diff --git a/nixos/lib/systemd-lib.nix b/nixos/lib/systemd-lib.nix index dac5cc7b700c..f75a52a95a09 100644 --- a/nixos/lib/systemd-lib.nix +++ b/nixos/lib/systemd-lib.nix @@ -169,6 +169,10 @@ in rec { optional (attr ? ${name} && !isInt attr.${name}) "Systemd ${group} field `${name}' is not an integer"; + assertRemoved = name: see: group: attr: + optional (attr ? ${name}) + "Systemd ${group} field `${name}' has been removed. See ${see}"; + checkUnitConfig = group: checks: attrs: let # We're applied at the top-level type (attrsOf unitOption), so the actual # unit options might contain attributes from mkOverride and mkIf that we need to diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 8ecc6cfe8b4b..2ee9c721480d 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -18,12 +18,16 @@ let "ManageForeignRoutes" "RouteTable" "IPv6PrivacyExtensions" + "IPv4Forwarding" + "IPv6Forwarding" ]) (assertValueOneOf "SpeedMeter" boolValues) (assertInt "SpeedMeterIntervalSec") (assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues) (assertValueOneOf "ManageForeignRoutes" boolValues) (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"])) + (assertValueOneOf "IPv4Forwarding" boolValues) + (assertValueOneOf "IPv6Forwarding" boolValues) ]; sectionDHCPv4 = checkUnitConfig "DHCPv4" [ @@ -652,6 +656,8 @@ let "DNSDefaultRoute" "NTP" "IPForward" + "IPv4Forwarding" + "IPv6Forwarding" "IPMasquerade" "IPv6PrivacyExtensions" "IPv6AcceptRA" @@ -700,7 +706,9 @@ let (assertValueOneOf "LLDP" (boolValues ++ ["routers-only"])) (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"])) (assertValueOneOf "DNSDefaultRoute" boolValues) - (assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"])) + (assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5)") + (assertValueOneOf "IPv4Forwarding" boolValues) + (assertValueOneOf "IPv6Forwarding" boolValues) (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"])) (assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"])) (assertValueOneOf "IPv6AcceptRA" boolValues) @@ -2835,6 +2843,7 @@ let "systemd-networkd-wait-online.service" "systemd-networkd.service" "systemd-networkd.socket" + "systemd-networkd-persistent-storage.service" ]; environment.etc."systemd/networkd.conf" = renderConfig cfg.config; diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index ae05bc5ae88c..082380216d2a 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -131,6 +131,7 @@ let # Copy udev. copy_bin_and_libs ${udev}/bin/udevadm + cp ${lib.getLib udev.kmod}/lib/libkmod.so* $out/lib copy_bin_and_libs ${udev}/lib/systemd/systemd-sysctl for BIN in ${udev}/lib/udev/*_id; do copy_bin_and_libs $BIN diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 76a6751b0570..a57c6b7dfde7 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -37,6 +37,8 @@ let "cryptsetup.target" "cryptsetup-pre.target" "remote-cryptsetup.target" + ] ++ optionals cfg.package.withTpm2Tss [ + "tpm2.target" ] ++ [ "sigpwr.target" "timers.target" @@ -112,6 +114,7 @@ let "sleep.target" "hybrid-sleep.target" "systemd-hibernate.service" + "systemd-hibernate-clear.service" "systemd-hybrid-sleep.service" "systemd-suspend.service" "systemd-suspend-then-hibernate.service" @@ -136,6 +139,16 @@ let "systemd-ask-password-wall.path" "systemd-ask-password-wall.service" + # Varlink APIs + "systemd-bootctl@.service" + "systemd-bootctl.socket" + "systemd-creds@.service" + "systemd-creds.socket" + ] ++ lib.optional cfg.package.withTpm2Tss [ + "systemd-pcrlock@.service" + "systemd-pcrlock.socket" + ] ++ [ + # Slices / containers. "slices.target" ] ++ optionals cfg.package.withImportd [ @@ -158,6 +171,7 @@ let ] ++ optionals cfg.package.withHostnamed [ "dbus-org.freedesktop.hostname1.service" "systemd-hostnamed.service" + "systemd-hostnamed.socket" ] ++ optionals cfg.package.withPortabled [ "dbus-org.freedesktop.portable1.service" "systemd-portabled.service" diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index 6107a2594baf..24b4ba5ecc22 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -70,6 +70,7 @@ let "systemd-tmpfiles-setup-dev.service" "systemd-tmpfiles-setup.service" "timers.target" + "tpm2.target" "umount.target" "systemd-bsod.service" ] ++ cfg.additionalUpstreamUnits; @@ -344,7 +345,8 @@ in { }; enableTpm2 = mkOption { - default = true; + default = cfg.package.withTpm2Tss; + defaultText = "boot.initrd.systemd.package.withTpm2Tss"; type = types.bool; description = '' Whether to enable TPM2 support in the initrd. @@ -460,6 +462,7 @@ in { "${cfg.package}/lib/systemd/systemd-sulogin-shell" "${cfg.package}/lib/systemd/systemd-sysctl" "${cfg.package}/lib/systemd/systemd-bsod" + "${cfg.package}/lib/systemd/systemd-sysroot-fstab-check" # generators "${cfg.package}/lib/systemd/system-generators/systemd-debug-generator" @@ -486,6 +489,8 @@ in { # fido2 support "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so" "${pkgs.libfido2}/lib/libfido2.so.1" + ] ++ optionals cfg.package.withKmod [ + "${pkgs.kmod.lib}/lib/libkmod.so.2" ] ++ jobScripts; targets.initrd.aliases = ["default.target"]; diff --git a/nixos/modules/system/boot/systemd/journald.nix b/nixos/modules/system/boot/systemd/journald.nix index 586de87dbc8e..180a5cf6c396 100644 --- a/nixos/modules/system/boot/systemd/journald.nix +++ b/nixos/modules/system/boot/systemd/journald.nix @@ -96,6 +96,7 @@ in { "systemd-journald@.service" "systemd-journal-flush.service" "systemd-journal-catalog-update.service" + "systemd-journald-sync@.service" ] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [ "systemd-journald-dev-log.socket" "syslog.socket" diff --git a/nixos/tests/rosenpass.nix b/nixos/tests/rosenpass.nix index 8765fd201c0e..5ef6e55f5374 100644 --- a/nixos/tests/rosenpass.nix +++ b/nixos/tests/rosenpass.nix @@ -44,7 +44,8 @@ in enable = true; networks."rosenpass" = { matchConfig.Name = deviceName; - networkConfig.IPForward = true; + networkConfig.IPv4Forwarding = true; + networkConfig.IPv6Forwarding = true; address = [ "${peer.ip}/64" ]; }; diff --git a/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix b/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix index fda9f35cbe10..8c0ebeee97c7 100644 --- a/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix +++ b/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix @@ -24,8 +24,6 @@ import ./make-test-python.nix ({ lib, ... }: { "01-eth1" = { name = "eth1"; networkConfig = { - # IPForward prevents dynamic address configuration - IPForward = true; DHCPServer = true; Address = "10.0.0.1/24"; }; diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix index 338b12093b03..2ea6d0effd53 100644 --- a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix +++ b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix @@ -40,7 +40,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { address = [ "2001:DB8::1/64" ]; - networkConfig.IPForward = true; + networkConfig.IPv4Forwarding = true; + networkConfig.IPv6Forwarding = true; }; }; }; diff --git a/nixos/tests/systemd-networkd-vrf.nix b/nixos/tests/systemd-networkd-vrf.nix index 4f2a45577c16..a7875bb177fa 100644 --- a/nixos/tests/systemd-networkd-vrf.nix +++ b/nixos/tests/systemd-networkd-vrf.nix @@ -16,7 +16,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let linkConfig.RequiredForOnline = "no"; networkConfig = { Address = "192.168.${toString vlan}.${toString id}/24"; - IPForward = "yes"; + IPv4Forwarding = "yes"; + IPv6Forwarding = "yes"; }; }; }; @@ -57,14 +58,16 @@ in { networks."10-vrf1" = { matchConfig.Name = "vrf1"; - networkConfig.IPForward = "yes"; + networkConfig.IPv4Forwarding = "yes"; + networkConfig.IPv6Forwarding = "yes"; routes = [ { Destination = "192.168.1.2"; Metric = 100; } ]; }; networks."10-vrf2" = { matchConfig.Name = "vrf2"; - networkConfig.IPForward = "yes"; + networkConfig.IPv4Forwarding = "yes"; + networkConfig.IPv6Forwarding = "yes"; routes = [ { Destination = "192.168.2.3"; Metric = 100; } ]; @@ -76,7 +79,8 @@ in { networkConfig = { VRF = "vrf1"; Address = "192.168.1.1/24"; - IPForward = "yes"; + IPv4Forwarding = "yes"; + IPv6Forwarding = "yes"; }; }; networks."10-eth2" = { @@ -85,7 +89,8 @@ in { networkConfig = { VRF = "vrf2"; Address = "192.168.2.1/24"; - IPForward = "yes"; + IPv4Forwarding = "yes"; + IPv6Forwarding = "yes"; }; }; }; diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index 4b087d403f37..3430eb9398cb 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -204,8 +204,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { assert "0B read, 0B written" not in output with subtest("systemd per-unit accounting works"): - assert "IP traffic received: 84B" in output_ping - assert "IP traffic sent: 84B" in output_ping + assert "IP traffic received: 84B sent: 84B" in output_ping with subtest("systemd environment is properly set"): machine.systemctl("daemon-reexec") # Rewrites /proc/1/environ diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index b08026278edb..9dd9344a831f 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -13,17 +13,17 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index 0d68f31d36..6b52f7ed4b 100644 +index ad0c7e2fb5..79f3086e78 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in -@@ -22,10 +22,6 @@ SUBSYSTEM=="block", TAG+="systemd" - SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end" - SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" +@@ -26,10 +26,6 @@ SUBSYSTEM=="block", ACTION=="add", KERNEL=="dm-*", ENV{DM_NAME}!="?*", ENV{SYSTE + # Import previous SYSTEMD_READY state. + SUBSYSTEM=="block", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}=="", IMPORT{db}="SYSTEMD_READY" -# Ignore encrypted devices with no identified superblock on it, since -# we are probably still calling mke2fs or mkswap on it. -SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" - - # Explicitly set SYSTEMD_READY=1 for DM devices that don't have it set yet, so that we always have something to import above - SUBSYSTEM=="block", ENV{DM_UUID}=="?*", ENV{SYSTEMD_READY}=="", ENV{SYSTEMD_READY}="1" - + # add symlink to GPT root disk + SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" + SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index 8507bb583c8a..6adbe5d6f68d 100644 --- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -14,7 +14,7 @@ Original-Author: Eelco Dolstra 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c -index 55e76b6e16..015a608035 100644 +index eac5bb8d3b..d8187bfa99 100644 --- a/src/shared/fstab-util.c +++ b/src/shared/fstab-util.c @@ -66,6 +66,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { @@ -27,7 +27,7 @@ index 55e76b6e16..015a608035 100644 "/etc")) return true; diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 1a9b99d761..04ef9af1ea 100644 +index ca6d36e054..0a9227c9a8 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c @@ -170,8 +170,10 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) { diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index 535ca3d86457..68bb9914e40e 100644 --- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 38196ef3d6..57d1750b00 100644 +index 4fee8a693c..756ce11b1f 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5602,6 +5602,7 @@ static int run(int argc, char *argv[]) { +@@ -6028,6 +6028,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index 38196ef3d6..57d1750b00 100644 _cleanup_free_ char *p = NULL; if (arg_pivot_root_new) -@@ -5618,6 +5619,7 @@ static int run(int argc, char *argv[]) { +@@ -6044,6 +6045,7 @@ static int run(int argc, char *argv[]) { "Directory %s doesn't look like it has an OS tree (/usr/ directory is missing). Refusing.", arg_directory); goto finish; } diff --git a/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch index d2232765f71d..46623e87e8c3 100644 --- a/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch +++ b/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch @@ -16,10 +16,10 @@ Original-Author: Eelco Dolstra 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 4e3d59fc56..0d18b9a2d0 100644 +index 540256b73b..a115ec09a3 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c -@@ -92,11 +92,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { +@@ -123,11 +123,7 @@ int runtime_directory(char **ret, RuntimeScope scope, const char *suffix) { } static const char* const user_data_unit_paths[] = { @@ -31,7 +31,7 @@ index 4e3d59fc56..0d18b9a2d0 100644 NULL }; -@@ -613,16 +609,13 @@ int lookup_paths_init( +@@ -634,16 +630,13 @@ int lookup_paths_init( persistent_config, SYSTEM_CONFIG_UNIT_DIR, "/etc/systemd/system", @@ -49,7 +49,7 @@ index 4e3d59fc56..0d18b9a2d0 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -638,14 +631,11 @@ int lookup_paths_init( +@@ -659,14 +652,11 @@ int lookup_paths_init( persistent_config, USER_CONFIG_UNIT_DIR, "/etc/systemd/user", @@ -65,7 +65,7 @@ index 4e3d59fc56..0d18b9a2d0 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -805,7 +795,6 @@ char **generator_binary_paths(RuntimeScope scope) { +@@ -825,7 +815,6 @@ char **generator_binary_paths(RuntimeScope scope) { case RUNTIME_SCOPE_SYSTEM: add = strv_new("/run/systemd/system-generators", "/etc/systemd/system-generators", @@ -73,7 +73,7 @@ index 4e3d59fc56..0d18b9a2d0 100644 SYSTEM_GENERATOR_DIR); break; -@@ -813,7 +802,6 @@ char **generator_binary_paths(RuntimeScope scope) { +@@ -833,7 +822,6 @@ char **generator_binary_paths(RuntimeScope scope) { case RUNTIME_SCOPE_USER: add = strv_new("/run/systemd/user-generators", "/etc/systemd/user-generators", @@ -81,7 +81,7 @@ index 4e3d59fc56..0d18b9a2d0 100644 USER_GENERATOR_DIR); break; -@@ -852,14 +840,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) { +@@ -872,14 +860,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) { case RUNTIME_SCOPE_SYSTEM: add = strv_new("/run/systemd/system-environment-generators", "/etc/systemd/system-environment-generators", diff --git a/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch index a0bcc6afaa12..5c1684281b25 100644 --- a/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -13,10 +13,10 @@ in containers. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/manager.c b/src/core/manager.c -index e61ebee253..22cc5cc843 100644 +index 04103e0fe9..e26c6c5cfd 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -1562,7 +1562,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { +@@ -1611,7 +1611,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { if (!unit_is_bound_by_inactive(u, &culprit)) continue; diff --git a/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch index b350e36bc5c2..c60c5a4cbf9b 100644 --- a/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -11,10 +11,10 @@ Subject: [PATCH] hostnamed, localed, timedated: disable methods that change 3 files changed, 25 insertions(+) diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index e1d53f2395..a224e6dadc 100644 +index 82d08803fa..8e40b77eba 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c -@@ -1053,6 +1053,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ +@@ -1116,6 +1116,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ if (r < 0) return r; @@ -24,7 +24,7 @@ index e1d53f2395..a224e6dadc 100644 name = empty_to_null(name); context_read_etc_hostname(c); -@@ -1116,6 +1119,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess +@@ -1178,6 +1181,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess if (r < 0) return r; @@ -35,10 +35,10 @@ index e1d53f2395..a224e6dadc 100644 context_read_machine_info(c); diff --git a/src/locale/localed.c b/src/locale/localed.c -index 5d96237fae..9af35cd29c 100644 +index c0d104578d..51a714ee23 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c -@@ -229,6 +229,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er +@@ -226,6 +226,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er use_localegen = locale_gen_check_available(); @@ -48,7 +48,7 @@ index 5d96237fae..9af35cd29c 100644 /* If single locale without variable name is provided, then we assume it is LANG=. */ if (strv_length(l) == 1 && !strchr(l[0], '=')) { if (!locale_is_valid(l[0])) -@@ -347,6 +350,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro +@@ -343,6 +346,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro if (r < 0) return bus_log_parse_error(r); @@ -58,7 +58,7 @@ index 5d96237fae..9af35cd29c 100644 vc_context_empty_to_null(&in); r = vc_context_verify_and_warn(&in, LOG_ERR, error); -@@ -465,6 +471,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err +@@ -460,6 +466,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err if (r < 0) return bus_log_parse_error(r); @@ -69,10 +69,10 @@ index 5d96237fae..9af35cd29c 100644 r = x11_context_verify_and_warn(&in, LOG_ERR, error); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index c7be30f563..50f8aa8675 100644 +index e3b4367ec0..448aa7e94d 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -659,6 +659,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * +@@ -673,6 +673,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * if (r < 0) return r; @@ -83,7 +83,7 @@ index c7be30f563..50f8aa8675 100644 if (!timezone_is_valid(z, LOG_DEBUG)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); -@@ -737,6 +741,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error +@@ -750,6 +754,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error if (r < 0) return r; @@ -93,7 +93,7 @@ index c7be30f563..50f8aa8675 100644 if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -917,6 +924,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -928,6 +935,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; diff --git a/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index 30178675f7f9..b73489f56b29 100644 --- a/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -13,7 +13,7 @@ NixOS uses this path. 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/man/localtime.xml b/man/localtime.xml -index e486474c44..5f373d0723 100644 +index 3a13e04a27..4fd58068a1 100644 --- a/man/localtime.xml +++ b/man/localtime.xml @@ -20,7 +20,7 @@ @@ -35,7 +35,7 @@ index e486474c44..5f373d0723 100644 Etc/UTC. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index f9014dc560..3ee0363369 100644 +index b94f37c31c..48f5a2526b 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c @@ -1412,7 +1412,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { @@ -65,20 +65,20 @@ index f9014dc560..3ee0363369 100644 fd = open(t, O_RDONLY|O_CLOEXEC); if (fd < 0) -@@ -1625,7 +1625,7 @@ int get_timezone(char **ret) { +@@ -1617,7 +1617,7 @@ int get_timezone(char **ret) { if (r < 0) - return r; /* returns EINVAL if not a symlink */ + return r; /* Return EINVAL if not a symlink */ -- e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); -+ e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/"); +- const char *e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); ++ const char *e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/"); if (!e) return -EINVAL; - + if (!timezone_is_valid(e, LOG_DEBUG)) diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index f77a5f6266..63bac85b29 100644 +index 6afabef430..c1e3af77e1 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c -@@ -632,7 +632,7 @@ static int process_timezone(int rfd) { +@@ -648,7 +648,7 @@ static int process_timezone(int rfd) { if (isempty(arg_timezone)) return 0; @@ -88,10 +88,10 @@ index f77a5f6266..63bac85b29 100644 r = symlinkat_atomic_full(e, pfd, f, /* make_relative= */ false); if (r < 0) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index e48ebe8342..41796f3358 100644 +index 756ce11b1f..436804b3bd 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -1845,8 +1845,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid +@@ -1862,8 +1862,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid static const char *timezone_from_path(const char *path) { return PATH_STARTSWITH_SET( path, @@ -103,10 +103,10 @@ index e48ebe8342..41796f3358 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 50f8aa8675..aff156ab42 100644 +index 448aa7e94d..2161e09579 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -276,7 +276,7 @@ static int context_read_data(Context *c) { +@@ -280,7 +280,7 @@ static int context_read_data(Context *c) { r = get_timezone(&t); if (r == -EINVAL) @@ -115,7 +115,7 @@ index 50f8aa8675..aff156ab42 100644 else if (r < 0) log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); -@@ -300,7 +300,7 @@ static int context_write_data_timezone(Context *c) { +@@ -304,7 +304,7 @@ static int context_write_data_timezone(Context *c) { if (isempty(c->zone) || streq(c->zone, "UTC")) { @@ -124,7 +124,7 @@ index 50f8aa8675..aff156ab42 100644 if (unlink("/etc/localtime") < 0 && errno != ENOENT) return -errno; -@@ -308,9 +308,9 @@ static int context_write_data_timezone(Context *c) { +@@ -312,9 +312,9 @@ static int context_write_data_timezone(Context *c) { return 0; } diff --git a/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch index 15fe403c28fc..d7a11e3996cb 100644 --- a/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch +++ b/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch @@ -12,10 +12,10 @@ files that I might have missed. 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/basic/constants.h b/src/basic/constants.h -index 6bb5f3c281..678d13737d 100644 +index e70817c51f..859e673a67 100644 --- a/src/basic/constants.h +++ b/src/basic/constants.h -@@ -65,13 +65,15 @@ +@@ -62,13 +62,15 @@ "/etc/" n "\0" \ "/run/" n "\0" \ "/usr/local/lib/" n "\0" \ @@ -23,7 +23,7 @@ index 6bb5f3c281..678d13737d 100644 + "/usr/lib/" n "\0" \ + PREFIX "/lib/" n "\0" - #define CONF_PATHS_USR(n) \ + #define CONF_PATHS(n) \ "/etc/" n, \ "/run/" n, \ "/usr/local/lib/" n, \ @@ -31,5 +31,5 @@ index 6bb5f3c281..678d13737d 100644 + "/usr/lib/" n, \ + PREFIX "/lib/" n - #define CONF_PATHS(n) \ - CONF_PATHS_USR(n) + #define CONF_PATHS_STRV(n) \ + STRV_MAKE(CONF_PATHS(n)) diff --git a/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index 6f0b81a32aa7..24c74216b729 100644 --- a/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index b976b7d8cf..b1c02df6fd 100644 +index 67f44e16e9..dda6614561 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c -@@ -336,6 +336,7 @@ static void init_watchdog(void) { +@@ -358,6 +358,7 @@ static void notify_supervisor(void) { int main(int argc, char *argv[]) { static const char* const dirs[] = { SYSTEM_SHUTDOWN_PATH, diff --git a/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index a5ed574afa24..733e042ec0dd 100644 --- a/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -9,10 +9,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index 21af3e9e52..6d096e3c78 100644 +index c96207428d..1e95eec7f1 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -215,6 +215,7 @@ static int execute( +@@ -217,6 +217,7 @@ static int execute( }; static const char* const dirs[] = { SYSTEM_SLEEP_PATH, diff --git a/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index 55e556288c08..b546c7eeb62e 100644 --- a/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -10,19 +10,20 @@ systemd itself uses extensively. 