk="; - - description = "A set of minimalistic Linux-specific system utilities"; - platforms = lib.platforms.linux; - - outputs = [ "bin" "dev" "doc" "out" ]; - - # TODO: nsss support - configureFlags = [ - "--bindir=\${bin}/bin" - "--includedir=\${dev}/include" - "--with-sysdeps=${skalibs.lib}/lib/skalibs/sysdeps" - "--with-include=${skalibs.dev}/include" - "--with-lib=${skalibs.lib}/lib" - "--with-dynlib=${skalibs.lib}/lib" - ]; - - postInstall = '' - # remove all s6 executables from build directory - rm $(find -name "s6-*" -type f -mindepth 1 -maxdepth 1 -executable) rngseed - - mv doc $doc/share/doc/s6-linux-utils/html - ''; - -} diff --git a/pkgs/os-specific/linux/sdnotify-wrapper/default.nix b/pkgs/os-specific/linux/sdnotify-wrapper/default.nix deleted file mode 100644 index b4b6a7f42a7..00000000000 --- a/pkgs/os-specific/linux/sdnotify-wrapper/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ stdenv, lib, runCommandCC, skawarePackages }: - -with skawarePackages; - -let - # From https://skarnet.org/software/misc/sdnotify-wrapper.c, - # which is unversioned. - src = ./sdnotify-wrapper.c; - -in runCommandCC "sdnotify-wrapper" { - - outputs = [ "bin" "doc" "out" ]; - - meta = { - homepage = "https://skarnet.org/software/misc/sdnotify-wrapper.c"; - description = "Use systemd sd_notify without having to link against libsystemd"; - platforms = lib.platforms.linux; - license = lib.licenses.isc; - maintainers = with lib.maintainers; [ Profpatsch ]; - }; - -} '' - mkdir -p $bin/bin - mkdir $out - - # the -lskarnet has to come at the end to support static builds - $CC \ - -o $bin/bin/sdnotify-wrapper \ - -I${skalibs.dev}/include \ - -L${skalibs.lib}/lib \ - ${src} \ - -lskarnet - - mkdir -p $doc/share/doc/sdnotify-wrapper - # copy the documentation comment - sed -ne '/Usage:/,/*\//p' ${src} > $doc/share/doc/sdnotify-wrapper/README -'' diff --git a/pkgs/os-specific/linux/sdnotify-wrapper/sdnotify-wrapper.c b/pkgs/os-specific/linux/sdnotify-wrapper/sdnotify-wrapper.c deleted file mode 100644 index 3ad3cbc6906..00000000000 --- a/pkgs/os-specific/linux/sdnotify-wrapper/sdnotify-wrapper.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - Copyright: (C)2015-2020 Laurent Bercot. http://skarnet.org/ - ISC license. See http://opensource.org/licenses/ISC - - Build-time requirements: skalibs. https://skarnet.org/software/skalibs/ - Run-time requirements: none, if you link skalibs statically. - - Compilation: - gcc -o sdnotify-wrapper -L/usr/lib/skalibs sdnotify-wrapper.c -lskarnet - Use /usr/lib/skalibs/libskarnet.a instead of -lskarnet to link statically. - Adapt gcc's -I and -L options to your skalibs installation paths. - - Usage: if a daemon would be launched by systemd as "foobard args...", - launch it as "sdnotify-wrapper foobard args..." instead, and you can now - tell systemd that this daemon supports readiness notification. - - Instead of using sd_notify() and having to link against the systemd - library, the daemon notifies readiness by writing whatever it wants - to a file descriptor (by default: stdout), then a newline. (Then it - should close that file descriptor.) The simplest way is something like - int notify_readiness() { write(1, "\n", 1) ; close(1) ; } - This mechanism is understandable by any notification readiness framework. - - Readiness notification occurs when the newline is written, not when - the descriptor is closed; but since sdnotify-wrapper stops reading - after the first newline and will exit, any subsequent writes will - fail and it's best to simply close the descriptor right away. - - sdnotify-wrapper sees the notification when it occurs and sends it - to systemd using the sd_notify format. - - Options: - -d fd: the daemon will write its notification on descriptor fd. - Default is 1. - -f: do not doublefork. Use if the daemon waits for children it does - not know it has (for instance, superservers do this). When in doubt, - do not use that option, or you may have a zombie hanging around. - -t timeout: if the daemon has not sent a notification after timeout - milliseconds, give up and exit; systemd will not be notified. - -k: keep the NOTIFY_SOCKET environment variable when execing into the - daemon. By default, the variable is unset: the daemon should not need it. - - Notes: - sdnotify-wrapper does not change the daemon's pid. It runs as a - (grand)child of the daemon. - If the NOTIFY_SOCKET environment variable is not set, sdnotify-wrapper - does nothing - it only execs into the daemon. - sdnotify-wrapper is more liberal than sd_notify(). It will accept - a relative path in NOTIFY_SOCKET. -*/ - - -#include <sys/types.h> -#include <string.h> -#include <unistd.h> -#include <stdlib.h> -#include <errno.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <skalibs/uint64.h> -#include <skalibs/types.h> -#include <skalibs/bytestr.h> -#include <skalibs/sgetopt.h> -#include <skalibs/strerr2.h> -#include <skalibs/allreadwrite.h> -#include <skalibs/tai.h> -#include <skalibs/iopause.h> -#include <skalibs/djbunix.h> -#include <skalibs/socket.h> -#include <skalibs/exec.h> - -#define USAGE "sdnotify-wrapper [ -d fd ] [ -f ] [ -t timeout ] [ -k ] prog..." -#define dieusage() strerr_dieusage(100, USAGE) - -#define VAR "NOTIFY_SOCKET" - -static inline int ipc_sendto (int fd, char const *s, size_t len, char const *path) -{ - struct sockaddr_un sa ; - size_t l = strlen(path) ; - if (l > IPCPATH_MAX) return (errno = ENAMETOOLONG, 0) ; - memset(&sa, 0, sizeof sa) ; - sa.sun_family = AF_UNIX ; - memcpy(sa.sun_path, path, l+1) ; - if (path[0] == '@') sa.sun_path[0] = 0 ; - return sendto(fd, s, len, MSG_NOSIGNAL, (struct sockaddr *)&sa, sizeof sa) >= 0 ; -} - -static inline void notify_systemd (pid_t pid, char const *socketpath) -{ - size_t n = 16 ; - char fmt[16 + PID_FMT] = "READY=1\nMAINPID=" ; - int fd = ipc_datagram_b() ; - if (fd < 0) strerr_diefu1sys(111, "create socket") ; - n += pid_fmt(fmt + n, pid) ; - fmt[n++] = '\n' ; - if (!ipc_sendto(fd, fmt, n, socketpath)) - strerr_diefu2sys(111, "send notification message to ", socketpath) ; - close(fd) ; -} - -static inline int run_child (int fd, unsigned int timeout, pid_t pid, char const *s) -{ - char dummy[4096] ; - iopause_fd x = { .fd = fd, .events = IOPAUSE_READ } ; - tain deadline ; - tain_now_g() ; - if (timeout) tain_from_millisecs(&deadline, timeout) ; - else deadline = tain_infinite_relative ; - tain_add_g(&deadline, &deadline) ; - for (;;) - { - int r = iopause_g(&x, 1, &deadline) ; - if (r < 0) strerr_diefu1sys(111, "iopause") ; - if (!r) return 99 ; - r = sanitize_read(fd_read(fd, dummy, 4096)) ; - if (r < 0) - if (errno == EPIPE) return 1 ; - else strerr_diefu1sys(111, "read from parent") ; - else if (r && memchr(dummy, '\n', r)) break ; - } - close(fd) ; - notify_systemd(pid, s) ; - return 0 ; -} - -int main (int argc, char const *const *argv) -{ - char const *s = getenv(VAR) ; - unsigned int fd = 1 ; - unsigned int timeout = 0 ; - int df = 1, keep = 0 ; - PROG = "sdnotify-wrapper" ; - { - subgetopt l = SUBGETOPT_ZERO ; - for (;;) - { - int opt = subgetopt_r(argc, argv, "d:ft:k", &l) ; - if (opt == -1) break ; - switch (opt) - { - case 'd' : if (!uint0_scan(l.arg, &fd)) dieusage() ; break ; - case 'f' : df = 0 ; break ; - case 't' : if (!uint0_scan(l.arg, &timeout)) dieusage() ; break ; - case 'k' : keep = 1 ; break ; - default : dieusage() ; - } - } - argc -= l.ind ; argv += l.ind ; - } - if (!argc) dieusage() ; - - if (!s) xexec(argv) ; - else - { - pid_t parent = getpid() ; - pid_t child ; - int p[2] ; - if (pipe(p) < 0) strerr_diefu1sys(111, "pipe") ; - child = df ? doublefork() : fork() ; - if (child < 0) strerr_diefu1sys(111, df ? "doublefork" : "fork") ; - else if (!child) - { - PROG = "sdnotify-wrapper (child)" ; - close(p[1]) ; - return run_child(p[0], timeout, parent, s) ; - } - close(p[0]) ; - if (fd_move((int)fd, p[1]) < 0) strerr_diefu1sys(111, "move descriptor") ; - if (keep) xexec(argv) ; - else xmexec_m(argv, VAR, sizeof(VAR)) ; - } -} diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 5537f9f6aac..c6fd417d0d6 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt , libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison, runtimeShell -, pam ? null, glibcCross ? null +, libxcrypt, pam ? null, glibcCross ? null }: let @@ -28,7 +28,8 @@ stdenv.mkDerivation rec { sha256 = "sha256-PxLX5V0t18JftT5wT41krNv18Ew7Kz3MfZkOi/80ODA="; }; - buildInputs = lib.optional (pam != null && stdenv.isLinux) pam; + buildInputs = [ libxcrypt ] + ++ lib.optional (pam != null && stdenv.isLinux) pam; nativeBuildInputs = [autoreconfHook libxslt libxml2 docbook_xml_dtd_45 docbook_xsl flex bison itstool ]; @@ -62,6 +63,8 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-man" "--with-group-name-max-length=32" + "--with-bcrypt" + "--with-yescrypt" ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"; preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") diff --git a/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch b/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch new file mode 100644 index 00000000000..1cd3c2105e1 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: oxalica <oxalicc@pm.me> +Date: Tue, 4 Oct 2022 09:18:07 +0800 +Subject: [PATCH] core: don't taint on unmerged /usr + +NixOS has very different approach towards /bin and /sbin - they don't +really exist (except for /bin/sh and /usr/bin/env, because these are used +heavily in shebangs around the world). The concept of merged or unmerged +usr doesn't really apply here at all, it's neither of the two. +Users don't execute things from /bin or /sbin, there's nothing else in +there. In all cases, systemd doesn't look things up from /usr/bin or /bin, +so showing the taint isn't really helpful. + +See also: https://github.com/systemd/systemd/issues/24191 +--- + src/core/manager.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 33ded94a7c..8847479799 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -4488,10 +4488,6 @@ char* manager_taint_string(const Manager *m) { + if (m->taint_usr) + stage[n++] = "split-usr"; + +- _cleanup_free_ char *usrbin = NULL; +- if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin")) +- stage[n++] = "unmerged-usr"; +- + if (access("/proc/cgroups", F_OK) < 0) + stage[n++] = "cgroups-missing"; + diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 5b417369a55..5e5a758f302 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -7,6 +7,7 @@ , fetchpatch , fetchzip , buildPackages +, makeBinaryWrapper , ninja , meson , m4 @@ -27,6 +28,7 @@ , util-linux , kbd , kmod +, libxcrypt # Optional dependencies , pam @@ -83,7 +85,7 @@ , withHostnamed ? true , withHwdb ? true , withImportd ? !stdenv.hostPlatform.isMusl -, withLibBPF ? true +, withLibBPF ? lib.versionAtLeast llvmPackages.clang.version "10.0" , withLocaled ? true , withLogind ? true , withMachined ? true @@ -92,7 +94,7 @@ , withOomd ? true , withPCRE2 ? true , withPolkit ? true -, withPortabled ? false +, withPortabled ? !stdenv.hostPlatform.isMusl , withRemote ? !stdenv.hostPlatform.isMusl , withResolved ? true , withShellCompletions ? true @@ -120,7 +122,7 @@ assert withHomed -> withCryptsetup; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "251.4"; + version = "251.5"; # Bump this variable on every (major) version change. See below (in the meson options list) for why. # command: @@ -137,7 +139,7 @@ stdenv.mkDerivation { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "sha256-lfG6flT1k8LZBAdDK+cF9RjmJMkHMJquMjQK3MINFd8="; + sha256 = "sha256-2MEmvFT1D+9v8OazBwjnKc7i/x7i196Eoi8bODk1cM4="; }; # On major changes, or when otherwise required, you *must* reformat the patches, @@ -163,6 +165,7 @@ stdenv.mkDerivation { ./0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch ./0016-pkg-config-derive-prefix-from-prefix.patch ./0017-inherit-systemd-environment-when-calling-generators.patch + ./0018-core-don-t-taint-on-unmerged-usr.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { @@ -331,6 +334,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ pkg-config + makeBinaryWrapper gperf ninja meson @@ -359,6 +363,7 @@ stdenv.mkDerivation { acl audit kmod + libxcrypt libcap libidn2 libuuid @@ -571,21 +576,22 @@ stdenv.mkDerivation { ]; # { replacement, search, where } -> List[str] - mkSubstitute = { replacement, search, where, ignore ? [] }: + mkSubstitute = { replacement, search, where, ignore ? [ ] }: map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where; - mkEnsureSubstituted = { replacement, search, where, ignore ? [] }: - let - ignore' = lib.concatStringsSep "|" (ignore ++ ["^test" "NEWS"]); - in '' - set +e - search=$(grep '${search}' -r | grep -v "${replacement}" | grep -Ev "${ignore'}") - set -e - if [[ -n "$search" ]]; then - echo "Not all references to '${search}' have been replaced. Found the following matches:" - echo "$search" - exit 1 - fi - ''; + mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }: + let + ignore' = lib.concatStringsSep "|" (ignore ++ [ "^test" "NEWS" ]); + in + '' + set +e + search=$(grep '${search}' -r | grep -v "${replacement}" | grep -Ev "${ignore'}") + set -e + if [[ -n "$search" ]]; then + echo "Not all references to '${search}' have been replaced. Found the following matches:" + echo "$search" + exit 1 + fi + ''; in '' mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org") @@ -664,7 +670,14 @@ stdenv.mkDerivation { preFixup = lib.optionalString withEfi '' mv $out/lib/systemd/boot/efi $out/dont-strip-me ''; - postFixup = lib.optionalString withEfi '' + + # Wrap in the correct path for LUKS2 tokens. + postFixup = lib.optionalString withCryptsetup '' + for f in lib/systemd/systemd-cryptsetup bin/systemd-cryptenroll; do + # This needs to be in LD_LIBRARY_PATH because rpath on a binary is not propagated to libraries using dlopen, in this case `libcryptsetup.so` + wrapProgram $out/$f --prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib/cryptsetup + done + '' + lib.optionalString withEfi '' mv $out/dont-strip-me $out/lib/systemd/boot/efi ''; @@ -677,7 +690,7 @@ stdenv.mkDerivation { # runtime; otherwise we can't and we need to reboot. interfaceVersion = 2; - inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withTimedated withUtmp util-linux kmod kbd; + inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; tests = { inherit (nixosTests) switchTest; diff --git a/pkgs/os-specific/linux/sysvinit/default.nix b/pkgs/os-specific/linux/sysvinit/default.nix index 87b5b81066c..c8ba3164ab0 100644 --- a/pkgs/os-specific/linux/sysvinit/default.nix +++ b/pkgs/os-specific/linux/sysvinit/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, withoutInitTools ? false }: +{ lib, stdenv, fetchurl, libxcrypt, withoutInitTools ? false }: stdenv.mkDerivation rec { pname = if withoutInitTools then "sysvtools" else "sysvinit"; @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { sed -i -e "s,/sbin/,$out/sbin/," src/halt.c src/init.c src/paths.h ''; + buildInputs = [ libxcrypt ]; + makeFlags = [ "SULOGINLIBS=-lcrypt" "ROOT=$(out)" "MANDIR=/share/man" ]; preInstall = diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index d57fdba7310..8df231c961e 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,6 +1,7 @@ { lib, stdenv, fetchurl, pkg-config, zlib, shadow , capabilitiesSupport ? true , libcap_ng +, libxcrypt , ncursesSupport ? true , ncurses , pamSupport ? true @@ -68,7 +69,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config ] ++ lib.optionals translateManpages [ po4a ]; - buildInputs = [ zlib ] + buildInputs = [ zlib libxcrypt ] ++ lib.optionals pamSupport [ pam ] ++ lib.optionals capabilitiesSupport [ libcap_ng ] ++ lib.optionals ncursesSupport [ ncurses ] diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index 095d873e66c..3bb1650e8c8 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "v4l2loopback"; - version = "unstable-2021-07-13-${kernel.version}"; + version = "unstable-2022-08-05-${kernel.version}"; src = fetchFromGitHub { owner = "umlaeute"; repo = "v4l2loopback"; - rev = "baf9de279afc7a7c7513e9c40a0c9ff88f456af4"; - sha256 = "sha256-uglYTeqz81fgkKYYU9Cw8x9+S088jGxDEGkb3rmkhrw=="; + rev = "76434ab6f71d5ecbff8a218ff6bed91ea2bf73b8"; + sha256 = "sha256-TdZacRkFAO2HAEbljzXeJ241VcDqSwBECq3bnn7yvBY="; }; hardeningDisable = [ "format" "pic" ]; diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index a47fb30c1b3..244092441b2 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -5,11 +5,11 @@ assert lib.versionOlder kernel.version "5.6"; stdenv.mkDerivation rec { pname = "wireguard"; - version = "1.0.20211208"; + version = "1.0.20220627"; src = fetchzip { url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz"; - sha256 = "sha256-MHC4ojhRD8IGwTUE8oEew8IVof9hQCC7CPgVQIBfBRQ="; + sha256 = "sha256-skbho3e49lZ/GLp/JDQpf/yXIEjes86aYtw/dn6e0Uo="; }; hardeningDisable = [ "pic" ]; @@ -20,6 +20,11 @@ stdenv.mkDerivation rec { preBuild = "cd src"; buildFlags = [ "module" ]; + makeFlags = [ + "ARCH=${stdenv.hostPlatform.linuxArch}" + ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [ + "CROSS_COMPILE=${stdenv.cc.targetPrefix}" + ]; INSTALL_MOD_PATH = placeholder "out"; installFlags = [ "DEPMOD=true" ]; diff --git a/pkgs/os-specific/linux/wiringpi/default.nix b/pkgs/os-specific/linux/wiringpi/default.nix index a06e25b9eb8..eed71188eb0 100644 --- a/pkgs/os-specific/linux/wiringpi/default.nix +++ b/pkgs/os-specific/linux/wiringpi/default.nix @@ -2,6 +2,7 @@ , stdenv , symlinkJoin , fetchFromGitHub +, libxcrypt }: let @@ -35,6 +36,9 @@ let inherit mkSubProject; wiringPi = mkSubProject { subprj = "wiringPi"; + buildInputs = [ + libxcrypt + ]; }; devLib = mkSubProject { subprj = "devLib"; @@ -45,6 +49,7 @@ let wiringPiD = mkSubProject { subprj = "wiringPiD"; buildInputs = [ + libxcrypt passthru.wiringPi passthru.devLib ]; @@ -52,6 +57,7 @@ let gpio = mkSubProject { subprj = "gpio"; buildInputs = [ + libxcrypt passthru.wiringPi passthru.devLib ]; diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index 080a198b0f4..5309c6abe24 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -16,7 +16,8 @@ , enablePython ? true # for determining the latest compatible linuxPackages -, linuxPackages_5_19 ? pkgs.linuxKernel.packages.linux_5_19 +, linuxPackages_5_15 ? pkgs.linuxKernel.packages.linux_5_15 +, linuxPackages_6_0 ? pkgs.linuxKernel.packages.linux_6_0 }: let @@ -217,7 +218,7 @@ in { zfsStable = common { # check the release notes for compatible kernels kernelCompatible = kernel.kernelOlder "5.20"; - latestCompatibleLinuxPackages = linuxPackages_5_19; + latestCompatibleLinuxPackages = linuxPackages_5_15; # this package should point to the latest release. version = "2.1.6"; @@ -227,17 +228,17 @@ in { zfsUnstable = common { # check the release notes for compatible kernels - kernelCompatible = kernel.kernelOlder "5.20"; - latestCompatibleLinuxPackages = linuxPackages_5_19; + kernelCompatible = kernel.kernelOlder "6.1"; + latestCompatibleLinuxPackages = linuxPackages_6_0; # this package should point to a version / git revision compatible with the latest kernel release # IMPORTANT: Always use a tagged release candidate or commits from the # zfs-<version>-staging branch, because this is tested by the OpenZFS # maintainers. - version = "2.1.6"; - # rev = "0000000000000000000000000000000000000000"; + version = "2.1.7-staging-2022-10-27"; + rev = "04f1983aab16d378be376768275856bc38be48bd"; - sha256 = "sha256-gd5WlNtnoSiVj4sKUGf0WhR7Z1GPebwu3Z1mkNsoC/I="; + sha256 = "sha256-6s9Qcw6Qqq7+JU9UPa8DDu2yzhD1OV3piLlYsgEoIhg="; isUnstable = true; }; |