summary refs log tree commit diff
path: root/pkgs/os-specific
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r--pkgs/os-specific/bsd/default.nix5
-rw-r--r--pkgs/os-specific/bsd/netbsd/default.nix653
-rw-r--r--pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch16
-rw-r--r--pkgs/os-specific/bsd/setup-hook.sh (renamed from pkgs/os-specific/bsd/netbsd/builder.sh)24
-rw-r--r--pkgs/os-specific/darwin/DarwinTools/default.nix12
-rw-r--r--pkgs/os-specific/darwin/DarwinTools/sw_vers-CFPriv.patch19
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix172
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/cf-setup-hook.sh6
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/default.nix58
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix193
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix78
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/libcharset.nix16
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/libnetwork.nix20
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix21
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/libunwind.nix24
-rw-r--r--pkgs/os-specific/darwin/apple-sdk-11.0/private-frameworks.nix21
-rw-r--r--pkgs/os-specific/darwin/apple-sdk/cf-setup-hook.sh2
-rw-r--r--pkgs/os-specific/darwin/apple-sdk/default.nix164
-rw-r--r--pkgs/os-specific/darwin/apple-sdk/frameworks.nix228
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix6
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix34
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Csu/default.nix9
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/ICU/clang-5.patch22
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix85
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix21
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix6
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libc/headers.txt138
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix40
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix82
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libsystem/headers.txt1727
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libsystem/reexported_libraries41
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix19
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/adv_cmds/boot.nix11
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix25
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix24
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/basic_cmds/default.nix6
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/bootstrap_cmds/default.nix42
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/bsdmake/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/configd/default.nix148
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/default.nix110
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/developer-tools-11.3.1.nix8
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix20
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/developer_cmds/rpcgen-support-hyper-and-quad-types.patch66
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix6
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix6
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/file_cmds/default.nix8
-rwxr-xr-xpkgs/os-specific/darwin/apple-source-releases/generate-sdk-packages.sh29
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/hfs/default.nix43
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix18
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libauto/default.nix8
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix9
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix33
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix28
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix40
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix67
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix12
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/macos-11.0.1.nix46
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/network_cmds/default.nix6
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix5
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix9
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix8
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/system_cmds/default.nix13
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix10
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix22
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/xnu/headers.txt1318
-rw-r--r--pkgs/os-specific/darwin/binutils/default.nix18
-rw-r--r--pkgs/os-specific/darwin/cctools/port.nix176
-rw-r--r--pkgs/os-specific/darwin/chunkwm/default.nix6
-rw-r--r--pkgs/os-specific/darwin/darling/default.nix17
-rw-r--r--pkgs/os-specific/darwin/darwin-stubs/default.nix18
-rw-r--r--pkgs/os-specific/darwin/discrete-scroll/default.nix36
-rw-r--r--pkgs/os-specific/darwin/duti/default.nix20
-rw-r--r--pkgs/os-specific/darwin/goku/default.nix10
-rw-r--r--pkgs/os-specific/darwin/impure-cmds/default.nix34
-rw-r--r--pkgs/os-specific/darwin/insert_dylib/default.nix4
-rw-r--r--pkgs/os-specific/darwin/iproute2mac/default.nix4
-rw-r--r--pkgs/os-specific/darwin/khd/default.nix4
-rw-r--r--pkgs/os-specific/darwin/kwm/default.nix4
-rw-r--r--pkgs/os-specific/darwin/libtapi/default.nix66
-rw-r--r--pkgs/os-specific/darwin/libtapi/disable-rpath.patch14
-rw-r--r--pkgs/os-specific/darwin/libtapi/native-clang-tblgen.patch21
-rw-r--r--pkgs/os-specific/darwin/lsusb/default.nix8
-rw-r--r--pkgs/os-specific/darwin/m-cli/default.nix6
-rw-r--r--pkgs/os-specific/darwin/macfuse/default.nix65
-rw-r--r--pkgs/os-specific/darwin/maloader/default.nix8
-rw-r--r--pkgs/os-specific/darwin/mas/default.nix38
-rw-r--r--pkgs/os-specific/darwin/noah/default.nix4
-rw-r--r--pkgs/os-specific/darwin/opencflite/default.nix4
-rw-r--r--pkgs/os-specific/darwin/osx-cpu-temp/default.nix31
-rw-r--r--pkgs/os-specific/darwin/osxfuse/default.nix48
-rw-r--r--pkgs/os-specific/darwin/osxsnarf/default.nix2
-rw-r--r--pkgs/os-specific/darwin/print-reexports/default.nix17
-rw-r--r--pkgs/os-specific/darwin/print-reexports/main.c213
-rw-r--r--pkgs/os-specific/darwin/print-reexports/setup-hook.sh19
-rw-r--r--pkgs/os-specific/darwin/qes/default.nix4
-rw-r--r--pkgs/os-specific/darwin/reattach-to-user-namespace/default.nix19
-rw-r--r--pkgs/os-specific/darwin/rewrite-tbd/default.nix16
-rw-r--r--pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh20
-rw-r--r--pkgs/os-specific/darwin/signing-utils/default.nix24
-rw-r--r--pkgs/os-specific/darwin/signing-utils/utils.sh43
-rw-r--r--pkgs/os-specific/darwin/sigtool/default.nix24
-rw-r--r--pkgs/os-specific/darwin/skhd/default.nix4
-rw-r--r--pkgs/os-specific/darwin/spacebar/default.nix10
-rw-r--r--pkgs/os-specific/darwin/stubs/default.nix4
-rw-r--r--pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix9
-rw-r--r--pkgs/os-specific/darwin/swift-corelibs/libdispatch.nix3
-rw-r--r--pkgs/os-specific/darwin/trash/default.nix8
-rw-r--r--pkgs/os-specific/darwin/usr-include/default.nix4
-rw-r--r--pkgs/os-specific/darwin/wifi-password/default.nix8
-rw-r--r--pkgs/os-specific/darwin/xcode/default.nix22
-rw-r--r--pkgs/os-specific/darwin/xcode/sdk-pkgs.nix20
-rw-r--r--pkgs/os-specific/darwin/yabai/default.nix8
-rw-r--r--pkgs/os-specific/linux/915resolution/default.nix4
-rw-r--r--pkgs/os-specific/linux/acpi-call/default.nix14
-rw-r--r--pkgs/os-specific/linux/acpi/default.nix6
-rw-r--r--pkgs/os-specific/linux/acpid/default.nix4
-rw-r--r--pkgs/os-specific/linux/acpitool/default.nix8
-rw-r--r--pkgs/os-specific/linux/afuse/default.nix17
-rw-r--r--pkgs/os-specific/linux/akvcam/default.nix32
-rw-r--r--pkgs/os-specific/linux/alsa-plugins/wrapper.nix4
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-firmware/cross.patch (renamed from pkgs/os-specific/linux/alsa-firmware/cross.patch)0
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-firmware/default.nix (renamed from pkgs/os-specific/linux/alsa-firmware/default.nix)6
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-lib/alsa-plugin-conf-multilib.patch (renamed from pkgs/os-specific/linux/alsa-lib/alsa-plugin-conf-multilib.patch)0
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix (renamed from pkgs/os-specific/linux/alsa-lib/default.nix)18
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-oss/default.nix (renamed from pkgs/os-specific/linux/alsa-oss/default.nix)6
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-plugins/default.nix (renamed from pkgs/os-specific/linux/alsa-plugins/default.nix)12
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-plugins/wrapper.nix10
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-tools/default.nix (renamed from pkgs/os-specific/linux/alsa-tools/default.nix)12
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-topology-conf/default.nix (renamed from pkgs/os-specific/linux/alsa-topology-conf/default.nix)8
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix (renamed from pkgs/os-specific/linux/alsa-ucm-conf/default.nix)8
-rw-r--r--pkgs/os-specific/linux/alsa-project/alsa-utils/default.nix (renamed from pkgs/os-specific/linux/alsa-utils/default.nix)22
-rw-r--r--pkgs/os-specific/linux/amdgpu-pro/default.nix6
-rw-r--r--pkgs/os-specific/linux/anbox/default.nix61
-rw-r--r--pkgs/os-specific/linux/anbox/kmod.nix15
-rw-r--r--pkgs/os-specific/linux/android-udev-rules/default.nix12
-rw-r--r--pkgs/os-specific/linux/apfs/default.nix35
-rw-r--r--pkgs/os-specific/linux/apparmor/default.nix134
-rw-r--r--pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh32
-rw-r--r--pkgs/os-specific/linux/aseq2json/default.nix28
-rw-r--r--pkgs/os-specific/linux/asus-wmi-sensors/default.nix4
-rw-r--r--pkgs/os-specific/linux/ati-drivers/builder.sh302
-rw-r--r--pkgs/os-specific/linux/ati-drivers/default.nix140
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/15.12-xstate-fp.patch26
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/15.9-kcl_str.patch14
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/15.9-mtrr.patch27
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/15.9-preempt.patch103
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/15.9-sep_printf.patch11
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/4.7-arch-cpu_has_pge-v2.patch70
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/4.9-get_user_pages.patch28
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/kernel-4.6-get_user_pages.patch25
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/kernel-4.6-page_cache_release-put_page.patch16
-rw-r--r--pkgs/os-specific/linux/ati-drivers/patches/patch-samples.patch26
-rw-r--r--pkgs/os-specific/linux/atop/atop.service.patch10
-rw-r--r--pkgs/os-specific/linux/atop/atopacct.service.patch7
-rw-r--r--pkgs/os-specific/linux/atop/default.nix74
-rw-r--r--pkgs/os-specific/linux/atop/fix-paths.patch48
-rw-r--r--pkgs/os-specific/linux/audit/default.nix22
-rw-r--r--pkgs/os-specific/linux/audit/patches/weak-symbols.patch147
-rw-r--r--pkgs/os-specific/linux/autofs/default.nix15
-rw-r--r--pkgs/os-specific/linux/batman-adv/alfred.nix12
-rw-r--r--pkgs/os-specific/linux/batman-adv/batctl.nix12
-rw-r--r--pkgs/os-specific/linux/batman-adv/default.nix8
-rw-r--r--pkgs/os-specific/linux/batman-adv/version.nix8
-rw-r--r--pkgs/os-specific/linux/bbswitch/default.nix4
-rw-r--r--pkgs/os-specific/linux/bcc/default.nix27
-rw-r--r--pkgs/os-specific/linux/beefi/default.nix44
-rw-r--r--pkgs/os-specific/linux/bionic-prebuilt/default.nix113
-rw-r--r--pkgs/os-specific/linux/bionic-prebuilt/ndk-version.patch42
-rw-r--r--pkgs/os-specific/linux/blktrace/default.nix6
-rw-r--r--pkgs/os-specific/linux/bluez/default.nix25
-rw-r--r--pkgs/os-specific/linux/bolt/default.nix64
-rw-r--r--pkgs/os-specific/linux/bpftool/default.nix30
-rw-r--r--pkgs/os-specific/linux/bpftools/default.nix38
-rw-r--r--pkgs/os-specific/linux/bpftrace/default.nix26
-rw-r--r--pkgs/os-specific/linux/bridge-utils/default.nix6
-rw-r--r--pkgs/os-specific/linux/brillo/default.nix4
-rw-r--r--pkgs/os-specific/linux/broadcom-sta/default.nix14
-rw-r--r--pkgs/os-specific/linux/broadcom-sta/linux-5.9.patch184
-rw-r--r--pkgs/os-specific/linux/btfs/default.nix16
-rw-r--r--pkgs/os-specific/linux/busybox/0001-Fix-build-with-glibc-2.31.patch71
-rw-r--r--pkgs/os-specific/linux/busybox/0001-wget-implement-TLS-verification-with-ENABLE_FEATURE_.patch94
-rw-r--r--pkgs/os-specific/linux/busybox/default.nix42
-rw-r--r--pkgs/os-specific/linux/busybox/sandbox-shell.nix3
-rw-r--r--pkgs/os-specific/linux/cachefilesd/default.nix4
-rw-r--r--pkgs/os-specific/linux/can-isotp/default.nix16
-rw-r--r--pkgs/os-specific/linux/can-utils/default.nix4
-rw-r--r--pkgs/os-specific/linux/catfs/default.nix47
-rw-r--r--pkgs/os-specific/linux/checkpolicy/default.nix4
-rw-r--r--pkgs/os-specific/linux/checksec/default.nix12
-rw-r--r--pkgs/os-specific/linux/chromium-os/common-mk/0001-common-mk-don-t-leak-source-absolute-paths.patch4
-rw-r--r--pkgs/os-specific/linux/chromium-os/common-mk/0002-common-mk-.gn-don-t-hardcode-env-path.patch4
-rw-r--r--pkgs/os-specific/linux/chromium-os/crosvm/default.nix10
-rw-r--r--pkgs/os-specific/linux/chromium-os/default.nix3
-rw-r--r--pkgs/os-specific/linux/chromium-os/libqmi/default.nix4
-rw-r--r--pkgs/os-specific/linux/chromium-os/modem-manager/default.nix2
-rw-r--r--pkgs/os-specific/linux/chromium-os/modem-manager/next.nix6
-rw-r--r--pkgs/os-specific/linux/chromium-os/sommelier/0005-sommelier-don-t-leak-source-absolute-paths.patch (renamed from pkgs/os-specific/linux/chromium-os/sommelier/0003-sommelier-don-t-leak-source-absolute-paths.patch)6
-rw-r--r--pkgs/os-specific/linux/chromium-os/sommelier/0006-Revert-Revert-vm_tools-sommelier-Switch-to-the-stabl.patch (renamed from pkgs/os-specific/linux/chromium-os/sommelier/0004-Revert-Revert-vm_tools-sommelier-Switch-to-the-stabl.patch)6
-rw-r--r--pkgs/os-specific/linux/chromium-os/sommelier/default.nix4
-rw-r--r--pkgs/os-specific/linux/chromium-os/vm_protos/0003-common-mk-add-goproto_library-source_relative-opt.patch48
-rw-r--r--pkgs/os-specific/linux/chromium-os/vm_protos/0004-vm_tools-proto-set-go_package-correctly.patch102
-rw-r--r--pkgs/os-specific/linux/chromium-os/vm_protos/default.nix5
-rw-r--r--pkgs/os-specific/linux/cifs-utils/default.nix22
-rw-r--r--pkgs/os-specific/linux/compsize/default.nix25
-rw-r--r--pkgs/os-specific/linux/conky/default.nix12
-rw-r--r--pkgs/os-specific/linux/conntrack-tools/default.nix12
-rw-r--r--pkgs/os-specific/linux/consoletools/default.nix4
-rw-r--r--pkgs/os-specific/linux/conspy/default.nix16
-rw-r--r--pkgs/os-specific/linux/cpufrequtils/default.nix8
-rw-r--r--pkgs/os-specific/linux/cpuid/default.nix50
-rw-r--r--pkgs/os-specific/linux/cpupower/default.nix6
-rw-r--r--pkgs/os-specific/linux/cpuset/default.nix39
-rw-r--r--pkgs/os-specific/linux/cramfsprogs/default.nix4
-rw-r--r--pkgs/os-specific/linux/cramfsswap/default.nix4
-rw-r--r--pkgs/os-specific/linux/crda/default.nix6
-rw-r--r--pkgs/os-specific/linux/criu/default.nix24
-rw-r--r--pkgs/os-specific/linux/cryptodev/default.nix20
-rw-r--r--pkgs/os-specific/linux/cryptsetup/default.nix16
-rw-r--r--pkgs/os-specific/linux/cshatag/default.nix32
-rw-r--r--pkgs/os-specific/linux/cshatag/deps.nix21
-rw-r--r--pkgs/os-specific/linux/dbus-broker/default.nix12
-rw-r--r--pkgs/os-specific/linux/ddcci/default.nix4
-rw-r--r--pkgs/os-specific/linux/deepin-anything/default.nix22
-rw-r--r--pkgs/os-specific/linux/device-tree/default.nix31
-rw-r--r--pkgs/os-specific/linux/device-tree/raspberrypi.nix6
-rw-r--r--pkgs/os-specific/linux/devmem2/default.nix4
-rw-r--r--pkgs/os-specific/linux/digimend/default.nix6
-rw-r--r--pkgs/os-specific/linux/directvnc/default.nix6
-rw-r--r--pkgs/os-specific/linux/disk-indicator/default.nix6
-rw-r--r--pkgs/os-specific/linux/displaylink/99-displaylink.rules1
-rw-r--r--pkgs/os-specific/linux/displaylink/default.nix40
-rw-r--r--pkgs/os-specific/linux/displaylink/udev-installer.patch18
-rw-r--r--pkgs/os-specific/linux/dlm/default.nix26
-rw-r--r--pkgs/os-specific/linux/dmidecode/default.nix48
-rw-r--r--pkgs/os-specific/linux/dmraid/default.nix12
-rw-r--r--pkgs/os-specific/linux/dmtcp/default.nix18
-rw-r--r--pkgs/os-specific/linux/dmtcp/ld-linux-so-buffer-size.patch14
-rw-r--r--pkgs/os-specific/linux/dpdk-kmods/default.nix34
-rw-r--r--pkgs/os-specific/linux/dpdk/default.nix32
-rw-r--r--pkgs/os-specific/linux/drbd/default.nix4
-rw-r--r--pkgs/os-specific/linux/dropwatch/default.nix41
-rw-r--r--pkgs/os-specific/linux/dstat/default.nix34
-rw-r--r--pkgs/os-specific/linux/dstat/fix_pluginpath.patch15
-rw-r--r--pkgs/os-specific/linux/e1000e/default.nix6
-rw-r--r--pkgs/os-specific/linux/earlyoom/default.nix12
-rw-r--r--pkgs/os-specific/linux/ebtables/default.nix20
-rw-r--r--pkgs/os-specific/linux/edac-utils/default.nix6
-rw-r--r--pkgs/os-specific/linux/ell/default.nix22
-rw-r--r--pkgs/os-specific/linux/ell/fix-dbus-tests.patch65
-rw-r--r--pkgs/os-specific/linux/ena/default.nix15
-rw-r--r--pkgs/os-specific/linux/erofs-utils/default.nix25
-rw-r--r--pkgs/os-specific/linux/eudev/default.nix22
-rw-r--r--pkgs/os-specific/linux/evdi/default.nix27
-rw-r--r--pkgs/os-specific/linux/eventstat/default.nix4
-rw-r--r--pkgs/os-specific/linux/exfat/default.nix17
-rw-r--r--pkgs/os-specific/linux/extrace/default.nix4
-rw-r--r--pkgs/os-specific/linux/facetimehd/default.nix6
-rw-r--r--pkgs/os-specific/linux/fatrace/default.nix23
-rw-r--r--pkgs/os-specific/linux/fbterm/default.nix6
-rw-r--r--pkgs/os-specific/linux/ffado/default.nix8
-rw-r--r--pkgs/os-specific/linux/firejail/default.nix63
-rw-r--r--pkgs/os-specific/linux/firejail/default.upstream3
-rw-r--r--pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch11
-rw-r--r--pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch27
-rw-r--r--pkgs/os-specific/linux/firmware/b43-firmware-cutter/default.nix6
-rw-r--r--pkgs/os-specific/linux/firmware/b43-firmware/5.1.138.nix4
-rw-r--r--pkgs/os-specific/linux/firmware/b43-firmware/6.30.163.46.nix4
-rw-r--r--pkgs/os-specific/linux/firmware/broadcom-bt-firmware/default.nix4
-rw-r--r--pkgs/os-specific/linux/firmware/bt-fw-converter/default.nix6
-rw-r--r--pkgs/os-specific/linux/firmware/facetimehd-firmware/default.nix7
-rw-r--r--pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix16
-rw-r--r--pkgs/os-specific/linux/firmware/firmware-manager/default.nix38
-rw-r--r--pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch50
-rw-r--r--pkgs/os-specific/linux/firmware/fwupd/default.nix216
-rw-r--r--pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch42
-rw-r--r--pkgs/os-specific/linux/firmware/openelec-dvb-firmware/default.nix10
-rw-r--r--pkgs/os-specific/linux/firmware/raspberrypi-wireless/default.nix18
-rw-r--r--pkgs/os-specific/linux/firmware/raspberrypi/armstubs.nix51
-rw-r--r--pkgs/os-specific/linux/firmware/raspberrypi/default.nix18
-rw-r--r--pkgs/os-specific/linux/firmware/raspberrypi/tools.nix29
-rw-r--r--pkgs/os-specific/linux/firmware/rt5677/default.nix4
-rw-r--r--pkgs/os-specific/linux/firmware/rtl8192su-firmware/default.nix6
-rw-r--r--pkgs/os-specific/linux/firmware/rtl8723bs-firmware/default.nix6
-rw-r--r--pkgs/os-specific/linux/firmware/rtl8761b-firmware/default.nix29
-rw-r--r--pkgs/os-specific/linux/firmware/rtlwifi_new-firmware/default.nix23
-rw-r--r--pkgs/os-specific/linux/firmware/rtw88-firmware/default.nix25
-rw-r--r--pkgs/os-specific/linux/firmware/rtw89-firmware/default.nix25
-rw-r--r--pkgs/os-specific/linux/firmware/sof-firmware/default.nix24
-rw-r--r--pkgs/os-specific/linux/firmware/system76-firmware/default.nix39
-rw-r--r--pkgs/os-specific/linux/firmware/zd1211/default.nix4
-rw-r--r--pkgs/os-specific/linux/flashbench/default.nix24
-rw-r--r--pkgs/os-specific/linux/fnotifystat/default.nix4
-rw-r--r--pkgs/os-specific/linux/forkstat/default.nix4
-rw-r--r--pkgs/os-specific/linux/forktty/default.nix10
-rw-r--r--pkgs/os-specific/linux/freefall/default.nix4
-rw-r--r--pkgs/os-specific/linux/fscrypt/default.nix12
-rw-r--r--pkgs/os-specific/linux/fscryptctl/default.nix34
-rw-r--r--pkgs/os-specific/linux/fscryptctl/legacy.nix51
-rw-r--r--pkgs/os-specific/linux/fswebcam/default.nix10
-rw-r--r--pkgs/os-specific/linux/ftop/default.nix4
-rw-r--r--pkgs/os-specific/linux/fuse/common.nix25
-rw-r--r--pkgs/os-specific/linux/fuse/default.nix8
-rw-r--r--pkgs/os-specific/linux/fwts/default.nix10
-rw-r--r--pkgs/os-specific/linux/fwts/module.nix4
-rw-r--r--pkgs/os-specific/linux/fxload/default.nix4
-rw-r--r--pkgs/os-specific/linux/g15daemon/default.nix2
-rw-r--r--pkgs/os-specific/linux/gcadapter-oc-kmod/default.nix38
-rw-r--r--pkgs/os-specific/linux/gfxtablet/default.nix12
-rw-r--r--pkgs/os-specific/linux/gobi_loader/default.nix4
-rw-r--r--pkgs/os-specific/linux/gogoclient/default.nix6
-rw-r--r--pkgs/os-specific/linux/gradm/default.nix14
-rw-r--r--pkgs/os-specific/linux/greetd/default.nix51
-rw-r--r--pkgs/os-specific/linux/gtkgreet/default.nix50
-rw-r--r--pkgs/os-specific/linux/guvcview/default.nix28
-rw-r--r--pkgs/os-specific/linux/hal-flash/default.nix29
-rw-r--r--pkgs/os-specific/linux/hd-idle/default.nix4
-rw-r--r--pkgs/os-specific/linux/hdapsd/default.nix4
-rw-r--r--pkgs/os-specific/linux/hdparm/default.nix12
-rw-r--r--pkgs/os-specific/linux/hibernate/default.nix10
-rw-r--r--pkgs/os-specific/linux/hid-nintendo/default.nix38
-rw-r--r--pkgs/os-specific/linux/hostapd/default.nix15
-rw-r--r--pkgs/os-specific/linux/hwdata/default.nix12
-rw-r--r--pkgs/os-specific/linux/hyperv-daemons/default.nix15
-rw-r--r--pkgs/os-specific/linux/i2c-tools/default.nix23
-rw-r--r--pkgs/os-specific/linux/i810switch/default.nix6
-rw-r--r--pkgs/os-specific/linux/ifenslave/default.nix6
-rw-r--r--pkgs/os-specific/linux/ifmetric/default.nix4
-rw-r--r--pkgs/os-specific/linux/iio-sensor-proxy/default.nix16
-rw-r--r--pkgs/os-specific/linux/ima-evm-utils/default.nix10
-rw-r--r--pkgs/os-specific/linux/input-utils/default.nix6
-rw-r--r--pkgs/os-specific/linux/intel-compute-runtime/default.nix21
-rw-r--r--pkgs/os-specific/linux/intel-compute-runtime/etc-dir.patch15
-rw-r--r--pkgs/os-specific/linux/intel-ocl/default.nix8
-rw-r--r--pkgs/os-specific/linux/intel-speed-select/default.nix4
-rw-r--r--pkgs/os-specific/linux/ioport/default.nix4
-rw-r--r--pkgs/os-specific/linux/iotop-c/default.nix31
-rw-r--r--pkgs/os-specific/linux/iotop/default.nix4
-rw-r--r--pkgs/os-specific/linux/iproute/default.nix11
-rw-r--r--pkgs/os-specific/linux/iproute/mptcp.nix12
-rw-r--r--pkgs/os-specific/linux/ipsec-tools/default.nix6
-rw-r--r--pkgs/os-specific/linux/ipset/default.nix10
-rw-r--r--pkgs/os-specific/linux/iptables/default.nix11
-rw-r--r--pkgs/os-specific/linux/iptstate/default.nix4
-rw-r--r--pkgs/os-specific/linux/iputils/default.nix48
-rw-r--r--pkgs/os-specific/linux/ipvsadm/default.nix6
-rw-r--r--pkgs/os-specific/linux/irqbalance/default.nix17
-rw-r--r--pkgs/os-specific/linux/isgx/default.nix56
-rw-r--r--pkgs/os-specific/linux/it87/default.nix4
-rw-r--r--pkgs/os-specific/linux/iw/default.nix14
-rw-r--r--pkgs/os-specific/linux/iwd/default.nix30
-rw-r--r--pkgs/os-specific/linux/ixgbevf/default.nix4
-rw-r--r--pkgs/os-specific/linux/jfbview/default.nix10
-rw-r--r--pkgs/os-specific/linux/jool/cli.nix6
-rw-r--r--pkgs/os-specific/linux/jool/default.nix4
-rw-r--r--pkgs/os-specific/linux/joycond/default.nix37
-rw-r--r--pkgs/os-specific/linux/jujuutils/default.nix6
-rw-r--r--pkgs/os-specific/linux/kbd/default.nix57
-rw-r--r--pkgs/os-specific/linux/kbd/keymaps.nix36
-rw-r--r--pkgs/os-specific/linux/kbd/search-paths.patch71
-rw-r--r--pkgs/os-specific/linux/kbdlight/default.nix4
-rw-r--r--pkgs/os-specific/linux/kernel-headers/default.nix26
-rw-r--r--pkgs/os-specific/linux/kernel/common-config.nix139
-rw-r--r--pkgs/os-specific/linux/kernel/export-rt-sched-migrate.patch11
-rw-r--r--pkgs/os-specific/linux/kernel/generate-config.pl9
-rw-r--r--pkgs/os-specific/linux/kernel/generic.nix68
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/config.nix24
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/patches.json38
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch7
-rwxr-xr-xpkgs/os-specific/linux/kernel/hardened/update.py15
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.14.nix10
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.19.nix10
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.4.nix9
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.9.nix9
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.10.nix (renamed from pkgs/os-specific/linux/kernel/linux-5.8.nix)10
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.12.nix (renamed from pkgs/os-specific/linux/kernel/linux-5.7.nix)10
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.13.nix21
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.4.nix10
-rw-r--r--pkgs/os-specific/linux/kernel/linux-hardkernel-4.14.nix2
-rw-r--r--pkgs/os-specific/linux/kernel/linux-libre.nix7
-rw-r--r--pkgs/os-specific/linux/kernel/linux-lqx.nix26
-rw-r--r--pkgs/os-specific/linux/kernel/linux-mptcp-94.nix26
-rw-r--r--pkgs/os-specific/linux/kernel/linux-mptcp-95.nix14
-rw-r--r--pkgs/os-specific/linux/kernel/linux-rpi.nix15
-rw-r--r--pkgs/os-specific/linux/kernel/linux-rt-5.10.nix45
-rw-r--r--pkgs/os-specific/linux/kernel/linux-rt-5.11.nix45
-rw-r--r--pkgs/os-specific/linux/kernel/linux-rt-5.4.nix41
-rw-r--r--pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix47
-rw-r--r--pkgs/os-specific/linux/kernel/linux-testing.nix12
-rw-r--r--pkgs/os-specific/linux/kernel/linux-xanmod.nix54
-rw-r--r--pkgs/os-specific/linux/kernel/linux-zen.nix19
-rw-r--r--pkgs/os-specific/linux/kernel/manual-config.nix104
-rw-r--r--pkgs/os-specific/linux/kernel/mptcp-config.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/patches.nix33
-rw-r--r--pkgs/os-specific/linux/kernel/perf.nix23
-rw-r--r--pkgs/os-specific/linux/kernel/rtl8761b-support.patch33
-rwxr-xr-xpkgs/os-specific/linux/kernel/update-rt.sh79
-rwxr-xr-xpkgs/os-specific/linux/kernel/update.sh3
-rw-r--r--pkgs/os-specific/linux/kexectools/default.nix4
-rw-r--r--pkgs/os-specific/linux/keyutils/default.nix12
-rw-r--r--pkgs/os-specific/linux/kinect-audio-setup/default.nix91
-rw-r--r--pkgs/os-specific/linux/kinect-audio-setup/libusb-1-import-path.patch23
-rw-r--r--pkgs/os-specific/linux/kinect-audio-setup/udev-rules-extra-devices.patch15
-rw-r--r--pkgs/os-specific/linux/klibc/default.nix14
-rw-r--r--pkgs/os-specific/linux/kmod-blacklist-ubuntu/default.nix4
-rw-r--r--pkgs/os-specific/linux/kmod/darwin.patch12
-rw-r--r--pkgs/os-specific/linux/kmod/default.nix11
-rw-r--r--pkgs/os-specific/linux/kmod/no-name-field.patch24
-rw-r--r--pkgs/os-specific/linux/kmscon/default.nix9
-rw-r--r--pkgs/os-specific/linux/kmscube/default.nix6
-rw-r--r--pkgs/os-specific/linux/kvmfr/default.nix32
-rw-r--r--pkgs/os-specific/linux/latencytop/default.nix10
-rw-r--r--pkgs/os-specific/linux/ldm/default.nix8
-rw-r--r--pkgs/os-specific/linux/ledger-udev-rules/default.nix4
-rw-r--r--pkgs/os-specific/linux/libaio/default.nix18
-rw-r--r--pkgs/os-specific/linux/libatasmart/default.nix6
-rw-r--r--pkgs/os-specific/linux/libbpf/default.nix41
-rw-r--r--pkgs/os-specific/linux/libcap-ng/default.nix8
-rw-r--r--pkgs/os-specific/linux/libcap/default.nix36
-rw-r--r--pkgs/os-specific/linux/libcgroup/default.nix31
-rw-r--r--pkgs/os-specific/linux/libevdevc/default.nix6
-rw-r--r--pkgs/os-specific/linux/libfabric/default.nix10
-rw-r--r--pkgs/os-specific/linux/libgestures/default.nix8
-rw-r--r--pkgs/os-specific/linux/libnl/default.nix9
-rw-r--r--pkgs/os-specific/linux/libpsm2/default.nix15
-rw-r--r--pkgs/os-specific/linux/libratbag/default.nix10
-rw-r--r--pkgs/os-specific/linux/libselinux/default.nix32
-rw-r--r--pkgs/os-specific/linux/libsemanage/default.nix18
-rw-r--r--pkgs/os-specific/linux/libsepol/default.nix17
-rw-r--r--pkgs/os-specific/linux/libsmbios/default.nix6
-rw-r--r--pkgs/os-specific/linux/libudev0-shim/default.nix4
-rw-r--r--pkgs/os-specific/linux/libvolume_id/default.nix6
-rw-r--r--pkgs/os-specific/linux/libwebcam/default.nix9
-rw-r--r--pkgs/os-specific/linux/light/default.nix12
-rw-r--r--pkgs/os-specific/linux/lightum/default.nix10
-rw-r--r--pkgs/os-specific/linux/linuxptp/default.nix10
-rw-r--r--pkgs/os-specific/linux/lksctp-tools/default.nix6
-rw-r--r--pkgs/os-specific/linux/lm-sensors/default.nix21
-rw-r--r--pkgs/os-specific/linux/lockdep/default.nix49
-rw-r--r--pkgs/os-specific/linux/logitech-udev-rules/default.nix6
-rw-r--r--pkgs/os-specific/linux/lsiutil/default.nix75
-rw-r--r--pkgs/os-specific/linux/lsscsi/default.nix10
-rw-r--r--pkgs/os-specific/linux/lttng-modules/default.nix16
-rw-r--r--pkgs/os-specific/linux/lvm2/default.nix36
-rw-r--r--pkgs/os-specific/linux/lxc/default.nix10
-rw-r--r--pkgs/os-specific/linux/lxcfs/default.nix20
-rw-r--r--pkgs/os-specific/linux/macchanger/default.nix31
-rw-r--r--pkgs/os-specific/linux/mba6x_bl/default.nix4
-rw-r--r--pkgs/os-specific/linux/mbp-modules/mbp2018-bridge-drv/default.nix35
-rw-r--r--pkgs/os-specific/linux/mcelog/default.nix10
-rw-r--r--pkgs/os-specific/linux/mdadm/default.nix8
-rw-r--r--pkgs/os-specific/linux/mdevd/default.nix4
-rw-r--r--pkgs/os-specific/linux/metastore/default.nix4
-rw-r--r--pkgs/os-specific/linux/microcode/amd.nix6
-rw-r--r--pkgs/os-specific/linux/microcode/intel.nix8
-rw-r--r--pkgs/os-specific/linux/microcode/iucode-tool.nix4
-rw-r--r--pkgs/os-specific/linux/mingetty/default.nix4
-rw-r--r--pkgs/os-specific/linux/miraclecast/default.nix8
-rw-r--r--pkgs/os-specific/linux/mkinitcpio-nfs-utils/default.nix4
-rw-r--r--pkgs/os-specific/linux/mmc-utils/default.nix10
-rw-r--r--pkgs/os-specific/linux/molly-guard/default.nix4
-rw-r--r--pkgs/os-specific/linux/msr-tools/default.nix6
-rw-r--r--pkgs/os-specific/linux/mstpd/default.nix4
-rw-r--r--pkgs/os-specific/linux/multipath-tools/default.nix14
-rw-r--r--pkgs/os-specific/linux/musl-fts/default.nix25
-rw-r--r--pkgs/os-specific/linux/musl-obstack/default.nix26
-rw-r--r--pkgs/os-specific/linux/musl/default.nix31
-rw-r--r--pkgs/os-specific/linux/mwprocapture/default.nix20
-rw-r--r--pkgs/os-specific/linux/mxu11x0/default.nix7
-rw-r--r--pkgs/os-specific/linux/ndiswrapper/default.nix15
-rw-r--r--pkgs/os-specific/linux/ndiswrapper/no-sbin.patch6
-rw-r--r--pkgs/os-specific/linux/net-tools/default.nix10
-rw-r--r--pkgs/os-specific/linux/net-tools/mptcp.nix4
-rw-r--r--pkgs/os-specific/linux/netatop/default.nix25
-rw-r--r--pkgs/os-specific/linux/netatop/fix-paths.patch11
-rw-r--r--pkgs/os-specific/linux/netatop/netatop.service.patch7
-rw-r--r--pkgs/os-specific/linux/nfs-utils/default.nix30
-rw-r--r--pkgs/os-specific/linux/nftables/default.nix13
-rw-r--r--pkgs/os-specific/linux/nixos-rebuild/default.nix23
-rwxr-xr-xpkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh527
-rw-r--r--pkgs/os-specific/linux/nmon/default.nix4
-rw-r--r--pkgs/os-specific/linux/nss_ldap/default.nix4
-rw-r--r--pkgs/os-specific/linux/numactl/default.nix12
-rw-r--r--pkgs/os-specific/linux/numad/default.nix6
-rw-r--r--pkgs/os-specific/linux/numatop/default.nix6
-rw-r--r--pkgs/os-specific/linux/numworks-udev-rules/50-numworks-calculator.rules2
-rw-r--r--pkgs/os-specific/linux/numworks-udev-rules/default.nix21
-rwxr-xr-xpkgs/os-specific/linux/numworks-udev-rules/update.sh3
-rwxr-xr-xpkgs/os-specific/linux/nvidia-x11/builder.sh10
-rw-r--r--pkgs/os-specific/linux/nvidia-x11/default.nix91
-rw-r--r--pkgs/os-specific/linux/nvidia-x11/generic.nix25
-rw-r--r--pkgs/os-specific/linux/nvidia-x11/persistenced.nix21
-rw-r--r--pkgs/os-specific/linux/nvidia-x11/settings.nix12
-rw-r--r--pkgs/os-specific/linux/nvidiabl/default.nix10
-rw-r--r--pkgs/os-specific/linux/nvme-cli/default.nix11
-rw-r--r--pkgs/os-specific/linux/nvmet-cli/default.nix25
-rw-r--r--pkgs/os-specific/linux/oci-seccomp-bpf-hook/default.nix60
-rw-r--r--pkgs/os-specific/linux/odp-dpdk/default.nix35
-rw-r--r--pkgs/os-specific/linux/ofp/default.nix41
-rw-r--r--pkgs/os-specific/linux/open-iscsi/default.nix22
-rw-r--r--pkgs/os-specific/linux/open-isns/default.nix17
-rw-r--r--pkgs/os-specific/linux/opengl/xorg-sys/default.nix4
-rw-r--r--pkgs/os-specific/linux/openrazer/driver.nix15
-rw-r--r--pkgs/os-specific/linux/openvswitch/default.nix14
-rw-r--r--pkgs/os-specific/linux/openvswitch/lts.nix17
-rw-r--r--pkgs/os-specific/linux/otpw/default.nix6
-rw-r--r--pkgs/os-specific/linux/pagemon/default.nix4
-rw-r--r--pkgs/os-specific/linux/pam/default.nix39
-rw-r--r--pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch33
-rw-r--r--pkgs/os-specific/linux/pam_ccreds/default.nix4
-rw-r--r--pkgs/os-specific/linux/pam_gnupg/default.nix32
-rw-r--r--pkgs/os-specific/linux/pam_krb5/default.nix10
-rw-r--r--pkgs/os-specific/linux/pam_mount/default.nix49
-rw-r--r--pkgs/os-specific/linux/pam_p11/default.nix4
-rw-r--r--pkgs/os-specific/linux/pam_pgsql/default.nix6
-rw-r--r--pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix73
-rw-r--r--pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch53
-rw-r--r--pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch12
-rw-r--r--pkgs/os-specific/linux/pam_u2f/default.nix23
-rw-r--r--pkgs/os-specific/linux/pam_usb/default.nix8
-rw-r--r--pkgs/os-specific/linux/pax-utils/default.nix4
-rw-r--r--pkgs/os-specific/linux/paxctl/default.nix4
-rw-r--r--pkgs/os-specific/linux/paxtest/default.nix4
-rw-r--r--pkgs/os-specific/linux/pcimem/default.nix30
-rw-r--r--pkgs/os-specific/linux/pcm/default.nix8
-rw-r--r--pkgs/os-specific/linux/pcmciautils/default.nix11
-rw-r--r--pkgs/os-specific/linux/perf-tools/default.nix4
-rw-r--r--pkgs/os-specific/linux/phc-intel/default.nix8
-rw-r--r--pkgs/os-specific/linux/piper/default.nix10
-rw-r--r--pkgs/os-specific/linux/pipework/default.nix6
-rw-r--r--pkgs/os-specific/linux/pktgen/configure.patch17
-rw-r--r--pkgs/os-specific/linux/pktgen/default.nix34
-rw-r--r--pkgs/os-specific/linux/ply/default.nix8
-rw-r--r--pkgs/os-specific/linux/plymouth/default.nix105
-rw-r--r--pkgs/os-specific/linux/pm-utils/default.nix12
-rw-r--r--pkgs/os-specific/linux/pmount/default.nix14
-rw-r--r--pkgs/os-specific/linux/policycoreutils/default.nix4
-rw-r--r--pkgs/os-specific/linux/pommed-light/default.nix12
-rw-r--r--pkgs/os-specific/linux/power-profiles-daemon/default.nix68
-rw-r--r--pkgs/os-specific/linux/powercap/default.nix26
-rw-r--r--pkgs/os-specific/linux/powerstat/default.nix12
-rw-r--r--pkgs/os-specific/linux/powertop/default.nix9
-rw-r--r--pkgs/os-specific/linux/pps-tools/default.nix4
-rw-r--r--pkgs/os-specific/linux/prl-tools/default.nix8
-rw-r--r--pkgs/os-specific/linux/procdump/default.nix4
-rw-r--r--pkgs/os-specific/linux/procps-ng/default.nix52
-rw-r--r--pkgs/os-specific/linux/pscircle/default.nix6
-rw-r--r--pkgs/os-specific/linux/psftools/default.nix24
-rw-r--r--pkgs/os-specific/linux/psmisc/default.nix10
-rw-r--r--pkgs/os-specific/linux/r8125/default.nix10
-rw-r--r--pkgs/os-specific/linux/r8168/default.nix8
-rw-r--r--pkgs/os-specific/linux/radeontools/default.nix8
-rw-r--r--pkgs/os-specific/linux/radeontop/default.nix13
-rw-r--r--pkgs/os-specific/linux/raspberrypi-eeprom/default.nix55
-rw-r--r--pkgs/os-specific/linux/rdma-core/default.nix20
-rw-r--r--pkgs/os-specific/linux/read-edid/default.nix2
-rw-r--r--pkgs/os-specific/linux/regionset/default.nix4
-rw-r--r--pkgs/os-specific/linux/rewritefs/default.nix8
-rw-r--r--pkgs/os-specific/linux/rfkill/udev.nix4
-rw-r--r--pkgs/os-specific/linux/roccat-tools/default.nix10
-rw-r--r--pkgs/os-specific/linux/rtkit/default.nix8
-rw-r--r--pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix39
-rw-r--r--pkgs/os-specific/linux/rtl8192eu/default.nix23
-rw-r--r--pkgs/os-specific/linux/rtl8723bs/default.nix10
-rw-r--r--pkgs/os-specific/linux/rtl8812au/default.nix35
-rw-r--r--pkgs/os-specific/linux/rtl8814au/default.nix23
-rw-r--r--pkgs/os-specific/linux/rtl8821au/default.nix22
-rw-r--r--pkgs/os-specific/linux/rtl8821ce/default.nix18
-rw-r--r--pkgs/os-specific/linux/rtl8821cu/default.nix21
-rw-r--r--pkgs/os-specific/linux/rtl88x2bu/default.nix22
-rw-r--r--pkgs/os-specific/linux/rtl88xxau-aircrack/default.nix24
-rw-r--r--pkgs/os-specific/linux/rtlwifi_new/default.nix41
-rw-r--r--pkgs/os-specific/linux/rtw88/default.nix40
-rw-r--r--pkgs/os-specific/linux/rtw89/default.nix40
-rw-r--r--pkgs/os-specific/linux/ryzenadj/default.nix27
-rw-r--r--pkgs/os-specific/linux/s6-linux-init/default.nix22
-rw-r--r--pkgs/os-specific/linux/s6-linux-utils/default.nix8
-rw-r--r--pkgs/os-specific/linux/sch_cake/default.nix4
-rw-r--r--pkgs/os-specific/linux/schedtool/default.nix6
-rw-r--r--pkgs/os-specific/linux/sd-switch/default.nix10
-rw-r--r--pkgs/os-specific/linux/sdnotify-wrapper/sdnotify-wrapper.c22
-rw-r--r--pkgs/os-specific/linux/sdparm/default.nix4
-rw-r--r--pkgs/os-specific/linux/selinux-python/default.nix6
-rw-r--r--pkgs/os-specific/linux/selinux-sandbox/default.nix5
-rw-r--r--pkgs/os-specific/linux/semodule-utils/default.nix6
-rw-r--r--pkgs/os-specific/linux/sepolgen/default.nix4
-rw-r--r--pkgs/os-specific/linux/service-wrapper/default.nix4
-rw-r--r--pkgs/os-specific/linux/setools/default.nix14
-rw-r--r--pkgs/os-specific/linux/seturgent/default.nix11
-rw-r--r--pkgs/os-specific/linux/shadow/default.nix22
-rw-r--r--pkgs/os-specific/linux/shadow/runtime-shell.patch13
-rw-r--r--pkgs/os-specific/linux/sinit/default.nix18
-rw-r--r--pkgs/os-specific/linux/speedometer/default.nix4
-rw-r--r--pkgs/os-specific/linux/sssd/default.nix35
-rw-r--r--pkgs/os-specific/linux/statifier/default.nix4
-rw-r--r--pkgs/os-specific/linux/swapview/default.nix23
-rw-r--r--pkgs/os-specific/linux/switcheroo-control/default.nix58
-rw-r--r--pkgs/os-specific/linux/syscall_limiter/default.nix4
-rw-r--r--pkgs/os-specific/linux/sysdig/default.nix49
-rw-r--r--pkgs/os-specific/linux/sysfsutils/default.nix6
-rw-r--r--pkgs/os-specific/linux/sysklogd/default.nix6
-rw-r--r--pkgs/os-specific/linux/sysklogd/fix-includes-for-musl.patch120
-rw-r--r--pkgs/os-specific/linux/sysklogd/systemd.patch2
-rw-r--r--pkgs/os-specific/linux/syslinux/default.nix15
-rw-r--r--pkgs/os-specific/linux/syslinux/gcc10.patch33
-rw-r--r--pkgs/os-specific/linux/sysstat/default.nix12
-rw-r--r--pkgs/os-specific/linux/system76-acpi/default.nix43
-rw-r--r--pkgs/os-specific/linux/system76-io/default.nix38
-rw-r--r--pkgs/os-specific/linux/system76-power/default.nix30
-rw-r--r--pkgs/os-specific/linux/system76/default.nix44
-rw-r--r--pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch8
-rw-r--r--pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch12
-rw-r--r--pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch12
-rw-r--r--pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch10
-rw-r--r--pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch123
-rw-r--r--pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch10
-rw-r--r--pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch42
-rw-r--r--pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch8
-rw-r--r--pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch32
-rw-r--r--pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch10
-rw-r--r--pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch12
-rw-r--r--pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch313
-rw-r--r--pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch (renamed from pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch)10
-rw-r--r--pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch (renamed from pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch)8
-rw-r--r--pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch (renamed from pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch)10
-rw-r--r--pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch (renamed from pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch)8
-rw-r--r--pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch (renamed from pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch)8
-rw-r--r--pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch (renamed from pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch)8
-rw-r--r--pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch26
-rw-r--r--pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch33
-rw-r--r--pkgs/os-specific/linux/systemd/default.nix469
-rw-r--r--pkgs/os-specific/linux/sysvinit/default.nix12
-rw-r--r--pkgs/os-specific/linux/target-isns/default.nix36
-rw-r--r--pkgs/os-specific/linux/target-isns/install_prefix_path.patch17
-rw-r--r--pkgs/os-specific/linux/targetcli/default.nix8
-rw-r--r--pkgs/os-specific/linux/tbs/default.nix2
-rw-r--r--pkgs/os-specific/linux/tcp-wrappers/default.nix6
-rw-r--r--pkgs/os-specific/linux/teck-udev-rules/default.nix22
-rw-r--r--pkgs/os-specific/linux/thunderbolt/default.nix12
-rw-r--r--pkgs/os-specific/linux/tiptop/default.nix4
-rw-r--r--pkgs/os-specific/linux/tiscamera/default.nix67
-rw-r--r--pkgs/os-specific/linux/tmon/default.nix4
-rw-r--r--pkgs/os-specific/linux/tomb/default.nix10
-rw-r--r--pkgs/os-specific/linux/tp_smapi/default.nix2
-rw-r--r--pkgs/os-specific/linux/tpacpi-bat/default.nix8
-rw-r--r--pkgs/os-specific/linux/trace-cmd/default.nix16
-rw-r--r--pkgs/os-specific/linux/trace-cmd/fix-Makefiles.patch24
-rw-r--r--pkgs/os-specific/linux/trace-cmd/kernelshark.nix15
-rw-r--r--pkgs/os-specific/linux/trace-cmd/src.nix5
-rw-r--r--pkgs/os-specific/linux/trezor-udev-rules/default.nix4
-rw-r--r--pkgs/os-specific/linux/trinity/default.nix4
-rw-r--r--pkgs/os-specific/linux/tuigreet/default.nix26
-rw-r--r--pkgs/os-specific/linux/tuna/default.nix62
-rw-r--r--pkgs/os-specific/linux/tunctl/default.nix6
-rw-r--r--pkgs/os-specific/linux/turbostat/default.nix4
-rw-r--r--pkgs/os-specific/linux/tuxedo-keyboard/default.nix15
-rw-r--r--pkgs/os-specific/linux/uclibc/default.nix14
-rw-r--r--pkgs/os-specific/linux/udisks-glue/default.nix10
-rw-r--r--pkgs/os-specific/linux/udisks/1-default.nix10
-rw-r--r--pkgs/os-specific/linux/udisks/2-default.nix20
-rw-r--r--pkgs/os-specific/linux/undervolt/default.nix4
-rw-r--r--pkgs/os-specific/linux/unstick/default.nix4
-rw-r--r--pkgs/os-specific/linux/untie/default.nix4
-rw-r--r--pkgs/os-specific/linux/upower/default.nix10
-rw-r--r--pkgs/os-specific/linux/usbguard/default.nix66
-rw-r--r--pkgs/os-specific/linux/usbip/default.nix11
-rw-r--r--pkgs/os-specific/linux/usbtop/default.nix4
-rw-r--r--pkgs/os-specific/linux/usbutils/default.nix10
-rw-r--r--pkgs/os-specific/linux/usbutils/fix-paths.patch9
-rw-r--r--pkgs/os-specific/linux/usermount/default.nix8
-rw-r--r--pkgs/os-specific/linux/util-linux/default.nix14
-rw-r--r--pkgs/os-specific/linux/uvcdynctrl/default.nix6
-rw-r--r--pkgs/os-specific/linux/v4l-utils/default.nix10
-rw-r--r--pkgs/os-specific/linux/v4l2loopback/default.nix17
-rw-r--r--pkgs/os-specific/linux/v86d/default.nix4
-rw-r--r--pkgs/os-specific/linux/veikk-linux-driver/default.nix35
-rw-r--r--pkgs/os-specific/linux/vendor-reset/default.nix35
-rw-r--r--pkgs/os-specific/linux/wireguard/default.nix12
-rw-r--r--pkgs/os-specific/linux/wireless-tools/default.nix6
-rw-r--r--pkgs/os-specific/linux/wlgreet/default.nix26
-rw-r--r--pkgs/os-specific/linux/wooting-udev-rules/default.nix6
-rw-r--r--pkgs/os-specific/linux/wpa_supplicant/0001-Implement-read-only-mode-for-ssids.patch130
-rw-r--r--pkgs/os-specific/linux/wpa_supplicant/default.nix61
-rw-r--r--pkgs/os-specific/linux/wpa_supplicant/gui.nix4
-rw-r--r--pkgs/os-specific/linux/x86_energy_perf_policy/default.nix4
-rw-r--r--pkgs/os-specific/linux/x86info/default.nix8
-rw-r--r--pkgs/os-specific/linux/xf86-input-cmt/default.nix8
-rw-r--r--pkgs/os-specific/linux/xf86-input-wacom/default.nix68
-rw-r--r--pkgs/os-specific/linux/xf86-video-nested/default.nix8
-rw-r--r--pkgs/os-specific/linux/xmm7360-pci/default.nix28
-rw-r--r--pkgs/os-specific/linux/xpadneo/default.nix16
-rw-r--r--pkgs/os-specific/linux/xsensors/default.nix4
-rw-r--r--pkgs/os-specific/linux/zenmonitor/default.nix10
-rw-r--r--pkgs/os-specific/linux/zenpower/default.nix4
-rw-r--r--pkgs/os-specific/linux/zenstates/default.nix4
-rw-r--r--pkgs/os-specific/linux/zfs/BACKPORT-Linux-5.8-compat-__vmalloc.patch154
-rw-r--r--pkgs/os-specific/linux/zfs/default.nix114
-rw-r--r--pkgs/os-specific/linux/zsa-udev-rules/default.nix33
-rw-r--r--pkgs/os-specific/solo5/default.nix75
-rw-r--r--pkgs/os-specific/windows/cygwin-setup/default.nix10
-rw-r--r--pkgs/os-specific/windows/default.nix6
-rw-r--r--pkgs/os-specific/windows/jom/default.nix6
-rw-r--r--pkgs/os-specific/windows/libgnurx/default.nix9
-rw-r--r--pkgs/os-specific/windows/mcfgthreads/default.nix4
-rw-r--r--pkgs/os-specific/windows/mingw-w64/default.nix8
-rw-r--r--pkgs/os-specific/windows/pthread-w32/default.nix4
-rw-r--r--pkgs/os-specific/windows/wxMSW-2.8/default.nix4
716 files changed, 15230 insertions, 6143 deletions
diff --git a/pkgs/os-specific/bsd/default.nix b/pkgs/os-specific/bsd/default.nix
deleted file mode 100644
index ee7158e2a8c..00000000000
--- a/pkgs/os-specific/bsd/default.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ callPackages, recurseIntoAttrs }:
-
-{
-  netbsd = recurseIntoAttrs (callPackages ./netbsd {});
-}
diff --git a/pkgs/os-specific/bsd/netbsd/default.nix b/pkgs/os-specific/bsd/netbsd/default.nix
index 2d51c11f04a..bb0984d9738 100644
--- a/pkgs/os-specific/bsd/netbsd/default.nix
+++ b/pkgs/os-specific/bsd/netbsd/default.nix
@@ -1,5 +1,10 @@
-{ stdenv, stdenvNoCC, fetchcvs, lib, groff, mandoc, zlib, yacc, flex
-, writeText, buildPackages, splicePackages, symlinkJoin }:
+{ stdenv, lib, stdenvNoCC
+, pkgsBuildBuild, pkgsBuildHost, pkgsBuildTarget, pkgsHostHost, pkgsTargetTarget
+, buildPackages, splicePackages, newScope
+, bsdSetupHook, makeSetupHook, fetchcvs, groff, mandoc, byacc, flex
+, zlib
+, writeText, symlinkJoin
+}:
 
 let
   fetchNetBSD = path: version: sha256: fetchcvs {
@@ -9,35 +14,61 @@ let
     tag = "netbsd-${lib.replaceStrings ["."] ["-"] version}-RELEASE";
   };
 
-  # Splice packages so we get the correct package when using
-  # nativeBuildInputs...
-  nbSplicedPackages = splicePackages {
-    pkgsBuildBuild = buildPackages.buildPackages.netbsd;
-    pkgsBuildHost = buildPackages.netbsd;
-    pkgsBuildTarget = {};
-    pkgsHostHost = {};
-    pkgsHostTarget = netbsd;
-    pkgsTargetTarget = {};
+  otherSplices = {
+    selfBuildBuild = pkgsBuildBuild.netbsd;
+    selfBuildHost = pkgsBuildHost.netbsd;
+    selfBuildTarget = pkgsBuildTarget.netbsd;
+    selfHostHost = pkgsHostHost.netbsd;
+    selfTargetTarget = pkgsTargetTarget.netbsd or {}; # might be missing
   };
 
-  netbsd = with nbSplicedPackages; {
+in lib.makeScopeWithSplicing
+  splicePackages
+  newScope
+  otherSplices
+  (_: {})
+  (_: {})
+  (self: let
+    inherit (self) mkDerivation;
+  in {
+
+  # Why do we have splicing and yet do `nativeBuildInputs = with self; ...`?
+  #
+  # We use `lib.makeScopeWithSplicing` because this should be used for all
+  # nested package sets which support cross, so the inner `callPackage` works
+  # correctly. But for the inline packages we don't bother to use
+  # `callPackage`.
+  #
+  # We still could have tried to `with` a big spliced packages set, but
+  # splicing is jank and causes a number of bootstrapping infinite recursions
+  # if one is not careful. Pulling deps out of the right package set directly
+  # side-steps splicing entirely and avoids those footguns.
+  #
+  # For non-bootstrap-critical packages, we might as well use `callPackage` for
+  # consistency with everything else, and maybe put in separate files too.
+
+  compatIfNeeded = lib.optional (!stdenvNoCC.hostPlatform.isNetBSD) self.compat;
 
   mkDerivation = lib.makeOverridable (attrs: let
     stdenv' = if attrs.noCC or false then stdenvNoCC else stdenv;
   in stdenv'.mkDerivation ({
     name = "${attrs.pname or (baseNameOf attrs.path)}-netbsd-${attrs.version}";
-    src = attrs.src or fetchNetBSD attrs.path attrs.version attrs.sha256;
+    src = fetchNetBSD attrs.path attrs.version attrs.sha256;
 
     extraPaths = [ ];
 
-    nativeBuildInputs = [ makeMinimal install tsort lorder mandoc groff stat ];
-    buildInputs = [ compat ];
-    # depsBuildBuild = [ buildPackages.stdenv.cc ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install tsort lorder mandoc groff statHook
+    ];
+    buildInputs = with self; compatIfNeeded;
 
-    OBJCOPY = if stdenv.isDarwin then "true" else "objcopy";
-    HOST_SH = "${buildPackages.bash}/bin/sh";
+    HOST_SH = stdenv'.shell;
 
     MACHINE_ARCH = {
+      i486 = "i386";
+      i586 = "i386";
       i686 = "i386";
     }.${stdenv'.hostPlatform.parsed.cpu.name}
       or stdenv'.hostPlatform.parsed.cpu.name;
@@ -45,32 +76,32 @@ let
     MACHINE = {
       x86_64 = "amd64";
       aarch64 = "evbarm64";
+      i486 = "i386";
+      i586 = "i386";
       i686 = "i386";
     }.${stdenv'.hostPlatform.parsed.cpu.name}
       or stdenv'.hostPlatform.parsed.cpu.name;
 
-    AR = "${stdenv'.cc.targetPrefix or ""}ar";
-    CC = "${stdenv'.cc.targetPrefix or ""}cc";
-    CPP = "${stdenv'.cc.targetPrefix or ""}cpp";
-    CXX = "${stdenv'.cc.targetPrefix or ""}c++";
-    LD = "${stdenv'.cc.targetPrefix or ""}ld";
-    STRIP = "${stdenv'.cc.targetPrefix or ""}strip";
+    BSD_PATH = attrs.path;
 
-    NETBSD_PATH = attrs.path;
-
-    builder = ./builder.sh;
+    strictDeps = true;
 
     meta = with lib; {
-      maintainers = with maintainers; [matthewbauer];
+      maintainers = with maintainers; [ matthewbauer qyliss ];
       platforms = platforms.unix;
       license = licenses.bsd2;
     };
+  } // lib.optionalAttrs stdenv'.hasCC {
+    # TODO should CC wrapper set this?
+    CPP = "${stdenv'.cc.targetPrefix}cpp";
   } // lib.optionalAttrs stdenv'.isDarwin {
     MKRELRO = "no";
   } // lib.optionalAttrs (stdenv'.cc.isClang or false) {
     HAVE_LLVM = lib.versions.major (lib.getVersion stdenv'.cc.cc);
   } // lib.optionalAttrs (stdenv'.cc.isGNU or false) {
     HAVE_GCC = lib.versions.major (lib.getVersion stdenv'.cc.cc);
+  } // lib.optionalAttrs (stdenv'.isx86_32) {
+    USE_SSP = "no";
   } // lib.optionalAttrs (attrs.headersOnly or false) {
     installPhase = "includesPhase";
     dontBuild = true;
@@ -81,17 +112,17 @@ let
   ##
   makeMinimal = mkDerivation {
     path = "tools/make";
-    sha256 = "1xbzfd4i7allrkk1if74a8ymgpizyj0gkvdigzzj37qar7la7nc1";
-    version = "8.0";
+    sha256 = "0fh0nrnk18m613m5blrliq2aydciv51qhc0ihsj4k63incwbk90n";
+    version = "9.2";
 
-    buildInputs = [];
-    nativeBuildInputs = [];
+    buildInputs = with self; [];
+    nativeBuildInputs = with buildPackages.netbsd; [ bsdSetupHook ];
 
     skipIncludesPhase = true;
 
     postPatch = ''
       patchShebangs configure
-      ${make.postPatch}
+      ${self.make.postPatch}
     '';
     buildPhase = ''
       runHook preBuild
@@ -106,32 +137,38 @@ let
       install -D nbmake $out/bin/nbmake
       ln -s $out/bin/nbmake $out/bin/make
       mkdir -p $out/share
-      cp -r $NETBSDSRCDIR/share/mk $out/share/mk
+      cp -r $BSDSRCDIR/share/mk $out/share/mk
 
       runHook postInstall
     '';
-    extraPaths = [ make.src ] ++ make.extraPaths;
+    extraPaths = with self; [ make.src ] ++ make.extraPaths;
   };
 
