diff options
Diffstat (limited to 'pkgs/os-specific/linux')
28 files changed, 457 insertions, 89 deletions
diff --git a/pkgs/os-specific/linux/bolt/default.nix b/pkgs/os-specific/linux/bolt/default.nix index 748db1a62b5..df618cbff5a 100644 --- a/pkgs/os-specific/linux/bolt/default.nix +++ b/pkgs/os-specific/linux/bolt/default.nix @@ -76,7 +76,7 @@ stdenv.mkDerivation rec { dbus gobject-introspection umockdev - (python3.pythonForBuild.withPackages + (python3.pythonOnBuildForHost.withPackages (p: [ p.pygobject3 p.dbus-python p.python-dbusmock ])) ]; diff --git a/pkgs/os-specific/linux/displaylink/default.nix b/pkgs/os-specific/linux/displaylink/default.nix index 463795936e7..e71062e8ac4 100644 --- a/pkgs/os-specific/linux/displaylink/default.nix +++ b/pkgs/os-specific/linux/displaylink/default.nix @@ -12,11 +12,11 @@ }: let - arch = - if stdenv.hostPlatform.system == "x86_64-linux" then "x64" - else if stdenv.hostPlatform.system == "i686-linux" then "x86" + bins = + if stdenv.hostPlatform.system == "x86_64-linux" then "x64-ubuntu-1604" + else if stdenv.hostPlatform.system == "i686-linux" then "x86-ubuntu-1604" + else if stdenv.hostPlatform.system == "aarch64-linux" then "aarch64-linux-gnu" else throw "Unsupported architecture"; - bins = "${arch}-ubuntu-1604"; libPath = lib.makeLibraryPath [ stdenv.cc.cc util-linux libusb1 evdi ]; in @@ -80,7 +80,7 @@ stdenv.mkDerivation rec { homepage = "https://www.displaylink.com/"; license = licenses.unfree; maintainers = with maintainers; [ abbradar ]; - platforms = [ "x86_64-linux" "i686-linux" ]; + platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; hydraPlatforms = []; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; }; diff --git a/pkgs/os-specific/linux/evdi/default.nix b/pkgs/os-specific/linux/evdi/default.nix index ebb6fbe2cc6..bd34ac0db4d 100644 --- a/pkgs/os-specific/linux/evdi/default.nix +++ b/pkgs/os-specific/linux/evdi/default.nix @@ -16,7 +16,11 @@ stdenv.mkDerivation rec { hash = "sha256-em3Y56saB7K3Wr31Y0boc38xGb57gdveN0Cstgy8y20="; }; - env.NIX_CFLAGS_COMPILE = "-Wno-error -Wno-error=sign-compare"; + env.NIX_CFLAGS_COMPILE = toString [ + "-Wno-error" + "-Wno-error=discarded-qualifiers" # for Linux 4.19 compatibility + "-Wno-error=sign-compare" + ]; nativeBuildInputs = kernel.moduleBuildDependencies; @@ -43,6 +47,6 @@ stdenv.mkDerivation rec { platforms = platforms.linux; license = with licenses; [ lgpl21Only gpl2Only ]; homepage = "https://www.displaylink.com/"; - broken = kernel.kernelOlder "4.19" || stdenv.isAarch64; + broken = kernel.kernelOlder "4.19" || kernel.kernelAtLeast "6.6"; }; } diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index 3def168d2fa..f4914d84327 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -8,6 +8,7 @@ , gobject-introspection , gettext , libgudev +, libdrm , polkit , libxmlb , glib @@ -18,14 +19,12 @@ , curl , libjcat , elfutils -, libsmbios , efivar , valgrind , meson , libuuid , colord , ninja -, gcab , gnutls , protobufc , python3 @@ -124,7 +123,7 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "fwupd"; - version = "1.9.6"; + version = "1.9.7"; # libfwupd goes to lib # daemon, plug-ins and libfwupdplugin go to out @@ -135,7 +134,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "fwupd"; repo = "fwupd"; rev = finalAttrs.version; - hash = "sha256-9mA6gETnOmmkI+cdF0kP1moPV6DDvASq1JXarupM/tU="; + hash = "sha256-NhVCIjkwoTZptctIrkU9HgXzjr+KCUZfEKcjoYgAEdM="; }; patches = [ @@ -169,7 +168,6 @@ stdenv.mkDerivation (finalAttrs: { gettext shared-mime-info valgrind - gcab gnutls protobufc # for protoc python @@ -183,6 +181,7 @@ stdenv.mkDerivation (finalAttrs: { gusb