From 60f4345e37d6b4c02ab8ca8fa104ae8a32ccf856 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 23 Feb 2020 18:45:29 +0100 Subject: linux config: Set TCP_CONG_CUBIC=yes to restore the default This will switch the default TCP congestion control algorithm from new Reno to CUBIC. CUBIC is the default since Linux kernel 2.6.19 (see 597811ec167fa) and most (all?) distributions keep this default (e.g. Debian and Ubuntu). On NixOS the default was still new Reno because generate-config.pl changes TCP_CONG_CUBIC from y to m (since we try to build everything as a module by default). To check the active and available algorithms: $ sysctl net.ipv4.tcp_congestion_control net.ipv4.tcp_congestion_control = cubic $ sysctl net.ipv4.tcp_available_congestion_control net.ipv4.tcp_available_congestion_control = cubic reno Note: E.g. x86_64_defconfig sets TCP_CONG_CUBIC=y indirectly via CONFIG_TCP_CONG_ADVANCED=y (but CUBIC is also the default if set to no, see net/ipv4/Kconfig). --- pkgs/os-specific/linux/kernel/common-config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index f9579a9fde5..dbac890dfd1 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -120,6 +120,7 @@ let XDP_SOCKETS = whenAtLeast "4.19" yes; XDP_SOCKETS_DIAG = whenAtLeast "4.19" yes; WAN = yes; + TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 # Required by systemd per-cgroup firewalling CGROUP_BPF = option yes; CGROUP_NET_PRIO = yes; # Required by systemd -- cgit 1.4.1 From 4acda90e5acaff1379c06fbd856f82118e4b1c0f Mon Sep 17 00:00:00 2001 From: Rostislav Benes Date: Sun, 22 Mar 2020 18:32:59 +0100 Subject: alsa-ucm-conf: init at 1.2.2 --- maintainers/maintainer-list.nix | 6 ++++ pkgs/os-specific/linux/alsa-ucm-conf/default.nix | 36 ++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 3 files changed, 44 insertions(+) create mode 100644 pkgs/os-specific/linux/alsa-ucm-conf/default.nix (limited to 'pkgs/os-specific') diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 8e8c9f2fb10..7fde51d8210 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -6305,6 +6305,12 @@ fingerprint = "92B2 904F D293 C94D C4C9 3E6B BFBA F4C9 75F7 6450"; }]; }; + roastiek = { + email = "r.dee.b.b@gmail.com"; + github = "roastiek"; + githubId = 422802; + name = "Rostislav Beneš"; + }; rob = { email = "rob.vermaas@gmail.com"; github = "rbvermaa"; diff --git a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix new file mode 100644 index 00000000000..6f2766ef9ff --- /dev/null +++ b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "alsa-ucm-conf-${version}"; + version = "1.2.2"; + + src = fetchurl { + url = "mirror://alsa/lib/${name}.tar.bz2"; + sha256 = "0364fgzdm2qrsqvgqri25gzscbma7yqlv31wz8b1z9c5phlxkgvy"; + }; + + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/alsa + cp -r ucm ucm2 $out/share/alsa + + runHook postInstall + ''; + + meta = with stdenv.lib; { + homepage = http://www.alsa-project.org/; + description = "ALSA Use Case Manager configuration"; + + longDescription = '' + The Advanced Linux Sound Architecture (ALSA) provides audio and + MIDI functionality to the Linux-based operating system. + ''; + + license = licenses.bsd3; + maintainers = [ maintainers.roastiek ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c3a7715b317..0d7f4e69070 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16251,6 +16251,8 @@ in alsaOss = callPackage ../os-specific/linux/alsa-oss { }; alsaTools = callPackage ../os-specific/linux/alsa-tools { }; + alsa-ucm-conf = callPackage ../os-specific/linux/alsa-ucm-conf { }; + inherit (callPackage ../misc/arm-trusted-firmware {}) buildArmTrustedFirmware armTrustedFirmwareTools -- cgit 1.4.1 From f0a6dfcbdf78ebc1fb30797d0ef0012a0acef837 Mon Sep 17 00:00:00 2001 From: Rostislav Benes Date: Sun, 22 Mar 2020 18:36:40 +0100 Subject: alsa-topology-conf: init at 1.2.2 --- .../linux/alsa-topology-conf/default.nix | 36 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 38 insertions(+) create mode 100644 pkgs/os-specific/linux/alsa-topology-conf/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/alsa-topology-conf/default.nix b/pkgs/os-specific/linux/alsa-topology-conf/default.nix new file mode 100644 index 00000000000..26febf0daa7 --- /dev/null +++ b/pkgs/os-specific/linux/alsa-topology-conf/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "alsa-topology-conf-${version}"; + version = "1.2.2"; + + src = fetchurl { + url = "mirror://alsa/lib/${name}.tar.bz2"; + sha256 = "09cls485ckdjsp4azhv3nw7chyg3r7zrqgald6yp70f7cysxcwml"; + }; + + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/alsa + cp -r topology $out/share/alsa + + runHook postInstall + ''; + + meta = with stdenv.lib; { + homepage = http://www.alsa-project.org/; + description = "ALSA topology configuration files"; + + longDescription = '' + The Advanced Linux Sound Architecture (ALSA) provides audio and + MIDI functionality to the Linux-based operating system. + ''; + + license = licenses.bsd3; + maintainers = [ maintainers.roastiek ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0d7f4e69070..7ce8a77d0bc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16253,6 +16253,8 @@ in alsa-ucm-conf = callPackage ../os-specific/linux/alsa-ucm-conf { }; + alsa-topology-conf = callPackage ../os-specific/linux/alsa-topology-conf { }; + inherit (callPackage ../misc/arm-trusted-firmware {}) buildArmTrustedFirmware armTrustedFirmwareTools -- cgit 1.4.1 From 4fef426da6eae92a524ea5ca34c9a482dcf5985f Mon Sep 17 00:00:00 2001 From: Rostislav Benes Date: Sun, 22 Mar 2020 18:40:47 +0100 Subject: alsaLib: 1.1.9 -> 1.2.2 --- pkgs/os-specific/linux/alsa-lib/default.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix index 8dcddf4baf9..e599ba1f3f1 100644 --- a/pkgs/os-specific/linux/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-lib/default.nix @@ -1,25 +1,27 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, alsa-ucm-conf, alsa-topology-conf }: stdenv.mkDerivation rec { - name = "alsa-lib-1.1.9"; + name = "alsa-lib-1.2.2"; src = fetchurl { url = "mirror://alsa/lib/${name}.tar.bz2"; - sha256 = "0jwr9g4yxg9gj6xx0sb2r6wrdl8amrjd19hilkrq4rirynp770s8"; + sha256 = "1v5kb8jyvrpkvvq7dq8hfbmcj68lml97i4s0prxpfx2mh3c57s6q"; }; patches = [ ./alsa-plugin-conf-multilib.patch ]; + enableParallelBuilding = true; + # Fix pcm.h file in order to prevent some compilation bugs - # 2: see http://stackoverflow.com/questions/3103400/how-to-overcome-u-int8-t-vs-uint8-t-issue-efficiently postPatch = '' sed -i -e 's|//int snd_pcm_mixer_element(snd_pcm_t \*pcm, snd_mixer_t \*mixer, snd_mixer_elem_t \*\*elem);|/\*int snd_pcm_mixer_element(snd_pcm_t \*pcm, snd_mixer_t \*mixer, snd_mixer_elem_t \*\*elem);\*/|' include/pcm.h + ''; - - sed -i -e '1i#include ' include/pcm.h - sed -i -e 's/u_int\([0-9]*\)_t/uint\1_t/g' include/pcm.h + postInstall = '' + ln -s ${alsa-ucm-conf}/share/alsa/{ucm,ucm2} $out/share/alsa + ln -s ${alsa-topology-conf}/share/alsa/topology $out/share/alsa ''; outputs = [ "out" "dev" ]; -- cgit 1.4.1 From 62cdbd678cf2870267f230a412a8f44c6839dfe9 Mon Sep 17 00:00:00 2001 From: Rouven Czerwinski Date: Sun, 29 Mar 2020 10:03:47 +0200 Subject: linux config: enable SND CA0132 DSP loading Since we select everything as a module, snd_hda_codec_ca0132 is built as well. DSP loading is not enabled by default, but without it the soundcard produces timeouts within ALSA and does not emit sound. Explicitly enable the firmware loading to ensure Soundblaster Z/Zx/ZxR/Recon devices can be used with NixOS. The patch to enable this by default in the kernel is staged for 5.8. --- pkgs/os-specific/linux/kernel/common-config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 2c8b8de65b3..efd49ab930d 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -244,6 +244,7 @@ let SND_HDA_RECONFIG = yes; # Support reconfiguration of jack functions # Support configuring jack functions via fw mechanism at boot SND_HDA_PATCH_LOADER = yes; + SND_HDA_CODEC_CA0132_DSP = whenOlder "5.8" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon SND_OSSEMUL = yes; SND_USB_CAIAQ_INPUT = yes; # Enable PSS mixer (Beethoven ADSP-16 and other compatible) -- cgit 1.4.1 From 41d6bfe0ca456b7d523ca5b30f2df40256012f2a Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 2 Apr 2020 22:17:29 +0200 Subject: iproute: 5.5.0 -> 5.6.0 "Not a lot of changes in this release, most are related to fixing output formatting and documentation." [0] File changes (additions/removals): +share/man/man8/tc-ets.8.gz +share/man/man8/tc-fq_pie.8.gz nix path-info -S: 5.5.0 51509616 5.6.0 51528680 [0]: https://marc.info/?l=linux-netdev&m=158585608413591 --- pkgs/os-specific/linux/iproute/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 624644596d9..a6b2d4362bc 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.5.0"; + version = "5.6.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "0ywg70f98wgfai35jl47xzpjp45a6n7crja4vc8ql85cbi1l7ids"; + sha256 = "14j6n1bc09xhq8lxs40vfsx8bb8lx12a07ga4rsxl8vfrqjhwnqv"; }; preConfigure = '' -- cgit 1.4.1 From aa46e1ae342feed39eaf1e63ffadfc69606dafb0 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Mon, 6 Apr 2020 13:50:15 +0200 Subject: iproute: Simplify and improve the expression --- pkgs/os-specific/linux/iproute/default.nix | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 624644596d9..fd7417839a1 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -1,4 +1,7 @@ -{ fetchurl, stdenv, flex, bash, bison, db, iptables, pkgconfig, libelf, libmnl }: +{ stdenv, fetchurl +, bison, flex, pkg-config +, db, iptables, libelf, libmnl +}: stdenv.mkDerivation rec { pname = "iproute2"; @@ -10,7 +13,7 @@ stdenv.mkDerivation rec { }; preConfigure = '' - patchShebangs ./configure + # Don't try to create /var/lib/arpd: sed -e '/ARPDDIR/d' -i Makefile # Don't build netem tools--they're not installed and require HOSTCC substituteInPlace Makefile --replace " netem " " " @@ -19,11 +22,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; makeFlags = [ - "DESTDIR=" - "LIBDIR=$(out)/lib" + "PREFIX=$(out)" "SBINDIR=$(out)/sbin" - "MANDIR=$(out)/share/man" - "BASH_COMPDIR=$(out)/share/bash-completion/completions" "DOCDIR=$(TMPDIR)/share/doc/${pname}" # Don't install docs "HDRDIR=$(dev)/include/iproute2" ]; @@ -36,17 +36,13 @@ stdenv.mkDerivation rec { "CONFDIR=$(out)/etc/iproute2" ]; + nativeBuildInputs = [ bison flex pkg-config ]; buildInputs = [ db iptables libelf libmnl ]; - nativeBuildInputs = [ bison flex pkgconfig ]; enableParallelBuilding = true; - postInstall = '' - PATH=${bash}/bin:$PATH patchShebangs $out/sbin - ''; - meta = with stdenv.lib; { - homepage = https://wiki.linuxfoundation.org/networking/iproute2; + homepage = "https://wiki.linuxfoundation.org/networking/iproute2"; description = "A collection of utilities for controlling TCP/IP networking and traffic control in Linux"; platforms = platforms.linux; license = licenses.gpl2; -- cgit 1.4.1 From 94f2a76718d30acee9fe16ae8c7b24f349c3cd75 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Mon, 6 Apr 2020 13:51:21 +0200 Subject: iproute: Build the netem tools They will be installed now and we can provide $HOSTCC for cross-compilation. New files: +lib/tc/experimental.dist +lib/tc/normal.dist +lib/tc/pareto.dist +lib/tc/paretonormal.dist Note: The distributions are generated in a reproducible way. Co-Authored-By: Benjamin Saunders --- pkgs/os-specific/linux/iproute/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index fd7417839a1..9f6df0fccd5 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl -, bison, flex, pkg-config +, buildPackages, bison, flex, pkg-config , db, iptables, libelf, libmnl }: @@ -15,8 +15,6 @@ stdenv.mkDerivation rec { preConfigure = '' # Don't try to create /var/lib/arpd: sed -e '/ARPDDIR/d' -i Makefile - # Don't build netem tools--they're not installed and require HOSTCC - substituteInPlace Makefile --replace " netem " " " ''; outputs = [ "out" "dev" ]; @@ -36,6 +34,7 @@ stdenv.mkDerivation rec { "CONFDIR=$(out)/etc/iproute2" ]; + depsBuildBuild = [ buildPackages.stdenv.cc ]; # netem requires $HOSTCC nativeBuildInputs = [ bison flex pkg-config ]; buildInputs = [ db iptables libelf libmnl ]; -- cgit 1.4.1 From 3a71e62c5646dab388af04743cbadda1f8374cb9 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Tue, 3 Mar 2020 23:03:53 -0500 Subject: plymouth: set systemd-tty-ask-password-agent path This is needed in cross where systemd is not in path. --- pkgs/os-specific/linux/plymouth/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/plymouth/default.nix b/pkgs/os-specific/linux/plymouth/default.nix index 1a8e3685e9c..ccce9de0e32 100644 --- a/pkgs/os-specific/linux/plymouth/default.nix +++ b/pkgs/os-specific/linux/plymouth/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, autoreconfHook, pkgconfig, libxslt, docbook_xsl -, gtk3, udev, systemd +, gtk3, udev, systemd, lib }: stdenv.mkDerivation rec { @@ -44,6 +44,7 @@ stdenv.mkDerivation rec { "--enable-pango" "--enable-gdm-transition" "--enable-gtk" + "ac_cv_path_SYSTEMD_ASK_PASSWORD_AGENT=${lib.getBin systemd}/bin/systemd-tty-ask-password-agent" ]; configurePlatforms = [ "host" ]; -- cgit 1.4.1 From 0bbdba2d119caa0fccf48529cf374df7075403d2 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Sat, 7 Mar 2020 17:08:58 -0500 Subject: bluez: don’t build python packages when tests are disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Can’t run these on cross anyway --- pkgs/os-specific/linux/bluez/default.nix | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index 29b100a33c5..b8bedbe9f1b 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -11,9 +11,13 @@ , readline , systemd , udev -}: - -stdenv.mkDerivation rec { +}: let + pythonPath = with python3.pkgs; [ + dbus-python + pygobject3 + recursivePthLoader + ]; +in stdenv.mkDerivation rec { pname = "bluez"; version = "5.54"; @@ -22,12 +26,6 @@ stdenv.mkDerivation rec { sha256 = "1p2ncvjz6alr9n3l5wvq2arqgc7xjs6dqyar1l9jp0z8cfgapkb8"; }; - pythonPath = with python3.pkgs; [ - dbus-python - pygobject3 - recursivePthLoader - ]; - buildInputs = [ alsaLib dbus @@ -44,7 +42,7 @@ stdenv.mkDerivation rec { python3.pkgs.wrapPython ]; - outputs = [ "out" "dev" "test" ]; + outputs = [ "out" "dev" ] ++ lib.optional doCheck "test"; postPatch = '' substituteInPlace tools/hid2hci.rules \ @@ -79,7 +77,7 @@ stdenv.mkDerivation rec { doCheck = stdenv.hostPlatform.isx86_64; - postInstall = '' + postInstall = lib.optionalString doCheck '' mkdir -p $test/{bin,test} cp -a test $test pushd $test/test @@ -94,8 +92,8 @@ stdenv.mkDerivation rec { ln -s ../test/$a $test/bin/bluez-$a done popd - wrapPythonProgramsIn $test/test "$test/test $pythonPath" - + wrapPythonProgramsIn $test/test "$test/test ${toString pythonPath}" + '' + '' # for bluez4 compatibility for NixOS mkdir $out/sbin ln -s ../libexec/bluetooth/bluetoothd $out/sbin/bluetoothd -- cgit 1.4.1 From 024877e7b2ae4aca95c6867313414bdf6460b4f1 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Sat, 7 Mar 2020 17:09:49 -0500 Subject: alsa-plugins: move pkgconfig to native --- pkgs/os-specific/linux/alsa-plugins/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/alsa-plugins/default.nix b/pkgs/os-specific/linux/alsa-plugins/default.nix index b524d7906da..a69d86c5c4d 100644 --- a/pkgs/os-specific/linux/alsa-plugins/default.nix +++ b/pkgs/os-specific/linux/alsa-plugins/default.nix @@ -9,9 +9,11 @@ stdenv.mkDerivation rec { sha256 = "0z9k3ssbfk2ky2w13avgyf202j1drsz9sv3834bp33cj1i2hc3qw"; }; + nativeBuildInputs = [ pkgconfig ]; + # ToDo: a52, etc.? buildInputs = - [ pkgconfig alsaLib libogg ] + [ alsaLib libogg ] ++ lib.optional (libpulseaudio != null) libpulseaudio ++ lib.optional (libjack2 != null) libjack2; -- cgit 1.4.1 From 7547cf9dfcc36a36939d3b97ca766f64a1012ad3 Mon Sep 17 00:00:00 2001 From: Greg Price Date: Mon, 6 Apr 2020 20:32:19 -0700 Subject: treewide: Fix up stripDebugList attrs to be lists. The documentation says this should be a list, and it already is in about half the expressions that set it. The difference doesn't matter at present, because these values are all space-free literals. But it will in a future with __structuredAttrs . (The similar attr stripAllList has no users in the nixpkgs tree, so there's nothing to do to fix any of those up.) --- pkgs/applications/misc/far2l/default.nix | 2 +- pkgs/development/libraries/ldb/default.nix | 2 +- pkgs/development/misc/avr/libc/default.nix | 2 +- pkgs/os-specific/linux/syslinux/default.nix | 2 +- pkgs/servers/http/apache-httpd/2.4.nix | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/applications/misc/far2l/default.nix b/pkgs/applications/misc/far2l/default.nix index 7c6573630a1..572ec3dda15 100644 --- a/pkgs/applications/misc/far2l/default.nix +++ b/pkgs/applications/misc/far2l/default.nix @@ -74,7 +74,7 @@ stdenv.mkDerivation rec { wrapProgram $out/bin/far2l --argv0 $out/bin/far2l ''; - stripDebugList = "bin share"; + stripDebugList = [ "bin" "share" ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/ldb/default.nix b/pkgs/development/libraries/ldb/default.nix index 7ee869b53c3..a0cb8a7762b 100644 --- a/pkgs/development/libraries/ldb/default.nix +++ b/pkgs/development/libraries/ldb/default.nix @@ -52,7 +52,7 @@ stdenv.mkDerivation rec { "--without-ldb-lmdb" ]; - stripDebugList = "bin lib modules"; + stripDebugList = [ "bin" "lib" "modules" ]; meta = with stdenv.lib; { description = "A LDAP-like embedded database"; diff --git a/pkgs/development/misc/avr/libc/default.nix b/pkgs/development/misc/avr/libc/default.nix index 48ea088a73c..84e9c075134 100644 --- a/pkgs/development/misc/avr/libc/default.nix +++ b/pkgs/development/misc/avr/libc/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ automake autoconf ]; # Make sure we don't strip the libraries in lib/gcc/avr. - stripDebugList = "bin"; + stripDebugList = [ "bin" ]; dontPatchELF = true; passthru = { diff --git a/pkgs/os-specific/linux/syslinux/default.nix b/pkgs/os-specific/linux/syslinux/default.nix index ed901b21ac1..02d19c8a202 100644 --- a/pkgs/os-specific/linux/syslinux/default.nix +++ b/pkgs/os-specific/linux/syslinux/default.nix @@ -56,7 +56,7 @@ stdenv.mkDerivation { enableParallelBuilding = false; # Fails very rarely with 'No rule to make target: ...' hardeningDisable = [ "pic" "stackprotector" "fortify" ]; - stripDebugList = "bin sbin share/syslinux/com32"; + stripDebugList = [ "bin" "sbin" "share/syslinux/com32" ]; makeFlags = [ "BINDIR=$(out)/bin" diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix index 252365098dd..658de79385a 100644 --- a/pkgs/servers/http/apache-httpd/2.4.nix +++ b/pkgs/servers/http/apache-httpd/2.4.nix @@ -75,7 +75,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - stripDebugList = "lib modules bin"; + stripDebugList = [ "lib" "modules" "bin" ]; postInstall = '' mkdir -p $doc/share/doc/httpd -- cgit 1.4.1 From 9ddfde897796cf31c3ab56ee410300b682621a41 Mon Sep 17 00:00:00 2001 From: Andreas Stührk Date: Fri, 10 Apr 2020 20:40:27 +0200 Subject: v4l2loopback: 0.12.3 -> 0.12.4 --- pkgs/os-specific/linux/v4l2loopback/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index e56f9b51dbd..db384c71d74 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "v4l2loopback-${version}-${kernel.version}"; - version = "0.12.3"; + version = "0.12.4"; src = fetchFromGitHub { owner = "umlaeute"; repo = "v4l2loopback"; rev = "v${version}"; - sha256 = "01wahmrh4iw27cfmypik6frapq14vn7m9shmj5g7cr1apz2523aq"; + sha256 = "0sp7n6hprgf1z7vzwshs5gyyn6syn4pw5xx7xqrfcwkx6cja6sys"; }; hardeningDisable = [ "format" "pic" ]; -- cgit 1.4.1 From 64f80e339768a0ba678d3d9d91ff458818b84827 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 11 Apr 2020 18:24:40 +0000 Subject: android-udev-rules: 20191103 -> 20200410 --- pkgs/os-specific/linux/android-udev-rules/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/android-udev-rules/default.nix b/pkgs/os-specific/linux/android-udev-rules/default.nix index 2aa71b92beb..1cfa6b5856f 100644 --- a/pkgs/os-specific/linux/android-udev-rules/default.nix +++ b/pkgs/os-specific/linux/android-udev-rules/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "android-udev-rules"; - version = "20191103"; + version = "20200410"; src = fetchFromGitHub { owner = "M0Rf30"; repo = "android-udev-rules"; rev = version; - sha256 = "0x2f2sv0x0ry7kccp47s0hlxps3hbpg37dj3xjjgpdm5hmn2cjq3"; + sha256 = "1ik9a0k9gkaw5a80m25pxx5yfiwq34ffb7iqhwicz4lwz5wsw8d3"; }; installPhase = '' @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = https://github.com/M0Rf30/android-udev-rules; + homepage = "https://github.com/M0Rf30/android-udev-rules"; description = "Android udev rules list aimed to be the most comprehensive on the net"; platforms = platforms.linux; license = licenses.gpl3; -- cgit 1.4.1 From 363004c7eb201d969041b559737ccfe13fdd275a Mon Sep 17 00:00:00 2001 From: Edmund Wu Date: Sat, 11 Apr 2020 16:21:39 -0400 Subject: rtkit: cleanup --- pkgs/os-specific/linux/rtkit/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/rtkit/default.nix b/pkgs/os-specific/linux/rtkit/default.nix index 1b1e99e752b..ef38eac8af9 100644 --- a/pkgs/os-specific/linux/rtkit/default.nix +++ b/pkgs/os-specific/linux/rtkit/default.nix @@ -1,7 +1,8 @@ { stdenv, fetchurl, fetchpatch, pkgconfig, dbus, libcap }: stdenv.mkDerivation rec { - name = "rtkit-0.11"; + pname = "rtkit"; + version = "0.11"; src = fetchurl { url = "http://0pointer.de/public/${name}.tar.xz"; -- cgit 1.4.1 From f9ac4948919bdddced72190054c341e709d29efc Mon Sep 17 00:00:00 2001 From: Edmund Wu Date: Sat, 11 Apr 2020 17:09:25 -0400 Subject: rtkit: 0.11 -> 0.13 --- pkgs/os-specific/linux/rtkit/default.nix | 52 +++++++++++++++++--------------- 1 file changed, 27 insertions(+), 25 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/rtkit/default.nix b/pkgs/os-specific/linux/rtkit/default.nix index ef38eac8af9..b3f73e6c3bb 100644 --- a/pkgs/os-specific/linux/rtkit/default.nix +++ b/pkgs/os-specific/linux/rtkit/default.nix @@ -1,44 +1,46 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, dbus, libcap }: +{ stdenv, fetchFromGitHub, fetchpatch +, meson, ninja, pkgconfig, unixtools +, dbus, libcap, polkit, systemd +}: stdenv.mkDerivation rec { pname = "rtkit"; - version = "0.11"; + version = "0.13"; - src = fetchurl { - url = "http://0pointer.de/public/${name}.tar.xz"; - sha256 = "1l5cb1gp6wgpc9vq6sx021qs6zb0nxg3cn1ba00hjhgnrw4931b8"; + src = fetchFromGitHub { + owner = "heftig"; + repo = "rtkit"; + rev = "c295fa849f52b487be6433e69e08b46251950399"; + sha256 = "0yfsgi3pvg6dkizrww1jxpkvcbhzyw9110n1dypmzq0c5hlzjxcd"; }; - configureFlags = [ - "--with-systemdsystemunitdir=$(out)/etc/systemd/system" - ]; - patches = [ - # Drop removed ControlGroup stanza - (fetchpatch { - url = "http://git.0pointer.net/rtkit.git/patch/?id=6c28e20c0be2f616a025059fda0ffac84e7f4f17"; - sha256 = "0lsxk5nv08i1wjb4xh20i5fcwg3x0qq0k4f8bc0r9cczph2sv7ck"; - }) - - # security patch: Pass uid of caller to polkit (fetchpatch { - url = "http://git.0pointer.net/rtkit.git/patch/?id=88d4082ef6caf6b071d749dca1c50e7edde914cc"; - sha256 = "0hp1blbi359qz8fmr6nj4w9yc0jf3dd176f8pn25wdj38n13qkix"; + url = "https://github.com/heftig/rtkit/commit/7d62095b94f8df3891c984a1535026d2658bb177.patch"; + sha256 = "17acv549zqcgh7sgprfagbf6drqsr0zdwvf1dsqda7wlqc2h9zn7"; }) - # Fix format string errors due to -Werror=format-security (fetchpatch { - url = "https://sources.debian.org/data/main/r/rtkit/0.11-6/debian/patches/0006-fix-format-strings.patch"; - sha256 = "09mr89lh16jvz6cqw00zmh0xk919bjfhjkvna1czwmafwy9p7kgp"; + url = "https://github.com/heftig/rtkit/commit/98f70edd8f534c371cb4308b9720739c5178918d.patch"; + sha256 = "18mnjjsdjfr184nkzi01xyphpdngi31ry4bmkv9ysjxf9wilv4nl"; }) ]; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ dbus libcap ]; - NIX_LDFLAGS = "-lrt"; + nativeBuildInputs = [ meson ninja pkgconfig unixtools.xxd ]; + buildInputs = [ dbus libcap polkit systemd ]; + + mesonFlags = [ + "-Dinstalled_tests=false" + + "-Ddbus_systemservicedir=${placeholder "out"}/share/dbus-1/system-services" + "-Ddbus_interfacedir=${placeholder "out"}/share/dbus-1/interfaces" + "-Ddbus_rulesdir=${placeholder "out"}/etc/dbus-1/system.d" + "-Dpolkit_actiondir=${placeholder "out"}/share/polkit-1/actions" + "-Dsystemd_systemunitdir=${placeholder "out"}/etc/systemd/system" + ]; meta = with stdenv.lib; { - homepage = "http://0pointer.de/blog/projects/rtkit"; + homepage = "https://github.com/heftig/rtkit"; description = "A daemon that hands out real-time priority to processes"; license = with licenses; [ gpl3 bsd0 ]; # lib is bsd license platforms = platforms.linux; -- cgit 1.4.1 From 1c0b645d7b54ed0e5514e780bdd2cc72efc079d0 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 12 Apr 2020 09:09:57 +0000 Subject: earlyoom: 1.5 -> 1.6 --- pkgs/os-specific/linux/earlyoom/default.nix | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/earlyoom/default.nix b/pkgs/os-specific/linux/earlyoom/default.nix index 2585c5b3c2f..2e0f5ef7833 100644 --- a/pkgs/os-specific/linux/earlyoom/default.nix +++ b/pkgs/os-specific/linux/earlyoom/default.nix @@ -1,26 +1,31 @@ -{ lib, stdenv, fetchFromGitHub }: +{ stdenv, fetchFromGitHub, pandoc, installShellFiles, withManpage ? false }: stdenv.mkDerivation rec { - name = "earlyoom-${VERSION}"; - # This environment variable is read by make to set the build version. - VERSION = "1.5"; + pname = "earlyoom"; + version = "1.6"; src = fetchFromGitHub { owner = "rfjakob"; repo = "earlyoom"; - rev = "v${VERSION}"; - sha256 = "1wcw2lfd9ajachbrjqywkzj9x6zv32gij2r6yap26x1wdd5x7i93"; + rev = "v${version}"; + sha256 = "0g2bjsvnqq5h4g1k3a0x6ixb334wpzbm2gafl78b6ic6j45smwcs"; }; + nativeBuildInputs = stdenv.lib.optionals withManpage [ pandoc installShellFiles ]; + + makeFlags = [ "VERSION=${version}" ]; + installPhase = '' install -D earlyoom $out/bin/earlyoom + '' + stdenv.lib.optionalString withManpage '' + installManPage earlyoom.1 ''; - meta = { + meta = with stdenv.lib; { description = "Early OOM Daemon for Linux"; - homepage = "https://github.com/rfjakob/earlyoom"; - license = lib.licenses.mit; - platforms = lib.platforms.linux; - maintainers = with lib.maintainers; [ ]; + homepage = "https://github.com/rfjakob/earlyoom"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; []; }; } -- cgit 1.4.1 From b1d4fdad19544dff22a272013513331cef6bc770 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 6 Apr 2020 11:34:30 +0000 Subject: pam_krb5: 4.8 -> 4.9 --- pkgs/os-specific/linux/pam_krb5/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/pam_krb5/default.nix b/pkgs/os-specific/linux/pam_krb5/default.nix index 1f7562b987e..7a384c793d2 100644 --- a/pkgs/os-specific/linux/pam_krb5/default.nix +++ b/pkgs/os-specific/linux/pam_krb5/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, pam, kerberos }: stdenv.mkDerivation rec { - name = "pam-krb5-4.8"; + name = "pam-krb5-4.9"; src = fetchurl { url = "https://archives.eyrie.org/software/kerberos/${name}.tar.gz"; - sha256 = "0j96jfaxzkj1ifc3qxagjmaxvgda7ndqaaxx2ka018is9f5lbfrs"; + sha256 = "0kzz6mjkzw571pkv684vyczhl874f6p7lih3dj7s764gxdxnv4y5"; }; buildInputs = [ pam kerberos ]; -- cgit 1.4.1 From 89d2967c9e2b8afe1b57567b9673f3454e8ef260 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 13 Apr 2020 01:22:54 +0200 Subject: linuxPackages.bpftrace: 0.9.3 -> 0.9.4 https://github.com/iovisor/bpftrace/releases/tag/v0.9.4 --- pkgs/os-specific/linux/bpftrace/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/bpftrace/default.nix b/pkgs/os-specific/linux/bpftrace/default.nix index 2772ecec710..0c360e60b7e 100644 --- a/pkgs/os-specific/linux/bpftrace/default.nix +++ b/pkgs/os-specific/linux/bpftrace/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "bpftrace"; - version = "0.9.3"; + version = "0.9.4"; src = fetchFromGitHub { owner = "iovisor"; repo = "bpftrace"; rev = "refs/tags/v${version}"; - sha256 = "1qkfbmksdssmm1qxcvcwdql1pz8cqy233195n9i9q5dhk876f75v"; + sha256 = "00fvkq3razwacnpb82zkpv63dgyigbqx3gj6g0ka94nwa74i5i77"; }; enableParallelBuilding = true; -- cgit 1.4.1 From 3a8f6159cb19638e485f6beeec957b173812c0b0 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 13 Apr 2020 08:35:32 -0400 Subject: linux: 4.4.218 -> 4.4.219 --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- pkgs/top-level/all-packages.nix | 5 ----- 2 files changed, 2 insertions(+), 7 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 6f0baf2a53b..e99375ed62c 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.218"; + version = "4.4.219"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0qzhcy8i111jbpnkpzq7hqf9nkwq4s7smi820hfvnmd2ky7cns7a"; + sha256 = "1mpxqb2m24ay4n9px4n2cyklxy4lhnv9q6wlvilx13rs5qfbb62f"; }; } // (args.argsOverride or {})) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f64fdd59835..436cb18b3ab 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16623,11 +16623,6 @@ in kernelPatches.request_key_helper_updated kernelPatches.cpu-cgroup-v2."4.4" kernelPatches.modinst_arg_list_too_long - # https://github.com/NixOS/nixpkgs/issues/42755 - # Remove these xen-netfront patches once they're included in - # upstream! Fixes https://github.com/NixOS/nixpkgs/issues/42755 - kernelPatches.xen-netfront_fix_mismatched_rtnl_unlock - kernelPatches.xen-netfront_update_features_after_registering_netdev ]; }; -- cgit 1.4.1 From f717bfeedbb6bf3671a75251dfc07fd5c4697bb3 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 13 Apr 2020 08:35:56 -0400 Subject: linux: 4.14.175 -> 4.14.176 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 70083eb6cc4..5d7337c27f6 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.175"; + version = "4.14.176"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0b12w0d21sk261jr4p1pm32v0r20a5c2j1p5hasdqw80sb2hli6b"; + sha256 = "18jwxhf29ax54xnylmz9zfkslnxw7y3h215dbfmmvddfp9b0kbmw"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From e06d2a46827b9ca8e87e42c9ac58a8ed8d345817 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 13 Apr 2020 08:36:04 -0400 Subject: linux: 4.19.114 -> 4.19.115 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index c7e55b1c9f8..142cf0aaf92 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.114"; + version = "4.19.115"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "03hz6vg5bg728ilbm4z997pf52cgxzsxb03vz5cs55gwdbfa0h0y"; + sha256 = "1hh170z3mv181l6cc6qqc12wif5jsmxbh2qxbq6b9km5irydkchi"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From f47969645b7a6a870299773f7ded9fa713060c34 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 13 Apr 2020 08:36:11 -0400 Subject: linux: 4.9.218 -> 4.9.219 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 3b6a68b7c03..78c76d12ddc 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.218"; + version = "4.9.219"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1ka98c8sbfipzll6ss9fcsn26lh4cy60372yfw27pif4brhnwfnz"; + sha256 = "0i5wlyp11ss9p035bhq73xjx8iyk5dk4ynvd7msw5qfkrs6265vb"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 2b6e16abe0c8ce5e3103fb84a7ba2987178f640a Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 13 Apr 2020 08:36:19 -0400 Subject: linux: 5.4.31 -> 5.4.32 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index e18048ef4c9..f4293b5bffc 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.31"; + version = "5.4.32"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1svf4wf4j1vqhdpgx63ry4c99fc54d9nfi4d1xm7z209z3w86451"; + sha256 = "1czjjnln1cqrnjxw0md6mpw9haw9abdyvmxnjds56ym4nzx9jb8r"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From bba4a30f8ccebca8163d8404fc4bc86229106422 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 13 Apr 2020 08:36:27 -0400 Subject: linux: 5.5.16 -> 5.5.17 --- pkgs/os-specific/linux/kernel/linux-5.5.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.5.nix b/pkgs/os-specific/linux/kernel/linux-5.5.nix index 3b6555bde53..c4fbe1aea5e 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.5.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.5.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.5.16"; + version = "5.5.17"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0207yw1vkyzvnvbfbkyam6nac1dd9p4hmmbqw09ljki0ia531yw5"; + sha256 = "06aqhlysa7zdj6c69hyii3hfqlfa9751ivga38rbqw1lr2gbbnj0"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From f6e64feb14bbc35fe1cd160f28094321c6e685fa Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 13 Apr 2020 08:36:35 -0400 Subject: linux: 5.6.3 -> 5.6.4 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index 052343467db..950c60ac268 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.3"; + version = "5.6.4"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1ajh1iw3bplm6ckcycg45wfmmqkvfiqmh6i3m1895dfapfd6h4qx"; + sha256 = "14cxbc9xi4s3xwx4yb1yd4z0kidsk3d443skf5sgmdhcalg79wax"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 17f2cf93dc3dfd49c7be85eee960994640b6f957 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Mon, 13 Apr 2020 19:19:38 -0400 Subject: fwupdate: Clean up -I flags --- pkgs/os-specific/linux/firmware/fwupdate/default.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/firmware/fwupdate/default.nix b/pkgs/os-specific/linux/firmware/fwupdate/default.nix index c14e04dc344..bcafa7f3376 100644 --- a/pkgs/os-specific/linux/firmware/fwupdate/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupdate/default.nix @@ -1,6 +1,13 @@ { efivar, fetchurl, gettext, gnu-efi, libsmbios, pkgconfig, popt, stdenv }: + let version = "12"; + + arch = + if stdenv.hostPlatform.isx86_32 + then "ia32" + else stdenv.hostPlatform.parsed.cpu.name; + in stdenv.mkDerivation { pname = "fwupdate"; inherit version; @@ -13,7 +20,11 @@ in stdenv.mkDerivation { ./do-not-create-sharedstatedir.patch ]; - NIX_CFLAGS_COMPILE = "-I${gnu-efi}/include/efi -Wno-error=address-of-packed-member"; + NIX_CFLAGS_COMPILE = builtins.toString [ + "-I${gnu-efi}/include/efi" + "-I${gnu-efi}/include/efi/${arch}" + "-Wno-error=address-of-packed-member" + ]; # TODO: Just apply the disable to the efi subdir hardeningDisable = [ "stackprotector" ]; @@ -41,12 +52,6 @@ in stdenv.mkDerivation { efivar ]; - # TODO: fix wrt cross-compilation - preConfigure = '' - arch=$(cc -dumpmachine | cut -f1 -d- | sed 's,i[3456789]86,ia32,' ) - export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${gnu-efi}/include/efi/$arch" - ''; - postInstall = '' rm -rf $out/src rm -rf $out/lib/debug -- cgit 1.4.1 From f16ae2da3ee4463150adec4b072ac7ca352f17ec Mon Sep 17 00:00:00 2001 From: Niklas Hambüchen Date: Mon, 13 Apr 2020 03:36:15 +0200 Subject: linux: Enable `CONFIG_NET_DROP_MONITOR` by default. Needed for subscribing to dropped packets (e.g. via `dropwatch`). --- pkgs/os-specific/linux/kernel/common-config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 3f8628b276f..dffdd6571f3 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -178,6 +178,10 @@ let NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) (whenAtLeast "5.3" module) ]; + # needed for `dropwatch` + # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450 + NET_DROP_MONITOR = yes; + # needed for ss INET_DIAG = yes; INET_TCP_DIAG = module; -- cgit 1.4.1 From d6d2b1ee6de5b66ca5a5b8d0c444632cffcec95f Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 15 Apr 2020 07:31:00 +0000 Subject: rdma-core: 28.0 -> 29.0 --- pkgs/os-specific/linux/rdma-core/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/rdma-core/default.nix b/pkgs/os-specific/linux/rdma-core/default.nix index 2d929707859..a9cf7fe03b4 100644 --- a/pkgs/os-specific/linux/rdma-core/default.nix +++ b/pkgs/os-specific/linux/rdma-core/default.nix @@ -4,7 +4,7 @@ } : let - version = "28.0"; + version = "29.0"; in stdenv.mkDerivation { pname = "rdma-core"; @@ -14,7 +14,7 @@ in stdenv.mkDerivation { owner = "linux-rdma"; repo = "rdma-core"; rev = "v${version}"; - sha256 = "0az2is6p5gkyphi2b978kwn7knry60y33kn6p7cxz49ca79a42cy"; + sha256 = "03r7jbhw64siyrna9mz0qzppfzp8ilwi7iqdkxgyy33rndncqqnq"; }; nativeBuildInputs = [ cmake pkgconfig pandoc docutils makeWrapper ]; -- cgit 1.4.1 From fc7efb2d494c1161f0e5070daac1d8c3c6dfc800 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 16 Apr 2020 04:20:00 -0500 Subject: lxc: 4.0.1 -> 4.0.2 --- pkgs/os-specific/linux/lxc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix index d8aff40eefd..cc25f90f248 100644 --- a/pkgs/os-specific/linux/lxc/default.nix +++ b/pkgs/os-specific/linux/lxc/default.nix @@ -9,11 +9,11 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "lxc"; - version = "4.0.1"; + version = "4.0.2"; src = fetchurl { url = "https://linuxcontainers.org/downloads/lxc/lxc-${version}.tar.gz"; - sha256 = "178kqjz0n5nnjw0z8ac5lbfpqprna9xfd9ckakp34zq9vz0smfvh"; + sha256 = "1c2wbbcvs58slyq0skxizx61q1lb4yvak28x4gzsbzh3yg6nscya"; }; nativeBuildInputs = [ -- cgit 1.4.1 From ba770e599c3489856054e23f1b8d09684195f619 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 26 Jan 2020 14:56:41 +0100 Subject: systemd: switch from our own fork to upstream repo + local patches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After patching, this produces exactly the same source code as in our custom fork, but having the actual patches inlined inside nixpkgs makes it easier to get rid of them. In case more complicated rebasing is necessary, maintainers can - Clone the upstream systemd/systemd[-stable] repo - Checkout the current rev mentioned in src - Apply the patches from this folder via `git am 00*.patch` - Rebase the repo on top of a new version - Export the patch series via `git format-patch $newVersion` - Update the patches = [ … ] attribute (if necessary) --- ...e-units-for-uninitialised-encrypted-devic.patch | 32 +++ ...get-Drop-the-dependency-on-local-fs.targe.patch | 32 +++ ...003-Don-t-try-to-unmount-nix-or-nix-store.patch | 28 ++ .../linux/systemd/0004-Fix-NixOS-containers.patch | 34 +++ ...c-nodes.service-Don-t-require-lib-modules.patch | 24 ++ .../0006-Look-for-fsck-in-the-right-place.patch | 25 ++ ...-Add-some-NixOS-specific-unit-directories.patch | 107 +++++++ ...008-Don-t-try-to-unmount-nix-or-nix-store.patch | 53 ++++ ...rid-of-a-useless-message-in-user-sessions.patch | 31 ++ ...ocaled-timedated-disable-methods-that-cha.patch | 118 ++++++++ .../linux/systemd/0011-Fix-hwdb-paths.patch | 32 +++ ...Change-usr-share-zoneinfo-to-etc-zoneinfo.patch | 116 ++++++++ ...13-localectl-use-etc-X11-xkb-for-list-x11.patch | 27 ++ .../0014-catalog-don-t-update-on-install.patch | 24 ++ .../0015-hwdb-don-t-run-update-on-install.patch | 27 ++ ...-create-statedir-and-don-t-touch-prefixdi.patch | 26 ++ ...t-option-x-initrd.mount-handling-35268-16.patch | 42 +++ ...ault-configuration-into-out-share-factory.patch | 313 +++++++++++++++++++++ ...stemd-environment-when-calling-generators.patch | 42 +++ ...-the-no-such-path-PATH-that-was-dropped-s.patch | 41 +++ .../0021-add-rootprefix-to-lookup-dir-paths.patch | 38 +++ ...tdown-execute-scripts-in-etc-systemd-syst.patch | 27 ++ ...ep-execute-scripts-in-etc-systemd-system-.patch | 26 ++ ...nit.target-Drop-the-dependency-on-local-f.patch | 27 ++ .../linux/systemd/0027-Start-getty-on-lxc.patch | 27 ++ pkgs/os-specific/linux/systemd/default.nix | 36 ++- 26 files changed, 1351 insertions(+), 4 deletions(-) create mode 100644 pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch create mode 100644 pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch create mode 100644 pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch create mode 100644 pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch create mode 100644 pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch create mode 100644 pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch create mode 100644 pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch create mode 100644 pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch create mode 100644 pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch create mode 100644 pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch create mode 100644 pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch create mode 100644 pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch create mode 100644 pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch create mode 100644 pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch create mode 100644 pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch create mode 100644 pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch create mode 100644 pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch create mode 100644 pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch create mode 100644 pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch create mode 100644 pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch create mode 100644 pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch create mode 100644 pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch create mode 100644 pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch create mode 100644 pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch create mode 100644 pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch new file mode 100644 index 00000000000..173f41a44c9 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -0,0 +1,32 @@ +From a6c9317a905ef478b8e0d3dad263990feb5d11cb Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Tue, 8 Jan 2013 15:46:30 +0100 +Subject: [PATCH 01/27] Start device units for uninitialised encrypted devices + +This is necessary because the NixOS service that initialises the +filesystem depends on the appearance of the device unit. Also, this +makes more sense to me: the device is ready; it's the filesystem +that's not, but taking care of that is the responsibility of the mount +unit. (However, this ignores the fsck unit, so it's not perfect...) +--- + rules/99-systemd.rules.in | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in +index c34b606216..3ab8c1c3fe 100644 +--- a/rules/99-systemd.rules.in ++++ b/rules/99-systemd.rules.in +@@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" + SUBSYSTEM=="block", TAG+="systemd" + SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" + +-# Ignore encrypted devices with no identified superblock on it, since +-# we are probably still calling mke2fs or mkswap on it. +-SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" +- + # add symlink to GPT root disk + SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" + SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch b/pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch new file mode 100644 index 00000000000..6dfd150d325 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch @@ -0,0 +1,32 @@ +From 4e0c6f33ebf49a78abec28d2f4044afb5b8719af Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Tue, 8 Jan 2013 15:56:03 +0100 +Subject: [PATCH 02/27] sysinit.target: Drop the dependency on local-fs.target + and swap.target + +Having all services with DefaultDependencies=yes depend on +local-fs.target is annoying, because some of those services might be +necessary to mount local filesystems. For instance, Charon's +send-keys feature requires sshd to be running in order to receive LUKS +encryption keys, which in turn requires dhcpcd, and so on. So we drop +this dependency (and swap.target as well for consistency). If +services require a specific mount, they should use RequiresMountsFor +in any case. +--- + units/sysinit.target | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/units/sysinit.target b/units/sysinit.target +index b6c16a1412..5fe9ad0ec9 100644 +--- a/units/sysinit.target ++++ b/units/sysinit.target +@@ -11,5 +11,4 @@ + Description=System Initialization + Documentation=man:systemd.special(7) + Conflicts=emergency.service emergency.target +-Wants=local-fs.target swap.target +-After=local-fs.target swap.target emergency.service emergency.target ++After=emergency.service emergency.target +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch new file mode 100644 index 00000000000..a1380a33f45 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -0,0 +1,28 @@ +From 620047803b70b941606398e77f253645058007dd Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Fri, 12 Apr 2013 13:16:57 +0200 +Subject: [PATCH 03/27] Don't try to unmount /nix or /nix/store + +They'll still be remounted read-only. + +https://github.com/NixOS/nixos/issues/126 +--- + src/shutdown/umount.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c +index 00e268855d..08f3590f2a 100644 +--- a/src/shutdown/umount.c ++++ b/src/shutdown/umount.c +@@ -373,6 +373,8 @@ static int delete_dm(dev_t devnum) { + + static bool nonunmountable_path(const char *path) { + return path_equal(path, "/") ++ || path_equal(path, "/nix") ++ || path_equal(path, "/nix/store") + #if ! HAVE_SPLIT_USR + || path_equal(path, "/usr") + #endif +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch new file mode 100644 index 00000000000..ffb139b71e1 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch @@ -0,0 +1,34 @@ +From 58c4a7b4e9d9c34b92deded6aea814738821059d Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Wed, 16 Apr 2014 10:59:28 +0200 +Subject: [PATCH 04/27] Fix NixOS containers + +In NixOS containers, the init script is bind-mounted into the +container, so checking early whether it exists will fail. +--- + src/nspawn/nspawn.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 5d9290b1cf..26615901c3 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -4924,6 +4924,7 @@ static int run(int argc, char *argv[]) { + goto finish; + } + } else { ++#if 0 + const char *p, *q; + + if (arg_pivot_root_new) +@@ -4938,6 +4939,7 @@ static int run(int argc, char *argv[]) { + r = -EINVAL; + goto finish; + } ++#endif + } + + } else { +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch b/pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch new file mode 100644 index 00000000000..6d4f39ea4a3 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch @@ -0,0 +1,24 @@ +From 18863cea3bdfad5f8b0581478ce4a39ede53b9d4 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Thu, 17 Apr 2014 13:54:29 +0200 +Subject: [PATCH 05/27] kmod-static-nodes.service: Don't require /lib/modules + +--- + units/kmod-static-nodes.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in +index 0971edf9ec..7d150bf3d7 100644 +--- a/units/kmod-static-nodes.service.in ++++ b/units/kmod-static-nodes.service.in +@@ -12,7 +12,6 @@ Description=Create list of static device nodes for the current kernel + DefaultDependencies=no + Before=sysinit.target systemd-tmpfiles-setup-dev.service + ConditionCapability=CAP_SYS_MODULE +-ConditionFileNotEmpty=/lib/modules/%v/modules.devname + + [Service] + Type=oneshot +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch new file mode 100644 index 00000000000..5972b646867 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch @@ -0,0 +1,25 @@ +From c841ffab8fb6174b51382b9d4334f78c74018730 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Thu, 1 May 2014 14:10:10 +0200 +Subject: [PATCH 06/27] Look for fsck in the right place + +--- + src/fsck/fsck.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c +index 55e6544d31..3626aadda7 100644 +--- a/src/fsck/fsck.c ++++ b/src/fsck/fsck.c +@@ -371,7 +371,7 @@ static int run(int argc, char *argv[]) { + } else + dash_c[0] = 0; + +- cmdline[i++] = "/sbin/fsck"; ++ cmdline[i++] = "/run/current-system/sw/bin/fsck"; + cmdline[i++] = arg_repair; + cmdline[i++] = "-T"; + +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch new file mode 100644 index 00000000000..7d537197fae --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch @@ -0,0 +1,107 @@ +From 8c0be07ccbad35d0c1106015057996aa55b9a1f9 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Fri, 19 Dec 2014 14:46:17 +0100 +Subject: [PATCH 07/27] Add some NixOS-specific unit directories + +Look in /nix/var/nix/profiles/default/lib/systemd for units provided +by packages in the default (system-wide) profile, and in +/etc/systemd-mutable/system for persistent, mutable units (not +recommended). + +Also, remove /usr and /lib as these don't exist on NixOS. +--- + src/core/systemd.pc.in | 4 ++-- + src/shared/path-lookup.c | 18 +++++------------- + 2 files changed, 7 insertions(+), 15 deletions(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index 5d1ddd7620..21b977d6fc 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -17,8 +17,8 @@ systemduserunitdir=${prefix}/lib/systemd/user + systemduserpresetdir=${prefix}/lib/systemd/user-preset + systemdsystemconfdir=${sysconfdir}/systemd/system + systemduserconfdir=${sysconfdir}/systemd/user +-systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/run/systemd/system:/usr/local/lib/systemd/system:${systemdsystemunitdir}:/usr/lib/systemd/system:/lib/systemd/system +-systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemduserunitdir}:/usr/lib/systemd/user:/usr/share/systemd/user ++systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/etc/systemd-mutable/system:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/system:${systemdsystemunitdir} ++systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/etc/systemd-mutable/user:/nix/var/nix/profiles/default/lib/systemd/system:/run/systemd/user:${systemduserunitdir} + systemdsystemgeneratordir=${rootprefix}/lib/systemd/system-generators + systemdusergeneratordir=${prefix}/lib/systemd/user-generators + systemdsleepdir=${rootprefix}/lib/systemd/system-sleep +diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c +index 6bf0ff0316..2b6324ad8c 100644 +--- a/src/shared/path-lookup.c ++++ b/src/shared/path-lookup.c +@@ -99,17 +99,14 @@ int xdg_user_data_dir(char **ret, const char *suffix) { + } + + static const char* const user_data_unit_paths[] = { +- "/usr/local/lib/systemd/user", +- "/usr/local/share/systemd/user", + USER_DATA_UNIT_PATH, +- "/usr/lib/systemd/user", +- "/usr/share/systemd/user", + NULL + }; + + static const char* const user_config_unit_paths[] = { + USER_CONFIG_UNIT_PATH, + "/etc/systemd/user", ++ "/etc/systemd-mutable/user", + NULL + }; + +@@ -604,15 +601,14 @@ int lookup_paths_init( + persistent_config, + SYSTEM_CONFIG_UNIT_PATH, + "/etc/systemd/system", ++ "/etc/systemd-mutable/system", ++ "/nix/var/nix/profiles/default/lib/systemd/system", + STRV_IFNOTNULL(persistent_attached), + runtime_config, + "/run/systemd/system", + STRV_IFNOTNULL(runtime_attached), + STRV_IFNOTNULL(generator), +- "/usr/local/lib/systemd/system", + SYSTEM_DATA_UNIT_PATH, +- "/usr/lib/systemd/system", +- STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), + STRV_IFNOTNULL(generator_late)); + break; + +@@ -628,14 +624,12 @@ int lookup_paths_init( + persistent_config, + USER_CONFIG_UNIT_PATH, + "/etc/systemd/user", ++ "/etc/systemd-mutable/user", ++ "/nix/var/nix/profiles/default/lib/systemd/user", + runtime_config, + "/run/systemd/user", + STRV_IFNOTNULL(generator), +- "/usr/local/share/systemd/user", +- "/usr/share/systemd/user", +- "/usr/local/lib/systemd/user", + USER_DATA_UNIT_PATH, +- "/usr/lib/systemd/user", + STRV_IFNOTNULL(generator_late)); + break; + +@@ -824,14 +818,12 @@ char **generator_binary_paths(UnitFileScope scope) { + case UNIT_FILE_SYSTEM: + return strv_new("/run/systemd/system-generators", + "/etc/systemd/system-generators", +- "/usr/local/lib/systemd/system-generators", + SYSTEM_GENERATOR_PATH); + + case UNIT_FILE_GLOBAL: + case UNIT_FILE_USER: + return strv_new("/run/systemd/user-generators", + "/etc/systemd/user-generators", +- "/usr/local/lib/systemd/user-generators", + USER_GENERATOR_PATH); + + default: +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch new file mode 100644 index 00000000000..b858f3f7a45 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -0,0 +1,53 @@ +From 5b2eafc51fa2d98f03fd341176d9a7accc0259ae Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Mon, 11 May 2015 15:30:46 +0200 +Subject: [PATCH 08/27] Don't try to unmount /nix or /nix/store + +33f458625f2a9d201263bd1b81b1c56f4a077e80 wasn't enough. +--- + src/core/mount.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 959b8fbed2..5e4c4a9767 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -409,7 +409,9 @@ static bool mount_is_extrinsic(Mount *m) { + + if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */ + "/", +- "/usr")) ++ "/usr", ++ "/nix/", ++ "/nix/store")) + return true; + + if (PATH_STARTSWITH_SET(m->where, +@@ -439,10 +441,20 @@ static int mount_add_default_dependencies(Mount *m) { + if (!UNIT(m)->default_dependencies) + return 0; + +- /* We do not add any default dependencies to /, /usr or /run/initramfs/, since they are guaranteed to stay +- * mounted the whole time, since our system is on it. Also, don't bother with anything mounted below virtual +- * file systems, it's also going to be virtual, and hence not worth the effort. */ +- if (mount_is_extrinsic(m)) ++ if (!MANAGER_IS_SYSTEM(UNIT(m)->manager)) ++ return 0; ++ ++ /* We do not add any default dependencies to /, /usr or ++ * /run/initramfs/, since they are guaranteed to stay ++ * mounted the whole time, since our system is on it. ++ * Also, don't bother with anything mounted below virtual ++ * file systems, it's also going to be virtual, and hence ++ * not worth the effort. */ ++ if (PATH_IN_SET(m->where, "/", "/usr", "/nix", "/nix/store") || ++ path_startswith(m->where, "/run/initramfs") || ++ path_startswith(m->where, "/proc") || ++ path_startswith(m->where, "/sys") || ++ path_startswith(m->where, "/dev")) + return 0; + + p = get_mount_parameters(m); +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch new file mode 100644 index 00000000000..c15b8a2a9e1 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -0,0 +1,31 @@ +From 99c86daa5244d45a19f75f6ce92bd4255edef420 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Mon, 11 May 2015 15:39:38 +0200 +Subject: [PATCH 09/27] Get rid of a useless message in user sessions + +Namely lots of variants of + + Unit nix-var-nix-db.mount is bound to inactive unit dev-disk-by\x2dlabel-nixos.device. Stopping, too. + +in containers. +--- + src/core/unit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index a1dc76aa6a..07670af8e2 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2045,7 +2045,8 @@ static void unit_check_binds_to(Unit *u) { + } + + assert(other); +- log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); ++ if (u->type != UNIT_MOUNT || detect_container() <= 0) ++ log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); + + /* A unit we need to run is gone. Sniff. Let's stop this. */ + r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch new file mode 100644 index 00000000000..635da4634a8 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -0,0 +1,118 @@ +From cec1430f72edfedb951fe34e87765ef422ea9843 Mon Sep 17 00:00:00 2001 +From: Gabriel Ebner +Date: Sun, 6 Dec 2015 14:26:36 +0100 +Subject: [PATCH 10/27] hostnamed, localed, timedated: disable methods that + change system settings. + +--- + src/hostname/hostnamed.c | 9 +++++++++ + src/locale/localed.c | 9 +++++++++ + src/timedate/timedated.c | 10 ++++++++++ + 3 files changed, 28 insertions(+) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index 9e4f4fb59e..141b8acc08 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -423,6 +423,9 @@ static int method_set_hostname(sd_bus_message *m, void *userdata, sd_bus_error * + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + if (isempty(name)) + name = c->data[PROP_STATIC_HOSTNAME]; + +@@ -479,6 +482,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + name = empty_to_null(name); + + if (streq_ptr(name, c->data[PROP_STATIC_HOSTNAME])) +@@ -536,6 +542,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + name = empty_to_null(name); + + if (streq_ptr(name, c->data[prop])) +diff --git a/src/locale/localed.c b/src/locale/localed.c +index 8d0eec96a5..0b1c1d664e 100644 +--- a/src/locale/localed.c ++++ b/src/locale/localed.c +@@ -276,6 +276,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + /* If single locale without variable name is provided, then we assume it is LANG=. */ + if (strv_length(l) == 1 && !strchr(*l, '=')) { + if (!locale_is_valid(*l)) +@@ -411,6 +414,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + keymap = empty_to_null(keymap); + keymap_toggle = empty_to_null(keymap_toggle); + +@@ -587,6 +593,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + layout = empty_to_null(layout); + model = empty_to_null(model); + variant = empty_to_null(variant); +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 6c94b23de4..fa20d22cde 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -653,6 +653,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * + if (r < 0) + return r; + ++ if (getenv("NIXOS_STATIC_TIMEZONE")) ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing timezone via systemd is not supported when it is set in NixOS configuration."); ++ + if (!timezone_is_valid(z, LOG_DEBUG)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); + +@@ -732,6 +736,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + if (lrtc == c->local_rtc) + return sd_bus_reply_method_return(m, NULL); + +@@ -924,6 +931,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + r = context_update_ntp_status(c, bus, m); + if (r < 0) + return r; +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch new file mode 100644 index 00000000000..624811f5ea3 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch @@ -0,0 +1,32 @@ +From 0f434c6baee63eff913f36aee839df3718a75d4a Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Thu, 7 Jul 2016 02:47:13 +0300 +Subject: [PATCH 11/27] Fix hwdb paths + +Patch by vcunat. +--- + src/libsystemd/sd-hwdb/sd-hwdb.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c +index 58124abd21..d80e408b8c 100644 +--- a/src/libsystemd/sd-hwdb/sd-hwdb.c ++++ b/src/libsystemd/sd-hwdb/sd-hwdb.c +@@ -298,13 +298,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { + } + + static const char hwdb_bin_paths[] = +- "/etc/systemd/hwdb/hwdb.bin\0" + "/etc/udev/hwdb.bin\0" +- "/usr/lib/systemd/hwdb/hwdb.bin\0" +-#if HAVE_SPLIT_USR +- "/lib/systemd/hwdb/hwdb.bin\0" +-#endif +- UDEVLIBEXECDIR "/hwdb.bin\0"; ++ ; + + _public_ int sd_hwdb_new(sd_hwdb **ret) { + _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch new file mode 100644 index 00000000000..0b14eb7a58b --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -0,0 +1,116 @@ +From 76f3fba3031d74647855ce0da2d4e317016cb7d6 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Tue, 11 Oct 2016 13:12:08 +0300 +Subject: [PATCH 12/27] Change /usr/share/zoneinfo to /etc/zoneinfo + +NixOS uses this path. +--- + man/localtime.xml | 4 ++-- + src/basic/time-util.c | 6 +++--- + src/firstboot/firstboot.c | 2 +- + src/timedate/timedated.c | 8 ++++---- + 4 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/man/localtime.xml b/man/localtime.xml +index 0f1652ee2e..71c4f95c2e 100644 +--- a/man/localtime.xml ++++ b/man/localtime.xml +@@ -20,7 +20,7 @@ + + + +- /etc/localtime -> ../usr/share/zoneinfo/… ++ /etc/localtime -> zoneinfo/… + + + +@@ -30,7 +30,7 @@ + system-wide timezone of the local system that is used by + applications for presentation to the user. It should be an + absolute or relative symbolic link pointing to +- /usr/share/zoneinfo/, followed by a timezone ++ /etc/zoneinfo/, followed by a timezone + identifier such as Europe/Berlin or + Etc/UTC. The resulting link should lead to the + corresponding binary +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index e14ae8f2f7..a8a3488be1 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1215,7 +1215,7 @@ int get_timezones(char ***ret) { + n_allocated = 2; + n_zones = 1; + +- f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); ++ f = fopen("/etc/zoneinfo/zone1970.tab", "re"); + if (f) { + for (;;) { + _cleanup_free_ char *line = NULL; +@@ -1310,7 +1310,7 @@ bool timezone_is_valid(const char *name, int log_level) { + if (p - name >= PATH_MAX) + return false; + +- t = strjoina("/usr/share/zoneinfo/", name); ++ t = strjoina("/etc/zoneinfo/", name); + + fd = open(t, O_RDONLY|O_CLOEXEC); + if (fd < 0) { +@@ -1408,7 +1408,7 @@ int get_timezone(char **ret) { + if (r < 0) + return r; /* returns EINVAL if not a symlink */ + +- e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); ++ e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/"); + if (!e) + return -EINVAL; + +diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c +index 528e6452cf..c712ca9072 100644 +--- a/src/firstboot/firstboot.c ++++ b/src/firstboot/firstboot.c +@@ -443,7 +443,7 @@ static int process_timezone(void) { + if (isempty(arg_timezone)) + return 0; + +- e = strjoina("../usr/share/zoneinfo/", arg_timezone); ++ e = strjoina("zoneinfo/", arg_timezone); + + (void) mkdir_parents(etc_localtime, 0755); + if (symlink(e, etc_localtime) < 0) +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index fa20d22cde..8e6dbe1efb 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -265,7 +265,7 @@ static int context_read_data(Context *c) { + + r = get_timezone(&t); + if (r == -EINVAL) +- log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /usr/share/zoneinfo/."); ++ log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /etc/zoneinfo/."); + else if (r < 0) + log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); + +@@ -289,7 +289,7 @@ static int context_write_data_timezone(Context *c) { + + if (isempty(c->zone) || streq(c->zone, "UTC")) { + +- if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) { ++ if (access("/etc/zoneinfo/UTC", F_OK) < 0) { + + if (unlink("/etc/localtime") < 0 && errno != ENOENT) + return -errno; +@@ -297,9 +297,9 @@ static int context_write_data_timezone(Context *c) { + return 0; + } + +- source = "../usr/share/zoneinfo/UTC"; ++ source = "zoneinfo/UTC"; + } else { +- p = path_join("../usr/share/zoneinfo", c->zone); ++ p = path_join("zoneinfo", c->zone); + if (!p) + return -ENOMEM; + +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch new file mode 100644 index 00000000000..309ae70881a --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -0,0 +1,27 @@ +From 5365ffbfba2de03628e8bbb6cc0bc022272436a1 Mon Sep 17 00:00:00 2001 +From: Imuli +Date: Wed, 19 Oct 2016 08:46:47 -0400 +Subject: [PATCH 13/27] localectl: use /etc/X11/xkb for list-x11-* + +NixOS has an option to link the xkb data files to /etc/X11, but not to +/usr/share/X11. +--- + src/locale/localectl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/locale/localectl.c b/src/locale/localectl.c +index 9fb5152110..9554c2cf76 100644 +--- a/src/locale/localectl.c ++++ b/src/locale/localectl.c +@@ -287,7 +287,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { + } state = NONE, look_for; + int r; + +- f = fopen("/usr/share/X11/xkb/rules/base.lst", "re"); ++ f = fopen("/etc/X11/xkb/rules/base.lst", "re"); + if (!f) + return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); + +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch b/pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch new file mode 100644 index 00000000000..4f9f08413e2 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch @@ -0,0 +1,24 @@ +From 8e7aec49a387d8229b85cfc3ea2f2c1c9a45f6d0 Mon Sep 17 00:00:00 2001 +From: Franz Pletz +Date: Wed, 17 Jan 2018 05:10:36 +0100 +Subject: [PATCH 14/27] catalog: don't update on install + +--- + catalog/meson.build | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/catalog/meson.build b/catalog/meson.build +index 3db8e390f2..7004618750 100644 +--- a/catalog/meson.build ++++ b/catalog/meson.build +@@ -28,7 +28,3 @@ foreach file : in_files + install : true, + install_dir : catalogdir) + endforeach +- +-meson.add_install_script('sh', '-c', +- 'test -n "$DESTDIR" || @0@/journalctl --update-catalog' +- .format(rootbindir)) +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch b/pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch new file mode 100644 index 00000000000..bf416d90d86 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch @@ -0,0 +1,27 @@ +From 8a383521425d7a59e9b1850d1547d47fa5e8a952 Mon Sep 17 00:00:00 2001 +From: Franz Pletz +Date: Sun, 11 Feb 2018 04:01:35 +0100 +Subject: [PATCH 15/27] hwdb: don't run update on install + +--- + hwdb/meson.build | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/hwdb/meson.build b/hwdb/meson.build +index 31ee3e7409..badf39f555 100644 +--- a/hwdb/meson.build ++++ b/hwdb/meson.build +@@ -27,10 +27,6 @@ if conf.get('ENABLE_HWDB') == 1 + + meson.add_install_script('sh', '-c', + mkdir_p.format(join_paths(sysconfdir, 'udev/hwdb.d'))) +- +- meson.add_install_script('sh', '-c', +- 'test -n "$DESTDIR" || @0@/systemd-hwdb update' +- .format(rootbindir)) + endif + + ############################################################ +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch new file mode 100644 index 00000000000..ed1187473be --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -0,0 +1,26 @@ +From 1408762890aba25e58598d1e4dfa17ed2b75de26 Mon Sep 17 00:00:00 2001 +From: Franz Pletz +Date: Sun, 11 Feb 2018 04:37:44 +0100 +Subject: [PATCH 16/27] build: don't create statedir and don't touch prefixdir + +--- + meson.build | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/meson.build b/meson.build +index 8ccc947e37..263cc7189a 100644 +--- a/meson.build ++++ b/meson.build +@@ -2944,9 +2944,6 @@ install_data('LICENSE.GPL2', + 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', + install_dir : docdir) + +-meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) +-meson.add_install_script('sh', '-c', 'touch $DESTDIR@0@'.format(prefixdir)) +- + ############################################################ + + meson_check_help = find_program('tools/meson-check-help.sh') +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch b/pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch new file mode 100644 index 00000000000..f4508baae31 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch @@ -0,0 +1,42 @@ +From 39ba82b29fff844f82e745ed7785cbfb397c2908 Mon Sep 17 00:00:00 2001 +From: Timofei Kushnir +Date: Fri, 2 Mar 2018 13:02:53 +0300 +Subject: [PATCH 17/27] Fix mount option `x-initrd.mount` handling (#35268) + (#16) + +--- + src/core/mount.c | 18 ++++-------------- + 1 file changed, 4 insertions(+), 14 deletions(-) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 5e4c4a9767..6bc3569550 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -441,20 +441,10 @@ static int mount_add_default_dependencies(Mount *m) { + if (!UNIT(m)->default_dependencies) + return 0; + +- if (!MANAGER_IS_SYSTEM(UNIT(m)->manager)) +- return 0; +- +- /* We do not add any default dependencies to /, /usr or +- * /run/initramfs/, since they are guaranteed to stay +- * mounted the whole time, since our system is on it. +- * Also, don't bother with anything mounted below virtual +- * file systems, it's also going to be virtual, and hence +- * not worth the effort. */ +- if (PATH_IN_SET(m->where, "/", "/usr", "/nix", "/nix/store") || +- path_startswith(m->where, "/run/initramfs") || +- path_startswith(m->where, "/proc") || +- path_startswith(m->where, "/sys") || +- path_startswith(m->where, "/dev")) ++ /* We do not add any default dependencies to /, /usr or /run/initramfs/, since they are guaranteed to stay ++ * mounted the whole time, since our system is on it. Also, don't bother with anything mounted below virtual ++ * file systems, it's also going to be virtual, and hence not worth the effort. */ ++ if (mount_is_extrinsic(m)) + return 0; + + p = get_mount_parameters(m); +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch new file mode 100644 index 00000000000..980d9f35461 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch @@ -0,0 +1,313 @@ +From a087cb535b2d3c7a5d989b5aabc0a257369e9f9d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= +Date: Mon, 26 Feb 2018 14:25:57 +0000 +Subject: [PATCH 18/27] Install default configuration into $out/share/factory + +By default systemd should read all its configuration from /etc. Therefor +we rely on -Dsysconfdir=/etc in meson as default value. Unfortunately +this would also lead to installation of systemd's own configuration +files to `/etc` whereas we are limited to /nix/store. To counter that +this commit introduces two new configuration variables `factoryconfdir` +and `factorypkgconfdir` to install systemd's own configuration into nix +store again, while having executables looking up files in /etc. +--- + hwdb/meson.build | 2 +- + meson.build | 11 +++++++---- + network/meson.build | 2 +- + src/core/meson.build | 10 +++++----- + src/coredump/meson.build | 2 +- + src/journal-remote/meson.build | 4 ++-- + src/journal/meson.build | 2 +- + src/kernel-install/meson.build | 2 +- + src/login/meson.build | 2 +- + src/network/meson.build | 2 +- + src/pstore/meson.build | 2 +- + src/resolve/meson.build | 2 +- + src/timesync/meson.build | 2 +- + src/udev/meson.build | 4 ++-- + sysctl.d/meson.build | 2 +- + tmpfiles.d/meson.build | 2 +- + units/meson.build | 3 ++- + 17 files changed, 30 insertions(+), 26 deletions(-) + +diff --git a/hwdb/meson.build b/hwdb/meson.build +index badf39f555..8fd9c7639f 100644 +--- a/hwdb/meson.build ++++ b/hwdb/meson.build +@@ -26,7 +26,7 @@ if conf.get('ENABLE_HWDB') == 1 + install_dir : udevhwdbdir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'udev/hwdb.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'udev/hwdb.d'))) + endif + + ############################################################ +diff --git a/meson.build b/meson.build +index 263cc7189a..7a67078208 100644 +--- a/meson.build ++++ b/meson.build +@@ -151,6 +151,9 @@ udevhwdbdir = join_paths(udevlibexecdir, 'hwdb.d') + catalogdir = join_paths(prefixdir, 'lib/systemd/catalog') + kernelinstalldir = join_paths(prefixdir, 'lib/kernel/install.d') + factorydir = join_paths(datadir, 'factory') ++factoryconfdir = join_paths(datadir, 'factory/etc') ++factorypkgconfdir = join_paths(datadir, 'factory/etc/systemd') ++factoryxinitrcdir = join_paths(datadir, 'factory/etc/X11/xinit/xinitrc.d') + bootlibdir = join_paths(prefixdir, 'lib/systemd/boot/efi') + testsdir = join_paths(prefixdir, 'lib/systemd/tests') + systemdstatedir = join_paths(localstatedir, 'lib/systemd') +@@ -2287,7 +2290,7 @@ if conf.get('ENABLE_BINFMT') == 1 + meson.add_install_script('sh', '-c', + mkdir_p.format(binfmtdir)) + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'binfmt.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'binfmt.d'))) + endif + + if conf.get('ENABLE_VCONSOLE') == 1 +@@ -2373,7 +2376,7 @@ executable('systemd-sleep', + install_dir : rootlibexecdir) + + install_data('src/sleep/sleep.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + exe = executable('systemd-sysctl', + 'src/sysctl/sysctl.c', +@@ -2685,7 +2688,7 @@ if conf.get('HAVE_KMOD') == 1 + meson.add_install_script('sh', '-c', + mkdir_p.format(modulesloaddir)) + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'modules-load.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'modules-load.d'))) + endif + + exe = executable('systemd-nspawn', +@@ -2927,7 +2930,7 @@ install_subdir('factory/etc', + install_dir : factorydir) + + install_data('xorg/50-systemd-user.sh', +- install_dir : xinitrcdir) ++ install_dir : factoryxinitrcdir) + install_data('modprobe.d/systemd.conf', + install_dir : modprobedir) + install_data('LICENSE.GPL2', +diff --git a/network/meson.build b/network/meson.build +index 59d4be1a17..72da2c16a2 100644 +--- a/network/meson.build ++++ b/network/meson.build +@@ -7,7 +7,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + install_dir : networkdir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'systemd/network'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'systemd/network'))) + endif + + install_data('99-default.link', +diff --git a/src/core/meson.build b/src/core/meson.build +index df3aa5c6c1..305f67a80a 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -179,8 +179,8 @@ libcore = static_library( + systemd_sources = files('main.c') + + in_files = [['macros.systemd', rpmmacrosdir], +- ['system.conf', pkgsysconfdir], +- ['user.conf', pkgsysconfdir], ++ ['system.conf', factorypkgconfdir], ++ ['user.conf', factorypkgconfdir], + ['systemd.pc', pkgconfigdatadir], + ['triggers.systemd', '']] + +@@ -210,6 +210,6 @@ meson.add_install_script('sh', '-c', mkdir_p.format(systemsleepdir)) + meson.add_install_script('sh', '-c', mkdir_p.format(systemgeneratordir)) + meson.add_install_script('sh', '-c', mkdir_p.format(usergeneratordir)) + +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'system'))) +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'user'))) +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(sysconfdir, 'xdg/systemd'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'system'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'user'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'xdg/systemd'))) +diff --git a/src/coredump/meson.build b/src/coredump/meson.build +index 7fa5942697..34c865dfa0 100644 +--- a/src/coredump/meson.build ++++ b/src/coredump/meson.build +@@ -15,7 +15,7 @@ coredumpctl_sources = files('coredumpctl.c') + + if conf.get('ENABLE_COREDUMP') == 1 + install_data('coredump.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif + + tests += [ +diff --git a/src/journal-remote/meson.build b/src/journal-remote/meson.build +index 87b8ba6495..daff8ec967 100644 +--- a/src/journal-remote/meson.build ++++ b/src/journal-remote/meson.build +@@ -49,7 +49,7 @@ if conf.get('ENABLE_REMOTE') ==1 and conf.get('HAVE_LIBCURL') == 1 + output : 'journal-upload.conf', + configuration : substs) + install_data(journal_upload_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif + + if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 +@@ -58,7 +58,7 @@ if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 + output : 'journal-remote.conf', + configuration : substs) + install_data(journal_remote_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('browse.html', + install_dir : join_paths(pkgdatadir, 'gatewayd')) +diff --git a/src/journal/meson.build b/src/journal/meson.build +index 5796f77cac..75d975c260 100644 +--- a/src/journal/meson.build ++++ b/src/journal/meson.build +@@ -109,7 +109,7 @@ if conf.get('HAVE_QRENCODE') == 1 + endif + + install_data('journald.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + if get_option('create-log-dirs') + meson.add_install_script( +diff --git a/src/kernel-install/meson.build b/src/kernel-install/meson.build +index 261c3aaae4..dbc5e23513 100644 +--- a/src/kernel-install/meson.build ++++ b/src/kernel-install/meson.build +@@ -11,4 +11,4 @@ install_data('00-entry-directory.install', + install_dir : kernelinstalldir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'kernel/install.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'kernel/install.d'))) +diff --git a/src/login/meson.build b/src/login/meson.build +index 0a7d3d5440..ff90149c1c 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -75,7 +75,7 @@ if conf.get('ENABLE_LOGIND') == 1 + output : 'logind.conf', + configuration : substs) + install_data(logind_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('org.freedesktop.login1.conf', + install_dir : dbuspolicydir) +diff --git a/src/network/meson.build b/src/network/meson.build +index 6bed37a170..35f15bcaf1 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -168,7 +168,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + endif + + install_data('networkd.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + fuzzers += [ + [['src/network/fuzz-netdev-parser.c', +diff --git a/src/pstore/meson.build b/src/pstore/meson.build +index adbac24b54..e9dc88dfa2 100644 +--- a/src/pstore/meson.build ++++ b/src/pstore/meson.build +@@ -6,5 +6,5 @@ systemd_pstore_sources = files(''' + + if conf.get('ENABLE_PSTORE') == 1 + install_data('pstore.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif +diff --git a/src/resolve/meson.build b/src/resolve/meson.build +index 92b67b6333..ac5b9a0b0a 100644 +--- a/src/resolve/meson.build ++++ b/src/resolve/meson.build +@@ -168,7 +168,7 @@ if conf.get('ENABLE_RESOLVE') == 1 + output : 'resolved.conf', + configuration : substs) + install_data(resolved_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('resolv.conf', + install_dir : rootlibexecdir) +diff --git a/src/timesync/meson.build b/src/timesync/meson.build +index e5c118c8db..19235df9ca 100644 +--- a/src/timesync/meson.build ++++ b/src/timesync/meson.build +@@ -27,7 +27,7 @@ if conf.get('ENABLE_TIMESYNCD') == 1 + output : 'timesyncd.conf', + configuration : substs) + install_data(timesyncd_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + install_data('org.freedesktop.timesync1.conf', + install_dir : dbuspolicydir) + install_data('org.freedesktop.timesync1.service', +diff --git a/src/udev/meson.build b/src/udev/meson.build +index 511fe428b9..32333efea6 100644 +--- a/src/udev/meson.build ++++ b/src/udev/meson.build +@@ -186,7 +186,7 @@ foreach prog : [['ata_id/ata_id.c'], + endforeach + + install_data('udev.conf', +- install_dir : join_paths(sysconfdir, 'udev')) ++ install_dir : join_paths(factoryconfdir, 'udev')) + + configure_file( + input : 'udev.pc.in', +@@ -195,7 +195,7 @@ configure_file( + install_dir : pkgconfigdatadir == 'no' ? '' : pkgconfigdatadir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'udev/rules.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'udev/rules.d'))) + + fuzzers += [ + [['src/udev/net/fuzz-link-parser.c', +diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build +index 3f072e3db7..bd9f843eba 100644 +--- a/sysctl.d/meson.build ++++ b/sysctl.d/meson.build +@@ -27,4 +27,4 @@ foreach file : in_files + endforeach + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'sysctl.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'sysctl.d'))) +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index e77f46d06b..04d2ef621d 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -57,5 +57,5 @@ endforeach + if enable_tmpfiles + meson.add_install_script( + 'sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'tmpfiles.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'tmpfiles.d'))) + endif +diff --git a/units/meson.build b/units/meson.build +index 476991edba..3d9dc6e1c8 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -308,7 +308,7 @@ install_data('user-.slice.d/10-defaults.conf', + + meson.add_install_script(meson_make_symlink, + join_paths(pkgsysconfdir, 'user'), +- join_paths(sysconfdir, 'xdg/systemd/user')) ++ join_paths(factorypkgconfdir, 'xdg/systemd/user')) + meson.add_install_script(meson_make_symlink, + join_paths(dbussystemservicedir, 'org.freedesktop.systemd1.service'), + join_paths(dbussessionservicedir, 'org.freedesktop.systemd1.service')) +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch new file mode 100644 index 00000000000..f4f1e6d37b5 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch @@ -0,0 +1,42 @@ +From 3eb1716dd80c245a2883da04156af79fb9097519 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Fri, 2 Nov 2018 21:15:42 +0100 +Subject: [PATCH 19/27] inherit systemd environment when calling generators. + +Systemd generators need access to the environment configured in +stage-2-init.sh since it schedules fsck and mkfs executions based on +being able to find an appropriate binary for the target filesystem. + +With this commit I am altering the systemd behaviour since upstream +tries to gather environments with that they call +"environment-generators" and then seems to pass that on to all the other +executables that are being called from managers. +--- + src/core/manager.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index d9114bb0c5..22c3b6ff76 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3868,9 +3868,14 @@ static int manager_run_generators(Manager *m) { + argv[4] = NULL; + + RUN_WITH_UMASK(0022) +- (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, NULL, NULL, +- (char**) argv, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); +- ++ (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, ++ // On NixOS we must propagate PATH to generators so they are ++ // able to find binaries such as `fsck.${fstype}` and ++ // `mkfs.${fstype}`. That is why the last argument of the ++ // function (envp) is set to NULL. This propagates systemd's ++ // environment (e.g. PATH) that was setup ++ // before calling systemd from stage-2-init.sh. ++ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); + r = 0; + + finish: +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch b/pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch new file mode 100644 index 00000000000..63d694c2daa --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch @@ -0,0 +1,41 @@ +From 95c4e1ffd2249a52ca02e4fbe46aa4e51c5abd17 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Fri, 2 Nov 2018 20:56:49 +0100 +Subject: [PATCH 20/27] reintroduce the /no-such-path PATH that was dropped + some versions ago + +Originally eelco set the DEFAULT_PATH_NORMAL to "/no-such-path" since we +do not need that in NixOS and usually refer to all our executables with +an absolute path. This commit reintroduces this change. +--- + src/basic/path-util.h | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/basic/path-util.h b/src/basic/path-util.h +index 71fb7041a3..b856e782a8 100644 +--- a/src/basic/path-util.h ++++ b/src/basic/path-util.h +@@ -28,13 +28,13 @@ + # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) + #endif + +-#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") +-#define DEFAULT_USER_PATH_NORMAL PATH_BIN_SBIN("/usr/local/") ":" PATH_BIN_SBIN("/usr/") +-#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") +-#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") +-#define DEFAULT_USER_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_BIN_SBIN("/") +-#define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") +-#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") ++#define DEFAULT_PATH_NORMAL "/no-such-path" ++#define DEFAULT_USER_PATH_NORMAL "/no-such-path" ++#define DEFAULT_PATH_NORMAL_NULSTR "/no-such-path\0" ++#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ++#define DEFAULT_USER_PATH_SPLIT_USR DEFAULT_PATH_NORMAL DEFAULT_PATH_NORMAL ++#define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR ++#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL + + #if HAVE_SPLIT_USR + # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch new file mode 100644 index 00000000000..39bbe7e9dac --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch @@ -0,0 +1,38 @@ +From 8d1618a97ad08078815f409f03b45aff3ae6bd0a Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Thu, 9 May 2019 11:15:22 +0200 +Subject: [PATCH 21/27] add rootprefix to lookup dir paths + +systemd does not longer use the UDEVLIBEXEC directory as root for +discovery default udev rules. By adding `$out/lib` to the lookup paths +we should again be able to discover the udev rules amongst other default +files that I might have missed. +--- + src/basic/def.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/basic/def.h b/src/basic/def.h +index 2af0b763f0..17959b07e8 100644 +--- a/src/basic/def.h ++++ b/src/basic/def.h +@@ -39,13 +39,15 @@ + "/run/" n "\0" \ + "/usr/local/lib/" n "\0" \ + "/usr/lib/" n "\0" \ +- _CONF_PATHS_SPLIT_USR_NULSTR(n) ++ _CONF_PATHS_SPLIT_USR_NULSTR(n) \ ++ ROOTPREFIX "/lib/" n "\0" + + #define CONF_PATHS_USR(n) \ + "/etc/" n, \ + "/run/" n, \ + "/usr/local/lib/" n, \ +- "/usr/lib/" n ++ "/usr/lib/" n, \ ++ ROOTPREFIX "/lib/" n + + #define CONF_PATHS(n) \ + CONF_PATHS_USR(n) \ +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch new file mode 100644 index 00000000000..9f0ea254890 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -0,0 +1,27 @@ +From 859c16c52cdd61ec99d256bf5b35637d59e5dac9 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Thu, 25 Jul 2019 20:45:55 +0300 +Subject: [PATCH 22/27] systemd-shutdown: execute scripts in + /etc/systemd/system-shutdown + +This is needed for NixOS to use such scripts as systemd directory is immutable. +--- + src/shutdown/shutdown.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index 0eb17989d0..93e619c58a 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -299,7 +299,7 @@ int main(int argc, char *argv[]) { + _cleanup_free_ char *cgroup = NULL; + char *arguments[3], *watchdog_device; + int cmd, r, umount_log_level = LOG_INFO; +- static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL}; ++ static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, "/etc/systemd/system-shutdown", NULL}; + + /* The log target defaults to console, but the original systemd process will pass its log target in through a + * command line argument, which will override this default. Also, ensure we'll never log to the journal or +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch new file mode 100644 index 00000000000..e8aa5cf2271 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -0,0 +1,26 @@ +From 9be689d5243d0c78bec7b285774c58749da08c9c Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Thu, 25 Jul 2019 20:46:58 +0300 +Subject: [PATCH 23/27] systemd-sleep: execute scripts in + /etc/systemd/system-sleep + +This is needed for NixOS to use such scripts as systemd directory is immutable. +--- + src/sleep/sleep.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index b9fe96635d..f1c3ca06a3 100644 +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -191,6 +191,7 @@ static int execute(char **modes, char **states) { + }; + static const char* const dirs[] = { + SYSTEM_SLEEP_PATH, ++ "/etc/systemd/system-sleep", + NULL + }; + +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch b/pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch new file mode 100644 index 00000000000..e24c362ffbd --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch @@ -0,0 +1,27 @@ +From d8566028d5e71612d011ff06bb9f4d03d1391e8e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= +Date: Sun, 22 Sep 2019 21:06:54 +0100 +Subject: [PATCH 24/27] Revert "sysinit.target: Drop the dependency on + local-fs.target and swap.target" + +This reverts commit 5b0b3d004beb45687347ad01fa3b99635d1bdd92. + +We removed that patch in our 242 branch, but somehow it landed in 243 back again. +--- + units/sysinit.target | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/units/sysinit.target b/units/sysinit.target +index 5fe9ad0ec9..b6c16a1412 100644 +--- a/units/sysinit.target ++++ b/units/sysinit.target +@@ -11,4 +11,5 @@ + Description=System Initialization + Documentation=man:systemd.special(7) + Conflicts=emergency.service emergency.target +-After=emergency.service emergency.target ++Wants=local-fs.target swap.target ++After=local-fs.target swap.target emergency.service emergency.target +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch b/pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch new file mode 100644 index 00000000000..4c2777d3f03 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch @@ -0,0 +1,27 @@ +From f3a6f3056e69808ebbc7e72b1d03b85c750a3cae Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Wed, 16 Apr 2014 00:35:14 +0200 +Subject: [PATCH 27/27] Start getty on lxc + +--- + units/getty@.service.m4 | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 +index 80e793bb73..0daba10f2a 100644 +--- a/units/getty@.service.m4 ++++ b/units/getty@.service.m4 +@@ -31,7 +31,9 @@ Before=rescue.service + # On systems without virtual consoles, don't start any getty. Note + # that serial gettys are covered by serial-getty@.service, not this + # unit. +-ConditionPathExists=/dev/tty0 ++ConditionPathExists=|/dev/tty0 ++ConditionVirtualization=|lxc ++ConditionVirtualization=|lxc-libvirt + + [Service] + # the VT is cleared by TTYVTDisallocate +-- +2.24.1 + diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 1dd2f30b9bf..13752f3bbe2 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -36,12 +36,40 @@ in stdenv.mkDerivation { # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! # Also fresh patches should be cherry-picked from that tree to our current one. src = fetchFromGitHub { - owner = "nixos"; - repo = "systemd"; - rev = "e7d881488292fc8bdf96acd12767eca1bd65adae"; - sha256 = "0haj3iff3y13pm4w5dbqj1drp5wryqfad58jbbmnb6zdgis56h8f"; + owner = "systemd"; + repo = "systemd-stable"; + rev = "f8dd0f2f15a566ede668c59e3c810c61f9d62c51"; + sha256 = "1alvvciddg36by1bgzi8aarnms4crzqqyizj3nhlddh35pgpwvdk"; }; + patches = [ + ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch + ./0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch + ./0003-Don-t-try-to-unmount-nix-or-nix-store.patch + ./0004-Fix-NixOS-containers.patch + ./0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch + ./0006-Look-for-fsck-in-the-right-place.patch + ./0007-Add-some-NixOS-specific-unit-directories.patch + ./0008-Don-t-try-to-unmount-nix-or-nix-store.patch + ./0009-Get-rid-of-a-useless-message-in-user-sessions.patch + ./0010-hostnamed-localed-timedated-disable-methods-that-cha.patch + ./0011-Fix-hwdb-paths.patch + ./0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch + ./0013-localectl-use-etc-X11-xkb-for-list-x11.patch + ./0014-catalog-don-t-update-on-install.patch + ./0015-hwdb-don-t-run-update-on-install.patch + ./0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch + ./0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch + ./0018-Install-default-configuration-into-out-share-factory.patch + ./0019-inherit-systemd-environment-when-calling-generators.patch + ./0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch + ./0021-add-rootprefix-to-lookup-dir-paths.patch + ./0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch + ./0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch + ./0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch + ./0027-Start-getty-on-lxc.patch + ]; + outputs = [ "out" "lib" "man" "dev" ]; nativeBuildInputs = -- cgit 1.4.1 From 22bb3a6771cffbc9c8b2044cb01fe9f654c82bb5 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 26 Jan 2020 15:00:22 +0100 Subject: systemd: remove local-fs patch and revert of it --- ...get-Drop-the-dependency-on-local-fs.targe.patch | 32 ---------------------- ...nit.target-Drop-the-dependency-on-local-f.patch | 27 ------------------ pkgs/os-specific/linux/systemd/default.nix | 2 -- 3 files changed, 61 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch delete mode 100644 pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch b/pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch deleted file mode 100644 index 6dfd150d325..00000000000 --- a/pkgs/os-specific/linux/systemd/0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 4e0c6f33ebf49a78abec28d2f4044afb5b8719af Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Tue, 8 Jan 2013 15:56:03 +0100 -Subject: [PATCH 02/27] sysinit.target: Drop the dependency on local-fs.target - and swap.target - -Having all services with DefaultDependencies=yes depend on -local-fs.target is annoying, because some of those services might be -necessary to mount local filesystems. For instance, Charon's -send-keys feature requires sshd to be running in order to receive LUKS -encryption keys, which in turn requires dhcpcd, and so on. So we drop -this dependency (and swap.target as well for consistency). If -services require a specific mount, they should use RequiresMountsFor -in any case. ---- - units/sysinit.target | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/units/sysinit.target b/units/sysinit.target -index b6c16a1412..5fe9ad0ec9 100644 ---- a/units/sysinit.target -+++ b/units/sysinit.target -@@ -11,5 +11,4 @@ - Description=System Initialization - Documentation=man:systemd.special(7) - Conflicts=emergency.service emergency.target --Wants=local-fs.target swap.target --After=local-fs.target swap.target emergency.service emergency.target -+After=emergency.service emergency.target --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch b/pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch deleted file mode 100644 index e24c362ffbd..00000000000 --- a/pkgs/os-specific/linux/systemd/0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d8566028d5e71612d011ff06bb9f4d03d1391e8e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= -Date: Sun, 22 Sep 2019 21:06:54 +0100 -Subject: [PATCH 24/27] Revert "sysinit.target: Drop the dependency on - local-fs.target and swap.target" - -This reverts commit 5b0b3d004beb45687347ad01fa3b99635d1bdd92. - -We removed that patch in our 242 branch, but somehow it landed in 243 back again. ---- - units/sysinit.target | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/units/sysinit.target b/units/sysinit.target -index 5fe9ad0ec9..b6c16a1412 100644 ---- a/units/sysinit.target -+++ b/units/sysinit.target -@@ -11,4 +11,5 @@ - Description=System Initialization - Documentation=man:systemd.special(7) - Conflicts=emergency.service emergency.target --After=emergency.service emergency.target -+Wants=local-fs.target swap.target -+After=local-fs.target swap.target emergency.service emergency.target --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 13752f3bbe2..7f43fa37b54 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -44,7 +44,6 @@ in stdenv.mkDerivation { patches = [ ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch - ./0002-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch ./0003-Don-t-try-to-unmount-nix-or-nix-store.patch ./0004-Fix-NixOS-containers.patch ./0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch @@ -66,7 +65,6 @@ in stdenv.mkDerivation { ./0021-add-rootprefix-to-lookup-dir-paths.patch ./0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch ./0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch - ./0024-Revert-sysinit.target-Drop-the-dependency-on-local-f.patch ./0027-Start-getty-on-lxc.patch ]; -- cgit 1.4.1 From 1ad4accdafd29bd998f121dbda8f9c4e3df090b0 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 26 Jan 2020 15:10:34 +0100 Subject: systemd: drop 0027-Start-getty-on-lxc.patch Since quite some time, systemd starts getty on these consoles automatically. --- .../linux/systemd/0027-Start-getty-on-lxc.patch | 27 ---------------------- pkgs/os-specific/linux/systemd/default.nix | 1 - 2 files changed, 28 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch b/pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch deleted file mode 100644 index 4c2777d3f03..00000000000 --- a/pkgs/os-specific/linux/systemd/0027-Start-getty-on-lxc.patch +++ /dev/null @@ -1,27 +0,0 @@ -From f3a6f3056e69808ebbc7e72b1d03b85c750a3cae Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Wed, 16 Apr 2014 00:35:14 +0200 -Subject: [PATCH 27/27] Start getty on lxc - ---- - units/getty@.service.m4 | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 -index 80e793bb73..0daba10f2a 100644 ---- a/units/getty@.service.m4 -+++ b/units/getty@.service.m4 -@@ -31,7 +31,9 @@ Before=rescue.service - # On systems without virtual consoles, don't start any getty. Note - # that serial gettys are covered by serial-getty@.service, not this - # unit. --ConditionPathExists=/dev/tty0 -+ConditionPathExists=|/dev/tty0 -+ConditionVirtualization=|lxc -+ConditionVirtualization=|lxc-libvirt - - [Service] - # the VT is cleared by TTYVTDisallocate --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 7f43fa37b54..b8693678566 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -65,7 +65,6 @@ in stdenv.mkDerivation { ./0021-add-rootprefix-to-lookup-dir-paths.patch ./0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch ./0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch - ./0027-Start-getty-on-lxc.patch ]; outputs = [ "out" "lib" "man" "dev" ]; -- cgit 1.4.1 From a16ebf856126bb93bc0a2aa091eb4403e781cd33 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 26 Jan 2020 16:15:19 +0100 Subject: systemd: drop 001{4,5}-{catalog,hwdb}-don-t-update-on-install.patch These patches removed logic in the meson install phase invoking `journalctl --update-catalog` and `systemd-hwdb update`, which would mutate the running system, and obviously fails in the sandbox. Upstream also knows this is a bad thing if you're not on the machine you want to deploy to, so there's logic in there to not execute it when DESTDIR isn't empty. In our case, it is - as we set --prefix instead for other reasons, but by just setting DESTIDIR to "/", we can still trigger these things to be skipped. The patches removed some context from 0018-Install-default-configuration-into-out-share-factory.patch, which we need to introduce there to make that patch still apply. --- .../0014-catalog-don-t-update-on-install.patch | 24 ------------------- .../0015-hwdb-don-t-run-update-on-install.patch | 27 ---------------------- ...ault-configuration-into-out-share-factory.patch | 4 ++++ pkgs/os-specific/linux/systemd/default.nix | 7 ++++-- 4 files changed, 9 insertions(+), 53 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch delete mode 100644 pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch b/pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch deleted file mode 100644 index 4f9f08413e2..00000000000 --- a/pkgs/os-specific/linux/systemd/0014-catalog-don-t-update-on-install.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 8e7aec49a387d8229b85cfc3ea2f2c1c9a45f6d0 Mon Sep 17 00:00:00 2001 -From: Franz Pletz -Date: Wed, 17 Jan 2018 05:10:36 +0100 -Subject: [PATCH 14/27] catalog: don't update on install - ---- - catalog/meson.build | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/catalog/meson.build b/catalog/meson.build -index 3db8e390f2..7004618750 100644 ---- a/catalog/meson.build -+++ b/catalog/meson.build -@@ -28,7 +28,3 @@ foreach file : in_files - install : true, - install_dir : catalogdir) - endforeach -- --meson.add_install_script('sh', '-c', -- 'test -n "$DESTDIR" || @0@/journalctl --update-catalog' -- .format(rootbindir)) --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch b/pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch deleted file mode 100644 index bf416d90d86..00000000000 --- a/pkgs/os-specific/linux/systemd/0015-hwdb-don-t-run-update-on-install.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 8a383521425d7a59e9b1850d1547d47fa5e8a952 Mon Sep 17 00:00:00 2001 -From: Franz Pletz -Date: Sun, 11 Feb 2018 04:01:35 +0100 -Subject: [PATCH 15/27] hwdb: don't run update on install - ---- - hwdb/meson.build | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/hwdb/meson.build b/hwdb/meson.build -index 31ee3e7409..badf39f555 100644 ---- a/hwdb/meson.build -+++ b/hwdb/meson.build -@@ -27,10 +27,6 @@ if conf.get('ENABLE_HWDB') == 1 - - meson.add_install_script('sh', '-c', - mkdir_p.format(join_paths(sysconfdir, 'udev/hwdb.d'))) -- -- meson.add_install_script('sh', '-c', -- 'test -n "$DESTDIR" || @0@/systemd-hwdb update' -- .format(rootbindir)) - endif - - ############################################################ --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch index 980d9f35461..1793f5d1818 100644 --- a/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch +++ b/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch @@ -40,6 +40,10 @@ index badf39f555..8fd9c7639f 100644 meson.add_install_script('sh', '-c', - mkdir_p.format(join_paths(sysconfdir, 'udev/hwdb.d'))) + mkdir_p.format(join_paths(factoryconfdir, 'udev/hwdb.d'))) + + meson.add_install_script('sh', '-c', + 'test -n "$DESTDIR" || @0@/systemd-hwdb update' + .format(rootbindir)) endif ############################################################ diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index b8693678566..82c8af30359 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -55,8 +55,6 @@ in stdenv.mkDerivation { ./0011-Fix-hwdb-paths.patch ./0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch ./0013-localectl-use-etc-X11-xkb-for-list-x11.patch - ./0014-catalog-don-t-update-on-install.patch - ./0015-hwdb-don-t-run-update-on-install.patch ./0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch ./0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch ./0018-Install-default-configuration-into-out-share-factory.patch @@ -220,6 +218,11 @@ in stdenv.mkDerivation { doCheck = false; # fails a bunch of tests + # trigger the test -n "$DESTDIR" || mutate in upstreams build system + preInstall = '' + export DESTDIR=/ + ''; + postInstall = '' # sysinit.target: Don't depend on # systemd-tmpfiles-setup.service. This interferes with NixOps's -- cgit 1.4.1 From 4f346cd84929d583d278bfa289b57da594ca09ed Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 22:16:21 +0100 Subject: systemd: drop 0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch This was simply undoing a hunk from 0008-Don-t-try-to-unmount-nix-or-nix-store.patch, so drop that one from there and omit 0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch entirely. --- ...008-Don-t-try-to-unmount-nix-or-nix-store.patch | 25 ------------- ...t-option-x-initrd.mount-handling-35268-16.patch | 42 ---------------------- pkgs/os-specific/linux/systemd/default.nix | 1 - 3 files changed, 68 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch index b858f3f7a45..fedaeb79671 100644 --- a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -23,31 +23,6 @@ index 959b8fbed2..5e4c4a9767 100644 return true; if (PATH_STARTSWITH_SET(m->where, -@@ -439,10 +441,20 @@ static int mount_add_default_dependencies(Mount *m) { - if (!UNIT(m)->default_dependencies) - return 0; - -- /* We do not add any default dependencies to /, /usr or /run/initramfs/, since they are guaranteed to stay -- * mounted the whole time, since our system is on it. Also, don't bother with anything mounted below virtual -- * file systems, it's also going to be virtual, and hence not worth the effort. */ -- if (mount_is_extrinsic(m)) -+ if (!MANAGER_IS_SYSTEM(UNIT(m)->manager)) -+ return 0; -+ -+ /* We do not add any default dependencies to /, /usr or -+ * /run/initramfs/, since they are guaranteed to stay -+ * mounted the whole time, since our system is on it. -+ * Also, don't bother with anything mounted below virtual -+ * file systems, it's also going to be virtual, and hence -+ * not worth the effort. */ -+ if (PATH_IN_SET(m->where, "/", "/usr", "/nix", "/nix/store") || -+ path_startswith(m->where, "/run/initramfs") || -+ path_startswith(m->where, "/proc") || -+ path_startswith(m->where, "/sys") || -+ path_startswith(m->where, "/dev")) - return 0; - - p = get_mount_parameters(m); -- 2.24.1 diff --git a/pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch b/pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch deleted file mode 100644 index f4508baae31..00000000000 --- a/pkgs/os-specific/linux/systemd/0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 39ba82b29fff844f82e745ed7785cbfb397c2908 Mon Sep 17 00:00:00 2001 -From: Timofei Kushnir -Date: Fri, 2 Mar 2018 13:02:53 +0300 -Subject: [PATCH 17/27] Fix mount option `x-initrd.mount` handling (#35268) - (#16) - ---- - src/core/mount.c | 18 ++++-------------- - 1 file changed, 4 insertions(+), 14 deletions(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index 5e4c4a9767..6bc3569550 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -441,20 +441,10 @@ static int mount_add_default_dependencies(Mount *m) { - if (!UNIT(m)->default_dependencies) - return 0; - -- if (!MANAGER_IS_SYSTEM(UNIT(m)->manager)) -- return 0; -- -- /* We do not add any default dependencies to /, /usr or -- * /run/initramfs/, since they are guaranteed to stay -- * mounted the whole time, since our system is on it. -- * Also, don't bother with anything mounted below virtual -- * file systems, it's also going to be virtual, and hence -- * not worth the effort. */ -- if (PATH_IN_SET(m->where, "/", "/usr", "/nix", "/nix/store") || -- path_startswith(m->where, "/run/initramfs") || -- path_startswith(m->where, "/proc") || -- path_startswith(m->where, "/sys") || -- path_startswith(m->where, "/dev")) -+ /* We do not add any default dependencies to /, /usr or /run/initramfs/, since they are guaranteed to stay -+ * mounted the whole time, since our system is on it. Also, don't bother with anything mounted below virtual -+ * file systems, it's also going to be virtual, and hence not worth the effort. */ -+ if (mount_is_extrinsic(m)) - return 0; - - p = get_mount_parameters(m); --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 82c8af30359..7079e21f309 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -56,7 +56,6 @@ in stdenv.mkDerivation { ./0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch ./0013-localectl-use-etc-X11-xkb-for-list-x11.patch ./0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch - ./0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch ./0018-Install-default-configuration-into-out-share-factory.patch ./0019-inherit-systemd-environment-when-calling-generators.patch ./0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch -- cgit 1.4.1 From a6710adab21b5fe55d28ba587c3076bcf5a19e2d Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 22:31:45 +0100 Subject: systemd: join 000{3,8}-Don-t-try-to-unmount-nix-or-nix-store.patch --- ...003-Don-t-try-to-unmount-nix-or-nix-store.patch | 24 +++++++++++++++---- ...008-Don-t-try-to-unmount-nix-or-nix-store.patch | 28 ---------------------- pkgs/os-specific/linux/systemd/default.nix | 1 - 3 files changed, 20 insertions(+), 33 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch index a1380a33f45..80b6721cb71 100644 --- a/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -1,4 +1,4 @@ -From 620047803b70b941606398e77f253645058007dd Mon Sep 17 00:00:00 2001 +From fd9c882581877eef8ba1b34a9502a1ff546b3833 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 12 Apr 2013 13:16:57 +0200 Subject: [PATCH 03/27] Don't try to unmount /nix or /nix/store @@ -7,11 +7,27 @@ They'll still be remounted read-only. https://github.com/NixOS/nixos/issues/126 --- + src/core/mount.c | 4 +++- src/shutdown/umount.c | 2 ++ - 1 file changed, 2 insertions(+) + 2 files changed, 5 insertions(+), 1 deletion(-) +diff --git a/src/core/mount.c b/src/core/mount.c +index eef362f0c8..600393ffc1 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -409,7 +409,9 @@ static bool mount_is_extrinsic(Mount *m) { + + if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */ + "/", +- "/usr")) ++ "/usr", ++ "/nix/", ++ "/nix/store")) + return true; + + if (PATH_STARTSWITH_SET(m->where, diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 00e268855d..08f3590f2a 100644 +index 2d07d3d6c1..8b112f464e 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c @@ -373,6 +373,8 @@ static int delete_dm(dev_t devnum) { @@ -24,5 +40,5 @@ index 00e268855d..08f3590f2a 100644 || path_equal(path, "/usr") #endif -- -2.24.1 +2.25.1 diff --git a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch deleted file mode 100644 index fedaeb79671..00000000000 --- a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 5b2eafc51fa2d98f03fd341176d9a7accc0259ae Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Mon, 11 May 2015 15:30:46 +0200 -Subject: [PATCH 08/27] Don't try to unmount /nix or /nix/store - -33f458625f2a9d201263bd1b81b1c56f4a077e80 wasn't enough. ---- - src/core/mount.c | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index 959b8fbed2..5e4c4a9767 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -409,7 +409,9 @@ static bool mount_is_extrinsic(Mount *m) { - - if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */ - "/", -- "/usr")) -+ "/usr", -+ "/nix/", -+ "/nix/store")) - return true; - - if (PATH_STARTSWITH_SET(m->where, --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 7079e21f309..427c48a32e3 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -49,7 +49,6 @@ in stdenv.mkDerivation { ./0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch ./0006-Look-for-fsck-in-the-right-place.patch ./0007-Add-some-NixOS-specific-unit-directories.patch - ./0008-Don-t-try-to-unmount-nix-or-nix-store.patch ./0009-Get-rid-of-a-useless-message-in-user-sessions.patch ./0010-hostnamed-localed-timedated-disable-methods-that-cha.patch ./0011-Fix-hwdb-paths.patch -- cgit 1.4.1 From b4cbcba5b11bc102761e790e988f820fcc885578 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 22:46:14 +0100 Subject: systemd: update paths kmod-static-nodes.service MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous patch just removed a `ConditionFileNotEmpty=…` line from `kmod-static-nodes.service` referring to a location not existing on NixOS. We know better, and can actually replace this Condition to point to `run/booted-system/kernel-modules/lib/modules/%v/`, instead of just patching it out. --- ...c-nodes.service-Don-t-require-lib-modules.patch | 24 ------------------- ...odes.service-Update-ConditionFileNotEmpty.patch | 27 ++++++++++++++++++++++ pkgs/os-specific/linux/systemd/default.nix | 2 +- 3 files changed, 28 insertions(+), 25 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch create mode 100644 pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch b/pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch deleted file mode 100644 index 6d4f39ea4a3..00000000000 --- a/pkgs/os-specific/linux/systemd/0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 18863cea3bdfad5f8b0581478ce4a39ede53b9d4 Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Thu, 17 Apr 2014 13:54:29 +0200 -Subject: [PATCH 05/27] kmod-static-nodes.service: Don't require /lib/modules - ---- - units/kmod-static-nodes.service.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in -index 0971edf9ec..7d150bf3d7 100644 ---- a/units/kmod-static-nodes.service.in -+++ b/units/kmod-static-nodes.service.in -@@ -12,7 +12,6 @@ Description=Create list of static device nodes for the current kernel - DefaultDependencies=no - Before=sysinit.target systemd-tmpfiles-setup-dev.service - ConditionCapability=CAP_SYS_MODULE --ConditionFileNotEmpty=/lib/modules/%v/modules.devname - - [Service] - Type=oneshot --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch b/pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch new file mode 100644 index 00000000000..df16b52660b --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch @@ -0,0 +1,27 @@ +From 7db89c2236158461c99fe5c5da7ddb7feab825cf Mon Sep 17 00:00:00 2001 +From: Florian Klink +Date: Sat, 7 Mar 2020 22:40:27 +0100 +Subject: [PATCH] kmod-static-nodes.service: Update ConditionFileNotEmpty + +On NixOS, kernel modules of the currently booted systems are located at +/run/booted-system/kernel-modules/lib/modules/%v/, not /lib/modules/%v/. +--- + units/kmod-static-nodes.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in +index 0971edf9ec..87105a87b9 100644 +--- a/units/kmod-static-nodes.service.in ++++ b/units/kmod-static-nodes.service.in +@@ -12,7 +12,7 @@ Description=Create list of static device nodes for the current kernel + DefaultDependencies=no + Before=sysinit.target systemd-tmpfiles-setup-dev.service + ConditionCapability=CAP_SYS_MODULE +-ConditionFileNotEmpty=/lib/modules/%v/modules.devname ++ConditionFileNotEmpty=/run/booted-system/kernel-modules/lib/modules/%v/modules.devname + + [Service] + Type=oneshot +-- +2.25.1 + diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 427c48a32e3..c09db7e8ab0 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -46,7 +46,6 @@ in stdenv.mkDerivation { ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch ./0003-Don-t-try-to-unmount-nix-or-nix-store.patch ./0004-Fix-NixOS-containers.patch - ./0005-kmod-static-nodes.service-Don-t-require-lib-modules.patch ./0006-Look-for-fsck-in-the-right-place.patch ./0007-Add-some-NixOS-specific-unit-directories.patch ./0009-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -61,6 +60,7 @@ in stdenv.mkDerivation { ./0021-add-rootprefix-to-lookup-dir-paths.patch ./0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch ./0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch + ./0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch ]; outputs = [ "out" "lib" "man" "dev" ]; -- cgit 1.4.1 From 9de0ac3770c10221b0c6ad33576f2c525544581b Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 23:47:22 +0100 Subject: systemd: 243.7 -> 244.3 This required some changes in how we treat DEFAULT_PATH_NORMAL. --- ...e-units-for-uninitialised-encrypted-devic.patch | 8 ++-- ...003-Don-t-try-to-unmount-nix-or-nix-store.patch | 16 ++++---- ...Change-usr-share-zoneinfo-to-etc-zoneinfo.patch | 44 +++++++++++++++------- ...ault-configuration-into-out-share-factory.patch | 8 ++-- ...-the-no-such-path-PATH-that-was-dropped-s.patch | 41 -------------------- ...h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch | 33 ++++++++++++++++ pkgs/os-specific/linux/systemd/default.nix | 13 +++++-- 7 files changed, 87 insertions(+), 76 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch create mode 100644 pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index 173f41a44c9..5418a6d9d91 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -9,13 +9,13 @@ makes more sense to me: the device is ready; it's the filesystem that's not, but taking care of that is the responsibility of the mount unit. (However, this ignores the fsck unit, so it's not perfect...) --- - rules/99-systemd.rules.in | 4 ---- + rules.d/99-systemd.rules.in | 4 ---- 1 file changed, 4 deletions(-) -diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in +diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in index c34b606216..3ab8c1c3fe 100644 ---- a/rules/99-systemd.rules.in -+++ b/rules/99-systemd.rules.in +--- a/rules.d/99-systemd.rules.in ++++ b/rules.d/99-systemd.rules.in @@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" SUBSYSTEM=="block", TAG+="systemd" SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" diff --git a/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch index 80b6721cb71..75110faf923 100644 --- a/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -12,20 +12,18 @@ https://github.com/NixOS/nixos/issues/126 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/core/mount.c b/src/core/mount.c -index eef362f0c8..600393ffc1 100644 +index a0dfa6a1a7..4ca6adcdc6 100644 --- a/src/core/mount.c +++ b/src/core/mount.c -@@ -409,7 +409,9 @@ static bool mount_is_extrinsic(Mount *m) { +@@ -414,6 +414,8 @@ static bool mount_is_extrinsic(Mount *m) { if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */ - "/", -- "/usr")) -+ "/usr", -+ "/nix/", -+ "/nix/store")) + "/", /* (strictly speaking redundant: should already be covered by the perpetual flag check above) */ ++ "/nix", ++ "/nix/store", + "/usr", + "/etc")) return true; - - if (PATH_STARTSWITH_SET(m->where, diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c index 2d07d3d6c1..8b112f464e 100644 --- a/src/shutdown/umount.c diff --git a/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index 0b14eb7a58b..ad76fda7d95 100644 --- a/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -1,15 +1,16 @@ -From 76f3fba3031d74647855ce0da2d4e317016cb7d6 Mon Sep 17 00:00:00 2001 +From 78479b75c9f9342646223b3db6b4b0744817dc24 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 11 Oct 2016 13:12:08 +0300 -Subject: [PATCH 12/27] Change /usr/share/zoneinfo to /etc/zoneinfo +Subject: [PATCH] Change /usr/share/zoneinfo to /etc/zoneinfo NixOS uses this path. --- man/localtime.xml | 4 ++-- src/basic/time-util.c | 6 +++--- src/firstboot/firstboot.c | 2 +- + src/nspawn/nspawn.c | 4 ++-- src/timedate/timedated.c | 8 ++++---- - 4 files changed, 10 insertions(+), 10 deletions(-) + 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/man/localtime.xml b/man/localtime.xml index 0f1652ee2e..71c4f95c2e 100644 @@ -34,10 +35,10 @@ index 0f1652ee2e..71c4f95c2e 100644 Etc/UTC. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index e14ae8f2f7..a8a3488be1 100644 +index 105584e2e7..5238f69931 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c -@@ -1215,7 +1215,7 @@ int get_timezones(char ***ret) { +@@ -1217,7 +1217,7 @@ int get_timezones(char ***ret) { n_allocated = 2; n_zones = 1; @@ -46,7 +47,7 @@ index e14ae8f2f7..a8a3488be1 100644 if (f) { for (;;) { _cleanup_free_ char *line = NULL; -@@ -1310,7 +1310,7 @@ bool timezone_is_valid(const char *name, int log_level) { +@@ -1312,7 +1312,7 @@ bool timezone_is_valid(const char *name, int log_level) { if (p - name >= PATH_MAX) return false; @@ -55,7 +56,7 @@ index e14ae8f2f7..a8a3488be1 100644 fd = open(t, O_RDONLY|O_CLOEXEC); if (fd < 0) { -@@ -1408,7 +1408,7 @@ int get_timezone(char **ret) { +@@ -1410,7 +1410,7 @@ int get_timezone(char **ret) { if (r < 0) return r; /* returns EINVAL if not a symlink */ @@ -77,11 +78,26 @@ index 528e6452cf..c712ca9072 100644 (void) mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 873a76596f..a024b10f32 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1642,8 +1642,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u + static const char *timezone_from_path(const char *path) { + return PATH_STARTSWITH_SET( + path, +- "../usr/share/zoneinfo/", +- "/usr/share/zoneinfo/"); ++ "../etc/zoneinfo/", ++ "/etc/zoneinfo/"); + } + + static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index fa20d22cde..8e6dbe1efb 100644 +index 5e2fb50d83..02eb2ca11d 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -265,7 +265,7 @@ static int context_read_data(Context *c) { +@@ -264,7 +264,7 @@ static int context_read_data(Context *c) { r = get_timezone(&t); if (r == -EINVAL) @@ -90,7 +106,7 @@ index fa20d22cde..8e6dbe1efb 100644 else if (r < 0) log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); -@@ -289,7 +289,7 @@ static int context_write_data_timezone(Context *c) { +@@ -288,7 +288,7 @@ static int context_write_data_timezone(Context *c) { if (isempty(c->zone) || streq(c->zone, "UTC")) { @@ -99,18 +115,18 @@ index fa20d22cde..8e6dbe1efb 100644 if (unlink("/etc/localtime") < 0 && errno != ENOENT) return -errno; -@@ -297,9 +297,9 @@ static int context_write_data_timezone(Context *c) { +@@ -296,9 +296,9 @@ static int context_write_data_timezone(Context *c) { return 0; } - source = "../usr/share/zoneinfo/UTC"; -+ source = "zoneinfo/UTC"; ++ source = "../etc/zoneinfo/UTC"; } else { - p = path_join("../usr/share/zoneinfo", c->zone); -+ p = path_join("zoneinfo", c->zone); ++ p = path_join("../etc/zoneinfo", c->zone); if (!p) return -ENOMEM; -- -2.24.1 +2.25.1 diff --git a/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch index 1793f5d1818..3911d1b0181 100644 --- a/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch +++ b/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch @@ -11,7 +11,7 @@ this commit introduces two new configuration variables `factoryconfdir` and `factorypkgconfdir` to install systemd's own configuration into nix store again, while having executables looking up files in /etc. --- - hwdb/meson.build | 2 +- + hwdb.d/meson.build | 2 +- meson.build | 11 +++++++---- network/meson.build | 2 +- src/core/meson.build | 10 +++++----- @@ -30,10 +30,10 @@ store again, while having executables looking up files in /etc. units/meson.build | 3 ++- 17 files changed, 30 insertions(+), 26 deletions(-) -diff --git a/hwdb/meson.build b/hwdb/meson.build +diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build index badf39f555..8fd9c7639f 100644 ---- a/hwdb/meson.build -+++ b/hwdb/meson.build +--- a/hwdb.d/meson.build ++++ b/hwdb.d/meson.build @@ -26,7 +26,7 @@ if conf.get('ENABLE_HWDB') == 1 install_dir : udevhwdbdir) diff --git a/pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch b/pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch deleted file mode 100644 index 63d694c2daa..00000000000 --- a/pkgs/os-specific/linux/systemd/0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 95c4e1ffd2249a52ca02e4fbe46aa4e51c5abd17 Mon Sep 17 00:00:00 2001 -From: Andreas Rammhold -Date: Fri, 2 Nov 2018 20:56:49 +0100 -Subject: [PATCH 20/27] reintroduce the /no-such-path PATH that was dropped - some versions ago - -Originally eelco set the DEFAULT_PATH_NORMAL to "/no-such-path" since we -do not need that in NixOS and usually refer to all our executables with -an absolute path. This commit reintroduces this change. ---- - src/basic/path-util.h | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index 71fb7041a3..b856e782a8 100644 ---- a/src/basic/path-util.h -+++ b/src/basic/path-util.h -@@ -28,13 +28,13 @@ - # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) - #endif - --#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") --#define DEFAULT_USER_PATH_NORMAL PATH_BIN_SBIN("/usr/local/") ":" PATH_BIN_SBIN("/usr/") --#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") --#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") --#define DEFAULT_USER_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_BIN_SBIN("/") --#define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") --#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") -+#define DEFAULT_PATH_NORMAL "/no-such-path" -+#define DEFAULT_USER_PATH_NORMAL "/no-such-path" -+#define DEFAULT_PATH_NORMAL_NULSTR "/no-such-path\0" -+#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL -+#define DEFAULT_USER_PATH_SPLIT_USR DEFAULT_PATH_NORMAL DEFAULT_PATH_NORMAL -+#define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR -+#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL - - #if HAVE_SPLIT_USR - # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch new file mode 100644 index 00000000000..10bf54708f0 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -0,0 +1,33 @@ +From 0939ac4be7ced099670979f26adf8a579173ce4b Mon Sep 17 00:00:00 2001 +From: Florian Klink +Date: Sun, 8 Mar 2020 01:05:54 +0100 +Subject: [PATCH] path-util.h: add placeholder for DEFAULT_PATH_NORMAL + +This will be the $PATH used to lookup ExecStart= etc. options, which +systemd itself uses extensively. +--- + src/basic/path-util.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/basic/path-util.h b/src/basic/path-util.h +index 111d85d445..cfd92aeb73 100644 +--- a/src/basic/path-util.h ++++ b/src/basic/path-util.h +@@ -24,11 +24,11 @@ + # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) + #endif + +-#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") +-#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") ++#define DEFAULT_PATH_NORMAL "@defaultPathNormal@" ++#define DEFAULT_PATH_NORMAL_NULSTR "@defaultPathNormal@\0" + #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") + #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") +-#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") ++#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL + + #if HAVE_SPLIT_USR + # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR +-- +2.25.1 + diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c09db7e8ab0..045497b4b2b 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -7,6 +7,7 @@ , gettext, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45 , ninja, meson, python3Packages, glibcLocales , patchelf +, substituteAll , getent , buildPackages , perl @@ -30,7 +31,7 @@ let gnupg-minimal = gnupg.override { bzip2 = null; }; in stdenv.mkDerivation { - version = "243.7"; + version = "244.3"; pname = "systemd"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -38,8 +39,8 @@ in stdenv.mkDerivation { src = fetchFromGitHub { owner = "systemd"; repo = "systemd-stable"; - rev = "f8dd0f2f15a566ede668c59e3c810c61f9d62c51"; - sha256 = "1alvvciddg36by1bgzi8aarnms4crzqqyizj3nhlddh35pgpwvdk"; + rev = "c4280c342bbf4fa8da833103482362236c18f835"; + sha256 = "0y83nsrbdn0y3wfyfx53ac8c3wy9jrra86aaxix568vigi48g9zi"; }; patches = [ @@ -56,13 +57,17 @@ in stdenv.mkDerivation { ./0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch ./0018-Install-default-configuration-into-out-share-factory.patch ./0019-inherit-systemd-environment-when-calling-generators.patch - ./0020-reintroduce-the-no-such-path-PATH-that-was-dropped-s.patch ./0021-add-rootprefix-to-lookup-dir-paths.patch ./0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch ./0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch ./0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch + ./0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch ]; + postPatch = '' + substituteInPlace src/basic/path-util.h --replace "@defaultPathNormal@" "${placeholder "out"}/bin/" + ''; + outputs = [ "out" "lib" "man" "dev" ]; nativeBuildInputs = -- cgit 1.4.1 From d2871a723a1c78910f78a888e7591a8e2688c087 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 23:50:26 +0100 Subject: systemd: 244.3 -> 245 --- pkgs/os-specific/linux/systemd/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 045497b4b2b..6e427cfc6a0 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -31,7 +31,7 @@ let gnupg-minimal = gnupg.override { bzip2 = null; }; in stdenv.mkDerivation { - version = "244.3"; + version = "245"; pname = "systemd"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -39,8 +39,8 @@ in stdenv.mkDerivation { src = fetchFromGitHub { owner = "systemd"; repo = "systemd-stable"; - rev = "c4280c342bbf4fa8da833103482362236c18f835"; - sha256 = "0y83nsrbdn0y3wfyfx53ac8c3wy9jrra86aaxix568vigi48g9zi"; + rev = "ea500ac513cf51bcb79a5666f1519499d029428f"; + sha256 = "10jjj3maqhi6qschw9c45phjg9azpp84wlfackcqc20vj5dqm5sq"; }; patches = [ -- cgit 1.4.1 From b0b7f673dcf2098779ca4369496add67626a5ecc Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 16 Apr 2020 20:21:35 +0200 Subject: systemd: 245 -> 245.3 --- pkgs/os-specific/linux/systemd/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 6e427cfc6a0..72c27a1f9f6 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -31,7 +31,7 @@ let gnupg-minimal = gnupg.override { bzip2 = null; }; in stdenv.mkDerivation { - version = "245"; + version = "245.3"; pname = "systemd"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -39,8 +39,8 @@ in stdenv.mkDerivation { src = fetchFromGitHub { owner = "systemd"; repo = "systemd-stable"; - rev = "ea500ac513cf51bcb79a5666f1519499d029428f"; - sha256 = "10jjj3maqhi6qschw9c45phjg9azpp84wlfackcqc20vj5dqm5sq"; + rev = "0f5047b7d393cfba37f91e25cae559a0bc910582"; + sha256 = "0wyh14gbvvpgdmk1mjgpxr9i4pv1i9n7pnwpa0gvjh6hq948fyn2"; }; patches = [ -- cgit 1.4.1 From c18ceab1068e4ecaa986f6a9ad89b8c3560a58c2 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Thu, 16 Apr 2020 05:03:47 +0100 Subject: systemd: remove myself as maintainer --- pkgs/os-specific/linux/systemd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 72c27a1f9f6..1f69757b828 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -294,6 +294,6 @@ in stdenv.mkDerivation { license = licenses.lgpl21Plus; platforms = platforms.linux; priority = 10; - maintainers = with maintainers; [ andir eelco flokli mic92 ]; + maintainers = with maintainers; [ andir eelco flokli ]; }; } -- cgit 1.4.1 From ce7c1230ea54a4ecf983466fe8a8e28bb09264cc Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 16 Apr 2020 20:23:46 +0200 Subject: systemd: explicitly disable homed for now We don't currently have tests to ensure it works and keeps working. So instead of having it accidentially working, and possibly breaking it in the future, disable it for now. --- pkgs/os-specific/linux/systemd/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 1f69757b828..0f49a195534 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -109,6 +109,7 @@ in stdenv.mkDerivation { "-Dtests=false" "-Dimportd=true" "-Dlz4=true" + "-Dhomed=false" "-Dhostnamed=true" "-Dnetworkd=true" "-Dsysusers=false" -- cgit 1.4.1 From b3f14109a8fab586d657d0f04ad700b008258e29 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 16 Apr 2020 20:28:26 +0200 Subject: systemd: explicitly disable portabled for now This hasn't worked with 243, let's disable it for now, until we have tests and can ensure it works and keeps working. --- pkgs/os-specific/linux/systemd/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 0f49a195534..3a83ee63172 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -112,6 +112,7 @@ in stdenv.mkDerivation { "-Dhomed=false" "-Dhostnamed=true" "-Dnetworkd=true" + "-Dportabled=false" "-Dsysusers=false" "-Dtimedated=true" "-Dtimesyncd=true" -- cgit 1.4.1 From acb4710214f075fc5277443d9cf982fed213629b Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Fri, 17 Apr 2020 13:48:09 +0200 Subject: alsaTools: 1.1.7 -> 1.2.2 Fixes build regression (after alsa update, I assume). Despite the version number change, the diff is trivial: https://git.alsa-project.org/?p=alsa-tools.git;a=log;h=refs/tags/v1.2.2 --- pkgs/os-specific/linux/alsa-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-tools/default.nix index 151549aa67b..2fef5e07c63 100644 --- a/pkgs/os-specific/linux/alsa-tools/default.nix +++ b/pkgs/os-specific/linux/alsa-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "alsa-tools"; - version = "1.1.7"; + version = "1.2.2"; src = fetchurl { url = "mirror://alsa/tools/${pname}-${version}.tar.bz2"; - sha256 = "1xjfghr9s0j6n91kgs95cc4r6qrjsgc4yj2w0nir3xpnm0l36950"; + sha256 = "0jbkjmq038zapj66a7nkppdf644v2mwj581xbmh6k4i8w6mcglxz"; }; nativeBuildInputs = [ pkgconfig ]; -- cgit 1.4.1 From d9258d33be5b46ff2661580707f8e46195b61bcc Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 17 Apr 2020 08:29:21 -0400 Subject: linux: 4.19.115 -> 4.19.116 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 142cf0aaf92..cdb19fd54ab 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.115"; + version = "4.19.116"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1hh170z3mv181l6cc6qqc12wif5jsmxbh2qxbq6b9km5irydkchi"; + sha256 = "0r3vdc3npl1bn06w9v6wsq7d5mm7bnhm9wsz36pb9ar3xhimvrlf"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From e341107367f77c6b961afd1e6b6de274d1b89dd5 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 17 Apr 2020 08:29:34 -0400 Subject: linux: 5.4.32 -> 5.4.33 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index f4293b5bffc..b2de6ea8689 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.32"; + version = "5.4.33"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1czjjnln1cqrnjxw0md6mpw9haw9abdyvmxnjds56ym4nzx9jb8r"; + sha256 = "0q9q48ij6vppfcrdf7fr24pvpwsd13pxjkdni6rnjq9a60hrcmxm"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 3d01e802bd56c78965b784a3fbb4db0d424e2c64 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 5 Apr 2020 04:18:36 +0100 Subject: linux: explicitly enable SYSVIPC The linux-hardened patch set removes this default, probably because of its original focus on Android kernel hardening. --- pkgs/os-specific/linux/kernel/common-config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 2c8b8de65b3..1ed48baa924 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -607,6 +607,8 @@ let MODULE_COMPRESS_XZ = yes; KERNEL_XZ = yes; + SYSVIPC = yes; # System-V IPC + UNIX = yes; # Unix domain sockets. MD = yes; # Device mapper (RAID, LVM, etc.) -- cgit 1.4.1 From 0d4f35efd4f905b322cd232e9740ce18f04270a0 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 22:47:13 +0100 Subject: linux_*_hardened: use linux-hardened patch set This is an updated version of the former upstream, https://github.com/AndroidHardeningArchive/linux-hardened, and provides a minimal set of additional hardening patches on top of upstream. The patch already incorporates many of our hardened profile defaults, and releases are timely (Linux 5.5.15 and 5.6.2 were released on 2020-04-02; linux-hardened patches for them came out on 2020-04-03 and 2020-04-04 respectively). --- pkgs/os-specific/linux/kernel/anthraxx.asc | 325 +++++++++++++++++++++ .../os-specific/linux/kernel/hardened-patches.json | 27 ++ pkgs/os-specific/linux/kernel/patches.nix | 17 +- pkgs/os-specific/linux/kernel/update-hardened.py | 200 +++++++++++++ pkgs/os-specific/linux/kernel/update.sh | 3 + pkgs/top-level/aliases.nix | 5 + pkgs/top-level/all-packages.nix | 8 +- 7 files changed, 580 insertions(+), 5 deletions(-) create mode 100644 pkgs/os-specific/linux/kernel/anthraxx.asc create mode 100644 pkgs/os-specific/linux/kernel/hardened-patches.json create mode 100755 pkgs/os-specific/linux/kernel/update-hardened.py (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/anthraxx.asc b/pkgs/os-specific/linux/kernel/anthraxx.asc new file mode 100644 index 00000000000..101ccfbf0f2 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/anthraxx.asc @@ -0,0 +1,325 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBE64OEUBEADPS1v+zoCdKA6zyfUtVIaBoIwMhCibqurXi30tVoC9LgM6W1ve +HwPFukWq7DAS0mZUPE3mSV63JFLaTy0bY/6GO1D4wLdWZx4ppH7XKNCvKCbsi70k +UozFykNVf+83WEskuF1oYzXlF3aB5suz2IWJl7ey1EXgIpehwQaTJUA5JIWYFp9A +566LRNJefYMzUR33xc4dRKj6Etg0xdLVq7/vZoo8HpLCBGNWiP0AKqFWEwTg0xQL +7nsJA5tfJJdwAJvrzjpFsvb63PKG6waAtdHhON4q7E2Udak9fz2tRjxA5l9l2zXk +aqsysUzkxPhNjwMENoQ04KZg4aT+ZhhBzTowSWLp3KV2uaZ66kdPUO3s+/1bPp5/ +N/IlykaUwyL773iYOZ5dOY/9hIuX/zssihcrGEMW6yIyZR5uKhzYdaM9ExTXP637 +UccgNS9/pskPGPx/xK23NDCfeHzL9YHS5KokA2wb/b9hqpwvLaeblbMl2pt79F1R +ac+rZlrRyX3NvlTQP4hqM9Ei2YBAU7QFDJEjH8pVIceL7grxi1Ju1iD5QiSK+je5 +Jj5EAikfwSeAttSzsqNvaXJHfABrv5mkkVt1z3icP3HIHTYnG+uj+t8kvW+o9/1i +pD6e6LUh4w5v1aY9kaK/M3+eBH59yNYI99crPUKUBVfW4gv4DBUJAQTWRQARAQAB +tDVMZXZlbnRlIFBvbHlhayAoYW50aHJheHgpIDxsZXZlbnRlQGxldmVudGVwb2x5 +YWsubmV0PokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEF +AlSXU9QFCQfATw8ACgkQ/BtUfI2BcsjPbxAAs+UR/bJz/HeYTpPy+HnKwDJgI9GP +AZlNvp+QSIhOTtKCYkQ/Iu+5scY5J0Qyv0pcJW5Rxjx+l7KGovw84jzVznnYsJoy +UQ5H3Ev9T2xW1nrZT3abJ7j6ZIck+Q+WFHu5Plsq6doSXOXmJNoehvT3BVolvc6w +S1+CAoyA5Wm1yfocZgVOvWPWQaa1T4XA7OwxFWrvNWEZwAzTSjkGHkwmji+DxdBd +RPam9+qm/rcN1IJTu6xJPr38a9LydWonsUpTR2Qn7Bo4EJp8yHJLaiLEMV/Nmgrr +1orBYw/OzDzhbdMl+2zzwEBLUMPABdgnPM6ZCZ5PWyWnCU4jsBGyVd0IC5xEu3Eg +a0EtIdvx2lXiLfh2dulpMn52uJY5iNwaTleO+z9CENQVhh5R4FuN9H0BLiyAxf1+ +MkD3jLT+DGl02hQghtxz18iTkRk7KOw/NFn4z0is+TRl4/ocNt1LiWQXt8dr7qdx +zvUpDnxCSYZkeutzopo1TA4lKpnsS2mHabx6CbrUmF+wOIr8gHUfpBFeEQ8BHebU +5X0JrFF5mjeNl4uK9l9lD9ng74rsSpKPr15DU41jIuQDHJYd6H3TXQ4K1z7Ciivy +r4vgsruAFX/GduKseOx1obWW3GfIQzLAIuVdjldgREl61GWoLiGFqlcveiAIkN5p +Bxc20hSrHgZP9ZyIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GTK7AKC8Sd1ndNvc +1ispBaECbHT/JPfGrQCgvkfGBsFn/KBrgC5hTm0mSxdy942JAkEEEwECACsCGwMF +CQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOuD2qAhkBAAoJEPwbVHyN +gXLIXL4QAJtbs62EpOIFld0N+tTEFn1qQPPaExAXmH/RF5Epf+0rSS6B0OXEZBXz +cWtMPbHxoLjN1iY8o0QC1ex7/KDfYq8Ho18M9P+Lf6XfW0sJ9d021U5MJWGPs4zA +lNFXJqeMgfJZAno2N6dO/azcYHq1wmSgUbTb9Oyi1PHfn3g0UAW59dfkB8d2jEvY +Yed1X0mBPPXcbgnYNZ514JQtm9wuDdVWrh/Si9EhKg6+MPcbv18G4lpPGR+yNq9y +3Jze4vmmWen0ceDJEp06IAeTfJzzD80Oui2WXtLfaQxgf9uuZtGjrMX5l+mq7rBS +VH/dsHP1VYI0efKIs7qbmiLcMRVWYIGix9I1C3UYr3ImYiCGlBG/uQ929xbjWAHa +hy4W6rzruUWjyi/Kz7QRnyBgtHfhDO7hYziTr5hoGhd4VeUpcbxL+MegXFZsWJlE +kz8TOOsZ/4XxXHVoalg8fYOcA7j/aoszsPMQUOL/5jsVRhyP3evtVxb3m1EwvYDK +Lii4IkVxGztlBOIgeT4kwXgoJEASSZHgcd6tDv9q7o33n2I1DGL8X3axcHES2/C7 +cP+li3KL3Hc9vjgaJ9HfcQLuMcHqfoHn+YzVfbG5XeFcxhgQpwpYsZv3MTbXAQwI +fRHXRuIfOiFwqUXahi5N1WSIXNBGSyI7pu9ht5I7gIIOINE+VS7FiQJBBBMBAgAr +AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCUNol8QUJA/yTqwAKCRD8 +G1R8jYFyyIqUD/9yWw7WBQiWyIMpVuX9c2Ov1fAkDya43fDm0gqIgNsdaxCt5ATh +XaXZ/p2jglWwon5jDLDNsVR0/Q/t8ugdcP3bcwRtW2YYQ2F1PaNjfr5WsuPEadyc +J62DIobY4IzqBpDuqGLYdbzZeKr49VwbRRvIJpphrk3+CekFvdIs1ofEpA2Kn2oA +DXfYuaWoVBF7fTwAZmc3hYPOI1jK7nrFZbCnAT4WZPzZ4IY9lsaNTF/4mQ8vV1xF +De6HjfslHURlZWsWtQIKhIPBKoZC1nP5VRK3IHYgKw8toq780kalLH8ofv9BkSrs +t98JOoJX4etdmE8Ta/+Wg5C9EzR+909tQfdWdkaRbhvbtl/x7X76HU4ItefLR5pW +d0OSo488QZMQjCUWlzgPMsmnYMQm6ckNOp0B/RtMfbJV7t5H+JE3PLfFG55jcz3w +uNGhfZyl/ZhV9fvGLU/sPyhIW7ewuIwd+7i12fH9r4NAGB/mkSKK+tHGcTZvXxux +5QMKE+a9u6NMJRrbsIiTFwhrCLMgzLYL0mtX8FZXNFFZzGFYkiXymBR0ze4LKzRo +dMFpyP/w/IIjYBhVpgboT2EMMIgJHSsMJDCdDjI+9cAykVF6ccSiUQ11devHL6Pv +WwlT2Ub4TP4yCScHDPyfWq+tfdQlWFVRZMRJ7kmq0VagqomdRHgLPyPgDYkCHAQQ +AQIABgUCUtgrXgAKCRBH1QFsQv98LACcEACFq3Oz8nHAa6KsyspIWo0+HjzCtTv0 +G6TB+svf3fl24C93IfFhpSyxNf8XVa9h9kCU5ZImYN+LaoUGiz3lcYxjdOeFYDc4 +GU5TFrJwY9eOYYCsr+z+NLn7wlLZEO772lGUDPJMWxSGqR9yOGhQCTIADLLcp6mt +07zdejESYxMT6IjYR+rX6miWG5Hr9/lBdh/X4XhGpHEY64IL8vVB3C+FQfG3hiMB +bHbvJ4/S/cjfNM1T9oKiA0H6jklRHIdstj+2eeWA7lS+GE3Mpkra+8KmkEjV4O03 +izcRpMm1yTGoTjp9UddTNYErb/sha5YigYAqK8bj3gh6tTFNJHbN4RWgtPDyc5Va +1u+sH2ob6JS5tez8/Z6pMarGpTQujIGAlntP4igi0Q4hxyLof6Vtc6XF80uSwTvN +RRmQrcq+kLPwX0NbyZCBCI+kjBPu2b932JDTfVBKwJCLF3e1zvQqN0C7EZnIzveX +r7VtJ4WHIfSyi/HQP7xm5L0uQj+KRr+/LMaxkCDgrlqoWTgAoxCAPYH1XCvBoJRc +DHjNikyEAS8WUGl9ZHQyAoFngi/jqH6WoDAmfBUKRoBMR2hXLOKUBmObw0DHgauM +kk4kD6CW4UEy0SM/i9JD7sk9KiKoHMip1jguKRJkHJ1WSkNl7nZpeo+KG0WbGHXN +b7hnrQsNyqJkUokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AC +GQEFAlLV0QIFCQXdHmsACgkQ/BtUfI2Bcsj8DA//b8wZrFY/Fj/iR5ZaO0AjmMV1 +hM7lAFWLfDiLyYofuiGLUg9rqFWj+Ks2kedVN7+22Bjgi5fvpXv3Uy4trZKKw8Xs +FJ/s8HQ6jzIv6pFdIYPLFQBqS2tEgfsanPZWIqJI9fbhOrRGN7WV5tXiksCaRO+u +rLjIhAYmsDb//BD2xqsY54ouRdrz5nRG3qG2odq2Lw8XquW6srouGaSm+BI3sow6 +l2eAW8UjbxwICQg2ZPZYCBc9ArbgLS1ha+yPhp65nGpVbqDA8rUKC11op1ArAbY3 +Yt6xzLg+RCuCHBa1gNPpDoYV9V8Zve03mEIcsK10X0RhJQ+z4INvrjtelPRCOLpN +179JmsyxwOzwAPg773SK1Z31jSirsiEke/q8j13PGNDBCb4ZKpm/KOht+4d0jJLK +GLqD85cv3/uAeSh2zWkoKcVW6uVZpiz3KA3i4YMWnteOlrlZH28nIrDXevPzkOxo +pZlhuLboCD6g6yuZI4Wm9fEiga8xmRDw4RrOIuDXWjNW6IVaeFGvnYaNf0wnmBD+ +FE1SMWwcmqgB1yIylmKqH0lYce8SVAMLkkOlaijhWrfCO5iS7zjWaVz98HCqFfwR +gHuJTxOwwlf9Qb6cyC3bGsfILBUuE0L5vUAZUAc61H+6Sv88CDDUO1EOKaqAAYhR +plvoyYZ3xiSMgzYKGZ+0OkxldmVudGUgUG9seWFrIChKYWJiZXIvWE1QUCBvbmx5 +KSA8YW50aHJheHhAamFiYmVyLmNjYy5kZT6JAj4EEwECACgCGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheABQJUl1PaBQkHwE8PAAoJEPwbVHyNgXLIQokQAKxJB9/F +TfBae6eqcT+izxGSnsvbc2bcrtsmKkhu9HwpsJ4IDutphXFB0wFalI40BL0o1k54 +Wlfv5GHbq7Ju3kW2dmTMP0WpfFytV7rr2yqSmik+skJw27BDk74rP0v4TNOHaTrP +nokfTnlaKuv1bqlwbIwV7rJ5jbAtw5hueeN4jghGU8SGlCOEZ/xGxYYsvtyPhZhn +kmsAzcPr/BpW4NkSb2SnRIO8KzcPnzxz7JDdeIusq/YW7P5OlhDx4ejdh0Wg6ISl +zxB5VoqFqNuKTBQNz4HHpqDVQqEDE4JngMerDr+4qAiDYI4w6kN3Ce2LqciRyMVh +YYnTqyyjXYY3C1WwXIa1tZb2Cw2DorshNFdACr7wKQMOoJtAFpdd3d/DRKQWCc3x +jkBERqZ+55unTY0/0uyNPoK0noAcGydiU8WGh6wyi+Do+Zxq4QJEcqL/FHrhlaiw +LTmgDS+XDl7zRtQia7ykpi/xqe74ujOHcJO8tpY0ZCdR2A13xiOi+11wndbOkBFv +dQ0vgih9ROzwe3hBbBQQOdF4hkA9vEd2Ks4gF8IR+5ixWAIyZAVbnDiLelWgQgnE +aeEwTtfcXRNAxuj+MgMPQhXQ2/cK0dPD4z51DchVRIf9G3hAuBT/CEhTqNkkm5F0 +og7azwd75+vh5RxwVld3ES6CMXKaiV4csQkdiEYEEBECAAYFAk64PygACgkQvnQP +QT8iuxlligCeNgfNE4w1AQuOC4ef3HNNY0GXgVMAnjmtCVIUJv/w6PDimvf20rgF +GVHxiQI+BBMBAgAoBQJOuD0KAhsDBQkCHIcABgsJCAcDAgYVCAIJCgsEFgIDAQIe +AQIXgAAKCRD8G1R8jYFyyPv3D/wJ+sYXqSxoo8OriGMUzG5LXs2Hf1YULdlysGa8 +mxWTwCIEMSSx8AoOKf/FyXglDVl9msfOgv6jRiN+UyNCQEv+6a5ZCL7BlAVU0Q4W +w2/UUlOUlLMC1QAodGcC3kiPSy41jnDVswKYRrICuiW1Pqgad3h7u7caqvqG1D/A +YOR2Q8JjY15j6Qf62Xx+YANx2tPWKeDyPUAN/x1W6RrEDbN5F+1qOpPFuTnpPmqH +q4zxm4Dz4szypmAKsN+5/q8T6DJtSnP7COtsY467oX2XtNTTuCIsU79lBVo/yan9 +ofB6hu12KyXwJIl1OK34g9VEP5suU3hcEw7uVAvxyMYJQlxORUCG0DAFc/oPm3d0 +ypRdbxXJMjoS3pmCf7kwnEA9PIAjZDYuVHGZkAdmYYInTIH6ipjkVxDHEF1en0h2 +zHJEZC7NIYgPyzHXmH7Xy3VZVhhKKKM12VDOuIOOecQPuFIw3hG7dymjn5e9dMzv ++DMkbEZzoFahLYkbVGG1FGzhE6Uvb/IG0UJCC4nDz0pzZpV++QHvgEvbY/HLbHJ4 +o3CT5aVE0YIhTP+zqXNFMOao8yZy+AzdMzdX+Y3ADZfY0oiZ+JH1Zo++rdrgXUhg +Y98QgMwVwESbwaBKjsC0JnlmWyNivhIOS6NRyqR75E7j7JSvgJdxhvpQXXkQ/BzL +FM1Ej4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlDaJfoF +CQP8k6sACgkQ/BtUfI2BcsiEahAArZfD1yJK385eqgCZ5LryVLRXrocuF1zlHl/6 +ugRy2TEe43ex4eTOY+mv4ZJVSxbDzUqMbBv0m3IETbM0CSESjGD+i5I7K3IToZO9 +ZgIXDbpoy9x2KWjU+R5oaxCTmZ9jk1p+f4zHxc8lJdgOXPwcIIT5Euwk4LAFN+wn +CUHkO/D0xzP2ivTrM+VHNWqSUcNInAGRx+R0NvdSryIAsdA/5E3ql786WQhPy6L6 +1d7cmxaLsfAKIOf8ydNyoiqmJkT62omLLnqyERfLZRa9RKt5EgnxX6kR2BA+h/Gn +KVV18bCIJjF3Gjnh3qjJehKRaw9nmzrB9KtGQAHdIp8ivNvjMitc1ijRIECfidWd +lGxgmuI/gX58eaV3scjbs5YUFmGhcZIgjCxWWxFSwmzJTUVT5XqBpXFQB4dokj9m +NNMpM3YH8T9QaaS/m9j7cmCJ4gxp7i1bJsqsVG5BjRLiZv701eVKVmU6vqhubR0R +eSZghqho9e44ZMbn4rJ5kTQhGc7ZGNsIyChMSaYVreB8IBLDC7rg8dB/umg1OYOp +8EqRLJyXdtpa4DN3X0e4WcWb0Toj4QuyCh/es1CtBldhdqHr0aLZYCX4i/KuGTXI +kA8LTOJmZsE+K+/NCux1VHK9DADKcNjhSV0QTf+8ntGlNW6i2Mlt34thZK5eeB6W +Bbo1zl6JAhwEEAECAAYFAlLYK14ACgkQR9UBbEL/fCyyQBAA0931q8dBD/6COmat +8S+JSgcuIpylukFxU2vySBWSGRHFmFzwbokUE4bbNyutwNO2cNBa9zcxRPrkIg+7 +d65QjdZNDV2zWTjv5GwzEMjWxhP7VpTwTouYgx9j2d2KpFo2jfhTtZ7OU7DDF9YT +FsaRiZHHZT+W/JHuB9Lxc55HkSagu00yTaZURc0olBui5c/hqBte1b3OWTjCmysG +mwDL2FwdmFi9mbEm77sdD8PSVfkZaBv5rIaet+Xe/JMZoz0WUkZRCFXMr6B7aOdS +WeB7kUsPh2J5dhf4x4YaxKLOHod9JQF/DGJsdexKqMTqM/xOMSQ1FTUMCQ5SBWJc +3PywqMB/0eqlteHydlk7bb9HLCT3M6vVxTkpj834wGRsoVXPqWKzAHPpO2kjxXtc +4DBh7T88YGE2k5rxdJHb3MjWVJQzHGhrO5Ji8CQaHjUJ4BTyim++RDisDi4C/QJ4 +qPOrafw/+KyJoWyfmAUpxplPvY/LKJlvKaKxmpwlildYjH7HjoYvCjagbSCUOnzo +uM//YIJ8/o8QdxEDdYiTd7cwskYWphrAlV8+vCl/Y0lepRf+hsUS+uZi/NX4qYMx +CTsewnnqJQduuehQl9/RnoBX9T04kS64cWNaPZ4dxZUYJm3us5QFcQJMysZ4tT1Y +A0oEUX1KUTDzTQXT/kFi8MtmXauJAj4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheABQJS1dELBQkF3R5rAAoJEPwbVHyNgXLIV98P/jcu/DiP/muH2Qsy +FtjscyLu1NzBbSFB9q1jMVfx3VbaIT22Ly6BIQNHF7L2fpjf36EWpdJzpfR+Glp5 +1+KqZgIMAW5CGguSy8v7iHs6Rh5hzChiF48wCqxUmMdQ0ITTrnAXIYq6H6s8ytKF +Y31znXmne1XYBg8e4yb3pcBhkzIPeVU7rMz9PjPB0+Q2jWCpqPA4eUSV8rL2TxFR +KbEt8XlkZ6yuCLnkN84aLZFxfZA1tIGifi0PpeaO2z/IwOmftbQRiljMdnsPye49 +j4wlJS7yRIpnH3nH9Zku/MrDV/M0z7BVwKfF2F95/2QX4Tdyd/UESTdLqGtXpX4c +axahZKrOhNr+k60qSBxoBqKauZkSbZunRnbYmVa3nA2kQuIPF9/QmoZgDUfdkKZJ +u1RjwcRUGKd1XV19QjUvBMD3oHA4G6Jbi5vWKQZ40KVcL78YIL7C8dUOiPIasA45 +olaGpCSsGsfrMp5ngegxM+uh9Tc2kTFC9bTqp17VYI96cAqGrEBUQrmLmZLk0HUm +a6MNZO/+vKN4UTlgjpjxZon+/yK8bsmT/VNie5hzqZim6tfztl3rpJ9jPUeLgr5x +oGePYV02inapzNHdWFHk0L9zR/3KKfJ3IRJwUXp00Eya28hEepIvdxgLYcN1UqVn +VuFuMY8zYSl/VXtPxySCLENJHxvdtClMZXZlbnRlIFBvbHlhayA8bGV2ZW50ZUBs +ZXZlbnRlcG9seWFrLmRlPokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC +HgECF4AFAlSXU9oFCQfATw8ACgkQ/BtUfI2BcsiPxw//X2xUctIrd1O7UOk7LHBX +/xI7xXoWQcA7l/1XMuZhM8yC8yIoAgvFrWBP1a29I0P3/yigkQXs+eTDTdvb0QP2 +q72q7Azt852v5u8+dHzoOXDpbo+4lfX+0OBDWimwJuChD8LQH7b7jO0oqWIV0AzM +vegFJVp3cDbyqw08lBz3xZ79A9JtBeewf6PLpXKjEVS8bEAZjZKjsjAY+5ShtJAf +PsD8r353dmkaHgC5Aji74ijZeY3PUCvGVVCGeN9isLnRpTEn7qUvN2DfHJU4w6aw +sXu7m7zidISo6dQLUzo54dHKWPGFy6INNkzXPOgrlbYnjt7v0Ou21/R6HrhdmsSw +lt7GALJcgAUxrcT/ljB3SZhSB0BdH0DXPcUziEdfhgMhhrXYpMjwH2XFBD1MLusW +GaVDbpPrSoEnmPVePcDUonDHePcuLjfOl13mOER1Kf6WFapOCa+4HCLakfKcPnGY +eyfD7Dbz3/046MmfQ8/Iyf8ipFXN6tI2WkRKj8uq9IFYrX3yoCBxZJN837DM3Grq +h48/T3pYU1f9LiekxbsgXmcHoGNdXX5+EsuO+QILZPttlG5QLuqFdJHei77uvW+B +4u8mgzi1Zhh0hRLm4K6UaJ/fBJ87BZSHShPKI9PI073U1O/CcYXnb8cdPLu3UgSQ +FM/bxT70TSYKI01Dt4KXRfWIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GT9FAJ47 +X5+0dQaOFkfy3WnMgX3AmIXJYQCfR4XL47rZ9a66jWaD0IbcXMK4oE2JAj4EEwEC +ACgFAk64PJ4CGwMFCQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwb +VHyNgXLI2U8QAJGKPv1gWLn7P1KeHVsKkfRf+zgdsoY4mF3bUjX/03z1h1OKp+S7 +gZD/ZI80ckw/ElgFt9sr8J+pOgHk+aGHW+V0cZNgDHXCINb17s+Ra7SA/SWeJOrr +d4IpvTnjGc88C/j+bzRFagfnGXU601PeJdXIe6H75xVGIb0DgQBfPB9m+7p3sq/R +6UigzLwwhIQRW/l77hq79v5Rm77e0GTfcYHSuKu2Itim8p5OYCNchr4ZpBzrv5cF +/nH+HyD0AnM1q4a3mT9y4abNgtxJMGJBoIUEDT5vaTRpPowVHIGg9QroHkrYkMWA +ffIBzoq38WLnPjvjNtTncyP7sjbP8KS7NfjxZ6RAcNO6m6BTDYG/lM9jwCcOma90 +RZDVYD8hy+z1hXWFfB7zB+5TYuuKV5SXZpS9/JUR1BuI44WkY0hLHUa7inpqLlqc +b9O7KYikgyaeUKAN5LkF8A7rMVzuhrSItNzJVOs7WLnNAe9+Frzqx/jZ9aU04avS +r5OlWLdL7k9JNDnsLFqNtG/XQ7Hc8CPl0HvY3YXYGD3xwW6Ua6+ykxZGmQGPB68W +6a7G5EX+MEWKZgMQYsl1HgU49/sOD6QnCG3m2IB7bRAf5Kd527BnSgAaYHjVug8G ++X9opDwUW1b73Ut5tWfZJqQ4XBjl0Hc7Zi7OtlqdBeKGu/65QU+N9x33iQI+BBMB +AgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8 +G1R8jYFyyPv+D/9lA9yMXPBROLaCRab8Ca2QJBEtpT6lGVlkQ5Am2C8xdoLGiuJF +E7Cn/lS1j4RSVDK6DELeaBMXaY2g1eun8g2ERJIUGC98zrPjZXs/ZtCZtX8vYr1X +Bf9U8Ty6N3rKgt1XHc1oMgzkKLUc72RC+P/fkDsiAg62nVcmOFFykyTXnpM/5Ux/ +9kaahjf4LwGeRqkDIoLrXdZ7FHPjei8VlKSiHTkl4F+UCzEySxiInV+BWAhL5Lvb +zHxHaNDCquOb2zbgafVKON3oa8nCZoUw3iwpjrEy/JT+1BG6vxyT/LX7wPG3SKEw +8QTl8YBF8wvHS0JHW4KTc4grCMNWDwfkrlXnp6ZzTpy4JXZfYs/ltR4FH3atDG2C +xRCSAWXkGyTPMZkougdDbJ3jjViYcWO6B//LE1qDjeC05O9G3MXVxu16M5U8nVA2 +B3bo5cVv7+ECBTKaAvG3ZV6eOaeJ63gHRY8qI7y5OgzuNfxUXMTIAjHfO2mvSy5M +qFgDI10F8rYevGOKxvPVE1F8aiD1uRAOMCcLTy3oUKHIdaskSytL1D/bT9WqWzii +OXhLhSjMzkdPSUWVABeC6KM+Jcll0A0sHTkKWS3mavx3dUacB+O4efuTKNhSvo7n +XhUvSOOikRityipE5Ma5WlXBiu54DdIMGFzANHFdb5GmC7da9F1aALkshokCHAQQ +AQIABgUCUtgrXgAKCRBH1QFsQv98LMmaD/9W2qJyFlZAsjOWgNQPwUU4vV9/Ursj +kt4RI/oS0Gzovw2bmL0a+Q/dp6wM4PBMuYQXCepF8V+o4uKzL2OjVZDVtU/KqGCY +rEigiAhG0gHxgF1ukc9JQzhShFeq7/wkY+FQ4MOhuhuUsSMlvFzAd1hY+xlvckol +DEeS54loDspUh4EwxsWlopaA1rs5dzVXrYcinz9iDzLj6ujb6uJzCQVogk9w3dv8 +smKn81TVhtR4RFecqL9mURZcGnj7NV3n2Lrl2Pe0u/DiTtpavCkzVx7v9qiB/2Di +dqWR7OtYcywUr6lZeZsNabNwntPxSP7V6EcNXF3Qpi2IkAcwdJKb+aIG1v7/Wx77 +GhpBhbtdgKEebttzO4EVVeE8a2kmgqc8VXeAeqI89egU53dUdAinejFVDyemxHnJ +L4L6uVnSxbk/vRzu+fr6EaPyBsqORGXj2OuwxlWcnWs/N9XzNaiq6funedUSYtbP +trdpt7ogvzrQew7wetcwfxSB3IWcVwA9QvGDIBHTWPrb87jKV153w9I+cSfz9jg8 +qTIOw4qad7VOC4L1oaoRsLq6VFgnoW5DLsuhaVd6fgdY/byL6H5q2FPYJ+F8ovhR +2yPlQm8UYIFwmnwzpnuGBaPtU0bP7C+SNMK+G/9+b5q4psh1MnK8sg1RfSr1w7sw +b+Tur045QrUDu4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AF +AlLV0QsFCQXdHmsACgkQ/BtUfI2BcsitRA/7BbFuuAXPJMA4XtPhlYbfhNkYQ7+v +vx9HIZ1SgJfhpYwt/vbNTVclO79XD65v5JSWx+0gVJfHNolP5umB0++giIw9NCIx +uVa5eh3kS5NFfJ0YHrYgpFDdZPHRA9wI+oZgJBC/Cm40kafgTUoPFqXb0Sdlcz3R +hciLZBgYXV/uYubczfmAaJpmrVI1UuUWYrdPnmUkgitp9e6IePYiKVDeIGhBW8Bc +7Nbs2hc9yH1zwv3Affs8m+4tQQiwQHsB29WEZcmBuFllTbA5g5bvTvhfCRmYVgWC +Ti4SW+uA0B05a/aVP8fDXk82qCQ4cRB1BOwVNn+1/Aqcw+Zh8KKzH8gpPcsKGGP6 +uNg9uinuxYDneEY8cG7FSpm3XsXu4q4N6j5R63U6hz39pY/5Ib8mzYMEoLEZOLPu +CkVH9OOQc8zuiRL/wGc0pbMiGPEp13rAI0WbIFahrWS60bwtM1YEM5Ep8vD3TLl1 +pTWlF/zWpM/uJ6n/4nDXGQsGzKQn5D5Nsu7+55C0du0d1VRvYd8oG3AaNqhtM46V +C4eOqxH8XZtkJ3WMxhsHnV9acuDTpn5E5JKL7vEq0btN2UQ69lpKv7PmV/TgOJhf +KKvHZ0dh6KYY7iKW7NUCouLGibBoxDa+K4reh0i0M5UcsNiPkCqDIHUAIxW6FrvQ +xBr7NgCls+B9Kwu0JExldmVudGUgUG9seWFrIDxaM3IwLjB4MDBAZ21haWwuY29t +PokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlSXU9oFCQfA +Tw8ACgkQ/BtUfI2Bcsg4cw/5Af5/cxr5s8qiPvcGDglJyzFj8VBk0d7hpgdxcOi3 +VCOJY4YRoliu8WKThwxt7sD03fSZurFDDx+X27y3zPtgH/qBohmcr51jbSNom4mH +Gf8gpViFqbQlFh7tYz4kSQExgmpFx/FIaxmwFoEqiVrp6VpM2DZ6kg//4M+Ka2Mt +nuzV3C631A0eoMCJhPWPTgkGGknURvzhw6m2aGFWC/HE1yzf7Ej7fQeaqIxIG4Wy +Fk3lMV9rxMxGuUZTqIhvcU85JSriHowfX1VsAI2LXJYQ9c0jI737FcLwHv8VCa5s +NKDkLkb5S83/4Ep8e9M+a7u4WvkAqzmPfSna7bLxdsTS5gKGqEtMvMP2YGWWQxSR +GRSttiMmIC8Cnd45S8cASA2mR/ebNcrYOpa48cjYpBKDG2BIYU7oSLNulsM1qbxL +WJ0QM/g7iKHcrXhyIBaI22GS9hvmYcS960cox9oPCvNZcOKA6FBklnUg/ReJ3JTj +6D6v9SUxOOfXPQIon8EzB7BNKGedHxCFgniZnl10k+pP34YGyphMZTYGdhtAm6zq +T7PlraHQaFgQ3ba78lJcn3cWVZYpbCNJiH+Nna/Akm3/qQKTst3eW1lqopffCs1m +F6G6wjiHCw2bio5uX1c/gDr4Peh0E28heAqKopjultPXPZbSZL4D3fJIGP2j6e1B +wvmIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GcYrAKCgKW+qFwbMNeh4ikFg9fJx +4/lH9wCdGevT7dwBzPe6L+aWZxipEXYmjx6JAj4EEwECACgFAk64PN0CGwMFCQIc +hwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwbVHyNgXLIThYP/AnoLpQl +whEEKaIhOSOKXegfdUHK6cL4cHRACzRIbBk/S4G2Vg/bnUW8tvWZDQLZ3CGL8Z0F +tNQ6GusUxt7mcYdSj7xynbi7bZiurgYp7B7hh1hVG3pAXEwlDnJgfoc0YZHrHZwt +HnNVYOfGEQF4zyplmUUxDyp/ZMYcXMr3PVJkYBJhYKCHOkMUtzzNjSSginaqZY1p +fgbP+Gou/9qgotkYiH84oUG9yTSKLIO5x0WzQYuoPNJyOdSHaLPfEqCC435vCYT5 +YLZB1YI5xzQiGsAL//cUCe267oiFmO9Ioky/azeX1Ouy2DH8uEDQPQFTJYXt3CbL +i10HkoBWdmncPC6+b0IJjDUo8Iv4yk0xFt2/DGkGK3h6jJxJ9pzx5KBT46iLfU50 +iTWMTguXn9ud/UJV0MpKgKjvO9hB4fae60n2UootknzEw6Y5W55PfGkT14WcrGGo +WHLSbpR6+gA9apU1cdoOC8nXlf3Eb2No6LP3X7RJXqiRsdP0s6QXkZGfR/qyNXI9 +S5j6wIyqNFU0cX21UgI9oJSKEKIKEFacgyD9za0gswEI+DZr8/p3cJE89ZX8ySgO +FG148wgaakTNGyGwR6aogGZ8IAHc83bnwGCgTeK6ZPSKNLSE/sImcTOrxIN1/x39 +r8o0TxuZjqFH+zKWfpdHX+sJLyi8Gs29CsUhiQI+BBMBAgAoAhsDBgsJCAcDAgYV +CAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8G1R8jYFyyLl/EACG6QRV +kKVBoI2Ycr4UISk2+gCD2r4xSK/QLEhDFcZRgMctvPVnhod3uJOsMGJCk3aPGu91 +Jtwuj0CkeURa/cVzOjC+f7baveTuWQaAqW+r70m6F4gYHU0aDD/uQ75rTCcrsmt2 +pnZCyA9jLJxQGG11AvbOcV+7K7BuIvXs4iAactZ0hRvDVuGXuup2LnUbxyBU2oj7 +OWCXKTpZcJ0KGTWapMf8ClYYsEgS0wvMWotJzAov7ijkoP2DyEQVOPTnGWcfjsTk +QgbyqiFeBl+3IT4+xSzkPsd75dCYhsHBvCoT8cfUH4wvDXzU2CwpC1CDfHit6Hw5 +UigvZ8HXyn00Bm0UjLHGW+haS3kyOoz+z09gVFYd33cpjSnFr5is8ZMBPW31PE15 +q9/l6G/o6OGJCtOax3Yi6ttqn+KbDXIooZoRPZlayOSghyjoD40+ErevmqZPfJ3E +o1kHz62B1YpoXmhUm2Ihf2SbjWJRaW9Hp2nd81kAAXjr+8k4yvOuHxwYPFnpBjfV +cfYNQ3Zf5xF4nfszFuZMc5JYrIR3EYVgEk+n8VpulAqd0rXUEODwGy7rPjdxLY7w +DhUEZMQN3xweIb4vjPDBb0Ax3ACyfWKIdT0kC3rGOy9xyCzxWO2CjHMjrbxy4jL7 +B0WIQ5fpRcV2+wozs2WYgJKVKJgJZGYsW8dDLYkCHAQQAQIABgUCUtgrXgAKCRBH +1QFsQv98LIX0EADVefJUEMGKiTFLwUmWNF2X4oCzEZEMsQ6NliiQFvtNkKrT+OzZ +zggxfINUr0XEKgjjoGZ03Hmm7xAFc1Y51QZEr25H18PuSixz2YSHPqYwwVgLUh0v +u2AqaP0mQckssK+ZAQVvoZ7ZOI22ZXIZ6CPEPY6aJawHov8Strlm8oTbFgLfZ5Wo +3NCxMkkq3NFNHuwesccelNPefgnFZWhwr1mkUeX+rCAbQF/QHYEAi7KjfKyY+XKs +ccjYS+RWxpte21ejngp7pRYli3M8cZoaWKCzLTrD8gKztlo3op9Zc2+hjOY9gZtG +CaXkN8lchJ1yMyWju61ZO++AJq6S2OdBVxgsj9xPm+x91RbZRHQmUuq8mefUzaEm +NHE29udVFfuV//Fpabi04IrOuabkrSvP27eX9FT1y25tKFHuJdL5fDUFGnNnTvcR +X51lJmvnuIKJQ+Lthup7npS0L06+dPIDoqyxF8hmdu3RtwEsvkboPaxx5XTB5d8y +3wzBFWd4ePwBIumrY1YHSzdJCvyyLRXZbSOsHXgZfhfQ1LVgxxebP7E+stWqGLLC +Fry0WGG8f/UUgVr1QpluT6NjioUnuI/ZmKR/aKewqVYWAnr54fF+np4VdxPfYwci +lpbXpkamORZqPfq/nyoWgnp+y4AptDdDkSWnFxfcJ1wnFFcrHVUSFQ1wBYkCPgQT +AQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlLV0QsFCQXdHmsACgkQ +/BtUfI2BcsjV6w/9Fe1+3Mc6wG3R9VbxiYo13/JV4t+tA9/tcJ1R/Y96eAqVajoK +c2ZQ7FrimmlzvLIvxpH4Z76h3NmPWfOQ6qEumZQ5BM3QwBfQQ3Tmj10gfiL5vOZJ +6dUaJjwXgjz0Qyk1G3gw7K1xmtnXgBPyGT9T9q3OAhHHdV2b6xS9dWoNKhUV8GUn +HfIKwq+87aZqexjFE7ubZdOAe+5nrqnlMEfJKgDjXbazES9IYvPQiSjwR3xaIPOa +ma5WfQV0SHg3Vkhtv2PjuoYWNfNy17N7u+dfg7nAtKLIQCPht45uKk66BYWYBoDI +VQfg6zcFLpdNcFzzwmgrYRZvEvBf5aSG3KFD7UReT0695/lHheRxEAA3thsx8gaM +CCavtVxbVUluEfYZ7TgXLMuIO9OBKhi7MwB3iL5qacrNShMB+1J5FxieJBmWXdla ++kCdCdS+9kIZH+mnQ8daGEJ5R9mNcVwcWasI0o9NObqIZwhKw4obrC5Q7m2NfXL6 +FUScfA7yn7+/icdQB9fH2ZXGJVuNm1b8OBN6Nbz0QauaCystWzKXKwpVb/5M623v +Vw75RfnqCFiAf4tX58nL/QalJc4C0E+TvQ2pXC47VQvHmiAB31vKvU0nbo+lzi64 +hAPWJnhr2pmTvglquTFzLwEsWfO4zDtUwFo8KM1XFsonaoX5UzGTXPmIN5+0J0xl +dmVudGUgUG9seWFrIDxhbnRocmF4eEBhcmNobGludXgub3JnPokCPwQTAQIAKQIb +AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheABQJUl1PbBQkHwE8PAAoJEPwbVHyN +gXLIdGAP/0ch1NeFyXWszqA5ow+itBn6iyUaplXB5I56Q77cTIFB6LqJ5+2kdUuO +UqPvOilGS3dxbyDsSdWDLs+bHRFG4uqZyGUDhmu2mvS+uDqPFwcKJUNDlgdccxph +sA5HJFGg1ca0TWWg8vjwANdU4sL9Ujbaw93v0Mx/1+aSIxyEJBNxc6DJWEfCjpSy +R9JB8WTHgvxEAImVNsT1OGNTvd2DN+17WBhxBktLHDocIGJ/fttzFgKkv6NTPwt+ +y4QyP3UgeYRZR21B6MVckk2/UuCuCY7gAGruTFVoINa/Wqn2YPPZhJYrTX7ysDaV +QLObxlepeo0UWC7wFEiuqu5OM75MWLUX8j/1OAIE6my85vrlcWSf0Z3jOAgPTjJw +VT5h7T/7NPP2azoIlOE2bh5UcKXFkT0xDYPcMr2hV2Ih+jU+Ygiyg/1yIIxearmm +PFjfIHMLepa+7RPtTlHwu4fpNPXzL13W6PXSoCTTi/suGlYmSyLtOwxq15GGT3vg +1Xh8wfkuWwbWJnBKXtt8HkteQRgDngDnRSJwsO2nnQ7+sr+F8J3rQDdlVdVcolic +ekup8ZgSjJYinfcpF+H+qy2kK2jOYyyHI/+zHQtwy1R7MbLwPJe7WNWrBmEvmazB +2//Iu5EVIfFX3flPjeRQbKX4B/SuXF48uo0/8WfdgaMW8glRWJnbiQI/BBMBAgAp +BQJUSwOnAhsDBQkF3R5rBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ/BtU +fI2Bcsj5ihAAg0d0A8OUsNWG7TiPQTuC/D4e/5JTkJARmQ5xO6gMPxTpjSZCyWEl +7gQOg/liU8nz5HZGaJgg4HuBwTs6euqdnVi6zhW1c1wye2thGTQ7DeSPJnhju3Qe +mPS1jEdC34lXCo6eGjdKnGb7TV7hkptHKHh7XCU9n6qcXQ2cNQQbdqSCRsfVm1XD ++p+mM/FGOz8uFOrhERAUl99WkVZ4NKTdws8U6FXulbdWrWwI4eRggIdwI/Tl7zuy +ja7KxBCCeJ/gFY6g+iOYmIo6//bJITgmAG60hFHJ9JigcN6xglYFI28TCdNqM0+C +hgbZUner0vLmaxRNoXqV9Xw8ihNMQa7fUFYkX8VrXOdLdVvee7OaeLuWWE8x6usQ +NzgLDQQx9fmxtrQY+dC6Y25IPMm094z0nrbM1wtfG2+8Vw4mQ2U099fT5t3Yl7fE +PlanhgQxRZE78PxezyYxms4HV+wqvrhlBzFnWAd6H27uDPfUfO9cLgbmFTUlwFhg +gsDeIFRFx8+h4/0xAIPqUODmTiN0mj5sLRW7zvqZW6zhsGIMdPd+IkhHiGjeJqme +Ai0iOjpV3tRteoW51/+/ajPmyUBbvOxiFJNADHH2NvqoBMU1pkTvpc7Wy+2J9VcF +4TFdWBbwjU8BoC3ZgixTrT0zCSwabnKriglOhA5Ik/n5HsR7S76V13y0KExldmVu +dGUgUG9seWFrIDxhbnRocmF4eEBoYW1idXJnLmNjYy5kZT6JAj0EEwEIACcFAlSX +VHICGwMFCQfATw8FCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ/BtUfI2Bcsia +Wg//SKLFNUTEBQG11cV/AljxmI2s8y+cPKs3VqlwEjiuRMu4DRkFVaZNEuPq0b8q +8pwcHIJ5/nZvOticm9M/g7TrTp3pOxmSYf7WG31vVrprig22dz8WxQAy76srNn1z +stg0TFO7nKNVjZOFz5D0RpWazwnXyDed3l2/7RZ1CMv7ue/rZez8FnDHN7Di3daX +AJ5XkvDAsD6AITYQd+4XEbh2rt9p8G6qUUjwzoVU/aGVgo1CGZydYMJQVccNL7kv +fumnwkAED8u9j0ZI+xfaD3c1rP98bnqk9u8rJPCAeIkA4ppisDb7noz0NaO7dDyM +ywBK4OR478fw5h7GfiIwZdVAHkCoEHNvF1ON8JnYgyplLvZvxZ0dtYGDYDiFdORN +gVgGMU12kemPws4hEx3WMgUu/BBkF58XyQyqcwt7q+WGI2lQ88UzZ/FAsu8i8r/J +jkV8FsiCJ2rSHEMddmOHoaTM+6oB2i9kZo7KmToSZu7DxuemlHpuOO3kG/iRga2y +NeancRJwbxgZhNGBbhrA/7k5UOcXkmfW74oBkbCci0ncVhHu12dsJXhk+eprkOXv +nD1vEIeuzL4V/SMDar3SxFlfLFwQk4cn9+pdeP3LxwHKBn74pABsbEBhEY4IjUEL +YOTEVoP6s+Ou1NcLxFl3elmniwL2+GV5rDM8pctkKNemtZa5Ag0ETrg4RQEQALfu +qEihKS+DTVlWUujzSq5zK/5oQ1ZL8AiTUTZuVtrRWCq0HE8tWaVxEP3Vt9FCo7yF +afXigokChzHOgzczg80tctrlv+vbFyaZnjGQH20Nlz8EnZP102zudx/RdFXG/up8 +PX50Eck2lH+IvvosMLdvrZTkFJ4SgqMGSoAgMhJHZdZB5N0y8yPPAjcEnSXp8L2A +mo9e0egCrEuqBrCZld00nIoipyDlYNZkLjPf0JRgFPO/AWWgBZLvLlteLu0emq8N +96bT3QTdXpRVPM0qeX94+2gIj+0V1uQ9+k5Xkslbbii9TnOzMnLRO6dBAONVTTb3 +ajzdXK71iv2a8Y9lKShxhYWP9JNOFlXkAp+ZoD7EZex4dgu6giV3PrTDJLyWSu41 +WfqOz6cJGpJSTacrenC542ynAaSVKXH+1plqB9kq/M7HtE/P4GveQXIVT9Sho394 +4hwkuETo20KwCgFPMmiNaBysnOykIcDsDutBOyygdovzdGEyHVsM8/kz007QFgJf +hKy91H6O/Cg7VH+yaUKllRZ+kFsoSy8/E0IqLzqBHG3sUGM6lJ0Q9fgSnpzIZsdE +jRhczNCvlovGLa/kBHcEUWQ2zrjnfjsLkxvamKJ8N6LLIXIDRv5dE2smpdi3oiVg +XdOKshyXB+obhRFlWtirK4udX5yYzUpcB0zBoo1hABEBAAGJAiUEGAECAA8CGwwF +AlSXVAEFCQfATzwACgkQ/BtUfI2Bcsj0Tw//dyDYwcnh0BIb+nDCXFC91KiPUILa +f+wI5w6c9YYEo6TR89q6Wsq8EDiqcqSJcztuNvw3MZGHWA25nNB/0046CGM/tUBd +Jyudd3TxQBi6XMMSTbG1EMtSN1UMV4guuUfYcAGW38oZ+YJACCBFFz/Kt0aa/hhi +/hBNyvI73vZfQ/fsScFDewkxikUEspRsLVmX6gaEmumOxOhJP3HBoxeBCM4Z3IXo +dON2SiiMxt9BPIPJOyKNkFQGQ3dqJIag3GnsZ1s0CEoi8iqF7uS4RjC7uOJtvn74 +CODxg1Ibl1IweyAuBEA80wUh9DGLAdRJpxWy1B2fDhIROvpcg0R5p6j9UX0b0esc +jKLQEiE1wRswjXhWpZhe7Pjl38KhwqMyaeR3OnDtP7JXazIG6HiBIp4cx4k5A2TT +X+LhvG3NHCeuxIyjLTRTWgv241kf7uAu+qgjHDSKXQqpjvo+cUYQgSxQZZXnmlz0 +sz/tEeiWl+i8kW/RNKQvNNR8ghWDW3YRak/zS+WFNoLZchecIzMj+je1vSg411o4 +Xd3LHDur6boCetaq7ZkqoS+NcX9n8MnKhHKYJblvXyc1h67s90+wSwhlumA8WqlM +yqn99m13aF8GuGZbw5B2/x/Cd7WW5wZV6ioola/yqDXB1XtDFBy2Hxr/VMRlE3Cu +kekzzVjVTZxOgZE= +=yRuG +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json new file mode 100644 index 00000000000..24c44dd1ed1 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -0,0 +1,27 @@ +{ + "4.14.176": { + "sha256": "0pr3m2j63mc746fcbzg1hlwv85im9f87qkl6r4033gwnpa9brcgk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch", + "version_suffix": "a" + }, + "4.19.116": { + "sha256": "1f54g0xw708kxha07nsb979h5vwxjrkbwa5h04zny2kq702x1h13", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.115.a/linux-hardened-4.19.115.a.patch", + "version_suffix": "NixOS-a" + }, + "5.4.33": { + "sha256": "154iz7i9l0hihjrmfk6rjh7hhqwyhsdjr2c74m3dhadrlm5hwy89", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.32.a/linux-hardened-5.4.32.a.patch", + "version_suffix": "NixOS-a" + }, + "5.5.17": { + "sha256": "1lms090kkk4vlvfssqsm7r3j88hlf8smrnpcgq24v9rq9pbr0fyw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.17.a/linux-hardened-5.5.17.a.patch", + "version_suffix": "a" + }, + "5.6.4": { + "sha256": "05wkzh7927n71x4cl69mclc44grqpnx6i65hli470q1rg1qrk26n", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.4.a/linux-hardened-5.6.4.a.patch", + "version_suffix": "a" + } +} diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 2b718551cc7..69b0197d4e6 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -1,4 +1,4 @@ -{ fetchpatch }: +{ lib, fetchpatch, fetchurl }: { bridge_stp_helper = @@ -38,6 +38,21 @@ patch = ./tag-hardened.patch; }; + hardened = let + mkPatch = kernelVersion: patch: let + fullVersion = "${kernelVersion}.${patch.version_suffix}"; + name = "linux-hardened-${fullVersion}"; + in { + inherit name; + patch = fetchurl { + name = "${name}.patch"; + inherit (patch) url sha256; + meta.maintainers = with lib.maintainers; [ emily ]; + }; + }; + patches = builtins.fromJSON (builtins.readFile ./hardened-patches.json); + in lib.mapAttrs mkPatch patches; + # https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6 iwlwifi_mvm_support_version_7_scan_req_umac_fw_command = rec { name = "iwlwifi_mvm_support_version_7_scan_req_umac_fw_command"; diff --git a/pkgs/os-specific/linux/kernel/update-hardened.py b/pkgs/os-specific/linux/kernel/update-hardened.py new file mode 100755 index 00000000000..089e991d06b --- /dev/null +++ b/pkgs/os-specific/linux/kernel/update-hardened.py @@ -0,0 +1,200 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i python -p "python3.withPackages (ps: [ps.PyGithub])" git gnupg + +# This is automatically called by ./update.sh. + +import re +import json +import sys +import os.path +from glob import glob +import subprocess +from tempfile import TemporaryDirectory + +from github import Github + +HERE = os.path.dirname(os.path.realpath(__file__)) +HARDENED_GITHUB_REPO = 'anthraxx/linux-hardened' +HARDENED_TRUSTED_KEY = os.path.join(HERE, 'anthraxx.asc') +HARDENED_PATCHES_PATH = os.path.join(HERE, 'hardened-patches.json') +MIN_KERNEL = (4, 14) + +HARDENED_VERSION_RE = re.compile(r''' + (?P [\d.]+) \. + (?P [a-z]+) +''', re.VERBOSE) + +def parse_version(version): + match = HARDENED_VERSION_RE.fullmatch(version) + if match: + return match.groups() + +def run(*args, **kwargs): + try: + return subprocess.run( + args, **kwargs, + check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, + ) + except subprocess.CalledProcessError as err: + print( + f'error: `{err.cmd}` failed unexpectedly\n' + f'status code: {err.returncode}\n' + f'stdout:\n{err.stdout.decode("utf-8").strip()}\n' + f'stderr:\n{err.stderr.decode("utf-8").strip()}', + file=sys.stderr, + ) + sys.exit(1) + +def nix_prefetch_url(url): + output = run('nix-prefetch-url', '--print-path', url).stdout + return output.decode('utf-8').strip().split('\n') + +def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path): + with TemporaryDirectory(suffix='.nixpkgs-gnupg-home') as gnupg_home: + run('gpg', '--homedir', gnupg_home, '--import', trusted_key) + keyring = os.path.join(gnupg_home, 'pubring.kbx') + try: + subprocess.run( + ('gpgv', '--keyring', keyring, sig_path, data_path), + check=True, stderr=subprocess.PIPE, + ) + return True + except subprocess.CalledProcessError as err: + print( + f'error: signature for {name} failed to verify!', + file=sys.stderr, + ) + print(err.stderr.decode('utf-8'), file=sys.stderr, end='') + return False + +def fetch_patch(*, name, release): + def find_asset(filename): + try: + return next( + asset.browser_download_url + for asset in release.get_assets() + if asset.name == filename + ) + except StopIteration: + raise KeyError(filename) + + try: + patch_url = find_asset(f'{name}.patch') + sig_url = find_asset(f'{name}.patch.sig') + except KeyError: + print(f'error: {name}.patch{{,sig}} not present', file=sys.stderr) + return None + + sha256, patch_path = nix_prefetch_url(patch_url) + _, sig_path = nix_prefetch_url(sig_url) + sig_ok = verify_openpgp_signature( + name=name, + trusted_key=HARDENED_TRUSTED_KEY, + sig_path=sig_path, + data_path=patch_path, + ) + if not sig_ok: + return None + + return { + 'url': patch_url, + 'sha256': sha256, + } + +def commit_patches(*, kernel_version, message): + with open(HARDENED_PATCHES_PATH + '.new', 'w') as new_patches_file: + json.dump(patches, new_patches_file, indent=4, sort_keys=True) + new_patches_file.write('\n') + os.rename(HARDENED_PATCHES_PATH + '.new', HARDENED_PATCHES_PATH) + message = f'linux/hardened-patches/{kernel_version}: {message}' + print(message) + if os.environ.get('COMMIT'): + run( + 'git', '-C', HERE, 'commit', f'--message={message}', + 'hardened-patches.json', + ) + +# Load the existing patches. +with open(HARDENED_PATCHES_PATH) as patches_file: + patches = json.load(patches_file) + +NIX_VERSION_RE = re.compile(r''' + \s* version \s* = + \s* " (?P [^"]*) " + \s* ; \s* \n +''', re.VERBOSE) + +# Get the set of currently packaged kernel versions. +kernel_versions = set() +for filename in os.listdir(HERE): + filename_match = re.fullmatch(r'linux-(\d+)\.(\d+)\.nix', filename) + if filename_match: + if tuple(int(v) for v in filename_match.groups()) < MIN_KERNEL: + continue + with open(os.path.join(HERE, filename)) as nix_file: + for nix_line in nix_file: + match = NIX_VERSION_RE.fullmatch(nix_line) + if match: + kernel_versions.add(match.group('version')) + +# Remove patches for old kernel versions. +for kernel_version in patches.keys() - kernel_versions: + del patches[kernel_version] + commit_patches(kernel_version=kernel_version, message='remove') + +g = Github(os.environ.get('GITHUB_TOKEN')) +repo = g.get_repo(HARDENED_GITHUB_REPO) +releases = repo.get_releases() + +found_kernel_versions = set() +failures = False + +for release in releases: + remaining_kernel_versions = kernel_versions - found_kernel_versions + + if not remaining_kernel_versions: + break + + version = release.tag_name + name = f'linux-hardened-{version}' + version_info = parse_version(version) + if not version_info: + continue + kernel_version, version_suffix = version_info + + if kernel_version in remaining_kernel_versions: + found_kernel_versions.add(kernel_version) + try: + old_version_suffix = patches[kernel_version]['version_suffix'] + old_version = f'{kernel_version}.{old_version_suffix}' + update = old_version_suffix < version_suffix + except KeyError: + update = True + old_version = None + + if update: + patch = fetch_patch(name=name, release=release) + if patch is None: + failures = True + else: + patch['version_suffix'] = version_suffix + patches[kernel_version] = patch + if old_version: + message = f'{old_version} -> {version}' + else: + message = f'init at {version}' + commit_patches(kernel_version=kernel_version, message=message) + +missing_kernel_versions = kernel_versions - patches.keys() + +if missing_kernel_versions: + print( + f'warning: no patches for kernel versions ' + + ', '.join(missing_kernel_versions) + + '\nwarning: consider manually backporting older patches (bump ' + 'JSON key, set version_suffix to "NixOS-a")', + file=sys.stderr, + ) + +if failures: + sys.exit(1) diff --git a/pkgs/os-specific/linux/kernel/update.sh b/pkgs/os-specific/linux/kernel/update.sh index c7fcc07ea0a..c483661b6f5 100755 --- a/pkgs/os-specific/linux/kernel/update.sh +++ b/pkgs/os-specific/linux/kernel/update.sh @@ -60,3 +60,6 @@ done # Update linux-libre COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh + +# Update linux-hardened +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-hardened.py diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 5ba9b723edd..b3158b1e9c6 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -249,6 +249,11 @@ mapAliases ({ links = links2; # added 2016-01-31 linux_rpi0 = linux_rpi1; linuxPackages_rpi0 = linuxPackages_rpi1; + + # added 2020-04-04 + linuxPackages_testing_hardened = throw "linuxPackages_testing_hardened has been removed, please use linuxPackages_latest_hardened"; + linux_testing_hardened = throw "linux_testing_hardened has been removed, please use linux_latest_hardened"; + loadcaffe = throw "loadcaffe has been removed, as the upstream project has been abandoned"; # added 2020-03-28 lttngTools = lttng-tools; # added 2014-07-31 lttngUst = lttng-ust; # added 2014-07-31 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3cb27cf590e..63eb7e00d60 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16978,7 +16978,10 @@ in inherit stdenv; inherit (kernel) version; }; - kernelPatches = kernel.kernelPatches ++ [ kernelPatches.tag_hardened ]; + kernelPatches = kernel.kernelPatches ++ [ + kernelPatches.tag_hardened + kernelPatches.hardened.${kernel.version} + ]; modDirVersionArg = kernel.modDirVersion + "-hardened"; }); @@ -16988,9 +16991,6 @@ in linuxPackages_latest_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_latest); linux_latest_hardened = linuxPackages_latest_hardened.kernel; - linuxPackages_testing_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_testing); - linux_testing_hardened = linuxPackages_testing_hardened.kernel; - linuxPackages_xen_dom0_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor (pkgs.linux.override { features.xen_dom0=true; })); linuxPackages_latest_xen_dom0_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor (pkgs.linux_latest.override { features.xen_dom0=true; })); -- cgit 1.4.1 From 7d5352df311dec624fed63d6988f9ac999547769 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 5 Apr 2020 05:24:02 +0100 Subject: linux_*_hardened: don't set X86_X32 As far as I can tell, this has never defaulted to on upstream, and our common kernel configuration doesn't turn it on, so the attack surface reduction here is somewhat homeopathic. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 3010d87a178..7e6f514e19f 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -19,8 +19,6 @@ assert (versionAtLeast version "4.9"); optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { DEFAULT_MMAP_MIN_ADDR = freeform "65536"; # Prevent allocation of first 64K of memory - # Reduce attack surface by disabling X32 - X86_X32 = no; # Note: this config depends on EXPERT y and so will not take effect, hence # it is left "optional" for now. MODIFY_LDT_SYSCALL = option no; -- cgit 1.4.1 From 3d4c8ae901585b3ad9de8a68df6c3ebaa4bde4df Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 5 Apr 2020 05:28:38 +0100 Subject: linux_*_hardened: don't set VMAP_STACK This has been on by default upstream for as long as it's been an option. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 7e6f514e19f..302170f2f5c 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -22,7 +22,6 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { # Note: this config depends on EXPERT y and so will not take effect, hence # it is left "optional" for now. MODIFY_LDT_SYSCALL = option no; - VMAP_STACK = yes; # Catch kernel stack overflows # Randomize position of kernel and memory. RANDOMIZE_BASE = yes; -- cgit 1.4.1 From 8efe83c22e8c7a33847255bec30c4a9d5be8abe9 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 22:52:42 +0100 Subject: linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR Upstreamed in anthraxx/linux-hardened@f1fe0a64dd532551b048d97b35473c25809f7a0f. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 302170f2f5c..154365a5be5 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -17,8 +17,6 @@ with (stdenv.lib.kernel.whenHelpers version); assert (versionAtLeast version "4.9"); optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { - DEFAULT_MMAP_MIN_ADDR = freeform "65536"; # Prevent allocation of first 64K of memory - # Note: this config depends on EXPERT y and so will not take effect, hence # it is left "optional" for now. MODIFY_LDT_SYSCALL = option no; -- cgit 1.4.1 From 8c68055432d501d604e906dfca242eed60c48e35 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 22:55:15 +0100 Subject: linux_*_hardened: don't set MODIFY_LDT_SYSCALL Upstreamed in anthraxx/linux-hardened@05644876fa5dc3a67a8ea4b396e2214a2f8e8411. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 154365a5be5..75cfd68ef0d 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -17,10 +17,6 @@ with (stdenv.lib.kernel.whenHelpers version); assert (versionAtLeast version "4.9"); optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { - # Note: this config depends on EXPERT y and so will not take effect, hence - # it is left "optional" for now. - MODIFY_LDT_SYSCALL = option no; - # Randomize position of kernel and memory. RANDOMIZE_BASE = yes; RANDOMIZE_MEMORY = yes; -- cgit 1.4.1 From 130f6812be4a3ea5ea7ed5403f1741bf8ffe1e19 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 22:57:15 +0100 Subject: linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY} These are on by default for x86 in upstream linux-5.6.2, and turned on for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 75cfd68ef0d..50bc120ff0f 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -17,10 +17,6 @@ with (stdenv.lib.kernel.whenHelpers version); assert (versionAtLeast version "4.9"); optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { - # Randomize position of kernel and memory. - RANDOMIZE_BASE = yes; - RANDOMIZE_MEMORY = yes; - # Disable legacy virtual syscalls by default (modern glibc use vDSO instead). # # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism, -- cgit 1.4.1 From db6b3275086f2d27d5d419af7f6025cf1fc70d65 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 22:58:45 +0100 Subject: linux_*_hardened: don't set LEGACY_VSYSCALL_NONE Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 50bc120ff0f..589dc50892a 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -16,14 +16,7 @@ with (stdenv.lib.kernel.whenHelpers version); assert (versionAtLeast version "4.9"); -optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { - # Disable legacy virtual syscalls by default (modern glibc use vDSO instead). - # - # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism, - # which is supposed to be safer than the native variant (wrt. ret2libc), so - # disabling it mainly helps reduce surface. - LEGACY_VSYSCALL_NONE = yes; -} // { +{ # Report BUG() conditions and kill the offending process. BUG = yes; -- cgit 1.4.1 From 33b94e5a44cbd80af7438353b7cfd9935830a519 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:00:52 +0100 Subject: linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION Upstreamed in anthraxx/linux-hardened@3fcd15014c8e99828de0f946611d715411dc611d. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 589dc50892a..68a15291747 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -20,8 +20,6 @@ assert (versionAtLeast version "4.9"); # Report BUG() conditions and kill the offending process. BUG = yes; - BUG_ON_DATA_CORRUPTION = whenAtLeast "4.10" yes; - # Safer page access permissions (wrt. code injection). Default on >=4.11. DEBUG_RODATA = whenOlder "4.11" yes; DEBUG_SET_MODULE_RONX = whenOlder "4.11" yes; -- cgit 1.4.1 From 303bb60fb1c5332e478d684cdf382245e57db8a5 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:01:32 +0100 Subject: linux_*_hardened: don't set DEBUG_WX Upstreamed in anthraxx/linux-hardened@55ee7417f305835e6e0880ecf0b1aa334f7aabf4. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 68a15291747..4e1c79b477e 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -35,7 +35,6 @@ assert (versionAtLeast version "4.9"); SECURITY_SELINUX_DISABLE = whenAtLeast "4.12" no; SECURITY_WRITABLE_HOOKS = whenAtLeast "4.12" (option no); - DEBUG_WX = yes; # boot-time warning on RWX mappings STRICT_KERNEL_RWX = whenAtLeast "4.11" yes; # Stricter /dev/mem -- cgit 1.4.1 From 0611462e3350df51a1eeab9fa72d181730105cb9 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:02:31 +0100 Subject: linux_*_hardened: don't set {,IO_}STRICT_DEVMEM STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081. Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce disables DEVMEM by default, so this is only relevant if that default is overridden to turn it back on. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 4e1c79b477e..14503854d3e 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -37,10 +37,6 @@ assert (versionAtLeast version "4.9"); STRICT_KERNEL_RWX = whenAtLeast "4.11" yes; - # Stricter /dev/mem - STRICT_DEVMEM = option yes; - IO_STRICT_DEVMEM = option yes; - # Perform additional validation of commonly targeted structures. DEBUG_CREDENTIALS = yes; DEBUG_NOTIFIERS = yes; -- cgit 1.4.1 From 3eeb5240ac1f01f2adf8f0947bbb73cf36af8dc4 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:04:48 +0100 Subject: linux_*_hardened: don't set DEBUG_LIST Upstreamed in anthraxx/linux-hardened@6b20124185e0548c1791bc8b7fde053de4fda269. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 14503854d3e..d322f239c32 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -40,7 +40,6 @@ assert (versionAtLeast version "4.9"); # Perform additional validation of commonly targeted structures. DEBUG_CREDENTIALS = yes; DEBUG_NOTIFIERS = yes; - DEBUG_LIST = yes; DEBUG_PI_LIST = yes; # doesn't BUG() DEBUG_SG = yes; SCHED_STACK_END_CHECK = yes; -- cgit 1.4.1 From 4fb796e34129934ed9c26c64beb1a0f93639957e Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:05:28 +0100 Subject: linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK Upstreamed in anthraxx/linux-hardened@c1fe7a68e368d05e109e69ee3491da69093883a3, anthraxx/linux-hardened@2c553a2bb115211c8e1c97eb8c949320aeb29a1d. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index d322f239c32..f718235c625 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -46,10 +46,6 @@ assert (versionAtLeast version "4.9"); REFCOUNT_FULL = whenAtLeast "4.13" yes; - # Perform usercopy bounds checking. - HARDENED_USERCOPY = yes; - HARDENED_USERCOPY_FALLBACK = whenAtLeast "4.16" no; # for full whitelist enforcement - # Randomize allocator freelists. SLAB_FREELIST_RANDOM = yes; -- cgit 1.4.1 From 0d5f1697b78a5d8dc7d0f2a25e71ecca4021b257 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:06:05 +0100 Subject: linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED} Upstreamed in anthraxx/linux-hardened@786126f177aba14110394be49b404beba061292f, anthraxx/linux-hardened@44822ebeb7c3ede030c58cc64fc1c8e8489c9063. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index f718235c625..20911714b90 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -46,11 +46,6 @@ assert (versionAtLeast version "4.9"); REFCOUNT_FULL = whenAtLeast "4.13" yes; - # Randomize allocator freelists. - SLAB_FREELIST_RANDOM = yes; - - SLAB_FREELIST_HARDENED = whenAtLeast "4.14" yes; - # Randomize page allocator when page_alloc.shuffle=1 SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; -- cgit 1.4.1 From ed89b5b3f121920b811cfe1e705947fcd7cdb110 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:06:40 +0100 Subject: linux_*_hardened: don't set PANIC_ON_OOPS Upstreamed in anthraxx/linux-hardened@366e0216f15b7007c1f8b7ca86df681cbc22b50a. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 20911714b90..63ed2219f48 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -61,7 +61,6 @@ assert (versionAtLeast version "4.9"); SECURITY_SAFESETID = whenAtLeast "5.1" yes; # Reboot devices immediately if kernel experiences an Oops. - PANIC_ON_OOPS = yes; PANIC_TIMEOUT = freeform "-1"; GCC_PLUGINS = yes; # Enable gcc plugin options -- cgit 1.4.1 From 7fdfe5381d338c6f8fae6752b69055401e170627 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 4 Apr 2020 23:08:09 +0100 Subject: linux_*_hardened: don't set FORTIFY_SOURCE Upstreamed in anthraxx/linux-hardened@d12c0d5f0c43f299634af7268f63929c1aaa10ee. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 63ed2219f48..95510fe218e 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -82,7 +82,4 @@ assert (versionAtLeast version "4.9"); CC_STACKPROTECTOR_REGULAR = whenOlder "4.18" no; CC_STACKPROTECTOR_STRONG = whenOlder "4.18" yes; - # Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE - FORTIFY_SOURCE = whenAtLeast "4.13" yes; - } -- cgit 1.4.1 From fadcfc3ea4252e2b9ad98e865d41038319ece14a Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Sat, 18 Apr 2020 13:43:47 +0200 Subject: treewide: per RFC45, remove more unquoted URLs --- doc/builders/images/appimagetools.xml | 2 +- doc/languages-frameworks/python.section.md | 2 +- doc/languages-frameworks/ruby.xml | 4 +- doc/old/cross.txt | 4 +- doc/release-notes.xml | 2 +- doc/stdenv/stdenv.xml | 2 +- lib/licenses.nix | 2 +- nixos/modules/services/misc/redmine.nix | 4 +- .../services/security/bitwarden_rs/default.nix | 2 +- nixos/modules/services/web-apps/wordpress.nix | 4 +- pkgs/applications/audio/polyphone/default.nix | 2 +- pkgs/applications/misc/termpdf.py/default.nix | 2 +- pkgs/development/compilers/graalvm/default.nix | 2 +- .../haskell-modules/configuration-tensorflow.nix | 4 +- pkgs/development/libraries/biblesync/default.nix | 2 +- .../node-packages/node-packages-v10.nix | 178 ++++++++++----------- .../node-packages/node-packages-v12.nix | 8 +- .../node-packages/node-packages-v13.nix | 4 +- .../python-modules/requests_download/default.nix | 2 +- pkgs/os-specific/linux/gogoclient/default.nix | 2 +- pkgs/servers/asterisk/default.nix | 4 +- pkgs/top-level/perl-packages.nix | 2 +- 22 files changed, 120 insertions(+), 120 deletions(-) (limited to 'pkgs/os-specific') diff --git a/doc/builders/images/appimagetools.xml b/doc/builders/images/appimagetools.xml index 0767a509a43..45c5619abd9 100644 --- a/doc/builders/images/appimagetools.xml +++ b/doc/builders/images/appimagetools.xml @@ -63,7 +63,7 @@ type2.AppImage: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) (Lepton 3.x) appimageTools.wrapType2 { # or wrapType1 name = "patchwork"; src = fetchurl { - url = https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage; + url = "https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage"; sha256 = "1blsprpkvm0ws9b96gb36f0rbf8f5jgmw4x6dsb1kswr4ysf591s"; }; extraPkgs = pkgs: with pkgs; [ ]; diff --git a/doc/languages-frameworks/python.section.md b/doc/languages-frameworks/python.section.md index 650ed342858..f8884785e90 100644 --- a/doc/languages-frameworks/python.section.md +++ b/doc/languages-frameworks/python.section.md @@ -412,7 +412,7 @@ buildPythonPackage rec { meta = with lib; { description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms"; - homepage = http://hgomersall.github.com/pyFFTW; + homepage = "http://hgomersall.github.com/pyFFTW"; license = with licenses; [ bsd2 bsd3 ]; maintainers = with maintainers; [ fridh ]; }; diff --git a/doc/languages-frameworks/ruby.xml b/doc/languages-frameworks/ruby.xml index b28745fd6e2..9b36801fb96 100644 --- a/doc/languages-frameworks/ruby.xml +++ b/doc/languages-frameworks/ruby.xml @@ -32,7 +32,7 @@ bundlerEnv rec { meta = with lib; { description = "A monitoring framework that aims to be simple, malleable, and scalable"; - homepage = http://sensuapp.org/; + homepage = "http://sensuapp.org/"; license = with licenses; mit; maintainers = with maintainers; [ theuni ]; platforms = platforms.unix; @@ -69,7 +69,7 @@ bundlerApp { meta = with lib; { description = "Tool and libraries for maintaining Ruby gems."; - homepage = https://github.com/nyarly/corundum; + homepage = "https://github.com/nyarly/corundum"; license = licenses.mit; maintainers = [ maintainers.nyarly ]; platforms = platforms.unix; diff --git a/doc/old/cross.txt b/doc/old/cross.txt index ff9fefb04a8..9dd5b4c9993 100644 --- a/doc/old/cross.txt +++ b/doc/old/cross.txt @@ -60,7 +60,7 @@ stdenv.mkDerivation { name = "binutils-2.16.1-arm"; builder = ./builder.sh; src = fetchurl { - url = http://ftp.nluug.nl/gnu/binutils/binutils-2.16.1.tar.bz2; + url = "http://ftp.nluug.nl/gnu/binutils/binutils-2.16.1.tar.bz2"; sha256 = "1ian3kwh2vg6hr3ymrv48s04gijs539vzrq62xr76bxbhbwnz2np"; }; inherit noSysDirs; @@ -84,7 +84,7 @@ stdenv.mkDerivation { name = "linux-headers-2.6.13.1-arm"; builder = ./builder.sh; src = fetchurl { - url = http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.1.tar.bz2; + url = "http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.1.tar.bz2"; sha256 = "12qxmc827fjhaz53kjy7vyrzsaqcg78amiqsb3qm20z26w705lma"; }; } diff --git a/doc/release-notes.xml b/doc/release-notes.xml index b85f61da079..7575289e755 100644 --- a/doc/release-notes.xml +++ b/doc/release-notes.xml @@ -190,7 +190,7 @@ preConfigure = "configureFlagsArray=(\"CFLAGS=-O0 -g\")"; The function fetchurl now has support for two different kinds of mirroring of files. First, it has support for content-addressable mirrors. For example, given the fetchurl call fetchurl { - url = http://releases.mozilla.org/.../firefox-2.0.0.6-source.tar.bz2; + url = "http://releases.mozilla.org/.../firefox-2.0.0.6-source.tar.bz2"; sha1 = "eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082"; } fetchurl will first try to download this file from diff --git a/lib/licenses.nix b/lib/licenses.nix index 81976a769c0..1f78d67a1b2 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -596,7 +596,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) { psfl = spdx { spdxId = "Python-2.0"; fullName = "Python Software Foundation License version 2"; - #url = http://docs.python.org/license.html; + #url = "http://docs.python.org/license.html"; }; publicDomain = { diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix index 3b8c14d196f..1febdba0c8f 100644 --- a/nixos/modules/services/misc/redmine.nix +++ b/nixos/modules/services/misc/redmine.nix @@ -132,7 +132,7 @@ in example = literalExample '' { dkuk-redmine_alex_skin = builtins.fetchurl { - url = https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip; + url = "https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip"; sha256 = "0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl"; }; } @@ -146,7 +146,7 @@ in example = literalExample '' { redmine_env_auth = builtins.fetchurl { - url = https://github.com/Intera/redmine_env_auth/archive/0.6.zip; + url = "https://github.com/Intera/redmine_env_auth/archive/0.6.zip"; sha256 = "0yyr1yjd8gvvh832wdc8m3xfnhhxzk2pk3gm2psg5w9jdvd6skak"; }; } diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix index a63be0ee766..903a5327037 100644 --- a/nixos/modules/services/security/bitwarden_rs/default.nix +++ b/nixos/modules/services/security/bitwarden_rs/default.nix @@ -58,7 +58,7 @@ in { default = {}; example = literalExample '' { - domain = https://bw.domain.tld:8443; + domain = "https://bw.domain.tld:8443"; signupsAllowed = true; rocketPort = 8222; rocketLog = "critical"; diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix index c48a4409737..5fbe53221ae 100644 --- a/nixos/modules/services/web-apps/wordpress.nix +++ b/nixos/modules/services/web-apps/wordpress.nix @@ -105,7 +105,7 @@ let name = "embed-pdf-viewer-plugin"; # Download the theme from the wordpress site src = pkgs.fetchurl { - url = https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip; + url = "https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip"; sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd"; }; # We need unzip to build this package @@ -132,7 +132,7 @@ let name = "responsive-theme"; # Download the theme from the wordpress site src = pkgs.fetchurl { - url = https://downloads.wordpress.org/theme/responsive.3.14.zip; + url = "https://downloads.wordpress.org/theme/responsive.3.14.zip"; sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3"; }; # We need unzip to build this package diff --git a/pkgs/applications/audio/polyphone/default.nix b/pkgs/applications/audio/polyphone/default.nix index 404ed9fb776..270d51840d7 100644 --- a/pkgs/applications/audio/polyphone/default.nix +++ b/pkgs/applications/audio/polyphone/default.nix @@ -41,7 +41,7 @@ mkDerivation rec { meta = with stdenv.lib; { description = "A soundfont editor for creating musical instruments"; - homepage = https://www.polyphone-soundfonts.com/; + homepage = "https://www.polyphone-soundfonts.com/"; license = licenses.gpl3; maintainers = [ maintainers.maxdamantus ]; platforms = platforms.linux; diff --git a/pkgs/applications/misc/termpdf.py/default.nix b/pkgs/applications/misc/termpdf.py/default.nix index 83eef6f24e4..5988f569109 100644 --- a/pkgs/applications/misc/termpdf.py/default.nix +++ b/pkgs/applications/misc/termpdf.py/default.nix @@ -44,7 +44,7 @@ buildPythonApplication { A graphical pdf (and epub, cbz, ...) reader that works inside the kitty terminal. ''; - homepage = https://github.com/dsanson/termpdf.py; + homepage = "https://github.com/dsanson/termpdf.py"; maintainers = with maintainers; [ teto ]; license = licenses.mit; }; diff --git a/pkgs/development/compilers/graalvm/default.nix b/pkgs/development/compilers/graalvm/default.nix index 960f2926467..244ee4c010e 100644 --- a/pkgs/development/compilers/graalvm/default.nix +++ b/pkgs/development/compilers/graalvm/default.nix @@ -150,7 +150,7 @@ let ]; graal-mxcache = jvmci8-mxcache ++ [ - # rec { sha1 = "5001adab652fc4eb35e30cdefbb0765442f8b7db"; name = "LLVM_ORG_LIBCXX_SRC_${sha1}/llvm-org-libcxx-src.tar.gz"; url = https://lafo.ssw.uni-linz.ac.at/pub/llvm-org/compiler-rt-llvmorg-8.0.0-4-gd563e33a79-bgae3b177eaa-linux-amd64.tar.gz; } + # rec { sha1 = "5001adab652fc4eb35e30cdefbb0765442f8b7db"; name = "LLVM_ORG_LIBCXX_SRC_${sha1}/llvm-org-libcxx-src.tar.gz"; url = "https://lafo.ssw.uni-linz.ac.at/pub/llvm-org/compiler-rt-llvmorg-8.0.0-4-gd563e33a79-bgae3b177eaa-linux-amd64.tar.gz"; } rec { sha1 = "5001adab652fc4eb35e30cdefbb0765442f8b7db"; name = "LLVM_ORG_COMPILER_RT_LINUX_${sha1}/llvm-org-compiler-rt-linux.tar.gz"; url = "https://lafo.ssw.uni-linz.ac.at/pub/llvm-org/compiler-rt-llvmorg-8.0.0-4-gd563e33a79-bgae3b177eaa-linux-amd64.tar.gz"; } rec { sha1 = "a990b2dba1c706f5c43c56fedfe70bad9a695852"; name = "LLVM_WRAPPER_${sha1}/llvm-wrapper.jar"; url = "mirror://maven/org/bytedeco/javacpp-presets/llvm/6.0.1-1.4.2/llvm-6.0.1-1.4.2.jar"; } rec { sha1 = "decbd95d46092fa9afaf2523b5b23d07ad7ad6bc"; name = "LLVM_WRAPPER_${sha1}/llvm-wrapper.sources.jar"; url = "mirror://maven/org/bytedeco/javacpp-presets/llvm/6.0.1-1.4.2/llvm-6.0.1-1.4.2-sources.jar"; } diff --git a/pkgs/development/haskell-modules/configuration-tensorflow.nix b/pkgs/development/haskell-modules/configuration-tensorflow.nix index ba0acd6b6d6..aab416b9a87 100644 --- a/pkgs/development/haskell-modules/configuration-tensorflow.nix +++ b/pkgs/development/haskell-modules/configuration-tensorflow.nix @@ -55,12 +55,12 @@ in haskell-src-exts_1_19_1 = appendPatches (doJailbreak super.haskell-src-exts_1_19_1) [ # Adapt to the Semigroup–Monoid Proposal (enables building on GHC >= 8.4) (pkgs.fetchpatch { - url = https://github.com/haskell-suite/haskell-src-exts/commit/258e072fe9e37f94360b7488b58ea2832843bbb8.patch; + url = "https://github.com/haskell-suite/haskell-src-exts/commit/258e072fe9e37f94360b7488b58ea2832843bbb8.patch"; sha256 = "0ja6ai41v9plinlhjwja282m6ahn6mw4xi79np0jxqk83cg0z1ff"; }) # Adapt to MonadFail proposal (enables building on GHC >= 8.8) (pkgs.fetchpatch { - url = https://gist.githubusercontent.com/mikesperber/0f2addaf3fbe97ffb4a5234d8711ba41/raw/e09e20998283c7195e82d546ba9266d290eb000d/gistfile1.txt; + url = "https://gist.githubusercontent.com/mikesperber/0f2addaf3fbe97ffb4a5234d8711ba41/raw/e09e20998283c7195e82d546ba9266d290eb000d/gistfile1.txt"; sha256 = "18clvli7vpqsqlf2f3qidn71738j9zdlpana6wha3x0dxwan5ly0"; }) ]; diff --git a/pkgs/development/libraries/biblesync/default.nix b/pkgs/development/libraries/biblesync/default.nix index 54a4fa7a686..814ecf986e9 100644 --- a/pkgs/development/libraries/biblesync/default.nix +++ b/pkgs/development/libraries/biblesync/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { buildInputs = [ libuuid ]; meta = with stdenv.lib; { - homepage = http://www.crosswire.org/wiki/BibleSync; + homepage = "http://www.crosswire.org/wiki/BibleSync"; description = "A multicast protocol to Bible software shared conavigation"; longDescription = '' BibleSync is a multicast protocol to support Bible software shared diff --git a/pkgs/development/node-packages/node-packages-v10.nix b/pkgs/development/node-packages/node-packages-v10.nix index 9fd4e96ad72..9740c66c974 100644 --- a/pkgs/development/node-packages/node-packages-v10.nix +++ b/pkgs/development/node-packages/node-packages-v10.nix @@ -15293,7 +15293,7 @@ let version = "1.0.1"; src = fetchurl { name = "emitter-1.0.1.tar.gz"; - url = https://codeload.github.com/component/emitter/tar.gz/1.0.1; + url = "https://codeload.github.com/component/emitter/tar.gz/1.0.1"; sha256 = "0eae744826723877457f7a7ac7f31d68a5a060673b3a883f6a8e325bf48f313d"; }; }; @@ -19632,7 +19632,7 @@ let version = "2.0.1"; src = fetchurl { name = "global-2.0.1.tar.gz"; - url = https://codeload.github.com/component/global/tar.gz/v2.0.1; + url = "https://codeload.github.com/component/global/tar.gz/v2.0.1"; sha256 = "42be02b7148745447f6ba21137c972ca82d2cad92d30d63bd4fc310623901785"; }; }; @@ -31657,7 +31657,7 @@ let version = "0.9.15"; src = fetchurl { name = "oauth-0.9.15.tar.gz"; - url = https://codeload.github.com/ciaranj/node-oauth/legacy.tar.gz/master; + url = "https://codeload.github.com/ciaranj/node-oauth/legacy.tar.gz/master"; sha256 = "9341c28772841acde618c778e85e381976f425824b816100792f697e68aec947"; }; }; @@ -48868,7 +48868,7 @@ let version = "1.5.0"; src = fetchurl { name = "xmlhttprequest-1.5.0.tar.gz"; - url = https://codeload.github.com/LearnBoost/node-XMLHttpRequest/tar.gz/0f36d0b5ebc03d85f860d42a64ae9791e1daa433; + url = "https://codeload.github.com/LearnBoost/node-XMLHttpRequest/tar.gz/0f36d0b5ebc03d85f860d42a64ae9791e1daa433"; sha256 = "28dd0394d85befe8be4e9cd9f6803102780c62cbb09298cb174b52ff9777624f"; }; }; @@ -49891,7 +49891,7 @@ in buildInputs = globalBuildInputs; meta = { description = "CLI tool for Angular"; - homepage = https://github.com/angular/angular-cli; + homepage = "https://github.com/angular/angular-cli"; license = "MIT"; }; production = true; @@ -49935,7 +49935,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The command line interface for Antora."; - homepage = https://antora.org/; + homepage = "https://antora.org/"; license = "MPL-2.0"; }; production = true; @@ -50264,7 +50264,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The default site generator pipeline for producing and publishing static documentation sites with Antora."; - homepage = https://antora.org/; + homepage = "https://antora.org/"; license = "MPL-2.0"; }; production = true; @@ -50427,7 +50427,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A secure and free password manager for all of your devices."; - homepage = https://bitwarden.com/; + homepage = "https://bitwarden.com/"; license = "GPL-3.0"; }; production = true; @@ -52016,7 +52016,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Command line interface for rapid Vue.js development"; - homepage = https://cli.vuejs.org/; + homepage = "https://cli.vuejs.org/"; license = "MIT"; }; production = true; @@ -52378,7 +52378,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Creating Electron app packages"; - homepage = https://github.com/electron/asar; + homepage = "https://github.com/electron/asar"; license = "MIT"; }; production = true; @@ -52536,7 +52536,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The browser package manager"; - homepage = http://bower.io/; + homepage = "http://bower.io/"; license = "MIT"; }; production = true; @@ -52666,7 +52666,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate nix expressions to fetch bower dependencies"; - homepage = https://github.com/rvl/bower2nix; + homepage = "https://github.com/rvl/bower2nix"; license = "GPL-3.0"; }; production = true; @@ -53275,7 +53275,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A well-tested CSS minifier"; - homepage = https://github.com/jakubpawlowicz/clean-css; + homepage = "https://github.com/jakubpawlowicz/clean-css"; license = "MIT"; }; production = true; @@ -56498,7 +56498,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Unfancy JavaScript"; - homepage = http://coffeescript.org/; + homepage = "http://coffeescript.org/"; license = "MIT"; }; production = true; @@ -57893,7 +57893,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Create React Native apps with no build configuration."; - homepage = https://github.com/expo/create-react-native-app; + homepage = "https://github.com/expo/create-react-native-app"; license = "BSD-3-Clause"; }; production = true; @@ -57915,7 +57915,7 @@ in buildInputs = globalBuildInputs; meta = { description = "CSSLint"; - homepage = http://csslint.net/; + homepage = "http://csslint.net/"; license = "MIT"; }; production = true; @@ -58570,7 +58570,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Dat is the package manager for data. Easily share and version control data."; - homepage = https://datproject.org/; + homepage = "https://datproject.org/"; license = "BSD-3-Clause"; }; production = true; @@ -58591,7 +58591,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A DHCP server written in JavaScript"; - homepage = https://github.com/infusion/node-dhcp; + homepage = "https://github.com/infusion/node-dhcp"; license = "MIT OR GPL-2.0"; }; production = true; @@ -58736,7 +58736,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A blockchain-based DNS + HTTPS server that fixes HTTPS security, and more!"; - homepage = https://github.com/okTurtles/dnschain; + homepage = "https://github.com/okTurtles/dnschain"; license = "MPL-2.0"; }; production = true; @@ -59269,7 +59269,7 @@ in buildInputs = globalBuildInputs; meta = { description = "EmojiOne is a complete set of emojis designed for the web. It includes libraries to easily convert unicode characters to shortnames (:smile:) and shortnames to our custom emoji images. PNG formats provided for the emoji images."; - homepage = https://www.emojione.com/; + homepage = "https://www.emojione.com/"; }; production = true; bypassCache = true; @@ -59445,7 +59445,7 @@ in buildInputs = globalBuildInputs; meta = { description = "An AST-based pattern checker for JavaScript."; - homepage = https://eslint.org/; + homepage = "https://eslint.org/"; license = "MIT"; }; production = true; @@ -59627,7 +59627,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Makes eslint the fastest linter on the planet"; - homepage = https://github.com/mantoni/eslint_d.js; + homepage = "https://github.com/mantoni/eslint_d.js"; license = "MIT"; }; production = true; @@ -60652,7 +60652,7 @@ in buildInputs = globalBuildInputs; meta = { description = "git hosting on secure-scuttlebutt (ssb)"; - homepage = https://git-ssb.celehner.com/%25n92DiQh7ietE%2BR%2BX%2FI403LQoyf2DtR3WQfCkDKlheQU%3D.sha256; + homepage = "https://git-ssb.celehner.com/%25n92DiQh7ietE%2BR%2BX%2FI403LQoyf2DtR3WQfCkDKlheQU%3D.sha256"; license = "Fair"; }; production = true; @@ -62504,7 +62504,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The streaming build system."; - homepage = https://gulpjs.com/; + homepage = "https://gulpjs.com/"; license = "MIT"; }; production = true; @@ -62849,7 +62849,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Command line interface for gulp"; - homepage = http://gulpjs.com/; + homepage = "http://gulpjs.com/"; license = "MIT"; }; production = true; @@ -62880,7 +62880,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Highly configurable, well-tested, JavaScript-based HTML minifier."; - homepage = https://kangax.github.io/html-minifier/; + homepage = "https://kangax.github.io/html-minifier/"; license = "MIT"; }; production = true; @@ -63250,7 +63250,7 @@ in buildInputs = globalBuildInputs; meta = { description = "High precision scientific calculator with support for physical units"; - homepage = https://github.com/sharkdp/insect; + homepage = "https://github.com/sharkdp/insect"; license = "MIT"; }; production = true; @@ -63571,7 +63571,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A tool for creating and developing Ionic Framework mobile apps."; - homepage = https://ionicframework.com/; + homepage = "https://ionicframework.com/"; license = "MIT"; }; production = true; @@ -64112,7 +64112,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Implementation of the Language Server Protocol for JavaScript and TypeScript"; - homepage = https://github.com/sourcegraph/javascript-typescript-langserver; + homepage = "https://github.com/sourcegraph/javascript-typescript-langserver"; license = "Apache-2.0"; }; production = true; @@ -64962,7 +64962,7 @@ in buildInputs = globalBuildInputs; meta = { description = "beautifier.io for node"; - homepage = https://beautifier.io/; + homepage = "https://beautifier.io/"; license = "MIT"; }; production = true; @@ -64985,7 +64985,7 @@ in buildInputs = globalBuildInputs; meta = { description = "YAML 1.2 parser and serializer"; - homepage = https://github.com/nodeca/js-yaml; + homepage = "https://github.com/nodeca/js-yaml"; license = "MIT"; }; production = true; @@ -65081,7 +65081,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Static analysis tool for JavaScript"; - homepage = http://jshint.com/; + homepage = "http://jshint.com/"; license = "(MIT AND JSON)"; }; production = true; @@ -65124,7 +65124,7 @@ in buildInputs = globalBuildInputs; meta = { description = "JSON diff"; - homepage = https://github.com/andreyvit/json-diff; + homepage = "https://github.com/andreyvit/json-diff"; }; production = true; bypassCache = true; @@ -65179,7 +65179,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Various utilities for JSON References (http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03)."; - homepage = https://github.com/whitlockjc/json-refs; + homepage = "https://github.com/whitlockjc/json-refs"; license = "MIT"; }; production = true; @@ -65460,7 +65460,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Get a full fake REST API with zero coding in less than 30 seconds"; - homepage = https://github.com/typicode/json-server; + homepage = "https://github.com/typicode/json-server"; license = "MIT"; }; production = true; @@ -65487,7 +65487,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Validate JSON"; - homepage = http://zaach.github.com/jsonlint/; + homepage = "http://zaach.github.com/jsonlint/"; }; production = true; bypassCache = true; @@ -65687,7 +65687,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Spectacular Test Runner for JavaScript."; - homepage = http://karma-runner.github.io/; + homepage = "http://karma-runner.github.io/"; license = "MIT"; }; production = true; @@ -65781,7 +65781,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Merges multiple lcov results into one"; - homepage = https://github.com/mweibel/lcov-result-merger; + homepage = "https://github.com/mweibel/lcov-result-merger"; license = "MIT"; }; production = true; @@ -67083,7 +67083,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Leaner CSS"; - homepage = http://lesscss.org/; + homepage = "http://lesscss.org/"; license = "Apache-2.0"; }; production = true; @@ -67108,7 +67108,7 @@ in buildInputs = globalBuildInputs; meta = { description = "clean-css plugin for less.js"; - homepage = http://lesscss.org/; + homepage = "http://lesscss.org/"; }; production = true; bypassCache = true; @@ -67949,7 +67949,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Live Markdown previews for your favourite editor."; - homepage = https://github.com/shime/livedown; + homepage = "https://github.com/shime/livedown"; license = "MIT"; }; production = true; @@ -69107,7 +69107,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Madoko is a fast scholarly Markdown processor written in Koka"; - homepage = http://madoko.codeplex.com/; + homepage = "http://madoko.codeplex.com/"; }; production = true; bypassCache = true; @@ -69247,7 +69247,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Meeting room kiosk app for displaying meeting room schedules and booking rooms in your organization. Built against Google Apps, but other sources can be defined."; - homepage = https://bitbucket.org/aahmed/meat; + homepage = "https://bitbucket.org/aahmed/meat"; }; production = true; bypassCache = true; @@ -70105,7 +70105,7 @@ in buildInputs = globalBuildInputs; meta = { description = "simple, flexible, fun test framework"; - homepage = https://mochajs.org/; + homepage = "https://mochajs.org/"; license = "MIT"; }; production = true; @@ -70229,7 +70229,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Neovim client API and neovim remote plugin provider"; - homepage = https://github.com/neovim/node-client; + homepage = "https://github.com/neovim/node-client"; license = "MIT"; }; production = true; @@ -70388,7 +70388,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Build tool and bindings loader for node-gyp that supports prebuilds"; - homepage = https://github.com/prebuild/node-gyp-build; + homepage = "https://github.com/prebuild/node-gyp-build"; license = "MIT"; }; production = true; @@ -70684,7 +70684,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Web Inspector based nodeJS debugger"; - homepage = http://github.com/node-inspector/node-inspector; + homepage = "http://github.com/node-inspector/node-inspector"; }; production = true; bypassCache = true; @@ -71251,7 +71251,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Low-code programming for event-driven applications"; - homepage = http://nodered.org/; + homepage = "http://nodered.org/"; license = "Apache-2.0"; }; production = true; @@ -71441,7 +71441,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate Nix expressions to build NPM packages"; - homepage = https://github.com/svanderburg/node2nix; + homepage = "https://github.com/svanderburg/node2nix"; license = "MIT"; }; production = true; @@ -71605,7 +71605,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Simple monitor script for use during development of a node.js app."; - homepage = http://nodemon.io/; + homepage = "http://nodemon.io/"; license = "MIT"; }; production = true; @@ -71623,7 +71623,7 @@ in buildInputs = globalBuildInputs; meta = { description = "a package manager for JavaScript"; - homepage = https://docs.npmjs.com/; + homepage = "https://docs.npmjs.com/"; license = "Artistic-2.0"; }; production = true; @@ -71919,7 +71919,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Find newer versions of dependencies than what your package.json or bower.json allows"; - homepage = https://github.com/tjunnone/npm-check-updates; + homepage = "https://github.com/tjunnone/npm-check-updates"; license = "Apache-2.0"; }; production = true; @@ -72093,7 +72093,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate nix expressions to build npm packages"; - homepage = https://github.com/NixOS/npm2nix; + homepage = "https://github.com/NixOS/npm2nix"; }; production = true; bypassCache = true; @@ -72134,7 +72134,7 @@ in buildInputs = globalBuildInputs; meta = { description = "OCaml language server"; - homepage = https://github.com/freebroccolo/ocaml-language-server; + homepage = "https://github.com/freebroccolo/ocaml-language-server"; license = "Apache-2.0"; }; production = true; @@ -73695,7 +73695,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Streaming torrent client for Node.js"; - homepage = https://github.com/mafintosh/peerflix; + homepage = "https://github.com/mafintosh/peerflix"; license = "MIT"; }; production = true; @@ -74084,7 +74084,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Fast, disk space efficient package manager"; - homepage = https://pnpm.js.org/; + homepage = "https://pnpm.js.org/"; license = "MIT"; }; production = true; @@ -74261,7 +74261,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Prettier is an opinionated code formatter"; - homepage = https://prettier.io/; + homepage = "https://prettier.io/"; license = "MIT"; }; production = true; @@ -74648,7 +74648,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A build system for PureScript projects"; - homepage = https://github.com/purescript-contrib/pulp; + homepage = "https://github.com/purescript-contrib/pulp"; license = "LGPL-3.0+"; }; production = true; @@ -74820,7 +74820,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A set of complementary tools to React, including the JSX transformer."; - homepage = https://facebook.github.io/react; + homepage = "https://facebook.github.io/react"; license = "BSD-3-Clause"; }; production = true; @@ -74838,7 +74838,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The HTML Presentation Framework"; - homepage = http://revealjs.com/; + homepage = "http://revealjs.com/"; license = "MIT"; }; production = true; @@ -76486,7 +76486,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Serverless Framework - Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more"; - homepage = https://serverless.com/framework/docs/; + homepage = "https://serverless.com/framework/docs/"; license = "MIT"; }; production = true; @@ -78588,7 +78588,7 @@ in buildInputs = globalBuildInputs; meta = { description = "network protocol layer for secure-scuttlebutt"; - homepage = https://github.com/ssbc/ssb-server; + homepage = "https://github.com/ssbc/ssb-server"; license = "MIT"; }; production = true; @@ -78606,7 +78606,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Send metric data from statsd to Stackdriver"; - homepage = https://www.stackdriver.com/; + homepage = "https://www.stackdriver.com/"; license = "MIT"; }; production = true; @@ -79525,7 +79525,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Nodejs-based tool for optimizing SVG vector graphics files"; - homepage = https://github.com/svg/svgo; + homepage = "https://github.com/svg/svgo"; license = "MIT"; }; production = true; @@ -80560,7 +80560,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The pluggable linting tool for text and markdown."; - homepage = https://github.com/textlint/textlint/; + homepage = "https://github.com/textlint/textlint/"; license = "MIT"; }; production = true; @@ -80582,7 +80582,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Latex plugin for [textlint](https://github.com/textlint/textlint "textlint")."; - homepage = https://github.com/elzup/textlint-plugin-latex; + homepage = "https://github.com/elzup/textlint-plugin-latex"; license = "MIT"; }; production = true; @@ -80621,7 +80621,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule check that abbreviations within parentheses."; - homepage = https://github.com/azu/textlint-rule-abbr-within-parentheses; + homepage = "https://github.com/azu/textlint-rule-abbr-within-parentheses"; license = "MIT"; }; production = true; @@ -80935,7 +80935,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule for alex"; - homepage = https://github.com/textlint-rule/textlint-rule-alex; + homepage = "https://github.com/textlint-rule/textlint-rule-alex"; license = "MIT"; }; production = true; @@ -80960,7 +80960,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule to check common misspellings"; - homepage = https://github.com/io-monad/textlint-rule-common-misspellings; + homepage = "https://github.com/io-monad/textlint-rule-common-misspellings"; license = "GPL-3.0"; }; production = true; @@ -80982,7 +80982,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Textlint rule to check correct usage of diacritics"; - homepage = https://github.com/sapegin/textlint-rule-diacritics; + homepage = "https://github.com/sapegin/textlint-rule-diacritics"; license = "MIT"; }; production = true; @@ -81019,7 +81019,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that specify the maximum word count of a sentence."; - homepage = https://github.com/azu/textlint-rule-en-max-word-count; + homepage = "https://github.com/azu/textlint-rule-en-max-word-count"; license = "MIT"; }; production = true; @@ -81112,7 +81112,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that check no start with duplicated conjunction."; - homepage = https://github.com/textlint-rule/textlint-rule-no-start-duplicated-conjunction; + homepage = "https://github.com/textlint-rule/textlint-rule-no-start-duplicated-conjunction"; license = "MIT"; }; production = true; @@ -81153,7 +81153,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that check with or without period in list item."; - homepage = https://github.com/textlint-rule/textlint-rule-period-in-list-item; + homepage = "https://github.com/textlint-rule/textlint-rule-period-in-list-item"; license = "MIT"; }; production = true; @@ -81183,7 +81183,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Textlint rule to find filler words, buzzwords and chiches"; - homepage = https://github.com/sapegin/textlint-rule-stop-words; + homepage = "https://github.com/sapegin/textlint-rule-stop-words"; license = "MIT"; }; production = true; @@ -81213,7 +81213,7 @@ in buildInputs = globalBuildInputs; meta = { description = "TextLint rule to check correct terms spelling"; - homepage = https://github.com/sapegin/textlint-rule-terminology; + homepage = "https://github.com/sapegin/textlint-rule-terminology"; license = "MIT"; }; production = true; @@ -81253,7 +81253,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that check unexpanded acronym word."; - homepage = https://github.com/textlint-rule/textlint-rule-unexpanded-acronym; + homepage = "https://github.com/textlint-rule/textlint-rule-unexpanded-acronym"; license = "MIT"; }; production = true; @@ -81293,7 +81293,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule to check your English style with write good"; - homepage = https://github.com/textlint-rule/textlint-rule-write-good; + homepage = "https://github.com/textlint-rule/textlint-rule-write-good"; license = "MIT"; }; production = true; @@ -81728,7 +81728,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The self-hosted Web IRC client"; - homepage = https://thelounge.chat/; + homepage = "https://thelounge.chat/"; license = "MIT"; }; production = true; @@ -81746,7 +81746,7 @@ in buildInputs = globalBuildInputs; meta = { description = "JavaScript 3D library"; - homepage = https://threejs.org/; + homepage = "https://threejs.org/"; license = "MIT"; }; production = true; @@ -82087,7 +82087,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Joyent Triton CLI and client (https://www.joyent.com/triton)"; - homepage = https://github.com/joyent/node-triton; + homepage = "https://github.com/joyent/node-triton"; license = "MPL-2.0"; }; production = true; @@ -82136,7 +82136,7 @@ in buildInputs = globalBuildInputs; meta = { description = "TSUN: a repl for TypeScript Upgraded Node"; - homepage = https://github.com/HerringtonDarkholme/typescript-repl; + homepage = "https://github.com/HerringtonDarkholme/typescript-repl"; license = "MIT"; }; production = true; @@ -82177,7 +82177,7 @@ in buildInputs = globalBuildInputs; meta = { description = "TypeScript is a language for application scale JavaScript development"; - homepage = https://www.typescriptlang.org/; + homepage = "https://www.typescriptlang.org/"; license = "Apache-2.0"; }; production = true; @@ -83941,7 +83941,7 @@ in buildInputs = globalBuildInputs; meta = { description = "vue-language-server"; - homepage = https://github.com/vuejs/vetur/tree/master/server; + homepage = "https://github.com/vuejs/vetur/tree/master/server"; license = "MIT"; }; production = true; @@ -85040,7 +85040,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A command line tool to help build, run, and test web extensions"; - homepage = https://github.com/mozilla/web-ext; + homepage = "https://github.com/mozilla/web-ext"; license = "MPL-2.0"; }; production = true; @@ -85516,7 +85516,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff."; - homepage = https://github.com/webpack/webpack; + homepage = "https://github.com/webpack/webpack"; license = "MIT"; }; production = true; @@ -86581,7 +86581,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Copy files && directories with webpack"; - homepage = https://github.com/webpack-contrib/copy-webpack-plugin; + homepage = "https://github.com/webpack-contrib/copy-webpack-plugin"; license = "MIT"; }; production = true; @@ -86878,7 +86878,7 @@ in buildInputs = globalBuildInputs; meta = { description = "WebTorrent, the streaming torrent client. For the command line."; - homepage = https://webtorrent.io/; + homepage = "https://webtorrent.io/"; license = "MIT"; }; production = true; @@ -87917,11 +87917,11 @@ in buildInputs = globalBuildInputs; meta = { description = "CLI tool for running Yeoman generators"; - homepage = http://yeoman.io/; + homepage = "http://yeoman.io/"; license = "BSD-2-Clause"; }; production = true; bypassCache = true; reconstructLock = true; }; -} \ No newline at end of file +} diff --git a/pkgs/development/node-packages/node-packages-v12.nix b/pkgs/development/node-packages/node-packages-v12.nix index 701c5d84a25..52465b099a5 100644 --- a/pkgs/development/node-packages/node-packages-v12.nix +++ b/pkgs/development/node-packages/node-packages-v12.nix @@ -2475,7 +2475,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Unfancy JavaScript"; - homepage = http://coffeescript.org/; + homepage = "http://coffeescript.org/"; license = "MIT"; }; production = true; @@ -2953,7 +2953,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate Nix expressions to build NPM packages"; - homepage = https://github.com/svanderburg/node2nix; + homepage = "https://github.com/svanderburg/node2nix"; license = "MIT"; }; production = true; @@ -3090,7 +3090,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Build tool and bindings loader for node-gyp that supports prebuilds"; - homepage = https://github.com/prebuild/node-gyp-build; + homepage = "https://github.com/prebuild/node-gyp-build"; license = "MIT"; }; production = true; @@ -3182,4 +3182,4 @@ in bypassCache = true; reconstructLock = true; }; -} \ No newline at end of file +} diff --git a/pkgs/development/node-packages/node-packages-v13.nix b/pkgs/development/node-packages/node-packages-v13.nix index d70195210c7..77517655c50 100644 --- a/pkgs/development/node-packages/node-packages-v13.nix +++ b/pkgs/development/node-packages/node-packages-v13.nix @@ -1441,11 +1441,11 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate Nix expressions to build NPM packages"; - homepage = https://github.com/svanderburg/node2nix; + homepage = "https://github.com/svanderburg/node2nix"; license = "MIT"; }; production = true; bypassCache = true; reconstructLock = true; }; -} \ No newline at end of file +} diff --git a/pkgs/development/python-modules/requests_download/default.nix b/pkgs/development/python-modules/requests_download/default.nix index 3c265a5955e..b31573a91ca 100644 --- a/pkgs/development/python-modules/requests_download/default.nix +++ b/pkgs/development/python-modules/requests_download/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { format = "wheel"; #src = pkgs.fetchurl { - # url = https://files.pythonhosted.org/packages/60/af/10f899f0574a81cbc511124c08d7c7dc46c20d4f956a6a3c793ad4330bb4/requests_download-0.1.2-py2.py3-none-any.whl; + # url = "https://files.pythonhosted.org/packages/60/af/10f899f0574a81cbc511124c08d7c7dc46c20d4f956a6a3c793ad4330bb4/requests_download-0.1.2-py2.py3-none-any.whl"; # sha256 = "1ballx1hljpdpyvqzqn79m0dc21z2smrnxk2ylb6dbpg5crrskcr"; #}; diff --git a/pkgs/os-specific/linux/gogoclient/default.nix b/pkgs/os-specific/linux/gogoclient/default.nix index a4584304f58..d107f18c8da 100644 --- a/pkgs/os-specific/linux/gogoclient/default.nix +++ b/pkgs/os-specific/linux/gogoclient/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { name = "${baseName}-${version}"; src = fetchurl { - #url = http://gogo6.com/downloads/gogoc-1_2-RELEASE.tar.gz; + #url = "http://gogo6.com/downloads/gogoc-1_2-RELEASE.tar.gz"; url = "https://src.fedoraproject.org/repo/pkgs/gogoc/gogoc-1_2-RELEASE.tar.gz/41177ed683cf511cc206c7782c37baa9/gogoc-1_2-RELEASE.tar.gz"; sha256 = "a0ef45c0bd1fc9964dc8ac059b7d78c12674bf67ef641740554e166fa99a2f49"; }; diff --git a/pkgs/servers/asterisk/default.nix b/pkgs/servers/asterisk/default.nix index a5934827a20..9683d2c44d0 100644 --- a/pkgs/servers/asterisk/default.nix +++ b/pkgs/servers/asterisk/default.nix @@ -141,11 +141,11 @@ in rec { # # provided here verbatim for the convenience of anyone wanting to build # # Asterisk from other sources. Include in externals. # "sounds/asterisk-core-sounds-en-gsm-1.5.tar.gz" = fetchurl { - # url = http://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-core-sounds-en-gsm-1.5.tar.gz; + # url = "http://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-core-sounds-en-gsm-1.5.tar.gz"; # sha256 = "01xzbg7xy0c5zg7sixjw5025pvr4z64kfzi9zvx19im0w331h4cd"; # }; # "sounds/asterisk-moh-opsound-wav-2.03.tar.gz" = fetchurl { - # url = http://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-moh-opsound-wav-2.03.tar.gz; + # url = "http://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-moh-opsound-wav-2.03.tar.gz"; # sha256 = "449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538"; # }; # # TODO: Sounds for other languages could be added here diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 94c5387e0e7..d3e9ca144fc 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -16811,7 +16811,7 @@ let sha256 = "f98a10c625640170cdda408cccc72bdd7f66f8ebe5f59dec1b96185171ef11d0"; }; meta = { - #homepage = http://web-cpan.berlios.de/modules/Statistics-Descriptive/; # berlios shut down; I found no replacement + #homepage = "http://web-cpan.berlios.de/modules/Statistics-Descriptive/"; # berlios shut down; I found no replacement description = "Module of basic descriptive statistical functions"; license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; }; -- cgit 1.4.1 From 06e5800a73573573979a17b0d6dab3641265038b Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Wed, 15 Apr 2020 21:22:43 +0200 Subject: fwupd: 1.3.9 → 1.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/fwupd/fwupd/releases/tag/1.4.0 --- .../add-option-for-installation-sysconfdir.patch | 86 ++++++++++++---------- pkgs/os-specific/linux/firmware/fwupd/default.nix | 75 +++++++++++-------- .../firmware/fwupd/installed-tests-path.patch | 27 ++++--- 3 files changed, 110 insertions(+), 78 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch index a13251476de..a727e5f4a85 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch +++ b/pkgs/os-specific/linux/firmware/fwupd/add-option-for-installation-sysconfdir.patch @@ -1,5 +1,5 @@ diff --git a/data/meson.build b/data/meson.build -index 0667bd78..92d6c7b9 100644 +index bb749fd4..b611875b 100644 --- a/data/meson.build +++ b/data/meson.build @@ -17,7 +17,7 @@ endif @@ -12,41 +12,38 @@ index 0667bd78..92d6c7b9 100644 endif diff --git a/data/pki/meson.build b/data/pki/meson.build -index eefcc914..dc801fa1 100644 +index 94bb0b6f..1ea6a9ac 100644 --- a/data/pki/meson.build +++ b/data/pki/meson.build -@@ -4,14 +4,14 @@ if get_option('gpg') - 'GPG-KEY-Linux-Foundation-Firmware', - 'GPG-KEY-Linux-Vendor-Firmware-Service', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') - ) - - install_data([ - 'GPG-KEY-Linux-Foundation-Metadata', - 'GPG-KEY-Linux-Vendor-Firmware-Service', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') - ) - endif +@@ -3,24 +3,23 @@ install_data([ + 'GPG-KEY-Linux-Foundation-Firmware', + 'GPG-KEY-Linux-Vendor-Firmware-Service', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') + ) -@@ -19,12 +19,12 @@ if get_option('pkcs7') - install_data([ - 'LVFS-CA.pem', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') - ) - install_data([ - 'LVFS-CA.pem', - ], -- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') -+ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') - ) - endif + install_data([ + 'GPG-KEY-Linux-Foundation-Metadata', + 'GPG-KEY-Linux-Vendor-Firmware-Service', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') + ) + install_data([ + 'LVFS-CA.pem', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd') + ) + install_data([ + 'LVFS-CA.pem', + ], +- install_dir : join_paths(sysconfdir, 'pki', 'fwupd-metadata') ++ install_dir : join_paths(sysconfdir_install, 'pki', 'fwupd-metadata') + ) +- diff --git a/data/remotes.d/meson.build b/data/remotes.d/meson.build index 826a3c1d..b78db663 100644 --- a/data/remotes.d/meson.build @@ -76,10 +73,10 @@ index 826a3c1d..b78db663 100644 + install_dir: join_paths(sysconfdir_install, 'fwupd', 'remotes.d'), ) diff --git a/meson.build b/meson.build -index b1a523d2..aacb8e0a 100644 +index 87ea67e5..3a4374db 100644 --- a/meson.build +++ b/meson.build -@@ -169,6 +169,12 @@ endif +@@ -175,6 +175,12 @@ endif mandir = join_paths(prefix, get_option('mandir')) localedir = join_paths(prefix, get_option('localedir')) @@ -93,10 +90,10 @@ index b1a523d2..aacb8e0a 100644 gio = dependency('gio-2.0', version : '>= 2.45.8') giounix = dependency('gio-unix-2.0', version : '>= 2.45.8', required: false) diff --git a/meson_options.txt b/meson_options.txt -index be0adfef..73983333 100644 +index 3da9b6c4..6c80275b 100644 --- a/meson_options.txt +++ b/meson_options.txt -@@ -26,6 +26,7 @@ option('plugin_coreboot', type : 'boolean', value : true, description : 'enable +@@ -24,6 +24,7 @@ option('plugin_coreboot', type : 'boolean', value : true, description : 'enable option('systemd', type : 'boolean', value : true, description : 'enable systemd support') option('systemdunitdir', type: 'string', value: '', description: 'Directory for systemd units') option('elogind', type : 'boolean', value : false, description : 'enable elogind support') @@ -104,6 +101,19 @@ index be0adfef..73983333 100644 option('tests', type : 'boolean', value : true, description : 'enable tests') option('udevdir', type: 'string', value: '', description: 'Directory for udev rules') option('efi-cc', type : 'string', value : 'gcc', description : 'the compiler to use for EFI modules') +diff --git a/plugins/ata/meson.build b/plugins/ata/meson.build +index 8444bb8a..fa4a8ad1 100644 +--- a/plugins/ata/meson.build ++++ b/plugins/ata/meson.build +@@ -7,7 +7,7 @@ install_data([ + ) + + install_data(['ata.conf'], +- install_dir: join_paths(sysconfdir, 'fwupd') ++ install_dir: join_paths(sysconfdir_install, 'fwupd') + ) + + shared_module('fu_plugin_ata', diff --git a/plugins/dell-esrt/meson.build b/plugins/dell-esrt/meson.build index ed4eee70..76dbdb1d 100644 --- a/plugins/dell-esrt/meson.build @@ -142,10 +152,10 @@ index 06ab34ee..297a9182 100644 # we use functions from 2.52 in the tests if get_option('tests') and umockdev.found() and gio.version().version_compare('>= 2.52') diff --git a/plugins/uefi/meson.build b/plugins/uefi/meson.build -index 7252580d..7188d1c5 100644 +index 5838cecc..9ba3d5cd 100644 --- a/plugins/uefi/meson.build +++ b/plugins/uefi/meson.build -@@ -104,7 +104,7 @@ if get_option('man') +@@ -101,7 +101,7 @@ if get_option('man') endif install_data(['uefi.conf'], diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index 86a2bfbcc9e..13f4f71c3c1 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -2,6 +2,7 @@ { stdenv , fetchurl +, fetchpatch , substituteAll , gtk-doc , pkgconfig @@ -16,7 +17,7 @@ , glib-networking , libsoup , help2man -, gpgme +, libjcat , libxslt , elfutils , libsmbios @@ -31,7 +32,6 @@ , docbook_xsl , ninja , gcab -, gnutls , python3 , wrapGAppsHook , json-glib @@ -87,11 +87,11 @@ in stdenv.mkDerivation rec { pname = "fwupd"; - version = "1.3.9"; + version = "1.4.0"; src = fetchurl { url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz"; - sha256 = "ZuRG+UN8ebXv5Z8fOYWT0eCtHykGXoB8Ysu3wAeqx0A="; + sha256 = "V131/l05FKYFavRMXRaiW1bQkTCEn7MTyyD+bqYClU4="; }; # libfwupd goes to lib @@ -130,9 +130,8 @@ stdenv.mkDerivation rec { libyaml libgudev colord - gpgme + libjcat libuuid - gnutls glib-networking json-glib umockdev @@ -151,15 +150,43 @@ stdenv.mkDerivation rec { ./fix-paths.patch ./add-option-for-installation-sysconfdir.patch - # install plug-ins and libfwupdplugin to out, - # they are not really part of the library + # Install plug-ins and libfwupdplugin to out, + # they are not really part of the library. ./install-fwupdplugin-to-out.patch - # installed tests are installed to different output - # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle + # Make it easier to patch installed-tests directory. + # https://github.com/fwupd/fwupd/pull/2002 + (fetchpatch { + url = "https://github.com/fwupd/fwupd/commit/2f12e38e61d982dea63778736e2b71d16f0e9925.patch"; + sha256 = "goTyDj0v50FOQYCS+LhPjo0AEugubr6aBIGfO9ztZOA="; + }) + + # Install systemd files to our prefix. + # https://github.com/fwupd/fwupd/pull/2006 + (fetchpatch { + url = "https://github.com/fwupd/fwupd/commit/463db5162fe4f6fea417973ff95a44ed51ec6402.patch"; + sha256 = "I0TIfnCca83QpINABUINtl8nIB78dG8OR9MC/hP2hg8="; + }) + + # Fix installed tests. + # https://github.com/fwupd/fwupd/issues/2007 + (fetchpatch { + url = "https://github.com/fwupd/fwupd/commit/c727742df3702fc934e2d9488c883dcbdfa59e9c.patch"; + sha256 = "b9D2Xblf1VbpS5XZpHtwEJhzuq7+840l7skW5w0NMBU="; + }) + + # Fix build with bash-completion 2.10 + # https://github.com/fwupd/fwupd/pull/2014 + (fetchpatch { + url = "https://github.com/fwupd/fwupd/commit/0f035013dfb150c2c3fc7f51090103ba84bd1c06.patch"; + sha256 = "VXRf5N3inaWThudk6pc4mtp6cMEIyybkdfqKin+9XSw="; + }) + + # Installed tests are installed to different output + # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle. (substituteAll { src = ./installed-tests-path.patch; - # needs a different set of modules than po/make-images + # Needs a different set of modules than po/make-images. inherit installedTestsPython; }) ]; @@ -172,14 +199,6 @@ stdenv.mkDerivation rec { po/make-images \ po/make-images.sh \ po/test-deps - - # we cannot use placeholder in substituteAll - # https://github.com/NixOS/nix/issues/1846 - substituteInPlace data/installed-tests/meson.build --subst-var installedTests - - substituteInPlace data/meson.build --replace \ - "install_dir: systemd.get_pkgconfig_variable('systemdshutdowndir')" \ - "install_dir: '${placeholder "out"}/lib/systemd/system-shutdown'" ''; # /etc/os-release not available in sandbox @@ -203,7 +222,8 @@ stdenv.mkDerivation rec { "-Dgtkdoc=true" "-Dplugin_dummy=true" "-Dudevdir=lib/udev" - "-Dsystemdunitdir=lib/systemd/system" + "-Dsystemd_root_prefix=${placeholder "out"}" + "-Dinstalled_test_prefix=${placeholder "installedTests"}" "-Defi-libdir=${gnu-efi}/lib" "-Defi-ldsdir=${gnu-efi}/lib" "-Defi-includedir=${gnu-efi}/include/efi" @@ -225,23 +245,19 @@ stdenv.mkDerivation rec { "-Dplugin_flashrom=true" ]; - postInstall = '' - moveToOutput share/installed-tests "$installedTests" - wrapProgram $installedTests/share/installed-tests/fwupd/hardware.py \ - --prefix GI_TYPELIB_PATH : "$out/lib/girepository-1.0:${libsoup}/lib/girepository-1.0" - ''; - FONTCONFIG_FILE = fontsConf; # Fontconfig error: Cannot load default config file # error: “PolicyKit files are missing” # https://github.com/NixOS/nixpkgs/pull/67625#issuecomment-525788428 PKG_CONFIG_POLKIT_GOBJECT_1_ACTIONDIR = "/run/current-system/sw/share/polkit-1/actions"; - # cannot install to systemd prefix - PKG_CONFIG_SYSTEMD_SYSTEMDSYSTEMPRESETDIR = "${placeholder "out"}/lib/systemd/system-preset"; - # TODO: wrapGAppsHook wraps efi capsule even though it is not elf dontWrapGApps = true; + + preCheck = '' + addToSearchPath XDG_DATA_DIRS "${shared-mime-info}/share" + ''; + # so we need to wrap the executables manually postFixup = '' find -L "$out/bin" "$out/libexec" -type f -executable -print0 \ @@ -256,6 +272,7 @@ stdenv.mkDerivation rec { # /etc/fwupd/uefi.conf is created by the services.hardware.fwupd NixOS module passthru = { filesInstalledToEtc = [ + "fwupd/ata.conf" # "fwupd/daemon.conf" # already created by the module "fwupd/redfish.conf" "fwupd/remotes.d/dell-esrt.conf" diff --git a/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch b/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch index 6c4b6b62a0c..432056cbe7f 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch +++ b/pkgs/os-specific/linux/firmware/fwupd/installed-tests-path.patch @@ -1,5 +1,5 @@ ---- a/data/installed-tests/hardware.py -+++ b/data/installed-tests/hardware.py +--- a/data/device-tests/hardware.py ++++ b/data/device-tests/hardware.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!@installedTestsPython@/bin/python3 @@ -8,18 +8,23 @@ # Copyright (C) 2017 Richard Hughes --- a/data/installed-tests/meson.build +++ b/data/installed-tests/meson.build -@@ -1,6 +1,6 @@ - con2 = configuration_data() - con2.set('installedtestsdir', -- join_paths(datadir, 'installed-tests', 'fwupd')) -+ join_paths('@installedTests@', 'share', 'installed-tests', 'fwupd')) - con2.set('bindir', bindir) +@@ -1,4 +1,4 @@ +-installed_test_datadir = join_paths(datadir, 'installed-tests', 'fwupd') ++installed_test_datadir = join_paths(get_option('installed_test_prefix'), 'share', 'installed-tests', 'fwupd') - configure_file( -@@ -52,5 +52,5 @@ + con2 = configuration_data() + con2.set('installedtestsdir', installed_test_datadir) +@@ -52,5 +52,5 @@ configure_file( output : 'fwupd-tests.conf', configuration : con2, install: true, - install_dir: join_paths(sysconfdir, 'fwupd', 'remotes.d'), -+ install_dir: join_paths('@installedTests@', 'etc', 'fwupd', 'remotes.d'), ++ install_dir: join_paths(get_option('installed_test_prefix'), 'etc', 'fwupd', 'remotes.d'), ) +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -1,3 +1,4 @@ ++option('installed_test_prefix', type: 'string', value: '', description: 'Prefix for installed tests') + option('build', type : 'combo', choices : ['all', 'standalone', 'library'], value : 'all', description : 'build type') + option('agent', type : 'boolean', value : true, description : 'enable the fwupd agent') + option('consolekit', type : 'boolean', value : true, description : 'enable ConsoleKit support') -- cgit 1.4.1 From 00222dbb0efd3234b471207aa329025cf38d7d8b Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Sun, 19 Apr 2020 16:25:48 +0200 Subject: bbswitch: fix build with Linux kernel version >= 5.6.0 Fixes https://github.com/NixOS/nixpkgs/issues/85564. --- pkgs/os-specific/linux/bbswitch/default.nix | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/bbswitch/default.nix b/pkgs/os-specific/linux/bbswitch/default.nix index eea8d31f24d..67cbc6e5c5e 100644 --- a/pkgs/os-specific/linux/bbswitch/default.nix +++ b/pkgs/os-specific/linux/bbswitch/default.nix @@ -15,10 +15,16 @@ stdenv.mkDerivation { sha256 = "0xql1nv8dafnrcg54f3jsi3ny3cd2ca9iv73pxpgxd2gfczvvjkn"; }; - patches = [ (fetchpatch { - url = "https://github.com/Bumblebee-Project/bbswitch/pull/102.patch"; - sha256 = "1lbr6pyyby4k9rn2ry5qc38kc738d0442jhhq57vmdjb6hxjya7m"; - }) ]; + patches = [ + (fetchpatch { + url = "https://github.com/Bumblebee-Project/bbswitch/pull/102.patch"; + sha256 = "1lbr6pyyby4k9rn2ry5qc38kc738d0442jhhq57vmdjb6hxjya7m"; + }) + (fetchpatch { + url = "https://github.com/Bumblebee-Project/bbswitch/pull/196.patch"; + sha256 = "02ihy3piws7783qbm9q0mb9s18ipn5ckdy1iar74xn31qjrsn99n"; + }) + ]; nativeBuildInputs = kernel.moduleBuildDependencies; -- cgit 1.4.1 From 4307923b86cb7764a3a6709cebcfdf934e85d5ba Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 00:23:41 +0200 Subject: linux: 5.6.4 -> 5.6.5 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index 950c60ac268..d3334293dc1 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.4"; + version = "5.6.5"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "14cxbc9xi4s3xwx4yb1yd4z0kidsk3d443skf5sgmdhcalg79wax"; + sha256 = "1rjjkcmzsj9azggh960qnk2x44ns475b8nbd4nxazrz1rgdx76zp"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 8879086cfc78e192f4ca5f3f212dfda264c5381a Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 01:01:11 +0200 Subject: linux: 5.5.17 -> 5.5.18 --- pkgs/os-specific/linux/kernel/linux-5.5.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.5.nix b/pkgs/os-specific/linux/kernel/linux-5.5.nix index c4fbe1aea5e..ecb92b5bfe7 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.5.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.5.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.5.17"; + version = "5.5.18"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "06aqhlysa7zdj6c69hyii3hfqlfa9751ivga38rbqw1lr2gbbnj0"; + sha256 = "01iiiq4dsyyc5y6b52wax9as6dzhdi172vd1423sc1yp4rrk8178"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From eb41f8122e394d77993524f1fa485d1b09cbefaa Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 01:01:32 +0200 Subject: linux/hardened-patches/5.6.4: remove --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 ----- 1 file changed, 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 24c44dd1ed1..f334e75d070 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -18,10 +18,5 @@ "sha256": "1lms090kkk4vlvfssqsm7r3j88hlf8smrnpcgq24v9rq9pbr0fyw", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.17.a/linux-hardened-5.5.17.a.patch", "version_suffix": "a" - }, - "5.6.4": { - "sha256": "05wkzh7927n71x4cl69mclc44grqpnx6i65hli470q1rg1qrk26n", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.4.a/linux-hardened-5.6.4.a.patch", - "version_suffix": "a" } } -- cgit 1.4.1 From e7a65e6c411926700fad23c4f8ec2b087d9dc414 Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 01:01:32 +0200 Subject: linux/hardened-patches/5.5.17: remove --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 ----- 1 file changed, 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index f334e75d070..a0042ad7953 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -13,10 +13,5 @@ "sha256": "154iz7i9l0hihjrmfk6rjh7hhqwyhsdjr2c74m3dhadrlm5hwy89", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.32.a/linux-hardened-5.4.32.a.patch", "version_suffix": "NixOS-a" - }, - "5.5.17": { - "sha256": "1lms090kkk4vlvfssqsm7r3j88hlf8smrnpcgq24v9rq9pbr0fyw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.17.a/linux-hardened-5.5.17.a.patch", - "version_suffix": "a" } } -- cgit 1.4.1 From 0fd9293703654eb271ad7baf7c4fa7b7043af8dd Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 01:01:39 +0200 Subject: linux/hardened-patches/5.6.5: init at 5.6.5.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index a0042ad7953..45d95ba3ec4 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -13,5 +13,10 @@ "sha256": "154iz7i9l0hihjrmfk6rjh7hhqwyhsdjr2c74m3dhadrlm5hwy89", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.32.a/linux-hardened-5.4.32.a.patch", "version_suffix": "NixOS-a" + }, + "5.6.5": { + "sha256": "19cdpygm5zx3szxl456lfjg5sffqcmn18470wv7prm8rf6liqdj3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.5.a/linux-hardened-5.6.5.a.patch", + "version_suffix": "a" } } -- cgit 1.4.1 From 48d908b731c954bc6ad2c032dcd090d40b1d2121 Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 01:01:45 +0200 Subject: linux/hardened-patches/5.5.18: init at 5.5.18.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 45d95ba3ec4..464e83c1dee 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -14,6 +14,11 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.32.a/linux-hardened-5.4.32.a.patch", "version_suffix": "NixOS-a" }, + "5.5.18": { + "sha256": "0v7vla784sf1fk6d8qa5x8hkyhjb1jkw4lxxcgvvlqbmxl8md8ld", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.18.a/linux-hardened-5.5.18.a.patch", + "version_suffix": "a" + }, "5.6.5": { "sha256": "19cdpygm5zx3szxl456lfjg5sffqcmn18470wv7prm8rf6liqdj3", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.5.a/linux-hardened-5.6.5.a.patch", -- cgit 1.4.1 From 45343beffee8238973060aff1f5472b915a0288b Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 01:01:50 +0200 Subject: linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 464e83c1dee..896f574a5b2 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -10,9 +10,9 @@ "version_suffix": "NixOS-a" }, "5.4.33": { - "sha256": "154iz7i9l0hihjrmfk6rjh7hhqwyhsdjr2c74m3dhadrlm5hwy89", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.32.a/linux-hardened-5.4.32.a.patch", - "version_suffix": "NixOS-a" + "sha256": "1hjfvhyvz5kyvx25809brhsvfv9mjv9q1mw6ydb71gfwhw6q8d8b", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.33.a/linux-hardened-5.4.33.a.patch", + "version_suffix": "a" }, "5.5.18": { "sha256": "0v7vla784sf1fk6d8qa5x8hkyhjb1jkw4lxxcgvvlqbmxl8md8ld", -- cgit 1.4.1 From 523fe988217eaa56952c2a87760fef612c857bee Mon Sep 17 00:00:00 2001 From: kraem Date: Mon, 20 Apr 2020 01:01:56 +0200 Subject: linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 896f574a5b2..97fbbb405e3 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -5,9 +5,9 @@ "version_suffix": "a" }, "4.19.116": { - "sha256": "1f54g0xw708kxha07nsb979h5vwxjrkbwa5h04zny2kq702x1h13", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.115.a/linux-hardened-4.19.115.a.patch", - "version_suffix": "NixOS-a" + "sha256": "00y4i905gzs9w9kckrn1frh2vw32fsndz03g2psl1gk17snc3q7c", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.116.a/linux-hardened-4.19.116.a.patch", + "version_suffix": "a" }, "5.4.33": { "sha256": "1hjfvhyvz5kyvx25809brhsvfv9mjv9q1mw6ydb71gfwhw6q8d8b", -- cgit 1.4.1 From 3e880bad79d2cef9afc02db6d635e30479f18418 Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Mon, 20 Apr 2020 19:51:49 -0400 Subject: darwin.cctools: split man output --- pkgs/os-specific/darwin/cctools/port.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix index 368f2938064..e73d185fc41 100644 --- a/pkgs/os-specific/darwin/cctools/port.nix +++ b/pkgs/os-specific/darwin/cctools/port.nix @@ -28,7 +28,7 @@ let sha256 = "0h8b1my0wf1jyjq63wbiqkl2clgxsf87f6i4fjhqs431fzlq8sac"; }; - outputs = [ "out" "dev" ]; + outputs = [ "out" "dev" "man" ]; nativeBuildInputs = [ autoconf automake libtool autoreconfHook ]; buildInputs = [ libuuid ] -- cgit 1.4.1 From 125c469d3ee8ee6d4aea285e0aff456031435572 Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Mon, 20 Apr 2020 20:05:35 -0400 Subject: darwin.binutils.bintools: propagate man pages from cctools --- pkgs/os-specific/darwin/binutils/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/darwin/binutils/default.nix b/pkgs/os-specific/darwin/binutils/default.nix index e31f9b91f97..fad33b21d04 100644 --- a/pkgs/os-specific/darwin/binutils/default.nix +++ b/pkgs/os-specific/darwin/binutils/default.nix @@ -16,7 +16,7 @@ in stdenv.mkDerivation { pname = "${targetPrefix}cctools-binutils-darwin"; inherit (cctools) version; - outputs = [ "out" "info" "man" ]; + outputs = [ "out" "man" ]; buildCommand = '' mkdir -p $out/bin $out/include @@ -42,12 +42,13 @@ stdenv.mkDerivation { ln -s ${cctools}/libexec $out/libexec - mkdir -p "$info/nix-support" "$man/nix-support" - printWords ${binutils-unwrapped.info} \ - >> $info/nix-support/propagated-build-inputs - # FIXME: cctools missing man pages - printWords ${binutils-unwrapped.man} \ - >> $man/nix-support/propagated-build-inputs + mkdir -p "$man"/share/man/man{1,5} + for i in ${builtins.concatStringsSep " " cmds}; do + for path in "${cctools.man}"/share/man/man?/$i.*; do + dest_path="$man''${path#${cctools.man}}" + ln -sv "$path" "$dest_path" + done + done ''; passthru = { -- cgit 1.4.1 From c00ad799a084ec2896ebfefff3ae6b31eade49d5 Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Mon, 20 Apr 2020 23:52:24 -0400 Subject: darwin.cctools: install ar man pages In the distribution they are located in a separate directory from the others and the standard installation doesn't process them. --- pkgs/os-specific/darwin/cctools/port.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix index e73d185fc41..0c25f225291 100644 --- a/pkgs/os-specific/darwin/cctools/port.nix +++ b/pkgs/os-specific/darwin/cctools/port.nix @@ -1,4 +1,5 @@ { stdenv, fetchFromGitHub, autoconf, automake, libtool, autoreconfHook +, installShellFiles , libcxxabi, libuuid , libobjc ? null, maloader ? null , enableTapiSupport ? true, libtapi @@ -30,7 +31,7 @@ let outputs = [ "out" "dev" "man" ]; - nativeBuildInputs = [ autoconf automake libtool autoreconfHook ]; + nativeBuildInputs = [ autoconf automake libtool autoreconfHook installShellFiles ]; buildInputs = [ libuuid ] ++ stdenv.lib.optionals stdenv.isDarwin [ libcxxabi libobjc ] ++ stdenv.lib.optional enableTapiSupport libtapi; @@ -88,6 +89,8 @@ let pushd include make DSTROOT=$out/include RC_OS=common install popd + + installManPage ar/ar.{1,5} ''; passthru = { -- cgit 1.4.1 From 7760cff5d713ee004297ef3e590a4acb68665b83 Mon Sep 17 00:00:00 2001 From: oxalica Date: Mon, 9 Mar 2020 12:45:12 +0800 Subject: util-linux: 2.33.2 -> 2.35.1 --- pkgs/os-specific/linux/util-linux/default.nix | 4 +- .../rtcwake-search-PATH-for-shutdown.patch | 68 +++++++++++++++++----- 2 files changed, 57 insertions(+), 15 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index f0cc6fd5a9b..aa23a162a92 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "util-linux"; - version = "2.33.2"; + version = "2.35.1"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "15yf2dh4jd1kg6066hydlgdhhs2j3na13qld8yx30qngqvmfh6v3"; + sha256 = "1yfpy6bkab4jw61mpx48gfy24yrqp4a7arvpis8csrkk53fkxpnr"; }; patches = [ diff --git a/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch b/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch index 5f38861bf68..52c970a18f3 100644 --- a/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch +++ b/pkgs/os-specific/linux/util-linux/rtcwake-search-PATH-for-shutdown.patch @@ -2,26 +2,68 @@ Search $PATH for the shutdown binary instead of hard-coding /sbin/shutdown, which isn't valid on NixOS (and a compatibility link on most other modern distros anyway). - -- nckx --- a/include/pathnames.h +++ b/include/pathnames.h -@@ -53,7 +53,7 @@ +@@ -50,8 +50,8 @@ #ifndef _PATH_LOGIN - #define _PATH_LOGIN "/bin/login" + # define _PATH_LOGIN "/bin/login" #endif -#define _PATH_SHUTDOWN "/sbin/shutdown" -+#define _PATH_SHUTDOWN "shutdown" - +-#define _PATH_POWEROFF "/sbin/poweroff" ++#define _PATH_SHUTDOWN "shutdown" ++#define _PATH_POWEROFF "poweroff" + #define _PATH_TERMCOLORS_DIRNAME "terminal-colors.d" #define _PATH_TERMCOLORS_DIR "/etc/" _PATH_TERMCOLORS_DIRNAME --- a/sys-utils/rtcwake.c +++ b/sys-utils/rtcwake.c -@@ -575,7 +575,7 @@ int main(int argc, char **argv) - arg[i++] = "now"; - arg[i] = NULL; - if (!ctl.dryrun) { -- execv(arg[0], arg); +@@ -587,29 +587,29 @@ int main(int argc, char **argv) + char *arg[5]; + int i = 0; + +- if (!access(_PATH_SHUTDOWN, X_OK)) { +- arg[i++] = _PATH_SHUTDOWN; +- arg[i++] = "-h"; +- arg[i++] = "-P"; +- arg[i++] = "now"; +- arg[i] = NULL; +- } else if (!access(_PATH_POWEROFF, X_OK)) { +- arg[i++] = _PATH_POWEROFF; +- arg[i] = NULL; +- } else { +- arg[i] = NULL; +- } ++ arg[i++] = _PATH_SHUTDOWN; ++ arg[i++] = "-h"; ++ arg[i++] = "-P"; ++ arg[i++] = "now"; ++ arg[i] = NULL; + +- if (arg[0]) { +- if (ctl.verbose) +- printf(_("suspend mode: off; executing %s\n"), +- arg[0]); +- if (!ctl.dryrun) { +- execv(arg[0], arg); ++ if (ctl.verbose) ++ printf(_("suspend mode: off; executing %s\n"), ++ arg[0]); ++ ++ if (!ctl.dryrun) { ++ execvp(arg[0], arg); ++ if (ctl.verbose) { + warn(_("failed to execute %s"), arg[0]); +- rc = EX_EXEC_ENOENT; ++ // Reuse translations. ++ printf(_("suspend mode: off; executing %s\n"), ++ _PATH_POWEROFF); + } +- } else { ++ ++ i = 0; ++ arg[i++] = _PATH_POWEROFF; ++ arg[i] = NULL; + execvp(arg[0], arg); - warn(_("failed to execute %s"), _PATH_SHUTDOWN); - rc = EXIT_FAILURE; - } + /* Failed to find shutdown command */ + warn(_("failed to find shutdown command")); + rc = EX_EXEC_ENOENT; -- cgit 1.4.1 From 6673a4988e4a4ff25ca94a84d8e2acf92453dbf1 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Tue, 21 Apr 2020 08:35:40 +0200 Subject: gnupg: use libusb1 (#85374) * gnupg: use libusb1 This fixes scdaemon's direct ccid support. * systemd: fix gnupg-minimal --- pkgs/os-specific/linux/systemd/default.nix | 2 +- pkgs/tools/security/gnupg/22.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 3a83ee63172..5728431b059 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -24,7 +24,7 @@ let gnupg-minimal = gnupg.override { pinentry = null; adns = null; gnutls = null; - libusb = null; + libusb1 = null; openldap = null; readline = null; zlib = null; diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index f87e985c95a..7c095cffa31 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -4,7 +4,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. , guiSupport ? true, enableMinimal ? false -, adns ? null , bzip2 ? null , gnutls ? null , libusb ? null , openldap ? null +, adns ? null , bzip2 ? null , gnutls ? null , libusb1 ? null , openldap ? null , pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ? null }: @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig texinfo ]; buildInputs = [ libgcrypt libassuan libksba libiconv npth gettext - readline libusb gnutls adns openldap zlib bzip2 sqlite + readline libusb1 gnutls adns openldap zlib bzip2 sqlite ]; patches = [ -- cgit 1.4.1 From e074301be894c208f2c3eff7812dc89cb83dee61 Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 21:58:03 +0200 Subject: linux: 4.19.116 -> 4.19.117 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index cdb19fd54ab..6ff9919e192 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.116"; + version = "4.19.117"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0r3vdc3npl1bn06w9v6wsq7d5mm7bnhm9wsz36pb9ar3xhimvrlf"; + sha256 = "12xc1pwhwq4vp67hmn7hdynl4ik76cni79356hpzf1lbiqlrya6n"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 18c2b5a9aa262e65e0fecdb8c323a363a7787980 Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 21:58:45 +0200 Subject: linux: 5.4.33 -> 5.4.34 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index b2de6ea8689..69519a156fe 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.33"; + version = "5.4.34"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0q9q48ij6vppfcrdf7fr24pvpwsd13pxjkdni6rnjq9a60hrcmxm"; + sha256 = "1ljcsrw9jknw2d9hb0yfr1pwy85l8z4rqycgd0kad9mb9lrw2glh"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 1e23dcbf224d256c2455937c9e3a06df633ba798 Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 21:59:22 +0200 Subject: linux: 5.5.18 -> 5.5.19 --- pkgs/os-specific/linux/kernel/linux-5.5.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.5.nix b/pkgs/os-specific/linux/kernel/linux-5.5.nix index ecb92b5bfe7..96a349d985c 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.5.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.5.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.5.18"; + version = "5.5.19"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "01iiiq4dsyyc5y6b52wax9as6dzhdi172vd1423sc1yp4rrk8178"; + sha256 = "1sqiw9d25sqqzdh04dd722i7ff6kchj869jp4l8zalpvf51k6j0l"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From c9cf25bc617492b7b3907768d80bda32d7f5d917 Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 21:59:59 +0200 Subject: linux: 5.6.5 -> 5.6.6 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index d3334293dc1..4ed77c98301 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.5"; + version = "5.6.6"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1rjjkcmzsj9azggh960qnk2x44ns475b8nbd4nxazrz1rgdx76zp"; + sha256 = "1m3blvkma08v5y11jh0vhf4sr7jbcylkh15bssb5dgp40p8cx134"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 15807c58ad585202c028d791d8c4d166bbf79be7 Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 22:18:02 +0200 Subject: linux/hardened-patches/5.4.33: remove --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 ----- 1 file changed, 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 97fbbb405e3..e630469c999 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -9,11 +9,6 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.116.a/linux-hardened-4.19.116.a.patch", "version_suffix": "a" }, - "5.4.33": { - "sha256": "1hjfvhyvz5kyvx25809brhsvfv9mjv9q1mw6ydb71gfwhw6q8d8b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.33.a/linux-hardened-5.4.33.a.patch", - "version_suffix": "a" - }, "5.5.18": { "sha256": "0v7vla784sf1fk6d8qa5x8hkyhjb1jkw4lxxcgvvlqbmxl8md8ld", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.18.a/linux-hardened-5.5.18.a.patch", -- cgit 1.4.1 From 9ed70f4e4616edb21db19a453c5e9a588d766ca4 Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 22:18:03 +0200 Subject: linux/hardened-patches/5.6.5: remove --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 ----- 1 file changed, 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index e630469c999..3b43398cda1 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -13,10 +13,5 @@ "sha256": "0v7vla784sf1fk6d8qa5x8hkyhjb1jkw4lxxcgvvlqbmxl8md8ld", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.18.a/linux-hardened-5.5.18.a.patch", "version_suffix": "a" - }, - "5.6.5": { - "sha256": "19cdpygm5zx3szxl456lfjg5sffqcmn18470wv7prm8rf6liqdj3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.5.a/linux-hardened-5.6.5.a.patch", - "version_suffix": "a" } } -- cgit 1.4.1 From 8f2e9fcaddd5ad0ce602b2e767f515623bf261ae Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 22:18:03 +0200 Subject: linux/hardened-patches/5.5.18: remove --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 ----- 1 file changed, 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 3b43398cda1..b225924118f 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -8,10 +8,5 @@ "sha256": "00y4i905gzs9w9kckrn1frh2vw32fsndz03g2psl1gk17snc3q7c", "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.116.a/linux-hardened-4.19.116.a.patch", "version_suffix": "a" - }, - "5.5.18": { - "sha256": "0v7vla784sf1fk6d8qa5x8hkyhjb1jkw4lxxcgvvlqbmxl8md8ld", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.18.a/linux-hardened-5.5.18.a.patch", - "version_suffix": "a" } } -- cgit 1.4.1 From efafc50f5caa4c632015a9c9404b0cef7a470390 Mon Sep 17 00:00:00 2001 From: kraem Date: Tue, 21 Apr 2020 22:18:03 +0200 Subject: linux/hardened-patches/4.19.116: remove --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 ----- 1 file changed, 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index b225924118f..47c55969b10 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -3,10 +3,5 @@ "sha256": "0pr3m2j63mc746fcbzg1hlwv85im9f87qkl6r4033gwnpa9brcgk", "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch", "version_suffix": "a" - }, - "4.19.116": { - "sha256": "00y4i905gzs9w9kckrn1frh2vw32fsndz03g2psl1gk17snc3q7c", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.116.a/linux-hardened-4.19.116.a.patch", - "version_suffix": "a" } } -- cgit 1.4.1 From c8b5e3776436b3156415366522c2e3e1a38bf874 Mon Sep 17 00:00:00 2001 From: kraem Date: Wed, 22 Apr 2020 02:12:17 +0200 Subject: linux/hardened-patches/5.6.6: init at 5.6.6.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 47c55969b10..314ad1017ef 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -3,5 +3,10 @@ "sha256": "0pr3m2j63mc746fcbzg1hlwv85im9f87qkl6r4033gwnpa9brcgk", "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch", "version_suffix": "a" + }, + "5.6.6": { + "sha256": "0jiqh0frxirjbccgfdk007fca6r6n36n0pkqq4jszkckn59ayl7r", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.6.a/linux-hardened-5.6.6.a.patch", + "version_suffix": "a" } } -- cgit 1.4.1 From 3c81b3df4e07a67cc6f2eb2677f507617a3f33a3 Mon Sep 17 00:00:00 2001 From: kraem Date: Wed, 22 Apr 2020 02:12:21 +0200 Subject: linux/hardened-patches/5.5.19: init at 5.5.19.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 314ad1017ef..f72421e310d 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -4,6 +4,11 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch", "version_suffix": "a" }, + "5.5.19": { + "sha256": "1ya5nsfhr3nwz6qiz4pdhvm6k9mx1kr0prhdvhx3p40f1vk281sc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch", + "version_suffix": "a" + }, "5.6.6": { "sha256": "0jiqh0frxirjbccgfdk007fca6r6n36n0pkqq4jszkckn59ayl7r", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.6.a/linux-hardened-5.6.6.a.patch", -- cgit 1.4.1 From 99f30a5635e0b76ce4faa92354ebb594368c09c0 Mon Sep 17 00:00:00 2001 From: kraem Date: Wed, 22 Apr 2020 02:12:25 +0200 Subject: linux/hardened-patches/5.4.34: init at 5.4.34.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index f72421e310d..689f3d67260 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -4,6 +4,11 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch", "version_suffix": "a" }, + "5.4.34": { + "sha256": "1xwpqr9nzpjg837b3wnzb8fmrl2g9rz8gz5yb55vnnllbzbz36v6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.34.a/linux-hardened-5.4.34.a.patch", + "version_suffix": "a" + }, "5.5.19": { "sha256": "1ya5nsfhr3nwz6qiz4pdhvm6k9mx1kr0prhdvhx3p40f1vk281sc", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch", -- cgit 1.4.1 From fca903c7ddf3043d74ff54e398f029751732c9d5 Mon Sep 17 00:00:00 2001 From: kraem Date: Wed, 22 Apr 2020 02:12:28 +0200 Subject: linux/hardened-patches/4.19.117: init at 4.19.117.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 689f3d67260..6eb83ee8bb1 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -4,6 +4,11 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch", "version_suffix": "a" }, + "4.19.117": { + "sha256": "0c8dvh49nzypxwvsls10i896smvpdrk40x8ybljb3qk3r8j7niaw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.117.a/linux-hardened-4.19.117.a.patch", + "version_suffix": "a" + }, "5.4.34": { "sha256": "1xwpqr9nzpjg837b3wnzb8fmrl2g9rz8gz5yb55vnnllbzbz36v6", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.34.a/linux-hardened-5.4.34.a.patch", -- cgit 1.4.1 From 629068fe5b432e875a344db76d0d2da216e4fc22 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 22 Apr 2020 19:40:01 -0400 Subject: linux_latest-libre: 17402 -> 17445 --- pkgs/os-specific/linux/kernel/linux-libre.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index d167a89ea83..b13791ccb99 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "17402"; - sha256 = "1g151h6hdiwpvpip1r2rhbma8j13xghcyxddh0ppg9h548wwwack"; + rev = "17445"; + sha256 = "0d2gd2w4pbb728a7mw9dnq3aicwpjzg8zahg80ismvc9l1sym50a"; } , ... }: -- cgit 1.4.1 From 62a608fd63d8d554c38943e6dc377fcd7132b513 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 23 Apr 2020 08:16:58 -0400 Subject: linux: 4.19.117 -> 4.19.118 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 6ff9919e192..ab3d1b1a719 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.117"; + version = "4.19.118"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "12xc1pwhwq4vp67hmn7hdynl4ik76cni79356hpzf1lbiqlrya6n"; + sha256 = "15lcq3xky59v88vb8vvnmgcsmm1fadz0m4jyrii6rynsz5jr6x49"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 2f10053834b7e8eeecb35a49cffa741d231c8142 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 23 Apr 2020 08:17:06 -0400 Subject: linux: 5.4.34 -> 5.4.35 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 69519a156fe..08b28bc98dc 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.34"; + version = "5.4.35"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1ljcsrw9jknw2d9hb0yfr1pwy85l8z4rqycgd0kad9mb9lrw2glh"; + sha256 = "1m06k19pbb3wz8z2dgf03jvzbbdh6q8jwwdz509s902a53vxasz1"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 45c22565f60293b2343b1881826683e00316cb69 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 23 Apr 2020 08:17:15 -0400 Subject: linux: 5.6.6 -> 5.6.7 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index 4ed77c98301..a31e6e26d3f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.6"; + version = "5.6.7"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1m3blvkma08v5y11jh0vhf4sr7jbcylkh15bssb5dgp40p8cx134"; + sha256 = "1jljcva3gxg1yc2kw3jjgmhzzdm16nylzxl63zbndjza547l5813"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 1bceaa1ceeb68ea443be39065d03a335935021e8 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Thu, 23 Apr 2020 15:52:14 +0100 Subject: linux_hardened: fix evaluation --- pkgs/os-specific/linux/kernel/hardened-patches.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 6eb83ee8bb1..b00bcbaa715 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -9,7 +9,7 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.117.a/linux-hardened-4.19.117.a.patch", "version_suffix": "a" }, - "5.4.34": { + "5.4.35": { "sha256": "1xwpqr9nzpjg837b3wnzb8fmrl2g9rz8gz5yb55vnnllbzbz36v6", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.34.a/linux-hardened-5.4.34.a.patch", "version_suffix": "a" -- cgit 1.4.1 From 6dfd563633ba75e814f821e3b431ebefdc69da51 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Thu, 23 Apr 2020 16:44:40 +0100 Subject: linux_latest-hardened: fix evaluation --- pkgs/os-specific/linux/kernel/hardened-patches.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index b00bcbaa715..f916ad13488 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -19,7 +19,7 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch", "version_suffix": "a" }, - "5.6.6": { + "5.6.7": { "sha256": "0jiqh0frxirjbccgfdk007fca6r6n36n0pkqq4jszkckn59ayl7r", "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.6.a/linux-hardened-5.6.6.a.patch", "version_suffix": "a" -- cgit 1.4.1 From 2c1db9649e66e9399fa572d3bb0da67c6e6e1962 Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 23 Apr 2020 18:43:44 +0100 Subject: linux_*_hardened: index patches by major kernel version This will avoid breaking the build whenever a non-major kernel update happens. In the update script, we map each kernel version to the latest patch for the latest kernel version less than or equal to what we have packaged. --- .../os-specific/linux/kernel/hardened-patches.json | 30 ++-- pkgs/os-specific/linux/kernel/patches.nix | 13 +- pkgs/os-specific/linux/kernel/update-hardened.py | 151 ++++++++++++--------- pkgs/top-level/all-packages.nix | 2 +- 4 files changed, 109 insertions(+), 87 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index f916ad13488..eecb27cdb66 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -1,27 +1,27 @@ { - "4.14.176": { + "4.14": { + "name": "linux-hardened-4.14.176.a.patch", "sha256": "0pr3m2j63mc746fcbzg1hlwv85im9f87qkl6r4033gwnpa9brcgk", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch", - "version_suffix": "a" + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch" }, - "4.19.117": { + "4.19": { + "name": "linux-hardened-4.19.117.a.patch", "sha256": "0c8dvh49nzypxwvsls10i896smvpdrk40x8ybljb3qk3r8j7niaw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.117.a/linux-hardened-4.19.117.a.patch", - "version_suffix": "a" + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.117.a/linux-hardened-4.19.117.a.patch" }, - "5.4.35": { + "5.4": { + "name": "linux-hardened-5.4.34.a.patch", "sha256": "1xwpqr9nzpjg837b3wnzb8fmrl2g9rz8gz5yb55vnnllbzbz36v6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.34.a/linux-hardened-5.4.34.a.patch", - "version_suffix": "a" + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.34.a/linux-hardened-5.4.34.a.patch" }, - "5.5.19": { + "5.5": { + "name": "linux-hardened-5.5.19.a.patch", "sha256": "1ya5nsfhr3nwz6qiz4pdhvm6k9mx1kr0prhdvhx3p40f1vk281sc", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch", - "version_suffix": "a" + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, - "5.6.7": { + "5.6": { + "name": "linux-hardened-5.6.6.a.patch", "sha256": "0jiqh0frxirjbccgfdk007fca6r6n36n0pkqq4jszkckn59ayl7r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.6.a/linux-hardened-5.6.6.a.patch", - "version_suffix": "a" + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.6.a/linux-hardened-5.6.6.a.patch" } } diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 69b0197d4e6..1c4af8c32a6 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -39,16 +39,9 @@ }; hardened = let - mkPatch = kernelVersion: patch: let - fullVersion = "${kernelVersion}.${patch.version_suffix}"; - name = "linux-hardened-${fullVersion}"; - in { - inherit name; - patch = fetchurl { - name = "${name}.patch"; - inherit (patch) url sha256; - meta.maintainers = with lib.maintainers; [ emily ]; - }; + mkPatch = kernelVersion: src: { + name = lib.removeSuffix ".patch" src.name; + patch = fetchurl src; }; patches = builtins.fromJSON (builtins.readFile ./hardened-patches.json); in lib.mapAttrs mkPatch patches; diff --git a/pkgs/os-specific/linux/kernel/update-hardened.py b/pkgs/os-specific/linux/kernel/update-hardened.py index 089e991d06b..7f6949653af 100755 --- a/pkgs/os-specific/linux/kernel/update-hardened.py +++ b/pkgs/os-specific/linux/kernel/update-hardened.py @@ -17,17 +17,7 @@ HERE = os.path.dirname(os.path.realpath(__file__)) HARDENED_GITHUB_REPO = 'anthraxx/linux-hardened' HARDENED_TRUSTED_KEY = os.path.join(HERE, 'anthraxx.asc') HARDENED_PATCHES_PATH = os.path.join(HERE, 'hardened-patches.json') -MIN_KERNEL = (4, 14) - -HARDENED_VERSION_RE = re.compile(r''' - (?P [\d.]+) \. - (?P [a-z]+) -''', re.VERBOSE) - -def parse_version(version): - match = HARDENED_VERSION_RE.fullmatch(version) - if match: - return match.groups() +MIN_KERNEL_VERSION = [4, 14] def run(*args, **kwargs): try: @@ -78,11 +68,12 @@ def fetch_patch(*, name, release): except StopIteration: raise KeyError(filename) + patch_filename = f'{name}.patch' try: - patch_url = find_asset(f'{name}.patch') - sig_url = find_asset(f'{name}.patch.sig') + patch_url = find_asset(patch_filename) + sig_url = find_asset(patch_filename + '.sig') except KeyError: - print(f'error: {name}.patch{{,sig}} not present', file=sys.stderr) + print(f'error: {patch_filename}{{,.sig}} not present', file=sys.stderr) return None sha256, patch_path = nix_prefetch_url(patch_url) @@ -97,16 +88,32 @@ def fetch_patch(*, name, release): return None return { + 'name': patch_filename, 'url': patch_url, 'sha256': sha256, } -def commit_patches(*, kernel_version, message): +def parse_version(version_str): + version = [] + for component in version_str.split('.'): + try: + version.append(int(component)) + except ValueError: + version.append(component) + return version + +def version_string(version): + return '.'.join(str(component) for component in version) + +def major_kernel_version_key(kernel_version): + return version_string(kernel_version[:-1]) + +def commit_patches(*, kernel_key, message): with open(HARDENED_PATCHES_PATH + '.new', 'w') as new_patches_file: json.dump(patches, new_patches_file, indent=4, sort_keys=True) new_patches_file.write('\n') os.rename(HARDENED_PATCHES_PATH + '.new', HARDENED_PATCHES_PATH) - message = f'linux/hardened-patches/{kernel_version}: {message}' + message = f'linux/hardened-patches/{kernel_key}: {message}' print(message) if os.environ.get('COMMIT'): run( @@ -125,74 +132,96 @@ NIX_VERSION_RE = re.compile(r''' ''', re.VERBOSE) # Get the set of currently packaged kernel versions. -kernel_versions = set() +kernel_versions = {} for filename in os.listdir(HERE): filename_match = re.fullmatch(r'linux-(\d+)\.(\d+)\.nix', filename) if filename_match: - if tuple(int(v) for v in filename_match.groups()) < MIN_KERNEL: - continue with open(os.path.join(HERE, filename)) as nix_file: for nix_line in nix_file: match = NIX_VERSION_RE.fullmatch(nix_line) if match: - kernel_versions.add(match.group('version')) + kernel_version = parse_version(match.group('version')) + if kernel_version < MIN_KERNEL_VERSION: + continue + kernel_key = major_kernel_version_key(kernel_version) + kernel_versions[kernel_key] = kernel_version -# Remove patches for old kernel versions. -for kernel_version in patches.keys() - kernel_versions: - del patches[kernel_version] - commit_patches(kernel_version=kernel_version, message='remove') +# Remove patches for unpackaged kernel versions. +for kernel_key in sorted(patches.keys() - kernel_versions.keys()): + commit_patches(kernel_key=kernel_key, message='remove') g = Github(os.environ.get('GITHUB_TOKEN')) repo = g.get_repo(HARDENED_GITHUB_REPO) -releases = repo.get_releases() -found_kernel_versions = set() failures = False -for release in releases: - remaining_kernel_versions = kernel_versions - found_kernel_versions - - if not remaining_kernel_versions: - break +# Match each kernel version with the best patch version. +releases = {} +for release in repo.get_releases(): + version = parse_version(release.tag_name) + # needs to look like e.g. 5.6.3.a + if len(version) < 4: + continue - version = release.tag_name - name = f'linux-hardened-{version}' - version_info = parse_version(version) - if not version_info: + kernel_version = version[:-1] + kernel_key = major_kernel_version_key(kernel_version) + try: + packaged_kernel_version = kernel_versions[kernel_key] + except KeyError: continue - kernel_version, version_suffix = version_info - if kernel_version in remaining_kernel_versions: - found_kernel_versions.add(kernel_version) - try: - old_version_suffix = patches[kernel_version]['version_suffix'] - old_version = f'{kernel_version}.