-  compat = if stdenv.hostPlatform.isNetBSD then stdenv else mkDerivation rec {
+  compat = mkDerivation (let
+    version = "9.2";
+    commonDeps = [ zlib ];
+  in {
     path = "tools/compat";
-    sha256 = "050449lq5gpxqsripdqip5ks49g5ypjga188nd3ss8dg1zf7ydz3";
-    version = "8.0";
+    sha256 = "1vsxg7136nlhc72vpa664vs22874xh7ila95nkmsd8crn3z3cyn0";
+    inherit version;
 
     setupHooks = [
       ../../../build-support/setup-hooks/role.bash
       ./compat-setup-hook.sh
     ];
 
-    # override defaults to prevent infinite recursion
-    nativeBuildInputs = [ makeMinimal ];
-    buildInputs = [ zlib ];
-
     # the build system re-runs `./configure` with `HOST_CC` (which is their
     # name for Build CC) as a compiler to make `defs.mk`, which is installed
-    depsBuildBuild = [ buildPackages.stdenv.cc ] ++ buildInputs;
+    depsBuildBuild = [ buildPackages.stdenv.cc ] ++ commonDeps;
     HOST_CC = "${buildPackages.stdenv.cc.targetPrefix}cc";
 
+    nativeBuildInputs = with buildPackages.netbsd; commonDeps ++ [
+      bsdSetupHook
+      makeMinimal
+    ];
+
+    buildInputs = with self; commonDeps;
+
     # temporarily use gnuinstall for bootstrapping
     # bsdinstall will be built later
     makeFlags = [
@@ -148,24 +185,27 @@ let
 
       # why aren't these installed by netbsd?
       install -D compat_defs.h $out/include/compat_defs.h
-      install -D $NETBSDSRCDIR/include/cdbw.h $out/include/cdbw.h
-      install -D $NETBSDSRCDIR/sys/sys/cdbr.h $out/include/cdbr.h
-      install -D $NETBSDSRCDIR/sys/sys/featuretest.h \
+      install -D $BSDSRCDIR/include/cdbw.h $out/include/cdbw.h
+      install -D $BSDSRCDIR/sys/sys/cdbr.h $out/include/cdbr.h
+      install -D $BSDSRCDIR/sys/sys/featuretest.h \
                  $out/include/sys/featuretest.h
-      install -D $NETBSDSRCDIR/sys/sys/md5.h $out/include/md5.h
-      install -D $NETBSDSRCDIR/sys/sys/rmd160.h $out/include/rmd160.h
-      install -D $NETBSDSRCDIR/sys/sys/sha1.h $out/include/sha1.h
-      install -D $NETBSDSRCDIR/sys/sys/sha2.h $out/include/sha2.h
-      install -D $NETBSDSRCDIR/sys/sys/queue.h $out/include/sys/queue.h
-      install -D $NETBSDSRCDIR/include/vis.h $out/include/vis.h
-      install -D $NETBSDSRCDIR/include/db.h $out/include/db.h
-      install -D $NETBSDSRCDIR/include/netconfig.h $out/include/netconfig.h
-      install -D $NETBSDSRCDIR/include/rpc/types.h $out/include/rpc/types.h
-      install -D $NETBSDSRCDIR/include/utmpx.h $out/include/utmpx.h
-      install -D $NETBSDSRCDIR/include/tzfile.h $out/include/tzfile.h
-      install -D $NETBSDSRCDIR/sys/sys/tree.h $out/include/sys/tree.h
-      install -D $NETBSDSRCDIR/include/nl_types.h $out/include/nl_types.h
-      install -D $NETBSDSRCDIR/include/stringlist.h $out/include/stringlist.h
+      install -D $BSDSRCDIR/sys/sys/md5.h $out/include/md5.h
+      install -D $BSDSRCDIR/sys/sys/rmd160.h $out/include/rmd160.h
+      install -D $BSDSRCDIR/sys/sys/sha1.h $out/include/sha1.h
+      install -D $BSDSRCDIR/sys/sys/sha2.h $out/include/sha2.h
+      install -D $BSDSRCDIR/sys/sys/queue.h $out/include/sys/queue.h
+      install -D $BSDSRCDIR/include/vis.h $out/include/vis.h
+      install -D $BSDSRCDIR/include/db.h $out/include/db.h
+      install -D $BSDSRCDIR/include/netconfig.h $out/include/netconfig.h
+      install -D $BSDSRCDIR/include/utmpx.h $out/include/utmpx.h
+      install -D $BSDSRCDIR/include/tzfile.h $out/include/tzfile.h
+      install -D $BSDSRCDIR/sys/sys/tree.h $out/include/sys/tree.h
+      install -D $BSDSRCDIR/include/nl_types.h $out/include/nl_types.h
+      install -D $BSDSRCDIR/include/stringlist.h $out/include/stringlist.h
+
+      # Collapse includes slightly to fix dangling reference
+      install -D $BSDSRCDIR/common/include/rpc/types.h $out/include/rpc/types.h
+      sed -i '1s;^;#include "nbtool_config.h"\n;' $out/include/rpc/types.h
    '' + lib.optionalString stdenv.isDarwin ''
       mkdir -p $out/include/ssp
       touch $out/include/ssp/ssp.h
@@ -175,12 +215,12 @@ let
         --subst-var-by out $out \
         --subst-var-by version ${version}
     '';
-    extraPaths = [ libc.src libutil.src
-      (fetchNetBSD "include" "8.0" "128m77k16i7frvk8kifhmxzk7a37m7z1s0bbmja3ywga6sx6v6sq")
-      (fetchNetBSD "external/bsd/flex" "8.0" "0yxcjshz9nj827qhmjwwjmzvmmqgaf0d25b42k7lj84vliwrgyr6")
-      (fetchNetBSD "sys/sys" "8.0" "0b0yjjy0c0cvk5nyffppqwxlwh2s1qr2xzl97a9ldck00dibar94")
-    ] ++ libutil.extraPaths ++ libc.extraPaths;
-  };
+    extraPaths = with self; [ include.src libc.src libutil.src
+      (fetchNetBSD "external/bsd/flex" "9.2" "0h98jpfj7vx5zh7vd7bk6b1hmzgkcb757a8j6d9zgygxxv13v43m")
+      (fetchNetBSD "sys/sys" "9.2" "0zawhw51klaigqqwkx0lzrx3mim2jywrc24cm7c66qsf1im9awgd")
+      (fetchNetBSD "common/include/rpc/types.h" "9.2" "0n2df12mlc3cbc48jxq35yzl1y7ghgpykvy7jnfh898rdhac7m9a")
+    ] ++ libutil.extraPaths ++ _mainLibcExtraPaths;
+  });
 
   # HACK: to ensure parent directories exist. This emulates GNU
   # install’s -D option. No alternative seems to exist in BSD install.
@@ -191,12 +231,16 @@ let
     xinstall "$@"
   ''; in mkDerivation {
     path = "usr.bin/xinstall";
-    version = "8.0";
+    version = "9.2";
     sha256 = "1f6pbz3qv1qcrchdxif8p5lbmnwl8b9nq615hsd3cyl4avd5bfqj";
-    extraPaths = [ mtree.src make.src ];
-    nativeBuildInputs = [ makeMinimal mandoc groff ];
+    extraPaths = with self; [ mtree.src make.src ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      mandoc groff
+    ];
     skipIncludesPhase = true;
-    buildInputs = [ compat fts ];
+    buildInputs = with self; compatIfNeeded ++ [ fts ];
     installPhase = ''
       runHook preInstall
 
@@ -213,13 +257,15 @@ let
     pname = "fts";
     path = "include/fts.h";
     sha256 = "01d4fpxvz1pgzfk5xznz5dcm0x0gdzwcsfm1h3d0xc9kc6hj2q77";
-    version = "8.0";
-    nativeBuildInputs = [ ];
-    propagatedBuildInputs = [ compat ];
-    extraPaths = [
-      (fetchNetBSD "lib/libc/gen/fts.c" "8.0" "1a8hmf26242nmv05ipn3ircxb0jqmmi66rh78kkyi9vjwkfl3qn7")
-      (fetchNetBSD "lib/libc/include/namespace.h" "8.0" "1sjvh9nw3prnk4rmdwrfsxh6gdb9lmilkn46jcfh3q5c8glqzrd7")
-      (fetchNetBSD "lib/libc/gen/fts.3" "8.0" "1asxw0n3fhjdadwkkq3xplfgqgl3q32w1lyrvbakfa3gs0wz5zc1")
+    version = "9.2";
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+    ];
+    propagatedBuildInputs = with self; compatIfNeeded;
+    extraPaths = with self; [
+      (fetchNetBSD "lib/libc/gen/fts.c" "9.2" "1a8hmf26242nmv05ipn3ircxb0jqmmi66rh78kkyi9vjwkfl3qn7")
+      (fetchNetBSD "lib/libc/include/namespace.h" "9.2" "0kksr3pdwdc1cplqf5z12ih4cml6l11lqrz91f7hjjm64y7785kc")
+      (fetchNetBSD "lib/libc/gen/fts.3" "9.2" "1asxw0n3fhjdadwkkq3xplfgqgl3q32w1lyrvbakfa3gs0wz5zc1")
     ];
     skipIncludesPhase = true;
     buildPhase = ''
@@ -243,25 +289,49 @@ let
     ];
   };
 
+  # Don't add this to nativeBuildInputs directly.  Use statHook instead.
   stat = mkDerivation {
     path = "usr.bin/stat";
-    version = "8.0";
-    sha256 = "0z4r96id2r4cfy443rw2s1n52n186xm0lqvs8s3qjf4314z7r7yh";
-    nativeBuildInputs = [ makeMinimal install mandoc groff ];
+    version = "9.2";
+    sha256 = "18nqwlndfc34qbbgqx5nffil37jfq9aw663ippasfxd2hlyc106x";
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install mandoc groff
+    ];
   };
 
+  # stat isn't in POSIX, and NetBSD stat supports a completely
+  # different range of flags than GNU stat, so including it in PATH
+  # breaks stdenv.  Work around that with a hook that will point
+  # NetBSD's build system and NetBSD stat without including it in
+  # PATH.
+  statHook = makeSetupHook {
+    name = "netbsd-stat-hook";
+  } (writeText "netbsd-stat-hook-impl" ''
+    makeFlagsArray+=(TOOL_STAT=${self.stat}/bin/stat)
+  '');
+
   tsort = mkDerivation {
     path = "usr.bin/tsort";
-    version = "8.0";
+    version = "9.2";
     sha256 = "1dqvf9gin29nnq3c4byxc7lfd062pg7m84843zdy6n0z63hnnwiq";
-    nativeBuildInputs = [ makeMinimal install mandoc groff ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install mandoc groff
+    ];
   };
 
   lorder = mkDerivation {
     path = "usr.bin/lorder";
-    version = "8.0";
+    version = "9.2";
     sha256 = "0rjf9blihhm0n699vr2bg88m4yjhkbxh6fxliaay3wxkgnydjwn2";
-    nativeBuildInputs = [ makeMinimal install mandoc groff ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install mandoc groff
+    ];
   };
   ##
   ## END BOOTSTRAPPING
@@ -272,58 +342,58 @@ let
   ##
   make = mkDerivation {
     path = "usr.bin/make";
-    sha256 = "103643qs3w5kiahir6cca2rkm5ink81qbg071qyzk63qvspfq10c";
-    version = "8.0";
+    sha256 = "0vi73yicbmbp522qzqvd979cx6zm5jakhy77xh73c1kygf8klccs";
+    version = "9.2";
     postPatch = ''
       # make needs this to pick up our sys make files
       export NIX_CFLAGS_COMPILE+=" -D_PATH_DEFSYSPATH=\"$out/share/mk\""
 
-      substituteInPlace $NETBSDSRCDIR/share/mk/bsd.lib.mk \
+      substituteInPlace $BSDSRCDIR/share/mk/bsd.lib.mk \
         --replace '_INSTRANLIB=''${empty(PRESERVE):?-a "''${RANLIB} -t":}' '_INSTRANLIB='
-      substituteInPlace $NETBSDSRCDIR/share/mk/bsd.kinc.mk \
+      substituteInPlace $BSDSRCDIR/share/mk/bsd.kinc.mk \
         --replace /bin/rm rm
     '' + lib.optionalString stdenv.isDarwin ''
-      substituteInPlace $NETBSDSRCDIR/share/mk/bsd.sys.mk \
+      substituteInPlace $BSDSRCDIR/share/mk/bsd.sys.mk \
         --replace '-Wl,--fatal-warnings' "" \
         --replace '-Wl,--warn-shared-textrel' ""
     '';
     postInstall = ''
-      make -C $NETBSDSRCDIR/share/mk FILESDIR=$out/share/mk install
+      make -C $BSDSRCDIR/share/mk FILESDIR=$out/share/mk install
     '';
     extraPaths = [
-      (fetchNetBSD "share/mk" "8.0" "033q4w3rmvwznz6m7fn9xcf13chyhwwl8ijj3a9mrn80fkwm55qs")
+      (fetchNetBSD "share/mk" "9.2" "0w9x77cfnm6zwy40slradzi0ip9gz80x6lk7pvnlxzsr2m5ra5sy")
     ];
   };
 
   mtree = mkDerivation {
     path = "usr.sbin/mtree";
-    version = "8.0";
-    sha256 = "0hanmzm8bgwz2bhsinmsgfmgy6nbdhprwmgwbyjm6bl17vgn7vid";
-    extraPaths = [ mknod.src ];
+    version = "9.2";
+    sha256 = "04p7w540vz9npvyb8g8hcf2xa05phn1y88hsyrcz3vwanvpc0yv9";
+    extraPaths = with self; [ mknod.src ];
   };
 
   mknod = mkDerivation {
     path = "sbin/mknod";
-    version = "8.0";
-    sha256 = "0vq66v0hj0r4z2r2z2d3l3c5vh48pvcdmddc8bhm8hzq2civ5df2";
+    version = "9.2";
+    sha256 = "1d9369shzwgixz3nph991i8q5vk7hr04py3n9avbfbhzy4gndqs2";
   };
 
   getent = mkDerivation {
     path = "usr.bin/getent";
-    sha256 = "1ylhw4dnpyrmcy8n5kjcxywm8qc9p124dqnm17x4magiqx1kh9iz";
-    version = "8.0";
+    sha256 = "1qngywcmm0y7nl8h3n8brvkxq4jw63szbci3kc1q6a6ndhycbbvr";
+    version = "9.2";
     patches = [ ./getent.patch ];
   };
 
   getconf = mkDerivation {
     path = "usr.bin/getconf";
     sha256 = "122vslz4j3h2mfs921nr2s6m078zcj697yrb75rwp2hnw3qz4s8q";
-    version = "8.0";
+    version = "9.2";
   };
 
   locale = mkDerivation {
     path = "usr.bin/locale";
-    version = "8.0";
+    version = "9.2";
     sha256 = "0kk6v9k2bygq0wf9gbinliqzqpzs9bgxn0ndyl2wcv3hh2bmsr9p";
     patches = [ ./locale.patch ];
     NIX_CFLAGS_COMPILE = "-DYESSTR=__YESSTR -DNOSTR=__NOSTR";
@@ -331,42 +401,73 @@ let
 
   rpcgen = mkDerivation {
     path = "usr.bin/rpcgen";
-    version = "8.0";
+    version = "9.2";
     sha256 = "1kfgfx54jg98wbg0d95p0rvf4w0302v8fz724b0bdackdsrd4988";
   };
 
   genassym = mkDerivation {
     path = "usr.bin/genassym";
-    version = "8.0";
+    version = "9.2";
     sha256 = "1acl1dz5kvh9h5806vkz2ap95rdsz7phmynh5i3x5y7agbki030c";
   };
 
   gencat = mkDerivation {
     path = "usr.bin/gencat";
-    version = "8.0";
-    sha256 = "1696lgh2lhz93247lklvpvkd0f5asg6z27w2g4bmpfijlgw2h698";
+    version = "9.2";
+    sha256 = "0gd463x1hg36bhr7y0xryb5jyxk0z0g7xvy8rgk82nlbnlnsbbwb";
   };
 
   nbperf = mkDerivation {
     path = "usr.bin/nbperf";
-    version = "8.0";
-    sha256 = "0gzm0zv2400lasnsswnjw9bwzyizhxzdbrcjwcl1k65aj86aqyqb";
+    version = "9.2";
+    sha256 = "1nxc302vgmjhm3yqdivqyfzslrg0vjpbss44s74rcryrl19mma9r";
   };
 
   tic = mkDerivation {
     path = "tools/tic";
-    version = "8.0";
+    version = "9.2";
     sha256 = "092y7db7k4kh2jq8qc55126r5qqvlb8lq8mhmy5ipbi36hwb4zrz";
     HOSTPROG = "tic";
-    buildInputs = [ compat ];
-    nativeBuildInputs = [ makeMinimal install mandoc groff nbperf ];
+    buildInputs = with self; compatIfNeeded;
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install mandoc groff nbperf
+    ];
     makeFlags = [ "TOOLDIR=$(out)" ];
-    extraPaths = [
+    extraPaths = with self; [
       libterminfo.src
-      (fetchNetBSD "usr.bin/tic" "8.0" "0diirnzmdnpc5bixyb34c9rid9paw2a4zfczqrpqrfvjsf1nnljf")
-      (fetchNetBSD "tools/Makefile.host" "8.0" "1p23dsc4qrv93vc6gzid9w2479jwswry9qfn88505s0pdd7h6nvp")
+      (fetchNetBSD "usr.bin/tic" "9.2" "1mwdfg7yx1g43ss378qsgl5rqhsxskqvsd2mqvrn38qw54i8v5i1")
+      (fetchNetBSD "tools/Makefile.host" "9.2" "15b4ab0n36lqj00j5lz2xs83g7l8isk3wx1wcapbrn66qmzz2sxy")
     ];
   };
+
+  uudecode = mkDerivation {
+    path = "usr.bin/uudecode";
+    version = "9.2";
+    sha256 = "00a3zmh15pg4vx6hz0kaa5mi8d2b1sj4h512d7p6wbvxq6mznwcn";
+    NIX_CFLAGS_COMPILE = lib.optional stdenv.isLinux "-DNO_BASE64";
+  };
+
+  cksum = mkDerivation {
+    path = "usr.bin/cksum";
+    version = "9.2";
+    sha256 = "0msfhgyvh5c2jmc6qjnf12c378dhw32ffsl864qz4rdb2b98rfcq";
+    meta.platforms = lib.platforms.netbsd;
+  };
+
+  config = mkDerivation {
+    path = "usr.bin/config";
+    version = "9.2";
+    sha256 = "1yz3n4hncdkk6kp595fh2q5lg150vpqg8iw2dccydkyw4y3hgsjj";
+    NIX_CFLAGS_COMPILE = [ "-DMAKE_BOOTSTRAP" ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal install mandoc byacc flex
+    ];
+    buildInputs = with self; compatIfNeeded;
+    extraPaths = with self; [ cksum.src ];
+  };
   ##
   ## END COMMAND LINE TOOLS
   ##
@@ -376,41 +477,85 @@ let
   ##
   include = mkDerivation {
     path = "include";
-    version = "8.0";
-    sha256 = "128m77k16i7frvk8kifhmxzk7a37m7z1s0bbmja3ywga6sx6v6sq";
-    nativeBuildInputs = [ makeMinimal install mandoc groff nbperf rpcgen ];
-    extraPaths = [ common.src ];
+    version = "9.2";
+    sha256 = "0nxnmj4c8s3hb9n3fpcmd0zl3l1nmhivqgi9a35sis943qvpgl9h";
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install mandoc groff nbperf rpcgen
+    ];
+    extraPaths = with self; [ common ];
     headersOnly = true;
     noCC = true;
-    # meta.platforms = lib.platforms.netbsd;
-    makeFlags = [ "RPCGEN_CPP=${buildPackages.gcc-unwrapped}/bin/cpp" ];
+    meta.platforms = lib.platforms.netbsd;
+    makeFlags = [ "RPCGEN_CPP=${buildPackages.stdenv.cc.cc}/bin/cpp" ];
   };
 
-  common = mkDerivation {
-    path = "common";
-    version = "8.0";
-    sha256 = "1fsm2b7p7zkhiz523jw75088cq2h39iknp0fp3di9a64bikwbhi1";
-  };
+  common = fetchNetBSD "common" "9.2" "1pfylz9r3ap5wnwwbwczbfjb1m5qdyspzbnmxmcdkpzz2zgj64b9";
 
-  # The full kernel
-  sys = mkDerivation {
+  sys-headers = mkDerivation {
+    pname = "sys-headers";
     path = "sys";
-    version = "8.0";
-    sha256 = "123ilg8fqmp69bw6bs6nh98fpi1v2n9lamrzar61p27ji6sj7g0w";
-    propagatedBuildInputs = [ include ];
-    #meta.platforms = lib.platforms.netbsd;
-    extraPaths = [ common.src ];
+    version = "9.2";
+    sha256 = "03s18q8d9giipf05bx199fajc2qwikji0djz7hw63d2lya6bfnpj";
+
+    # Fix this error when building bootia32.efi and bootx64.efi:
+    # error: PHDR segment not covered by LOAD segment
+    patches = [ ./no-dynamic-linker.patch ];
+
+    CONFIG = "GENERIC";
+
+    propagatedBuildInputs = with self; [ include ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal install tsort lorder statHook uudecode config genassym
+    ];
+
+    postConfigure = ''
+      pushd arch/$MACHINE/conf
+      config $CONFIG
+      popd
+    '';
+
+    makeFlags = [ "FIRMWAREDIR=$(out)/libdata/firmware" ];
+    hardeningDisable = [ "pic" ];
     MKKMOD = "no";
+    NIX_CFLAGS_COMPILE = [ "-Wa,--no-warn" ];
+
+    postBuild = ''
+      make -C arch/$MACHINE/compile/$CONFIG $makeFlags
+    '';
+
+    postInstall = ''
+      cp arch/$MACHINE/compile/$CONFIG/netbsd $out
+    '';
+
+    meta.platforms = lib.platforms.netbsd;
+    extraPaths = with self; [ common ];
+
+    installPhase = "includesPhase";
+    dontBuild = true;
+    noCC = true;
+  };
+
+  # The full kernel. We do the funny thing of overridding the headers to the
+  # full kernal and not vice versa to avoid infinite recursion -- the headers
+  # come earlier in the bootstrap.
+  sys = self.sys-headers.override {
+    pname = "sys";
+    installPhase = null;
+    noCC = false;
+    dontBuild = false;
   };
 
   headers = symlinkJoin {
-    name = "netbsd-headers-8.0";
-    paths = [ include ] ++ map (pkg: pkg.override (_: {
-      installPhase = "includesPhase";
-      dontBuild = true;
-      noCC = true;
-      meta.platforms = lib.platforms.all;
-    })) [ sys libpthread ];
+    name = "netbsd-headers-9.2";
+    paths = with self; [
+      include
+      sys-headers
+      libpthread-headers
+    ];
+    meta.platforms = lib.platforms.netbsd;
   };
   ##
   ## END HEADERS
@@ -421,17 +566,26 @@ let
   ##
   libutil = mkDerivation {
     path = "lib/libutil";
-    version = "8.0";
-    sha256 = "077syyxd303m4x7avs5nxzk4c9n13d5lyk5aicsacqjvx79qrk3i";
-    extraPaths = [ common.src ];
+    version = "9.2";
+    sha256 = "02gm5a5zhh8qp5r5q5r7x8x6x50ir1i0ncgsnfwh1vnrz6mxbq7z";
+    extraPaths = with self; [ common libc.src sys.src ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      byacc install tsort lorder mandoc statHook
+    ];
+    buildInputs = with self; [ headers ];
+    SHLIBINSTALLDIR = "$(out)/lib";
   };
 
   libedit = mkDerivation {
     path = "lib/libedit";
-    version = "8.0";
-    sha256 = "0pmqh2mkfp70bwchiwyrkdyq9jcihx12g1awd6alqi9bpr3f9xmd";
-    buildInputs = [ libterminfo libcurses ];
-    propagatedBuildInputs = [ compat ];
+    version = "9.2";
+    sha256 = "1wqhngraxwqk4jgrf5f18jy195yrp7c06n1gf31pbplq79mg1bcj";
+    buildInputs = with self; [ libterminfo libcurses ];
+    propagatedBuildInputs = with self; compatIfNeeded;
+    SHLIBINSTALLDIR = "$(out)/lib";
+    makeFlags = [ "LIBDO.terminfo=${self.libterminfo}/lib" ];
     postPatch = ''
       sed -i '1i #undef bool_t' el.h
       substituteInPlace config.h \
@@ -447,34 +601,43 @@ let
 
   libterminfo = mkDerivation {
     path = "lib/libterminfo";
-    version = "8.0";
-    sha256 = "14gp0d6fh6zjnbac2yjhyq5m6rca7gm6q1s9gilhzpdgl9m7vb9r";
-    buildInputs = [ compat ];
+    version = "9.2";
+    sha256 = "0pq05k3dj0dfsczv07frnnji92mazmy2qqngqbx2zgqc1x251414";
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal install tsort lorder mandoc statHook nbperf tic
+    ];
+    buildInputs = with self; compatIfNeeded;
+    SHLIBINSTALLDIR = "$(out)/lib";
     postPatch = ''
       substituteInPlace term.c --replace /usr/share $out/share
       substituteInPlace setupterm.c \
         --replace '#include <curses.h>' 'void use_env(bool);'
     '';
+    postBuild = ''
+      make -C $BSDSRCDIR/share/terminfo $makeFlags BINDIR=$out/share
+    '';
     postInstall = ''
-      make -C $NETBSDSRCDIR/share/terminfo BINDIR=$out/share install
+      make -C $BSDSRCDIR/share/terminfo $makeFlags BINDIR=$out/share install
     '';
-    extraPaths = [
-      (fetchNetBSD "share/terminfo" "8.0" "18db0fk1dw691vk6lsm6dksm4cf08g8kdm0gc4052ysdagg2m6sm")
+    extraPaths = with self; [
+      (fetchNetBSD "share/terminfo" "9.2" "1vh9rl4w8118a9qdpblfxmv1wkpm83rm9gb4rzz5bpm56i6d7kk7")
     ];
   };
 
   libcurses = mkDerivation {
     path = "lib/libcurses";
-    version = "8.0";
-    sha256 = "0azhzh1910v24dqx45zmh4z4dl63fgsykajrbikx5xfvvmkcq7xs";
-    buildInputs = [ libterminfo ];
+    version = "9.2";
+    sha256 = "0pd0dggl3w4bv5i5h0s1wrc8hr66n4hkv3zlklarwfdhc692fqal";
+    buildInputs = with self; [ libterminfo ];
     NIX_CFLAGS_COMPILE = [
       "-D__scanflike(a,b)="
       "-D__va_list=va_list"
       "-D__warn_references(a,b)="
     ] ++ lib.optional stdenv.isDarwin "-D__strong_alias(a,b)=";
-    propagatedBuildInputs = [ compat ];
+    propagatedBuildInputs = with self; compatIfNeeded;
     MKDOC = "no"; # missing vfontedpr
+    makeFlags = [ "LIBDO.terminfo=${self.libterminfo}/lib" ];
     postPatch = lib.optionalString (!stdenv.isDarwin) ''
       substituteInPlace printw.c \
         --replace "funopen(win, NULL, __winwrite, NULL, NULL)" NULL \
@@ -484,122 +647,161 @@ let
     '';
   };
 
-  libkern = mkDerivation {
-    path = "lib/libkern";
-    version = "8.0";
-    sha256 = "1wirqr9bms69n4b5sr32g1b1k41hcamm7c9n7i8c440m73r92yv4";
-    meta.platforms = lib.platforms.netbsd;
-  };
-
   column = mkDerivation {
     path = "usr.bin/column";
-    version = "8.0";
+    version = "9.2";
     sha256 = "0r6b0hjn5ls3j3sv6chibs44fs32yyk2cg8kh70kb4cwajs4ifyl";
   };
 
   libossaudio = mkDerivation {
     path = "lib/libossaudio";
-    version = "8.0";
-    sha256 = "03azp5anavhjr15sinjlik9792lyf7w4zmkcihlkksrywhs05axh";
+    version = "9.2";
+    sha256 = "16l3bfy6dcwqnklvh3x0ps8ld1y504vf57v9rx8f9adzhb797jh0";
     meta.platforms = lib.platforms.netbsd;
-    postPatch = ''
-      substituteInPlace rpc/Makefile --replace /usr $out
-    '';
   };
 
   librpcsvc = mkDerivation {
     path = "lib/librpcsvc";
-    version = "8.0";
-    sha256 = "14ri9w6gdhsm4id5ck133syyvbmkbknfa8w0xkklm726nskhfkj7";
+    version = "9.2";
+    sha256 = "1q34pfiyjbrgrdqm46jwrsqms49ly6z3b0xh1wg331zga900vq5n";
     makeFlags = [ "INCSDIR=$(out)/include/rpcsvc" ];
     meta.platforms = lib.platforms.netbsd;
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install tsort lorder rpcgen statHook
+    ];
   };
 
   librt = mkDerivation {
     path = "lib/librt";
-    version = "8.0";
-    sha256 = "078qsi4mg1hyyxr1awvjs9b0c2gicg3zw4vl603g1m9vm8gfxw9l";
+    version = "9.2";
+    sha256 = "07f8mpjcqh5kig5z5sp97fg55mc4dz6aa1x5g01nv2pvbmqczxc6";
     meta.platforms = lib.platforms.netbsd;
+    extraPaths = with self; [ libc.src ] ++ libc.extraPaths;
+    postPatch = ''
+      sed -i 's,/usr\(/include/sys/syscall.h\),${self.headers}\1,g' \
+        $BSDSRCDIR/lib/{libc,librt}/sys/Makefile.inc
+    '';
   };
 
   libcrypt = mkDerivation {
     path = "lib/libcrypt";
-    version = "8.0";
+    version = "9.2";
     sha256 = "0siqan1wdqmmhchh2n8w6a8x1abbff8n4yb6jrqxap3hqn8ay54g";
+    SHLIBINSTALLDIR = "$(out)/lib";
     meta.platforms = lib.platforms.netbsd;
   };
 
-  libpthread = mkDerivation {
+  libpthread-headers = mkDerivation {
+    pname = "libpthread-headers";
     path = "lib/libpthread";
-    version = "8.0";
-    sha256 = "0pcz61klc3ijf5z2zf8s78nj7bwjfblzjllx7vr4z5qv3m0sdb3j";
+    version = "9.2";
+    sha256 = "0mlmc31k509dwfmx5s2x010wxjc44mr6y0cbmk30cfipqh8c962h";
+    installPhase = "includesPhase";
+    dontBuild = true;
+    noCC = true;
     meta.platforms = lib.platforms.netbsd;
   };
 
+  libpthread = self.libpthread-headers.override {
+    pname = "libpthread";
+    installPhase = null;
+    noCC = false;
+    dontBuild = false;
+    buildInputs = with self; [ headers ];
+    SHLIBINSTALLDIR = "$(out)/lib";
+    extraPaths = with self; [ common libc.src librt.src sys.src ];
+  };
+
   libresolv = mkDerivation {
     path = "lib/libresolv";
-    version = "8.0";
-    sha256 = "11vpb3p2343wyrhw4v9gwz7i0lcpb9ysmfs9gsx56b5gkgipdy4v";
+    version = "9.2";
+    sha256 = "1am74s74mf1ynwz3p4ncjkg63f78a1zjm983q166x4sgzps15626";
     meta.platforms = lib.platforms.netbsd;
+    extraPaths = with self; [ libc.src ];
   };
 
   libm = mkDerivation {
     path = "lib/libm";
-    version = "8.0";
-    sha256 = "0i22603cgj6n00gn2m446v4kn1pk109qs1g6ylrslmihfmiy2h1d";
+    version = "9.2";
+    sha256 = "1apwfr26shdmbqqnmg7hxf7bkfxw44ynqnnnghrww9bnhqdnsy92";
+    SHLIBINSTALLDIR = "$(out)/lib";
     meta.platforms = lib.platforms.netbsd;
+    extraPaths = with self; [ sys.src ];
   };
 
   i18n_module = mkDerivation {
     path = "lib/i18n_module";
-    version = "8.0";
+    version = "9.2";
     sha256 = "0w6y5v3binm7gf2kn7y9jja8k18rhnyl55cvvfnfipjqdxvxd9jd";
     meta.platforms = lib.platforms.netbsd;
+    extraPaths = with self; [ libc.src ];
   };
 
   csu = mkDerivation {
     path = "lib/csu";
-    version = "8.0";
-    sha256 = "0630lbvz6v4ic13bfg8ccwfhqkgcv76bfdw9f36rfsnwfgpxqsmq";
+    version = "9.2";
+    sha256 = "0al5jfazvhlzn9hvmnrbchx4d0gm282hq5gp4xs2zmj9ycmf6d03";
     meta.platforms = lib.platforms.netbsd;
-    nativeBuildInputs = [ makeMinimal install mandoc groff flex
-                          yacc genassym gencat lorder tsort stat ];
-    extraPaths = [ sys.src ld_elf_so.src ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install mandoc groff flex
+      byacc genassym gencat lorder tsort statHook
+    ];
+    buildInputs = with self; [ headers ];
+    extraPaths = with self; [ sys.src ld_elf_so.src ];
   };
 
   ld_elf_so = mkDerivation {
     path  = "libexec/ld.elf_so";
-    version = "8.0";
-    sha256 = "1jmqpi0kg2daiqnvpwdyfy8rpnszxsm70sxizz0r7wn53xjr5hva";
+    version = "9.2";
+    sha256 = "0ia9mqzdljly0vqfwflm5mzz55k7qsr4rw2bzhivky6k30vgirqa";
     meta.platforms = lib.platforms.netbsd;
+    LIBC_PIC = "${self.libc}/lib/libc_pic.a";
+    # Hack to prevent a symlink being installed here for compatibility.
+    SHLINKINSTALLDIR = "/usr/libexec";
     USE_FORT = "yes";
-    extraPaths = [ libc.src ] ++ libc.extraPaths;
+    makeFlags = [ "BINDIR=$(out)/libexec" "CLIBOBJ=${self.libc}/lib" ];
+    extraPaths = with self; [ libc.src ] ++ libc.extraPaths;
   };
 
+  _mainLibcExtraPaths = with self; [
+      common i18n_module.src sys.src
+      ld_elf_so.src libpthread.src libm.src libresolv.src
+      librpcsvc.src libutil.src librt.src libcrypt.src
+  ];
+
   libc = mkDerivation {
     path = "lib/libc";
-    version = "8.0";
-    sha256 = "0lgbc58qgn8kwm3l011x1ml1kgcf7jsgq7hbf0hxhlbvxq5bljl3";
+    version = "9.2";
+    sha256 = "1y9c13igg0kai07sqvf9cm6yqmd8lhfd8hq3q7biilbgs1l99as3";
     USE_FORT = "yes";
     MKPROFILE = "no";
-    extraPaths = [ common.src i18n_module.src sys.src
-                   ld_elf_so.src libpthread.src libm.src libresolv.src
-                   librpcsvc.src libutil.src librt.src libcrypt.src ];
-    buildInputs = [ buildPackages.netbsd.headers csu ];
-    nativeBuildInputs = [ makeMinimal install mandoc groff flex
-                          yacc genassym gencat lorder tsort stat ];
-    NIX_CFLAGS_COMPILE = "-B${csu}/lib";
+    extraPaths = with self; _mainLibcExtraPaths ++ [
+      (fetchNetBSD "external/bsd/jemalloc" "9.2" "0cq704swa0h2yxv4gc79z2lwxibk9k7pxh3q5qfs7axx3jx3n8kb")
+    ];
+    nativeBuildInputs = with buildPackages.netbsd; [
+      bsdSetupHook
+      makeMinimal
+      install mandoc groff flex
+      byacc genassym gencat lorder tsort statHook rpcgen
+    ];
+    buildInputs = with self; [ headers csu ];
+    NIX_CFLAGS_COMPILE = "-B${self.csu}/lib";
     meta.platforms = lib.platforms.netbsd;
     SHLIBINSTALLDIR = "$(out)/lib";
+    MKPICINSTALL = "yes";
     NLSDIR = "$(out)/share/nls";
     makeFlags = [ "FILESDIR=$(out)/var/db"];
     postInstall = ''
-      pushd ${buildPackages.netbsd.headers}
+      pushd ${self.headers}
       find . -type d -exec mkdir -p $out/\{} \;
       find . \( -type f -o -type l \) -exec cp -pr \{} $out/\{} \;
       popd
 
-      pushd ${csu}
+      pushd ${self.csu}
       find . -type d -exec mkdir -p $out/\{} \;
       find . \( -type f -o -type l \) -exec cp -pr \{} $out/\{} \;
       popd
@@ -608,34 +810,31 @@ let
       NIX_CFLAGS_COMPILE+=" -I$out/include"
       NIX_LDFLAGS+=" -L$out/lib"
 
-      make -C $NETBSDSRCDIR/lib/libpthread $makeFlags
-      make -C $NETBSDSRCDIR/lib/libpthread $makeFlags install
+      make -C $BSDSRCDIR/lib/libpthread $makeFlags
+      make -C $BSDSRCDIR/lib/libpthread $makeFlags install
 
-      make -C $NETBSDSRCDIR/lib/libm $makeFlags
-      make -C $NETBSDSRCDIR/lib/libm $makeFlags install
+      make -C $BSDSRCDIR/lib/libm $makeFlags
+      make -C $BSDSRCDIR/lib/libm $makeFlags install
 
-      make -C $NETBSDSRCDIR/lib/libresolv $makeFlags
-      make -C $NETBSDSRCDIR/lib/libresolv $makeFlags install
+      make -C $BSDSRCDIR/lib/libresolv $makeFlags
+      make -C $BSDSRCDIR/lib/libresolv $makeFlags install
 
-      make -C $NETBSDSRCDIR/lib/librpcsv $makeFlags
-      make -C $NETBSDSRCDIR/lib/librpcsv $makeFlags install
+      make -C $BSDSRCDIR/lib/librpcsvc $makeFlags
+      make -C $BSDSRCDIR/lib/librpcsvc $makeFlags install
 
-      make -C $NETBSDSRCDIR/lib/i18n_module $makeFlags
-      make -C $NETBSDSRCDIR/lib/i18n_module $makeFlags install
+      make -C $BSDSRCDIR/lib/i18n_module $makeFlags
+      make -C $BSDSRCDIR/lib/i18n_module $makeFlags install
 
-      make -C $NETBSDSRCDIR/lib/libutil $makeFlags
-      make -C $NETBSDSRCDIR/lib/libutil $makeFlags install
+      make -C $BSDSRCDIR/lib/libutil $makeFlags
+      make -C $BSDSRCDIR/lib/libutil $makeFlags install
 
-      make -C $NETBSDSRCDIR/lib/librt $makeFlags
-      make -C $NETBSDSRCDIR/lib/librt $makeFlags install
+      make -C $BSDSRCDIR/lib/librt $makeFlags
+      make -C $BSDSRCDIR/lib/librt $makeFlags install
 
-      make -C $NETBSDSRCDIR/lib/libcrypt $makeFlags
-      make -C $NETBSDSRCDIR/lib/libcrypt $makeFlags install
-    '';
-    postPatch = ''
-      substituteInPlace sys/Makefile.inc \
-        --replace /usr/include/sys/syscall.h ${buildPackages.netbsd.headers}/include/sys/syscall.h
+      make -C $BSDSRCDIR/lib/libcrypt $makeFlags
+      make -C $BSDSRCDIR/lib/libcrypt $makeFlags install
     '';
+    inherit (self.librt) postPatch;
   };
   #
   # END LIBRARIES
@@ -647,30 +846,28 @@ let
   dict = mkDerivation {
     path = "share/dict";
     noCC = true;
-    version = "8.0";
-    sha256 = "1pk0y3xc5ihc2k89wjkh33qqx3w9q34k03k2qcffvbqh1l6wm36l";
+    version = "9.2";
+    sha256 = "0svfc0byk59ri37pyjslv4c4rc7zw396r73mr593i78d39q5g3ad";
     makeFlags = [ "BINDIR=$(out)/share" ];
   };
 
   misc = mkDerivation {
     path = "share/misc";
     noCC = true;
-    version = "8.0";
-    sha256 = "0d34b3irjbqsqfk8v8aaj36fjyvwyx410igl26jcx2ryh3ispch8";
+    version = "9.2";
+    sha256 = "1j2cdssdx6nncv8ffj7f7ybl7m9hadjj8vm8611skqdvxnjg6nbc";
     makeFlags = [ "BINDIR=$(out)/share" ];
   };
 
   man = mkDerivation {
     path = "share/man";
     noCC = true;
-    version = "8.0";
-    sha256 = "0d34b3irjbqsqfk8v8aaj36fjyvwyx410igl26jcx2ryh3ispch0";
+    version = "9.2";
+    sha256 = "1l4lmj4kmg8dl86x94sr45w0xdnkz8dn4zjx0ipgr9bnq98663zl";
     makeFlags = [ "FILESDIR=$(out)/share" ];
   };
   #
   # END MISCELLANEOUS
   #
 
-  };
-
-in netbsd
+})
diff --git a/pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch b/pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch
new file mode 100644
index 00000000000..5a2b9092a5c
--- /dev/null
+++ b/pkgs/os-specific/bsd/netbsd/no-dynamic-linker.patch
@@ -0,0 +1,16 @@
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/sys/arch/i386/stand/efiboot/Makefile.efiboot,v
+rcsdiff: /ftp/cvs/cvsroot/src/sys/arch/i386/stand/efiboot/Makefile.efiboot,v: warning: Unknown phrases like `commitid ...;' are present.
+retrieving revision 1.16
+retrieving revision 1.17
+diff -u -p -r1.16 -r1.17
+--- sys/arch/i386/stand/efiboot/Makefile.efiboot        2019/09/13 02:19:45        1.16
++++ sys/arch/i386/stand/efiboot/Makefile.efiboot        2020/04/04 15:30:46        1.17
+@@ -41,6 +41,7 @@ BINMODE=444
+ .PATH:        ${.CURDIR}/../../libsa
+
+ LDSCRIPT?= ${.CURDIR}/ldscript
++LDFLAGS+= --no-dynamic-linker --noinhibit-exec
+ LDFLAGS+= -nostdlib -T${LDSCRIPT} -Bsymbolic -shared -nocombreloc
+ CPPFLAGS+= -I$S -I${.CURDIR} -I${.CURDIR}/.. -I$S/lib/libsa
+ CPPFLAGS+= -I${.OBJDIR}
diff --git a/pkgs/os-specific/bsd/netbsd/builder.sh b/pkgs/os-specific/bsd/setup-hook.sh
index 925001567f7..45babc38d7a 100644
--- a/pkgs/os-specific/bsd/netbsd/builder.sh
+++ b/pkgs/os-specific/bsd/setup-hook.sh
@@ -1,6 +1,4 @@
-source $stdenv/setup
-
-# NetBSD makefiles should be able to detect this
+# BSD makefiles should be able to detect this
 # but without they end up using gcc on Darwin stdenv
 addMakeFlags() {
   export setOutputFlags=
@@ -64,13 +62,12 @@ addMakeFlags() {
   makeFlags="-j $NIX_BUILD_CORES $makeFlags"
 }
 
-setNetBSDSourceDir() {
+setBSDSourceDir() {
   # merge together all extra paths
   # there should be a better way to do this
   sourceRoot=$PWD/$sourceRoot
-  export NETBSDSRCDIR=$sourceRoot
-  export BSDSRCDIR=$NETBSDSRCDIR
-  export _SRC_TOP_=$NETBSDSRCDIR
+  export BSDSRCDIR=$sourceRoot
+  export _SRC_TOP_=$BSDSRCDIR
   chmod -R u+w $sourceRoot
   for path in $extraPaths; do
     cd $path
@@ -80,13 +77,14 @@ setNetBSDSourceDir() {
   done
 
   cd $sourceRoot
-  if [ -d "$NETBSD_PATH" ]
-    then sourceRoot=$sourceRoot/$NETBSD_PATH
+  if [ -d "$BSD_PATH" ]
+    then sourceRoot=$sourceRoot/$BSD_PATH
   fi
 }
 
 includesPhase() {
   if [ -z "${skipIncludesPhase:-}" ]; then
+    runHook preIncludes
 
     local flagsArray=(
          $makeFlags ${makeFlagsArray+"${makeFlagsArray[@]}"}
@@ -98,6 +96,7 @@ includesPhase() {
 
     moveUsrDir
 
+    runHook postIncludes
   fi
 }
 
@@ -105,18 +104,17 @@ moveUsrDir() {
   if [ -d $prefix ]; then
     # Remove lingering /usr references
     if [ -d $prefix/usr ]; then
-      cd $prefix/usr
+      pushd $prefix/usr
       find . -type d -exec mkdir -p $out/\{} \;
       find . \( -type f -o -type l \) -exec mv \{} $out/\{} \;
+      popd
     fi
 
     find $prefix -type d -empty -delete
   fi
 }
 
-postUnpackHooks+=(setNetBSDSourceDir)
+postUnpackHooks+=(setBSDSourceDir)
 preConfigureHooks+=(addMakeFlags)
 preInstallHooks+=(includesPhase)
 fixupOutputHooks+=(moveUsrDir)
-
-genericBuild
diff --git a/pkgs/os-specific/darwin/DarwinTools/default.nix b/pkgs/os-specific/darwin/DarwinTools/default.nix
index 174f9478633..588769c7bfc 100644
--- a/pkgs/os-specific/darwin/DarwinTools/default.nix
+++ b/pkgs/os-specific/darwin/DarwinTools/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl }:
+{ lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   name = "DarwinTools-1";
@@ -8,7 +8,11 @@ stdenv.mkDerivation rec {
     sha256 = "0hh4jl590jv3v830p77r3jcrnpndy7p2b8ajai3ldpnx2913jfhp";
   };
 
-  patchPhase = ''
+  patches = [
+    ./sw_vers-CFPriv.patch
+  ];
+
+  postPatch = ''
     substituteInPlace Makefile \
       --replace gcc cc
   '';
@@ -25,7 +29,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    maintainers = [ stdenv.lib.maintainers.matthewbauer ];
-    platforms = stdenv.lib.platforms.darwin;
+    maintainers = [ lib.maintainers.matthewbauer ];
+    platforms = lib.platforms.darwin;
   };
 }
diff --git a/pkgs/os-specific/darwin/DarwinTools/sw_vers-CFPriv.patch b/pkgs/os-specific/darwin/DarwinTools/sw_vers-CFPriv.patch
new file mode 100644
index 00000000000..6faeaa75025
--- /dev/null
+++ b/pkgs/os-specific/darwin/DarwinTools/sw_vers-CFPriv.patch
@@ -0,0 +1,19 @@
+--- a/sw_vers.c        2021-04-19 13:06:50.131346864 +0900
++++ b/sw_vers.c        2021-04-19 13:07:32.481967474 +0900
+@@ -28,7 +28,15 @@
+  */
+
+ #include <CoreFoundation/CoreFoundation.h>
+-#include <CoreFoundation/CFPriv.h>
++
++// Avoid dependency on CoreFoundation/CFPriv, which no longer appears to be
++// part of the upstream sdk.
++
++CFDictionaryRef _CFCopyServerVersionDictionary(void);
++CFDictionaryRef _CFCopySystemVersionDictionary(void);
++extern CFStringRef _kCFSystemVersionProductNameKey;
++extern CFStringRef _kCFSystemVersionProductVersionKey;
++extern CFStringRef _kCFSystemVersionBuildVersionKey;
+
+ void usage(char *progname) {
+         fprintf(stderr, "Usage: %s [-productName|-productVersion|-buildVersion]\n", progname);
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix
new file mode 100644
index 00000000000..6e987c5dfb4
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/apple_sdk.nix
@@ -0,0 +1,172 @@
+{ lib, stdenvNoCC, buildPackages, fetchurl, xar, cpio, pkgs, python3, pbzx, MacOSX-SDK }:
+
+# TODO: reorganize to make this just frameworks, and move libs to default.nix
+
+let
+  stdenv = stdenvNoCC;
+
+  standardFrameworkPath = name: private:
+    "/System/Library/${lib.optionalString private "Private"}Frameworks/${name}.framework";
+
+  mkDepsRewrites = deps:
+  let
+    mergeRewrites = x: y: {
+      prefix = lib.mergeAttrs (x.prefix or {}) (y.prefix or {});
+      const = lib.mergeAttrs (x.const or {}) (y.const or {});
+    };
+
+    rewriteArgs = { prefix ? {}, const ? {} }: lib.concatLists (
+      (lib.mapAttrsToList (from: to: [ "-p" "${from}:${to}" ]) prefix) ++
+      (lib.mapAttrsToList (from: to: [ "-c" "${from}:${to}" ]) const)
+    );
+
+    rewrites = depList: lib.fold mergeRewrites {}
+      (map (dep: dep.tbdRewrites)
+        (lib.filter (dep: dep ? tbdRewrites) depList));
+  in
+    lib.escapeShellArgs (rewriteArgs (rewrites (builtins.attrValues deps)));
+
+  mkFramework = { name, deps, private ? false }:
+    let self = stdenv.mkDerivation {
+      pname = "apple-${lib.optionalString private "private-"}framework-${name}";
+      version = MacOSX-SDK.version;
+
+      dontUnpack = true;
+
+      # because we copy files from the system
+      preferLocalBuild = true;
+
+      disallowedRequisites = [ MacOSX-SDK ];
+
+      nativeBuildInputs = [ buildPackages.darwin.rewrite-tbd ];
+
+      installPhase = ''
+        mkdir -p $out/Library/Frameworks
+
+        cp -r ${MacOSX-SDK}${standardFrameworkPath name private} $out/Library/Frameworks
+
+        # Fix and check tbd re-export references
+        chmod u+w -R $out
+        find $out -name '*.tbd' -type f | while read tbd; do
+          echo "Fixing re-exports in $tbd"
+          rewrite-tbd \
+            -p ${standardFrameworkPath name private}/:$out/Library/Frameworks/${name}.framework/ \
+            ${mkDepsRewrites deps} \
+            -r ${builtins.storeDir} \
+            "$tbd"
+        done
+      '';
+
+      propagatedBuildInputs = builtins.attrValues deps;
+
+      passthru = {
+        tbdRewrites = {
+          prefix."${standardFrameworkPath name private}/" = "${self}/Library/Frameworks/${name}.framework/";
+        };
+      };
+
+      meta = with lib; {
+        description = "Apple SDK framework ${name}";
+        maintainers = with maintainers; [ copumpkin ];
+        platforms   = platforms.darwin;
+      };
+    };
+  in self;
+
+  framework = name: deps: mkFramework { inherit name deps; private = false; };
+  privateFramework = name: deps: mkFramework { inherit name deps; private = true; };
+in rec {
+  libs = {
+    xpc = stdenv.mkDerivation {
+      name   = "apple-lib-xpc";
+      dontUnpack = true;
+
+      installPhase = ''
+        mkdir -p $out/include
+        pushd $out/include >/dev/null
+        cp -r "${MacOSX-SDK}/usr/include/xpc" $out/include/xpc
+        cp "${MacOSX-SDK}/usr/include/launch.h" $out/include/launch.h
+        popd >/dev/null
+      '';
+    };
+
+    Xplugin = stdenv.mkDerivation {
+      name   = "apple-lib-Xplugin";
+      dontUnpack = true;
+
+      propagatedBuildInputs = with frameworks; [
+        OpenGL ApplicationServices Carbon IOKit CoreGraphics CoreServices CoreText
+      ];
+
+      installPhase = ''
+        mkdir -p $out/include $out/lib
+        ln -s "${MacOSX-SDK}/include/Xplugin.h" $out/include/Xplugin.h
+        cp ${MacOSX-SDK}/usr/lib/libXplugin.1.tbd $out/lib
+        ln -s libXplugin.1.tbd $out/lib/libXplugin.tbd
+      '';
+    };
+
+    utmp = stdenv.mkDerivation {
+      name   = "apple-lib-utmp";
+      dontUnpack = true;
+
+      installPhase = ''
+        mkdir -p $out/include
+        pushd $out/include >/dev/null
+        ln -s "${MacOSX-SDK}/include/utmp.h"
+        ln -s "${MacOSX-SDK}/include/utmpx.h"
+        popd >/dev/null
+      '';
+    };
+
+    sandbox = stdenv.mkDerivation {
+      name = "apple-lib-sandbox";
+
+      dontUnpack = true;
+      dontBuild = true;
+
+      installPhase = ''
+        mkdir -p $out/include $out/lib
+        ln -s "${MacOSX-SDK}/usr/include/sandbox.h" $out/include/sandbox.h
+        cp "${MacOSX-SDK}/usr/lib/libsandbox.1.tbd" $out/lib
+        ln -s libsandbox.1.tbd $out/lib/libsandbox.tbd
+      '';
+    };
+
+    libDER = stdenv.mkDerivation {
+      name = "apple-lib-libDER";
+      dontUnpack = true;
+      installPhase = ''
+        mkdir -p $out/include
+        cp -r ${MacOSX-SDK}/usr/include/libDER $out/include
+      '';
+    };
+  };
+
+  overrides = super: {
+    CoreFoundation = lib.overrideDerivation super.CoreFoundation (drv: {
+      setupHook = ./cf-setup-hook.sh;
+    });
+
+    # This framework doesn't exist in newer SDKs (somewhere around 10.13), but
+    # there are references to it in nixpkgs.
+    QuickTime = throw "QuickTime framework not available";
+
+    # Seems to be appropriate given https://developer.apple.com/forums/thread/666686
+    JavaVM = super.JavaNativeFoundation;
+  };
+
+  bareFrameworks = (
+    lib.mapAttrs framework (import ./frameworks.nix {
+      inherit frameworks libs;
+      inherit (pkgs.darwin) libobjc Libsystem;
+      inherit (pkgs.darwin.apple_sdk) libnetwork;
+    })
+  ) // (
+    lib.mapAttrs privateFramework (import ./private-frameworks.nix {
+      inherit frameworks;
+    })
+  );
+
+  frameworks = bareFrameworks // overrides bareFrameworks;
+}
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/cf-setup-hook.sh b/pkgs/os-specific/darwin/apple-sdk-11.0/cf-setup-hook.sh
new file mode 100644
index 00000000000..3b08c51d196
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/cf-setup-hook.sh
@@ -0,0 +1,6 @@
+forceLinkCoreFoundationFramework() {
+  NIX_CFLAGS_COMPILE="-F@out@/Library/Frameworks${NIX_CFLAGS_COMPILE:+ }${NIX_CFLAGS_COMPILE-}"
+  NIX_LDFLAGS+=" @out@/Library/Frameworks/CoreFoundation.framework/CoreFoundation"
+}
+
+preConfigureHooks+=(forceLinkCoreFoundationFramework)
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix
new file mode 100644
index 00000000000..44b119e1a23
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix
@@ -0,0 +1,58 @@
+{ stdenvNoCC, fetchurl, newScope, pkgs
+, xar, cpio, python3, pbzx }:
+
+let
+  MacOSX-SDK = stdenvNoCC.mkDerivation rec {
+    pname = "MacOSX-SDK";
+    version = "11.0.0";
+
+    # https://swscan.apple.com/content/catalogs/others/index-11-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
+    src = fetchurl {
+      url = "http://swcdn.apple.com/content/downloads/46/21/001-89745-A_56FM390IW5/v1um2qppgfdnam2e9cdqcqu2r6k8aa3lis/CLTools_macOSNMOS_SDK.pkg";
+      sha256 = "0n425smj4q1vxbza8fzwnk323fyzbbq866q32w288c44hl5yhwsf";
+    };
+
+    dontBuild = true;
+    darwinDontCodeSign = true;
+
+    nativeBuildInputs = [ cpio pbzx ];
+
+    outputs = [ "out" ];
+
+    unpackPhase = ''
+      pbzx $src | cpio -idm
+    '';
+
+    installPhase = ''
+      cd Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk
+
+      mkdir $out
+      cp -r System usr $out/
+    '';
+
+    passthru = {
+      inherit version;
+    };
+  };
+
+  callPackage = newScope (packages // pkgs.darwin // { inherit MacOSX-SDK; });
+
+  packages = {
+    inherit (callPackage ./apple_sdk.nix {}) frameworks libs;
+
+    # TODO: this is nice to be private. is it worth the callPackage above?
+    # Probably, I don't think that callPackage costs much at all.
+    inherit MacOSX-SDK;
+
+    Libsystem = callPackage ./libSystem.nix {};
+    LibsystemCross = pkgs.darwin.Libsystem;
+    libcharset = callPackage ./libcharset.nix {};
+    libunwind = callPackage ./libunwind.nix {};
+    libnetwork = callPackage ./libnetwork.nix {};
+    objc4 = callPackage ./libobjc.nix {};
+
+    # questionable aliases
+    configd = pkgs.darwin.apple_sdk.frameworks.SystemConfiguration;
+    IOKit = pkgs.darwin.apple_sdk.frameworks.IOKit;
+  };
+in packages
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix
new file mode 100644
index 00000000000..c8f8ccc4a08
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/frameworks.nix
@@ -0,0 +1,193 @@
+{ frameworks, libs, libobjc, Libsystem, libnetwork }: with frameworks; with libs;
+{
+  AGL                              = { inherit Carbon OpenGL; };
+  AVFoundation                     = { inherit ApplicationServices AVFCapture AVFCore CoreGraphics; };
+  AVKit                            = {};
+  Accelerate                       = { inherit CoreWLAN IOBluetooth; };
+  Accessibility                    = {};
+  Accounts                         = {};
+  AdSupport                        = {};
+  AddressBook                      = { inherit AddressBookCore Carbon ContactsPersistence libobjc; };
+  AppKit                           = { inherit ApplicationServices AudioToolbox AudioUnit Foundation QuartzCore UIFoundation; };
+  AppTrackingTransparency          = {};
+  AppleScriptKit                   = {};
+  AppleScriptObjC                  = {};
+  ApplicationServices              = { inherit ColorSync CoreGraphics CoreServices CoreText ImageIO; };
+  AudioToolbox                     = { inherit AudioToolboxCore CoreAudio CoreMIDI; };
+  AudioUnit                        = { inherit AudioToolbox Carbon CoreAudio; };
+  AudioVideoBridging               = { inherit Foundation; };
+  AuthenticationServices           = {};
+  AutomaticAssessmentConfiguration = {};
+  Automator                        = {};
+  BackgroundTasks                  = {};
+  BusinessChat                     = {};
+  CFNetwork                        = {};
+  CalendarStore                    = {};
+  CallKit                          = {};
+  Carbon                           = { inherit ApplicationServices CoreServices Foundation IOKit QuartzCore Security libobjc; };
+  ClassKit                         = {};
+  CloudKit                         = { inherit CoreLocation; };
+  Cocoa                            = { inherit AppKit CoreData; };
+  Collaboration                    = {};
+  ColorSync                        = {};
+  Combine                          = {};
+  Contacts                         = {};
+  ContactsUI                       = {};
+  CoreAudio                        = { inherit IOKit CoreAudioTypes; };
+  CoreAudioKit                     = { inherit AudioUnit; };
+  CoreAudioTypes                   = {};
+  CoreBluetooth                    = {};
+  CoreData                         = { inherit CloudKit; };
+  CoreDisplay                      = {};
+  CoreFoundation                   = { inherit libobjc; };
+  CoreGraphics                     = { inherit Accelerate IOKit IOSurface SystemConfiguration; };
+  CoreHaptics                      = {};
+  CoreImage                        = {};
+  CoreLocation                     = {};
+  CoreMIDI                         = {};
+  CoreMIDIServer                   = { inherit CoreMIDI; };
+  CoreML                           = {};
+  CoreMedia                        = { inherit ApplicationServices AudioToolbox AudioUnit CoreAudio CoreGraphics CoreVideo; };
+  CoreMediaIO                      = { inherit CoreMedia; };
+  CoreMotion                       = {};
+  CoreServices                     = { inherit CFNetwork CoreAudio CoreData CoreFoundation DiskArbitration NetFS OpenDirectory Security ServiceManagement; };
+  CoreSpotlight                    = {};
+  CoreTelephony                    = {};
+  CoreText                         = { inherit CoreGraphics; };
+  CoreVideo                        = { inherit ApplicationServices CoreGraphics IOSurface OpenGL; };
+  CoreWLAN                         = { inherit SecurityFoundation; };
+  CryptoKit                        = {};
+  CryptoTokenKit                   = {};
+  DVDPlayback                      = {};
+  DeveloperToolsSupport            = {};
+  DeviceCheck                      = {};
+  DirectoryService                 = {};
+  DiscRecording                    = { inherit CoreServices IOKit libobjc; };
+  DiscRecordingUI                  = {};
+  DiskArbitration                  = { inherit IOKit; };
+  DriverKit                        = {};
+  EventKit                         = {};
+  ExceptionHandling                = {};
+  ExecutionPolicy                  = {};
+  ExternalAccessory                = {};
+  FWAUserLib                       = {};
+  FileProvider                     = {};
+  FileProviderUI                   = {};
+  FinderSync                       = {};
+  ForceFeedback                    = { inherit IOKit; };
+  Foundation                       = { inherit ApplicationServices CoreFoundation Security SystemConfiguration libobjc; };
+  GLKit                            = {};
+  GLUT                             = { inherit OpenGL; };
+  GSS                              = {};
+  GameController                   = {};
+  GameKit                          = { inherit Cocoa Foundation GameCenterFoundation GameCenterUI GameCenterUICore GameController GameplayKit Metal MetalKit ModelIO ReplayKit SceneKit SpriteKit; };
+  GameplayKit                      = {};
+  HIDDriverKit                     = {};
+  Hypervisor                       = {};
+  ICADevices                       = { inherit Carbon IOBluetooth libobjc; };
+  IMServicePlugIn                  = {};
+  IOBluetooth                      = { inherit CoreBluetooth IOKit; };
+  IOBluetoothUI                    = { inherit IOBluetooth; };
+  IOKit                            = {};
+  IOSurface                        = { inherit IOKit xpc; };
+  IOUSBHost                        = {};
+  IdentityLookup                   = {};
+  ImageCaptureCore                 = {};
+  ImageIO                          = { inherit CoreGraphics; };
+  InputMethodKit                   = { inherit Carbon; };
+  InstallerPlugins                 = {};
+  InstantMessage                   = {};
+  Intents                          = {};
+  JavaNativeFoundation             = {};
+  JavaRuntimeSupport               = {};
+  JavaScriptCore                   = { inherit libobjc; };
+  Kerberos                         = {};
+  Kernel                           = { inherit IOKit; };
+  KernelManagement                 = {};
+  LDAP                             = {};
+  LatentSemanticMapping            = { inherit Carbon; };
+  LinkPresentation                 = { inherit URLFormatting; };
+  LocalAuthentication              = {};
+  MLCompute                        = {};
+  MapKit                           = {};
+  MediaAccessibility               = { inherit CoreGraphics CoreText QuartzCore; };
+  MediaLibrary                     = {};
+  MediaPlayer                      = {};
+  MediaToolbox                     = { inherit AudioToolbox AudioUnit CoreMedia; };
+  Message                          = {};
+  Metal                            = {};
+  MetalKit                         = { inherit Metal ModelIO; };
+  MetalPerformanceShaders          = {};
+  MetalPerformanceShadersGraph     = {};
+  MetricKit                        = { inherit SignpostMetrics; };
+  ModelIO                          = {};
+  MultipeerConnectivity            = {};
+  NaturalLanguage                  = {};
+  NearbyInteraction                = {};
+  NetFS                            = {};
+  Network                          = { inherit libnetwork; };
+  NetworkExtension                 = { inherit Network; };
+  NetworkingDriverKit              = {};
+  NotificationCenter               = {};
+  OSAKit                           = { inherit Carbon; };
+  OSLog                            = {};
+  OpenAL                           = {};
+  OpenCL                           = { inherit IOSurface OpenGL; };
+  OpenDirectory                    = {};
+  OpenGL                           = {};
+  PCIDriverKit                     = {};
+  PCSC                             = { inherit CoreData; };
+  PDFKit                           = {};
+  ParavirtualizedGraphics          = {};
+  PassKit                          = { inherit PassKitCore; };
+  PencilKit                        = {};
+  Photos                           = {};
+  PhotosUI                         = {};
+  PreferencePanes                  = {};
+  PushKit                          = {};
+  Python                           = {};
+  QTKit                            = { inherit CoreMedia CoreMediaIO MediaToolbox VideoToolbox; };
+  Quartz                           = { inherit QTKit QuartzCore QuickLook PDFKit; };
+  QuartzCore                       = { inherit ApplicationServices CoreImage CoreVideo Metal OpenCL libobjc; };
+  QuickLook                        = { inherit ApplicationServices; };
+  QuickLookThumbnailing            = {};
+  RealityKit                       = {};
+  ReplayKit                        = {};
+  Ruby                             = {};
+  SafariServices                   = {};
+  SceneKit                         = {};
+  ScreenSaver                      = {};
+  ScreenTime                       = {};
+  ScriptingBridge                  = {};
+  Security                         = { inherit IOKit libDER; };
+  SecurityFoundation               = { inherit Security; };
+  SecurityInterface                = { inherit Security SecurityFoundation; };
+  SensorKit                        = {};
+  ServiceManagement                = { inherit Security; };
+  Social                           = {};
+  SoundAnalysis                    = {};
+  Speech                           = {};
+  SpriteKit                        = {};
+  StoreKit                         = {};
+  SwiftUI                          = {};
+  SyncServices                     = {};
+  System                           = {};
+  SystemConfiguration              = { inherit Security; };
+  SystemExtensions                 = {};
+  TWAIN                            = { inherit Carbon; };
+  Tcl                              = {};
+  Tk                               = {};
+  USBDriverKit                     = {};
+  UniformTypeIdentifiers           = {};
+  UserNotifications                = {};
+  UserNotificationsUI              = {};
+  VideoDecodeAcceleration          = { inherit CoreVideo; };
+  VideoSubscriberAccount           = {};
+  VideoToolbox                     = { inherit CoreMedia CoreVideo; };
+  Virtualization                   = {};
+  Vision                           = {};
+  WebKit                           = { inherit ApplicationServices Carbon JavaScriptCore OpenGL libobjc; };
+  WidgetKit                        = {};
+  iTunesLibrary                    = {};
+  vmnet                            = {};
+}
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix
new file mode 100644
index 00000000000..f04b964f755
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/libSystem.nix
@@ -0,0 +1,78 @@
+{ stdenvNoCC, buildPackages, MacOSX-SDK }:
+
+stdenvNoCC.mkDerivation {
+  pname = "libSystem";
+  version = MacOSX-SDK.version;
+
+  dontBuild = true;
+  dontUnpack = true;
+
+  nativeBuildInputs = [ buildPackages.darwin.rewrite-tbd ];
+
+  includeDirs = [
+    "CommonCrypto" "_types" "architecture" "arpa" "atm" "bank" "bsd" "bsm"
+    "corecrypto" "corpses" "default_pager" "device" "dispatch" "hfs" "i386"
+    "iokit" "kern" "libkern" "mach" "mach-o" "mach_debug" "machine" "malloc"
+    "miscfs" "net" "netinet" "netinet6" "netkey" "nfs" "os" "osfmk" "pexpert"
+    "platform" "protocols" "pthread" "rpc" "rpcsvc" "secure" "security"
+    "servers" "sys" "uuid" "vfs" "voucher" "xlocale"
+  ] ++ [
+    "arm" "xpc" "arm64"
+  ];
+
+  csu = [
+    "bundle1.o" "crt0.o" "crt1.10.5.o" "crt1.10.6.o" "crt1.o" "dylib1.10.5.o"
+    "dylib1.o" "gcrt1.o" "lazydylib1.o"
+  ];
+
+  installPhase = ''
+    mkdir -p $out/{include,lib}
+
+    for dir in $includeDirs; do
+      from=${MacOSX-SDK}/usr/include/$dir
+      if [ -e "$from" ]; then
+        cp -dr $from $out/include
+      else
+        echo "Header directory '$from' doesn't exist: skipping"
+      fi
+    done
+
+    cp -d \
+      ${MacOSX-SDK}/usr/include/*.h \
+      $out/include
+
+    rm $out/include/tk*.h $out/include/tcl*.h
+
+    cp -dr \
+      ${MacOSX-SDK}/usr/lib/libSystem.* \
+      ${MacOSX-SDK}/usr/lib/system \
+      $out/lib
+
+    # Extra libraries
+    for name in c dbm dl info m mx poll proc pthread rpcsvc util gcc_s.1 resolv; do
+      cp -d \
+        ${MacOSX-SDK}/usr/lib/lib$name.tbd \
+        ${MacOSX-SDK}/usr/lib/lib$name.*.tbd \
+        $out/lib
+    done
+
+    for f in $csu; do
+      from=${MacOSX-SDK}/usr/lib/$f
+      if [ -e "$from" ]; then
+        cp -d $from $out/lib
+      else
+        echo "Csu file '$from' doesn't exist: skipping"
+      fi
+    done
+
+    chmod u+w -R $out/lib
+    find $out -name '*.tbd' -type f | while read tbd; do
+      rewrite-tbd \
+        -c /usr/lib/libsystem.dylib:$out/lib/libsystem.dylib \
+        -p /usr/lib/system/:$out/lib/system/ \
+        -r ${builtins.storeDir} \
+        "$tbd"
+    done
+  '';
+}
+
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/libcharset.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/libcharset.nix
new file mode 100644
index 00000000000..bf55037ab60
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/libcharset.nix
@@ -0,0 +1,16 @@
+{ stdenvNoCC, buildPackages, MacOSX-SDK }:
+
+stdenvNoCC.mkDerivation {
+  pname = "libcharset";
+  version = MacOSX-SDK.version;
+
+  dontUnpack = true;
+  dontBuild = true;
+
+  nativeBuildInputs = [ buildPackages.darwin.checkReexportsHook ];
+
+  installPhase = ''
+    mkdir -p $out/{include,lib}
+    cp ${MacOSX-SDK}/usr/lib/libcharset* $out/lib
+  '';
+}
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/libnetwork.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/libnetwork.nix
new file mode 100644
index 00000000000..2e5c0593bf4
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/libnetwork.nix
@@ -0,0 +1,20 @@
+{ stdenvNoCC, buildPackages, MacOSX-SDK }:
+
+let self = stdenvNoCC.mkDerivation {
+  pname = "libnetwork";
+  version = MacOSX-SDK.version;
+
+  dontUnpack = true;
+  dontBuild = true;
+
+  installPhase = ''
+    mkdir -p $out/lib
+    cp ${MacOSX-SDK}/usr/lib/libnetwork* $out/lib
+  '';
+
+  passthru = {
+    tbdRewrites = {
+      const."/usr/lib/libnetwork.dylib" = "${self}/lib/libnetwork.dylib";
+    };
+  };
+}; in self
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix
new file mode 100644
index 00000000000..63ef2a1c263
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/libobjc.nix
@@ -0,0 +1,21 @@
+{ stdenvNoCC, MacOSX-SDK, libcharset }:
+
+let self = stdenvNoCC.mkDerivation {
+  pname = "libobjc";
+  version = MacOSX-SDK.version;
+
+  dontUnpack = true;
+  dontBuild = true;
+
+  installPhase = ''
+    mkdir -p $out/{include,lib}
+    cp -r ${MacOSX-SDK}/usr/include/objc $out/include
+    cp ${MacOSX-SDK}/usr/lib/libobjc* $out/lib
+  '';
+
+  passthru = {
+    tbdRewrites = {
+      const."/usr/lib/libobjc.A.dylib" = "${self}/lib/libobjc.A.dylib";
+    };
+  };
+}; in self
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/libunwind.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/libunwind.nix
new file mode 100644
index 00000000000..885780eba75
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/libunwind.nix
@@ -0,0 +1,24 @@
+{ stdenvNoCC, buildPackages, MacOSX-SDK }:
+
+stdenvNoCC.mkDerivation {
+  pname = "libunwind";
+  version = MacOSX-SDK.version;
+
+  dontUnpack = true;
+  dontBuild = true;
+
+  nativeBuildInputs = [ buildPackages.darwin.checkReexportsHook ];
+
+  installPhase = ''
+    mkdir -p $out/include/mach-o
+
+    cp \
+      ${MacOSX-SDK}/usr/include/libunwind.h \
+      ${MacOSX-SDK}/usr/include/unwind.h \
+      $out/include
+
+    cp \
+      ${MacOSX-SDK}/usr/include/mach-o/compact_unwind_encoding.h \
+      $out/include/mach-o
+  '';
+}
diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/private-frameworks.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/private-frameworks.nix
new file mode 100644
index 00000000000..b8786ec92f6
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-sdk-11.0/private-frameworks.nix
@@ -0,0 +1,21 @@
+{ frameworks }: with frameworks;
+# generated by hand to avoid exposing all private frameworks
+# frameworks here are only the necessary ones used by public frameworks.
+{
+  AVFCapture = {};
+  AVFCore = {};
+  AddressBookCore = { inherit ContactsPersistence; };
+  AudioToolboxCore = {};
+  ContactsPersistence = {};
+  UIFoundation = {};
+  GameCenterFoundation = {};
+  GameCenterUI = {};
+  GameCenterUICore = {};
+  URLFormatting = {};
+  SignpostMetrics = {};
+  PassKitCore = {};
+  SkyLight = {};
+
+  # Also expose CoreSymbolication; used by `root` package.
+  CoreSymbolication = {};
+}
diff --git a/pkgs/os-specific/darwin/apple-sdk/cf-setup-hook.sh b/pkgs/os-specific/darwin/apple-sdk/cf-setup-hook.sh
index 86c241cd0f5..bbf9625e655 100644
--- a/pkgs/os-specific/darwin/apple-sdk/cf-setup-hook.sh
+++ b/pkgs/os-specific/darwin/apple-sdk/cf-setup-hook.sh
@@ -3,7 +3,7 @@ linkSystemCoreFoundationFramework() {
   # gross! many symbols (such as _OBJC_CLASS_$_NSArray) are defined in system CF, but not
   # in the opensource release
   # if the package needs private headers, we assume they also want to link with system CF
-  NIX_LDFLAGS+=" /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation"
+  NIX_LDFLAGS+=" @out@/Library/Frameworks/CoreFoundation.framework/CoreFoundation"
 }
 