sqlite libarchive + libdrm curl elfutils libgudev @@ -202,8 +201,6 @@ stdenv.mkDerivation (finalAttrs: { libcbor libqmi xz # for liblzma - ] ++ lib.optionals haveDell [ - libsmbios ] ++ lib.optionals haveFlashrom [ flashrom ]; diff --git a/pkgs/os-specific/linux/fwts/default.nix b/pkgs/os-specific/linux/fwts/default.nix index d44db7adf15..43f7ed5cb3a 100644 --- a/pkgs/os-specific/linux/fwts/default.nix +++ b/pkgs/os-specific/linux/fwts/default.nix @@ -20,6 +20,10 @@ stdenv.mkDerivation rec { --replace "/usr/bin/lspci" "${pciutils}/bin/lspci" \ --replace "/usr/sbin/dmidecode" "${dmidecode}/bin/dmidecode" \ --replace "/usr/bin/iasl" "${acpica-tools}/bin/iasl" + + substituteInPlace src/lib/src/fwts_devicetree.c \ + src/devicetree/dt_base/dt_base.c \ + --replace "dtc -I" "${dtc}/bin/dtc -I" ''; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/hid-tmff2/default.nix b/pkgs/os-specific/linux/hid-tmff2/default.nix new file mode 100644 index 00000000000..ac297c78e10 --- /dev/null +++ b/pkgs/os-specific/linux/hid-tmff2/default.nix @@ -0,0 +1,36 @@ +{ stdenv, lib, fetchFromGitHub, kernel }: + +stdenv.mkDerivation { + pname = "hid-tmff2"; + # https://github.com/Kimplul/hid-tmff2/blob/ca168637fbfb085ebc9ade0c47fa0653dac5d25b/dkms/dkms-install.sh#L12 + version = "0.81"; + + src = fetchFromGitHub { + owner = "Kimplul"; + repo = "hid-tmff2"; + rev = "ca168637fbfb085ebc9ade0c47fa0653dac5d25b"; + hash = "sha256-Nm5m5xjwJGy+ia4nTkvPZynIxUj6MVGGbSNmIcIpziM="; + # For hid-tminit. Source: https://github.com/scarburato/hid-tminit + fetchSubmodules = true; + }; + + nativeBuildInputs = kernel.moduleBuildDependencies; + + makeFlags = kernel.makeFlags ++ [ + "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + installFlags = [ + "INSTALL_MOD_PATH=${placeholder "out"}" + ]; + + postPatch = "sed -i '/depmod -A/d' Makefile"; + + meta = with lib; { + description = "A linux kernel module for Thrustmaster T300RS, T248 and TX(experimental)"; + homepage = "https://github.com/Kimplul/hid-tmff2"; + license = licenses.gpl2Plus; + maintainers = [ maintainers.rayslash ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/os-specific/linux/intel-cmt-cat/default.nix b/pkgs/os-specific/linux/intel-cmt-cat/default.nix index 9429bd28306..62e6149b6f1 100644 --- a/pkgs/os-specific/linux/intel-cmt-cat/default.nix +++ b/pkgs/os-specific/linux/intel-cmt-cat/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec { - version = "23.08"; + version = "23.11"; pname = "intel-cmt-cat"; src = fetchFromGitHub { owner = "intel"; repo = "intel-cmt-cat"; rev = "v${version}"; - sha256 = "sha256-T97cTJLGSJgOoQFgL/lI+AldqsCEcHilhTTDZy+pmU8="; + sha256 = "sha256-/OSU/7QR8NAjcAIo+unVQfORvCH5VpjfRn5sIrCxwbE="; }; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/isgx/default.nix b/pkgs/os-specific/linux/isgx/default.nix index 6e97532ee5d..c49a0a7b913 100644 --- a/pkgs/os-specific/linux/isgx/default.nix +++ b/pkgs/os-specific/linux/isgx/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, kernel, kernelAtLeast }: +{ stdenv, lib, fetchFromGitHub, kernel }: stdenv.mkDerivation rec { name = "isgx-${version}-${kernel.version}"; @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { ''; homepage = "https://github.com/intel/linux-sgx-driver"; license = with licenses; [ bsd3 /* OR */ gpl2Only ]; - maintainers = with maintainers; [ oxalica ]; + maintainers = [ ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 33b7f88493d..d8f8bb2fa73 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -52,21 +52,31 @@ "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.60-hardened1.patch", - "sha256": "1k0807jpjljf2fcjxnmvd9rb8y8xqj21x2qn4yd72c58jkii52qq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.60-hardened1/linux-hardened-6.1.60-hardened1.patch" + "name": "linux-hardened-6.1.61-hardened1.patch", + "sha256": "0d9zhh32dx1q828q50kmznmsa6yinppbklhgg8ix7b7k23857ha6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.61-hardened1/linux-hardened-6.1.61-hardened1.patch" }, - "sha256": "02pvymr1dgd36mp7yikxqqv0sfrpwi1grnvxvx6jbbx6wmx0wljq", - "version": "6.1.60" + "sha256": "1kk4d7ph6pvgdrdmaklg15wf58nw9n7yqgkag7jdvqinzh99sb5d", + "version": "6.1.61" + }, + "6.4": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-6.4.16-hardened1.patch", + "sha256": "10lydnnhhq9ynng1gfaqh1mncsb0dmr27zzcbygs1xigy2bl70n9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.16-hardened1/linux-hardened-6.4.16-hardened1.patch" + }, + "sha256": "0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln", + "version": "6.4.16" }, "6.5": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.5.8-hardened1.patch", - "sha256": "09dvz9massj8rwrwvr2n1y2v8k4c3ic8gfrp049p7g0npzag2cwl", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.8-hardened1/linux-hardened-6.5.8-hardened1.patch" + "name": "linux-hardened-6.5.10-hardened1.patch", + "sha256": "0p2lj7ryiizr1sxvm2kgds3l8sg9fns35y2fcyqq61lg7ymzj1fi", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.10-hardened1/linux-hardened-6.5.10-hardened1.patch" }, - "sha256": "05zpdh4dxaadq52hlczdmwb7bsqfm3q45v7bdqbsmplhgn4wm719", - "version": "6.5.8" + "sha256": "12sswml8jvabv6bqx35lg3jj6gq8jjk365rghjngdy5d0j34jpx1", + "version": "6.5.10" } } diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 67c92440f19..49b2fddba1d 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -4,12 +4,12 @@ "hash": "sha256:1zzd32ya4hldfywicgpnc2cyd412s7q9c31qvxx2nl9nkx11xsxv" }, "6.5": { - "version": "6.5.10", - "hash": "sha256:12sswml8jvabv6bqx35lg3jj6gq8jjk365rghjngdy5d0j34jpx1" + "version": "6.5.11", + "hash": "sha256:06dmb4hbwrms0lp4axphwgj8wbnzsym70sx55lxr501b53wlmqif" }, "6.1": { - "version": "6.1.61", - "hash": "sha256:1kk4d7ph6pvgdrdmaklg15wf58nw9n7yqgkag7jdvqinzh99sb5d" + "version": "6.1.62", + "hash": "sha256:1v453q4sf0j8708ivs1zmdf645hgimqvxfc8xz7czgnnmipn3zdr" }, "5.15": { "version": "5.15.137", @@ -20,19 +20,19 @@ "hash": "sha256:1h944syk7n6c4j1djlx19n77alzwbxcdza77c9ykicgfynhpgsm0" }, "5.4": { - "version": "5.4.259", - "hash": "sha256:195v4fidavzm637glj6580006mrcaygnbj4za874imb62bxf9rpz" + "version": "5.4.260", + "hash": "sha256:1zpbaipd2j3idj8h9iznlj0ywcq5nkhwj707a1f9ixf82h3q4c4q" }, "4.19": { - "version": "4.19.297", - "hash": "sha256:0c9xxqgv2i36hrr06dwz7f3idc04xpv0a5pxg08xdh03cnyf12cx" + "version": "4.19.298", + "hash": "sha256:0mhgq6hdcls1af7nj999x1mds5b37s7vwin8nsb4q0lnx2y1da4x" }, "4.14": { - "version": "4.14.328", - "hash": "sha256:1igcpvnhwwrczfdsafmszvi0456k7f6j4cgpfw6v6afw09p95d8x" + "version": "4.14.329", + "hash": "sha256:1dvb4xf0b7snabznl7bg7gga7ffdmywy8vr8q65pzl9yf6fnhdny" }, "6.6": { - "version": "6.6", - "hash": "sha256:1l2nisx9lf2vdgkq910n5ldbi8z25ky1zvl67zgwg2nxcdna09nr" + "version": "6.6.1", + "hash": "sha256:0d42b1hbvv9w3y3q4wydr6il0g5a823n54a06p4p5vcpgkadf7ns" } } diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index a55588b2cea..691b4899f2d 100644 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -6,14 +6,14 @@ let # NOTE: When updating these, please also take a look at the changes done to # kernel config in the xanmod version commit ltsVariant = { - version = "6.1.60"; - hash = "sha256-KYCeONJxyFPee4pvBLRw/MBTzPU7D2oZCrAVr3t/yPM="; + version = "6.1.62"; + hash = "sha256-fo5OQ/MZ+QVdCmLzX0OgFUBedfqrkqp+Ev081RVdtWw="; variant = "lts"; }; mainVariant = { - version = "6.5.9"; - hash = "sha256-5SFPBsDTmq7tA6pyM7rbIjBPAtPbqhUl6VfA2z5baPA="; + version = "6.5.11"; + hash = "sha256-1bb5LG6JvqX5eNSe2Xyu86HxaqkUVkKUf1H3T7bFkGE="; variant = "main"; }; @@ -36,9 +36,9 @@ let # WineSync driver for fast kernel-backed Wine WINESYNC = module; - # Preemptive Full Tickless Kernel at 500Hz - HZ = freeform "500"; - HZ_500 = yes; + # Preemptive Full Tickless Kernel at 250Hz + HZ = freeform "250"; + HZ_250 = yes; HZ_1000 = no; }; diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 5b418b6a7cc..5e949a6f461 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.6"; #zen + version = "6.6.1"; #zen suffix = "zen1"; #zen - sha256 = "0rda54h5lg2llbwkj2h4mqfshjyha1dzlcwhx099is7g2lfzksxx"; #zen + sha256 = "13m820wggf6pkp351w06mdn2lfcwbn08ydwksyxilqb88vmr0lpq"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "6.5.10"; #lqx + version = "6.5.11"; #lqx suffix = "lqx1"; #lqx - sha256 = "10bny5x2a3brfamyajvnl75h7s64vvmymgnvwgaq82q4bmsfcdd1"; #lqx + sha256 = "02k4cfiygrfgyp3x6ivr7h6klknjzd5cwpszjnzcy2jc547512pd"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { diff --git a/pkgs/os-specific/linux/libnl/default.nix b/pkgs/os-specific/linux/libnl/default.nix index c9eea70db99..5248c263b3b 100644 --- a/pkgs/os-specific/linux/libnl/default.nix +++ b/pkgs/os-specific/linux/libnl/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { postBuild = lib.optionalString (pythonSupport) '' cd python - ${python.pythonForBuild.interpreter} setup.py install --prefix=../pythonlib + ${python.pythonOnBuildForHost.interpreter} setup.py install --prefix=../pythonlib cd - ''; diff --git a/pkgs/os-specific/linux/libnvme/default.nix b/pkgs/os-specific/linux/libnvme/default.nix index 564fa4537c8..129bb49e81e 100644 --- a/pkgs/os-specific/linux/libnvme/default.nix +++ b/pkgs/os-specific/linux/libnvme/default.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation (finalAttrs: { ninja perl # for kernel-doc pkg-config - python3.pythonForBuild + python3.pythonOnBuildForHost swig ]; diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix index ec6d3f5aa4b..695012effc5 100644 --- a/pkgs/os-specific/linux/libselinux/default.nix +++ b/pkgs/os-specific/linux/libselinux/default.nix @@ -64,7 +64,7 @@ stdenv.mkDerivation rec { ] ++ optionals stdenv.hostPlatform.isStatic [ "DISABLE_SHARED=y" ] ++ optionals enablePython [ - "PYTHON=${python3.pythonForBuild.interpreter}" + "PYTHON=${python3.pythonOnBuildForHost.interpreter}" "PYTHONLIBDIR=$(py)/${python3.sitePackages}" ]; diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix index 70d84d6311c..96477c5f442 100644 --- a/pkgs/os-specific/linux/lxcfs/default.nix +++ b/pkgs/os-specific/linux/lxcfs/default.nix @@ -50,6 +50,6 @@ stdenv.mkDerivation rec { changelog = "https://linuxcontainers.org/lxcfs/news/"; license = licenses.asl20; platforms = platforms.linux; - maintainers = with maintainers; [ mic92 ]; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/os-specific/linux/minimal-bootstrap/stage0-posix/bootstrap-sources.nix b/pkgs/os-specific/linux/minimal-bootstrap/stage0-posix/bootstrap-sources.nix index 715d261eea4..7f2e8ab81a3 100644 --- a/pkgs/os-specific/linux/minimal-bootstrap/stage0-posix/bootstrap-sources.nix +++ b/pkgs/os-specific/linux/minimal-bootstrap/stage0-posix/bootstrap-sources.nix @@ -2,12 +2,11 @@ }: rec { - name = "stage0-posix-${version}-${rev}-source"; - # Pinned from https://github.com/oriansj/stage0-posix/commit/3189b5f325b7ef8b88e3edec7c1cde4fce73c76c - version = "unstable-2023-05-02"; - rev = "3189b5f325b7ef8b88e3edec7c1cde4fce73c76c"; + name = "stage0-posix-${version}-source"; + version = "1.6.0"; + rev = "Release_${version}"; outputHashAlgo = "sha256"; - outputHash = "sha256-7Y9+csTwZIQp0WGbagX+Q4f2zavN7AUk1TSBp/H5Xks="; + outputHash = "sha256-epUaShjKiAd749ICvc6rS6WhUkS8R4heKuPdwUjEtsQ="; /* Since `make-minimal-bootstrap-sources` requires nixpkgs and nix it diff --git a/pkgs/os-specific/linux/nixos-rebuild/_nixos-rebuild b/pkgs/os-specific/linux/nixos-rebuild/_nixos-rebuild new file mode 100644 index 00000000000..84e8d223bd8 --- /dev/null +++ b/pkgs/os-specific/linux/nixos-rebuild/_nixos-rebuild @@ -0,0 +1,165 @@ +#!/usr/bin/env bash + +# We're faking a `nix build` command-line to re-use Nix's own completion +# for the few options passed through to Nix. +_nixos-rebuild_pretend-nix() { + COMP_LINE="nix build ${COMP_LINE}" + # number of prepended chars + (( COMP_POINT = COMP_POINT + 10)) + + COMP_WORDS=( + nix build + "${COMP_WORDS[@]}" + ) + # Add the amount of prepended words + (( COMP_CWORD = COMP_CWORD + 2)) + _complete_nix "nix" +} + +_nixos-rebuild() { + local curr="$2" + local prev="$3" + local subcommandGiven=0 + local word + local subcommand + + __load_completion nix + + # Arrays are re-ordered by the completion, so it's fine to sort them in logical chunks + local all_args=( + --verbose -v + + # nixos-rebuild options + --fast + --no-build-nix + --profile-name -p # name + --rollback + --specialisation -c # name + --use-remote-sudo + --build-host # host + --target-host # host + # Used with list-generations + --json + + # generation switching options + --install-bootloader + + # nix-channel options + --upgrade + --upgrade-all + + # flakes options + --commit-lock-file + --flake # flake-uri + --override-input # input-name flake-uri + --recreate-lock-file + --update-input + --no-flake + --no-registries + --no-update-lock-file + --no-write-lock-file + + # Nix-copy options + --use-substitutes --substitute-on-destination -s + + # Nix options + --option + --impure + --builders # builder-spec + --show-trace + --keep-failed -K + --keep-going -k + --max-jobs -j # number + --log-format # format + -I # NIX_PATH + ) + + local all_subcommands=( + boot + build + build-vm + build-vm-with-bootloader + dry-activate + dry-build + edit + list-generations + switch + test + ) + + # Suggest arguments that can be consumed under some conditions only + for word in "${COMP_WORDS[@]}"; do + for subcommand in "${all_subcommands[@]}"; do + if [[ "$word" == "$subcommand" ]]; then + subcommandGiven=1 + fi + done + done + + # Fake out a way to complete the second arg to some options + case "${COMP_WORDS[COMP_CWORD-2]}" in + "--override-input") + prev="--override-input_2" + ;; + "--option") + prev="--option_2" + ;; + esac + + case "$prev" in + --max-jobs|-j) + COMPREPLY=( ) + ;; + + --profile-name|-p) + if [[ "$curr" == "" ]]; then + COMPREPLY=( /nix/var/nix/profiles/* ) + else + COMPREPLY=( "$curr"* ) + fi + ;; + + --build-host|--target-host|-t|-h) + _known_hosts_real "$curr" + ;; + + --specialisation|-c) + COMPREPLY=() + ;; + + -I) + _nixos-rebuild_pretend-nix + ;; + --builders) + _nixos-rebuild_pretend-nix + ;; + --flake) + _nixos-rebuild_pretend-nix + ;; + --override-input) + _nixos-rebuild_pretend-nix + ;; + --override-input_2) + _nixos-rebuild_pretend-nix + ;; + --log-format) + _nixos-rebuild_pretend-nix + ;; + --option) + _nixos-rebuild_pretend-nix + ;; + --option_2) + _nixos-rebuild_pretend-nix + ;; + + *) + if [[ "$curr" == -* ]] || (( subcommandGiven )); then + COMPREPLY=( $(compgen -W "${all_args[*]}" -- "$2") ) + else + COMPREPLY=( $(compgen -W "${all_subcommands[*]}" -- "$2") ) + fi + ;; + esac +} + +complete -F _nixos-rebuild nixos-rebuild diff --git a/pkgs/os-specific/linux/nixos-rebuild/default.nix b/pkgs/os-specific/linux/nixos-rebuild/default.nix index 4ff0c8c3291..6c150b1b8cd 100644 --- a/pkgs/os-specific/linux/nixos-rebuild/default.nix +++ b/pkgs/os-specific/linux/nixos-rebuild/default.nix @@ -28,6 +28,9 @@ substituteAll { ]; postInstall = '' installManPage ${./nixos-rebuild.8} + + installShellCompletion \ + --bash ${./_nixos-rebuild} ''; # run some a simple installer tests to make sure nixos-rebuild still works for them diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index 9e75db6d27b..dddae8da206 100755 --- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -117,11 +117,11 @@ while [ "$#" -gt 0 ]; do specialisation="$1" shift 1 ;; - --build-host|h) + --build-host) buildHost="$1" shift 1 ;; - --target-host|t) + --target-host) targetHost="$1" shift 1 ;; diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index e6f366f3433..7fec21a8237 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -59,11 +59,11 @@ rec { # Vulkan developer beta driver # See here for more information: https://developer.nvidia.com/vulkan-driver vulkan_beta = generic rec { - version = "535.43.15"; + version = "535.43.16"; persistencedVersion = "535.98"; settingsVersion = "535.98"; - sha256_64bit = "sha256-DyEBrVV9DmeeOU2C0eitQLh9mGo4kxG3xxRsImrIFyo="; - openSha256 = "sha256-eW0Z70BTF0j8TmsOiVzbLOyiyScR/7hgEp9GYI9RZbA="; + sha256_64bit = "sha256-c93CJSMPlGZgk+jhp9zTHCKSZ0LdnJu+ifLo+qMvIIk="; + openSha256 = "sha256-509KaBavGIOOpzdrdJuAR1PYq91Clwo8n+nhruxO1wM="; settingsSha256 = "sha256-jCRfeB1w6/dA27gaz6t5/Qo7On0zbAPIi74LYLel34s="; persistencedSha256 = "sha256-WviDU6B50YG8dO64CGvU3xK8WFUX8nvvVYm/fuGyroM="; url = "https://developer.nvidia.com/downloads/vulkan-beta-${lib.concatStrings (lib.splitString "." version)}-linux"; diff --git a/pkgs/os-specific/linux/pam_mktemp/default.nix b/pkgs/os-specific/linux/pam_mktemp/default.nix new file mode 100644 index 00000000000..04ba58785ef --- /dev/null +++ b/pkgs/os-specific/linux/pam_mktemp/default.nix @@ -0,0 +1,48 @@ +{ lib +, stdenv +, fetchurl +, fetchpatch +, pam +, e2fsprogs +}: + +stdenv.mkDerivation rec { + pname = "pam_mktemp"; + version = "1.1.1"; + + src = fetchurl { + url = "https://openwall.com/pam/modules/${pname}/${pname}-${version}.tar.gz"; + hash = "sha256-Zs+AwYQ5yjRW25ZALy7qwUsaBQPMHRvn8rFtXwefPz0="; + }; + + patches = [ + (fetchpatch { + name = "inherit_private_prefix_from_home.patch"; + url = "https://git.altlinux.org/gears/p/pam_mktemp.git?p=pam_mktemp.git;a=commitdiff_plain;h=3d2e8ad6da6a44c047bf7a8afa1e1bb2a6e36a55"; + hash = "sha256-xe44fi2xH9jqlStlIR4QPB0KS7spflRdOsvNPEmxJpU"; + }) + (fetchpatch { + name = "allow_private_prefix_to_be_stricter.patch"; + url = "https://git.altlinux.org/gears/p/pam_mktemp.git?p=pam_mktemp.git;a=commitdiff_plain;h=bb2cee0c695d22310e5364c30d74bccb0dbf3205"; + hash = "sha256-TouysUVlNnl+m7lJ2VKPxUTYD2om1Jh5FEJ6NHMAI4U="; + }) + ]; + + patchFlags = "-p2"; + + dontConfigure = true; + + buildInputs = [ pam e2fsprogs ]; + + makeFlags = [ "DESTDIR=$(out)" ]; + + enableParallelBuilding = true; + + meta = with lib; { + homepage = "https://www.openwall.com/pam/"; + description = "PAM for login service to provide per-user private directories"; + license = licenses.bsd0; + maintainers = with maintainers; [ wladmis ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/os-specific/linux/power-profiles-daemon/default.nix b/pkgs/os-specific/linux/power-profiles-daemon/default.nix index ae08f59cc1a..e81f42b65a2 100644 --- a/pkgs/os-specific/linux/power-profiles-daemon/default.nix +++ b/pkgs/os-specific/linux/power-profiles-daemon/default.nix @@ -53,7 +53,7 @@ stdenv.mkDerivation rec { wrapGAppsNoGuiHook python3.pkgs.wrapPython # checkInput but cheked for during the configuring - (python3.pythonForBuild.withPackages (ps: with ps; [ + (python3.pythonOnBuildForHost.withPackages (ps: with ps; [ pygobject3 dbus-python python-dbusmock diff --git a/pkgs/os-specific/linux/procps-ng/default.nix b/pkgs/os-specific/linux/procps-ng/default.nix index 67b839a1bd3..56a92ffa44e 100644 --- a/pkgs/os-specific/linux/procps-ng/default.nix +++ b/pkgs/os-specific/linux/procps-ng/default.nix @@ -27,7 +27,9 @@ stdenv.mkDerivation rec { sha256 = "sha256-RRiz56r9NOwH0AY9JQ/UdJmbILIAIYw65W9dIRPxQbQ="; }; - patches = lib.optionals stdenv.hostPlatform.isMusl [ + patches = [ + ./v3-CVE-2023-4016.patch + ] ++ lib.optionals stdenv.hostPlatform.isMusl [ # NOTE: Starting from 4.x we will not need a patch anymore, but need to add # "--disable-w" to configureFlags instead to prevent the utmp errors (fetchpatch { diff --git a/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch b/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch new file mode 100644 index 00000000000..2e260eaf738 --- /dev/null +++ b/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch @@ -0,0 +1,63 @@ +This is https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413.diff +back-ported to procps 3.3.17. That commit changes xmalloc to xcalloc. This patch differs in two ways: + +* We modify it to change malloc (no x-) to xcalloc instead +* We pull in procps-4's definition of xcalloc + +Alternative considered: Also pull in commits that changed malloc to xmalloc and defined xcalloc. +This alternative is rejected because those commits contain many other unrelated changes. + +diff --git a/ps/parser.c b/ps/parser.c +index 4263a1fb..ee9a57d9 100644 +--- a/ps/parser.c ++++ b/ps/parser.c +@@ -36,6 +36,14 @@ + #include "common.h" + #include "c.h" + ++static void *xxcalloc(const size_t nelems, const size_t size) ++{ ++ void *ret = calloc(nelems, size); ++ if (!ret && size && nelems) ++ xerrx(EXIT_FAILURE, "cannot allocate %zu bytes", nelems*size); ++ return ret; ++} ++ + #define ARG_GNU 0 + #define ARG_END 1 + #define ARG_PGRP 2 +@@ -184,7 +192,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + const char *err; /* error code that could or did happen */ + /*** prepare to operate ***/ + node = malloc(sizeof(selection_node)); +- node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */ + node->n = 0; + buf = strdup(arg); + /*** sanity check and count items ***/ +@@ -205,6 +212,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + } while (*++walk); + if(need_item) goto parse_error; + node->n = items; ++ node->u = xxcalloc(items, sizeof(sel_union)); + /*** actually parse the list ***/ + walk = buf; + while(items--){ +@@ -1031,15 +1039,15 @@ static const char *parse_trailing_pids(void){ + thisarg = ps_argc - 1; /* we must be at the end now */ + + pidnode = malloc(sizeof(selection_node)); +- pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ pidnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + pidnode->n = 0; + + grpnode = malloc(sizeof(selection_node)); +- grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ grpnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + grpnode->n = 0; + + sidnode = malloc(sizeof(selection_node)); +- sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ sidnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + sidnode->n = 0; + + while(i--){ diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 809bf48be1e..0311d46d1fc 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -124,7 +124,7 @@ , withRemote ? !stdenv.hostPlatform.isMusl , withResolved ? true , withShellCompletions ? true -, withSysusers ? false # conflicts with the NixOS user management +, withSysusers ? true , withSysupdate ? true , withTimedated ? true , withTimesyncd ? true @@ -729,6 +729,8 @@ stdenv.mkDerivation (finalAttrs: { rm -rf $out/share/doc '' + lib.optionalString (withKmod && !buildLibsOnly) '' mv $out/lib/modules-load.d $out/example + '' + lib.optionalString withSysusers '' + mv $out/lib/sysusers.d $out/example ''; # Avoid *.EFI binary stripping. At least on aarch64-linux strip @@ -785,6 +787,6 @@ stdenv.mkDerivation (finalAttrs: { # https://github.com/systemd/systemd/issues/20600#issuecomment-912338965 broken = stdenv.hostPlatform.isStatic; priority = 10; - maintainers = with maintainers; [ flokli kloenk mic92 ]; + maintainers = with maintainers; [ flokli kloenk ]; }; }) diff --git a/pkgs/os-specific/linux/tomb/default.nix b/pkgs/os-specific/linux/tomb/default.nix index af04476aa1d..9c97377cfe0 100644 --- a/pkgs/os-specific/linux/tomb/default.nix +++ b/pkgs/os-specific/linux/tomb/default.nix @@ -1,19 +1,37 @@ -{ stdenv, lib, fetchFromGitHub, makeWrapper -, gettext, zsh, pinentry, cryptsetup, gnupg, util-linux, e2fsprogs, sudo +{ stdenv +, lib +, fetchFromGitHub +, substituteAll +, makeWrapper +, zsh +, coreutils +, cryptsetup +, e2fsprogs +, file +, gawk +, getent +, gettext +, gnugrep +, gnupg +, libargon2 +, lsof +, pinentry +, util-linux +, nix-update-script }: stdenv.mkDerivation rec { pname = "tomb"; - version = "2.9"; + version = "2.10"; src = fetchFromGitHub { - owner = "dyne"; - repo = "Tomb"; - rev = "v${version}"; - sha256 = "0d6vmfcf4kd0p2bcljmdnyc2fmbwvar81cc472zx86r7yc3ih102"; + owner = "dyne"; + repo = "Tomb"; + rev = "refs/tags/v${version}"; + hash = "sha256-lLxQJX0P6b6lbXEcrq45EsX9iKiayZ9XkhqgMfpN3/w="; }; - buildInputs = [ sudo zsh pinentry ]; + buildInputs = [ zsh pinentry ]; nativeBuildInputs = [ makeWrapper ]; @@ -23,22 +41,39 @@ stdenv.mkDerivation rec { --replace 'TOMBEXEC=$0' 'TOMBEXEC=tomb' ''; - doInstallCheck = true; - installCheckPhase = "$out/bin/tomb -h"; - installPhase = '' - install -Dm755 tomb $out/bin/tomb + install -Dm755 tomb $out/bin/tomb install -Dm644 doc/tomb.1 $out/share/man/man1/tomb.1 wrapProgram $out/bin/tomb \ - --prefix PATH : $out/bin:${lib.makeBinPath [ cryptsetup gettext gnupg pinentry util-linux e2fsprogs ]} + --prefix PATH : $out/bin:${lib.makeBinPath [ + coreutils + cryptsetup + e2fsprogs + file + gawk + getent + gettext + gnugrep + gnupg + libargon2 + lsof + pinentry + util-linux + ]} ''; + passthru = { + updateScript = nix-update-script { }; + }; + meta = with lib; { description = "File encryption on GNU/Linux"; - homepage = "https://www.dyne.org/software/tomb/"; - license = licenses.gpl3; - maintainers = with maintainers; [ peterhoeg ]; - platforms = platforms.linux; + homepage = "https://www.dyne.org/software/tomb/"; + changelog = "https://github.com/dyne/Tomb/blob/v${version}/ChangeLog.md"; + license = licenses.gpl3Only; + mainProgram = "tomb"; + maintainers = with maintainers; [ peterhoeg anthonyroussel ]; + platforms = platforms.linux; }; } diff --git a/pkgs/os-specific/linux/usbutils/default.nix b/pkgs/os-specific/linux/usbutils/default.nix index 20936fa7d49..cfd94bf33c4 100644 --- a/pkgs/os-specific/linux/usbutils/default.nix +++ b/pkgs/os-specific/linux/usbutils/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "usbutils"; - version = "015"; + version = "017"; src = fetchurl { url = "mirror://kernel/linux/utils/usb/usbutils/usbutils-${version}.tar.xz"; - sha256 = "sha256-w7RRux9P+fY1bKxaaVaprI6F2BZRr1ainmiflPpv2m4="; + hash = "sha256-pqJf/c+RA+ONekRzKsoXBz9OYCuS5K5VYlIxqCcC4Fs="; }; patches = [ |