From 1bfa488b1cd55db5cee714a320375a02d33f5279 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sun, 22 Aug 2021 14:45:17 +0200 Subject: [PATCH 1/5] libbpf: 0.1.1 -> 0.4.0 --- pkgs/os-specific/linux/libbpf/default.nix | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/pkgs/os-specific/linux/libbpf/default.nix b/pkgs/os-specific/linux/libbpf/default.nix index 2e497584fab8..649ad88a3d18 100644 --- a/pkgs/os-specific/linux/libbpf/default.nix +++ b/pkgs/os-specific/linux/libbpf/default.nix @@ -7,30 +7,15 @@ with builtins; stdenv.mkDerivation rec { pname = "libbpf"; - version = "0.1.1"; + version = "0.4.0"; src = fetchFromGitHub { owner = "libbpf"; repo = "libbpf"; rev = "v${version}"; - sha256 = "0ilnnm4q22f8fagwp8kb37licy4ks861i2iqh2djsypqhnxvx3fv"; + sha256 = "1by5w7g3i2fc10bi6f0j8jqi2nq0x8r973j2qx7qlfryjxr7b2v3"; }; - patches = [ - (fetchpatch { # included upstream for > 0.1.0 - name = "link-zlib.patch"; - url = "https://github.com/libbpf/libbpf/commit/8b14cb43ff837.diff"; - sha256 = "17mvjrs7s727drz013a8qlyj0345ldi2kph6pazcmxv6kl1qrz2z"; - }) - ]; - patchFlags = "-p2"; - # https://github.com/libbpf/libbpf/pull/201#issuecomment-689174740 - postPatch = '' - substituteInPlace ../scripts/check-reallocarray.sh \ - --replace 'mktemp /tmp/' 'mktemp ' \ - --replace '/bin/rm' 'rm' - ''; - nativeBuildInputs = [ pkg-config ]; buildInputs = [ libelf zlib ]; From a485b498e666792cc3195d83eb887a4d8bb53297 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 27 Aug 2021 00:29:13 +0200 Subject: [PATCH 2/5] refind: 0.13.1 -> 0.13.2 --- pkgs/tools/bootloaders/refind/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/bootloaders/refind/default.nix b/pkgs/tools/bootloaders/refind/default.nix index 600967e996c0..c8dc645d69b4 100644 --- a/pkgs/tools/bootloaders/refind/default.nix +++ b/pkgs/tools/bootloaders/refind/default.nix @@ -14,11 +14,11 @@ in stdenv.mkDerivation rec { pname = "refind"; - version = "0.13.1"; + version = "0.13.2"; src = fetchurl { url = "mirror://sourceforge/project/refind/${version}/${pname}-src-${version}.tar.gz"; - sha256 = "1yjni0mr3rqrrk4ynwb8i0whpqhd56cck4mxd97qmxn7wbr826i9"; + sha256 = "0w6990ggns4xsdmgj3aq527q15frrxfmxwa3m6igabd4ai498n6x"; }; patches = [ From 64556974b6674338a227d559975c9b4710f6e751 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Mon, 30 Aug 2021 15:10:54 +0200 Subject: [PATCH 3/5] systemd: 247.6 -> 249.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This updates systemd to version v249.4 from version v247.6. Besides the many new features that can be found in the upstream repository they also introduced a bunch of cleanup which ended up requiring a few more patches on our side. a) 0022-core-Handle-lookup-paths-being-symlinks.patch: The way symlinked units were handled was changed in such that the last name of a unit file within one of the unit directories (/run/systemd/system, /etc/systemd/system, ...) is used as the name for the unit. Unfortunately that code didn't take into account that the unit directories themselves could already be symlinks and thus caused all our units to be recognized slightly different. There is an upstream PR for this new patch: https://github.com/systemd/systemd/pull/20479 b) The way the APIVFS is setup has been changed in such a way that we now always have /run. This required a few changes to the confinement tests which did assert that they didn't exist. Instead of adding another patch we can just adopt the upstream behavior. An empty /run doesn't seem harmful. As part of this work I refactored the confinement test just a little bit to allow better debugging of test failures. Previously it would just fail at some point and it wasn't obvious which of the many commands failed or what the unexpected string was. This should now be more obvious. c) Again related to the confinement tests the way a file was tested for being accessible was optimized. Previously systemd would in some situations open a file twice during that check. This was reduced to one operation but required the procfs to be mounted in a units namespace. An upstream bug was filed and fixed. We are now carrying the essential patch to fix that issue until it is backported to a new release (likely only version 250). The good part about this story is that upstream systemd now has a test case that looks very similar to one of our confinement tests. Hopefully that will lead to less friction in the long run. https://github.com/systemd/systemd/issues/20514 https://github.com/systemd/systemd/pull/20515 d) Previously we could grep for dlopen( somewhat reliably but now upstream started using a wrapper around dlopen that is most of the time used with linebreaks. This makes using grep not ergonomic anymore. With this bump we are grepping for anything that looks like a dynamic library name (in contrast to a dlopen(3) call) and replace those instead. That seems more robust. Time will tell if this holds. I tried using coccinelle to patch all those call sites using its tooling but unfornately it does stumble upon the _cleanup_ annotations that are very common in the systemd code. e) We now have some machinery for libbpf support in our systemd build. That being said it doesn't actually work as generating some skeletons doesn't work just yet. It fails with the below error message and is disabled by default (in both minimal and the regular build). > FAILED: src/core/bpf/socket_bind/socket-bind.skel.h > /build/source/tools/build-bpf-skel.py --clang_exec /nix/store/x1bi2mkapk1m0zq2g02nr018qyjkdn7a-clang-wrapper-12.0.1/bin/clang --llvm_strip_exec /nix/store/zm0kqan9qc77x219yihmmisi9g3sg8ns-llvm-12.0.1/bin/llvm-strip --bpftool_exec /nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool --arch x86_64 ../src/core/bpf/socket_bind/socket-bind.bpf.c src/core/bpf/socket_bind/socket-bind.skel.h > libbpf: elf: socket_bind_bpf is not a valid eBPF object file > Error: failed to open BPF object file: BPF object format invalid > Traceback (most recent call last): > File "/build/source/tools/build-bpf-skel.py", line 128, in > bpf_build(args) > File "/build/source/tools/build-bpf-skel.py", line 92, in bpf_build > gen_bpf_skeleton(bpftool_exec=args.bpftool_exec, > File "/build/source/tools/build-bpf-skel.py", line 63, in gen_bpf_skeleton > skel = subprocess.check_output(bpftool_args, universal_newlines=True) > File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 424, in check_output > return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, > File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 528, in run > raise CalledProcessError(retcode, process.args, > subprocess.CalledProcessError: Command '['/nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool', 'g', 's', '../src/core/bpf/socket_bind/socket-bind.bpf.o']' returned non-zero exit status 255. > [102/1457] Compiling C object src/journal/libjournal-core.a.p/journald-server.c.oapture output)put)ut) > ninja: build stopped: subcommand failed. f) We do now have support for TPM2 based disk encryption in our systemd build. The actual bits and pieces to make use of that are missing but there are various ongoing efforts in that direction. There is also the story about systemd in our initrd to enable this being used for root volumes. None of this will yet work out of the box but we can start improving on that front. g) FIDO2 support was added systemd and consequently we can now use that. Just with TPM2 there hasn't been any integration work with NixOS and instead this just adds that capability to work on that. Co-Authored-By: Jörg Thalheim --- .../from_md/release-notes/rl-2111.section.xml | 5 + .../manual/release-notes/rl-2111.section.md | 2 + nixos/modules/services/ttys/getty.nix | 8 + nixos/tests/systemd-confinement.nix | 38 ++- .../libraries/tpm2-tss/default.nix | 10 +- ...ts-for-uninitialised-encrypted-devic.patch | 6 +- ...on-t-try-to-unmount-nix-or-nix-store.patch | 10 +- .../systemd/0003-Fix-NixOS-containers.patch | 10 +- ...004-Look-for-fsck-in-the-right-place.patch | 6 +- ...some-NixOS-specific-unit-directories.patch | 42 +-- ...f-a-useless-message-in-user-sessions.patch | 30 +-- ...d-timedated-disable-methods-that-cha.patch | 32 +-- .../linux/systemd/0008-Fix-hwdb-paths.patch | 40 ++- ...e-usr-share-zoneinfo-to-etc-zoneinfo.patch | 55 ++-- ...calectl-use-etc-X11-xkb-for-list-x11.patch | 8 +- ...te-statedir-and-don-t-touch-prefixdi.patch | 12 +- ...-environment-when-calling-generators.patch | 18 +- ...3-add-rootprefix-to-lookup-dir-paths.patch | 4 +- ...-execute-scripts-in-etc-systemd-syst.patch | 6 +- ...ecute-scripts-in-etc-systemd-system-.patch | 8 +- ...s.service-Update-ConditionFileNotEmp.patch | 8 +- ...-placeholder-for-DEFAULT_PATH_NORMAL.patch | 6 +- ...eat-debus-show-CanMultiSession-again.patch | 8 +- ...pkg-config-derive-prefix-from-prefix.patch | 12 +- ...tall_sysconfdir_samples-in-meson-fil.patch | 31 +++ ...stall_sysconfdir_samples-in-meson-fi.patch | 29 +++ ...e-Handle-lookup-paths-being-symlinks.patch | 80 ++++++ ...executable-work-without-proc-mounted.patch | 29 +++ pkgs/os-specific/linux/systemd/default.nix | 244 +++++++++++------- pkgs/top-level/all-packages.nix | 3 + 30 files changed, 531 insertions(+), 269 deletions(-) create mode 100644 pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch create mode 100644 pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch create mode 100644 pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch create mode 100644 pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 5b3a91662e8b..f88dcb5d6f2b 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -53,6 +53,11 @@ bash now defaults to major version 5. + + + Systemd was updated to version 249 (from 247). + +
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 17d3afd5ceab..a0b78f5a8899 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -20,6 +20,8 @@ In addition to numerous new and upgraded packages, this release has the followin - bash now defaults to major version 5. +- Systemd was updated to version 249 (from 247). + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). diff --git a/nixos/modules/services/ttys/getty.nix b/nixos/modules/services/ttys/getty.nix index 7cf2ff87da26..eb966c37ce7f 100644 --- a/nixos/modules/services/ttys/getty.nix +++ b/nixos/modules/services/ttys/getty.nix @@ -131,6 +131,14 @@ in restartIfChanged = false; }; + systemd.services."autovt@" = + { serviceConfig.ExecStart = [ + "" # override upstream default with an empty ExecStart + (gettyCmd "--noclear %I $TERM") + ]; + restartIfChanged = false; + }; + systemd.services."container-getty@" = { serviceConfig.ExecStart = [ "" # override upstream default with an empty ExecStart diff --git a/nixos/tests/systemd-confinement.nix b/nixos/tests/systemd-confinement.nix index e6a308f46d27..8fafb11e1e8c 100644 --- a/nixos/tests/systemd-confinement.nix +++ b/nixos/tests/systemd-confinement.nix @@ -44,30 +44,26 @@ import ./make-test-python.nix { { config.confinement.mode = "chroot-only"; testScript = '' with subtest("chroot-only confinement"): - machine.succeed( - 'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix', - 'test "$(chroot-exec id -u)" = 0', - "chroot-exec chown 65534 /bin", - ) + paths = machine.succeed('chroot-exec ls -1 / | paste -sd,').strip() + assert_eq(paths, "bin,nix,run") + uid = machine.succeed('chroot-exec id -u').strip() + assert_eq(uid, "0") + machine.succeed("chroot-exec chown 65534 /bin") ''; } { testScript = '' with subtest("full confinement with APIVFS"): - machine.fail( - "chroot-exec ls -l /etc", - "chroot-exec ls -l /run", - "chroot-exec chown 65534 /bin", - ) - machine.succeed( - 'test "$(chroot-exec id -u)" = 0', - "chroot-exec chown 0 /bin", - ) + machine.fail("chroot-exec ls -l /etc") + machine.fail("chroot-exec chown 65534 /bin") + assert_eq(machine.succeed('chroot-exec id -u').strip(), "0") + machine.succeed("chroot-exec chown 0 /bin") ''; } { config.serviceConfig.BindReadOnlyPaths = [ "/etc" ]; testScript = '' with subtest("check existence of bind-mounted /etc"): - machine.succeed('test -n "$(chroot-exec cat /etc/passwd)"') + passwd = machine.succeed('chroot-exec cat /etc/passwd').strip() + assert len(passwd) > 0, "/etc/passwd must not be empty" ''; } { config.serviceConfig.User = "chroot-testuser"; @@ -75,7 +71,8 @@ import ./make-test-python.nix { testScript = '' with subtest("check if User/Group really runs as non-root"): machine.succeed("chroot-exec ls -l /dev") - machine.succeed('test "$(chroot-exec id -u)" != 0') + uid = machine.succeed('chroot-exec id -u').strip() + assert uid != "0", "UID of chroot-testuser shouldn't be 0" machine.fail("chroot-exec touch /bin/test") ''; } @@ -88,10 +85,8 @@ import ./make-test-python.nix { testScript = '' with subtest("check if symlinks are properly bind-mounted"): machine.fail("chroot-exec test -e /etc") - machine.succeed( - "chroot-exec cat ${symlink} >&2", - 'test "$(chroot-exec cat ${symlink})" = "got me"', - ) + text = machine.succeed('chroot-exec cat ${symlink}').strip() + assert_eq(text, "got me") ''; }) { config.serviceConfig.User = "chroot-testuser"; @@ -158,6 +153,9 @@ import ./make-test-python.nix { }; testScript = { nodes, ... }: '' + def assert_eq(a, b): + assert a == b, f"{a} != {b}" + machine.wait_for_unit("multi-user.target") '' + nodes.machine.config.__testSteps; } diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index d367a56010ba..06e1ac9409a1 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -3,6 +3,14 @@ , openssl, json_c, curl, libgcrypt , cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which }: +let + # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss, + # tpm2-tss tests depend on procps, procps depends on systemd by default). This + # needs to be conditional based on isLinux because procps for other systems + # might not support the withSystemd option. + procpsWithoutSystemd = procps.override { withSystemd = false; }; + procps_pkg = if stdenv.isLinux then procpsWithoutSystemd else procps; +in stdenv.mkDerivation rec { pname = "tpm2-tss"; @@ -20,7 +28,7 @@ stdenv.mkDerivation rec { ]; buildInputs = [ openssl json_c curl libgcrypt ]; checkInputs = [ - cmocka uthash ibm-sw-tpm2 iproute2 procps which + cmocka uthash ibm-sw-tpm2 iproute2 procps_pkg which ]; preAutoreconf = "./bootstrap"; diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index ac2d00181602..8a1cdc1da847 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -1,4 +1,4 @@ -From 2f4a5e9c9ef1cd57662e8bd4c24e1029a00d55b5 Mon Sep 17 00:00:00 2001 +From 57e31a2d4a5d5bd7a9e1cd8a0d8bc6a00624ad68 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 8 Jan 2013 15:46:30 +0100 Subject: [PATCH 01/19] Start device units for uninitialised encrypted devices @@ -13,7 +13,7 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index 7c22eefdb7..e3a55e00b5 100644 +index 25b8a590a6..d18999ea87 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in @@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" @@ -28,5 +28,5 @@ index 7c22eefdb7..e3a55e00b5 100644 SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index f54430f764e4..129e0825d9fe 100644 --- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -1,4 +1,4 @@ -From 4e96b2e074c4a4f4ce900409872ce2f86704ee5b Mon Sep 17 00:00:00 2001 +From 43465a392b47238a32f8719f603ed9e2c9bb0363 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 12 Apr 2013 13:16:57 +0200 Subject: [PATCH 02/19] Don't try to unmount /nix or /nix/store @@ -12,7 +12,7 @@ https://github.com/NixOS/nixos/issues/126 2 files changed, 4 insertions(+) diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c -index 292b97cd69..791b8e6b7e 100644 +index f683f05981..5a04c2c2a6 100644 --- a/src/shared/fstab-util.c +++ b/src/shared/fstab-util.c @@ -40,6 +40,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { @@ -25,10 +25,10 @@ index 292b97cd69..791b8e6b7e 100644 "/etc")) return true; diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 3a72a13e1a..541320dc9d 100644 +index c2a26242c0..9936398f32 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c -@@ -500,6 +500,8 @@ static int delete_md(MountPoint *m) { +@@ -496,6 +496,8 @@ static int delete_md(MountPoint *m) { static bool nonunmountable_path(const char *path) { return path_equal(path, "/") @@ -38,5 +38,5 @@ index 3a72a13e1a..541320dc9d 100644 || path_equal(path, "/usr") #endif -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index 37caffb97d76..91fdebc7ad38 100644 --- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -1,4 +1,4 @@ -From 3d1b2e56a6ed6cc86a64f6f89765a2900e576402 Mon Sep 17 00:00:00 2001 +From a99666d3d7012c2162fdacf84a57fc0b848fd957 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 10:59:28 +0200 Subject: [PATCH 03/19] Fix