{old_version_suffix}' - update = old_version_suffix < version_suffix - except KeyError: - update = True - old_version = None - - if update: - patch = fetch_patch(name=name, release=release) - if patch is None: - failures = True + release_info = { + 'version': version, + 'release': release, + } + + if kernel_version == packaged_kernel_version: + releases[kernel_key] = release_info + else: + # Fall back to the latest patch for this major kernel version, + # skipping patches for kernels newer than the packaged one. + if kernel_version > packaged_kernel_version: + continue + elif (kernel_key not in releases or + releases[kernel_key]['version'] < version): + releases[kernel_key] = release_info + +# Update hardened-patches.json for each release. +for kernel_key, release_info in releases.items(): + release = release_info['release'] + version = release_info['version'] + version_str = release.tag_name + name = f'linux-hardened-{version_str}' + + try: + old_filename = patches[kernel_key]['name'] + old_version_str = (old_filename + .replace('linux-hardened-', '') + .replace('.patch', '')) + old_version = parse_version(old_version_str) + update = old_version < version + except KeyError: + update = True + old_version = None + + if update: + patch = fetch_patch(name=name, release=release) + if patch is None: + failures = True + else: + patches[kernel_key] = patch + if old_version: + message = f'{old_version_str} -> {version_str}' else: - patch['version_suffix'] = version_suffix - patches[kernel_version] = patch - if old_version: - message = f'{old_version} -> {version}' - else: - message = f'init at {version}' - commit_patches(kernel_version=kernel_version, message=message) + message = f'init at {version_str}' + commit_patches(kernel_key=kernel_key, message=message) -missing_kernel_versions = kernel_versions - patches.keys() +missing_kernel_versions = kernel_versions.keys() - patches.keys() if missing_kernel_versions: print( f'warning: no patches for kernel versions ' + - ', '.join(missing_kernel_versions) + - '\nwarning: consider manually backporting older patches (bump ' - 'JSON key, set version_suffix to "NixOS-a")', + ', '.join(missing_kernel_versions), file=sys.stderr, ) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e4c3019ff37..166a4b82527 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17047,7 +17047,7 @@ in }; kernelPatches = kernel.kernelPatches ++ [ kernelPatches.tag_hardened - kernelPatches.hardened.${kernel.version} + kernelPatches.hardened.${kernel.meta.branch} ]; modDirVersionArg = kernel.modDirVersion + "-hardened"; }); -- cgit 1.4.1 From bfe072dc4b29d7ecc687e8e3af29466ec3d81481 Mon Sep 17 00:00:00 2001 From: Savanni D'Gerinel Date: Thu, 23 Apr 2020 22:08:34 -0400 Subject: Add a Zenstates derivation --- pkgs/os-specific/linux/zenstates/default.nix | 54 ++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 1 + 2 files changed, 55 insertions(+) create mode 100644 pkgs/os-specific/linux/zenstates/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/zenstates/default.nix b/pkgs/os-specific/linux/zenstates/default.nix new file mode 100644 index 00000000000..b54ff669266 --- /dev/null +++ b/pkgs/os-specific/linux/zenstates/default.nix @@ -0,0 +1,54 @@ +# Zenstates provides access to a variety of CPU tunables no Ryzen processors. +# +# In particular, I am adding Zenstates because I need it to disable the C6 +# sleep state to stabilize wake from sleep on my Lenovo x395 system. After +# installing Zenstates, I need a before-sleep script like so: +# +# before-sleep = pkgs.writeScript "before-sleep" '' +# #!${pkgs.bash}/bin/bash +# ${pkgs.zenstates}/bin/zenstates --c6-disable +# ''; +# +# ... +# +# systemd.services.before-sleep = { +# description = "Jobs to run before going to sleep"; +# serviceConfig = { +# Type = "oneshot"; +# ExecStart = "${before-sleep}"; +# }; +# wantedBy = [ "sleep.target" ]; +# before = [ "sleep.target" ]; +# }; + +{ stdenv, fetchFromGitHub, python3 }: +stdenv.mkDerivation rec { + pname = "zenstates"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "r4m0n"; + repo = "ZenStates-Linux"; + rev = "0bc27f4740e382f2a2896dc1dabfec1d0ac96818"; + sha256 = "1h1h2n50d2cwcyw3zp4lamfvrdjy1gjghffvl3qrp6arfsfa615y"; + }; + + buildInputs = [ python3 ]; + + phases = [ "installPhase" ]; + + installPhase = '' + mkdir -p $out/bin + cp $src/zenstates.py $out/bin/zenstates + chmod +x $out/bin/zenstates + patchShebangs --build $out/bin/zenstates + ''; + + meta = with stdenv.lib; { + description = "Linux utility for Ryzen processors and motherboards"; + homepage = "https://github.com/r4m0n/ZenStates-Linux"; + license = licenses.mit; + maintainers = with maintainers; [ savannidgerinel ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 209bf184845..78f07dc3c16 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26505,4 +26505,5 @@ in jitsi-meet-electron = callPackage ../applications/networking/instant-messengers/jitsi-meet-electron { }; + zenstates = callPackage ../os-specific/linux/zenstates {}; } -- cgit 1.4.1 From 4db7911b5bf7e68eb085ac5f64e0cbc3f3bac237 Mon Sep 17 00:00:00 2001 From: Savanni D'Gerinel Date: Thu, 23 Apr 2020 22:17:30 -0400 Subject: Set version to 0.0.1 ZenStates-Linux doesn't actually have a version, so I'm setting the version to 0.0.1 in case the developer eventually does start doing releases. --- pkgs/os-specific/linux/zenstates/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/zenstates/default.nix b/pkgs/os-specific/linux/zenstates/default.nix index b54ff669266..4ac77c00aa3 100644 --- a/pkgs/os-specific/linux/zenstates/default.nix +++ b/pkgs/os-specific/linux/zenstates/default.nix @@ -24,7 +24,7 @@ { stdenv, fetchFromGitHub, python3 }: stdenv.mkDerivation rec { pname = "zenstates"; - version = "0.1.0"; + version = "0.0.1"; src = fetchFromGitHub { owner = "r4m0n"; -- cgit 1.4.1 From 34276b84c5b84f40d46fa3919fbdcd159856469c Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 24 Apr 2020 15:02:11 +0200 Subject: nvme-cli: 1.10.1 -> 1.11.1 --- pkgs/os-specific/linux/nvme-cli/default.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/nvme-cli/default.nix b/pkgs/os-specific/linux/nvme-cli/default.nix index d0aca3bbc82..616ad9c6764 100644 --- a/pkgs/os-specific/linux/nvme-cli/default.nix +++ b/pkgs/os-specific/linux/nvme-cli/default.nix @@ -1,17 +1,17 @@ -{ lib, stdenv, fetchFromGitHub, pkgconfig }: +{ lib, stdenv, fetchFromGitHub, pkg-config }: stdenv.mkDerivation rec { pname = "nvme-cli"; - version = "1.10.1"; + version = "1.11.1"; src = fetchFromGitHub { owner = "linux-nvme"; repo = "nvme-cli"; rev = "v${version}"; - sha256 = "12wp2wxmsw2v8m9bhvwvdbhdgx1md8iilhbl19sfzz2araiwi2x8"; + sha256 = "06cxs41biqx230grvpk7zid3apcaajjywrccag50krb6h2wqafdl"; }; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkg-config ]; makeFlags = [ "DESTDIR=$(out)" "PREFIX=" ]; @@ -20,8 +20,16 @@ stdenv.mkDerivation rec { installTargets = [ "install-spec" ]; meta = with lib; { - inherit (src.meta) homepage; + inherit (src.meta) homepage; # https://nvmexpress.org/ description = "NVM-Express user space tooling for Linux"; + longDescription = '' + NVM-Express is a fast, scalable host controller interface designed to + address the needs for not only PCI Express based solid state drives, but + also NVMe-oF(over fabrics). + This nvme program is a user space utility to provide standards compliant + tooling for NVM-Express drives. It was made specifically for Linux as it + relies on the IOCTLs defined by the mainline kernel driver. + ''; license = licenses.gpl2Plus; platforms = platforms.linux; maintainers = with maintainers; [ primeos tavyc ]; -- cgit 1.4.1 From d40391145108d3db0f06ddfc806e5de25547c032 Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Fri, 24 Apr 2020 10:57:17 -0500 Subject: linux_testing: 5.6-rc7 -> 5.7-rc2 Signed-off-by: Austin Seipp --- pkgs/os-specific/linux/kernel/linux-testing.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index e63fe96be6b..9e2ccaeae2b 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,15 +3,15 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6-rc7"; - extraMeta.branch = "5.6"; + version = "5.7-rc2"; + extraMeta.branch = "5.7"; # modDirVersion needs to be x.y.z, will always add .0 modDirVersion = if (modDirVersionArg == null) then builtins.replaceStrings ["-"] [".0-"] version else modDirVersionArg; src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "0wv3ipfm970y2pyadwn5g7hd9bj117qk8jl8sdhrasbsy1p8936i"; + sha256 = "06h7lrif84gyzblrdgg4cirsr2v69sdbymwkk89nr3gc87hnjlvs"; }; # Should the testing kernels ever be built on Hydra? -- cgit 1.4.1 From d89ed04ea4670664d637fc80129ad03561b53fea Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Mon, 6 Apr 2020 10:37:41 +0300 Subject: guvcview: fix gsettings filechooser errors --- pkgs/os-specific/linux/guvcview/default.nix | 32 ++++++++++++++++------------- 1 file changed, 18 insertions(+), 14 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/guvcview/default.nix b/pkgs/os-specific/linux/guvcview/default.nix index e87768a9ff1..c74978ac044 100644 --- a/pkgs/os-specific/linux/guvcview/default.nix +++ b/pkgs/os-specific/linux/guvcview/default.nix @@ -1,5 +1,5 @@ { config, stdenv, fetchurl, intltool, pkgconfig -, gtk3, portaudio, SDL2, ffmpeg, udev, libusb1, libv4l, alsaLib, gsl +, gtk3, portaudio, SDL2, ffmpeg, udev, libusb1, libv4l, alsaLib, gsl, wrapGAppsHook , pulseaudioSupport ? config.pulseaudio or stdenv.isLinux, libpulseaudio ? null }: assert pulseaudioSupport -> libpulseaudio != null; @@ -13,19 +13,23 @@ stdenv.mkDerivation rec { sha256 = "11byyfpkcik7wvf2qic77zjamfr2rhji97dpj1gy2fg1bvpiqf4m"; }; - buildInputs = - [ SDL2 - alsaLib - ffmpeg - gtk3 - intltool - libusb1 - libv4l - pkgconfig - portaudio - udev - gsl - ] ++ stdenv.lib.optional pulseaudioSupport libpulseaudio; + nativeBuildInputs = [ + wrapGAppsHook + ]; + + buildInputs = [ + SDL2 + alsaLib + ffmpeg + gtk3 + intltool + libusb1 + libv4l + pkgconfig + portaudio + udev + gsl + ] ++ stdenv.lib.optional pulseaudioSupport libpulseaudio; meta = with stdenv.lib; { description = "A simple interface for devices supported by the linux UVC driver"; -- cgit 1.4.1 From 6bac53e691cc0c4ead541977669b420e419cb860 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Mon, 6 Apr 2020 19:51:34 +0300 Subject: guvcview: move some packages to nativeBuildInputs --- pkgs/os-specific/linux/guvcview/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/guvcview/default.nix b/pkgs/os-specific/linux/guvcview/default.nix index c74978ac044..0f120ba0171 100644 --- a/pkgs/os-specific/linux/guvcview/default.nix +++ b/pkgs/os-specific/linux/guvcview/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ + intltool + pkgconfig wrapGAppsHook ]; @@ -22,10 +24,8 @@ stdenv.mkDerivation rec { alsaLib ffmpeg gtk3 - intltool libusb1 libv4l - pkgconfig portaudio udev gsl -- cgit 1.4.1 From ac0f42dee8e37f9fd54b597c53635a490a7262d8 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Mon, 6 Apr 2020 23:45:54 +0300 Subject: guvcview: format arguments --- pkgs/os-specific/linux/guvcview/default.nix | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/guvcview/default.nix b/pkgs/os-specific/linux/guvcview/default.nix index 0f120ba0171..fa525170056 100644 --- a/pkgs/os-specific/linux/guvcview/default.nix +++ b/pkgs/os-specific/linux/guvcview/default.nix @@ -1,6 +1,21 @@ -{ config, stdenv, fetchurl, intltool, pkgconfig -, gtk3, portaudio, SDL2, ffmpeg, udev, libusb1, libv4l, alsaLib, gsl, wrapGAppsHook -, pulseaudioSupport ? config.pulseaudio or stdenv.isLinux, libpulseaudio ? null }: +{ config +, stdenv +, fetchurl +, intltool +, pkgconfig +, gtk3 +, portaudio +, SDL2 +, ffmpeg +, udev +, libusb1 +, libv4l +, alsaLib +, gsl +, wrapGAppsHook +, pulseaudioSupport ? config.pulseaudio or stdenv.isLinux +, libpulseaudio ? null +}: assert pulseaudioSupport -> libpulseaudio != null; -- cgit 1.4.1 From 6aaab573e276e05712ed9552835d4b7cb4232695 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Mon, 6 Apr 2020 23:46:21 +0300 Subject: guvcview: enable to build with both qt5 and gtk3 --- pkgs/os-specific/linux/guvcview/default.nix | 34 ++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/guvcview/default.nix b/pkgs/os-specific/linux/guvcview/default.nix index fa525170056..0efdbcede48 100644 --- a/pkgs/os-specific/linux/guvcview/default.nix +++ b/pkgs/os-specific/linux/guvcview/default.nix @@ -3,7 +3,6 @@ , fetchurl , intltool , pkgconfig -, gtk3 , portaudio , SDL2 , ffmpeg @@ -12,9 +11,17 @@ , libv4l , alsaLib , gsl -, wrapGAppsHook +, libpng +, sfml , pulseaudioSupport ? config.pulseaudio or stdenv.isLinux , libpulseaudio ? null +, useQt ? false +, qt5 ? null +, wrapQtAppsHook ? null +# can be turned off if used as a library +, useGtk ? true +, gtk3 ? null +, wrapGAppsHook ? null }: assert pulseaudioSupport -> libpulseaudio != null; @@ -31,20 +38,35 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ intltool pkgconfig - wrapGAppsHook - ]; + ] + ++ stdenv.lib.optionals (useGtk) [ wrapGAppsHook ] + ++ stdenv.lib.optionals (useQt) [ wrapQtAppsHook ] + ; buildInputs = [ SDL2 alsaLib ffmpeg - gtk3 libusb1 libv4l portaudio udev gsl - ] ++ stdenv.lib.optional pulseaudioSupport libpulseaudio; + libpng + sfml + ] + ++ stdenv.lib.optionals (pulseaudioSupport) [ libpulseaudio ] + ++ stdenv.lib.optionals (useGtk) [ gtk3 ] + ++ stdenv.lib.optionals (useQt) [ + qt5.qtbase + ] + ; + configureFlags = [ + "--enable-sfml" + ] + ++ stdenv.lib.optionals (useGtk) [ "--enable-gtk3" ] + ++ stdenv.lib.optionals (useQt) [ "--enable-qt5" ] + ; meta = with stdenv.lib; { description = "A simple interface for devices supported by the linux UVC driver"; -- cgit 1.4.1 From 74fcd4f2d61c0d93bb59ed1b1e12c60f7a530969 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 25 Apr 2020 12:12:54 +0200 Subject: ell: 0.30 -> 0.31 --- pkgs/os-specific/linux/ell/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/ell/default.nix b/pkgs/os-specific/linux/ell/default.nix index 69c1f8de2ea..cb971d452d6 100644 --- a/pkgs/os-specific/linux/ell/default.nix +++ b/pkgs/os-specific/linux/ell/default.nix @@ -7,14 +7,14 @@ stdenv.mkDerivation rec { pname = "ell"; - version = "0.30"; + version = "0.31"; outputs = [ "out" "dev" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/${pname}/${pname}.git"; rev = version; - sha256 = "0kiglgc02a6hqi1nhnl4d8lxax8b1fljp50pvqswrnbh7pgb5676"; + sha256 = "1qlpc906xd78fzxvvj2kxi3aikgnw0c0h3x620s131apax4qrnqa"; }; patches = [ -- cgit 1.4.1 From 61c95a2eec3691a3f494ffaf8b3c187f9e5e7634 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 25 Apr 2020 12:13:01 +0200 Subject: iwd: 1.6 -> 1.7 --- pkgs/os-specific/linux/iwd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix index 02bd83d9da6..be2a4ff3e56 100644 --- a/pkgs/os-specific/linux/iwd/default.nix +++ b/pkgs/os-specific/linux/iwd/default.nix @@ -13,12 +13,12 @@ stdenv.mkDerivation rec { pname = "iwd"; - version = "1.6"; + version = "1.7"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - sha256 = "0c38c7a234cwdd5y1brq4w56xszs8zlp57rr3nvgp8z8djcy1qvx"; + sha256 = "1qi25qav1rv8gm5lbrip8ayq5vwynmyv2q4ar7bbmnjh6cglvyh2"; }; nativeBuildInputs = [ -- cgit 1.4.1 From 21ec1f5eadc5f6ca8b0b6599eda3dcf59629f1f0 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sat, 25 Apr 2020 07:19:26 +0100 Subject: wireguard: 1.0.20200401 -> 1.0.20200413 --- pkgs/os-specific/linux/wireguard/default.nix | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 890c774081b..6edbb1aa4d7 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchzip, kernel, perl, wireguard-tools }: +{ stdenv, fetchzip, kernel, perl, wireguard-tools, bc }: # module requires Linux >= 3.10 https://www.wireguard.io/install/#kernel-requirements assert stdenv.lib.versionAtLeast kernel.version "3.10"; @@ -7,29 +7,31 @@ assert stdenv.lib.versionOlder kernel.version "5.6"; stdenv.mkDerivation rec { pname = "wireguard"; - version = "1.0.20200401"; + version = "1.0.20200413"; src = fetchzip { url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz"; - sha256 = "1q4gfpbvbyracnl219xqfz5yqfc08i6g41z6bn2skx5x8jbll3aq"; + sha256 = "11dpw1inszbc3qjcfnap74kgjxkyyrx90vxv6wmsgkbp8lsl4p66"; }; - preConfigure = '' - cd src - sed -i '/depmod/,+1d' Makefile - ''; - hardeningDisable = [ "pic" ]; KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; - INSTALL_MOD_PATH = "\${out}"; - - NIX_CFLAGS = ["-Wno-error=cpp"]; - nativeBuildInputs = [ perl ] ++ kernel.moduleBuildDependencies; + nativeBuildInputs = [ perl bc ] ++ kernel.moduleBuildDependencies; + preBuild = "cd src"; buildFlags = [ "module" ]; - installTargets = [ "module-install" ]; + + INSTALL_MOD_PATH = placeholder "out"; + installFlags = [ "DEPMOD=true" ]; + enableParallelBuilding = true; + + passthru = { + # remove this when our kernel comes with native wireguard support + # and our tests no longer tests this package + inherit (wireguard-tools) tests; + }; meta = with stdenv.lib; { inherit (wireguard-tools.meta) homepage license maintainers; -- cgit 1.4.1 From 3e9f3a3ebd8c2925f28efa91cafa56948ecab021 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 25 Apr 2020 14:35:20 +0200 Subject: hostapd: apply patch for CVE-2019-16275 AP mode PMF disconnection protection bypass Published: September 11, 2019 Identifiers: - CVE-2019-16275 Latest version available from: https://w1.fi/security/2019-7/ Vulnerability hostapd (and wpa_supplicant when controlling AP mode) did not perform sufficient source address validation for some received Management frames and this could result in ending up sending a frame that caused associated stations to incorrectly believe they were disconnected from the network even if management frame protection (also known as PMF) was negotiated for the association. This could be considered to be a denial of service vulnerability since PMF is supposed to protect from this type of issues. It should be noted that if PMF is not enabled, there would be no protocol level protection against this type of denial service attacks. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network. Vulnerable versions/configurations All hostapd and wpa_supplicants versions with PMF support (CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with PMF being enabled (optional or required). In addition, this would be applicable only when using user space based MLME/SME in AP mode, i.e., when hostapd (or wpa_supplicant when controlling AP mode) would process authentication and association management frames. This condition would be applicable mainly with drivers that use mac80211. Possible mitigation steps - Merge the following commit to wpa_supplicant/hostapd and rebuild: AP: Silently ignore management frame from unexpected source address This patch is available from https://w1.fi/security/2019-7/ - Update to wpa_supplicant/hostapd v2.10 or newer, once available --- pkgs/os-specific/linux/hostapd/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix index 869a394cefb..8152655d457 100644 --- a/pkgs/os-specific/linux/hostapd/default.nix +++ b/pkgs/os-specific/linux/hostapd/default.nix @@ -17,7 +17,13 @@ stdenv.mkDerivation rec { # Note: fetchurl seems to be unhappy with openwrt git # server's URLs containing semicolons. Using the github mirror instead. url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch"; - sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";}) + sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k"; + }) + (fetchurl { + name = "CVE-2019-16275.patch"; + url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch"; + sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz"; + }) ]; outputs = [ "out" "man" ]; -- cgit 1.4.1 From 59588b68cd185a21b917daabc057dcd42a6803d8 Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Sat, 25 Apr 2020 21:14:40 +0300 Subject: guvcview: use libsForQt5.callPackage --- pkgs/os-specific/linux/guvcview/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/guvcview/default.nix b/pkgs/os-specific/linux/guvcview/default.nix index 0efdbcede48..d780cade786 100644 --- a/pkgs/os-specific/linux/guvcview/default.nix +++ b/pkgs/os-specific/linux/guvcview/default.nix @@ -16,7 +16,7 @@ , pulseaudioSupport ? config.pulseaudio or stdenv.isLinux , libpulseaudio ? null , useQt ? false -, qt5 ? null +, qtbase ? null , wrapQtAppsHook ? null # can be turned off if used as a library , useGtk ? true @@ -58,7 +58,7 @@ stdenv.mkDerivation rec { ++ stdenv.lib.optionals (pulseaudioSupport) [ libpulseaudio ] ++ stdenv.lib.optionals (useGtk) [ gtk3 ] ++ stdenv.lib.optionals (useQt) [ - qt5.qtbase + qtbase ] ; configureFlags = [ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2a05c25bd86..5b773bf5929 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19848,7 +19848,7 @@ in gvisor-containerd-shim = callPackage ../applications/virtualization/gvisor/containerd-shim.nix { }; - guvcview = callPackage ../os-specific/linux/guvcview { }; + guvcview = libsForQt5.callPackage ../os-specific/linux/guvcview { }; gxmessage = callPackage ../applications/misc/gxmessage { }; -- cgit 1.4.1 From 6617a79ba320b6e47abfd05416a237ec557ae15c Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 26 Apr 2020 12:21:32 -0400 Subject: linux: 4.14.176 -> 4.14.177 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 5d7337c27f6..6c5d86a0e69 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.176"; + version = "4.14.177"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "18jwxhf29ax54xnylmz9zfkslnxw7y3h215dbfmmvddfp9b0kbmw"; + sha256 = "04hq0i06mg2yc09jj2xk0vhf5q9yigzjzm55a5bvfy2a6j43r9rk"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 6efb2ba2bf6ad5b80e934934bec53ad37fa0f06c Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 26 Apr 2020 12:22:05 -0400 Subject: linux: 4.4.219 -> 4.4.220 --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index e99375ed62c..d846a015477 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.219"; + version = "4.4.220"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1mpxqb2m24ay4n9px4n2cyklxy4lhnv9q6wlvilx13rs5qfbb62f"; + sha256 = "1knj3qsl7x3fysdz1h0s980ddbafs3658z2y67w6sn79wp7d8blg"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 4883dde6b7d6660ad83e9ef7e1fdee073023b43e Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 26 Apr 2020 12:22:41 -0400 Subject: linux: 4.9.219 -> 4.9.220 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 78c76d12ddc..b05a3685c27 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.219"; + version = "4.9.220"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0i5wlyp11ss9p035bhq73xjx8iyk5dk4ynvd7msw5qfkrs6265vb"; + sha256 = "0bhbkybzbdsbmrjmb5m7hxxl8b3v6n79zhh86cbr95kzg1hcgnfs"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From be48bf2ba8fb92cdb02d2d453470f7bf36b46e3b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 26 Apr 2020 12:23:01 -0400 Subject: linux/hardened-patches/4.14: 4.14.176.a -> 4.14.177.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index eecb27cdb66..e365199a4bb 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -1,8 +1,8 @@ { "4.14": { - "name": "linux-hardened-4.14.176.a.patch", - "sha256": "0pr3m2j63mc746fcbzg1hlwv85im9f87qkl6r4033gwnpa9brcgk", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch" + "name": "linux-hardened-4.14.177.a.patch", + "sha256": "0wiapq4nj16m5ywnz0k7k0fr5hpw2gjy68mjlk6x866rf8vhndrq", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.177.a/linux-hardened-4.14.177.a.patch" }, "4.19": { "name": "linux-hardened-4.19.117.a.patch", -- cgit 1.4.1 From 334627d92fda18682a870cdb152f8185a9fd673d Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 26 Apr 2020 12:23:03 -0400 Subject: linux/hardened-patches/5.6: 5.6.6.a -> 5.6.7.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index e365199a4bb..0f29e9b25d3 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.6.a.patch", - "sha256": "0jiqh0frxirjbccgfdk007fca6r6n36n0pkqq4jszkckn59ayl7r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.6.a/linux-hardened-5.6.6.a.patch" + "name": "linux-hardened-5.6.7.a.patch", + "sha256": "1dnk9df4v2iw05vpn0s8q6b0ci2rzl2wiq77vhr40mpbg6p18fap", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.7.a/linux-hardened-5.6.7.a.patch" } } -- cgit 1.4.1 From 4af476e2b3e75dbef3abc85291a2ebbb30f42dba Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 26 Apr 2020 12:23:05 -0400 Subject: linux/hardened-patches/5.4: 5.4.34.a -> 5.4.35.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 0f29e9b25d3..f072543cac6 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -10,9 +10,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.117.a/linux-hardened-4.19.117.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.34.a.patch", - "sha256": "1xwpqr9nzpjg837b3wnzb8fmrl2g9rz8gz5yb55vnnllbzbz36v6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.34.a/linux-hardened-5.4.34.a.patch" + "name": "linux-hardened-5.4.35.a.patch", + "sha256": "0vcqgrzns4d3z93mn8mv0sxkmj7ylbr8prff72c4ssvb0kd7agy9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.35.a/linux-hardened-5.4.35.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", -- cgit 1.4.1 From a9fa6028adaa37f92efb33c827b27f40617e4cd9 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 26 Apr 2020 12:23:07 -0400 Subject: linux/hardened-patches/4.19: 4.19.117.a -> 4.19.118.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index f072543cac6..a87628dd769 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -5,9 +5,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.177.a/linux-hardened-4.14.177.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.117.a.patch", - "sha256": "0c8dvh49nzypxwvsls10i896smvpdrk40x8ybljb3qk3r8j7niaw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.117.a/linux-hardened-4.19.117.a.patch" + "name": "linux-hardened-4.19.118.a.patch", + "sha256": "120lnn9j9zsx1kcq4frcjmj2vj39x0g1yxrrx9nax2yjrzp4wfdw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.118.a/linux-hardened-4.19.118.a.patch" }, "5.4": { "name": "linux-hardened-5.4.35.a.patch", -- cgit 1.4.1 From e9c44e8956968685360fc5922f47a8b209220a72 Mon Sep 17 00:00:00 2001 From: David Terry Date: Mon, 27 Apr 2020 08:15:39 +0200 Subject: wireguard-compat: 1.0.20200413 -> 1.0.20200426 https://lists.zx2c4.com/pipermail/wireguard/2020-April/005237.html --- pkgs/os-specific/linux/wireguard/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 6edbb1aa4d7..8c3f489753d 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -7,11 +7,11 @@ assert stdenv.lib.versionOlder kernel.version "5.6"; stdenv.mkDerivation rec { pname = "wireguard"; - version = "1.0.20200413"; + version = "1.0.20200426"; src = fetchzip { url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz"; - sha256 = "11dpw1inszbc3qjcfnap74kgjxkyyrx90vxv6wmsgkbp8lsl4p66"; + sha256 = "0j343xk9qgmzn0j6kgvydfqjqslf2rv6r4ikfc59982xxny6f6l5"; }; hardeningDisable = [ "pic" ]; -- cgit 1.4.1 From e89e2edc7349c0df15fa03b8229c370340547538 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Tue, 28 Apr 2020 05:29:39 +0200 Subject: libusb-compat-0_1: rename from libusb --- .../blockchains/monero-gui/default.nix | 4 +- pkgs/applications/blockchains/monero/default.nix | 4 +- .../graphics/sane/backends/brscan4/default.nix | 6 +-- pkgs/applications/graphics/sane/frontends.nix | 4 +- pkgs/applications/graphics/sane/xsane.nix | 4 +- pkgs/applications/misc/digitalbitbox/default.nix | 4 +- pkgs/applications/misc/garmin-plugin/default.nix | 4 +- pkgs/applications/misc/golden-cheetah/default.nix | 10 ++--- pkgs/applications/misc/lutris/chrootenv.nix | 2 +- pkgs/applications/misc/nut/default.nix | 6 +-- pkgs/applications/misc/qlandkartegt/garmindev.nix | 4 +- pkgs/applications/misc/qlcplus/default.nix | 4 +- pkgs/applications/misc/subsurface/default.nix | 4 +- pkgs/applications/radio/sdrangel/default.nix | 4 +- pkgs/applications/radio/soapysdr/default.nix | 4 +- pkgs/applications/radio/welle-io/default.nix | 4 +- pkgs/applications/science/math/cemu/default.nix | 4 +- .../science/robotics/gazebo/default.nix | 4 +- pkgs/applications/video/kodi/default.nix | 6 +-- pkgs/development/arduino/arduino-core/default.nix | 8 ++-- pkgs/development/libraries/garmintools/default.nix | 4 +- pkgs/development/libraries/hamlib/default.nix | 4 +- pkgs/development/libraries/libftdi/default.nix | 6 +-- pkgs/development/libraries/libnfc/default.nix | 4 +- pkgs/development/libraries/libusb-compat/0.1.nix | 47 ++++++++++++++++++++++ pkgs/development/libraries/libusb/default.nix | 47 ---------------------- pkgs/development/libraries/lirc/default.nix | 4 +- pkgs/development/libraries/openct/default.nix | 4 +- pkgs/development/libraries/scmccid/default.nix | 4 +- pkgs/development/libraries/unicap/default.nix | 4 +- pkgs/development/misc/msp430/mspdebug.nix | 4 +- pkgs/development/mobile/webos/novacomd.nix | 4 +- pkgs/development/mobile/xpwn/default.nix | 4 +- .../development/tools/analysis/radare2/default.nix | 4 +- pkgs/development/tools/misc/avrdude/default.nix | 4 +- pkgs/development/tools/misc/blackmagic/default.nix | 4 +- .../tools/misc/dfu-programmer/default.nix | 4 +- .../tools/misc/micronucleus/default.nix | 4 +- .../tools/misc/teensy-loader-cli/default.nix | 4 +- .../tools/misc/wishbone-tool/default.nix | 4 +- pkgs/development/tools/misc/xc3sprog/default.nix | 4 +- pkgs/misc/cups/drivers/samsung/1.00.36/default.nix | 6 +-- pkgs/misc/cups/drivers/samsung/1.00.37.nix | 6 +-- pkgs/misc/cups/drivers/samsung/4.01.17.nix | 4 +- pkgs/misc/drivers/epkowa/default.nix | 4 +- pkgs/misc/drivers/gutenprint/default.nix | 4 +- pkgs/os-specific/linux/g15daemon/default.nix | 4 +- pkgs/servers/monitoring/lcdproc/default.nix | 4 +- pkgs/tools/bluetooth/obex-data-server/default.nix | 4 +- pkgs/tools/bluetooth/openobex/default.nix | 4 +- pkgs/tools/misc/gnokii/default.nix | 4 +- pkgs/tools/misc/grub/2.0x.nix | 4 +- pkgs/tools/misc/grub/trusted.nix | 4 +- pkgs/tools/misc/pk2cmd/default.nix | 6 +-- pkgs/tools/misc/sixpair/default.nix | 4 +- pkgs/tools/misc/urjtag/default.nix | 4 +- pkgs/tools/misc/xburst-tools/default.nix | 4 +- pkgs/tools/security/gnupg/20.nix | 4 +- pkgs/tools/security/libacr38u/default.nix | 4 +- pkgs/tools/security/pcsc-scm-scl011/default.nix | 4 +- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 2 +- 62 files changed, 176 insertions(+), 175 deletions(-) create mode 100644 pkgs/development/libraries/libusb-compat/0.1.nix delete mode 100644 pkgs/development/libraries/libusb/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/applications/blockchains/monero-gui/default.nix b/pkgs/applications/blockchains/monero-gui/default.nix index 48a6d81b6ba..cfd3998ee36 100644 --- a/pkgs/applications/blockchains/monero-gui/default.nix +++ b/pkgs/applications/blockchains/monero-gui/default.nix @@ -5,7 +5,7 @@ , qtquickcontrols, qtquickcontrols2 , monero, unbound, readline, boost, libunwind , libsodium, pcsclite, zeromq, cppzmq -, hidapi, libusb, protobuf, randomx +, hidapi, libusb-compat-0_1, protobuf, randomx }: with stdenv.lib; @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { qtxmlpatterns monero unbound readline boost libunwind libsodium pcsclite zeromq - cppzmq hidapi libusb protobuf randomx + cppzmq hidapi libusb-compat-0_1 protobuf randomx ]; NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ]; diff --git a/pkgs/applications/blockchains/monero/default.nix b/pkgs/applications/blockchains/monero/default.nix index 2a04beb9379..d1abd395657 100644 --- a/pkgs/applications/blockchains/monero/default.nix +++ b/pkgs/applications/blockchains/monero/default.nix @@ -2,7 +2,7 @@ , cmake, pkgconfig , boost, miniupnpc, openssl, unbound, cppzmq , zeromq, pcsclite, readline, libsodium, hidapi -, pythonProtobuf, randomx, rapidjson, libusb +, pythonProtobuf, randomx, rapidjson, libusb-compat-0_1 , CoreData, IOKit, PCSC }: @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { boost miniupnpc openssl unbound cppzmq zeromq pcsclite readline libsodium hidapi randomx rapidjson - pythonProtobuf libusb + pythonProtobuf libusb-compat-0_1 ] ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit CoreData PCSC ]; cmakeFlags = [ diff --git a/pkgs/applications/graphics/sane/backends/brscan4/default.nix b/pkgs/applications/graphics/sane/backends/brscan4/default.nix index 22e8a2ca536..2ada41ac98a 100644 --- a/pkgs/applications/graphics/sane/backends/brscan4/default.nix +++ b/pkgs/applications/graphics/sane/backends/brscan4/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, callPackage, patchelf, makeWrapper, coreutils, libusb }: +{ stdenv, fetchurl, callPackage, patchelf, makeWrapper, coreutils, libusb-compat-0_1 }: let myPatchElf = file: with stdenv.lib; '' @@ -30,13 +30,13 @@ in stdenv.mkDerivation rec { ''; nativeBuildInputs = [ makeWrapper patchelf coreutils udevRules ]; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; dontBuild = true; patchPhase = '' ${myPatchElf "opt/brother/scanner/brscan4/brsaneconfig4"} - RPATH=${libusb.out}/lib + RPATH=${libusb-compat-0_1.out}/lib for a in usr/lib64/sane/*.so*; do if ! test -L $a; then patchelf --set-rpath $RPATH $a diff --git a/pkgs/applications/graphics/sane/frontends.nix b/pkgs/applications/graphics/sane/frontends.nix index 188431bda6c..885dff311b8 100644 --- a/pkgs/applications/graphics/sane/frontends.nix +++ b/pkgs/applications/graphics/sane/frontends.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, sane-backends, libX11, gtk2, pkgconfig, libusb ? null }: +{ stdenv, fetchurl, sane-backends, libX11, gtk2, pkgconfig, libusb-compat-0_1 ? null }: stdenv.mkDerivation rec { pname = "sane-frontends"; @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { ''; buildInputs = [ sane-backends libX11 gtk2 ] - ++ stdenv.lib.optional (libusb != null) libusb; + ++ stdenv.lib.optional (libusb-compat-0_1 != null) libusb-compat-0_1; nativeBuildInputs = [ pkgconfig ]; enableParallelBuilding = true; diff --git a/pkgs/applications/graphics/sane/xsane.nix b/pkgs/applications/graphics/sane/xsane.nix index 22a8f4dc3bd..04d19dee8a8 100644 --- a/pkgs/applications/graphics/sane/xsane.nix +++ b/pkgs/applications/graphics/sane/xsane.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, sane-backends, sane-frontends, libX11, gtk2, pkgconfig, libpng -, libusb ? null +, libusb-compat-0_1 ? null , gimpSupport ? false, gimp ? null }: @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [libpng sane-backends sane-frontends libX11 gtk2 ] - ++ (if libusb != null then [libusb] else []) + ++ (if libusb-compat-0_1 != null then [libusb-compat-0_1] else []) ++ stdenv.lib.optional gimpSupport gimp; meta = { diff --git a/pkgs/applications/misc/digitalbitbox/default.nix b/pkgs/applications/misc/digitalbitbox/default.nix index a6ae4530655..95159d1927a 100644 --- a/pkgs/applications/misc/digitalbitbox/default.nix +++ b/pkgs/applications/misc/digitalbitbox/default.nix @@ -7,7 +7,7 @@ , libtool , qrencode , udev -, libusb +, libusb-compat-0_1 , makeWrapper , pkgconfig , qtbase @@ -70,7 +70,7 @@ in stdenv.mkDerivation rec { libevent libtool udev - libusb + libusb-compat-0_1 qrencode qtbase diff --git a/pkgs/applications/misc/garmin-plugin/default.nix b/pkgs/applications/misc/garmin-plugin/default.nix index ba6868b62f6..95cbdd9c19b 100644 --- a/pkgs/applications/misc/garmin-plugin/default.nix +++ b/pkgs/applications/misc/garmin-plugin/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, garmintools, libgcrypt, libusb, pkgconfig, tinyxml, zlib }: +{ stdenv, fetchurl, garmintools, libgcrypt, libusb-compat-0_1, pkgconfig, tinyxml, zlib }: stdenv.mkDerivation { name = "garmin-plugin-0.3.26"; src = fetchurl { @@ -7,7 +7,7 @@ stdenv.mkDerivation { }; sourceRoot = "GarminPlugin-0.3.26/src"; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ garmintools libusb libgcrypt tinyxml zlib ]; + buildInputs = [ garmintools libusb-compat-0_1 libgcrypt tinyxml zlib ]; configureFlags = [ "--with-libgcrypt-prefix=${libgcrypt.dev}" "--with-garmintools-incdir=${garmintools}/include" diff --git a/pkgs/applications/misc/golden-cheetah/default.nix b/pkgs/applications/misc/golden-cheetah/default.nix index 3dffc5c77c2..761d05e5f9f 100644 --- a/pkgs/applications/misc/golden-cheetah/default.nix +++ b/pkgs/applications/misc/golden-cheetah/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub, mkDerivation , qtbase, qtsvg, qtserialport, qtwebengine, qtmultimedia, qttools -, qtconnectivity, qtcharts, libusb +, qtconnectivity, qtcharts, libusb-compat-0_1 , yacc, flex, zlib, qmake, makeDesktopItem, makeWrapper }: @@ -27,7 +27,7 @@ in mkDerivation rec { buildInputs = [ qtbase qtsvg qtserialport qtwebengine qtmultimedia qttools zlib - qtconnectivity qtcharts libusb + qtconnectivity qtcharts libusb-compat-0_1 ]; nativeBuildInputs = [ flex makeWrapper qmake yacc ]; @@ -39,9 +39,9 @@ in mkDerivation rec { cp src/gcconfig.pri.in src/gcconfig.pri cp qwt/qwtconfig.pri.in qwt/qwtconfig.pri echo 'QMAKE_LRELEASE = ${qttools.dev}/bin/lrelease' >> src/gcconfig.pri - echo 'LIBUSB_INSTALL = ${libusb}' >> src/gcconfig.pri - echo 'LIBUSB_INCLUDE = ${libusb.dev}/include' >> src/gcconfig.pri - echo 'LIBUSB_LIBS = -L${libusb}/lib -lusb' >> src/gcconfig.pri + echo 'LIBUSB_INSTALL = ${libusb-compat-0_1}' >> src/gcconfig.pri + echo 'LIBUSB_INCLUDE = ${libusb-compat-0_1.dev}/include' >> src/gcconfig.pri + echo 'LIBUSB_LIBS = -L${libusb-compat-0_1}/lib -lusb' >> src/gcconfig.pri sed -i -e '21,23d' qwt/qwtconfig.pri # Removed forced installation to /usr/local # Use qtwebengine instead of qtwebkit diff --git a/pkgs/applications/misc/lutris/chrootenv.nix b/pkgs/applications/misc/lutris/chrootenv.nix index 84246f4ba12..4505432b236 100644 --- a/pkgs/applications/misc/lutris/chrootenv.nix +++ b/pkgs/applications/misc/lutris/chrootenv.nix @@ -92,7 +92,7 @@ in buildFHSUserEnv { multiPkgs = pkgs: with pkgs; [ # Common libsndfile libtheora libogg libvorbis libopus libGLU libpcap libpulseaudio - libao libevdev udev libgcrypt libxml2 libusb libpng libmpeg2 libv4l + libao libevdev udev libgcrypt libxml2 libusb-compat-0_1 libpng libmpeg2 libv4l libjpeg libxkbcommon libass libcdio libjack2 libsamplerate libzip libmad libaio libcap libtiff libva libgphoto2 libxslt libsndfile giflib zlib glib alsaLib zziplib bash dbus keyutils zip cabextract freetype unzip coreutils diff --git a/pkgs/applications/misc/nut/default.nix b/pkgs/applications/misc/nut/default.nix index ce80ae14f23..8f188818d4f 100644 --- a/pkgs/applications/misc/nut/default.nix +++ b/pkgs/applications/misc/nut/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, neon, libusb, openssl, udev, avahi, freeipmi +{ stdenv, fetchurl, pkgconfig, neon, libusb-compat-0_1, openssl, udev, avahi, freeipmi , libtool, makeWrapper, autoreconfHook, fetchpatch }: @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { }) ]; - buildInputs = [ neon libusb openssl udev avahi freeipmi ]; + buildInputs = [ neon libusb-compat-0_1 openssl udev avahi freeipmi ]; nativeBuildInputs = [ autoreconfHook libtool pkgconfig makeWrapper ]; @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { postInstall = '' wrapProgram $out/bin/nut-scanner --prefix LD_LIBRARY_PATH : \ - "$out/lib:${neon}/lib:${libusb.out}/lib:${avahi}/lib:${freeipmi}/lib" + "$out/lib:${neon}/lib:${libusb-compat-0_1.out}/lib:${avahi}/lib:${freeipmi}/lib" ''; meta = with stdenv.lib; { diff --git a/pkgs/applications/misc/qlandkartegt/garmindev.nix b/pkgs/applications/misc/qlandkartegt/garmindev.nix index 21378084214..8705abd9259 100644 --- a/pkgs/applications/misc/qlandkartegt/garmindev.nix +++ b/pkgs/applications/misc/qlandkartegt/garmindev.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, cmake, libusb }: +{ stdenv, fetchurl, cmake, libusb-compat-0_1 }: stdenv.mkDerivation rec { pname = "garmindev"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake ]; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; enableParallelBuilding = true; diff --git a/pkgs/applications/misc/qlcplus/default.nix b/pkgs/applications/misc/qlcplus/default.nix index c0b844d121a..77a24413bdd 100644 --- a/pkgs/applications/misc/qlcplus/default.nix +++ b/pkgs/applications/misc/qlcplus/default.nix @@ -1,5 +1,5 @@ { stdenv, mkDerivation, fetchFromGitHub, qmake, pkgconfig, udev -, qtmultimedia, qtscript, alsaLib, ola, libftdi1, libusb +, qtmultimedia, qtscript, alsaLib, ola, libftdi1, libusb-compat-0_1 , libsndfile, libmad }: @@ -16,7 +16,7 @@ mkDerivation rec { nativeBuildInputs = [ qmake pkgconfig ]; buildInputs = [ - udev qtmultimedia qtscript alsaLib ola libftdi1 libusb libsndfile libmad + udev qtmultimedia qtscript alsaLib ola libftdi1 libusb-compat-0_1 libsndfile libmad ]; qmakeFlags = [ "INSTALLROOT=$(out)" ]; diff --git a/pkgs/applications/misc/subsurface/default.nix b/pkgs/applications/misc/subsurface/default.nix index d262fb74c4b..e189351022b 100644 --- a/pkgs/applications/misc/subsurface/default.nix +++ b/pkgs/applications/misc/subsurface/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, fetchFromGitHub, autoreconfHook, cmake, wrapQtAppsHook, pkgconfig, qmake -, curl, grantlee, libgit2, libusb, libssh2, libxml2, libxslt, libzip, zlib +, curl, grantlee, libgit2, libusb-compat-0_1, libssh2, libxml2, libxslt, libzip, zlib , qtbase, qtconnectivity, qtlocation, qtsvg, qttools, qtwebkit, libXcomposite }: @@ -83,7 +83,7 @@ in stdenv.mkDerivation { buildInputs = [ libdc googlemaps - curl grantlee libgit2 libssh2 libusb libxml2 libxslt libzip + curl grantlee libgit2 libssh2 libusb-compat-0_1 libxml2 libxslt libzip qtbase qtconnectivity qtsvg qttools qtwebkit ]; diff --git a/pkgs/applications/radio/sdrangel/default.nix b/pkgs/applications/radio/sdrangel/default.nix index 7cb64f92f3f..6d0a19334de 100644 --- a/pkgs/applications/radio/sdrangel/default.nix +++ b/pkgs/applications/radio/sdrangel/default.nix @@ -13,7 +13,7 @@ libav, libiio, libopus, libpulseaudio, -libusb, +libusb-compat-0_1, limesuite, mkDerivation, ocl-icd, @@ -51,7 +51,7 @@ in mkDerivation rec { nativeBuildInputs = [ cmake pkgconfig ]; buildInputs = [ - glew opencv3 libusb boost libopus limesuite libav libiio libpulseaudio + glew opencv3 libusb-compat-0_1 boost libopus limesuite libav libiio libpulseaudio qtbase qtwebsockets qtmultimedia rtl-sdr airspy hackrf fftwFloat codec2' cm256cc serialdv ]; diff --git a/pkgs/applications/radio/soapysdr/default.nix b/pkgs/applications/radio/soapysdr/default.nix index 36df6ad19d3..676f7d3c839 100644 --- a/pkgs/applications/radio/soapysdr/default.nix +++ b/pkgs/applications/radio/soapysdr/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, lndir, makeWrapper , fetchFromGitHub, cmake -, libusb, pkgconfig +, libusb-compat-0_1, pkgconfig , usePython ? false , python, ncurses, swig2 , extraPackages ? [] @@ -25,7 +25,7 @@ in stdenv.mkDerivation { }; nativeBuildInputs = [ cmake makeWrapper pkgconfig ]; - buildInputs = [ libusb ncurses ] + buildInputs = [ libusb-compat-0_1 ncurses ] ++ lib.optionals usePython [ python swig2 ]; propagatedBuildInputs = lib.optional usePython python.pkgs.numpy; diff --git a/pkgs/applications/radio/welle-io/default.nix b/pkgs/applications/radio/welle-io/default.nix index 971399c4a22..05187440899 100644 --- a/pkgs/applications/radio/welle-io/default.nix +++ b/pkgs/applications/radio/welle-io/default.nix @@ -1,6 +1,6 @@ { mkDerivation, lib, fetchFromGitHub, cmake, pkgconfig , qtbase, qtcharts, qtmultimedia, qtquickcontrols, qtquickcontrols2 -, faad2, rtl-sdr, soapysdr-with-plugins, libusb, fftwSinglePrec, lame, mpg123 }: +, faad2, rtl-sdr, soapysdr-with-plugins, libusb-compat-0_1, fftwSinglePrec, lame, mpg123 }: let version = "2.1"; @@ -23,7 +23,7 @@ in mkDerivation { faad2 fftwSinglePrec lame - libusb + libusb-compat-0_1 mpg123 qtbase qtcharts diff --git a/pkgs/applications/science/math/cemu/default.nix b/pkgs/applications/science/math/cemu/default.nix index f91e5be5170..b41135229dd 100644 --- a/pkgs/applications/science/math/cemu/default.nix +++ b/pkgs/applications/science/math/cemu/default.nix @@ -4,7 +4,7 @@ , SDL2 , libGL , libarchive -, libusb +, libusb-compat-0_1 , qtbase , qmake , git @@ -33,7 +33,7 @@ mkDerivation rec { SDL2 libGL libarchive - libusb + libusb-compat-0_1 qtbase libpng_apng ]; diff --git a/pkgs/applications/science/robotics/gazebo/default.nix b/pkgs/applications/science/robotics/gazebo/default.nix index aea298b6548..86572e73c75 100644 --- a/pkgs/applications/science/robotics/gazebo/default.nix +++ b/pkgs/applications/science/robotics/gazebo/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, cmake, pkgconfig, boost, protobuf, freeimage , boost-build, boost_process , xorg_sys_opengl, tbb, ogre, tinyxml-2 - , libtar, glxinfo, libusb, libxslt, ignition + , libtar, glxinfo, libusb-compat-0_1, libxslt, ignition , pythonPackages, utillinux # these deps are hidden; cmake doesn't catch them @@ -52,7 +52,7 @@ stdenv.mkDerivation rec { tinyxml-2 libtar glxinfo - libusb + libusb-compat-0_1 libxslt ignition.math2 sdformat diff --git a/pkgs/applications/video/kodi/default.nix b/pkgs/applications/video/kodi/default.nix index c83705ac416..e4da20c8487 100644 --- a/pkgs/applications/video/kodi/default.nix +++ b/pkgs/applications/video/kodi/default.nix @@ -25,7 +25,7 @@ , rtmpSupport ? true, rtmpdump ? null , sambaSupport ? true, samba ? null , udevSupport ? true, udev ? null -, usbSupport ? false, libusb ? null +, usbSupport ? false, libusb-compat-0_1 ? null , vdpauSupport ? true, libvdpau ? null , useWayland ? false, wayland ? null, wayland-protocols ? null , waylandpp ? null, libxkbcommon ? null @@ -39,7 +39,7 @@ assert pulseSupport -> libpulseaudio != null; assert rtmpSupport -> rtmpdump != null; assert sambaSupport -> samba != null; assert udevSupport -> udev != null; -assert usbSupport -> libusb != null && ! udevSupport; # libusb won't be used if udev is avaliable +assert usbSupport -> libusb-compat-0_1 != null && ! udevSupport; # libusb-compat-0_1 won't be used if udev is avaliable assert vdpauSupport -> libvdpau != null; assert useWayland -> wayland != null && wayland-protocols != null && waylandpp != null && libxkbcommon != null; @@ -189,7 +189,7 @@ in stdenv.mkDerivation { ++ lib.optional rtmpSupport rtmpdump ++ lib.optional sambaSupport samba ++ lib.optional udevSupport udev - ++ lib.optional usbSupport libusb + ++ lib.optional usbSupport libusb-compat-0_1 ++ lib.optional vdpauSupport libvdpau ++ lib.optionals useWayland [ wayland diff --git a/pkgs/development/arduino/arduino-core/default.nix b/pkgs/development/arduino/arduino-core/default.nix index aa472512d14..3512dcbd2bc 100644 --- a/pkgs/development/arduino/arduino-core/default.nix +++ b/pkgs/development/arduino/arduino-core/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, fetchFromGitHub, fetchurl, jdk, ant -, libusb, libusb1, unzip, zlib, ncurses, readline +, libusb-compat-0_1, libusb1, unzip, zlib, ncurses, readline , withGui ? false, gtk2 ? null, withTeensyduino ? false /* Packages needed for Teensyduino */ , upx, fontconfig, xorg, gcc @@ -42,7 +42,7 @@ let glib gtk2 libpng12 - libusb + libusb-compat-0_1 pango udev xorg.libSM @@ -96,7 +96,7 @@ stdenv.mkDerivation rec { }; - buildInputs = [ jdk ant libusb libusb1 unzip zlib ncurses5 readline + buildInputs = [ jdk ant libusb-compat-0_1 libusb1 unzip zlib ncurses5 readline ] ++ stdenv.lib.optionals withTeensyduino [ upx ]; downloadSrcList = builtins.attrValues externalDownloads; downloadDstList = builtins.attrNames externalDownloads; @@ -129,7 +129,7 @@ stdenv.mkDerivation rec { javaPath = lib.makeBinPath [jdk]; # Everything else will be patched into rpath - rpath = (lib.makeLibraryPath [zlib libusb libusb1 readline ncurses5 stdenv.cc.cc]); + rpath = (lib.makeLibraryPath [zlib libusb-compat-0_1 libusb1 readline ncurses5 stdenv.cc.cc]); installPhase = '' mkdir -p $out/share/arduino diff --git a/pkgs/development/libraries/garmintools/default.nix b/pkgs/development/libraries/garmintools/default.nix index a086648c912..aa6ebfd3395 100644 --- a/pkgs/development/libraries/garmintools/default.nix +++ b/pkgs/development/libraries/garmintools/default.nix @@ -1,11 +1,11 @@ -{ stdenv, fetchurl, libusb }: +{ stdenv, fetchurl, libusb-compat-0_1 }: stdenv.mkDerivation { name = "garmintools-0.10"; src = fetchurl { url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/garmintools/garmintools-0.10.tar.gz"; sha256 = "1vjc8h0z4kx2h52yc3chxn3wh1krn234fg12sggbia9zjrzhpmgz"; }; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; meta = { description = "Provides the ability to communicate with the Garmin Forerunner 305 via the USB interface"; homepage = "https://code.google.com/archive/p/garmintools/"; # community clone at https://github.com/ianmartin/garmintools diff --git a/pkgs/development/libraries/hamlib/default.nix b/pkgs/development/libraries/hamlib/default.nix index 8a359314dee..8ef8b55be52 100644 --- a/pkgs/development/libraries/hamlib/default.nix +++ b/pkgs/development/libraries/hamlib/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, perl, python2, swig, gd, libxml2, tcl, libusb, pkgconfig, +{stdenv, fetchurl, perl, python2, swig, gd, libxml2, tcl, libusb-compat-0_1, pkgconfig, boost, libtool, perlPackages }: stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { }; buildInputs = [ perl perlPackages.ExtUtilsMakeMaker python2 swig gd libxml2 - tcl libusb pkgconfig boost libtool ]; + tcl libusb-compat-0_1 pkgconfig boost libtool ]; configureFlags = [ "--with-perl-binding" "--with-python-binding" "--with-tcl-binding" "--with-rigmatrix" ]; diff --git a/pkgs/development/libraries/libftdi/default.nix b/pkgs/development/libraries/libftdi/default.nix index d483cc16f08..88c848397de 100644 --- a/pkgs/development/libraries/libftdi/default.nix +++ b/pkgs/development/libraries/libftdi/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, libusb}: +{stdenv, fetchurl, libusb-compat-0_1}: with stdenv; mkDerivation rec { name = "libftdi-0.20"; @@ -8,9 +8,9 @@ with stdenv; mkDerivation rec { sha256 = "13l39f6k6gff30hsgh0wa2z422g9pyl91rh8a8zz6f34k2sxaxii"; }; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; - propagatedBuildInputs = [ libusb ]; + propagatedBuildInputs = [ libusb-compat-0_1 ]; # Hack to avoid TMPDIR in RPATHs. preFixup = ''rm -rf "$(pwd)" ''; diff --git a/pkgs/development/libraries/libnfc/default.nix b/pkgs/development/libraries/libnfc/default.nix index c3661a233af..ed7412d6611 100644 --- a/pkgs/development/libraries/libnfc/default.nix +++ b/pkgs/development/libraries/libnfc/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libusb, readline }: +{ stdenv, fetchurl, libusb-compat-0_1, readline }: stdenv.mkDerivation { pname = "libnfc"; @@ -9,7 +9,7 @@ stdenv.mkDerivation { sha256 = "0wj0iwwcpmpalyk61aa7yc6i4p9hgdajkrgnlswgk0vnwbc78pll"; }; - buildInputs = [ libusb readline ]; + buildInputs = [ libusb-compat-0_1 readline ]; meta = with stdenv.lib; { description = "Open source library libnfc for Near Field Communication"; diff --git a/pkgs/development/libraries/libusb-compat/0.1.nix b/pkgs/development/libraries/libusb-compat/0.1.nix new file mode 100644 index 00000000000..2830ef28458 --- /dev/null +++ b/pkgs/development/libraries/libusb-compat/0.1.nix @@ -0,0 +1,47 @@ +{ stdenv +, lib +, fetchFromGitHub +, autoreconfHook +, patchelf +, pkgconfig +, libusb1 +}: + +stdenv.mkDerivation rec { + pname = "libusb-compat"; + version = "0.1.7"; + + outputs = [ "out" "dev" ]; # get rid of propagating systemd closure + outputBin = "dev"; + + nativeBuildInputs = [ autoreconfHook patchelf pkgconfig ]; + + buildInputs = [ libusb1 ]; + + src = fetchFromGitHub { + owner = "libusb"; + repo = "libusb-compat-0.1"; + rev = "v${version}"; + sha256 = "1nybccgjs14b3phhaycq2jx1gym4nf6sghvnv9qdfmlqxacx0jz5"; + }; + + patches = stdenv.lib.optional stdenv.hostPlatform.isMusl ./fix-headers.patch; + + # without this, libusb-compat is unable to find libusb1 + postFixup = '' + find $out/lib -name \*.so\* -type f -exec \ + patchelf --set-rpath ${lib.makeLibraryPath buildInputs} {} \; + ''; + + meta = with stdenv.lib; { + homepage = "https://libusb.info/"; + repositories.git = "https://github.com/libusb/libusb-compat-0.1"; + description = "cross-platform user-mode USB device library"; + longDescription = '' + libusb is a cross-platform user-mode library that provides access to USB devices. + The current API is of 1.0 version (libusb-1.0 API), this library is a wrapper exposing the legacy API. + ''; + license = licenses.lgpl2Plus; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/libraries/libusb/default.nix b/pkgs/development/libraries/libusb/default.nix deleted file mode 100644 index 2830ef28458..00000000000 --- a/pkgs/development/libraries/libusb/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ stdenv -, lib -, fetchFromGitHub -, autoreconfHook -, patchelf -, pkgconfig -, libusb1 -}: - -stdenv.mkDerivation rec { - pname = "libusb-compat"; - version = "0.1.7"; - - outputs = [ "out" "dev" ]; # get rid of propagating systemd closure - outputBin = "dev"; - - nativeBuildInputs = [ autoreconfHook patchelf pkgconfig ]; - - buildInputs = [ libusb1 ]; - - src = fetchFromGitHub { - owner = "libusb"; - repo = "libusb-compat-0.1"; - rev = "v${version}"; - sha256 = "1nybccgjs14b3phhaycq2jx1gym4nf6sghvnv9qdfmlqxacx0jz5"; - }; - - patches = stdenv.lib.optional stdenv.hostPlatform.isMusl ./fix-headers.patch; - - # without this, libusb-compat is unable to find libusb1 - postFixup = '' - find $out/lib -name \*.so\* -type f -exec \ - patchelf --set-rpath ${lib.makeLibraryPath buildInputs} {} \; - ''; - - meta = with stdenv.lib; { - homepage = "https://libusb.info/"; - repositories.git = "https://github.com/libusb/libusb-compat-0.1"; - description = "cross-platform user-mode USB device library"; - longDescription = '' - libusb is a cross-platform user-mode library that provides access to USB devices. - The current API is of 1.0 version (libusb-1.0 API), this library is a wrapper exposing the legacy API. - ''; - license = licenses.lgpl2Plus; - platforms = platforms.unix; - }; -} diff --git a/pkgs/development/libraries/lirc/default.nix b/pkgs/development/libraries/lirc/default.nix index 1aaba1599c0..97079be0962 100644 --- a/pkgs/development/libraries/lirc/default.nix +++ b/pkgs/development/libraries/lirc/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, help2man, python3, - alsaLib, xlibsWrapper, libxslt, systemd, libusb, libftdi1 }: + alsaLib, xlibsWrapper, libxslt, systemd, libusb-compat-0_1, libftdi1 }: stdenv.mkDerivation rec { name = "lirc-0.10.1"; @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook pkgconfig help2man (python3.withPackages (p: with p; [ pyyaml setuptools ])) ]; - buildInputs = [ alsaLib xlibsWrapper libxslt systemd libusb libftdi1 ]; + buildInputs = [ alsaLib xlibsWrapper libxslt systemd libusb-compat-0_1 libftdi1 ]; configureFlags = [ "--sysconfdir=/etc" diff --git a/pkgs/development/libraries/openct/default.nix b/pkgs/development/libraries/openct/default.nix index f8977c1b59c..27a832daf47 100644 --- a/pkgs/development/libraries/openct/default.nix +++ b/pkgs/development/libraries/openct/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, pcsclite, libusb +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, pcsclite, libusb-compat-0_1 , doxygen, libxslt }: @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ autoreconfHook pkgconfig ]; - buildInputs = [ pcsclite libusb doxygen libxslt ]; + buildInputs = [ pcsclite libusb-compat-0_1 doxygen libxslt ]; preInstall = '' mkdir -p $out/etc diff --git a/pkgs/development/libraries/scmccid/default.nix b/pkgs/development/libraries/scmccid/default.nix index 5b07482507c..0d980d9d1a2 100644 --- a/pkgs/development/libraries/scmccid/default.nix +++ b/pkgs/development/libraries/scmccid/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, patchelf, libusb}: +{stdenv, fetchurl, patchelf, libusb-compat-0_1}: assert stdenv ? cc && stdenv.cc.libc != null; @@ -18,7 +18,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ patchelf ]; installPhase = '' - RPATH=${libusb.out}/lib:${stdenv.cc.libc.out}/lib + RPATH=${libusb-compat-0_1.out}/lib:${stdenv.cc.libc.out}/lib for a in proprietary/*/Contents/Linux/*.so*; do if ! test -L $a; then diff --git a/pkgs/development/libraries/unicap/default.nix b/pkgs/development/libraries/unicap/default.nix index 2c2b814b68d..87ca28fee98 100644 --- a/pkgs/development/libraries/unicap/default.nix +++ b/pkgs/development/libraries/unicap/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libusb, libraw1394, dcraw, intltool, perl, v4l-utils }: +{ stdenv, fetchurl, libusb-compat-0_1, libraw1394, dcraw, intltool, perl, v4l-utils }: stdenv.mkDerivation rec { pname = "libunicap"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "05zcnnm4dfc6idihfi0fq5xka6x86zi89wip2ca19yz768sd33s9"; }; - buildInputs = [ libusb libraw1394 dcraw intltool perl v4l-utils ]; + buildInputs = [ libusb-compat-0_1 libraw1394 dcraw intltool perl v4l-utils ]; patches = [ # Debian has a patch that fixes the build. diff --git a/pkgs/development/misc/msp430/mspdebug.nix b/pkgs/development/misc/msp430/mspdebug.nix index 6bb6b683f55..3c7ff00151a 100644 --- a/pkgs/development/misc/msp430/mspdebug.nix +++ b/pkgs/development/misc/msp430/mspdebug.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, libusb, readline ? null }: +{ stdenv, fetchFromGitHub, libusb-compat-0_1, readline ? null }: let version = "0.25"; @@ -12,7 +12,7 @@ in stdenv.mkDerivation { sha256 = "0prgwb5vx6fd4bj12ss1bbb6axj2kjyriyjxqrzd58s5jyyy8d3c"; }; - buildInputs = [ libusb readline ]; + buildInputs = [ libusb-compat-0_1 readline ]; makeFlags = [ "PREFIX=$(out)" "INSTALL=install" ] ++ (if readline == null then [ "WITHOUT_READLINE=1" ] else []); diff --git a/pkgs/development/mobile/webos/novacomd.nix b/pkgs/development/mobile/webos/novacomd.nix index 4d62dd305d3..932ec0e59d6 100644 --- a/pkgs/development/mobile/webos/novacomd.nix +++ b/pkgs/development/mobile/webos/novacomd.nix @@ -1,7 +1,7 @@ { stdenv, fetchFromGitHub, fetchpatch, webos, cmake, pkgconfig, -libusb }: +libusb-compat-0_1 }: stdenv.mkDerivation rec { pname = "novacomd"; @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkgconfig webos.cmake-modules ]; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; cmakeFlags = [ "-DWEBOS_TARGET_MACHINE_IMPL=host" ]; diff --git a/pkgs/development/mobile/xpwn/default.nix b/pkgs/development/mobile/xpwn/default.nix index 9ec5977d594..0c49a29b322 100644 --- a/pkgs/development/mobile/xpwn/default.nix +++ b/pkgs/development/mobile/xpwn/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, zlib, libpng, bzip2, libusb, openssl }: +{ stdenv, fetchFromGitHub, cmake, zlib, libpng, bzip2, libusb-compat-0_1, openssl }: stdenv.mkDerivation rec { pname = "xpwn"; @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { strictDeps = true; nativeBuildInputs = [ cmake ]; - buildInputs = [ zlib libpng bzip2 libusb openssl ]; + buildInputs = [ zlib libpng bzip2 libusb-compat-0_1 openssl ]; meta = with stdenv.lib; { homepage = "http://planetbeing.lighthouseapp.com/projects/15246-xpwn"; diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix index 37dc9e51bea..48a1f20cfd9 100644 --- a/pkgs/development/tools/analysis/radare2/default.nix +++ b/pkgs/development/tools/analysis/radare2/default.nix @@ -1,7 +1,7 @@ {stdenv, fetchFromGitHub , buildPackages , pkgconfig -, libusb, readline, libewf, perl, zlib, openssl +, libusb-compat-0_1, readline, libewf, perl, zlib, openssl , libuv, file, libzip, xxHash , gtk2 ? null, vte ? null, gtkdialog ? null , python3 ? null @@ -84,7 +84,7 @@ let depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ file readline libusb libewf perl zlib openssl libuv ] + buildInputs = [ file readline libusb-compat-0_1 libewf perl zlib openssl libuv ] ++ optional useX11 [ gtkdialog vte gtk2 ] ++ optional rubyBindings [ ruby ] ++ optional pythonBindings [ python3 ] diff --git a/pkgs/development/tools/misc/avrdude/default.nix b/pkgs/development/tools/misc/avrdude/default.nix index bca091d6309..bb0520cf28e 100644 --- a/pkgs/development/tools/misc/avrdude/default.nix +++ b/pkgs/development/tools/misc/avrdude/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, yacc, flex, libusb, libelf, libftdi1, readline +{ stdenv, fetchurl, yacc, flex, libusb-compat-0_1, libelf, libftdi1, readline # docSupport is a big dependency, disabled by default , docSupport ? false, texLive ? null, texinfo ? null, texi2html ? null }: @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { configureFlags = stdenv.lib.optionals docSupport "--enable-doc"; - buildInputs = [ yacc flex libusb libelf libftdi1 readline ] + buildInputs = [ yacc flex libusb-compat-0_1 libelf libftdi1 readline ] ++ stdenv.lib.optionals docSupport [ texLive texinfo texi2html ]; meta = with stdenv.lib; { diff --git a/pkgs/development/tools/misc/blackmagic/default.nix b/pkgs/development/tools/misc/blackmagic/default.nix index 224cf16d763..6e733cfe28a 100644 --- a/pkgs/development/tools/misc/blackmagic/default.nix +++ b/pkgs/development/tools/misc/blackmagic/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, fetchFromGitHub -, gcc-arm-embedded, libftdi1, libusb, pkgconfig +, gcc-arm-embedded, libftdi1, libusb-compat-0_1, pkgconfig , python, pythonPackages }: @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { buildInputs = [ libftdi1 - libusb + libusb-compat-0_1 python pythonPackages.intelhex ]; diff --git a/pkgs/development/tools/misc/dfu-programmer/default.nix b/pkgs/development/tools/misc/dfu-programmer/default.nix index 10e6dc0d8b8..a474ccc7e59 100644 --- a/pkgs/development/tools/misc/dfu-programmer/default.nix +++ b/pkgs/development/tools/misc/dfu-programmer/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libusb }: +{ stdenv, fetchurl, libusb-compat-0_1 }: let version = "0.7.2"; in @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { pname = "dfu-programmer"; inherit version; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; src = fetchurl { url = "mirror://sourceforge/dfu-programmer/${pname}-${version}.tar.gz"; diff --git a/pkgs/development/tools/misc/micronucleus/default.nix b/pkgs/development/tools/misc/micronucleus/default.nix index 9fbafebb10c..890439adc6e 100644 --- a/pkgs/development/tools/misc/micronucleus/default.nix +++ b/pkgs/development/tools/misc/micronucleus/default.nix @@ -1,7 +1,7 @@ { pkgs , stdenv -, libusb +, libusb-compat-0_1 , fetchFromGitHub , lib }: @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { sha256 = "14msy9amlbflw5mqrbs57b7bby3nsgx43srr7215zyhfdgsla0in"; }; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; makeFlags = stdenv.lib.optionals stdenv.isDarwin [ "CC=cc" ]; installPhase = '' diff --git a/pkgs/development/tools/misc/teensy-loader-cli/default.nix b/pkgs/development/tools/misc/teensy-loader-cli/default.nix index e03320f8429..62c480707cd 100644 --- a/pkgs/development/tools/misc/teensy-loader-cli/default.nix +++ b/pkgs/development/tools/misc/teensy-loader-cli/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, go-md2man, installShellFiles, libusb }: +{ stdenv, fetchFromGitHub, go-md2man, installShellFiles, libusb-compat-0_1 }: stdenv.mkDerivation rec { pname = "teensy-loader-cli"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1yx8vsh6b29pqr4zb6sx47429i9x51hj9psn8zksfz75j5ivfd5i"; }; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; nativeBuildInputs = [ go-md2man installShellFiles ]; diff --git a/pkgs/development/tools/misc/wishbone-tool/default.nix b/pkgs/development/tools/misc/wishbone-tool/default.nix index 8c2e27d6450..d900d14e33c 100644 --- a/pkgs/development/tools/misc/wishbone-tool/default.nix +++ b/pkgs/development/tools/misc/wishbone-tool/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchFromGitHub, rustPlatform, libusb }: +{ lib, fetchFromGitHub, rustPlatform, libusb-compat-0_1 }: let version = "0.6.9"; @@ -21,7 +21,7 @@ rustPlatform.buildRustPackage { ''; cargoSha256 = "0d5kcwy0cgxqfxf2xysw65ng84q4knhp4fgvh6dwqhf0nsca9gvs"; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; meta = with lib; { description = "Manipulate a Wishbone device over some sort of bridge"; diff --git a/pkgs/development/tools/misc/xc3sprog/default.nix b/pkgs/development/tools/misc/xc3sprog/default.nix index b39e9028afd..1ccd6c2ec4f 100644 --- a/pkgs/development/tools/misc/xc3sprog/default.nix +++ b/pkgs/development/tools/misc/xc3sprog/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchsvn, cmake, libusb, libftdi }: +{ stdenv, fetchsvn, cmake, libusb-compat-0_1, libftdi }: # The xc3sprog project doesn't seem to make proper releases, they only put out # prebuilt binary subversion snapshots on sourceforge. @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { rev = version; }; - buildInputs = [ cmake libusb libftdi ]; + buildInputs = [ cmake libusb-compat-0_1 libftdi ]; meta = with stdenv.lib; { description = "Command-line tools for programming FPGAs, microcontrollers and PROMs via JTAG"; diff --git a/pkgs/misc/cups/drivers/samsung/1.00.36/default.nix b/pkgs/misc/cups/drivers/samsung/1.00.36/default.nix index 308be5337d0..4088ce700de 100644 --- a/pkgs/misc/cups/drivers/samsung/1.00.36/default.nix +++ b/pkgs/misc/cups/drivers/samsung/1.00.36/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, cups, libusb, libxml2, perl }: +{ stdenv, fetchurl, cups, libusb-compat-0_1, libxml2, perl }: let @@ -17,7 +17,7 @@ in stdenv.mkDerivation rec { buildInputs = [ cups - libusb + libusb-compat-0_1 libxml2 perl ]; @@ -91,7 +91,7 @@ in stdenv.mkDerivation rec { done patchelf --set-rpath "$out/lib:${stdenv.lib.getLib cups}/lib" "$out/lib/libscmssc.so" - patchelf --set-rpath "$out/lib:${libxml2.out}/lib:${libusb.out}/lib" "$out/lib/sane/libsane-smfp.so.1.0.1" + patchelf --set-rpath "$out/lib:${libxml2.out}/lib:${libusb-compat-0_1.out}/lib" "$out/lib/sane/libsane-smfp.so.1.0.1" ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/ ''; diff --git a/pkgs/misc/cups/drivers/samsung/1.00.37.nix b/pkgs/misc/cups/drivers/samsung/1.00.37.nix index b7e75c2a16a..c205560706f 100644 --- a/pkgs/misc/cups/drivers/samsung/1.00.37.nix +++ b/pkgs/misc/cups/drivers/samsung/1.00.37.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, cups, libusb, libxml2 }: +{ stdenv, fetchurl, cups, libusb-compat-0_1, libxml2 }: let @@ -17,7 +17,7 @@ in stdenv.mkDerivation rec { buildInputs = [ cups - libusb + libusb-compat-0_1 libxml2 ]; @@ -74,7 +74,7 @@ in stdenv.mkDerivation rec { done patchelf --set-rpath "$out/lib:${stdenv.lib.getLib cups}/lib" "$out/lib/libscmssc.so" - patchelf --set-rpath "$out/lib:${libxml2.out}/lib:${libusb.out}/lib" "$out/lib/sane/libsane-smfp.so.1.0.1" + patchelf --set-rpath "$out/lib:${libxml2.out}/lib:${libusb-compat-0_1.out}/lib" "$out/lib/sane/libsane-smfp.so.1.0.1" ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/ ''; diff --git a/pkgs/misc/cups/drivers/samsung/4.01.17.nix b/pkgs/misc/cups/drivers/samsung/4.01.17.nix index 755003e4d30..5de93b20cb8 100644 --- a/pkgs/misc/cups/drivers/samsung/4.01.17.nix +++ b/pkgs/misc/cups/drivers/samsung/4.01.17.nix @@ -11,14 +11,14 @@ # } # (This advice was tested on the 1st November 2016.) -{ stdenv, fetchurl, cups, libusb }: +{ stdenv, fetchurl, cups, libusb-compat-0_1 }: # Do not bump lightly! Visit # to see what will break when upgrading. Consider a new versioned attribute. let installationPath = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64" else "i386"; appendPath = if stdenv.hostPlatform.system == "x86_64-linux" then "64" else ""; - libPath = stdenv.lib.makeLibraryPath [ cups libusb ] + ":$out/lib:${stdenv.cc.cc.lib}/lib${appendPath}"; + libPath = stdenv.lib.makeLibraryPath [ cups libusb-compat-0_1 ] + ":$out/lib:${stdenv.cc.cc.lib}/lib${appendPath}"; in stdenv.mkDerivation rec { pname = "samsung-UnifiedLinuxDriver"; version = "4.01.17"; diff --git a/pkgs/misc/drivers/epkowa/default.nix b/pkgs/misc/drivers/epkowa/default.nix index ecf79a953fe..9724e68a04d 100644 --- a/pkgs/misc/drivers/epkowa/default.nix +++ b/pkgs/misc/drivers/epkowa/default.nix @@ -3,7 +3,7 @@ pkgconfig, libtool, gtk2, libxml2, libxslt, -libusb, +libusb-compat-0_1, sane-backends, rpm, cpio, getopt, @@ -263,7 +263,7 @@ stdenv.mkDerivation rec { gtk2 libxml2 libtool - libusb + libusb-compat-0_1 sane-backends makeWrapper ]; diff --git a/pkgs/misc/drivers/gutenprint/default.nix b/pkgs/misc/drivers/gutenprint/default.nix index 96c0968882d..9946f499329 100644 --- a/pkgs/misc/drivers/gutenprint/default.nix +++ b/pkgs/misc/drivers/gutenprint/default.nix @@ -2,7 +2,7 @@ { stdenv, lib, fetchurl, makeWrapper, pkgconfig , ijs, zlib , gimp2Support ? false, gimp -, cupsSupport ? true, cups, libusb, perl +, cupsSupport ? true, cups, libusb-compat-0_1, perl }: stdenv.mkDerivation rec { @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { buildInputs = [ ijs zlib ] ++ lib.optionals gimp2Support [ gimp.gtk gimp ] - ++ lib.optionals cupsSupport [ cups libusb perl ]; + ++ lib.optionals cupsSupport [ cups libusb-compat-0_1 perl ]; configureFlags = lib.optionals cupsSupport [ "--disable-static-genppd" # should be harmless on NixOS diff --git a/pkgs/os-specific/linux/g15daemon/default.nix b/pkgs/os-specific/linux/g15daemon/default.nix index d00bf2f7433..c670fc86d13 100644 --- a/pkgs/os-specific/linux/g15daemon/default.nix +++ b/pkgs/os-specific/linux/g15daemon/default.nix @@ -5,7 +5,7 @@ , fetchpatch , patchelf , freetype -, libusb +, libusb-compat-0_1 }: let license = lib.licenses.gpl2; @@ -25,7 +25,7 @@ let sha256 = "1mkrf622n0cmz57lj8w9q82a9dcr1lmyyxbnrghrxzb6gvifnbqk"; }; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; enableParallelBuilding = true; diff --git a/pkgs/servers/monitoring/lcdproc/default.nix b/pkgs/servers/monitoring/lcdproc/default.nix index 927c7945b91..e469ee6b408 100644 --- a/pkgs/servers/monitoring/lcdproc/default.nix +++ b/pkgs/servers/monitoring/lcdproc/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, autoreconfHook, makeWrapper, pkgconfig -, doxygen, freetype, libX11, libftdi, libusb, libusb1, ncurses, perl }: +, doxygen, freetype, libX11, libftdi, libusb-compat-0_1, libusb1, ncurses, perl }: stdenv.mkDerivation rec { pname = "lcdproc"; @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { "--with-pidfile-dir=/run" ]; - buildInputs = [ freetype libX11 libftdi libusb libusb1 ncurses ]; + buildInputs = [ freetype libX11 libftdi libusb-compat-0_1 libusb1 ncurses ]; nativeBuildInputs = [ autoreconfHook doxygen makeWrapper pkgconfig ]; # In 0.5.9: gcc: error: libbignum.a: No such file or directory diff --git a/pkgs/tools/bluetooth/obex-data-server/default.nix b/pkgs/tools/bluetooth/obex-data-server/default.nix index 15661d6e360..f95869e789c 100644 --- a/pkgs/tools/bluetooth/obex-data-server/default.nix +++ b/pkgs/tools/bluetooth/obex-data-server/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, libusb, glib, dbus-glib, bluez, openobex, dbus }: +{ stdenv, fetchurl, pkgconfig, libusb-compat-0_1, glib, dbus-glib, bluez, openobex, dbus }: stdenv.mkDerivation rec { name = "obex-data-server-0.4.6"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ libusb glib dbus-glib bluez openobex dbus ]; + buildInputs = [ libusb-compat-0_1 glib dbus-glib bluez openobex dbus ]; patches = [ ./obex-data-server-0.4.6-build-fixes-1.patch ]; diff --git a/pkgs/tools/bluetooth/openobex/default.nix b/pkgs/tools/bluetooth/openobex/default.nix index ccf2eee1bb1..7ac0234852c 100644 --- a/pkgs/tools/bluetooth/openobex/default.nix +++ b/pkgs/tools/bluetooth/openobex/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, bluez, libusb, cmake }: +{ stdenv, fetchurl, pkgconfig, bluez, libusb-compat-0_1, cmake }: stdenv.mkDerivation rec { name = "openobex-1.7.2"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig cmake ]; - buildInputs = [ bluez libusb ]; + buildInputs = [ bluez libusb-compat-0_1 ]; configureFlags = [ "--enable-apps" ]; diff --git a/pkgs/tools/misc/gnokii/default.nix b/pkgs/tools/misc/gnokii/default.nix index c0e516a15ad..25c31666191 100644 --- a/pkgs/tools/misc/gnokii/default.nix +++ b/pkgs/tools/misc/gnokii/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, intltool, perl, gettext, libusb, pkgconfig, bluez +{ stdenv, fetchurl, intltool, perl, gettext, libusb-compat-0_1, pkgconfig, bluez , readline, pcsclite, libical, gtk2, glib, libXpm }: stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { }; buildInputs = [ - perl intltool gettext libusb + perl intltool gettext libusb-compat-0_1 glib gtk2 pkgconfig bluez readline libXpm pcsclite libical ]; diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix index a64df866981..4e00a4ddd49 100644 --- a/pkgs/tools/misc/grub/2.0x.nix +++ b/pkgs/tools/misc/grub/2.0x.nix @@ -1,5 +1,5 @@ { stdenv, fetchgit, flex, bison, python, autoconf, automake, gnulib, libtool -, gettext, ncurses, libusb, freetype, qemu, lvm2, unifont, pkgconfig +, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2, unifont, pkgconfig , fuse # only needed for grub-mount , zfs ? null , efiSupport ? false @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ bison flex python pkgconfig autoconf automake ]; - buildInputs = [ ncurses libusb freetype gettext lvm2 fuse libtool ] + buildInputs = [ ncurses libusb-compat-0_1 freetype gettext lvm2 fuse libtool ] ++ optional doCheck qemu ++ optional zfsSupport zfs; diff --git a/pkgs/tools/misc/grub/trusted.nix b/pkgs/tools/misc/grub/trusted.nix index 27676c4745b..f14758a3ae7 100644 --- a/pkgs/tools/misc/grub/trusted.nix +++ b/pkgs/tools/misc/grub/trusted.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, fetchgit, autogen, flex, bison, python, autoconf, automake -, gettext, ncurses, libusb, freetype, qemu, lvm2 +, gettext, ncurses, libusb-compat-0_1, freetype, qemu, lvm2 , for_HP_laptop ? false }: @@ -45,7 +45,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ autogen flex bison python autoconf automake ]; - buildInputs = [ ncurses libusb freetype gettext lvm2 ] + buildInputs = [ ncurses libusb-compat-0_1 freetype gettext lvm2 ] ++ optional doCheck qemu; hardeningDisable = [ "stackprotector" "pic" ]; diff --git a/pkgs/tools/misc/pk2cmd/default.nix b/pkgs/tools/misc/pk2cmd/default.nix index 97628da67f7..8c7e5b8bcf2 100644 --- a/pkgs/tools/misc/pk2cmd/default.nix +++ b/pkgs/tools/misc/pk2cmd/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, libusb, makeWrapper}: +{stdenv, fetchurl, libusb-compat-0_1, makeWrapper}: stdenv.mkDerivation { name = "pk2cmd-1.20"; @@ -7,7 +7,7 @@ stdenv.mkDerivation { sha256 = "1yjpi2qshnqfpan4w3ggakkr3znfrx5cxkny92ka7v9na3g2fc4h"; }; - makeFlags = [ "LIBUSB=${libusb.dev}" "linux" ]; + makeFlags = [ "LIBUSB=${libusb-compat-0_1.dev}" "linux" ]; installPhase = '' mkdir -p $out/bin $out/share/pk2 @@ -16,7 +16,7 @@ stdenv.mkDerivation { wrapProgram $out/bin/pk2cmd --prefix PATH : $out/share/pk2 ''; - buildInputs = [ libusb makeWrapper ]; + buildInputs = [ libusb-compat-0_1 makeWrapper ]; meta = { homepage = "https://www.microchip.com/pickit2"; diff --git a/pkgs/tools/misc/sixpair/default.nix b/pkgs/tools/misc/sixpair/default.nix index fafee99db5a..f738ed71ec7 100644 --- a/pkgs/tools/misc/sixpair/default.nix +++ b/pkgs/tools/misc/sixpair/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libusb }: +{ stdenv, fetchurl, libusb-compat-0_1 }: stdenv.mkDerivation { name = "sixpair-2007-04-18"; @@ -10,7 +10,7 @@ stdenv.mkDerivation { # hcitool is depricated patches = [ ./hcitool.patch ]; - buildInputs = [ libusb ]; + buildInputs = [ libusb-compat-0_1 ]; unpackPhase = '' cp $src sixpair.c diff --git a/pkgs/tools/misc/urjtag/default.nix b/pkgs/tools/misc/urjtag/default.nix index 67b25eaca82..2056fb9d0a5 100644 --- a/pkgs/tools/misc/urjtag/default.nix +++ b/pkgs/tools/misc/urjtag/default.nix @@ -1,5 +1,5 @@ { stdenv, autoconf, automake, pkgconfig, gettext, libtool, bison -, flex, which, subversion, fetchsvn, makeWrapper, libftdi, libusb, readline +, flex, which, subversion, fetchsvn, makeWrapper, libftdi, libusb-compat-0_1, readline , python3 , svfSupport ? true , bsdlSupport ? true @@ -19,7 +19,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ gettext autoconf automake libtool bison flex which - subversion makeWrapper readline libftdi libusb python3 ]; + subversion makeWrapper readline libftdi libusb-compat-0_1 python3 ]; configureFlags = [ (stdenv.lib.enableFeature svfSupport "svf") diff --git a/pkgs/tools/misc/xburst-tools/default.nix b/pkgs/tools/misc/xburst-tools/default.nix index 48045999329..12acbcfbe1c 100644 --- a/pkgs/tools/misc/xburst-tools/default.nix +++ b/pkgs/tools/misc/xburst-tools/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, libusb, libusb1, autoconf, automake, libconfuse, pkgconfig +{ stdenv, fetchgit, libusb-compat-0_1, libusb1, autoconf, automake, libconfuse, pkgconfig , gccCross ? null }: @@ -30,7 +30,7 @@ stdenv.mkDerivation { dontCrossStrip = true; nativeBuildInputs = [ autoconf automake pkgconfig ]; - buildInputs = [ libusb libusb1 libconfuse ] ++ + buildInputs = [ libusb-compat-0_1 libusb1 libconfuse ] ++ stdenv.lib.optional (gccCross != null) gccCross; meta = { diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index ea900160752..f5b693fed35 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -4,7 +4,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. , pinentry ? null, guiSupport ? false -, openldap ? null, bzip2 ? null, libusb ? null, curl ? null +, openldap ? null, bzip2 ? null, libusb-compat-0_1 ? null, curl ? null }: with stdenv.lib; @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { buildInputs = [ readline zlib libgpgerror libgcrypt libassuan libksba pth - openldap bzip2 libusb curl libiconv ]; + openldap bzip2 libusb-compat-0_1 curl libiconv ]; patches = [ ./gpgkey2ssh-20.patch ]; diff --git a/pkgs/tools/security/libacr38u/default.nix b/pkgs/tools/security/libacr38u/default.nix index 45d0279099f..b56c15af3d6 100644 --- a/pkgs/tools/security/libacr38u/default.nix +++ b/pkgs/tools/security/libacr38u/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, pcsclite , libusb }: +{ stdenv, fetchurl, pkgconfig, pcsclite , libusb-compat-0_1 }: stdenv.mkDerivation { version = "1.7.11"; @@ -12,7 +12,7 @@ stdenv.mkDerivation { doCheck = true; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ pcsclite libusb ]; + buildInputs = [ pcsclite libusb-compat-0_1 ]; preBuild = '' makeFlagsArray=(usbdropdir="$out/pcsc/drivers"); diff --git a/pkgs/tools/security/pcsc-scm-scl011/default.nix b/pkgs/tools/security/pcsc-scm-scl011/default.nix index b400d628fd7..62f4c3e8556 100644 --- a/pkgs/tools/security/pcsc-scm-scl011/default.nix +++ b/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, unzip, libusb }: +{ stdenv, fetchurl, unzip, libusb-compat-0_1 }: let arch = if stdenv.hostPlatform.system == "i686-linux" then "32" @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { cp -r proprietary/*.bundle $out/pcsc/drivers ''; - libPath = stdenv.lib.makeLibraryPath [ libusb ]; + libPath = stdenv.lib.makeLibraryPath [ libusb-compat-0_1 ]; fixupPhase = '' patchelf --set-rpath $libPath \ diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 5b26ecb2da6..910a8f3c67c 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -249,6 +249,7 @@ mapAliases ({ libtxc_dxtn = throw "removed 2020-03-16, now integrated in Mesa"; libtxc_dxtn_s2tc = throw "removed 2020-03-16, now integrated in Mesa"; libudev = udev; # added 2018-04-25 + libusb = libusb-compat-0_1; # added 2020-04-28 libsexy = throw "libsexy has been removed from nixpkgs, as it's abandoned and no package needed it."; # 2019-12-10 libqmatrixclient = throw "libqmatrixclient was renamed to libquotient"; # added 2020-04-09 links = links2; # added 2016-01-31 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0628fdaad86..ad6b2b1a53a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13356,7 +13356,7 @@ in liburcu = callPackage ../development/libraries/liburcu { }; - libusb = callPackage ../development/libraries/libusb {}; + libusb-compat-0_1 = callPackage ../development/libraries/libusb-compat/0.1.nix {}; libusb1 = callPackage ../development/libraries/libusb1 { inherit (darwin) libobjc; -- cgit 1.4.1 From fe7f770666bbd940b54a7cd6ef366eb6151ef655 Mon Sep 17 00:00:00 2001 From: Luka Blaskovic Date: Tue, 28 Apr 2020 05:25:38 +0000 Subject: sof-firmware: init at 1.4.2 --- nixos/modules/hardware/all-firmware.nix | 1 + .../linux/firmware/sof-firmware/default.nix | 28 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 3 files changed, 31 insertions(+) create mode 100644 pkgs/os-specific/linux/firmware/sof-firmware/default.nix (limited to 'pkgs/os-specific') diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix index 16be8bcfdd7..b07edb0f6ac 100644 --- a/nixos/modules/hardware/all-firmware.nix +++ b/nixos/modules/hardware/all-firmware.nix @@ -51,6 +51,7 @@ in { rtlwifi_new-firmware zd1211fw alsa-firmware + sof-firmware openelec-dvb-firmware ] ++ optional (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) raspberrypiWirelessFirmware ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [ diff --git a/pkgs/os-specific/linux/firmware/sof-firmware/default.nix b/pkgs/os-specific/linux/firmware/sof-firmware/default.nix new file mode 100644 index 00000000000..73ab46b3c8a --- /dev/null +++ b/pkgs/os-specific/linux/firmware/sof-firmware/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl }: + +with stdenv.lib; +stdenv.mkDerivation rec { + pname = "sof-firmware"; + version = "1.4.2"; + + src = fetchurl { + url = "https://www.alsa-project.org/files/pub/misc/sof/${pname}-${version}.tar.bz2"; + sha256 = "1nkh020gjm45vxd6fvmz63hj16ilff2nl5avvsklajjs6xci1sf5"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = '' + rm lib/firmware/intel/{sof/LICENCE,sof-tplg/LICENCE} + mkdir $out + cp -r lib $out/lib + ''; + + meta = with stdenv.lib; { + description = "Sound Open Firmware"; + homepage = "https://www.sofproject.org/"; + license = with licenses; [ bsd3 isc ]; + maintainers = with maintainers; [ lblasc ]; + platforms = with platforms; linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4ed07788904..a6ba99ce008 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6666,6 +6666,8 @@ in python = python3; }; + sof-firmware = callPackage ../os-specific/linux/firmware/sof-firmware { }; + softhsm = callPackage ../tools/security/softhsm { inherit (darwin) libobjc; inherit (darwin.apple_sdk.frameworks) Security; -- cgit 1.4.1 From 5a16436ffb24dc0a129a843dda60cfbab6aef269 Mon Sep 17 00:00:00 2001 From: Bruno Bzeznik Date: Tue, 28 Apr 2020 11:38:21 +0200 Subject: libpsm2: init at 11.2.156 (#85920) * libpsm2: init at 11.2.156 --- pkgs/os-specific/linux/libpsm2/default.nix | 42 ++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 44 insertions(+) create mode 100644 pkgs/os-specific/linux/libpsm2/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/libpsm2/default.nix b/pkgs/os-specific/linux/libpsm2/default.nix new file mode 100644 index 00000000000..b9e41380da8 --- /dev/null +++ b/pkgs/os-specific/linux/libpsm2/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, numactl, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "libpsm2"; + version = "11.2.156"; + ifs_version = "10_10_2_0_44"; + + preConfigure= '' + export UDEVDIR=$out/etc/udev + substituteInPlace ./Makefile --replace "udevrulesdir}" "prefix}/etc/udev"; + ''; + + enableParallelBuilding = true; + + buildInputs = [ numactl pkgconfig ]; + + installFlags = [ + "DESTDIR=$(out)" + "UDEVDIR=/etc/udev" + "LIBPSM2_COMPAT_CONF_DIR=/etc" + ]; + + src = fetchFromGitHub { + owner = "intel"; + repo = "opa-psm2"; + rev = "IFS_RELEASE_${ifs_version}"; + sha256 = "0ckrfzih1ga9yvximxjdh0z05kn9l858ykqiblv18w6ka3gra1xz"; + }; + + postInstall = '' + mv $out/usr/* $out + rmdir $out/usr + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/intel/opa-psm2"; + description = "The PSM2 library supports a number of fabric media and stacks"; + license = with licenses; [ gpl2 bsd3 ]; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.bzizou ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0628fdaad86..dfbc4b8ffd1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2084,6 +2084,8 @@ in xkbd = callPackage ../applications/misc/xkbd { }; + libpsm2 = callPackage ../os-specific/linux/libpsm2 { }; + optar = callPackage ../tools/graphics/optar {}; obinskit = callPackage ../applications/misc/obinskit {}; -- cgit 1.4.1 From d103dc49986ed4c7a242a832d4f74a85062e2395 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Tue, 28 Apr 2020 15:08:13 +0200 Subject: linux: do not depend on systemd indirectly utillinux depends on systemd because: * uuidd supports socket activation * lslogins can show recent journal entries * fstrim comes with a service file (and we use this in NixOS) * logger can write journal entries (See https://www.openembedded.org/pipermail/openembedded-core/2015-February/102069.html) systemd doesn't depend on utillinux but on utillinuxMinimal which is a version of utillinux without these features to avoid cyclic dependencies. With this change, the linux kernel (of which i don't fully understand why it would depend on util-linux in the first place, but this was added in https://github.com/NixOS/nixpkgs/pull/32137/files without too much explanation) depends on the minimal version of util-linux too. This makes it that every time we change build flags in systemd the linux kernel doesn't have to wastefully rebuild. --- pkgs/os-specific/linux/kernel/manual-config.