 preConfigureHooks+=(linkSystemCoreFoundationFramework)
diff --git a/pkgs/os-specific/darwin/apple-sdk/default.nix b/pkgs/os-specific/darwin/apple-sdk/default.nix
index 89c13d0b92d..56b77fbf214 100644
--- a/pkgs/os-specific/darwin/apple-sdk/default.nix
+++ b/pkgs/os-specific/darwin/apple-sdk/default.nix
@@ -1,15 +1,10 @@
-{ stdenv, fetchurl, xar, cpio, pkgs, python3, pbzx, lib }:
-
-let version = "10.12"; in
-
-# Ensure appleSdkVersion is up to date.
-assert stdenv.isDarwin -> stdenv.appleSdkVersion == version;
+{ stdenv, fetchurl, xar, cpio, pkgs, python3, pbzx, lib, darwin-stubs, print-reexports }:
 
 let
   # sadly needs to be exported because security_tool needs it
   sdk = stdenv.mkDerivation rec {
     pname = "MacOS_SDK";
-    inherit version;
+    version = "10.12";
 
     # This URL comes from https://swscan.apple.com/content/catalogs/others/index-10.12.merged-1.sucatalog, which we found by:
     #  1. Google: site:swscan.apple.com and look for a name that seems appropriate for your version
@@ -42,17 +37,28 @@ let
       rmdir System
 
       pushd lib
-      ln -s -L /usr/lib/libcups*.dylib .
+      cp ${darwin-stubs}/usr/lib/libcups*.tbd .
+      ln -s libcups.2.tbd      libcups.tbd
+      ln -s libcupscgi.1.tbd   libcupscgi.tbd
+      ln -s libcupsimage.2.tbd libcupsimage.tbd
+      ln -s libcupsmime.1.tbd  libcupsmime.tbd
+      ln -s libcupsppdc.1.tbd  libcupsppdc.tbd
       popd
     '';
 
-    meta = with stdenv.lib; {
+    meta = with lib; {
       description = "Apple SDK ${version}";
       maintainers = with maintainers; [ copumpkin ];
       platforms   = platforms.darwin;
     };
   };
 
+  mkFrameworkSubs = name: deps:
+  let
+    deps' = deps // { "${name}" = placeholder "out"; };
+    substArgs = lib.concatMap (x: [ "--subst-var-by" x deps'."${x}" ]) (lib.attrNames deps');
+  in lib.escapeShellArgs substArgs;
+
   framework = name: deps: stdenv.mkDerivation {
     name = "apple-framework-${name}";
 
@@ -63,11 +69,14 @@ let
 
     disallowedRequisites = [ sdk ];
 
+    nativeBuildInputs = [ print-reexports ];
+
+    extraTBDFiles = [];
+
     installPhase = ''
       linkFramework() {
         local path="$1"
         local nested_path="$1"
-        local dest="$out/Library/Frameworks/$path"
         if [ "$path" == "JavaNativeFoundation.framework" ]; then
           local nested_path="JavaVM.framework/Versions/A/Frameworks/JavaNativeFoundation.framework"
         fi
@@ -80,21 +89,29 @@ let
           current=A
         fi
 
-        mkdir -p "$dest"
-        pushd "$dest" >/dev/null
+        local dest="$out/Library/Frameworks/$path"
 
-        # Keep track of if this is a child or a child rescue as with
-        # ApplicationServices in the 10.9 SDK
-        local isChild=0
+        mkdir -p "$dest/Versions/$current"
+        pushd "$dest/Versions/$current" >/dev/null
 
         if [ -d "${sdk.out}/Library/Frameworks/$nested_path/Versions/$current/Headers" ]; then
-          isChild=1
           cp -R "${sdk.out}/Library/Frameworks/$nested_path/Versions/$current/Headers" .
         elif [ -d "${sdk.out}/Library/Frameworks/$name.framework/Versions/$current/Headers" ]; then
           current="$(readlink "/System/Library/Frameworks/$name.framework/Versions/Current")"
           cp -R "${sdk.out}/Library/Frameworks/$name.framework/Versions/$current/Headers" .
         fi
-        ln -s -L "/System/Library/Frameworks/$nested_path/Versions/$current/$name"
+
+        local tbd_source=${darwin-stubs}/System/Library/Frameworks/$nested_path/Versions/$current
+        if [ "${name}" != "Kernel" ]; then
+          # The Kernel.framework has headers but no actual library component.
+          cp -v $tbd_source/*.tbd .
+        fi
+
+        if [ -d "$tbd_source/Libraries" ]; then
+          mkdir Libraries
+          cp -v $tbd_source/Libraries/*.tbd Libraries/
+        fi
+
         ln -s -L "/System/Library/Frameworks/$nested_path/Versions/$current/Resources"
 
         if [ -f "/System/Library/Frameworks/$nested_path/module.map" ]; then
@@ -110,35 +127,88 @@ let
           linkFramework "$childpath"
         done
 
-        if [ -d "$dest/Versions/$current" ]; then
-          mv $dest/Versions/$current/* .
-        fi
+        pushd ../.. >/dev/null
+        ln -s "$current" Versions/Current
+        ln -s Versions/Current/* .
+        popd >/dev/null
 
         popd >/dev/null
       }
 
       linkFramework "${name}.framework"
+
+      # linkFramework is recursive, the rest of the processing is not.
+
+      local tbd_source=${darwin-stubs}/System/Library/Frameworks/${name}.framework
+      for tbd in $extraTBDFiles; do
+        local tbd_dest_dir=$out/Library/Frameworks/${name}.framework/$(dirname "$tbd")
+        mkdir -p "$tbd_dest_dir"
+        cp -v "$tbd_source/$tbd" "$tbd_dest_dir"
+      done
+
+      # Fix and check tbd re-export references
+      find $out -name '*.tbd' | while read tbd; do
+        echo "Fixing re-exports in $tbd"
+        substituteInPlace "$tbd" ${mkFrameworkSubs name deps}
+
+        echo "Checking re-exports in $tbd"
+        print-reexports "$tbd" | while read target; do
+          local expected="''${target%.dylib}.tbd"
+          if ! [ -e "$expected" ]; then
+            echo -e "Re-export missing:\n\t$target\n\t(expected $expected)"
+            echo -e "While processing\n\t$tbd"
+            exit 1
+          else
+            echo "Re-exported target $target ok"
+          fi
+        done
+      done
     '';
 
-    propagatedBuildInputs = deps;
+    propagatedBuildInputs = builtins.attrValues deps;
 
     # don't use pure CF for dylibs that depend on frameworks
     setupHook = ./framework-setup-hook.sh;
 
     # Not going to be more specific than this for now
-    __propagatedImpureHostDeps = stdenv.lib.optionals (name != "Kernel") [
+    __propagatedImpureHostDeps = lib.optionals (name != "Kernel") [
       # The setup-hook ensures that everyone uses the impure CoreFoundation who uses these SDK frameworks, so let's expose it
       "/System/Library/Frameworks/CoreFoundation.framework"
       "/System/Library/Frameworks/${name}.framework"
       "/System/Library/Frameworks/${name}.framework/${name}"
     ];
 
-    meta = with stdenv.lib; {
+    meta = with lib; {
       description = "Apple SDK framework ${name}";
       maintainers = with maintainers; [ copumpkin ];
       platforms   = platforms.darwin;
     };
   };
+
+  tbdOnlyFramework = name: { private ? true }: stdenv.mkDerivation {
+    name = "apple-framework-${name}";
+    dontUnpack = true;
+    installPhase = ''
+      mkdir -p $out/Library/Frameworks/
+      cp -r ${darwin-stubs}/System/Library/${lib.optionalString private "Private"}Frameworks/${name}.framework \
+        $out/Library/Frameworks
+
+      cd $out/Library/Frameworks/${name}.framework
+
+      versions=(./Versions/*)
+      if [ "''${#versions[@]}" != 1 ]; then
+        echo "Unable to determine current version of framework ${name}"
+        exit 1
+      fi
+      current=$(basename ''${versions[0]})
+
+      chmod u+w -R .
+      ln -s "$current" Versions/Current
+      ln -s Versions/Current/* .
+
+      # NOTE there's no re-export checking here, this is probably wrong
+    '';
+  };
 in rec {
   libs = {
     xpc = stdenv.mkDerivation {
@@ -168,7 +238,8 @@ in rec {
       installPhase = ''
         mkdir -p $out/include $out/lib
         ln -s "${lib.getDev sdk}/include/Xplugin.h" $out/include/Xplugin.h
-        ln -s "/usr/lib/libXplugin.1.dylib" $out/lib/libXplugin.dylib
+        cp ${darwin-stubs}/usr/lib/libXplugin.1.tbd $out/lib
+        ln -s libXplugin.1.tbd $out/lib/libXplugin.tbd
       '';
     };
 
@@ -184,37 +255,57 @@ in rec {
         popd >/dev/null
       '';
     };
+
+    sandbox = stdenv.mkDerivation {
+      name = "apple-lib-sandbox";
+      dontUnpack = true;
+
+      installPhase = ''
+        mkdir -p $out/include $out/lib
+        ln -s "${lib.getDev sdk}/include/sandbox.h" $out/include/sandbox.h
+        cp "${darwin-stubs}/usr/lib/libsandbox.1.tbd" $out/lib
+        ln -s libsandbox.1.tbd $out/lib/libsandbox.tbd
+      '';
+    };
   };
 
   overrides = super: {
-    AppKit = stdenv.lib.overrideDerivation super.AppKit (drv: {
+    AppKit = lib.overrideDerivation super.AppKit (drv: {
       __propagatedImpureHostDeps = drv.__propagatedImpureHostDeps ++ [
         "/System/Library/PrivateFrameworks/"
       ];
     });
 
-    CoreFoundation = stdenv.lib.overrideDerivation super.CoreFoundation (drv: {
+    Carbon = lib.overrideDerivation super.Carbon (drv: {
+      extraTBDFiles = [ "Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering.tbd" ];
+    });
+
+    CoreFoundation = lib.overrideDerivation super.CoreFoundation (drv: {
       setupHook = ./cf-setup-hook.sh;
     });
 
-    CoreMedia = stdenv.lib.overrideDerivation super.CoreMedia (drv: {
+    CoreMedia = lib.overrideDerivation super.CoreMedia (drv: {
       __propagatedImpureHostDeps = drv.__propagatedImpureHostDeps ++ [
         "/System/Library/Frameworks/CoreImage.framework"
       ];
     });
 
-    CoreMIDI = stdenv.lib.overrideDerivation super.CoreMIDI (drv: {
+    CoreMIDI = lib.overrideDerivation super.CoreMIDI (drv: {
       __propagatedImpureHostDeps = drv.__propagatedImpureHostDeps ++ [
         "/System/Library/PrivateFrameworks/"
       ];
       setupHook = ./private-frameworks-setup-hook.sh;
     });
 
-    Security = stdenv.lib.overrideDerivation super.Security (drv: {
+    IMServicePlugIn = lib.overrideDerivation super.IMServicePlugIn (drv: {
+      extraTBDFiles = [ "Versions/A/Frameworks/IMServicePlugInSupport.framework/Versions/A/IMServicePlugInSupport.tbd" ];
+    });
+
+    Security = lib.overrideDerivation super.Security (drv: {
       setupHook = ./security-setup-hook.sh;
     });
 
-    QuartzCore = stdenv.lib.overrideDerivation super.QuartzCore (drv: {
+    QuartzCore = lib.overrideDerivation super.QuartzCore (drv: {
       installPhase = drv.installPhase + ''
         f="$out/Library/Frameworks/QuartzCore.framework/Headers/CoreImage.h"
         substituteInPlace "$f" \
@@ -222,15 +313,22 @@ in rec {
       '';
     });
 
-    MetalKit = stdenv.lib.overrideDerivation super.MetalKit (drv: {
+    MetalKit = lib.overrideDerivation super.MetalKit (drv: {
       installPhase = drv.installPhase + ''
         mkdir -p $out/include/simd
         cp ${lib.getDev sdk}/include/simd/*.h $out/include/simd/
       '';
     });
-  };
 
-  bareFrameworks = stdenv.lib.mapAttrs framework (import ./frameworks.nix {
+    WebKit = lib.overrideDerivation super.WebKit (drv: {
+      extraTBDFiles = [
+        "Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore.tbd"
+        "Versions/A/Frameworks/WebKitLegacy.framework/Versions/A/WebKitLegacy.tbd"
+      ];
+    });
+  } // lib.genAttrs [ "ContactsPersistence" "CoreSymbolication" "GameCenter" "SkyLight" "UIFoundation" ] (x: tbdOnlyFramework x {});
+
+  bareFrameworks = lib.mapAttrs framework (import ./frameworks.nix {
     inherit frameworks libs;
     inherit (pkgs.darwin) libobjc;
   });
diff --git a/pkgs/os-specific/darwin/apple-sdk/frameworks.nix b/pkgs/os-specific/darwin/apple-sdk/frameworks.nix
index 02e2421f347..d3b00e6a6a6 100644
--- a/pkgs/os-specific/darwin/apple-sdk/frameworks.nix
+++ b/pkgs/os-specific/darwin/apple-sdk/frameworks.nix
@@ -5,123 +5,125 @@
 { frameworks, libs, libobjc, }:
 
 with frameworks; with libs; {
-  AGL                     = [ Carbon OpenGL ];
-  AVFoundation            = [ ApplicationServices CoreGraphics ];
-  AVKit                   = [];
-  Accounts                = [];
-  AddressBook             = [ Carbon ];
-  AppKit                  = [ AudioToolbox AudioUnit Foundation QuartzCore ];
-  AppKitScripting         = [];
-  AppleScriptKit          = [];
-  AppleScriptObjC         = [];
-  AudioToolbox            = [ CoreAudio CoreMIDI ];
-  AudioUnit               = [ AudioToolbox Carbon CoreAudio ];
-  AudioVideoBridging      = [ Foundation ];
-  Automator               = [];
-  CFNetwork               = [];
-  CalendarStore           = [];
-  Cocoa                   = [ AppKit ];
-  Collaboration           = [];
+  AGL                     = { inherit Carbon OpenGL; };
+  AVFoundation            = { inherit ApplicationServices CoreGraphics CoreMedia MediaToolbox; };
+  AVKit                   = {};
+  Accounts                = {};
+  AddressBook             = { inherit libobjc Carbon ContactsPersistence; };
+  AppKit                  = { inherit ApplicationServices AudioToolbox AudioUnit Foundation QuartzCore UIFoundation; };
+  AppKitScripting         = {};
+  AppleScriptKit          = {};
+  AppleScriptObjC         = {};
+  AudioToolbox            = { inherit CoreAudio CoreMIDI; };
+  AudioUnit               = { inherit AudioToolbox Carbon CoreAudio; };
+  AudioVideoBridging      = { inherit Foundation; };
+  Automator               = {};
+  CFNetwork               = {};
+  CalendarStore           = {};
+  Cocoa                   = { inherit AppKit CoreData; };
+  Collaboration           = {};
   # Impure version of CoreFoundation, this should not be used unless another
   # framework includes headers that are not available in the pure version.
-  CoreFoundation          = [];
-  CoreAudio               = [ IOKit ];
-  CoreAudioKit            = [ AudioUnit ];
-  CoreData                = [];
-  CoreGraphics            = [ Accelerate IOKit IOSurface SystemConfiguration ];
-  CoreImage               = [];
-  CoreLocation            = [];
-  CoreMIDI                = [];
-  CoreMIDIServer          = [];
-  CoreMedia               = [ ApplicationServices AudioToolbox AudioUnit CoreAudio CoreGraphics CoreVideo ];
-  CoreMediaIO             = [ CoreMedia ];
-  CoreText                = [ CoreGraphics ];
-  CoreVideo               = [ ApplicationServices CoreGraphics IOSurface OpenGL ];
-  CoreWLAN                = [ SecurityFoundation ];
-  DVDPlayback             = [];
-  DirectoryService        = [];
-  DiscRecording           = [ CoreServices IOKit ];
-  DiscRecordingUI         = [];
-  DiskArbitration         = [ IOKit ];
-  EventKit                = [];
-  ExceptionHandling       = [];
-  FWAUserLib              = [];
-  ForceFeedback           = [ IOKit ];
-  Foundation              = [ libobjc CoreFoundation Security ApplicationServices SystemConfiguration ];
-  GLKit                   = [];
-  GLUT                    = [ OpenGL ];
-  GSS                     = [];
-  GameController          = [];
-  GameKit                 = [ Foundation ];
-  Hypervisor              = [];
-  ICADevices              = [ Carbon IOBluetooth ];
-  IMServicePlugIn         = [];
-  IOBluetoothUI           = [ IOBluetooth ];
-  IOKit                   = [];
-  IOSurface               = [ IOKit xpc ];
-  ImageCaptureCore        = [];
-  ImageIO                 = [ CoreGraphics ];
-  InputMethodKit          = [ Carbon ];
-  InstallerPlugins        = [];
-  InstantMessage          = [];
-  JavaFrameEmbedding      = [];
-  JavaNativeFoundation    = [];
-  JavaRuntimeSupport      = [];
-  JavaScriptCore          = [];
-  Kerberos                = [];
-  Kernel                  = [ IOKit ];
-  LDAP                    = [];
-  LatentSemanticMapping   = [ Carbon ];
-  LocalAuthentication     = [];
-  MapKit                  = [];
-  MediaAccessibility      = [ CoreGraphics CoreText QuartzCore ];
-  MediaPlayer             = [];
-  MediaToolbox            = [ AudioToolbox AudioUnit CoreMedia ];
-  Metal                   = [];
-  MetalKit                = [ ModelIO Metal ];
-  ModelIO                 = [ ];
-  NetFS                   = [];
-  OSAKit                  = [ Carbon ];
-  OpenAL                  = [];
-  OpenCL                  = [ IOSurface OpenGL ];
-  OpenGL                  = [];
-  PCSC                    = [ CoreData ];
-  PreferencePanes         = [];
-  PubSub                  = [];
-  QTKit                   = [ CoreMediaIO CoreMedia MediaToolbox QuickTime VideoToolbox ];
-  QuickLook               = [ ApplicationServices ];
-  SceneKit                = [];
-  ScreenSaver             = [];
-  Scripting               = [];
-  ScriptingBridge         = [];
-  Security                = [ IOKit ];
-  SecurityFoundation      = [];
-  SecurityInterface       = [ Security ];
-  ServiceManagement       = [ Security ];
-  Social                  = [];
-  SpriteKit               = [];
-  StoreKit                = [];
-  SyncServices            = [];
-  SystemConfiguration     = [ Security ];
-  TWAIN                   = [ Carbon ];
-  Tcl                     = [];
-  VideoDecodeAcceleration = [ CoreVideo ];
-  VideoToolbox            = [ CoreMedia CoreVideo ];
-  WebKit                  = [ ApplicationServices Carbon JavaScriptCore OpenGL ];
+  CoreFoundation          = {};
+  CoreAudio               = { inherit IOKit; };
+  CoreAudioKit            = { inherit AudioUnit; };
+  CoreData                = {};
+  CoreGraphics            = { inherit Accelerate IOKit IOSurface SystemConfiguration; };
+  CoreImage               = {};
+  CoreLocation            = {};
+  CoreMIDI                = {};
+  CoreMIDIServer          = { inherit CoreMIDI; };
+  CoreMedia               = { inherit ApplicationServices AudioToolbox AudioUnit CoreAudio CoreGraphics CoreVideo; };
+  CoreMediaIO             = { inherit CoreMedia; };
+  CoreText                = { inherit CoreGraphics; };
+  CoreVideo               = { inherit ApplicationServices CoreGraphics IOSurface OpenGL; };
+  CoreWLAN                = { inherit SecurityFoundation; };
+  DVDPlayback             = {};
+  DirectoryService        = {};
+  DiscRecording           = { inherit libobjc CoreServices IOKit; };
+  DiscRecordingUI         = {};
+  DiskArbitration         = { inherit IOKit; };
+  EventKit                = {};
+  ExceptionHandling       = {};
+  FWAUserLib              = {};
+  ForceFeedback           = { inherit IOKit; };
+  Foundation              = { inherit libobjc CoreFoundation Security ApplicationServices SystemConfiguration; };
+  GLKit                   = {};
+  GLUT                    = { inherit OpenGL; };
+  GSS                     = {};
+  GameCenter              = {};
+  GameController          = {};
+  GameKit                 = { inherit Cocoa Foundation GameCenter GameController GameplayKit Metal MetalKit ModelIO SceneKit SpriteKit; };
+  GameplayKit             = {};
+  Hypervisor              = {};
+  ICADevices              = { inherit libobjc Carbon IOBluetooth; };
+  IMServicePlugIn         = {};
+  IOBluetoothUI           = { inherit IOBluetooth; };
+  IOKit                   = {};
+  IOSurface               = { inherit IOKit xpc; };
+  ImageCaptureCore        = {};
+  ImageIO                 = { inherit CoreGraphics; };
+  InputMethodKit          = { inherit Carbon; };
+  InstallerPlugins        = {};
+  InstantMessage          = {};
+  JavaFrameEmbedding      = {};
+  JavaNativeFoundation    = {};
+  JavaRuntimeSupport      = {};
+  JavaScriptCore          = { inherit libobjc; };
+  Kerberos                = {};
+  Kernel                  = { inherit IOKit; };
+  LDAP                    = {};
+  LatentSemanticMapping   = { inherit Carbon; };
+  LocalAuthentication     = {};
+  MapKit                  = {};
+  MediaAccessibility      = { inherit CoreGraphics CoreText QuartzCore; };
+  MediaPlayer             = {};
+  MediaToolbox            = { inherit AudioToolbox AudioUnit CoreMedia; };
+  Metal                   = {};
+  MetalKit                = { inherit ModelIO Metal; };
+  ModelIO                 = {};
+  NetFS                   = {};
+  OSAKit                  = { inherit Carbon; };
+  OpenAL                  = {};
+  OpenCL                  = { inherit IOSurface OpenGL; };
+  OpenGL                  = {};
+  PCSC                    = { inherit CoreData; };
+  PreferencePanes         = {};
+  PubSub                  = {};
+  QTKit                   = { inherit CoreMediaIO CoreMedia MediaToolbox QuickTime VideoToolbox; };
+  QuickLook               = { inherit ApplicationServices; };
+  SceneKit                = {};
+  ScreenSaver             = {};
+  Scripting               = {};
+  ScriptingBridge         = {};
+  Security                = { inherit IOKit; };
+  SecurityFoundation      = {};
+  SecurityInterface       = { inherit Security SecurityFoundation; };
+  ServiceManagement       = { inherit Security; };
+  Social                  = {};
+  SpriteKit               = {};
+  StoreKit                = {};
+  SyncServices            = {};
+  SystemConfiguration     = { inherit Security; };
+  TWAIN                   = { inherit Carbon; };
+  Tcl                     = {};
+  VideoDecodeAcceleration = { inherit CoreVideo; };
+  VideoToolbox            = { inherit CoreMedia CoreVideo; };
+  WebKit                  = { inherit libobjc ApplicationServices Carbon JavaScriptCore OpenGL; };
 
   # Umbrellas
-  Accelerate          = [ CoreWLAN IOBluetooth ];
-  ApplicationServices = [ CoreServices CoreText ImageIO ];
-  Carbon              = [ ApplicationServices CoreServices Foundation IOKit Security QuartzCore ];
-  CoreBluetooth       = [];
+  Accelerate          = { inherit CoreWLAN IOBluetooth; };
+  ApplicationServices = { inherit CoreGraphics CoreServices CoreText ImageIO; };
+  Carbon              = { inherit libobjc ApplicationServices CoreServices Foundation IOKit Security QuartzCore; };
+  CoreBluetooth       = {};
   # TODO: figure out which part of the umbrella depends on CoreFoundation and move it there.
-  CoreServices        = [ CFNetwork CoreFoundation CoreAudio CoreData DiskArbitration Security NetFS OpenDirectory ServiceManagement ];
-  IOBluetooth         = [ IOKit ];
-  JavaVM              = [];
-  OpenDirectory       = [];
-  Quartz              = [ QuickLook QTKit ];
-  QuartzCore          = [ ApplicationServices CoreVideo OpenCL CoreImage Metal ];
-  QuickTime           = [ ApplicationServices AudioUnit Carbon CoreAudio CoreServices OpenGL QuartzCore ];
+  CoreServices        = { inherit CFNetwork CoreFoundation CoreAudio CoreData DiskArbitration Security NetFS OpenDirectory ServiceManagement; };
+  IOBluetooth         = { inherit CoreBluetooth IOKit; };
+  JavaVM              = {};
+  OpenDirectory       = {};
+  Quartz              = { inherit QuartzCore QuickLook QTKit; };
+  QuartzCore          = { inherit libobjc ApplicationServices CoreVideo OpenCL CoreImage Metal; };
+  QuickTime           = { inherit ApplicationServices AudioUnit Carbon CoreAudio CoreServices OpenGL QuartzCore; };
 
-  vmnet = [];
+  vmnet = {};
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix
index 5c6d54aeb9c..25e1df3773d 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, appleDerivation }:
+{ lib, appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   dontBuild = true;
 
   installPhase = ''
@@ -12,7 +12,7 @@ appleDerivation {
       --replace "CarbonCore/" ""
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     maintainers = with maintainers; [ copumpkin ];
     platforms   = platforms.darwin;
     license     = licenses.apsl20;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix
index ad51f1df2bc..36013fe307c 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix
@@ -1,12 +1,40 @@
-{ stdenv, appleDerivation }:
+{ lib, appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     mkdir -p $out/include/CommonCrypto
     cp include/* $out/include/CommonCrypto
   '';
 
-  meta = with stdenv.lib; {
+  appleHeaders = ''
+    CommonCrypto/CommonBaseXX.h
+    CommonCrypto/CommonBigNum.h
+    CommonCrypto/CommonCMACSPI.h
+    CommonCrypto/CommonCRC.h
+    CommonCrypto/CommonCrypto.h
+    CommonCrypto/CommonCryptoError.h
+    CommonCrypto/CommonCryptoPriv.h
+    CommonCrypto/CommonCryptor.h
+    CommonCrypto/CommonCryptorSPI.h
+    CommonCrypto/CommonDH.h
+    CommonCrypto/CommonDigest.h
+    CommonCrypto/CommonDigestSPI.h
+    CommonCrypto/CommonECCryptor.h
+    CommonCrypto/CommonHMAC.h
+    CommonCrypto/CommonHMacSPI.h
+    CommonCrypto/CommonKeyDerivation.h
+    CommonCrypto/CommonKeyDerivationSPI.h
+    CommonCrypto/CommonNumerics.h
+    CommonCrypto/CommonRSACryptor.h
+    CommonCrypto/CommonRandom.h
+    CommonCrypto/CommonRandomSPI.h
+    CommonCrypto/CommonSymmetricKeywrap.h
+    CommonCrypto/aes.h
+    CommonCrypto/lionCompat.h
+    CommonCrypto/module.modulemap
+  '';
+
+  meta = with lib; {
     maintainers = with maintainers; [ copumpkin ];
     platforms   = platforms.darwin;
     license     = licenses.apsl20;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Csu/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Csu/default.nix
index 7fd32a64fe5..ac09a282f51 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Csu/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Csu/default.nix
@@ -1,13 +1,14 @@
-{ stdenv, appleDerivation }:
+{ lib, appleDerivation', stdenv }:
+
+appleDerivation' stdenv {
 
-appleDerivation {
   prePatch = ''
     substituteInPlace Makefile \
       --replace /usr/lib /lib \
       --replace /usr/local/lib /lib \
       --replace /usr/bin "" \
       --replace /bin/ "" \
-      --replace "CC = " "CC = cc #" \
+      --replace "CC = " "#" \
       --replace "SDK_DIR = " "SDK_DIR = . #" \
 
     # Mac OS didn't support rpaths back before 10.5, but we don't care about it.
@@ -18,7 +19,7 @@ appleDerivation {
 
   installFlags = [ "DSTROOT=$(out)" ];
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Apple's common startup stubs for darwin";
     maintainers = with maintainers; [ copumpkin ];
     platforms   = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/ICU/clang-5.patch b/pkgs/os-specific/darwin/apple-source-releases/ICU/clang-5.patch
deleted file mode 100644
index fd9df812940..00000000000
--- a/pkgs/os-specific/darwin/apple-source-releases/ICU/clang-5.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/icuSources/i18n/ucoleitr.cpp b/icuSources/i18n/ucoleitr.cpp
-index ecc94c9..936452f 100644
---- a/icuSources/i18n/ucoleitr.cpp
-+++ b/icuSources/i18n/ucoleitr.cpp
-@@ -320,7 +320,7 @@ ucol_nextProcessed(UCollationElements *elems,
-                    int32_t            *ixHigh,
-                    UErrorCode         *status)
- {
--    return (UCollationPCE::UCollationPCE(elems)).nextProcessed(ixLow, ixHigh, status);
-+    return (UCollationPCE(elems)).nextProcessed(ixLow, ixHigh, status);
- }
-
-
-@@ -384,7 +384,7 @@ ucol_previousProcessed(UCollationElements *elems,
-                    int32_t            *ixHigh,
-                    UErrorCode         *status)
- {
--    return (UCollationPCE::UCollationPCE(elems)).previousProcessed(ixLow, ixHigh, status);
-+    return (UCollationPCE(elems)).previousProcessed(ixLow, ixHigh, status);
- }
-
- U_NAMESPACE_BEGIN
diff --git a/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix b/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix
index 761ff3ea925..cdebfe6d2f7 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix
@@ -1,23 +1,86 @@
-{ appleDerivation }:
+{ appleDerivation, lib, stdenv, buildPackages, python3 }:
+
+let
+  formatVersionNumeric = version:
+    let
+      versionParts = lib.versions.splitVersion version;
+      major = lib.toInt (lib.elemAt versionParts 0);
+      minor = lib.toInt (lib.elemAt versionParts 1);
+      patch = if lib.length versionParts > 2 then lib.toInt (lib.elemAt versionParts 2) else 0;
+    in toString (major * 10000 + minor * 100 + patch);
+in
 
 appleDerivation {
-  patches = [ ./clang-5.patch ];
+  nativeBuildInputs = [ python3 ];
+
+  depsBuildBuild = lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [ buildPackages.stdenv.cc ];
 
   postPatch = ''
     substituteInPlace makefile \
-      --replace /usr/bin/ "" \
-      --replace '$(ISYSROOT)' "" \
-      --replace 'shell xcodebuild -version -sdk' 'shell true' \
-      --replace 'shell xcrun -sdk $(SDKPATH) -find' 'shell echo' \
-      --replace '-install_name $(libdir)' "-install_name $out/lib/" \
-      --replace /usr/local/bin/ /bin/ \
-      --replace /usr/lib/ /lib/ \
+      --replace "/usr/bin/" "" \
+      --replace "xcrun --sdk macosx --find" "echo -n" \
+      --replace "xcrun --sdk macosx.internal --show-sdk-path" "echo -n /dev/null" \
+      --replace "-install_name " "-install_name $out"
+
+    substituteInPlace icuSources/config/mh-darwin \
+      --replace "-install_name " "-install_name $out/"
+
+    # drop using impure /var/db/timezone/icutz
+    substituteInPlace makefile \
+      --replace '-DU_TIMEZONE_FILES_DIR=\"\\\"$(TZDATA_LOOKUP_DIR)\\\"\" -DU_TIMEZONE_PACKAGE=\"\\\"$(TZDATA_PACKAGE)\\\"\"' ""
+
+    # FIXME: This will cause `ld: warning: OS version (12.0) too small, changing to 13.0.0`, APPLE should fix it.
+    substituteInPlace makefile \
+      --replace "ZIPPERING_LDFLAGS=-Wl,-iosmac_version_min,12.0" "ZIPPERING_LDFLAGS="
+
+    # skip test for missing encodingSamples data
+    substituteInPlace icuSources/test/cintltst/ucsdetst.c \
+      --replace "&TestMailFilterCSS" "NULL"
+
+    patchShebangs icuSources
+  '' + lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
+
+    # This looks like a bug in the makefile. It defines ENV_BUILDHOST to
+    # propagate the correct value of CC, CXX, etc, but has the following double
+    # expansion that results in the empty string.
+    substituteInPlace makefile \
+      --replace '$($(ENV_BUILDHOST))' '$(ENV_BUILDHOST)'
   '';
 
-  makeFlags = [ "DSTROOT=$(out)" ];
+  # APPLE is using makefile to save its default configuration and call ./configure, so we hack makeFlags
+  # instead of configuring ourself, trying to stay abreast of APPLE.
+  dontConfigure = true;
+  makeFlags = [
+    "DSTROOT=$(out)"
+
+    # remove /usr prefix on include and lib
+    "PRIVATE_HDR_PREFIX="
+    "libdir=/lib/"
+
+    "DATA_INSTALL_DIR=/share/icu/"
+    "DATA_LOOKUP_DIR=$(DSTROOT)$(DATA_INSTALL_DIR)"
+  ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ # darwin* platform properties are only defined on darwin
+    # hack to use our lower macos version
+    "MAC_OS_X_VERSION_MIN_REQUIRED=${formatVersionNumeric stdenv.hostPlatform.darwinMinVersion}"
+    "ICU_TARGET_VERSION=-m${stdenv.hostPlatform.darwinPlatform}-version-min=${stdenv.hostPlatform.darwinMinVersion}"
+  ]
+  ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
+    "CROSS_BUILD=YES"
+    "BUILD_TYPE="
+    "RC_ARCHS=${stdenv.hostPlatform.darwinArch}"
+    "HOSTCC=cc"
+    "HOSTCXX=c++"
+    "CC=${stdenv.cc.targetPrefix}cc"
+    "CXX=${stdenv.cc.targetPrefix}c++"
+    "HOSTISYSROOT="
+    "OSX_HOST_VERSION_MIN_STRING=${stdenv.buildPlatform.darwinMinVersion}"
+  ];
+
+  doCheck = true;
+  checkTarget = "check";
 
   postInstall = ''
-    mv $out/usr/local/include $out/include
+    # we don't need all those in usr/local
     rm -rf $out/usr
   '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix b/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix
index 4b82209f176..085d223bd04 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/IOKit/default.nix
@@ -1,8 +1,8 @@
-{ stdenv, appleDerivation, IOKitSrcs, xnu }:
+{ lib, appleDerivation', stdenv, IOKitSrcs, xnu, darwin-stubs }:
 
 # Someday it'll make sense to split these out into their own packages, but today is not that day.
-appleDerivation {
-  srcs = stdenv.lib.attrValues IOKitSrcs;
+appleDerivation' stdenv {
+  srcs = lib.attrValues IOKitSrcs;
   sourceRoot = ".";
 
   phases = [ "unpackPhase" "installPhase" ];
@@ -14,12 +14,15 @@ appleDerivation {
   ];
 
   installPhase = ''
-    ###### IMPURITIES
     mkdir -p $out/Library/Frameworks/IOKit.framework
-    pushd $out/Library/Frameworks/IOKit.framework
-    ln -s /System/Library/Frameworks/IOKit.framework/IOKit
-    ln -s /System/Library/Frameworks/IOKit.framework/Resources
-    popd
+
+    ###### IMPURITIES
+    ln -s /System/Library/Frameworks/IOKit.framework/Resources \
+      $out/Library/Frameworks/IOKit.framework
+
+    ###### STUBS
+    cp ${darwin-stubs}/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit.tbd \
+      $out/Library/Frameworks/IOKit.framework
 
     ###### HEADERS
 
@@ -179,7 +182,7 @@ appleDerivation {
     # video: missing altogether
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     maintainers = with maintainers; [ joelteon copumpkin ];
     platforms   = platforms.darwin;
     license     = licenses.apsl20;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix b/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix
index 29aa3d64cb0..c9202b53658 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix
@@ -1,6 +1,6 @@
-{ appleDerivation, ed, unifdef }:
+{ appleDerivation', stdenvNoCC, ed, unifdef }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   nativeBuildInputs = [ ed unifdef ];
 
   installPhase = ''
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix
index 6ebb470145d..9bec0b103c9 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation, ed, unifdef, Libc_old, Libc_10-9 }:
+{ appleDerivation', stdenvNoCC, ed, unifdef, Libc_old, Libc_10-9 }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   nativeBuildInputs = [ ed unifdef ];
 
   # TODO: asl.h actually comes from syslog project now
@@ -29,4 +29,6 @@ appleDerivation {
     cp ${Libc_old}/include/libkern/OSAtomic.h       $out/include/libkern
     cp ${Libc_old}/include/libkern/OSCacheControl.h $out/include/libkern
   '';
+
+  appleHeaders = builtins.readFile ./headers.txt;
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libc/headers.txt b/pkgs/os-specific/darwin/apple-source-releases/Libc/headers.txt
new file mode 100644
index 00000000000..ea62e31dc78
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libc/headers.txt
@@ -0,0 +1,138 @@
+CrashReporterClient.h
+NSSystemDirectories.h
+_locale.h
+_types.h
+_types/_intmax_t.h
+_types/_nl_item.h
+_types/_uint16_t.h
+_types/_uint32_t.h
+_types/_uint64_t.h
+_types/_uint8_t.h
+_types/_uintmax_t.h
+_types/_wctrans_t.h
+_types/_wctype_t.h
+_wctype.h
+_xlocale.h
+aio.h
+alloca.h
+ar.h
+arpa/ftp.h
+arpa/inet.h
+arpa/nameser_compat.h
+arpa/telnet.h
+arpa/tftp.h
+asl.h
+assert.h
+bitstring.h
+cpio.h
+crt_externs.h
+ctype.h
+db.h
+dirent.h
+disktab.h
+err.h
+errno.h
+execinfo.h
+fcntl.h
+fmtmsg.h
+fnmatch.h
+fsproperties.h
+fstab.h
+fts.h
+ftw.h
+get_compat.h
+getopt.h
+glob.h
+inttypes.h
+iso646.h
+langinfo.h
+libc.h
+libc_private.h
+libgen.h
+libkern/OSAtomic.h
+libkern/OSCacheControl.h
+libproc.h
+limits.h
+locale.h
+malloc/malloc.h
+memory.h
+monetary.h
+monitor.h
+mpool.h
+msgcat.h
+ndbm.h
+nl_types.h
+nlist.h
+os/assumes.h
+os/debug_private.h
+paths.h
+poll.h
+printf.h
+protocols/routed.h
+protocols/rwhod.h
+protocols/talkd.h
+protocols/timed.h
+pthread.h
+pthread_impl.h
+pthread_spis.h
+pthread_workqueue.h
+ranlib.h
+readpassphrase.h
+regex.h
+runetype.h
+sched.h
+search.h
+secure/_common.h
+secure/_stdio.h
+secure/_string.h
+semaphore.h
+setjmp.h
+sgtty.h
+signal.h
+spawn.h
+stab.h
+standards.h
+stddef.h
+stdint.h
+stdio.h
+stdlib.h
+strhash.h
+string.h
+stringlist.h
+strings.h
+struct.h
+sys/acl.h
+sys/rbtree.h
+sys/statvfs.h
+sysexits.h
+syslog.h
+tar.h
+termios.h
+time.h
+timeconv.h
+ttyent.h
+tzfile.h
+ucontext.h
+ulimit.h
+unistd.h
+util.h
+utime.h
+utmpx.h
+utmpx_thread.h
+vis.h
+wchar.h
+wctype.h
+wordexp.h
+xlocale.h
+xlocale/__wctype.h
+xlocale/_ctype.h
+xlocale/_inttypes.h
+xlocale/_langinfo.h
+xlocale/_monetary.h
+xlocale/_regex.h
+xlocale/_stdio.h
+xlocale/_stdlib.h
+xlocale/_string.h
+xlocale/_time.h
+xlocale/_wchar.h
+xlocale/_wctype.h
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix
index add51a61d3d..789e536b8a7 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     substituteInPlace xcodescripts/install_files.sh \
       --replace "/usr/local/" "/" \
@@ -11,4 +11,40 @@ appleDerivation {
     export DSTROOT=$out
     sh xcodescripts/install_files.sh
   '';
+
+  appleHeaders = ''
+    aliasdb.h
+    bootparams.h
+    configuration_profile.h
+    grp.h
+    ifaddrs.h
+    ils.h
+    kvbuf.h
+    libinfo.h
+    libinfo_muser.h
+    membership.h
+    membershipPriv.h
+    netdb.h
+    netdb_async.h
+    ntsid.h
+    printerdb.h
+    pwd.h
+    rpc/auth.h
+    rpc/auth_unix.h
+    rpc/clnt.h
+    rpc/pmap_clnt.h
+    rpc/pmap_prot.h
+    rpc/pmap_rmt.h
+    rpc/rpc.h
+    rpc/rpc_msg.h
+    rpc/svc.h
+    rpc/svc_auth.h
+    rpc/types.h
+    rpc/xdr.h
+    rpcsvc/yp_prot.h
+    rpcsvc/ypclnt.h
+    si_data.h
+    si_module.h
+    thread_data.h
+  '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix
index df5f6b7b8fd..6e6712f375e 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     mkdir -p $out/include
 
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix
index 2ee80d70264..969e64427c9 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     mkdir -p $out/include
     cp notify.h      $out/include
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix
index a7b2bd7d981..1bf6396d47f 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, appleDerivation, developer_cmds }:
+{ lib, appleDerivation, developer_cmds }:
 
 appleDerivation {
   buildInputs = [ developer_cmds ];
@@ -14,7 +14,7 @@ appleDerivation {
     rmdir $out/usr/
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     maintainers = with maintainers; [ matthewbauer ];
     platforms   = platforms.darwin;
     license     = licenses.apsl20;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix
index 99d67002803..cb85566b512 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix
@@ -1,9 +1,13 @@
-{ stdenv, appleDerivation, cpio, xnu, Libc, Libm, libdispatch, cctools, Libinfo
+{ lib, stdenv, buildPackages
+, appleDerivation', cpio, xnu, Libc, Libm, libdispatch, Libinfo
 , dyld, Csu, architecture, libclosure, CarbonHeaders, ncurses, CommonCrypto
-, copyfile, removefile, libresolv, Libnotify, libplatform, libpthread
-, mDNSResponder, launchd, libutil, hfs, darling }:
+, copyfile, removefile, libresolvHeaders, libresolv, Libnotify, libplatform, libpthread
+, mDNSResponder, launchd, libutilHeaders, hfsHeaders, darling, darwin-stubs
+, headersOnly ? false
+, withLibresolv ? !headersOnly
+}:
 
-appleDerivation {
+appleDerivation' stdenv {
   dontBuild = true;
   dontFixup = true;
 
@@ -21,13 +25,13 @@ appleDerivation {
 
     for dep in ${Libc} ${Libm} ${Libinfo} ${dyld} ${architecture} \
                ${libclosure} ${CarbonHeaders} ${libdispatch} ${ncurses.dev} \
-               ${CommonCrypto} ${copyfile} ${removefile} ${libresolv} \
+               ${CommonCrypto} ${copyfile} ${removefile} ${libresolvHeaders} \
                ${Libnotify} ${libplatform} ${mDNSResponder} ${launchd} \
-               ${libutil} ${libpthread} ${hfs}; do
+               ${libutilHeaders} ${libpthread} ${hfsHeaders}; do
       (cd $dep/include && find . -name '*.h' | cpio -pdm $out/include)
     done
 
-    (cd ${cctools.dev}/include/mach-o && find . -name '*.h' | cpio -pdm $out/include/mach-o)
+    (cd ${buildPackages.darwin.cctools.dev}/include/mach-o && find . -name '*.h' | cpio -pdm $out/include/mach-o)
 
     mkdir -p $out/include/os
 
@@ -84,73 +88,43 @@ appleDerivation {
     #define TARGET_RT_64_BIT        1
     #endif  /* __TARGETCONDITIONALS__ */
     EOF
+  '' + lib.optionalString (!headersOnly) ''
 
     # The startup object files
     cp ${Csu}/lib/* $out/lib
 
-    # We can't re-exported libsystem_c and libsystem_kernel directly,
-    # so we link against the central library here.
-    mkdir -p $out/lib/system
-    ld -macosx_version_min 10.7 -arch x86_64 -dylib \
-       -o $out/lib/system/libsystem_c.dylib \
-       /usr/lib/libSystem.dylib \
-       -reexported_symbols_list ${./system_c_symbols}
-
-    ld -macosx_version_min 10.7 -arch x86_64 -dylib \
-       -o $out/lib/system/libsystem_kernel.dylib \
-       /usr/lib/libSystem.dylib \
-       -reexported_symbols_list ${./system_kernel_symbols}
-
-    # The umbrella libSystem also exports some symbols,
-    # but we don't want to pull in everything from the other libraries.
-    ld -macosx_version_min 10.7 -arch x86_64 -dylib \
-       -o $out/lib/libSystem_internal.dylib \
-       /usr/lib/libSystem.dylib \
-       -reexported_symbols_list ${./system_symbols}
-
-    # We used to determine these impurely based on the host system, but then when we got some 10.12 Hydra boxes,
-    # one of them accidentally built this derivation, referenced libsystem_symptoms.dylib, which doesn't exist on
-    # 10.11, and then broke all subsequent builds on 10.11. By picking a 10.11 compatible subset of the libraries,
-    # we avoid scary impurity issues like that.
-    libs=$(cat ${./reexported_libraries} | grep -v '^#')
-
-    for i in $libs; do
-      if [ "$i" != "/usr/lib/system/libsystem_kernel.dylib" ] && [ "$i" != "/usr/lib/system/libsystem_c.dylib" ]; then
-        args="$args -reexport_library $i"
-      fi
-    done
-
-    ld -macosx_version_min 10.7 -arch x86_64 -dylib \
-       -o $out/lib/libSystem.B.dylib \
-       -compatibility_version 1.0 \
-       -current_version 1226.10.1 \
-       -reexport_library $out/lib/system/libsystem_c.dylib \
-       -reexport_library $out/lib/system/libsystem_kernel.dylib \
-       -reexport_library $out/lib/libSystem_internal.dylib \
-       $args
+    cp -vr \
+      ${darwin-stubs}/usr/lib/libSystem.B.tbd \
+      ${darwin-stubs}/usr/lib/system \
+      $out/lib
 
-    ln -s libSystem.B.dylib $out/lib/libSystem.dylib
+    substituteInPlace $out/lib/libSystem.B.tbd \
+      --replace "/usr/lib/system/" "$out/lib/system/"
+    ln -s libSystem.B.tbd $out/lib/libSystem.tbd
 
     # Set up links to pretend we work like a conventional unix (Apple's design, not mine!)
     for name in c dbm dl info m mx poll proc pthread rpcsvc util gcc_s.10.4 gcc_s.10.5; do
-      ln -s libSystem.dylib $out/lib/lib$name.dylib
+      ln -s libSystem.tbd $out/lib/lib$name.tbd
     done
+  '' + lib.optionalString withLibresolv ''
 
     # This probably doesn't belong here, but we want to stay similar to glibc, which includes resolv internally...
     cp ${libresolv}/lib/libresolv.9.dylib $out/lib/libresolv.9.dylib
-    resolv_libSystem=$(otool -L "$out/lib/libresolv.9.dylib" | tail -n +3 | grep -o "$NIX_STORE.*-\S*") || true
+    resolv_libSystem=$(${stdenv.cc.bintools.targetPrefix}otool -L "$out/lib/libresolv.9.dylib" | tail -n +3 | grep -o "$NIX_STORE.*-\S*") || true
     echo $libs
 
     chmod +w $out/lib/libresolv.9.dylib
-    install_name_tool \
+    ${stdenv.cc.bintools.targetPrefix}install_name_tool \
       -id $out/lib/libresolv.9.dylib \
-      -change "$resolv_libSystem" $out/lib/libSystem.dylib \
+      -change "$resolv_libSystem" /usr/lib/libSystem.dylib \
       $out/lib/libresolv.9.dylib
     ln -s libresolv.9.dylib $out/lib/libresolv.dylib
   '';
 
-  meta = with stdenv.lib; {
-    description = "The Mac OS libc/libSystem (impure symlinks to binaries with pure headers)";
+  appleHeaders = builtins.readFile ./headers.txt;
+
+  meta = with lib; {
+    description = "The Mac OS libc/libSystem (tapi library with pure headers)";
     maintainers = with maintainers; [ copumpkin gridaphobe ];
     platforms   = platforms.darwin;
     license     = licenses.apsl20;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/headers.txt b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/headers.txt
new file mode 100644
index 00000000000..09b0ab41045
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/headers.txt
@@ -0,0 +1,1727 @@
+AssertMacros.h
+Availability.h
+AvailabilityInternal.h
+AvailabilityMacros.h
+Block.h
+Block_private.h
+CommonCrypto/CommonBaseXX.h
+CommonCrypto/CommonBigNum.h
+CommonCrypto/CommonCMACSPI.h
+CommonCrypto/CommonCRC.h
+CommonCrypto/CommonCrypto.h
+CommonCrypto/CommonCryptoError.h
+CommonCrypto/CommonCryptoPriv.h
+CommonCrypto/CommonCryptor.h
+CommonCrypto/CommonCryptorSPI.h
+CommonCrypto/CommonDH.h
+CommonCrypto/CommonDigest.h
+CommonCrypto/CommonDigestSPI.h
+CommonCrypto/CommonECCryptor.h
+CommonCrypto/CommonHMAC.h
+CommonCrypto/CommonHMacSPI.h
+CommonCrypto/CommonKeyDerivation.h
+CommonCrypto/CommonKeyDerivationSPI.h
+CommonCrypto/CommonNumerics.h
+CommonCrypto/CommonRSACryptor.h
+CommonCrypto/CommonRandom.h
+CommonCrypto/CommonRandomSPI.h
+CommonCrypto/CommonSymmetricKeywrap.h
+CommonCrypto/aes.h
+CommonCrypto/lionCompat.h
+ConditionalMacros.h
+CrashReporterClient.h
+ExtentManager.h
+MacTypes.h
+NSSystemDirectories.h
+TargetConditionals.h
+_errno.h
+_libkernel_init.h
+_locale.h
+_simple.h
+_types.h
+_types/_intmax_t.h
+_types/_nl_item.h
+_types/_uint16_t.h
+_types/_uint32_t.h
+_types/_uint64_t.h
+_types/_uint8_t.h
+_types/_uintmax_t.h
+_types/_wctrans_t.h
+_types/_wctype_t.h
+_wctype.h
+_xlocale.h
+aio.h
+aliasdb.h
+alloca.h
+ar.h
+architecture/alignment.h
+architecture/byte_order.h
+architecture/i386/alignment.h
+architecture/i386/asm_help.h
+architecture/i386/byte_order.h
+architecture/i386/cpu.h
+architecture/i386/desc.h
+architecture/i386/fpu.h
+architecture/i386/frame.h
+architecture/i386/io.h
+architecture/i386/pio.h
+architecture/i386/reg_help.h
+architecture/i386/sel.h
+architecture/i386/table.h
+architecture/i386/tss.h
+arpa/ftp.h
+arpa/inet.h
+arpa/nameser_compat.h
+arpa/telnet.h
+arpa/tftp.h
+asl.h
+assert.h
+atm/atm_notification.defs
+atm/atm_types.defs
+atm/atm_types.h
+bank/bank_types.h
+bitstring.h
+bootparams.h
+bootstrap.h
+bootstrap_priv.h
+bsd/bsm/audit.h
+bsd/dev/random/randomdev.h
+bsd/i386/_limits.h
+bsd/i386/_mcontext.h
+bsd/i386/_param.h
+bsd/i386/_types.h
+bsd/i386/endian.h
+bsd/i386/limits.h
+bsd/i386/param.h
+bsd/i386/profile.h
+bsd/i386/signal.h
+bsd/i386/types.h
+bsd/i386/vmparam.h
+bsd/libkern/libkern.h
+bsd/machine/_limits.h
+bsd/machine/_mcontext.h
+bsd/machine/_param.h
+bsd/machine/_types.h
+bsd/machine/byte_order.h
+bsd/machine/disklabel.h
+bsd/machine/endian.h
+bsd/machine/limits.h
+bsd/machine/param.h
+bsd/machine/profile.h
+bsd/machine/signal.h
+bsd/machine/spl.h
+bsd/machine/types.h
+bsd/machine/vmparam.h
+bsd/miscfs/devfs/devfs.h
+bsd/miscfs/devfs/devfs_proto.h
+bsd/miscfs/devfs/devfsdefs.h
+bsd/miscfs/devfs/fdesc.h
+bsd/miscfs/fifofs/fifo.h
+bsd/miscfs/specfs/specdev.h
+bsd/miscfs/union/union.h
+bsd/net/bpf.h
+bsd/net/dlil.h
+bsd/net/ethernet.h
+bsd/net/if.h
+bsd/net/if_arp.h
+bsd/net/if_dl.h
+bsd/net/if_ether.h
+bsd/net/if_llc.h
+bsd/net/if_media.h
+bsd/net/if_mib.h
+bsd/net/if_types.h
+bsd/net/if_utun.h
+bsd/net/if_var.h
+bsd/net/init.h
+bsd/net/kext_net.h
+bsd/net/kpi_interface.h
+bsd/net/kpi_interfacefilter.h
+bsd/net/kpi_protocol.h
+bsd/net/ndrv.h
+bsd/net/net_kev.h
+bsd/net/pfkeyv2.h
+bsd/net/radix.h
+bsd/net/route.h
+bsd/netinet/bootp.h
+bsd/netinet/icmp6.h
+bsd/netinet/icmp_var.h
+bsd/netinet/if_ether.h
+bsd/netinet/igmp.h
+bsd/netinet/igmp_var.h
+bsd/netinet/in.h
+bsd/netinet/in_arp.h
+bsd/netinet/in_pcb.h
+bsd/netinet/in_systm.h
+bsd/netinet/in_var.h
+bsd/netinet/ip.h
+bsd/netinet/ip6.h
+bsd/netinet/ip_icmp.h
+bsd/netinet/ip_var.h
+bsd/netinet/kpi_ipfilter.h
+bsd/netinet/tcp.h
+bsd/netinet/tcp_fsm.h
+bsd/netinet/tcp_seq.h
+bsd/netinet/tcp_timer.h
+bsd/netinet/tcp_var.h
+bsd/netinet/tcpip.h
+bsd/netinet/udp.h
+bsd/netinet/udp_var.h
+bsd/netinet6/ah.h
+bsd/netinet6/esp.h
+bsd/netinet6/in6.h
+bsd/netinet6/in6_var.h
+bsd/netinet6/ipcomp.h
+bsd/netinet6/ipsec.h
+bsd/netinet6/nd6.h
+bsd/netinet6/raw_ip6.h
+bsd/netinet6/scope6_var.h
+bsd/netkey/keysock.h
+bsd/security/audit/audit.h
+bsd/security/audit/audit_bsd.h
+bsd/security/audit/audit_ioctl.h
+bsd/security/audit/audit_private.h
+bsd/sys/_endian.h
+bsd/sys/_select.h
+bsd/sys/_structs.h
+bsd/sys/_types.h
+bsd/sys/_types/_blkcnt_t.h
+bsd/sys/_types/_blksize_t.h
+bsd/sys/_types/_clock_t.h
+bsd/sys/_types/_ct_rune_t.h
+bsd/sys/_types/_dev_t.h
+bsd/sys/_types/_errno_t.h
+bsd/sys/_types/_fd_clr.h
+bsd/sys/_types/_fd_copy.h
+bsd/sys/_types/_fd_def.h
+bsd/sys/_types/_fd_isset.h
+bsd/sys/_types/_fd_set.h
+bsd/sys/_types/_fd_setsize.h
+bsd/sys/_types/_fd_zero.h
+bsd/sys/_types/_filesec_t.h
+bsd/sys/_types/_fsblkcnt_t.h
+bsd/sys/_types/_fsfilcnt_t.h
+bsd/sys/_types/_fsid_t.h
+bsd/sys/_types/_fsobj_id_t.h
+bsd/sys/_types/_gid_t.h
+bsd/sys/_types/_guid_t.h
+bsd/sys/_types/_id_t.h
+bsd/sys/_types/_in_addr_t.h
+bsd/sys/_types/_in_port_t.h
+bsd/sys/_types/_ino64_t.h
+bsd/sys/_types/_ino_t.h
+bsd/sys/_types/_int16_t.h
+bsd/sys/_types/_int32_t.h
+bsd/sys/_types/_int64_t.h
+bsd/sys/_types/_int8_t.h
+bsd/sys/_types/_intptr_t.h
+bsd/sys/_types/_iovec_t.h
+bsd/sys/_types/_key_t.h
+bsd/sys/_types/_mach_port_t.h
+bsd/sys/_types/_mbstate_t.h
+bsd/sys/_types/_mode_t.h
+bsd/sys/_types/_nlink_t.h
+bsd/sys/_types/_null.h
+bsd/sys/_types/_o_dsync.h
+bsd/sys/_types/_o_sync.h
+bsd/sys/_types/_off_t.h
+bsd/sys/_types/_offsetof.h
+bsd/sys/_types/_os_inline.h
+bsd/sys/_types/_pid_t.h
+bsd/sys/_types/_posix_vdisable.h
+bsd/sys/_types/_ptrdiff_t.h
+bsd/sys/_types/_rsize_t.h
+bsd/sys/_types/_rune_t.h
+bsd/sys/_types/_s_ifmt.h
+bsd/sys/_types/_sa_family_t.h
+bsd/sys/_types/_seek_set.h
+bsd/sys/_types/_sigaltstack.h
+bsd/sys/_types/_sigset_t.h
+bsd/sys/_types/_size_t.h
+bsd/sys/_types/_socklen_t.h
+bsd/sys/_types/_ssize_t.h
+bsd/sys/_types/_suseconds_t.h
+bsd/sys/_types/_time_t.h
+bsd/sys/_types/_timespec.h
+bsd/sys/_types/_timeval.h
+bsd/sys/_types/_timeval32.h
+bsd/sys/_types/_timeval64.h
+bsd/sys/_types/_u_int16_t.h
+bsd/sys/_types/_u_int32_t.h
+bsd/sys/_types/_u_int64_t.h
+bsd/sys/_types/_u_int8_t.h
+bsd/sys/_types/_ucontext.h
+bsd/sys/_types/_ucontext64.h
+bsd/sys/_types/_uid_t.h
+bsd/sys/_types/_uintptr_t.h
+bsd/sys/_types/_useconds_t.h
+bsd/sys/_types/_user32_itimerval.h
+bsd/sys/_types/_user32_timespec.h
+bsd/sys/_types/_user32_timeval.h
+bsd/sys/_types/_user64_itimerval.h
+bsd/sys/_types/_user64_timespec.h
+bsd/sys/_types/_user64_timeval.h
+bsd/sys/_types/_user_timespec.h
+bsd/sys/_types/_user_timeval.h
+bsd/sys/_types/_uuid_t.h
+bsd/sys/_types/_va_list.h
+bsd/sys/_types/_wchar_t.h
+bsd/sys/_types/_wint_t.h
+bsd/sys/appleapiopts.h
+bsd/sys/attr.h
+bsd/sys/bsdtask_info.h
+bsd/sys/buf.h
+bsd/sys/cdefs.h
+bsd/sys/codesign.h
+bsd/sys/conf.h
+bsd/sys/content_protection.h
+bsd/sys/cprotect.h
+bsd/sys/csr.h
+bsd/sys/decmpfs.h
+bsd/sys/dir.h
+bsd/sys/dirent.h
+bsd/sys/disk.h
+bsd/sys/disklabel.h
+bsd/sys/disktab.h
+bsd/sys/dkstat.h
+bsd/sys/doc_tombstone.h
+bsd/sys/domain.h
+bsd/sys/errno.h
+bsd/sys/ev.h
+bsd/sys/event.h
+bsd/sys/eventvar.h
+bsd/sys/fbt.h
+bsd/sys/fcntl.h
+bsd/sys/file.h
+bsd/sys/file_internal.h
+bsd/sys/filedesc.h
+bsd/sys/fileport.h
+bsd/sys/filio.h
+bsd/sys/fsctl.h
+bsd/sys/fsevents.h
+bsd/sys/fslog.h
+bsd/sys/guarded.h
+bsd/sys/imgact.h
+bsd/sys/ioccom.h
+bsd/sys/ioctl.h
+bsd/sys/ioctl_compat.h
+bsd/sys/ipc.h
+bsd/sys/kasl.h
+bsd/sys/kauth.h
+bsd/sys/kdebug.h
+bsd/sys/kdebugevents.h
+bsd/sys/kern_control.h
+bsd/sys/kern_event.h
+bsd/sys/kern_memorystatus.h
+bsd/sys/kernel.h
+bsd/sys/kernel_types.h
+bsd/sys/kpi_mbuf.h
+bsd/sys/kpi_private.h
+bsd/sys/kpi_socket.h
+bsd/sys/kpi_socketfilter.h
+bsd/sys/ktrace.h
+bsd/sys/linker_set.h
+bsd/sys/lock.h
+bsd/sys/lockf.h
+bsd/sys/mach_swapon.h
+bsd/sys/malloc.h
+bsd/sys/mbuf.h
+bsd/sys/md5.h
+bsd/sys/memory_maintenance.h
+bsd/sys/mman.h
+bsd/sys/mount.h
+bsd/sys/mount_internal.h
+bsd/sys/msg.h
+bsd/sys/msgbuf.h
+bsd/sys/munge.h
+bsd/sys/namei.h
+bsd/sys/netport.h
+bsd/sys/param.h
+bsd/sys/paths.h
+bsd/sys/persona.h
+bsd/sys/pgo.h
+bsd/sys/pipe.h
+bsd/sys/posix_sem.h
+bsd/sys/posix_shm.h
+bsd/sys/priv.h
+bsd/sys/proc.h
+bsd/sys/proc_info.h
+bsd/sys/proc_internal.h
+bsd/sys/protosw.h
+bsd/sys/pthread_internal.h
+bsd/sys/pthread_shims.h
+bsd/sys/queue.h
+bsd/sys/quota.h
+bsd/sys/random.h
+bsd/sys/reason.h
+bsd/sys/resource.h
+bsd/sys/resourcevar.h
+bsd/sys/sbuf.h
+bsd/sys/select.h
+bsd/sys/sem.h
+bsd/sys/sem_internal.h
+bsd/sys/semaphore.h
+bsd/sys/shm.h
+bsd/sys/shm_internal.h
+bsd/sys/signal.h
+bsd/sys/signalvar.h
+bsd/sys/socket.h
+bsd/sys/socketvar.h
+bsd/sys/sockio.h
+bsd/sys/spawn.h
+bsd/sys/spawn_internal.h
+bsd/sys/stackshot.h
+bsd/sys/stat.h
+bsd/sys/stdio.h
+bsd/sys/sys_domain.h
+bsd/sys/syscall.h
+bsd/sys/sysctl.h
+bsd/sys/syslimits.h
+bsd/sys/syslog.h
+bsd/sys/sysproto.h
+bsd/sys/systm.h
+bsd/sys/termios.h
+bsd/sys/time.h
+bsd/sys/tree.h
+bsd/sys/tty.h
+bsd/sys/ttychars.h
+bsd/sys/ttycom.h
+bsd/sys/ttydefaults.h
+bsd/sys/ttydev.h
+bsd/sys/types.h
+bsd/sys/ubc.h
+bsd/sys/ucontext.h
+bsd/sys/ucred.h
+bsd/sys/uio.h
+bsd/sys/uio_internal.h
+bsd/sys/ulock.h
+bsd/sys/un.h
+bsd/sys/unistd.h
+bsd/sys/unpcb.h
+bsd/sys/user.h
+bsd/sys/utfconv.h
+bsd/sys/vfs_context.h
+bsd/sys/vm.h
+bsd/sys/vmmeter.h
+bsd/sys/vmparam.h
+bsd/sys/vnode.h
+bsd/sys/vnode_if.h
+bsd/sys/vnode_internal.h
+bsd/sys/wait.h
+bsd/sys/xattr.h
+bsd/uuid/uuid.h
+bsd/vfs/vfs_support.h
+bsd/vm/vnode_pager.h
+bsm/audit.h
+bsm/audit_domain.h
+bsm/audit_errno.h
+bsm/audit_fcntl.h
+bsm/audit_internal.h
+bsm/audit_kevents.h
+bsm/audit_record.h
+bsm/audit_socket_type.h
+checkint.h
+complex.h
+configuration_profile.h
+copyfile.h
+corecrypto/cc.h
+corecrypto/cc_config.h
+corecrypto/cc_debug.h
+corecrypto/cc_macros.h
+corecrypto/cc_priv.h
+corecrypto/ccaes.h
+corecrypto/ccasn1.h
+corecrypto/cccmac.h
+corecrypto/ccder.h
+corecrypto/ccdes.h
+corecrypto/ccdigest.h
+corecrypto/ccdigest_priv.h
+corecrypto/ccdrbg.h
+corecrypto/ccdrbg_impl.h
+corecrypto/cchmac.h
+corecrypto/ccmd5.h
+corecrypto/ccmode.h
+corecrypto/ccmode_factory.h
+corecrypto/ccmode_impl.h
+corecrypto/ccmode_siv.h
+corecrypto/ccn.h
+corecrypto/ccpad.h
+corecrypto/ccpbkdf2.h
+corecrypto/ccrc4.h
+corecrypto/ccrng.h
+corecrypto/ccrng_system.h
+corecrypto/ccrsa.h
+corecrypto/ccsha1.h
+corecrypto/ccsha2.h
+corecrypto/cczp.h
+corpses/task_corpse.h
+cpio.h
+crt_externs.h
+ctype.h
+curses.h
+cursesapp.h
+cursesf.h
+cursesm.h
+cursesp.h
+cursesw.h
+cursslk.h
+db.h
+default_pager/default_pager_types.h
+device/device.defs
+device/device_port.h
+device/device_types.defs
+device/device_types.h
+dirent.h
+disktab.h
+dispatch/base.h
+dispatch/benchmark.h
+dispatch/block.h
+dispatch/data.h
+dispatch/data_private.h
+dispatch/dispatch.h
+dispatch/group.h
+dispatch/introspection.h
+dispatch/introspection_private.h
+dispatch/io.h
+dispatch/io_private.h
+dispatch/layout_private.h
+dispatch/mach_private.h
+dispatch/object.h
+dispatch/once.h
+dispatch/private.h
+dispatch/queue.h
+dispatch/queue_private.h
+dispatch/semaphore.h
+dispatch/source.h
+dispatch/source_private.h
+dispatch/time.h
+dlfcn.h
+dns.h
+dns_sd.h
+dns_util.h
+err.h
+errno.h
+eti.h
+etip.h
+execinfo.h
+fcntl.h
+fenv.h
+fmtmsg.h
+fnmatch.h
+form.h
+fsproperties.h
+fstab.h
+fts.h
+ftw.h
+get_compat.h
+gethostuuid.h
+gethostuuid_private.h
+getopt.h
+glob.h
+grp.h
+hfs/BTreeScanner.h
+hfs/BTreesInternal.h
+hfs/BTreesPrivate.h
+hfs/CatalogPrivate.h
+hfs/FileMgrInternal.h
+hfs/HFSUnicodeWrappers.h
+hfs/UCStringCompareData.h
+hfs/hfs.h
+hfs/hfs_alloc_trace.h
+hfs/hfs_attrlist.h
+hfs/hfs_btreeio.h
+hfs/hfs_catalog.h
+hfs/hfs_cnode.h
+hfs/hfs_cprotect.h
+hfs/hfs_dbg.h
+hfs/hfs_endian.h
+hfs/hfs_extents.h
+hfs/hfs_format.h
+hfs/hfs_fsctl.h
+hfs/hfs_hotfiles.h
+hfs/hfs_iokit.h
+hfs/hfs_journal.h
+hfs/hfs_kdebug.h
+hfs/hfs_key_roll.h
+hfs/hfs_macos_defs.h
+hfs/hfs_mount.h
+hfs/hfs_quota.h
+hfs/hfs_unistr.h
+hfs/kext-config.h
+hfs/rangelist.h
+i386/_limits.h
+i386/_mcontext.h
+i386/_param.h
+i386/_types.h
+i386/eflags.h
+i386/endian.h
+i386/fasttrap_isa.h
+i386/limits.h
+i386/param.h
+i386/profile.h
+i386/signal.h
+i386/types.h
+i386/user_ldt.h
+i386/vmparam.h
+ifaddrs.h
+ils.h
+inttypes.h
+iokit/IOKit/AppleKeyStoreInterface.h
+iokit/IOKit/IOBSD.h
+iokit/IOKit/IOBufferMemoryDescriptor.h
+iokit/IOKit/IOCPU.h
+iokit/IOKit/IOCatalogue.h
+iokit/IOKit/IOCommand.h
+iokit/IOKit/IOCommandGate.h
+iokit/IOKit/IOCommandPool.h
+iokit/IOKit/IOCommandQueue.h
+iokit/IOKit/IOConditionLock.h
+iokit/IOKit/IODMACommand.h
+iokit/IOKit/IODMAController.h
+iokit/IOKit/IODMAEventSource.h
+iokit/IOKit/IODataQueue.h
+iokit/IOKit/IODataQueueShared.h
+iokit/IOKit/IODeviceMemory.h
+iokit/IOKit/IODeviceTreeSupport.h
+iokit/IOKit/IOEventSource.h
+iokit/IOKit/IOFilterInterruptEventSource.h
+iokit/IOKit/IOHibernatePrivate.h
+iokit/IOKit/IOInterleavedMemoryDescriptor.h
+iokit/IOKit/IOInterruptAccounting.h
+iokit/IOKit/IOInterruptController.h
+iokit/IOKit/IOInterruptEventSource.h
+iokit/IOKit/IOInterrupts.h
+iokit/IOKit/IOKernelReportStructs.h
+iokit/IOKit/IOKernelReporters.h
+iokit/IOKit/IOKitDebug.h
+iokit/IOKit/IOKitDiagnosticsUserClient.h
+iokit/IOKit/IOKitKeys.h
+iokit/IOKit/IOKitKeysPrivate.h
+iokit/IOKit/IOKitServer.h
+iokit/IOKit/IOLib.h
+iokit/IOKit/IOLocks.h
+iokit/IOKit/IOLocksPrivate.h
+iokit/IOKit/IOMapper.h
+iokit/IOKit/IOMemoryCursor.h
+iokit/IOKit/IOMemoryDescriptor.h
+iokit/IOKit/IOMessage.h
+iokit/IOKit/IOMultiMemoryDescriptor.h
+iokit/IOKit/IONVRAM.h
+iokit/IOKit/IONotifier.h
+iokit/IOKit/IOPlatformExpert.h
+iokit/IOKit/IOPolledInterface.h
+iokit/IOKit/IORangeAllocator.h
+iokit/IOKit/IORegistryEntry.h
+iokit/IOKit/IOReportMacros.h
+iokit/IOKit/IOReportTypes.h
+iokit/IOKit/IOReturn.h
+iokit/IOKit/IOService.h
+iokit/IOKit/IOServicePM.h
+iokit/IOKit/IOSharedDataQueue.h
+iokit/IOKit/IOSharedLock.h
+iokit/IOKit/IOStatistics.h
+iokit/IOKit/IOStatisticsPrivate.h
+iokit/IOKit/IOSubMemoryDescriptor.h
+iokit/IOKit/IOSyncer.h
+iokit/IOKit/IOTimeStamp.h
+iokit/IOKit/IOTimerEventSource.h
+iokit/IOKit/IOTypes.h
+iokit/IOKit/IOUserClient.h
+iokit/IOKit/IOWorkLoop.h
+iokit/IOKit/OSMessageNotification.h
+iokit/IOKit/assert.h
+iokit/IOKit/nvram/IONVRAMController.h
+iokit/IOKit/platform/AppleMacIO.h
+iokit/IOKit/platform/AppleMacIODevice.h
+iokit/IOKit/platform/AppleNMI.h
+iokit/IOKit/platform/ApplePlatformExpert.h
+iokit/IOKit/power/IOPwrController.h
+iokit/IOKit/pwr_mgt/IOPM.h
+iokit/IOKit/pwr_mgt/IOPMLibDefs.h
+iokit/IOKit/pwr_mgt/IOPMPowerSource.h
+iokit/IOKit/pwr_mgt/IOPMPowerSourceList.h
+iokit/IOKit/pwr_mgt/IOPMpowerState.h
+iokit/IOKit/pwr_mgt/IOPowerConnection.h
+iokit/IOKit/pwr_mgt/RootDomain.h
+iokit/IOKit/rtc/IORTCController.h
+iokit/IOKit/system.h
+iokit/IOKit/system_management/IOWatchDogTimer.h
+iso646.h
+kern/exc_resource.h
+kern/kcdata.h
+kern/kern_cdata.h
+kvbuf.h
+langinfo.h
+launch.h
+launch_internal.h
+launch_priv.h
+libc.h
+libc_private.h
+libgen.h
+libinfo.h
+libinfo_muser.h
+libkern/OSAtomic.h
+libkern/OSAtomicDeprecated.h
+libkern/OSAtomicQueue.h
+libkern/OSByteOrder.h
+libkern/OSCacheControl.h
+libkern/OSDebug.h
+libkern/OSKextLib.h
+libkern/OSReturn.h
+libkern/OSSpinLockDeprecated.h
+libkern/OSTypes.h
+libkern/_OSByteOrder.h
+libkern/firehose/chunk_private.h
+libkern/firehose/firehose_types_private.h
+libkern/firehose/ioctl_private.h
+libkern/firehose/tracepoint_private.h
+libkern/i386/OSByteOrder.h
+libkern/i386/_OSByteOrder.h
+libkern/libkern/OSAtomic.h
+libkern/libkern/OSBase.h
+libkern/libkern/OSByteOrder.h
+libkern/libkern/OSDebug.h
+libkern/libkern/OSKextLib.h
+libkern/libkern/OSKextLibPrivate.h
+libkern/libkern/OSMalloc.h
+libkern/libkern/OSReturn.h
+libkern/libkern/OSSerializeBinary.h
+libkern/libkern/OSTypes.h
+libkern/libkern/_OSByteOrder.h
+libkern/libkern/c++/OSArray.h
+libkern/libkern/c++/OSBoolean.h
+libkern/libkern/c++/OSCPPDebug.h
+libkern/libkern/c++/OSCollection.h
+libkern/libkern/c++/OSCollectionIterator.h
+libkern/libkern/c++/OSContainers.h
+libkern/libkern/c++/OSData.h
+libkern/libkern/c++/OSDictionary.h
+libkern/libkern/c++/OSEndianTypes.h
+libkern/libkern/c++/OSIterator.h
+libkern/libkern/c++/OSKext.h
+libkern/libkern/c++/OSLib.h
+libkern/libkern/c++/OSMetaClass.h
+libkern/libkern/c++/OSNumber.h
+libkern/libkern/c++/OSObject.h
+libkern/libkern/c++/OSOrderedSet.h
+libkern/libkern/c++/OSSerialize.h
+libkern/libkern/c++/OSSet.h
+libkern/libkern/c++/OSString.h
+libkern/libkern/c++/OSSymbol.h
+libkern/libkern/c++/OSUnserialize.h
+libkern/libkern/crypto/aes.h
+libkern/libkern/crypto/aesxts.h
+libkern/libkern/crypto/crypto_internal.h
+libkern/libkern/crypto/des.h
+libkern/libkern/crypto/md5.h
+libkern/libkern/crypto/rand.h
+libkern/libkern/crypto/register_crypto.h
+libkern/libkern/crypto/rsa.h
+libkern/libkern/crypto/sha1.h
+libkern/libkern/crypto/sha2.h
+libkern/libkern/i386/OSByteOrder.h
+libkern/libkern/i386/_OSByteOrder.h
+libkern/libkern/kernel_mach_header.h
+libkern/libkern/kext_request_keys.h
+libkern/libkern/kxld.h
+libkern/libkern/kxld_types.h
+libkern/libkern/locks.h
+libkern/libkern/machine/OSByteOrder.h
+libkern/libkern/mkext.h
+libkern/libkern/prelink.h
+libkern/libkern/section_keywords.h
+libkern/libkern/stack_protector.h
+libkern/libkern/sysctl.h
+libkern/libkern/tree.h
+libkern/libkern/version.h
+libkern/libkern/zconf.h
+libkern/libkern/zlib.h
+libkern/machine/OSByteOrder.h
+libkern/os/base.h
+libkern/os/log.h
+libkern/os/log_private.h
+libkern/os/object.h
+libkern/os/object_private.h
+libkern/os/overflow.h
+libkern/os/trace.h
+libproc.h
+libutil.h
+limits.h
+locale.h
+mach-o/arch.h
+mach-o/arm/reloc.h
+mach-o/arm64/reloc.h
+mach-o/dyld-interposing.h
+mach-o/dyld.h
+mach-o/dyld_gdb.h
+mach-o/dyld_images.h
+mach-o/dyld_priv.h
+mach-o/dyld_process_info.h
+mach-o/fat.h
+mach-o/getsect.h
+mach-o/hppa/reloc.h
+mach-o/hppa/swap.h
+mach-o/i386/swap.h
+mach-o/i860/reloc.h
+mach-o/i860/swap.h
+mach-o/ldsyms.h
+mach-o/loader.h
+mach-o/m68k/swap.h
+mach-o/m88k/reloc.h
+mach-o/m88k/swap.h
+mach-o/nlist.h
+mach-o/ppc/reloc.h
+mach-o/ppc/swap.h
+mach-o/ranlib.h
+mach-o/reloc.h
+mach-o/sparc/reloc.h
+mach-o/sparc/swap.h
+mach-o/stab.h
+mach-o/swap.h
+mach-o/x86_64/reloc.h
+mach/audit_triggers.defs
+mach/boolean.h
+mach/bootstrap.h
+mach/clock.defs
+mach/clock.h
+mach/clock_priv.defs
+mach/clock_priv.h
+mach/clock_reply.defs
+mach/clock_reply.h
+mach/clock_types.defs
+mach/clock_types.h
+mach/dyld_kernel.h
+mach/error.h
+mach/exc.defs
+mach/exc.h
+mach/exception.h
+mach/exception_types.h
+mach/host_info.h
+mach/host_notify.h
+mach/host_notify_reply.defs
+mach/host_priv.defs
+mach/host_priv.h
+mach/host_reboot.h
+mach/host_security.defs
+mach/host_security.h
+mach/host_special_ports.h
+mach/i386/_structs.h
+mach/i386/asm.h
+mach/i386/boolean.h
+mach/i386/exception.h
+mach/i386/fp_reg.h
+mach/i386/kern_return.h
+mach/i386/ndr_def.h
+mach/i386/processor_info.h
+mach/i386/rpc.h
+mach/i386/sdt_isa.h
+mach/i386/thread_state.h
+mach/i386/thread_status.h
+mach/i386/vm_param.h
+mach/i386/vm_types.h
+mach/kern_return.h
+mach/kmod.h
+mach/lock_set.defs
+mach/lock_set.h
+mach/mach.h
+mach/mach_error.h
+mach/mach_exc.defs
+mach/mach_host.defs
+mach/mach_host.h
+mach/mach_init.h
+mach/mach_interface.h
+mach/mach_param.h
+mach/mach_port.defs
+mach/mach_port.h
+mach/mach_port_internal.h
+mach/mach_syscalls.h
+mach/mach_time.h
+mach/mach_traps.h
+mach/mach_types.defs
+mach/mach_types.h
+mach/mach_vm.defs
+mach/mach_vm.h
+mach/mach_vm_internal.h
+mach/mach_voucher.defs
+mach/mach_voucher.h
+mach/mach_voucher_attr_control.defs
+mach/mach_voucher_types.h
+mach/machine.h
+mach/machine/asm.h
+mach/machine/boolean.h
+mach/machine/exception.h
+mach/machine/kern_return.h
+mach/machine/machine_types.defs
+mach/machine/ndr_def.h
+mach/machine/processor_info.h
+mach/machine/rpc.h
+mach/machine/sdt.h
+mach/machine/sdt_isa.h
+mach/machine/thread_state.h
+mach/machine/thread_status.h
+mach/machine/vm_param.h
+mach/machine/vm_types.h
+mach/memory_object_types.h
+mach/message.h
+mach/mig.h
+mach/mig_errors.h
+mach/mig_strncpy_zerofill_support.h
+mach/mig_voucher_support.h
+mach/ndr.h
+mach/notify.defs
+mach/notify.h
+mach/policy.h
+mach/port.h
+mach/port_obj.h
+mach/processor.defs
+mach/processor.h
+mach/processor_info.h
+mach/processor_set.defs
+mach/processor_set.h
+mach/rpc.h
+mach/sdt.h
+mach/semaphore.h
+mach/shared_memory_server.h
+mach/shared_region.h
+mach/std_types.defs
+mach/std_types.h
+mach/sync.h
+mach/sync_policy.h
+mach/task.defs
+mach/task.h
+mach/task_access.defs
+mach/task_info.h
+mach/task_policy.h
+mach/task_special_ports.h
+mach/telemetry_notification.defs
+mach/thread_act.defs
+mach/thread_act.h
+mach/thread_act_internal.h
+mach/thread_info.h
+mach/thread_policy.h
+mach/thread_special_ports.h
+mach/thread_state.h
+mach/thread_status.h
+mach/thread_switch.h
+mach/time_value.h
+mach/vm_attributes.h
+mach/vm_behavior.h
+mach/vm_inherit.h
+mach/vm_map.defs
+mach/vm_map.h
+mach/vm_map_internal.h
+mach/vm_page_size.h
+mach/vm_param.h
+mach/vm_prot.h
+mach/vm_purgable.h
+mach/vm_region.h
+mach/vm_statistics.h
+mach/vm_sync.h
+mach/vm_task.h
+mach/vm_types.h
+mach_debug/hash_info.h
+mach_debug/ipc_info.h
+mach_debug/lockgroup_info.h
+mach_debug/mach_debug.h
+mach_debug/mach_debug_types.defs
+mach_debug/mach_debug_types.h
+mach_debug/page_info.h
+mach_debug/vm_info.h
+mach_debug/zone_info.h
+machine/_limits.h
+machine/_mcontext.h
+machine/_param.h
+machine/_types.h
+machine/byte_order.h
+machine/endian.h
+machine/fasttrap_isa.h
+machine/limits.h
+machine/param.h
+machine/profile.h
+machine/signal.h
+machine/types.h
+machine/vmparam.h
+malloc/malloc.h
+math.h
+membership.h
+membershipPriv.h
+memory.h
+menu.h
+miscfs/devfs/devfs.h
+miscfs/specfs/specdev.h
+miscfs/union/union.h
+mntopts.h
+monetary.h
+monitor.h
+mpool.h
+msgcat.h
+nameser.h
+nc_tparm.h
+ncurses_dll.h
+ndbm.h
+net/bpf.h
+net/dlil.h
+net/ethernet.h
+net/if.h
+net/if_arp.h
+net/if_dl.h
+net/if_llc.h
+net/if_media.h
+net/if_mib.h
+net/if_types.h
+net/if_utun.h
+net/if_var.h
+net/kext_net.h
+net/ndrv.h
+net/net_kev.h
+net/pfkeyv2.h
+net/route.h
+netdb.h
+netdb_async.h
+netinet/bootp.h
+netinet/icmp6.h
+netinet/icmp_var.h
+netinet/if_ether.h
+netinet/igmp.h
+netinet/igmp_var.h
+netinet/in.h
+netinet/in_pcb.h
+netinet/in_systm.h
+netinet/in_var.h
+netinet/ip.h
+netinet/ip6.h
+netinet/ip_icmp.h
+netinet/ip_var.h
+netinet/tcp.h
+netinet/tcp_fsm.h
+netinet/tcp_seq.h
+netinet/tcp_timer.h
+netinet/tcp_var.h
+netinet/tcpip.h
+netinet/udp.h
+netinet/udp_var.h
+netinet6/ah.h
+netinet6/esp.h
+netinet6/in6.h
+netinet6/in6_var.h
+netinet6/ipcomp.h
+netinet6/ipsec.h
+netinet6/nd6.h
+netinet6/raw_ip6.h
+netinet6/scope6_var.h
+netkey/keysock.h
+nfs/krpc.h
+nfs/nfs.h
+nfs/nfs_gss.h
+nfs/nfs_ioctl.h
+nfs/nfs_lock.h
+nfs/nfsdiskless.h
+nfs/nfsm_subs.h
+nfs/nfsmount.h
+nfs/nfsnode.h
+nfs/nfsproto.h
+nfs/nfsrvcache.h
+nfs/rpcv2.h
+nfs/xdr_subs.h
+nl_types.h
+nlist.h
+notify.h
+notify_keys.h
+ntsid.h
+objc-shared-cache.h
+os/activity.h
+os/alloc_once_impl.h
+os/assumes.h
+os/availability.h
+os/base.h
+os/base_private.h
+os/debug_private.h
+os/internal/atomic.h
+os/internal/crashlog.h
+os/internal/internal_shared.h
+os/lock.h
+os/lock_private.h
+os/log.h
+os/object.h
+os/object_private.h
+os/once_private.h
+os/overflow.h
+os/semaphore_private.h
+os/trace.h
+os/tsd.h
+os/voucher_activity_private.h
+os/voucher_private.h
+osfmk/UserNotification/KUNCUserNotifications.h
+osfmk/UserNotification/UNDReply.defs
+osfmk/UserNotification/UNDRequest.defs
+osfmk/UserNotification/UNDTypes.defs
+osfmk/UserNotification/UNDTypes.h
+osfmk/atm/atm_internal.h
+osfmk/atm/atm_notification.defs
+osfmk/atm/atm_types.defs
+osfmk/atm/atm_types.h
+osfmk/bank/bank_types.h
+osfmk/console/video_console.h
+osfmk/corpses/task_corpse.h
+osfmk/default_pager/default_pager_types.h
+osfmk/device/device.defs
+osfmk/device/device_port.h
+osfmk/device/device_types.defs
+osfmk/device/device_types.h
+osfmk/gssd/gssd_mach.defs
+osfmk/gssd/gssd_mach.h
+osfmk/gssd/gssd_mach_types.h
+osfmk/i386/apic.h
+osfmk/i386/asm.h
+osfmk/i386/atomic.h
+osfmk/i386/bit_routines.h
+osfmk/i386/cpu_capabilities.h
+osfmk/i386/cpu_data.h
+osfmk/i386/cpu_number.h
+osfmk/i386/cpu_topology.h
+osfmk/i386/cpuid.h
+osfmk/i386/eflags.h
+osfmk/i386/io_map_entries.h
+osfmk/i386/lapic.h
+osfmk/i386/lock.h
+osfmk/i386/locks.h
+osfmk/i386/machine_cpu.h
+osfmk/i386/machine_routines.h
+osfmk/i386/mp.h
+osfmk/i386/mp_desc.h
+osfmk/i386/mp_events.h
+osfmk/i386/mtrr.h
+osfmk/i386/pal_hibernate.h
+osfmk/i386/pal_native.h
+osfmk/i386/pal_routines.h
+osfmk/i386/panic_hooks.h
+osfmk/i386/pmCPU.h
+osfmk/i386/pmap.h
+osfmk/i386/proc_reg.h
+osfmk/i386/rtclock_protos.h
+osfmk/i386/seg.h
+osfmk/i386/simple_lock.h
+osfmk/i386/smp.h
+osfmk/i386/tsc.h
+osfmk/i386/tss.h
+osfmk/i386/ucode.h
+osfmk/i386/vmx.h
+osfmk/ipc/ipc_types.h
+osfmk/kdp/kdp_callout.h
+osfmk/kdp/kdp_dyld.h
+osfmk/kdp/kdp_en_debugger.h
+osfmk/kern/affinity.h
+osfmk/kern/assert.h
+osfmk/kern/audit_sessionport.h
+osfmk/kern/backtrace.h
+osfmk/kern/bits.h
+osfmk/kern/block_hint.h
+osfmk/kern/call_entry.h
+osfmk/kern/clock.h
+osfmk/kern/coalition.h
+osfmk/kern/cpu_data.h
+osfmk/kern/cpu_number.h
+osfmk/kern/debug.h
+osfmk/kern/ecc.h
+osfmk/kern/energy_perf.h
+osfmk/kern/exc_resource.h
+osfmk/kern/extmod_statistics.h
+osfmk/kern/host.h
+osfmk/kern/hv_support.h
+osfmk/kern/ipc_mig.h
+osfmk/kern/ipc_misc.h
+osfmk/kern/kalloc.h
+osfmk/kern/kcdata.h
+osfmk/kern/kern_cdata.h
+osfmk/kern/kern_types.h
+osfmk/kern/kext_alloc.h
+osfmk/kern/kpc.h
+osfmk/kern/ledger.h
+osfmk/kern/lock.h
+osfmk/kern/locks.h
+osfmk/kern/mach_param.h
+osfmk/kern/macro_help.h
+osfmk/kern/page_decrypt.h
+osfmk/kern/pms.h
+osfmk/kern/policy_internal.h
+osfmk/kern/processor.h
+osfmk/kern/queue.h
+osfmk/kern/sched_prim.h
+osfmk/kern/sfi.h
+osfmk/kern/simple_lock.h
+osfmk/kern/startup.h
+osfmk/kern/task.h
+osfmk/kern/telemetry.h
+osfmk/kern/thread.h
+osfmk/kern/thread_call.h
+osfmk/kern/timer_call.h
+osfmk/kern/waitq.h
+osfmk/kern/zalloc.h
+osfmk/kextd/kextd_mach.defs
+osfmk/kextd/kextd_mach.h
+osfmk/kperf/action.h
+osfmk/kperf/context.h
+osfmk/kperf/kdebug_trigger.h
+osfmk/kperf/kperf.h
+osfmk/kperf/kperf_timer.h
+osfmk/kperf/kperfbsd.h
+osfmk/kperf/pet.h
+osfmk/lockd/lockd_mach.defs
+osfmk/lockd/lockd_mach.h
+osfmk/lockd/lockd_mach_types.h
+osfmk/mach/audit_triggers.defs
+osfmk/mach/audit_triggers_server.h
+osfmk/mach/boolean.h
+osfmk/mach/branch_predicates.h
+osfmk/mach/clock.defs
+osfmk/mach/clock.h
+osfmk/mach/clock_priv.defs
+osfmk/mach/clock_priv.h
+osfmk/mach/clock_reply.defs
+osfmk/mach/clock_reply_server.h
+osfmk/mach/clock_types.defs
+osfmk/mach/clock_types.h
+osfmk/mach/coalition.h
+osfmk/mach/coalition_notification_server.h
+osfmk/mach/dyld_kernel.h
+osfmk/mach/error.h
+osfmk/mach/exc.defs
+osfmk/mach/exc_server.h
+osfmk/mach/exception.h
+osfmk/mach/exception_types.h
+osfmk/mach/host_info.h
+osfmk/mach/host_notify.h
+osfmk/mach/host_notify_reply.defs
+osfmk/mach/host_priv.defs
+osfmk/mach/host_priv.h
+osfmk/mach/host_reboot.h
+osfmk/mach/host_security.defs
+osfmk/mach/host_security.h
+osfmk/mach/host_special_ports.h
+osfmk/mach/i386/_structs.h
+osfmk/mach/i386/asm.h
+osfmk/mach/i386/boolean.h
+osfmk/mach/i386/exception.h
+osfmk/mach/i386/fp_reg.h
+osfmk/mach/i386/kern_return.h
+osfmk/mach/i386/ndr_def.h
+osfmk/mach/i386/processor_info.h
+osfmk/mach/i386/rpc.h
+osfmk/mach/i386/sdt_isa.h
+osfmk/mach/i386/syscall_sw.h
+osfmk/mach/i386/thread_state.h
+osfmk/mach/i386/thread_status.h
+osfmk/mach/i386/vm_param.h
+osfmk/mach/i386/vm_types.h
+osfmk/mach/kern_return.h
+osfmk/mach/kmod.h
+osfmk/mach/ktrace_background.h
+osfmk/mach/lock_set.defs
+osfmk/mach/lock_set.h
+osfmk/mach/mach_exc.defs
+osfmk/mach/mach_exc_server.h
+osfmk/mach/mach_host.defs
+osfmk/mach/mach_host.h
+osfmk/mach/mach_interface.h
+osfmk/mach/mach_param.h
+osfmk/mach/mach_port.defs
+osfmk/mach/mach_port.h
+osfmk/mach/mach_syscalls.h
+osfmk/mach/mach_time.h
+osfmk/mach/mach_traps.h
+osfmk/mach/mach_types.defs
+osfmk/mach/mach_types.h
+osfmk/mach/mach_vm.defs
+osfmk/mach/mach_vm.h
+osfmk/mach/mach_voucher.defs
+osfmk/mach/mach_voucher.h
+osfmk/mach/mach_voucher_attr_control.defs
+osfmk/mach/mach_voucher_attr_control.h
+osfmk/mach/mach_voucher_types.h
+osfmk/mach/machine.h
+osfmk/mach/machine/asm.h
+osfmk/mach/machine/boolean.h
+osfmk/mach/machine/exception.h
+osfmk/mach/machine/kern_return.h
+osfmk/mach/machine/machine_types.defs
+osfmk/mach/machine/ndr_def.h
+osfmk/mach/machine/processor_info.h
+osfmk/mach/machine/rpc.h
+osfmk/mach/machine/sdt.h
+osfmk/mach/machine/sdt_isa.h
+osfmk/mach/machine/syscall_sw.h
+osfmk/mach/machine/thread_state.h
+osfmk/mach/machine/thread_status.h
+osfmk/mach/machine/vm_param.h
+osfmk/mach/machine/vm_types.h
+osfmk/mach/memory_object_control.h
+osfmk/mach/memory_object_default_server.h
+osfmk/mach/memory_object_types.h
+osfmk/mach/message.h
+osfmk/mach/mig.h
+osfmk/mach/mig_errors.h
+osfmk/mach/mig_strncpy_zerofill_support.h
+osfmk/mach/mig_voucher_support.h
+osfmk/mach/ndr.h
+osfmk/mach/notify.defs
+osfmk/mach/notify.h
+osfmk/mach/notify_server.h
+osfmk/mach/policy.h
+osfmk/mach/port.h
+osfmk/mach/processor.defs
+osfmk/mach/processor.h
+osfmk/mach/processor_info.h
+osfmk/mach/processor_set.defs
+osfmk/mach/processor_set.h
+osfmk/mach/resource_monitors.h
+osfmk/mach/rpc.h
+osfmk/mach/sdt.h
+osfmk/mach/semaphore.h
+osfmk/mach/sfi_class.h
+osfmk/mach/shared_memory_server.h
+osfmk/mach/shared_region.h
+osfmk/mach/std_types.defs
+osfmk/mach/std_types.h
+osfmk/mach/sync_policy.h
+osfmk/mach/syscall_sw.h
+osfmk/mach/sysdiagnose_notification_server.h
+osfmk/mach/task.defs
+osfmk/mach/task.h
+osfmk/mach/task_access.defs
+osfmk/mach/task_access.h
+osfmk/mach/task_access_server.h
+osfmk/mach/task_info.h
+osfmk/mach/task_policy.h
+osfmk/mach/task_special_ports.h
+osfmk/mach/telemetry_notification.defs
+osfmk/mach/telemetry_notification_server.h
+osfmk/mach/thread_act.defs
+osfmk/mach/thread_act.h
+osfmk/mach/thread_info.h
+osfmk/mach/thread_policy.h
+osfmk/mach/thread_special_ports.h
+osfmk/mach/thread_status.h
+osfmk/mach/thread_switch.h
+osfmk/mach/time_value.h
+osfmk/mach/upl.h
+osfmk/mach/vm_attributes.h
+osfmk/mach/vm_behavior.h
+osfmk/mach/vm_inherit.h
+osfmk/mach/vm_map.defs
+osfmk/mach/vm_map.h
+osfmk/mach/vm_param.h
+osfmk/mach/vm_prot.h
+osfmk/mach/vm_purgable.h
+osfmk/mach/vm_region.h
+osfmk/mach/vm_statistics.h
+osfmk/mach/vm_sync.h
+osfmk/mach/vm_types.h
+osfmk/mach_debug/hash_info.h
+osfmk/mach_debug/ipc_info.h
+osfmk/mach_debug/lockgroup_info.h
+osfmk/mach_debug/mach_debug.h
+osfmk/mach_debug/mach_debug_types.defs
+osfmk/mach_debug/mach_debug_types.h
+osfmk/mach_debug/page_info.h
+osfmk/mach_debug/vm_info.h
+osfmk/mach_debug/zone_info.h
+osfmk/machine/atomic.h
+osfmk/machine/cpu_capabilities.h
+osfmk/machine/cpu_number.h
+osfmk/machine/io_map_entries.h
+osfmk/machine/lock.h
+osfmk/machine/locks.h
+osfmk/machine/machine_cpuid.h
+osfmk/machine/machine_kpc.h
+osfmk/machine/machine_routines.h
+osfmk/machine/pal_hibernate.h
+osfmk/machine/pal_routines.h
+osfmk/machine/simple_lock.h
+osfmk/prng/random.h
+osfmk/string.h
+osfmk/vm/WKdm_new.h
+osfmk/vm/pmap.h
+osfmk/vm/vm_compressor_algorithms.h
+osfmk/vm/vm_fault.h
+osfmk/vm/vm_kern.h
+osfmk/vm/vm_map.h
+osfmk/vm/vm_options.h
+osfmk/vm/vm_pageout.h
+osfmk/vm/vm_protos.h
+osfmk/vm/vm_shared_region.h
+osfmk/voucher/ipc_pthread_priority_types.h
+osfmk/x86_64/machine_kpc.h
+panel.h
+paths.h
+pexpert/boot.h
+pexpert/i386/boot.h
+pexpert/i386/efi.h
+pexpert/i386/protos.h
+pexpert/machine/boot.h
+pexpert/machine/protos.h
+pexpert/pexpert.h
+pexpert/pexpert/boot.h
+pexpert/pexpert/device_tree.h
+pexpert/pexpert/i386/boot.h
+pexpert/pexpert/i386/efi.h
+pexpert/pexpert/i386/protos.h
+pexpert/pexpert/machine/boot.h
+pexpert/pexpert/machine/protos.h
+pexpert/pexpert/pexpert.h
+pexpert/pexpert/protos.h
+pexpert/protos.h
+platform/compat.h
+platform/introspection_private.h
+platform/string.h
+poll.h
+printerdb.h
+printf.h
+protocols/routed.h
+protocols/rwhod.h
+protocols/talkd.h
+protocols/timed.h
+pthread.h
+pthread/introspection.h
+pthread/pthread.h
+pthread/pthread_impl.h
+pthread/pthread_spis.h
+pthread/qos.h
+pthread/sched.h
+pthread/spawn.h
+pthread_impl.h
+pthread_spis.h
+pthread_workqueue.h
+pwd.h
+ranlib.h
+readpassphrase.h
+reboot2.h
+regex.h
+removefile.h
+resolv.h
+rpc/auth.h
+rpc/auth_unix.h
+rpc/clnt.h
+rpc/pmap_clnt.h
+rpc/pmap_prot.h
+rpc/pmap_rmt.h
+rpc/rpc.h
+rpc/rpc_msg.h
+rpc/svc.h
+rpc/svc_auth.h
+rpc/types.h
+rpc/xdr.h
+rpcsvc/yp_prot.h
+rpcsvc/ypclnt.h
+runetype.h
+sched.h
+search.h
+secure/_common.h
+secure/_stdio.h
+secure/_string.h
+security/audit/audit_ioctl.h
+security/mac.h
+security/mac_policy.h
+security/security/_label.h
+security/security/mac.h
+security/security/mac_alloc.h
+security/security/mac_data.h
+security/security/mac_framework.h
+security/security/mac_internal.h
+security/security/mac_mach_internal.h
+security/security/mac_policy.h
+semaphore.h
+servers/bootstrap.h
+servers/bootstrap_defs.h
+servers/key_defs.h
+servers/ls_defs.h
+servers/netname.h
+servers/netname_defs.h
+servers/nm_defs.h
+setjmp.h
+sgtty.h
+si_data.h
+si_module.h
+signal.h
+spawn.h
+stab.h
+standards.h
+stdarg.h
+stddef.h
+stdint.h
+stdio.h
+stdlib.h
+strhash.h
+string.h
+stringlist.h
+strings.h
+struct.h
+sys/_endian.h
+sys/_posix_availability.h
+sys/_pthread/_pthread_attr_t.h
+sys/_pthread/_pthread_cond_t.h
+sys/_pthread/_pthread_condattr_t.h
+sys/_pthread/_pthread_key_t.h
+sys/_pthread/_pthread_mutex_t.h
+sys/_pthread/_pthread_mutexattr_t.h
+sys/_pthread/_pthread_once_t.h
+sys/_pthread/_pthread_rwlock_t.h
+sys/_pthread/_pthread_rwlockattr_t.h
+sys/_pthread/_pthread_t.h
+sys/_pthread/_pthread_types.h
+sys/_select.h
+sys/_structs.h
+sys/_symbol_aliasing.h
+sys/_types.h
+sys/_types/_blkcnt_t.h
+sys/_types/_blksize_t.h
+sys/_types/_clock_t.h
+sys/_types/_ct_rune_t.h
+sys/_types/_dev_t.h
+sys/_types/_errno_t.h
+sys/_types/_fd_clr.h
+sys/_types/_fd_copy.h
+sys/_types/_fd_def.h
+sys/_types/_fd_isset.h
+sys/_types/_fd_set.h
+sys/_types/_fd_setsize.h
+sys/_types/_fd_zero.h
+sys/_types/_filesec_t.h
+sys/_types/_fsblkcnt_t.h
+sys/_types/_fsfilcnt_t.h
+sys/_types/_fsid_t.h
+sys/_types/_fsobj_id_t.h
+sys/_types/_gid_t.h
+sys/_types/_guid_t.h
+sys/_types/_id_t.h
+sys/_types/_in_addr_t.h
+sys/_types/_in_port_t.h
+sys/_types/_ino64_t.h
+sys/_types/_ino_t.h
+sys/_types/_int16_t.h
+sys/_types/_int32_t.h
+sys/_types/_int64_t.h
+sys/_types/_int8_t.h
+sys/_types/_intptr_t.h
+sys/_types/_iovec_t.h
+sys/_types/_key_t.h
+sys/_types/_mach_port_t.h
+sys/_types/_mbstate_t.h
+sys/_types/_mode_t.h
+sys/_types/_nlink_t.h
+sys/_types/_null.h
+sys/_types/_o_dsync.h
+sys/_types/_o_sync.h
+sys/_types/_off_t.h
+sys/_types/_offsetof.h
+sys/_types/_os_inline.h
+sys/_types/_pid_t.h
+sys/_types/_posix_vdisable.h
+sys/_types/_pthread_attr_t.h
+sys/_types/_pthread_cond_t.h
+sys/_types/_pthread_condattr_t.h
+sys/_types/_pthread_key_t.h
+sys/_types/_pthread_mutex_t.h
+sys/_types/_pthread_mutexattr_t.h
+sys/_types/_pthread_once_t.h
+sys/_types/_pthread_rwlock_t.h
+sys/_types/_pthread_rwlockattr_t.h
+sys/_types/_pthread_t.h
+sys/_types/_pthread_types.h
+sys/_types/_ptrdiff_t.h
+sys/_types/_rsize_t.h
+sys/_types/_rune_t.h
+sys/_types/_s_ifmt.h
+sys/_types/_sa_family_t.h
+sys/_types/_seek_set.h
+sys/_types/_sigaltstack.h
+sys/_types/_sigset_t.h
+sys/_types/_size_t.h
+sys/_types/_socklen_t.h
+sys/_types/_ssize_t.h
+sys/_types/_suseconds_t.h
+sys/_types/_time_t.h
+sys/_types/_timespec.h
+sys/_types/_timeval.h
+sys/_types/_timeval32.h
+sys/_types/_timeval64.h
+sys/_types/_u_int16_t.h
+sys/_types/_u_int32_t.h
+sys/_types/_u_int64_t.h
+sys/_types/_u_int8_t.h
+sys/_types/_ucontext.h
+sys/_types/_ucontext64.h
+sys/_types/_uid_t.h
+sys/_types/_uintptr_t.h
+sys/_types/_useconds_t.h
+sys/_types/_uuid_t.h
+sys/_types/_va_list.h
+sys/_types/_wchar_t.h
+sys/_types/_wint_t.h
+sys/acct.h
+sys/acl.h
+sys/aio.h
+sys/appleapiopts.h
+sys/attr.h
+sys/buf.h
+sys/cdefs.h
+sys/clonefile.h
+sys/conf.h
+sys/dir.h
+sys/dirent.h
+sys/disk.h
+sys/dkstat.h
+sys/domain.h
+sys/dtrace.h
+sys/dtrace_glue.h
+sys/dtrace_impl.h
+sys/errno.h
+sys/ev.h
+sys/event.h
+sys/fasttrap.h
+sys/fasttrap_isa.h
+sys/fcntl.h
+sys/file.h
+sys/filedesc.h
+sys/filio.h
+sys/gmon.h
+sys/ioccom.h
+sys/ioctl.h
+sys/ioctl_compat.h
+sys/ipc.h
+sys/kauth.h
+sys/kdebug.h
+sys/kdebug_signpost.h
+sys/kern_control.h
+sys/kern_event.h
+sys/kernel.h
+sys/kernel_types.h
+sys/lctx.h
+sys/loadable_fs.h
+sys/lock.h
+sys/lockf.h
+sys/lockstat.h
+sys/malloc.h
+sys/mbuf.h
+sys/mman.h
+sys/mount.h
+sys/msg.h
+sys/msgbuf.h
+sys/netport.h
+sys/param.h
+sys/paths.h
+sys/pipe.h
+sys/poll.h
+sys/posix_sem.h
+sys/posix_shm.h
+sys/proc.h
+sys/proc_info.h
+sys/protosw.h
+sys/ptrace.h
+sys/qos.h
+sys/qos_private.h
+sys/queue.h
+sys/quota.h
+sys/random.h
+sys/rbtree.h
+sys/reboot.h
+sys/resource.h
+sys/resourcevar.h
+sys/sbuf.h
+sys/sdt.h
+sys/select.h
+sys/sem.h
+sys/semaphore.h
+sys/shm.h
+sys/signal.h
+sys/signalvar.h
+sys/socket.h
+sys/socketvar.h
+sys/sockio.h
+sys/spawn.h
+sys/stat.h
+sys/statvfs.h
+sys/stdio.h
+sys/sys_domain.h
+sys/syscall.h
+sys/sysctl.h
+sys/syslimits.h
+sys/syslog.h
+sys/termios.h
+sys/time.h
+sys/timeb.h
+sys/times.h
+sys/tprintf.h
+sys/trace.h
+sys/tty.h
+sys/ttychars.h
+sys/ttycom.h
+sys/ttydefaults.h
+sys/ttydev.h
+sys/types.h
+sys/ubc.h
+sys/ucontext.h
+sys/ucred.h
+sys/uio.h
+sys/un.h
+sys/unistd.h
+sys/unpcb.h
+sys/user.h
+sys/utfconv.h
+sys/utsname.h
+sys/vadvise.h
+sys/vcmd.h
+sys/vm.h
+sys/vmmeter.h
+sys/vmparam.h
+sys/vnioctl.h
+sys/vnode.h
+sys/vnode_if.h
+sys/vstat.h
+sys/wait.h
+sys/xattr.h
+sysexits.h
+syslog.h
+tar.h
+term.h
+term_entry.h
+termcap.h
+termios.h
+thread_data.h
+tic.h
+time.h
+timeconv.h
+ttyent.h
+tzfile.h
+tzlink.h
+tzlink_internal.h
+ucontext.h
+ulimit.h
+unctrl.h
+unistd.h
+util.h
+utime.h
+utmpx.h
+utmpx_thread.h
+uuid/uuid.h
+vfs/vfs_support.h
+vis.h
+voucher/ipc_pthread_priority_types.h
+vproc.h
+vproc_internal.h
+vproc_priv.h
+wchar.h
+wctype.h
+wipefs.h
+wordexp.h
+xlocale.h
+xlocale/__wctype.h
+xlocale/_ctype.h
+xlocale/_inttypes.h
+xlocale/_langinfo.h
+xlocale/_monetary.h
+xlocale/_regex.h
+xlocale/_stdio.h
+xlocale/_stdlib.h
+xlocale/_string.h
+xlocale/_time.h
+xlocale/_wchar.h
+xlocale/_wctype.h
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/reexported_libraries b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/reexported_libraries
deleted file mode 100644
index edc2e759a29..00000000000
--- a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/reexported_libraries
+++ /dev/null
@@ -1,41 +0,0 @@
-# These are generated with otool -L /usr/lib/libSystem.dylib on a 10.11 machine
-/usr/lib/system/libcache.dylib
-/usr/lib/system/libcommonCrypto.dylib
-/usr/lib/system/libcompiler_rt.dylib
-/usr/lib/system/libcopyfile.dylib
-/usr/lib/system/libcorecrypto.dylib
-/usr/lib/system/libdispatch.dylib
-/usr/lib/system/libdyld.dylib
-/usr/lib/system/libkeymgr.dylib
-/usr/lib/system/liblaunch.dylib
-/usr/lib/system/libmacho.dylib
-/usr/lib/system/libquarantine.dylib
-/usr/lib/system/libremovefile.dylib
-/usr/lib/system/libsystem_asl.dylib
-/usr/lib/system/libsystem_blocks.dylib
-
-# We handle this specially in the expression
-# /usr/lib/system/libsystem_c.dylib
-
-/usr/lib/system/libsystem_configuration.dylib
-/usr/lib/system/libsystem_coreservices.dylib
-# /usr/lib/system/libsystem_coretls.dylib  # Removed in 10.13
-/usr/lib/system/libsystem_dnssd.dylib
-/usr/lib/system/libsystem_info.dylib
-
-# We handle this specially in the expression
-# /usr/lib/system/libsystem_kernel.dylib
-
-/usr/lib/system/libsystem_m.dylib
-/usr/lib/system/libsystem_malloc.dylib
-# /usr/lib/system/libsystem_network.dylib  # Removed in 10.14
-/usr/lib/system/libsystem_networkextension.dylib
-/usr/lib/system/libsystem_notify.dylib
-/usr/lib/system/libsystem_platform.dylib
-/usr/lib/system/libsystem_pthread.dylib
-/usr/lib/system/libsystem_sandbox.dylib
-/usr/lib/system/libsystem_secinit.dylib
-/usr/lib/system/libsystem_trace.dylib
-/usr/lib/system/libunc.dylib
-/usr/lib/system/libunwind.dylib
-/usr/lib/system/libxpc.dylib
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix b/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix
index e04142b8b11..bb09adce252 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Security/boot.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenv, darwin-stubs }:
 
-appleDerivation {
+appleDerivation' stdenv {
   phases = [ "unpackPhase" "installPhase" ];
 
   __propagatedImpureHostDeps = [
@@ -12,14 +12,15 @@ appleDerivation {
   ];
 
   installPhase = ''
-    ###### IMPURITIES
     mkdir -p $out/Library/Frameworks/Security.framework
-    pushd $out/Library/Frameworks/Security.framework
-    ln -s /System/Library/Frameworks/Security.framework/Security
-    ln -s /System/Library/Frameworks/Security.framework/Resources
-    ln -s /System/Library/Frameworks/Security.framework/PlugIns
-    ln -s /System/Library/Frameworks/Security.framework/XPCServices
-    popd
+
+    ###### IMPURITIES
+    ln -s /System/Library/Frameworks/Security.framework/{Resources,Plugins,XPCServices} \
+      $out/Library/Frameworks/Security.framework
+
+    ###### STUBS
+    cp ${darwin-stubs}/System/Library/Frameworks/Security.framework/Versions/A/Security.tbd \
+      $out/Library/Frameworks/Security.framework
 
     ###### HEADERS
 
diff --git a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/boot.nix b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/boot.nix
index 2a2d4cbe493..2ca2d061591 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/boot.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/boot.nix
@@ -1,4 +1,4 @@
-{ stdenv, appleDerivation, fetchzip, bsdmake, perl, flex, yacc
+{ lib, stdenv, buildPackages, appleDerivation, fetchzip, bsdmake, perl, flex, bison
 }:
 
 # this derivation sucks
@@ -16,7 +16,8 @@ let recentAdvCmds = fetchzip {
 };
 
 in appleDerivation {
-  nativeBuildInputs = [ bsdmake perl yacc flex ];
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
+  nativeBuildInputs = [ bsdmake perl bison flex ];
   buildInputs = [ flex ];
 
   patchPhase = ''
@@ -61,7 +62,7 @@ in appleDerivation {
 
     bsdmake -C usr-share-locale.tproj
 
-    clang ${recentAdvCmds}/ps/*.c -o ps
+    ${stdenv.cc.targetPrefix}clang ${recentAdvCmds}/ps/*.c -o ps
   '';
 
   installPhase = ''
@@ -85,7 +86,7 @@ in appleDerivation {
   setOutputFlags = false;
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ gridaphobe ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ gridaphobe ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix
index 0cbd7d81b90..6e659df4d62 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix
@@ -1,29 +1,24 @@
-{ stdenv, appleDerivation, xcbuild, ncurses, libutil }:
+{ lib, appleDerivation, xcbuild, ncurses, libutil }:
 
 appleDerivation {
   # We can't just run the root build, because https://github.com/facebook/xcbuild/issues/264
 
+  patchPhase = ''
+    substituteInPlace adv_cmds.xcodeproj/project.pbxproj \
+      --replace '/usr/lib/libtermcap.dylib' 'libncurses.dylib'
+  '';
+
   # pkill requires special private headers that are unavailable in
   # NixPkgs. These ones are needed:
   #  - xpc/xpxc.h
   #  - os/base_private.h
   #  - _simple.h
   # We disable it here for now. TODO: build pkill inside adv_cmds
-
-  # We also disable locale here because of some issues with a missing
-  # "lstdc++".
-  patchPhase = ''
-    substituteInPlace adv_cmds.xcodeproj/project.pbxproj \
-      --replace "FD201DC214369B4200906237 /* pkill.c in Sources */," "" \
-      --replace "FDF278D60FC6204E00D7A3C6 /* locale.cc in Sources */," "" \
-      --replace '/usr/lib/libtermcap.dylib' 'libncurses.dylib'
-  '';
-
   buildPhase = ''
     targets=$(xcodebuild -list \
                 | awk '/Targets:/{p=1;print;next} p&&/^\s*$/{p=0};p' \
                 | tail -n +2 | sed 's/^[ \t]*//' \
-                | grep -v -e Desktop -e Embedded -e mklocale -e colldef)
+                | grep -v -e Desktop -e Embedded -e mklocale -e pkill -e pgrep -e colldef)
 
     for i in $targets; do
       xcodebuild SYMROOT=$PWD/Products OBJROOT=$PWD/Intermediates -target $i
@@ -34,7 +29,7 @@ appleDerivation {
   installPhase = ''
     for f in Products/Release/*; do
       if [ -f $f ]; then
-        install -D $file $out/bin/$(basename $f)
+        install -D $f $out/bin/$(basename $f)
       fi
     done
 
@@ -50,7 +45,7 @@ appleDerivation {
   buildInputs = [ ncurses libutil ];
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix b/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix
index ebeb3ef0884..e0e27255b72 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, appleDerivation }:
+{ lib, appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   dontBuild = true;
 
   postPatch = ''
@@ -13,7 +13,25 @@ appleDerivation {
 
   DSTROOT = "$(out)";
 
-  meta = with stdenv.lib; {
+  appleHeaders = ''
+    architecture/alignment.h
+    architecture/byte_order.h
+    architecture/i386/alignment.h
+    architecture/i386/asm_help.h
+    architecture/i386/byte_order.h
+    architecture/i386/cpu.h
+    architecture/i386/desc.h
+    architecture/i386/fpu.h
+    architecture/i386/frame.h
+    architecture/i386/io.h
+    architecture/i386/pio.h
+    architecture/i386/reg_help.h
+    architecture/i386/sel.h
+    architecture/i386/table.h
+    architecture/i386/tss.h
+  '';
+
+  meta = with lib; {
     maintainers = with maintainers; [ copumpkin ];
     platforms   = platforms.darwin;
     license     = licenses.apsl20;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/basic_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/basic_cmds/default.nix
index eadf18e028e..7d011d2d8cc 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/basic_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/basic_cmds/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, appleDerivation, xcbuildHook }:
+{ lib, appleDerivation, xcbuildHook }:
 
 appleDerivation {
   nativeBuildInputs = [ xcbuildHook ];
@@ -26,7 +26,7 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/bootstrap_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/bootstrap_cmds/default.nix
index 256781f61b1..ff98ed88804 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/bootstrap_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/bootstrap_cmds/default.nix
@@ -1,29 +1,27 @@
-{ stdenv, appleDerivation, yacc, flex }:
+{ lib, appleDerivation, stdenv, bison, flex }:
+
+let
+
+  # Hard to get CC to pull this off without infinite recursion
+  targetTargetPrefix = lib.optionalString
+    (with stdenv; hostPlatform != targetPlatform)
+    (stdenv.targetPlatform.config + "-");
+
+in
 
 appleDerivation {
-  nativeBuildInputs = [ yacc flex ];
+  nativeBuildInputs = [ bison flex ];
 
   buildPhase = ''
     cd migcom.tproj
+
+    # redundant file, don't know why apple not removing it.
+    rm handler.c
+
     yacc -d parser.y
     flex --header-file=lexxer.yy.h -o lexxer.yy.c lexxer.l
 
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o error.o error.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o global.o global.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o handler.o header.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o header.o header.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o mig.o mig.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o routine.o routine.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o server.o server.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o statement.o statement.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o string.o string.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o type.o type.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o user.o user.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o utils.o utils.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o lexxer.yy.o lexxer.yy.c
-    cc -Os -pipe -DMIG_VERSION="" -Wall -mdynamic-no-pic -I. -c -o y.tab.o y.tab.c
-
-    cc -dead_strip -o migcom error.o global.o header.o mig.o routine.o server.o statement.o string.o type.o user.o utils.o lexxer.yy.o y.tab.o
+    $CC -std=gnu99 -Os -dead_strip -DMIG_VERSION=\"$pname-$version\" -I. -o migcom *.c
   '';
 
   installPhase = ''
@@ -37,13 +35,9 @@ appleDerivation {
     cp migcom.1 $out/share/man/man1
 
     substituteInPlace $out/bin/mig \
-      --replace 'arch=`/usr/bin/arch`' 'arch=i386' \
+      --replace 'arch=`/usr/bin/arch`' 'arch=${stdenv.targetPlatform.darwinArch}' \
       --replace '/usr/bin/' "" \
       --replace '/bin/rmdir' "rmdir" \
-      --replace 'C=''${MIGCC}' "C=cc"
+      --replace 'C=''${MIGCC}' "C=${targetTargetPrefix}cc"
   '';
-
-  meta = {
-    platforms = stdenv.lib.platforms.darwin;
-  };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/bsdmake/default.nix b/pkgs/os-specific/darwin/apple-source-releases/bsdmake/default.nix
index 043c7b0bc70..6f666019c3b 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/bsdmake/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/bsdmake/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, appleDerivation, makeWrapper }:
+{ lib, appleDerivation, makeWrapper }:
 
 appleDerivation {
   nativeBuildInputs = [ makeWrapper ];
@@ -44,6 +44,6 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
+    platforms = lib.platforms.darwin;
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix
index 20168d24dd7..879d3a7b5f7 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/configd/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, appleDerivation, launchd, bootstrap_cmds, xnu, ppp, IOKit, eap8021x, Security }:
+{ stdenv, appleDerivation', launchd, bootstrap_cmds, xnu, ppp, IOKit, eap8021x, Security }:
 
-appleDerivation {
+appleDerivation' stdenv {
   meta.broken = stdenv.cc.nativeLibc;
 
   nativeBuildInputs = [ bootstrap_cmds ];
@@ -127,78 +127,78 @@ appleDerivation {
     mig -arch x86_64 -header derived/helper.h          -user derived/helperUser.c          -sheader /dev/null -server /dev/null helper/helper.defs
     mig -arch x86_64 -header derived/pppcontroller.h   -user derived/pppcontrollerUser.c   -sheader /dev/null -server /dev/null pppcontroller.defs
 
-    cc -I. -Ihelper -Iderived -F. -c SCSchemaDefinitions.c -o SCSchemaDefinitions.o
-    cc -I. -Ihelper -Iderived -F. -c SCD.c -o SCD.o
-    cc -I. -Ihelper -Iderived -F. -c SCDKeys.c -o SCDKeys.o
-    cc -I. -Ihelper -Iderived -F. -c SCDPrivate.c -o SCDPrivate.o
-    cc -I. -Ihelper -Iderived -F. -c SCDPlugin.c -o SCDPlugin.o
-    cc -I. -Ihelper -Iderived -F. -c CaptiveNetwork.c -o CaptiveNetwork.o
-    cc -I. -Ihelper -Iderived -F. -c SCDOpen.c -o SCDOpen.o
-    cc -I. -Ihelper -Iderived -F. -c SCDList.c -o SCDList.o
-    cc -I. -Ihelper -Iderived -F. -c SCDAdd.c -o SCDAdd.o
-    cc -I. -Ihelper -Iderived -F. -c SCDGet.c -o SCDGet.o
-    cc -I. -Ihelper -Iderived -F. -c SCDSet.c -o SCDSet.o
-    cc -I. -Ihelper -Iderived -F. -c SCDRemove.c -o SCDRemove.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotify.c -o SCDNotify.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierSetKeys.c -o SCDNotifierSetKeys.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierAdd.c -o SCDNotifierAdd.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierRemove.c -o SCDNotifierRemove.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierGetChanges.c -o SCDNotifierGetChanges.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierWait.c -o SCDNotifierWait.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierInformViaCallback.c -o SCDNotifierInformViaCallback.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierInformViaFD.c -o SCDNotifierInformViaFD.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierInformViaSignal.c -o SCDNotifierInformViaSignal.o
-    cc -I. -Ihelper -Iderived -F. -c SCDNotifierCancel.c -o SCDNotifierCancel.o
-    cc -I. -Ihelper -Iderived -F. -c SCDSnapshot.c -o SCDSnapshot.o
-    cc -I. -Ihelper -Iderived -F. -c SCP.c -o SCP.o
-    cc -I. -Ihelper -Iderived -F. -c SCPOpen.c -o SCPOpen.o
-    cc -I. -Ihelper -Iderived -F. -c SCPLock.c -o SCPLock.o
-    cc -I. -Ihelper -Iderived -F. -c SCPUnlock.c -o SCPUnlock.o
-    cc -I. -Ihelper -Iderived -F. -c SCPList.c -o SCPList.o
-    cc -I. -Ihelper -Iderived -F. -c SCPGet.c -o SCPGet.o
-    cc -I. -Ihelper -Iderived -F. -c SCPAdd.c -o SCPAdd.o
-    cc -I. -Ihelper -Iderived -F. -c SCPSet.c -o SCPSet.o
-    cc -I. -Ihelper -Iderived -F. -c SCPRemove.c -o SCPRemove.o
-    cc -I. -Ihelper -Iderived -F. -c SCPCommit.c -o SCPCommit.o
-    cc -I. -Ihelper -Iderived -F. -c SCPApply.c -o SCPApply.o
-    cc -I. -Ihelper -Iderived -F. -c SCPPath.c -o SCPPath.o
-    cc -I. -Ihelper -Iderived -F. -c SCDConsoleUser.c -o SCDConsoleUser.o
-    cc -I. -Ihelper -Iderived -F. -c SCDHostName.c -o SCDHostName.o
-    cc -I. -Ihelper -Iderived -F. -c SCLocation.c -o SCLocation.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetwork.c -o SCNetwork.o
-    cc -I. -Ihelper -Iderived -F. -c derived/pppcontrollerUser.c -o pppcontrollerUser.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkConnection.c -o SCNetworkConnection.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkConnectionPrivate.c -o SCNetworkConnectionPrivate.o
-    cc -I. -Ihelper -Iderived -I../dnsinfo -F. -c SCNetworkReachability.c -o SCNetworkReachability.o
-    cc -I. -Ihelper -Iderived -F. -c SCProxies.c -o SCProxies.o
-    cc -I. -Ihelper -Iderived -F. -c DHCP.c -o DHCP.o
-    cc -I. -Ihelper -Iderived -F. -c moh.c -o moh.o
-    cc -I. -Ihelper -Iderived -F. -c DeviceOnHold.c -o DeviceOnHold.o
-    cc -I. -Ihelper -Iderived -I $HACK -F. -c LinkConfiguration.c -o LinkConfiguration.o
-    cc -I. -Ihelper -Iderived -F. -c dy_framework.c -o dy_framework.o
-    cc -I. -Ihelper -Iderived -I $HACK -F. -c VLANConfiguration.c -o VLANConfiguration.o
-    cc -I. -Ihelper -Iderived -F. -c derived/configUser.c -o configUser.o
-    cc -I. -Ihelper -Iderived -F. -c SCPreferencesPathKey.c -o SCPreferencesPathKey.o
-    cc -I. -Ihelper -Iderived -I../dnsinfo -F. -c derived/shared_dns_infoUser.c -o shared_dns_infoUser.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkConfigurationInternal.c -o SCNetworkConfigurationInternal.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkInterface.c -o SCNetworkInterface.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkProtocol.c -o SCNetworkProtocol.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkService.c -o SCNetworkService.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkSet.c -o SCNetworkSet.o
-    cc -I. -Ihelper -Iderived -I $HACK -F. -c BondConfiguration.c -o BondConfiguration.o
-    cc -I. -Ihelper -Iderived -I $HACK -F. -c BridgeConfiguration.c -o BridgeConfiguration.o
-    cc -I. -Ihelper -Iderived -F. -c helper/SCHelper_client.c -o SCHelper_client.o
-    cc -I. -Ihelper -Iderived -F. -c SCPreferencesKeychainPrivate.c -o SCPreferencesKeychainPrivate.o
-    cc -I. -Ihelper -Iderived -F. -c SCNetworkSignature.c -o SCNetworkSignature.o
-    cc -I. -Ihelper -Iderived -F. -c VPNPrivate.c -o VPNPrivate.o
-    cc -I. -Ihelper -Iderived -F. -c VPNConfiguration.c -o VPNConfiguration.o
-    cc -I. -Ihelper -Iderived -F. -c VPNTunnel.c -o VPNTunnel.o
-    cc -I. -Ihelper -Iderived -F. -c derived/helperUser.c -o helperUser.o
-    cc -I. -Ihelper -Iderived -F. -c reachability/SCNetworkReachabilityServer_client.c -o SCNetworkReachabilityServer_client.o
-    cc -I. -Ihelper -Iderived -F. -c reachability/rb.c -o rb.o
-    cc -I. -Ihelper -Iderived -F. -c derived/SystemConfiguration_vers.c -o SystemConfiguration_vers.o
-
-    cc -dynamiclib *.o -install_name $out/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration -dead_strip -framework CoreFoundation -single_module -o SystemConfiguration.framework/SystemConfiguration
+    $CC -I. -Ihelper -Iderived -F. -c SCSchemaDefinitions.c -o SCSchemaDefinitions.o
+    $CC -I. -Ihelper -Iderived -F. -c SCD.c -o SCD.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDKeys.c -o SCDKeys.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDPrivate.c -o SCDPrivate.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDPlugin.c -o SCDPlugin.o
+    $CC -I. -Ihelper -Iderived -F. -c CaptiveNetwork.c -o CaptiveNetwork.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDOpen.c -o SCDOpen.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDList.c -o SCDList.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDAdd.c -o SCDAdd.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDGet.c -o SCDGet.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDSet.c -o SCDSet.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDRemove.c -o SCDRemove.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotify.c -o SCDNotify.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierSetKeys.c -o SCDNotifierSetKeys.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierAdd.c -o SCDNotifierAdd.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierRemove.c -o SCDNotifierRemove.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierGetChanges.c -o SCDNotifierGetChanges.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierWait.c -o SCDNotifierWait.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierInformViaCallback.c -o SCDNotifierInformViaCallback.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierInformViaFD.c -o SCDNotifierInformViaFD.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierInformViaSignal.c -o SCDNotifierInformViaSignal.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDNotifierCancel.c -o SCDNotifierCancel.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDSnapshot.c -o SCDSnapshot.o
+    $CC -I. -Ihelper -Iderived -F. -c SCP.c -o SCP.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPOpen.c -o SCPOpen.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPLock.c -o SCPLock.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPUnlock.c -o SCPUnlock.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPList.c -o SCPList.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPGet.c -o SCPGet.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPAdd.c -o SCPAdd.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPSet.c -o SCPSet.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPRemove.c -o SCPRemove.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPCommit.c -o SCPCommit.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPApply.c -o SCPApply.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPPath.c -o SCPPath.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDConsoleUser.c -o SCDConsoleUser.o
+    $CC -I. -Ihelper -Iderived -F. -c SCDHostName.c -o SCDHostName.o
+    $CC -I. -Ihelper -Iderived -F. -c SCLocation.c -o SCLocation.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetwork.c -o SCNetwork.o
+    $CC -I. -Ihelper -Iderived -F. -c derived/pppcontrollerUser.c -o pppcontrollerUser.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkConnection.c -o SCNetworkConnection.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkConnectionPrivate.c -o SCNetworkConnectionPrivate.o
+    $CC -I. -Ihelper -Iderived -I../dnsinfo -F. -c SCNetworkReachability.c -o SCNetworkReachability.o
+    $CC -I. -Ihelper -Iderived -F. -c SCProxies.c -o SCProxies.o
+    $CC -I. -Ihelper -Iderived -F. -c DHCP.c -o DHCP.o
+    $CC -I. -Ihelper -Iderived -F. -c moh.c -o moh.o
+    $CC -I. -Ihelper -Iderived -F. -c DeviceOnHold.c -o DeviceOnHold.o
+    $CC -I. -Ihelper -Iderived -I $HACK -F. -c LinkConfiguration.c -o LinkConfiguration.o
+    $CC -I. -Ihelper -Iderived -F. -c dy_framework.c -o dy_framework.o
+    $CC -I. -Ihelper -Iderived -I $HACK -F. -c VLANConfiguration.c -o VLANConfiguration.o
+    $CC -I. -Ihelper -Iderived -F. -c derived/configUser.c -o configUser.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPreferencesPathKey.c -o SCPreferencesPathKey.o
+    $CC -I. -Ihelper -Iderived -I../dnsinfo -F. -c derived/shared_dns_infoUser.c -o shared_dns_infoUser.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkConfigurationInternal.c -o SCNetworkConfigurationInternal.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkInterface.c -o SCNetworkInterface.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkProtocol.c -o SCNetworkProtocol.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkService.c -o SCNetworkService.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkSet.c -o SCNetworkSet.o
+    $CC -I. -Ihelper -Iderived -I $HACK -F. -c BondConfiguration.c -o BondConfiguration.o
+    $CC -I. -Ihelper -Iderived -I $HACK -F. -c BridgeConfiguration.c -o BridgeConfiguration.o
+    $CC -I. -Ihelper -Iderived -F. -c helper/SCHelper_client.c -o SCHelper_client.o
+    $CC -I. -Ihelper -Iderived -F. -c SCPreferencesKeychainPrivate.c -o SCPreferencesKeychainPrivate.o
+    $CC -I. -Ihelper -Iderived -F. -c SCNetworkSignature.c -o SCNetworkSignature.o
+    $CC -I. -Ihelper -Iderived -F. -c VPNPrivate.c -o VPNPrivate.o
+    $CC -I. -Ihelper -Iderived -F. -c VPNConfiguration.c -o VPNConfiguration.o
+    $CC -I. -Ihelper -Iderived -F. -c VPNTunnel.c -o VPNTunnel.o
+    $CC -I. -Ihelper -Iderived -F. -c derived/helperUser.c -o helperUser.o
+    $CC -I. -Ihelper -Iderived -F. -c reachability/SCNetworkReachabilityServer_client.c -o SCNetworkReachabilityServer_client.o
+    $CC -I. -Ihelper -Iderived -F. -c reachability/rb.c -o rb.o
+    $CC -I. -Ihelper -Iderived -F. -c derived/SystemConfiguration_vers.c -o SystemConfiguration_vers.o
+
+    $CC -dynamiclib *.o -install_name $out/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration -dead_strip -framework CoreFoundation -single_module -o SystemConfiguration.framework/SystemConfiguration
 
     popd >/dev/null
   '';
diff --git a/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix b/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix
index 7e1dc5309b1..5e7f38e84d7 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   dontBuild = true;
   installPhase = ''
     mkdir -p $out/include/
diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix
index 14c69b84eb4..5e098926d29 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, fetchzip, pkgs }:
+{ lib, stdenv, fetchurl, fetchzip, pkgs }:
 
 let
   # This attrset can in theory be computed automatically, but for that to work nicely we need
@@ -57,6 +57,9 @@ let
       libplatform   = "125";
       mDNSResponder = "625.41.2";
 
+      # IOKit contains a set of packages with different versions, so we don't have a general version
+      IOKit         = "";
+
       libutil       = "43";
       libunwind     = "35.3";
       Librpcsvc     = "26";
@@ -135,35 +138,54 @@ let
     };
   };
 
-  fetchApple = version: sha256: name: let
+  fetchApple' = pname: version: sha256: let
     # When cross-compiling, fetchurl depends on libiconv, resulting
     # in an infinite recursion without this. It's not clear why this
     # worked fine when not cross-compiling
-    fetch = if name == "libiconv"
+    fetch = if pname == "libiconv"
       then stdenv.fetchurlBoot
       else fetchurl;
   in fetch {
-    url = "http://www.opensource.apple.com/tarballs/${name}/${name}-${versions.${version}.${name}}.tar.gz";
+    url = "http://www.opensource.apple.com/tarballs/${pname}/${pname}-${version}.tar.gz";
     inherit sha256;
   };
 
-  appleDerivation_ = name: version: sha256: attrs: stdenv.mkDerivation ({
-    inherit version;
-    name = "${name}-${version}";
+  fetchApple = sdkName: sha256: pname: let
+    version = versions.${sdkName}.${pname};
+  in fetchApple' pname version sha256;
+
+  appleDerivation'' = stdenv: pname: version: sdkName: sha256: attrs: stdenv.mkDerivation ({
+    inherit pname version;
+
+    src = if attrs ? srcs then null else (fetchApple' pname version sha256);
+
     enableParallelBuilding = true;
-    meta = {
-      platforms = stdenv.lib.platforms.darwin;
-    };
-  } // (if attrs ? srcs then {} else {
-    src  = fetchApple version sha256 name;
-  }) // attrs);
 
-  applePackage = namePath: version: sha256:
-    let
-      name = builtins.elemAt (stdenv.lib.splitString "/" namePath) 0;
-      appleDerivation = appleDerivation_ name version sha256;
-      callPackage = pkgs.newScope (packages // pkgs.darwin // { inherit appleDerivation name version; });
-    in callPackage (./. + "/${namePath}");
+    # In rare cases, APPLE may drop some headers quietly on new release.
+    doInstallCheck = attrs ? appleHeaders;
+    passAsFile = [ "appleHeaders" ];
+    installCheckPhase = ''
+      cd $out/include
+
+      result=$(diff -u "$appleHeadersPath" <(find * -type f | sort) --label "Listed in appleHeaders" --label "Found in \$out/include" || true)
+
+      if [ -z "$result" ]; then
+        echo "Apple header list is matched."
+      else
+        echo >&2 "\
+      Apple header list is inconsistent, please ensure no header file is unexpectedly dropped.
+      $result
+      "
+        exit 1
+      fi
+    '';
+
+  } // attrs // {
+    meta = (with lib; {
+      platforms = platforms.darwin;
+      license = licenses.apsl20;
+    }) // (attrs.meta or {});
+  });
 
   IOKitSpecs = {
     IOAudioFamily                        = fetchApple "osx-10.10.5" "0ggq7za3iq8g02j16rj67prqhrw828jsw3ah3bxq8a1cvr55aqnq";
@@ -187,15 +209,40 @@ let
     # There should be an IOVideo here, but they haven't released it :(
   };
 
-  IOKitSrcs = stdenv.lib.mapAttrs (name: value: if stdenv.lib.isFunction value then value name else value) IOKitSpecs;
+  IOKitSrcs = lib.mapAttrs (name: value: if lib.isFunction value then value name else value) IOKitSpecs;
+
+in
+
+# darwin package set
+self:
+
+let
+  macosPackages_11_0_1 = import ./macos-11.0.1.nix { inherit applePackage'; };
+  developerToolsPackages_11_3_1 = import ./developer-tools-11.3.1.nix { inherit applePackage'; };
+
+  applePackage' = namePath: version: sdkName: sha256:
+    let
+      pname = builtins.head (lib.splitString "/" namePath);
+      appleDerivation' = stdenv: appleDerivation'' stdenv pname version sdkName sha256;
+      appleDerivation = appleDerivation' stdenv;
+      callPackage = self.newScope { inherit appleDerivation' appleDerivation; };
+    in callPackage (./. + "/${namePath}");
+
+  applePackage = namePath: sdkName: sha256: let
+    pname = builtins.head (lib.splitString "/" namePath);
+    version = versions.${sdkName}.${pname};
+  in applePackage' namePath version sdkName sha256;
 
   # Only used for bootstrapping. It’s convenient because it was the last version to come with a real makefile.
   adv_cmds-boot = applePackage "adv_cmds/boot.nix" "osx-10.5.8" "102ssayxbg9wb35mdmhswbnw0bg7js3pfd8fcbic83c5q3bqa6c6" {};
 
-  packages = {
+in
+
+developerToolsPackages_11_3_1 // macosPackages_11_0_1 // {
+    # TODO: shorten this list, we should cut down to a minimum set of bootstrap or necessary packages here.
+
     inherit (adv_cmds-boot) ps locale;
     architecture    = applePackage "architecture"      "osx-10.11.6"     "1pbpjcd7is69hn8y29i98ci0byik826if8gnp824ha92h90w0fq3" {};
-    bootstrap_cmds  = applePackage "bootstrap_cmds"    "dev-tools-7.0"   "1v5dv2q3af1xwj5kz0a5g54fd5dm6j4c9dd2g66n4kc44ixyrhp3" {};
     bsdmake         = applePackage "bsdmake"           "dev-tools-3.2.6" "11a9kkhz5bfgi1i8kpdkis78lhc6b5vxmhd598fcdgra1jw4iac2" {};
     CarbonHeaders   = applePackage "CarbonHeaders"     "osx-10.6.2"      "1zam29847cxr6y9rnl76zqmkbac53nx0szmqm9w5p469a6wzjqar" {};
     CommonCrypto    = applePackage "CommonCrypto"      "osx-10.12.6"     "0sgsqjcxbdm2g2zfpc50mzmk4b4ldyw7xvvkwiayhpczg1fga4ff" {};
@@ -207,7 +254,6 @@ let
     dtrace          = applePackage "dtrace"            "osx-10.12.6"     "0hpd6348av463yqf70n3xkygwmf1i5zza8kps4zys52sviqz3a0l" {};
     dyld            = applePackage "dyld"              "osx-10.12.6"     "0q4jmk78b5ajn33blh4agyq6v2a63lpb3fln78az0dy12bnp1qqk" {};
     eap8021x        = applePackage "eap8021x"          "osx-10.11.6"     "0iw0qdib59hihyx2275rwq507bq2a06gaj8db4a8z1rkaj1frskh" {};
-    ICU             = applePackage "ICU"               "osx-10.10.5"     "1qihlp42n5g4dl0sn0f9pc0bkxy1452dxzf0vr6y5gqpshlzy03p" {};
     IOKit           = applePackage "IOKit"             "osx-10.11.6"     "0kcbrlyxcyirvg5p95hjd9k8a01k161zg0bsfgfhkb90kh2s8x00" { inherit IOKitSrcs; };
     launchd         = applePackage "launchd"           "osx-10.9.5"      "0w30hvwqq8j5n90s3qyp0fccxflvrmmjnicjri4i1vd2g196jdgj" {};
     libauto         = applePackage "libauto"           "osx-10.9.5"      "17z27yq5d7zfkwr49r7f0vn9pxvj95884sd2k6lq6rfaz9gxqhy3" {};
@@ -227,17 +273,16 @@ let
     libplatform     = applePackage "libplatform"       "osx-10.12.6"     "0rh1f5ybvwz8s0nwfar8s0fh7jbgwqcy903cv2x8m15iq1x599yn" {};
     libpthread      = applePackage "libpthread"        "osx-10.12.6"     "1j6541rcgjpas1fc77ip5krjgw4bvz6jq7bq7h9q7axb0jv2ns6c" {};
     libresolv       = applePackage "libresolv"         "osx-10.12.6"     "077j6ljfh7amqpk2146rr7dsz5vasvr3als830mgv5jzl7l6vz88" {};
-    Libsystem       = applePackage "Libsystem"         "osx-10.12.6"     "1082ircc1ggaq3wha218vmfa75jqdaqidsy1bmrc4ckfkbr3bwx2" {
-      libutil = pkgs.darwin.libutil.override { headersOnly = true; };
-      hfs = pkgs.darwin.hfs.override { headersOnly = true; };
-    };
+    Libsystem       = applePackage "Libsystem"         "osx-10.12.6"     "1082ircc1ggaq3wha218vmfa75jqdaqidsy1bmrc4ckfkbr3bwx2" {};
     libutil         = applePackage "libutil"           "osx-10.12.6"     "0lqdxaj82h8yjbjm856jjz9k2d96k0viimi881akfng08xk1246y" {};
     libunwind       = applePackage "libunwind"         "osx-10.12.6"     "0miffaa41cv0lzf8az5k1j1ng8jvqvxcr4qrlkf3xyj479arbk1b" {};
     mDNSResponder   = applePackage "mDNSResponder"     "osx-10.12.6"     "02ms1p8zlgmprzn65jzr7yaqxykh3zxjcrw0c06aayim6h0dsqfy" {};
     objc4           = applePackage "objc4"             "osx-10.12.6"     "1cj1vhbcs9pkmag2ms8wslagicnq9bxi2qjkszmp3ys7z7ccrbwz" {};
     ppp             = applePackage "ppp"               "osx-10.12.6"     "1kcc2nc4x1kf8sz0a23i6nfpvxg381kipi0qdisrp8x9z2gbkxb8" {};
     removefile      = applePackage "removefile"        "osx-10.12.6"     "0jzjxbmxgjzhssqd50z7kq9dlwrv5fsdshh57c0f8mdwcs19bsyx" {};
-    xnu             = applePackage "xnu"               "osx-10.12.6"     "1sjb0i7qzz840v2h4z3s4jyjisad4r5yyi6sg8pakv3wd81i5fg5" {};
+    xnu             = applePackage "xnu"               "osx-10.12.6"     "1sjb0i7qzz840v2h4z3s4jyjisad4r5yyi6sg8pakv3wd81i5fg5" {
+      python3 = pkgs.buildPackages.buildPackages.python3; # TODO(@Ericson2314) this shouldn't be needed.
+    };
     hfs             = applePackage "hfs"               "osx-10.12.6"     "1mj3xvqpq1mgd80b6kl1s04knqnap7hccr0gz8rjphalq14rbl5g" {};
     Librpcsvc       = applePackage "Librpcsvc"         "osx-10.11.6"     "1zwfwcl9irxl1dlnf2b4v30vdybp0p0r6n6g1pd14zbdci1jcg2k" {};
     adv_cmds        = applePackage "adv_cmds"          "osx-10.11.6"    "12gbv35i09aij9g90p6b3x2f3ramw43qcb2gjrg8lzkzmwvcyw9q" {};
@@ -252,8 +297,11 @@ let
     top             = applePackage "top"               "osx-10.11.6"     "0i9120rfwapgwdvjbfg0ya143i29s1m8zbddsxh39pdc59xnsg5l" {};
     PowerManagement = applePackage "PowerManagement"   "osx-10.11.6"     "1llimhvp0gjffd47322lnjq7cqwinx0c5z7ikli04ad5srpa68mh" {};
 
+    libutilHeaders  = pkgs.darwin.libutil.override { headersOnly = true; };
+    hfsHeaders      = pkgs.darwin.hfs.override { headersOnly = true; };
+    libresolvHeaders= pkgs.darwin.libresolv.override { headersOnly = true; };
+
     # TODO(matthewbauer):
     # To be removed, once I figure out how to build a newer Security version.
-    Security      = applePackage "Security/boot.nix" "osx-10.9.5"      "1nv0dczf67dhk17hscx52izgdcyacgyy12ag0jh6nl5hmfzsn8yy" {};
-  };
-in packages
+    Security        = applePackage "Security/boot.nix" "osx-10.9.5"      "1nv0dczf67dhk17hscx52izgdcyacgyy12ag0jh6nl5hmfzsn8yy" {};
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/developer-tools-11.3.1.nix b/pkgs/os-specific/darwin/apple-source-releases/developer-tools-11.3.1.nix
new file mode 100644
index 00000000000..f57d224615f
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-source-releases/developer-tools-11.3.1.nix
@@ -0,0 +1,8 @@
+# Generated using:  ./generate-sdk-packages.sh developer-tools 11.3.1
+
+{ applePackage' }:
+
+{
+bootstrap_cmds = applePackage' "bootstrap_cmds" "116" "developer-tools-11.3.1" "148xpqkf5xzpslqxch5l8h6vsz7sys8sdzk4ghbg9mkcivp8qa03" {};
+developer_cmds = applePackage' "developer_cmds" "66" "developer-tools-11.3.1" "0q08m4cxxwph7gxqravmx13l418p1i050bd46zwksn9j9zpw9mlr" {};
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix
index 21971ea2e28..f2c4ec32146 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/default.nix
@@ -1,11 +1,19 @@
-{ stdenv, appleDerivation, xcbuildHook }:
+{ lib, appleDerivation, xcbuildHook, llvmPackages, makeWrapper }:
 
 appleDerivation {
-  nativeBuildInputs = [ xcbuildHook ];
+  nativeBuildInputs = [ xcbuildHook makeWrapper ];
 
-  patchPhase = ''
+  patches = [
+    # The following copied from
+    # https://github.com/Homebrew/homebrew-core/commit/712ed3e948868e17f96b7e59972b5f45d4faf688
+    # is needed to build libvirt.
+    ./rpcgen-support-hyper-and-quad-types.patch
+  ];
+
+  postPatch = ''
+    makeWrapper ${llvmPackages.clang}/bin/clang $out/bin/clang-cpp --add-flags "--driver-mode=cpp"
     substituteInPlace rpcgen/rpc_main.c \
-      --replace "/usr/bin/cpp" "${stdenv.cc}/bin/cpp"
+      --replace "/usr/bin/cpp" "$out/bin/clang-cpp"
   '';
 
   # temporary install phase until xcodebuild has "install" support
@@ -23,7 +31,7 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/rpcgen-support-hyper-and-quad-types.patch b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/rpcgen-support-hyper-and-quad-types.patch
new file mode 100644
index 00000000000..481cf0f3e05
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-source-releases/developer_cmds/rpcgen-support-hyper-and-quad-types.patch
@@ -0,0 +1,66 @@
+diff --git a/rpcgen/rpc_parse.c b/rpcgen/rpc_parse.c
+index 52edc9f..db0c1f1 100644
+--- a/rpcgen/rpc_parse.c
++++ b/rpcgen/rpc_parse.c
+@@ -580,6 +580,10 @@ get_type(prefixp, typep, dkind)
+                *typep = "long";
+                (void) peekscan(TOK_INT, &tok);
+                break;
++        case TOK_HYPER:
++                *typep = "int64_t";
++                (void) peekscan(TOK_INT, &tok);
++                break;
+        case TOK_VOID:
+                if (dkind != DEF_UNION && dkind != DEF_PROGRAM) {
+                        error("voids allowed only inside union and program definitions with one argument");
+@@ -592,6 +596,7 @@ get_type(prefixp, typep, dkind)
+        case TOK_INT:
+        case TOK_FLOAT:
+        case TOK_DOUBLE:
++        case TOK_QUAD:
+        case TOK_BOOL:
+                *typep = tok.str;
+                break;
+@@ -622,6 +627,11 @@ unsigned_dec(typep)
+                *typep = "u_long";
+                (void) peekscan(TOK_INT, &tok);
+                break;
++        case TOK_HYPER:
++                get_token(&tok);
++                *typep = "u_int64_t";
++                (void) peekscan(TOK_INT, &tok);
++                break;
+        case TOK_INT:
+                get_token(&tok);
+                *typep = "u_int";
+diff --git a/rpcgen/rpc_scan.c b/rpcgen/rpc_scan.c
+index a8df441..4130107 100644
+--- a/rpcgen/rpc_scan.c
++++ b/rpcgen/rpc_scan.c
+@@ -419,8 +419,10 @@ static token symbols[] = {
+        {TOK_UNSIGNED, "unsigned"},
+        {TOK_SHORT, "short"},
+        {TOK_LONG, "long"},
++        {TOK_HYPER, "hyper"},
+        {TOK_FLOAT, "float"},
+        {TOK_DOUBLE, "double"},
++        {TOK_QUAD, "quadruple"},
+        {TOK_STRING, "string"},
+        {TOK_PROGRAM, "program"},
+        {TOK_VERSION, "version"},
+diff --git a/rpcgen/rpc_scan.h b/rpcgen/rpc_scan.h
+index bac2be4..e4c57c8 100644
+--- a/rpcgen/rpc_scan.h
++++ b/rpcgen/rpc_scan.h
+@@ -66,9 +66,11 @@ enum tok_kind {
+        TOK_INT,
+        TOK_SHORT,
+        TOK_LONG,
++        TOK_HYPER,
+        TOK_UNSIGNED,
+        TOK_FLOAT,
+        TOK_DOUBLE,
++        TOK_QUAD,
+        TOK_OPAQUE,
+        TOK_CHAR,
+        TOK_STRING, \ No newline at end of file
diff --git a/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix
index 6d3bd103811..1daa4929610 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/diskdev_cmds/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, appleDerivation, xcbuildHook
+{ lib, appleDerivation, xcbuildHook
 , Libc, xnu, libutil }:
 
 appleDerivation {
@@ -32,7 +32,7 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix b/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix
index ddadf1f3940..ca3b70cd092 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix
@@ -1,13 +1,13 @@
-{ stdenv, appleDerivation }:
+{ lib, appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     mkdir -p $out/lib $out/include
     ln -s /usr/lib/dyld $out/lib/dyld
     cp -r include $out/
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Impure primitive symlinks to the Mac OS native dyld, along with headers";
     maintainers = with maintainers; [ copumpkin ];
     platforms   = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix b/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix
index b24d94b9d70..f5c47f01d37 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenv }:
 
-appleDerivation {
+appleDerivation' stdenv {
   dontBuild = true;
   installPhase = ''
     mkdir -p $out/Library/Frameworks/EAP8021X.framework/Headers
diff --git a/pkgs/os-specific/darwin/apple-source-releases/file_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/file_cmds/default.nix
index 5de84d2a6e5..981e1370437 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/file_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/file_cmds/default.nix
@@ -1,8 +1,8 @@
-{ stdenv, appleDerivation, xcbuildHook, zlib, bzip2, lzma, ncurses, libutil }:
+{ lib, appleDerivation, xcbuildHook, zlib, bzip2, xz, ncurses, libutil, Libinfo }:
 
 appleDerivation {
   nativeBuildInputs = [ xcbuildHook ];
-  buildInputs = [ zlib bzip2 lzma ncurses libutil ];
+  buildInputs = [ zlib bzip2 xz ncurses libutil Libinfo ];
 
   # some commands not working:
   # mtree: _simple.h not found
@@ -32,7 +32,7 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/generate-sdk-packages.sh b/pkgs/os-specific/darwin/apple-source-releases/generate-sdk-packages.sh
new file mode 100755
index 00000000000..d7c3fc89c52
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-source-releases/generate-sdk-packages.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl
+
+# usage:
+#   generate-sdk-packages.sh macos 11.0.1
+
+cd $(dirname "$0")
+
+sdkName="$1-$2"
+outfile="$sdkName.nix"
+
+>$outfile echo "# Generated using:  ./$(basename "$0") $1 $2
+
+{ applePackage' }:
+
+{"
+
+parse_line() {
+    readarray -t -d$'\t' package <<<$2
+    local pname=${package[0]} version=${package[1]}
+
+    if [ -d $pname ]; then
+        sha256=$(nix-prefetch-url "https://opensource.apple.com/tarballs/$pname/$pname-$version.tar.gz")
+        >>$outfile echo "$pname = applePackage' \"$pname\" \"$version\" \"$sdkName\" \"$sha256\" {};"
+    fi
+}
+readarray -s1 -c1 -C parse_line < <(curl -sS "https://opensource.apple.com/text/${sdkName//./}.txt")
+
+>>$outfile echo '}'
diff --git a/pkgs/os-specific/darwin/apple-source-releases/hfs/default.nix b/pkgs/os-specific/darwin/apple-source-releases/hfs/default.nix
index ab294b143d3..093e8525e58 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/hfs/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/hfs/default.nix
@@ -1,8 +1,47 @@
-{ appleDerivation, lib, headersOnly ? false }:
+{ appleDerivation', stdenv, stdenvNoCC, lib, headersOnly ? true }:
 
-appleDerivation {
+appleDerivation' (if headersOnly then stdenvNoCC else stdenv) {
   installPhase = lib.optionalString headersOnly ''
     mkdir -p $out/include/hfs
     cp core/*.h $out/include/hfs
   '';
+
+  appleHeaders = ''
+    hfs/BTreeScanner.h
+    hfs/BTreesInternal.h
+    hfs/BTreesPrivate.h
+    hfs/CatalogPrivate.h
+    hfs/FileMgrInternal.h
+    hfs/HFSUnicodeWrappers.h
+    hfs/UCStringCompareData.h
+    hfs/hfs.h
+    hfs/hfs_alloc_trace.h
+    hfs/hfs_attrlist.h
+    hfs/hfs_btreeio.h
+    hfs/hfs_catalog.h
+    hfs/hfs_cnode.h
+    hfs/hfs_cprotect.h
+    hfs/hfs_dbg.h
+    hfs/hfs_endian.h
+    hfs/hfs_extents.h
+    hfs/hfs_format.h
+    hfs/hfs_fsctl.h
+    hfs/hfs_hotfiles.h
+    hfs/hfs_iokit.h
+    hfs/hfs_journal.h
+    hfs/hfs_kdebug.h
+    hfs/hfs_key_roll.h
+    hfs/hfs_macos_defs.h
+    hfs/hfs_mount.h
+    hfs/hfs_quota.h
+    hfs/hfs_unistr.h
+    hfs/kext-config.h
+    hfs/rangelist.h
+  '';
+
+  meta = {
+    # Seems nobody wants its binary, so we didn't implement building.
+    broken = !headersOnly;
+    platforms = lib.platforms.darwin;
+  };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix b/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix
index eed7982e9d8..67e051d5685 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   # No clue why the same file has two different names. Ask Apple!
   installPhase = ''
     mkdir -p $out/include/ $out/include/servers
@@ -9,4 +9,18 @@ appleDerivation {
     cp liblaunch/bootstrap.h $out/include/servers
     cp liblaunch/bootstrap.h $out/include/servers/bootstrap_defs.h
   '';
+
+  appleHeaders = ''
+    bootstrap.h
+    bootstrap_priv.h
+    launch.h
+    launch_internal.h
+    launch_priv.h
+    reboot2.h
+    servers/bootstrap.h
+    servers/bootstrap_defs.h
+    vproc.h
+    vproc_internal.h
+    vproc_priv.h
+  '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libauto/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libauto/default.nix
index b2ef3374ca2..8a551dcc892 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libauto/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libauto/default.nix
@@ -1,8 +1,8 @@
-{ stdenv, appleDerivation, libdispatch, Libsystem }:
+{ lib, stdenv, appleDerivation, libdispatch, Libsystem }:
 
 appleDerivation {
   # these are included in the pure libc
-  buildInputs = stdenv.lib.optionals stdenv.cc.nativeLibc [ libdispatch Libsystem ];
+  buildInputs = lib.optionals stdenv.cc.nativeLibc [ libdispatch Libsystem ];
 
   buildPhase = ''
     cp ${./auto_dtrace.h} ./auto_dtrace.h
@@ -79,6 +79,8 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
+    # libauto is only used by objc4/pure.nix , but objc4 is now using the impure approach, so we don't bother to fix this.
+    broken = true;
+    platforms = lib.platforms.darwin;
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix
index ac33a24a8b4..976658b7e5d 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix
@@ -1,8 +1,13 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     mkdir -p $out/include
     cp *.h $out/include/
   '';
+
+  appleHeaders = ''
+    Block.h
+    Block_private.h
+  '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix
index e7aa47bdb6b..e91ee86cde0 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   dontConfigure = true;
   dontBuild = true;
   installPhase = ''
@@ -22,4 +22,33 @@ appleDerivation {
                  typedef void* dispatch_block_t;
                  #endif'
   '';
+
+  appleHeaders = ''
+    dispatch/base.h
+    dispatch/benchmark.h
+    dispatch/block.h
+    dispatch/data.h
+    dispatch/data_private.h
+    dispatch/dispatch.h
+    dispatch/group.h
+    dispatch/introspection.h
+    dispatch/introspection_private.h
+    dispatch/io.h
+    dispatch/io_private.h
+    dispatch/layout_private.h
+    dispatch/mach_private.h
+    dispatch/object.h
+    dispatch/once.h
+    dispatch/private.h
+    dispatch/queue.h
+    dispatch/queue_private.h
+    dispatch/semaphore.h
+    dispatch/source.h
+    dispatch/source_private.h
+    dispatch/time.h
+    os/object.h
+    os/object_private.h
+    os/voucher_activity_private.h
+    os/voucher_private.h
+  '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix
index 0532c88b66b..72ef086f599 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix
@@ -1,6 +1,6 @@
 { stdenv, appleDerivation, lib
-, enableStatic ? stdenv.targetPlatform.isiOS
-, enableShared ? !stdenv.targetPlatform.isiOS
+, enableStatic ? stdenv.hostPlatform.isStatic
+, enableShared ? !stdenv.hostPlatform.isStatic
 }:
 
 appleDerivation {
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix
index 4fd0ab8a7fb..39c80196269 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix
@@ -1,8 +1,32 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     mkdir $out
     cp -r include $out/include
   '';
+
+  appleHeaders = ''
+    _simple.h
+    libkern/OSAtomic.h
+    libkern/OSAtomicDeprecated.h
+    libkern/OSAtomicQueue.h
+    libkern/OSCacheControl.h
+    libkern/OSSpinLockDeprecated.h
+    os/alloc_once_impl.h
+    os/base.h
+    os/base_private.h
+    os/internal/atomic.h
+    os/internal/crashlog.h
+    os/internal/internal_shared.h
+    os/lock.h
+    os/lock_private.h
+    os/once_private.h
+    os/semaphore_private.h
+    platform/compat.h
+    platform/introspection_private.h
+    platform/string.h
+    setjmp.h
+    ucontext.h
+  '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix
index 650c6415def..3d62270d76c 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, appleDerivation, libdispatch, xnu }:
+{ lib, appleDerivation', stdenvNoCC, libdispatch, xnu }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   propagatedBuildInputs = [ libdispatch xnu ];
 
   installPhase = ''
@@ -15,7 +15,41 @@ appleDerivation {
     cp -r sys/_pthread/*.h $out/include/sys/_types/
   '';
 
+  appleHeaders = ''
+    pthread/introspection.h
+    pthread/pthread.h
+    pthread/pthread_impl.h
+    pthread/pthread_spis.h
+    pthread/qos.h
+    pthread/sched.h
+    pthread/spawn.h
+    sys/_pthread/_pthread_attr_t.h
+    sys/_pthread/_pthread_cond_t.h
+    sys/_pthread/_pthread_condattr_t.h
+    sys/_pthread/_pthread_key_t.h
+    sys/_pthread/_pthread_mutex_t.h
+    sys/_pthread/_pthread_mutexattr_t.h
+    sys/_pthread/_pthread_once_t.h
+    sys/_pthread/_pthread_rwlock_t.h
+    sys/_pthread/_pthread_rwlockattr_t.h
+    sys/_pthread/_pthread_t.h
+    sys/_pthread/_pthread_types.h
+    sys/_types/_pthread_attr_t.h
+    sys/_types/_pthread_cond_t.h
+    sys/_types/_pthread_condattr_t.h
+    sys/_types/_pthread_key_t.h
+    sys/_types/_pthread_mutex_t.h
+    sys/_types/_pthread_mutexattr_t.h
+    sys/_types/_pthread_once_t.h
+    sys/_types/_pthread_rwlock_t.h
+    sys/_types/_pthread_rwlockattr_t.h
+    sys/_types/_pthread_t.h
+    sys/_types/_pthread_types.h
+    sys/qos.h
+    sys/qos_private.h
+  '';
+
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
+    platforms = lib.platforms.darwin;
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix
index f3c7558cfc6..53fc019768d 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix
@@ -1,37 +1,39 @@
-{ appleDerivation, Libinfo, configd, mDNSResponder }:
+{ lib, appleDerivation', stdenv, stdenvNoCC, Libinfo, configd, mDNSResponder
+, headersOnly ? false
+}:
 
-appleDerivation {
-  buildInputs = [ Libinfo configd mDNSResponder ];
+appleDerivation' (if headersOnly then stdenvNoCC else stdenv) {
+  buildInputs = lib.optionals (!headersOnly) [ Libinfo configd mDNSResponder ];
 
-  buildPhase = ''
-    cc -I. -c dns_util.c
-    cc -I. -c dns.c
-    cc -I. -c dns_async.c
-    cc -I. -c base64.c
-    cc -I. -c dst_api.c
-    cc -I. -c dst_hmac_link.c
-    cc -I. -c dst_support.c
-    cc -I. -c ns_date.c
-    cc -I. -c ns_name.c
-    cc -I. -c ns_netint.c
-    cc -I. -c ns_parse.c
-    cc -I. -c ns_print.c
-    cc -I. -c ns_samedomain.c
-    cc -I. -c ns_sign.c
-    cc -I. -c ns_ttl.c
-    cc -I. -c ns_verify.c
-    cc -I. -c res_comp.c
-    cc -I. -c res_data.c
-    cc -I. -c res_debug.c
-    cc -I. -c res_findzonecut.c
-    cc -I. -c res_init.c
-    cc -I. -c res_mkquery.c
-    cc -I. -c res_mkupdate.c
-    cc -I. -c res_query.c
-    cc -I. -c res_send.c
-    cc -I. -c res_sendsigned.c
-    cc -I. -c res_update.c
-    cc -dynamiclib -install_name $out/lib/libresolv.9.dylib -current_version 1.0.0 -compatibility_version 1.0.0 -o libresolv.9.dylib *.o
+  buildPhase = lib.optionalString (!headersOnly) ''
+    $CC -I. -c dns_util.c
+    $CC -I. -c dns.c
+    $CC -I. -c dns_async.c
+    $CC -I. -c base64.c
+    $CC -I. -c dst_api.c
+    $CC -I. -c dst_hmac_link.c
+    $CC -I. -c dst_support.c
+    $CC -I. -c ns_date.c
+    $CC -I. -c ns_name.c
+    $CC -I. -c ns_netint.c
+    $CC -I. -c ns_parse.c
+    $CC -I. -c ns_print.c
+    $CC -I. -c ns_samedomain.c
+    $CC -I. -c ns_sign.c
+    $CC -I. -c ns_ttl.c
+    $CC -I. -c ns_verify.c
+    $CC -I. -c res_comp.c
+    $CC -I. -c res_data.c
+    $CC -I. -c res_debug.c
+    $CC -I. -c res_findzonecut.c
+    $CC -I. -c res_init.c
+    $CC -I. -c res_mkquery.c
+    $CC -I. -c res_mkupdate.c
+    $CC -I. -c res_query.c
+    $CC -I. -c res_send.c
+    $CC -I. -c res_sendsigned.c
+    $CC -I. -c res_update.c
+    $CC -dynamiclib -install_name $out/lib/libresolv.9.dylib -current_version 1.0.0 -compatibility_version 1.0.0 -o libresolv.9.dylib *.o
   '';
 
   installPhase = ''
@@ -42,6 +44,7 @@ appleDerivation {
     cp nameser.h       $out/include
     ln -s ../nameser.h $out/include/arpa
     cp resolv.h        $out/include
+  '' + lib.optionalString (!headersOnly) ''
 
     cp libresolv.9.dylib $out/lib
     ln -s libresolv.9.dylib $out/lib/libresolv.dylib
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix
index bd219ae434c..5021d3cd7fe 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, appleDerivation }:
+{ lib, appleDerivation }:
 
 appleDerivation {
   buildPhase = ":";
@@ -9,7 +9,7 @@ appleDerivation {
     cp -R include $out/include
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     maintainers = with maintainers; [ copumpkin lnl7 ];
     platforms   = platforms.darwin;
     license     = licenses.apsl20;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix
index 2b196e46ef4..e7c8a6b1113 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix
@@ -1,9 +1,9 @@
-{ lib, appleDerivation, xcbuildHook
+{ lib, stdenv, stdenvNoCC, appleDerivation', xcbuildHook
 
 # headersOnly is true when building for libSystem
 , headersOnly ? false }:
 
-appleDerivation {
+appleDerivation' (if headersOnly then stdenvNoCC else stdenv) {
   nativeBuildInputs = lib.optional (!headersOnly) xcbuildHook;
 
   prePatch = ''
@@ -27,6 +27,14 @@ appleDerivation {
     install_name_tool -id $out/lib/libutil.dylib $out/lib/libutil.dylib
   '';
 
+  # FIXME: headers are different against headersOnly. And all the headers are NOT in macos, do we really want them?
+  # appleHeaders = ''
+  #   libutil.h
+  #   mntopts.h
+  #   tzlink.h
+  #   wipefs.h
+  # '';
+
   meta = with lib; {
     maintainers = with maintainers; [ copumpkin ];
     platforms   = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix b/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix
index f17ed785360..64de728805f 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/mDNSResponder/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   phases = [ "unpackPhase" "installPhase" ];
 
   installPhase = ''
diff --git a/pkgs/os-specific/darwin/apple-source-releases/macos-11.0.1.nix b/pkgs/os-specific/darwin/apple-source-releases/macos-11.0.1.nix
new file mode 100644
index 00000000000..517f53e9435
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-source-releases/macos-11.0.1.nix
@@ -0,0 +1,46 @@
+# Generated using:  ./generate-sdk-packages.sh macos 11.0.1
+
+{ applePackage' }:
+
+{
+adv_cmds = applePackage' "adv_cmds" "176" "macos-11.0.1" "0x8c25rh6fnzndbc26vcb65vcxilvqyfvm2klfyci1wr4bh3ixgk" {};
+architecture = applePackage' "architecture" "279" "macos-11.0.1" "1cgp33ywa30max6cyp69kvii299hx2vgwvmy3ms8n4gaq2mkpaky" {};
+basic_cmds = applePackage' "basic_cmds" "55" "macos-11.0.1" "0hvab4b1v5q2x134hdkal0rmz5gsdqyki1vb0dbw4py1bqf0yaw9" {};
+bootstrap_cmds = applePackage' "bootstrap_cmds" "121" "macos-11.0.1" "09bwclws6adxb1ky9q35f4ikddk4mbalmgds0cmqaf7j23qxl3fv" {};
+CommonCrypto = applePackage' "CommonCrypto" "60178.40.2" "macos-11.0.1" "0r3b1mlfmbdzpwn6pbsbfaga3k63gpwcwbhkbi4r09aq82skl02v" {};
+configd = applePackage' "configd" "1109.40.9" "macos-11.0.1" "173i55wfzli9pg2x2rw437hs68h6l4ngss5jfgf18g26zjkjzv5v" {};
+copyfile = applePackage' "copyfile" "173.40.2" "macos-11.0.1" "0qyp15qj3fdb7yx033n57l7s61d70mv17f43yiwcbhx09mmlrp07" {};
+Csu = applePackage' "Csu" "88" "macos-11.0.1" "029lgcyj0i16036h2lcx6fd6r1yf1bkj5dnvz905rh6ncl8skgdr" {};
+diskdev_cmds = applePackage' "diskdev_cmds" "667.40.1" "macos-11.0.1" "1bqwkwkwd556rba5000ap77xrhaf4xnmy83mszd7a0yvl2xlma7j" {};
+dtrace = applePackage' "dtrace" "370.40.1" "macos-11.0.1" "1941yczmn94ng5zlnhf0i5mjw2f4g7znisgvhkhn5f86gxmd98wl" {};
+dyld = applePackage' "dyld" "832.7.1" "macos-11.0.1" "1s77ca6jg20z91qlph59da8j61m97y23vrw48xs4rywdzh4915n0" {};
+eap8021x = applePackage' "eap8021x" "304.40.1" "macos-11.0.1" "1ph3kcpf527s0jqsi60j2sgg3m8h128spf292d8kyc08siz9mf9c" {};
+file_cmds = applePackage' "file_cmds" "321.40.3" "macos-11.0.1" "04789vn1wghclfr3ma3ncg716xdsxfj66hrcxi5h3h1ryag2ycfz" {};
+hfs = applePackage' "hfs" "556.41.1" "macos-11.0.1" "1rhkmn2yj5p4wmi4aajy5hj2h0gxk63s8j4qz4ziy4g4bjpdgwmy" {};
+ICU = applePackage' "ICU" "66108" "macos-11.0.1" "1d76cyyqpwkzjlxfajm4nsglxmfrcafbnjwnjxc3j5w3nw67pqhx" {};
+Libc = applePackage' "Libc" "1439.40.11" "macos-11.0.1" "0d5xlnks4lc9391wg31c9126vflb40lc5ffkgxmf2kpyglac1280" {};
+libclosure = applePackage' "libclosure" "78" "macos-11.0.1" "089i2bl4agpnfplrg23xbzma1674g0w05988nxdps6ghxl4kz66f" {};
+libdispatch = applePackage' "libdispatch" "1271.40.12" "macos-11.0.1" "0z7r42zfb8y48f0nrw0qw7fanfvimycimgnrg3jig101kjvjar98" {};
+libiconv = applePackage' "libiconv" "59" "macos-11.0.1" "0hqbsqggjrr0sv6h70lcr3gabgk9inyc8aq1b30wibgjm6crjwpp" {};
+Libinfo = applePackage' "Libinfo" "542.40.3" "macos-11.0.1" "0y5x6wxd3mwn6my1jdp8qrak3y7x7sgjdmwyw9cvvbn3kg9v6z1p" {};
+Libnotify = applePackage' "Libnotify" "279.40.4" "macos-11.0.1" "0aswflxki877izp6sacv35sydn6a3639cflv3zhs3i7vkfbsvbf5" {};
+libplatform = applePackage' "libplatform" "254.40.4" "macos-11.0.1" "1mhi8n66864y98dr3n0pkqad3aqim800kn9bxzp6h5jf2jni3aql" {};
+libpthread = applePackage' "libpthread" "454.40.3" "macos-11.0.1" "18rb4dqjdf3krzi4hdj5i310gy49ipf01klbkp9g51i02a55gphq" {};
+libresolv = applePackage' "libresolv" "68" "macos-11.0.1" "1ysvg6d28xyaky9sn7giglnsflhjsbj17h3h3i6knlzxnzznpkql" {};
+Librpcsvc = applePackage' "Librpcsvc" "26" "macos-11.0.1" "1zwfwcl9irxl1dlnf2b4v30vdybp0p0r6n6g1pd14zbdci1jcg2k" {};
+Libsystem = applePackage' "Libsystem" "1292.50.1" "macos-11.0.1" "0w16zaigq18jfsnw15pfyz2mkfqdkn0cc16q617kmgw2khld8j7j" {};
+libunwind = applePackage' "libunwind" "200.10" "macos-11.0.1" "1pmymcqpfk7lfxh6zqch429vfpvmd2m1dlg898170pkx5zhxisl2" {};
+libutil = applePackage' "libutil" "58.40.2" "macos-11.0.1" "1hhgashfj9g4vjv02070c5pn818a5n0bh5l81l2pflmvb2rrqs3f" {};
+mDNSResponder = applePackage' "mDNSResponder" "1310.40.42" "macos-11.0.1" "0d0b9wwah9rg7rwrr29dxd6iy0y4rlmss3wcz2wcqmnd2qb9x8my" {};
+network_cmds = applePackage' "network_cmds" "606.40.2" "macos-11.0.1" "1dlslk67npvmxx5m50385kmn3ysxih2iv220hhzkin11f8abdjv7" {};
+objc4 = applePackage' "objc4" "818.2" "macos-11.0.1" "177gmh9m9ajy6mvcd2sf7gqydgljy44n3iih0yqsn1b13j784azx" {};
+PowerManagement = applePackage' "PowerManagement" "1132.50.3" "macos-11.0.1" "1n5yn6sc8w67g8iism6ilkyl33j46gcnlqcaq6k16zkngx6lprba" {};
+ppp = applePackage' "ppp" "877.40.2" "macos-11.0.1" "1z506z8ndvb1lfr4pypfy2bnig6qimhmq3yhjvqwfnliv91965iq" {};
+removefile = applePackage' "removefile" "49.40.3" "macos-11.0.1" "1fhp47awi15f02385r25qgw1ag5z0kr1v3kvgqm3r8i8yysfqvwp" {};
+Security = applePackage' "Security" "59754.41.1" "macos-11.0.1" "00kqgg7k80ba70ar2c02f0q9yrdgqcb56nb9z5g0bxwkvi40ryph" {};
+shell_cmds = applePackage' "shell_cmds" "216.40.4" "macos-11.0.1" "1mvp1fp34kkm4mi85fdn3i0l0gig4c0w09zg2mvkpxcf68cq2f69" {};
+system_cmds = applePackage' "system_cmds" "880.40.5" "macos-11.0.1" "1kys4vwfz4559sspdsfhmxc238nd8qgylqypza3zdzaqhfh7lx2x" {};
+text_cmds = applePackage' "text_cmds" "106" "macos-11.0.1" "0cpnfpllwpx20hbxzg5i5488gcjyi9adnbac1sd5hpv3bq6z1hs5" {};
+top = applePackage' "top" "129" "macos-11.0.1" "1nyz5mvq7js3zhsi3dwxl5fslg6m7nhlgc6p2hr889xgyl5prw8f" {};
+xnu = applePackage' "xnu" "7195.50.7.100.1" "macos-11.0.1" "14wqkqp3lcxgpm1sjnsysybrc4ppzkghwv3mb5nr5v8ml37prkib" {};
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/network_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/network_cmds/default.nix
index 82be7dc860e..dd3cf030952 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/network_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/network_cmds/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, appleDerivation, xcbuildHook
+{ lib, appleDerivation, xcbuildHook
 , openssl_1_0_2, Librpcsvc, xnu, libpcap, developer_cmds }:
 
 appleDerivation {
@@ -44,7 +44,7 @@ appleDerivation {
  '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix b/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix
index a7cedaaea11..2fc4afa77d9 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/objc4/default.nix
@@ -1,4 +1,4 @@
-{ appleDerivation }:
+{ appleDerivation, darwin-stubs }:
 
 appleDerivation {
   phases = [ "unpackPhase" "installPhase" ];
@@ -14,7 +14,8 @@ appleDerivation {
 
   installPhase = ''
     mkdir -p $out/include/objc $out/lib
-    ln -s /usr/lib/libobjc.dylib $out/lib/libobjc.dylib
+    cp ${darwin-stubs}/usr/lib/libobjc.A.tbd $out/lib/libobjc.A.tbd
+    ln -s libobjc.A.tbd $out/lib/libobjc.tbd
     cp runtime/OldClasses.subproj/List.h $out/include/objc/List.h
     cp runtime/NSObjCRuntime.h $out/include/objc/NSObjCRuntime.h
     cp runtime/NSObject.h $out/include/objc/NSObject.h
diff --git a/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix b/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix
index 5668c376130..4ced564ffb7 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix
@@ -1,6 +1,6 @@
-{ appleDerivation }:
+{ appleDerivation', stdenv }:
 
-appleDerivation {
+appleDerivation' stdenv {
   dontBuild = true;
   installPhase = ''
     mkdir -p $out/include/ppp
diff --git a/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix b/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix
index 2b45fbdb45e..611f445e1ec 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix
@@ -1,8 +1,13 @@
-{ appleDerivation }:
+{ appleDerivation', stdenvNoCC }:
 
-appleDerivation {
+appleDerivation' stdenvNoCC {
   installPhase = ''
     mkdir -p $out/include/
     cp removefile.h checkint.h $out/include/
   '';
+
+  appleHeaders = ''
+    checkint.h
+    removefile.h
+  '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix
index b87dadd391d..a8352285c78 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix
@@ -1,7 +1,7 @@
-{ stdenv, appleDerivation, xcbuildHook }:
+{ lib, appleDerivation, xcbuildHook, launchd }:
 
 appleDerivation {
-  nativeBuildInputs = [ xcbuildHook ];
+  nativeBuildInputs = [ xcbuildHook launchd ];
 
   patchPhase = ''
     # NOTE: these hashes must be recalculated for each version change
@@ -44,7 +44,7 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/system_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/system_cmds/default.nix
index 16454cbc1a5..d42d142ef6e 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/system_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/system_cmds/default.nix
@@ -1,5 +1,5 @@
 { stdenv, appleDerivation, lib
-, Librpcsvc, apple_sdk, pam, CF, openbsm }:
+, libutil, Librpcsvc, apple_sdk, pam, CF, openbsm }:
 
 appleDerivation {
   # xcbuild fails with:
@@ -7,7 +7,7 @@ appleDerivation {
   # see issue facebook/xcbuild#188
   # buildInputs = [ xcbuild ];
 
-  buildInputs = [ Librpcsvc apple_sdk.frameworks.OpenDirectory pam CF
+  buildInputs = [ libutil Librpcsvc apple_sdk.frameworks.OpenDirectory pam CF
                   apple_sdk.frameworks.IOKit openbsm ];
   # NIX_CFLAGS_COMPILE = lib.optionalString hostPlatform.isi686 "-D__i386__"
   #                    + lib.optionalString hostPlatform.isx86_64 "-D__x86_64__"
@@ -35,6 +35,11 @@ appleDerivation {
       --replace bsm/audit_session.h bsm/audit.h
     substituteInPlace login.tproj/login_audit.c \
       --replace bsm/audit_session.h bsm/audit.h
+  '' + lib.optionalString stdenv.isAarch64 ''
+    substituteInPlace sysctl.tproj/sysctl.c \
+      --replace "GPROF_STATE" "0"
+    substituteInPlace login.tproj/login.c \
+      --replace "defined(__arm__)" "defined(__arm__) || defined(__arm64__)"
   '';
 
   buildPhase = ''
@@ -98,7 +103,7 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ shlevy matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ shlevy matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix
index 14d7a5e3b32..9e3d6e49204 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/text_cmds/default.nix
@@ -1,14 +1,14 @@
-{ stdenv, appleDerivation, xcbuildHook, ncurses, bzip2, zlib, lzma }:
+{ lib, appleDerivation, xcbuildHook, ncurses, bzip2, zlib, xz }:
 
 appleDerivation {
   nativeBuildInputs = [ xcbuildHook ];
-  buildInputs = [ ncurses bzip2 zlib lzma ];
+  buildInputs = [ ncurses bzip2 zlib xz ];
 
   # patches to use ncursees
   # disables md5
   patchPhase = ''
     substituteInPlace text_cmds.xcodeproj/project.pbxproj \
-                  --replace 'FC6C98FB149A94EB00DDCC47 /* libcurses.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcurses.dylib; path = /usr/lib/libcurses.dylib; sourceTree = "<absolute>"; };' 'FC6C98FB149A94EB00DDCC47 /* libncurses.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libncurses.dylib; path = /usr/lib/libncurses.dylib; sourceTree = "<absolute>"; };' \
+          --replace 'FC6C98FB149A94EB00DDCC47 /* libcurses.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcurses.dylib; path = /usr/lib/libcurses.dylib; sourceTree = "<absolute>"; };' 'FC6C98FB149A94EB00DDCC47 /* libncurses.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libncurses.dylib; path = /usr/lib/libncurses.dylib; sourceTree = "<absolute>"; };' \
       --replace 'FC7A7EB5149875E00086576A /* PBXTargetDependency */,' ""
   '';
 
@@ -21,7 +21,7 @@ appleDerivation {
   '';
 
   meta = {
-    platforms = stdenv.lib.platforms.darwin;
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    platforms = lib.platforms.darwin;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix b/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix
index da2d0c5dc7b..90f572d3940 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/xnu/default.nix
@@ -1,8 +1,12 @@
-{ appleDerivation, lib, bootstrap_cmds, bison, flex
+{ appleDerivation', lib, stdenv, stdenvNoCC, buildPackages
+, bootstrap_cmds, bison, flex
 , gnum4, unifdef, perl, python3
-, headersOnly ? true }:
+, headersOnly ? true
+}:
+
+appleDerivation' (if headersOnly then stdenvNoCC else stdenv) ({
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
 
-appleDerivation ({
   nativeBuildInputs = [ bootstrap_cmds bison flex gnum4 unifdef perl python3 ];
 
   patches = [ ./python3.patch ];
@@ -44,16 +48,16 @@ appleDerivation ({
 
   PLATFORM = "MacOSX";
   SDKVERSION = "10.11";
-  CC = "cc";
-  CXX = "c++";
+  CC = "${stdenv.cc.targetPrefix or ""}cc";
+  CXX = "${stdenv.cc.targetPrefix or ""}c++";
   MIG = "mig";
   MIGCOM = "migcom";
-  STRIP = "strip";
-  NM = "nm";
+  STRIP = "${stdenv.cc.bintools.targetPrefix or ""}strip";
+  NM = "${stdenv.cc.bintools.targetPrefix or ""}nm";
   UNIFDEF = "unifdef";
   DSYMUTIL = "dsymutil";
   HOST_OS_VERSION = "10.10";
-  HOST_CC = "cc";
+  HOST_CC = "${buildPackages.stdenv.cc.targetPrefix or ""}cc";
   HOST_FLEX = "flex";
   HOST_BISON = "bison";
   HOST_GM4 = "m4";
@@ -127,6 +131,8 @@ appleDerivation ({
     mkdir $out/Library/PrivateFrameworks
     mv $out/Library/Frameworks/IOKit.framework $out/Library/PrivateFrameworks
   '';
+
+  appleHeaders = builtins.readFile ./headers.txt;
 } // lib.optionalAttrs headersOnly {
   HOST_CODESIGN = "echo";
   HOST_CODESIGN_ALLOCATE = "echo";
diff --git a/pkgs/os-specific/darwin/apple-source-releases/xnu/headers.txt b/pkgs/os-specific/darwin/apple-source-releases/xnu/headers.txt
new file mode 100644
index 00000000000..93c0dbb18bf
--- /dev/null
+++ b/pkgs/os-specific/darwin/apple-source-releases/xnu/headers.txt
@@ -0,0 +1,1318 @@
+AssertMacros.h
+_errno.h
+_libkernel_init.h
+atm/atm_notification.defs
+atm/atm_types.defs
+atm/atm_types.h
+bank/bank_types.h
+bsd/bsm/audit.h
+bsd/dev/random/randomdev.h
+bsd/i386/_limits.h
+bsd/i386/_mcontext.h
+bsd/i386/_param.h
+bsd/i386/_types.h
+bsd/i386/endian.h
+bsd/i386/limits.h
+bsd/i386/param.h
+bsd/i386/profile.h
+bsd/i386/signal.h
+bsd/i386/types.h
+bsd/i386/vmparam.h
+bsd/libkern/libkern.h
+bsd/machine/_limits.h
+bsd/machine/_mcontext.h
+bsd/machine/_param.h
+bsd/machine/_types.h
+bsd/machine/byte_order.h
+bsd/machine/disklabel.h
+bsd/machine/endian.h
+bsd/machine/limits.h
+bsd/machine/param.h
+bsd/machine/profile.h
+bsd/machine/signal.h
+bsd/machine/spl.h
+bsd/machine/types.h
+bsd/machine/vmparam.h
+bsd/miscfs/devfs/devfs.h
+bsd/miscfs/devfs/devfs_proto.h
+bsd/miscfs/devfs/devfsdefs.h
+bsd/miscfs/devfs/fdesc.h
+bsd/miscfs/fifofs/fifo.h
+bsd/miscfs/specfs/specdev.h
+bsd/miscfs/union/union.h
+bsd/net/bpf.h
+bsd/net/dlil.h
+bsd/net/ethernet.h
+bsd/net/if.h
+bsd/net/if_arp.h
+bsd/net/if_dl.h
+bsd/net/if_ether.h
+bsd/net/if_llc.h
+bsd/net/if_media.h
+bsd/net/if_mib.h
+bsd/net/if_types.h
+bsd/net/if_utun.h
+bsd/net/if_var.h
+bsd/net/init.h
+bsd/net/kext_net.h
+bsd/net/kpi_interface.h
+bsd/net/kpi_interfacefilter.h
+bsd/net/kpi_protocol.h
+bsd/net/ndrv.h
+bsd/net/net_kev.h
+bsd/net/pfkeyv2.h
+bsd/net/radix.h
+bsd/net/route.h
+bsd/netinet/bootp.h
+bsd/netinet/icmp6.h
+bsd/netinet/icmp_var.h
+bsd/netinet/if_ether.h
+bsd/netinet/igmp.h
+bsd/netinet/igmp_var.h
+bsd/netinet/in.h
+bsd/netinet/in_arp.h
+bsd/netinet/in_pcb.h
+bsd/netinet/in_systm.h
+bsd/netinet/in_var.h
+bsd/netinet/ip.h
+bsd/netinet/ip6.h
+bsd/netinet/ip_icmp.h
+bsd/netinet/ip_var.h
+bsd/netinet/kpi_ipfilter.h
+bsd/netinet/tcp.h
+bsd/netinet/tcp_fsm.h
+bsd/netinet/tcp_seq.h
+bsd/netinet/tcp_timer.h
+bsd/netinet/tcp_var.h
+bsd/netinet/tcpip.h
+bsd/netinet/udp.h
+bsd/netinet/udp_var.h
+bsd/netinet6/ah.h
+bsd/netinet6/esp.h
+bsd/netinet6/in6.h
+bsd/netinet6/in6_var.h
+bsd/netinet6/ipcomp.h
+bsd/netinet6/ipsec.h
+bsd/netinet6/nd6.h
+bsd/netinet6/raw_ip6.h
+bsd/netinet6/scope6_var.h
+bsd/netkey/keysock.h
+bsd/security/audit/audit.h
+bsd/security/audit/audit_bsd.h
+bsd/security/audit/audit_ioctl.h
+bsd/security/audit/audit_private.h
+bsd/sys/_endian.h
+bsd/sys/_select.h
+bsd/sys/_structs.h
+bsd/sys/_types.h
+bsd/sys/_types/_blkcnt_t.h
+bsd/sys/_types/_blksize_t.h
+bsd/sys/_types/_clock_t.h
+bsd/sys/_types/_ct_rune_t.h
+bsd/sys/_types/_dev_t.h
+bsd/sys/_types/_errno_t.h
+bsd/sys/_types/_fd_clr.h
+bsd/sys/_types/_fd_copy.h
+bsd/sys/_types/_fd_def.h
+bsd/sys/_types/_fd_isset.h
+bsd/sys/_types/_fd_set.h
+bsd/sys/_types/_fd_setsize.h
+bsd/sys/_types/_fd_zero.h
+bsd/sys/_types/_filesec_t.h
+bsd/sys/_types/_fsblkcnt_t.h
+bsd/sys/_types/_fsfilcnt_t.h
+bsd/sys/_types/_fsid_t.h
+bsd/sys/_types/_fsobj_id_t.h
+bsd/sys/_types/_gid_t.h
+bsd/sys/_types/_guid_t.h
+bsd/sys/_types/_id_t.h
+bsd/sys/_types/_in_addr_t.h
+bsd/sys/_types/_in_port_t.h
+bsd/sys/_types/_ino64_t.h
+bsd/sys/_types/_ino_t.h
+bsd/sys/_types/_int16_t.h
+bsd/sys/_types/_int32_t.h
+bsd/sys/_types/_int64_t.h
+bsd/sys/_types/_int8_t.h
+bsd/sys/_types/_intptr_t.h
+bsd/sys/_types/_iovec_t.h
+bsd/sys/_types/_key_t.h
+bsd/sys/_types/_mach_port_t.h
+bsd/sys/_types/_mbstate_t.h
+bsd/sys/_types/_mode_t.h
+bsd/sys/_types/_nlink_t.h
+bsd/sys/_types/_null.h
+bsd/sys/_types/_o_dsync.h
+bsd/sys/_types/_o_sync.h
+bsd/sys/_types/_off_t.h
+bsd/sys/_types/_offsetof.h
+bsd/sys/_types/_os_inline.h
+bsd/sys/_types/_pid_t.h
+bsd/sys/_types/_posix_vdisable.h
+bsd/sys/_types/_ptrdiff_t.h
+bsd/sys/_types/_rsize_t.h
+bsd/sys/_types/_rune_t.h
+bsd/sys/_types/_s_ifmt.h
+bsd/sys/_types/_sa_family_t.h
+bsd/sys/_types/_seek_set.h
+bsd/sys/_types/_sigaltstack.h
+bsd/sys/_types/_sigset_t.h
+bsd/sys/_types/_size_t.h
+bsd/sys/_types/_socklen_t.h
+bsd/sys/_types/_ssize_t.h
+bsd/sys/_types/_suseconds_t.h
+bsd/sys/_types/_time_t.h
+bsd/sys/_types/_timespec.h
+bsd/sys/_types/_timeval.h
+bsd/sys/_types/_timeval32.h
+bsd/sys/_types/_timeval64.h
+bsd/sys/_types/_u_int16_t.h
+bsd/sys/_types/_u_int32_t.h
+bsd/sys/_types/_u_int64_t.h
+bsd/sys/_types/_u_int8_t.h
+bsd/sys/_types/_ucontext.h
+bsd/sys/_types/_ucontext64.h
+bsd/sys/_types/_uid_t.h
+bsd/sys/_types/_uintptr_t.h
+bsd/sys/_types/_useconds_t.h
+bsd/sys/_types/_user32_itimerval.h
+bsd/sys/_types/_user32_timespec.h
+bsd/sys/_types/_user32_timeval.h
+bsd/sys/_types/_user64_itimerval.h
+bsd/sys/_types/_user64_timespec.h
+bsd/sys/_types/_user64_timeval.h
+bsd/sys/_types/_user_timespec.h
+bsd/sys/_types/_user_timeval.h
+bsd/sys/_types/_uuid_t.h
+bsd/sys/_types/_va_list.h
+bsd/sys/_types/_wchar_t.h
+bsd/sys/_types/_wint_t.h
+bsd/sys/appleapiopts.h
+bsd/sys/attr.h
+bsd/sys/bsdtask_info.h
+bsd/sys/buf.h
+bsd/sys/cdefs.h
+bsd/sys/codesign.h
+bsd/sys/conf.h
+bsd/sys/content_protection.h
+bsd/sys/cprotect.h
+bsd/sys/csr.h
+bsd/sys/decmpfs.h
+bsd/sys/dir.h
+bsd/sys/dirent.h
+bsd/sys/disk.h
+bsd/sys/disklabel.h
+bsd/sys/disktab.h
+bsd/sys/dkstat.h
+bsd/sys/doc_tombstone.h
+bsd/sys/domain.h
+bsd/sys/errno.h
+bsd/sys/ev.h
+bsd/sys/event.h
+bsd/sys/eventvar.h
+bsd/sys/fbt.h
+bsd/sys/fcntl.h
+bsd/sys/file.h
+bsd/sys/file_internal.h
+bsd/sys/filedesc.h
+bsd/sys/fileport.h
+bsd/sys/filio.h
+bsd/sys/fsctl.h
+bsd/sys/fsevents.h
+bsd/sys/fslog.h
+bsd/sys/guarded.h
+bsd/sys/imgact.h
+bsd/sys/ioccom.h
+bsd/sys/ioctl.h
+bsd/sys/ioctl_compat.h
+bsd/sys/ipc.h
+bsd/sys/kasl.h
+bsd/sys/kauth.h
+bsd/sys/kdebug.h
+bsd/sys/kdebugevents.h
+bsd/sys/kern_control.h
+bsd/sys/kern_event.h
+bsd/sys/kern_memorystatus.h
+bsd/sys/kernel.h
+bsd/sys/kernel_types.h
+bsd/sys/kpi_mbuf.h
+bsd/sys/kpi_private.h
+bsd/sys/kpi_socket.h
+bsd/sys/kpi_socketfilter.h
+bsd/sys/ktrace.h
+bsd/sys/linker_set.h
+bsd/sys/lock.h
+bsd/sys/lockf.h
+bsd/sys/mach_swapon.h
+bsd/sys/malloc.h
+bsd/sys/mbuf.h
+bsd/sys/md5.h
+bsd/sys/memory_maintenance.h
+bsd/sys/mman.h
+bsd/sys/mount.h
+bsd/sys/mount_internal.h
+bsd/sys/msg.h
+bsd/sys/msgbuf.h
+bsd/sys/munge.h
+bsd/sys/namei.h
+bsd/sys/netport.h
+bsd/sys/param.h
+bsd/sys/paths.h
+bsd/sys/persona.h
+bsd/sys/pgo.h
+bsd/sys/pipe.h
+bsd/sys/posix_sem.h
+bsd/sys/posix_shm.h
+bsd/sys/priv.h
+bsd/sys/proc.h
+bsd/sys/proc_info.h
+bsd/sys/proc_internal.h
+bsd/sys/protosw.h
+bsd/sys/pthread_internal.h
+bsd/sys/pthread_shims.h
+bsd/sys/queue.h
+bsd/sys/quota.h
+bsd/sys/random.h
+bsd/sys/reason.h
+bsd/sys/resource.h
+bsd/sys/resourcevar.h
+bsd/sys/sbuf.h
+bsd/sys/select.h
+bsd/sys/sem.h
+bsd/sys/sem_internal.h
+bsd/sys/semaphore.h
+bsd/sys/shm.h
+bsd/sys/shm_internal.h
+bsd/sys/signal.h
+bsd/sys/signalvar.h
+bsd/sys/socket.h
+bsd/sys/socketvar.h
+bsd/sys/sockio.h
+bsd/sys/spawn.h
+bsd/sys/spawn_internal.h
+bsd/sys/stackshot.h
+bsd/sys/stat.h
+bsd/sys/stdio.h
+bsd/sys/sys_domain.h
+bsd/sys/syscall.h
+bsd/sys/sysctl.h
+bsd/sys/syslimits.h
+bsd/sys/syslog.h
+bsd/sys/sysproto.h
+bsd/sys/systm.h
+bsd/sys/termios.h
+bsd/sys/time.h
+bsd/sys/tree.h
+bsd/sys/tty.h
+bsd/sys/ttychars.h
+bsd/sys/ttycom.h
+bsd/sys/ttydefaults.h
+bsd/sys/ttydev.h
+bsd/sys/types.h
+bsd/sys/ubc.h
+bsd/sys/ucontext.h
+bsd/sys/ucred.h
+bsd/sys/uio.h
+bsd/sys/uio_internal.h
+bsd/sys/ulock.h
+bsd/sys/un.h
+bsd/sys/unistd.h
+bsd/sys/unpcb.h
+bsd/sys/user.h
+bsd/sys/utfconv.h
+bsd/sys/vfs_context.h
+bsd/sys/vm.h
+bsd/sys/vmmeter.h
+bsd/sys/vmparam.h
+bsd/sys/vnode.h
+bsd/sys/vnode_if.h
+bsd/sys/vnode_internal.h
+bsd/sys/wait.h
+bsd/sys/xattr.h
+bsd/uuid/uuid.h
+bsd/vfs/vfs_support.h
+bsd/vm/vnode_pager.h
+bsm/audit.h
+bsm/audit_domain.h
+bsm/audit_errno.h
+bsm/audit_fcntl.h
+bsm/audit_internal.h
+bsm/audit_kevents.h
+bsm/audit_record.h
+bsm/audit_socket_type.h
+corecrypto/cc.h
+corecrypto/cc_config.h
+corecrypto/cc_debug.h
+corecrypto/cc_macros.h
+corecrypto/cc_priv.h
+corecrypto/ccaes.h
+corecrypto/ccasn1.h
+corecrypto/cccmac.h
+corecrypto/ccder.h
+corecrypto/ccdes.h
+corecrypto/ccdigest.h
+corecrypto/ccdigest_priv.h
+corecrypto/ccdrbg.h
+corecrypto/ccdrbg_impl.h
+corecrypto/cchmac.h
+corecrypto/ccmd5.h
+corecrypto/ccmode.h
+corecrypto/ccmode_factory.h
+corecrypto/ccmode_impl.h
+corecrypto/ccmode_siv.h
+corecrypto/ccn.h
+corecrypto/ccpad.h
+corecrypto/ccpbkdf2.h
+corecrypto/ccrc4.h
+corecrypto/ccrng.h
+corecrypto/ccrng_system.h
+corecrypto/ccrsa.h
+corecrypto/ccsha1.h
+corecrypto/ccsha2.h
+corecrypto/cczp.h
+corpses/task_corpse.h
+default_pager/default_pager_types.h
+device/device.defs
+device/device_port.h
+device/device_types.defs
+device/device_types.h
+gethostuuid.h
+gethostuuid_private.h
+i386/_limits.h
+i386/_mcontext.h
+i386/_param.h
+i386/_types.h
+i386/eflags.h
+i386/endian.h
+i386/fasttrap_isa.h
+i386/limits.h
+i386/param.h
+i386/profile.h
+i386/signal.h
+i386/types.h
+i386/user_ldt.h
+i386/vmparam.h
+iokit/IOKit/AppleKeyStoreInterface.h
+iokit/IOKit/IOBSD.h
+iokit/IOKit/IOBufferMemoryDescriptor.h
+iokit/IOKit/IOCPU.h
+iokit/IOKit/IOCatalogue.h
+iokit/IOKit/IOCommand.h
+iokit/IOKit/IOCommandGate.h
+iokit/IOKit/IOCommandPool.h
+iokit/IOKit/IOCommandQueue.h
+iokit/IOKit/IOConditionLock.h
+iokit/IOKit/IODMACommand.h
+iokit/IOKit/IODMAController.h
+iokit/IOKit/IODMAEventSource.h
+iokit/IOKit/IODataQueue.h
+iokit/IOKit/IODataQueueShared.h
+iokit/IOKit/IODeviceMemory.h
+iokit/IOKit/IODeviceTreeSupport.h
+iokit/IOKit/IOEventSource.h
+iokit/IOKit/IOFilterInterruptEventSource.h
+iokit/IOKit/IOHibernatePrivate.h
+iokit/IOKit/IOInterleavedMemoryDescriptor.h
+iokit/IOKit/IOInterruptAccounting.h
+iokit/IOKit/IOInterruptController.h
+iokit/IOKit/IOInterruptEventSource.h
+iokit/IOKit/IOInterrupts.h
+iokit/IOKit/IOKernelReportStructs.h
+iokit/IOKit/IOKernelReporters.h
+iokit/IOKit/IOKitDebug.h
+iokit/IOKit/IOKitDiagnosticsUserClient.h
+iokit/IOKit/IOKitKeys.h
+iokit/IOKit/IOKitKeysPrivate.h
+iokit/IOKit/IOKitServer.h
+iokit/IOKit/IOLib.h
+iokit/IOKit/IOLocks.h
+iokit/IOKit/IOLocksPrivate.h
+iokit/IOKit/IOMapper.h
+iokit/IOKit/IOMemoryCursor.h
+iokit/IOKit/IOMemoryDescriptor.h
+iokit/IOKit/IOMessage.h
+iokit/IOKit/IOMultiMemoryDescriptor.h
+iokit/IOKit/IONVRAM.h
+iokit/IOKit/IONotifier.h
+iokit/IOKit/IOPlatformExpert.h
+iokit/IOKit/IOPolledInterface.h
+iokit/IOKit/IORangeAllocator.h
+iokit/IOKit/IORegistryEntry.h
+iokit/IOKit/IOReportMacros.h
+iokit/IOKit/IOReportTypes.h
+iokit/IOKit/IOReturn.h
+iokit/IOKit/IOService.h
+iokit/IOKit/IOServicePM.h
+iokit/IOKit/IOSharedDataQueue.h
+iokit/IOKit/IOSharedLock.h
+iokit/IOKit/IOStatistics.h
+iokit/IOKit/IOStatisticsPrivate.h
+iokit/IOKit/IOSubMemoryDescriptor.h
+iokit/IOKit/IOSyncer.h
+iokit/IOKit/IOTimeStamp.h
+iokit/IOKit/IOTimerEventSource.h
+iokit/IOKit/IOTypes.h
+iokit/IOKit/IOUserClient.h
+iokit/IOKit/IOWorkLoop.h
+iokit/IOKit/OSMessageNotification.h
+iokit/IOKit/assert.h
+iokit/IOKit/nvram/IONVRAMController.h
+iokit/IOKit/platform/AppleMacIO.h
+iokit/IOKit/platform/AppleMacIODevice.h
+iokit/IOKit/platform/AppleNMI.h
+iokit/IOKit/platform/ApplePlatformExpert.h
+iokit/IOKit/power/IOPwrController.h
+iokit/IOKit/pwr_mgt/IOPM.h
+iokit/IOKit/pwr_mgt/IOPMLibDefs.h
+iokit/IOKit/pwr_mgt/IOPMPowerSource.h
+iokit/IOKit/pwr_mgt/IOPMPowerSourceList.h
+iokit/IOKit/pwr_mgt/IOPMpowerState.h
+iokit/IOKit/pwr_mgt/IOPowerConnection.h
+iokit/IOKit/pwr_mgt/RootDomain.h
+iokit/IOKit/rtc/IORTCController.h
+iokit/IOKit/system.h
+iokit/IOKit/system_management/IOWatchDogTimer.h
+kern/exc_resource.h
+kern/kcdata.h
+kern/kern_cdata.h
+libkern/OSByteOrder.h
+libkern/OSDebug.h
+libkern/OSKextLib.h
+libkern/OSReturn.h
+libkern/OSTypes.h
+libkern/_OSByteOrder.h
+libkern/firehose/chunk_private.h
+libkern/firehose/firehose_types_private.h
+libkern/firehose/ioctl_private.h
+libkern/firehose/tracepoint_private.h
+libkern/i386/OSByteOrder.h
+libkern/i386/_OSByteOrder.h
+libkern/libkern/OSAtomic.h
+libkern/libkern/OSBase.h
+libkern/libkern/OSByteOrder.h
+libkern/libkern/OSDebug.h
+libkern/libkern/OSKextLib.h
+libkern/libkern/OSKextLibPrivate.h
+libkern/libkern/OSMalloc.h
+libkern/libkern/OSReturn.h
+libkern/libkern/OSSerializeBinary.h
+libkern/libkern/OSTypes.h
+libkern/libkern/_OSByteOrder.h
+libkern/libkern/c++/OSArray.h
+libkern/libkern/c++/OSBoolean.h
+libkern/libkern/c++/OSCPPDebug.h
+libkern/libkern/c++/OSCollection.h
+libkern/libkern/c++/OSCollectionIterator.h
+libkern/libkern/c++/OSContainers.h
+libkern/libkern/c++/OSData.h
+libkern/libkern/c++/OSDictionary.h
+libkern/libkern/c++/OSEndianTypes.h
+libkern/libkern/c++/OSIterator.h
+libkern/libkern/c++/OSKext.h
+libkern/libkern/c++/OSLib.h
+libkern/libkern/c++/OSMetaClass.h
+libkern/libkern/c++/OSNumber.h
+libkern/libkern/c++/OSObject.h
+libkern/libkern/c++/OSOrderedSet.h
+libkern/libkern/c++/OSSerialize.h
+libkern/libkern/c++/OSSet.h
+libkern/libkern/c++/OSString.h
+libkern/libkern/c++/OSSymbol.h
+libkern/libkern/c++/OSUnserialize.h
+libkern/libkern/crypto/aes.h
+libkern/libkern/crypto/aesxts.h
+libkern/libkern/crypto/crypto_internal.h
+libkern/libkern/crypto/des.h
+libkern/libkern/crypto/md5.h
+libkern/libkern/crypto/rand.h
+libkern/libkern/crypto/register_crypto.h
+libkern/libkern/crypto/rsa.h
+libkern/libkern/crypto/sha1.h
+libkern/libkern/crypto/sha2.h
+libkern/libkern/i386/OSByteOrder.h
+libkern/libkern/i386/_OSByteOrder.h
+libkern/libkern/kernel_mach_header.h
+libkern/libkern/kext_request_keys.h
+libkern/libkern/kxld.h
+libkern/libkern/kxld_types.h
+libkern/libkern/locks.h
+libkern/libkern/machine/OSByteOrder.h
+libkern/libkern/mkext.h
+libkern/libkern/prelink.h
+libkern/libkern/section_keywords.h
+libkern/libkern/stack_protector.h
+libkern/libkern/sysctl.h
+libkern/libkern/tree.h
+libkern/libkern/version.h
+libkern/libkern/zconf.h
+libkern/libkern/zlib.h
+libkern/machine/OSByteOrder.h
+libkern/os/base.h
+libkern/os/log.h
+libkern/os/log_private.h
+libkern/os/object.h
+libkern/os/object_private.h
+libkern/os/overflow.h
+libkern/os/trace.h
+mach/audit_triggers.defs
+mach/boolean.h
+mach/bootstrap.h
+mach/clock.defs
+mach/clock.h
+mach/clock_priv.defs
+mach/clock_priv.h
+mach/clock_reply.defs
+mach/clock_reply.h
+mach/clock_types.defs
+mach/clock_types.h
+mach/dyld_kernel.h
+mach/error.h
+mach/exc.defs
+mach/exc.h
+mach/exception.h
+mach/exception_types.h
+mach/host_info.h
+mach/host_notify.h
+mach/host_notify_reply.defs
+mach/host_priv.defs
+mach/host_priv.h
+mach/host_reboot.h
+mach/host_security.defs
+mach/host_security.h
+mach/host_special_ports.h
+mach/i386/_structs.h
+mach/i386/asm.h
+mach/i386/boolean.h
+mach/i386/exception.h
+mach/i386/fp_reg.h
+mach/i386/kern_return.h
+mach/i386/ndr_def.h
+mach/i386/processor_info.h
+mach/i386/rpc.h
+mach/i386/sdt_isa.h
+mach/i386/thread_state.h
+mach/i386/thread_status.h
+mach/i386/vm_param.h
+mach/i386/vm_types.h
+mach/kern_return.h
+mach/kmod.h
+mach/lock_set.defs
+mach/lock_set.h
+mach/mach.h
+mach/mach_error.h
+mach/mach_exc.defs
+mach/mach_host.defs
+mach/mach_host.h
+mach/mach_init.h
+mach/mach_interface.h
+mach/mach_param.h
+mach/mach_port.defs
+mach/mach_port.h
+mach/mach_port_internal.h
+mach/mach_syscalls.h
+mach/mach_time.h
+mach/mach_traps.h
+mach/mach_types.defs
+mach/mach_types.h
+mach/mach_vm.defs
+mach/mach_vm.h
+mach/mach_vm_internal.h
+mach/mach_voucher.defs
+mach/mach_voucher.h
+mach/mach_voucher_attr_control.defs
+mach/mach_voucher_types.h
+mach/machine.h
+mach/machine/asm.h
+mach/machine/boolean.h
+mach/machine/exception.h
+mach/machine/kern_return.h
+mach/machine/machine_types.defs
+mach/machine/ndr_def.h
+mach/machine/processor_info.h
+mach/machine/rpc.h
+mach/machine/sdt.h
+mach/machine/sdt_isa.h
+mach/machine/thread_state.h
+mach/machine/thread_status.h
+mach/machine/vm_param.h
+mach/machine/vm_types.h
+mach/memory_object_types.h
+mach/message.h
+mach/mig.h
+mach/mig_errors.h
+mach/mig_strncpy_zerofill_support.h
+mach/mig_voucher_support.h
+mach/ndr.h
+mach/notify.defs
+mach/notify.h
+mach/policy.h
+mach/port.h
+mach/port_obj.h
+mach/processor.defs
+mach/processor.h
+mach/processor_info.h
+mach/processor_set.defs
+mach/processor_set.h
+mach/rpc.h
+mach/sdt.h
+mach/semaphore.h
+mach/shared_memory_server.h
+mach/shared_region.h
+mach/std_types.defs
+mach/std_types.h
+mach/sync.h
+mach/sync_policy.h
+mach/task.defs
+mach/task.h
+mach/task_access.defs
+mach/task_info.h
+mach/task_policy.h
+mach/task_special_ports.h
+mach/telemetry_notification.defs
+mach/thread_act.defs
+mach/thread_act.h
+mach/thread_act_internal.h
+mach/thread_info.h
+mach/thread_policy.h
+mach/thread_special_ports.h
+mach/thread_state.h
+mach/thread_status.h
+mach/thread_switch.h
+mach/time_value.h
+mach/vm_attributes.h
+mach/vm_behavior.h
+mach/vm_inherit.h
+mach/vm_map.defs
+mach/vm_map.h
+mach/vm_map_internal.h
+mach/vm_page_size.h
+mach/vm_param.h
+mach/vm_prot.h
+mach/vm_purgable.h
+mach/vm_region.h
+mach/vm_statistics.h
+mach/vm_sync.h
+mach/vm_task.h
+mach/vm_types.h
+mach_debug/hash_info.h
+mach_debug/ipc_info.h
+mach_debug/lockgroup_info.h
+mach_debug/mach_debug.h
+mach_debug/mach_debug_types.defs
+mach_debug/mach_debug_types.h
+mach_debug/page_info.h
+mach_debug/vm_info.h
+mach_debug/zone_info.h
+machine/_limits.h
+machine/_mcontext.h
+machine/_param.h
+machine/_types.h
+machine/byte_order.h
+machine/endian.h
+machine/fasttrap_isa.h
+machine/limits.h
+machine/param.h
+machine/profile.h
+machine/signal.h
+machine/types.h
+machine/vmparam.h
+miscfs/devfs/devfs.h
+miscfs/specfs/specdev.h
+miscfs/union/union.h
+net/bpf.h
+net/dlil.h
+net/ethernet.h
+net/if.h
+net/if_arp.h
+net/if_dl.h
+net/if_llc.h
+net/if_media.h
+net/if_mib.h
+net/if_types.h
+net/if_utun.h
+net/if_var.h
+net/kext_net.h
+net/ndrv.h
+net/net_kev.h
+net/pfkeyv2.h
+net/route.h
+netinet/bootp.h
+netinet/icmp6.h
+netinet/icmp_var.h
+netinet/if_ether.h
+netinet/igmp.h
+netinet/igmp_var.h
+netinet/in.h
+netinet/in_pcb.h
+netinet/in_systm.h
+netinet/in_var.h
+netinet/ip.h
+netinet/ip6.h
+netinet/ip_icmp.h
+netinet/ip_var.h
+netinet/tcp.h
+netinet/tcp_fsm.h
+netinet/tcp_seq.h
+netinet/tcp_timer.h
+netinet/tcp_var.h
+netinet/tcpip.h
+netinet/udp.h
+netinet/udp_var.h
+netinet6/ah.h
+netinet6/esp.h
+netinet6/in6.h
+netinet6/in6_var.h
+netinet6/ipcomp.h
+netinet6/ipsec.h
+netinet6/nd6.h
+netinet6/raw_ip6.h
+netinet6/scope6_var.h
+netkey/keysock.h
+nfs/krpc.h
+nfs/nfs.h
+nfs/nfs_gss.h
+nfs/nfs_ioctl.h
+nfs/nfs_lock.h
+nfs/nfsdiskless.h
+nfs/nfsm_subs.h
+nfs/nfsmount.h
+nfs/nfsnode.h
+nfs/nfsproto.h
+nfs/nfsrvcache.h
+nfs/rpcv2.h
+nfs/xdr_subs.h
+os/overflow.h
+os/tsd.h
+osfmk/UserNotification/KUNCUserNotifications.h
+osfmk/UserNotification/UNDReply.defs
+osfmk/UserNotification/UNDRequest.defs
+osfmk/UserNotification/UNDTypes.defs
+osfmk/UserNotification/UNDTypes.h
+osfmk/atm/atm_internal.h
+osfmk/atm/atm_notification.defs
+osfmk/atm/atm_types.defs
+osfmk/atm/atm_types.h
+osfmk/bank/bank_types.h
+osfmk/console/video_console.h
+osfmk/corpses/task_corpse.h
+osfmk/default_pager/default_pager_types.h
+osfmk/device/device.defs
+osfmk/device/device_port.h
+osfmk/device/device_types.defs
+osfmk/device/device_types.h
+osfmk/gssd/gssd_mach.defs
+osfmk/gssd/gssd_mach.h
+osfmk/gssd/gssd_mach_types.h
+osfmk/i386/apic.h
+osfmk/i386/asm.h
+osfmk/i386/atomic.h
+osfmk/i386/bit_routines.h
+osfmk/i386/cpu_capabilities.h
+osfmk/i386/cpu_data.h
+osfmk/i386/cpu_number.h
+osfmk/i386/cpu_topology.h
+osfmk/i386/cpuid.h
+osfmk/i386/eflags.h
+osfmk/i386/io_map_entries.h
+osfmk/i386/lapic.h
+osfmk/i386/lock.h
+osfmk/i386/locks.h
+osfmk/i386/machine_cpu.h
+osfmk/i386/machine_routines.h
+osfmk/i386/mp.h
+osfmk/i386/mp_desc.h
+osfmk/i386/mp_events.h
+osfmk/i386/mtrr.h
+osfmk/i386/pal_hibernate.h
+osfmk/i386/pal_native.h
+osfmk/i386/pal_routines.h
+osfmk/i386/panic_hooks.h
+osfmk/i386/pmCPU.h
+osfmk/i386/pmap.h
+osfmk/i386/proc_reg.h
+osfmk/i386/rtclock_protos.h
+osfmk/i386/seg.h
+osfmk/i386/simple_lock.h
+osfmk/i386/smp.h
+osfmk/i386/tsc.h
+osfmk/i386/tss.h
+osfmk/i386/ucode.h
+osfmk/i386/vmx.h
+osfmk/ipc/ipc_types.h
+osfmk/kdp/kdp_callout.h
+osfmk/kdp/kdp_dyld.h
+osfmk/kdp/kdp_en_debugger.h
+osfmk/kern/affinity.h
+osfmk/kern/assert.h
+osfmk/kern/audit_sessionport.h
+osfmk/kern/backtrace.h
+osfmk/kern/bits.h
+osfmk/kern/block_hint.h
+osfmk/kern/call_entry.h
+osfmk/kern/clock.h
+osfmk/kern/coalition.h
+osfmk/kern/cpu_data.h
+osfmk/kern/cpu_number.h
+osfmk/kern/debug.h
+osfmk/kern/ecc.h
+osfmk/kern/energy_perf.h
+osfmk/kern/exc_resource.h
+osfmk/kern/extmod_statistics.h
+osfmk/kern/host.h
+osfmk/kern/hv_support.h
+osfmk/kern/ipc_mig.h
+osfmk/kern/ipc_misc.h
+osfmk/kern/kalloc.h
+osfmk/kern/kcdata.h
+osfmk/kern/kern_cdata.h
+osfmk/kern/kern_types.h
+osfmk/kern/kext_alloc.h
+osfmk/kern/kpc.h
+osfmk/kern/ledger.h
+osfmk/kern/lock.h
+osfmk/kern/locks.h
+osfmk/kern/mach_param.h
+osfmk/kern/macro_help.h
+osfmk/kern/page_decrypt.h
+osfmk/kern/pms.h
+osfmk/kern/policy_internal.h
+osfmk/kern/processor.h
+osfmk/kern/queue.h
+osfmk/kern/sched_prim.h
+osfmk/kern/sfi.h
+osfmk/kern/simple_lock.h
+osfmk/kern/startup.h
+osfmk/kern/task.h
+osfmk/kern/telemetry.h
+osfmk/kern/thread.h
+osfmk/kern/thread_call.h
+osfmk/kern/timer_call.h
+osfmk/kern/waitq.h
+osfmk/kern/zalloc.h
+osfmk/kextd/kextd_mach.defs
+osfmk/kextd/kextd_mach.h
+osfmk/kperf/action.h
+osfmk/kperf/context.h
+osfmk/kperf/kdebug_trigger.h
+osfmk/kperf/kperf.h
+osfmk/kperf/kperf_timer.h
+osfmk/kperf/kperfbsd.h
+osfmk/kperf/pet.h
+osfmk/lockd/lockd_mach.defs
+osfmk/lockd/lockd_mach.h
+osfmk/lockd/lockd_mach_types.h
+osfmk/mach/audit_triggers.defs
+osfmk/mach/audit_triggers_server.h
+osfmk/mach/boolean.h
+osfmk/mach/branch_predicates.h
+osfmk/mach/clock.defs
+osfmk/mach/clock.h
+osfmk/mach/clock_priv.defs
+osfmk/mach/clock_priv.h
+osfmk/mach/clock_reply.defs
+osfmk/mach/clock_reply_server.h
+osfmk/mach/clock_types.defs
+osfmk/mach/clock_types.h
+osfmk/mach/coalition.h
+osfmk/mach/coalition_notification_server.h
+osfmk/mach/dyld_kernel.h
+osfmk/mach/error.h
+osfmk/mach/exc.defs
+osfmk/mach/exc_server.h
+osfmk/mach/exception.h
+osfmk/mach/exception_types.h
+osfmk/mach/host_info.h
+osfmk/mach/host_notify.h
+osfmk/mach/host_notify_reply.defs
+osfmk/mach/host_priv.defs
+osfmk/mach/host_priv.h
+osfmk/mach/host_reboot.h
+osfmk/mach/host_security.defs
+osfmk/mach/host_security.h
+osfmk/mach/host_special_ports.h
+osfmk/mach/i386/_structs.h
+osfmk/mach/i386/asm.h
+osfmk/mach/i386/boolean.h
+osfmk/mach/i386/exception.h
+osfmk/mach/i386/fp_reg.h
+osfmk/mach/i386/kern_return.h
+osfmk/mach/i386/ndr_def.h
+osfmk/mach/i386/processor_info.h
+osfmk/mach/i386/rpc.h
+osfmk/mach/i386/sdt_isa.h
+osfmk/mach/i386/syscall_sw.h
+osfmk/mach/i386/thread_state.h
+osfmk/mach/i386/thread_status.h
+osfmk/mach/i386/vm_param.h
+osfmk/mach/i386/vm_types.h
+osfmk/mach/kern_return.h
+osfmk/mach/kmod.h
+osfmk/mach/ktrace_background.h
+osfmk/mach/lock_set.defs
+osfmk/mach/lock_set.h
+osfmk/mach/mach_exc.defs
+osfmk/mach/mach_exc_server.h
+osfmk/mach/mach_host.defs
+osfmk/mach/mach_host.h
+osfmk/mach/mach_interface.h
+osfmk/mach/mach_param.h
+osfmk/mach/mach_port.defs
+osfmk/mach/mach_port.h
+osfmk/mach/mach_syscalls.h
+osfmk/mach/mach_time.h
+osfmk/mach/mach_traps.h
+osfmk/mach/mach_types.defs
+osfmk/mach/mach_types.h
+osfmk/mach/mach_vm.defs
+osfmk/mach/mach_vm.h
+osfmk/mach/mach_voucher.defs
+osfmk/mach/mach_voucher.h
+osfmk/mach/mach_voucher_attr_control.defs
+osfmk/mach/mach_voucher_attr_control.h
+osfmk/mach/mach_voucher_types.h
+osfmk/mach/machine.h
+osfmk/mach/machine/asm.h
+osfmk/mach/machine/boolean.h
+osfmk/mach/machine/exception.h
+osfmk/mach/machine/kern_return.h
+osfmk/mach/machine/machine_types.defs
+osfmk/mach/machine/ndr_def.h
+osfmk/mach/machine/processor_info.h
+osfmk/mach/machine/rpc.h
+osfmk/mach/machine/sdt.h
+osfmk/mach/machine/sdt_isa.h
+osfmk/mach/machine/syscall_sw.h
+osfmk/mach/machine/thread_state.h
+osfmk/mach/machine/thread_status.h
+osfmk/mach/machine/vm_param.h
+osfmk/mach/machine/vm_types.h
+osfmk/mach/memory_object_control.h
+osfmk/mach/memory_object_default_server.h
+osfmk/mach/memory_object_types.h
+osfmk/mach/message.h
+osfmk/mach/mig.h
+osfmk/mach/mig_errors.h
+osfmk/mach/mig_strncpy_zerofill_support.h
+osfmk/mach/mig_voucher_support.h
+osfmk/mach/ndr.h
+osfmk/mach/notify.defs
+osfmk/mach/notify.h
+osfmk/mach/notify_server.h
+osfmk/mach/policy.h
+osfmk/mach/port.h
+osfmk/mach/processor.defs
+osfmk/mach/processor.h
+osfmk/mach/processor_info.h
+osfmk/mach/processor_set.defs
+osfmk/mach/processor_set.h
+osfmk/mach/resource_monitors.h
+osfmk/mach/rpc.h
+osfmk/mach/sdt.h
+osfmk/mach/semaphore.h
+osfmk/mach/sfi_class.h
+osfmk/mach/shared_memory_server.h
+osfmk/mach/shared_region.h
+osfmk/mach/std_types.defs
+osfmk/mach/std_types.h
+osfmk/mach/sync_policy.h
+osfmk/mach/syscall_sw.h
+osfmk/mach/sysdiagnose_notification_server.h
+osfmk/mach/task.defs
+osfmk/mach/task.h
+osfmk/mach/task_access.defs
+osfmk/mach/task_access.h
+osfmk/mach/task_access_server.h
+osfmk/mach/task_info.h
+osfmk/mach/task_policy.h
+osfmk/mach/task_special_ports.h
+osfmk/mach/telemetry_notification.defs
+osfmk/mach/telemetry_notification_server.h
+osfmk/mach/thread_act.defs
+osfmk/mach/thread_act.h
+osfmk/mach/thread_info.h
+osfmk/mach/thread_policy.h
+osfmk/mach/thread_special_ports.h
+osfmk/mach/thread_status.h
+osfmk/mach/thread_switch.h
+osfmk/mach/time_value.h
+osfmk/mach/upl.h
+osfmk/mach/vm_attributes.h
+osfmk/mach/vm_behavior.h
+osfmk/mach/vm_inherit.h
+osfmk/mach/vm_map.defs
+osfmk/mach/vm_map.h
+osfmk/mach/vm_param.h
+osfmk/mach/vm_prot.h
+osfmk/mach/vm_purgable.h
+osfmk/mach/vm_region.h
+osfmk/mach/vm_statistics.h
+osfmk/mach/vm_sync.h
+osfmk/mach/vm_types.h
+osfmk/mach_debug/hash_info.h
+osfmk/mach_debug/ipc_info.h
+osfmk/mach_debug/lockgroup_info.h
+osfmk/mach_debug/mach_debug.h
+osfmk/mach_debug/mach_debug_types.defs
+osfmk/mach_debug/mach_debug_types.h
+osfmk/mach_debug/page_info.h
+osfmk/mach_debug/vm_info.h
+osfmk/mach_debug/zone_info.h
+osfmk/machine/atomic.h
+osfmk/machine/cpu_capabilities.h
+osfmk/machine/cpu_number.h
+osfmk/machine/io_map_entries.h
+osfmk/machine/lock.h
+osfmk/machine/locks.h
+osfmk/machine/machine_cpuid.h
+osfmk/machine/machine_kpc.h
+osfmk/machine/machine_routines.h
+osfmk/machine/pal_hibernate.h
+osfmk/machine/pal_routines.h
+osfmk/machine/simple_lock.h
+osfmk/prng/random.h
+osfmk/string.h
+osfmk/vm/WKdm_new.h
+osfmk/vm/pmap.h
+osfmk/vm/vm_compressor_algorithms.h
+osfmk/vm/vm_fault.h
+osfmk/vm/vm_kern.h
+osfmk/vm/vm_map.h
+osfmk/vm/vm_options.h
+osfmk/vm/vm_pageout.h
+osfmk/vm/vm_protos.h
+osfmk/vm/vm_shared_region.h
+osfmk/voucher/ipc_pthread_priority_types.h
+osfmk/x86_64/machine_kpc.h
+pexpert/boot.h
+pexpert/i386/boot.h
+pexpert/i386/efi.h
+pexpert/i386/protos.h
+pexpert/machine/boot.h
+pexpert/machine/protos.h
+pexpert/pexpert.h
+pexpert/pexpert/boot.h
+pexpert/pexpert/device_tree.h
+pexpert/pexpert/i386/boot.h
+pexpert/pexpert/i386/efi.h
+pexpert/pexpert/i386/protos.h
+pexpert/pexpert/machine/boot.h
+pexpert/pexpert/machine/protos.h
+pexpert/pexpert/pexpert.h
+pexpert/pexpert/protos.h
+pexpert/protos.h
+security/audit/audit_ioctl.h
+security/mac.h
+security/mac_policy.h
+security/security/_label.h
+security/security/mac.h
+security/security/mac_alloc.h
+security/security/mac_data.h
+security/security/mac_framework.h
+security/security/mac_internal.h
+security/security/mac_mach_internal.h
+security/security/mac_policy.h
+servers/key_defs.h
+servers/ls_defs.h
+servers/netname.h
+servers/netname_defs.h
+servers/nm_defs.h
+sys/_endian.h
+sys/_posix_availability.h
+sys/_select.h
+sys/_structs.h
+sys/_symbol_aliasing.h
+sys/_types.h
+sys/_types/_blkcnt_t.h
+sys/_types/_blksize_t.h
+sys/_types/_clock_t.h
+sys/_types/_ct_rune_t.h
+sys/_types/_dev_t.h
+sys/_types/_errno_t.h
+sys/_types/_fd_clr.h
+sys/_types/_fd_copy.h
+sys/_types/_fd_def.h
+sys/_types/_fd_isset.h
+sys/_types/_fd_set.h
+sys/_types/_fd_setsize.h
+sys/_types/_fd_zero.h
+sys/_types/_filesec_t.h
+sys/_types/_fsblkcnt_t.h
+sys/_types/_fsfilcnt_t.h
+sys/_types/_fsid_t.h
+sys/_types/_fsobj_id_t.h
+sys/_types/_gid_t.h
+sys/_types/_guid_t.h
+sys/_types/_id_t.h
+sys/_types/_in_addr_t.h
+sys/_types/_in_port_t.h
+sys/_types/_ino64_t.h
+sys/_types/_ino_t.h
+sys/_types/_int16_t.h
+sys/_types/_int32_t.h
+sys/_types/_int64_t.h
+sys/_types/_int8_t.h
+sys/_types/_intptr_t.h
+sys/_types/_iovec_t.h
+sys/_types/_key_t.h
+sys/_types/_mach_port_t.h
+sys/_types/_mbstate_t.h
+sys/_types/_mode_t.h
+sys/_types/_nlink_t.h
+sys/_types/_null.h
+sys/_types/_o_dsync.h
+sys/_types/_o_sync.h
+sys/_types/_off_t.h
+sys/_types/_offsetof.h
+sys/_types/_os_inline.h
+sys/_types/_pid_t.h
+sys/_types/_posix_vdisable.h
+sys/_types/_ptrdiff_t.h
+sys/_types/_rsize_t.h
+sys/_types/_rune_t.h
+sys/_types/_s_ifmt.h
+sys/_types/_sa_family_t.h
+sys/_types/_seek_set.h
+sys/_types/_sigaltstack.h
+sys/_types/_sigset_t.h
+sys/_types/_size_t.h
+sys/_types/_socklen_t.h
+sys/_types/_ssize_t.h
+sys/_types/_suseconds_t.h
+sys/_types/_time_t.h
+sys/_types/_timespec.h
+sys/_types/_timeval.h
+sys/_types/_timeval32.h
+sys/_types/_timeval64.h
+sys/_types/_u_int16_t.h
+sys/_types/_u_int32_t.h
+sys/_types/_u_int64_t.h
+sys/_types/_u_int8_t.h
+sys/_types/_ucontext.h
+sys/_types/_ucontext64.h
+sys/_types/_uid_t.h
+sys/_types/_uintptr_t.h
+sys/_types/_useconds_t.h
+sys/_types/_uuid_t.h
+sys/_types/_va_list.h
+sys/_types/_wchar_t.h
+sys/_types/_wint_t.h
+sys/acct.h
+sys/aio.h
+sys/appleapiopts.h
+sys/attr.h
+sys/buf.h
+sys/cdefs.h
+sys/clonefile.h
+sys/conf.h
+sys/dir.h
+sys/dirent.h
+sys/disk.h
+sys/dkstat.h
+sys/domain.h
+sys/dtrace.h
+sys/dtrace_glue.h
+sys/dtrace_impl.h
+sys/errno.h
+sys/ev.h
+sys/event.h
+sys/fasttrap.h
+sys/fasttrap_isa.h
+sys/fcntl.h
+sys/file.h
+sys/filedesc.h
+sys/filio.h
+sys/gmon.h
+sys/ioccom.h
+sys/ioctl.h
+sys/ioctl_compat.h
+sys/ipc.h
+sys/kauth.h
+sys/kdebug.h
+sys/kdebug_signpost.h
+sys/kern_control.h
+sys/kern_event.h
+sys/kernel.h
+sys/kernel_types.h
+sys/lctx.h
+sys/loadable_fs.h
+sys/lock.h
+sys/lockf.h
+sys/lockstat.h
+sys/malloc.h
+sys/mbuf.h
+sys/mman.h
+sys/mount.h
+sys/msg.h
+sys/msgbuf.h
+sys/netport.h
+sys/param.h
+sys/paths.h
+sys/pipe.h
+sys/poll.h
+sys/posix_sem.h
+sys/posix_shm.h
+sys/proc.h
+sys/proc_info.h
+sys/protosw.h
+sys/ptrace.h
+sys/queue.h
+sys/quota.h
+sys/random.h
+sys/reboot.h
+sys/resource.h
+sys/resourcevar.h
+sys/sbuf.h
+sys/sdt.h
+sys/select.h
+sys/sem.h
+sys/semaphore.h
+sys/shm.h
+sys/signal.h
+sys/signalvar.h
+sys/socket.h
+sys/socketvar.h
+sys/sockio.h
+sys/spawn.h
+sys/stat.h
+sys/stdio.h
+sys/sys_domain.h
+sys/syscall.h
+sys/sysctl.h
+sys/syslimits.h
+sys/syslog.h
+sys/termios.h
+sys/time.h
+sys/timeb.h
+sys/times.h
+sys/tprintf.h
+sys/trace.h
+sys/tty.h
+sys/ttychars.h
+sys/ttycom.h
+sys/ttydefaults.h
+sys/ttydev.h
+sys/types.h
+sys/ubc.h
+sys/ucontext.h
+sys/ucred.h
+sys/uio.h
+sys/un.h
+sys/unistd.h
+sys/unpcb.h
+sys/user.h
+sys/utfconv.h
+sys/utsname.h
+sys/vadvise.h
+sys/vcmd.h
+sys/vm.h
+sys/vmmeter.h
+sys/vmparam.h
+sys/vnioctl.h
+sys/vnode.h
+sys/vnode_if.h
+sys/vstat.h
+sys/wait.h
+sys/xattr.h
+uuid/uuid.h
+vfs/vfs_support.h
+voucher/ipc_pthread_priority_types.h
diff --git a/pkgs/os-specific/darwin/binutils/default.nix b/pkgs/os-specific/darwin/binutils/default.nix
index fad33b21d04..5dc57f43e4a 100644
--- a/pkgs/os-specific/darwin/binutils/default.nix
+++ b/pkgs/os-specific/darwin/binutils/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, binutils-unwrapped, cctools, llvm }:
+{ lib, stdenv, makeWrapper, binutils-unwrapped, cctools, llvm, clang-unwrapped }:
 
 # Make sure both underlying packages claim to have prepended their binaries
 # with the same targetPrefix.
@@ -9,6 +9,7 @@ let
   cmds = [
     "ar" "ranlib" "as" "install_name_tool"
     "ld" "strip" "otool" "lipo" "nm" "strings" "size"
+    "codesign_allocate"
   ];
 in
 
@@ -32,7 +33,7 @@ stdenv.mkDerivation {
     # - strip: the binutils one seems to break mach-o files
     # - lipo: gcc build assumes it exists
     # - nm: the gnu one doesn't understand many new load commands
-    for i in ${stdenv.lib.concatStringsSep " " (builtins.map (e: targetPrefix + e) cmds)}; do
+    for i in ${lib.concatStringsSep " " (builtins.map (e: targetPrefix + e) cmds)}; do
       ln -sf "${cctools}/bin/$i" "$out/bin/$i"
     done
 
@@ -49,14 +50,25 @@ stdenv.mkDerivation {
         ln -sv "$path" "$dest_path"
       done
     done
+  ''
+  # On aarch64-darwin we must use clang, because "as" from cctools just doesn't
+  # handle the arch. Proxying calls to clang produces quite a bit of warnings,
+  # and using clang directly here is a better option than relying on cctools.
+  # On x86_64-darwin the Clang version is too old to support this mode.
+  + lib.optionalString stdenv.isAarch64 ''
+    rm $out/bin/as
+    makeWrapper "${clang-unwrapped}/bin/clang" "$out/bin/as" \
+      --add-flags "-x assembler -integrated-as -c"
   '';
 
+  nativeBuildInputs = lib.optionals stdenv.isAarch64 [ makeWrapper ];
+
   passthru = {
     inherit targetPrefix;
   };
 
   meta = {
-    maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
+    maintainers = with lib.maintainers; [ matthewbauer ];
     priority = 10;
   };
 }
diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix
index 0c25f225291..bace6f0689d 100644
--- a/pkgs/os-specific/darwin/cctools/port.nix
+++ b/pkgs/os-specific/darwin/cctools/port.nix
@@ -1,6 +1,6 @@
-{ stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook
+{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook
 , installShellFiles
-, libcxxabi, libuuid
+, libuuid
 , libobjc ? null, maloader ? null
 , enableTapiSupport ? true, libtapi
 }:
@@ -9,7 +9,7 @@ let
 
   # The targetPrefix prepended to binary names to allow multiple binuntils on the
   # PATH to both be usable.
-  targetPrefix = stdenv.lib.optionalString
+  targetPrefix = lib.optionalString
     (stdenv.targetPlatform != stdenv.hostPlatform)
     "${stdenv.targetPlatform.config}-";
 in
@@ -17,92 +17,90 @@ in
 # Non-Darwin alternatives
 assert (!stdenv.hostPlatform.isDarwin) -> maloader != null;
 
-let
-  baseParams = rec {
-    name = "${targetPrefix}cctools-port";
-    version = "927.0.2";
-
-    src = fetchFromGitHub {
-      owner  = "tpoechtrager";
-      repo   = "cctools-port";
-      rev    = "8239a5211bcf07d6b9d359782e1a889ec1d7cce5";
-      sha256 = "0h8b1my0wf1jyjq63wbiqkl2clgxsf87f6i4fjhqs431fzlq8sac";
-    };
-
-    outputs = [ "out" "dev" "man" ];
-
-    nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ];
-    buildInputs = [ libuuid ]
-      ++ stdenv.lib.optionals stdenv.isDarwin [ libcxxabi libobjc ]
-      ++ stdenv.lib.optional enableTapiSupport libtapi;
-
-    patches = [ ./ld-ignore-rpath-link.patch ./ld-rpath-nonfinal.patch ];
-
-    __propagatedImpureHostDeps = [
-      # As far as I can tell, otool from cctools is the only thing that depends on these two, and we should fix them
-      "/usr/lib/libobjc.A.dylib"
-      "/usr/lib/libobjc.dylib"
+stdenv.mkDerivation {
+  pname = "${targetPrefix}cctools-port";
+  version = "949.0.1";
+
+  src = fetchFromGitHub {
+    owner  = "tpoechtrager";
+    repo   = "cctools-port";
+    rev    = "43f32a4c61b5ba7fde011e816136c550b1b3146f";
+    sha256 = "10yc5smiczzm62q6ijqccc58bwmfhc897f3bwa5i9j98csqsjj0k";
+  };
+
+  outputs = [ "out" "dev" "man" ];
+
+  nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ];
+  buildInputs = [ libuuid ]
+    ++ lib.optionals stdenv.isDarwin [ libobjc ]
+    ++ lib.optional enableTapiSupport libtapi;
+
+  patches = [ ./ld-ignore-rpath-link.patch ./ld-rpath-nonfinal.patch ];
+
+  __propagatedImpureHostDeps = [
+    # As far as I can tell, otool from cctools is the only thing that depends on these two, and we should fix them
+    "/usr/lib/libobjc.A.dylib"
+    "/usr/lib/libobjc.dylib"
+  ];
+
+  enableParallelBuilding = true;
+
+  # TODO(@Ericson2314): Always pass "--target" and always targetPrefix.
+  configurePlatforms = [ "build" "host" ]
+    ++ lib.optional (stdenv.targetPlatform != stdenv.hostPlatform) "target";
+  configureFlags = [ "--disable-clang-as" ]
+    ++ lib.optionals enableTapiSupport [
+      "--enable-tapi-support"
+      "--with-libtapi=${libtapi}"
     ];
 
-    enableParallelBuilding = true;
-
-    # TODO(@Ericson2314): Always pass "--target" and always targetPrefix.
-    configurePlatforms = [ "build" "host" ]
-      ++ stdenv.lib.optional (stdenv.targetPlatform != stdenv.hostPlatform) "target";
-    configureFlags = [ "--disable-clang-as" ]
-      ++ stdenv.lib.optionals enableTapiSupport [
-        "--enable-tapi-support"
-        "--with-libtapi=${libtapi}"
-      ];
-
-    postPatch = stdenv.lib.optionalString stdenv.hostPlatform.isDarwin ''
-      substituteInPlace cctools/Makefile.am --replace libobjc2 ""
-    '' + ''
-      sed -i -e 's/addStandardLibraryDirectories = true/addStandardLibraryDirectories = false/' cctools/ld64/src/ld/Options.cpp
-
-      # FIXME: there are far more absolute path references that I don't want to fix right now
-      substituteInPlace cctools/configure.ac \
-        --replace "-isystem /usr/local/include -isystem /usr/pkg/include" "" \
-        --replace "-L/usr/local/lib" "" \
-
-      substituteInPlace cctools/include/Makefile \
-        --replace "/bin/" ""
-
-      patchShebangs tools
-      sed -i -e 's/which/type -P/' tools/*.sh
-
-      # Workaround for https://www.sourceware.org/bugzilla/show_bug.cgi?id=11157
-      cat > cctools/include/unistd.h <<EOF
-      #ifdef __block
-      #  undef __block
-      #  include_next "unistd.h"
-      #  define __block __attribute__((__blocks__(byref)))
-      #else
-      #  include_next "unistd.h"
-      #endif
-      EOF
-
-      cd cctools
-    '';
-
-    preInstall = ''
-      pushd include
-      make DSTROOT=$out/include RC_OS=common install
-      popd
-
-      installManPage ar/ar.{1,5}
-    '';
-
-    passthru = {
-      inherit targetPrefix;
-    };
-
-    meta = {
-      broken = !stdenv.targetPlatform.isDarwin; # Only supports darwin targets
-      homepage = "http://www.opensource.apple.com/source/cctools/";
-      description = "MacOS Compiler Tools (cross-platform port)";
-      license = stdenv.lib.licenses.apsl20;
-      maintainers = with stdenv.lib.maintainers; [ matthewbauer ];
-    };
+  postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
+    substituteInPlace cctools/Makefile.am --replace libobjc2 ""
+  '' + ''
+    sed -i -e 's/addStandardLibraryDirectories = true/addStandardLibraryDirectories = false/' cctools/ld64/src/ld/Options.cpp
+
+    # FIXME: there are far more absolute path references that I don't want to fix right now
+    substituteInPlace cctools/configure.ac \
+      --replace "-isystem /usr/local/include -isystem /usr/pkg/include" "" \
+      --replace "-L/usr/local/lib" "" \
+
+    substituteInPlace cctools/include/Makefile \
+      --replace "/bin/" ""
+
+    patchShebangs tools
+    sed -i -e 's/which/type -P/' tools/*.sh
+
+    # Workaround for https://www.sourceware.org/bugzilla/show_bug.cgi?id=11157
+    cat > cctools/include/unistd.h <<EOF
+    #ifdef __block
+    #  undef __block
+    #  include_next "unistd.h"
+    #  define __block __attribute__((__blocks__(byref)))
+    #else
+    #  include_next "unistd.h"
+    #endif
+    EOF
+
+    cd cctools
+  '';
+
+  preInstall = ''
+    pushd include
+    make DSTROOT=$out/include RC_OS=common install
+    popd
+
+    installManPage ar/ar.{1,5}
+  '';
+
+  passthru = {
+    inherit targetPrefix;
+  };
+
+  meta = {
+    broken = !stdenv.targetPlatform.isDarwin; # Only supports darwin targets
+    homepage = "http://www.opensource.apple.com/source/cctools/";
+    description = "MacOS Compiler Tools (cross-platform port)";
+    license = lib.licenses.apsl20;
+    maintainers = with lib.maintainers; [ matthewbauer ];
   };
-in stdenv.mkDerivation baseParams
+}
diff --git a/pkgs/os-specific/darwin/chunkwm/default.nix b/pkgs/os-specific/darwin/chunkwm/default.nix
index d94f66969f4..c0229ba3ae2 100644
--- a/pkgs/os-specific/darwin/chunkwm/default.nix
+++ b/pkgs/os-specific/darwin/chunkwm/default.nix
@@ -1,10 +1,10 @@
-{ stdenv, fetchzip, Carbon, Cocoa, ScriptingBridge }:
+{ lib, stdenv, fetchzip, Carbon, Cocoa, ScriptingBridge }:
 
 stdenv.mkDerivation rec {
   pname = "chunkwm";
   version = "0.4.9";
   src = fetchzip {
-    url = "http://github.com/koekeishiya/chunkwm/archive/v${version}.tar.gz";
+    url = "https://github.com/koekeishiya/chunkwm/archive/v${version}.tar.gz";
     sha256 = "0w8q92q97fdvbwc3qb5w44jn4vi3m65ssdvjp5hh6b7llr17vspl";
   };
 
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
     cp plugins/*.so $out/lib/chunkwm/plugins
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Tiling window manager for macOS based on plugin architecture";
     homepage = "https://github.com/koekeishiya/chunkwm";
     platforms = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/darling/default.nix b/pkgs/os-specific/darwin/darling/default.nix
index 846831d0a87..22fb6d3b07c 100644
--- a/pkgs/os-specific/darwin/darling/default.nix
+++ b/pkgs/os-specific/darwin/darling/default.nix
@@ -8,11 +8,22 @@ stdenv.mkDerivation rec {
     url = "https://github.com/darlinghq/darling/archive/d2cc5fa748003aaa70ad4180fff0a9a85dc65e9b.tar.gz";
     sha256 = "11b51fw47nl505h63bgx5kqiyhf3glhp1q6jkpb6nqfislnzzkrf";
     postFetch = ''
-      # Get rid of case conflict
-      mkdir $out
+      # The archive contains both `src/opendirectory` and `src/OpenDirectory`,
+      # pre-create the directory to choose the canonical case on
+      # case-insensitive filesystems.
+      mkdir -p $out/src/OpenDirectory
+
       cd $out
       tar -xzf $downloadedFile --strip-components=1
       rm -r $out/src/libm
+
+      # If `src/opendirectory` and `src/OpenDirectory` refer to different
+      # things, then combine them into `src/OpenDirectory` to match the result
+      # on case-insensitive filesystems.
+      if [ "$(stat -c %i src/opendirectory)" != "$(stat -c %i src/OpenDirectory)" ]; then
+        mv src/opendirectory/* src/OpenDirectory/
+        rmdir src/opendirectory
+      fi
     '';
   };
 
@@ -31,8 +42,6 @@ stdenv.mkDerivation rec {
     cp src/libaks/include/* $out/include
   '';
 
-  # buildInputs = [ cmake bison flex ];
-
   meta = with lib; {
     maintainers = with maintainers; [ matthewbauer ];
     license = licenses.gpl3;
diff --git a/pkgs/os-specific/darwin/darwin-stubs/default.nix b/pkgs/os-specific/darwin/darwin-stubs/default.nix
new file mode 100644
index 00000000000..6e3439455cc
--- /dev/null
+++ b/pkgs/os-specific/darwin/darwin-stubs/default.nix
@@ -0,0 +1,18 @@
+{ stdenvNoCC, fetchurl }:
+
+stdenvNoCC.mkDerivation {
+  pname = "darwin-stubs";
+  version = "10.12";
+
+  src = fetchurl {
+    url = "https://github.com/NixOS/darwin-stubs/releases/download/v20201216/10.12.tar.gz";
+    sha256 = "1fyd3xig7brkzlzp0ql7vyfj5sp8iy56kgp548mvicqdyw92adgm";
+  };
+
+  dontBuild = true;
+
+  installPhase = ''
+    mkdir $out
+    mv * $out
+  '';
+}
diff --git a/pkgs/os-specific/darwin/discrete-scroll/default.nix b/pkgs/os-specific/darwin/discrete-scroll/default.nix
new file mode 100644
index 00000000000..f38bf8d8132
--- /dev/null
+++ b/pkgs/os-specific/darwin/discrete-scroll/default.nix
@@ -0,0 +1,36 @@
+{ stdenv, lib, fetchFromGitHub, Cocoa }:
+
+## after launching for the first time, grant access for parent application (e.g. Terminal.app)
+## from 'system preferences >> security & privacy >> accessibility'
+## and then launch again
+
+stdenv.mkDerivation rec {
+  pname = "discrete-scroll";
+  version = "0.1.1";
+
+  src = fetchFromGitHub {
+    owner = "emreyolcu";
+    repo = "discrete-scroll";
+    rev = "v${version}";
+    sha256 = "0aqkp4kkwjlkll91xbqwf8asjww8ylsdgqvdk8d06bwdvg2cgvhg";
+  };
+
+  buildInputs = [ Cocoa ];
+
+  buildPhase = ''
+    cc -std=c99 -O3 -Wall -framework Cocoa -o dc DiscreteScroll/main.m
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp ./dc $out/bin/discretescroll
+  '';
+
+  meta = with lib; {
+    description = "Fix for OS X's scroll wheel problem";
+    homepage = "https://github.com/emreyolcu/discrete-scroll";
+    platforms = platforms.darwin;
+    license = licenses.mit;
+    maintainers = with lib.maintainers; [ bb2020 ];
+  };
+}
diff --git a/pkgs/os-specific/darwin/duti/default.nix b/pkgs/os-specific/darwin/duti/default.nix
index 5c63b8e0dfb..9daed151ce4 100644
--- a/pkgs/os-specific/darwin/duti/default.nix
+++ b/pkgs/os-specific/darwin/duti/default.nix
@@ -1,17 +1,25 @@
-{stdenv, lib, fetchFromGitHub, autoreconfHook, darwin}:
+{stdenv, lib, fetchFromGitHub, autoreconfHook, ApplicationServices}:
 
 stdenv.mkDerivation rec {
   pname = "duti";
-  version = "1.5.4pre";
+  version = "1.5.5pre";
   src = fetchFromGitHub {
     owner = "moretension";
     repo = pname;
-    rev = "7dbcae86f99fedef5a6c4311f032a0f1ca0539cc";
-    sha256 = "1z9sa0yk87vs57d5338y6lvm1v1vvynxb7dy1x5aqzkcr0imhljl";
+    rev = "fe3d3dc411bcea6af7a8cbe53c0e08ed5ecacdb2";
+    sha256 = "1pg4i6ghpib2gy1sqpml7dbnhr1vbr43fs2pqkd09i4w3nmgpic9";
   };
+
   nativeBuildInputs = [autoreconfHook];
-  buildInputs = [darwin.apple_sdk.frameworks.ApplicationServices];
-  configureFlags = ["--with-macosx-sdk=/homeless-shelter"];
+  buildInputs = [ApplicationServices];
+  configureFlags = [
+    "--with-macosx-sdk=/homeless-shelter"
+
+    # needed to prevent duti from trying to guess our sdk
+    # NOTE: this is different than stdenv.hostPlatform.config!
+    "--host=x86_64-apple-darwin18"
+  ];
+
   meta = with lib; {
     description = "A command-line tool to select default applications for document types and URL schemes on Mac OS X";
     longDescription = ''
diff --git a/pkgs/os-specific/darwin/goku/default.nix b/pkgs/os-specific/darwin/goku/default.nix
index f6834fca735..c729ee6010c 100644
--- a/pkgs/os-specific/darwin/goku/default.nix
+++ b/pkgs/os-specific/darwin/goku/default.nix
@@ -1,23 +1,25 @@
-{stdenv, fetchurl }:
+{lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   pname = "goku";
-  version = "0.1.11";
+  version = "0.3.6";
 
   src = fetchurl {
     url = "https://github.com/yqrashawn/GokuRakuJoudo/releases/download/v${version}/goku.tar.gz";
-    sha256 = "49562342be114c2656726c5c697131acd286965ab3903a1a1e157cc689e20b15";
+    sha256 = "1pss1k2slbqzpfynik50pdk4jsaiag4abhmr6kadmaaj18mfz7ai";
   };
 
   sourceRoot = ".";
 
   installPhase = ''
+    chmod +x goku
+    chmod +x gokuw
     mkdir -p $out/bin
     cp goku $out/bin
     cp gokuw $out/bin
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Karabiner configurator";
     homepage = "https://github.com/yqrashawn/GokuRakuJoudo";
     license = licenses.gpl3;
diff --git a/pkgs/os-specific/darwin/impure-cmds/default.nix b/pkgs/os-specific/darwin/impure-cmds/default.nix
new file mode 100644
index 00000000000..51e345f048b
--- /dev/null
+++ b/pkgs/os-specific/darwin/impure-cmds/default.nix
@@ -0,0 +1,34 @@
+{ lib, runCommandLocal }:
+
+# On darwin, there are some commands neither opensource nor able to build in nixpkgs.
+# We have no choice but to use those system-shipped impure ones.
+
+let
+  commands = {
+    ditto = "/usr/bin/ditto"; # ditto is not opensource
+    sudo  = "/usr/bin/sudo";  # sudo must be owned by uid 0 and have the setuid bit set
+  };
+
+  mkImpureDrv = name: path:
+    runCommandLocal "${name}-impure-darwin" {
+      __impureHostDeps = [ path ];
+
+      meta = {
+        platforms = lib.platforms.darwin;
+      };
+    } ''
+      if ! [ -x ${path} ]; then
+        echo Cannot find command ${path}
+        exit 1
+      fi
+
+      mkdir -p $out/bin
+      ln -s ${path} $out/bin
+
+      manpage="/usr/share/man/man1/${name}.1"
+      if [ -f $manpage ]; then
+        mkdir -p $out/share/man/man1
+        ln -s $manpage $out/share/man/man1
+      fi
+    '';
+in lib.mapAttrs mkImpureDrv commands
diff --git a/pkgs/os-specific/darwin/insert_dylib/default.nix b/pkgs/os-specific/darwin/insert_dylib/default.nix
index 0ab6a415707..07e8886e3e6 100644
--- a/pkgs/os-specific/darwin/insert_dylib/default.nix
+++ b/pkgs/os-specific/darwin/insert_dylib/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, xcbuildHook }:
+{ lib, stdenv, fetchFromGitHub, xcbuildHook }:
 
 stdenv.mkDerivation
   { name = "insert_dylib-2016.08.28";
@@ -14,5 +14,5 @@ stdenv.mkDerivation
         mkdir -p $out/bin
         install -m755 Products/Release/insert_dylib $out/bin
       '';
-    meta.platforms = stdenv.lib.platforms.darwin;
+    meta.platforms = lib.platforms.darwin;
   }
diff --git a/pkgs/os-specific/darwin/iproute2mac/default.nix b/pkgs/os-specific/darwin/iproute2mac/default.nix
index edf1583de9a..915ef7c9158 100644
--- a/pkgs/os-specific/darwin/iproute2mac/default.nix
+++ b/pkgs/os-specific/darwin/iproute2mac/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, darwin, python2 }:
+{ lib, stdenv, fetchFromGitHub, darwin, python2 }:
 
 stdenv.mkDerivation rec {
   version = "1.2.1";
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
     install -D -m 755 src/ip.py $out/bin/ip
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "https://github.com/brona/iproute2mac";
     description = "CLI wrapper for basic network utilites on Mac OS X inspired with iproute2 on Linux systems - ip command.";
     license = licenses.mit;
diff --git a/pkgs/os-specific/darwin/khd/default.nix b/pkgs/os-specific/darwin/khd/default.nix
index b09b65f33d5..87e1a8bf6ae 100644
--- a/pkgs/os-specific/darwin/khd/default.nix
+++ b/pkgs/os-specific/darwin/khd/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, fetchpatch, Carbon, Cocoa }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, Carbon, Cocoa }:
 
 stdenv.mkDerivation rec {
   pname = "khd";
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
     substituteInPlace $out/Library/LaunchDaemons/org.nixos.khd.plist --subst-var out
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "A simple modal hotkey daemon for OSX";
     homepage = "https://github.com/koekeishiya/khd";
     downloadPage = "https://github.com/koekeishiya/khd/releases";
diff --git a/pkgs/os-specific/darwin/kwm/default.nix b/pkgs/os-specific/darwin/kwm/default.nix
index 8c412aa68ed..273ea7345d9 100644
--- a/pkgs/os-specific/darwin/kwm/default.nix
+++ b/pkgs/os-specific/darwin/kwm/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchzip }:
+{ lib, stdenv, fetchzip }:
 
 stdenv.mkDerivation rec {
   pname = "kwm";
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
     substituteInPlace $out/Library/LaunchDaemons/org.nixos.kwm.plist --subst-var out
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Tiling window manager with focus follows mouse for OSX";
     homepage = "https://github.com/koekeishiya/kwm";
     downloadPage = "https://github.com/koekeishiya/kwm/releases";
diff --git a/pkgs/os-specific/darwin/libtapi/default.nix b/pkgs/os-specific/darwin/libtapi/default.nix
index 182d1db3bfd..da071074097 100644
--- a/pkgs/os-specific/darwin/libtapi/default.nix
+++ b/pkgs/os-specific/darwin/libtapi/default.nix
@@ -1,30 +1,74 @@
-{ lib, stdenv, fetchFromGitHub, cmake, python3, clang_6 }:
+{ lib, stdenv, fetchFromGitHub, pkgsBuildBuild, cmake, python3, ncurses }:
 
 stdenv.mkDerivation {
-  name = "libtapi-1000.10.8";
+  pname = "libtapi";
+  version = "1100.0.11"; # determined by looking at VERSION.txt
+
   src = fetchFromGitHub {
     owner = "tpoechtrager";
     repo = "apple-libtapi";
-    rev = "cd9885b97fdff92cc41e886bba4a404c42fdf71b";
-    sha256 = "1a19h39a48agvnmal99n9j1fjadiqwib7hfzmn342wmgh9z3vk0g";
+    rev = "664b8414f89612f2dfd35a9b679c345aa5389026";
+    sha256 = "1y1yl46msabfy14z0rln333a06087bk14f5h7q1cdawn8nmvbdbr";
   };
 
+  sourceRoot = "source/src/llvm";
+
+  # Backported from newer llvm, fixes configure error when cross compiling.
+  # Also means we don't have to manually fix the result with install_name_tool.
+  patches = [
+    ./disable-rpath.patch
+  ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [
+    # TODO: make unconditional and rebuild the world
+    # TODO: send upstream
+    ./native-clang-tblgen.patch
+  ];
+
   nativeBuildInputs = [ cmake python3 ];
-  buildInputs = [ clang_6.cc ];
 
+  # ncurses is required here to avoid a reference to bootstrap-tools, which is
+  # not allowed for the stdenv.
+  buildInputs = [ ncurses ];
+
+  cmakeFlags = [ "-DLLVM_INCLUDE_TESTS=OFF" ]
+    ++ lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) [
+      "-DCMAKE_CROSSCOMPILING=True"
+      # This package could probably have a llvm_6 llvm-tblgen and clang-tblgen
+      # provided to reduce some building. This package seems intended to
+      # include all of its dependencies, including enough of LLVM to build the
+      # required tablegens.
+      (
+        let
+          nativeCC = pkgsBuildBuild.stdenv.cc;
+          nativeBintools = nativeCC.bintools.bintools;
+          nativeToolchainFlags = [
+            "-DCMAKE_C_COMPILER=${nativeCC}/bin/${nativeCC.targetPrefix}cc"
+            "-DCMAKE_CXX_COMPILER=${nativeCC}/bin/${nativeCC.targetPrefix}c++"
+            "-DCMAKE_AR=${nativeBintools}/bin/${nativeBintools.targetPrefix}ar"
+            "-DCMAKE_STRIP=${nativeBintools}/bin/${nativeBintools.targetPrefix}strip"
+            "-DCMAKE_RANLIB=${nativeBintools}/bin/${nativeBintools.targetPrefix}ranlib"
+          ];
+        in "-DCROSS_TOOLCHAIN_FLAGS_NATIVE:list=${lib.concatStringsSep ";" nativeToolchainFlags}"
+      )
+    ];
+
+  # fixes: fatal error: 'clang/Basic/Diagnostic.h' file not found
+  # adapted from upstream
+  # https://github.com/tpoechtrager/apple-libtapi/blob/3cb307764cc5f1856c8a23bbdf3eb49dfc6bea48/build.sh#L58-L60
   preConfigure = ''
-    cd src/llvm
-  '';
+    INCLUDE_FIX="-I $PWD/projects/clang/include"
+    INCLUDE_FIX+=" -I $PWD/build/projects/clang/include"
 
-  cmakeFlags = [ "-DLLVM_INCLUDE_TESTS=OFF" ];
+    cmakeFlagsArray+=(-DCMAKE_CXX_FLAGS="$INCLUDE_FIX")
+  '';
 
-  buildFlags = [ "libtapi" ];
+  buildFlags = [ "clangBasic" "libtapi" "tapi" ];
 
-  installTarget = "install-libtapi";
+  installTargets = [ "install-libtapi" "install-tapi-headers" "install-tapi" ];
 
   meta = with lib; {
+    description = "Replaces the Mach-O Dynamic Library Stub files in Apple's SDKs to reduce the size";
+    homepage = "https://github.com/tpoechtrager/apple-libtapi";
     license = licenses.apsl20;
     maintainers = with maintainers; [ matthewbauer ];
   };
-
 }
diff --git a/pkgs/os-specific/darwin/libtapi/disable-rpath.patch b/pkgs/os-specific/darwin/libtapi/disable-rpath.patch
new file mode 100644
index 00000000000..87c0cf3330d
--- /dev/null
+++ b/pkgs/os-specific/darwin/libtapi/disable-rpath.patch
@@ -0,0 +1,14 @@
+diff --git a/src/llvm/cmake/modules/AddLLVM.cmake b/src/llvm/cmake/modules/AddLLVM.cmake
+index a53016eb0..b65e608a4 100644
+--- a/cmake/modules/AddLLVM.cmake
++++ b/cmake/modules/AddLLVM.cmake
+@@ -1683,8 +1683,7 @@ function(llvm_setup_rpath name)
+   endif()
+
+   if (APPLE)
+-    set(_install_name_dir INSTALL_NAME_DIR "@rpath")
+-    set(_install_rpath "@loader_path/../lib" ${extra_libdir})
++    set(_install_name_dir)
+   elseif(UNIX)
+     set(_install_rpath "\$ORIGIN/../lib${LLVM_LIBDIR_SUFFIX}" ${extra_libdir})
+     if(${CMAKE_SYSTEM_NAME} MATCHES "(FreeBSD|DragonFly)")
diff --git a/pkgs/os-specific/darwin/libtapi/native-clang-tblgen.patch b/pkgs/os-specific/darwin/libtapi/native-clang-tblgen.patch
new file mode 100644
index 00000000000..9b715766a12
--- /dev/null
+++ b/pkgs/os-specific/darwin/libtapi/native-clang-tblgen.patch
@@ -0,0 +1,21 @@
+diffprojects/libtapi/CMakeLists.txt b/src/llvm/projects/libtapi/CMakeLists.txt
+index 8ee6d8138..8277be147 100644
+--- a/projects/libtapi/CMakeLists.txt
++++ b/projects/libtapi/CMakeLists.txt
+@@ -193,7 +193,15 @@ if (NOT DEFINED CLANG_VERSION)
+   set(CLANG_VERSION "${LLVM_VERSION_MAJOR}.${LLVM_VERSION_MINOR}.${LLVM_VERSION_PATCH}")
+ endif ()
+ if (NOT DEFINED CLANG_TABLEGEN_EXE)
+-  set(CLANG_TABLEGEN_EXE "${LLVM_TOOLS_BINARY_DIR}/clang-tblgen")
++  if(LLVM_USE_HOST_TOOLS)
++    if (NOT CMAKE_CONFIGURATION_TYPES)
++      set(CLANG_TABLEGEN_EXE "${LLVM_NATIVE_BUILD}/bin/clang-tblgen")
++    else()
++      set(CLANG_TABLEGEN_EXE "${LLVM_NATIVE_BUILD}/Release/bin/clang-tblgen")
++    endif()
++  else()
++    set(CLANG_TABLEGEN_EXE "${LLVM_TOOLS_BINARY_DIR}/clang-tblgen")
++  endif ()
+ endif ()
+
+ # Include must go first.
diff --git a/pkgs/os-specific/darwin/lsusb/default.nix b/pkgs/os-specific/darwin/lsusb/default.nix
index 799a4761fbd..712e32f16fe 100644
--- a/pkgs/os-specific/darwin/lsusb/default.nix
+++ b/pkgs/os-specific/darwin/lsusb/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub }:
+{ lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation {
   version = "1.0";
@@ -21,8 +21,8 @@ stdenv.mkDerivation {
   meta = {
     homepage = "https://github.com/jlhonora/lsusb";
     description = "lsusb command for Mac OS X";
-    platforms = stdenv.lib.platforms.darwin;
-    license = stdenv.lib.licenses.mit;
-    maintainers = [ stdenv.lib.maintainers.varunpatro ];
+    platforms = lib.platforms.darwin;
+    license = lib.licenses.mit;
+    maintainers = [ lib.maintainers.varunpatro ];
   };
 }
diff --git a/pkgs/os-specific/darwin/m-cli/default.nix b/pkgs/os-specific/darwin/m-cli/default.nix
index 2699bb8e140..f19f5a0275b 100644
--- a/pkgs/os-specific/darwin/m-cli/default.nix
+++ b/pkgs/os-specific/darwin/m-cli/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub }:
+{ lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation rec {
   pname = "m-cli";
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
     install -Dt "$out/share/zsh/site-functions/" -m444 completion/zsh/_m
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Swiss Army Knife for macOS";
     inherit (src.meta) homepage;
     repositories.git = "git://github.com/rgcr/m-cli.git";
@@ -40,6 +40,6 @@ stdenv.mkDerivation rec {
     license = licenses.mit;
 
     platforms = platforms.darwin;
-    maintainers = with maintainers; [ yurrriq ];
+    maintainers = with maintainers; [];
   };
 }
diff --git a/pkgs/os-specific/darwin/macfuse/default.nix b/pkgs/os-specific/darwin/macfuse/default.nix
new file mode 100644
index 00000000000..4fd92a15562
--- /dev/null
+++ b/pkgs/os-specific/darwin/macfuse/default.nix
@@ -0,0 +1,65 @@
+{ lib, stdenv, fetchurl, cpio, xar, undmg, libtapi, DiskArbitration }:
+
+stdenv.mkDerivation rec {
+  pname = "macfuse-stubs";
+  version = "4.1.0";
+
+  src = fetchurl {
+    url = "https://github.com/osxfuse/osxfuse/releases/download/macfuse-${version}/macfuse-${version}.dmg";
+    sha256 = "118hg64w5wb95lbxw6w1hbqxrx3plcbxfjhvxx86q0zx0saa9diw";
+  };
+
+  nativeBuildInputs = [ cpio xar undmg libtapi ];
+  propagatedBuildInputs = [ DiskArbitration ];
+
+  postUnpack = ''
+    xar -xf 'Install macFUSE.pkg'
+    cd Core.pkg
+    gunzip -dc Payload | cpio -i
+  '';
+
+  sourceRoot = ".";
+
+  buildPhase = ''
+    pushd usr/local/lib
+    for f in *.dylib; do
+      tapi stubify --filetype=tbd-v2  "$f" -o "''${f%%.dylib}.tbd"
+    done
+    sed -i "s|^prefix=.*|prefix=$out|" pkgconfig/fuse.pc
+    popd
+  '';
+
+  # NOTE: Keep in mind that different parts of macFUSE are distributed under a
+  # different license
+  installPhase = ''
+    mkdir -p $out/include $out/lib/pkgconfig
+    cp usr/local/lib/*.tbd $out/lib
+    cp usr/local/lib/pkgconfig/*.pc $out/lib/pkgconfig
+    cp -R usr/local/include/* $out/include
+  '';
+
+  meta = with lib; {
+    homepage = "https://osxfuse.github.io";
+    description = "Build time stubs for FUSE on macOS";
+    longDescription = ''
+      macFUSE is required for this package to work on macOS. To install macFUSE,
+      use the installer from the <link xlink:href="https://osxfuse.github.io/">
+      project website</link>.
+    '';
+    platforms = platforms.darwin;
+    maintainers = with maintainers; [ midchildan ];
+
+    # macFUSE as a whole includes code with restrictions on commercial
+    # redistribution. However, the build artifacts that we actually touch for
+    # this derivation are distributed under a free license.
+    license = with licenses; [
+      lgpl2Plus # libfuse
+    ];
+  };
+
+  passthru.warning = ''
+    macFUSE is required for this package to work on macOS. To install macFUSE,
+    use the installer from the <link xlink:href="https://osxfuse.github.io/">
+    project website</link>.
+  '';
+}
diff --git a/pkgs/os-specific/darwin/maloader/default.nix b/pkgs/os-specific/darwin/maloader/default.nix
index 0de94c92388..9142484e043 100644
--- a/pkgs/os-specific/darwin/maloader/default.nix
+++ b/pkgs/os-specific/darwin/maloader/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, opencflite, clang, libcxx }:
+{ lib, stdenv, fetchgit, opencflite, clang, libcxx }:
 
 stdenv.mkDerivation {
   name = "maloader-0git";
@@ -16,7 +16,7 @@ stdenv.mkDerivation {
       ld-mac.cc
   '';
 
-  NIX_CFLAGS_COMPILE = "-I${libcxx}/include/c++/v1";
+  NIX_CFLAGS_COMPILE = "-I${lib.getDev libcxx}/include/c++/v1";
   buildInputs = [ clang libcxx ];
   buildFlags = [ "USE_LIBCXX=1" "release" ];
 
@@ -31,8 +31,8 @@ stdenv.mkDerivation {
   meta = {
     description = "Mach-O loader for Linux";
     homepage = "https://github.com/shinh/maloader";
-    license = stdenv.lib.licenses.bsd2;
-    platforms = stdenv.lib.platforms.linux;
+    license = lib.licenses.bsd2;
+    platforms = lib.platforms.linux;
     broken = true; # 2018-09-08, no succesful build since 2017-08-21
   };
 }
diff --git a/pkgs/os-specific/darwin/mas/default.nix b/pkgs/os-specific/darwin/mas/default.nix
new file mode 100644
index 00000000000..907d2185327
--- /dev/null
+++ b/pkgs/os-specific/darwin/mas/default.nix
@@ -0,0 +1,38 @@
+{ lib
+, stdenv
+, fetchurl
+, libarchive
+, p7zip
+}:
+
+stdenv.mkDerivation rec {
+  pname = "mas";
+  version = "1.8.2";
+
+  src = fetchurl {
+    url = "https://github.com/mas-cli/mas/releases/download/v${version}/mas.pkg";
+    sha256 = "HlLQKBVIYKanS6kjkbYdabBi1T0irxE6fNd2H6mDKe4=";
+  };
+
+  nativeBuildInputs = [ libarchive p7zip ];
+
+  unpackPhase = ''
+    7z x $src
+    bsdtar -xf Payload~
+  '';
+
+  dontBuild = true;
+
+  installPhase = ''
+    mkdir -p $out
+    cp -r ./usr/local/bin $out
+  '';
+
+  meta = with lib; {
+    description = "Mac App Store command line interface";
+    homepage = "https://github.com/mas-cli/mas";
+    license = licenses.mit;
+    maintainers = with maintainers; [ zachcoyle ];
+    platforms = platforms.darwin;
+  };
+}
diff --git a/pkgs/os-specific/darwin/noah/default.nix b/pkgs/os-specific/darwin/noah/default.nix
index 81f4ab2bd9e..f4d8a4b21a8 100644
--- a/pkgs/os-specific/darwin/noah/default.nix
+++ b/pkgs/os-specific/darwin/noah/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, cmake, Hypervisor }:
+{ lib, stdenv, fetchFromGitHub, cmake, Hypervisor }:
 
 stdenv.mkDerivation rec {
   pname = "noah";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ cmake ];
   buildInputs = [ Hypervisor ];
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Bash on Ubuntu on macOS";
     homepage = "https://github.com/linux-noah/noah";
     license = [ licenses.mit licenses.gpl2 ];
diff --git a/pkgs/os-specific/darwin/opencflite/default.nix b/pkgs/os-specific/darwin/opencflite/default.nix
index 26af46a171f..937d0763fef 100644
--- a/pkgs/os-specific/darwin/opencflite/default.nix
+++ b/pkgs/os-specific/darwin/opencflite/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, icu, libuuid, tzdata }:
+{ lib, stdenv, fetchurl, icu, libuuid, tzdata }:
 
 stdenv.mkDerivation rec {
   pname = "opencflite";
@@ -16,6 +16,6 @@ stdenv.mkDerivation rec {
   meta = {
     description = "Cross platform port of the macOS CoreFoundation";
     homepage = "https://sourceforge.net/projects/opencflite/";
-    license = stdenv.lib.licenses.apsl20;
+    license = lib.licenses.apsl20;
   };
 }
diff --git a/pkgs/os-specific/darwin/osx-cpu-temp/default.nix b/pkgs/os-specific/darwin/osx-cpu-temp/default.nix
new file mode 100644
index 00000000000..ea9d8399667
--- /dev/null
+++ b/pkgs/os-specific/darwin/osx-cpu-temp/default.nix
@@ -0,0 +1,31 @@
+{ lib, stdenv, fetchFromGitHub
+, IOKit
+}:
+
+stdenv.mkDerivation rec {
+  pname = "osx-cpu-temp";
+  version = "unstable-2020-12-04";
+
+  src = fetchFromGitHub rec {
+    name = "osx-cpu-temp-source";
+    owner = "lavoiesl";
+    repo = pname;
+    rev = "6ec951be449badcb7fb84676bbc2c521e600e844";
+    sha256 = "1nlibgr55bpln6jbdf8vqcp0fj9zv9343vflb7s9w0yh33fsbg9d";
+  };
+
+  buildInputs = [ IOKit ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp osx-cpu-temp $out/bin
+  '';
+
+  meta = with lib; {
+    description = "Outputs current CPU temperature for OSX.";
+    homepage = "https://github.com/lavoiesl/osx-cpu-temp";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ virusdave ];
+    platforms = platforms.darwin;
+  };
+}
diff --git a/pkgs/os-specific/darwin/osxfuse/default.nix b/pkgs/os-specific/darwin/osxfuse/default.nix
deleted file mode 100644
index e13a0842012..00000000000
--- a/pkgs/os-specific/darwin/osxfuse/default.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ stdenv, runCommand, fetchFromGitHub, autoreconfHook }:
-
-let
-  version = "3.8.3";
-
-  headers = runCommand "osxfuse-common-${version}" {
-    src = fetchFromGitHub {
-      owner = "osxfuse";
-      repo = "osxfuse";
-      rev = "osxfuse-${version}";
-      sha256 = "13lmg41zcyiajh8m42w7szkbg2is4551ryx2ia2mmzvvd23pag0z";
-    };
-  } ''
-    mkdir -p $out/include
-    cp --target-directory=$out/include $src/common/*.h
-  '';
-in
-
-stdenv.mkDerivation {
-
-  pname = "osxfuse";
-  inherit version;
-
-  src = fetchFromGitHub {
-    owner = "osxfuse";
-    repo = "fuse";
-    rev = "1a1977a"; # Submodule reference from osxfuse/osxfuse at tag osxfuse-${version}
-    sha256 = "101fw8j40ylfbbrjycnwr5qp422agyf9sfbczyb9w5ivrkds3rfw";
-  };
-
-  postPatch = ''
-    touch config.rpath
-  '';
-
-  postInstall = ''
-    ln -s osxfuse.pc $out/lib/pkgconfig/fuse.pc
-  '';
-
-  nativeBuildInputs = [ autoreconfHook ];
-  buildInputs = [ headers ];
-
-  meta = with stdenv.lib; {
-    homepage = "https://osxfuse.github.io";
-    description = "C-based FUSE for macOS SDK";
-    platforms = platforms.darwin;
-    license = licenses.gpl2;
-  };
-}
diff --git a/pkgs/os-specific/darwin/osxsnarf/default.nix b/pkgs/os-specific/darwin/osxsnarf/default.nix
index d9a0de6c7f1..e31271ed2b9 100644
--- a/pkgs/os-specific/darwin/osxsnarf/default.nix
+++ b/pkgs/os-specific/darwin/osxsnarf/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   makeFlags = [ "prefix=${placeholder "out"}" ];
 
   meta = with lib; {
-    description = "A Plan 9-inspired way to share your OS X clipboard.";
+    description = "A Plan 9-inspired way to share your OS X clipboard";
     homepage = "https://github.com/eraserhd/osxsnarf";
     license = licenses.unlicense;
     platforms = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/print-reexports/default.nix b/pkgs/os-specific/darwin/print-reexports/default.nix
new file mode 100644
index 00000000000..740bcb48ef5
--- /dev/null
+++ b/pkgs/os-specific/darwin/print-reexports/default.nix
@@ -0,0 +1,17 @@
+{ lib, stdenv, libyaml }:
+
+stdenv.mkDerivation {
+  name = "print-reexports";
+  src = lib.sourceFilesBySuffices ./. [".c"];
+
+  buildInputs = [ libyaml ];
+
+  buildPhase = ''
+    $CC -lyaml -o print-reexports main.c
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    mv print-reexports $out/bin
+  '';
+}
diff --git a/pkgs/os-specific/darwin/print-reexports/main.c b/pkgs/os-specific/darwin/print-reexports/main.c
new file mode 100644
index 00000000000..e6ff527da96
--- /dev/null
+++ b/pkgs/os-specific/darwin/print-reexports/main.c
@@ -0,0 +1,213 @@
+/**
+ * Display the list of re-exported libraries from a TAPI v2 .tbd file, one per
+ * line on stdout.
+ *
+ * TAPI files are the equivalent of library files for the purposes of linking.
+ * Like dylib files, they may re-export other libraries. In upstream usage
+ * these refer to the absolute paths of dylibs, and are resolved to .tbd files
+ * in combination with the syslibroot option. In nixpkgs, the .tbd files refer
+ * directly to other .tbd files without a syslibroot. Note that each .tbd file
+ * contains an install name, so the re-exported path does not affect the final
+ * result.
+ *
+ * In nixpkgs each framework is a distinct store path and some frameworks
+ * re-export other frameworks. The re-exported names are rewritten to refer to
+ * the store paths of dependencies via textual substitution. This utility is
+ * used to emit every file that is listed as a re-exported library, which
+ * allows the framework builder to verify their existence.
+ */
+
+#include <stdio.h>
+#include <sys/errno.h>
+#include <yaml.h>
+
+#define LOG(str, ...) fprintf(stderr, "%s", str)
+
+#define LOGF(...) fprintf(stderr, __VA_ARGS__)
+
+static yaml_node_t *get_mapping_entry(yaml_document_t *document, yaml_node_t *mapping, const char *name) {
+  if (!mapping) {
+    fprintf(stderr, "get_mapping_entry: mapping is null\n");
+    return NULL;
+  }
+
+  for (
+      yaml_node_pair_t *pair = mapping->data.mapping.pairs.start;
+      pair < mapping->data.mapping.pairs.top;
+      ++pair
+  ) {
+    yaml_node_t *key = yaml_document_get_node(document, pair->key);
+
+    if (!key) {
+      LOGF("key (%d) is null\n", pair->key);
+      return NULL;
+    }
+
+    if (key->type != YAML_SCALAR_NODE) {
+      LOG("get_mapping_entry: key is not a scalar\n");
+      return NULL;
+    }
+
+    if (strncmp((const char *)key->data.scalar.value, name, key->data.scalar.length) != 0) {
+      continue;
+    }
+
+    return yaml_document_get_node(document, pair->value);
+  }
+
+  return NULL;
+}
+
+static int emit_reexports_v2(yaml_document_t *document) {
+  yaml_node_t *root = yaml_document_get_root_node(document);
+
+  yaml_node_t *exports = get_mapping_entry(document, root, "exports");
+
+  if (!exports) {
+    return 1;
+  }
+
+  if (exports->type != YAML_SEQUENCE_NODE) {
+    LOG("value is not a sequence\n");
+    return 0;
+  }
+
+  for (
+      yaml_node_item_t *export = exports->data.sequence.items.start;
+      export < exports->data.sequence.items.top;
+      ++export
+  ) {
+    yaml_node_t *export_node = yaml_document_get_node(document, *export);
+
+    yaml_node_t *reexports = get_mapping_entry(document, export_node, "re-exports");
+
+    if (!reexports) {
+      continue;
+    }
+
+    if (reexports->type != YAML_SEQUENCE_NODE) {
+      LOG("re-exports is not a sequence\n");
+      return 0;
+    }
+
+    for (
+        yaml_node_item_t *reexport = reexports->data.sequence.items.start;
+        reexport < reexports->data.sequence.items.top;
+        ++reexport
+    ) {
+      yaml_node_t *val = yaml_document_get_node(document, *reexport);
+
+      if (val->type != YAML_SCALAR_NODE) {
+        LOG("item is not a scalar\n");
+        return 0;
+      }
+
+      fwrite(val->data.scalar.value, val->data.scalar.length, 1, stdout);
+      putchar('\n');
+    }
+  }
+
+  return 1;
+}
+
+static int emit_reexports_v4(yaml_document_t *document) {
+  yaml_node_t *root = yaml_document_get_root_node(document);
+  yaml_node_t *reexports = get_mapping_entry(document, root, "reexported-libraries");
+
+  if (!reexports) {
+    return 1;
+  }
+
+  if (reexports->type != YAML_SEQUENCE_NODE) {
+    LOG("value is not a sequence\n");
+    return 0;
+  }
+
+  for (
+      yaml_node_item_t *entry = reexports->data.sequence.items.start;
+      entry < reexports->data.sequence.items.top;
+      ++entry
+  ) {
+    yaml_node_t *entry_node = yaml_document_get_node(document, *entry);
+
+    yaml_node_t *libs = get_mapping_entry(document, entry_node, "libraries");
+
+    if (!libs) {
+      continue;
+    }
+
+    if (libs->type != YAML_SEQUENCE_NODE) {
+      LOG("libraries is not a sequence\n");
+      return 0;
+    }
+
+    for (
+        yaml_node_item_t *lib = libs->data.sequence.items.start;
+        lib < libs->data.sequence.items.top;
+        ++lib
+    ) {
+      yaml_node_t *val = yaml_document_get_node(document, *lib);
+
+      if (val->type != YAML_SCALAR_NODE) {
+        LOG("item is not a scalar\n");
+        return 0;
+      }
+
+      fwrite(val->data.scalar.value, val->data.scalar.length, 1, stdout);
+      putchar('\n');
+    }
+  }
+
+  return 1;
+}
+
+int main(int argc, char **argv) {
+  int result = 0;
+
+  if (argc != 2) {
+    fprintf(stderr, "Invalid usage\n");
+    result = 2;
+    goto done;
+  }
+
+  FILE *f = fopen(argv[1], "r");
+  if (!f) {
+    perror("opening input file");
+    result = errno;
+    goto done;
+  }
+
+  yaml_parser_t yaml_parser;
+  if (!yaml_parser_initialize(&yaml_parser)) {
+    fprintf(stderr, "Failed to initialize yaml parser\n");
+    result = 1;
+    goto err_file;
+  }
+
+  yaml_parser_set_input_file(&yaml_parser, f);
+
+  yaml_document_t yaml_document;
+
+  if(!yaml_parser_load(&yaml_parser, &yaml_document)) {
+    fprintf(stderr, "Failed to load yaml file\n");
+    result = 1;
+    goto err_yaml;
+  }
+
+  // Try both, only fail if one reports an error.  A lack of re-exports is not
+  // considered an error.
+  int ok = 1;
+  ok = ok && emit_reexports_v2(&yaml_document);
+  ok = ok && emit_reexports_v4(&yaml_document);
+
+  result = !ok;
+
+err_yaml:
+  yaml_parser_delete(&yaml_parser);
+
+err_file:
+  fclose(f);
+
+done:
+  return result;
+}
diff --git a/pkgs/os-specific/darwin/print-reexports/setup-hook.sh b/pkgs/os-specific/darwin/print-reexports/setup-hook.sh
new file mode 100644
index 00000000000..9efb00aeb4d
--- /dev/null
+++ b/pkgs/os-specific/darwin/print-reexports/setup-hook.sh
@@ -0,0 +1,19 @@
+fixupOutputHooks+=('checkTbdReexports')
+
+checkTbdReexports() {
+  local dir="$1"
+
+  while IFS= read -r -d $'\0' tbd; do
+    echo "checkTbdRexports: checking re-exports in $tbd"
+    while read -r target; do
+      local expected="${target%.dylib}.tbd"
+      if ! [ -e "$expected" ]; then
+        echo -e "Re-export missing:\n\t'$target'\n\t(expected '$expected')"
+        echo -e "While processing\n\t'$tbd'"
+        exit 1
+      else
+        echo "Re-exported target '$target' ok"
+      fi
+    done < <(print-reexports "$tbd")
+  done < <(find $prefix -type f -name '*.tbd' -print0)
+}
diff --git a/pkgs/os-specific/darwin/qes/default.nix b/pkgs/os-specific/darwin/qes/default.nix
index f231ee57167..dce6e526626 100644
--- a/pkgs/os-specific/darwin/qes/default.nix
+++ b/pkgs/os-specific/darwin/qes/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, Carbon }:
+{ lib, stdenv, fetchFromGitHub, Carbon }:
 
 stdenv.mkDerivation {
   pname = "qes";
@@ -15,7 +15,7 @@ stdenv.mkDerivation {
 
   makeFlags = [ "BUILD_PATH=$(out)/bin" ];
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Quartz Event Synthesizer";
     homepage = "https://github.com/koekeishiya/qes";
     platforms = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/reattach-to-user-namespace/default.nix b/pkgs/os-specific/darwin/reattach-to-user-namespace/default.nix
index 768ca6cf9c9..b4d26327bdc 100644
--- a/pkgs/os-specific/darwin/reattach-to-user-namespace/default.nix
+++ b/pkgs/os-specific/darwin/reattach-to-user-namespace/default.nix
@@ -1,22 +1,27 @@
-{ stdenv, fetchurl }:
+{ lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation rec {
   pname = "reattach-to-user-namespace";
-  version = "2.8";
+  version = "2.9";
 
-  src = fetchurl {
-    url = "https://github.com/ChrisJohnsen/tmux-MacOSX-pasteboard/archive/v${version}.tar.gz";
-    sha256 = "0xxxdd26rcplhpvi2vy6crxadk3d1qkq4xry10lwq6dyya2jf6wb";
+  src = fetchFromGitHub {
+    owner = "ChrisJohnsen";
+    repo = "tmux-MacOSX-pasteboard";
+    rev = "v${version}";
+    sha256 = "1qgimh58hcx5f646gj2kpd36ayvrdkw616ad8cb3lcm11kg0ag79";
   };
 
-  buildFlags = [ "ARCHES=x86_64" ];
+  buildFlags =
+    if stdenv.hostPlatform.system == "x86_64-darwin" then [ "ARCHES=x86_64" ]
+    else if stdenv.hostPlatform.system == "aarch64-darwin" then [ "ARCHES=arm64" ]
+    else throw "reattach-to-user-namespace isn't being built for ${stdenv.hostPlatform.system} yet.";
 
   installPhase = ''
     mkdir -p $out/bin
     cp reattach-to-user-namespace $out/bin/
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "A wrapper that provides access to the Mac OS X pasteboard service";
     license = licenses.bsd2;
     maintainers = with maintainers; [ lnl7 ];
diff --git a/pkgs/os-specific/darwin/rewrite-tbd/default.nix b/pkgs/os-specific/darwin/rewrite-tbd/default.nix
new file mode 100644
index 00000000000..f41b81b3bc9
--- /dev/null
+++ b/pkgs/os-specific/darwin/rewrite-tbd/default.nix
@@ -0,0 +1,16 @@
+{ stdenv, fetchFromGitHub, cmake, pkg-config, libyaml }:
+
+stdenv.mkDerivation {
+  pname = "rewrite-tbd";
+  version = "20201114";
+
+  src = fetchFromGitHub {
+    owner = "thefloweringash";
+    repo = "rewrite-tbd";
+    rev = "988f29c6ccbca9b883966225263d8d78676da6a3";
+    sha256 = "08sk91zwj6n9x2ymwid2k7y0rwv5b7p6h1b25ipx1dv0i43p6v1a";
+  };
+
+  nativeBuildInputs = [ cmake pkg-config ];
+  buildInputs = [ libyaml ];
+}
diff --git a/pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh b/pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh
new file mode 100644
index 00000000000..430aba8cdc7
--- /dev/null
+++ b/pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh
@@ -0,0 +1,20 @@
+fixupOutputHooks+=('signDarwinBinariesIn $prefix')
+
+# Uses signingUtils, see definition of autoSignDarwinBinariesHook in
+# darwin-packages.nix
+
+signDarwinBinariesIn() {
+  local dir="$1"
+
+  if [ ! -d "$dir" ]; then
+    return 0
+  fi
+
+  if [ "${darwinDontCodeSign:-}" ]; then
+    return 0
+  fi
+
+  while IFS= read -r -d $'\0' f; do
+    signIfRequired "$f"
+  done < <(find "$dir" -type f -print0)
+}
diff --git a/pkgs/os-specific/darwin/signing-utils/default.nix b/pkgs/os-specific/darwin/signing-utils/default.nix
new file mode 100644
index 00000000000..035ac59b725
--- /dev/null
+++ b/pkgs/os-specific/darwin/signing-utils/default.nix
@@ -0,0 +1,24 @@
+{ stdenvNoCC
+, sigtool
+, cctools
+}:
+
+let
+  stdenv = stdenvNoCC;
+in
+
+stdenv.mkDerivation {
+  name = "signing-utils";
+
+  dontUnpack = true;
+  dontConfigure = true;
+  dontBuild = true;
+
+  installPhase = ''
+    substituteAll ${./utils.sh} $out
+  '';
+
+  # Substituted variables
+  inherit sigtool;
+  codesignAllocate = "${cctools}/bin/${cctools.targetPrefix}codesign_allocate";
+}
diff --git a/pkgs/os-specific/darwin/signing-utils/utils.sh b/pkgs/os-specific/darwin/signing-utils/utils.sh
new file mode 100644
index 00000000000..6d23a461fc9
--- /dev/null
+++ b/pkgs/os-specific/darwin/signing-utils/utils.sh
@@ -0,0 +1,43 @@
+# Work around for some odd behaviour where we can't codesign a file
+# in-place if it has been called before. This happens for example if
+# you try to fix-up a binary using strip/install_name_tool, after it
+# had been used previous.  The solution is to copy the binary (with
+# the corrupted signature from strip/install_name_tool) to some
+# location, sign it there and move it back into place.
+#
+# This does not appear to happen with the codesign tool that ships
+# with recent macOS BigSur installs on M1 arm64 machines.  However it
+# had also been happening with the tools that shipped with the DTKs.
+sign() {
+    local tmpdir
+    tmpdir=$(mktemp -d)
+
+    # $1 is the file
+
+    cp "$1" "$tmpdir"
+    CODESIGN_ALLOCATE=@codesignAllocate@ \
+        @sigtool@/bin/codesign -f -s - "$tmpdir/$(basename "$1")"
+    mv "$tmpdir/$(basename "$1")" "$1"
+    rmdir "$tmpdir"
+}
+
+checkRequiresSignature() {
+    local file=$1
+    local rc=0
+
+    @sigtool@/bin/sigtool --file "$file" check-requires-signature || rc=$?
+
+    if [ "$rc" -eq 0 ] || [ "$rc" -eq 1 ]; then
+        return "$rc"
+    fi
+
+    echo "Unexpected exit status from sigtool: $rc"
+    exit 1
+}
+
+signIfRequired() {
+    local file=$1
+    if checkRequiresSignature "$file"; then
+        sign "$file"
+    fi
+}
diff --git a/pkgs/os-specific/darwin/sigtool/default.nix b/pkgs/os-specific/darwin/sigtool/default.nix
new file mode 100644
index 00000000000..933ef784879
--- /dev/null
+++ b/pkgs/os-specific/darwin/sigtool/default.nix
@@ -0,0 +1,24 @@
+{ lib, stdenv, fetchFromGitHub, pkg-config, cmake, makeWrapper, openssl }:
+
+stdenv.mkDerivation {
+  name = "sigtool";
+
+  src = fetchFromGitHub {
+    owner = "thefloweringash";
+    repo = "sigtool";
+    rev = "4a3719b42dc91c3f513df94048851cc98e7c7fcf";
+    sha256 = "04ra1cx7k1sdbkj5yrvl0s3l333vpir8rnm8k1dh2zy1w0a6hpqa";
+  };
+
+  nativeBuildInputs = [ pkg-config makeWrapper ];
+  buildInputs = [ openssl ];
+
+  installFlags = [ "PREFIX=$(out)" ];
+
+  # Upstream (me) asserts the driver script is optional.
+  postInstall = ''
+    substitute $NIX_BUILD_TOP/$sourceRoot/codesign.sh $out/bin/codesign \
+      --replace sigtool "$out/bin/sigtool"
+    chmod a+x $out/bin/codesign
+  '';
+}
diff --git a/pkgs/os-specific/darwin/skhd/default.nix b/pkgs/os-specific/darwin/skhd/default.nix
index d145c0d75d0..ad33cf713d0 100644
--- a/pkgs/os-specific/darwin/skhd/default.nix
+++ b/pkgs/os-specific/darwin/skhd/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, Carbon }:
+{ lib, stdenv, fetchFromGitHub, Carbon }:
 
 stdenv.mkDerivation rec {
   pname = "skhd";
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
     substituteInPlace $out/Library/LaunchDaemons/org.nixos.skhd.plist --subst-var out
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Simple hotkey daemon for macOS";
     homepage = "https://github.com/koekeishiya/skhd";
     platforms = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/spacebar/default.nix b/pkgs/os-specific/darwin/spacebar/default.nix
index 7af7e408223..8cfbaa3f9a3 100644
--- a/pkgs/os-specific/darwin/spacebar/default.nix
+++ b/pkgs/os-specific/darwin/spacebar/default.nix
@@ -1,17 +1,17 @@
-{ stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge }:
+{ lib, stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge, SkyLight }:
 
 stdenv.mkDerivation rec {
   pname = "spacebar";
-  version = "1.1.1";
+  version = "1.2.1";
 
   src = fetchFromGitHub {
     owner = "cmacrae";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1x0wzm380nv81j26jqqg4y4dwanydnpdsca41ndw6xyj9zlv73f7";
+    sha256 = "0f5ddn3sx13rwwh0nfl784160s8ml3m5593d5fz2b1996aznzrsx";
   };
 
-  buildInputs = [ Carbon Cocoa ScriptingBridge ];
+  buildInputs = [ Carbon Cocoa ScriptingBridge SkyLight ];
 
   installPhase = ''
     mkdir -p $out/bin
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
     cp ./doc/spacebar.1 $out/share/man/man1/spacebar.1
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "A minimal status bar for macOS";
     homepage = "https://github.com/cmacrae/spacebar";
     platforms = platforms.darwin;
diff --git a/pkgs/os-specific/darwin/stubs/default.nix b/pkgs/os-specific/darwin/stubs/default.nix
index 6fedf0a451e..862305a069d 100644
--- a/pkgs/os-specific/darwin/stubs/default.nix
+++ b/pkgs/os-specific/darwin/stubs/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, writeScriptBin, runtimeShell }:
+{ lib, writeScriptBin, runtimeShell }:
 
-let fake = name: stdenv.lib.overrideDerivation (writeScriptBin name ''
+let fake = name: lib.overrideDerivation (writeScriptBin name ''
   #!${runtimeShell}
   echo >&2 "Faking call to ${name} with arguments:"
   echo >&2 "$@"
diff --git a/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix b/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix
index 059cb70bfbd..560be0c31ab 100644
--- a/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix
+++ b/pkgs/os-specific/darwin/swift-corelibs/corefoundation.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, fetchurl, ninja, python3, curl, libxml2, objc4, ICU }:
+{ lib, stdenv, fetchFromGitHub, fetchurl, ninja, python3, curl, libxml2, objc4, ICU }:
 
 let
   # 10.12 adds a new sysdir.h that our version of CF in the main derivation depends on, but
@@ -23,9 +23,9 @@ stdenv.mkDerivation {
   nativeBuildInputs = [ ninja python3 ];
   buildInputs = [ curl libxml2 objc4 ICU ];
 
-  sourceRoot = "source/CoreFoundation";
+  postPatch = ''
+    cd CoreFoundation
 
-  patchPhase = ''
     cp ${sysdir-free-system-directories} Base.subproj/CFSystemDirectories.c
 
     # In order, since I can't comment individual lines:
@@ -39,6 +39,7 @@ stdenv.mkDerivation {
     # Fix sandbox impurities.
     substituteInPlace ../lib/script.py \
       --replace '/bin/cp' cp
+    patchShebangs --build ../configure
 
     # Includes xpc for some initialization routine that they don't define anyway, so no harm here
     substituteInPlace PlugIn.subproj/CFBundlePriv.h \
@@ -74,7 +75,7 @@ stdenv.mkDerivation {
   # Based on testing this issue seems to only occur with clang_7, so
   # please remove this when updating the default llvm versions to 8 or
   # later.
-  buildPhase = stdenv.lib.optionalString true ''
+  buildPhase = lib.optionalString true ''
     for i in {1..512}; do
         if ninja -j $NIX_BUILD_CORES; then
             break
diff --git a/pkgs/os-specific/darwin/swift-corelibs/libdispatch.nix b/pkgs/os-specific/darwin/swift-corelibs/libdispatch.nix
index bd143b6071b..a5b4b2a52df 100644
--- a/pkgs/os-specific/darwin/swift-corelibs/libdispatch.nix
+++ b/pkgs/os-specific/darwin/swift-corelibs/libdispatch.nix
@@ -8,5 +8,6 @@ stdenv.mkDerivation rec {
     rev = "f83b5a498bad8e9ff8916183cf6e8ccf677c346b";
     sha256 = "1czkyyc9llq2mnqfp19mzcfsxzas0y8zrk0gr5hg60acna6jkz2l";
   };
-  buildInputs = [ cmake apple_sdk_sierra.sdk xnu-new ];
+  nativeBuildInputs = [ cmake ];
+  buildInputs = [ apple_sdk_sierra.sdk xnu-new ];
 }
diff --git a/pkgs/os-specific/darwin/trash/default.nix b/pkgs/os-specific/darwin/trash/default.nix
index 205391a52da..a239f6607b1 100644
--- a/pkgs/os-specific/darwin/trash/default.nix
+++ b/pkgs/os-specific/darwin/trash/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, perl, AppKit, Cocoa, ScriptingBridge }:
+{ lib, stdenv, fetchFromGitHub, perl, AppKit, Cocoa, ScriptingBridge }:
 
 stdenv.mkDerivation rec {
   version = "0.9.2";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./trash.diff ];
 
-  buildPhase = ''make all docs'';
+  buildPhase = "make all docs";
 
   installPhase = ''
     mkdir -p $out/bin
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/ali-rantakari/trash";
     description = "Small command-line program for OS X that moves files or
     folders to the trash.";
-    platforms = stdenv.lib.platforms.darwin;
-    license = stdenv.lib.licenses.mit;
+    platforms = lib.platforms.darwin;
+    license = lib.licenses.mit;
   };
 }
diff --git a/pkgs/os-specific/darwin/usr-include/default.nix b/pkgs/os-specific/darwin/usr-include/default.nix
index 4fef1388764..26b60ea44f5 100644
--- a/pkgs/os-specific/darwin/usr-include/default.nix
+++ b/pkgs/os-specific/darwin/usr-include/default.nix
@@ -1,4 +1,4 @@
-{stdenv, darwin}:
+{lib, stdenv, darwin}:
 
 /*
  * This is needed to build GCC on Darwin.
@@ -19,5 +19,5 @@ stdenv.mkDerivation {
     ln -sf ${darwin.CF}/Library/Frameworks/CoreFoundation.framework/Headers/* CoreFoundation
   '';
 
-  meta.platforms = stdenv.lib.platforms.darwin;
+  meta.platforms = lib.platforms.darwin;
 }
diff --git a/pkgs/os-specific/darwin/wifi-password/default.nix b/pkgs/os-specific/darwin/wifi-password/default.nix
index 2dfc97dec1b..f66af1ddfb5 100644
--- a/pkgs/os-specific/darwin/wifi-password/default.nix
+++ b/pkgs/os-specific/darwin/wifi-password/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub }:
+{ lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation rec {
   version = "0.1.0";
@@ -19,8 +19,8 @@ stdenv.mkDerivation rec {
   meta = {
     homepage = "https://github.com/rauchg/wifi-password";
     description = "Get the password of the wifi you're on";
-    platforms = stdenv.lib.platforms.darwin;
-    license = stdenv.lib.licenses.mit;
-    maintainers = [ stdenv.lib.maintainers.nikitavoloboev ];
+    platforms = lib.platforms.darwin;
+    license = lib.licenses.mit;
+    maintainers = [ lib.maintainers.nikitavoloboev ];
   };
 }
diff --git a/pkgs/os-specific/darwin/xcode/default.nix b/pkgs/os-specific/darwin/xcode/default.nix
index 1144232fba2..2ce607896b5 100644
--- a/pkgs/os-specific/darwin/xcode/default.nix
+++ b/pkgs/os-specific/darwin/xcode/default.nix
@@ -1,10 +1,10 @@
-{ stdenv, requireFile, lib }:
+{ buildPlatform, requireFile, targetPlatform, lib }:
 
 let requireXcode = version: sha256:
   let
     xip = "Xcode_" + version +  ".xip";
     # TODO(alexfmpe): Find out how to validate the .xip signature in Linux
-    unxip = if stdenv.isDarwin
+    unxip = if buildPlatform.isDarwin
             then ''
               open -W ${xip}
               rm -rf ${xip}
@@ -31,7 +31,7 @@ let requireXcode = version: sha256:
         rm -rf Xcode.app
       '';
     };
-    meta = with stdenv.lib; {
+    meta = with lib; {
       homepage = "https://developer.apple.com/downloads/";
       description = "Apple's XCode SDK";
       license = licenses.unfree;
@@ -53,5 +53,19 @@ in lib.makeExtensible (self: {
   xcode_10_2_1 = requireXcode "10.2.1" "11sdb54nr0x7kp987qq839x6k5gdx7vqdxjiy5xm5279n1n47bmg";
   xcode_10_3 = requireXcode "10.3" "1i628vfn6zad81fsz3zpc6z15chhskvyp8qnajp2wnpzvrwl6ngb";
   xcode_11 = requireXcode "11" "1r03j3kkp4blfp2kqpn538w3dx57ms930fj8apjkq6dk7fv3jcqh";
-  xcode = self."xcode_${lib.replaceStrings ["."] ["_"] (if stdenv.targetPlatform.useiOSPrebuilt then stdenv.targetPlatform.xcodeVer else "10.3")}";
+  xcode_11_1 = requireXcode "11.1" "1c2gzc4jhhx5a7ncg19sh1r99izhipybaqxl1ll52x5y8689awc1";
+  xcode_11_2 = requireXcode "11.2" "1lm3q8zpvm184246h5j9mw4c1y9kk9sxnr3j98kfm0312n0l98gj";
+  xcode_11_3 = requireXcode "11.3" "04rv6xlywy8xqfx9ma8ygsdw4yhckk2mq0qnklxnfly899iw4wza";
+  xcode_11_3_1 = requireXcode "11.3.1" "1p6nicj91kr6ad3rmycahd1i7z4hj7ccjs93ixsiximjzaahx3q4";
+  xcode_11_4 = requireXcode "11.4" "065rpb3rdk19nv3rwyf9bk32ccbd0lld12gj12l89cyg65mhpyy7";
+  xcode_11_5 = requireXcode "11.5" "1dizazq9nz1vjkc5gy7dd4x760mkfjiifk1hf6d9mscchdq8rfkw";
+  xcode_11_6 = requireXcode "11.6" "1y4fhw1kiphzxdb4wpv697z5r0algvaldwq5iqv266797rnfql4x";
+  xcode_11_7 = requireXcode "11.7" "0422rdc4j5qwyk59anbybxyfv0p26x0xryszm0wd8i44g66smlmj";
+  xcode_12 = requireXcode "12" "1w3xm268pyn5m04wv22invd5kr2k4jqllgrzapv6n1sxxynxrh8z";
+  xcode_12_0_1 = requireXcode "12.0.1" "1p6vd5ai0hh3cq6aflh4h21ar0shxnz8wlkaxwq7liwsdmkwzbl0";
+  xcode_12_1 = requireXcode "12.1" "1widy74dk43wx8iqgd7arzf6q4kzdmaz8pfwymzs8chnq9dqr3wp";
+  xcode_12_2 = requireXcode "12.2" "17i0wf4pwrxwfgjw7rpw9mcd59nkmys1k5h2rqsw81snzyxy9j0v";
+  xcode_12_3 = requireXcode "12.3" "0kwf1y4llysf1p0nsbqyzccn7d77my0ldagr5fi3by4k0xy3d189";
+  xcode = self."xcode_${lib.replaceStrings ["."] ["_"] (if (targetPlatform ? xcodeVer) then targetPlatform.xcodeVer else "12.3")}";
 })
+
diff --git a/pkgs/os-specific/darwin/xcode/sdk-pkgs.nix b/pkgs/os-specific/darwin/xcode/sdk-pkgs.nix
index e8302a82555..0512d9dd46a 100644
--- a/pkgs/os-specific/darwin/xcode/sdk-pkgs.nix
+++ b/pkgs/os-specific/darwin/xcode/sdk-pkgs.nix
@@ -2,7 +2,7 @@
 , clang-unwrapped
 , binutils-unwrapped
 , runCommand
-, stdenv
+
 , wrapBintoolsWith
 , wrapCCWith
 , buildIosSdk, targetIosSdkPkgs
@@ -12,13 +12,7 @@
 
 let
 
-minSdkVersion = "9.0";
-
-iosPlatformArch = { parsed, ... }: {
-  armv7a  = "armv7";
-  aarch64 = "arm64";
-  x86_64  = "x86_64";
-}.${parsed.cpu.name};
+minSdkVersion = targetPlatform.minSdkVersion or "9.0";
 
 in
 
@@ -35,9 +29,6 @@ rec {
   binutils = wrapBintoolsWith {
     libc = targetIosSdkPkgs.libraries;
     bintools = binutils-unwrapped;
-    extraBuildCommands = ''
-      echo "-arch ${iosPlatformArch targetPlatform}" >> $out/nix-support/libc-ldflags
-    '';
   };
 
   clang = (wrapCCWith {
@@ -48,12 +39,9 @@ rec {
     extraBuildCommands = ''
       tr '\n' ' ' < $out/nix-support/cc-cflags > cc-cflags.tmp
       mv cc-cflags.tmp $out/nix-support/cc-cflags
-      echo "-target ${targetPlatform.config} -arch ${iosPlatformArch targetPlatform}" >> $out/nix-support/cc-cflags
+      echo "-target ${targetPlatform.config}" >> $out/nix-support/cc-cflags
       echo "-isystem ${sdk}/usr/include${lib.optionalString (lib.versionAtLeast "10" sdk.version) " -isystem ${sdk}/usr/include/c++/4.2.1/ -stdlib=libstdc++"}" >> $out/nix-support/cc-cflags
-    '' + stdenv.lib.optionalString (sdk.platform == "iPhoneSimulator") ''
-      echo "-mios-simulator-version-min=${minSdkVersion}" >> $out/nix-support/cc-cflags
-    '' + stdenv.lib.optionalString (sdk.platform == "iPhoneOS") ''
-      echo "-miphoneos-version-min=${minSdkVersion}" >> $out/nix-support/cc-cflags
+      ${lib.optionalString (lib.versionAtLeast sdk.version "14") "echo -isystem ${xcode}/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1 >> $out/nix-support/cc-cflags"}
     '';
   }) // {
     inherit sdk;
diff --git a/pkgs/os-specific/darwin/yabai/default.nix b/pkgs/os-specific/darwin/yabai/default.nix
index 448e6865e18..b371e97d06f 100644
--- a/pkgs/os-specific/darwin/yabai/default.nix
+++ b/pkgs/os-specific/darwin/yabai/default.nix
@@ -1,14 +1,14 @@
-{ stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge, xxd }:
+{ lib, stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge, xxd }:
 
 stdenv.mkDerivation rec {
   pname = "yabai";
-  version = "3.2.1";
+  version = "3.3.4";
 
   src = fetchFromGitHub {
     owner = "koekeishiya";
     repo = pname;
     rev = "v${version}";
-    sha256 = "11rsi6z2z7ynfqs1xq3bvf187k5xnwm0d45a8ai9hrqdsf3f1j19";
+    sha256 = "1pvyjdxgy7yxxz4x87f8an0dlxvxbnmv5kya8hkzw2na453ihvab";
   };
 
   buildInputs = [ Carbon Cocoa ScriptingBridge xxd ];
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
     cp ./doc/yabai.1 $out/share/man/man1/yabai.1
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = ''
       A tiling window manager for macOS based on binary space partitioning
     '';
diff --git a/pkgs/os-specific/linux/915resolution/default.nix b/pkgs/os-specific/linux/915resolution/default.nix
index 906ea04293f..57f8ba0d33b 100644
--- a/pkgs/os-specific/linux/915resolution/default.nix
+++ b/pkgs/os-specific/linux/915resolution/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl}:
+{lib, stdenv, fetchurl}:
 
 stdenv.mkDerivation rec {
   name = "915resolution-0.5.3";
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   patchPhase = "rm *.o";
   installPhase = "mkdir -p $out/sbin; cp 915resolution $out/sbin/";
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "http://915resolution.mango-lang.org/";
     description = "A tool to modify Intel 800/900 video BIOS";
     platforms = [ "i686-linux" "x86_64-linux" ];
diff --git a/pkgs/os-specific/linux/acpi-call/default.nix b/pkgs/os-specific/linux/acpi-call/default.nix
index bb3aef885a7..f986ed790a1 100644
--- a/pkgs/os-specific/linux/acpi-call/default.nix
+++ b/pkgs/os-specific/linux/acpi-call/default.nix
@@ -1,14 +1,15 @@
-{ stdenv, fetchFromGitHub, kernel }:
+{ lib, stdenv, fetchFromGitHub, kernel }:
 
 stdenv.mkDerivation rec {
   pname = "acpi-call";
-  version = "2020-04-07-${kernel.version}";
+  version = "1.2.1";
+  name = "${pname}-${version}-${kernel.version}";
 
   src = fetchFromGitHub {
     owner = "nix-community";
     repo = "acpi_call";
-    rev = "3d7c9fe5ed3fc5ed5bafd39d54b1fdc7a09ce710";
-    sha256 = "09kp8zl392h99wjwzqrdw2xcfnsc944hzmfwi8n1y7m2slpdybv3";
+    rev = "v${version}";
+    sha256 = "0mr4rjbv6fj4phf038addrgv32940bphghw2v9n1z4awvw7wzkbg";
   };
 
   hardeningDisable = [ "pic" ];
@@ -24,10 +25,11 @@ stdenv.mkDerivation rec {
     install -D -m755 examples/turn_off_gpu.sh $out/bin/test_discrete_video_off.sh
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     maintainers = with maintainers; [ raskin mic92 ];
-    inherit (src.meta) homepage;
+    homepage = "https://github.com/nix-community/acpi_call";
     platforms = platforms.linux;
     description = "A module allowing arbitrary ACPI calls; use case: hybrid video";
+    license = licenses.gpl3Plus;
   };
 }
diff --git a/pkgs/os-specific/linux/acpi/default.nix b/pkgs/os-specific/linux/acpi/default.nix
index 69a36d7bf52..d257553299c 100644
--- a/pkgs/os-specific/linux/acpi/default.nix
+++ b/pkgs/os-specific/linux/acpi/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl }:
+{ lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   pname = "acpi";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "01ahldvf0gc29dmbd5zi4rrnrw2i1ajnf30sx2vyaski3jv099fp";
   };
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Show battery status and other ACPI information";
     longDescription = ''
       Linux ACPI client is a small command-line
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
       battery and thermal information.
     '';
     homepage = "https://sourceforge.net/projects/acpiclient/";
-    license = stdenv.lib.licenses.gpl2Plus;
+    license = lib.licenses.gpl2Plus;
     platforms = platforms.linux;
     maintainers = [ ];
   };
diff --git a/pkgs/os-specific/linux/acpid/default.nix b/pkgs/os-specific/linux/acpid/default.nix
index 5ef5e2724b2..d28ff447681 100644
--- a/pkgs/os-specific/linux/acpid/default.nix
+++ b/pkgs/os-specific/linux/acpid/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoreconfHook }:
+{ lib, stdenv, fetchurl, autoreconfHook }:
 
 stdenv.mkDerivation rec {
   name = "acpid-2.0.32";
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
       --replace "strrchr strtol" "strrchr strtol malloc realloc"
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "https://sourceforge.net/projects/acpid2/";
     description = "A daemon for delivering ACPI events to userspace programs";
     license = licenses.gpl2Plus;
diff --git a/pkgs/os-specific/linux/acpitool/default.nix b/pkgs/os-specific/linux/acpitool/default.nix
index 9f2ad5b5c03..4a3d1a36bd7 100644
--- a/pkgs/os-specific/linux/acpitool/default.nix
+++ b/pkgs/os-specific/linux/acpitool/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, fetchpatch}:
+{lib, stdenv, fetchurl, fetchpatch}:
 
 let
    acpitool-patch-051-4 = params: fetchpatch rec {
@@ -44,8 +44,8 @@ in stdenv.mkDerivation rec {
   meta = {
     description = "A small, convenient command-line ACPI client with a lot of features";
     homepage = "https://sourceforge.net/projects/acpitool/";
-    license = stdenv.lib.licenses.gpl2Plus;
-    maintainers = [ stdenv.lib.maintainers.guibert ];
-    platforms = stdenv.lib.platforms.unix;
+    license = lib.licenses.gpl2Plus;
+    maintainers = [ lib.maintainers.guibert ];
+    platforms = lib.platforms.unix;
   };
 }
diff --git a/pkgs/os-specific/linux/afuse/default.nix b/pkgs/os-specific/linux/afuse/default.nix
index 758c57bb9e1..75c44e11172 100644
--- a/pkgs/os-specific/linux/afuse/default.nix
+++ b/pkgs/os-specific/linux/afuse/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, autoreconfHook, fuse }:
+{ lib, stdenv, fetchurl, pkg-config, autoreconfHook, fuse }:
 
 stdenv.mkDerivation {
   name = "afuse-0.4.1";
@@ -8,14 +8,21 @@ stdenv.mkDerivation {
     sha256 = "1sfhicmxppkvdd4z9klfn63snb71gr9hff6xij1gzk94xg6m0ycc";
   };
 
-  nativeBuildInputs = [ autoreconfHook pkgconfig ];
+  nativeBuildInputs = [ autoreconfHook pkg-config ];
   buildInputs = [ fuse ];
 
+  postPatch = lib.optionalString stdenv.isDarwin ''
+    # Fix the build on macOS with macFUSE installed
+    substituteInPlace configure.ac --replace \
+      'export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH' \
+      ""
+  '';
+
   meta = {
     description = "Automounter in userspace";
     homepage = "https://github.com/pcarrier/afuse";
-    license = stdenv.lib.licenses.gpl2;
-    maintainers = [ stdenv.lib.maintainers.marcweber ];
-    platforms = stdenv.lib.platforms.linux;
+    license = lib.licenses.gpl2;
+    maintainers = [ lib.maintainers.marcweber ];
+    platforms = lib.platforms.unix;
   };
 }
diff --git a/pkgs/os-specific/linux/akvcam/default.nix b/pkgs/os-specific/linux/akvcam/default.nix
new file mode 100644
index 00000000000..815dc6a2ee3
--- /dev/null
+++ b/pkgs/os-specific/linux/akvcam/default.nix
@@ -0,0 +1,32 @@
+{ lib, stdenv, fetchFromGitHub, kernel, qmake }:
+
+stdenv.mkDerivation rec {
+  pname = "akvcam";
+  version = "1.2.0";
+
+  src = fetchFromGitHub {
+    owner = "webcamoid";
+    repo = "akvcam";
+    rev = version;
+    sha256 = "0r5xg7pz0wl6pq5029rpzm9fn978vq0md31xjkp2amny7rrgxw72";
+  };
+
+  nativeBuildInputs = [ qmake ];
+  dontWrapQtApps = true;
+
+  qmakeFlags = [
+    "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+  ];
+
+  installPhase = ''
+    install -m644 -b -D src/akvcam.ko $out/lib/modules/${kernel.modDirVersion}/akvcam.ko
+  '';
+
+  meta = with lib; {
+    description = "Virtual camera driver for Linux";
+    homepage = "https://github.com/webcamoid/akvcam";
+    maintainers = with maintainers; [ freezeboy ];
+    platforms = platforms.linux;
+    license = licenses.gpl2;
+  };
+}
diff --git a/pkgs/os-specific/linux/alsa-plugins/wrapper.nix b/pkgs/os-specific/linux/alsa-plugins/wrapper.nix
deleted file mode 100644
index 8271088a501..00000000000
--- a/pkgs/os-specific/linux/alsa-plugins/wrapper.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ writeShellScriptBin, stdenv, alsaPlugins }:
-writeShellScriptBin "ap${if stdenv.hostPlatform.system == "i686-linux" then "32" else "64"}" ''
-  ALSA_PLUGIN_DIRS=${alsaPlugins}/lib/alsa-lib "$@"
-''
diff --git a/pkgs/os-specific/linux/alsa-firmware/cross.patch b/pkgs/os-specific/linux/alsa-project/alsa-firmware/cross.patch
index 989ccea2b98..989ccea2b98 100644
--- a/pkgs/os-specific/linux/alsa-firmware/cross.patch
+++ b/pkgs/os-specific/linux/alsa-project/alsa-firmware/cross.patch
diff --git a/pkgs/os-specific/linux/alsa-firmware/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-firmware/default.nix
index 01955534bfc..a627a7762a8 100644
--- a/pkgs/os-specific/linux/alsa-firmware/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-firmware/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, buildPackages, autoreconfHook, fetchurl, fetchpatch }:
+{ lib, stdenv, buildPackages, autoreconfHook, fetchurl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "alsa-firmware-1.2.1";
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
   meta = {
     homepage = "http://www.alsa-project.org/";
     description = "Soundcard firmwares from the alsa project";
-    license = stdenv.lib.licenses.gpl2Plus;
-    platforms = stdenv.lib.platforms.linux;
+    license = lib.licenses.gpl2Plus;
+    platforms = lib.platforms.linux;
   };
 }
diff --git a/pkgs/os-specific/linux/alsa-lib/alsa-plugin-conf-multilib.patch b/pkgs/os-specific/linux/alsa-project/alsa-lib/alsa-plugin-conf-multilib.patch
index b17df9a492e..b17df9a492e 100644
--- a/pkgs/os-specific/linux/alsa-lib/alsa-plugin-conf-multilib.patch
+++ b/pkgs/os-specific/linux/alsa-project/alsa-lib/alsa-plugin-conf-multilib.patch
diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix
index 3c5427340ba..a2350271482 100644
--- a/pkgs/os-specific/linux/alsa-lib/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix
@@ -1,11 +1,17 @@
-{ stdenv, fetchurl, alsa-ucm-conf, alsa-topology-conf }:
+{ lib
+, stdenv
+, fetchurl
+, alsa-topology-conf
+, alsa-ucm-conf
+}:
 
 stdenv.mkDerivation rec {
-  name = "alsa-lib-1.2.3";
+  pname = "alsa-lib";
+  version = "1.2.5.1";
 
   src = fetchurl {
-    url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "13k7dx1g749z74rz71hs5j8z0pqdjgx7l69pn0vsy7jizhi0kw02";
+    url = "mirror://alsa/lib/${pname}-${version}.tar.bz2";
+    sha256 = "sha256-YoQh2VDOyvI03j+JnVIMCmkjMTyWStdR/6wIHfMxQ44=";
   };
 
   patches = [
@@ -26,7 +32,7 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "dev" ];
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "http://www.alsa-project.org/";
     description = "ALSA, the Advanced Linux Sound Architecture libraries";
 
@@ -35,7 +41,7 @@ stdenv.mkDerivation rec {
       MIDI functionality to the Linux-based operating system.
     '';
 
-    license = licenses.gpl3Plus;
+    license = licenses.lgpl21Plus;
     platforms = platforms.linux;
   };
 }
diff --git a/pkgs/os-specific/linux/alsa-oss/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-oss/default.nix
index 774dc3d8d67..f600b52c5f3 100644
--- a/pkgs/os-specific/linux/alsa-oss/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-oss/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, alsaLib, gettext, ncurses, libsamplerate}:
+{lib, stdenv, fetchurl, alsa-lib, gettext, ncurses, libsamplerate}:
 
 stdenv.mkDerivation rec {
   pname = "alsa-oss";
@@ -9,14 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "13nn6n6wpr2sj1hyqx4r9nb9bwxnhnzw8r2f08p8v13yjbswxbb4";
   };
 
-  buildInputs = [ alsaLib ncurses libsamplerate ];
+  buildInputs = [ alsa-lib ncurses libsamplerate ];
   nativeBuildInputs = [ gettext ];
 
   configureFlags = [ "--disable-xmlto" ];
 
   installFlags = [ "ASOUND_STATE_DIR=$(TMPDIR)/dummy" ];
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "http://www.alsa-project.org/";
     description = "ALSA, the Advanced Linux Sound Architecture alsa-oss emulation";
 
diff --git a/pkgs/os-specific/linux/alsa-plugins/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-plugins/default.nix
index a69d86c5c4d..747979b1037 100644
--- a/pkgs/os-specific/linux/alsa-plugins/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-plugins/default.nix
@@ -1,19 +1,19 @@
-{ stdenv, fetchurl, lib, pkgconfig, alsaLib, libogg, libpulseaudio ? null, libjack2 ? null }:
+{ stdenv, fetchurl, lib, pkg-config, alsa-lib, libogg, libpulseaudio ? null, libjack2 ? null }:
 
 stdenv.mkDerivation rec {
   pname = "alsa-plugins";
-  version = "1.2.2";
+  version = "1.2.5";
 
   src = fetchurl {
     url = "mirror://alsa/plugins/${pname}-${version}.tar.bz2";
-    sha256 = "0z9k3ssbfk2ky2w13avgyf202j1drsz9sv3834bp33cj1i2hc3qw";
+    sha256 = "086z2g2f95570vfvp9d5bakib4k18fb4bszf3lgx3j6j6f2gkvj2";
   };
 
-  nativeBuildInputs = [ pkgconfig ];
+  nativeBuildInputs = [ pkg-config ];
 
   # ToDo: a52, etc.?
   buildInputs =
-    [ alsaLib libogg ]
+    [ alsa-lib libogg ]
     ++ lib.optional (libpulseaudio != null) libpulseaudio
     ++ lib.optional (libjack2 != null) libjack2;
 
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
     description = "Various plugins for ALSA";
     homepage = "http://alsa-project.org/";
     license = licenses.lgpl21;
-    maintainers = [maintainers.marcweber];
+    maintainers = [ maintainers.marcweber ];
     platforms = platforms.linux;
   };
 }
diff --git a/pkgs/os-specific/linux/alsa-project/alsa-plugins/wrapper.nix b/pkgs/os-specific/linux/alsa-project/alsa-plugins/wrapper.nix
new file mode 100644
index 00000000000..992f4886e26
--- /dev/null
+++ b/pkgs/os-specific/linux/alsa-project/alsa-plugins/wrapper.nix
@@ -0,0 +1,10 @@
+{ stdenv
+, alsa-plugins
+, writeShellScriptBin
+}:
+let
+  arch = if stdenv.hostPlatform.system == "i686-linux" then "32" else "64";
+in
+writeShellScriptBin "ap${arch}" ''
+  ALSA_PLUGIN_DIRS=${alsa-plugins}/lib/alsa-lib "$@"
+''
diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-tools/default.nix
index 2fef5e07c63..8b9abb74036 100644
--- a/pkgs/os-specific/linux/alsa-tools/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-tools/default.nix
@@ -1,18 +1,18 @@
-{ stdenv, fetchurl, alsaLib, pkgconfig, gtk2, gtk3, fltk13 }:
+{ lib, stdenv, fetchurl, alsa-lib, pkg-config, gtk2, gtk3, fltk13 }:
 # Comes from upstream as as bundle of several tools,
 # some use gtk2, some gtk3 (and some even fltk13).
 
 stdenv.mkDerivation rec {
   pname = "alsa-tools";
-  version = "1.2.2";
+  version = "1.2.5";
 
   src = fetchurl {
     url = "mirror://alsa/tools/${pname}-${version}.tar.bz2";
-    sha256 = "0jbkjmq038zapj66a7nkppdf644v2mwj581xbmh6k4i8w6mcglxz";
+    sha256 = "sha256-NacQJ6AfTX3kci4iNSDpQN5os8VwtsZxaRVnrij5iT4=";
   };
 
-  nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ alsaLib gtk2 gtk3 fltk13 ];
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [ alsa-lib gtk2 gtk3 fltk13 ];
 
   patchPhase = ''
     export tools="as10k1 hda-verb hdspmixer echomixer hdajackretask hdspconf hwmixvolume mixartloader rmedigicontrol sscape_ctl vxloader envy24control hdajacksensetest hdsploader ld10k1 pcxhrloader sb16_csp us428control"
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
     done
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "http://www.alsa-project.org/";
     description = "ALSA, the Advanced Linux Sound Architecture tools";
 
diff --git a/pkgs/os-specific/linux/alsa-topology-conf/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-topology-conf/default.nix
index 54340d017ad..97960f833e1 100644
--- a/pkgs/os-specific/linux/alsa-topology-conf/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-topology-conf/default.nix
@@ -1,12 +1,12 @@
-{ stdenv, fetchurl }:
+{ lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   name = "alsa-topology-conf-${version}";
-  version = "1.2.3";
+  version = "1.2.5";
 
   src = fetchurl {
     url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "1zwxc9zhfcmyffjjbibzpdvf4kx7wv9g2zl6xz7y0d6srfr9jgw3";
+    sha256 = "sha256-i/qDBspj4dDL6AvphGYCc7kb1bfdCACmxapx3YyNd1w=";
   };
 
   dontBuild = true;
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "https://www.alsa-project.org/";
     description = "ALSA topology configuration files";
 
diff --git a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix
index 2a9f28c855a..0666f3f4793 100644
--- a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix
@@ -1,12 +1,12 @@
-{ stdenv, fetchurl }:
+{ lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   name = "alsa-ucm-conf-${version}";
-  version = "1.2.3";
+  version = "1.2.5.1";
 
   src = fetchurl {
     url = "mirror://alsa/lib/${name}.tar.bz2";
-    sha256 = "000db5yla7dljidjbbwbiaxvc1a7wh1zpw694gipaymj9fh4vhhv";
+    sha256 = "sha256-WEGkRBZty/R523UTA9vDVW9oUIWsfgDwyed1VnYZXZc=";
   };
 
   dontBuild = true;
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "https://www.alsa-project.org/";
     description = "ALSA Use Case Manager configuration";
 
diff --git a/pkgs/os-specific/linux/alsa-utils/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-utils/default.nix
index 470536db4b7..782e6ffce8c 100644
--- a/pkgs/os-specific/linux/alsa-utils/default.nix
+++ b/pkgs/os-specific/linux/alsa-project/alsa-utils/default.nix
@@ -1,27 +1,27 @@
-{stdenv, fetchurl, alsaLib, gettext, ncurses, libsamplerate, pciutils, fftw}:
+{lib, stdenv, fetchurl, alsa-lib, gettext, makeWrapper, ncurses, libsamplerate, pciutils, which, fftw}:
 
 stdenv.mkDerivation rec {
   pname = "alsa-utils";
-  version = "1.2.3";
+  version = "1.2.5.1";
 
   src = fetchurl {
     url = "mirror://alsa/utils/${pname}-${version}.tar.bz2";
-    sha256 = "1ai1z4kf91b1m3qrpwqkc1af5vm2fkdkknqv95xdwf19q94aw6gz";
+    sha256 = "sha256-nBaa43pJKV+bl7kqzncoA9r2tlEKGVdOC3j4flYhGNA=";
   };
 
-  patchPhase = ''
-    substituteInPlace alsa-info/alsa-info.sh \
-      --replace "which" "type -p" \
-      --replace "lspci" "${pciutils}/bin/lspci"
-  '';
-  nativeBuildInputs = [ gettext ];
-  buildInputs = [ alsaLib ncurses libsamplerate fftw ];
+  nativeBuildInputs = [ gettext makeWrapper ];
+  buildInputs = [ alsa-lib ncurses libsamplerate fftw ];
 
   configureFlags = [ "--disable-xmlto" "--with-udev-rules-dir=$(out)/lib/udev/rules.d" ];
 
   installFlags = [ "ASOUND_STATE_DIR=$(TMPDIR)/dummy" ];
 
-  meta = with stdenv.lib; {
+  postFixup = ''
+    mv $out/bin/alsa-info.sh $out/bin/alsa-info
+    wrapProgram $out/bin/alsa-info --prefix PATH : "${lib.makeBinPath [ which pciutils ]}"
+  '';
+
+  meta = with lib; {
     homepage = "http://www.alsa-project.org/";
     description = "ALSA, the Advanced Linux Sound Architecture utils";
     longDescription = ''
diff --git a/pkgs/os-specific/linux/amdgpu-pro/default.nix b/pkgs/os-specific/linux/amdgpu-pro/default.nix
index 32763fcded5..13dd8302b18 100644
--- a/pkgs/os-specific/linux/amdgpu-pro/default.nix
+++ b/pkgs/os-specific/linux/amdgpu-pro/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, elfutils
+{ lib, stdenv, fetchurl, elfutils
 , xorg, patchelf, openssl, libdrm, udev
 , libxcb, libxshmfence, epoxy, perl, zlib
 , ncurses
@@ -7,7 +7,7 @@
 
 assert (!libsOnly) -> kernel != null;
 
-with stdenv.lib;
+with lib;
 
 let
 
@@ -171,7 +171,7 @@ in stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "AMDGPU-PRO drivers";
     homepage =  "http://support.amd.com/en-us/kb-articles/Pages/AMDGPU-PRO-Beta-Driver-for-Vulkan-Release-Notes.aspx";
     license = licenses.unfree;
diff --git a/pkgs/os-specific/linux/anbox/default.nix b/pkgs/os-specific/linux/anbox/default.nix
index 5f8ca7ac46f..d684e24db91 100644
--- a/pkgs/os-specific/linux/anbox/default.nix
+++ b/pkgs/os-specific/linux/anbox/default.nix
@@ -1,24 +1,28 @@
-{ stdenv, fetchFromGitHub, fetchurl
-, cmake, pkgconfig, dbus, makeWrapper
-, gtest
+{ lib, stdenv, fetchFromGitHub, fetchurl
+, cmake, pkg-config, dbus, makeWrapper
 , boost
+, elfutils # for libdw
+, git
+, glib
+, glm
+, gtest
+, libbfd
 , libcap
-, systemd
-, mesa
+, libdwarf
 , libGL
 , libglvnd
-, glib
-, git
-, SDL2
-, SDL2_image
+, lxc
+, mesa
 , properties-cpp
 , protobuf
 , protobufc
-, python
-, lxc
+, python3
+, runtimeShell
+, SDL2
+, SDL2_image
+, systemd
 , writeText
 , writeScript
-, runtimeShell
 }:
 
 let
@@ -45,27 +49,42 @@ in
 
 stdenv.mkDerivation rec {
   pname = "anbox";
-  version = "unstable-2019-11-15";
+  version = "unstable-2020-11-29";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
-    rev = "0a49ae08f76de7f886a3dbed4422711c2fa39d10";
-    sha256 = "09l56nv9cnyhykclfmvam6bkcxlamwbql6nrz9n022553w92hkjf";
+    rev = "6c10125a7f13908d2cbe56d2d9ab09872755f265";
+    sha256 = "00bqssh4zcs0jj6w07b91719xkrpdw75vpcplwrvlhwsvl55f901";
+    fetchSubmodules = true;
   };
 
   nativeBuildInputs = [
+    cmake
+    pkg-config
     makeWrapper
   ];
 
   buildInputs = [
-    cmake pkgconfig dbus boost libcap gtest systemd mesa glib
-    SDL2 SDL2_image protobuf protobufc properties-cpp lxc python
+    boost
+    dbus
+    elfutils # libdw
+    glib
+    glm
+    gtest
+    libbfd
+    libcap
+    libdwarf
     libGL
+    lxc
+    mesa
+    properties-cpp
+    protobuf protobufc
+    python3
+    SDL2 SDL2_image
+    systemd
   ];
 
-  NIX_CFLAGS_COMPILE = "-Wno-error=missing-field-initializers";
-
   patchPhase = ''
     patchShebangs scripts
 
@@ -96,7 +115,7 @@ stdenv.mkDerivation rec {
 
   postInstall = ''
     wrapProgram $out/bin/anbox \
-      --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [libGL libglvnd]} \
+      --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [libGL libglvnd]} \
       --prefix PATH : ${git}/bin
 
     mkdir -p $out/share/dbus-1/services
@@ -129,7 +148,7 @@ stdenv.mkDerivation rec {
       };
     }.${stdenv.system} or null;
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "https://anbox.io";
     description = "Android in a box";
     license = licenses.gpl2;
diff --git a/pkgs/os-specific/linux/anbox/kmod.nix b/pkgs/os-specific/linux/anbox/kmod.nix
index 6eb74ca25f6..9ce65cd8726 100644
--- a/pkgs/os-specific/linux/anbox/kmod.nix
+++ b/pkgs/os-specific/linux/anbox/kmod.nix
@@ -1,14 +1,14 @@
-{ stdenv, kernel, fetchFromGitHub }:
+{ lib, stdenv, kernel, fetchFromGitHub }:
 
 stdenv.mkDerivation {
   pname = "anbox-modules";
-  version = "2019-11-15-" + kernel.version;
+  version = "2020-06-14-${kernel.version}";
 
   src = fetchFromGitHub {
     owner = "anbox";
     repo = "anbox-modules";
-    rev = "e0a237e571989987806b32881044c539db25e3e1";
-    sha256 = "1km1nslp4f5znwskh4bb1b61r1inw1dlbwiyyq3rrh0f0agf8d0v";
+    rev = "98f0f3b3b1eeb5a6954ca15ec43e150b76369086";
+    sha256 = "sha256-6xDJQ4YItdbYqle/9VNfOc7D80yFGd9cFyF+CuABaF0=";
   };
 
   nativeBuildInputs = kernel.moduleBuildDependencies;
@@ -31,13 +31,12 @@ stdenv.mkDerivation {
     done
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Anbox ashmem and binder drivers.";
     homepage = "https://github.com/anbox/anbox-modules";
-    license = licenses.gpl2;
+    license = licenses.gpl2Only;
     platforms = platforms.linux;
-    broken = (versionOlder kernel.version "4.4") || (kernel.features.grsecurity);
+    broken = kernel.kernelOlder "4.4" || kernel.kernelAtLeast "5.5";
     maintainers = with maintainers; [ edwtjo ];
   };
-
 }
diff --git a/pkgs/os-specific/linux/android-udev-rules/default.nix b/pkgs/os-specific/linux/android-udev-rules/default.nix
index 1cfa6b5856f..fbe02d69f1a 100644
--- a/pkgs/os-specific/linux/android-udev-rules/default.nix
+++ b/pkgs/os-specific/linux/android-udev-rules/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub }:
+{ lib, stdenv, fetchFromGitHub }:
 
 ## Usage
 # In NixOS, simply add this package to services.udev.packages:
@@ -6,24 +6,26 @@
 
 stdenv.mkDerivation rec {
   pname = "android-udev-rules";
-  version = "20200410";
+  version = "20210501";
 
   src = fetchFromGitHub {
     owner = "M0Rf30";
     repo = "android-udev-rules";
     rev = version;
-    sha256 = "1ik9a0k9gkaw5a80m25pxx5yfiwq34ffb7iqhwicz4lwz5wsw8d3";
+    sha256 = "sha256-rlTulWclPqMl9LdHdcAtLARXGItiSeF3RX+neZrjgV4=";
   };
 
   installPhase = ''
+    runHook preInstall
     install -D 51-android.rules $out/lib/udev/rules.d/51-android.rules
+    runHook postInstall
   '';
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     homepage = "https://github.com/M0Rf30/android-udev-rules";
     description = "Android udev rules list aimed to be the most comprehensive on the net";
     platforms = platforms.linux;
-    license = licenses.gpl3;
+    license = licenses.gpl3Plus;
     maintainers = with maintainers; [ abbradar ];
   };
 }
diff --git a/pkgs/os-specific/linux/apfs/default.nix b/pkgs/os-specific/linux/apfs/default.nix
new file mode 100644
index 00000000000..e27272a6147
--- /dev/null
+++ b/pkgs/os-specific/linux/apfs/default.nix
@@ -0,0 +1,35 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, kernel
+}:
+
+stdenv.mkDerivation {
+  pname = "apfs";
+  version = "unstable-2021-06-25-${kernel.version}";
+
+  src = fetchFromGitHub {
+    owner = "linux-apfs";
+    repo = "linux-apfs-rw";
+    rev = "2ce6d06dc73036d113da5166c59393233bf54229";
+    sha256 = "sha256-18HFtPr0qcTIZ8njwEtveiPYO+HGlj90bdUoL47UUY0=";
+  };
+
+  hardeningDisable = [ "pic" ];
+  nativeBuildInputs = kernel.moduleBuildDependencies;
+
+  makeFlags = [
+    "KERNELRELEASE=${kernel.modDirVersion}"
+    "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+    "INSTALL_MOD_PATH=$(out)"
+  ];
+
+  meta = with lib; {
+    description = "APFS module for linux";
+    homepage = "https://github.com/linux-apfs/linux-apfs-rw";
+    license = licenses.gpl2Only;
+    platforms = platforms.linux;
+    broken = kernel.kernelOlder "4.19";
+    maintainers = with maintainers; [ Luflosi ];
+  };
+}
diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index 807ab4fa44b..1b1fb415451 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -1,45 +1,47 @@
 { stdenv, lib, fetchurl, fetchpatch, makeWrapper, autoreconfHook
-, pkgconfig, which
+, pkg-config, which
 , flex, bison
 , linuxHeaders ? stdenv.cc.libc.linuxHeaders
 , gawk
-, withPerl ? stdenv.hostPlatform == stdenv.buildPlatform && lib.any (lib.meta.platformMatch stdenv.hostPlatform) perl.meta.platforms, perl
-, withPython ? stdenv.hostPlatform == stdenv.buildPlatform && lib.any (lib.meta.platformMatch stdenv.hostPlatform) python.meta.platforms, python
+, withPerl ? stdenv.hostPlatform == stdenv.buildPlatform && lib.meta.availableOn stdenv.hostPlatform perl, perl
+, withPython ? stdenv.hostPlatform == stdenv.buildPlatform && lib.meta.availableOn stdenv.hostPlatform python, python
 , swig
 , ncurses
 , pam
 , libnotify
 , buildPackages
+, coreutils
+, gnugrep
+, gnused
+, kmod
+, writeShellScript
+, closureInfo
+, runCommand
 }:
 
 let
-  apparmor-series = "2.13";
-  apparmor-patchver = "4";
-  apparmor-version = apparmor-series + "." + apparmor-patchver;
+  apparmor-version = "3.0.1";
 
-  apparmor-meta = component: with stdenv.lib; {
+  apparmor-meta = component: with lib; {
     homepage = "https://apparmor.net/";
     description = "A mandatory access control system - ${component}";
     license = licenses.gpl2;
-    maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
+    maintainers = with maintainers; [ joachifm julm phreedom thoughtpolice ];
     platforms = platforms.linux;
   };
 
   apparmor-sources = fetchurl {
-    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
-    sha256 = "03nislxccnbxld89giak2s8xa4mdbwscfxbdwhmw5qpvgz08dgwh";
+    url = "https://launchpad.net/apparmor/${lib.versions.majorMinor apparmor-version}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
+    sha256 = "096zbg3v7b51x7f1ly61mzd3iy9alad6sd4lam98j2d6v5ragbcg";
   };
 
-  # See <https://gitlab.com/apparmor/apparmor/-/issues/74> This and the
-  # accompanying application in prePatchCommon should be removed in 2.13.5
-  gnumake43Patch = fetchpatch {
-    url = "https://gitlab.com/apparmor/apparmor/-/merge_requests/465.patch";
-    name = "2-23-fix-build-with-make-4.3.patch";
-    sha256 = "0xw028iqp69j9mxv0kbwraplgkj5i5djdlgf0anpkc5cdbsf96r9";
-  };
+  aa-teardown = writeShellScript "aa-teardown" ''
+    PATH="${lib.makeBinPath [coreutils gnused gnugrep]}:$PATH"
+    . ${apparmor-parser}/lib/apparmor/rc.apparmor.functions
+    remove_profiles
+  '';
 
   prePatchCommon = ''
-    patch -p1 < ${gnumake43Patch}
     chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh
     patchShebangs ./common/list_capabilities.sh ./common/list_af_names.sh
     substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${buildPackages.perl}/bin/pod2man"
@@ -48,18 +50,12 @@ let
     substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
   '';
 
-  patches = stdenv.lib.optionals stdenv.hostPlatform.isMusl [
+  patches = lib.optionals stdenv.hostPlatform.isMusl [
     (fetchpatch {
       url = "https://git.alpinelinux.org/aports/plain/testing/apparmor/0003-Added-missing-typedef-definitions-on-parser.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
       name = "0003-Added-missing-typedef-definitions-on-parser.patch";
       sha256 = "0yyaqz8jlmn1bm37arggprqz0njb4lhjni2d9c8qfqj0kll0bam0";
     })
-    (fetchpatch {
-      url = "https://git.alpinelinux.org/aports/plain/testing/apparmor/0007-Do-not-build-install-vim-file-with-utils-package.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
-      name = "0007-Do-not-build-install-vim-file-with-utils-package.patch";
-      sha256 = "1m4dx901biqgnr4w4wz8a2z9r9dxyw7wv6m6mqglqwf2lxinqmp4";
-    })
-    # (alpine patches {1,4,5,6,8} are needed for apparmor 2.11, but not 2.12)
     ];
 
   # Set to `true` after the next FIXME gets fixed or this gets some
@@ -76,7 +72,7 @@ let
       autoreconfHook
       bison
       flex
-      pkgconfig
+      pkg-config
       swig
       ncurses
       which
@@ -84,8 +80,8 @@ let
     ];
 
     buildInputs = []
-      ++ stdenv.lib.optional withPerl perl
-      ++ stdenv.lib.optional withPython python;
+      ++ lib.optional withPerl perl
+      ++ lib.optional withPython python;
 
     # required to build apparmor-parser
     dontDisableStatic = true;
@@ -93,21 +89,21 @@ let
     prePatch = prePatchCommon + ''
       substituteInPlace ./libraries/libapparmor/swig/perl/Makefile.am --replace install_vendor install_site
       substituteInPlace ./libraries/libapparmor/swig/perl/Makefile.in --replace install_vendor install_site
-      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${stdenv.lib.getDev stdenv.cc.libc}/include/netinet/in.h"
-      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${stdenv.lib.getDev stdenv.cc.libc}/include/netinet/in.h"
+      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${lib.getDev stdenv.cc.libc}/include/netinet/in.h"
+      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${lib.getDev stdenv.cc.libc}/include/netinet/in.h"
     '';
     inherit patches;
 
     postPatch = "cd ./libraries/libapparmor";
     # https://gitlab.com/apparmor/apparmor/issues/1
     configureFlags = [
-      (stdenv.lib.withFeature withPerl "perl")
-      (stdenv.lib.withFeature withPython "python")
+      (lib.withFeature withPerl "perl")
+      (lib.withFeature withPython "python")
     ];
 
-    outputs = [ "out" ] ++ stdenv.lib.optional withPython "python";
+    outputs = [ "out" ] ++ lib.optional withPython "python";
 
-    postInstall = stdenv.lib.optionalString withPython ''
+    postInstall = lib.optionalString withPython ''
       mkdir -p $python/lib
       mv $out/lib/python* $python/lib/
     '';
@@ -130,21 +126,36 @@ let
       libapparmor.python
     ];
 
-    prePatch = prePatchCommon;
+    prePatch = prePatchCommon +
+      # Do not build vim file
+      lib.optionalString stdenv.hostPlatform.isMusl ''
+        sed -i ./utils/Makefile -e "/\<vim\>/d"
+      '' + ''
+      substituteInPlace ./utils/apparmor/easyprof.py --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
+      substituteInPlace ./utils/apparmor/aa.py --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
+      substituteInPlace ./utils/logprof.conf --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
+    '';
     inherit patches;
     postPatch = "cd ./utils";
     makeFlags = [ "LANGS=" ];
     installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "VIM_INSTALL_PATH=$(out)/share" "PYPREFIX=" ];
 
     postInstall = ''
-      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
+      sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d"
+      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do
         wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
       done
 
-      substituteInPlace $out/bin/aa-notify --replace /usr/bin/notify-send ${libnotify}/bin/notify-send
-      # aa-notify checks its name and does not work named ".aa-notify-wrapped"
-      mv $out/bin/aa-notify $out/bin/aa-notify-wrapped
-      makeWrapper ${perl}/bin/perl $out/bin/aa-notify --set PERL5LIB ${libapparmor}/${perl.libPrefix} --add-flags $out/bin/aa-notify-wrapped
+      substituteInPlace $out/bin/aa-notify \
+        --replace /usr/bin/notify-send ${libnotify}/bin/notify-send \
+        --replace /usr/bin/perl "${perl}/bin/perl -I ${libapparmor}/${perl.libPrefix}"
+
+      substituteInPlace $out/bin/aa-remove-unknown \
+       --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions"
+      wrapProgram $out/bin/aa-remove-unknown \
+       --prefix PATH : ${lib.makeBinPath [gawk]}
+
+      ln -s ${aa-teardown} $out/bin/aa-teardown
     '';
 
     inherit doCheck;
@@ -159,7 +170,7 @@ let
     src = apparmor-sources;
 
     nativeBuildInputs = [
-      pkgconfig
+      pkg-config
       libapparmor
       gawk
       which
@@ -172,7 +183,7 @@ let
     prePatch = prePatchCommon;
     postPatch = "cd ./binutils";
     makeFlags = [ "LANGS=" "USE_SYSTEM=1" ];
-    installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" ];
+    installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "SBINDIR=$(out)/bin" ];
 
     inherit doCheck;
 
@@ -193,6 +204,9 @@ let
       substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
       ## techdoc.pdf still doesn't build ...
       substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
+      substituteInPlace parser/rc.apparmor.functions \
+       --replace "/sbin/apparmor_parser" "$out/bin/apparmor_parser"
+      sed -i parser/rc.apparmor.functions -e '2i . ${./fix-rc.apparmor.functions.sh}'
     '';
     inherit patches;
     postPatch = "cd ./parser";
@@ -211,7 +225,7 @@ let
     name = "apparmor-pam-${apparmor-version}";
     src = apparmor-sources;
 
-    nativeBuildInputs = [ pkgconfig which ];
+    nativeBuildInputs = [ pkg-config which ];
 
     buildInputs = [ libapparmor pam ];
 
@@ -242,7 +256,7 @@ let
     name = "apparmor-kernel-patches-${apparmor-version}";
     src = apparmor-sources;
 
-    phases = ''unpackPhase installPhase'';
+    phases = "unpackPhase installPhase";
 
     installPhase = ''
       mkdir "$out"
@@ -254,8 +268,35 @@ let
     meta = apparmor-meta "kernel patches";
   };
 
+  # Generate generic AppArmor rules in a file,
+  # from the closure of given rootPaths.
+  # To be included in an AppArmor profile like so:
+  # include "$(apparmorRulesFromClosure {} [pkgs.hello]}"
+  apparmorRulesFromClosure =
+    { # The store path of the derivation is given in $path
+      additionalRules ? []
+      # TODO: factorize here some other common paths
+      # that may emerge from use cases.
+    , baseRules ? [
+        "r $path"
+        "r $path/etc/**"
+        "r $path/share/**"
+        # Note that not all libraries are prefixed with "lib",
+        # eg. glibc-2.30/lib/ld-2.30.so
+        "mr $path/lib/**.so*"
+        # eg. glibc-2.30/lib/gconv/gconv-modules
+        "r $path/lib/**"
+      ]
+    , name ? ""
+    }: rootPaths: runCommand
+      ( "apparmor-closure-rules"
+      + lib.optionalString (name != "") "-${name}" ) {} ''
+    touch $out
+    while read -r path
+    do printf >>$out "%s,\n" ${lib.concatMapStringsSep " " (x: "\"${x}\"") (baseRules ++ additionalRules)}
+    done <${closureInfo {inherit rootPaths;}}/store-paths
+  '';
 in
-
 {
   inherit
     libapparmor
@@ -264,5 +305,6 @@ in
     apparmor-parser
     apparmor-pam
     apparmor-profiles
-    apparmor-kernel-patches;
+    apparmor-kernel-patches
+    apparmorRulesFromClosure;
 }
diff --git a/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh b/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh
new file mode 100644
index 00000000000..ebc1baaa92d
--- /dev/null
+++ b/pkgs/os-specific/linux/apparmor/fix-rc.apparmor.functions.sh
@@ -0,0 +1,32 @@
+aa_action() {
+  STRING=$1
+  shift
+  $*
+  rc=$?
+  if [ $rc -eq 0 ] ; then
+    aa_log_success_msg $"$STRING "
+  else
+    aa_log_failure_msg $"$STRING "
+  fi
+  return $rc
+}
+
+aa_log_success_msg() {
+   [ -n "$1" ] && echo -n $1
+   echo ": done."
+}
+
+aa_log_warning_msg() {
+   [ -n "$1" ] && echo -n $1
+   echo ": Warning."
+}
+
+aa_log_failure_msg() {
+   [ -n "$1" ] && echo -n $1
+   echo ": Failed."
+}
+
+aa_log_skipped_msg() {
+   [ -n "$1" ] && echo -n $1
+   echo ": Skipped."
+}
diff --git a/pkgs/os-specific/linux/aseq2json/default.nix b/pkgs/os-specific/linux/aseq2json/default.nix
new file mode 100644
index 00000000000..646e9f7b7b9
--- /dev/null
+++ b/pkgs/os-specific/linux/aseq2json/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, lib, fetchFromGitHub, pkg-config, alsa-lib, glib, json-glib }:
+
+stdenv.mkDerivation {
+  pname = "aseq2json";
+  version = "unstable-2018-04-28";
+  src = fetchFromGitHub {
+    owner = "google";
+    repo = "midi-dump-tools";
+    rev = "8572e6313a0d7ec95492dcab04a46c5dd30ef33a";
+    sha256 = "LQ9LLVumi3GN6c9tuMSOd1Bs2pgrwrLLQbs5XF+NZeA=";
+  };
+  sourceRoot = "source/aseq2json";
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [ alsa-lib glib json-glib ];
+
+  installPhase = ''
+    install -D --target-directory "$out/bin" aseq2json
+  '';
+
+  meta = with lib; {
+    description = "Listens for MIDI events on the Alsa sequencer and outputs as JSON to stdout";
+    homepage = "https://github.com/google/midi-dump-tools";
+    license = licenses.asl20;
+    maintainers = [ maintainers.queezle ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/asus-wmi-sensors/default.nix b/pkgs/os-specific/linux/asus-wmi-sensors/default.nix
index 8eb8a7484e1..3098cbb7253 100644
--- a/pkgs/os-specific/linux/asus-wmi-sensors/default.nix
+++ b/pkgs/os-specific/linux/asus-wmi-sensors/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, kernel }:
+{ lib, stdenv, fetchFromGitHub, kernel }:
 
 stdenv.mkDerivation rec {
   name = "asus-wmi-sensors-${version}-${kernel.version}";
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
     "MODDESTDIR=${placeholder "out"}/lib/modules/${kernel.modDirVersion}/kernel/drivers/hwmon"
   ];
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Linux HWMON (lmsensors) sensors driver for various ASUS Ryzen and Threadripper motherboards";
     homepage = "https://github.com/electrified/asus-wmi-sensors";
     license = licenses.gpl2;
diff --git a/pkgs/os-specific/linux/ati-drivers/builder.sh b/pkgs/os-specific/linux/ati-drivers/builder.sh
deleted file mode 100644
index a9e5aaef397..00000000000
--- a/pkgs/os-specific/linux/ati-drivers/builder.sh
+++ /dev/null
@@ -1,302 +0,0 @@
-# TODO gentoo removes some tools because there are xorg sources (?)
-
-source $stdenv/setup
-set -x
-
-die(){ echo $@; exit 1; }
-
-unzip $src
-run_file=fglrx-$build/amd-driver-installer-$build-x86.x86_64.run
-sh $run_file --extract .
-
-for patch in $patches;do
-    patch -p1 < $patch
-done
-
-case "$system" in
-  x86_64-linux)
-    arch=x86_64
-    lib_arch=lib64
-    DIR_DEPENDING_ON_XORG_VERSION=xpic_64a
-  ;;
-  i686-linux)
-    arch=x86
-    lib_arch=lib
-    DIR_DEPENDING_ON_XORG_VERSION=xpic
-  ;;
-  *) exit 1;;
-esac
-
-# Handle/Build the kernel module.
-
-if test -z "$libsOnly"; then
-
-  kernelVersion=$(cd ${kernelDir}/lib/modules && ls)
-  kernelBuild=$(echo ${kernelDir}/lib/modules/$kernelVersion/build)
-  linuxsources=$(echo ${kernelDir}/lib/modules/$kernelVersion/source)
-
-  # note: maybe the .config file should be used to determine this ?
-  # current kbuild infrastructure allows using CONFIG_* defines
-  # but ati sources don't use them yet..
-  # copy paste from make.sh
-
-  setSMP(){
-
-    linuxincludes=$kernelBuild/include
-
-    # copied and stripped. source: make.sh:
-    # 3
-    # linux/autoconf.h may contain this: #define CONFIG_SMP 1
-
-    # Before 2.6.33 autoconf.h is under linux/.
-    # For 2.6.33 and later autoconf.h is under generated/.
-    if [ -f $linuxincludes/generated/autoconf.h ]; then
-        autoconf_h=$linuxincludes/generated/autoconf.h
-    else
-        autoconf_h=$linuxincludes/linux/autoconf.h
-    fi
-    src_file=$autoconf_h
-
-    [ -e $src_file ] || die "$src_file not found"
-
-    if [ `cat $src_file | grep "#undef" | grep "CONFIG_SMP" -c` = 0 ]; then
-      SMP=`cat $src_file | grep CONFIG_SMP | cut -d' ' -f3`
-      echo "file $src_file says: SMP=$SMP"
-    fi
-
-    if [ "$SMP" = 0 ]; then
-      echo "assuming default: SMP=$SMP"
-    fi
-    # act on final result
-    if [ ! "$SMP" = 0 ]; then
-      smp="-SMP"
-      def_smp=-D__SMP__
-    fi
-
-  }
-
-  setModVersions(){
-    ! grep CONFIG_MODVERSIONS=y $kernelBuild/.config ||
-    def_modversions="-DMODVERSIONS"
-    # make.sh contains much more code to determine this whether its enabled
-  }
-
-  # ==============================================================
-  # resolve if we are building for a kernel with a fix for CVE-2010-3081
-  # On kernels with the fix, use arch_compat_alloc_user_space instead
-  # of compat_alloc_user_space since the latter is GPL-only
-
-  COMPAT_ALLOC_USER_SPACE=arch_compat_alloc_user_space
-
-  for src_file in \
-    $kernelBuild/arch/x86/include/asm/compat.h \
-    $linuxsources/arch/x86/include/asm/compat.h \
-    $kernelBuild/include/asm-x86_64/compat.h \
-    $linuxsources/include/asm-x86_64/compat.h \
-    $kernelBuild/include/asm/compat.h;
-  do
-    if [ -e $src_file ];
-    then
-      break
-    fi
-  done
-  if [ ! -e $src_file ];
-    then
-    echo "Warning: x86 compat.h not found in kernel headers"
-    echo "neither arch/x86/include/asm/compat.h nor include/asm-x86_64/compat.h"
-    echo "could be found in $kernelBuild or $linuxsources"
-    echo ""
-  else
-    if [ `cat $src_file | grep -c arch_compat_alloc_user_space` -gt 0 ]
-    then
-      COMPAT_ALLOC_USER_SPACE=arch_compat_alloc_user_space
-    fi
-    echo "file $src_file says: COMPAT_ALLOC_USER_SPACE=$COMPAT_ALLOC_USER_SPACE"
-  fi
-
-  # make.sh contains some code figuring out whether to use these or not..
-  PAGE_ATTR_FIX=0
-  setSMP
-  setModVersions
-  CC=gcc
-  MODULE=fglrx
-  LIBIP_PREFIX=$TMP/arch/$arch/lib/modules/fglrx/build_mod
-  [ -d $LIBIP_PREFIX ]
-  GCC_MAJOR="`gcc --version | grep -o -e ") ." | head -1 | cut -d " " -f 2`"
-
-  { # build .ko module
-    cd ./common/lib/modules/fglrx/build_mod/2.6.x
-    echo .lib${MODULE}_ip.a.GCC${GCC_MAJOR}.cmd
-    echo 'This is a dummy file created to suppress this warning: could not find /lib/modules/fglrx/build_mod/2.6.x/.libfglrx_ip.a.GCC4.cmd for /lib/modules/fglrx/build_mod/2.6.x/libfglrx_ip.a.GCC4' > lib${MODULE}_ip.a.GCC${GCC_MAJOR}.cmd
-
-    sed -i -e "s@COMPAT_ALLOC_USER_SPACE@$COMPAT_ALLOC_USER_SPACE@" ../kcl_ioctl.c
-
-    make CC=${CC} \
-      LIBIP_PREFIX=$(echo "$LIBIP_PREFIX" | sed -e 's|^\([^/]\)|../\1|') \
-      MODFLAGS="-DMODULE -DATI -DFGL -DPAGE_ATTR_FIX=$PAGE_ATTR_FIX -DCOMPAT_ALLOC_USER_SPACE=$COMPAT_ALLOC_USER_SPACE $def_smp $def_modversions" \
-      KVER=$kernelVersion \
-      KDIR=$kernelBuild \
-      PAGE_ATTR_FIX=$PAGE_ATTR_FIX \
-      -j4
-
-    cd $TMP
-  }
-
-fi
-
-{ # install
-  mkdir -p $out/lib/xorg
-  cp -r common/usr/include $out
-  cp -r common/usr/sbin $out
-  cp -r common/usr/share $out
-  mkdir $out/bin/
-  cp -f common/usr/X11R6/bin/* $out/bin/
-  # cp -r arch/$arch/lib $out/lib
-  # what are those files used for?
-  cp -r common/etc $out
-  cp -r $DIR_DEPENDING_ON_XORG_VERSION/usr/X11R6/$lib_arch/* $out/lib/xorg
-
-  # install kernel module
-  if test -z "$libsOnly"; then
-    t=$out/lib/modules/${kernelVersion}/kernel/drivers/misc
-    mkdir -p $t
-
-    cp ./common/lib/modules/fglrx/build_mod/2.6.x/fglrx.ko $t
-  fi
-
-  # should this be installed at all?
-  # its used by the example fglrx_gamma only
-  # don't use $out/lib/modules/dri because this will cause the kernel module
-  # aggregator code to see both