NixOS containers @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 7515380fcd..14f8a82eb8 100644 +index 04685fecba..0e5ece5f91 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5323,6 +5323,7 @@ static int run(int argc, char *argv[]) { +@@ -5590,6 +5590,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index 7515380fcd..14f8a82eb8 100644 const char *p, *q; if (arg_pivot_root_new) -@@ -5337,6 +5338,7 @@ static int run(int argc, char *argv[]) { +@@ -5604,6 +5605,7 @@ static int run(int argc, char *argv[]) { r = -EINVAL; goto finish; } @@ -30,5 +30,5 @@ index 7515380fcd..14f8a82eb8 100644 } else { -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch index 2f14a9d6a7e8..bdd205dd29e8 100644 --- a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch +++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -1,4 +1,4 @@ -From 3a721cf70e952e933ef5374006bbb11a3a0ad36a Mon Sep 17 00:00:00 2001 +From 3f0780b25bdbe4156a2f761c90083bbba5f4d473 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 1 May 2014 14:10:10 +0200 Subject: [PATCH 04/19] Look for fsck in the right place @@ -8,7 +8,7 @@ Subject: [PATCH 04/19] Look for fsck in the right place 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c -index 510689f3b7..25cab5acae 100644 +index cd7adfaeb9..68cebdd158 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c @@ -368,7 +368,7 @@ static int run(int argc, char *argv[]) { @@ -21,5 +21,5 @@ index 510689f3b7..25cab5acae 100644 cmdline[i++] = "-T"; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch index 0acccacd6135..8680d147ad17 100644 --- a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch +++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -1,4 +1,4 @@ -From 8b7f881cf22e98e907506f4c403b9e304e332bf9 Mon Sep 17 00:00:00 2001 +From 82698c6a5142e710c302f9c38367ed00d8ec94ba Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 19 Dec 2014 14:46:17 +0100 Subject: [PATCH 05/19] Add some NixOS-specific unit directories @@ -10,14 +10,14 @@ units provided by packages installed into the default profile via Also, remove /usr and /lib as these don't exist on NixOS. --- src/basic/path-lookup.c | 17 ++--------------- - src/core/systemd.pc.in | 5 +++-- - 2 files changed, 5 insertions(+), 17 deletions(-) + src/core/systemd.pc.in | 8 ++++---- + 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 96b82170d0..bf66bd6b77 100644 +index 05eb17d66c..1cd141d012 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c -@@ -94,11 +94,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { +@@ -91,11 +91,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { } static const char* const user_data_unit_paths[] = { @@ -29,7 +29,7 @@ index 96b82170d0..bf66bd6b77 100644 NULL }; -@@ -616,15 +612,13 @@ int lookup_paths_init( +@@ -613,15 +609,13 @@ int lookup_paths_init( persistent_config, SYSTEM_CONFIG_UNIT_DIR, "/etc/systemd/system", @@ -40,13 +40,13 @@ index 96b82170d0..bf66bd6b77 100644 STRV_IFNOTNULL(runtime_attached), STRV_IFNOTNULL(generator), - "/usr/local/lib/systemd/system", - SYSTEM_DATA_UNIT_PATH, + SYSTEM_DATA_UNIT_DIR, - "/usr/lib/systemd/system", - STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), STRV_IFNOTNULL(generator_late)); break; -@@ -640,14 +634,11 @@ int lookup_paths_init( +@@ -637,14 +631,11 @@ int lookup_paths_init( persistent_config, USER_CONFIG_UNIT_DIR, "/etc/systemd/user", @@ -62,7 +62,7 @@ index 96b82170d0..bf66bd6b77 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -797,7 +788,6 @@ char **generator_binary_paths(UnitFileScope scope) { +@@ -794,7 +785,6 @@ char **generator_binary_paths(UnitFileScope scope) { case UNIT_FILE_SYSTEM: add = strv_new("/run/systemd/system-generators", "/etc/systemd/system-generators", @@ -70,7 +70,7 @@ index 96b82170d0..bf66bd6b77 100644 SYSTEM_GENERATOR_DIR); break; -@@ -805,7 +795,6 @@ char **generator_binary_paths(UnitFileScope scope) { +@@ -802,7 +792,6 @@ char **generator_binary_paths(UnitFileScope scope) { case UNIT_FILE_USER: add = strv_new("/run/systemd/user-generators", "/etc/systemd/user-generators", @@ -78,7 +78,7 @@ index 96b82170d0..bf66bd6b77 100644 USER_GENERATOR_DIR); break; -@@ -844,12 +833,10 @@ char **env_generator_binary_paths(bool is_system) { +@@ -841,12 +830,10 @@ char **env_generator_binary_paths(bool is_system) { if (is_system) add = strv_new("/run/systemd/system-environment-generators", "/etc/systemd/system-environment-generators", @@ -92,10 +92,10 @@ index 96b82170d0..bf66bd6b77 100644 if (!add) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index b5cc8f94a5..a701cd05f8 100644 +index fc0f8c34fa..ded74ce50a 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in -@@ -38,10 +38,11 @@ systemdsystemconfdir=${systemd_system_conf_dir} +@@ -38,10 +38,10 @@ systemdsystemconfdir=${systemd_system_conf_dir} systemd_user_conf_dir=${sysconfdir}/systemd/user systemduserconfdir=${systemd_user_conf_dir} @@ -105,10 +105,22 @@ index b5cc8f94a5..a701cd05f8 100644 -systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemd_user_unit_dir}:/usr/lib/systemd/user:/usr/share/systemd/user +systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/user:${systemduserunitdir} -+ systemduserunitpath=${systemd_user_unit_path} systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators +@@ -50,10 +50,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir} + systemd_user_generator_dir=${prefix}/lib/systemd/user-generators + systemdusergeneratordir=${systemd_user_generator_dir} + +-systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir} ++systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:${systemd_system_generator_dir} + systemdsystemgeneratorpath=${systemd_system_generator_path} + +-systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:/usr/local/lib/systemd/user-generators:${systemd_user_generator_dir} ++systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:${systemd_user_generator_dir} + systemdusergeneratorpath=${systemd_user_generator_path} + + systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch index bda27ac1762f..f6fa5833518c 100644 --- a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -1,4 +1,4 @@ -From 7a6529ee27028860b93bc539e8bbf3f2374d712f Mon Sep 17 00:00:00 2001 +From e2a8db60ebfb1e0477ce989f6c3d4a95f2e08120 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 11 May 2015 15:39:38 +0200 Subject: [PATCH 06/19] Get rid of a useless message in user sessions @@ -9,23 +9,23 @@ Namely lots of variants of in containers. --- - src/core/unit.c | 3 ++- + src/core/manager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/src/core/unit.c b/src/core/unit.c -index 45a417a090..8af3cb08d6 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2163,7 +2163,8 @@ static void unit_check_binds_to(Unit *u) { - } +diff --git a/src/core/manager.c b/src/core/manager.c +index 8884437347..e23d47b4a4 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1375,7 +1375,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { + if (!unit_is_bound_by_inactive(u, &culprit)) + continue; - assert(other); -- log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); -+ if (u->type != UNIT_MOUNT || detect_container() <= 0) -+ log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); +- log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id); ++ if (u->type != UNIT_MOUNT || detect_container() <= 0) ++ log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id); - /* A unit we need to run is gone. Sniff. Let's stop this. */ - r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); + /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the + * service being unnecessary after a while. */ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch index d51e1c0f5668..17c53e2e5180 100644 --- a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -1,4 +1,4 @@ -From 5580303956ca7d8eb431d23c2af0030c9cc0e6e9 Mon Sep 17 00:00:00 2001 +From 56ae06b48c6852071dfc57c1203c04f07309d757 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Dec 2015 14:26:36 +0100 Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that @@ -11,10 +11,10 @@ Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that 3 files changed, 25 insertions(+) diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index a1794bdab1..77134731e1 100644 +index 36702f2fb0..669257ea2f 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c -@@ -643,6 +643,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ +@@ -797,6 +797,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ if (r < 0) return r; @@ -24,7 +24,7 @@ index a1794bdab1..77134731e1 100644 name = empty_to_null(name); context_read_etc_hostname(c); -@@ -702,6 +705,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess +@@ -860,6 +863,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess if (r < 0) return r; @@ -35,20 +35,20 @@ index a1794bdab1..77134731e1 100644 context_read_machine_info(c); diff --git a/src/locale/localed.c b/src/locale/localed.c -index 736dacdee9..53e0ee935e 100644 +index df0eb030d4..d026eae97e 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c -@@ -317,6 +317,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er +@@ -360,6 +360,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er if (r < 0) return r; + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); ++ "Changing system settings via systemd is not supported on NixOS."); + + use_localegen = locale_gen_check_available(); + /* If single locale without variable name is provided, then we assume it is LANG=. */ - if (strv_length(l) == 1 && !strchr(l[0], '=')) { - if (!locale_is_valid(l[0])) -@@ -432,6 +435,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro +@@ -485,6 +488,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro if (r < 0) return r; @@ -58,7 +58,7 @@ index 736dacdee9..53e0ee935e 100644 keymap = empty_to_null(keymap); keymap_toggle = empty_to_null(keymap_toggle); -@@ -606,6 +612,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err +@@ -665,6 +671,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err if (r < 0) return r; @@ -69,10 +69,10 @@ index 736dacdee9..53e0ee935e 100644 model = empty_to_null(model); variant = empty_to_null(variant); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 76fe04900d..e87c4c8919 100644 +index 66b454269d..0a8fe25d0f 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -646,6 +646,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * +@@ -668,6 +668,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * if (r < 0) return r; @@ -83,7 +83,7 @@ index 76fe04900d..e87c4c8919 100644 if (!timezone_is_valid(z, LOG_DEBUG)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); -@@ -725,6 +729,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error +@@ -747,6 +751,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error if (r < 0) return r; @@ -93,7 +93,7 @@ index 76fe04900d..e87c4c8919 100644 if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -907,6 +914,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -930,6 +937,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; @@ -104,5 +104,5 @@ index 76fe04900d..e87c4c8919 100644 if (r < 0) return r; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch index 2b1c02b233c7..f272ef23dc01 100644 --- a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch +++ b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch @@ -1,32 +1,28 @@ -From 874698425f6d68fc0d662cb17c7c29e0af3e8c25 Mon Sep 17 00:00:00 2001 +From b783b2da164482f26ac5e6e347dc41930c072ea5 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 7 Jul 2016 02:47:13 +0300 Subject: [PATCH 08/19] Fix hwdb paths Patch by vcunat. --- - src/libsystemd/sd-hwdb/sd-hwdb.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) + src/libsystemd/sd-hwdb/hwdb-internal.h | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) -diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c -index cb3c77ce96..7b8c80071f 100644 ---- a/src/libsystemd/sd-hwdb/sd-hwdb.c -+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c -@@ -297,13 +297,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { - } +diff --git a/src/libsystemd/sd-hwdb/hwdb-internal.h b/src/libsystemd/sd-hwdb/hwdb-internal.h +index 5ddc2211e6..ee621eec46 100644 +--- a/src/libsystemd/sd-hwdb/hwdb-internal.h ++++ b/src/libsystemd/sd-hwdb/hwdb-internal.h +@@ -82,8 +82,5 @@ struct trie_value_entry2_f { + } _packed_; - static const char hwdb_bin_paths[] = -- "/etc/systemd/hwdb/hwdb.bin\0" - "/etc/udev/hwdb.bin\0" -- "/usr/lib/systemd/hwdb/hwdb.bin\0" --#if HAVE_SPLIT_USR -- "/lib/systemd/hwdb/hwdb.bin\0" --#endif -- UDEVLIBEXECDIR "/hwdb.bin\0"; -+ ; - - _public_ int sd_hwdb_new(sd_hwdb **ret) { - _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; + #define hwdb_bin_paths \ +- "/etc/systemd/hwdb/hwdb.bin\0" \ +- "/etc/udev/hwdb.bin\0" \ +- "/usr/lib/systemd/hwdb/hwdb.bin\0" \ +- _CONF_PATHS_SPLIT_USR_NULSTR("systemd/hwdb/hwdb.bin") \ +- UDEVLIBEXECDIR "/hwdb.bin\0" ++ "/etc/udev/hwdb.bin\0" ++ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index a1e8ec963c71..791e47065d6f 100644 --- a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -1,4 +1,4 @@ -From 367d0dad3d1853048569e315931cb8a27e16a098 Mon Sep 17 00:00:00 2001 +From e24c05ef8cfe48c4f0ebdb92e8147ae2151e4c87 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 11 Oct 2016 13:12:08 +0300 Subject: [PATCH 09/19] Change /usr/share/zoneinfo to /etc/zoneinfo @@ -6,11 +6,11 @@ Subject: [PATCH 09/19] Change /usr/share/zoneinfo to /etc/zoneinfo NixOS uses this path. --- man/localtime.xml | 4 ++-- - src/basic/time-util.c | 6 +++--- + src/basic/time-util.c | 8 ++++---- src/firstboot/firstboot.c | 2 +- src/nspawn/nspawn.c | 4 ++-- src/timedate/timedated.c | 8 ++++---- - 5 files changed, 12 insertions(+), 12 deletions(-) + 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/man/localtime.xml b/man/localtime.xml index e486474c44..5f373d0723 100644 @@ -35,28 +35,37 @@ index e486474c44..5f373d0723 100644 Etc/UTC. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 5318d6378d..04069dc27b 100644 +index 5d162e8ffe..1bec83e555 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c -@@ -1277,7 +1277,7 @@ int get_timezones(char ***ret) { - n_allocated = 2; - n_zones = 1; +@@ -1269,7 +1269,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { + + assert(ret); - f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); + f = fopen("/etc/zoneinfo/zone1970.tab", "re"); - if (f) { - for (;;) { - _cleanup_free_ char *line = NULL; -@@ -1372,7 +1372,7 @@ bool timezone_is_valid(const char *name, int log_level) { + if (!f) + return -errno; + +@@ -1308,7 +1308,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { + _cleanup_strv_free_ char **zones = NULL; + int r; + +- f = fopen("/usr/share/zoneinfo/tzdata.zi", "re"); ++ f = fopen("/etc/zoneinfo/tzdata.zi", "re"); + if (!f) + return -errno; + +@@ -1421,7 +1421,7 @@ int verify_timezone(const char *name, int log_level) { if (p - name >= PATH_MAX) - return false; + return -ENAMETOOLONG; - t = strjoina("/usr/share/zoneinfo/", name); + t = strjoina("/etc/zoneinfo/", name); fd = open(t, O_RDONLY|O_CLOEXEC); - if (fd < 0) { -@@ -1470,7 +1470,7 @@ int get_timezone(char **ret) { + if (fd < 0) +@@ -1512,7 +1512,7 @@ int get_timezone(char **ret) { if (r < 0) return r; /* returns EINVAL if not a symlink */ @@ -66,10 +75,10 @@ index 5318d6378d..04069dc27b 100644 return -EINVAL; diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index 742b43f9fc..f2cb121816 100644 +index 2cb4f80d5d..ebeaeac52f 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c -@@ -459,7 +459,7 @@ static int process_timezone(void) { +@@ -491,7 +491,7 @@ static int process_timezone(void) { if (isempty(arg_timezone)) return 0; @@ -79,10 +88,10 @@ index 742b43f9fc..f2cb121816 100644 (void) mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 14f8a82eb8..8632dadec6 100644 +index 0e5ece5f91..cc46435472 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -1810,8 +1810,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u +@@ -1887,8 +1887,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid static const char *timezone_from_path(const char *path) { return PATH_STARTSWITH_SET( path, @@ -94,10 +103,10 @@ index 14f8a82eb8..8632dadec6 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index e87c4c8919..964a40ba81 100644 +index 0a8fe25d0f..2f02b9a520 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -269,7 +269,7 @@ static int context_read_data(Context *c) { +@@ -279,7 +279,7 @@ static int context_read_data(Context *c) { r = get_timezone(&t); if (r == -EINVAL) @@ -106,7 +115,7 @@ index e87c4c8919..964a40ba81 100644 else if (r < 0) log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); -@@ -293,7 +293,7 @@ static int context_write_data_timezone(Context *c) { +@@ -303,7 +303,7 @@ static int context_write_data_timezone(Context *c) { if (isempty(c->zone) || streq(c->zone, "UTC")) { @@ -115,7 +124,7 @@ index e87c4c8919..964a40ba81 100644 if (unlink("/etc/localtime") < 0 && errno != ENOENT) return -errno; -@@ -301,9 +301,9 @@ static int context_write_data_timezone(Context *c) { +@@ -311,9 +311,9 @@ static int context_write_data_timezone(Context *c) { return 0; } @@ -128,5 +137,5 @@ index e87c4c8919..964a40ba81 100644 return -ENOMEM; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch index 334156495fcf..d9b048113862 100644 --- a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -1,4 +1,4 @@ -From bf285fe7e12bd22f95c14bcefbb5008888c32bfa Mon Sep 17 00:00:00 2001 +From 09f6ca91b4131637038686dafd57b5da642c100e Mon Sep 17 00:00:00 2001 From: Imuli Date: Wed, 19 Oct 2016 08:46:47 -0400 Subject: [PATCH 10/19] localectl: use /etc/X11/xkb for list-x11-* @@ -10,10 +10,10 @@ NixOS has an option to link the xkb data files to /etc/X11, but not to 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/localectl.c b/src/locale/localectl.c -index 7d2e887660..91c5139eed 100644 +index 548ac8eb2c..5e372f1566 100644 --- a/src/locale/localectl.c +++ b/src/locale/localectl.c -@@ -277,7 +277,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { +@@ -280,7 +280,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { } state = NONE, look_for; int r; @@ -23,5 +23,5 @@ index 7d2e887660..91c5139eed 100644 return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch index 902018ee4b91..f88b802b2988 100644 --- a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -1,4 +1,4 @@ -From 293b19c5fdbda1b4ee579a7e8ba12f024a6f34c9 Mon Sep 17 00:00:00 2001 +From d5716cd93fdaad16b590a581f39d95954f40748e Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Sun, 11 Feb 2018 04:37:44 +0100 Subject: [PATCH 11/19] build: don't create statedir and don't touch prefixdir @@ -8,11 +8,11 @@ Subject: [PATCH 11/19] build: don't create statedir and don't touch prefixdir 1 file changed, 3 deletions(-) diff --git a/meson.build b/meson.build -index 580964c3fa..f99d4f3ab5 100644 +index 738879eb21..453ee4b1c0 100644 --- a/meson.build +++ b/meson.build -@@ -3518,9 +3518,6 @@ install_data('LICENSE.GPL2', - 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', +@@ -3538,9 +3538,6 @@ install_data('LICENSE.GPL2', + 'docs/GVARIANT-SERIALIZATION.md', install_dir : docdir) -meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) @@ -20,7 +20,7 @@ index 580964c3fa..f99d4f3ab5 100644 - ############################################################ - check_help = find_program('tools/check-help.sh') + # Ensure that changes to the docs/ directory do not break the -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch index 05fce10e8568..f5a6fde26b1f 100644 --- a/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch +++ b/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch @@ -1,4 +1,4 @@ -From 63777e7f690b67952bf4571f8e09e5d8e769d3c0 Mon Sep 17 00:00:00 2001 +From 40a5df71e7af5feefacae9fc95bf94e72c6c12f4 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 2 Nov 2018 21:15:42 +0100 Subject: [PATCH 12/19] inherit systemd environment when calling generators. @@ -12,19 +12,20 @@ tries to gather environments with that they call "environment-generators" and then seems to pass that on to all the other executables that are being called from managers. --- - src/core/manager.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) + src/core/manager.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 6858950107..07a599ede7 100644 +index e23d47b4a4..1047aadebc 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -4142,9 +4142,14 @@ static int manager_run_generators(Manager *m) { +@@ -4145,10 +4145,15 @@ static int manager_run_generators(Manager *m) { argv[4] = NULL; RUN_WITH_UMASK(0022) - (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, NULL, NULL, -- (char**) argv, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); +- (char**) argv, m->transient_environment, +- EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID); - + (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, + // On NixOS we must propagate PATH to generators so they are @@ -33,10 +34,11 @@ index 6858950107..07a599ede7 100644 + // function (envp) is set to NULL. This propagates systemd's + // environment (e.g. PATH) that was setup + // before calling systemd from stage-2-init.sh. -+ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); ++ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, ++ EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID); r = 0; finish: -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch index b9bab2d387e9..da6aa2627ff8 100644 --- a/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch +++ b/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch @@ -1,4 +1,4 @@ -From 561dc3b864d96753b5dc448e6e1a80460d5f0bc4 Mon Sep 17 00:00:00 2001 +From fe3aff271cf127c1484533237fe0a024e07ae7bc Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Thu, 9 May 2019 11:15:22 +0200 Subject: [PATCH 13/19] add rootprefix to lookup dir paths @@ -34,5 +34,5 @@ index 2e60abb4f1..732ec51d36 100644 #define CONF_PATHS(n) \ CONF_PATHS_USR(n) \ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index c737b61e749a..1ed19358a151 100644 --- a/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -1,4 +1,4 @@ -From 8f619304804b02f4e9d7a340ca90359f96adc6e8 Mon Sep 17 00:00:00 2001 +From 31732478745f7a200004fb8ec013f54dbc536f2e Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 25 Jul 2019 20:45:55 +0300 Subject: [PATCH 14/19] systemd-shutdown: execute scripts in @@ -10,7 +10,7 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 0d07865542..26d974ef73 100644 +index a98cfc4d8a..b0b34edda7 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c @@ -312,7 +312,7 @@ int main(int argc, char *argv[]) { @@ -23,5 +23,5 @@ index 0d07865542..26d974ef73 100644 /* The log target defaults to console, but the original systemd process will pass its log target in through a * command line argument, which will override this default. Also, ensure we'll never log to the journal or -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index 3059216f7c58..2777de09fadb 100644 --- a/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -1,4 +1,4 @@ -From 577b11afe38fc185d785ca8f125f518a4eb21a00 Mon Sep 17 00:00:00 2001 +From 3f2277b86f39cb55936ae11c2365feb283b547cb Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 25 Jul 2019 20:46:58 +0300 Subject: [PATCH 15/19] systemd-sleep: execute scripts in @@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index 39ab554290..880ac7ccb0 100644 +index a3aeb24633..0ed6a34d79 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -178,6 +178,7 @@ static int execute(char **modes, char **states) { +@@ -182,6 +182,7 @@ static int execute( }; static const char* const dirs[] = { SYSTEM_SLEEP_PATH, @@ -22,5 +22,5 @@ index 39ab554290..880ac7ccb0 100644 }; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch index ad19d910e1e7..6ef53e95d023 100644 --- a/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch +++ b/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch @@ -1,4 +1,4 @@ -From ba19f629c1806ca2d2ab58154e45bce4ae4a3f0c Mon Sep 17 00:00:00 2001 +From 330490aa8a44206bc03205654680913ab01408a1 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 22:40:27 +0100 Subject: [PATCH 16/19] kmod-static-nodes.service: Update ConditionFileNotEmpty @@ -10,10 +10,10 @@ On NixOS, kernel modules of the currently booted systems are located at 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in -index f4170d6a99..9a6a591bea 100644 +index 777e82d16b..b6abc2bba0 100644 --- a/units/kmod-static-nodes.service.in +++ b/units/kmod-static-nodes.service.in -@@ -12,7 +12,7 @@ Description=Create list of static device nodes for the current kernel +@@ -12,7 +12,7 @@ Description=Create List of Static Device Nodes DefaultDependencies=no Before=sysinit.target systemd-tmpfiles-setup-dev.service ConditionCapability=CAP_SYS_MODULE @@ -23,5 +23,5 @@ index f4170d6a99..9a6a591bea 100644 [Service] Type=oneshot -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index 585a0aa112e3..775c8e098479 100644 --- a/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -1,4 +1,4 @@ -From c639f311bd27c2bff62a22c34bc92613aaf77587 Mon Sep 17 00:00:00 2001 +From 216018be7b422586b937dae8fd83f51989479a41 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 8 Mar 2020 01:05:54 +0100 Subject: [PATCH 17/19] path-util.h: add placeholder for DEFAULT_PATH_NORMAL @@ -10,7 +10,7 @@ systemd itself uses extensively. 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index d613709f0b..5cced4c115 100644 +index 26e7362d1f..a8f8a863ec 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -24,11 +24,11 @@ @@ -29,5 +29,5 @@ index d613709f0b..5cced4c115 100644 #if HAVE_SPLIT_USR # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch b/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch index f634e74e663a..21d466b02bb8 100644 --- a/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch +++ b/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch @@ -1,4 +1,4 @@ -From ebb37f81c28aaa80acd9187a7d77dcb3cb3828db Mon Sep 17 00:00:00 2001 +From beb594ff3bceb95598ffa8ec47c31bacb2449473 Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Mon, 26 Oct 2020 21:21:38 +0100 Subject: [PATCH 18/19] logind-seat-debus: show CanMultiSession again @@ -9,10 +9,10 @@ Fixes the "switch user" function in Plasma < 5.20. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c -index a60ed2d3c2..69b6271075 100644 +index cceb3b1d2d..94b4723bb9 100644 --- a/src/login/logind-seat-dbus.c +++ b/src/login/logind-seat-dbus.c -@@ -450,7 +450,7 @@ static const sd_bus_vtable seat_vtable[] = { +@@ -419,7 +419,7 @@ static const sd_bus_vtable seat_vtable[] = { SD_BUS_PROPERTY("Id", "s", NULL, offsetof(Seat, id), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ActiveSession", "(so)", property_get_active_session, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), @@ -22,5 +22,5 @@ index a60ed2d3c2..69b6271075 100644 SD_BUS_PROPERTY("CanGraphical", "b", property_get_can_graphical, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("Sessions", "a(so)", property_get_sessions, 0, 0), -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch b/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch index 2d93cdef9a34..da071603557a 100644 --- a/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch +++ b/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch @@ -1,4 +1,4 @@ -From 5439a516995f9fd57fc91c2cdd016bb18f31aadf Mon Sep 17 00:00:00 2001 +From 2e7477dc29095141a0556ded11f0ee370d82bfbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Dec 2020 08:34:19 +0100 Subject: [PATCH 19/19] pkg-config: derive prefix from --prefix @@ -16,7 +16,7 @@ Co-Authored-By: Florian Klink 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index a701cd05f8..85d6911bdf 100644 +index ded74ce50a..0262f53154 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in @@ -11,7 +11,7 @@ @@ -24,10 +24,10 @@ index a701cd05f8..85d6911bdf 100644 # shall have underscores. -prefix=/usr -+prefix=@prefix@ - root_prefix=@rootprefix_noslash@ ++prefix={{PREFIX}} + root_prefix={{ROOTPREFIX_NOSLASH}} rootprefix=${root_prefix} - sysconf_dir=@sysconfdir@ + sysconf_dir={{SYSCONF_DIR}} -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch b/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch new file mode 100644 index 000000000000..4567c2fa3164 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch @@ -0,0 +1,31 @@ +From 1a2d24d210c9329e8b900fdb01576c57374581d8 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Mon, 26 Jul 2021 16:57:43 +0200 +Subject: [PATCH 20/20] core: respect install_sysconfdir_samples in meson file + +The refactoring done in e11a25cadbe caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicated whether or not the +sample files should be installed. +--- + src/core/meson.build | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/meson.build b/src/core/meson.build +index f0d2c6f642..4ff7e00e36 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -187,6 +187,10 @@ foreach item : in_files + file = item[0] + dir = item[1] + ++ if not install_sysconfdir_samples and dir == pkgsysconfdir ++ continue ++ endif ++ + custom_target( + file, + input : file + '.in', +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch b/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch new file mode 100644 index 000000000000..b048249e0519 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch @@ -0,0 +1,29 @@ +From 189ba3af8b21cfc53527453907e800a2917b1bfd Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Mon, 26 Jul 2021 17:20:34 +0200 +Subject: [PATCH] login: respect install_sysconfdir_samples in meson file + +The refactoring done in c900d89faa0 caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicates whether or not the +sample files should be installed. +--- + src/login/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/meson.build b/src/login/meson.build +index 8c20e6be65..b637adc9a2 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -67,7 +67,7 @@ pam_systemd_c = files('pam_systemd.c') + + enable_logind = conf.get('ENABLE_LOGIND') == 1 + in_files = [ +- ['logind.conf', pkgsysconfdir, enable_logind], ++ ['logind.conf', pkgsysconfdir, enable_logind and install_sysconfdir_samples], + ['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1], + ['71-seat.rules', udevrulesdir, enable_logind], + ['73-seat-late.rules', udevrulesdir, enable_logind], +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch b/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch new file mode 100644 index 000000000000..c7d022b1ffde --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch @@ -0,0 +1,80 @@ +From 5f17b65d30480e489e135b403a072b38535b2911 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Wed, 18 Aug 2021 19:10:08 +0200 +Subject: [PATCH] core: handle lookup paths being symlinks + +With a recent change paths leaving the statically known lookup paths +would be treated differently then those that remained within those. That +was done (AFAIK) to consistently handle alias names. Unfortunately that +means that on some distributions, especially those where /etc/ consists +mostly of symlinks, would trigger that new detection for every single +unit in /etc/systemd/system. The reason for that is that the units +directory itself is already a symlink. +--- + src/basic/unit-file.c | 33 +++++++++++++++++++++++++++++++-- + 1 file changed, 31 insertions(+), 2 deletions(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 884a0674a9..3ae2a115d0 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -254,6 +254,7 @@ int unit_file_build_name_map( + + _cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL; + _cleanup_set_free_free_ Set *paths = NULL; ++ _cleanup_strv_free_ char **expanded_search_paths = NULL; + uint64_t timestamp_hash; + char **dir; + int r; +@@ -273,6 +274,34 @@ int unit_file_build_name_map( + return log_oom(); + } + ++ /* Go over all our search paths, chase their symlinks and store the ++ * result in the expanded_search_paths list. ++ * ++ * This is important for cases where any of the unit directories itself ++ * are symlinks into other directories and would therefore cause all of ++ * the unit files to be recognized as linked units. ++ * ++ * This is important for distributions such as NixOS where most paths ++ * in /etc/ are symlinks to some other location on the filesystem (e.g. ++ * into /nix/store/). ++ */ ++ STRV_FOREACH(dir, (char**) lp->search_path) { ++ _cleanup_free_ char *resolved_dir = NULL; ++ r = strv_extend(&expanded_search_paths, *dir); ++ if (r < 0) ++ return log_oom(); ++ ++ r = chase_symlinks(*dir, NULL, 0, &resolved_dir, NULL); ++ if (r < 0) { ++ if (r != -ENOENT) ++ log_warning_errno(r, "Failed to resolve symlink %s, ignoring: %m", *dir); ++ continue; ++ } ++ ++ if (strv_consume(&expanded_search_paths, TAKE_PTR(resolved_dir)) < 0) ++ return log_oom(); ++ } ++ + STRV_FOREACH(dir, (char**) lp->search_path) { + struct dirent *de; + _cleanup_closedir_ DIR *d = NULL; +@@ -351,11 +380,11 @@ int unit_file_build_name_map( + continue; + } + +- /* Check if the symlink goes outside of our search path. ++ /* Check if the symlink goes outside of our (expanded) search path. + * If yes, it's a linked unit file or mask, and we don't care about the target name. + * Let's just store the link source directly. + * If not, let's verify that it's a good symlink. */ +- char *tail = path_startswith_strv(simplified, lp->search_path); ++ char *tail = path_startswith_strv(simplified, expanded_search_paths); + if (!tail) { + log_debug("%s: linked unit file: %s → %s", + __func__, filename, simplified); +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch b/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch new file mode 100644 index 000000000000..026d0278797e --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch @@ -0,0 +1,29 @@ +From 93413acd3ef3a637a0f31a1d133b103e1dc81fd6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 23 Aug 2021 06:16:48 +0900 +Subject: [PATCH] path-util: make find_executable() work without /proc mounted + +Follow-up for 888f65ace6296ed61285d31db846babf1c11885e. + +Hopefully fixes #20514. +--- + src/basic/path-util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/basic/path-util.c b/src/basic/path-util.c +index d11f254a9f6a..a21981616b59 100644 +--- a/src/basic/path-util.c ++++ b/src/basic/path-util.c +@@ -630,7 +630,11 @@ static int check_x_access(const char *path, int *ret_fd) { + return r; + + r = access_fd(fd, X_OK); +- if (r < 0) ++ if (r == -ENOSYS) { ++ /* /proc is not mounted. Fallback to access(). */ ++ if (access(path, X_OK) < 0) ++ return -errno; ++ } else if (r < 0) + return r; + + if (ret_fd) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 63f82923cb7f..9f92c34cee6b 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -39,6 +39,7 @@ , gnupg , zlib , xz +, tpm2-tss , libuuid , libapparmor , intltool @@ -57,6 +58,12 @@ , bashInteractive , libmicrohttpd + # the (optional) BPF feature requires bpftool, libbpf, clang and llmv-strip to be avilable during build time. + # Only libbpf should be a runtime dependency. +, bpftools +, libbpf +, llvmPackages + , withAnalyze ? true , withApparmor ? true , withCompression ? true # adds bzip2, lz4 and xz @@ -64,10 +71,12 @@ , withCryptsetup ? true , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi +, withFido2 ? true , withHomed ? false , withHostnamed ? true , withHwdb ? true , withImportd ? true +, withLibBPF ? false # currently fails while generating BPF objects , withLocaled ? true , withLogind ? true , withMachined ? true @@ -82,6 +91,7 @@ , withShellCompletions ? true , withTimedated ? true , withTimesyncd ? true +, withTpm2Tss ? true , withUserDb ? true , libfido2 , p11-kit @@ -106,15 +116,13 @@ assert withCoredump -> withCompression; assert withHomed -> withCryptsetup; -assert withCryptsetup -> -(cryptsetup != null); +assert withCryptsetup -> (cryptsetup != null); let wantCurl = withRemote || withImportd; - + version = "249.4"; in -stdenv.mkDerivation rec { - inherit pname; - version = "247.6"; +stdenv.mkDerivation { + inherit pname version; # We use systemd/systemd-stable for src, and ship NixOS-specific patches inside nixpkgs directly # This has proven to be less error-prone than the previous systemd fork. @@ -122,7 +130,7 @@ stdenv.mkDerivation rec { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "sha256-7XYEq3Qw25suwjbtPzx9lVPHUu9ZY/1bADXl2wQbkJc="; + sha256 = "0pqi9gbk9kgwvd0idf13ybxz7s4h5przn01bwj6fna44jr0wy41c"; }; # If these need to be regenerated, `git am path/to/00*.patch` them into a @@ -150,18 +158,26 @@ stdenv.mkDerivation rec { ./0018-logind-seat-debus-show-CanMultiSession-again.patch ./0019-pkg-config-derive-prefix-from-prefix.patch - # Fix -Werror=format. - (fetchpatch { - url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch"; - sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add"; - }) + # In v249 a bunch of meson files had been touched as part of the migration to + # jinja2 for templating. Unfortunately some of those files lost the `install_sysconfdir_samples` check. + # The following two patches are part of a PR that was filed to fix those cases. + # https://github.com/systemd/systemd/pull/20303 + ./0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch + ./0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch - # Fix CVE-2021-33910, disclosed 2021-07-20 - (fetchpatch { - name = "CVE-2021-33910.patch"; - url = "https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9.patch"; - sha256 = "1g1lk95igaadg67kah9bpi4zsc01rg398sd1247ghjsvl5hxn4v4"; - }) + # In v248 or v249 we started to get in trouble due to our /etc/systemd/sytem being + # a symlink and thus being treated differently by systemd. With the below + # patch we mitigate that effect by special casing all our root unit dirs + # if they are symlinks. This does exactly what we need (AFAICT). + ./0022-core-Handle-lookup-paths-being-symlinks.patch + + # The way files are being tested for being executable changed in v248/v249 + # which caused our confinement setup to fail as we do not mount /proc by + # default. + # The issue has been reported upstream and this patch carries the upstream + # fix for the same. Upstream now has a test for this scenario. + # https://github.com/systemd/systemd/issues/20514 + ./0023-path-util-make-find_executable-work-without-proc-mounted.patch ]; postPatch = '' @@ -175,14 +191,14 @@ stdenv.mkDerivation rec { "find_program('${stdenv.cc.bintools.targetPrefix}objcopy'" '' + ( let - # The folllowing dlopen patches ensure that all the features that are - # implemented via dlopen(3) are available (or explicitly deactivated) by - # pointing dlopen to the absolute store path instead of relying on the - # linkers runtime lookup code. + # The folllowing patches references to dynamic libraries to ensure that + # all the features that are implemented via dlopen(3) are available (or + # explicitly deactivated) by pointing dlopen to the absolute store path + # instead of relying on the linkers runtime lookup code. # - # All of the dlopen calls have to be handled. When new ones are introduced - # by upstream (or one of our patches) they must be explicitly declared, - # otherwise the build will fail. + # All of the shared library references have to be handled. When new ones + # are introduced by upstream (or one of our patches) they must be + # explicitly declared, otherwise the build will fail. # # As of systemd version 247 we've seen a few errors like `libpcre2.… not # found` when using e.g. --grep with journalctl. Those errors should @@ -201,32 +217,45 @@ stdenv.mkDerivation rec { # path location). # # To get a list of dynamically loaded libraries issue something like - # `grep -ri 'dlopen("lib' $src` and update the below list. - dlopenLibs = [ - # We did never provide support for libxkbcommon & qrencode - { name = "libxkbcommon.so.0"; pkg = null; } - { name = "libqrencode.so.4"; pkg = null; } + # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list. + dlopenLibs = + let + opt = condition: pkg: if condition then pkg else null; + in + [ + # bpf compilation support + { name = "libbpf.so.0"; pkg = opt withLibBPF libbpf; } - # We did not provide libpwquality before so it is safe to disable it for - # now. - { name = "libpwquality.so.1"; pkg = null; } + # We did never provide support for libxkbcommon & qrencode + { name = "libxkbcommon.so.0"; pkg = null; } + { name = "libqrencode.so.4"; pkg = null; } - # Only include cryptsetup if it is enabled. We might not be able to - # provide it during "bootstrap" in e.g. the minimal systemd build as - # cryptsetup has udev (aka systemd) in it's dependencies. - { name = "libcryptsetup.so.12"; pkg = if withCryptsetup then cryptsetup else null; } + # We did not provide libpwquality before so it is safe to disable it for + # now. + { name = "libpwquality.so.1"; pkg = null; } - # We are using libidn2 so we only provide that and ignore the others. - # Systemd does this decision during configure time and uses ifdef's to - # enable specific branches. We can safely ignore (nuke) the libidn "v1" - # libraries. - { name = "libidn2.so.0"; pkg = libidn2; } - { name = "libidn.so.12"; pkg = null; } - { name = "libidn.so.11"; pkg = null; } + # Only include cryptsetup if it is enabled. We might not be able to + # provide it during "bootstrap" in e.g. the minimal systemd build as + # cryptsetup has udev (aka systemd) in it's dependencies. + { name = "libcryptsetup.so.12"; pkg = opt withCryptsetup cryptsetup; } - # journalctl --grep requires libpcre so lets provide it - { name = "libpcre2-8.so.0"; pkg = pcre2; } - ]; + # We are using libidn2 so we only provide that and ignore the others. + # Systemd does this decision during configure time and uses ifdef's to + # enable specific branches. We can safely ignore (nuke) the libidn "v1" + # libraries. + { name = "libidn2.so.0"; pkg = libidn2; } + { name = "libidn.so.12"; pkg = null; } + { name = "libidn.so.11"; pkg = null; } + + # journalctl --grep requires libpcre so lets provide it + { name = "libpcre2-8.so.0"; pkg = pcre2; } + + # Support for TPM2 in systemd-cryptsetup, systemd-repart and systemd-cryptenroll + { name = "libtss2-esys.