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index 6d943e967f..d4380aa7e3 100644 +index fcb3aa9399..b9e69cbf91 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h -@@ -25,9 +25,9 @@ - # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) - #endif +@@ -17,10 +17,10 @@ + #define PATH_MERGED_BIN(x) x "bin" + #define PATH_MERGED_BIN_NULSTR(x) x "bin\0" --#define DEFAULT_PATH PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") --#define DEFAULT_PATH_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") --#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") -+#define DEFAULT_PATH "@defaultPathNormal@" -+#define DEFAULT_PATH_NULSTR "@defaultPathNormal@\0" -+#define DEFAULT_PATH_COMPAT DEFAULT_PATH +-#define DEFAULT_PATH_WITH_SBIN PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/") +-#define DEFAULT_PATH_WITHOUT_SBIN PATH_MERGED_BIN("/usr/local/") ":" PATH_MERGED_BIN("/usr/") ++#define DEFAULT_PATH_WITH_SBIN "@defaultPathNormal@" ++#define DEFAULT_PATH_WITHOUT_SBIN DEFAULT_PATH_WITH_SBIN + +-#define DEFAULT_PATH_COMPAT PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/") ":" PATH_SPLIT_BIN("/") ++#define DEFAULT_PATH_COMPAT DEFAULT_PATH_WITH_SBIN + + const char* default_PATH(void); - #ifndef DEFAULT_USER_PATH - # define DEFAULT_USER_PATH DEFAULT_PATH diff --git a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch index 8bccf5539058..e17d281a6101 100644 --- a/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch +++ b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch @@ -16,10 +16,10 @@ executables that are being called from managers. 1 file changed, 8 insertions(+) diff --git a/src/core/manager.c b/src/core/manager.c -index 22cc5cc843..5dc7d4504f 100644 +index e26c6c5cfd..6cc1642684 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -3914,9 +3914,17 @@ static int build_generator_environment(Manager *m, char ***ret) { +@@ -4035,9 +4035,17 @@ static int build_generator_environment(Manager *m, char ***ret) { * adjust generated units to that. Let's pass down some bits of information that are easy for us to * determine (but a bit harder for generator scripts to determine), as environment variables. */ diff --git a/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch b/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch index 8b862918500e..0fd274d7a5b7 100644 --- a/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch +++ b/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch @@ -13,20 +13,25 @@ so showing the taint isn't really helpful. See also: https://github.com/systemd/systemd/issues/24191 --- - src/core/manager.c | 3 --- - 1 file changed, 3 deletions(-) + src/core/taint.c | 8 -------- + 1 file changed, 8 deletions(-) -diff --git a/src/core/manager.c b/src/core/manager.c -index 5dc7d4504f..6208c9aa31 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -4800,9 +4800,6 @@ char* manager_taint_string(const Manager *m) { - const char* stage[12] = {}; - size_t n = 0; +diff --git a/src/core/taint.c b/src/core/taint.c +index 969b37f209..de64e8f1f9 100644 +--- a/src/core/taint.c ++++ b/src/core/taint.c +@@ -41,14 +41,6 @@ char* taint_string(void) { -- _cleanup_free_ char *usrbin = NULL; -- if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin")) + _cleanup_free_ char *bin = NULL, *usr_sbin = NULL, *var_run = NULL; + +- if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin")) - stage[n++] = "unmerged-usr"; +- +- /* Note that the check is different from default_PATH(), as we want to taint on uncanonical symlinks +- * too. */ +- if (readlink_malloc("/usr/sbin", &usr_sbin) < 0 || !PATH_IN_SET(usr_sbin, "bin", "/usr/bin")) +- stage[n++] = "unmerged-bin"; +- + if (readlink_malloc("/var/run", &var_run) < 0 || !PATH_IN_SET(var_run, "../run", "/run")) + stage[n++] = "var-run-bad"; - if (access("/proc/cgroups", F_OK) < 0) - stage[n++] = "cgroups-missing"; diff --git a/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch b/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch index 768f57e1335b..57ca20fdcbf7 100644 --- a/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch +++ b/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch @@ -27,10 +27,10 @@ filename_is_valid with path_is_valid. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c -index 5e07b88a89..8dd7315009 100644 +index 10a78adfaf..6493d5d270 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c -@@ -654,7 +654,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) { +@@ -670,7 +670,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) { fn = strjoina("libtss2-tcti-", driver, ".so.0"); /* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */ diff --git a/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch b/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch index 96cd420221e5..cc7106f9bb3d 100644 --- a/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch +++ b/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch @@ -30,7 +30,7 @@ are written into `$XDG_CONFIG_HOME/systemd/user`. 1 file changed, 3 insertions(+) diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c -index 367afa20f7..5777154d01 100644 +index 15398f8364..8d440cee59 100644 --- a/src/systemctl/systemctl-edit.c +++ b/src/systemctl/systemctl-edit.c @@ -322,6 +322,9 @@ int verb_edit(int argc, char *argv[], void *userdata) { @@ -40,6 +40,6 @@ index 367afa20f7..5777154d01 100644 + if (!arg_runtime && arg_runtime_scope == RUNTIME_SCOPE_SYSTEM) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "The unit-directory '/etc/systemd/system' is read-only on NixOS, so it's not possible to edit system-units directly. Use 'systemctl edit --runtime' instead."); + - if (!on_tty()) + if (!on_tty() && !arg_stdin) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit units if not on a tty."); diff --git a/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch b/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch index fd38aa9a2850..7d941c33b927 100644 --- a/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch +++ b/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch @@ -8,14 +8,14 @@ Subject: [PATCH] meson.build: do not create systemdstatedir 1 file changed, 1 deletion(-) diff --git a/meson.build b/meson.build -index 7419e2b0b0..c82a527976 100644 +index cecdbc3aa7..bd7f8ec580 100644 --- a/meson.build +++ b/meson.build -@@ -2497,7 +2497,6 @@ install_data('LICENSE.GPL2', +@@ -2652,7 +2652,6 @@ install_data('LICENSE.GPL2', install_subdir('LICENSES', install_dir : docdir) -install_emptydir(systemdstatedir) - ############################################################ + ##################################################################### diff --git a/pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch b/pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch index 68ae22644835..eb06459a560d 100644 --- a/pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch +++ b/pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch @@ -1,4 +1,4 @@ -From 7a27556920fe1feefd17096841c8f3ca1294a1b3 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Yuri Nesterov Date: Wed, 21 Jun 2023 17:17:38 +0300 Subject: [PATCH] timesyncd: disable NSCD when DNSSEC validation is disabled @@ -13,7 +13,7 @@ directly. 1 file changed, 11 insertions(+) diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c -index 1d8ebecc91..2b0ae361ff 100644 +index 5c308a04bc..81aa3d3334 100644 --- a/src/timesync/timesyncd.c +++ b/src/timesync/timesyncd.c @@ -21,6 +21,11 @@ @@ -32,7 +32,7 @@ index 1d8ebecc91..2b0ae361ff 100644 if (r < 0) return log_error_errno(r, "Failed to parse fallback server strings: %m"); -+ r = getenv_bool_secure("SYSTEMD_NSS_RESOLVE_VALIDATE"); ++ r = secure_getenv_bool("SYSTEMD_NSS_RESOLVE_VALIDATE"); + if (r == 0) { + log_info("Disabling NSCD because DNSSEC validation is turned off"); + __nss_disable_nscd(register_traced_file); @@ -41,6 +41,3 @@ index 1d8ebecc91..2b0ae361ff 100644 log_debug("systemd-timesyncd running as pid " PID_FMT, getpid_cached()); notify_message = notify_start("READY=1\n" --- -2.34.1 - diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c675392153d0..656661677a9b 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -6,6 +6,7 @@ , pkgsCross , fetchFromGitHub , fetchzip +, fetchpatch , buildPackages , makeBinaryWrapper , ninja @@ -67,6 +68,7 @@ , p11-kit , libpwquality , qrencode +, libarchive # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to # be available during build time. @@ -153,6 +155,7 @@ # building disk images for non-NixOS systems. To save users from trying to use it # on their live NixOS system, we disable it by default. , withKernelInstall ? false +, withLibarchive ? true # tests assume too much system access for them to be feasible for us right now , withTests ? false # build only libudev and libsystemd @@ -179,14 +182,14 @@ assert withBootloader -> withEfi; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "255.9"; + version = "256.2"; # Use the command below to update `releaseTimestamp` on every (major) version # change. More details in the commentary at mesonFlags. # command: # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' - releaseTimestamp = "1701895110"; + releaseTimestamp = "1720202583"; in stdenv.mkDerivation (finalAttrs: { inherit pname version; @@ -195,9 +198,9 @@ stdenv.mkDerivation (finalAttrs: { # This has proven to be less error-prone than the previous systemd fork. src = fetchFromGitHub { owner = "systemd"; - repo = "systemd-stable"; - rev = "v${finalAttrs.version}"; - hash = "sha256-fnMvBYyMRQrP2x//8ntGTSwoHOtFk2TQ4S5fwcsSLDU="; + repo = "systemd"; + rev = "v${version}"; + hash = "sha256-fyHzL+oe192YYuwyoTrov10IlrB0NSfY/XKVWzJrQEI="; }; # On major changes, or when otherwise required, you *must* : @@ -226,6 +229,19 @@ stdenv.mkDerivation (finalAttrs: { ./0015-tpm2_context_init-fix-driver-name-checking.patch ./0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch ./0017-meson.build-do-not-create-systemdstatedir.patch + + # https://github.com/systemd/systemd/pull/33258 + # Remove after 256.3 + (fetchpatch { + url = "https://github.com/systemd/systemd/compare/b268a71069786a45460807967e669d505ba3c5a2..f26b2ec46118a4493608618da2253bb9dfc6b517.patch"; + hash = "sha256-OmuPDm3NykrDeNTA3NcYt9iTXEUFwKJ5apPP4KqtABg="; + }) + + # https://github.com/systemd/systemd/pull/33400 + (fetchpatch { + url = "https://github.com/systemd/systemd/compare/051d462b42fe6c27824046c15cd3c84fa5afe05b..5e2d802c018f0b6d5dd58745f64d6958fa261096.patch"; + hash = "sha256-drGAnx+ECixOjIP0DUSbCG/emUgoVips9WQL5ny3NKQ="; + }) ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [ ./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ( @@ -355,7 +371,15 @@ stdenv.mkDerivation (finalAttrs: { # Support for PKCS#11 in systemd-cryptsetup, systemd-cryptenroll and systemd-homed { name = "libp11-kit.so.0"; pkg = opt (withHomed || withCryptsetup) p11-kit; } + # Compression + { name = "liblz4.so.1"; pkg = opt withCompression lz4; } + { name = "liblzma.so.5"; pkg = opt withCompression xz; } + { name = "libzstd.so.1"; pkg = opt withCompression zstd; } + { name = "libip4tc.so.2"; pkg = opt withIptables iptables; } + { name = "libarchive.so.13"; pkg = opt withLibarchive libarchive; } + { name = "libkmod.so.2"; pkg = opt withKmod kmod; } + { name = "libgcrypt.so.20"; pkg = opt wantGcrypt libgcrypt; } ]; patchDlOpen = dl: @@ -476,6 +500,7 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional withUkify (python3Packages.python.withPackages (ps: with ps; [ pefile ])) ++ lib.optionals withPasswordQuality [ libpwquality ] ++ lib.optionals withQrencode [ qrencode ] + ++ lib.optionals withLibarchive [ libarchive ] ; mesonBuildType = "release"; @@ -492,13 +517,11 @@ stdenv.mkDerivation (finalAttrs: { # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 (lib.mesonOption "time-epoch" releaseTimestamp) - (lib.mesonOption "version-tag" finalAttrs.version) + (lib.mesonOption "version-tag" version) (lib.mesonOption "mode" "release") (lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3 (lib.mesonOption "debug-shell" "${bashInteractive}/bin/bash") (lib.mesonOption "pamconfdir" "${placeholder "out"}/etc/pam.d") - # Use cgroupsv2. This is already the upstream default, but better be explicit. - (lib.mesonOption "default-hierarchy" "unified") (lib.mesonOption "kmod-path" "${kmod}/bin/kmod") # Attempts to check /usr/sbin and that fails in macOS sandbox because @@ -524,8 +547,8 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonOption "sbat-distro" "nixos") (lib.mesonOption "sbat-distro-summary" "NixOS") (lib.mesonOption "sbat-distro-url" "https://nixos.org/") - (lib.mesonOption "sbat-distro-pkgname" finalAttrs.pname) - (lib.mesonOption "sbat-distro-version" finalAttrs.version) + (lib.mesonOption "sbat-distro-pkgname" pname) + (lib.mesonOption "sbat-distro-version" version) # Users (lib.mesonOption "system-uid-max" "999") @@ -543,6 +566,11 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonOption "mount-path" "${lib.getOutput "mount" util-linux}/bin/mount") (lib.mesonOption "umount-path" "${lib.getOutput "mount" util-linux}/bin/umount") + # SSH + # Disabled for now until someone makes this work. + (lib.mesonOption "sshconfdir" "no") + (lib.mesonOption "sshdconfdir" "no") + # Features @@ -606,6 +634,7 @@ stdenv.mkDerivation (finalAttrs: { (lib.mesonEnable "kmod" withKmod) (lib.mesonEnable "qrencode" withQrencode) (lib.mesonEnable "vmspawn" withVmspawn) + (lib.mesonEnable "libarchive" withLibarchive) (lib.mesonEnable "xenctrl" false) (lib.mesonEnable "gnutls" false) (lib.mesonEnable "xkbcommon" false) @@ -873,7 +902,8 @@ stdenv.mkDerivation (finalAttrs: { interfaceVersion = 2; inherit withBootloader withCryptsetup withEfi withHostnamed withImportd withKmod - withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd; + withLocaled withMachined withPortabled withTimedated withTpm2Tss withUtmp + util-linux kmod kbd; tests = { inherit (nixosTests) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 12b91439745e..d9fa6d53456b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -27573,6 +27573,7 @@ with pkgs; withPasswordQuality = false; withVmspawn = false; withQrencode = false; + withLibarchive = false; }; systemdLibs = systemdMinimal.override { pname = "systemd-minimal-libs";