diff options
Diffstat (limited to 'pkgs/os-specific')
8 files changed, 189 insertions, 12 deletions
diff --git a/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix index 21971ea2e28..cfd13b1b049 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix @@ -1,11 +1,18 @@ -{ stdenv, appleDerivation, xcbuildHook }: +{ stdenv, appleDerivation, xcbuildHook, llvmPackages }: appleDerivation { nativeBuildInputs = [ xcbuildHook ]; - patchPhase = '' + patches = [ + # The following copied from + # https://github.com/Homebrew/homebrew-core/commit/712ed3e948868e17f96b7e59972b5f45d4faf688 + # is needed to build libvirt. + ./rpcgen-support-hyper-and-quad-types.patch + ]; + + postPatch = '' substituteInPlace rpcgen/rpc_main.c \ - --replace "/usr/bin/cpp" "${stdenv.cc}/bin/cpp" + --replace "/usr/bin/cpp" "${llvmPackages.clang-unwrapped}/bin/clang-cpp" ''; # temporary install phase until xcodebuild has "install" support diff --git a/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/rpcgen-support-hyper-and-quad-types.patch b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/rpcgen-support-hyper-and-quad-types.patch new file mode 100644 index 00000000000..481cf0f3e05 --- /dev/null +++ b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/rpcgen-support-hyper-and-quad-types.patch @@ -0,0 +1,66 @@ +diff --git a/rpcgen/rpc_parse.c b/rpcgen/rpc_parse.c +index 52edc9f..db0c1f1 100644 +--- a/rpcgen/rpc_parse.c ++++ b/rpcgen/rpc_parse.c +@@ -580,6 +580,10 @@ get_type(prefixp, typep, dkind) + *typep = "long"; + (void) peekscan(TOK_INT, &tok); + break; ++ case TOK_HYPER: ++ *typep = "int64_t"; ++ (void) peekscan(TOK_INT, &tok); ++ break; + case TOK_VOID: + if (dkind != DEF_UNION && dkind != DEF_PROGRAM) { + error("voids allowed only inside union and program definitions with one argument"); +@@ -592,6 +596,7 @@ get_type(prefixp, typep, dkind) + case TOK_INT: + case TOK_FLOAT: + case TOK_DOUBLE: ++ case TOK_QUAD: + case TOK_BOOL: + *typep = tok.str; + break; +@@ -622,6 +627,11 @@ unsigned_dec(typep) + *typep = "u_long"; + (void) peekscan(TOK_INT, &tok); + break; ++ case TOK_HYPER: ++ get_token(&tok); ++ *typep = "u_int64_t"; ++ (void) peekscan(TOK_INT, &tok); ++ break; + case TOK_INT: + get_token(&tok); + *typep = "u_int"; +diff --git a/rpcgen/rpc_scan.c b/rpcgen/rpc_scan.c +index a8df441..4130107 100644 +--- a/rpcgen/rpc_scan.c ++++ b/rpcgen/rpc_scan.c +@@ -419,8 +419,10 @@ static token symbols[] = { + {TOK_UNSIGNED, "unsigned"}, + {TOK_SHORT, "short"}, + {TOK_LONG, "long"}, ++ {TOK_HYPER, "hyper"}, + {TOK_FLOAT, "float"}, + {TOK_DOUBLE, "double"}, ++ {TOK_QUAD, "quadruple"}, + {TOK_STRING, "string"}, + {TOK_PROGRAM, "program"}, + {TOK_VERSION, "version"}, +diff --git a/rpcgen/rpc_scan.h b/rpcgen/rpc_scan.h +index bac2be4..e4c57c8 100644 +--- a/rpcgen/rpc_scan.h ++++ b/rpcgen/rpc_scan.h +@@ -66,9 +66,11 @@ enum tok_kind { + TOK_INT, + TOK_SHORT, + TOK_LONG, ++ TOK_HYPER, + TOK_UNSIGNED, + TOK_FLOAT, + TOK_DOUBLE, ++ TOK_QUAD, + TOK_OPAQUE, + TOK_CHAR, + TOK_STRING, \ No newline at end of file diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 0e10add5561..8806f6c50d3 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -10,6 +10,13 @@ , pam , libnotify , buildPackages +, coreutils +, gnugrep +, gnused +, kmod +, writeShellScript +, closureInfo +, runCommand }: let @@ -38,6 +45,12 @@ let sha256 = "0xw028iqp69j9mxv0kbwraplgkj5i5djdlgf0anpkc5cdbsf96r9"; }; + aa-teardown = writeShellScript "aa-teardown" '' + PATH="${lib.makeBinPath [coreutils gnused gnugrep]}:$PATH" + . ${apparmor-parser}/lib/apparmor/rc.apparmor.functions + remove_profiles + ''; + prePatchCommon = '' patch -p1 < ${gnumake43Patch} chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh @@ -149,6 +162,15 @@ let # aa-notify checks its name and does not work named ".aa-notify-wrapped" mv $out/bin/aa-notify $out/bin/aa-notify-wrapped makeWrapper ${perl}/bin/perl $out/bin/aa-notify --set PERL5LIB ${libapparmor}/${perl.libPrefix} --add-flags $out/bin/aa-notify-wrapped + + substituteInPlace $out/bin/aa-remove-unknown \ + --replace "/usr/bin/aa-status" "$out/bin/aa-status" \ + --replace "/sbin/modprobe" "${kmod}/bin/modprobe" \ + --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions" + wrapProgram $out/bin/aa-remove-unknown \ + --prefix PATH : ${lib.makeBinPath [gawk]} + + ln -s ${aa-teardown} $out/bin/aa-teardown ''; inherit doCheck; @@ -197,6 +219,9 @@ let substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h" ## techdoc.pdf still doesn't build ... substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" + substituteInPlace parser/rc.apparmor.functions \ + --replace "/sbin/apparmor_parser" "$out/bin/apparmor_parser" + sed -i parser/rc.apparmor.functions -e '2i . ${./fix-rc.apparmor.functions.sh}' ''; inherit patches; postPatch = "cd ./parser"; @@ -258,8 +283,32 @@ let meta = apparmor-meta "kernel patches"; }; + # Generate generic AppArmor rules in a file, + # from the closure of given rootPaths. + # To be included in an AppArmor profile like so: + # include "$(apparmorRulesFromClosure {} [pkgs.hello]}" + apparmorRulesFromClosure = + { # The store path of the derivation is given in $path + additionalRules ? [] + # TODO: factorize here some other common paths + # that may emerge from use cases. + , baseRules ? [ + "r $path" + "r $path/etc/**" + "r $path/share/**" + # Note that not all libraries are prefixed with "lib", + # eg. glibc-2.30/lib/ld-2.30.so + "mr $path/lib/**.so*" + # eg. glibc-2.30/lib/gconv/gconv-modules + "r $path/lib/**" + ] + }: rootPaths: runCommand "apparmor-closure-rules" {} '' + touch $out + while read -r path + do printf >>$out "%s,\n" ${lib.concatMapStringsSep " " (x: "\"${x}\"") (baseRules ++ additionalRules)} + done <${closureInfo {inherit rootPaths;}}/store-paths + ''; in - { inherit libapparmor @@ -268,5 +317,6 @@ in apparmor-parser apparmor-pam apparmor-profiles - apparmor-kernel-patches; + apparmor-kernel-patches + apparmorRulesFromClosure; } diff --git a/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh b/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh new file mode 100644 index 00000000000..ebc1baaa92d --- /dev/null +++ b/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh @@ -0,0 +1,32 @@ +aa_action() { + STRING=$1 + shift + $* + rc=$? + if [ $rc -eq 0 ] ; then + aa_log_success_msg $"$STRING " + else + aa_log_failure_msg $"$STRING " + fi + return $rc +} + +aa_log_success_msg() { + [ -n "$1" ] && echo -n $1 + echo ": done." +} + +aa_log_warning_msg() { + [ -n "$1" ] && echo -n $1 + echo ": Warning." +} + +aa_log_failure_msg() { + [ -n "$1" ] && echo -n $1 + echo ": Failed." +} + +aa_log_skipped_msg() { + [ -n "$1" ] && echo -n $1 + echo ": Skipped." +} diff --git a/pkgs/os-specific/linux/firmware/system76-firmware/default.nix b/pkgs/os-specific/linux/firmware/system76-firmware/default.nix index 40598abac92..6da1df98b25 100644 --- a/pkgs/os-specific/linux/firmware/system76-firmware/default.nix +++ b/pkgs/os-specific/linux/firmware/system76-firmware/default.nix @@ -2,13 +2,13 @@ rustPlatform.buildRustPackage rec { pname = "system76-firmware"; # Check Makefile when updating, make sure postInstall matches make install - version = "1.0.17"; + version = "1.0.18"; src = fetchFromGitHub { owner = "pop-os"; repo = pname; rev = version; - sha256 = "0cnrskfk3sam90lfpgsraqs4bx9yz8rxhwfs8rxdri04lakxgghg"; + sha256 = "08y65ak3y08xcl1nprwraqv9l65yqnfllbgmxyd2bppjpprwq474"; }; nativeBuildInputs = [ pkgconfig makeWrapper ]; @@ -17,7 +17,7 @@ rustPlatform.buildRustPackage rec { cargoBuildFlags = [ "--workspace" ]; - cargoSha256 = "06jrmxy68glcmbn9px29wc0s8pqdn26iy4jn3c246dapv1zvbb4s"; + cargoSha256 = "00933zkhqd1l29ir2dgp5r1k7g24mlb2k8fmggwzplrwzw1al5h4"; # Purposefully don't install systemd unit file, that's for NixOS postInstall = '' diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index e12c44888a0..b005c65684d 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -1,6 +1,7 @@ { stdenv, fetchFromGitHub , meson, ninja, pkgconfig, gettext, libxslt, docbook_xsl_ns , libcap, systemd, libidn2 +, apparmorRulesFromClosure }: with stdenv.lib; @@ -22,6 +23,8 @@ in stdenv.mkDerivation rec { sha256 = "1jhbcz75a4ij1myyyi110ma1d8d5hpm3scz9pyw7js6qym50xvh4"; }; + outputs = ["out" "apparmor"]; + mesonFlags = [ "-DBUILD_RARPD=true" "-DBUILD_TRACEROUTE6=true" @@ -35,6 +38,25 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ meson ninja pkgconfig gettext libxslt.bin docbook_xsl_ns ]; buildInputs = [ libcap systemd ] ++ optional (!stdenv.hostPlatform.isMusl) libidn2; + postInstall = '' + install -D /dev/stdin $apparmor/bin.ping <<EOF + include <tunables/global> + $out/bin/ping { + include <abstractions/base> + include <abstractions/consoles> + include <abstractions/nameservice> + include "${apparmorRulesFromClosure {} + ([libcap] ++ optional (!stdenv.hostPlatform.isMusl) libidn2)}" + include <local/bin.ping> + capability net_raw, + network inet raw, + network inet6 raw, + mr $out/bin/ping, + r $out/share/locale/**, + r @{PROC}/@{pid}/environ, + } + EOF + ''; meta = { description = "A set of small useful utilities for Linux networking"; diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index b9db2f103e8..3a96013abdf 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.9-rc5"; + version = "5.9-rc6"; extraMeta.branch = "5.9"; # modDirVersion needs to be x.y.z, will always add .0 @@ -11,7 +11,7 @@ buildLinux (args // rec { src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "1f410hkrk1b5g9wkh6078ph03fiyxpmbd5kdl9w592afphcddbrc"; + sha256 = "1zg93k1fl73qd46kbvz2y4ahsm208d63dj89jdlnb64gfpppf373"; }; # Should the testing kernels ever be built on Hydra? diff --git a/pkgs/os-specific/linux/numactl/default.nix b/pkgs/os-specific/linux/numactl/default.nix index 8505fbc750f..6e16ecabba2 100644 --- a/pkgs/os-specific/linux/numactl/default.nix +++ b/pkgs/os-specific/linux/numactl/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "numactl"; - version = "2.0.13"; + version = "2.0.14"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "08xj0n27qh0ly8hjallnx774gicz15nfq0yyxz8zhgy6pq8l33vv"; + sha256 = "0hahpdp5xqy9cbg251bdxqkml341djn2h856g435h4ngz63sr9fs"; }; nativeBuildInputs = [ autoreconfHook ]; |