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libtss2-rc.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libtss2-mu.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libfido2.so.1"; pkg = opt withFido2 libfido2; } + ]; patchDlOpen = dl: let @@ -234,9 +263,9 @@ stdenv.mkDerivation rec { in if dl.pkg == null then '' # remove the dependency on the library by replacing it with an invalid path - for file in $(grep -lr 'dlopen("${dl.name}"' src); do + for file in $(grep -lr '"${dl.name}"' src); do echo "patching dlopen(\"${dl.name}\", …) in $file to an invalid store path ("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}")…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' + substituteInPlace "$file" --replace '"${dl.name}"' '"/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' done '' else '' # ensure that the library we provide actually exists @@ -245,76 +274,94 @@ stdenv.mkDerivation rec { exit 1 fi # make the path to the dependency explicit - for file in $(grep -lr 'dlopen("${dl.name}"' src); do + for file in $(grep -lr '"${dl.name}"' src); do echo "patching dlopen(\"${dl.name}\", …) in $file to ${library}…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("${library}"' + substituteInPlace "$file" --replace '"${dl.name}"' '"${library}"' done + ''; in # patch all the dlopen calls to contain absolute paths to the libraries lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs ) - # finally ensure that there are no left-over dlopen calls that we didn't handle + # finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle + '' - if grep -qr 'dlopen("[^/]' src; then - echo "Found unhandled dlopen calls: " - grep -r 'dlopen("[^/]' src + if grep -qr '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src; then + echo "Found unhandled dynamic library calls: " + grep -r '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src exit 1 fi + '' + # Finally patch shebangs that might need patching. + # Should no longer be necessary with v250. + # https://github.com/systemd/systemd/pull/19638 + + '' + patchShebangs . ''; outputs = [ "out" "man" "dev" ]; - nativeBuildInputs = [ - pkg-config - gperf - ninja - meson - glibcLocales - getent - m4 + nativeBuildInputs = + [ + pkg-config + gperf + ninja + meson + glibcLocales + getent + m4 - intltool - gettext + intltool + gettext - libxslt - docbook_xsl - docbook_xml_dtd_42 - docbook_xml_dtd_45 - (buildPackages.python3Packages.python.withPackages (ps: with ps; [ python3Packages.lxml ])) - ]; + libxslt + docbook_xsl + docbook_xml_dtd_42 + docbook_xml_dtd_45 + (buildPackages.python3Packages.python.withPackages (ps: with ps; [ lxml jinja2 ])) + ] + ++ lib.optional withLibBPF [ + bpftools + llvmPackages.clang + llvmPackages.libllvm + ] + ; - buildInputs = [ - acl - audit - glib - kmod - libcap - libgcrypt - libidn2 - libuuid - linuxHeaders - pam - ] + buildInputs = + [ + acl + audit + glib + kmod + libcap + libgcrypt + libidn2 + libuuid + linuxHeaders + pam + ] - ++ lib.optional withApparmor libapparmor - ++ lib.optional wantCurl (lib.getDev curl) - ++ lib.optionals withCompression [ bzip2 lz4 xz ] - ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev) - ++ lib.optional withEfi gnu-efi - ++ lib.optional withKexectools kexec-tools - ++ lib.optional withLibseccomp libseccomp - ++ lib.optional withNetworkd iptables - ++ lib.optional withPCRE2 pcre2 - ++ lib.optional withResolved libgpgerror - ++ lib.optional withSelinux libselinux - ++ lib.optional withRemote libmicrohttpd - ++ lib.optionals withHomed [ p11-kit libfido2 ] + ++ lib.optional withApparmor libapparmor + ++ lib.optional wantCurl (lib.getDev curl) + ++ lib.optionals withCompression [ bzip2 lz4 xz ] + ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev) + ++ lib.optional withEfi gnu-efi + ++ lib.optional withKexectools kexec-tools + ++ lib.optional withLibseccomp libseccomp + ++ lib.optional withNetworkd iptables + ++ lib.optional withPCRE2 pcre2 + ++ lib.optional withResolved libgpgerror + ++ lib.optional withSelinux libselinux + ++ lib.optional withRemote libmicrohttpd + ++ lib.optionals withHomed [ p11-kit ] + ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ] + ++ lib.optionals withLibBPF [ libbpf ] ; #dontAddPrefix = true; mesonFlags = [ + "-Dversion-tag=${version}" "-Ddbuspolicydir=${placeholder "out"}/share/dbus-1/system.d" "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" @@ -405,6 +452,8 @@ stdenv.mkDerivation rec { "-Dnss-mymachines=false" "-Dnss-resolve=false" "-Dnss-systemd=false" + ] ++ lib.optionals withLibBPF [ + "-Dbpf-framework=true" ]; preConfigure = '' @@ -453,7 +502,8 @@ stdenv.mkDerivation rec { --replace '"tar"' '"${gnutar}/bin/tar"' done - substituteInPlace src/journal/catalog.c \ + + substituteInPlace src/libsystemd/sd-journal/catalog.c \ --replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/ ''; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cb8c5f69a716..9d65e40dadfc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21870,9 +21870,11 @@ with pkgs; withCryptsetup = false; withDocumentation = false; withEfi = false; + withFido2 = false; withHostnamed = false; withHwdb = false; withImportd = false; + withLibBPF = false; withLocaled = false; withLogind = false; withMachined = false; @@ -21886,6 +21888,7 @@ with pkgs; withShellCompletions = false; withTimedated = false; withTimesyncd = false; + withTpm2Tss = false; withUserDb = false; glib = null; libgcrypt = null; From 72197a5c790230a007a570017ef58bb26f45fe96 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 27 Aug 2021 01:47:27 +0200 Subject: [PATCH 4/5] nixos/tests/herbstluftwm: fix timeout that was given in seconds Hydra accepts timeouts as value of seconds after which the test is terminated / considered failed. Using the value 30 here has the effect that the test was terminate after 30 seconds. That time might be sufficient for the test execution itself but it has another downside: Jobs on hydra inherit the timeout of their parent. In this case all the builds that are a dependency of the herbstluftwm test *must* finish (each) within 30s. And since not all of the dependencies are cached in the binary cache this could lead to an issue with pacakges that take longer than 30s to build at the time when the herbstluftwm test is built by hydra. It is best to not set the timeout here and let hydra deal with it. Our default timeout for builds is two hours which is more than sufficient for most builds and tests. If the test fails we will spent ~2h doing something or nothing at worst but at least we wont kill the build just because a dependency wasn't fullfilled already. --- nixos/tests/herbstluftwm.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/tests/herbstluftwm.nix b/nixos/tests/herbstluftwm.nix index 2c98cceee6a2..7d079f4bfb69 100644 --- a/nixos/tests/herbstluftwm.nix +++ b/nixos/tests/herbstluftwm.nix @@ -3,7 +3,6 @@ import ./make-test-python.nix ({ lib, ...} : { meta = { maintainers = with lib.maintainers; [ thibautmarty ]; - timeout = 30; }; machine = { pkgs, lib, ... }: { From 92442b1f99ce5121a12e47be8ed0794fef50d582 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 27 Aug 2021 14:09:35 +0200 Subject: [PATCH 5/5] nixos/tests/prometheus: wait for influxdb exporter before quering Previously the influxdb exporter test was flaky as even after the service has started there is still a race before the service is actually listening and accepting connection on port 9122. With this commit the test will wait for the port to be open before proceeding. --- nixos/tests/prometheus-exporters.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index c6e8fa5a9ee1..61cdbbcf4558 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -280,6 +280,7 @@ let }; exporterTest = '' wait_for_unit("prometheus-influxdb-exporter.service") + wait_for_open_port(9122) succeed( "curl -XPOST http://localhost:9122/write --data-binary 'influxdb_exporter,distro=nixos,added_in=21.09 value=1'" )