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 71505840b86..d73e0a8ac90 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,6 +1,6 @@ { buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl , libelf, cpio -, utillinux +, utillinuxMinimal , writeTextFile }: @@ -281,7 +281,7 @@ let in assert stdenv.lib.versionAtLeast version "4.14" -> libelf != null; -assert stdenv.lib.versionAtLeast version "4.15" -> utillinux != null; +assert stdenv.lib.versionAtLeast version "4.15" -> utillinuxMinimal != null; stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.platform kernelPatches configfile) // { pname = "linux"; inherit version; @@ -292,7 +292,7 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.platform kernelPatches nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr ] ++ optional (stdenv.hostPlatform.platform.kernelTarget == "uImage") buildPackages.ubootTools ++ optional (stdenv.lib.versionAtLeast version "4.14") libelf - ++ optional (stdenv.lib.versionAtLeast version "4.15") utillinux + ++ optional (stdenv.lib.versionAtLeast version "4.15") utillinuxMinimal ++ optionals (stdenv.lib.versionAtLeast version "4.16") [ bison flex ] ++ optional (stdenv.lib.versionAtLeast version "5.2") cpio ; -- cgit 1.4.1 From 75a3a9af8d73d49acb6c543f36ff6feebef445fe Mon Sep 17 00:00:00 2001 From: Bruno Bzeznik Date: Tue, 28 Apr 2020 16:52:56 +0200 Subject: libfabric: init at 1.10.0 --- pkgs/os-specific/linux/libfabric/default.nix | 29 ++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 31 insertions(+) create mode 100644 pkgs/os-specific/linux/libfabric/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/libfabric/default.nix b/pkgs/os-specific/linux/libfabric/default.nix new file mode 100644 index 00000000000..6383832a7e7 --- /dev/null +++ b/pkgs/os-specific/linux/libfabric/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, libpsm2 }: + +stdenv.mkDerivation rec { + pname = "libfabric"; + version = "1.10.0"; + + enableParallelBuilding = true; + + src = fetchFromGitHub { + owner = "ofiwg"; + repo = pname; + rev = "v${version}"; + sha256 = "0amgc5w7qg96r9a21jl92m6jzn4z2j3iyk7jf7kwyzfi4jhlkv89"; + }; + + nativeBuildInputs = [ pkgconfig autoreconfHook ] ; + + buildInputs = [ libpsm2 ] ; + + configureFlags = [ "--enable-psm2=${libpsm2}" ] ; + + meta = with stdenv.lib; { + homepage = "http://libfabric.org/"; + description = "Open Fabric Interfaces"; + license = with licenses; [ gpl2 bsd2 ]; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.bzizou ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c0ea39aa744..cf457b7dd79 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12798,6 +12798,8 @@ in libf2c = callPackage ../development/libraries/libf2c {}; + libfabric = callPackage ../os-specific/linux/libfabric {}; + libfive = callPackage ../development/libraries/libfive { }; libfixposix = callPackage ../development/libraries/libfixposix {}; -- cgit 1.4.1 From d21cc14114dc59207963aaca09c3254eec2168c6 Mon Sep 17 00:00:00 2001 From: jakobrs Date: Tue, 28 Apr 2020 15:05:18 +0200 Subject: v4l2loopback: 0.12.4 -> 0.12.5 --- pkgs/os-specific/linux/v4l2loopback/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index db384c71d74..32ae45fbb0e 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "v4l2loopback-${version}-${kernel.version}"; - version = "0.12.4"; + version = "0.12.5"; src = fetchFromGitHub { owner = "umlaeute"; repo = "v4l2loopback"; rev = "v${version}"; - sha256 = "0sp7n6hprgf1z7vzwshs5gyyn6syn4pw5xx7xqrfcwkx6cja6sys"; + sha256 = "1qi4l6yam8nrlmc3zwkrz9vph0xsj1cgmkqci4652mbpbzigg7vn"; }; hardeningDisable = [ "format" "pic" ]; -- cgit 1.4.1 From 6fc9fd53dba25f61a6493e7c0d8fef5eca9c51bf Mon Sep 17 00:00:00 2001 From: Luka Blaskovic Date: Wed, 29 Apr 2020 03:34:41 +0000 Subject: linux config: enable Sound Open Firmware support --- pkgs/os-specific/linux/kernel/common-config.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 0a58ed87e6c..088ec4ebf44 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -254,6 +254,27 @@ let SND_USB_CAIAQ_INPUT = yes; # Enable PSS mixer (Beethoven ADSP-16 and other compatible) PSS_MIXER = whenOlder "4.12" yes; + # Enable Sound Open Firmware support + } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" && + versionAtLeast version "5.5") { + SND_SOC_SOF_TOPLEVEL = yes; + SND_SOC_SOF_ACPI = module; + SND_SOC_SOF_PCI = module; + SND_SOC_SOF_APOLLOLAKE_SUPPORT = yes; + SND_SOC_SOF_CANNONLAKE_SUPPORT = yes; + SND_SOC_SOF_COFFEELAKE_SUPPORT = yes; + SND_SOC_SOF_COMETLAKE_H_SUPPORT = yes; + SND_SOC_SOF_COMETLAKE_LP_SUPPORT = yes; + SND_SOC_SOF_ELKHARTLAKE_SUPPORT = yes; + SND_SOC_SOF_GEMINILAKE_SUPPORT = yes; + SND_SOC_SOF_HDA_AUDIO_CODEC = yes; + SND_SOC_SOF_HDA_COMMON_HDMI_CODEC = yes; + SND_SOC_SOF_HDA_LINK = yes; + SND_SOC_SOF_ICELAKE_SUPPORT = yes; + SND_SOC_SOF_INTEL_TOPLEVEL = yes; + SND_SOC_SOF_JASPERLAKE_SUPPORT = yes; + SND_SOC_SOF_MERRIFIELD_SUPPORT = yes; + SND_SOC_SOF_TIGERLAKE_SUPPORT = yes; }; usb-serial = { -- cgit 1.4.1 From 8ce65087c333097ab714d23800b69fc471ec48ca Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Wed, 8 Apr 2020 18:30:45 +0200 Subject: broadcom_sta: fix build on 5.6 --- pkgs/os-specific/linux/broadcom-sta/default.nix | 2 + .../os-specific/linux/broadcom-sta/linux-5.6.patch | 87 ++++++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 pkgs/os-specific/linux/broadcom-sta/linux-5.6.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/broadcom-sta/default.nix b/pkgs/os-specific/linux/broadcom-sta/default.nix index f1b560e9f8b..ecaa3896044 100644 --- a/pkgs/os-specific/linux/broadcom-sta/default.nix +++ b/pkgs/os-specific/linux/broadcom-sta/default.nix @@ -35,6 +35,8 @@ stdenv.mkDerivation { ./linux-4.12.patch ./linux-4.15.patch ./linux-5.1.patch + # source: https://salsa.debian.org/Herrie82-guest/broadcom-sta/-/commit/247307926e5540ad574a17c062c8da76990d056f + ./linux-5.6.patch ./null-pointer-fix.patch ./gcc.patch ]; diff --git a/pkgs/os-specific/linux/broadcom-sta/linux-5.6.patch b/pkgs/os-specific/linux/broadcom-sta/linux-5.6.patch new file mode 100644 index 00000000000..df5af79f77c --- /dev/null +++ b/pkgs/os-specific/linux/broadcom-sta/linux-5.6.patch @@ -0,0 +1,87 @@ +From dd057e40a167f4febb1a7c77dd32b7d36056952c Mon Sep 17 00:00:00 2001 +From: Herman van Hazendonk +Date: Tue, 31 Mar 2020 17:09:55 +0200 +Subject: [PATCH] Add fixes for 5.6 kernel + +Use ioremap instead of ioremap_nocache and proc_ops instead of file_operations on Linux kernel 5.6 and above. + +Signed-off-by: Herman van Hazendonk +--- + src/shared/linux_osl.c | 6 +++++- + src/wl/sys/wl_linux.c | 21 ++++++++++++++++++++- + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/shared/linux_osl.c b/src/shared/linux_osl.c +index 6157d18..dcfc075 100644 +--- a/src/shared/linux_osl.c ++++ b/src/shared/linux_osl.c +@@ -942,7 +942,11 @@ osl_getcycles(void) + void * + osl_reg_map(uint32 pa, uint size) + { +- return (ioremap_nocache((unsigned long)pa, (unsigned long)size)); ++ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++ return (ioremap((unsigned long)pa, (unsigned long)size)); ++ #else ++ return (ioremap_nocache((unsigned long)pa, (unsigned long)size)); ++ #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ + } + + void +diff --git a/src/wl/sys/wl_linux.c b/src/wl/sys/wl_linux.c +index 0d05100..6d9dd0d 100644 +--- a/src/wl/sys/wl_linux.c ++++ b/src/wl/sys/wl_linux.c +@@ -582,10 +582,17 @@ wl_attach(uint16 vendor, uint16 device, ulong regs, + } + wl->bcm_bustype = bustype; + ++ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++ if ((wl->regsva = ioremap(dev->base_addr, PCI_BAR0_WINSZ)) == NULL) { ++ WL_ERROR(("wl%d: ioremap() failed\n", unit)); ++ goto fail; ++ } ++ #else + if ((wl->regsva = ioremap_nocache(dev->base_addr, PCI_BAR0_WINSZ)) == NULL) { + WL_ERROR(("wl%d: ioremap() failed\n", unit)); + goto fail; + } ++ #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ + + wl->bar1_addr = bar1_addr; + wl->bar1_size = bar1_size; +@@ -772,8 +779,13 @@ wl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + if ((val & 0x0000ff00) != 0) + pci_write_config_dword(pdev, 0x40, val & 0xffff00ff); + bar1_size = pci_resource_len(pdev, 2); ++ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++ bar1_addr = (uchar *)ioremap(pci_resource_start(pdev, 2), ++ bar1_size); ++ #else + bar1_addr = (uchar *)ioremap_nocache(pci_resource_start(pdev, 2), + bar1_size); ++ #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ + wl = wl_attach(pdev->vendor, pdev->device, pci_resource_start(pdev, 0), PCI_BUS, pdev, + pdev->irq, bar1_addr, bar1_size); + +@@ -3335,12 +3347,19 @@ wl_proc_write(struct file *filp, const char __user *buff, size_t length, loff_t + } + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 10, 0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) ++static const struct proc_ops wl_fops = { ++ .proc_read = wl_proc_read, ++ .proc_write = wl_proc_write, ++}; ++#else + static const struct file_operations wl_fops = { + .owner = THIS_MODULE, + .read = wl_proc_read, + .write = wl_proc_write, + }; +-#endif ++#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) */ ++#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(3, 10, 0) */ + + static int + wl_reg_proc_entry(wl_info_t *wl) -- cgit 1.4.1 From ca44d3eb1ed011a1e93deaa8a3dbe78e57236de8 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 29 Apr 2020 15:25:15 -0400 Subject: linux: 4.19.118 -> 4.19.119 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index ab3d1b1a719..b3073ac1779 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.118"; + version = "4.19.119"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "15lcq3xky59v88vb8vvnmgcsmm1fadz0m4jyrii6rynsz5jr6x49"; + sha256 = "1klvdzz8sndg2zsr1anfy9p5fc1aapjqvc249myrbndyf55bk91b"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 100e81982dba166a2287179d62184c2a59d6613f Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 29 Apr 2020 15:25:57 -0400 Subject: linux: 5.4.35 -> 5.4.36 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 08b28bc98dc..2672a239e3b 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.35"; + version = "5.4.36"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1m06k19pbb3wz8z2dgf03jvzbbdh6q8jwwdz509s902a53vxasz1"; + sha256 = "13avfvimjyg4lhj9micgib9bb5qpx11cja5liypid0rf2acfmymr"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From bbf8ce13ebd6bb89d12fedd5b20e5f5a80b20145 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 29 Apr 2020 15:26:45 -0400 Subject: linux: 5.6.7 -> 5.6.8 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index a31e6e26d3f..c5bd84abf16 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.7"; + version = "5.6.8"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1jljcva3gxg1yc2kw3jjgmhzzdm16nylzxl63zbndjza547l5813"; + sha256 = "1pw2q9509jzp84b6qasaais2ws25v2wrjh072q0x3j520zzl5q8r"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From a3082bc6b796f539cbe02bffbb058966acb629b6 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 30 Apr 2020 01:03:18 +0200 Subject: systemd: regenerate patches It seems nix is much more permissive in applying patches than git am. These patches were regenerated by running `git am path/to/nixpkgs/pkgs/os-specific/linux/systemd/*.patch`, and manually running `patch -p1 < path/to/nixpkgs/pkgs/os-specific/linux/systemd/*N.patch` where necessary. --- ...e-units-for-uninitialised-encrypted-devic.patch | 6 +- ...002-Don-t-try-to-unmount-nix-or-nix-store.patch | 42 +++ ...003-Don-t-try-to-unmount-nix-or-nix-store.patch | 42 --- .../linux/systemd/0003-Fix-NixOS-containers.patch | 34 +++ .../linux/systemd/0004-Fix-NixOS-containers.patch | 34 --- .../0004-Look-for-fsck-in-the-right-place.patch | 25 ++ ...-Add-some-NixOS-specific-unit-directories.patch | 107 +++++++ ...rid-of-a-useless-message-in-user-sessions.patch | 31 ++ .../0006-Look-for-fsck-in-the-right-place.patch | 25 -- ...-Add-some-NixOS-specific-unit-directories.patch | 107 ------- ...ocaled-timedated-disable-methods-that-cha.patch | 118 ++++++++ .../linux/systemd/0008-Fix-hwdb-paths.patch | 32 +++ ...Change-usr-share-zoneinfo-to-etc-zoneinfo.patch | 132 +++++++++ ...rid-of-a-useless-message-in-user-sessions.patch | 31 -- ...ocaled-timedated-disable-methods-that-cha.patch | 118 -------- ...10-localectl-use-etc-X11-xkb-for-list-x11.patch | 27 ++ .../linux/systemd/0011-Fix-hwdb-paths.patch | 32 --- ...-create-statedir-and-don-t-touch-prefixdi.patch | 26 ++ ...Change-usr-share-zoneinfo-to-etc-zoneinfo.patch | 132 --------- ...ault-configuration-into-out-share-factory.patch | 313 ++++++++++++++++++++ ...stemd-environment-when-calling-generators.patch | 42 +++ ...13-localectl-use-etc-X11-xkb-for-list-x11.patch | 27 -- .../0014-add-rootprefix-to-lookup-dir-paths.patch | 38 +++ ...tdown-execute-scripts-in-etc-systemd-syst.patch | 27 ++ ...-create-statedir-and-don-t-touch-prefixdi.patch | 26 -- ...ep-execute-scripts-in-etc-systemd-system-.patch | 26 ++ ...-nodes.service-Update-ConditionFileNotEmp.patch | 27 ++ ...ault-configuration-into-out-share-factory.patch | 317 --------------------- ...h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch | 33 +++ ...stemd-environment-when-calling-generators.patch | 42 --- .../0021-add-rootprefix-to-lookup-dir-paths.patch | 38 --- ...tdown-execute-scripts-in-etc-systemd-syst.patch | 27 -- ...ep-execute-scripts-in-etc-systemd-system-.patch | 26 -- ...odes.service-Update-ConditionFileNotEmpty.patch | 27 -- ...h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch | 33 --- pkgs/os-specific/linux/systemd/default.nix | 34 +-- 36 files changed, 1100 insertions(+), 1104 deletions(-) create mode 100644 pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch delete mode 100644 pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch create mode 100644 pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch delete mode 100644 pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch create mode 100644 pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch create mode 100644 pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch create mode 100644 pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch delete mode 100644 pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch delete mode 100644 pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch create mode 100644 pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch create mode 100644 pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch create mode 100644 pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch delete mode 100644 pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch delete mode 100644 pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch create mode 100644 pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch delete mode 100644 pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch create mode 100644 pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch delete mode 100644 pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch create mode 100644 pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch create mode 100644 pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch delete mode 100644 pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch create mode 100644 pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch create mode 100644 pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch delete mode 100644 pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch create mode 100644 pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch create mode 100644 pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch delete mode 100644 pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch create mode 100644 pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch delete mode 100644 pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch delete mode 100644 pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch delete mode 100644 pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch delete mode 100644 pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch delete mode 100644 pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch delete mode 100644 pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index 5418a6d9d91..a7f5a15e050 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -1,7 +1,7 @@ -From a6c9317a905ef478b8e0d3dad263990feb5d11cb Mon Sep 17 00:00:00 2001 +From 7900e82a60e22354ab2b1c71f4664c1e2357ab23 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 8 Jan 2013 15:46:30 +0100 -Subject: [PATCH 01/27] Start device units for uninitialised encrypted devices +Subject: [PATCH 01/18] Start device units for uninitialised encrypted devices This is necessary because the NixOS service that initialises the filesystem depends on the appearance of the device unit. Also, this @@ -28,5 +28,5 @@ index c34b606216..3ab8c1c3fe 100644 SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" -- -2.24.1 +2.26.2 diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch new file mode 100644 index 00000000000..c5679bb393c --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -0,0 +1,42 @@ +From 1e2f2f80e106910bbf3fd27438b794937ff3a1a8 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Fri, 12 Apr 2013 13:16:57 +0200 +Subject: [PATCH 02/18] Don't try to unmount /nix or /nix/store + +They'll still be remounted read-only. + +https://github.com/NixOS/nixos/issues/126 +--- + src/core/mount.c | 2 ++ + src/shutdown/umount.c | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 1c4aefd734..a5553226f8 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -412,6 +412,8 @@ static bool mount_is_extrinsic(Mount *m) { + + if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */ + "/", /* (strictly speaking redundant: should already be covered by the perpetual flag check above) */ ++ "/nix", ++ "/nix/store", + "/usr", + "/etc")) + return true; +diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c +index 8a5e80eeaa..fab35ed6f3 100644 +--- a/src/shutdown/umount.c ++++ b/src/shutdown/umount.c +@@ -414,6 +414,8 @@ static int delete_dm(dev_t devnum) { + + static bool nonunmountable_path(const char *path) { + return path_equal(path, "/") ++ || path_equal(path, "/nix") ++ || path_equal(path, "/nix/store") + #if ! HAVE_SPLIT_USR + || path_equal(path, "/usr") + #endif +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch deleted file mode 100644 index 75110faf923..00000000000 --- a/pkgs/os-specific/linux/systemd/0003-Don-t-try-to-unmount-nix-or-nix-store.patch +++ /dev/null @@ -1,42 +0,0 @@ -From fd9c882581877eef8ba1b34a9502a1ff546b3833 Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Fri, 12 Apr 2013 13:16:57 +0200 -Subject: [PATCH 03/27] Don't try to unmount /nix or /nix/store - -They'll still be remounted read-only. - -https://github.com/NixOS/nixos/issues/126 ---- - src/core/mount.c | 4 +++- - src/shutdown/umount.c | 2 ++ - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index a0dfa6a1a7..4ca6adcdc6 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -414,6 +414,8 @@ static bool mount_is_extrinsic(Mount *m) { - - if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */ - "/", /* (strictly speaking redundant: should already be covered by the perpetual flag check above) */ -+ "/nix", -+ "/nix/store", - "/usr", - "/etc")) - return true; -diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 2d07d3d6c1..8b112f464e 100644 ---- a/src/shutdown/umount.c -+++ b/src/shutdown/umount.c -@@ -373,6 +373,8 @@ static int delete_dm(dev_t devnum) { - - static bool nonunmountable_path(const char *path) { - return path_equal(path, "/") -+ || path_equal(path, "/nix") -+ || path_equal(path, "/nix/store") - #if ! HAVE_SPLIT_USR - || path_equal(path, "/usr") - #endif --- -2.25.1 - diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch new file mode 100644 index 00000000000..fb038c369f8 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -0,0 +1,34 @@ +From 1ff6f3a4250240e1ba56861e31819fe3c5516844 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Wed, 16 Apr 2014 10:59:28 +0200 +Subject: [PATCH 03/18] Fix NixOS containers + +In NixOS containers, the init script is bind-mounted into the +container, so checking early whether it exists will fail. +--- + src/nspawn/nspawn.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 734dee1130..a97b1a4bc9 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -5018,6 +5018,7 @@ static int run(int argc, char *argv[]) { + goto finish; + } + } else { ++#if 0 + const char *p, *q; + + if (arg_pivot_root_new) +@@ -5032,6 +5033,7 @@ static int run(int argc, char *argv[]) { + r = -EINVAL; + goto finish; + } ++#endif + } + + } else { +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch deleted file mode 100644 index ffb139b71e1..00000000000 --- a/pkgs/os-specific/linux/systemd/0004-Fix-NixOS-containers.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 58c4a7b4e9d9c34b92deded6aea814738821059d Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Wed, 16 Apr 2014 10:59:28 +0200 -Subject: [PATCH 04/27] Fix NixOS containers - -In NixOS containers, the init script is bind-mounted into the -container, so checking early whether it exists will fail. ---- - src/nspawn/nspawn.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 5d9290b1cf..26615901c3 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -4924,6 +4924,7 @@ static int run(int argc, char *argv[]) { - goto finish; - } - } else { -+#if 0 - const char *p, *q; - - if (arg_pivot_root_new) -@@ -4938,6 +4939,7 @@ static int run(int argc, char *argv[]) { - r = -EINVAL; - goto finish; - } -+#endif - } - - } else { --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch new file mode 100644 index 00000000000..3f102bd4d9b --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -0,0 +1,25 @@ +From 9cc4c2f4fd5d082aa039073a3620df536261100a Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Thu, 1 May 2014 14:10:10 +0200 +Subject: [PATCH 04/18] Look for fsck in the right place + +--- + src/fsck/fsck.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c +index 80f7107b9d..74e48a385f 100644 +--- a/src/fsck/fsck.c ++++ b/src/fsck/fsck.c +@@ -370,7 +370,7 @@ static int run(int argc, char *argv[]) { + } else + dash_c[0] = 0; + +- cmdline[i++] = "/sbin/fsck"; ++ cmdline[i++] = "/run/current-system/sw/bin/fsck"; + cmdline[i++] = arg_repair; + cmdline[i++] = "-T"; + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch new file mode 100644 index 00000000000..af7d227eda2 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -0,0 +1,107 @@ +From a036a1754104df9b9f7d9b3787840a83b06d0c18 Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Fri, 19 Dec 2014 14:46:17 +0100 +Subject: [PATCH 05/18] Add some NixOS-specific unit directories + +Look in /nix/var/nix/profiles/default/lib/systemd for units provided +by packages in the default (system-wide) profile, and in +/etc/systemd-mutable/system for persistent, mutable units (not +recommended). + +Also, remove /usr and /lib as these don't exist on NixOS. +--- + src/core/systemd.pc.in | 4 ++-- + src/shared/path-lookup.c | 18 +++++------------- + 2 files changed, 7 insertions(+), 15 deletions(-) + +diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in +index 8331832c7a..bedb97115d 100644 +--- a/src/core/systemd.pc.in ++++ b/src/core/systemd.pc.in +@@ -17,8 +17,8 @@ systemduserunitdir=${prefix}/lib/systemd/user + systemduserpresetdir=${prefix}/lib/systemd/user-preset + systemdsystemconfdir=${sysconfdir}/systemd/system + systemduserconfdir=${sysconfdir}/systemd/user +-systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/run/systemd/system:/usr/local/lib/systemd/system:${systemdsystemunitdir}:/usr/lib/systemd/system:/lib/systemd/system +-systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemduserunitdir}:/usr/lib/systemd/user:/usr/share/systemd/user ++systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/etc/systemd-mutable/system:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/system:${systemdsystemunitdir} ++systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/etc/systemd-mutable/user:/nix/var/nix/profiles/default/lib/systemd/system:/run/systemd/user:${systemduserunitdir} + systemdsystemgeneratordir=${rootprefix}/lib/systemd/system-generators + systemdusergeneratordir=${prefix}/lib/systemd/user-generators + systemdsystemgeneratorpath=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemdsystemgeneratordir} +diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c +index 5b16209745..13c0a57637 100644 +--- a/src/shared/path-lookup.c ++++ b/src/shared/path-lookup.c +@@ -98,17 +98,14 @@ int xdg_user_data_dir(char **ret, const char *suffix) { + } + + static const char* const user_data_unit_paths[] = { +- "/usr/local/lib/systemd/user", +- "/usr/local/share/systemd/user", + USER_DATA_UNIT_PATH, +- "/usr/lib/systemd/user", +- "/usr/share/systemd/user", + NULL + }; + + static const char* const user_config_unit_paths[] = { + USER_CONFIG_UNIT_PATH, + "/etc/systemd/user", ++ "/etc/systemd-mutable/user", + NULL + }; + +@@ -603,15 +600,14 @@ int lookup_paths_init( + persistent_config, + SYSTEM_CONFIG_UNIT_PATH, + "/etc/systemd/system", ++ "/etc/systemd-mutable/system", ++ "/nix/var/nix/profiles/default/lib/systemd/system", + STRV_IFNOTNULL(persistent_attached), + runtime_config, + "/run/systemd/system", + STRV_IFNOTNULL(runtime_attached), + STRV_IFNOTNULL(generator), +- "/usr/local/lib/systemd/system", + SYSTEM_DATA_UNIT_PATH, +- "/usr/lib/systemd/system", +- STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), + STRV_IFNOTNULL(generator_late)); + break; + +@@ -627,14 +623,12 @@ int lookup_paths_init( + persistent_config, + USER_CONFIG_UNIT_PATH, + "/etc/systemd/user", ++ "/etc/systemd-mutable/user", ++ "/nix/var/nix/profiles/default/lib/systemd/user", + runtime_config, + "/run/systemd/user", + STRV_IFNOTNULL(generator), +- "/usr/local/share/systemd/user", +- "/usr/share/systemd/user", +- "/usr/local/lib/systemd/user", + USER_DATA_UNIT_PATH, +- "/usr/lib/systemd/user", + STRV_IFNOTNULL(generator_late)); + break; + +@@ -823,14 +817,12 @@ char **generator_binary_paths(UnitFileScope scope) { + case UNIT_FILE_SYSTEM: + return strv_new("/run/systemd/system-generators", + "/etc/systemd/system-generators", +- "/usr/local/lib/systemd/system-generators", + SYSTEM_GENERATOR_PATH); + + case UNIT_FILE_GLOBAL: + case UNIT_FILE_USER: + return strv_new("/run/systemd/user-generators", + "/etc/systemd/user-generators", +- "/usr/local/lib/systemd/user-generators", + USER_GENERATOR_PATH); + + default: +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch new file mode 100644 index 00000000000..9e93b1497ef --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -0,0 +1,31 @@ +From d96e5224001ea437549eae7b00173b61d459209e Mon Sep 17 00:00:00 2001 +From: Eelco Dolstra +Date: Mon, 11 May 2015 15:39:38 +0200 +Subject: [PATCH 06/18] Get rid of a useless message in user sessions + +Namely lots of variants of + + Unit nix-var-nix-db.mount is bound to inactive unit dev-disk-by\x2dlabel-nixos.device. Stopping, too. + +in containers. +--- + src/core/unit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 2816bcef55..0e5102a28c 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2043,7 +2043,8 @@ static void unit_check_binds_to(Unit *u) { + } + + assert(other); +- log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); ++ if (u->type != UNIT_MOUNT || detect_container() <= 0) ++ log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); + + /* A unit we need to run is gone. Sniff. Let's stop this. */ + r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch deleted file mode 100644 index 5972b646867..00000000000 --- a/pkgs/os-specific/linux/systemd/0006-Look-for-fsck-in-the-right-place.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c841ffab8fb6174b51382b9d4334f78c74018730 Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Thu, 1 May 2014 14:10:10 +0200 -Subject: [PATCH 06/27] Look for fsck in the right place - ---- - src/fsck/fsck.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c -index 55e6544d31..3626aadda7 100644 ---- a/src/fsck/fsck.c -+++ b/src/fsck/fsck.c -@@ -371,7 +371,7 @@ static int run(int argc, char *argv[]) { - } else - dash_c[0] = 0; - -- cmdline[i++] = "/sbin/fsck"; -+ cmdline[i++] = "/run/current-system/sw/bin/fsck"; - cmdline[i++] = arg_repair; - cmdline[i++] = "-T"; - --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch deleted file mode 100644 index 7d537197fae..00000000000 --- a/pkgs/os-specific/linux/systemd/0007-Add-some-NixOS-specific-unit-directories.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 8c0be07ccbad35d0c1106015057996aa55b9a1f9 Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Fri, 19 Dec 2014 14:46:17 +0100 -Subject: [PATCH 07/27] Add some NixOS-specific unit directories - -Look in /nix/var/nix/profiles/default/lib/systemd for units provided -by packages in the default (system-wide) profile, and in -/etc/systemd-mutable/system for persistent, mutable units (not -recommended). - -Also, remove /usr and /lib as these don't exist on NixOS. ---- - src/core/systemd.pc.in | 4 ++-- - src/shared/path-lookup.c | 18 +++++------------- - 2 files changed, 7 insertions(+), 15 deletions(-) - -diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index 5d1ddd7620..21b977d6fc 100644 ---- a/src/core/systemd.pc.in -+++ b/src/core/systemd.pc.in -@@ -17,8 +17,8 @@ systemduserunitdir=${prefix}/lib/systemd/user - systemduserpresetdir=${prefix}/lib/systemd/user-preset - systemdsystemconfdir=${sysconfdir}/systemd/system - systemduserconfdir=${sysconfdir}/systemd/user --systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/run/systemd/system:/usr/local/lib/systemd/system:${systemdsystemunitdir}:/usr/lib/systemd/system:/lib/systemd/system --systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemduserunitdir}:/usr/lib/systemd/user:/usr/share/systemd/user -+systemdsystemunitpath=${systemdsystemconfdir}:/etc/systemd/system:/etc/systemd-mutable/system:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/system:${systemdsystemunitdir} -+systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/etc/systemd-mutable/user:/nix/var/nix/profiles/default/lib/systemd/system:/run/systemd/user:${systemduserunitdir} - systemdsystemgeneratordir=${rootprefix}/lib/systemd/system-generators - systemdusergeneratordir=${prefix}/lib/systemd/user-generators - systemdsleepdir=${rootprefix}/lib/systemd/system-sleep -diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c -index 6bf0ff0316..2b6324ad8c 100644 ---- a/src/shared/path-lookup.c -+++ b/src/shared/path-lookup.c -@@ -99,17 +99,14 @@ int xdg_user_data_dir(char **ret, const char *suffix) { - } - - static const char* const user_data_unit_paths[] = { -- "/usr/local/lib/systemd/user", -- "/usr/local/share/systemd/user", - USER_DATA_UNIT_PATH, -- "/usr/lib/systemd/user", -- "/usr/share/systemd/user", - NULL - }; - - static const char* const user_config_unit_paths[] = { - USER_CONFIG_UNIT_PATH, - "/etc/systemd/user", -+ "/etc/systemd-mutable/user", - NULL - }; - -@@ -604,15 +601,14 @@ int lookup_paths_init( - persistent_config, - SYSTEM_CONFIG_UNIT_PATH, - "/etc/systemd/system", -+ "/etc/systemd-mutable/system", -+ "/nix/var/nix/profiles/default/lib/systemd/system", - STRV_IFNOTNULL(persistent_attached), - runtime_config, - "/run/systemd/system", - STRV_IFNOTNULL(runtime_attached), - STRV_IFNOTNULL(generator), -- "/usr/local/lib/systemd/system", - SYSTEM_DATA_UNIT_PATH, -- "/usr/lib/systemd/system", -- STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), - STRV_IFNOTNULL(generator_late)); - break; - -@@ -628,14 +624,12 @@ int lookup_paths_init( - persistent_config, - USER_CONFIG_UNIT_PATH, - "/etc/systemd/user", -+ "/etc/systemd-mutable/user", -+ "/nix/var/nix/profiles/default/lib/systemd/user", - runtime_config, - "/run/systemd/user", - STRV_IFNOTNULL(generator), -- "/usr/local/share/systemd/user", -- "/usr/share/systemd/user", -- "/usr/local/lib/systemd/user", - USER_DATA_UNIT_PATH, -- "/usr/lib/systemd/user", - STRV_IFNOTNULL(generator_late)); - break; - -@@ -824,14 +818,12 @@ char **generator_binary_paths(UnitFileScope scope) { - case UNIT_FILE_SYSTEM: - return strv_new("/run/systemd/system-generators", - "/etc/systemd/system-generators", -- "/usr/local/lib/systemd/system-generators", - SYSTEM_GENERATOR_PATH); - - case UNIT_FILE_GLOBAL: - case UNIT_FILE_USER: - return strv_new("/run/systemd/user-generators", - "/etc/systemd/user-generators", -- "/usr/local/lib/systemd/user-generators", - USER_GENERATOR_PATH); - - default: --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch new file mode 100644 index 00000000000..a14178a3610 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -0,0 +1,118 @@ +From 23d17b5f60d9b494ee8b7399350478d24e91e460 Mon Sep 17 00:00:00 2001 +From: Gabriel Ebner +Date: Sun, 6 Dec 2015 14:26:36 +0100 +Subject: [PATCH 07/18] hostnamed, localed, timedated: disable methods that + change system settings. + +--- + src/hostname/hostnamed.c | 9 +++++++++ + src/locale/localed.c | 9 +++++++++ + src/timedate/timedated.c | 10 ++++++++++ + 3 files changed, 28 insertions(+) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index 21f6471495..8c5af7619f 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -422,6 +422,9 @@ static int method_set_hostname(sd_bus_message *m, void *userdata, sd_bus_error * + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + if (isempty(name)) + name = c->data[PROP_STATIC_HOSTNAME]; + +@@ -478,6 +481,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + name = empty_to_null(name); + + if (streq_ptr(name, c->data[PROP_STATIC_HOSTNAME])) +@@ -535,6 +541,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + name = empty_to_null(name); + + if (streq_ptr(name, c->data[prop])) +diff --git a/src/locale/localed.c b/src/locale/localed.c +index 09f16d25f4..c1cb87cef1 100644 +--- a/src/locale/localed.c ++++ b/src/locale/localed.c +@@ -275,6 +275,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + /* If single locale without variable name is provided, then we assume it is LANG=. */ + if (strv_length(l) == 1 && !strchr(*l, '=')) { + if (!locale_is_valid(*l)) +@@ -410,6 +413,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + keymap = empty_to_null(keymap); + keymap_toggle = empty_to_null(keymap_toggle); + +@@ -586,6 +592,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + layout = empty_to_null(layout); + model = empty_to_null(model); + variant = empty_to_null(variant); +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 5e2fb50d83..63865f557c 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -652,6 +652,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * + if (r < 0) + return r; + ++ if (getenv("NIXOS_STATIC_TIMEZONE")) ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing timezone via systemd is not supported when it is set in NixOS configuration."); ++ + if (!timezone_is_valid(z, LOG_DEBUG)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); + +@@ -731,6 +735,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + if (lrtc == c->local_rtc) + return sd_bus_reply_method_return(m, NULL); + +@@ -923,6 +930,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error + if (r < 0) + return r; + ++ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, ++ "Changing system settings via systemd is not supported on NixOS."); ++ + r = context_update_ntp_status(c, bus, m); + if (r < 0) + return r; +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch new file mode 100644 index 00000000000..d857be55890 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch @@ -0,0 +1,32 @@ +From e827145cf4390cf926897f591f0105b43e6fc3e2 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Thu, 7 Jul 2016 02:47:13 +0300 +Subject: [PATCH 08/18] Fix hwdb paths + +Patch by vcunat. +--- + src/libsystemd/sd-hwdb/sd-hwdb.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c +index b3febdbb31..eba00a5bc7 100644 +--- a/src/libsystemd/sd-hwdb/sd-hwdb.c ++++ b/src/libsystemd/sd-hwdb/sd-hwdb.c +@@ -297,13 +297,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { + } + + static const char hwdb_bin_paths[] = +- "/etc/systemd/hwdb/hwdb.bin\0" + "/etc/udev/hwdb.bin\0" +- "/usr/lib/systemd/hwdb/hwdb.bin\0" +-#if HAVE_SPLIT_USR +- "/lib/systemd/hwdb/hwdb.bin\0" +-#endif +- UDEVLIBEXECDIR "/hwdb.bin\0"; ++ ; + + _public_ int sd_hwdb_new(sd_hwdb **ret) { + _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch new file mode 100644 index 00000000000..8d7c1eb8e7a --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -0,0 +1,132 @@ +From 5da944d33a915222509ecd73c69fe7ae8917334f Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Tue, 11 Oct 2016 13:12:08 +0300 +Subject: [PATCH 09/18] Change /usr/share/zoneinfo to /etc/zoneinfo + +NixOS uses this path. +--- + man/localtime.xml | 4 ++-- + src/basic/time-util.c | 6 +++--- + src/firstboot/firstboot.c | 2 +- + src/nspawn/nspawn.c | 4 ++-- + src/timedate/timedated.c | 8 ++++---- + 5 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/man/localtime.xml b/man/localtime.xml +index 0f1652ee2e..71c4f95c2e 100644 +--- a/man/localtime.xml ++++ b/man/localtime.xml +@@ -20,7 +20,7 @@ + + + +- /etc/localtime -> ../usr/share/zoneinfo/… ++ /etc/localtime -> zoneinfo/… + + + +@@ -30,7 +30,7 @@ + system-wide timezone of the local system that is used by + applications for presentation to the user. It should be an + absolute or relative symbolic link pointing to +- /usr/share/zoneinfo/, followed by a timezone ++ /etc/zoneinfo/, followed by a timezone + identifier such as Europe/Berlin or + Etc/UTC. The resulting link should lead to the + corresponding binary +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index 105584e2e7..5238f69931 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1217,7 +1217,7 @@ int get_timezones(char ***ret) { + n_allocated = 2; + n_zones = 1; + +- f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); ++ f = fopen("/etc/zoneinfo/zone1970.tab", "re"); + if (f) { + for (;;) { + _cleanup_free_ char *line = NULL; +@@ -1312,7 +1312,7 @@ bool timezone_is_valid(const char *name, int log_level) { + if (p - name >= PATH_MAX) + return false; + +- t = strjoina("/usr/share/zoneinfo/", name); ++ t = strjoina("/etc/zoneinfo/", name); + + fd = open(t, O_RDONLY|O_CLOEXEC); + if (fd < 0) { +@@ -1410,7 +1410,7 @@ int get_timezone(char **ret) { + if (r < 0) + return r; /* returns EINVAL if not a symlink */ + +- e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); ++ e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/"); + if (!e) + return -EINVAL; + +diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c +index 901fbf0815..b57bdd8fbe 100644 +--- a/src/firstboot/firstboot.c ++++ b/src/firstboot/firstboot.c +@@ -431,7 +431,7 @@ static int process_timezone(void) { + if (isempty(arg_timezone)) + return 0; + +- e = strjoina("../usr/share/zoneinfo/", arg_timezone); ++ e = strjoina("zoneinfo/", arg_timezone); + + (void) mkdir_parents(etc_localtime, 0755); + if (symlink(e, etc_localtime) < 0) +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index a97b1a4bc9..aed60439e3 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1657,8 +1657,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u + static const char *timezone_from_path(const char *path) { + return PATH_STARTSWITH_SET( + path, +- "../usr/share/zoneinfo/", +- "/usr/share/zoneinfo/"); ++ "../etc/zoneinfo/", ++ "/etc/zoneinfo/"); + } + + static bool etc_writable(void) { +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 63865f557c..8021a8b753 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -264,7 +264,7 @@ static int context_read_data(Context *c) { + + r = get_timezone(&t); + if (r == -EINVAL) +- log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /usr/share/zoneinfo/."); ++ log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /etc/zoneinfo/."); + else if (r < 0) + log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); + +@@ -288,7 +288,7 @@ static int context_write_data_timezone(Context *c) { + + if (isempty(c->zone) || streq(c->zone, "UTC")) { + +- if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) { ++ if (access("/etc/zoneinfo/UTC", F_OK) < 0) { + + if (unlink("/etc/localtime") < 0 && errno != ENOENT) + return -errno; +@@ -296,9 +296,9 @@ static int context_write_data_timezone(Context *c) { + return 0; + } + +- source = "../usr/share/zoneinfo/UTC"; ++ source = "../etc/zoneinfo/UTC"; + } else { +- p = path_join("../usr/share/zoneinfo", c->zone); ++ p = path_join("../etc/zoneinfo", c->zone); + if (!p) + return -ENOMEM; + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch deleted file mode 100644 index c15b8a2a9e1..00000000000 --- a/pkgs/os-specific/linux/systemd/0009-Get-rid-of-a-useless-message-in-user-sessions.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 99c86daa5244d45a19f75f6ce92bd4255edef420 Mon Sep 17 00:00:00 2001 -From: Eelco Dolstra -Date: Mon, 11 May 2015 15:39:38 +0200 -Subject: [PATCH 09/27] Get rid of a useless message in user sessions - -Namely lots of variants of - - Unit nix-var-nix-db.mount is bound to inactive unit dev-disk-by\x2dlabel-nixos.device. Stopping, too. - -in containers. ---- - src/core/unit.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index a1dc76aa6a..07670af8e2 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2045,7 +2045,8 @@ static void unit_check_binds_to(Unit *u) { - } - - assert(other); -- log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); -+ if (u->type != UNIT_MOUNT || detect_container() <= 0) -+ log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); - - /* A unit we need to run is gone. Sniff. Let's stop this. */ - r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch deleted file mode 100644 index 635da4634a8..00000000000 --- a/pkgs/os-specific/linux/systemd/0010-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ /dev/null @@ -1,118 +0,0 @@ -From cec1430f72edfedb951fe34e87765ef422ea9843 Mon Sep 17 00:00:00 2001 -From: Gabriel Ebner -Date: Sun, 6 Dec 2015 14:26:36 +0100 -Subject: [PATCH 10/27] hostnamed, localed, timedated: disable methods that - change system settings. - ---- - src/hostname/hostnamed.c | 9 +++++++++ - src/locale/localed.c | 9 +++++++++ - src/timedate/timedated.c | 10 ++++++++++ - 3 files changed, 28 insertions(+) - -diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index 9e4f4fb59e..141b8acc08 100644 ---- a/src/hostname/hostnamed.c -+++ b/src/hostname/hostnamed.c -@@ -423,6 +423,9 @@ static int method_set_hostname(sd_bus_message *m, void *userdata, sd_bus_error * - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - if (isempty(name)) - name = c->data[PROP_STATIC_HOSTNAME]; - -@@ -479,6 +482,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - name = empty_to_null(name); - - if (streq_ptr(name, c->data[PROP_STATIC_HOSTNAME])) -@@ -536,6 +542,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - name = empty_to_null(name); - - if (streq_ptr(name, c->data[prop])) -diff --git a/src/locale/localed.c b/src/locale/localed.c -index 8d0eec96a5..0b1c1d664e 100644 ---- a/src/locale/localed.c -+++ b/src/locale/localed.c -@@ -276,6 +276,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - /* If single locale without variable name is provided, then we assume it is LANG=. */ - if (strv_length(l) == 1 && !strchr(*l, '=')) { - if (!locale_is_valid(*l)) -@@ -411,6 +414,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - keymap = empty_to_null(keymap); - keymap_toggle = empty_to_null(keymap_toggle); - -@@ -587,6 +593,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - layout = empty_to_null(layout); - model = empty_to_null(model); - variant = empty_to_null(variant); -diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 6c94b23de4..fa20d22cde 100644 ---- a/src/timedate/timedated.c -+++ b/src/timedate/timedated.c -@@ -653,6 +653,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * - if (r < 0) - return r; - -+ if (getenv("NIXOS_STATIC_TIMEZONE")) -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing timezone via systemd is not supported when it is set in NixOS configuration."); -+ - if (!timezone_is_valid(z, LOG_DEBUG)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); - -@@ -732,6 +736,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - if (lrtc == c->local_rtc) - return sd_bus_reply_method_return(m, NULL); - -@@ -924,6 +931,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error - if (r < 0) - return r; - -+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); -+ - r = context_update_ntp_status(c, bus, m); - if (r < 0) - return r; --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch new file mode 100644 index 00000000000..031d7f68009 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -0,0 +1,27 @@ +From d5637ccec3c32919e8aef2dc59b97fdbe3923ba1 Mon Sep 17 00:00:00 2001 +From: Imuli +Date: Wed, 19 Oct 2016 08:46:47 -0400 +Subject: [PATCH 10/18] localectl: use /etc/X11/xkb for list-x11-* + +NixOS has an option to link the xkb data files to /etc/X11, but not to +/usr/share/X11. +--- + src/locale/localectl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/locale/localectl.c b/src/locale/localectl.c +index 6f2d37d222..7aa2310d48 100644 +--- a/src/locale/localectl.c ++++ b/src/locale/localectl.c +@@ -286,7 +286,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { + } state = NONE, look_for; + int r; + +- f = fopen("/usr/share/X11/xkb/rules/base.lst", "re"); ++ f = fopen("/etc/X11/xkb/rules/base.lst", "re"); + if (!f) + return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch deleted file mode 100644 index 624811f5ea3..00000000000 --- a/pkgs/os-specific/linux/systemd/0011-Fix-hwdb-paths.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0f434c6baee63eff913f36aee839df3718a75d4a Mon Sep 17 00:00:00 2001 -From: Nikolay Amiantov -Date: Thu, 7 Jul 2016 02:47:13 +0300 -Subject: [PATCH 11/27] Fix hwdb paths - -Patch by vcunat. ---- - src/libsystemd/sd-hwdb/sd-hwdb.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c -index 58124abd21..d80e408b8c 100644 ---- a/src/libsystemd/sd-hwdb/sd-hwdb.c -+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c -@@ -298,13 +298,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { - } - - static const char hwdb_bin_paths[] = -- "/etc/systemd/hwdb/hwdb.bin\0" - "/etc/udev/hwdb.bin\0" -- "/usr/lib/systemd/hwdb/hwdb.bin\0" --#if HAVE_SPLIT_USR -- "/lib/systemd/hwdb/hwdb.bin\0" --#endif -- UDEVLIBEXECDIR "/hwdb.bin\0"; -+ ; - - _public_ int sd_hwdb_new(sd_hwdb **ret) { - _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch new file mode 100644 index 00000000000..f122cca5b6f --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -0,0 +1,26 @@ +From f488835c587d79ba824302a8933b47a83ddc2d57 Mon Sep 17 00:00:00 2001 +From: Franz Pletz +Date: Sun, 11 Feb 2018 04:37:44 +0100 +Subject: [PATCH 11/18] build: don't create statedir and don't touch prefixdir + +--- + meson.build | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/meson.build b/meson.build +index fc216d22da..078db3bb5d 100644 +--- a/meson.build ++++ b/meson.build +@@ -3176,9 +3176,6 @@ install_data('LICENSE.GPL2', + 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', + install_dir : docdir) + +-meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) +-meson.add_install_script('sh', '-c', 'touch $DESTDIR@0@'.format(prefixdir)) +- + ############################################################ + + meson_check_help = find_program('tools/meson-check-help.sh') +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch deleted file mode 100644 index ad76fda7d95..00000000000 --- a/pkgs/os-specific/linux/systemd/0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 78479b75c9f9342646223b3db6b4b0744817dc24 Mon Sep 17 00:00:00 2001 -From: Nikolay Amiantov -Date: Tue, 11 Oct 2016 13:12:08 +0300 -Subject: [PATCH] Change /usr/share/zoneinfo to /etc/zoneinfo - -NixOS uses this path. ---- - man/localtime.xml | 4 ++-- - src/basic/time-util.c | 6 +++--- - src/firstboot/firstboot.c | 2 +- - src/nspawn/nspawn.c | 4 ++-- - src/timedate/timedated.c | 8 ++++---- - 5 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/man/localtime.xml b/man/localtime.xml -index 0f1652ee2e..71c4f95c2e 100644 ---- a/man/localtime.xml -+++ b/man/localtime.xml -@@ -20,7 +20,7 @@ - - - -- /etc/localtime -> ../usr/share/zoneinfo/… -+ /etc/localtime -> zoneinfo/… - - - -@@ -30,7 +30,7 @@ - system-wide timezone of the local system that is used by - applications for presentation to the user. It should be an - absolute or relative symbolic link pointing to -- /usr/share/zoneinfo/, followed by a timezone -+ /etc/zoneinfo/, followed by a timezone - identifier such as Europe/Berlin or - Etc/UTC. The resulting link should lead to the - corresponding binary -diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 105584e2e7..5238f69931 100644 ---- a/src/basic/time-util.c -+++ b/src/basic/time-util.c -@@ -1217,7 +1217,7 @@ int get_timezones(char ***ret) { - n_allocated = 2; - n_zones = 1; - -- f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); -+ f = fopen("/etc/zoneinfo/zone1970.tab", "re"); - if (f) { - for (;;) { - _cleanup_free_ char *line = NULL; -@@ -1312,7 +1312,7 @@ bool timezone_is_valid(const char *name, int log_level) { - if (p - name >= PATH_MAX) - return false; - -- t = strjoina("/usr/share/zoneinfo/", name); -+ t = strjoina("/etc/zoneinfo/", name); - - fd = open(t, O_RDONLY|O_CLOEXEC); - if (fd < 0) { -@@ -1410,7 +1410,7 @@ int get_timezone(char **ret) { - if (r < 0) - return r; /* returns EINVAL if not a symlink */ - -- e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); -+ e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/"); - if (!e) - return -EINVAL; - -diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index 528e6452cf..c712ca9072 100644 ---- a/src/firstboot/firstboot.c -+++ b/src/firstboot/firstboot.c -@@ -443,7 +443,7 @@ static int process_timezone(void) { - if (isempty(arg_timezone)) - return 0; - -- e = strjoina("../usr/share/zoneinfo/", arg_timezone); -+ e = strjoina("zoneinfo/", arg_timezone); - - (void) mkdir_parents(etc_localtime, 0755); - if (symlink(e, etc_localtime) < 0) -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 873a76596f..a024b10f32 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -1642,8 +1642,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u - static const char *timezone_from_path(const char *path) { - return PATH_STARTSWITH_SET( - path, -- "../usr/share/zoneinfo/", -- "/usr/share/zoneinfo/"); -+ "../etc/zoneinfo/", -+ "/etc/zoneinfo/"); - } - - static bool etc_writable(void) { -diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 5e2fb50d83..02eb2ca11d 100644 ---- a/src/timedate/timedated.c -+++ b/src/timedate/timedated.c -@@ -264,7 +264,7 @@ static int context_read_data(Context *c) { - - r = get_timezone(&t); - if (r == -EINVAL) -- log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /usr/share/zoneinfo/."); -+ log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /etc/zoneinfo/."); - else if (r < 0) - log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); - -@@ -288,7 +288,7 @@ static int context_write_data_timezone(Context *c) { - - if (isempty(c->zone) || streq(c->zone, "UTC")) { - -- if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) { -+ if (access("/etc/zoneinfo/UTC", F_OK) < 0) { - - if (unlink("/etc/localtime") < 0 && errno != ENOENT) - return -errno; -@@ -296,9 +296,9 @@ static int context_write_data_timezone(Context *c) { - return 0; - } - -- source = "../usr/share/zoneinfo/UTC"; -+ source = "../etc/zoneinfo/UTC"; - } else { -- p = path_join("../usr/share/zoneinfo", c->zone); -+ p = path_join("../etc/zoneinfo", c->zone); - if (!p) - return -ENOMEM; - --- -2.25.1 - diff --git a/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch new file mode 100644 index 00000000000..1b52f8ece52 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch @@ -0,0 +1,313 @@ +From be87849145bc50ab0b16c63fe2b748de13974f0e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= +Date: Mon, 26 Feb 2018 14:25:57 +0000 +Subject: [PATCH 12/18] Install default configuration into $out/share/factory + +By default systemd should read all its configuration from /etc. Therefor +we rely on -Dsysconfdir=/etc in meson as default value. Unfortunately +this would also lead to installation of systemd's own configuration +files to `/etc` whereas we are limited to /nix/store. To counter that +this commit introduces two new configuration variables `factoryconfdir` +and `factorypkgconfdir` to install systemd's own configuration into nix +store again, while having executables looking up files in /etc. +--- + hwdb.d/meson.build | 2 +- + meson.build | 11 +++++++---- + network/meson.build | 2 +- + src/core/meson.build | 10 +++++----- + src/coredump/meson.build | 2 +- + src/journal-remote/meson.build | 4 ++-- + src/journal/meson.build | 2 +- + src/kernel-install/meson.build | 2 +- + src/login/meson.build | 2 +- + src/network/meson.build | 2 +- + src/pstore/meson.build | 2 +- + src/resolve/meson.build | 2 +- + src/timesync/meson.build | 2 +- + src/udev/meson.build | 4 ++-- + sysctl.d/meson.build | 2 +- + tmpfiles.d/meson.build | 2 +- + units/meson.build | 2 +- + 17 files changed, 29 insertions(+), 26 deletions(-) + +diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build +index 4df6dabf89..02d8d69095 100644 +--- a/hwdb.d/meson.build ++++ b/hwdb.d/meson.build +@@ -27,7 +27,7 @@ if conf.get('ENABLE_HWDB') == 1 + install_dir : udevhwdbdir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'udev/hwdb.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'udev/hwdb.d'))) + + meson.add_install_script('sh', '-c', + 'test -n "$DESTDIR" || @0@/systemd-hwdb update' +diff --git a/meson.build b/meson.build +index 078db3bb5d..6e1a6483fc 100644 +--- a/meson.build ++++ b/meson.build +@@ -154,6 +154,9 @@ udevhwdbdir = join_paths(udevlibexecdir, 'hwdb.d') + catalogdir = join_paths(prefixdir, 'lib/systemd/catalog') + kernelinstalldir = join_paths(prefixdir, 'lib/kernel/install.d') + factorydir = join_paths(datadir, 'factory') ++factoryconfdir = join_paths(datadir, 'factory/etc') ++factorypkgconfdir = join_paths(datadir, 'factory/etc/systemd') ++factoryxinitrcdir = join_paths(datadir, 'factory/etc/X11/xinit/xinitrc.d') + bootlibdir = join_paths(prefixdir, 'lib/systemd/boot/efi') + testsdir = join_paths(prefixdir, 'lib/systemd/tests') + systemdstatedir = join_paths(localstatedir, 'lib/systemd') +@@ -2503,7 +2506,7 @@ if conf.get('ENABLE_BINFMT') == 1 + meson.add_install_script('sh', '-c', + mkdir_p.format(binfmtdir)) + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'binfmt.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'binfmt.d'))) + endif + + if conf.get('ENABLE_REPART') == 1 +@@ -2604,7 +2607,7 @@ executable('systemd-sleep', + install_dir : rootlibexecdir) + + install_data('src/sleep/sleep.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + exe = executable('systemd-sysctl', + 'src/sysctl/sysctl.c', +@@ -2916,7 +2919,7 @@ if conf.get('HAVE_KMOD') == 1 + meson.add_install_script('sh', '-c', + mkdir_p.format(modulesloaddir)) + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'modules-load.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'modules-load.d'))) + endif + + exe = executable('systemd-nspawn', +@@ -3159,7 +3162,7 @@ install_subdir('factory/etc', + install_dir : factorydir) + + install_data('xorg/50-systemd-user.sh', +- install_dir : xinitrcdir) ++ install_dir : factoryxinitrcdir) + install_data('modprobe.d/systemd.conf', + install_dir : modprobedir) + install_data('LICENSE.GPL2', +diff --git a/network/meson.build b/network/meson.build +index 544dcf4387..1828c50863 100644 +--- a/network/meson.build ++++ b/network/meson.build +@@ -10,7 +10,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + install_dir : networkdir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'systemd/network'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'systemd/network'))) + endif + + install_data('99-default.link', +diff --git a/src/core/meson.build b/src/core/meson.build +index 3586838f59..02ddf1a123 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -179,8 +179,8 @@ libcore = static_library( + systemd_sources = files('main.c') + + in_files = [['macros.systemd', rpmmacrosdir], +- ['system.conf', pkgsysconfdir], +- ['user.conf', pkgsysconfdir], ++ ['system.conf', factorypkgconfdir], ++ ['user.conf', factorypkgconfdir], + ['systemd.pc', pkgconfigdatadir], + ['triggers.systemd', '']] + +@@ -212,6 +212,6 @@ meson.add_install_script('sh', '-c', mkdir_p.format(systemsleepdir)) + meson.add_install_script('sh', '-c', mkdir_p.format(systemgeneratordir)) + meson.add_install_script('sh', '-c', mkdir_p.format(usergeneratordir)) + +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'system'))) +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'user'))) +-meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(sysconfdir, 'xdg/systemd'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'system'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'user'))) ++meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'xdg/systemd'))) +diff --git a/src/coredump/meson.build b/src/coredump/meson.build +index 7fa5942697..34c865dfa0 100644 +--- a/src/coredump/meson.build ++++ b/src/coredump/meson.build +@@ -15,7 +15,7 @@ coredumpctl_sources = files('coredumpctl.c') + + if conf.get('ENABLE_COREDUMP') == 1 + install_data('coredump.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif + + tests += [ +diff --git a/src/journal-remote/meson.build b/src/journal-remote/meson.build +index 87b8ba6495..daff8ec967 100644 +--- a/src/journal-remote/meson.build ++++ b/src/journal-remote/meson.build +@@ -49,7 +49,7 @@ if conf.get('ENABLE_REMOTE') ==1 and conf.get('HAVE_LIBCURL') == 1 + output : 'journal-upload.conf', + configuration : substs) + install_data(journal_upload_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif + + if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 +@@ -58,7 +58,7 @@ if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 + output : 'journal-remote.conf', + configuration : substs) + install_data(journal_remote_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('browse.html', + install_dir : join_paths(pkgdatadir, 'gatewayd')) +diff --git a/src/journal/meson.build b/src/journal/meson.build +index 5796f77cac..75d975c260 100644 +--- a/src/journal/meson.build ++++ b/src/journal/meson.build +@@ -109,7 +109,7 @@ if conf.get('HAVE_QRENCODE') == 1 + endif + + install_data('journald.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + if get_option('create-log-dirs') + meson.add_install_script( +diff --git a/src/kernel-install/meson.build b/src/kernel-install/meson.build +index 261c3aaae4..dbc5e23513 100644 +--- a/src/kernel-install/meson.build ++++ b/src/kernel-install/meson.build +@@ -11,4 +11,4 @@ install_data('00-entry-directory.install', + install_dir : kernelinstalldir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'kernel/install.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'kernel/install.d'))) +diff --git a/src/login/meson.build b/src/login/meson.build +index 0a7d3d5440..ff90149c1c 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -75,7 +75,7 @@ if conf.get('ENABLE_LOGIND') == 1 + output : 'logind.conf', + configuration : substs) + install_data(logind_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('org.freedesktop.login1.conf', + install_dir : dbuspolicydir) +diff --git a/src/network/meson.build b/src/network/meson.build +index c1c02cfda1..1bfa79a03b 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -201,7 +201,7 @@ if conf.get('ENABLE_NETWORKD') == 1 + endif + + install_data('networkd.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + fuzzers += [ + [['src/network/fuzz-netdev-parser.c', +diff --git a/src/pstore/meson.build b/src/pstore/meson.build +index adbac24b54..e9dc88dfa2 100644 +--- a/src/pstore/meson.build ++++ b/src/pstore/meson.build +@@ -6,5 +6,5 @@ systemd_pstore_sources = files(''' + + if conf.get('ENABLE_PSTORE') == 1 + install_data('pstore.conf', +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + endif +diff --git a/src/resolve/meson.build b/src/resolve/meson.build +index c4d8d4e5d9..f550c289a5 100644 +--- a/src/resolve/meson.build ++++ b/src/resolve/meson.build +@@ -170,7 +170,7 @@ if conf.get('ENABLE_RESOLVE') == 1 + output : 'resolved.conf', + configuration : substs) + install_data(resolved_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + + install_data('resolv.conf', + install_dir : rootlibexecdir) +diff --git a/src/timesync/meson.build b/src/timesync/meson.build +index e5c118c8db..19235df9ca 100644 +--- a/src/timesync/meson.build ++++ b/src/timesync/meson.build +@@ -27,7 +27,7 @@ if conf.get('ENABLE_TIMESYNCD') == 1 + output : 'timesyncd.conf', + configuration : substs) + install_data(timesyncd_conf, +- install_dir : pkgsysconfdir) ++ install_dir : factorypkgconfdir) + install_data('org.freedesktop.timesync1.conf', + install_dir : dbuspolicydir) + install_data('org.freedesktop.timesync1.service', +diff --git a/src/udev/meson.build b/src/udev/meson.build +index 173b10be50..82638cf5a9 100644 +--- a/src/udev/meson.build ++++ b/src/udev/meson.build +@@ -187,7 +187,7 @@ foreach prog : [['ata_id/ata_id.c'], + endforeach + + install_data('udev.conf', +- install_dir : join_paths(sysconfdir, 'udev')) ++ install_dir : join_paths(factoryconfdir, 'udev')) + + configure_file( + input : 'udev.pc.in', +@@ -196,7 +196,7 @@ configure_file( + install_dir : pkgconfigdatadir == 'no' ? '' : pkgconfigdatadir) + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'udev/rules.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'udev/rules.d'))) + + fuzzers += [ + [['src/udev/net/fuzz-link-parser.c', +diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build +index 3f072e3db7..bd9f843eba 100644 +--- a/sysctl.d/meson.build ++++ b/sysctl.d/meson.build +@@ -27,4 +27,4 @@ foreach file : in_files + endforeach + + meson.add_install_script('sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'sysctl.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'sysctl.d'))) +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index e77f46d06b..04d2ef621d 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -57,5 +57,5 @@ endforeach + if enable_tmpfiles + meson.add_install_script( + 'sh', '-c', +- mkdir_p.format(join_paths(sysconfdir, 'tmpfiles.d'))) ++ mkdir_p.format(join_paths(factoryconfdir, 'tmpfiles.d'))) + endif +diff --git a/units/meson.build b/units/meson.build +index ea91f0cc9e..8622054ca5 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -323,7 +323,7 @@ install_data('user-.slice.d/10-defaults.conf', + + meson.add_install_script(meson_make_symlink, + join_paths(pkgsysconfdir, 'user'), +- join_paths(sysconfdir, 'xdg/systemd/user')) ++ join_paths(factorypkgconfdir, 'xdg/systemd/user')) + meson.add_install_script(meson_make_symlink, + join_paths(dbussystemservicedir, 'org.freedesktop.systemd1.service'), + join_paths(dbussessionservicedir, 'org.freedesktop.systemd1.service')) +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch new file mode 100644 index 00000000000..583aa89afff --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch @@ -0,0 +1,42 @@ +From d16a7d5580adcf5737c7be3b02d411097a498256 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Fri, 2 Nov 2018 21:15:42 +0100 +Subject: [PATCH 13/18] inherit systemd environment when calling generators. + +Systemd generators need access to the environment configured in +stage-2-init.sh since it schedules fsck and mkfs executions based on +being able to find an appropriate binary for the target filesystem. + +With this commit I am altering the systemd behaviour since upstream +tries to gather environments with that they call +"environment-generators" and then seems to pass that on to all the other +executables that are being called from managers. +--- + src/core/manager.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 25afdbea04..7afd5e5a37 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -3896,9 +3896,14 @@ static int manager_run_generators(Manager *m) { + argv[4] = NULL; + + RUN_WITH_UMASK(0022) +- (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, NULL, NULL, +- (char**) argv, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); +- ++ (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, ++ // On NixOS we must propagate PATH to generators so they are ++ // able to find binaries such as `fsck.${fstype}` and ++ // `mkfs.${fstype}`. That is why the last argument of the ++ // function (envp) is set to NULL. This propagates systemd's ++ // environment (e.g. PATH) that was setup ++ // before calling systemd from stage-2-init.sh. ++ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); + r = 0; + + finish: +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch deleted file mode 100644 index 309ae70881a..00000000000 --- a/pkgs/os-specific/linux/systemd/0013-localectl-use-etc-X11-xkb-for-list-x11.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5365ffbfba2de03628e8bbb6cc0bc022272436a1 Mon Sep 17 00:00:00 2001 -From: Imuli -Date: Wed, 19 Oct 2016 08:46:47 -0400 -Subject: [PATCH 13/27] localectl: use /etc/X11/xkb for list-x11-* - -NixOS has an option to link the xkb data files to /etc/X11, but not to -/usr/share/X11. ---- - src/locale/localectl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/locale/localectl.c b/src/locale/localectl.c -index 9fb5152110..9554c2cf76 100644 ---- a/src/locale/localectl.c -+++ b/src/locale/localectl.c -@@ -287,7 +287,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { - } state = NONE, look_for; - int r; - -- f = fopen("/usr/share/X11/xkb/rules/base.lst", "re"); -+ f = fopen("/etc/X11/xkb/rules/base.lst", "re"); - if (!f) - return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); - --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch new file mode 100644 index 00000000000..cc2972cb656 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch @@ -0,0 +1,38 @@ +From ac4a62d0be763846e244ff9032635c8041ad7881 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Thu, 9 May 2019 11:15:22 +0200 +Subject: [PATCH 14/18] add rootprefix to lookup dir paths + +systemd does not longer use the UDEVLIBEXEC directory as root for +discovery default udev rules. By adding `$out/lib` to the lookup paths +we should again be able to discover the udev rules amongst other default +files that I might have missed. +--- + src/basic/def.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/basic/def.h b/src/basic/def.h +index 970654a1ad..bb261040f8 100644 +--- a/src/basic/def.h ++++ b/src/basic/def.h +@@ -39,13 +39,15 @@ + "/run/" n "\0" \ + "/usr/local/lib/" n "\0" \ + "/usr/lib/" n "\0" \ +- _CONF_PATHS_SPLIT_USR_NULSTR(n) ++ _CONF_PATHS_SPLIT_USR_NULSTR(n) \ ++ ROOTPREFIX "/lib/" n "\0" + + #define CONF_PATHS_USR(n) \ + "/etc/" n, \ + "/run/" n, \ + "/usr/local/lib/" n, \ +- "/usr/lib/" n ++ "/usr/lib/" n, \ ++ ROOTPREFIX "/lib/" n + + #define CONF_PATHS(n) \ + CONF_PATHS_USR(n) \ +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch new file mode 100644 index 00000000000..6f792934f5a --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -0,0 +1,27 @@ +From 8a5db86ace1d7729f2c8ccacddbf5ca17fe86274 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Thu, 25 Jul 2019 20:45:55 +0300 +Subject: [PATCH 15/18] systemd-shutdown: execute scripts in + /etc/systemd/system-shutdown + +This is needed for NixOS to use such scripts as systemd directory is immutable. +--- + src/shutdown/shutdown.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index 15e6c1799e..412bdefe74 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -298,7 +298,7 @@ int main(int argc, char *argv[]) { + _cleanup_free_ char *cgroup = NULL; + char *arguments[3], *watchdog_device; + int cmd, r, umount_log_level = LOG_INFO; +- static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL}; ++ static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, "/etc/systemd/system-shutdown", NULL}; + + /* The log target defaults to console, but the original systemd process will pass its log target in through a + * command line argument, which will override this default. Also, ensure we'll never log to the journal or +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch deleted file mode 100644 index ed1187473be..00000000000 --- a/pkgs/os-specific/linux/systemd/0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 1408762890aba25e58598d1e4dfa17ed2b75de26 Mon Sep 17 00:00:00 2001 -From: Franz Pletz -Date: Sun, 11 Feb 2018 04:37:44 +0100 -Subject: [PATCH 16/27] build: don't create statedir and don't touch prefixdir - ---- - meson.build | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 8ccc947e37..263cc7189a 100644 ---- a/meson.build -+++ b/meson.build -@@ -2944,9 +2944,6 @@ install_data('LICENSE.GPL2', - 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', - install_dir : docdir) - --meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) --meson.add_install_script('sh', '-c', 'touch $DESTDIR@0@'.format(prefixdir)) -- - ############################################################ - - meson_check_help = find_program('tools/meson-check-help.sh') --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch new file mode 100644 index 00000000000..f6809e9d58a --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -0,0 +1,26 @@ +From 858fbf641ff5cd207282f3ad9d7458b2be2dcdb8 Mon Sep 17 00:00:00 2001 +From: Nikolay Amiantov +Date: Thu, 25 Jul 2019 20:46:58 +0300 +Subject: [PATCH 16/18] systemd-sleep: execute scripts in + /etc/systemd/system-sleep + +This is needed for NixOS to use such scripts as systemd directory is immutable. +--- + src/sleep/sleep.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index fbfddc0262..d2530b9421 100644 +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -178,6 +178,7 @@ static int execute(char **modes, char **states) { + }; + static const char* const dirs[] = { + SYSTEM_SLEEP_PATH, ++ "/etc/systemd/system-sleep", + NULL + }; + +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch new file mode 100644 index 00000000000..a3a9b936d13 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch @@ -0,0 +1,27 @@ +From da86057b6d1c0d39622977cfb85b7edaeeeb795e Mon Sep 17 00:00:00 2001 +From: Florian Klink +Date: Sat, 7 Mar 2020 22:40:27 +0100 +Subject: [PATCH 17/18] kmod-static-nodes.service: Update ConditionFileNotEmpty + +On NixOS, kernel modules of the currently booted systems are located at +/run/booted-system/kernel-modules/lib/modules/%v/, not /lib/modules/%v/. +--- + units/kmod-static-nodes.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in +index 0971edf9ec..87105a87b9 100644 +--- a/units/kmod-static-nodes.service.in ++++ b/units/kmod-static-nodes.service.in +@@ -12,7 +12,7 @@ Description=Create list of static device nodes for the current kernel + DefaultDependencies=no + Before=sysinit.target systemd-tmpfiles-setup-dev.service + ConditionCapability=CAP_SYS_MODULE +-ConditionFileNotEmpty=/lib/modules/%v/modules.devname ++ConditionFileNotEmpty=/run/booted-system/kernel-modules/lib/modules/%v/modules.devname + + [Service] + Type=oneshot +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch deleted file mode 100644 index 3911d1b0181..00000000000 --- a/pkgs/os-specific/linux/systemd/0018-Install-default-configuration-into-out-share-factory.patch +++ /dev/null @@ -1,317 +0,0 @@ -From a087cb535b2d3c7a5d989b5aabc0a257369e9f9d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= -Date: Mon, 26 Feb 2018 14:25:57 +0000 -Subject: [PATCH 18/27] Install default configuration into $out/share/factory - -By default systemd should read all its configuration from /etc. Therefor -we rely on -Dsysconfdir=/etc in meson as default value. Unfortunately -this would also lead to installation of systemd's own configuration -files to `/etc` whereas we are limited to /nix/store. To counter that -this commit introduces two new configuration variables `factoryconfdir` -and `factorypkgconfdir` to install systemd's own configuration into nix -store again, while having executables looking up files in /etc. ---- - hwdb.d/meson.build | 2 +- - meson.build | 11 +++++++---- - network/meson.build | 2 +- - src/core/meson.build | 10 +++++----- - src/coredump/meson.build | 2 +- - src/journal-remote/meson.build | 4 ++-- - src/journal/meson.build | 2 +- - src/kernel-install/meson.build | 2 +- - src/login/meson.build | 2 +- - src/network/meson.build | 2 +- - src/pstore/meson.build | 2 +- - src/resolve/meson.build | 2 +- - src/timesync/meson.build | 2 +- - src/udev/meson.build | 4 ++-- - sysctl.d/meson.build | 2 +- - tmpfiles.d/meson.build | 2 +- - units/meson.build | 3 ++- - 17 files changed, 30 insertions(+), 26 deletions(-) - -diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build -index badf39f555..8fd9c7639f 100644 ---- a/hwdb.d/meson.build -+++ b/hwdb.d/meson.build -@@ -26,7 +26,7 @@ if conf.get('ENABLE_HWDB') == 1 - install_dir : udevhwdbdir) - - meson.add_install_script('sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'udev/hwdb.d'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'udev/hwdb.d'))) - - meson.add_install_script('sh', '-c', - 'test -n "$DESTDIR" || @0@/systemd-hwdb update' - .format(rootbindir)) - endif - - ############################################################ -diff --git a/meson.build b/meson.build -index 263cc7189a..7a67078208 100644 ---- a/meson.build -+++ b/meson.build -@@ -151,6 +151,9 @@ udevhwdbdir = join_paths(udevlibexecdir, 'hwdb.d') - catalogdir = join_paths(prefixdir, 'lib/systemd/catalog') - kernelinstalldir = join_paths(prefixdir, 'lib/kernel/install.d') - factorydir = join_paths(datadir, 'factory') -+factoryconfdir = join_paths(datadir, 'factory/etc') -+factorypkgconfdir = join_paths(datadir, 'factory/etc/systemd') -+factoryxinitrcdir = join_paths(datadir, 'factory/etc/X11/xinit/xinitrc.d') - bootlibdir = join_paths(prefixdir, 'lib/systemd/boot/efi') - testsdir = join_paths(prefixdir, 'lib/systemd/tests') - systemdstatedir = join_paths(localstatedir, 'lib/systemd') -@@ -2287,7 +2290,7 @@ if conf.get('ENABLE_BINFMT') == 1 - meson.add_install_script('sh', '-c', - mkdir_p.format(binfmtdir)) - meson.add_install_script('sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'binfmt.d'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'binfmt.d'))) - endif - - if conf.get('ENABLE_VCONSOLE') == 1 -@@ -2373,7 +2376,7 @@ executable('systemd-sleep', - install_dir : rootlibexecdir) - - install_data('src/sleep/sleep.conf', -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - - exe = executable('systemd-sysctl', - 'src/sysctl/sysctl.c', -@@ -2685,7 +2688,7 @@ if conf.get('HAVE_KMOD') == 1 - meson.add_install_script('sh', '-c', - mkdir_p.format(modulesloaddir)) - meson.add_install_script('sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'modules-load.d'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'modules-load.d'))) - endif - - exe = executable('systemd-nspawn', -@@ -2927,7 +2930,7 @@ install_subdir('factory/etc', - install_dir : factorydir) - - install_data('xorg/50-systemd-user.sh', -- install_dir : xinitrcdir) -+ install_dir : factoryxinitrcdir) - install_data('modprobe.d/systemd.conf', - install_dir : modprobedir) - install_data('LICENSE.GPL2', -diff --git a/network/meson.build b/network/meson.build -index 59d4be1a17..72da2c16a2 100644 ---- a/network/meson.build -+++ b/network/meson.build -@@ -7,7 +7,7 @@ if conf.get('ENABLE_NETWORKD') == 1 - install_dir : networkdir) - - meson.add_install_script('sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'systemd/network'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'systemd/network'))) - endif - - install_data('99-default.link', -diff --git a/src/core/meson.build b/src/core/meson.build -index df3aa5c6c1..305f67a80a 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -179,8 +179,8 @@ libcore = static_library( - systemd_sources = files('main.c') - - in_files = [['macros.systemd', rpmmacrosdir], -- ['system.conf', pkgsysconfdir], -- ['user.conf', pkgsysconfdir], -+ ['system.conf', factorypkgconfdir], -+ ['user.conf', factorypkgconfdir], - ['systemd.pc', pkgconfigdatadir], - ['triggers.systemd', '']] - -@@ -210,6 +210,6 @@ meson.add_install_script('sh', '-c', mkdir_p.format(systemsleepdir)) - meson.add_install_script('sh', '-c', mkdir_p.format(systemgeneratordir)) - meson.add_install_script('sh', '-c', mkdir_p.format(usergeneratordir)) - --meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'system'))) --meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(pkgsysconfdir, 'user'))) --meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(sysconfdir, 'xdg/systemd'))) -+meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'system'))) -+meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'user'))) -+meson.add_install_script('sh', '-c', mkdir_p.format(join_paths(factorypkgconfdir, 'xdg/systemd'))) -diff --git a/src/coredump/meson.build b/src/coredump/meson.build -index 7fa5942697..34c865dfa0 100644 ---- a/src/coredump/meson.build -+++ b/src/coredump/meson.build -@@ -15,7 +15,7 @@ coredumpctl_sources = files('coredumpctl.c') - - if conf.get('ENABLE_COREDUMP') == 1 - install_data('coredump.conf', -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - endif - - tests += [ -diff --git a/src/journal-remote/meson.build b/src/journal-remote/meson.build -index 87b8ba6495..daff8ec967 100644 ---- a/src/journal-remote/meson.build -+++ b/src/journal-remote/meson.build -@@ -49,7 +49,7 @@ if conf.get('ENABLE_REMOTE') ==1 and conf.get('HAVE_LIBCURL') == 1 - output : 'journal-upload.conf', - configuration : substs) - install_data(journal_upload_conf, -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - endif - - if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 -@@ -58,7 +58,7 @@ if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 - output : 'journal-remote.conf', - configuration : substs) - install_data(journal_remote_conf, -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - - install_data('browse.html', - install_dir : join_paths(pkgdatadir, 'gatewayd')) -diff --git a/src/journal/meson.build b/src/journal/meson.build -index 5796f77cac..75d975c260 100644 ---- a/src/journal/meson.build -+++ b/src/journal/meson.build -@@ -109,7 +109,7 @@ if conf.get('HAVE_QRENCODE') == 1 - endif - - install_data('journald.conf', -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - - if get_option('create-log-dirs') - meson.add_install_script( -diff --git a/src/kernel-install/meson.build b/src/kernel-install/meson.build -index 261c3aaae4..dbc5e23513 100644 ---- a/src/kernel-install/meson.build -+++ b/src/kernel-install/meson.build -@@ -11,4 +11,4 @@ install_data('00-entry-directory.install', - install_dir : kernelinstalldir) - - meson.add_install_script('sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'kernel/install.d'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'kernel/install.d'))) -diff --git a/src/login/meson.build b/src/login/meson.build -index 0a7d3d5440..ff90149c1c 100644 ---- a/src/login/meson.build -+++ b/src/login/meson.build -@@ -75,7 +75,7 @@ if conf.get('ENABLE_LOGIND') == 1 - output : 'logind.conf', - configuration : substs) - install_data(logind_conf, -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - - install_data('org.freedesktop.login1.conf', - install_dir : dbuspolicydir) -diff --git a/src/network/meson.build b/src/network/meson.build -index 6bed37a170..35f15bcaf1 100644 ---- a/src/network/meson.build -+++ b/src/network/meson.build -@@ -168,7 +168,7 @@ if conf.get('ENABLE_NETWORKD') == 1 - endif - - install_data('networkd.conf', -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - - fuzzers += [ - [['src/network/fuzz-netdev-parser.c', -diff --git a/src/pstore/meson.build b/src/pstore/meson.build -index adbac24b54..e9dc88dfa2 100644 ---- a/src/pstore/meson.build -+++ b/src/pstore/meson.build -@@ -6,5 +6,5 @@ systemd_pstore_sources = files(''' - - if conf.get('ENABLE_PSTORE') == 1 - install_data('pstore.conf', -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - endif -diff --git a/src/resolve/meson.build b/src/resolve/meson.build -index 92b67b6333..ac5b9a0b0a 100644 ---- a/src/resolve/meson.build -+++ b/src/resolve/meson.build -@@ -168,7 +168,7 @@ if conf.get('ENABLE_RESOLVE') == 1 - output : 'resolved.conf', - configuration : substs) - install_data(resolved_conf, -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - - install_data('resolv.conf', - install_dir : rootlibexecdir) -diff --git a/src/timesync/meson.build b/src/timesync/meson.build -index e5c118c8db..19235df9ca 100644 ---- a/src/timesync/meson.build -+++ b/src/timesync/meson.build -@@ -27,7 +27,7 @@ if conf.get('ENABLE_TIMESYNCD') == 1 - output : 'timesyncd.conf', - configuration : substs) - install_data(timesyncd_conf, -- install_dir : pkgsysconfdir) -+ install_dir : factorypkgconfdir) - install_data('org.freedesktop.timesync1.conf', - install_dir : dbuspolicydir) - install_data('org.freedesktop.timesync1.service', -diff --git a/src/udev/meson.build b/src/udev/meson.build -index 511fe428b9..32333efea6 100644 ---- a/src/udev/meson.build -+++ b/src/udev/meson.build -@@ -186,7 +186,7 @@ foreach prog : [['ata_id/ata_id.c'], - endforeach - - install_data('udev.conf', -- install_dir : join_paths(sysconfdir, 'udev')) -+ install_dir : join_paths(factoryconfdir, 'udev')) - - configure_file( - input : 'udev.pc.in', -@@ -195,7 +195,7 @@ configure_file( - install_dir : pkgconfigdatadir == 'no' ? '' : pkgconfigdatadir) - - meson.add_install_script('sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'udev/rules.d'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'udev/rules.d'))) - - fuzzers += [ - [['src/udev/net/fuzz-link-parser.c', -diff --git a/sysctl.d/meson.build b/sysctl.d/meson.build -index 3f072e3db7..bd9f843eba 100644 ---- a/sysctl.d/meson.build -+++ b/sysctl.d/meson.build -@@ -27,4 +27,4 @@ foreach file : in_files - endforeach - - meson.add_install_script('sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'sysctl.d'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'sysctl.d'))) -diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build -index e77f46d06b..04d2ef621d 100644 ---- a/tmpfiles.d/meson.build -+++ b/tmpfiles.d/meson.build -@@ -57,5 +57,5 @@ endforeach - if enable_tmpfiles - meson.add_install_script( - 'sh', '-c', -- mkdir_p.format(join_paths(sysconfdir, 'tmpfiles.d'))) -+ mkdir_p.format(join_paths(factoryconfdir, 'tmpfiles.d'))) - endif -diff --git a/units/meson.build b/units/meson.build -index 476991edba..3d9dc6e1c8 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -308,7 +308,7 @@ install_data('user-.slice.d/10-defaults.conf', - - meson.add_install_script(meson_make_symlink, - join_paths(pkgsysconfdir, 'user'), -- join_paths(sysconfdir, 'xdg/systemd/user')) -+ join_paths(factorypkgconfdir, 'xdg/systemd/user')) - meson.add_install_script(meson_make_symlink, - join_paths(dbussystemservicedir, 'org.freedesktop.systemd1.service'), - join_paths(dbussessionservicedir, 'org.freedesktop.systemd1.service')) --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch new file mode 100644 index 00000000000..f47a327c311 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -0,0 +1,33 @@ +From b35237652b2244397b6a4350e156e4bfe025e13a Mon Sep 17 00:00:00 2001 +From: Florian Klink +Date: Sun, 8 Mar 2020 01:05:54 +0100 +Subject: [PATCH 18/18] path-util.h: add placeholder for DEFAULT_PATH_NORMAL + +This will be the $PATH used to lookup ExecStart= etc. options, which +systemd itself uses extensively. +--- + src/basic/path-util.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/basic/path-util.h b/src/basic/path-util.h +index 30031fca8e..d97145539a 100644 +--- a/src/basic/path-util.h ++++ b/src/basic/path-util.h +@@ -24,11 +24,11 @@ + # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) + #endif + +-#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") +-#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") ++#define DEFAULT_PATH_NORMAL "@defaultPathNormal@" ++#define DEFAULT_PATH_NORMAL_NULSTR "@defaultPathNormal@\0" + #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") + #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") +-#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") ++#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL + + #if HAVE_SPLIT_USR + # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR +-- +2.26.2 + diff --git a/pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch deleted file mode 100644 index f4f1e6d37b5..00000000000 --- a/pkgs/os-specific/linux/systemd/0019-inherit-systemd-environment-when-calling-generators.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 3eb1716dd80c245a2883da04156af79fb9097519 Mon Sep 17 00:00:00 2001 -From: Andreas Rammhold -Date: Fri, 2 Nov 2018 21:15:42 +0100 -Subject: [PATCH 19/27] inherit systemd environment when calling generators. - -Systemd generators need access to the environment configured in -stage-2-init.sh since it schedules fsck and mkfs executions based on -being able to find an appropriate binary for the target filesystem. - -With this commit I am altering the systemd behaviour since upstream -tries to gather environments with that they call -"environment-generators" and then seems to pass that on to all the other -executables that are being called from managers. ---- - src/core/manager.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index d9114bb0c5..22c3b6ff76 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -3868,9 +3868,14 @@ static int manager_run_generators(Manager *m) { - argv[4] = NULL; - - RUN_WITH_UMASK(0022) -- (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, NULL, NULL, -- (char**) argv, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); -- -+ (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, -+ // On NixOS we must propagate PATH to generators so they are -+ // able to find binaries such as `fsck.${fstype}` and -+ // `mkfs.${fstype}`. That is why the last argument of the -+ // function (envp) is set to NULL. This propagates systemd's -+ // environment (e.g. PATH) that was setup -+ // before calling systemd from stage-2-init.sh. -+ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); - r = 0; - - finish: --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch deleted file mode 100644 index 39bbe7e9dac..00000000000 --- a/pkgs/os-specific/linux/systemd/0021-add-rootprefix-to-lookup-dir-paths.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 8d1618a97ad08078815f409f03b45aff3ae6bd0a Mon Sep 17 00:00:00 2001 -From: Andreas Rammhold -Date: Thu, 9 May 2019 11:15:22 +0200 -Subject: [PATCH 21/27] add rootprefix to lookup dir paths - -systemd does not longer use the UDEVLIBEXEC directory as root for -discovery default udev rules. By adding `$out/lib` to the lookup paths -we should again be able to discover the udev rules amongst other default -files that I might have missed. ---- - src/basic/def.h | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/basic/def.h b/src/basic/def.h -index 2af0b763f0..17959b07e8 100644 ---- a/src/basic/def.h -+++ b/src/basic/def.h -@@ -39,13 +39,15 @@ - "/run/" n "\0" \ - "/usr/local/lib/" n "\0" \ - "/usr/lib/" n "\0" \ -- _CONF_PATHS_SPLIT_USR_NULSTR(n) -+ _CONF_PATHS_SPLIT_USR_NULSTR(n) \ -+ ROOTPREFIX "/lib/" n "\0" - - #define CONF_PATHS_USR(n) \ - "/etc/" n, \ - "/run/" n, \ - "/usr/local/lib/" n, \ -- "/usr/lib/" n -+ "/usr/lib/" n, \ -+ ROOTPREFIX "/lib/" n - - #define CONF_PATHS(n) \ - CONF_PATHS_USR(n) \ --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch deleted file mode 100644 index 9f0ea254890..00000000000 --- a/pkgs/os-specific/linux/systemd/0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 859c16c52cdd61ec99d256bf5b35637d59e5dac9 Mon Sep 17 00:00:00 2001 -From: Nikolay Amiantov -Date: Thu, 25 Jul 2019 20:45:55 +0300 -Subject: [PATCH 22/27] systemd-shutdown: execute scripts in - /etc/systemd/system-shutdown - -This is needed for NixOS to use such scripts as systemd directory is immutable. ---- - src/shutdown/shutdown.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 0eb17989d0..93e619c58a 100644 ---- a/src/shutdown/shutdown.c -+++ b/src/shutdown/shutdown.c -@@ -299,7 +299,7 @@ int main(int argc, char *argv[]) { - _cleanup_free_ char *cgroup = NULL; - char *arguments[3], *watchdog_device; - int cmd, r, umount_log_level = LOG_INFO; -- static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL}; -+ static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, "/etc/systemd/system-shutdown", NULL}; - - /* The log target defaults to console, but the original systemd process will pass its log target in through a - * command line argument, which will override this default. Also, ensure we'll never log to the journal or --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch deleted file mode 100644 index e8aa5cf2271..00000000000 --- a/pkgs/os-specific/linux/systemd/0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9be689d5243d0c78bec7b285774c58749da08c9c Mon Sep 17 00:00:00 2001 -From: Nikolay Amiantov -Date: Thu, 25 Jul 2019 20:46:58 +0300 -Subject: [PATCH 23/27] systemd-sleep: execute scripts in - /etc/systemd/system-sleep - -This is needed for NixOS to use such scripts as systemd directory is immutable. ---- - src/sleep/sleep.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index b9fe96635d..f1c3ca06a3 100644 ---- a/src/sleep/sleep.c -+++ b/src/sleep/sleep.c -@@ -191,6 +191,7 @@ static int execute(char **modes, char **states) { - }; - static const char* const dirs[] = { - SYSTEM_SLEEP_PATH, -+ "/etc/systemd/system-sleep", - NULL - }; - --- -2.24.1 - diff --git a/pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch b/pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch deleted file mode 100644 index df16b52660b..00000000000 --- a/pkgs/os-specific/linux/systemd/0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7db89c2236158461c99fe5c5da7ddb7feab825cf Mon Sep 17 00:00:00 2001 -From: Florian Klink -Date: Sat, 7 Mar 2020 22:40:27 +0100 -Subject: [PATCH] kmod-static-nodes.service: Update ConditionFileNotEmpty - -On NixOS, kernel modules of the currently booted systems are located at -/run/booted-system/kernel-modules/lib/modules/%v/, not /lib/modules/%v/. ---- - units/kmod-static-nodes.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in -index 0971edf9ec..87105a87b9 100644 ---- a/units/kmod-static-nodes.service.in -+++ b/units/kmod-static-nodes.service.in -@@ -12,7 +12,7 @@ Description=Create list of static device nodes for the current kernel - DefaultDependencies=no - Before=sysinit.target systemd-tmpfiles-setup-dev.service - ConditionCapability=CAP_SYS_MODULE --ConditionFileNotEmpty=/lib/modules/%v/modules.devname -+ConditionFileNotEmpty=/run/booted-system/kernel-modules/lib/modules/%v/modules.devname - - [Service] - Type=oneshot --- -2.25.1 - diff --git a/pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch deleted file mode 100644 index 10bf54708f0..00000000000 --- a/pkgs/os-specific/linux/systemd/0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0939ac4be7ced099670979f26adf8a579173ce4b Mon Sep 17 00:00:00 2001 -From: Florian Klink -Date: Sun, 8 Mar 2020 01:05:54 +0100 -Subject: [PATCH] path-util.h: add placeholder for DEFAULT_PATH_NORMAL - -This will be the $PATH used to lookup ExecStart= etc. options, which -systemd itself uses extensively. ---- - src/basic/path-util.h | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index 111d85d445..cfd92aeb73 100644 ---- a/src/basic/path-util.h -+++ b/src/basic/path-util.h -@@ -24,11 +24,11 @@ - # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) - #endif - --#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") --#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") -+#define DEFAULT_PATH_NORMAL "@defaultPathNormal@" -+#define DEFAULT_PATH_NORMAL_NULSTR "@defaultPathNormal@\0" - #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") - #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") --#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") -+#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL - - #if HAVE_SPLIT_USR - # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR --- -2.25.1 - diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 5728431b059..479b747ec41 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -45,23 +45,23 @@ in stdenv.mkDerivation { patches = [ ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch - ./0003-Don-t-try-to-unmount-nix-or-nix-store.patch - ./0004-Fix-NixOS-containers.patch - ./0006-Look-for-fsck-in-the-right-place.patch - ./0007-Add-some-NixOS-specific-unit-directories.patch - ./0009-Get-rid-of-a-useless-message-in-user-sessions.patch - ./0010-hostnamed-localed-timedated-disable-methods-that-cha.patch - ./0011-Fix-hwdb-paths.patch - ./0012-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch - ./0013-localectl-use-etc-X11-xkb-for-list-x11.patch - ./0016-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch - ./0018-Install-default-configuration-into-out-share-factory.patch - ./0019-inherit-systemd-environment-when-calling-generators.patch - ./0021-add-rootprefix-to-lookup-dir-paths.patch - ./0022-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch - ./0023-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch - ./0024-kmod-static-nodes.service-Update-ConditionFileNotEmpty.patch - ./0025-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch + ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch + ./0003-Fix-NixOS-containers.patch + ./0004-Look-for-fsck-in-the-right-place.patch + ./0005-Add-some-NixOS-specific-unit-directories.patch + ./0006-Get-rid-of-a-useless-message-in-user-sessions.patch + ./0007-hostnamed-localed-timedated-disable-methods-that-cha.patch + ./0008-Fix-hwdb-paths.patch + ./0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch + ./0010-localectl-use-etc-X11-xkb-for-list-x11.patch + ./0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch + ./0012-Install-default-configuration-into-out-share-factory.patch + ./0013-inherit-systemd-environment-when-calling-generators.patch + ./0014-add-rootprefix-to-lookup-dir-paths.patch + ./0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch + ./0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch + ./0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch + ./0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch ]; postPatch = '' -- cgit 1.4.1 From eb73b71df40b7bac8c2e961b217303e6e17c4355 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 30 Apr 2020 01:08:05 +0200 Subject: systemd: 245.3 -> 245.5 Also, update 0005-Add-some-NixOS-specific-unit-directories.patch to explain how and where these paths are being used. --- ...evice-units-for-uninitialised-encrypted-devic.patch | 2 +- .../0002-Don-t-try-to-unmount-nix-or-nix-store.patch | 2 +- .../linux/systemd/0003-Fix-NixOS-containers.patch | 2 +- .../0004-Look-for-fsck-in-the-right-place.patch | 2 +- ...0005-Add-some-NixOS-specific-unit-directories.patch | 18 +++++++++--------- ...Get-rid-of-a-useless-message-in-user-sessions.patch | 4 ++-- ...ed-localed-timedated-disable-methods-that-cha.patch | 2 +- .../linux/systemd/0008-Fix-hwdb-paths.patch | 2 +- ...009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch | 2 +- .../0010-localectl-use-etc-X11-xkb-for-list-x11.patch | 2 +- ...on-t-create-statedir-and-don-t-touch-prefixdi.patch | 2 +- ...-default-configuration-into-out-share-factory.patch | 2 +- ...t-systemd-environment-when-calling-generators.patch | 2 +- .../0014-add-rootprefix-to-lookup-dir-paths.patch | 2 +- ...-shutdown-execute-scripts-in-etc-systemd-syst.patch | 2 +- ...-sleep-execute-scripts-in-etc-systemd-system-.patch | 2 +- ...atic-nodes.service-Update-ConditionFileNotEmp.patch | 2 +- ...til.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch | 2 +- pkgs/os-specific/linux/systemd/default.nix | 6 +++--- 19 files changed, 30 insertions(+), 30 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index a7f5a15e050..c88d0eeeff2 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -1,4 +1,4 @@ -From 7900e82a60e22354ab2b1c71f4664c1e2357ab23 Mon Sep 17 00:00:00 2001 +From b873e4c0de3e24f2ec9370e5a217247217e90587 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 8 Jan 2013 15:46:30 +0100 Subject: [PATCH 01/18] Start device units for uninitialised encrypted devices diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index c5679bb393c..4f94cb465d4 100644 --- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -1,4 +1,4 @@ -From 1e2f2f80e106910bbf3fd27438b794937ff3a1a8 Mon Sep 17 00:00:00 2001 +From bdd3ff777dd8253ff5732118dd6de0fa9a9b95fe Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 12 Apr 2013 13:16:57 +0200 Subject: [PATCH 02/18] Don't try to unmount /nix or /nix/store diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index fb038c369f8..73aab8dd91c 100644 --- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -1,4 +1,4 @@ -From 1ff6f3a4250240e1ba56861e31819fe3c5516844 Mon Sep 17 00:00:00 2001 +From c28b3b2e254433e93549ee6fe8c93b43ce455776 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 10:59:28 +0200 Subject: [PATCH 03/18] Fix NixOS containers diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch index 3f102bd4d9b..e10726a2cb1 100644 --- a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch +++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -1,4 +1,4 @@ -From 9cc4c2f4fd5d082aa039073a3620df536261100a Mon Sep 17 00:00:00 2001 +From baf52609ad18785aa1d2cd043185ae9438d59411 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 1 May 2014 14:10:10 +0200 Subject: [PATCH 04/18] Look for fsck in the right place diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch index af7d227eda2..23aa893362b 100644 --- a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch +++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -1,12 +1,12 @@ -From a036a1754104df9b9f7d9b3787840a83b06d0c18 Mon Sep 17 00:00:00 2001 +From 45f80155b7c2edb1e73c233283f1ab1582e1cfbe Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 19 Dec 2014 14:46:17 +0100 Subject: [PATCH 05/18] Add some NixOS-specific unit directories -Look in /nix/var/nix/profiles/default/lib/systemd for units provided -by packages in the default (system-wide) profile, and in -/etc/systemd-mutable/system for persistent, mutable units (not -recommended). +Look in `/nix/var/nix/profiles/default/lib/systemd` for units provided +by packages installed into the default profile via +`nix-env -iA nixos.$package`, and into `/etc/systemd-mutable/system` for +persistent, mutable units (used for Dysnomia). Also, remove /usr and /lib as these don't exist on NixOS. --- @@ -30,7 +30,7 @@ index 8331832c7a..bedb97115d 100644 systemdusergeneratordir=${prefix}/lib/systemd/user-generators systemdsystemgeneratorpath=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemdsystemgeneratordir} diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c -index 5b16209745..13c0a57637 100644 +index 48e0eec09a..a9d38f16d0 100644 --- a/src/shared/path-lookup.c +++ b/src/shared/path-lookup.c @@ -98,17 +98,14 @@ int xdg_user_data_dir(char **ret, const char *suffix) { @@ -52,7 +52,7 @@ index 5b16209745..13c0a57637 100644 NULL }; -@@ -603,15 +600,14 @@ int lookup_paths_init( +@@ -604,15 +601,14 @@ int lookup_paths_init( persistent_config, SYSTEM_CONFIG_UNIT_PATH, "/etc/systemd/system", @@ -70,7 +70,7 @@ index 5b16209745..13c0a57637 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -627,14 +623,12 @@ int lookup_paths_init( +@@ -628,14 +624,12 @@ int lookup_paths_init( persistent_config, USER_CONFIG_UNIT_PATH, "/etc/systemd/user", @@ -87,7 +87,7 @@ index 5b16209745..13c0a57637 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -823,14 +817,12 @@ char **generator_binary_paths(UnitFileScope scope) { +@@ -824,14 +818,12 @@ char **generator_binary_paths(UnitFileScope scope) { case UNIT_FILE_SYSTEM: return strv_new("/run/systemd/system-generators", "/etc/systemd/system-generators", diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch index 9e93b1497ef..0b57dc1f9c8 100644 --- a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -1,4 +1,4 @@ -From d96e5224001ea437549eae7b00173b61d459209e Mon Sep 17 00:00:00 2001 +From d52058070c0c12bb05f82460f0b4b55678b724e9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 11 May 2015 15:39:38 +0200 Subject: [PATCH 06/18] Get rid of a useless message in user sessions @@ -13,7 +13,7 @@ in containers. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/unit.c b/src/core/unit.c -index 2816bcef55..0e5102a28c 100644 +index 97e1b0004c..d3cc2ba9ec 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -2043,7 +2043,8 @@ static void unit_check_binds_to(Unit *u) { diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch index a14178a3610..5703c4f43fd 100644 --- a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -1,4 +1,4 @@ -From 23d17b5f60d9b494ee8b7399350478d24e91e460 Mon Sep 17 00:00:00 2001 +From 409fc808794942ad1736c2cc74853d9792e4ad02 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Dec 2015 14:26:36 +0100 Subject: [PATCH 07/18] hostnamed, localed, timedated: disable methods that diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch index d857be55890..a9bf9abee52 100644 --- a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch +++ b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch @@ -1,4 +1,4 @@ -From e827145cf4390cf926897f591f0105b43e6fc3e2 Mon Sep 17 00:00:00 2001 +From b56fc7b6ae8014eb2f71924c89498f395a1a81bd Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 7 Jul 2016 02:47:13 +0300 Subject: [PATCH 08/18] Fix hwdb paths diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index 8d7c1eb8e7a..12a9dd5a77f 100644 --- a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -1,4 +1,4 @@ -From 5da944d33a915222509ecd73c69fe7ae8917334f Mon Sep 17 00:00:00 2001 +From 4d304a321796db4de827aa39a149bea23d039214 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 11 Oct 2016 13:12:08 +0300 Subject: [PATCH 09/18] Change /usr/share/zoneinfo to /etc/zoneinfo diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch index 031d7f68009..7e6453f2ddd 100644 --- a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -1,4 +1,4 @@ -From d5637ccec3c32919e8aef2dc59b97fdbe3923ba1 Mon Sep 17 00:00:00 2001 +From cb3f1ec1793cbf74c4b5663e038bd49ff4576192 Mon Sep 17 00:00:00 2001 From: Imuli Date: Wed, 19 Oct 2016 08:46:47 -0400 Subject: [PATCH 10/18] localectl: use /etc/X11/xkb for list-x11-* diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch index f122cca5b6f..080cd4670e6 100644 --- a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -1,4 +1,4 @@ -From f488835c587d79ba824302a8933b47a83ddc2d57 Mon Sep 17 00:00:00 2001 +From 0ffb786d0e12a61899af448b1e4dd32a53ea5a8e Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Sun, 11 Feb 2018 04:37:44 +0100 Subject: [PATCH 11/18] build: don't create statedir and don't touch prefixdir diff --git a/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch index 1b52f8ece52..2961a2ebe56 100644 --- a/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch +++ b/pkgs/os-specific/linux/systemd/0012-Install-default-configuration-into-out-share-factory.patch @@ -1,4 +1,4 @@ -From be87849145bc50ab0b16c63fe2b748de13974f0e Mon Sep 17 00:00:00 2001 +From 3dbcdab1ba22c4eeca6d61718c09bcb9b5551764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 26 Feb 2018 14:25:57 +0000 Subject: [PATCH 12/18] Install default configuration into $out/share/factory diff --git a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch index 583aa89afff..5aa397afe8e 100644 --- a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch +++ b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch @@ -1,4 +1,4 @@ -From d16a7d5580adcf5737c7be3b02d411097a498256 Mon Sep 17 00:00:00 2001 +From 0b0510aa72cf8026f34f300efa3f150f45971404 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 2 Nov 2018 21:15:42 +0100 Subject: [PATCH 13/18] inherit systemd environment when calling generators. diff --git a/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch index cc2972cb656..91c091baa9e 100644 --- a/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch +++ b/pkgs/os-specific/linux/systemd/0014-add-rootprefix-to-lookup-dir-paths.patch @@ -1,4 +1,4 @@ -From ac4a62d0be763846e244ff9032635c8041ad7881 Mon Sep 17 00:00:00 2001 +From 4bd20cf0450455e2f9831b09ba91811ba3d58961 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Thu, 9 May 2019 11:15:22 +0200 Subject: [PATCH 14/18] add rootprefix to lookup dir paths diff --git a/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index 6f792934f5a..2bc75e27928 100644 --- a/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/pkgs/os-specific/linux/systemd/0015-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -1,4 +1,4 @@ -From 8a5db86ace1d7729f2c8ccacddbf5ca17fe86274 Mon Sep 17 00:00:00 2001 +From f23a1e00de028048a2a21d322493039cce7ee214 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 25 Jul 2019 20:45:55 +0300 Subject: [PATCH 15/18] systemd-shutdown: execute scripts in diff --git a/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index f6809e9d58a..97f63c02c38 100644 --- a/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/pkgs/os-specific/linux/systemd/0016-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -1,4 +1,4 @@ -From 858fbf641ff5cd207282f3ad9d7458b2be2dcdb8 Mon Sep 17 00:00:00 2001 +From 758b8211e6e76524d62a2e0ffcf37dcf55e3be87 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 25 Jul 2019 20:46:58 +0300 Subject: [PATCH 16/18] systemd-sleep: execute scripts in diff --git a/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch index a3a9b936d13..2a0bb0103f5 100644 --- a/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch +++ b/pkgs/os-specific/linux/systemd/0017-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch @@ -1,4 +1,4 @@ -From da86057b6d1c0d39622977cfb85b7edaeeeb795e Mon Sep 17 00:00:00 2001 +From ce9fe2249c91fdfb224eaffce63e3dbdb4a5c25d Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 22:40:27 +0100 Subject: [PATCH 17/18] kmod-static-nodes.service: Update ConditionFileNotEmpty diff --git a/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index f47a327c311..08b2fa056f8 100644 --- a/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/pkgs/os-specific/linux/systemd/0018-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -1,4 +1,4 @@ -From b35237652b2244397b6a4350e156e4bfe025e13a Mon Sep 17 00:00:00 2001 +From 55b69fc1b5441e3aff8f1ab684ba8eed3718a32d Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 8 Mar 2020 01:05:54 +0100 Subject: [PATCH 18/18] path-util.h: add placeholder for DEFAULT_PATH_NORMAL diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 479b747ec41..00a545ed3f5 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -31,7 +31,7 @@ let gnupg-minimal = gnupg.override { bzip2 = null; }; in stdenv.mkDerivation { - version = "245.3"; + version = "245.5"; pname = "systemd"; # When updating, use https://github.com/systemd/systemd-stable tree, not the development one! @@ -39,8 +39,8 @@ in stdenv.mkDerivation { src = fetchFromGitHub { owner = "systemd"; repo = "systemd-stable"; - rev = "0f5047b7d393cfba37f91e25cae559a0bc910582"; - sha256 = "0wyh14gbvvpgdmk1mjgpxr9i4pv1i9n7pnwpa0gvjh6hq948fyn2"; + rev = "9a506b7e9291d997a920af9ac299e7b834368119"; + sha256 = "19qd92hjlsljr6x5mbw1l2vdzz5y9hy7y7g0dwgpfifb0lwkxqbr"; }; patches = [ -- cgit 1.4.1 From 53ea32be28f268d276351e9c1d48c517632a70e9 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 30 Apr 2020 10:05:50 -0400 Subject: linux/hardened-patches/5.6: 5.6.7.a -> 5.6.8.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index a87628dd769..a57999edcfa 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.7.a.patch", - "sha256": "1dnk9df4v2iw05vpn0s8q6b0ci2rzl2wiq77vhr40mpbg6p18fap", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.7.a/linux-hardened-5.6.7.a.patch" + "name": "linux-hardened-5.6.8.a.patch", + "sha256": "06nrjv1v3m3phgcahpmf228jcgr496n9rlvvmbklc307q6w0g8f6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.8.a/linux-hardened-5.6.8.a.patch" } } -- cgit 1.4.1 From 22c0c49d611a555df1212687e5a025b1482c8958 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 30 Apr 2020 10:05:56 -0400 Subject: linux/hardened-patches/5.4: 5.4.35.a -> 5.4.36.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index a57999edcfa..0dad3902214 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -10,9 +10,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.118.a/linux-hardened-4.19.118.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.35.a.patch", - "sha256": "0vcqgrzns4d3z93mn8mv0sxkmj7ylbr8prff72c4ssvb0kd7agy9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.35.a/linux-hardened-5.4.35.a.patch" + "name": "linux-hardened-5.4.36.a.patch", + "sha256": "00bmpzrma0nrgwwari6072g11cwhdk2riqmphlnkpxbarh7dwf4z", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.36.a/linux-hardened-5.4.36.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", -- cgit 1.4.1 From 5fa90ed9e2166f6184f64aed53fedabc9a21bd7f Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 30 Apr 2020 10:05:58 -0400 Subject: linux/hardened-patches/4.19: 4.19.118.a -> 4.19.119.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 0dad3902214..aa0650138cc 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -5,9 +5,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.177.a/linux-hardened-4.14.177.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.118.a.patch", - "sha256": "120lnn9j9zsx1kcq4frcjmj2vj39x0g1yxrrx9nax2yjrzp4wfdw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.118.a/linux-hardened-4.19.118.a.patch" + "name": "linux-hardened-4.19.119.a.patch", + "sha256": "1arm4833lkgsd27fhgrxbdxisvn20fsk6250x5yh6c8svjr759jx", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.119.a/linux-hardened-4.19.119.a.patch" }, "5.4": { "name": "linux-hardened-5.4.36.a.patch", -- cgit 1.4.1 From 45c0523b77144e4378f659e1093562e448704bd5 Mon Sep 17 00:00:00 2001 From: Daniel Fullmer Date: Tue, 21 Apr 2020 14:06:25 -0400 Subject: rtl8812au: 5.2.20.2_28373.20190903 -> 5.6.4.2_35491.20200318 --- pkgs/os-specific/linux/rtl8812au/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix index 99afd575eee..cb93c635afe 100644 --- a/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/pkgs/os-specific/linux/rtl8812au/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "rtl8812au-${kernel.version}-${version}"; - version = "5.2.20.2_28373.20190903"; + version = "5.6.4.2_35491.20200318"; src = fetchFromGitHub { - owner = "zebulon2"; - repo = "rtl8812au-driver-5.2.20"; - rev = "30d47a0a3f43ccb19e8fd59fe93d74a955147bf2"; - sha256 = "1fy0f8ihxd0i5kr8gmky8v8xl0ns6bhxfdn64c97c5irzdvg37sr"; + owner = "gordboy"; + repo = "rtl8812au-5.6.4.2"; + rev = "49e98ff9bfdbe2ddce843808713de383132002e0"; + sha256 = "0f4isqasm9rli5v6a7xpphyh509wdxs1zcfvgdsnyhnv8amhqxgs"; }; nativeBuildInputs = [ bc nukeReferences ]; -- cgit 1.4.1 From 8e8459921a4e2531abe3e86bbd3810b7e71a4735 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Thu, 30 Apr 2020 17:55:35 +0100 Subject: yabai: init at 2.4.3 --- pkgs/os-specific/darwin/yabai/default.nix | 32 +++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 5 +++++ 2 files changed, 37 insertions(+) create mode 100644 pkgs/os-specific/darwin/yabai/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/darwin/yabai/default.nix b/pkgs/os-specific/darwin/yabai/default.nix new file mode 100644 index 00000000000..aa10a3a20f7 --- /dev/null +++ b/pkgs/os-specific/darwin/yabai/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge }: + +stdenv.mkDerivation rec { + pname = "yabai"; + version = "2.4.3"; + + src = fetchFromGitHub { + owner = "koekeishiya"; + repo = pname; + rev = "v${version}"; + sha256 = "1a6pqms5kwdsvr9vcshfa000xf2f5a2qbp5qapx0b3wzclnchjbn"; + }; + + buildInputs = [ Carbon Cocoa ScriptingBridge ]; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1/ + cp ./bin/yabai $out/bin/yabai + cp ./doc/yabai.1 $out/share/man/man1/yabai.1 + ''; + + meta = with stdenv.lib; { + description = '' + A tiling window manager for macOS based on binary space partitioning + ''; + homepage = https://github.com/koekeishiya/yabai; + platforms = platforms.darwin; + maintainers = [ maintainers.cmacrae ]; + license = licenses.mit; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 66599002d5f..e9b894a039a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26111,6 +26111,11 @@ in xzoom = callPackage ../tools/X11/xzoom {}; + yabai = callPackage ../os-specific/darwin/yabai { + inherit (darwin.apple_sdk.frameworks) + Carbon Cocoa ScriptingBridge; + }; + yabause = libsForQt5.callPackage ../misc/emulators/yabause { freeglut = null; openal = null; -- cgit 1.4.1 From 61b97c17d659b345f4c45fb12376b348dd531d8b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Fri, 1 May 2020 11:43:22 -0400 Subject: linux: 5.7-rc2 -> 5.7-rc3 --- pkgs/os-specific/linux/kernel/linux-testing.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index 9e2ccaeae2b..05617f86917 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.7-rc2"; + version = "5.7-rc3"; extraMeta.branch = "5.7"; # modDirVersion needs to be x.y.z, will always add .0 @@ -11,7 +11,7 @@ buildLinux (args // rec { src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "06h7lrif84gyzblrdgg4cirsr2v69sdbymwkk89nr3gc87hnjlvs"; + sha256 = "0gq4bdzz2px85l3fa9dq3jh3lp4c9kgph4njq6yxf9g3h0ifq7c6"; }; # Should the testing kernels ever be built on Hydra? -- cgit 1.4.1 From 9f2ecb211d89a2d470c07845c1848ce04ab48cca Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 5 Apr 2020 05:37:20 +0000 Subject: setools: 4.2.2 -> 4.3.0 --- pkgs/os-specific/linux/setools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix index ae632c072cb..c0ed4102aaf 100644 --- a/pkgs/os-specific/linux/setools/default.nix +++ b/pkgs/os-specific/linux/setools/default.nix @@ -8,13 +8,13 @@ with python3.pkgs; buildPythonApplication rec { pname = "setools"; - version = "4.2.2"; + version = "4.3.0"; src = fetchFromGitHub { owner = "SELinuxProject"; repo = pname; rev = version; - sha256 = "18kklv26dwm2fdjjzfflvxsq83b2svnwf4g18xq7wsfsri121a90"; + sha256 = "0vr20bi8w147z5lclqz1l0j1b34137zg2r04pkafkgqqk7qbyjk6"; }; nativeBuildInputs = [ cython ]; -- cgit 1.4.1 From 1e16e652d85d9a6189fa2c824780e93d538d873c Mon Sep 17 00:00:00 2001 From: cmacrae Date: Sat, 2 May 2020 09:58:41 +0100 Subject: skhd: 0.3.0 -> 0.3.5 --- pkgs/os-specific/darwin/skhd/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/darwin/skhd/default.nix b/pkgs/os-specific/darwin/skhd/default.nix index f4a9991f8ee..d145c0d75d0 100644 --- a/pkgs/os-specific/darwin/skhd/default.nix +++ b/pkgs/os-specific/darwin/skhd/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "skhd"; - version = "0.3.0"; + version = "0.3.5"; src = fetchFromGitHub { owner = "koekeishiya"; - repo = "skhd"; + repo = pname; rev = "v${version}"; - sha256 = "13pqnassmzppy2ipv995rh8lzw9rraxvi0ph6zgy63cbsdfzbhgl"; + sha256 = "0x099979kgpim18r0vi9vd821qnv0rl3rkj0nd1nx3wljxgf7mrg"; }; buildInputs = [ Carbon ]; @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { description = "Simple hotkey daemon for macOS"; homepage = "https://github.com/koekeishiya/skhd"; platforms = platforms.darwin; - maintainers = with maintainers; [ lnl7 periklis ]; + maintainers = with maintainers; [ cmacrae lnl7 periklis ]; license = licenses.mit; }; } -- cgit 1.4.1 From fe9938ebd41dd486ca16a874a3bb9d4f2f4083aa Mon Sep 17 00:00:00 2001 From: cmacrae Date: Sat, 2 May 2020 09:36:09 +0100 Subject: yabai: 2.4.3 -> 3.0.0 --- pkgs/os-specific/darwin/yabai/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/darwin/yabai/default.nix b/pkgs/os-specific/darwin/yabai/default.nix index aa10a3a20f7..7103c7825cc 100644 --- a/pkgs/os-specific/darwin/yabai/default.nix +++ b/pkgs/os-specific/darwin/yabai/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "yabai"; - version = "2.4.3"; + version = "3.0.0"; src = fetchFromGitHub { owner = "koekeishiya"; repo = pname; rev = "v${version}"; - sha256 = "1a6pqms5kwdsvr9vcshfa000xf2f5a2qbp5qapx0b3wzclnchjbn"; + sha256 = "0ajsh85p2vx18h3s4nicasyhdbh82zg97b1ryhi6l5lkbjpdl4ah"; }; buildInputs = [ Carbon Cocoa ScriptingBridge ]; @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { description = '' A tiling window manager for macOS based on binary space partitioning ''; - homepage = https://github.com/koekeishiya/yabai; + homepage = "https://github.com/koekeishiya/yabai"; platforms = platforms.darwin; maintainers = [ maintainers.cmacrae ]; license = licenses.mit; -- cgit 1.4.1 From c57532cf4ec4311bfde4014b1e1ac738e5fdb5f6 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Sat, 2 May 2020 09:29:52 +0100 Subject: spacebar: init at v0.5.0 --- pkgs/os-specific/darwin/spacebar/default.nix | 30 ++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 5 +++++ 2 files changed, 35 insertions(+) create mode 100644 pkgs/os-specific/darwin/spacebar/default.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/darwin/spacebar/default.nix b/pkgs/os-specific/darwin/spacebar/default.nix new file mode 100644 index 00000000000..9cbd6e62c7a --- /dev/null +++ b/pkgs/os-specific/darwin/spacebar/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, Carbon, Cocoa, ScriptingBridge }: + +stdenv.mkDerivation rec { + pname = "spacebar"; + version = "0.5.0"; + + src = fetchFromGitHub { + owner = "somdoron"; + repo = pname; + rev = "v${version}"; + sha256 = "0v8v4xsc67qpzm859r93ggq7rr7hmaj6dahdlg6g3ppj81cq0khz"; + }; + + buildInputs = [ Carbon Cocoa ScriptingBridge ]; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1/ + cp ./bin/spacebar $out/bin/spacebar + cp ./doc/spacebar.1 $out/share/man/man1/spacebar.1 + ''; + + meta = with stdenv.lib; { + description = "A status bar for yabai tiling window management"; + homepage = "https://github.com/somdoron/spacebar"; + platforms = platforms.darwin; + maintainers = [ maintainers.cmacrae ]; + license = licenses.mit; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 831aa2e45f0..99f20c4f23b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6702,6 +6702,11 @@ in sourceHighlight = callPackage ../tools/text/source-highlight { }; + spacebar = callPackage ../os-specific/darwin/spacebar { + inherit (darwin.apple_sdk.frameworks) + Carbon Cocoa ScriptingBridge; + }; + spaceFM = callPackage ../applications/misc/spacefm { }; speech-denoiser = callPackage ../applications/audio/speech-denoiser {}; -- cgit 1.4.1 From 163e5a8d0c9f07fe4b357533fccbdcf26cb97fa4 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sat, 2 May 2020 14:30:56 -0400 Subject: linux: 4.14.177 -> 4.14.178 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 6c5d86a0e69..013893c1cdd 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.177"; + version = "4.14.178"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "04hq0i06mg2yc09jj2xk0vhf5q9yigzjzm55a5bvfy2a6j43r9rk"; + sha256 = "1pcqxmq9ir4f963aiw5bab9w2mp4vfiwaq2bk7nksbl2bs3k6b7x"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 92c2abe85f027ce56ce999b5e7e4702f05b5d264 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sat, 2 May 2020 14:31:42 -0400 Subject: linux: 4.19.119 -> 4.19.120 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index b3073ac1779..4edc8359c51 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.119"; + version = "4.19.120"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1klvdzz8sndg2zsr1anfy9p5fc1aapjqvc249myrbndyf55bk91b"; + sha256 = "03mjng5ws9y56id99619ysarz73qqyylgc3mlknga1yphbhh16qb"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 7e200a0177a0d18dfe3d69a2f28bf1bdc78216a7 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sat, 2 May 2020 14:32:18 -0400 Subject: linux: 4.4.220 -> 4.4.221 --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index d846a015477..09b34e26a47 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.220"; + version = "4.4.221"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1knj3qsl7x3fysdz1h0s980ddbafs3658z2y67w6sn79wp7d8blg"; + sha256 = "06rpjnvrdp71flz948mfmx7jv8x2vmdg54zz1xpkb2458mwh5hbq"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 13e51bb636f822d91e55e7af0b4328af8a556816 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sat, 2 May 2020 14:32:45 -0400 Subject: linux: 4.9.220 -> 4.9.221 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index b05a3685c27..0db1d2908e3 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.220"; + version = "4.9.221"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0bhbkybzbdsbmrjmb5m7hxxl8b3v6n79zhh86cbr95kzg1hcgnfs"; + sha256 = "1gh1x73xblxkb927igc3shrqnn49lcscwrq2fixmk9n7jb7q2hp6"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From ba19c248b7b113bf72a5b5be130e1f655db5cc80 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sat, 2 May 2020 14:33:35 -0400 Subject: linux: 5.4.36 -> 5.4.38 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 2672a239e3b..31d485877b7 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.36"; + version = "5.4.38"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "13avfvimjyg4lhj9micgib9bb5qpx11cja5liypid0rf2acfmymr"; + sha256 = "03pks3jx5kk0wnhjkm92wxdbgw8qbdg93sfwchnx88m2wfj9yaz7"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From c46b55e640054c889a17bd7528f9b9e419b8da87 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sat, 2 May 2020 14:34:16 -0400 Subject: linux: 5.6.8 -> 5.6.10 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index c5bd84abf16..eb60cfd9497 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.8"; + version = "5.6.10"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1pw2q9509jzp84b6qasaais2ws25v2wrjh072q0x3j520zzl5q8r"; + sha256 = "1f81b0icn0r9gww95rckyxs5d4g8bwf4mmqkrmwxxf4xga19dp3v"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From bdd2d3ccb29b5369b71eeef955842240cf6b6108 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 2 May 2020 14:06:43 +0200 Subject: linux: CONFIG_HIDRAW=y --- pkgs/os-specific/linux/kernel/common-config.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 0a58ed87e6c..e254891b001 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -609,6 +609,9 @@ let misc = { HID_BATTERY_STRENGTH = yes; + # enabled by default in x86_64 but not arm64, so we do that here + HIDRAW = yes; + MODULE_COMPRESS = yes; MODULE_COMPRESS_XZ = yes; KERNEL_XZ = yes; -- cgit 1.4.1 From a09878c2056867fea2fa74914d6af8570cdfd870 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 12 Apr 2020 20:32:05 +0200 Subject: syslinux: fix UEFI support --- pkgs/os-specific/linux/syslinux/default.nix | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/syslinux/default.nix b/pkgs/os-specific/linux/syslinux/default.nix index 94df0649ad4..06b31302eb8 100644 --- a/pkgs/os-specific/linux/syslinux/default.nix +++ b/pkgs/os-specific/linux/syslinux/default.nix @@ -1,14 +1,16 @@ -{ stdenv, fetchFromRepoOrCz, fetchurl, nasm, perl, python3, libuuid, mtools, makeWrapper }: +{ stdenv, fetchgit, fetchurl, fetchpatch, nasm, perl, python3, libuuid, mtools, makeWrapper }: stdenv.mkDerivation { - name = "syslinux-2019-02-07"; + pname = "syslinux"; + version = "unstable-20190207"; # This is syslinux-6.04-pre3^1; syslinux-6.04-pre3 fails to run. # Same issue here https://www.syslinux.org/archives/2019-February/026330.html - src = fetchFromRepoOrCz { - repo = "syslinux"; + src = fetchgit { + url = "https://repo.or.cz/syslinux"; rev = "b40487005223a78c3bb4c300ef6c436b3f6ec1f7"; - sha256 = "1qrxl1114sr2i2791z9rf8v53g200aq30f08808d7i8qnmgvxl2w"; + sha256 = "1acf6byx7i6vz8hq6mra526g8mf7fmfhid211y8nq0v6px7d3aqs"; + fetchSubmodules = true; }; patches = let @@ -20,9 +22,9 @@ stdenv.mkDerivation { url = mkURL "fa1349f1" "0002-gfxboot-menu-label.patch"; sha256 = "06ifgzbpjj4picpj17zgprsfi501zf4pp85qjjgn29i5rs291zni"; }) - (fetchurl { - url = mkURL "477e56d2" "0005-gnu-efi-version-compatibility.patch"; - sha256 = "041568b4abb79wynyps1n04lg4fr26rc3sbjncz99pp0mbz0ajlm"; + (fetchpatch { + url = "https://git.archlinux.org/svntogit/packages.git/plain/trunk/0005-gnu-efi-version-compatibility.patch?h=packages/syslinux"; + sha256 = "0fbqz56hj8az8ws26m39hyp3l5fvcbzvzdddqz3x6n56hzdpz1p6"; }) (fetchurl { # mbr.bin: too big (452 > 440) @@ -48,6 +50,10 @@ stdenv.mkDerivation { # fix tests substituteInPlace tests/unittest/include/unittest/unittest.h \ --replace /usr/include/ "" + + # Hack to get `gcc -m32' to work without having 32-bit Glibc headers. + mkdir gnu-efi/inc/ia32/gnu + touch gnu-efi/inc/ia32/gnu/stubs-32.h ''; nativeBuildInputs = [ nasm perl python3 ]; @@ -61,12 +67,9 @@ stdenv.mkDerivation { makeFlags = [ "BINDIR=$(out)/bin" "SBINDIR=$(out)/sbin" - "LIBDIR=$(out)/lib" - "INCDIR=$(out)/include" "DATADIR=$(out)/share" "MANDIR=$(out)/share/man" "PERL=perl" - "bios" ]; doCheck = false; # fails. some fail in a sandbox, others require qemu -- cgit 1.4.1 From e008d5fc98592405bd1110e8aaa68d5dd0a4f2e7 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Sat, 2 May 2020 19:52:03 +0200 Subject: wireguard-compat: 1.0.20200426 -> 1.0.20200429 --- pkgs/os-specific/linux/wireguard/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 8c3f489753d..63487733605 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -7,11 +7,11 @@ assert stdenv.lib.versionOlder kernel.version "5.6"; stdenv.mkDerivation rec { pname = "wireguard"; - version = "1.0.20200426"; + version = "1.0.20200429"; src = fetchzip { url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz"; - sha256 = "0j343xk9qgmzn0j6kgvydfqjqslf2rv6r4ikfc59982xxny6f6l5"; + sha256 = "161srq06qa6ag2lycqz19mfms4ha2pmwn778jhvi96729rmivjkd"; }; hardeningDisable = [ "pic" ]; -- cgit 1.4.1 From e7b54c19dee630bd538239a5d0389a3e5387b095 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 3 May 2020 13:16:49 -0400 Subject: linux/hardened-patches/5.6: 5.6.8.a -> 5.6.10.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index aa0650138cc..f7df85b568c 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.8.a.patch", - "sha256": "06nrjv1v3m3phgcahpmf228jcgr496n9rlvvmbklc307q6w0g8f6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.8.a/linux-hardened-5.6.8.a.patch" + "name": "linux-hardened-5.6.10.a.patch", + "sha256": "0jmyk7pl9ddbyhskzadd1z9svhm18v8gdv6kgb0ca6dbhf6ggsgy", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.10.a/linux-hardened-5.6.10.a.patch" } } -- cgit 1.4.1 From c5d56b179082541c49481f1b88efdc5eefbab817 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 3 May 2020 13:16:59 -0400 Subject: linux/hardened-patches/5.4: 5.4.36.a -> 5.4.38.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index f7df85b568c..427a6dae2f7 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -10,9 +10,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.119.a/linux-hardened-4.19.119.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.36.a.patch", - "sha256": "00bmpzrma0nrgwwari6072g11cwhdk2riqmphlnkpxbarh7dwf4z", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.36.a/linux-hardened-5.4.36.a.patch" + "name": "linux-hardened-5.4.38.a.patch", + "sha256": "1aaky36azfagk0nf5k92glil3f7ymijcvx03g8rnlinlsm3i2614", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.38.a/linux-hardened-5.4.38.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", -- cgit 1.4.1 From 4df77514e74735ca0261d235a178742577d181bf Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 3 May 2020 13:17:03 -0400 Subject: linux/hardened-patches/4.19: 4.19.119.a -> 4.19.120.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 427a6dae2f7..623ce291710 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -5,9 +5,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.177.a/linux-hardened-4.14.177.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.119.a.patch", - "sha256": "1arm4833lkgsd27fhgrxbdxisvn20fsk6250x5yh6c8svjr759jx", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.119.a/linux-hardened-4.19.119.a.patch" + "name": "linux-hardened-4.19.120.a.patch", + "sha256": "14l30127nd8d2q72k51alwmh8h57fyam0q6sggdljh16qlqilirl", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.120.a/linux-hardened-4.19.120.a.patch" }, "5.4": { "name": "linux-hardened-5.4.38.a.patch", -- cgit 1.4.1 From d51998798fb92bdb475210b8a41f805cced58082 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Sun, 3 May 2020 13:17:07 -0400 Subject: linux/hardened-patches/4.14: 4.14.177.a -> 4.14.178.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 623ce291710..d2f6f4b3e83 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -1,8 +1,8 @@ { "4.14": { - "name": "linux-hardened-4.14.177.a.patch", - "sha256": "0wiapq4nj16m5ywnz0k7k0fr5hpw2gjy68mjlk6x866rf8vhndrq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.177.a/linux-hardened-4.14.177.a.patch" + "name": "linux-hardened-4.14.178.a.patch", + "sha256": "1klwymsd19y2sifbny5ikgry9rx9q2cbb13h1xqy42573add6q8c", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.178.a/linux-hardened-4.14.178.a.patch" }, "4.19": { "name": "linux-hardened-4.19.120.a.patch", -- cgit 1.4.1 From b6456e528e60dcd5f30d127ee4e043a991c7d49a Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 4 May 2020 08:41:50 -0400 Subject: linux: 5.7-rc3 -> 5.7-rc4 --- pkgs/os-specific/linux/kernel/linux-testing.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index 05617f86917..8b5f1e58d14 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.7-rc3"; + version = "5.7-rc4"; extraMeta.branch = "5.7"; # modDirVersion needs to be x.y.z, will always add .0 @@ -11,7 +11,7 @@ buildLinux (args // rec { src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "0gq4bdzz2px85l3fa9dq3jh3lp4c9kgph4njq6yxf9g3h0ifq7c6"; + sha256 = "1mnknjiax24iaj9n5k0s55vp6fvmb40s931qxj24v5p1lc5fznvb"; }; # Should the testing kernels ever be built on Hydra? -- cgit 1.4.1 From bd1846f7f4070383a2480da0f2b60e4fef119f25 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 4 May 2020 13:33:51 +0000 Subject: linuxPackages_hardened.bcc: 0.13.0 -> 0.14.0 --- pkgs/os-specific/linux/bcc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/bcc/default.nix b/pkgs/os-specific/linux/bcc/default.nix index 79e32a05f46..7f95ef47ee9 100644 --- a/pkgs/os-specific/linux/bcc/default.nix +++ b/pkgs/os-specific/linux/bcc/default.nix @@ -5,11 +5,11 @@ python.pkgs.buildPythonApplication rec { pname = "bcc"; - version = "0.13.0"; + version = "0.14.0"; src = fetchurl { url = "https://github.com/iovisor/bcc/releases/download/v${version}/bcc-src-with-submodule.tar.gz"; - sha256 = "15xpwf17x2j1c1wcb84cgfs35dp5w0rjd9mllmddmdjvn303wffx"; + sha256 = "1hw02bib06fjyw61as5pmhf0qxy0wv0nw8fff2i8a9d1zcd8xf3p"; }; format = "other"; -- cgit 1.4.1 From 89d3a605e31b5e4efbe1b28b08206da4e75fd689 Mon Sep 17 00:00:00 2001 From: Kai Wohlfahrt Date: Wed, 29 Apr 2020 23:10:03 +0100 Subject: gpio-tools: init in kernel 5.4 Linux provides some tools to interact with the gpiochip interface (which replaces the deprecated sysfs GPIO interface). Expose these as a package. The tool has not changed much recently, so there is no need to package a version for each kernel. --- pkgs/os-specific/linux/kernel/gpio-utils.nix | 24 ++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 1 + 2 files changed, 25 insertions(+) create mode 100644 pkgs/os-specific/linux/kernel/gpio-utils.nix (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/gpio-utils.nix b/pkgs/os-specific/linux/kernel/gpio-utils.nix new file mode 100644 index 00000000000..447704eedc8 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/gpio-utils.nix @@ -0,0 +1,24 @@ +{ lib, stdenv, linux }: + +with lib; + +assert versionAtLeast linux.version "4.6"; + +stdenv.mkDerivation { + name = "gpio-utils-${linux.version}"; + + inherit (linux) src makeFlags; + + preConfigure = '' + cd tools/gpio + ''; + + separateDebugInfo = true; + installFlags = [ "install" "DESTDIR=$(out)" "bindir=/bin" ]; + + meta = { + description = "Linux tools to inspect the gpiochip interface"; + maintainers = with stdenv.lib.maintainers; [ kwohlfahrt ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e03841d1aa7..d516a1ceee5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26468,4 +26468,5 @@ in vpsfree-client = callPackage ../tools/virtualization/vpsfree-client {}; + gpio-utils = callPackage ../os-specific/linux/kernel/gpio-utils.nix { }; } -- cgit 1.4.1 From 6967ad71850db9b79ce78c77b39e935405231b20 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 4 May 2020 20:06:29 +0000 Subject: criu: 3.13 -> 3.14 --- pkgs/os-specific/linux/criu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/criu/default.nix b/pkgs/os-specific/linux/criu/default.nix index 4f7dae930aa..462658396c8 100644 --- a/pkgs/os-specific/linux/criu/default.nix +++ b/pkgs/os-specific/linux/criu/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "criu"; - version = "3.13"; + version = "3.14"; src = fetchurl { url = "https://download.openvz.org/criu/${pname}-${version}.tar.bz2"; - sha256 = "1yn9ix9lqvqvjrs3a3g6g1wqfniyf9n7giy0mr3jvijmrcm7y0pa"; + sha256 = "1jrr3v99g18gc0hriz0avq6ccdvyya0j6wwz888sdsc4icc30gzn"; }; enableParallelBuilding = true; -- cgit 1.4.1 From 82dfd10035256585c52053172d67fbffbaa11fc9 Mon Sep 17 00:00:00 2001 From: 124 Date: Tue, 5 May 2020 10:21:56 +0200 Subject: syslinux: fix #86846: build on i686 vcunat tried tests.boot.biosCdrom.i686-linux - after small local modification to make that attribute even exist. Installed file list also looks fine in comparison with state before the breaking change; hopefully it will work just fine. --- pkgs/os-specific/linux/syslinux/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/syslinux/default.nix b/pkgs/os-specific/linux/syslinux/default.nix index 06b31302eb8..edb951dae3d 100644 --- a/pkgs/os-specific/linux/syslinux/default.nix +++ b/pkgs/os-specific/linux/syslinux/default.nix @@ -70,7 +70,8 @@ stdenv.mkDerivation { "DATADIR=$(out)/share" "MANDIR=$(out)/share/man" "PERL=perl" - ]; + ] + ++ stdenv.lib.optionals stdenv.hostPlatform.isi686 [ "bios" "efi32" ]; doCheck = false; # fails. some fail in a sandbox, others require qemu -- cgit 1.4.1 From 330693c50205a398c35f45a09ff5d0bba07f489c Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Wed, 29 Apr 2020 17:01:47 +0100 Subject: linuxPackages.sysdig: 0.26.6 -> 0.26.7 --- pkgs/os-specific/linux/sysdig/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix index b0becd82d19..59577eb8d51 100644 --- a/pkgs/os-specific/linux/sysdig/default.nix +++ b/pkgs/os-specific/linux/sysdig/default.nix @@ -5,13 +5,13 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "sysdig"; - version = "0.26.6"; + version = "0.26.7"; src = fetchFromGitHub { owner = "draios"; repo = "sysdig"; rev = version; - sha256 = "1rw9s5lamr02036z26vfmnp5dnn97f00hcnp4xv6gdxim6rpmbz7"; + sha256 = "09m6j2cl70jxb0k4ydsgrida381bipf0v026xz661152cy23r3ff"; }; nativeBuildInputs = [ cmake perl ]; -- cgit 1.4.1 From 018f49380e62a485a162e8de47e25adcfe702d8b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 5 May 2020 14:35:33 -0400 Subject: linux: 4.14.178 -> 4.14.179 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 013893c1cdd..b3dea589cd6 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.178"; + version = "4.14.179"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1pcqxmq9ir4f963aiw5bab9w2mp4vfiwaq2bk7nksbl2bs3k6b7x"; + sha256 = "10arrj3ppbxkn15yxqpxlz4k8yp2afzbfpp2nwfy6klhjiffp9sx"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 7f75ff0777cc82c18e6e0af295a628ad5bb351c6 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 5 May 2020 14:35:46 -0400 Subject: linux: 4.4.221 -> 4.4.222 --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 09b34e26a47..81b32a932e1 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.221"; + version = "4.4.222"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "06rpjnvrdp71flz948mfmx7jv8x2vmdg54zz1xpkb2458mwh5hbq"; + sha256 = "02zxy5vjxgrqs0mkz5aj70v6pazhif7x5cm26rf8zh4idpmhk2zh"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 32585ddcec809021947d281eaac8ebed3a83b36a Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 5 May 2020 14:35:55 -0400 Subject: linux: 4.9.221 -> 4.9.222 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 0db1d2908e3..a9757aa2f10 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.221"; + version = "4.9.222"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1gh1x73xblxkb927igc3shrqnn49lcscwrq2fixmk9n7jb7q2hp6"; + sha256 = "0aajgflf96bj7chbd83rdmgcdwd025c6mz6li4cwbfx7xcb91kjc"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 03425b00332ed2c025df74ebc945dc9a62e708a4 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 5 May 2020 20:32:26 +0000 Subject: lxcfs: 4.0.1 -> 4.0.3 --- pkgs/os-specific/linux/lxcfs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix index 65615f5c240..68d05f0be65 100644 --- a/pkgs/os-specific/linux/lxcfs/default.nix +++ b/pkgs/os-specific/linux/lxcfs/default.nix @@ -3,13 +3,13 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "lxcfs-4.0.1"; + name = "lxcfs-4.0.3"; src = fetchFromGitHub { owner = "lxc"; repo = "lxcfs"; rev = name; - sha256 = "09y26ln2wxpi809kd3r352my64aal0yz2a5kin0i25gnvivl32cs"; + sha256 = "0v6c5vc3i1l4sy4iamzdqvwibj6xr1lna4w1hxkn3s6jggcbxwca"; }; nativeBuildInputs = [ pkgconfig help2man autoreconfHook ]; -- cgit 1.4.1 From 88d15ee4eff396f8335a5a13aaa663f915a9e798 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Wed, 6 May 2020 00:30:11 +0200 Subject: fwupd: 1.4.0 → 1.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/fwupd/fwupd/commit/ad113b931f0ab3c3b4d3731686ed89a57f0aacb1 --- pkgs/os-specific/linux/firmware/fwupd/default.nix | 32 ++--------------------- 1 file changed, 2 insertions(+), 30 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix index 13f4f71c3c1..2a0e52c658a 100644 --- a/pkgs/os-specific/linux/firmware/fwupd/default.nix +++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix @@ -87,11 +87,11 @@ in stdenv.mkDerivation rec { pname = "fwupd"; - version = "1.4.0"; + version = "1.4.1"; src = fetchurl { url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz"; - sha256 = "V131/l05FKYFavRMXRaiW1bQkTCEn7MTyyD+bqYClU4="; + sha256 = "ga8MpbY9tTwr0jsmjEAMyFxDC+yD4LBTx5gXRXig31M="; }; # libfwupd goes to lib @@ -154,34 +154,6 @@ stdenv.mkDerivation rec { # they are not really part of the library. ./install-fwupdplugin-to-out.patch - # Make it easier to patch installed-tests directory. - # https://github.com/fwupd/fwupd/pull/2002 - (fetchpatch { - url = "https://github.com/fwupd/fwupd/commit/2f12e38e61d982dea63778736e2b71d16f0e9925.patch"; - sha256 = "goTyDj0v50FOQYCS+LhPjo0AEugubr6aBIGfO9ztZOA="; - }) - - # Install systemd files to our prefix. - # https://github.com/fwupd/fwupd/pull/2006 - (fetchpatch { - url = "https://github.com/fwupd/fwupd/commit/463db5162fe4f6fea417973ff95a44ed51ec6402.patch"; - sha256 = "I0TIfnCca83QpINABUINtl8nIB78dG8OR9MC/hP2hg8="; - }) - - # Fix installed tests. - # https://github.com/fwupd/fwupd/issues/2007 - (fetchpatch { - url = "https://github.com/fwupd/fwupd/commit/c727742df3702fc934e2d9488c883dcbdfa59e9c.patch"; - sha256 = "b9D2Xblf1VbpS5XZpHtwEJhzuq7+840l7skW5w0NMBU="; - }) - - # Fix build with bash-completion 2.10 - # https://github.com/fwupd/fwupd/pull/2014 - (fetchpatch { - url = "https://github.com/fwupd/fwupd/commit/0f035013dfb150c2c3fc7f51090103ba84bd1c06.patch"; - sha256 = "VXRf5N3inaWThudk6pc4mtp6cMEIyybkdfqKin+9XSw="; - }) - # Installed tests are installed to different output # we also cannot have fwupd-tests.conf in $out/etc since it would form a cycle. (substituteAll { -- cgit 1.4.1 From 5ed0514b4fc273983b75b06e59d4e8aad1fab667 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 4 May 2020 17:25:46 +0000 Subject: conntrack-tools: 1.4.5 -> 1.4.6 --- pkgs/os-specific/linux/conntrack-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/conntrack-tools/default.nix b/pkgs/os-specific/linux/conntrack-tools/default.nix index 8346fb1c73c..80785015e76 100644 --- a/pkgs/os-specific/linux/conntrack-tools/default.nix +++ b/pkgs/os-specific/linux/conntrack-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "conntrack-tools"; - version = "1.4.5"; + version = "1.4.6"; src = fetchurl { url = "https://www.netfilter.org/projects/conntrack-tools/files/${pname}-${version}.tar.bz2"; - sha256 = "0qm4m78hr6a4fbmnkw5nyjm1pzzhydzx0nz7f96iv1c4fsfdkiin"; + sha256 = "0psx41bclqrh4514yzq03rvs3cq3scfpd1v4kkyxnic2hk65j22r"; }; buildInputs = [ -- cgit 1.4.1 From ac287ce319fe7a52ba0e7d0a2556dff63b84e10b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 6 May 2020 15:56:35 -0400 Subject: linux: 4.19.120 -> 4.19.121 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 4edc8359c51..450c44f0aa0 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.120"; + version = "4.19.121"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "03mjng5ws9y56id99619ysarz73qqyylgc3mlknga1yphbhh16qb"; + sha256 = "11bhjdaihhc42xhf4qxdkkjznc0i6igh0ahjbzr3fb8bmq9sirgv"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From bcbc50714359392d283cb8b86a21986bb701dc6e Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 6 May 2020 15:57:20 -0400 Subject: linux: 5.4.38 -> 5.4.39 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 31d485877b7..5ca72d8a6a5 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.38"; + version = "5.4.39"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "03pks3jx5kk0wnhjkm92wxdbgw8qbdg93sfwchnx88m2wfj9yaz7"; + sha256 = "1j35yf1nilb9z7lw8w2drpww7q2zy8zfr0ip8hwcbcd7c5d9chai"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From f82e836e1da9f034d79eb9e73a58181c0ae070e9 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 6 May 2020 15:58:09 -0400 Subject: linux: 5.6.10 -> 5.6.11 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index eb60cfd9497..7cd3987f87c 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.10"; + version = "5.6.11"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1f81b0icn0r9gww95rckyxs5d4g8bwf4mmqkrmwxxf4xga19dp3v"; + sha256 = "1ahv4a3mnszqs3qcnwmhbvjgis1jg37anj5jvn70i7s2k6z6rpfn"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From e24f5eab66a004fcbd770888aba9cd94fcda17c5 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 6 May 2020 23:18:09 +0200 Subject: treewide: add CVE identifiers to patches This allows tools like broken.sh to correctly identify the patched status. --- .../10_fix_buffer_overflow_wordole_c.patch | 18 ---- ...x_buffer_overflow_wordole_c_CVE-2014-8123.patch | 18 ++++ pkgs/applications/office/antiword/default.nix | 2 +- pkgs/misc/drivers/foomatic-filters/default.nix | 2 +- pkgs/os-specific/linux/libcgroup/default.nix | 1 + pkgs/tools/archivers/p7zip/default.nix | 2 + pkgs/tools/filesystems/fuseiso/default.nix | 30 +++--- pkgs/tools/misc/mcrypt/default.nix | 7 +- pkgs/tools/misc/mcrypt/format-string.patch | 31 ------ .../misc/mcrypt/format-string_CVE-2012-4426.patch | 31 ++++++ pkgs/tools/misc/mcrypt/overflow.patch | 24 ----- .../tools/misc/mcrypt/overflow_CVE-2012-4409.patch | 24 +++++ pkgs/tools/misc/mcrypt/sprintf.patch | 108 --------------------- pkgs/tools/misc/mcrypt/sprintf_CVE-2012-4527.patch | 108 +++++++++++++++++++++ pkgs/tools/security/super/default.nix | 8 +- pkgs/tools/text/a2ps/default.nix | 1 + 16 files changed, 213 insertions(+), 202 deletions(-) delete mode 100644 pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c.patch create mode 100644 pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c_CVE-2014-8123.patch delete mode 100644 pkgs/tools/misc/mcrypt/format-string.patch create mode 100644 pkgs/tools/misc/mcrypt/format-string_CVE-2012-4426.patch delete mode 100644 pkgs/tools/misc/mcrypt/overflow.patch create mode 100644 pkgs/tools/misc/mcrypt/overflow_CVE-2012-4409.patch delete mode 100644 pkgs/tools/misc/mcrypt/sprintf.patch create mode 100644 pkgs/tools/misc/mcrypt/sprintf_CVE-2012-4527.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c.patch b/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c.patch deleted file mode 100644 index ebf2f0900d9..00000000000 --- a/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c.patch +++ /dev/null @@ -1,18 +0,0 @@ -Description: Add check for buffer overflow with malformed input files -Author: -Bug-Debian: http://bugs.debian.org/407015 -Last-Update: 2009-06-03 - ---- antiword-0.37~/wordole.c 2005-08-26 21:49:57.000000000 +0200 -+++ antiword-0.37/wordole.c 2009-06-03 22:31:15.948014682 +0200 -@@ -259,6 +259,10 @@ - } - tNameSize = (size_t)usGetWord(0x40, aucBytes); - tNameSize = (tNameSize + 1) / 2; -+ if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) { -+ werr(0, "Name Size of PPS %d is too large", iIndex); -+ tNameSize = sizeof(atPPSlist[iIndex].szName); -+ } - vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize); - atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes); - if (atPPSlist[iIndex].ucType == 5) { diff --git a/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c_CVE-2014-8123.patch b/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c_CVE-2014-8123.patch new file mode 100644 index 00000000000..ebf2f0900d9 --- /dev/null +++ b/pkgs/applications/office/antiword/10_fix_buffer_overflow_wordole_c_CVE-2014-8123.patch @@ -0,0 +1,18 @@ +Description: Add check for buffer overflow with malformed input files +Author: +Bug-Debian: http://bugs.debian.org/407015 +Last-Update: 2009-06-03 + +--- antiword-0.37~/wordole.c 2005-08-26 21:49:57.000000000 +0200 ++++ antiword-0.37/wordole.c 2009-06-03 22:31:15.948014682 +0200 +@@ -259,6 +259,10 @@ + } + tNameSize = (size_t)usGetWord(0x40, aucBytes); + tNameSize = (tNameSize + 1) / 2; ++ if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) { ++ werr(0, "Name Size of PPS %d is too large", iIndex); ++ tNameSize = sizeof(atPPSlist[iIndex].szName); ++ } + vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize); + atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes); + if (atPPSlist[iIndex].ucType == 5) { diff --git a/pkgs/applications/office/antiword/default.nix b/pkgs/applications/office/antiword/default.nix index 0154e21b374..c8cb294b0dc 100644 --- a/pkgs/applications/office/antiword/default.nix +++ b/pkgs/applications/office/antiword/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { substituteInPlace Makefile --replace "gcc" "cc" ''; - patches = [ ./10_fix_buffer_overflow_wordole_c.patch ]; + patches = [ ./10_fix_buffer_overflow_wordole_c_CVE-2014-8123.patch ]; installTargets = [ "global_install" ]; diff --git a/pkgs/misc/drivers/foomatic-filters/default.nix b/pkgs/misc/drivers/foomatic-filters/default.nix index 9bee05bfb25..3ca64e0e8f8 100644 --- a/pkgs/misc/drivers/foomatic-filters/default.nix +++ b/pkgs/misc/drivers/foomatic-filters/default.nix @@ -12,8 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ perl cups dbus enscript ]; patches = [ - # for CVE-2015-8327 & CVE-2015-8560 (fetchpatch { + name = "CVE-2015-8327+CVE-2015-8560.patch"; url = "https://salsa.debian.org/debian/foomatic-filters/raw/a3abbef2d2f8c7e62d2fe64f64afe294563fdf8f/debian/patches/0500-r7406_also_consider_the_back_tick_as_an_illegal_shell_escape_character.patch"; sha256 = "055nwi3sjf578nk40bqsch3wx8m2h65hdih0wmxflb6l0hwkq4p4"; }) diff --git a/pkgs/os-specific/linux/libcgroup/default.nix b/pkgs/os-specific/linux/libcgroup/default.nix index 026b43fc615..4d93c3bb4fe 100644 --- a/pkgs/os-specific/linux/libcgroup/default.nix +++ b/pkgs/os-specific/linux/libcgroup/default.nix @@ -13,6 +13,7 @@ stdenv.mkDerivation rec { patches = [ (fetchpatch { + name = "CVE-2018-14348.patch"; url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch?id=33e9f4c81de754bbf76b893ea1133ed023f2a0e5"; sha256 = "1x0x29ld0cgmfwq4qy13s6d5c8sym1frfh1j2q47d8gfw6qaxka5"; }) diff --git a/pkgs/tools/archivers/p7zip/default.nix b/pkgs/tools/archivers/p7zip/default.nix index b7a97b3766b..d6ad699eaa8 100644 --- a/pkgs/tools/archivers/p7zip/default.nix +++ b/pkgs/tools/archivers/p7zip/default.nix @@ -13,10 +13,12 @@ stdenv.mkDerivation rec { ./12-CVE-2016-9296.patch ./13-CVE-2017-17969.patch (fetchpatch { + name = "3-CVE-2018-5996.patch"; url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch"; sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp"; }) (fetchpatch { + name = "4-CVE-2018-10115.patch"; url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch"; sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6"; }) diff --git a/pkgs/tools/filesystems/fuseiso/default.nix b/pkgs/tools/filesystems/fuseiso/default.nix index ded1fac65f8..0a4472d7123 100644 --- a/pkgs/tools/filesystems/fuseiso/default.nix +++ b/pkgs/tools/filesystems/fuseiso/default.nix @@ -9,27 +9,27 @@ stdenv.mkDerivation rec { sha256 = "127xql52dcdhmh7s5m9xc6q39jdlj3zhbjar1j821kb6gl3jw94b"; }; - patches = map (p: - fetchpatch { - inherit (p) name sha256; - url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/${p.name}"; - }) [ - { + patches = [ + (fetchpatch { name = "00-support_large_iso.patch"; + url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/00-support_large_iso.patch"; sha256 = "1lmclb1qwzz5f4wlq693g83bblwnjjl73qhgfxbsaac5hnn2shjw"; - } - { + }) + (fetchpatch { name = "01-fix_typo.patch"; + url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/01-fix_typo.patch"; sha256 = "14rpxp0yylzsgqv0r19l4wx1h5hvqp617gpv1yg0w48amr9drasa"; - } - { # CVE-2015-8837 - name = "02-prevent-buffer-overflow.patch"; + }) + (fetchpatch { + name = "02-prevent-buffer-overflow_CVE-2015-8837.patch"; + url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/02-prevent-buffer-overflow.patch"; sha256 = "1ls2pp3mh91pdb51qz1fsd8pwhbky6988bpd156bn7wgfxqzh8ig"; - } - { # CVE-2015-8836 - name = "03-prevent-integer-overflow.patch"; + }) + (fetchpatch { + name = "03-prevent-integer-overflow_CVE-2015-8836.patch"; + url = "https://sources.debian.net/data/main/f/fuseiso/${version}-3.2/debian/patches/03-prevent-integer-overflow.patch"; sha256 = "100cw07fk4sa3hl7a1gk2hgz4qsxdw99y20r7wpidwwwzy463zcv"; - } + }) ]; nativeBuildInputs = [ autoreconfHook pkgconfig ]; diff --git a/pkgs/tools/misc/mcrypt/default.nix b/pkgs/tools/misc/mcrypt/default.nix index 9969148e223..afbe811e7f2 100644 --- a/pkgs/tools/misc/mcrypt/default.nix +++ b/pkgs/tools/misc/mcrypt/default.nix @@ -9,7 +9,12 @@ stdenv.mkDerivation rec { sha256 = "5145aa844e54cca89ddab6fb7dd9e5952811d8d787c4f4bf27eb261e6c182098"; }; - patches = [ ./format-string.patch ./overflow.patch ./segv.patch ./sprintf.patch ]; + patches = [ + ./format-string_CVE-2012-4426.patch + ./overflow_CVE-2012-4409.patch + ./segv.patch + ./sprintf_CVE-2012-4527.patch + ]; buildInputs = [ libmcrypt libmhash ]; diff --git a/pkgs/tools/misc/mcrypt/format-string.patch b/pkgs/tools/misc/mcrypt/format-string.patch deleted file mode 100644 index 322ab473811..00000000000 --- a/pkgs/tools/misc/mcrypt/format-string.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- mcrypt-2.6.8/src/errors.c -+++ mcrypt-2.6.8/src/errors.c -@@ -25,24 +25,24 @@ - - void err_quit(char *errmsg) - { -- fprintf(stderr, errmsg); -+ fprintf(stderr, "%s", errmsg); - exit(-1); - } - - void err_warn(char *errmsg) - { - if (quiet <= 1) -- fprintf(stderr, errmsg); -+ fprintf(stderr, "%s", errmsg); - } - - void err_info(char *errmsg) - { - if (quiet == 0) -- fprintf(stderr, errmsg); -+ fprintf(stderr, "%s", errmsg); - } - - void err_crit(char *errmsg) - { - if (quiet <= 2) -- fprintf(stderr, errmsg); -+ fprintf(stderr, "%s", errmsg); - } diff --git a/pkgs/tools/misc/mcrypt/format-string_CVE-2012-4426.patch b/pkgs/tools/misc/mcrypt/format-string_CVE-2012-4426.patch new file mode 100644 index 00000000000..322ab473811 --- /dev/null +++ b/pkgs/tools/misc/mcrypt/format-string_CVE-2012-4426.patch @@ -0,0 +1,31 @@ +--- mcrypt-2.6.8/src/errors.c ++++ mcrypt-2.6.8/src/errors.c +@@ -25,24 +25,24 @@ + + void err_quit(char *errmsg) + { +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + exit(-1); + } + + void err_warn(char *errmsg) + { + if (quiet <= 1) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_info(char *errmsg) + { + if (quiet == 0) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_crit(char *errmsg) + { + if (quiet <= 2) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } diff --git a/pkgs/tools/misc/mcrypt/overflow.patch b/pkgs/tools/misc/mcrypt/overflow.patch deleted file mode 100644 index bf747a58266..00000000000 --- a/pkgs/tools/misc/mcrypt/overflow.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 3efb40e17ce4f76717ae17a1ce1e1f747ddf59fd Mon Sep 17 00:00:00 2001 -From: Alon Bar-Lev -Date: Sat, 22 Dec 2012 22:37:06 +0200 -Subject: [PATCH] cleanup: buffer overflow - ---- - mcrypt-2.6.8/src/extra.c | 2 ++ - 1 files changed, 2 insertions(+), 0 deletions(-) - -diff --git a/mcrypt-2.6.8/src/extra.c b/mcrypt-2.6.8/src/extra.c -index 3082f82..c7a1ac0 100644 ---- a/src/extra.c -+++ b/src/extra.c -@@ -241,6 +241,8 @@ int check_file_head(FILE * fstream, char *algorithm, char *mode, - if (m_getbit(6, flags) == 1) { /* if the salt bit is set */ - if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ - *salt_size = m_setbit(0, sflag, 0); -+ if (*salt_size > sizeof(tmp_buf)) -+ err_quit(_("Salt is too long\n")); - if (*salt_size > 0) { - fread(tmp_buf, 1, *salt_size, - fstream); --- -1.7.8.6 diff --git a/pkgs/tools/misc/mcrypt/overflow_CVE-2012-4409.patch b/pkgs/tools/misc/mcrypt/overflow_CVE-2012-4409.patch new file mode 100644 index 00000000000..bf747a58266 --- /dev/null +++ b/pkgs/tools/misc/mcrypt/overflow_CVE-2012-4409.patch @@ -0,0 +1,24 @@ +From 3efb40e17ce4f76717ae17a1ce1e1f747ddf59fd Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev +Date: Sat, 22 Dec 2012 22:37:06 +0200 +Subject: [PATCH] cleanup: buffer overflow + +--- + mcrypt-2.6.8/src/extra.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/mcrypt-2.6.8/src/extra.c b/mcrypt-2.6.8/src/extra.c +index 3082f82..c7a1ac0 100644 +--- a/src/extra.c ++++ b/src/extra.c +@@ -241,6 +241,8 @@ int check_file_head(FILE * fstream, char *algorithm, char *mode, + if (m_getbit(6, flags) == 1) { /* if the salt bit is set */ + if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ + *salt_size = m_setbit(0, sflag, 0); ++ if (*salt_size > sizeof(tmp_buf)) ++ err_quit(_("Salt is too long\n")); + if (*salt_size > 0) { + fread(tmp_buf, 1, *salt_size, + fstream); +-- +1.7.8.6 diff --git a/pkgs/tools/misc/mcrypt/sprintf.patch b/pkgs/tools/misc/mcrypt/sprintf.patch deleted file mode 100644 index 1c9ade80777..00000000000 --- a/pkgs/tools/misc/mcrypt/sprintf.patch +++ /dev/null @@ -1,108 +0,0 @@ -Description: [CVE-2012-4527] Stack-based buffer overflow with long file names - . - A buffer overflow in mcrypt version 2.6.8 and earlier due to long filenames. - If a user were tricked into attempting to encrypt/decrypt specially crafted - long filename(s), this flaw would cause a stack-based buffer overflow that - could potentially lead to arbitrary code execution. - . - Note that this is caught by FORTIFY_SOURCE, which makes this a crash-only - bug on wheezy. -Author: Attila Bogar, Jean-Michel Vourgère -Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4527 -Bug: CVE-2012-4527 -Bug-Debian: http://bugs.debian.org/690924 -Forwarded: no -Last-Update: 2012-11-01 -Index: mcrypt-2.6.8/src/mcrypt.c -=================================================================== ---- mcrypt-2.6.8.orig/src/mcrypt.c -+++ mcrypt-2.6.8/src/mcrypt.c -@@ -41,4 +41,6 @@ - -+/* Temporary error message can contain one file name and 1k of text */ -+#define ERRWIDTH ((PATH_MAX)+1024) --char tmperr[128]; -+char tmperr[ERRWIDTH]; - unsigned int stream_flag = FALSE; - char *keymode = NULL; - char *mode = NULL; -@@ -482,7 +485,7 @@ - #ifdef HAVE_STAT - if (stream_flag == FALSE) { - if (is_normal_file(file[i]) == FALSE) { -- sprintf(tmperr, -+ snprintf(tmperr, ERRWIDTH, - _ - ("%s: %s is not a regular file. Skipping...\n"), - program_name, file[i]); -@@ -501,7 +504,7 @@ - dinfile = file[i]; - if ((isatty(fileno((FILE *) (stdin))) == 1) - && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -- sprintf(tmperr, -+ snprintf(tmperr, ERRWIDTH, - _ - ("%s: Encrypted data will not be read from a terminal.\n"), - program_name); -@@ -520,7 +523,7 @@ - einfile = file[i]; - if ((isatty(fileno((FILE *) (stdout))) == 1) - && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -- sprintf(tmperr, -+ snprintf(tmperr, ERRWIDTH, - _ - ("%s: Encrypted data will not be written to a terminal.\n"), - program_name); -@@ -544,7 +547,7 @@ - strcpy(outfile, einfile); - /* if file has already the .nc ignore it */ - if (strstr(outfile, ".nc") != NULL) { -- sprintf(tmperr, -+ snprintf(tmperr, ERRWIDTH, - _ - ("%s: file %s has the .nc suffix... skipping...\n"), - program_name, outfile); -@@ -590,10 +593,10 @@ - - if (x == 0) { - if (stream_flag == FALSE) { -- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); -+ snprintf(tmperr, ERRWIDTH, _("File %s was decrypted.\n"), dinfile); - err_warn(tmperr); - } else { -- sprintf(tmperr, _("Stdin was decrypted.\n")); -+ snprintf(tmperr, ERRWIDTH, _("Stdin was decrypted.\n")); - err_warn(tmperr); - } - #ifdef HAVE_STAT -@@ -610,7 +613,7 @@ - - } else { - if (stream_flag == FALSE) { -- sprintf(tmperr, -+ snprintf(tmperr, ERRWIDTH, - _ - ("File %s was NOT decrypted successfully.\n"), - dinfile); -@@ -636,10 +639,10 @@ - - if (x == 0) { - if (stream_flag == FALSE) { -- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); -+ snprintf(tmperr, ERRWIDTH, _("File %s was encrypted.\n"), einfile); - err_warn(tmperr); - } else { -- sprintf(tmperr, _("Stdin was encrypted.\n")); -+ snprintf(tmperr, ERRWIDTH, _("Stdin was encrypted.\n")); - err_warn(tmperr); - } - #ifdef HAVE_STAT -@@ -655,7 +658,7 @@ - - } else { - if (stream_flag == FALSE) { -- sprintf(tmperr, -+ snprintf(tmperr, ERRWIDTH, - _ - ("File %s was NOT encrypted successfully.\n"), - einfile); diff --git a/pkgs/tools/misc/mcrypt/sprintf_CVE-2012-4527.patch b/pkgs/tools/misc/mcrypt/sprintf_CVE-2012-4527.patch new file mode 100644 index 00000000000..1c9ade80777 --- /dev/null +++ b/pkgs/tools/misc/mcrypt/sprintf_CVE-2012-4527.patch @@ -0,0 +1,108 @@ +Description: [CVE-2012-4527] Stack-based buffer overflow with long file names + . + A buffer overflow in mcrypt version 2.6.8 and earlier due to long filenames. + If a user were tricked into attempting to encrypt/decrypt specially crafted + long filename(s), this flaw would cause a stack-based buffer overflow that + could potentially lead to arbitrary code execution. + . + Note that this is caught by FORTIFY_SOURCE, which makes this a crash-only + bug on wheezy. +Author: Attila Bogar, Jean-Michel Vourgère +Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4527 +Bug: CVE-2012-4527 +Bug-Debian: http://bugs.debian.org/690924 +Forwarded: no +Last-Update: 2012-11-01 +Index: mcrypt-2.6.8/src/mcrypt.c +=================================================================== +--- mcrypt-2.6.8.orig/src/mcrypt.c ++++ mcrypt-2.6.8/src/mcrypt.c +@@ -41,4 +41,6 @@ + ++/* Temporary error message can contain one file name and 1k of text */ ++#define ERRWIDTH ((PATH_MAX)+1024) +-char tmperr[128]; ++char tmperr[ERRWIDTH]; + unsigned int stream_flag = FALSE; + char *keymode = NULL; + char *mode = NULL; +@@ -482,7 +485,7 @@ + #ifdef HAVE_STAT + if (stream_flag == FALSE) { + if (is_normal_file(file[i]) == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: %s is not a regular file. Skipping...\n"), + program_name, file[i]); +@@ -501,7 +504,7 @@ + dinfile = file[i]; + if ((isatty(fileno((FILE *) (stdin))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: Encrypted data will not be read from a terminal.\n"), + program_name); +@@ -520,7 +523,7 @@ + einfile = file[i]; + if ((isatty(fileno((FILE *) (stdout))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: Encrypted data will not be written to a terminal.\n"), + program_name); +@@ -544,7 +547,7 @@ + strcpy(outfile, einfile); + /* if file has already the .nc ignore it */ + if (strstr(outfile, ".nc") != NULL) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: file %s has the .nc suffix... skipping...\n"), + program_name, outfile); +@@ -590,10 +593,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); ++ snprintf(tmperr, ERRWIDTH, _("File %s was decrypted.\n"), dinfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was decrypted.\n")); ++ snprintf(tmperr, ERRWIDTH, _("Stdin was decrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -610,7 +613,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("File %s was NOT decrypted successfully.\n"), + dinfile); +@@ -636,10 +639,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); ++ snprintf(tmperr, ERRWIDTH, _("File %s was encrypted.\n"), einfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was encrypted.\n")); ++ snprintf(tmperr, ERRWIDTH, _("Stdin was encrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -655,7 +658,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("File %s was NOT encrypted successfully.\n"), + einfile); diff --git a/pkgs/tools/security/super/default.nix b/pkgs/tools/security/super/default.nix index 73321fd618e..07051731069 100644 --- a/pkgs/tools/security/super/default.nix +++ b/pkgs/tools/security/super/default.nix @@ -17,9 +17,11 @@ stdenv.mkDerivation rec { ''; patches = [ - (fetchpatch { url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; - sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; - }) + (fetchpatch { + name = "CVE-2014-0470.patch"; + url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; + sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; + }) ]; NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; diff --git a/pkgs/tools/text/a2ps/default.nix b/pkgs/tools/text/a2ps/default.nix index 39f1b7e5bc2..c29060cb82f 100644 --- a/pkgs/tools/text/a2ps/default.nix +++ b/pkgs/tools/text/a2ps/default.nix @@ -17,6 +17,7 @@ stdenv.mkDerivation rec { sha256 = "0grqqsc3m45niac56m19m5gx7gc0m8zvia5iman1l4rlq31shf8s"; }) (fetchpatch { + name = "CVE-2015-8107.patch"; url = "https://sources.debian.net/data/main/a/a2ps/1:4.14-1.3/debian/patches/fix-format-security.diff"; sha256 = "0pq7zl41gf2kc6ahwyjnzn93vbxb4jc2c5g8j20isp4vw6dqrnwv"; }) -- cgit 1.4.1 From 044b8c51c9aae433fd60948abc52f0a98fa2a35b Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 6 May 2020 09:37:24 +0000 Subject: pax-utils: 1.2.5 -> 1.2.6 --- pkgs/os-specific/linux/pax-utils/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/pax-utils/default.nix b/pkgs/os-specific/linux/pax-utils/default.nix index f8c75b1913b..f69b2bd7fce 100644 --- a/pkgs/os-specific/linux/pax-utils/default.nix +++ b/pkgs/os-specific/linux/pax-utils/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pax-utils"; - version = "1.2.5"; + version = "1.2.6"; src = fetchurl { url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz"; - sha256 = "1v4jwbda25w07qhlx5xc5i0hwsv3pjy8hfy0r93vnmfjxq61grvw"; + sha256 = "08bzvgv1z3371sqf7zlm9i0b1y3wdymj2dqdvzvf192k3nix4hlp"; }; makeFlags = [ "PREFIX=$(out)" ]; -- cgit 1.4.1 From 603741e7514726356e653661f0a89acf0abf4670 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 7 May 2020 20:29:16 -0400 Subject: linux/hardened-patches/5.6: 5.6.10.a -> 5.6.11.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index d2f6f4b3e83..97968dd8aba 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.10.a.patch", - "sha256": "0jmyk7pl9ddbyhskzadd1z9svhm18v8gdv6kgb0ca6dbhf6ggsgy", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.10.a/linux-hardened-5.6.10.a.patch" + "name": "linux-hardened-5.6.11.a.patch", + "sha256": "1b6cwffb2b21h9xh2acm9q9j55cay87zbv9jjayv69znry4mzsx3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.11.a/linux-hardened-5.6.11.a.patch" } } -- cgit 1.4.1 From ced789fa62a0e222ec46ce48e6e5255b51a0f0b0 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 7 May 2020 20:29:26 -0400 Subject: linux/hardened-patches/5.4: 5.4.38.a -> 5.4.39.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 97968dd8aba..96c1a2ba3e4 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -10,9 +10,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.120.a/linux-hardened-4.19.120.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.38.a.patch", - "sha256": "1aaky36azfagk0nf5k92glil3f7ymijcvx03g8rnlinlsm3i2614", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.38.a/linux-hardened-5.4.38.a.patch" + "name": "linux-hardened-5.4.39.a.patch", + "sha256": "1w9yc0j8vshjyvb2qgxjvrdgwiy5lmjn3s1rmlch649vqp97j9w7", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.39.a/linux-hardened-5.4.39.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", -- cgit 1.4.1 From 3d44729f1ee53aa9c15620b7a48ebf1f8d3bee5e Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 7 May 2020 20:29:28 -0400 Subject: linux/hardened-patches/4.19: 4.19.120.a -> 4.19.121.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 96c1a2ba3e4..27138fa73bd 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -5,9 +5,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.178.a/linux-hardened-4.14.178.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.120.a.patch", - "sha256": "14l30127nd8d2q72k51alwmh8h57fyam0q6sggdljh16qlqilirl", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.120.a/linux-hardened-4.19.120.a.patch" + "name": "linux-hardened-4.19.121.a.patch", + "sha256": "0bwjx7qbzd50607kr1abx3rd19iciry3p1y3a8sz5w3vb62j8m6z", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.121.a/linux-hardened-4.19.121.a.patch" }, "5.4": { "name": "linux-hardened-5.4.39.a.patch", -- cgit 1.4.1 From 711667dc3e9800a035f0c0eb133c7cac395a714b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 7 May 2020 20:29:30 -0400 Subject: linux/hardened-patches/4.14: 4.14.178.a -> 4.14.179.a --- pkgs/os-specific/linux/kernel/hardened-patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index 27138fa73bd..118998a605b 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -1,8 +1,8 @@ { "4.14": { - "name": "linux-hardened-4.14.178.a.patch", - "sha256": "1klwymsd19y2sifbny5ikgry9rx9q2cbb13h1xqy42573add6q8c", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.178.a/linux-hardened-4.14.178.a.patch" + "name": "linux-hardened-4.14.179.a.patch", + "sha256": "0vdcg8713vhraqp04b6lw15qdrvg4iw646d54x6ic0421nxp9zmj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.179.a/linux-hardened-4.14.179.a.patch" }, "4.19": { "name": "linux-hardened-4.19.121.a.patch", -- cgit 1.4.1 From 6abf4a43adc899c352b91c5230afce29344dbe77 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Fri, 8 May 2020 15:20:47 +0200 Subject: treewide: per RFC45, remove more unquoted URLs --- nixos/modules/services/web-apps/dokuwiki.nix | 4 +- nixos/tests/dokuwiki.nix | 4 +- .../editors/emacs-modes/emacspeak/default.nix | 2 +- pkgs/applications/editors/emacs/default.nix | 2 +- .../browsers/ungoogled-chromium/browser.nix | 2 +- .../science/physics/elmerfem/default.nix | 2 +- pkgs/development/compilers/openjdk/13.nix | 4 +- .../node-packages/node-packages-v10.nix | 184 ++++++++++----------- .../ocaml-modules/bigstring/default.nix | 2 +- .../linux/alsa-topology-conf/default.nix | 2 +- pkgs/os-specific/linux/alsa-ucm-conf/default.nix | 2 +- pkgs/tools/security/aflplusplus/qemu.nix | 2 +- 12 files changed, 106 insertions(+), 106 deletions(-) (limited to 'pkgs/os-specific') diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index 76e18266a27..33a828fa2cb 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -188,7 +188,7 @@ let name = "icalevents"; # Download the plugin from the dokuwiki site src = pkgs.fetchurl { - url = https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip; + url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; }; sourceRoot = "."; @@ -216,7 +216,7 @@ let name = "bootstrap3"; # Download the theme from the dokuwiki site src = pkgs.fetchurl { - url = https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip; + url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; }; # We need unzip to build this package diff --git a/nixos/tests/dokuwiki.nix b/nixos/tests/dokuwiki.nix index 2b907133ed5..05271919eff 100644 --- a/nixos/tests/dokuwiki.nix +++ b/nixos/tests/dokuwiki.nix @@ -5,7 +5,7 @@ let name = "bootstrap3"; # Download the theme from the dokuwiki site src = pkgs.fetchurl { - url = https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip; + url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; }; # We need unzip to build this package @@ -20,7 +20,7 @@ let name = "icalevents"; # Download the plugin from the dokuwiki site src = pkgs.fetchurl { - url = https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip; + url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; }; # We need unzip to build this package diff --git a/pkgs/applications/editors/emacs-modes/emacspeak/default.nix b/pkgs/applications/editors/emacs-modes/emacspeak/default.nix index 5bc8bbc6a90..eb6eac1acbf 100644 --- a/pkgs/applications/editors/emacs-modes/emacspeak/default.nix +++ b/pkgs/applications/editors/emacs-modes/emacspeak/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = https://github.com/tvraman/emacspeak/; + homepage = "https://github.com/tvraman/emacspeak/"; description = "Emacs extension that provides spoken output"; license = licenses.gpl2; maintainers = [ dema ]; diff --git a/pkgs/applications/editors/emacs/default.nix b/pkgs/applications/editors/emacs/default.nix index fc00384c03a..224fe907450 100644 --- a/pkgs/applications/editors/emacs/default.nix +++ b/pkgs/applications/editors/emacs/default.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation rec { ./tramp-detect-wrapped-gvfsd.patch # unbreak macOS unexec (fetchpatch { - url = https://github.com/emacs-mirror/emacs/commit/888ffd960c06d56a409a7ff15b1d930d25c56089.patch; + url = "https://github.com/emacs-mirror/emacs/commit/888ffd960c06d56a409a7ff15b1d930d25c56089.patch"; sha256 = "08q3ygdigqwky70r47rcgzlkc5jy82xiq8am5kwwy891wlpl7frw"; }) ]; diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix index 87248013a9a..f87acc8722e 100644 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix +++ b/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix @@ -76,7 +76,7 @@ mkChromiumDerivation (base: rec { the web. It has a minimalist user interface and provides the vast majority of source code for Google Chrome (which has some additional features). ''; - homepage = https://github.com/Eloston/ungoogled-chromium; + homepage = "https://github.com/Eloston/ungoogled-chromium"; maintainers = with maintainers; [ squalus ]; # Overview of the maintainer roles: # nixos-unstable: diff --git a/pkgs/applications/science/physics/elmerfem/default.nix b/pkgs/applications/science/physics/elmerfem/default.nix index 642982830f7..46cc32fa168 100644 --- a/pkgs/applications/science/physics/elmerfem/default.nix +++ b/pkgs/applications/science/physics/elmerfem/default.nix @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; meta = with stdenv.lib; { - homepage = http://www.elmerfem.org/; + homepage = "https://elmerfem.org/"; description = "A finite element software for multiphysical problems."; platforms = platforms.unix; maintainers = [ maintainers.wulfsta ]; diff --git a/pkgs/development/compilers/openjdk/13.nix b/pkgs/development/compilers/openjdk/13.nix index 24828f16e7b..b3842ba7cad 100644 --- a/pkgs/development/compilers/openjdk/13.nix +++ b/pkgs/development/compilers/openjdk/13.nix @@ -41,7 +41,7 @@ let # so grab the work-around from # https://src.fedoraproject.org/rpms/java-openjdk/pull-request/24 (fetchurl { - url = https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch; + url = "https://src.fedoraproject.org/rpms/java-openjdk/raw/06c001c7d87f2e9fe4fedeef2d993bcd5d7afa2a/f/rh1673833-remove_removal_of_wformat_during_test_compilation.patch"; sha256 = "082lmc30x64x583vqq00c8y0wqih3y4r0mp1c4bqq36l22qv6b6r"; }) ] ++ lib.optionals (!headless && enableGnome2) [ @@ -140,7 +140,7 @@ let disallowedReferences = [ openjdk13-bootstrap ]; meta = with stdenv.lib; { - homepage = http://openjdk.java.net/; + homepage = "http://openjdk.java.net/"; license = licenses.gpl2; description = "The open-source Java Development Kit"; maintainers = with maintainers; [ edwtjo ]; diff --git a/pkgs/development/node-packages/node-packages-v10.nix b/pkgs/development/node-packages/node-packages-v10.nix index ce2c91bfac1..3096408963e 100644 --- a/pkgs/development/node-packages/node-packages-v10.nix +++ b/pkgs/development/node-packages/node-packages-v10.nix @@ -15332,13 +15332,13 @@ let sha512 = "gYCwo7kh5S3IDyZPLZf6hSS0MnZT8QmJFqYvbqlDZSbwdZlY6QZWxJ4i/6UhITOJ4XzyI647Bm2MXKCLqnJ4nQ=="; }; }; - "emitter-http://github.com/component/emitter/archive/1.0.1.tar.gz" = { + "emitter-https://github.com/component/emitter/archive/1.0.1.tar.gz" = { name = "emitter"; packageName = "emitter"; version = "1.0.1"; src = fetchurl { name = "emitter-1.0.1.tar.gz"; - url = https://codeload.github.com/component/emitter/tar.gz/1.0.1; + url = "https://codeload.github.com/component/emitter/tar.gz/1.0.1"; sha256 = "0eae744826723877457f7a7ac7f31d68a5a060673b3a883f6a8e325bf48f313d"; }; }; @@ -19713,7 +19713,7 @@ let version = "2.0.1"; src = fetchurl { name = "global-2.0.1.tar.gz"; - url = https://codeload.github.com/component/global/tar.gz/v2.0.1; + url = "https://codeload.github.com/component/global/tar.gz/v2.0.1"; sha256 = "42be02b7148745447f6ba21137c972ca82d2cad92d30d63bd4fc310623901785"; }; }; @@ -31809,7 +31809,7 @@ let version = "0.9.15"; src = fetchurl { name = "oauth-0.9.15.tar.gz"; - url = https://codeload.github.com/ciaranj/node-oauth/legacy.tar.gz/master; + url = "https://codeload.github.com/ciaranj/node-oauth/legacy.tar.gz/master"; sha256 = "9341c28772841acde618c778e85e381976f425824b816100792f697e68aec947"; }; }; @@ -49065,7 +49065,7 @@ let version = "1.5.0"; src = fetchurl { name = "xmlhttprequest-1.5.0.tar.gz"; - url = https://codeload.github.com/LearnBoost/node-XMLHttpRequest/tar.gz/0f36d0b5ebc03d85f860d42a64ae9791e1daa433; + url = "https://codeload.github.com/LearnBoost/node-XMLHttpRequest/tar.gz/0f36d0b5ebc03d85f860d42a64ae9791e1daa433"; sha256 = "28dd0394d85befe8be4e9cd9f6803102780c62cbb09298cb174b52ff9777624f"; }; }; @@ -50087,7 +50087,7 @@ in buildInputs = globalBuildInputs; meta = { description = "CLI tool for Angular"; - homepage = https://github.com/angular/angular-cli; + homepage = "https://github.com/angular/angular-cli"; license = "MIT"; }; production = true; @@ -50130,7 +50130,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The command line interface for Antora."; - homepage = https://antora.org/; + homepage = "https://antora.org/"; license = "MPL-2.0"; }; production = true; @@ -50450,7 +50450,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The default site generator pipeline for producing and publishing static documentation sites with Antora."; - homepage = https://antora.org/; + homepage = "https://antora.org/"; license = "MPL-2.0"; }; production = true; @@ -50613,7 +50613,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A secure and free password manager for all of your devices."; - homepage = https://bitwarden.com/; + homepage = "https://bitwarden.com/"; license = "GPL-3.0"; }; production = true; @@ -52194,7 +52194,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Command line interface for rapid Vue.js development"; - homepage = https://cli.vuejs.org/; + homepage = "https://cli.vuejs.org/"; license = "MIT"; }; production = true; @@ -52556,7 +52556,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Creating Electron app packages"; - homepage = https://github.com/electron/asar; + homepage = "https://github.com/electron/asar"; license = "MIT"; }; production = true; @@ -52714,7 +52714,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The browser package manager"; - homepage = http://bower.io/; + homepage = "https://bower.io/"; license = "MIT"; }; production = true; @@ -52844,7 +52844,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate nix expressions to fetch bower dependencies"; - homepage = https://github.com/rvl/bower2nix; + homepage = "https://github.com/rvl/bower2nix"; license = "GPL-3.0"; }; production = true; @@ -53457,7 +53457,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A well-tested CSS minifier"; - homepage = https://github.com/jakubpawlowicz/clean-css; + homepage = "https://github.com/jakubpawlowicz/clean-css"; license = "MIT"; }; production = true; @@ -56696,7 +56696,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Unfancy JavaScript"; - homepage = http://coffeescript.org/; + homepage = "https://coffeescript.org/"; license = "MIT"; }; production = true; @@ -58099,7 +58099,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Create React Native apps with no build configuration."; - homepage = https://github.com/expo/create-react-native-app; + homepage = "https://github.com/expo/create-react-native-app"; license = "BSD-3-Clause"; }; production = true; @@ -58121,7 +58121,7 @@ in buildInputs = globalBuildInputs; meta = { description = "CSSLint"; - homepage = http://csslint.net/; + homepage = "http://csslint.net/"; # https is broken license = "MIT"; }; production = true; @@ -58776,7 +58776,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Dat is the package manager for data. Easily share and version control data."; - homepage = https://datproject.org/; + homepage = "https://datproject.org/"; license = "BSD-3-Clause"; }; production = true; @@ -58797,7 +58797,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A DHCP server written in JavaScript"; - homepage = https://github.com/infusion/node-dhcp; + homepage = "https://github.com/infusion/node-dhcp"; license = "MIT OR GPL-2.0"; }; production = true; @@ -58942,7 +58942,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A blockchain-based DNS + HTTPS server that fixes HTTPS security, and more!"; - homepage = https://github.com/okTurtles/dnschain; + homepage = "https://github.com/okTurtles/dnschain"; license = "MPL-2.0"; }; production = true; @@ -59476,7 +59476,7 @@ in buildInputs = globalBuildInputs; meta = { description = "EmojiOne is a complete set of emojis designed for the web. It includes libraries to easily convert unicode characters to shortnames (:smile:) and shortnames to our custom emoji images. PNG formats provided for the emoji images."; - homepage = https://www.emojione.com/; + homepage = "https://www.emojione.com/"; }; production = true; bypassCache = true; @@ -59651,7 +59651,7 @@ in buildInputs = globalBuildInputs; meta = { description = "An AST-based pattern checker for JavaScript."; - homepage = https://eslint.org/; + homepage = "https://eslint.org/"; license = "MIT"; }; production = true; @@ -59832,7 +59832,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Makes eslint the fastest linter on the planet"; - homepage = https://github.com/mantoni/eslint_d.js; + homepage = "https://github.com/mantoni/eslint_d.js"; license = "MIT"; }; production = true; @@ -60856,7 +60856,7 @@ in buildInputs = globalBuildInputs; meta = { description = "git hosting on secure-scuttlebutt (ssb)"; - homepage = https://git-ssb.celehner.com/%25n92DiQh7ietE%2BR%2BX%2FI403LQoyf2DtR3WQfCkDKlheQU%3D.sha256; + homepage = "https://git-ssb.celehner.com/%25n92DiQh7ietE%2BR%2BX%2FI403LQoyf2DtR3WQfCkDKlheQU%3D.sha256"; license = "Fair"; }; production = true; @@ -62710,7 +62710,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The streaming build system."; - homepage = https://gulpjs.com/; + homepage = "https://gulpjs.com/"; license = "MIT"; }; production = true; @@ -63055,7 +63055,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Command line interface for gulp"; - homepage = http://gulpjs.com/; + homepage = "https://gulpjs.com/"; license = "MIT"; }; production = true; @@ -63086,7 +63086,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Highly configurable, well-tested, JavaScript-based HTML minifier."; - homepage = https://kangax.github.io/html-minifier/; + homepage = "https://kangax.github.io/html-minifier/"; license = "MIT"; }; production = true; @@ -63450,7 +63450,7 @@ in buildInputs = globalBuildInputs; meta = { description = "High precision scientific calculator with support for physical units"; - homepage = https://github.com/sharkdp/insect; + homepage = "https://github.com/sharkdp/insect"; license = "MIT"; }; production = true; @@ -63770,7 +63770,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A tool for creating and developing Ionic Framework mobile apps."; - homepage = https://ionicframework.com/; + homepage = "https://ionicframework.com/"; license = "MIT"; }; production = true; @@ -64302,7 +64302,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Implementation of the Language Server Protocol for JavaScript and TypeScript"; - homepage = https://github.com/sourcegraph/javascript-typescript-langserver; + homepage = "https://github.com/sourcegraph/javascript-typescript-langserver"; license = "Apache-2.0"; }; production = true; @@ -65152,7 +65152,7 @@ in buildInputs = globalBuildInputs; meta = { description = "beautifier.io for node"; - homepage = https://beautifier.io/; + homepage = "https://beautifier.io/"; license = "MIT"; }; production = true; @@ -65175,7 +65175,7 @@ in buildInputs = globalBuildInputs; meta = { description = "YAML 1.2 parser and serializer"; - homepage = https://github.com/nodeca/js-yaml; + homepage = "https://github.com/nodeca/js-yaml"; license = "MIT"; }; production = true; @@ -65271,7 +65271,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Static analysis tool for JavaScript"; - homepage = http://jshint.com/; + homepage = "https://jshint.com/"; license = "(MIT AND JSON)"; }; production = true; @@ -65314,7 +65314,7 @@ in buildInputs = globalBuildInputs; meta = { description = "JSON diff"; - homepage = https://github.com/andreyvit/json-diff; + homepage = "https://github.com/andreyvit/json-diff"; }; production = true; bypassCache = true; @@ -65368,8 +65368,8 @@ in ]; buildInputs = globalBuildInputs; meta = { - description = "Various utilities for JSON References (http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03)."; - homepage = https://github.com/whitlockjc/json-refs; + description = "Various utilities for JSON References (https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03)."; + homepage = "https://github.com/whitlockjc/json-refs"; license = "MIT"; }; production = true; @@ -65650,7 +65650,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Get a full fake REST API with zero coding in less than 30 seconds"; - homepage = https://github.com/typicode/json-server; + homepage = "https://github.com/typicode/json-server"; license = "MIT"; }; production = true; @@ -65677,7 +65677,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Validate JSON"; - homepage = http://zaach.github.com/jsonlint/; + homepage = "https://zaa.ch/jsonlint/"; }; production = true; bypassCache = true; @@ -65877,7 +65877,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Spectacular Test Runner for JavaScript."; - homepage = http://karma-runner.github.io/; + homepage = "https://karma-runner.github.io/"; license = "MIT"; }; production = true; @@ -65971,7 +65971,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Merges multiple lcov results into one"; - homepage = https://github.com/mweibel/lcov-result-merger; + homepage = "https://github.com/mweibel/lcov-result-merger"; license = "MIT"; }; production = true; @@ -67272,7 +67272,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Leaner CSS"; - homepage = http://lesscss.org/; + homepage = "http://lesscss.org/"; # https is broken license = "Apache-2.0"; }; production = true; @@ -67297,7 +67297,7 @@ in buildInputs = globalBuildInputs; meta = { description = "clean-css plugin for less.js"; - homepage = http://lesscss.org/; + homepage = "http://lesscss.org/"; # https is broken }; production = true; bypassCache = true; @@ -68138,7 +68138,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Live Markdown previews for your favourite editor."; - homepage = https://github.com/shime/livedown; + homepage = "https://github.com/shime/livedown"; license = "MIT"; }; production = true; @@ -69302,7 +69302,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Madoko is a fast scholarly Markdown processor written in Koka"; - homepage = http://madoko.codeplex.com/; + homepage = "https://madoko.codeplex.com/"; }; production = true; bypassCache = true; @@ -69442,7 +69442,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Meeting room kiosk app for displaying meeting room schedules and booking rooms in your organization. Built against Google Apps, but other sources can be defined."; - homepage = https://bitbucket.org/aahmed/meat; + homepage = "https://bitbucket.org/aahmed/meat"; }; production = true; bypassCache = true; @@ -70300,7 +70300,7 @@ in buildInputs = globalBuildInputs; meta = { description = "simple, flexible, fun test framework"; - homepage = https://mochajs.org/; + homepage = "https://mochajs.org/"; license = "MIT"; }; production = true; @@ -70424,7 +70424,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Neovim client API and neovim remote plugin provider"; - homepage = https://github.com/neovim/node-client; + homepage = "https://github.com/neovim/node-client"; license = "MIT"; }; production = true; @@ -70583,7 +70583,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Build tool and bindings loader for node-gyp that supports prebuilds"; - homepage = https://github.com/prebuild/node-gyp-build; + homepage = "https://github.com/prebuild/node-gyp-build"; license = "MIT"; }; production = true; @@ -70879,7 +70879,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Web Inspector based nodeJS debugger"; - homepage = http://github.com/node-inspector/node-inspector; + homepage = "https://github.com/node-inspector/node-inspector"; }; production = true; bypassCache = true; @@ -71446,7 +71446,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Low-code programming for event-driven applications"; - homepage = http://nodered.org/; + homepage = "https://nodered.org/"; license = "Apache-2.0"; }; production = true; @@ -71636,7 +71636,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate Nix expressions to build NPM packages"; - homepage = https://github.com/svanderburg/node2nix; + homepage = "https://github.com/svanderburg/node2nix"; license = "MIT"; }; production = true; @@ -71800,7 +71800,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Simple monitor script for use during development of a node.js app."; - homepage = http://nodemon.io/; + homepage = "https://nodemon.io/"; license = "MIT"; }; production = true; @@ -71818,7 +71818,7 @@ in buildInputs = globalBuildInputs; meta = { description = "a package manager for JavaScript"; - homepage = https://docs.npmjs.com/; + homepage = "https://docs.npmjs.com/"; license = "Artistic-2.0"; }; production = true; @@ -72192,7 +72192,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Find newer versions of dependencies than what your package.json or bower.json allows"; - homepage = https://github.com/tjunnone/npm-check-updates; + homepage = "https://github.com/tjunnone/npm-check-updates"; license = "Apache-2.0"; }; production = true; @@ -72366,7 +72366,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Generate nix expressions to build npm packages"; - homepage = https://github.com/NixOS/npm2nix; + homepage = "https://github.com/NixOS/npm2nix"; }; production = true; bypassCache = true; @@ -72407,7 +72407,7 @@ in buildInputs = globalBuildInputs; meta = { description = "OCaml language server"; - homepage = https://github.com/freebroccolo/ocaml-language-server; + homepage = "https://github.com/freebroccolo/ocaml-language-server"; license = "Apache-2.0"; }; production = true; @@ -73972,7 +73972,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Streaming torrent client for Node.js"; - homepage = https://github.com/mafintosh/peerflix; + homepage = "https://github.com/mafintosh/peerflix"; license = "MIT"; }; production = true; @@ -74361,7 +74361,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Fast, disk space efficient package manager"; - homepage = https://pnpm.js.org/; + homepage = "https://pnpm.js.org/"; license = "MIT"; }; production = true; @@ -74524,7 +74524,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Prettier is an opinionated code formatter"; - homepage = https://prettier.io/; + homepage = "https://prettier.io/"; license = "MIT"; }; production = true; @@ -74915,7 +74915,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A build system for PureScript projects"; - homepage = https://github.com/purescript-contrib/pulp; + homepage = "https://github.com/purescript-contrib/pulp"; license = "LGPL-3.0+"; }; production = true; @@ -75087,7 +75087,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A set of complementary tools to React, including the JSX transformer."; - homepage = https://facebook.github.io/react; + homepage = "https://facebook.github.io/react"; license = "BSD-3-Clause"; }; production = true; @@ -75105,7 +75105,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The HTML Presentation Framework"; - homepage = http://revealjs.com/; + homepage = "https://revealjs.com/"; license = "MIT"; }; production = true; @@ -76773,7 +76773,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Serverless Framework - Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more"; - homepage = https://serverless.com/framework/docs/; + homepage = "https://serverless.com/framework/docs/"; license = "MIT"; }; production = true; @@ -76838,7 +76838,7 @@ in sources."duplexer-0.1.1" sources."ecc-jsbn-0.1.2" sources."ee-first-1.1.1" - sources."emitter-http://github.com/component/emitter/archive/1.0.1.tar.gz" + sources."emitter-https://github.com/component/emitter/archive/1.0.1.tar.gz" sources."encodeurl-1.0.2" (sources."engine.io-1.3.1" // { dependencies = [ @@ -76961,7 +76961,7 @@ in (sources."socket.io-adapter-0.2.0" // { dependencies = [ sources."debug-0.7.4" - sources."emitter-http://github.com/component/emitter/archive/1.0.1.tar.gz" + sources."emitter-https://github.com/component/emitter/archive/1.0.1.tar.gz" sources."socket.io-parser-2.1.2" ]; }) @@ -78891,7 +78891,7 @@ in buildInputs = globalBuildInputs; meta = { description = "network protocol layer for secure-scuttlebutt"; - homepage = https://github.com/ssbc/ssb-server; + homepage = "https://github.com/ssbc/ssb-server"; license = "MIT"; }; production = true; @@ -78909,7 +78909,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Send metric data from statsd to Stackdriver"; - homepage = https://www.stackdriver.com/; + homepage = "https://www.stackdriver.com/"; license = "MIT"; }; production = true; @@ -79828,7 +79828,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Nodejs-based tool for optimizing SVG vector graphics files"; - homepage = https://github.com/svg/svgo; + homepage = "https://github.com/svg/svgo"; license = "MIT"; }; production = true; @@ -80863,7 +80863,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The pluggable linting tool for text and markdown."; - homepage = https://github.com/textlint/textlint/; + homepage = "https://github.com/textlint/textlint/"; license = "MIT"; }; production = true; @@ -80885,7 +80885,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Latex plugin for [textlint](https://github.com/textlint/textlint "textlint")."; - homepage = https://github.com/elzup/textlint-plugin-latex; + homepage = "https://github.com/elzup/textlint-plugin-latex"; license = "MIT"; }; production = true; @@ -80924,7 +80924,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule check that abbreviations within parentheses."; - homepage = https://github.com/azu/textlint-rule-abbr-within-parentheses; + homepage = "https://github.com/azu/textlint-rule-abbr-within-parentheses"; license = "MIT"; }; production = true; @@ -81238,7 +81238,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule for alex"; - homepage = https://github.com/textlint-rule/textlint-rule-alex; + homepage = "https://github.com/textlint-rule/textlint-rule-alex"; license = "MIT"; }; production = true; @@ -81263,7 +81263,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule to check common misspellings"; - homepage = https://github.com/io-monad/textlint-rule-common-misspellings; + homepage = "https://github.com/io-monad/textlint-rule-common-misspellings"; license = "GPL-3.0"; }; production = true; @@ -81285,7 +81285,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Textlint rule to check correct usage of diacritics"; - homepage = https://github.com/sapegin/textlint-rule-diacritics; + homepage = "https://github.com/sapegin/textlint-rule-diacritics"; license = "MIT"; }; production = true; @@ -81322,7 +81322,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that specify the maximum word count of a sentence."; - homepage = https://github.com/azu/textlint-rule-en-max-word-count; + homepage = "https://github.com/azu/textlint-rule-en-max-word-count"; license = "MIT"; }; production = true; @@ -81415,7 +81415,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that check no start with duplicated conjunction."; - homepage = https://github.com/textlint-rule/textlint-rule-no-start-duplicated-conjunction; + homepage = "https://github.com/textlint-rule/textlint-rule-no-start-duplicated-conjunction"; license = "MIT"; }; production = true; @@ -81456,7 +81456,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that check with or without period in list item."; - homepage = https://github.com/textlint-rule/textlint-rule-period-in-list-item; + homepage = "https://github.com/textlint-rule/textlint-rule-period-in-list-item"; license = "MIT"; }; production = true; @@ -81486,7 +81486,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Textlint rule to find filler words, buzzwords and chiches"; - homepage = https://github.com/sapegin/textlint-rule-stop-words; + homepage = "https://github.com/sapegin/textlint-rule-stop-words"; license = "MIT"; }; production = true; @@ -81516,7 +81516,7 @@ in buildInputs = globalBuildInputs; meta = { description = "TextLint rule to check correct terms spelling"; - homepage = https://github.com/sapegin/textlint-rule-terminology; + homepage = "https://github.com/sapegin/textlint-rule-terminology"; license = "MIT"; }; production = true; @@ -81556,7 +81556,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule that check unexpanded acronym word."; - homepage = https://github.com/textlint-rule/textlint-rule-unexpanded-acronym; + homepage = "https://github.com/textlint-rule/textlint-rule-unexpanded-acronym"; license = "MIT"; }; production = true; @@ -81596,7 +81596,7 @@ in buildInputs = globalBuildInputs; meta = { description = "textlint rule to check your English style with write good"; - homepage = https://github.com/textlint-rule/textlint-rule-write-good; + homepage = "https://github.com/textlint-rule/textlint-rule-write-good"; license = "MIT"; }; production = true; @@ -82031,7 +82031,7 @@ in buildInputs = globalBuildInputs; meta = { description = "The self-hosted Web IRC client"; - homepage = https://thelounge.chat/; + homepage = "https://thelounge.chat/"; license = "MIT"; }; production = true; @@ -82049,7 +82049,7 @@ in buildInputs = globalBuildInputs; meta = { description = "JavaScript 3D library"; - homepage = https://threejs.org/; + homepage = "https://threejs.org/"; license = "MIT"; }; production = true; @@ -82390,7 +82390,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Joyent Triton CLI and client (https://www.joyent.com/triton)"; - homepage = https://github.com/joyent/node-triton; + homepage = "https://github.com/joyent/node-triton"; license = "MPL-2.0"; }; production = true; @@ -82439,7 +82439,7 @@ in buildInputs = globalBuildInputs; meta = { description = "TSUN: a repl for TypeScript Upgraded Node"; - homepage = https://github.com/HerringtonDarkholme/typescript-repl; + homepage = "https://github.com/HerringtonDarkholme/typescript-repl"; license = "MIT"; }; production = true; @@ -82480,7 +82480,7 @@ in buildInputs = globalBuildInputs; meta = { description = "TypeScript is a language for application scale JavaScript development"; - homepage = https://www.typescriptlang.org/; + homepage = "https://www.typescriptlang.org/"; license = "Apache-2.0"; }; production = true; @@ -84242,7 +84242,7 @@ in buildInputs = globalBuildInputs; meta = { description = "vue-language-server"; - homepage = https://github.com/vuejs/vetur/tree/master/server; + homepage = "https://github.com/vuejs/vetur/tree/master/server"; license = "MIT"; }; production = true; @@ -85365,7 +85365,7 @@ in buildInputs = globalBuildInputs; meta = { description = "A command line tool to help build, run, and test web extensions"; - homepage = https://github.com/mozilla/web-ext; + homepage = "https://github.com/mozilla/web-ext"; license = "MPL-2.0"; }; production = true; @@ -85846,7 +85846,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff."; - homepage = https://github.com/webpack/webpack; + homepage = "https://github.com/webpack/webpack"; license = "MIT"; }; production = true; @@ -86911,7 +86911,7 @@ in buildInputs = globalBuildInputs; meta = { description = "Copy files && directories with webpack"; - homepage = https://github.com/webpack-contrib/copy-webpack-plugin; + homepage = "https://github.com/webpack-contrib/copy-webpack-plugin"; license = "MIT"; }; production = true; @@ -87208,7 +87208,7 @@ in buildInputs = globalBuildInputs; meta = { description = "WebTorrent, the streaming torrent client. For the command line."; - homepage = https://webtorrent.io/; + homepage = "https://webtorrent.io/"; license = "MIT"; }; production = true; @@ -88266,7 +88266,7 @@ in buildInputs = globalBuildInputs; meta = { description = "CLI tool for running Yeoman generators"; - homepage = http://yeoman.io/; + homepage = "https://yeoman.io/"; license = "BSD-2-Clause"; }; production = true; diff --git a/pkgs/development/ocaml-modules/bigstring/default.nix b/pkgs/development/ocaml-modules/bigstring/default.nix index c74676e4a1e..98687262c33 100644 --- a/pkgs/development/ocaml-modules/bigstring/default.nix +++ b/pkgs/development/ocaml-modules/bigstring/default.nix @@ -16,7 +16,7 @@ buildDunePackage rec { doCheck = true; meta = with lib; { - homepage = https://github.com/c-cube/ocaml-bigstring; + homepage = "https://github.com/c-cube/ocaml-bigstring"; description = "Bigstring built on top of bigarrays, and convenient functions"; license = licenses.bsd2; maintainers = [ maintainers.alexfmpe ]; diff --git a/pkgs/os-specific/linux/alsa-topology-conf/default.nix b/pkgs/os-specific/linux/alsa-topology-conf/default.nix index 26febf0daa7..f73bbbdba35 100644 --- a/pkgs/os-specific/linux/alsa-topology-conf/default.nix +++ b/pkgs/os-specific/linux/alsa-topology-conf/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = http://www.alsa-project.org/; + homepage = "https://www.alsa-project.org/"; description = "ALSA topology configuration files"; longDescription = '' diff --git a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix index 6f2766ef9ff..685ba3e2c3e 100644 --- a/pkgs/os-specific/linux/alsa-ucm-conf/default.nix +++ b/pkgs/os-specific/linux/alsa-ucm-conf/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = http://www.alsa-project.org/; + homepage = "https://www.alsa-project.org/"; description = "ALSA Use Case Manager configuration"; longDescription = '' diff --git a/pkgs/tools/security/aflplusplus/qemu.nix b/pkgs/tools/security/aflplusplus/qemu.nix index 36fc059e3ea..c51c839afe8 100644 --- a/pkgs/tools/security/aflplusplus/qemu.nix +++ b/pkgs/tools/security/aflplusplus/qemu.nix @@ -74,7 +74,7 @@ stdenv.mkDerivation { ]; meta = with stdenv.lib; { - homepage = http://www.qemu.org/; + homepage = "https://www.qemu.org/"; description = "Fork of QEMU with AFL++ instrumentation support"; license = licenses.gpl2Plus; maintainers = with maintainers; [ ris ]; -- cgit 1.4.1 From 83c4ac2eb3ac2aacfc917e96b1a12091889fdfae Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 26 Apr 2020 19:28:24 +0100 Subject: linux/update-hardened.py: reformat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit $ isort --multi-line=3 --trailing-comma --force-grid-wrap=0 --use-parentheses … $ black --line-length=80 … (per the black documentation) --- pkgs/os-specific/linux/kernel/update-hardened.py | 138 +++++++++++++---------- 1 file changed, 80 insertions(+), 58 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/update-hardened.py b/pkgs/os-specific/linux/kernel/update-hardened.py index 7f6949653af..49a6228fb97 100755 --- a/pkgs/os-specific/linux/kernel/update-hardened.py +++ b/pkgs/os-specific/linux/kernel/update-hardened.py @@ -3,60 +3,68 @@ # This is automatically called by ./update.sh. -import re import json -import sys import os.path -from glob import glob +import re import subprocess +import sys +from glob import glob from tempfile import TemporaryDirectory from github import Github HERE = os.path.dirname(os.path.realpath(__file__)) -HARDENED_GITHUB_REPO = 'anthraxx/linux-hardened' -HARDENED_TRUSTED_KEY = os.path.join(HERE, 'anthraxx.asc') -HARDENED_PATCHES_PATH = os.path.join(HERE, 'hardened-patches.json') +HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" +HARDENED_TRUSTED_KEY = os.path.join(HERE, "anthraxx.asc") +HARDENED_PATCHES_PATH = os.path.join(HERE, "hardened-patches.json") MIN_KERNEL_VERSION = [4, 14] + def run(*args, **kwargs): try: return subprocess.run( - args, **kwargs, - check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, + args, + **kwargs, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, ) except subprocess.CalledProcessError as err: print( - f'error: `{err.cmd}` failed unexpectedly\n' - f'status code: {err.returncode}\n' + f"error: `{err.cmd}` failed unexpectedly\n" + f"status code: {err.returncode}\n" f'stdout:\n{err.stdout.decode("utf-8").strip()}\n' f'stderr:\n{err.stderr.decode("utf-8").strip()}', file=sys.stderr, ) sys.exit(1) + def nix_prefetch_url(url): - output = run('nix-prefetch-url', '--print-path', url).stdout - return output.decode('utf-8').strip().split('\n') + output = run("nix-prefetch-url", "--print-path", url).stdout + return output.decode("utf-8").strip().split("\n") + def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path): - with TemporaryDirectory(suffix='.nixpkgs-gnupg-home') as gnupg_home: - run('gpg', '--homedir', gnupg_home, '--import', trusted_key) - keyring = os.path.join(gnupg_home, 'pubring.kbx') + with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home: + run("gpg", "--homedir", gnupg_home, "--import", trusted_key) + keyring = os.path.join(gnupg_home, "pubring.kbx") try: subprocess.run( - ('gpgv', '--keyring', keyring, sig_path, data_path), - check=True, stderr=subprocess.PIPE, + ("gpgv", "--keyring", keyring, sig_path, data_path), + check=True, + stderr=subprocess.PIPE, ) return True except subprocess.CalledProcessError as err: print( - f'error: signature for {name} failed to verify!', + f"error: signature for {name} failed to verify!", file=sys.stderr, ) - print(err.stderr.decode('utf-8'), file=sys.stderr, end='') + print(err.stderr.decode("utf-8"), file=sys.stderr, end="") return False + def fetch_patch(*, name, release): def find_asset(filename): try: @@ -68,12 +76,12 @@ def fetch_patch(*, name, release): except StopIteration: raise KeyError(filename) - patch_filename = f'{name}.patch' + patch_filename = f"{name}.patch" try: patch_url = find_asset(patch_filename) - sig_url = find_asset(patch_filename + '.sig') + sig_url = find_asset(patch_filename + ".sig") except KeyError: - print(f'error: {patch_filename}{{,.sig}} not present', file=sys.stderr) + print(f"error: {patch_filename}{{,.sig}} not present", file=sys.stderr) return None sha256, patch_path = nix_prefetch_url(patch_url) @@ -88,59 +96,71 @@ def fetch_patch(*, name, release): return None return { - 'name': patch_filename, - 'url': patch_url, - 'sha256': sha256, + "name": patch_filename, + "url": patch_url, + "sha256": sha256, } + def parse_version(version_str): version = [] - for component in version_str.split('.'): + for component in version_str.split("."): try: version.append(int(component)) except ValueError: version.append(component) return version + def version_string(version): - return '.'.join(str(component) for component in version) + return ".".join(str(component) for component in version) + def major_kernel_version_key(kernel_version): return version_string(kernel_version[:-1]) + def commit_patches(*, kernel_key, message): - with open(HARDENED_PATCHES_PATH + '.new', 'w') as new_patches_file: + with open(HARDENED_PATCHES_PATH + ".new", "w") as new_patches_file: json.dump(patches, new_patches_file, indent=4, sort_keys=True) - new_patches_file.write('\n') - os.rename(HARDENED_PATCHES_PATH + '.new', HARDENED_PATCHES_PATH) - message = f'linux/hardened-patches/{kernel_key}: {message}' + new_patches_file.write("\n") + os.rename(HARDENED_PATCHES_PATH + ".new", HARDENED_PATCHES_PATH) + message = f"linux/hardened-patches/{kernel_key}: {message}" print(message) - if os.environ.get('COMMIT'): + if os.environ.get("COMMIT"): run( - 'git', '-C', HERE, 'commit', f'--message={message}', - 'hardened-patches.json', + "git", + "-C", + HERE, + "commit", + f"--message={message}", + "hardened-patches.json", ) + # Load the existing patches. with open(HARDENED_PATCHES_PATH) as patches_file: patches = json.load(patches_file) -NIX_VERSION_RE = re.compile(r''' - \s* version \s* = - \s* " (?P [^"]*) " - \s* ; \s* \n -''', re.VERBOSE) +NIX_VERSION_RE = re.compile( + r""" + \s* version \s* = + \s* " (?P [^"]*) " + \s* ; \s* \n + """, + re.VERBOSE, +) # Get the set of currently packaged kernel versions. kernel_versions = {} for filename in os.listdir(HERE): - filename_match = re.fullmatch(r'linux-(\d+)\.(\d+)\.nix', filename) + filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) if filename_match: with open(os.path.join(HERE, filename)) as nix_file: for nix_line in nix_file: match = NIX_VERSION_RE.fullmatch(nix_line) if match: - kernel_version = parse_version(match.group('version')) + kernel_version = parse_version(match.group("version")) if kernel_version < MIN_KERNEL_VERSION: continue kernel_key = major_kernel_version_key(kernel_version) @@ -148,9 +168,9 @@ for filename in os.listdir(HERE): # Remove patches for unpackaged kernel versions. for kernel_key in sorted(patches.keys() - kernel_versions.keys()): - commit_patches(kernel_key=kernel_key, message='remove') + commit_patches(kernel_key=kernel_key, message="remove") -g = Github(os.environ.get('GITHUB_TOKEN')) +g = Github(os.environ.get("GITHUB_TOKEN")) repo = g.get_repo(HARDENED_GITHUB_REPO) failures = False @@ -171,8 +191,8 @@ for release in repo.get_releases(): continue release_info = { - 'version': version, - 'release': release, + "version": version, + "release": release, } if kernel_version == packaged_kernel_version: @@ -182,22 +202,24 @@ for release in repo.get_releases(): # skipping patches for kernels newer than the packaged one. if kernel_version > packaged_kernel_version: continue - elif (kernel_key not in releases or - releases[kernel_key]['version'] < version): + elif ( + kernel_key not in releases + or releases[kernel_key]["version"] < version + ): releases[kernel_key] = release_info # Update hardened-patches.json for each release. for kernel_key, release_info in releases.items(): - release = release_info['release'] - version = release_info['version'] + release = release_info["release"] + version = release_info["version"] version_str = release.tag_name - name = f'linux-hardened-{version_str}' + name = f"linux-hardened-{version_str}" try: - old_filename = patches[kernel_key]['name'] - old_version_str = (old_filename - .replace('linux-hardened-', '') - .replace('.patch', '')) + old_filename = patches[kernel_key]["name"] + old_version_str = old_filename.replace("linux-hardened-", "").replace( + ".patch", "" + ) old_version = parse_version(old_version_str) update = old_version < version except KeyError: @@ -211,17 +233,17 @@ for kernel_key, release_info in releases.items(): else: patches[kernel_key] = patch if old_version: - message = f'{old_version_str} -> {version_str}' + message = f"{old_version_str} -> {version_str}" else: - message = f'init at {version_str}' + message = f"init at {version_str}" commit_patches(kernel_key=kernel_key, message=message) missing_kernel_versions = kernel_versions.keys() - patches.keys() if missing_kernel_versions: print( - f'warning: no patches for kernel versions ' + - ', '.join(missing_kernel_versions), + f"warning: no patches for kernel versions " + + ", ".join(missing_kernel_versions), file=sys.stderr, ) -- cgit 1.4.1 From abe4bef033a8d6b1a82c84d2cd71f50a1624a389 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 26 Apr 2020 04:06:11 +0100 Subject: linux/update-hardened.py: use pathlib --- pkgs/os-specific/linux/kernel/update-hardened.py | 25 +++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/update-hardened.py b/pkgs/os-specific/linux/kernel/update-hardened.py index 49a6228fb97..bc9110578d6 100755 --- a/pkgs/os-specific/linux/kernel/update-hardened.py +++ b/pkgs/os-specific/linux/kernel/update-hardened.py @@ -4,19 +4,19 @@ # This is automatically called by ./update.sh. import json -import os.path +import os import re import subprocess import sys -from glob import glob +from pathlib import Path from tempfile import TemporaryDirectory from github import Github -HERE = os.path.dirname(os.path.realpath(__file__)) +HERE = Path(__file__).resolve().parent HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" -HARDENED_TRUSTED_KEY = os.path.join(HERE, "anthraxx.asc") -HARDENED_PATCHES_PATH = os.path.join(HERE, "hardened-patches.json") +HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" +HARDENED_PATCHES_PATH = HERE / "hardened-patches.json" MIN_KERNEL_VERSION = [4, 14] @@ -42,13 +42,15 @@ def run(*args, **kwargs): def nix_prefetch_url(url): output = run("nix-prefetch-url", "--print-path", url).stdout - return output.decode("utf-8").strip().split("\n") + sha256, path = output.decode("utf-8").strip().split("\n") + return sha256, Path(path) def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path): - with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home: + with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str: + gnupg_home = Path(gnupg_home_str) run("gpg", "--homedir", gnupg_home, "--import", trusted_key) - keyring = os.path.join(gnupg_home, "pubring.kbx") + keyring = gnupg_home / "pubring.kbx" try: subprocess.run( ("gpgv", "--keyring", keyring, sig_path, data_path), @@ -121,10 +123,11 @@ def major_kernel_version_key(kernel_version): def commit_patches(*, kernel_key, message): - with open(HARDENED_PATCHES_PATH + ".new", "w") as new_patches_file: + new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new") + with open(new_patches_path, "w") as new_patches_file: json.dump(patches, new_patches_file, indent=4, sort_keys=True) new_patches_file.write("\n") - os.rename(HARDENED_PATCHES_PATH + ".new", HARDENED_PATCHES_PATH) + os.rename(new_patches_path, HARDENED_PATCHES_PATH) message = f"linux/hardened-patches/{kernel_key}: {message}" print(message) if os.environ.get("COMMIT"): @@ -156,7 +159,7 @@ kernel_versions = {} for filename in os.listdir(HERE): filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) if filename_match: - with open(os.path.join(HERE, filename)) as nix_file: + with open(HERE / filename) as nix_file: for nix_line in nix_file: match = NIX_VERSION_RE.fullmatch(nix_line) if match: -- cgit 1.4.1 From d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 26 Apr 2020 18:19:02 +0100 Subject: linux/hardened: move files into directory --- lib/kernel.nix | 2 +- pkgs/os-specific/linux/kernel/anthraxx.asc | 325 --------------------- pkgs/os-specific/linux/kernel/hardened-config.nix | 85 ------ .../os-specific/linux/kernel/hardened-patches.json | 27 -- .../os-specific/linux/kernel/hardened/anthraxx.asc | 325 +++++++++++++++++++++ pkgs/os-specific/linux/kernel/hardened/config.nix | 85 ++++++ .../os-specific/linux/kernel/hardened/patches.json | 27 ++ .../linux/kernel/hardened/tag-hardened.patch | 7 + pkgs/os-specific/linux/kernel/hardened/update.py | 256 ++++++++++++++++ pkgs/os-specific/linux/kernel/patches.nix | 4 +- pkgs/os-specific/linux/kernel/tag-hardened.patch | 7 - pkgs/os-specific/linux/kernel/update-hardened.py | 254 ---------------- pkgs/os-specific/linux/kernel/update.sh | 2 +- pkgs/top-level/all-packages.nix | 2 +- 14 files changed, 705 insertions(+), 703 deletions(-) delete mode 100644 pkgs/os-specific/linux/kernel/anthraxx.asc delete mode 100644 pkgs/os-specific/linux/kernel/hardened-config.nix delete mode 100644 pkgs/os-specific/linux/kernel/hardened-patches.json create mode 100644 pkgs/os-specific/linux/kernel/hardened/anthraxx.asc create mode 100644 pkgs/os-specific/linux/kernel/hardened/config.nix create mode 100644 pkgs/os-specific/linux/kernel/hardened/patches.json create mode 100644 pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch create mode 100755 pkgs/os-specific/linux/kernel/hardened/update.py delete mode 100644 pkgs/os-specific/linux/kernel/tag-hardened.patch delete mode 100755 pkgs/os-specific/linux/kernel/update-hardened.py (limited to 'pkgs/os-specific') diff --git a/lib/kernel.nix b/lib/kernel.nix index 2ce19f8cb68..8045a228d05 100644 --- a/lib/kernel.nix +++ b/lib/kernel.nix @@ -14,7 +14,7 @@ with lib; freeform = x: { freeform = x; }; /* - Common patterns/legacy used in common-config/hardened-config.nix + Common patterns/legacy used in common-config/hardened/config.nix */ whenHelpers = version: { whenAtLeast = ver: mkIf (versionAtLeast version ver); diff --git a/pkgs/os-specific/linux/kernel/anthraxx.asc b/pkgs/os-specific/linux/kernel/anthraxx.asc deleted file mode 100644 index 101ccfbf0f2..00000000000 --- a/pkgs/os-specific/linux/kernel/anthraxx.asc +++ /dev/null @@ -1,325 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQINBE64OEUBEADPS1v+zoCdKA6zyfUtVIaBoIwMhCibqurXi30tVoC9LgM6W1ve -HwPFukWq7DAS0mZUPE3mSV63JFLaTy0bY/6GO1D4wLdWZx4ppH7XKNCvKCbsi70k -UozFykNVf+83WEskuF1oYzXlF3aB5suz2IWJl7ey1EXgIpehwQaTJUA5JIWYFp9A -566LRNJefYMzUR33xc4dRKj6Etg0xdLVq7/vZoo8HpLCBGNWiP0AKqFWEwTg0xQL -7nsJA5tfJJdwAJvrzjpFsvb63PKG6waAtdHhON4q7E2Udak9fz2tRjxA5l9l2zXk -aqsysUzkxPhNjwMENoQ04KZg4aT+ZhhBzTowSWLp3KV2uaZ66kdPUO3s+/1bPp5/ -N/IlykaUwyL773iYOZ5dOY/9hIuX/zssihcrGEMW6yIyZR5uKhzYdaM9ExTXP637 -UccgNS9/pskPGPx/xK23NDCfeHzL9YHS5KokA2wb/b9hqpwvLaeblbMl2pt79F1R -ac+rZlrRyX3NvlTQP4hqM9Ei2YBAU7QFDJEjH8pVIceL7grxi1Ju1iD5QiSK+je5 -Jj5EAikfwSeAttSzsqNvaXJHfABrv5mkkVt1z3icP3HIHTYnG+uj+t8kvW+o9/1i -pD6e6LUh4w5v1aY9kaK/M3+eBH59yNYI99crPUKUBVfW4gv4DBUJAQTWRQARAQAB -tDVMZXZlbnRlIFBvbHlhayAoYW50aHJheHgpIDxsZXZlbnRlQGxldmVudGVwb2x5 -YWsubmV0PokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEF -AlSXU9QFCQfATw8ACgkQ/BtUfI2BcsjPbxAAs+UR/bJz/HeYTpPy+HnKwDJgI9GP -AZlNvp+QSIhOTtKCYkQ/Iu+5scY5J0Qyv0pcJW5Rxjx+l7KGovw84jzVznnYsJoy -UQ5H3Ev9T2xW1nrZT3abJ7j6ZIck+Q+WFHu5Plsq6doSXOXmJNoehvT3BVolvc6w -S1+CAoyA5Wm1yfocZgVOvWPWQaa1T4XA7OwxFWrvNWEZwAzTSjkGHkwmji+DxdBd -RPam9+qm/rcN1IJTu6xJPr38a9LydWonsUpTR2Qn7Bo4EJp8yHJLaiLEMV/Nmgrr -1orBYw/OzDzhbdMl+2zzwEBLUMPABdgnPM6ZCZ5PWyWnCU4jsBGyVd0IC5xEu3Eg -a0EtIdvx2lXiLfh2dulpMn52uJY5iNwaTleO+z9CENQVhh5R4FuN9H0BLiyAxf1+ -MkD3jLT+DGl02hQghtxz18iTkRk7KOw/NFn4z0is+TRl4/ocNt1LiWQXt8dr7qdx -zvUpDnxCSYZkeutzopo1TA4lKpnsS2mHabx6CbrUmF+wOIr8gHUfpBFeEQ8BHebU -5X0JrFF5mjeNl4uK9l9lD9ng74rsSpKPr15DU41jIuQDHJYd6H3TXQ4K1z7Ciivy -r4vgsruAFX/GduKseOx1obWW3GfIQzLAIuVdjldgREl61GWoLiGFqlcveiAIkN5p -Bxc20hSrHgZP9ZyIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GTK7AKC8Sd1ndNvc -1ispBaECbHT/JPfGrQCgvkfGBsFn/KBrgC5hTm0mSxdy942JAkEEEwECACsCGwMF -CQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOuD2qAhkBAAoJEPwbVHyN -gXLIXL4QAJtbs62EpOIFld0N+tTEFn1qQPPaExAXmH/RF5Epf+0rSS6B0OXEZBXz -cWtMPbHxoLjN1iY8o0QC1ex7/KDfYq8Ho18M9P+Lf6XfW0sJ9d021U5MJWGPs4zA -lNFXJqeMgfJZAno2N6dO/azcYHq1wmSgUbTb9Oyi1PHfn3g0UAW59dfkB8d2jEvY -Yed1X0mBPPXcbgnYNZ514JQtm9wuDdVWrh/Si9EhKg6+MPcbv18G4lpPGR+yNq9y -3Jze4vmmWen0ceDJEp06IAeTfJzzD80Oui2WXtLfaQxgf9uuZtGjrMX5l+mq7rBS -VH/dsHP1VYI0efKIs7qbmiLcMRVWYIGix9I1C3UYr3ImYiCGlBG/uQ929xbjWAHa -hy4W6rzruUWjyi/Kz7QRnyBgtHfhDO7hYziTr5hoGhd4VeUpcbxL+MegXFZsWJlE -kz8TOOsZ/4XxXHVoalg8fYOcA7j/aoszsPMQUOL/5jsVRhyP3evtVxb3m1EwvYDK -Lii4IkVxGztlBOIgeT4kwXgoJEASSZHgcd6tDv9q7o33n2I1DGL8X3axcHES2/C7 -cP+li3KL3Hc9vjgaJ9HfcQLuMcHqfoHn+YzVfbG5XeFcxhgQpwpYsZv3MTbXAQwI -fRHXRuIfOiFwqUXahi5N1WSIXNBGSyI7pu9ht5I7gIIOINE+VS7FiQJBBBMBAgAr -AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCUNol8QUJA/yTqwAKCRD8 -G1R8jYFyyIqUD/9yWw7WBQiWyIMpVuX9c2Ov1fAkDya43fDm0gqIgNsdaxCt5ATh -XaXZ/p2jglWwon5jDLDNsVR0/Q/t8ugdcP3bcwRtW2YYQ2F1PaNjfr5WsuPEadyc -J62DIobY4IzqBpDuqGLYdbzZeKr49VwbRRvIJpphrk3+CekFvdIs1ofEpA2Kn2oA -DXfYuaWoVBF7fTwAZmc3hYPOI1jK7nrFZbCnAT4WZPzZ4IY9lsaNTF/4mQ8vV1xF -De6HjfslHURlZWsWtQIKhIPBKoZC1nP5VRK3IHYgKw8toq780kalLH8ofv9BkSrs -t98JOoJX4etdmE8Ta/+Wg5C9EzR+909tQfdWdkaRbhvbtl/x7X76HU4ItefLR5pW -d0OSo488QZMQjCUWlzgPMsmnYMQm6ckNOp0B/RtMfbJV7t5H+JE3PLfFG55jcz3w -uNGhfZyl/ZhV9fvGLU/sPyhIW7ewuIwd+7i12fH9r4NAGB/mkSKK+tHGcTZvXxux -5QMKE+a9u6NMJRrbsIiTFwhrCLMgzLYL0mtX8FZXNFFZzGFYkiXymBR0ze4LKzRo -dMFpyP/w/IIjYBhVpgboT2EMMIgJHSsMJDCdDjI+9cAykVF6ccSiUQ11devHL6Pv -WwlT2Ub4TP4yCScHDPyfWq+tfdQlWFVRZMRJ7kmq0VagqomdRHgLPyPgDYkCHAQQ -AQIABgUCUtgrXgAKCRBH1QFsQv98LACcEACFq3Oz8nHAa6KsyspIWo0+HjzCtTv0 -G6TB+svf3fl24C93IfFhpSyxNf8XVa9h9kCU5ZImYN+LaoUGiz3lcYxjdOeFYDc4 -GU5TFrJwY9eOYYCsr+z+NLn7wlLZEO772lGUDPJMWxSGqR9yOGhQCTIADLLcp6mt -07zdejESYxMT6IjYR+rX6miWG5Hr9/lBdh/X4XhGpHEY64IL8vVB3C+FQfG3hiMB -bHbvJ4/S/cjfNM1T9oKiA0H6jklRHIdstj+2eeWA7lS+GE3Mpkra+8KmkEjV4O03 -izcRpMm1yTGoTjp9UddTNYErb/sha5YigYAqK8bj3gh6tTFNJHbN4RWgtPDyc5Va -1u+sH2ob6JS5tez8/Z6pMarGpTQujIGAlntP4igi0Q4hxyLof6Vtc6XF80uSwTvN -RRmQrcq+kLPwX0NbyZCBCI+kjBPu2b932JDTfVBKwJCLF3e1zvQqN0C7EZnIzveX -r7VtJ4WHIfSyi/HQP7xm5L0uQj+KRr+/LMaxkCDgrlqoWTgAoxCAPYH1XCvBoJRc -DHjNikyEAS8WUGl9ZHQyAoFngi/jqH6WoDAmfBUKRoBMR2hXLOKUBmObw0DHgauM -kk4kD6CW4UEy0SM/i9JD7sk9KiKoHMip1jguKRJkHJ1WSkNl7nZpeo+KG0WbGHXN -b7hnrQsNyqJkUokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AC -GQEFAlLV0QIFCQXdHmsACgkQ/BtUfI2Bcsj8DA//b8wZrFY/Fj/iR5ZaO0AjmMV1 -hM7lAFWLfDiLyYofuiGLUg9rqFWj+Ks2kedVN7+22Bjgi5fvpXv3Uy4trZKKw8Xs -FJ/s8HQ6jzIv6pFdIYPLFQBqS2tEgfsanPZWIqJI9fbhOrRGN7WV5tXiksCaRO+u -rLjIhAYmsDb//BD2xqsY54ouRdrz5nRG3qG2odq2Lw8XquW6srouGaSm+BI3sow6 -l2eAW8UjbxwICQg2ZPZYCBc9ArbgLS1ha+yPhp65nGpVbqDA8rUKC11op1ArAbY3 -Yt6xzLg+RCuCHBa1gNPpDoYV9V8Zve03mEIcsK10X0RhJQ+z4INvrjtelPRCOLpN -179JmsyxwOzwAPg773SK1Z31jSirsiEke/q8j13PGNDBCb4ZKpm/KOht+4d0jJLK -GLqD85cv3/uAeSh2zWkoKcVW6uVZpiz3KA3i4YMWnteOlrlZH28nIrDXevPzkOxo -pZlhuLboCD6g6yuZI4Wm9fEiga8xmRDw4RrOIuDXWjNW6IVaeFGvnYaNf0wnmBD+ -FE1SMWwcmqgB1yIylmKqH0lYce8SVAMLkkOlaijhWrfCO5iS7zjWaVz98HCqFfwR -gHuJTxOwwlf9Qb6cyC3bGsfILBUuE0L5vUAZUAc61H+6Sv88CDDUO1EOKaqAAYhR -plvoyYZ3xiSMgzYKGZ+0OkxldmVudGUgUG9seWFrIChKYWJiZXIvWE1QUCBvbmx5 -KSA8YW50aHJheHhAamFiYmVyLmNjYy5kZT6JAj4EEwECACgCGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheABQJUl1PaBQkHwE8PAAoJEPwbVHyNgXLIQokQAKxJB9/F -TfBae6eqcT+izxGSnsvbc2bcrtsmKkhu9HwpsJ4IDutphXFB0wFalI40BL0o1k54 -Wlfv5GHbq7Ju3kW2dmTMP0WpfFytV7rr2yqSmik+skJw27BDk74rP0v4TNOHaTrP -nokfTnlaKuv1bqlwbIwV7rJ5jbAtw5hueeN4jghGU8SGlCOEZ/xGxYYsvtyPhZhn -kmsAzcPr/BpW4NkSb2SnRIO8KzcPnzxz7JDdeIusq/YW7P5OlhDx4ejdh0Wg6ISl -zxB5VoqFqNuKTBQNz4HHpqDVQqEDE4JngMerDr+4qAiDYI4w6kN3Ce2LqciRyMVh -YYnTqyyjXYY3C1WwXIa1tZb2Cw2DorshNFdACr7wKQMOoJtAFpdd3d/DRKQWCc3x -jkBERqZ+55unTY0/0uyNPoK0noAcGydiU8WGh6wyi+Do+Zxq4QJEcqL/FHrhlaiw -LTmgDS+XDl7zRtQia7ykpi/xqe74ujOHcJO8tpY0ZCdR2A13xiOi+11wndbOkBFv -dQ0vgih9ROzwe3hBbBQQOdF4hkA9vEd2Ks4gF8IR+5ixWAIyZAVbnDiLelWgQgnE -aeEwTtfcXRNAxuj+MgMPQhXQ2/cK0dPD4z51DchVRIf9G3hAuBT/CEhTqNkkm5F0 -og7azwd75+vh5RxwVld3ES6CMXKaiV4csQkdiEYEEBECAAYFAk64PygACgkQvnQP -QT8iuxlligCeNgfNE4w1AQuOC4ef3HNNY0GXgVMAnjmtCVIUJv/w6PDimvf20rgF -GVHxiQI+BBMBAgAoBQJOuD0KAhsDBQkCHIcABgsJCAcDAgYVCAIJCgsEFgIDAQIe -AQIXgAAKCRD8G1R8jYFyyPv3D/wJ+sYXqSxoo8OriGMUzG5LXs2Hf1YULdlysGa8 -mxWTwCIEMSSx8AoOKf/FyXglDVl9msfOgv6jRiN+UyNCQEv+6a5ZCL7BlAVU0Q4W -w2/UUlOUlLMC1QAodGcC3kiPSy41jnDVswKYRrICuiW1Pqgad3h7u7caqvqG1D/A -YOR2Q8JjY15j6Qf62Xx+YANx2tPWKeDyPUAN/x1W6RrEDbN5F+1qOpPFuTnpPmqH -q4zxm4Dz4szypmAKsN+5/q8T6DJtSnP7COtsY467oX2XtNTTuCIsU79lBVo/yan9 -ofB6hu12KyXwJIl1OK34g9VEP5suU3hcEw7uVAvxyMYJQlxORUCG0DAFc/oPm3d0 -ypRdbxXJMjoS3pmCf7kwnEA9PIAjZDYuVHGZkAdmYYInTIH6ipjkVxDHEF1en0h2 -zHJEZC7NIYgPyzHXmH7Xy3VZVhhKKKM12VDOuIOOecQPuFIw3hG7dymjn5e9dMzv -+DMkbEZzoFahLYkbVGG1FGzhE6Uvb/IG0UJCC4nDz0pzZpV++QHvgEvbY/HLbHJ4 -o3CT5aVE0YIhTP+zqXNFMOao8yZy+AzdMzdX+Y3ADZfY0oiZ+JH1Zo++rdrgXUhg -Y98QgMwVwESbwaBKjsC0JnlmWyNivhIOS6NRyqR75E7j7JSvgJdxhvpQXXkQ/BzL -FM1Ej4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlDaJfoF -CQP8k6sACgkQ/BtUfI2BcsiEahAArZfD1yJK385eqgCZ5LryVLRXrocuF1zlHl/6 -ugRy2TEe43ex4eTOY+mv4ZJVSxbDzUqMbBv0m3IETbM0CSESjGD+i5I7K3IToZO9 -ZgIXDbpoy9x2KWjU+R5oaxCTmZ9jk1p+f4zHxc8lJdgOXPwcIIT5Euwk4LAFN+wn -CUHkO/D0xzP2ivTrM+VHNWqSUcNInAGRx+R0NvdSryIAsdA/5E3ql786WQhPy6L6 -1d7cmxaLsfAKIOf8ydNyoiqmJkT62omLLnqyERfLZRa9RKt5EgnxX6kR2BA+h/Gn -KVV18bCIJjF3Gjnh3qjJehKRaw9nmzrB9KtGQAHdIp8ivNvjMitc1ijRIECfidWd -lGxgmuI/gX58eaV3scjbs5YUFmGhcZIgjCxWWxFSwmzJTUVT5XqBpXFQB4dokj9m -NNMpM3YH8T9QaaS/m9j7cmCJ4gxp7i1bJsqsVG5BjRLiZv701eVKVmU6vqhubR0R -eSZghqho9e44ZMbn4rJ5kTQhGc7ZGNsIyChMSaYVreB8IBLDC7rg8dB/umg1OYOp -8EqRLJyXdtpa4DN3X0e4WcWb0Toj4QuyCh/es1CtBldhdqHr0aLZYCX4i/KuGTXI -kA8LTOJmZsE+K+/NCux1VHK9DADKcNjhSV0QTf+8ntGlNW6i2Mlt34thZK5eeB6W -Bbo1zl6JAhwEEAECAAYFAlLYK14ACgkQR9UBbEL/fCyyQBAA0931q8dBD/6COmat -8S+JSgcuIpylukFxU2vySBWSGRHFmFzwbokUE4bbNyutwNO2cNBa9zcxRPrkIg+7 -d65QjdZNDV2zWTjv5GwzEMjWxhP7VpTwTouYgx9j2d2KpFo2jfhTtZ7OU7DDF9YT -FsaRiZHHZT+W/JHuB9Lxc55HkSagu00yTaZURc0olBui5c/hqBte1b3OWTjCmysG -mwDL2FwdmFi9mbEm77sdD8PSVfkZaBv5rIaet+Xe/JMZoz0WUkZRCFXMr6B7aOdS -WeB7kUsPh2J5dhf4x4YaxKLOHod9JQF/DGJsdexKqMTqM/xOMSQ1FTUMCQ5SBWJc -3PywqMB/0eqlteHydlk7bb9HLCT3M6vVxTkpj834wGRsoVXPqWKzAHPpO2kjxXtc -4DBh7T88YGE2k5rxdJHb3MjWVJQzHGhrO5Ji8CQaHjUJ4BTyim++RDisDi4C/QJ4 -qPOrafw/+KyJoWyfmAUpxplPvY/LKJlvKaKxmpwlildYjH7HjoYvCjagbSCUOnzo -uM//YIJ8/o8QdxEDdYiTd7cwskYWphrAlV8+vCl/Y0lepRf+hsUS+uZi/NX4qYMx -CTsewnnqJQduuehQl9/RnoBX9T04kS64cWNaPZ4dxZUYJm3us5QFcQJMysZ4tT1Y -A0oEUX1KUTDzTQXT/kFi8MtmXauJAj4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQW -AgMBAh4BAheABQJS1dELBQkF3R5rAAoJEPwbVHyNgXLIV98P/jcu/DiP/muH2Qsy -FtjscyLu1NzBbSFB9q1jMVfx3VbaIT22Ly6BIQNHF7L2fpjf36EWpdJzpfR+Glp5 -1+KqZgIMAW5CGguSy8v7iHs6Rh5hzChiF48wCqxUmMdQ0ITTrnAXIYq6H6s8ytKF -Y31znXmne1XYBg8e4yb3pcBhkzIPeVU7rMz9PjPB0+Q2jWCpqPA4eUSV8rL2TxFR -KbEt8XlkZ6yuCLnkN84aLZFxfZA1tIGifi0PpeaO2z/IwOmftbQRiljMdnsPye49 -j4wlJS7yRIpnH3nH9Zku/MrDV/M0z7BVwKfF2F95/2QX4Tdyd/UESTdLqGtXpX4c -axahZKrOhNr+k60qSBxoBqKauZkSbZunRnbYmVa3nA2kQuIPF9/QmoZgDUfdkKZJ -u1RjwcRUGKd1XV19QjUvBMD3oHA4G6Jbi5vWKQZ40KVcL78YIL7C8dUOiPIasA45 -olaGpCSsGsfrMp5ngegxM+uh9Tc2kTFC9bTqp17VYI96cAqGrEBUQrmLmZLk0HUm -a6MNZO/+vKN4UTlgjpjxZon+/yK8bsmT/VNie5hzqZim6tfztl3rpJ9jPUeLgr5x -oGePYV02inapzNHdWFHk0L9zR/3KKfJ3IRJwUXp00Eya28hEepIvdxgLYcN1UqVn -VuFuMY8zYSl/VXtPxySCLENJHxvdtClMZXZlbnRlIFBvbHlhayA8bGV2ZW50ZUBs -ZXZlbnRlcG9seWFrLmRlPokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC -HgECF4AFAlSXU9oFCQfATw8ACgkQ/BtUfI2BcsiPxw//X2xUctIrd1O7UOk7LHBX -/xI7xXoWQcA7l/1XMuZhM8yC8yIoAgvFrWBP1a29I0P3/yigkQXs+eTDTdvb0QP2 -q72q7Azt852v5u8+dHzoOXDpbo+4lfX+0OBDWimwJuChD8LQH7b7jO0oqWIV0AzM -vegFJVp3cDbyqw08lBz3xZ79A9JtBeewf6PLpXKjEVS8bEAZjZKjsjAY+5ShtJAf -PsD8r353dmkaHgC5Aji74ijZeY3PUCvGVVCGeN9isLnRpTEn7qUvN2DfHJU4w6aw -sXu7m7zidISo6dQLUzo54dHKWPGFy6INNkzXPOgrlbYnjt7v0Ou21/R6HrhdmsSw -lt7GALJcgAUxrcT/ljB3SZhSB0BdH0DXPcUziEdfhgMhhrXYpMjwH2XFBD1MLusW -GaVDbpPrSoEnmPVePcDUonDHePcuLjfOl13mOER1Kf6WFapOCa+4HCLakfKcPnGY -eyfD7Dbz3/046MmfQ8/Iyf8ipFXN6tI2WkRKj8uq9IFYrX3yoCBxZJN837DM3Grq -h48/T3pYU1f9LiekxbsgXmcHoGNdXX5+EsuO+QILZPttlG5QLuqFdJHei77uvW+B -4u8mgzi1Zhh0hRLm4K6UaJ/fBJ87BZSHShPKI9PI073U1O/CcYXnb8cdPLu3UgSQ -FM/bxT70TSYKI01Dt4KXRfWIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GT9FAJ47 -X5+0dQaOFkfy3WnMgX3AmIXJYQCfR4XL47rZ9a66jWaD0IbcXMK4oE2JAj4EEwEC -ACgFAk64PJ4CGwMFCQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwb -VHyNgXLI2U8QAJGKPv1gWLn7P1KeHVsKkfRf+zgdsoY4mF3bUjX/03z1h1OKp+S7 -gZD/ZI80ckw/ElgFt9sr8J+pOgHk+aGHW+V0cZNgDHXCINb17s+Ra7SA/SWeJOrr -d4IpvTnjGc88C/j+bzRFagfnGXU601PeJdXIe6H75xVGIb0DgQBfPB9m+7p3sq/R -6UigzLwwhIQRW/l77hq79v5Rm77e0GTfcYHSuKu2Itim8p5OYCNchr4ZpBzrv5cF -/nH+HyD0AnM1q4a3mT9y4abNgtxJMGJBoIUEDT5vaTRpPowVHIGg9QroHkrYkMWA -ffIBzoq38WLnPjvjNtTncyP7sjbP8KS7NfjxZ6RAcNO6m6BTDYG/lM9jwCcOma90 -RZDVYD8hy+z1hXWFfB7zB+5TYuuKV5SXZpS9/JUR1BuI44WkY0hLHUa7inpqLlqc -b9O7KYikgyaeUKAN5LkF8A7rMVzuhrSItNzJVOs7WLnNAe9+Frzqx/jZ9aU04avS -r5OlWLdL7k9JNDnsLFqNtG/XQ7Hc8CPl0HvY3YXYGD3xwW6Ua6+ykxZGmQGPB68W -6a7G5EX+MEWKZgMQYsl1HgU49/sOD6QnCG3m2IB7bRAf5Kd527BnSgAaYHjVug8G -+X9opDwUW1b73Ut5tWfZJqQ4XBjl0Hc7Zi7OtlqdBeKGu/65QU+N9x33iQI+BBMB -AgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8 -G1R8jYFyyPv+D/9lA9yMXPBROLaCRab8Ca2QJBEtpT6lGVlkQ5Am2C8xdoLGiuJF -E7Cn/lS1j4RSVDK6DELeaBMXaY2g1eun8g2ERJIUGC98zrPjZXs/ZtCZtX8vYr1X -Bf9U8Ty6N3rKgt1XHc1oMgzkKLUc72RC+P/fkDsiAg62nVcmOFFykyTXnpM/5Ux/ -9kaahjf4LwGeRqkDIoLrXdZ7FHPjei8VlKSiHTkl4F+UCzEySxiInV+BWAhL5Lvb -zHxHaNDCquOb2zbgafVKON3oa8nCZoUw3iwpjrEy/JT+1BG6vxyT/LX7wPG3SKEw -8QTl8YBF8wvHS0JHW4KTc4grCMNWDwfkrlXnp6ZzTpy4JXZfYs/ltR4FH3atDG2C -xRCSAWXkGyTPMZkougdDbJ3jjViYcWO6B//LE1qDjeC05O9G3MXVxu16M5U8nVA2 -B3bo5cVv7+ECBTKaAvG3ZV6eOaeJ63gHRY8qI7y5OgzuNfxUXMTIAjHfO2mvSy5M -qFgDI10F8rYevGOKxvPVE1F8aiD1uRAOMCcLTy3oUKHIdaskSytL1D/bT9WqWzii -OXhLhSjMzkdPSUWVABeC6KM+Jcll0A0sHTkKWS3mavx3dUacB+O4efuTKNhSvo7n -XhUvSOOikRityipE5Ma5WlXBiu54DdIMGFzANHFdb5GmC7da9F1aALkshokCHAQQ -AQIABgUCUtgrXgAKCRBH1QFsQv98LMmaD/9W2qJyFlZAsjOWgNQPwUU4vV9/Ursj -kt4RI/oS0Gzovw2bmL0a+Q/dp6wM4PBMuYQXCepF8V+o4uKzL2OjVZDVtU/KqGCY -rEigiAhG0gHxgF1ukc9JQzhShFeq7/wkY+FQ4MOhuhuUsSMlvFzAd1hY+xlvckol -DEeS54loDspUh4EwxsWlopaA1rs5dzVXrYcinz9iDzLj6ujb6uJzCQVogk9w3dv8 -smKn81TVhtR4RFecqL9mURZcGnj7NV3n2Lrl2Pe0u/DiTtpavCkzVx7v9qiB/2Di -dqWR7OtYcywUr6lZeZsNabNwntPxSP7V6EcNXF3Qpi2IkAcwdJKb+aIG1v7/Wx77 -GhpBhbtdgKEebttzO4EVVeE8a2kmgqc8VXeAeqI89egU53dUdAinejFVDyemxHnJ -L4L6uVnSxbk/vRzu+fr6EaPyBsqORGXj2OuwxlWcnWs/N9XzNaiq6funedUSYtbP -trdpt7ogvzrQew7wetcwfxSB3IWcVwA9QvGDIBHTWPrb87jKV153w9I+cSfz9jg8 -qTIOw4qad7VOC4L1oaoRsLq6VFgnoW5DLsuhaVd6fgdY/byL6H5q2FPYJ+F8ovhR -2yPlQm8UYIFwmnwzpnuGBaPtU0bP7C+SNMK+G/9+b5q4psh1MnK8sg1RfSr1w7sw -b+Tur045QrUDu4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AF -AlLV0QsFCQXdHmsACgkQ/BtUfI2BcsitRA/7BbFuuAXPJMA4XtPhlYbfhNkYQ7+v -vx9HIZ1SgJfhpYwt/vbNTVclO79XD65v5JSWx+0gVJfHNolP5umB0++giIw9NCIx -uVa5eh3kS5NFfJ0YHrYgpFDdZPHRA9wI+oZgJBC/Cm40kafgTUoPFqXb0Sdlcz3R -hciLZBgYXV/uYubczfmAaJpmrVI1UuUWYrdPnmUkgitp9e6IePYiKVDeIGhBW8Bc -7Nbs2hc9yH1zwv3Affs8m+4tQQiwQHsB29WEZcmBuFllTbA5g5bvTvhfCRmYVgWC -Ti4SW+uA0B05a/aVP8fDXk82qCQ4cRB1BOwVNn+1/Aqcw+Zh8KKzH8gpPcsKGGP6 -uNg9uinuxYDneEY8cG7FSpm3XsXu4q4N6j5R63U6hz39pY/5Ib8mzYMEoLEZOLPu -CkVH9OOQc8zuiRL/wGc0pbMiGPEp13rAI0WbIFahrWS60bwtM1YEM5Ep8vD3TLl1 -pTWlF/zWpM/uJ6n/4nDXGQsGzKQn5D5Nsu7+55C0du0d1VRvYd8oG3AaNqhtM46V -C4eOqxH8XZtkJ3WMxhsHnV9acuDTpn5E5JKL7vEq0btN2UQ69lpKv7PmV/TgOJhf -KKvHZ0dh6KYY7iKW7NUCouLGibBoxDa+K4reh0i0M5UcsNiPkCqDIHUAIxW6FrvQ -xBr7NgCls+B9Kwu0JExldmVudGUgUG9seWFrIDxaM3IwLjB4MDBAZ21haWwuY29t -PokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlSXU9oFCQfA -Tw8ACgkQ/BtUfI2Bcsg4cw/5Af5/cxr5s8qiPvcGDglJyzFj8VBk0d7hpgdxcOi3 -VCOJY4YRoliu8WKThwxt7sD03fSZurFDDx+X27y3zPtgH/qBohmcr51jbSNom4mH -Gf8gpViFqbQlFh7tYz4kSQExgmpFx/FIaxmwFoEqiVrp6VpM2DZ6kg//4M+Ka2Mt -nuzV3C631A0eoMCJhPWPTgkGGknURvzhw6m2aGFWC/HE1yzf7Ej7fQeaqIxIG4Wy -Fk3lMV9rxMxGuUZTqIhvcU85JSriHowfX1VsAI2LXJYQ9c0jI737FcLwHv8VCa5s -NKDkLkb5S83/4Ep8e9M+a7u4WvkAqzmPfSna7bLxdsTS5gKGqEtMvMP2YGWWQxSR -GRSttiMmIC8Cnd45S8cASA2mR/ebNcrYOpa48cjYpBKDG2BIYU7oSLNulsM1qbxL -WJ0QM/g7iKHcrXhyIBaI22GS9hvmYcS960cox9oPCvNZcOKA6FBklnUg/ReJ3JTj -6D6v9SUxOOfXPQIon8EzB7BNKGedHxCFgniZnl10k+pP34YGyphMZTYGdhtAm6zq -T7PlraHQaFgQ3ba78lJcn3cWVZYpbCNJiH+Nna/Akm3/qQKTst3eW1lqopffCs1m -F6G6wjiHCw2bio5uX1c/gDr4Peh0E28heAqKopjultPXPZbSZL4D3fJIGP2j6e1B -wvmIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GcYrAKCgKW+qFwbMNeh4ikFg9fJx -4/lH9wCdGevT7dwBzPe6L+aWZxipEXYmjx6JAj4EEwECACgFAk64PN0CGwMFCQIc -hwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwbVHyNgXLIThYP/AnoLpQl -whEEKaIhOSOKXegfdUHK6cL4cHRACzRIbBk/S4G2Vg/bnUW8tvWZDQLZ3CGL8Z0F -tNQ6GusUxt7mcYdSj7xynbi7bZiurgYp7B7hh1hVG3pAXEwlDnJgfoc0YZHrHZwt -HnNVYOfGEQF4zyplmUUxDyp/ZMYcXMr3PVJkYBJhYKCHOkMUtzzNjSSginaqZY1p -fgbP+Gou/9qgotkYiH84oUG9yTSKLIO5x0WzQYuoPNJyOdSHaLPfEqCC435vCYT5 -YLZB1YI5xzQiGsAL//cUCe267oiFmO9Ioky/azeX1Ouy2DH8uEDQPQFTJYXt3CbL -i10HkoBWdmncPC6+b0IJjDUo8Iv4yk0xFt2/DGkGK3h6jJxJ9pzx5KBT46iLfU50 -iTWMTguXn9ud/UJV0MpKgKjvO9hB4fae60n2UootknzEw6Y5W55PfGkT14WcrGGo -WHLSbpR6+gA9apU1cdoOC8nXlf3Eb2No6LP3X7RJXqiRsdP0s6QXkZGfR/qyNXI9 -S5j6wIyqNFU0cX21UgI9oJSKEKIKEFacgyD9za0gswEI+DZr8/p3cJE89ZX8ySgO -FG148wgaakTNGyGwR6aogGZ8IAHc83bnwGCgTeK6ZPSKNLSE/sImcTOrxIN1/x39 -r8o0TxuZjqFH+zKWfpdHX+sJLyi8Gs29CsUhiQI+BBMBAgAoAhsDBgsJCAcDAgYV -CAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8G1R8jYFyyLl/EACG6QRV -kKVBoI2Ycr4UISk2+gCD2r4xSK/QLEhDFcZRgMctvPVnhod3uJOsMGJCk3aPGu91 -Jtwuj0CkeURa/cVzOjC+f7baveTuWQaAqW+r70m6F4gYHU0aDD/uQ75rTCcrsmt2 -pnZCyA9jLJxQGG11AvbOcV+7K7BuIvXs4iAactZ0hRvDVuGXuup2LnUbxyBU2oj7 -OWCXKTpZcJ0KGTWapMf8ClYYsEgS0wvMWotJzAov7ijkoP2DyEQVOPTnGWcfjsTk -QgbyqiFeBl+3IT4+xSzkPsd75dCYhsHBvCoT8cfUH4wvDXzU2CwpC1CDfHit6Hw5 -UigvZ8HXyn00Bm0UjLHGW+haS3kyOoz+z09gVFYd33cpjSnFr5is8ZMBPW31PE15 -q9/l6G/o6OGJCtOax3Yi6ttqn+KbDXIooZoRPZlayOSghyjoD40+ErevmqZPfJ3E -o1kHz62B1YpoXmhUm2Ihf2SbjWJRaW9Hp2nd81kAAXjr+8k4yvOuHxwYPFnpBjfV -cfYNQ3Zf5xF4nfszFuZMc5JYrIR3EYVgEk+n8VpulAqd0rXUEODwGy7rPjdxLY7w -DhUEZMQN3xweIb4vjPDBb0Ax3ACyfWKIdT0kC3rGOy9xyCzxWO2CjHMjrbxy4jL7 -B0WIQ5fpRcV2+wozs2WYgJKVKJgJZGYsW8dDLYkCHAQQAQIABgUCUtgrXgAKCRBH -1QFsQv98LIX0EADVefJUEMGKiTFLwUmWNF2X4oCzEZEMsQ6NliiQFvtNkKrT+OzZ -zggxfINUr0XEKgjjoGZ03Hmm7xAFc1Y51QZEr25H18PuSixz2YSHPqYwwVgLUh0v -u2AqaP0mQckssK+ZAQVvoZ7ZOI22ZXIZ6CPEPY6aJawHov8Strlm8oTbFgLfZ5Wo -3NCxMkkq3NFNHuwesccelNPefgnFZWhwr1mkUeX+rCAbQF/QHYEAi7KjfKyY+XKs -ccjYS+RWxpte21ejngp7pRYli3M8cZoaWKCzLTrD8gKztlo3op9Zc2+hjOY9gZtG -CaXkN8lchJ1yMyWju61ZO++AJq6S2OdBVxgsj9xPm+x91RbZRHQmUuq8mefUzaEm -NHE29udVFfuV//Fpabi04IrOuabkrSvP27eX9FT1y25tKFHuJdL5fDUFGnNnTvcR -X51lJmvnuIKJQ+Lthup7npS0L06+dPIDoqyxF8hmdu3RtwEsvkboPaxx5XTB5d8y -3wzBFWd4ePwBIumrY1YHSzdJCvyyLRXZbSOsHXgZfhfQ1LVgxxebP7E+stWqGLLC -Fry0WGG8f/UUgVr1QpluT6NjioUnuI/ZmKR/aKewqVYWAnr54fF+np4VdxPfYwci -lpbXpkamORZqPfq/nyoWgnp+y4AptDdDkSWnFxfcJ1wnFFcrHVUSFQ1wBYkCPgQT -AQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlLV0QsFCQXdHmsACgkQ -/BtUfI2BcsjV6w/9Fe1+3Mc6wG3R9VbxiYo13/JV4t+tA9/tcJ1R/Y96eAqVajoK -c2ZQ7FrimmlzvLIvxpH4Z76h3NmPWfOQ6qEumZQ5BM3QwBfQQ3Tmj10gfiL5vOZJ -6dUaJjwXgjz0Qyk1G3gw7K1xmtnXgBPyGT9T9q3OAhHHdV2b6xS9dWoNKhUV8GUn -HfIKwq+87aZqexjFE7ubZdOAe+5nrqnlMEfJKgDjXbazES9IYvPQiSjwR3xaIPOa -ma5WfQV0SHg3Vkhtv2PjuoYWNfNy17N7u+dfg7nAtKLIQCPht45uKk66BYWYBoDI -VQfg6zcFLpdNcFzzwmgrYRZvEvBf5aSG3KFD7UReT0695/lHheRxEAA3thsx8gaM -CCavtVxbVUluEfYZ7TgXLMuIO9OBKhi7MwB3iL5qacrNShMB+1J5FxieJBmWXdla -+kCdCdS+9kIZH+mnQ8daGEJ5R9mNcVwcWasI0o9NObqIZwhKw4obrC5Q7m2NfXL6 -FUScfA7yn7+/icdQB9fH2ZXGJVuNm1b8OBN6Nbz0QauaCystWzKXKwpVb/5M623v -Vw75RfnqCFiAf4tX58nL/QalJc4C0E+TvQ2pXC47VQvHmiAB31vKvU0nbo+lzi64 -hAPWJnhr2pmTvglquTFzLwEsWfO4zDtUwFo8KM1XFsonaoX5UzGTXPmIN5+0J0xl -dmVudGUgUG9seWFrIDxhbnRocmF4eEBhcmNobGludXgub3JnPokCPwQTAQIAKQIb -AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheABQJUl1PbBQkHwE8PAAoJEPwbVHyN -gXLIdGAP/0ch1NeFyXWszqA5ow+itBn6iyUaplXB5I56Q77cTIFB6LqJ5+2kdUuO -UqPvOilGS3dxbyDsSdWDLs+bHRFG4uqZyGUDhmu2mvS+uDqPFwcKJUNDlgdccxph -sA5HJFGg1ca0TWWg8vjwANdU4sL9Ujbaw93v0Mx/1+aSIxyEJBNxc6DJWEfCjpSy -R9JB8WTHgvxEAImVNsT1OGNTvd2DN+17WBhxBktLHDocIGJ/fttzFgKkv6NTPwt+ -y4QyP3UgeYRZR21B6MVckk2/UuCuCY7gAGruTFVoINa/Wqn2YPPZhJYrTX7ysDaV -QLObxlepeo0UWC7wFEiuqu5OM75MWLUX8j/1OAIE6my85vrlcWSf0Z3jOAgPTjJw -VT5h7T/7NPP2azoIlOE2bh5UcKXFkT0xDYPcMr2hV2Ih+jU+Ygiyg/1yIIxearmm -PFjfIHMLepa+7RPtTlHwu4fpNPXzL13W6PXSoCTTi/suGlYmSyLtOwxq15GGT3vg -1Xh8wfkuWwbWJnBKXtt8HkteQRgDngDnRSJwsO2nnQ7+sr+F8J3rQDdlVdVcolic -ekup8ZgSjJYinfcpF+H+qy2kK2jOYyyHI/+zHQtwy1R7MbLwPJe7WNWrBmEvmazB -2//Iu5EVIfFX3flPjeRQbKX4B/SuXF48uo0/8WfdgaMW8glRWJnbiQI/BBMBAgAp -BQJUSwOnAhsDBQkF3R5rBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ/BtU -fI2Bcsj5ihAAg0d0A8OUsNWG7TiPQTuC/D4e/5JTkJARmQ5xO6gMPxTpjSZCyWEl -7gQOg/liU8nz5HZGaJgg4HuBwTs6euqdnVi6zhW1c1wye2thGTQ7DeSPJnhju3Qe -mPS1jEdC34lXCo6eGjdKnGb7TV7hkptHKHh7XCU9n6qcXQ2cNQQbdqSCRsfVm1XD -+p+mM/FGOz8uFOrhERAUl99WkVZ4NKTdws8U6FXulbdWrWwI4eRggIdwI/Tl7zuy -ja7KxBCCeJ/gFY6g+iOYmIo6//bJITgmAG60hFHJ9JigcN6xglYFI28TCdNqM0+C -hgbZUner0vLmaxRNoXqV9Xw8ihNMQa7fUFYkX8VrXOdLdVvee7OaeLuWWE8x6usQ -NzgLDQQx9fmxtrQY+dC6Y25IPMm094z0nrbM1wtfG2+8Vw4mQ2U099fT5t3Yl7fE -PlanhgQxRZE78PxezyYxms4HV+wqvrhlBzFnWAd6H27uDPfUfO9cLgbmFTUlwFhg -gsDeIFRFx8+h4/0xAIPqUODmTiN0mj5sLRW7zvqZW6zhsGIMdPd+IkhHiGjeJqme -Ai0iOjpV3tRteoW51/+/ajPmyUBbvOxiFJNADHH2NvqoBMU1pkTvpc7Wy+2J9VcF -4TFdWBbwjU8BoC3ZgixTrT0zCSwabnKriglOhA5Ik/n5HsR7S76V13y0KExldmVu -dGUgUG9seWFrIDxhbnRocmF4eEBoYW1idXJnLmNjYy5kZT6JAj0EEwEIACcFAlSX -VHICGwMFCQfATw8FCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ/BtUfI2Bcsia -Wg//SKLFNUTEBQG11cV/AljxmI2s8y+cPKs3VqlwEjiuRMu4DRkFVaZNEuPq0b8q -8pwcHIJ5/nZvOticm9M/g7TrTp3pOxmSYf7WG31vVrprig22dz8WxQAy76srNn1z -stg0TFO7nKNVjZOFz5D0RpWazwnXyDed3l2/7RZ1CMv7ue/rZez8FnDHN7Di3daX -AJ5XkvDAsD6AITYQd+4XEbh2rt9p8G6qUUjwzoVU/aGVgo1CGZydYMJQVccNL7kv -fumnwkAED8u9j0ZI+xfaD3c1rP98bnqk9u8rJPCAeIkA4ppisDb7noz0NaO7dDyM -ywBK4OR478fw5h7GfiIwZdVAHkCoEHNvF1ON8JnYgyplLvZvxZ0dtYGDYDiFdORN -gVgGMU12kemPws4hEx3WMgUu/BBkF58XyQyqcwt7q+WGI2lQ88UzZ/FAsu8i8r/J -jkV8FsiCJ2rSHEMddmOHoaTM+6oB2i9kZo7KmToSZu7DxuemlHpuOO3kG/iRga2y -NeancRJwbxgZhNGBbhrA/7k5UOcXkmfW74oBkbCci0ncVhHu12dsJXhk+eprkOXv -nD1vEIeuzL4V/SMDar3SxFlfLFwQk4cn9+pdeP3LxwHKBn74pABsbEBhEY4IjUEL -YOTEVoP6s+Ou1NcLxFl3elmniwL2+GV5rDM8pctkKNemtZa5Ag0ETrg4RQEQALfu -qEihKS+DTVlWUujzSq5zK/5oQ1ZL8AiTUTZuVtrRWCq0HE8tWaVxEP3Vt9FCo7yF -afXigokChzHOgzczg80tctrlv+vbFyaZnjGQH20Nlz8EnZP102zudx/RdFXG/up8 -PX50Eck2lH+IvvosMLdvrZTkFJ4SgqMGSoAgMhJHZdZB5N0y8yPPAjcEnSXp8L2A -mo9e0egCrEuqBrCZld00nIoipyDlYNZkLjPf0JRgFPO/AWWgBZLvLlteLu0emq8N -96bT3QTdXpRVPM0qeX94+2gIj+0V1uQ9+k5Xkslbbii9TnOzMnLRO6dBAONVTTb3 -ajzdXK71iv2a8Y9lKShxhYWP9JNOFlXkAp+ZoD7EZex4dgu6giV3PrTDJLyWSu41 -WfqOz6cJGpJSTacrenC542ynAaSVKXH+1plqB9kq/M7HtE/P4GveQXIVT9Sho394 -4hwkuETo20KwCgFPMmiNaBysnOykIcDsDutBOyygdovzdGEyHVsM8/kz007QFgJf -hKy91H6O/Cg7VH+yaUKllRZ+kFsoSy8/E0IqLzqBHG3sUGM6lJ0Q9fgSnpzIZsdE -jRhczNCvlovGLa/kBHcEUWQ2zrjnfjsLkxvamKJ8N6LLIXIDRv5dE2smpdi3oiVg -XdOKshyXB+obhRFlWtirK4udX5yYzUpcB0zBoo1hABEBAAGJAiUEGAECAA8CGwwF -AlSXVAEFCQfATzwACgkQ/BtUfI2Bcsj0Tw//dyDYwcnh0BIb+nDCXFC91KiPUILa -f+wI5w6c9YYEo6TR89q6Wsq8EDiqcqSJcztuNvw3MZGHWA25nNB/0046CGM/tUBd -Jyudd3TxQBi6XMMSTbG1EMtSN1UMV4guuUfYcAGW38oZ+YJACCBFFz/Kt0aa/hhi -/hBNyvI73vZfQ/fsScFDewkxikUEspRsLVmX6gaEmumOxOhJP3HBoxeBCM4Z3IXo -dON2SiiMxt9BPIPJOyKNkFQGQ3dqJIag3GnsZ1s0CEoi8iqF7uS4RjC7uOJtvn74 -CODxg1Ibl1IweyAuBEA80wUh9DGLAdRJpxWy1B2fDhIROvpcg0R5p6j9UX0b0esc -jKLQEiE1wRswjXhWpZhe7Pjl38KhwqMyaeR3OnDtP7JXazIG6HiBIp4cx4k5A2TT -X+LhvG3NHCeuxIyjLTRTWgv241kf7uAu+qgjHDSKXQqpjvo+cUYQgSxQZZXnmlz0 -sz/tEeiWl+i8kW/RNKQvNNR8ghWDW3YRak/zS+WFNoLZchecIzMj+je1vSg411o4 -Xd3LHDur6boCetaq7ZkqoS+NcX9n8MnKhHKYJblvXyc1h67s90+wSwhlumA8WqlM -yqn99m13aF8GuGZbw5B2/x/Cd7WW5wZV6ioola/yqDXB1XtDFBy2Hxr/VMRlE3Cu -kekzzVjVTZxOgZE= -=yRuG ------END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix deleted file mode 100644 index 95510fe218e..00000000000 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ /dev/null @@ -1,85 +0,0 @@ -# Based on recommendations from: -# http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#Recommended_settings -# https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project -# -# Dangerous features that can be permanently (for the boot session) disabled at -# boot via sysctl or kernel cmdline are left enabled here, for improved -# flexibility. -# -# See also - -{ stdenv, version }: - -with stdenv.lib; -with stdenv.lib.kernel; -with (stdenv.lib.kernel.whenHelpers version); - -assert (versionAtLeast version "4.9"); - -{ - # Report BUG() conditions and kill the offending process. - BUG = yes; - - # Safer page access permissions (wrt. code injection). Default on >=4.11. - DEBUG_RODATA = whenOlder "4.11" yes; - DEBUG_SET_MODULE_RONX = whenOlder "4.11" yes; - - # Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n - # conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter - # implicitly marks LSM hooks read-only after init. - # - # SELinux can only be disabled at boot via selinux=0 - # - # We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the - # config builder fails to detect that it has indeed been unset. - SECURITY_SELINUX_DISABLE = whenAtLeast "4.12" no; - SECURITY_WRITABLE_HOOKS = whenAtLeast "4.12" (option no); - - STRICT_KERNEL_RWX = whenAtLeast "4.11" yes; - - # Perform additional validation of commonly targeted structures. - DEBUG_CREDENTIALS = yes; - DEBUG_NOTIFIERS = yes; - DEBUG_PI_LIST = yes; # doesn't BUG() - DEBUG_SG = yes; - SCHED_STACK_END_CHECK = yes; - - REFCOUNT_FULL = whenAtLeast "4.13" yes; - - # Randomize page allocator when page_alloc.shuffle=1 - SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; - - # Allow enabling slub/slab free poisoning with slub_debug=P - SLUB_DEBUG = yes; - - # Wipe higher-level memory allocations on free() with page_poison=1 - PAGE_POISONING = yes; - PAGE_POISONING_NO_SANITY = yes; - PAGE_POISONING_ZERO = yes; - - # Enable the SafeSetId LSM - SECURITY_SAFESETID = whenAtLeast "5.1" yes; - - # Reboot devices immediately if kernel experiences an Oops. - PANIC_TIMEOUT = freeform "-1"; - - GCC_PLUGINS = yes; # Enable gcc plugin options - # Gather additional entropy at boot time for systems that may = no;ot have appropriate entropy sources. - GCC_PLUGIN_LATENT_ENTROPY = yes; - - GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address - GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin - GCC_PLUGIN_RANDSTRUCT = whenAtLeast "4.13" yes; # A port of the PaX randstruct plugin - GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenAtLeast "4.13" yes; - - # Disable various dangerous settings - ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory - PROC_KCORE = no; # Exposes kernel text image layout - INET_DIAG = no; # Has been used for heap based attacks in the past - - # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. - CC_STACKPROTECTOR_REGULAR = whenOlder "4.18" no; - CC_STACKPROTECTOR_STRONG = whenOlder "4.18" yes; - -} diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json deleted file mode 100644 index 118998a605b..00000000000 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "4.14": { - "name": "linux-hardened-4.14.179.a.patch", - "sha256": "0vdcg8713vhraqp04b6lw15qdrvg4iw646d54x6ic0421nxp9zmj", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.179.a/linux-hardened-4.14.179.a.patch" - }, - "4.19": { - "name": "linux-hardened-4.19.121.a.patch", - "sha256": "0bwjx7qbzd50607kr1abx3rd19iciry3p1y3a8sz5w3vb62j8m6z", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.121.a/linux-hardened-4.19.121.a.patch" - }, - "5.4": { - "name": "linux-hardened-5.4.39.a.patch", - "sha256": "1w9yc0j8vshjyvb2qgxjvrdgwiy5lmjn3s1rmlch649vqp97j9w7", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.39.a/linux-hardened-5.4.39.a.patch" - }, - "5.5": { - "name": "linux-hardened-5.5.19.a.patch", - "sha256": "1ya5nsfhr3nwz6qiz4pdhvm6k9mx1kr0prhdvhx3p40f1vk281sc", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" - }, - "5.6": { - "name": "linux-hardened-5.6.11.a.patch", - "sha256": "1b6cwffb2b21h9xh2acm9q9j55cay87zbv9jjayv69znry4mzsx3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.11.a/linux-hardened-5.6.11.a.patch" - } -} diff --git a/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc new file mode 100644 index 00000000000..101ccfbf0f2 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc @@ -0,0 +1,325 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBE64OEUBEADPS1v+zoCdKA6zyfUtVIaBoIwMhCibqurXi30tVoC9LgM6W1ve +HwPFukWq7DAS0mZUPE3mSV63JFLaTy0bY/6GO1D4wLdWZx4ppH7XKNCvKCbsi70k +UozFykNVf+83WEskuF1oYzXlF3aB5suz2IWJl7ey1EXgIpehwQaTJUA5JIWYFp9A +566LRNJefYMzUR33xc4dRKj6Etg0xdLVq7/vZoo8HpLCBGNWiP0AKqFWEwTg0xQL +7nsJA5tfJJdwAJvrzjpFsvb63PKG6waAtdHhON4q7E2Udak9fz2tRjxA5l9l2zXk +aqsysUzkxPhNjwMENoQ04KZg4aT+ZhhBzTowSWLp3KV2uaZ66kdPUO3s+/1bPp5/ +N/IlykaUwyL773iYOZ5dOY/9hIuX/zssihcrGEMW6yIyZR5uKhzYdaM9ExTXP637 +UccgNS9/pskPGPx/xK23NDCfeHzL9YHS5KokA2wb/b9hqpwvLaeblbMl2pt79F1R +ac+rZlrRyX3NvlTQP4hqM9Ei2YBAU7QFDJEjH8pVIceL7grxi1Ju1iD5QiSK+je5 +Jj5EAikfwSeAttSzsqNvaXJHfABrv5mkkVt1z3icP3HIHTYnG+uj+t8kvW+o9/1i +pD6e6LUh4w5v1aY9kaK/M3+eBH59yNYI99crPUKUBVfW4gv4DBUJAQTWRQARAQAB +tDVMZXZlbnRlIFBvbHlhayAoYW50aHJheHgpIDxsZXZlbnRlQGxldmVudGVwb2x5 +YWsubmV0PokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEF +AlSXU9QFCQfATw8ACgkQ/BtUfI2BcsjPbxAAs+UR/bJz/HeYTpPy+HnKwDJgI9GP +AZlNvp+QSIhOTtKCYkQ/Iu+5scY5J0Qyv0pcJW5Rxjx+l7KGovw84jzVznnYsJoy +UQ5H3Ev9T2xW1nrZT3abJ7j6ZIck+Q+WFHu5Plsq6doSXOXmJNoehvT3BVolvc6w +S1+CAoyA5Wm1yfocZgVOvWPWQaa1T4XA7OwxFWrvNWEZwAzTSjkGHkwmji+DxdBd +RPam9+qm/rcN1IJTu6xJPr38a9LydWonsUpTR2Qn7Bo4EJp8yHJLaiLEMV/Nmgrr +1orBYw/OzDzhbdMl+2zzwEBLUMPABdgnPM6ZCZ5PWyWnCU4jsBGyVd0IC5xEu3Eg +a0EtIdvx2lXiLfh2dulpMn52uJY5iNwaTleO+z9CENQVhh5R4FuN9H0BLiyAxf1+ +MkD3jLT+DGl02hQghtxz18iTkRk7KOw/NFn4z0is+TRl4/ocNt1LiWQXt8dr7qdx +zvUpDnxCSYZkeutzopo1TA4lKpnsS2mHabx6CbrUmF+wOIr8gHUfpBFeEQ8BHebU +5X0JrFF5mjeNl4uK9l9lD9ng74rsSpKPr15DU41jIuQDHJYd6H3TXQ4K1z7Ciivy +r4vgsruAFX/GduKseOx1obWW3GfIQzLAIuVdjldgREl61GWoLiGFqlcveiAIkN5p +Bxc20hSrHgZP9ZyIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GTK7AKC8Sd1ndNvc +1ispBaECbHT/JPfGrQCgvkfGBsFn/KBrgC5hTm0mSxdy942JAkEEEwECACsCGwMF +CQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOuD2qAhkBAAoJEPwbVHyN +gXLIXL4QAJtbs62EpOIFld0N+tTEFn1qQPPaExAXmH/RF5Epf+0rSS6B0OXEZBXz +cWtMPbHxoLjN1iY8o0QC1ex7/KDfYq8Ho18M9P+Lf6XfW0sJ9d021U5MJWGPs4zA +lNFXJqeMgfJZAno2N6dO/azcYHq1wmSgUbTb9Oyi1PHfn3g0UAW59dfkB8d2jEvY +Yed1X0mBPPXcbgnYNZ514JQtm9wuDdVWrh/Si9EhKg6+MPcbv18G4lpPGR+yNq9y +3Jze4vmmWen0ceDJEp06IAeTfJzzD80Oui2WXtLfaQxgf9uuZtGjrMX5l+mq7rBS +VH/dsHP1VYI0efKIs7qbmiLcMRVWYIGix9I1C3UYr3ImYiCGlBG/uQ929xbjWAHa +hy4W6rzruUWjyi/Kz7QRnyBgtHfhDO7hYziTr5hoGhd4VeUpcbxL+MegXFZsWJlE +kz8TOOsZ/4XxXHVoalg8fYOcA7j/aoszsPMQUOL/5jsVRhyP3evtVxb3m1EwvYDK +Lii4IkVxGztlBOIgeT4kwXgoJEASSZHgcd6tDv9q7o33n2I1DGL8X3axcHES2/C7 +cP+li3KL3Hc9vjgaJ9HfcQLuMcHqfoHn+YzVfbG5XeFcxhgQpwpYsZv3MTbXAQwI +fRHXRuIfOiFwqUXahi5N1WSIXNBGSyI7pu9ht5I7gIIOINE+VS7FiQJBBBMBAgAr +AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCUNol8QUJA/yTqwAKCRD8 +G1R8jYFyyIqUD/9yWw7WBQiWyIMpVuX9c2Ov1fAkDya43fDm0gqIgNsdaxCt5ATh +XaXZ/p2jglWwon5jDLDNsVR0/Q/t8ugdcP3bcwRtW2YYQ2F1PaNjfr5WsuPEadyc +J62DIobY4IzqBpDuqGLYdbzZeKr49VwbRRvIJpphrk3+CekFvdIs1ofEpA2Kn2oA +DXfYuaWoVBF7fTwAZmc3hYPOI1jK7nrFZbCnAT4WZPzZ4IY9lsaNTF/4mQ8vV1xF +De6HjfslHURlZWsWtQIKhIPBKoZC1nP5VRK3IHYgKw8toq780kalLH8ofv9BkSrs +t98JOoJX4etdmE8Ta/+Wg5C9EzR+909tQfdWdkaRbhvbtl/x7X76HU4ItefLR5pW +d0OSo488QZMQjCUWlzgPMsmnYMQm6ckNOp0B/RtMfbJV7t5H+JE3PLfFG55jcz3w +uNGhfZyl/ZhV9fvGLU/sPyhIW7ewuIwd+7i12fH9r4NAGB/mkSKK+tHGcTZvXxux +5QMKE+a9u6NMJRrbsIiTFwhrCLMgzLYL0mtX8FZXNFFZzGFYkiXymBR0ze4LKzRo +dMFpyP/w/IIjYBhVpgboT2EMMIgJHSsMJDCdDjI+9cAykVF6ccSiUQ11devHL6Pv +WwlT2Ub4TP4yCScHDPyfWq+tfdQlWFVRZMRJ7kmq0VagqomdRHgLPyPgDYkCHAQQ +AQIABgUCUtgrXgAKCRBH1QFsQv98LACcEACFq3Oz8nHAa6KsyspIWo0+HjzCtTv0 +G6TB+svf3fl24C93IfFhpSyxNf8XVa9h9kCU5ZImYN+LaoUGiz3lcYxjdOeFYDc4 +GU5TFrJwY9eOYYCsr+z+NLn7wlLZEO772lGUDPJMWxSGqR9yOGhQCTIADLLcp6mt +07zdejESYxMT6IjYR+rX6miWG5Hr9/lBdh/X4XhGpHEY64IL8vVB3C+FQfG3hiMB +bHbvJ4/S/cjfNM1T9oKiA0H6jklRHIdstj+2eeWA7lS+GE3Mpkra+8KmkEjV4O03 +izcRpMm1yTGoTjp9UddTNYErb/sha5YigYAqK8bj3gh6tTFNJHbN4RWgtPDyc5Va +1u+sH2ob6JS5tez8/Z6pMarGpTQujIGAlntP4igi0Q4hxyLof6Vtc6XF80uSwTvN +RRmQrcq+kLPwX0NbyZCBCI+kjBPu2b932JDTfVBKwJCLF3e1zvQqN0C7EZnIzveX +r7VtJ4WHIfSyi/HQP7xm5L0uQj+KRr+/LMaxkCDgrlqoWTgAoxCAPYH1XCvBoJRc +DHjNikyEAS8WUGl9ZHQyAoFngi/jqH6WoDAmfBUKRoBMR2hXLOKUBmObw0DHgauM +kk4kD6CW4UEy0SM/i9JD7sk9KiKoHMip1jguKRJkHJ1WSkNl7nZpeo+KG0WbGHXN +b7hnrQsNyqJkUokCQQQTAQIAKwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AC +GQEFAlLV0QIFCQXdHmsACgkQ/BtUfI2Bcsj8DA//b8wZrFY/Fj/iR5ZaO0AjmMV1 +hM7lAFWLfDiLyYofuiGLUg9rqFWj+Ks2kedVN7+22Bjgi5fvpXv3Uy4trZKKw8Xs +FJ/s8HQ6jzIv6pFdIYPLFQBqS2tEgfsanPZWIqJI9fbhOrRGN7WV5tXiksCaRO+u +rLjIhAYmsDb//BD2xqsY54ouRdrz5nRG3qG2odq2Lw8XquW6srouGaSm+BI3sow6 +l2eAW8UjbxwICQg2ZPZYCBc9ArbgLS1ha+yPhp65nGpVbqDA8rUKC11op1ArAbY3 +Yt6xzLg+RCuCHBa1gNPpDoYV9V8Zve03mEIcsK10X0RhJQ+z4INvrjtelPRCOLpN +179JmsyxwOzwAPg773SK1Z31jSirsiEke/q8j13PGNDBCb4ZKpm/KOht+4d0jJLK +GLqD85cv3/uAeSh2zWkoKcVW6uVZpiz3KA3i4YMWnteOlrlZH28nIrDXevPzkOxo +pZlhuLboCD6g6yuZI4Wm9fEiga8xmRDw4RrOIuDXWjNW6IVaeFGvnYaNf0wnmBD+ +FE1SMWwcmqgB1yIylmKqH0lYce8SVAMLkkOlaijhWrfCO5iS7zjWaVz98HCqFfwR +gHuJTxOwwlf9Qb6cyC3bGsfILBUuE0L5vUAZUAc61H+6Sv88CDDUO1EOKaqAAYhR +plvoyYZ3xiSMgzYKGZ+0OkxldmVudGUgUG9seWFrIChKYWJiZXIvWE1QUCBvbmx5 +KSA8YW50aHJheHhAamFiYmVyLmNjYy5kZT6JAj4EEwECACgCGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheABQJUl1PaBQkHwE8PAAoJEPwbVHyNgXLIQokQAKxJB9/F +TfBae6eqcT+izxGSnsvbc2bcrtsmKkhu9HwpsJ4IDutphXFB0wFalI40BL0o1k54 +Wlfv5GHbq7Ju3kW2dmTMP0WpfFytV7rr2yqSmik+skJw27BDk74rP0v4TNOHaTrP +nokfTnlaKuv1bqlwbIwV7rJ5jbAtw5hueeN4jghGU8SGlCOEZ/xGxYYsvtyPhZhn +kmsAzcPr/BpW4NkSb2SnRIO8KzcPnzxz7JDdeIusq/YW7P5OlhDx4ejdh0Wg6ISl +zxB5VoqFqNuKTBQNz4HHpqDVQqEDE4JngMerDr+4qAiDYI4w6kN3Ce2LqciRyMVh +YYnTqyyjXYY3C1WwXIa1tZb2Cw2DorshNFdACr7wKQMOoJtAFpdd3d/DRKQWCc3x +jkBERqZ+55unTY0/0uyNPoK0noAcGydiU8WGh6wyi+Do+Zxq4QJEcqL/FHrhlaiw +LTmgDS+XDl7zRtQia7ykpi/xqe74ujOHcJO8tpY0ZCdR2A13xiOi+11wndbOkBFv +dQ0vgih9ROzwe3hBbBQQOdF4hkA9vEd2Ks4gF8IR+5ixWAIyZAVbnDiLelWgQgnE +aeEwTtfcXRNAxuj+MgMPQhXQ2/cK0dPD4z51DchVRIf9G3hAuBT/CEhTqNkkm5F0 +og7azwd75+vh5RxwVld3ES6CMXKaiV4csQkdiEYEEBECAAYFAk64PygACgkQvnQP +QT8iuxlligCeNgfNE4w1AQuOC4ef3HNNY0GXgVMAnjmtCVIUJv/w6PDimvf20rgF +GVHxiQI+BBMBAgAoBQJOuD0KAhsDBQkCHIcABgsJCAcDAgYVCAIJCgsEFgIDAQIe +AQIXgAAKCRD8G1R8jYFyyPv3D/wJ+sYXqSxoo8OriGMUzG5LXs2Hf1YULdlysGa8 +mxWTwCIEMSSx8AoOKf/FyXglDVl9msfOgv6jRiN+UyNCQEv+6a5ZCL7BlAVU0Q4W +w2/UUlOUlLMC1QAodGcC3kiPSy41jnDVswKYRrICuiW1Pqgad3h7u7caqvqG1D/A +YOR2Q8JjY15j6Qf62Xx+YANx2tPWKeDyPUAN/x1W6RrEDbN5F+1qOpPFuTnpPmqH +q4zxm4Dz4szypmAKsN+5/q8T6DJtSnP7COtsY467oX2XtNTTuCIsU79lBVo/yan9 +ofB6hu12KyXwJIl1OK34g9VEP5suU3hcEw7uVAvxyMYJQlxORUCG0DAFc/oPm3d0 +ypRdbxXJMjoS3pmCf7kwnEA9PIAjZDYuVHGZkAdmYYInTIH6ipjkVxDHEF1en0h2 +zHJEZC7NIYgPyzHXmH7Xy3VZVhhKKKM12VDOuIOOecQPuFIw3hG7dymjn5e9dMzv ++DMkbEZzoFahLYkbVGG1FGzhE6Uvb/IG0UJCC4nDz0pzZpV++QHvgEvbY/HLbHJ4 +o3CT5aVE0YIhTP+zqXNFMOao8yZy+AzdMzdX+Y3ADZfY0oiZ+JH1Zo++rdrgXUhg +Y98QgMwVwESbwaBKjsC0JnlmWyNivhIOS6NRyqR75E7j7JSvgJdxhvpQXXkQ/BzL +FM1Ej4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlDaJfoF +CQP8k6sACgkQ/BtUfI2BcsiEahAArZfD1yJK385eqgCZ5LryVLRXrocuF1zlHl/6 +ugRy2TEe43ex4eTOY+mv4ZJVSxbDzUqMbBv0m3IETbM0CSESjGD+i5I7K3IToZO9 +ZgIXDbpoy9x2KWjU+R5oaxCTmZ9jk1p+f4zHxc8lJdgOXPwcIIT5Euwk4LAFN+wn +CUHkO/D0xzP2ivTrM+VHNWqSUcNInAGRx+R0NvdSryIAsdA/5E3ql786WQhPy6L6 +1d7cmxaLsfAKIOf8ydNyoiqmJkT62omLLnqyERfLZRa9RKt5EgnxX6kR2BA+h/Gn +KVV18bCIJjF3Gjnh3qjJehKRaw9nmzrB9KtGQAHdIp8ivNvjMitc1ijRIECfidWd +lGxgmuI/gX58eaV3scjbs5YUFmGhcZIgjCxWWxFSwmzJTUVT5XqBpXFQB4dokj9m +NNMpM3YH8T9QaaS/m9j7cmCJ4gxp7i1bJsqsVG5BjRLiZv701eVKVmU6vqhubR0R +eSZghqho9e44ZMbn4rJ5kTQhGc7ZGNsIyChMSaYVreB8IBLDC7rg8dB/umg1OYOp +8EqRLJyXdtpa4DN3X0e4WcWb0Toj4QuyCh/es1CtBldhdqHr0aLZYCX4i/KuGTXI +kA8LTOJmZsE+K+/NCux1VHK9DADKcNjhSV0QTf+8ntGlNW6i2Mlt34thZK5eeB6W +Bbo1zl6JAhwEEAECAAYFAlLYK14ACgkQR9UBbEL/fCyyQBAA0931q8dBD/6COmat +8S+JSgcuIpylukFxU2vySBWSGRHFmFzwbokUE4bbNyutwNO2cNBa9zcxRPrkIg+7 +d65QjdZNDV2zWTjv5GwzEMjWxhP7VpTwTouYgx9j2d2KpFo2jfhTtZ7OU7DDF9YT +FsaRiZHHZT+W/JHuB9Lxc55HkSagu00yTaZURc0olBui5c/hqBte1b3OWTjCmysG +mwDL2FwdmFi9mbEm77sdD8PSVfkZaBv5rIaet+Xe/JMZoz0WUkZRCFXMr6B7aOdS +WeB7kUsPh2J5dhf4x4YaxKLOHod9JQF/DGJsdexKqMTqM/xOMSQ1FTUMCQ5SBWJc +3PywqMB/0eqlteHydlk7bb9HLCT3M6vVxTkpj834wGRsoVXPqWKzAHPpO2kjxXtc +4DBh7T88YGE2k5rxdJHb3MjWVJQzHGhrO5Ji8CQaHjUJ4BTyim++RDisDi4C/QJ4 +qPOrafw/+KyJoWyfmAUpxplPvY/LKJlvKaKxmpwlildYjH7HjoYvCjagbSCUOnzo +uM//YIJ8/o8QdxEDdYiTd7cwskYWphrAlV8+vCl/Y0lepRf+hsUS+uZi/NX4qYMx +CTsewnnqJQduuehQl9/RnoBX9T04kS64cWNaPZ4dxZUYJm3us5QFcQJMysZ4tT1Y +A0oEUX1KUTDzTQXT/kFi8MtmXauJAj4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheABQJS1dELBQkF3R5rAAoJEPwbVHyNgXLIV98P/jcu/DiP/muH2Qsy +FtjscyLu1NzBbSFB9q1jMVfx3VbaIT22Ly6BIQNHF7L2fpjf36EWpdJzpfR+Glp5 +1+KqZgIMAW5CGguSy8v7iHs6Rh5hzChiF48wCqxUmMdQ0ITTrnAXIYq6H6s8ytKF +Y31znXmne1XYBg8e4yb3pcBhkzIPeVU7rMz9PjPB0+Q2jWCpqPA4eUSV8rL2TxFR +KbEt8XlkZ6yuCLnkN84aLZFxfZA1tIGifi0PpeaO2z/IwOmftbQRiljMdnsPye49 +j4wlJS7yRIpnH3nH9Zku/MrDV/M0z7BVwKfF2F95/2QX4Tdyd/UESTdLqGtXpX4c +axahZKrOhNr+k60qSBxoBqKauZkSbZunRnbYmVa3nA2kQuIPF9/QmoZgDUfdkKZJ +u1RjwcRUGKd1XV19QjUvBMD3oHA4G6Jbi5vWKQZ40KVcL78YIL7C8dUOiPIasA45 +olaGpCSsGsfrMp5ngegxM+uh9Tc2kTFC9bTqp17VYI96cAqGrEBUQrmLmZLk0HUm +a6MNZO/+vKN4UTlgjpjxZon+/yK8bsmT/VNie5hzqZim6tfztl3rpJ9jPUeLgr5x +oGePYV02inapzNHdWFHk0L9zR/3KKfJ3IRJwUXp00Eya28hEepIvdxgLYcN1UqVn +VuFuMY8zYSl/VXtPxySCLENJHxvdtClMZXZlbnRlIFBvbHlhayA8bGV2ZW50ZUBs +ZXZlbnRlcG9seWFrLmRlPokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC +HgECF4AFAlSXU9oFCQfATw8ACgkQ/BtUfI2BcsiPxw//X2xUctIrd1O7UOk7LHBX +/xI7xXoWQcA7l/1XMuZhM8yC8yIoAgvFrWBP1a29I0P3/yigkQXs+eTDTdvb0QP2 +q72q7Azt852v5u8+dHzoOXDpbo+4lfX+0OBDWimwJuChD8LQH7b7jO0oqWIV0AzM +vegFJVp3cDbyqw08lBz3xZ79A9JtBeewf6PLpXKjEVS8bEAZjZKjsjAY+5ShtJAf +PsD8r353dmkaHgC5Aji74ijZeY3PUCvGVVCGeN9isLnRpTEn7qUvN2DfHJU4w6aw +sXu7m7zidISo6dQLUzo54dHKWPGFy6INNkzXPOgrlbYnjt7v0Ou21/R6HrhdmsSw +lt7GALJcgAUxrcT/ljB3SZhSB0BdH0DXPcUziEdfhgMhhrXYpMjwH2XFBD1MLusW +GaVDbpPrSoEnmPVePcDUonDHePcuLjfOl13mOER1Kf6WFapOCa+4HCLakfKcPnGY +eyfD7Dbz3/046MmfQ8/Iyf8ipFXN6tI2WkRKj8uq9IFYrX3yoCBxZJN837DM3Grq +h48/T3pYU1f9LiekxbsgXmcHoGNdXX5+EsuO+QILZPttlG5QLuqFdJHei77uvW+B +4u8mgzi1Zhh0hRLm4K6UaJ/fBJ87BZSHShPKI9PI073U1O/CcYXnb8cdPLu3UgSQ +FM/bxT70TSYKI01Dt4KXRfWIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GT9FAJ47 +X5+0dQaOFkfy3WnMgX3AmIXJYQCfR4XL47rZ9a66jWaD0IbcXMK4oE2JAj4EEwEC +ACgFAk64PJ4CGwMFCQIchwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwb +VHyNgXLI2U8QAJGKPv1gWLn7P1KeHVsKkfRf+zgdsoY4mF3bUjX/03z1h1OKp+S7 +gZD/ZI80ckw/ElgFt9sr8J+pOgHk+aGHW+V0cZNgDHXCINb17s+Ra7SA/SWeJOrr +d4IpvTnjGc88C/j+bzRFagfnGXU601PeJdXIe6H75xVGIb0DgQBfPB9m+7p3sq/R +6UigzLwwhIQRW/l77hq79v5Rm77e0GTfcYHSuKu2Itim8p5OYCNchr4ZpBzrv5cF +/nH+HyD0AnM1q4a3mT9y4abNgtxJMGJBoIUEDT5vaTRpPowVHIGg9QroHkrYkMWA +ffIBzoq38WLnPjvjNtTncyP7sjbP8KS7NfjxZ6RAcNO6m6BTDYG/lM9jwCcOma90 +RZDVYD8hy+z1hXWFfB7zB+5TYuuKV5SXZpS9/JUR1BuI44WkY0hLHUa7inpqLlqc +b9O7KYikgyaeUKAN5LkF8A7rMVzuhrSItNzJVOs7WLnNAe9+Frzqx/jZ9aU04avS +r5OlWLdL7k9JNDnsLFqNtG/XQ7Hc8CPl0HvY3YXYGD3xwW6Ua6+ykxZGmQGPB68W +6a7G5EX+MEWKZgMQYsl1HgU49/sOD6QnCG3m2IB7bRAf5Kd527BnSgAaYHjVug8G ++X9opDwUW1b73Ut5tWfZJqQ4XBjl0Hc7Zi7OtlqdBeKGu/65QU+N9x33iQI+BBMB +AgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8 +G1R8jYFyyPv+D/9lA9yMXPBROLaCRab8Ca2QJBEtpT6lGVlkQ5Am2C8xdoLGiuJF +E7Cn/lS1j4RSVDK6DELeaBMXaY2g1eun8g2ERJIUGC98zrPjZXs/ZtCZtX8vYr1X +Bf9U8Ty6N3rKgt1XHc1oMgzkKLUc72RC+P/fkDsiAg62nVcmOFFykyTXnpM/5Ux/ +9kaahjf4LwGeRqkDIoLrXdZ7FHPjei8VlKSiHTkl4F+UCzEySxiInV+BWAhL5Lvb +zHxHaNDCquOb2zbgafVKON3oa8nCZoUw3iwpjrEy/JT+1BG6vxyT/LX7wPG3SKEw +8QTl8YBF8wvHS0JHW4KTc4grCMNWDwfkrlXnp6ZzTpy4JXZfYs/ltR4FH3atDG2C +xRCSAWXkGyTPMZkougdDbJ3jjViYcWO6B//LE1qDjeC05O9G3MXVxu16M5U8nVA2 +B3bo5cVv7+ECBTKaAvG3ZV6eOaeJ63gHRY8qI7y5OgzuNfxUXMTIAjHfO2mvSy5M +qFgDI10F8rYevGOKxvPVE1F8aiD1uRAOMCcLTy3oUKHIdaskSytL1D/bT9WqWzii +OXhLhSjMzkdPSUWVABeC6KM+Jcll0A0sHTkKWS3mavx3dUacB+O4efuTKNhSvo7n +XhUvSOOikRityipE5Ma5WlXBiu54DdIMGFzANHFdb5GmC7da9F1aALkshokCHAQQ +AQIABgUCUtgrXgAKCRBH1QFsQv98LMmaD/9W2qJyFlZAsjOWgNQPwUU4vV9/Ursj +kt4RI/oS0Gzovw2bmL0a+Q/dp6wM4PBMuYQXCepF8V+o4uKzL2OjVZDVtU/KqGCY +rEigiAhG0gHxgF1ukc9JQzhShFeq7/wkY+FQ4MOhuhuUsSMlvFzAd1hY+xlvckol +DEeS54loDspUh4EwxsWlopaA1rs5dzVXrYcinz9iDzLj6ujb6uJzCQVogk9w3dv8 +smKn81TVhtR4RFecqL9mURZcGnj7NV3n2Lrl2Pe0u/DiTtpavCkzVx7v9qiB/2Di +dqWR7OtYcywUr6lZeZsNabNwntPxSP7V6EcNXF3Qpi2IkAcwdJKb+aIG1v7/Wx77 +GhpBhbtdgKEebttzO4EVVeE8a2kmgqc8VXeAeqI89egU53dUdAinejFVDyemxHnJ +L4L6uVnSxbk/vRzu+fr6EaPyBsqORGXj2OuwxlWcnWs/N9XzNaiq6funedUSYtbP +trdpt7ogvzrQew7wetcwfxSB3IWcVwA9QvGDIBHTWPrb87jKV153w9I+cSfz9jg8 +qTIOw4qad7VOC4L1oaoRsLq6VFgnoW5DLsuhaVd6fgdY/byL6H5q2FPYJ+F8ovhR +2yPlQm8UYIFwmnwzpnuGBaPtU0bP7C+SNMK+G/9+b5q4psh1MnK8sg1RfSr1w7sw +b+Tur045QrUDu4kCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AF +AlLV0QsFCQXdHmsACgkQ/BtUfI2BcsitRA/7BbFuuAXPJMA4XtPhlYbfhNkYQ7+v +vx9HIZ1SgJfhpYwt/vbNTVclO79XD65v5JSWx+0gVJfHNolP5umB0++giIw9NCIx +uVa5eh3kS5NFfJ0YHrYgpFDdZPHRA9wI+oZgJBC/Cm40kafgTUoPFqXb0Sdlcz3R +hciLZBgYXV/uYubczfmAaJpmrVI1UuUWYrdPnmUkgitp9e6IePYiKVDeIGhBW8Bc +7Nbs2hc9yH1zwv3Affs8m+4tQQiwQHsB29WEZcmBuFllTbA5g5bvTvhfCRmYVgWC +Ti4SW+uA0B05a/aVP8fDXk82qCQ4cRB1BOwVNn+1/Aqcw+Zh8KKzH8gpPcsKGGP6 +uNg9uinuxYDneEY8cG7FSpm3XsXu4q4N6j5R63U6hz39pY/5Ib8mzYMEoLEZOLPu +CkVH9OOQc8zuiRL/wGc0pbMiGPEp13rAI0WbIFahrWS60bwtM1YEM5Ep8vD3TLl1 +pTWlF/zWpM/uJ6n/4nDXGQsGzKQn5D5Nsu7+55C0du0d1VRvYd8oG3AaNqhtM46V +C4eOqxH8XZtkJ3WMxhsHnV9acuDTpn5E5JKL7vEq0btN2UQ69lpKv7PmV/TgOJhf +KKvHZ0dh6KYY7iKW7NUCouLGibBoxDa+K4reh0i0M5UcsNiPkCqDIHUAIxW6FrvQ +xBr7NgCls+B9Kwu0JExldmVudGUgUG9seWFrIDxaM3IwLjB4MDBAZ21haWwuY29t +PokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlSXU9oFCQfA +Tw8ACgkQ/BtUfI2Bcsg4cw/5Af5/cxr5s8qiPvcGDglJyzFj8VBk0d7hpgdxcOi3 +VCOJY4YRoliu8WKThwxt7sD03fSZurFDDx+X27y3zPtgH/qBohmcr51jbSNom4mH +Gf8gpViFqbQlFh7tYz4kSQExgmpFx/FIaxmwFoEqiVrp6VpM2DZ6kg//4M+Ka2Mt +nuzV3C631A0eoMCJhPWPTgkGGknURvzhw6m2aGFWC/HE1yzf7Ej7fQeaqIxIG4Wy +Fk3lMV9rxMxGuUZTqIhvcU85JSriHowfX1VsAI2LXJYQ9c0jI737FcLwHv8VCa5s +NKDkLkb5S83/4Ep8e9M+a7u4WvkAqzmPfSna7bLxdsTS5gKGqEtMvMP2YGWWQxSR +GRSttiMmIC8Cnd45S8cASA2mR/ebNcrYOpa48cjYpBKDG2BIYU7oSLNulsM1qbxL +WJ0QM/g7iKHcrXhyIBaI22GS9hvmYcS960cox9oPCvNZcOKA6FBklnUg/ReJ3JTj +6D6v9SUxOOfXPQIon8EzB7BNKGedHxCFgniZnl10k+pP34YGyphMZTYGdhtAm6zq +T7PlraHQaFgQ3ba78lJcn3cWVZYpbCNJiH+Nna/Akm3/qQKTst3eW1lqopffCs1m +F6G6wjiHCw2bio5uX1c/gDr4Peh0E28heAqKopjultPXPZbSZL4D3fJIGP2j6e1B +wvmIRgQQEQIABgUCTrg/KAAKCRC+dA9BPyK7GcYrAKCgKW+qFwbMNeh4ikFg9fJx +4/lH9wCdGevT7dwBzPe6L+aWZxipEXYmjx6JAj4EEwECACgFAk64PN0CGwMFCQIc +hwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPwbVHyNgXLIThYP/AnoLpQl +whEEKaIhOSOKXegfdUHK6cL4cHRACzRIbBk/S4G2Vg/bnUW8tvWZDQLZ3CGL8Z0F +tNQ6GusUxt7mcYdSj7xynbi7bZiurgYp7B7hh1hVG3pAXEwlDnJgfoc0YZHrHZwt +HnNVYOfGEQF4zyplmUUxDyp/ZMYcXMr3PVJkYBJhYKCHOkMUtzzNjSSginaqZY1p +fgbP+Gou/9qgotkYiH84oUG9yTSKLIO5x0WzQYuoPNJyOdSHaLPfEqCC435vCYT5 +YLZB1YI5xzQiGsAL//cUCe267oiFmO9Ioky/azeX1Ouy2DH8uEDQPQFTJYXt3CbL +i10HkoBWdmncPC6+b0IJjDUo8Iv4yk0xFt2/DGkGK3h6jJxJ9pzx5KBT46iLfU50 +iTWMTguXn9ud/UJV0MpKgKjvO9hB4fae60n2UootknzEw6Y5W55PfGkT14WcrGGo +WHLSbpR6+gA9apU1cdoOC8nXlf3Eb2No6LP3X7RJXqiRsdP0s6QXkZGfR/qyNXI9 +S5j6wIyqNFU0cX21UgI9oJSKEKIKEFacgyD9za0gswEI+DZr8/p3cJE89ZX8ySgO +FG148wgaakTNGyGwR6aogGZ8IAHc83bnwGCgTeK6ZPSKNLSE/sImcTOrxIN1/x39 +r8o0TxuZjqFH+zKWfpdHX+sJLyi8Gs29CsUhiQI+BBMBAgAoAhsDBgsJCAcDAgYV +CAIJCgsEFgIDAQIeAQIXgAUCUNol+gUJA/yTqwAKCRD8G1R8jYFyyLl/EACG6QRV +kKVBoI2Ycr4UISk2+gCD2r4xSK/QLEhDFcZRgMctvPVnhod3uJOsMGJCk3aPGu91 +Jtwuj0CkeURa/cVzOjC+f7baveTuWQaAqW+r70m6F4gYHU0aDD/uQ75rTCcrsmt2 +pnZCyA9jLJxQGG11AvbOcV+7K7BuIvXs4iAactZ0hRvDVuGXuup2LnUbxyBU2oj7 +OWCXKTpZcJ0KGTWapMf8ClYYsEgS0wvMWotJzAov7ijkoP2DyEQVOPTnGWcfjsTk +QgbyqiFeBl+3IT4+xSzkPsd75dCYhsHBvCoT8cfUH4wvDXzU2CwpC1CDfHit6Hw5 +UigvZ8HXyn00Bm0UjLHGW+haS3kyOoz+z09gVFYd33cpjSnFr5is8ZMBPW31PE15 +q9/l6G/o6OGJCtOax3Yi6ttqn+KbDXIooZoRPZlayOSghyjoD40+ErevmqZPfJ3E +o1kHz62B1YpoXmhUm2Ihf2SbjWJRaW9Hp2nd81kAAXjr+8k4yvOuHxwYPFnpBjfV +cfYNQ3Zf5xF4nfszFuZMc5JYrIR3EYVgEk+n8VpulAqd0rXUEODwGy7rPjdxLY7w +DhUEZMQN3xweIb4vjPDBb0Ax3ACyfWKIdT0kC3rGOy9xyCzxWO2CjHMjrbxy4jL7 +B0WIQ5fpRcV2+wozs2WYgJKVKJgJZGYsW8dDLYkCHAQQAQIABgUCUtgrXgAKCRBH +1QFsQv98LIX0EADVefJUEMGKiTFLwUmWNF2X4oCzEZEMsQ6NliiQFvtNkKrT+OzZ +zggxfINUr0XEKgjjoGZ03Hmm7xAFc1Y51QZEr25H18PuSixz2YSHPqYwwVgLUh0v +u2AqaP0mQckssK+ZAQVvoZ7ZOI22ZXIZ6CPEPY6aJawHov8Strlm8oTbFgLfZ5Wo +3NCxMkkq3NFNHuwesccelNPefgnFZWhwr1mkUeX+rCAbQF/QHYEAi7KjfKyY+XKs +ccjYS+RWxpte21ejngp7pRYli3M8cZoaWKCzLTrD8gKztlo3op9Zc2+hjOY9gZtG +CaXkN8lchJ1yMyWju61ZO++AJq6S2OdBVxgsj9xPm+x91RbZRHQmUuq8mefUzaEm +NHE29udVFfuV//Fpabi04IrOuabkrSvP27eX9FT1y25tKFHuJdL5fDUFGnNnTvcR +X51lJmvnuIKJQ+Lthup7npS0L06+dPIDoqyxF8hmdu3RtwEsvkboPaxx5XTB5d8y +3wzBFWd4ePwBIumrY1YHSzdJCvyyLRXZbSOsHXgZfhfQ1LVgxxebP7E+stWqGLLC +Fry0WGG8f/UUgVr1QpluT6NjioUnuI/ZmKR/aKewqVYWAnr54fF+np4VdxPfYwci +lpbXpkamORZqPfq/nyoWgnp+y4AptDdDkSWnFxfcJ1wnFFcrHVUSFQ1wBYkCPgQT +AQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlLV0QsFCQXdHmsACgkQ +/BtUfI2BcsjV6w/9Fe1+3Mc6wG3R9VbxiYo13/JV4t+tA9/tcJ1R/Y96eAqVajoK +c2ZQ7FrimmlzvLIvxpH4Z76h3NmPWfOQ6qEumZQ5BM3QwBfQQ3Tmj10gfiL5vOZJ +6dUaJjwXgjz0Qyk1G3gw7K1xmtnXgBPyGT9T9q3OAhHHdV2b6xS9dWoNKhUV8GUn +HfIKwq+87aZqexjFE7ubZdOAe+5nrqnlMEfJKgDjXbazES9IYvPQiSjwR3xaIPOa +ma5WfQV0SHg3Vkhtv2PjuoYWNfNy17N7u+dfg7nAtKLIQCPht45uKk66BYWYBoDI +VQfg6zcFLpdNcFzzwmgrYRZvEvBf5aSG3KFD7UReT0695/lHheRxEAA3thsx8gaM +CCavtVxbVUluEfYZ7TgXLMuIO9OBKhi7MwB3iL5qacrNShMB+1J5FxieJBmWXdla ++kCdCdS+9kIZH+mnQ8daGEJ5R9mNcVwcWasI0o9NObqIZwhKw4obrC5Q7m2NfXL6 +FUScfA7yn7+/icdQB9fH2ZXGJVuNm1b8OBN6Nbz0QauaCystWzKXKwpVb/5M623v +Vw75RfnqCFiAf4tX58nL/QalJc4C0E+TvQ2pXC47VQvHmiAB31vKvU0nbo+lzi64 +hAPWJnhr2pmTvglquTFzLwEsWfO4zDtUwFo8KM1XFsonaoX5UzGTXPmIN5+0J0xl +dmVudGUgUG9seWFrIDxhbnRocmF4eEBhcmNobGludXgub3JnPokCPwQTAQIAKQIb +AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheABQJUl1PbBQkHwE8PAAoJEPwbVHyN +gXLIdGAP/0ch1NeFyXWszqA5ow+itBn6iyUaplXB5I56Q77cTIFB6LqJ5+2kdUuO +UqPvOilGS3dxbyDsSdWDLs+bHRFG4uqZyGUDhmu2mvS+uDqPFwcKJUNDlgdccxph +sA5HJFGg1ca0TWWg8vjwANdU4sL9Ujbaw93v0Mx/1+aSIxyEJBNxc6DJWEfCjpSy +R9JB8WTHgvxEAImVNsT1OGNTvd2DN+17WBhxBktLHDocIGJ/fttzFgKkv6NTPwt+ +y4QyP3UgeYRZR21B6MVckk2/UuCuCY7gAGruTFVoINa/Wqn2YPPZhJYrTX7ysDaV +QLObxlepeo0UWC7wFEiuqu5OM75MWLUX8j/1OAIE6my85vrlcWSf0Z3jOAgPTjJw +VT5h7T/7NPP2azoIlOE2bh5UcKXFkT0xDYPcMr2hV2Ih+jU+Ygiyg/1yIIxearmm +PFjfIHMLepa+7RPtTlHwu4fpNPXzL13W6PXSoCTTi/suGlYmSyLtOwxq15GGT3vg +1Xh8wfkuWwbWJnBKXtt8HkteQRgDngDnRSJwsO2nnQ7+sr+F8J3rQDdlVdVcolic +ekup8ZgSjJYinfcpF+H+qy2kK2jOYyyHI/+zHQtwy1R7MbLwPJe7WNWrBmEvmazB +2//Iu5EVIfFX3flPjeRQbKX4B/SuXF48uo0/8WfdgaMW8glRWJnbiQI/BBMBAgAp +BQJUSwOnAhsDBQkF3R5rBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ/BtU +fI2Bcsj5ihAAg0d0A8OUsNWG7TiPQTuC/D4e/5JTkJARmQ5xO6gMPxTpjSZCyWEl +7gQOg/liU8nz5HZGaJgg4HuBwTs6euqdnVi6zhW1c1wye2thGTQ7DeSPJnhju3Qe +mPS1jEdC34lXCo6eGjdKnGb7TV7hkptHKHh7XCU9n6qcXQ2cNQQbdqSCRsfVm1XD ++p+mM/FGOz8uFOrhERAUl99WkVZ4NKTdws8U6FXulbdWrWwI4eRggIdwI/Tl7zuy +ja7KxBCCeJ/gFY6g+iOYmIo6//bJITgmAG60hFHJ9JigcN6xglYFI28TCdNqM0+C +hgbZUner0vLmaxRNoXqV9Xw8ihNMQa7fUFYkX8VrXOdLdVvee7OaeLuWWE8x6usQ +NzgLDQQx9fmxtrQY+dC6Y25IPMm094z0nrbM1wtfG2+8Vw4mQ2U099fT5t3Yl7fE +PlanhgQxRZE78PxezyYxms4HV+wqvrhlBzFnWAd6H27uDPfUfO9cLgbmFTUlwFhg +gsDeIFRFx8+h4/0xAIPqUODmTiN0mj5sLRW7zvqZW6zhsGIMdPd+IkhHiGjeJqme +Ai0iOjpV3tRteoW51/+/ajPmyUBbvOxiFJNADHH2NvqoBMU1pkTvpc7Wy+2J9VcF +4TFdWBbwjU8BoC3ZgixTrT0zCSwabnKriglOhA5Ik/n5HsR7S76V13y0KExldmVu +dGUgUG9seWFrIDxhbnRocmF4eEBoYW1idXJnLmNjYy5kZT6JAj0EEwEIACcFAlSX +VHICGwMFCQfATw8FCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ/BtUfI2Bcsia +Wg//SKLFNUTEBQG11cV/AljxmI2s8y+cPKs3VqlwEjiuRMu4DRkFVaZNEuPq0b8q +8pwcHIJ5/nZvOticm9M/g7TrTp3pOxmSYf7WG31vVrprig22dz8WxQAy76srNn1z +stg0TFO7nKNVjZOFz5D0RpWazwnXyDed3l2/7RZ1CMv7ue/rZez8FnDHN7Di3daX +AJ5XkvDAsD6AITYQd+4XEbh2rt9p8G6qUUjwzoVU/aGVgo1CGZydYMJQVccNL7kv +fumnwkAED8u9j0ZI+xfaD3c1rP98bnqk9u8rJPCAeIkA4ppisDb7noz0NaO7dDyM +ywBK4OR478fw5h7GfiIwZdVAHkCoEHNvF1ON8JnYgyplLvZvxZ0dtYGDYDiFdORN +gVgGMU12kemPws4hEx3WMgUu/BBkF58XyQyqcwt7q+WGI2lQ88UzZ/FAsu8i8r/J +jkV8FsiCJ2rSHEMddmOHoaTM+6oB2i9kZo7KmToSZu7DxuemlHpuOO3kG/iRga2y +NeancRJwbxgZhNGBbhrA/7k5UOcXkmfW74oBkbCci0ncVhHu12dsJXhk+eprkOXv +nD1vEIeuzL4V/SMDar3SxFlfLFwQk4cn9+pdeP3LxwHKBn74pABsbEBhEY4IjUEL +YOTEVoP6s+Ou1NcLxFl3elmniwL2+GV5rDM8pctkKNemtZa5Ag0ETrg4RQEQALfu +qEihKS+DTVlWUujzSq5zK/5oQ1ZL8AiTUTZuVtrRWCq0HE8tWaVxEP3Vt9FCo7yF +afXigokChzHOgzczg80tctrlv+vbFyaZnjGQH20Nlz8EnZP102zudx/RdFXG/up8 +PX50Eck2lH+IvvosMLdvrZTkFJ4SgqMGSoAgMhJHZdZB5N0y8yPPAjcEnSXp8L2A +mo9e0egCrEuqBrCZld00nIoipyDlYNZkLjPf0JRgFPO/AWWgBZLvLlteLu0emq8N +96bT3QTdXpRVPM0qeX94+2gIj+0V1uQ9+k5Xkslbbii9TnOzMnLRO6dBAONVTTb3 +ajzdXK71iv2a8Y9lKShxhYWP9JNOFlXkAp+ZoD7EZex4dgu6giV3PrTDJLyWSu41 +WfqOz6cJGpJSTacrenC542ynAaSVKXH+1plqB9kq/M7HtE/P4GveQXIVT9Sho394 +4hwkuETo20KwCgFPMmiNaBysnOykIcDsDutBOyygdovzdGEyHVsM8/kz007QFgJf +hKy91H6O/Cg7VH+yaUKllRZ+kFsoSy8/E0IqLzqBHG3sUGM6lJ0Q9fgSnpzIZsdE +jRhczNCvlovGLa/kBHcEUWQ2zrjnfjsLkxvamKJ8N6LLIXIDRv5dE2smpdi3oiVg +XdOKshyXB+obhRFlWtirK4udX5yYzUpcB0zBoo1hABEBAAGJAiUEGAECAA8CGwwF +AlSXVAEFCQfATzwACgkQ/BtUfI2Bcsj0Tw//dyDYwcnh0BIb+nDCXFC91KiPUILa +f+wI5w6c9YYEo6TR89q6Wsq8EDiqcqSJcztuNvw3MZGHWA25nNB/0046CGM/tUBd +Jyudd3TxQBi6XMMSTbG1EMtSN1UMV4guuUfYcAGW38oZ+YJACCBFFz/Kt0aa/hhi +/hBNyvI73vZfQ/fsScFDewkxikUEspRsLVmX6gaEmumOxOhJP3HBoxeBCM4Z3IXo +dON2SiiMxt9BPIPJOyKNkFQGQ3dqJIag3GnsZ1s0CEoi8iqF7uS4RjC7uOJtvn74 +CODxg1Ibl1IweyAuBEA80wUh9DGLAdRJpxWy1B2fDhIROvpcg0R5p6j9UX0b0esc +jKLQEiE1wRswjXhWpZhe7Pjl38KhwqMyaeR3OnDtP7JXazIG6HiBIp4cx4k5A2TT +X+LhvG3NHCeuxIyjLTRTWgv241kf7uAu+qgjHDSKXQqpjvo+cUYQgSxQZZXnmlz0 +sz/tEeiWl+i8kW/RNKQvNNR8ghWDW3YRak/zS+WFNoLZchecIzMj+je1vSg411o4 +Xd3LHDur6boCetaq7ZkqoS+NcX9n8MnKhHKYJblvXyc1h67s90+wSwhlumA8WqlM +yqn99m13aF8GuGZbw5B2/x/Cd7WW5wZV6ioola/yqDXB1XtDFBy2Hxr/VMRlE3Cu +kekzzVjVTZxOgZE= +=yRuG +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix new file mode 100644 index 00000000000..95510fe218e --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -0,0 +1,85 @@ +# Based on recommendations from: +# http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#Recommended_settings +# https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project +# +# Dangerous features that can be permanently (for the boot session) disabled at +# boot via sysctl or kernel cmdline are left enabled here, for improved +# flexibility. +# +# See also + +{ stdenv, version }: + +with stdenv.lib; +with stdenv.lib.kernel; +with (stdenv.lib.kernel.whenHelpers version); + +assert (versionAtLeast version "4.9"); + +{ + # Report BUG() conditions and kill the offending process. + BUG = yes; + + # Safer page access permissions (wrt. code injection). Default on >=4.11. + DEBUG_RODATA = whenOlder "4.11" yes; + DEBUG_SET_MODULE_RONX = whenOlder "4.11" yes; + + # Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n + # conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter + # implicitly marks LSM hooks read-only after init. + # + # SELinux can only be disabled at boot via selinux=0 + # + # We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the + # config builder fails to detect that it has indeed been unset. + SECURITY_SELINUX_DISABLE = whenAtLeast "4.12" no; + SECURITY_WRITABLE_HOOKS = whenAtLeast "4.12" (option no); + + STRICT_KERNEL_RWX = whenAtLeast "4.11" yes; + + # Perform additional validation of commonly targeted structures. + DEBUG_CREDENTIALS = yes; + DEBUG_NOTIFIERS = yes; + DEBUG_PI_LIST = yes; # doesn't BUG() + DEBUG_SG = yes; + SCHED_STACK_END_CHECK = yes; + + REFCOUNT_FULL = whenAtLeast "4.13" yes; + + # Randomize page allocator when page_alloc.shuffle=1 + SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; + + # Allow enabling slub/slab free poisoning with slub_debug=P + SLUB_DEBUG = yes; + + # Wipe higher-level memory allocations on free() with page_poison=1 + PAGE_POISONING = yes; + PAGE_POISONING_NO_SANITY = yes; + PAGE_POISONING_ZERO = yes; + + # Enable the SafeSetId LSM + SECURITY_SAFESETID = whenAtLeast "5.1" yes; + + # Reboot devices immediately if kernel experiences an Oops. + PANIC_TIMEOUT = freeform "-1"; + + GCC_PLUGINS = yes; # Enable gcc plugin options + # Gather additional entropy at boot time for systems that may = no;ot have appropriate entropy sources. + GCC_PLUGIN_LATENT_ENTROPY = yes; + + GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address + GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin + GCC_PLUGIN_RANDSTRUCT = whenAtLeast "4.13" yes; # A port of the PaX randstruct plugin + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenAtLeast "4.13" yes; + + # Disable various dangerous settings + ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory + PROC_KCORE = no; # Exposes kernel text image layout + INET_DIAG = no; # Has been used for heap based attacks in the past + + # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. + CC_STACKPROTECTOR_REGULAR = whenOlder "4.18" no; + CC_STACKPROTECTOR_STRONG = whenOlder "4.18" yes; + +} diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json new file mode 100644 index 00000000000..118998a605b --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -0,0 +1,27 @@ +{ + "4.14": { + "name": "linux-hardened-4.14.179.a.patch", + "sha256": "0vdcg8713vhraqp04b6lw15qdrvg4iw646d54x6ic0421nxp9zmj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.179.a/linux-hardened-4.14.179.a.patch" + }, + "4.19": { + "name": "linux-hardened-4.19.121.a.patch", + "sha256": "0bwjx7qbzd50607kr1abx3rd19iciry3p1y3a8sz5w3vb62j8m6z", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.121.a/linux-hardened-4.19.121.a.patch" + }, + "5.4": { + "name": "linux-hardened-5.4.39.a.patch", + "sha256": "1w9yc0j8vshjyvb2qgxjvrdgwiy5lmjn3s1rmlch649vqp97j9w7", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.39.a/linux-hardened-5.4.39.a.patch" + }, + "5.5": { + "name": "linux-hardened-5.5.19.a.patch", + "sha256": "1ya5nsfhr3nwz6qiz4pdhvm6k9mx1kr0prhdvhx3p40f1vk281sc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" + }, + "5.6": { + "name": "linux-hardened-5.6.11.a.patch", + "sha256": "1b6cwffb2b21h9xh2acm9q9j55cay87zbv9jjayv69znry4mzsx3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.11.a/linux-hardened-5.6.11.a.patch" + } +} diff --git a/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch new file mode 100644 index 00000000000..ff8a3a12797 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch @@ -0,0 +1,7 @@ +diff --git a/localversion-hardened b/localversion-hardened +new file mode 100644 +index 0000000000..e578045860 +--- /dev/null ++++ b/localversion-hardened +@@ -0,0 +1 @@ ++-hardened diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py new file mode 100755 index 00000000000..1ef5acd3eb0 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -0,0 +1,256 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i python -p "python3.withPackages (ps: [ps.PyGithub])" git gnupg + +# This is automatically called by ../update.sh. + +import json +import os +import re +import subprocess +import sys +from pathlib import Path +from tempfile import TemporaryDirectory + +from github import Github + +HERE = Path(__file__).resolve().parent +NIXPKGS_KERNEL_PATH = HERE.parent +NIXPKGS_PATH = HERE.parents[4] +HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" +HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" +HARDENED_PATCHES_PATH = HERE / "patches.json" +MIN_KERNEL_VERSION = [4, 14] + + +def run(*args, **kwargs): + try: + return subprocess.run( + args, + **kwargs, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + except subprocess.CalledProcessError as err: + print( + f"error: `{err.cmd}` failed unexpectedly\n" + f"status code: {err.returncode}\n" + f'stdout:\n{err.stdout.decode("utf-8").strip()}\n' + f'stderr:\n{err.stderr.decode("utf-8").strip()}', + file=sys.stderr, + ) + sys.exit(1) + + +def nix_prefetch_url(url): + output = run("nix-prefetch-url", "--print-path", url).stdout + sha256, path = output.decode("utf-8").strip().split("\n") + return sha256, Path(path) + + +def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path): + with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str: + gnupg_home = Path(gnupg_home_str) + run("gpg", "--homedir", gnupg_home, "--import", trusted_key) + keyring = gnupg_home / "pubring.kbx" + try: + subprocess.run( + ("gpgv", "--keyring", keyring, sig_path, data_path), + check=True, + stderr=subprocess.PIPE, + ) + return True + except subprocess.CalledProcessError as err: + print( + f"error: signature for {name} failed to verify!", + file=sys.stderr, + ) + print(err.stderr.decode("utf-8"), file=sys.stderr, end="") + return False + + +def fetch_patch(*, name, release): + def find_asset(filename): + try: + return next( + asset.browser_download_url + for asset in release.get_assets() + if asset.name == filename + ) + except StopIteration: + raise KeyError(filename) + + patch_filename = f"{name}.patch" + try: + patch_url = find_asset(patch_filename) + sig_url = find_asset(patch_filename + ".sig") + except KeyError: + print(f"error: {patch_filename}{{,.sig}} not present", file=sys.stderr) + return None + + sha256, patch_path = nix_prefetch_url(patch_url) + _, sig_path = nix_prefetch_url(sig_url) + sig_ok = verify_openpgp_signature( + name=name, + trusted_key=HARDENED_TRUSTED_KEY, + sig_path=sig_path, + data_path=patch_path, + ) + if not sig_ok: + return None + + return { + "name": patch_filename, + "url": patch_url, + "sha256": sha256, + } + + +def parse_version(version_str): + version = [] + for component in version_str.split("."): + try: + version.append(int(component)) + except ValueError: + version.append(component) + return version + + +def version_string(version): + return ".".join(str(component) for component in version) + + +def major_kernel_version_key(kernel_version): + return version_string(kernel_version[:-1]) + + +def commit_patches(*, kernel_key, message): + new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new") + with open(new_patches_path, "w") as new_patches_file: + json.dump(patches, new_patches_file, indent=4, sort_keys=True) + new_patches_file.write("\n") + os.rename(new_patches_path, HARDENED_PATCHES_PATH) + message = f"linux/hardened/patches/{kernel_key}: {message}" + print(message) + if os.environ.get("COMMIT"): + run( + "git", + "-C", + NIXPKGS_PATH, + "commit", + f"--message={message}", + HARDENED_PATCHES_PATH, + ) + + +# Load the existing patches. +with open(HARDENED_PATCHES_PATH) as patches_file: + patches = json.load(patches_file) + +NIX_VERSION_RE = re.compile( + r""" + \s* version \s* = + \s* " (?P [^"]*) " + \s* ; \s* \n + """, + re.VERBOSE, +) + +# Get the set of currently packaged kernel versions. +kernel_versions = {} +for filename in os.listdir(NIXPKGS_KERNEL_PATH): + filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) + if filename_match: + with open(NIXPKGS_KERNEL_PATH / filename) as nix_file: + for nix_line in nix_file: + match = NIX_VERSION_RE.fullmatch(nix_line) + if match: + kernel_version = parse_version(match.group("version")) + if kernel_version < MIN_KERNEL_VERSION: + continue + kernel_key = major_kernel_version_key(kernel_version) + kernel_versions[kernel_key] = kernel_version + +# Remove patches for unpackaged kernel versions. +for kernel_key in sorted(patches.keys() - kernel_versions.keys()): + commit_patches(kernel_key=kernel_key, message="remove") + +g = Github(os.environ.get("GITHUB_TOKEN")) +repo = g.get_repo(HARDENED_GITHUB_REPO) + +failures = False + +# Match each kernel version with the best patch version. +releases = {} +for release in repo.get_releases(): + version = parse_version(release.tag_name) + # needs to look like e.g. 5.6.3.a + if len(version) < 4: + continue + + kernel_version = version[:-1] + kernel_key = major_kernel_version_key(kernel_version) + try: + packaged_kernel_version = kernel_versions[kernel_key] + except KeyError: + continue + + release_info = { + "version": version, + "release": release, + } + + if kernel_version == packaged_kernel_version: + releases[kernel_key] = release_info + else: + # Fall back to the latest patch for this major kernel version, + # skipping patches for kernels newer than the packaged one. + if kernel_version > packaged_kernel_version: + continue + elif ( + kernel_key not in releases + or releases[kernel_key]["version"] < version + ): + releases[kernel_key] = release_info + +# Update hardened-patches.json for each release. +for kernel_key, release_info in releases.items(): + release = release_info["release"] + version = release_info["version"] + version_str = release.tag_name + name = f"linux-hardened-{version_str}" + + try: + old_filename = patches[kernel_key]["name"] + old_version_str = old_filename.replace("linux-hardened-", "").replace( + ".patch", "" + ) + old_version = parse_version(old_version_str) + update = old_version < version + except KeyError: + update = True + old_version = None + + if update: + patch = fetch_patch(name=name, release=release) + if patch is None: + failures = True + else: + patches[kernel_key] = patch + if old_version: + message = f"{old_version_str} -> {version_str}" + else: + message = f"init at {version_str}" + commit_patches(kernel_key=kernel_key, message=message) + +missing_kernel_versions = kernel_versions.keys() - patches.keys() + +if missing_kernel_versions: + print( + f"warning: no patches for kernel versions " + + ", ".join(missing_kernel_versions), + file=sys.stderr, + ) + +if failures: + sys.exit(1) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 1c4af8c32a6..8ce1ac2b587 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -35,7 +35,7 @@ tag_hardened = { name = "tag-hardened"; - patch = ./tag-hardened.patch; + patch = ./hardened/tag-hardened.patch; }; hardened = let @@ -43,7 +43,7 @@ name = lib.removeSuffix ".patch" src.name; patch = fetchurl src; }; - patches = builtins.fromJSON (builtins.readFile ./hardened-patches.json); + patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json); in lib.mapAttrs mkPatch patches; # https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6 diff --git a/pkgs/os-specific/linux/kernel/tag-hardened.patch b/pkgs/os-specific/linux/kernel/tag-hardened.patch deleted file mode 100644 index ff8a3a12797..00000000000 --- a/pkgs/os-specific/linux/kernel/tag-hardened.patch +++ /dev/null @@ -1,7 +0,0 @@ -diff --git a/localversion-hardened b/localversion-hardened -new file mode 100644 -index 0000000000..e578045860 ---- /dev/null -+++ b/localversion-hardened -@@ -0,0 +1 @@ -+-hardened diff --git a/pkgs/os-specific/linux/kernel/update-hardened.py b/pkgs/os-specific/linux/kernel/update-hardened.py deleted file mode 100755 index bc9110578d6..00000000000 --- a/pkgs/os-specific/linux/kernel/update-hardened.py +++ /dev/null @@ -1,254 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python -p "python3.withPackages (ps: [ps.PyGithub])" git gnupg - -# This is automatically called by ./update.sh. - -import json -import os -import re -import subprocess -import sys -from pathlib import Path -from tempfile import TemporaryDirectory - -from github import Github - -HERE = Path(__file__).resolve().parent -HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" -HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" -HARDENED_PATCHES_PATH = HERE / "hardened-patches.json" -MIN_KERNEL_VERSION = [4, 14] - - -def run(*args, **kwargs): - try: - return subprocess.run( - args, - **kwargs, - check=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - except subprocess.CalledProcessError as err: - print( - f"error: `{err.cmd}` failed unexpectedly\n" - f"status code: {err.returncode}\n" - f'stdout:\n{err.stdout.decode("utf-8").strip()}\n' - f'stderr:\n{err.stderr.decode("utf-8").strip()}', - file=sys.stderr, - ) - sys.exit(1) - - -def nix_prefetch_url(url): - output = run("nix-prefetch-url", "--print-path", url).stdout - sha256, path = output.decode("utf-8").strip().split("\n") - return sha256, Path(path) - - -def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path): - with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str: - gnupg_home = Path(gnupg_home_str) - run("gpg", "--homedir", gnupg_home, "--import", trusted_key) - keyring = gnupg_home / "pubring.kbx" - try: - subprocess.run( - ("gpgv", "--keyring", keyring, sig_path, data_path), - check=True, - stderr=subprocess.PIPE, - ) - return True - except subprocess.CalledProcessError as err: - print( - f"error: signature for {name} failed to verify!", - file=sys.stderr, - ) - print(err.stderr.decode("utf-8"), file=sys.stderr, end="") - return False - - -def fetch_patch(*, name, release): - def find_asset(filename): - try: - return next( - asset.browser_download_url - for asset in release.get_assets() - if asset.name == filename - ) - except StopIteration: - raise KeyError(filename) - - patch_filename = f"{name}.patch" - try: - patch_url = find_asset(patch_filename) - sig_url = find_asset(patch_filename + ".sig") - except KeyError: - print(f"error: {patch_filename}{{,.sig}} not present", file=sys.stderr) - return None - - sha256, patch_path = nix_prefetch_url(patch_url) - _, sig_path = nix_prefetch_url(sig_url) - sig_ok = verify_openpgp_signature( - name=name, - trusted_key=HARDENED_TRUSTED_KEY, - sig_path=sig_path, - data_path=patch_path, - ) - if not sig_ok: - return None - - return { - "name": patch_filename, - "url": patch_url, - "sha256": sha256, - } - - -def parse_version(version_str): - version = [] - for component in version_str.split("."): - try: - version.append(int(component)) - except ValueError: - version.append(component) - return version - - -def version_string(version): - return ".".join(str(component) for component in version) - - -def major_kernel_version_key(kernel_version): - return version_string(kernel_version[:-1]) - - -def commit_patches(*, kernel_key, message): - new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new") - with open(new_patches_path, "w") as new_patches_file: - json.dump(patches, new_patches_file, indent=4, sort_keys=True) - new_patches_file.write("\n") - os.rename(new_patches_path, HARDENED_PATCHES_PATH) - message = f"linux/hardened-patches/{kernel_key}: {message}" - print(message) - if os.environ.get("COMMIT"): - run( - "git", - "-C", - HERE, - "commit", - f"--message={message}", - "hardened-patches.json", - ) - - -# Load the existing patches. -with open(HARDENED_PATCHES_PATH) as patches_file: - patches = json.load(patches_file) - -NIX_VERSION_RE = re.compile( - r""" - \s* version \s* = - \s* " (?P [^"]*) " - \s* ; \s* \n - """, - re.VERBOSE, -) - -# Get the set of currently packaged kernel versions. -kernel_versions = {} -for filename in os.listdir(HERE): - filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) - if filename_match: - with open(HERE / filename) as nix_file: - for nix_line in nix_file: - match = NIX_VERSION_RE.fullmatch(nix_line) - if match: - kernel_version = parse_version(match.group("version")) - if kernel_version < MIN_KERNEL_VERSION: - continue - kernel_key = major_kernel_version_key(kernel_version) - kernel_versions[kernel_key] = kernel_version - -# Remove patches for unpackaged kernel versions. -for kernel_key in sorted(patches.keys() - kernel_versions.keys()): - commit_patches(kernel_key=kernel_key, message="remove") - -g = Github(os.environ.get("GITHUB_TOKEN")) -repo = g.get_repo(HARDENED_GITHUB_REPO) - -failures = False - -# Match each kernel version with the best patch version. -releases = {} -for release in repo.get_releases(): - version = parse_version(release.tag_name) - # needs to look like e.g. 5.6.3.a - if len(version) < 4: - continue - - kernel_version = version[:-1] - kernel_key = major_kernel_version_key(kernel_version) - try: - packaged_kernel_version = kernel_versions[kernel_key] - except KeyError: - continue - - release_info = { - "version": version, - "release": release, - } - - if kernel_version == packaged_kernel_version: - releases[kernel_key] = release_info - else: - # Fall back to the latest patch for this major kernel version, - # skipping patches for kernels newer than the packaged one. - if kernel_version > packaged_kernel_version: - continue - elif ( - kernel_key not in releases - or releases[kernel_key]["version"] < version - ): - releases[kernel_key] = release_info - -# Update hardened-patches.json for each release. -for kernel_key, release_info in releases.items(): - release = release_info["release"] - version = release_info["version"] - version_str = release.tag_name - name = f"linux-hardened-{version_str}" - - try: - old_filename = patches[kernel_key]["name"] - old_version_str = old_filename.replace("linux-hardened-", "").replace( - ".patch", "" - ) - old_version = parse_version(old_version_str) - update = old_version < version - except KeyError: - update = True - old_version = None - - if update: - patch = fetch_patch(name=name, release=release) - if patch is None: - failures = True - else: - patches[kernel_key] = patch - if old_version: - message = f"{old_version_str} -> {version_str}" - else: - message = f"init at {version_str}" - commit_patches(kernel_key=kernel_key, message=message) - -missing_kernel_versions = kernel_versions.keys() - patches.keys() - -if missing_kernel_versions: - print( - f"warning: no patches for kernel versions " - + ", ".join(missing_kernel_versions), - file=sys.stderr, - ) - -if failures: - sys.exit(1) diff --git a/pkgs/os-specific/linux/kernel/update.sh b/pkgs/os-specific/linux/kernel/update.sh index c483661b6f5..55fdce06c97 100755 --- a/pkgs/os-specific/linux/kernel/update.sh +++ b/pkgs/os-specific/linux/kernel/update.sh @@ -62,4 +62,4 @@ done COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh # Update linux-hardened -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-hardened.py +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 349bc242ee1..f6419394b2d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17014,7 +17014,7 @@ in # Hardened linux hardenedLinuxPackagesFor = kernel: linuxPackagesFor (kernel.override { - structuredExtraConfig = import ../os-specific/linux/kernel/hardened-config.nix { + structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix { inherit stdenv; inherit (kernel) version; }; -- cgit 1.4.1 From e77d174fcdba9c12468553c895ce235e9ea6bb77 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 26 Apr 2020 04:06:11 +0100 Subject: linux/hardened/update.py: add type annotations --- pkgs/os-specific/linux/kernel/hardened/update.py | 86 +++++++++++++++--------- 1 file changed, 53 insertions(+), 33 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 1ef5acd3eb0..116dd616891 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -1,17 +1,44 @@ #! /usr/bin/env nix-shell -#! nix-shell -i python -p "python3.withPackages (ps: [ps.PyGithub])" git gnupg +#! nix-shell -i python -p "python38.withPackages (ps: [ps.PyGithub])" git gnupg # This is automatically called by ../update.sh. +from __future__ import annotations + import json import os import re import subprocess import sys +from dataclasses import dataclass from pathlib import Path from tempfile import TemporaryDirectory +from typing import ( + Dict, + Iterator, + List, + Optional, + Sequence, + Tuple, + TypedDict, + Union, +) from github import Github +from github.GitRelease import GitRelease + +VersionComponent = Union[int, str] +Version = List[VersionComponent] + + +Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str}) + + +@dataclass +class ReleaseInfo: + version: Version + release: GitRelease + HERE = Path(__file__).resolve().parent NIXPKGS_KERNEL_PATH = HERE.parent @@ -19,17 +46,13 @@ NIXPKGS_PATH = HERE.parents[4] HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" HARDENED_PATCHES_PATH = HERE / "patches.json" -MIN_KERNEL_VERSION = [4, 14] +MIN_KERNEL_VERSION: Version = [4, 14] -def run(*args, **kwargs): +def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]: try: return subprocess.run( - args, - **kwargs, - check=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, + args, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, ) except subprocess.CalledProcessError as err: print( @@ -42,13 +65,15 @@ def run(*args, **kwargs): sys.exit(1) -def nix_prefetch_url(url): +def nix_prefetch_url(url: str) -> Tuple[str, Path]: output = run("nix-prefetch-url", "--print-path", url).stdout sha256, path = output.decode("utf-8").strip().split("\n") return sha256, Path(path) -def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path): +def verify_openpgp_signature( + *, name: str, trusted_key: Path, sig_path: Path, data_path: Path, +) -> bool: with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str: gnupg_home = Path(gnupg_home_str) run("gpg", "--homedir", gnupg_home, "--import", trusted_key) @@ -69,14 +94,15 @@ def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path): return False -def fetch_patch(*, name, release): - def find_asset(filename): +def fetch_patch(*, name: str, release: GitRelease) -> Optional[Patch]: + def find_asset(filename: str) -> str: try: - return next( + it: Iterator[str] = ( asset.browser_download_url for asset in release.get_assets() if asset.name == filename ) + return next(it) except StopIteration: raise KeyError(filename) @@ -99,15 +125,11 @@ def fetch_patch(*, name, release): if not sig_ok: return None - return { - "name": patch_filename, - "url": patch_url, - "sha256": sha256, - } + return Patch(name=patch_filename, url=patch_url, sha256=sha256) -def parse_version(version_str): - version = [] +def parse_version(version_str: str) -> Version: + version: Version = [] for component in version_str.split("."): try: version.append(int(component)) @@ -116,15 +138,15 @@ def parse_version(version_str): return version -def version_string(version): +def version_string(version: Version) -> str: return ".".join(str(component) for component in version) -def major_kernel_version_key(kernel_version): +def major_kernel_version_key(kernel_version: Version) -> str: return version_string(kernel_version[:-1]) -def commit_patches(*, kernel_key, message): +def commit_patches(*, kernel_key: str, message: str) -> None: new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new") with open(new_patches_path, "w") as new_patches_file: json.dump(patches, new_patches_file, indent=4, sort_keys=True) @@ -144,6 +166,7 @@ def commit_patches(*, kernel_key, message): # Load the existing patches. +patches: Dict[str, Patch] with open(HARDENED_PATCHES_PATH) as patches_file: patches = json.load(patches_file) @@ -177,7 +200,6 @@ for kernel_key in sorted(patches.keys() - kernel_versions.keys()): g = Github(os.environ.get("GITHUB_TOKEN")) repo = g.get_repo(HARDENED_GITHUB_REPO) - failures = False # Match each kernel version with the best patch version. @@ -195,10 +217,7 @@ for release in repo.get_releases(): except KeyError: continue - release_info = { - "version": version, - "release": release, - } + release_info = ReleaseInfo(version=version, release=release) if kernel_version == packaged_kernel_version: releases[kernel_key] = release_info @@ -208,18 +227,20 @@ for release in repo.get_releases(): if kernel_version > packaged_kernel_version: continue elif ( - kernel_key not in releases - or releases[kernel_key]["version"] < version + kernel_key not in releases or releases[kernel_key].version < version ): releases[kernel_key] = release_info # Update hardened-patches.json for each release. for kernel_key, release_info in releases.items(): - release = release_info["release"] - version = release_info["version"] + release = release_info.release + version = release_info.version version_str = release.tag_name name = f"linux-hardened-{version_str}" + old_version: Optional[Version] = None + old_version_str: Optional[str] = None + update: bool try: old_filename = patches[kernel_key]["name"] old_version_str = old_filename.replace("linux-hardened-", "").replace( @@ -229,7 +250,6 @@ for kernel_key, release_info in releases.items(): update = old_version < version except KeyError: update = True - old_version = None if update: patch = fetch_patch(name=name, release=release) -- cgit 1.4.1 From 88486c4e767cb92b0a51d9c41f4e40121c6e3bf1 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 26 Apr 2020 18:12:14 +0100 Subject: linux/hardened/update.py: get versions with nix(1) --- pkgs/os-specific/linux/kernel/hardened/update.py | 31 ++++++++++-------------- 1 file changed, 13 insertions(+), 18 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 116dd616891..7960f1264f8 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -170,29 +170,24 @@ patches: Dict[str, Patch] with open(HARDENED_PATCHES_PATH) as patches_file: patches = json.load(patches_file) -NIX_VERSION_RE = re.compile( - r""" - \s* version \s* = - \s* " (?P [^"]*) " - \s* ; \s* \n - """, - re.VERBOSE, -) - # Get the set of currently packaged kernel versions. kernel_versions = {} for filename in os.listdir(NIXPKGS_KERNEL_PATH): filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) if filename_match: - with open(NIXPKGS_KERNEL_PATH / filename) as nix_file: - for nix_line in nix_file: - match = NIX_VERSION_RE.fullmatch(nix_line) - if match: - kernel_version = parse_version(match.group("version")) - if kernel_version < MIN_KERNEL_VERSION: - continue - kernel_key = major_kernel_version_key(kernel_version) - kernel_versions[kernel_key] = kernel_version + nix_version_expr = f""" + with import {NIXPKGS_PATH} {{}}; + (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version + """ + kernel_version = parse_version( + run( + "nix", "eval", "--impure", "--raw", "--expr", nix_version_expr, + ).stdout.decode("utf-8") + ) + if kernel_version < MIN_KERNEL_VERSION: + continue + kernel_key = major_kernel_version_key(kernel_version) + kernel_versions[kernel_key] = kernel_version # Remove patches for unpackaged kernel versions. for kernel_key in sorted(patches.keys() - kernel_versions.keys()): -- cgit 1.4.1 From b2ad58536c7ed0f0a0d5434d63067011f531e0c5 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 26 Apr 2020 20:09:37 +0100 Subject: linux/hardened/update.py: commit updates in order --- pkgs/os-specific/linux/kernel/hardened/update.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 7960f1264f8..be955efbb53 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -227,7 +227,8 @@ for release in repo.get_releases(): releases[kernel_key] = release_info # Update hardened-patches.json for each release. -for kernel_key, release_info in releases.items(): +for kernel_key in sorted(releases.keys()): + release_info = releases[kernel_key] release = release_info.release version = release_info.version version_str = release.tag_name -- cgit 1.4.1 From 5a5a2d0342ee6610f14a7024c6b01ab6261749f9 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 3 May 2020 12:54:11 +0100 Subject: linux/hardened/update.py: pass encoding to subprocess --- pkgs/os-specific/linux/kernel/hardened/update.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index be955efbb53..3958c85fe20 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -52,14 +52,18 @@ MIN_KERNEL_VERSION: Version = [4, 14] def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]: try: return subprocess.run( - args, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, + args, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + encoding="utf-8", ) except subprocess.CalledProcessError as err: print( f"error: `{err.cmd}` failed unexpectedly\n" f"status code: {err.returncode}\n" - f'stdout:\n{err.stdout.decode("utf-8").strip()}\n' - f'stderr:\n{err.stderr.decode("utf-8").strip()}', + f"stdout:\n{err.stdout.strip()}\n" + f"stderr:\n{err.stderr.strip()}", file=sys.stderr, ) sys.exit(1) @@ -67,7 +71,7 @@ def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]: def nix_prefetch_url(url: str) -> Tuple[str, Path]: output = run("nix-prefetch-url", "--print-path", url).stdout - sha256, path = output.decode("utf-8").strip().split("\n") + sha256, path = output.strip().split("\n") return sha256, Path(path) @@ -83,6 +87,7 @@ def verify_openpgp_signature( ("gpgv", "--keyring", keyring, sig_path, data_path), check=True, stderr=subprocess.PIPE, + encoding="utf-8", ) return True except subprocess.CalledProcessError as err: @@ -90,7 +95,7 @@ def verify_openpgp_signature( f"error: signature for {name} failed to verify!", file=sys.stderr, ) - print(err.stderr.decode("utf-8"), file=sys.stderr, end="") + print(err.stderr, file=sys.stderr, end="") return False @@ -182,7 +187,7 @@ for filename in os.listdir(NIXPKGS_KERNEL_PATH): kernel_version = parse_version( run( "nix", "eval", "--impure", "--raw", "--expr", nix_version_expr, - ).stdout.decode("utf-8") + ).stdout ) if kernel_version < MIN_KERNEL_VERSION: continue -- cgit 1.4.1 From d2ad98b1c985aa572fcfc24dab574645f4d71885 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 9 May 2020 00:06:44 +0200 Subject: microcodeIntel: 20191115 → 20200508 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/os-specific/linux/microcode/intel.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/microcode/intel.nix b/pkgs/os-specific/linux/microcode/intel.nix index 4bf1c02d2df..b57c97c99e5 100644 --- a/pkgs/os-specific/linux/microcode/intel.nix +++ b/pkgs/os-specific/linux/microcode/intel.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "microcode-intel"; - version = "20191115"; + version = "20200508"; src = fetchFromGitHub { owner = "intel"; repo = "Intel-Linux-Processor-Microcode-Data-Files"; rev = "microcode-${version}"; - sha256 = "0pzi5qmrcrdf6nsds4bvyq1hnvv9d1dlrvqrbzcrpxk84rcjwq1x"; + sha256 = "1cs4b7q9j2lw2y09rfa82aijbfmy4lddahz8qlz9gwajf2ziqns8"; }; nativeBuildInputs = [ iucode-tool libarchive ]; -- cgit 1.4.1 From 5e5b684435b10e3d8dfa2eff2eb4a25288c6865e Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 6 May 2020 02:49:54 +0000 Subject: mcelog: 168 -> 169 --- pkgs/os-specific/linux/mcelog/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/mcelog/default.nix b/pkgs/os-specific/linux/mcelog/default.nix index c224595a984..9ead1f6ad4b 100644 --- a/pkgs/os-specific/linux/mcelog/default.nix +++ b/pkgs/os-specific/linux/mcelog/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mcelog"; - version = "168"; + version = "169"; src = fetchFromGitHub { owner = "andikleen"; repo = "mcelog"; rev = "v${version}"; - sha256 = "0mcmmjvvc80nk20n4dknimv0jzvdkj1ajgyq33b2i4v6xq0bz1pb"; + sha256 = "0ghkwfaky026qwj6hmcvz2w2hm8qqj3ysbkxxi603vslmwj56chv"; }; postPatch = '' -- cgit 1.4.1 From 646fc239d350384075ef211072d064c731162e1e Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 2 May 2020 13:56:25 +0000 Subject: libbpf: 0.0.7 -> 0.0.8 --- pkgs/os-specific/linux/libbpf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/libbpf/default.nix b/pkgs/os-specific/linux/libbpf/default.nix index b9626aac22d..aefb5ff6835 100644 --- a/pkgs/os-specific/linux/libbpf/default.nix +++ b/pkgs/os-specific/linux/libbpf/default.nix @@ -6,13 +6,13 @@ with builtins; stdenv.mkDerivation rec { pname = "libbpf"; - version = "0.0.7"; + version = "0.0.8"; src = fetchFromGitHub { owner = "libbpf"; repo = "libbpf"; rev = "v${version}"; - sha256 = "1jcqhqvfbnbijm4jn949ibw1qywai9rwhyijf6lg8cvnyxkib2bs"; + sha256 = "02vbpg9v5sjcw7ihximy63cjmz82q5izkp91i44m1qp6qj5qn4sr"; }; nativeBuildInputs = [ pkgconfig ]; -- cgit 1.4.1 From 887295fd2d8c4da06acdaa185cbb3cc214d83285 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sat, 9 May 2020 10:25:07 +0100 Subject: treewide: remove the-kenny from maintainers @the-kenny did a good job in the past and is set as maintainer in many package, however since 2017-2018 he stopped contributing. To create less confusion in pull requests when people try to request his feedback, I removed him as maintainer from all packages. --- maintainers/maintainer-list.nix | 6 ------ pkgs/applications/audio/audacity/default.nix | 1 - pkgs/applications/audio/streamripper/default.nix | 1 - pkgs/applications/editors/emacs/25.nix | 2 +- pkgs/applications/editors/emacs/default.nix | 2 +- pkgs/applications/graphics/ImageMagick/7.0.nix | 1 - pkgs/applications/graphics/ImageMagick/default.nix | 1 - pkgs/applications/graphics/digikam/default.nix | 1 - pkgs/applications/graphics/openscad/default.nix | 3 +-- pkgs/applications/graphics/rawtherapee/default.nix | 2 +- pkgs/applications/misc/cura/stable.nix | 3 +-- pkgs/applications/misc/curaengine/stable.nix | 1 - pkgs/applications/misc/direwolf/default.nix | 1 - pkgs/applications/misc/slic3r/default.nix | 2 +- pkgs/applications/networking/dropbox/cli.nix | 1 - pkgs/applications/networking/irc/weechat/default.nix | 2 +- pkgs/applications/networking/mailreaders/mutt/default.nix | 2 +- pkgs/applications/networking/mailreaders/notmuch/default.nix | 2 +- pkgs/applications/office/ledger/default.nix | 2 +- pkgs/applications/radio/chirp/default.nix | 1 - pkgs/applications/radio/gnuradio/osmosdr.nix | 2 +- pkgs/applications/radio/gqrx/default.nix | 2 +- pkgs/applications/radio/hackrf/default.nix | 2 +- pkgs/applications/radio/multimon-ng/default.nix | 1 - pkgs/applications/version-management/git-and-tools/git/default.nix | 2 +- pkgs/applications/version-management/git-and-tools/hub/default.nix | 2 +- .../applications/version-management/git-and-tools/stgit/default.nix | 1 - .../version-management/git-and-tools/svn2git/default.nix | 2 -- pkgs/applications/window-managers/herbstluftwm/default.nix | 1 - pkgs/applications/window-managers/stumpwm/default.nix | 1 - pkgs/development/arduino/ino/default.nix | 2 +- pkgs/development/compilers/avra/default.nix | 1 - pkgs/development/compilers/chicken/4/chicken.nix | 2 +- pkgs/development/compilers/chicken/4/egg2nix.nix | 2 +- pkgs/development/compilers/chicken/5/chicken.nix | 2 +- pkgs/development/compilers/chicken/5/egg2nix.nix | 2 +- pkgs/development/compilers/gforth/default.nix | 1 - pkgs/development/compilers/gnu-cobol/default.nix | 2 +- pkgs/development/interpreters/elixir/generic-builder.nix | 2 +- pkgs/development/interpreters/erlang/generic-builder.nix | 2 +- pkgs/development/interpreters/scheme48/default.nix | 1 - pkgs/development/python-modules/podcats/default.nix | 1 - pkgs/development/python-modules/todoist/default.nix | 1 - pkgs/development/tools/build-managers/leiningen/default.nix | 1 - pkgs/development/tools/build-managers/rebar/default.nix | 1 - pkgs/development/tools/misc/dfu-programmer/default.nix | 1 - pkgs/development/tools/misc/stm32flash/default.nix | 2 +- pkgs/development/tools/misc/teensy-loader-cli/default.nix | 1 - pkgs/development/tools/ws/default.nix | 1 - pkgs/games/anki/default.nix | 2 +- pkgs/games/crrcsim/default.nix | 2 +- pkgs/games/dwarf-fortress/dwarf-therapist/default.nix | 2 +- pkgs/games/dwarf-fortress/game.nix | 2 +- pkgs/games/flightgear/default.nix | 2 +- pkgs/games/openttd/default.nix | 2 +- pkgs/misc/emulators/wine/winetricks.nix | 1 - pkgs/os-specific/linux/ldm/default.nix | 1 - pkgs/os-specific/linux/usermount/default.nix | 1 - pkgs/servers/http/gatling/default.nix | 1 - pkgs/servers/http/yaws/default.nix | 2 +- pkgs/tools/backup/btrbk/default.nix | 2 +- pkgs/tools/backup/httrack/default.nix | 1 - pkgs/tools/backup/rdiff-backup/default.nix | 1 - pkgs/tools/graphics/pngcheck/default.nix | 1 - pkgs/tools/graphics/pngcrush/default.nix | 1 - pkgs/tools/misc/stow/default.nix | 2 -- pkgs/tools/networking/fping/default.nix | 1 - pkgs/tools/networking/isync/default.nix | 2 -- pkgs/tools/networking/mu/default.nix | 2 +- pkgs/tools/security/pass/default.nix | 2 +- pkgs/tools/security/pass/extensions/import.nix | 2 +- pkgs/tools/security/pass/extensions/tomb.nix | 2 +- pkgs/tools/security/pass/extensions/update.nix | 2 +- pkgs/tools/security/pass/rofi-pass.nix | 1 - 74 files changed, 37 insertions(+), 84 deletions(-) (limited to 'pkgs/os-specific') diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index ed92fb88a1f..ad59286e090 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -7624,12 +7624,6 @@ githubId = 1141680; name = "Thane Gill"; }; - the-kenny = { - email = "moritz@tarn-vedra.de"; - github = "the-kenny"; - githubId = 31167; - name = "Moritz Ulrich"; - }; thedavidmeister = { email = "thedavidmeister@gmail.com"; github = "thedavidmeister"; diff --git a/pkgs/applications/audio/audacity/default.nix b/pkgs/applications/audio/audacity/default.nix index a1f4b9ad950..f1e652cbcad 100644 --- a/pkgs/applications/audio/audacity/default.nix +++ b/pkgs/applications/audio/audacity/default.nix @@ -60,6 +60,5 @@ stdenv.mkDerivation rec { homepage = "http://audacityteam.org/"; license = licenses.gpl2Plus; platforms = intersectLists platforms.linux platforms.x86; # fails on ARM - maintainers = with maintainers; [ the-kenny ]; }; } diff --git a/pkgs/applications/audio/streamripper/default.nix b/pkgs/applications/audio/streamripper/default.nix index 55ed40c2fb8..1411fe59b30 100644 --- a/pkgs/applications/audio/streamripper/default.nix +++ b/pkgs/applications/audio/streamripper/default.nix @@ -16,6 +16,5 @@ stdenv.mkDerivation rec { homepage = "http://streamripper.sourceforge.net/"; description = "Application that lets you record streaming mp3 to your hard drive"; license = licenses.gpl2; - maintainers = with maintainers; [ the-kenny ]; }; } diff --git a/pkgs/applications/editors/emacs/25.nix b/pkgs/applications/editors/emacs/25.nix index 1ee2f5d4fe7..5bc29a046bc 100644 --- a/pkgs/applications/editors/emacs/25.nix +++ b/pkgs/applications/editors/emacs/25.nix @@ -123,7 +123,7 @@ stdenv.mkDerivation rec { description = "The extensible, customizable GNU text editor"; homepage = "https://www.gnu.org/software/emacs/"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 peti the-kenny jwiegley ]; + maintainers = with maintainers; [ lovek323 peti jwiegley ]; platforms = platforms.all; longDescription = '' diff --git a/pkgs/applications/editors/emacs/default.nix b/pkgs/applications/editors/emacs/default.nix index 224fe907450..2d48da0eb28 100644 --- a/pkgs/applications/editors/emacs/default.nix +++ b/pkgs/applications/editors/emacs/default.nix @@ -139,7 +139,7 @@ stdenv.mkDerivation rec { description = "The extensible, customizable GNU text editor"; homepage = "https://www.gnu.org/software/emacs/"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 peti the-kenny jwiegley adisbladis ]; + maintainers = with maintainers; [ lovek323 peti jwiegley adisbladis ]; platforms = platforms.all; longDescription = '' diff --git a/pkgs/applications/graphics/ImageMagick/7.0.nix b/pkgs/applications/graphics/ImageMagick/7.0.nix index c07c3957254..f2542301119 100644 --- a/pkgs/applications/graphics/ImageMagick/7.0.nix +++ b/pkgs/applications/graphics/ImageMagick/7.0.nix @@ -84,6 +84,5 @@ stdenv.mkDerivation { description = "A software suite to create, edit, compose, or convert bitmap images"; platforms = platforms.linux ++ platforms.darwin; license = licenses.asl20; - maintainers = with maintainers; [ the-kenny ]; }; } diff --git a/pkgs/applications/graphics/ImageMagick/default.nix b/pkgs/applications/graphics/ImageMagick/default.nix index 57ce02bb661..0ded57b1a72 100644 --- a/pkgs/applications/graphics/ImageMagick/default.nix +++ b/pkgs/applications/graphics/ImageMagick/default.nix @@ -99,7 +99,6 @@ stdenv.mkDerivation { homepage = "http://www.imagemagick.org/"; description = "A software suite to create, edit, compose, or convert bitmap images"; platforms = platforms.linux ++ platforms.darwin; - maintainers = with maintainers; [ the-kenny ]; license = licenses.asl20; }; } diff --git a/pkgs/applications/graphics/digikam/default.nix b/pkgs/applications/graphics/digikam/default.nix index 50162166013..63b8d7b3f60 100644 --- a/pkgs/applications/graphics/digikam/default.nix +++ b/pkgs/applications/graphics/digikam/default.nix @@ -126,7 +126,6 @@ mkDerivation rec { description = "Photo Management Program"; license = licenses.gpl2; homepage = "https://www.digikam.org"; - maintainers = with maintainers; [ the-kenny ]; platforms = platforms.linux; }; } diff --git a/pkgs/applications/graphics/openscad/default.nix b/pkgs/applications/graphics/openscad/default.nix index 95af658ddd3..62e9fa06abc 100644 --- a/pkgs/applications/graphics/openscad/default.nix +++ b/pkgs/applications/graphics/openscad/default.nix @@ -80,7 +80,6 @@ mkDerivation rec { homepage = "http://openscad.org/"; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.unix; - maintainers = with stdenv.lib.maintainers; - [ bjornfor raskin the-kenny gebner ]; + maintainers = with stdenv.lib.maintainers; [ bjornfor raskin gebner ]; }; } diff --git a/pkgs/applications/graphics/rawtherapee/default.nix b/pkgs/applications/graphics/rawtherapee/default.nix index 812c26f56e5..4371bc5838e 100644 --- a/pkgs/applications/graphics/rawtherapee/default.nix +++ b/pkgs/applications/graphics/rawtherapee/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { description = "RAW converter and digital photo processing software"; homepage = "http://www.rawtherapee.com/"; license = stdenv.lib.licenses.gpl3Plus; - maintainers = with stdenv.lib.maintainers; [ jcumming mahe the-kenny ]; + maintainers = with stdenv.lib.maintainers; [ jcumming mahe ]; platforms = with stdenv.lib.platforms; linux; }; } diff --git a/pkgs/applications/misc/cura/stable.nix b/pkgs/applications/misc/cura/stable.nix index 1191be09f76..87d2aba891b 100644 --- a/pkgs/applications/misc/cura/stable.nix +++ b/pkgs/applications/misc/cura/stable.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { configurePhase = ""; buildPhase = ""; - + patches = [ ./numpy-cast.patch ]; installPhase = '' @@ -69,6 +69,5 @@ stdenv.mkDerivation rec { homepage = "https://github.com/daid/Cura"; license = licenses.agpl3; platforms = platforms.linux; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/applications/misc/curaengine/stable.nix b/pkgs/applications/misc/curaengine/stable.nix index d353fff87ef..394a94f19ab 100644 --- a/pkgs/applications/misc/curaengine/stable.nix +++ b/pkgs/applications/misc/curaengine/stable.nix @@ -25,6 +25,5 @@ stdenv.mkDerivation { homepage = "https://github.com/Ultimaker/CuraEngine"; license = licenses.agpl3; platforms = platforms.linux; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/applications/misc/direwolf/default.nix b/pkgs/applications/misc/direwolf/default.nix index 038df41875f..623e6dc0fbe 100644 --- a/pkgs/applications/misc/direwolf/default.nix +++ b/pkgs/applications/misc/direwolf/default.nix @@ -39,6 +39,5 @@ stdenv.mkDerivation rec { homepage = "https://github.com/wb2osz/direwolf/"; license = licenses.gpl2; platforms = platforms.unix; - maintainers = [ maintainers.the-kenny ]; }; } diff --git a/pkgs/applications/misc/slic3r/default.nix b/pkgs/applications/misc/slic3r/default.nix index 25019f76545..912deee4cb1 100644 --- a/pkgs/applications/misc/slic3r/default.nix +++ b/pkgs/applications/misc/slic3r/default.nix @@ -85,6 +85,6 @@ stdenv.mkDerivation rec { homepage = "https://slic3r.org/"; license = licenses.agpl3; platforms = platforms.linux; - maintainers = with maintainers; [ bjornfor the-kenny ]; + maintainers = with maintainers; [ bjornfor ]; }; } diff --git a/pkgs/applications/networking/dropbox/cli.nix b/pkgs/applications/networking/dropbox/cli.nix index 12865bd6ca7..5ff47f4859a 100644 --- a/pkgs/applications/networking/dropbox/cli.nix +++ b/pkgs/applications/networking/dropbox/cli.nix @@ -64,7 +64,6 @@ stdenv.mkDerivation { homepage = "https://www.dropbox.com"; description = "Command line client for the dropbox daemon"; license = stdenv.lib.licenses.gpl3Plus; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; # NOTE: Dropbox itself only works on linux, so this is ok. platforms = stdenv.lib.platforms.linux; }; diff --git a/pkgs/applications/networking/irc/weechat/default.nix b/pkgs/applications/networking/irc/weechat/default.nix index 4538edd2e76..a05ec290629 100644 --- a/pkgs/applications/networking/irc/weechat/default.nix +++ b/pkgs/applications/networking/irc/weechat/default.nix @@ -78,7 +78,7 @@ let on https://nixos.org/nixpkgs/manual/#sec-weechat . ''; license = stdenv.lib.licenses.gpl3; - maintainers = with stdenv.lib.maintainers; [ lovek323 the-kenny lheckemann ma27 ]; + maintainers = with stdenv.lib.maintainers; [ lovek323 lheckemann ma27 ]; platforms = stdenv.lib.platforms.unix; }; } diff --git a/pkgs/applications/networking/mailreaders/mutt/default.nix b/pkgs/applications/networking/mailreaders/mutt/default.nix index e1eb8863a08..736d7530be1 100644 --- a/pkgs/applications/networking/mailreaders/mutt/default.nix +++ b/pkgs/applications/networking/mailreaders/mutt/default.nix @@ -91,6 +91,6 @@ stdenv.mkDerivation rec { homepage = "http://www.mutt.org"; license = licenses.gpl2Plus; platforms = platforms.unix; - maintainers = with maintainers; [ the-kenny rnhmjoj ]; + maintainers = with maintainers; [ rnhmjoj ]; }; } diff --git a/pkgs/applications/networking/mailreaders/notmuch/default.nix b/pkgs/applications/networking/mailreaders/notmuch/default.nix index f6bf60166ca..26f47dba461 100644 --- a/pkgs/applications/networking/mailreaders/notmuch/default.nix +++ b/pkgs/applications/networking/mailreaders/notmuch/default.nix @@ -96,7 +96,7 @@ stdenv.mkDerivation rec { description = "Mail indexer"; homepage = "https://notmuchmail.org/"; license = licenses.gpl3; - maintainers = with maintainers; [ flokli puckipedia the-kenny ]; + maintainers = with maintainers; [ flokli puckipedia ]; platforms = platforms.unix; }; } diff --git a/pkgs/applications/office/ledger/default.nix b/pkgs/applications/office/ledger/default.nix index 05fb0592406..6ac092f27e2 100644 --- a/pkgs/applications/office/ledger/default.nix +++ b/pkgs/applications/office/ledger/default.nix @@ -44,6 +44,6 @@ stdenv.mkDerivation rec { ''; platforms = platforms.all; - maintainers = with maintainers; [ the-kenny jwiegley ]; + maintainers = with maintainers; [ jwiegley ]; }; } diff --git a/pkgs/applications/radio/chirp/default.nix b/pkgs/applications/radio/chirp/default.nix index 898244970c8..848e0ca3c01 100644 --- a/pkgs/applications/radio/chirp/default.nix +++ b/pkgs/applications/radio/chirp/default.nix @@ -20,6 +20,5 @@ python2.pkgs.buildPythonApplication rec { homepage = "https://chirp.danplanet.com/"; license = licenses.gpl3; platforms = platforms.linux; - maintainers = [ maintainers.the-kenny ]; }; } diff --git a/pkgs/applications/radio/gnuradio/osmosdr.nix b/pkgs/applications/radio/gnuradio/osmosdr.nix index 1078cf4df68..ad54fc8d7c4 100644 --- a/pkgs/applications/radio/gnuradio/osmosdr.nix +++ b/pkgs/applications/radio/gnuradio/osmosdr.nix @@ -42,6 +42,6 @@ stdenv.mkDerivation rec { homepage = "https://sdr.osmocom.org/trac/wiki/GrOsmoSDR"; license = licenses.gpl3Plus; platforms = platforms.linux ++ platforms.darwin; - maintainers = with maintainers; [ bjornfor the-kenny ]; + maintainers = with maintainers; [ bjornfor ]; }; } diff --git a/pkgs/applications/radio/gqrx/default.nix b/pkgs/applications/radio/gqrx/default.nix index f1a71804e3f..33b858799e2 100644 --- a/pkgs/applications/radio/gqrx/default.nix +++ b/pkgs/applications/radio/gqrx/default.nix @@ -43,6 +43,6 @@ mkDerivation rec { # it's currently unknown which version of the BSD license that is. license = licenses.gpl3Plus; platforms = platforms.linux; # should work on Darwin / macOS too - maintainers = with maintainers; [ bjornfor the-kenny fpletz ]; + maintainers = with maintainers; [ bjornfor fpletz ]; }; } diff --git a/pkgs/applications/radio/hackrf/default.nix b/pkgs/applications/radio/hackrf/default.nix index 9569dd89797..dfd7fabcc6e 100644 --- a/pkgs/applications/radio/hackrf/default.nix +++ b/pkgs/applications/radio/hackrf/default.nix @@ -32,6 +32,6 @@ stdenv.mkDerivation rec { homepage = "http://greatscottgadgets.com/hackrf/"; license = licenses.gpl2; platforms = platforms.all; - maintainers = with maintainers; [ sjmackenzie the-kenny ]; + maintainers = with maintainers; [ sjmackenzie ]; }; } diff --git a/pkgs/applications/radio/multimon-ng/default.nix b/pkgs/applications/radio/multimon-ng/default.nix index de6b8504091..e275db4ad91 100644 --- a/pkgs/applications/radio/multimon-ng/default.nix +++ b/pkgs/applications/radio/multimon-ng/default.nix @@ -39,6 +39,5 @@ stdenv.mkDerivation { homepage = "https://github.com/EliasOenal/multimon-ng"; license = licenses.gpl2; platforms = platforms.linux; - maintainers = with maintainers; [ the-kenny ]; }; } diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index 8b8dbef12ab..9c1a01f42ae 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -343,6 +343,6 @@ stdenv.mkDerivation { ''; platforms = stdenv.lib.platforms.all; - maintainers = with stdenv.lib.maintainers; [ peti the-kenny wmertens globin ]; + maintainers = with stdenv.lib.maintainers; [ peti wmertens globin ]; }; } diff --git a/pkgs/applications/version-management/git-and-tools/hub/default.nix b/pkgs/applications/version-management/git-and-tools/hub/default.nix index 9dbb497c8c9..22ffd442fdc 100644 --- a/pkgs/applications/version-management/git-and-tools/hub/default.nix +++ b/pkgs/applications/version-management/git-and-tools/hub/default.nix @@ -37,7 +37,7 @@ buildGoPackage rec { description = "Command-line wrapper for git that makes you better at GitHub"; license = licenses.mit; homepage = "https://hub.github.com/"; - maintainers = with maintainers; [ the-kenny globin ]; + maintainers = with maintainers; [ globin ]; platforms = with platforms; unix; }; } diff --git a/pkgs/applications/version-management/git-and-tools/stgit/default.nix b/pkgs/applications/version-management/git-and-tools/stgit/default.nix index d356991815e..2cd4adce939 100644 --- a/pkgs/applications/version-management/git-and-tools/stgit/default.nix +++ b/pkgs/applications/version-management/git-and-tools/stgit/default.nix @@ -30,7 +30,6 @@ stdenv.mkDerivation { description = "A patch manager implemented on top of Git"; homepage = "http://procode.org/stgit/"; license = licenses.gpl2; - maintainers = with maintainers; [ the-kenny ]; platforms = platforms.unix; }; } diff --git a/pkgs/applications/version-management/git-and-tools/svn2git/default.nix b/pkgs/applications/version-management/git-and-tools/svn2git/default.nix index 1683a9bea13..b61ae80bbee 100644 --- a/pkgs/applications/version-management/git-and-tools/svn2git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/svn2git/default.nix @@ -34,8 +34,6 @@ stdenv.mkDerivation { homepage = "https://github.com/nirvdrum/svn2git"; description = "Tool for importing Subversion repositories into git"; license = stdenv.lib.licenses.mit; - - maintainers = [ stdenv.lib.maintainers.the-kenny ]; platforms = stdenv.lib.platforms.unix; }; } diff --git a/pkgs/applications/window-managers/herbstluftwm/default.nix b/pkgs/applications/window-managers/herbstluftwm/default.nix index 47541a3fdb5..7dc715e126c 100644 --- a/pkgs/applications/window-managers/herbstluftwm/default.nix +++ b/pkgs/applications/window-managers/herbstluftwm/default.nix @@ -43,6 +43,5 @@ stdenv.mkDerivation rec { homepage = "https://herbstluftwm.org/"; license = stdenv.lib.licenses.bsd2; platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/applications/window-managers/stumpwm/default.nix b/pkgs/applications/window-managers/stumpwm/default.nix index 3ee50bf16ec..b059423c23c 100644 --- a/pkgs/applications/window-managers/stumpwm/default.nix +++ b/pkgs/applications/window-managers/stumpwm/default.nix @@ -97,7 +97,6 @@ stdenv.mkDerivation { description = "A tiling window manager for X11"; homepage = "https://github.com/stumpwm/"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ the-kenny ]; platforms = platforms.linux; broken = true; # 2018-04-11 }; diff --git a/pkgs/development/arduino/ino/default.nix b/pkgs/development/arduino/ino/default.nix index 0e36c22872e..c51d3f89d07 100644 --- a/pkgs/development/arduino/ino/default.nix +++ b/pkgs/development/arduino/ino/default.nix @@ -40,7 +40,7 @@ python2Packages.buildPythonApplication rec { description = "Command line toolkit for working with Arduino hardware"; homepage = "http://inotool.org/"; license = stdenv.lib.licenses.mit; - maintainers = with stdenv.lib.maintainers; [ antono the-kenny ]; + maintainers = with stdenv.lib.maintainers; [ antono ]; platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/development/compilers/avra/default.nix b/pkgs/development/compilers/avra/default.nix index 55ed48e118e..56bf3e657be 100644 --- a/pkgs/development/compilers/avra/default.nix +++ b/pkgs/development/compilers/avra/default.nix @@ -24,6 +24,5 @@ stdenv.mkDerivation rec { homepage = "http://avra.sourceforge.net/"; license = licenses.gpl2Plus; platforms = platforms.all; - maintainers = with maintainers; [ the-kenny ]; }; } diff --git a/pkgs/development/compilers/chicken/4/chicken.nix b/pkgs/development/compilers/chicken/4/chicken.nix index be7a4530419..11f4eaada60 100644 --- a/pkgs/development/compilers/chicken/4/chicken.nix +++ b/pkgs/development/compilers/chicken/4/chicken.nix @@ -63,7 +63,7 @@ stdenv.mkDerivation { meta = { homepage = "http://www.call-cc.org/"; license = stdenv.lib.licenses.bsd3; - maintainers = with stdenv.lib.maintainers; [ the-kenny corngood ]; + maintainers = with stdenv.lib.maintainers; [ corngood ]; platforms = stdenv.lib.platforms.linux; # Maybe other non-darwin Unix description = "A portable compiler for the Scheme programming language"; longDescription = '' diff --git a/pkgs/development/compilers/chicken/4/egg2nix.nix b/pkgs/development/compilers/chicken/4/egg2nix.nix index db91b1648af..977f34692f9 100644 --- a/pkgs/development/compilers/chicken/4/egg2nix.nix +++ b/pkgs/development/compilers/chicken/4/egg2nix.nix @@ -22,6 +22,6 @@ eggDerivation { homepage = "https://github.com/the-kenny/egg2nix"; license = stdenv.lib.licenses.bsd3; platforms = stdenv.lib.platforms.unix; - maintainers = with stdenv.lib.maintainers; [ the-kenny corngood ]; + maintainers = with stdenv.lib.maintainers; [ corngood ]; }; } diff --git a/pkgs/development/compilers/chicken/5/chicken.nix b/pkgs/development/compilers/chicken/5/chicken.nix index 00d359c96d0..f07b63ea26f 100644 --- a/pkgs/development/compilers/chicken/5/chicken.nix +++ b/pkgs/development/compilers/chicken/5/chicken.nix @@ -45,7 +45,7 @@ stdenv.mkDerivation { meta = { homepage = "http://www.call-cc.org/"; license = stdenv.lib.licenses.bsd3; - maintainers = with stdenv.lib.maintainers; [ the-kenny corngood ]; + maintainers = with stdenv.lib.maintainers; [ corngood ]; platforms = stdenv.lib.platforms.linux; # Maybe other non-darwin Unix description = "A portable compiler for the Scheme programming language"; longDescription = '' diff --git a/pkgs/development/compilers/chicken/5/egg2nix.nix b/pkgs/development/compilers/chicken/5/egg2nix.nix index 7c73e37272d..0c18b8db2de 100644 --- a/pkgs/development/compilers/chicken/5/egg2nix.nix +++ b/pkgs/development/compilers/chicken/5/egg2nix.nix @@ -24,6 +24,6 @@ eggDerivation { homepage = "https://github.com/the-kenny/egg2nix"; license = stdenv.lib.licenses.bsd3; platforms = stdenv.lib.platforms.unix; - maintainers = with stdenv.lib.maintainers; [ the-kenny corngood ]; + maintainers = with stdenv.lib.maintainers; [ corngood ]; }; } diff --git a/pkgs/development/compilers/gforth/default.nix b/pkgs/development/compilers/gforth/default.nix index c90666d3dbe..d2a2a7a85e3 100644 --- a/pkgs/development/compilers/gforth/default.nix +++ b/pkgs/development/compilers/gforth/default.nix @@ -25,6 +25,5 @@ stdenv.mkDerivation { homepage = "https://www.gnu.org/software/gforth/"; license = stdenv.lib.licenses.gpl3; platforms = stdenv.lib.platforms.all; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/development/compilers/gnu-cobol/default.nix b/pkgs/development/compilers/gnu-cobol/default.nix index c5e42c3afe8..146af98093d 100644 --- a/pkgs/development/compilers/gnu-cobol/default.nix +++ b/pkgs/development/compilers/gnu-cobol/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { description = "An open-source COBOL compiler"; homepage = "https://sourceforge.net/projects/open-cobol/"; license = licenses.gpl3; - maintainers = with maintainers; [ ericsagnes the-kenny ]; + maintainers = with maintainers; [ ericsagnes ]; platforms = with platforms; linux ++ darwin; }; } diff --git a/pkgs/development/interpreters/elixir/generic-builder.nix b/pkgs/development/interpreters/elixir/generic-builder.nix index b46b71485c8..54b046beaab 100644 --- a/pkgs/development/interpreters/elixir/generic-builder.nix +++ b/pkgs/development/interpreters/elixir/generic-builder.nix @@ -73,6 +73,6 @@ in license = licenses.epl10; platforms = platforms.unix; - maintainers = with maintainers; [ the-kenny havvy couchemar ankhers filalex77 ]; + maintainers = with maintainers; [ havvy couchemar ankhers filalex77 ]; }; }) diff --git a/pkgs/development/interpreters/erlang/generic-builder.nix b/pkgs/development/interpreters/erlang/generic-builder.nix index 883fa87cbd4..f80e1f344f7 100644 --- a/pkgs/development/interpreters/erlang/generic-builder.nix +++ b/pkgs/development/interpreters/erlang/generic-builder.nix @@ -122,7 +122,7 @@ in stdenv.mkDerivation ({ ''; platforms = platforms.unix; - maintainers = with maintainers; [ the-kenny sjmackenzie couchemar gleber ]; + maintainers = with maintainers; [ sjmackenzie couchemar gleber ]; license = licenses.asl20; } // meta); } diff --git a/pkgs/development/interpreters/scheme48/default.nix b/pkgs/development/interpreters/scheme48/default.nix index 32dd28bcb20..5a1e3f265b2 100644 --- a/pkgs/development/interpreters/scheme48/default.nix +++ b/pkgs/development/interpreters/scheme48/default.nix @@ -6,7 +6,6 @@ stdenv.mkDerivation { meta = { homepage = "http://s48.org/"; description = "Scheme 48"; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; platforms = with stdenv.lib.platforms; unix; license = stdenv.lib.licenses.bsd3; }; diff --git a/pkgs/development/python-modules/podcats/default.nix b/pkgs/development/python-modules/podcats/default.nix index 127cf47251b..48504c8a3ee 100644 --- a/pkgs/development/python-modules/podcats/default.nix +++ b/pkgs/development/python-modules/podcats/default.nix @@ -22,6 +22,5 @@ buildPythonPackage rec { description = "Application that generates RSS feeds for podcast episodes from local audio files"; homepage = "https://github.com/jakubroztocil/podcats"; license = lib.licenses.bsd2; - maintainers = with lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/development/python-modules/todoist/default.nix b/pkgs/development/python-modules/todoist/default.nix index ecf9aa91b41..f420cbaee97 100644 --- a/pkgs/development/python-modules/todoist/default.nix +++ b/pkgs/development/python-modules/todoist/default.nix @@ -16,6 +16,5 @@ buildPythonPackage rec { description = "The official Todoist Python API library"; homepage = "https://todoist-python.readthedocs.io/en/latest/"; license = stdenv.lib.licenses.mit; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/development/tools/build-managers/leiningen/default.nix b/pkgs/development/tools/build-managers/leiningen/default.nix index 07a95539f8d..713f499ce2b 100644 --- a/pkgs/development/tools/build-managers/leiningen/default.nix +++ b/pkgs/development/tools/build-managers/leiningen/default.nix @@ -48,6 +48,5 @@ stdenv.mkDerivation rec { description = "Project automation for Clojure"; license = stdenv.lib.licenses.epl10; platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/development/tools/build-managers/rebar/default.nix b/pkgs/development/tools/build-managers/rebar/default.nix index 39366c7a9ca..1c5996c6b1c 100644 --- a/pkgs/development/tools/build-managers/rebar/default.nix +++ b/pkgs/development/tools/build-managers/rebar/default.nix @@ -36,7 +36,6 @@ stdenv.mkDerivation { ''; platforms = stdenv.lib.platforms.unix; - maintainers = [ stdenv.lib.maintainers.the-kenny ]; license = stdenv.lib.licenses.asl20; }; } diff --git a/pkgs/development/tools/misc/dfu-programmer/default.nix b/pkgs/development/tools/misc/dfu-programmer/default.nix index a474ccc7e59..1aaf113d0b9 100644 --- a/pkgs/development/tools/misc/dfu-programmer/default.nix +++ b/pkgs/development/tools/misc/dfu-programmer/default.nix @@ -19,7 +19,6 @@ stdenv.mkDerivation rec { license = licenses.gpl2; description = "A Device Firmware Update based USB programmer for Atmel chips with a USB bootloader"; homepage = "http://dfu-programmer.sourceforge.net/"; - maintainers = [ maintainers.the-kenny ]; platforms = platforms.unix; }; } diff --git a/pkgs/development/tools/misc/stm32flash/default.nix b/pkgs/development/tools/misc/stm32flash/default.nix index a67430d52a1..0c2cb96a9d6 100644 --- a/pkgs/development/tools/misc/stm32flash/default.nix +++ b/pkgs/development/tools/misc/stm32flash/default.nix @@ -21,6 +21,6 @@ stdenv.mkDerivation rec { homepage = "https://sourceforge.net/projects/stm32flash/"; license = stdenv.lib.licenses.gpl2; platforms = platforms.all; # Should work on all platforms - maintainers = with maintainers; [ the-kenny elitak ]; + maintainers = with maintainers; [ elitak ]; }; } diff --git a/pkgs/development/tools/misc/teensy-loader-cli/default.nix b/pkgs/development/tools/misc/teensy-loader-cli/default.nix index 62c480707cd..40f3921ec70 100644 --- a/pkgs/development/tools/misc/teensy-loader-cli/default.nix +++ b/pkgs/development/tools/misc/teensy-loader-cli/default.nix @@ -26,7 +26,6 @@ stdenv.mkDerivation rec { description = "Firmware uploader for the Teensy microcontroller boards"; homepage = "https://www.pjrc.com/teensy/"; license = licenses.gpl3; - maintainers = with maintainers; [ the-kenny ]; platforms = platforms.unix; }; } diff --git a/pkgs/development/tools/ws/default.nix b/pkgs/development/tools/ws/default.nix index 661865ee74e..95253895648 100644 --- a/pkgs/development/tools/ws/default.nix +++ b/pkgs/development/tools/ws/default.nix @@ -20,7 +20,6 @@ buildGoPackage rec { description = "websocket command line tool"; homepage = "https://github.com/hashrocket/ws"; license = licenses.mit; - maintainers = [ maintainers.the-kenny ]; platforms = platforms.unix; }; } diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index c1ba8851f5c..1548a9de63a 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -195,6 +195,6 @@ buildPythonApplication rec { license = licenses.agpl3Plus; broken = stdenv.hostPlatform.isAarch64; platforms = platforms.mesaPlatforms; - maintainers = with maintainers; [ oxij the-kenny Profpatsch enzime ]; + maintainers = with maintainers; [ oxij Profpatsch enzime ]; }; } diff --git a/pkgs/games/crrcsim/default.nix b/pkgs/games/crrcsim/default.nix index 75ff970a16a..e57d6bcab06 100644 --- a/pkgs/games/crrcsim/default.nix +++ b/pkgs/games/crrcsim/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { meta = { description = "A model-airplane flight simulator"; - maintainers = with stdenv.lib.maintainers; [ raskin the-kenny ]; + maintainers = with stdenv.lib.maintainers; [ raskin ]; platforms = [ "i686-linux" "x86_64-linux" ]; license = stdenv.lib.licenses.gpl2; }; diff --git a/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix b/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix index 4485b3ae784..f5c093e1f16 100644 --- a/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix +++ b/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Tool to manage dwarves in a running game of Dwarf Fortress"; - maintainers = with maintainers; [ the-kenny abbradar bendlas numinit jonringer ]; + maintainers = with maintainers; [ abbradar bendlas numinit jonringer ]; license = licenses.mit; platforms = platforms.unix; homepage = "https://github.com/Dwarf-Therapist/Dwarf-Therapist"; diff --git a/pkgs/games/dwarf-fortress/game.nix b/pkgs/games/dwarf-fortress/game.nix index 20fbd9fa18b..9200d01aa98 100644 --- a/pkgs/games/dwarf-fortress/game.nix +++ b/pkgs/games/dwarf-fortress/game.nix @@ -96,6 +96,6 @@ stdenv.mkDerivation { inherit homepage; license = licenses.unfreeRedistributable; platforms = attrNames platforms; - maintainers = with maintainers; [ a1russell robbinch roconnor the-kenny abbradar numinit shazow ]; + maintainers = with maintainers; [ a1russell robbinch roconnor abbradar numinit shazow ]; }; } diff --git a/pkgs/games/flightgear/default.nix b/pkgs/games/flightgear/default.nix index d3c3271710a..c16c33666f3 100644 --- a/pkgs/games/flightgear/default.nix +++ b/pkgs/games/flightgear/default.nix @@ -73,7 +73,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Flight simulator"; - maintainers = with maintainers; [ raskin the-kenny ]; + maintainers = with maintainers; [ raskin ]; platforms = platforms.linux; hydraPlatforms = []; # disabled from hydra because it's so big license = licenses.gpl2; diff --git a/pkgs/games/openttd/default.nix b/pkgs/games/openttd/default.nix index 2e115775d00..43376322cc7 100644 --- a/pkgs/games/openttd/default.nix +++ b/pkgs/games/openttd/default.nix @@ -89,6 +89,6 @@ stdenv.mkDerivation rec { homepage = "https://www.openttd.org/"; license = licenses.gpl2; platforms = platforms.linux; - maintainers = with maintainers; [ jcumming the-kenny fpletz ]; + maintainers = with maintainers; [ jcumming fpletz ]; }; } diff --git a/pkgs/misc/emulators/wine/winetricks.nix b/pkgs/misc/emulators/wine/winetricks.nix index 444ef29b784..ab183dfd38e 100644 --- a/pkgs/misc/emulators/wine/winetricks.nix +++ b/pkgs/misc/emulators/wine/winetricks.nix @@ -26,7 +26,6 @@ stdenv.mkDerivation rec { description = "A script to install DLLs needed to work around problems in Wine"; license = stdenv.lib.licenses.lgpl21; homepage = "https://github.com/Winetricks/winetricks"; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; platforms = with stdenv.lib.platforms; linux; }; } diff --git a/pkgs/os-specific/linux/ldm/default.nix b/pkgs/os-specific/linux/ldm/default.nix index 603d2855f56..bbc341caf11 100644 --- a/pkgs/os-specific/linux/ldm/default.nix +++ b/pkgs/os-specific/linux/ldm/default.nix @@ -38,7 +38,6 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.mit; platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.the-kenny ]; repositories.git = git; }; } diff --git a/pkgs/os-specific/linux/usermount/default.nix b/pkgs/os-specific/linux/usermount/default.nix index 4acf1e3faa1..85f769d9dba 100644 --- a/pkgs/os-specific/linux/usermount/default.nix +++ b/pkgs/os-specific/linux/usermount/default.nix @@ -24,6 +24,5 @@ stdenv.mkDerivation { description = "A simple tool to automatically mount removable drives using UDisks2 and D-Bus"; license = stdenv.lib.licenses.mit; platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/servers/http/gatling/default.nix b/pkgs/servers/http/gatling/default.nix index bf69d902aa5..9157c09cbeb 100644 --- a/pkgs/servers/http/gatling/default.nix +++ b/pkgs/servers/http/gatling/default.nix @@ -28,6 +28,5 @@ stdenv.mkDerivation rec { homepage = "http://www.fefe.de/gatling/"; license = stdenv.lib.licenses.gpl2; platforms = platforms.linux; - maintainers = [ maintainers.the-kenny ]; }; } diff --git a/pkgs/servers/http/yaws/default.nix b/pkgs/servers/http/yaws/default.nix index 301aec5c34b..1d57a951dc7 100644 --- a/pkgs/servers/http/yaws/default.nix +++ b/pkgs/servers/http/yaws/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { homepage = "http://yaws.hyber.org"; license = licenses.bsd2; platforms = platforms.linux; - maintainers = with maintainers; [ goibhniu the-kenny ]; + maintainers = with maintainers; [ goibhniu ]; }; } diff --git a/pkgs/tools/backup/btrbk/default.nix b/pkgs/tools/backup/btrbk/default.nix index ca043692788..0c528bcea1e 100644 --- a/pkgs/tools/backup/btrbk/default.nix +++ b/pkgs/tools/backup/btrbk/default.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation rec { homepage = "https://digint.ch/btrbk"; license = licenses.gpl3; platforms = platforms.unix; - maintainers = with maintainers; [ asymmetric the-kenny ]; + maintainers = with maintainers; [ asymmetric ]; inherit version; }; } diff --git a/pkgs/tools/backup/httrack/default.nix b/pkgs/tools/backup/httrack/default.nix index 6e2b92e8128..9a77153e2ff 100644 --- a/pkgs/tools/backup/httrack/default.nix +++ b/pkgs/tools/backup/httrack/default.nix @@ -17,7 +17,6 @@ stdenv.mkDerivation rec { description = "Easy-to-use offline browser / website mirroring utility"; homepage = "http://www.httrack.com"; license = licenses.gpl3; - maintainers = with maintainers; [ the-kenny ]; platforms = with platforms; unix; }; } diff --git a/pkgs/tools/backup/rdiff-backup/default.nix b/pkgs/tools/backup/rdiff-backup/default.nix index a23be69f4cf..707ba8a9885 100644 --- a/pkgs/tools/backup/rdiff-backup/default.nix +++ b/pkgs/tools/backup/rdiff-backup/default.nix @@ -19,6 +19,5 @@ python2Packages.buildPythonApplication { homepage = "http://rdiff-backup.nongnu.org/"; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.all; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/tools/graphics/pngcheck/default.nix b/pkgs/tools/graphics/pngcheck/default.nix index 085b6ae4a95..ba5082ac304 100644 --- a/pkgs/tools/graphics/pngcheck/default.nix +++ b/pkgs/tools/graphics/pngcheck/default.nix @@ -25,6 +25,5 @@ stdenv.mkDerivation rec { description = "Verifies the integrity of PNG, JNG and MNG files"; license = stdenv.lib.licenses.free; platforms = with stdenv.lib.platforms; linux; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/tools/graphics/pngcrush/default.nix b/pkgs/tools/graphics/pngcrush/default.nix index 67d3eb15ba1..5bc52b92f0d 100644 --- a/pkgs/tools/graphics/pngcrush/default.nix +++ b/pkgs/tools/graphics/pngcrush/default.nix @@ -21,6 +21,5 @@ stdenv.mkDerivation rec { description = "A PNG optimizer"; license = stdenv.lib.licenses.free; platforms = with stdenv.lib.platforms; linux ++ darwin; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; }; } diff --git a/pkgs/tools/misc/stow/default.nix b/pkgs/tools/misc/stow/default.nix index d5cd4ef32ef..80741f0543c 100644 --- a/pkgs/tools/misc/stow/default.nix +++ b/pkgs/tools/misc/stow/default.nix @@ -31,8 +31,6 @@ stdenv.mkDerivation { license = stdenv.lib.licenses.gpl3Plus; homepage = "https://www.gnu.org/software/stow/"; - - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; platforms = stdenv.lib.platforms.all; }; } diff --git a/pkgs/tools/networking/fping/default.nix b/pkgs/tools/networking/fping/default.nix index 6d74cd2c78c..6a63a2047b2 100644 --- a/pkgs/tools/networking/fping/default.nix +++ b/pkgs/tools/networking/fping/default.nix @@ -13,7 +13,6 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = "http://fping.org/"; description = "Send ICMP echo probes to network hosts"; - maintainers = with maintainers; [ the-kenny ]; license = licenses.bsd0; platforms = platforms.all; }; diff --git a/pkgs/tools/networking/isync/default.nix b/pkgs/tools/networking/isync/default.nix index 0373b05ede0..9b45f268da7 100644 --- a/pkgs/tools/networking/isync/default.nix +++ b/pkgs/tools/networking/isync/default.nix @@ -15,8 +15,6 @@ stdenv.mkDerivation rec { homepage = "http://isync.sourceforge.net/"; description = "Free IMAP and MailDir mailbox synchronizer"; license = licenses.gpl2Plus; - - maintainers = with maintainers; [ the-kenny ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/networking/mu/default.nix b/pkgs/tools/networking/mu/default.nix index 79c314f9860..611e848b9af 100644 --- a/pkgs/tools/networking/mu/default.nix +++ b/pkgs/tools/networking/mu/default.nix @@ -47,7 +47,7 @@ stdenv.mkDerivation rec { description = "A collection of utilties for indexing and searching Maildirs"; license = licenses.gpl3Plus; homepage = "https://www.djcbsoftware.nl/code/mu/"; - maintainers = with maintainers; [ antono the-kenny peterhoeg ]; + maintainers = with maintainers; [ antono peterhoeg ]; platforms = platforms.mesaPlatforms; }; } diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 46dfafa8151..76b90d5b885 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -144,7 +144,7 @@ stdenv.mkDerivation rec { description = "Stores, retrieves, generates, and synchronizes passwords securely"; homepage = "https://www.passwordstore.org/"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ma27 ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher globin ma27 ]; platforms = platforms.unix; longDescription = '' diff --git a/pkgs/tools/security/pass/extensions/import.nix b/pkgs/tools/security/pass/extensions/import.nix index c2fc2cff881..cc5f0c94e11 100644 --- a/pkgs/tools/security/pass/extensions/import.nix +++ b/pkgs/tools/security/pass/extensions/import.nix @@ -53,7 +53,7 @@ in stdenv.mkDerivation rec { description = "Pass extension for importing data from existing password managers"; homepage = "https://github.com/roddhjav/pass-import"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/pass/extensions/tomb.nix b/pkgs/tools/security/pass/extensions/tomb.nix index f5b61207de6..43c74a9029b 100644 --- a/pkgs/tools/security/pass/extensions/tomb.nix +++ b/pkgs/tools/security/pass/extensions/tomb.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { description = "Pass extension that keeps the password store encrypted inside a tomb"; homepage = "https://github.com/roddhjav/pass-tomb"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/pass/extensions/update.nix b/pkgs/tools/security/pass/extensions/update.nix index 5bc88d394e7..b2f331f1375 100644 --- a/pkgs/tools/security/pass/extensions/update.nix +++ b/pkgs/tools/security/pass/extensions/update.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { description = "Pass extension that provides an easy flow for updating passwords"; homepage = "https://github.com/roddhjav/pass-update"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/pass/rofi-pass.nix b/pkgs/tools/security/pass/rofi-pass.nix index 7daf42ab6c7..b3c08648862 100644 --- a/pkgs/tools/security/pass/rofi-pass.nix +++ b/pkgs/tools/security/pass/rofi-pass.nix @@ -50,7 +50,6 @@ stdenv.mkDerivation rec { meta = { description = "A script to make rofi work with password-store"; homepage = "https://github.com/carnager/rofi-pass"; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; license = stdenv.lib.licenses.gpl3; platforms = with stdenv.lib.platforms; linux; }; -- cgit 1.4.1 From f887d09c89d1b7873c083b5c3b94b634b2560297 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sun, 10 May 2020 01:04:05 +0200 Subject: linuxPackages.wireguard: 1.0.20200429 -> 1.0.20200506 https://lists.zx2c4.com/pipermail/wireguard/2020-May/005408.html --- pkgs/os-specific/linux/wireguard/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 63487733605..c68dfd5fc5e 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -7,11 +7,11 @@ assert stdenv.lib.versionOlder kernel.version "5.6"; stdenv.mkDerivation rec { pname = "wireguard"; - version = "1.0.20200429"; + version = "1.0.20200506"; src = fetchzip { url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz"; - sha256 = "161srq06qa6ag2lycqz19mfms4ha2pmwn778jhvi96729rmivjkd"; + sha256 = "05dphmcxm3lg860r5bj1b995avh43d1pap8p18p4ig4kv2r2g9nq"; }; hardeningDisable = [ "pic" ]; -- cgit 1.4.1 From 9a269f555a644fae0298af304b007f8e96e6b14f Mon Sep 17 00:00:00 2001 From: Edmund Wu Date: Sat, 16 Nov 2019 14:27:16 -0500 Subject: nixos/nvidia: include systemd power management --- nixos/modules/hardware/video/nvidia.nix | 64 ++++++++++++++++++++++------ pkgs/os-specific/linux/nvidia-x11/builder.sh | 13 +++++- 2 files changed, 62 insertions(+), 15 deletions(-) (limited to 'pkgs/os-specific') diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 8c3d64fceb9..6328971492c 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -52,6 +52,15 @@ in ]; options = { + hardware.nvidia.powerManagement.enable = mkOption { + type = types.bool; + default = false; + description = '' + Experimental power management through systemd. For more information, see + the NVIDIA docs, on Chapter 21. Configuring Power Management Support. + ''; + }; + hardware.nvidia.modesetting.enable = mkOption { type = types.bool; default = false; @@ -226,23 +235,51 @@ in environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ] ++ filter (p: p != null) [ nvidia_x11.persistenced ]; + systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out; + + systemd.services = let + baseNvidiaService = state: { + description = "NVIDIA system ${state} actions"; + + path = with pkgs; [ kbd ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${nvidia_x11.out}/bin/nvidia-sleep.sh '${state}'"; + }; + }; + + nvidiaService = sleepState: (baseNvidiaService sleepState) // { + before = [ "systemd-${sleepState}.service" ]; + requiredBy = [ "systemd-${sleepState}.service" ]; + }; + + services = (builtins.listToAttrs (map (t: nameValuePair "nvidia-${t}" (nvidiaService t)) ["hibernate" "suspend"])) + // { + nvidia-resume = (baseNvidiaService "resume") // { + after = [ "systemd-suspend.service" "systemd-hibernate.service" ]; + requiredBy = [ "systemd-suspend.service" "systemd-hibernate.service" ]; + }; + }; + in optionalAttrs cfg.powerManagement.enable services + // optionalAttrs nvidiaPersistencedEnabled { + "nvidia-persistenced" = mkIf nvidiaPersistencedEnabled { + description = "NVIDIA Persistence Daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "forking"; + Restart = "always"; + PIDFile = "/var/run/nvidia-persistenced/nvidia-persistenced.pid"; + ExecStart = "${nvidia_x11.persistenced}/bin/nvidia-persistenced --verbose"; + ExecStopPost = "${pkgs.coreutils}/bin/rm -rf /var/run/nvidia-persistenced"; + }; + }; + }; + systemd.tmpfiles.rules = optional config.virtualisation.docker.enableNvidia "L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin" ++ optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia) "L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced"; - systemd.services."nvidia-persistenced" = mkIf nvidiaPersistencedEnabled { - description = "NVIDIA Persistence Daemon"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "forking"; - Restart = "always"; - PIDFile = "/var/run/nvidia-persistenced/nvidia-persistenced.pid"; - ExecStart = "${nvidia_x11.persistenced}/bin/nvidia-persistenced --verbose"; - ExecStopPost = "${pkgs.coreutils}/bin/rm -rf /var/run/nvidia-persistenced"; - }; - }; - boot.extraModulePackages = [ nvidia_x11.bin ]; # nvidia-uvm is required by CUDA applications. @@ -250,7 +287,8 @@ in optionals config.services.xserver.enable [ "nvidia" "nvidia_modeset" "nvidia_drm" ]; # If requested enable modesetting via kernel parameter. - boot.kernelParams = optional (offloadCfg.enable || cfg.modesetting.enable) "nvidia-drm.modeset=1"; + boot.kernelParams = optional (offloadCfg.enable || cfg.modesetting.enable) "nvidia-drm.modeset=1" + ++ optional cfg.powerManagement.enable "nvidia.NVreg_PreserveVideoMemoryAllocations=1"; # Create /dev/nvidia-uvm when the nvidia-uvm module is loaded. services.udev.extraRules = diff --git a/pkgs/os-specific/linux/nvidia-x11/builder.sh b/pkgs/os-specific/linux/nvidia-x11/builder.sh index 30e5d16b60f..dbe18ace40a 100755 --- a/pkgs/os-specific/linux/nvidia-x11/builder.sh +++ b/pkgs/os-specific/linux/nvidia-x11/builder.sh @@ -45,6 +45,17 @@ installPhase() { cp -prd tls "$out/lib/" fi + # Install systemd power management executables + if [ -e nvidia-sleep.sh ]; then + sed -E 's#(PATH=).*#\1"$PATH"#' nvidia-sleep.sh > nvidia-sleep.sh.fixed + install -Dm755 nvidia-sleep.sh.fixed $out/bin/nvidia-sleep.sh + fi + + if [ -e nvidia ]; then + sed -E "s#/usr(/bin/nvidia-sleep.sh)#$out\\1#" nvidia > nvidia.fixed + install -Dm755 nvidia.fixed $out/lib/systemd/system-sleep/nvidia + fi + for i in $lib32 $out; do rm -f $i/lib/lib{glx,nvidia-wfb}.so.* # handled separately rm -f $i/lib/libnvidia-gtk* # built from source @@ -91,7 +102,6 @@ installPhase() { done - if [ -n "$bin" ]; then # Install the X drivers. mkdir -p $bin/lib/xorg/modules @@ -167,5 +177,4 @@ installPhase() { fi } - genericBuild -- cgit 1.4.1 From 596c8150e931bffba88dc08300e2022d1b9b70ec Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 10 May 2020 20:37:42 +0000 Subject: uclibc: 1.0.32 -> 1.0.33 --- pkgs/os-specific/linux/uclibc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/uclibc/default.nix b/pkgs/os-specific/linux/uclibc/default.nix index 5f401411074..c9da86b7898 100644 --- a/pkgs/os-specific/linux/uclibc/default.nix +++ b/pkgs/os-specific/linux/uclibc/default.nix @@ -48,7 +48,7 @@ let UCLIBC_HAS_FPU n ''; - version = "1.0.32"; + version = "1.0.33"; in stdenv.mkDerivation { @@ -58,7 +58,7 @@ stdenv.mkDerivation { src = fetchurl { url = "https://downloads.uclibc-ng.org/releases/${version}/uClibc-ng-${version}.tar.bz2"; # from "${url}.sha256"; - sha256 = "0cp4xf3k0ib76xaz6n6i7yybw7s92s607ak8svq1kakwk0d1jjbv"; + sha256 = "0qy9xsqacrhhrxd16azm26pqb2ks6c43wbrlq3i8xmq2917kw3xi"; }; # 'ftw' needed to build acl, a coreutils dependency -- cgit 1.4.1 From 6d183ed8d86d2c60bc55e0676081b72bd31728bc Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 11 May 2020 08:42:38 -0400 Subject: linux: 4.14.179 -> 4.14.180 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index b3dea589cd6..8629eb8cf72 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.179"; + version = "4.14.180"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "10arrj3ppbxkn15yxqpxlz4k8yp2afzbfpp2nwfy6klhjiffp9sx"; + sha256 = "03pd4wpg526n391jwc0kbmbxi059mvq8d42a9qbym9mnv5rzjkj4"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 36a1ca4daaa1838588ea43ab3eac7a29a3607928 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 11 May 2020 08:42:49 -0400 Subject: linux: 4.19.121 -> 4.19.122 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 450c44f0aa0..577138542b3 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.121"; + version = "4.19.122"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "11bhjdaihhc42xhf4qxdkkjznc0i6igh0ahjbzr3fb8bmq9sirgv"; + sha256 = "1980vza1vf6cl772dynn4m0rgdjazbn125kd6sb3s06gqn72cl2h"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From ddd1363bff8284600f5904fcf46c5f0d303bed93 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 11 May 2020 08:42:56 -0400 Subject: linux: 4.4.222 -> 4.4.223 --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 81b32a932e1..58131815e0f 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.222"; + version = "4.4.223"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "02zxy5vjxgrqs0mkz5aj70v6pazhif7x5cm26rf8zh4idpmhk2zh"; + sha256 = "09fln0sdfif2zv2jifp24yiqi0vcyj8fqx2jz91g21zvsxk3x5nd"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 39426327ce684e69c5bdbe831a984c20a83e8f4a Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 11 May 2020 08:43:06 -0400 Subject: linux: 4.9.222 -> 4.9.223 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index a9757aa2f10..9f2c7659abb 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.222"; + version = "4.9.223"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0aajgflf96bj7chbd83rdmgcdwd025c6mz6li4cwbfx7xcb91kjc"; + sha256 = "1r9ag1fhy0g429q44qlqh0qkf42qkhzxa04gxlmnrinqypk00lyg"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 98c79eb588b0d19dafa058a8d326cf2199039513 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 11 May 2020 08:43:15 -0400 Subject: linux: 5.4.39 -> 5.4.40 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 5ca72d8a6a5..ffe59480915 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.39"; + version = "5.4.40"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1j35yf1nilb9z7lw8w2drpww7q2zy8zfr0ip8hwcbcd7c5d9chai"; + sha256 = "1ar001rljlr15rcl77la5y1cj3plaqhdblnh87xsmv47fq13yml3"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 0010ae4960d35243e7abb046cd26ddda904a4c63 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 11 May 2020 08:43:23 -0400 Subject: linux: 5.6.11 -> 5.6.12 --- pkgs/os-specific/linux/kernel/linux-5.6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix index 7cd3987f87c..844fb18c21a 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.6.11"; + version = "5.6.12"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1ahv4a3mnszqs3qcnwmhbvjgis1jg37anj5jvn70i7s2k6z6rpfn"; + sha256 = "0892ar2irfhd612sb8jpx85w0wwh4n76jgsv8wb92fp6mim37sns"; }; } // (args.argsOverride or {})) -- cgit 1.4.1 From 677ddfef7c56c0b1277a14e380146a634de3e5a1 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 12 May 2020 08:35:46 -0400 Subject: linux/hardened/patches/4.14: 4.14.179.a -> 4.14.180.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 118998a605b..5d6be4f9593 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,8 +1,8 @@ { "4.14": { - "name": "linux-hardened-4.14.179.a.patch", - "sha256": "0vdcg8713vhraqp04b6lw15qdrvg4iw646d54x6ic0421nxp9zmj", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.179.a/linux-hardened-4.14.179.a.patch" + "name": "linux-hardened-4.14.180.a.patch", + "sha256": "0rpk5lq947i4v48d6jv75rgwpncayr4agc3f2iich3hlkh5p72p3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.180.a/linux-hardened-4.14.180.a.patch" }, "4.19": { "name": "linux-hardened-4.19.121.a.patch", -- cgit 1.4.1 From fc545e4d23cebfb6004dd90fb95369f0bce7f05e Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 12 May 2020 08:35:48 -0400 Subject: linux/hardened/patches/4.19: 4.19.121.a -> 4.19.122.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 5d6be4f9593..353421940c2 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -5,9 +5,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.180.a/linux-hardened-4.14.180.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.121.a.patch", - "sha256": "0bwjx7qbzd50607kr1abx3rd19iciry3p1y3a8sz5w3vb62j8m6z", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.121.a/linux-hardened-4.19.121.a.patch" + "name": "linux-hardened-4.19.122.a.patch", + "sha256": "0jh5wyrwrmm9rqqi8fn6d6bd8lzkhj1aylnphsajyyx5v28hn1b2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.122.a/linux-hardened-4.19.122.a.patch" }, "5.4": { "name": "linux-hardened-5.4.39.a.patch", -- cgit 1.4.1 From 2646e949b041d86136cc67f5768db2ee0a9ce8da Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 12 May 2020 08:35:50 -0400 Subject: linux/hardened/patches/5.4: 5.4.39.a -> 5.4.40.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 353421940c2..b95e5061a8b 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -10,9 +10,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.122.a/linux-hardened-4.19.122.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.39.a.patch", + "name": "linux-hardened-5.4.40.a.patch", "sha256": "1w9yc0j8vshjyvb2qgxjvrdgwiy5lmjn3s1rmlch649vqp97j9w7", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.39.a/linux-hardened-5.4.39.a.patch" + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.40.a/linux-hardened-5.4.40.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", -- cgit 1.4.1 From 511b503b0d029e7a3d2fb4f34b4b99db60a52cba Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 12 May 2020 08:35:52 -0400 Subject: linux/hardened/patches/5.6: 5.6.11.a -> 5.6.12.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index b95e5061a8b..76d27e29508 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.11.a.patch", + "name": "linux-hardened-5.6.12.a.patch", "sha256": "1b6cwffb2b21h9xh2acm9q9j55cay87zbv9jjayv69znry4mzsx3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.11.a/linux-hardened-5.6.11.a.patch" + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.12.a/linux-hardened-5.6.12.a.patch" } } -- cgit 1.4.1 From 0c9b897241f20b38a35fb84e70b6a93df80d7175 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 12 May 2020 08:37:08 -0400 Subject: linux-hardened: Fix kernel version detection --- pkgs/os-specific/linux/kernel/hardened/update.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 3958c85fe20..d6443d2e751 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -184,11 +184,10 @@ for filename in os.listdir(NIXPKGS_KERNEL_PATH): with import {NIXPKGS_PATH} {{}}; (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version """ - kernel_version = parse_version( - run( - "nix", "eval", "--impure", "--raw", "--expr", nix_version_expr, - ).stdout - ) + kernel_version_json = run( + "nix-instantiate", "--eval", "--json", "--expr", nix_version_expr, + ).stdout + kernel_version = parse_version(json.loads(kernel_version_json)) if kernel_version < MIN_KERNEL_VERSION: continue kernel_key = major_kernel_version_key(kernel_version) -- cgit 1.4.1