diff options
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/ell/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/fxload/default.nix | 46 | ||||
-rw-r--r-- | pkgs/os-specific/linux/iproute/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/iwd/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel-headers/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/libbpf/default.nix | 4 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/nvidia-x11/builder.sh | 1 | ||||
-rw-r--r-- | pkgs/os-specific/linux/opengl/xorg-sys/builder.sh | 1 | ||||
-rw-r--r-- | pkgs/os-specific/linux/shadow/default.nix | 110 | ||||
-rw-r--r-- | pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch | 28 | ||||
-rw-r--r-- | pkgs/os-specific/linux/systemd/default.nix | 6 |
12 files changed, 122 insertions, 92 deletions
diff --git a/pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh b/pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh index cca65661f8a..6a254cd8212 100644 --- a/pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh +++ b/pkgs/os-specific/darwin/signing-utils/auto-sign-hook.sh @@ -25,7 +25,7 @@ signDarwinBinariesIn() { signDarwinBinariesInAllOutputs() { local output - for output in $outputs; do + for output in $(getAllOutputNames); do signDarwinBinariesIn "${!output}" done } diff --git a/pkgs/os-specific/linux/ell/default.nix b/pkgs/os-specific/linux/ell/default.nix index 1e188fbe607..3306d875272 100644 --- a/pkgs/os-specific/linux/ell/default.nix +++ b/pkgs/os-specific/linux/ell/default.nix @@ -7,14 +7,14 @@ stdenv.mkDerivation rec { pname = "ell"; - version = "0.54"; + version = "0.55"; outputs = [ "out" "dev" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/ell/ell.git"; rev = version; - sha256 = "sha256-Oi+S4DWXuTUL36Xh3iWIZj9rdN2qUDHmZiFSH1csW+8="; + sha256 = "sha256-vMWs+0iaszq+p55Z9AhqkNHWeOwlgt2iq7uuA8xGjJ4="; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/fxload/default.nix b/pkgs/os-specific/linux/fxload/default.nix index 8c1a778ec8b..3c5443f3432 100644 --- a/pkgs/os-specific/linux/fxload/default.nix +++ b/pkgs/os-specific/linux/fxload/default.nix @@ -1,37 +1,31 @@ -{lib, stdenv, fetchurl}: +{ lib +, stdenv +, libusb1 +}: stdenv.mkDerivation rec { pname = "fxload"; - version = "2002.04.11"; + version = libusb1.version; + dontUnpack = true; + dontBuild = true; + dontConfigure = true; + dontInstall = true; + dontPatch = true; + dontPatchELF = true; - src = fetchurl { - url = "mirror://sourceforge/linux-hotplug/fxload-${lib.replaceStrings ["."] ["_"] version}.tar.gz"; - sha256 = "1hql93bp3dxrv1p67nc63xsbqwljyynm997ysldrc3n9ifi6s48m"; - }; - - patches = [ - # Will be needed after linux-headers is updated to >= 2.6.21. - (fetchurl { - url = "http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/sys-apps/fxload/files/fxload-20020411-linux-headers-2.6.21.patch?rev=1.1"; - sha256 = "0ij0c8nr1rbyl5wmyv1cklhkxglvsqz32h21cjw4bjm151kgmk7p"; - }) - ]; - - preBuild = '' - substituteInPlace Makefile --replace /usr / - makeFlagsArray=(INSTALL=install prefix=$out) - ''; - - preInstall = '' + # fxload binary exist inside the `examples/bin` directory of `libusb1` + postFixup = '' mkdir -p $out/sbin - mkdir -p $out/share/man/man8 - mkdir -p $out/share/usb + ln -s ${passthru.libusb}/examples/bin/fxload $out/sbin/fxload ''; + passthru.libusb = libusb1.override { withExamples = true; }; + meta = with lib; { - homepage = "http://linux-hotplug.sourceforge.net/?selected=usb"; - description = "Tool to upload firmware to Cypress EZ-USB microcontrollers"; - license = licenses.gpl2; + homepage = "https://github.com/libusb/libusb"; + description = "Tool to upload firmware to into an21, fx, fx2, fx2lp and fx3 ez-usb devices"; + license = licenses.gpl2Only; platforms = platforms.linux; + maintainers = with maintainers; [ realsnick ]; }; } diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 89c191cb7f3..9a63a28a7a9 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "6.0.0"; + version = "6.1.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "UjE56ecq7JljdPot50vkxT0t0FWJSIk00h/5e64ZWAo="; + sha256 = "sha256-XOEqD+xrIScl7yGHNZQbLat2JE235yZGp2AhsFN7Q6s="; }; patches = [ diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix index b3895c286c5..54a9a53a036 100644 --- a/pkgs/os-specific/linux/iwd/default.nix +++ b/pkgs/os-specific/linux/iwd/default.nix @@ -12,12 +12,12 @@ stdenv.mkDerivation rec { pname = "iwd"; - version = "2.0"; + version = "2.1"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - sha256 = "sha256-9eQ2fW3ha69ngugYonbYdqrpERqt8aM0Ed4HM0CrmUU="; + sha256 = "sha256-Aq038SG8vuxCA6mYOP5I6VWCUty5vgdbpAa9J+bIfZM="; }; outputs = [ "out" "man" "doc" ] diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index d8bfb59bf12..34fbde9d676 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -114,12 +114,12 @@ let in { inherit makeLinuxHeaders; - linuxHeaders = let version = "6.0"; in + linuxHeaders = let version = "6.1"; in makeLinuxHeaders { inherit version; src = fetchurl { url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - sha256 = "sha256-XCRDpVON5SaI77VcJ6sFOcH161jAz9FqK5+7CP2BeI4="; + sha256 = "sha256-LKHxcFGkMPb+0RluSVJxdQcXGs/ZfZZXchJQJwOyXes="; }; patches = [ ./no-relocs.patch # for building x86 kernel headers on non-ELF platforms diff --git a/pkgs/os-specific/linux/libbpf/default.nix b/pkgs/os-specific/linux/libbpf/default.nix index 04322a35b4f..d6bb9d4a431 100644 --- a/pkgs/os-specific/linux/libbpf/default.nix +++ b/pkgs/os-specific/linux/libbpf/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "libbpf"; - version = "1.0.1"; + version = "1.1.0"; src = fetchFromGitHub { owner = "libbpf"; repo = "libbpf"; rev = "v${version}"; - sha256 = "sha256-2rzVah+CxCztKnlEWMIQrUS2JJTLiWscfIA1aOBtIzs="; + sha256 = "sha256-/vt6IA1o0gjFtXUWhEKIZ1DUWIN2LOvrhLfFzJBACGY="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/os-specific/linux/nvidia-x11/builder.sh b/pkgs/os-specific/linux/nvidia-x11/builder.sh index eadf88fd116..1cf1400f996 100755 --- a/pkgs/os-specific/linux/nvidia-x11/builder.sh +++ b/pkgs/os-specific/linux/nvidia-x11/builder.sh @@ -1,3 +1,4 @@ +if [ -e .attrs.sh ]; then source .attrs.sh; fi source $stdenv/setup unpackManually() { diff --git a/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh b/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh index cd21899e60e..34f9b157945 100644 --- a/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh +++ b/pkgs/os-specific/linux/opengl/xorg-sys/builder.sh @@ -1,3 +1,4 @@ +if [ -e .attrs.sh ]; then source .attrs.sh; fi source $stdenv/setup mkdir -p $out/lib diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index c6fd417d0d6..2d0e6071629 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -1,57 +1,62 @@ -{ lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt -, libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison, runtimeShell -, libxcrypt, pam ? null, glibcCross ? null +{ lib, stdenv, fetchFromGitHub +, runtimeShell, nixosTests, fetchpatch +, autoreconfHook, bison, flex +, docbook_xml_dtd_45, docbook_xsl +, itstool , libxml2, libxslt +, libxcrypt +, glibcCross ? null +, pam ? null +, withTcb ? stdenv.isLinux, tcb }: - let - glibc = - if stdenv.hostPlatform != stdenv.buildPlatform - then glibcCross + if stdenv.hostPlatform != stdenv.buildPlatform then glibcCross else assert stdenv.hostPlatform.libc == "glibc"; stdenv.cc.libc; - dots_in_usernames = fetchpatch { - url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch"; - sha256 = "1fj3rg6x3jppm5jvi9y7fhd2djbi4nc5pgwisw00xlh4qapgz692"; - }; - in stdenv.mkDerivation rec { pname = "shadow"; - version = "4.11.1"; + version = "4.13"; src = fetchFromGitHub { owner = "shadow-maint"; - repo = "shadow"; - rev = "v${version}"; - sha256 = "sha256-PxLX5V0t18JftT5wT41krNv18Ew7Kz3MfZkOi/80ODA="; + repo = pname; + rev = version; + sha256 = "sha256-L54DhdBYthfB9436t/XWXiqKhW7rfd0GLS7pYGB32rA="; }; - buildInputs = [ libxcrypt ] - ++ lib.optional (pam != null && stdenv.isLinux) pam; - nativeBuildInputs = [autoreconfHook libxslt libxml2 - docbook_xml_dtd_45 docbook_xsl flex bison itstool - ]; - - patches = - [ ./keep-path.patch - # Obtain XML resources from XML catalog (patch adapted from gtk-doc) - ./respect-xml-catalog-files-var.patch - dots_in_usernames - ./runtime-shell.patch - ]; + outputs = [ "out" "su" "dev" "man" ]; RUNTIME_SHELL = runtimeShell; - # The nix daemon often forbids even creating set[ug]id files. - postPatch = - ''sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am - ''; + nativeBuildInputs = [ + autoreconfHook bison flex + docbook_xml_dtd_45 docbook_xsl + itstool libxml2 libxslt + ]; - outputs = [ "out" "su" "man" ]; + buildInputs = [ libxcrypt ] + ++ lib.optional (pam != null && stdenv.isLinux) pam + ++ lib.optional withTcb tcb; + + patches = [ + ./keep-path.patch + # Obtain XML resources from XML catalog (patch adapted from gtk-doc) + ./respect-xml-catalog-files-var.patch + ./runtime-shell.patch + ./fix-install-with-tcb.patch + # Fix HAVE_SHADOWGRP configure check + (fetchpatch { + url = "https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef.patch"; + sha256 = "sha256-GJWg/8ggTnrbIgjI+HYa26DdVbjTHTk/IHhy7GU9G5w="; + }) + ]; - enableParallelBuilding = true; + # The nix daemon often forbids even creating set[ug]id files. + postPatch = '' + sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am + ''; # Assume System V `setpgrp (void)', which is the default on GNU variants # (`AC_FUNC_SETPGRP' is not cross-compilation capable.) @@ -65,23 +70,24 @@ stdenv.mkDerivation rec { "--with-group-name-max-length=32" "--with-bcrypt" "--with-yescrypt" - ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"; - - preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") - '' - substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd - ''; - - postInstall = - '' - # Don't install ‘groups’, since coreutils already provides it. - rm $out/bin/groups - rm $man/share/man/man1/groups.* - - # Move the su binary into the su package - mkdir -p $su/bin - mv $out/bin/su $su/bin - ''; + ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd" + ++ lib.optional withTcb "--with-tcb"; + + preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") '' + substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd + ''; + + postInstall = '' + # Don't install ‘groups’, since coreutils already provides it. + rm $out/bin/groups + rm $man/share/man/man1/groups.* + + # Move the su binary into the su package + mkdir -p $su/bin + mv $out/bin/su $su/bin + ''; + + enableParallelBuilding = true; disallowedReferences = lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) stdenv.shellPackage; diff --git a/pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch b/pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch new file mode 100644 index 00000000000..ff6166b92f1 --- /dev/null +++ b/pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch @@ -0,0 +1,28 @@ +diff --git a/src/Makefile.am b/src/Makefile.am +index a1a2e4e..fa17f9d 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -74,10 +74,6 @@ suidubins += newgidmap newuidmap + endif + endif + +-if WITH_TCB +-shadowsgidubins = passwd +-endif +- + LDADD = $(INTLLIBS) \ + $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la \ +@@ -146,12 +142,6 @@ install-am: all-am + set -e; for i in $(suidusbins); do \ + chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \ + done +-if WITH_TCB +- set -e; for i in $(shadowsgidubins); do \ +- chown root:shadow $(DESTDIR)$(ubindir)/$$i; \ +- chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \ +- done +-endif + if ENABLE_SUBIDS + if FCAPS + setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 4e3f3762370..4c16e96fdb1 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -89,7 +89,7 @@ , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi && !stdenv.hostPlatform.isMusl , withFido2 ? true -, withHomed ? false +, withHomed ? true , withHostnamed ? true , withHwdb ? true , withImportd ? !stdenv.hostPlatform.isMusl @@ -130,7 +130,7 @@ assert withHomed -> withCryptsetup; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "252.1"; + version = "252.4"; # Bump this variable on every (major) version change. See below (in the meson options list) for why. # command: @@ -147,7 +147,7 @@ stdenv.mkDerivation { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - hash = "sha256-G43qbNF7znTITSM78sOL0qi8nqaA7qIhmiqP/rZKjXY="; + hash = "sha256-8ejSEt3QyCSARGGVbXWac2dB9jdUpC4eX2rN0iENQX0="; }; # On major changes, or when otherwise required, you *must* reformat the patches, |