Many packages have some kind of flag indicating whether or not to build with
systemd support. Most of these default to `stdenv.isLinux`, but systemd does
not build on (and is marked `broken` for) `isStatic`. Only a few packages have
the needed `&& !isStatic` in the default value for their parameter.
This commit moves the logic for the default value of these flags into
`systemd.meta.{platforms,badPlatforms}` and evaluates those conditions using
`lib.meta.availableOn`.
This provides three benefits:
1. The default values are set correctly (i.e. including `&& isStatic`)
2. The default values are set consistently
3. The way is paved for any future non-Linux systemd platforms (FreeBSD is
reported to have experimental systemd support)
openfortivpn would look in the nix store for config files, which
obviously doesn't work, so make it go to /etc/openfortivpn instead so
we *can* configure it system-wide.
Also add systemd units on Linux.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/openfortivpn/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn -h’ got 0 exit code
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn --help’ got 0 exit code
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn help’ got 0 exit code
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn --version’ and found version 1.7.0
- found 1.7.0 with grep in /nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0
- directory tree listing: https://gist.github.com/34708b90f0d4fc975a7b9dbd4670bfee
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0/bin/openfortivpn -h` got 0 exit code
- ran `/nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0/bin/openfortivpn --help` got 0 exit code
- ran `/nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0/bin/openfortivpn help` got 0 exit code
- ran `/nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0/bin/openfortivpn -v` and found version 1.6.0
- ran `/nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0/bin/openfortivpn --version` and found version 1.6.0
- ran `/nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0/bin/openfortivpn -h` and found version 1.6.0
- ran `/nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0/bin/openfortivpn --help` and found version 1.6.0
- found 1.6.0 with grep in /nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0
- found 1.6.0 in filename of file in /nix/store/wj4dlazd3lk41w7865iyl082s5pk6g2a-openfortivpn-1.6.0
cc "@madjar"
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow