A few people have reported empty files in /etc/dbus-1 which can cause obscure issues.
With this change, users can retry and get non-empty files.
can be tested with
`makeDBusConf { suidHelper = ""; serviceDirectories = []; }`
and adding
```
rm $out/session.conf
echo -n "" > $out/session.conf
# or
echo "" > $out/session.conf
```
Many packages have some kind of flag indicating whether or not to build with
systemd support. Most of these default to `stdenv.isLinux`, but systemd does
not build on (and is marked `broken` for) `isStatic`. Only a few packages have
the needed `&& !isStatic` in the default value for their parameter.
This commit moves the logic for the default value of these flags into
`systemd.meta.{platforms,badPlatforms}` and evaluates those conditions using
`lib.meta.availableOn`.
This provides three benefits:
1. The default values are set correctly (i.e. including `&& isStatic`)
2. The default values are set consistently
3. The way is paved for any future non-Linux systemd platforms (FreeBSD is
reported to have experimental systemd support)
*buildInputs take .dev outputs by default, but we don't need it here.
The extra dependency (introduced by commit d172061281) was breaking
tests like nixosTests.containers-imperative and nixosTests.installer.*
https://hydra.nixos.org/eval/1767666#tabs-still-fail
Upstream is accidentally shipping a pre-generated catalog file in the tarball,
which contains FHS paths. We need to remove it to re-generate it ourselves.
Unfortunately, we are also overriding datadir to different values between
build and installation for reasons, so we need to override dtddir manually.
This hack was added so that X11 autolaunch support could be enabled
even when building without X11. At the time, it was possible to have
the autolaunch support without X11 support. But later, this stopped
being possible, and so the derivation was changed to only apply the
hack when X11 support was enabled. But in that case, the same flag
would be added by the build system.
So in summary, this hack is only enabled in the case where it's a
no-op. Therefore, it can be safely removed.
We previously weren't able to build systemd for Musl, but now we
can! (But not statically.) So there's no longer any reason to have
systemd support in D-Bus disabled by default for pkgsMusl.
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
With this parameter, generating docs from the same sources will produce the
same 'bit-by-bit' result each time.
This is particularly important since dbus is part of the 'minimal' testset at
https://r13y.com/
Also submitted upstream (though in a slightly different form):
https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/189
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.16/NEWS
It's short and explains the CVE a bit, including below:
> CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
> authentication for identities that differ from the user running the
> DBusServer. Previously, a local attacker could manipulate symbolic
> links in their own home directory to bypass authentication and connect
> to a DBusServer with elevated privileges. The standard system and
> session dbus-daemons in their default configuration were immune to this
> attack because they did not allow DBUS_COOKIE_SHA1, but third-party
> users of DBusServer such as Upstart could be vulnerable. Thanks to Joe
> Vennix of Apple Information Security. (dbus#269, Simon McVittie)
This is rebuilt virtually every time a NixOS module is enabled or
disabled, so I don't think it makes sense to have it substituted.
It gets in the way of trivial config changes when I would otherwise be
able to rebuild my system entirely offline.
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces