Commit Graph

618 Commits

Author SHA1 Message Date
Lily Foster
617813243c
systemd: fix ukify script
The script requires a python3 shebang with an environment that includes
python3Packages.pefile at runtime.
2023-03-30 11:40:35 -04:00
Дамјан Георгиевски
a9bd908709 systemd: 253.1 -> 253.2
https://github.com/systemd/systemd-stable/compare/v253.1...v253.2
Commits: 81
Files changed: 113
2023-03-30 14:05:20 +02:00
github-actions[bot]
07fb9cae4e
Merge master into staging-next 2023-03-26 00:02:45 +00:00
Artturin
780669daf5 treewide: don't hardcode /nix/store (no rebuilds changes)
improve experience for other store locations
2023-03-24 20:11:33 +02:00
Florian Klink
504d66bae9
Merge pull request #216826 from gdamjan/systemd-253
systemd: 252.5 -> 253
2023-03-13 17:37:39 +01:00
Дамјан Георгиевски
91dd01a306 systemd: disable the ukify tool
disable it just temporarily, until a solution is found for the
cross-compilation dependency on python

see https://github.com/NixOS/nixpkgs/pull/216826#issuecomment-1465228824
for more context
2023-03-12 23:55:03 +01:00
Garry Filakhtov
3be2b59965
systemd: optional kmod integration
Expose a new `withKmod` option to be able to enable and disable kmod
integration, including the `systemd-modules-load` tool for automatic
modules loading during the system boot sequence.
2023-03-08 18:00:51 +11:00
Garry Filakhtov
2d17a96805
systemd: make PAM integration optional
Expose a new `withPam` option to allow enabling and disabling
integration with PAM stack, including the `systemd-user-sessions` daemon
and the associated `.service` file, as well as `pam_systemd.so` PAM
module for integration with `systemd-logind` and user session
registration with the systemd cgroup hierarchy.
2023-03-08 18:00:51 +11:00
Garry Filakhtov
86aff5f32f
systemd: make libaudit optional
Expose a new `withAudit` flag (defaults to `true` for backwards compatibility) to be able to conditionally enable and disable an integration with the `libaudit` library, which is used to integrate with Linux Audit Framework for logging various security-relevant events.
2023-03-08 18:00:51 +11:00
Garry Filakhtov
d37221dd4b
systemd: make libacl optional
Expose a new `withAcl` flag (defaults to true for backwards compatibility) to be able to conditionally enable and disable an integration with `libacl` library, which is used by variety of systemd tools and daemon, e.g. `journald` will check ACLs in addition to regular permissions when accessing journal files and `systemd-nspawn` will update ACL entries when used with the `--private-users-chown` flag.
2023-03-08 18:00:50 +11:00
Garry Filakhtov
fe201024e9
systemd: make libidn2 optional
Expose a new `withLibidn2` flag (defauts to true for backwards compatibility) to be able to conditionally enable and disable integration with `libidn2`, which is used by the `systemd-network` and `systemd-resolved` to support internationalized domain names.
2023-03-08 18:00:50 +11:00
Florian Klink
f7ce1d22eb systemd: 253 -> 253.1
Changelog:

```
6c327d74aa hwdb: update to 11875a98e4f1c31e247d99e00c7774ea3653bafd
0b81fcd16d chase-symlinks: Always open a dirfd to the root directory
aa20a210a0 chase-symlinks: chase_symlinks_at() AT_FDCWD fixes
bb3e44323b escape: add missing non-NULL parameter assertions
c4e7cf2bd7 test-escape: Add tests for escaping bogus UTF-8 sequences
e906fd2421 escape: Ensure that output is always valid UTF-8
1a22006574 virt: correctly detect QEMU emulated pSeries guests
5ee19fdfa0 psi-util: fix error handling
9ffa0d439f journald: remove triplicate logging about failure to write log lines
4f7f93cc6a journald: downgrade various log messages from LOG_WARNING to LOG_INFO
a2dc51cd8c journald: make sure shall_try_append_again() logs about all return codes passed in, not just some
144ac494ec systemctl: print better message if default target is masked
791754f683 Revert "dissect-image: don't probe swap partitions needlessly"
d0e7841dce rules: remove redundant duplicate comparisons
dc98d58dd8 man: add two missing commands to synopsys
e093acd062 core/dbus-socket: check the socket path is absolute
a719c2ec2f sd-event: fix error handling
58c821af60 sd-event: always initialize sd_event.perturb
2bfb07b22f systemctl: show "Until:" field only for service and scope units
d9abd8babe tmpfiles.d: drop misleading comment
0f4dbe6367 Enable TPM by default with SetCredentialEncrypted
8d8240bdf6 stub: Fix unaligned read
44c2ff5b1e efi: drop executable-stack bit from .elf file
f2460b78b9 logind-session: make stopping of idle session visible to admins
1947b9939c sleep: check if we're on AC power before checking battery capacity
452cad62c8 install: fail early if specifier expansion failed
eae11e3f06 homectl: add missing break
9024afb994 core/manager: falling back to execute generators without sandboxing
aac692160e man/tmpfiles.d: adjust the table in synopsis, improve spelling
d2739b8c14 test: disable pipefail when testing interactive firstboot
755431b233 ukify: Set fast_load option when parsing PE files
343e90462f core: permit sending augmented enable/disable methods
ba1cb4156b process-util: show requested process name in the log
5140da8937 systemctl: edit: fix double free of instanced name
c4cdbb978f journalctl: fix output when --lines is used with --grep
6dafcad55c loop-util: fix error condition and return value
ec6c1fbf7d Correct journal misspell
6b6df9a845 cryptsetup: check the existence of salt by salt_size > 0
cd5de2811a boot: Fix assertion failure
01b90e1588 pid1: generate compat warning for SystemCallArchitectures= if seccomp is off
a3177cbe54 core/mount: fix default target for /sysusr/usr and its child
3168bda640 mkosi: configure multiarch libdir in debian/ubuntu builds
51b7acfcef tpm2: fix build failure without openssl
a88e35bf95 resolved: Fall back to TCP if UDP is blocked
```
2023-03-05 04:35:38 +01:00
Дамјан Георгиевски
575fddf25b systemd: 252.5 -> 253
systemd v253 changelog/NEWS:
https://github.com/systemd/systemd/blob/v253/NEWS

NixOS changes:
0007-hostnamed-localed-timedated-disable-methods-that-cha.patch was
dropped, because systemd gained support to handle read-only /etc.

*-add-rootprefix-to-lookup-dir-paths.patch required some updates too,
as src/basic/def.h moved to src/basic/constants.h.

systemd/systemd#25771 switched p11kit to become
dlopen()'ed, so we need to patch that path.

added a note to the 23.05 release notes to recommend `nixos-rebuild boot`

Co-authored-by: Florian Klink <flokli@flokli.de>
2023-03-05 04:35:34 +01:00
github-actions[bot]
3cdd771820
Merge staging-next into staging 2023-02-23 18:01:49 +00:00
Alyssa Ross
52c286ee5b
Merge remote-tracking branch 'origin/master' into staging-next
Conflicts:
	pkgs/development/libraries/pmdk/default.nix
2023-02-23 13:51:34 +00:00
Artturin
f9fdf2d402 treewide: move NIX_CFLAGS_COMPILE to the env attrset
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper

this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
2023-02-22 21:23:04 +02:00
Florian Klink
ab566b8656
Merge pull request #208269 from ElvishJerricco/systemd-stage-1-fsck
Systemd stage 1 fsck
2023-02-17 10:06:39 +02:00
Artturi
fa169bb239
Merge pull request #214207 from Artturin/ssytemdbuildbash1 2023-02-13 22:34:23 +02:00
Will Fancher
14b77582da systemd-stage-1: fsck 2023-02-08 00:43:10 -05:00
Florian Klink
025d8692b2
Merge pull request #215094 from chuangzhu/systemd-want-gcrypt
systemd: fix build when withResolved=false and withImportd=true
2023-02-07 12:49:32 +01:00
Chuang Zhu
b89799acf0 systemd: fix build when withResolved=false and withImportd=true 2023-02-07 18:17:34 +08:00
Artturin
1db2422130 systemd: disallowedReferences nativeBuildInputs
add cross to passthru.tests to prevent cross breaking
2023-02-02 18:57:58 +02:00
Artturin
2142bc8d33 systemd: don't reference build bash
the .install files retained references to build bash

$ pwd
/nix/store/yfzncfa577cbc0r1bm1fjdc1szyy0dif-systemd-aarch64-unknown-linux-gnu-252.4/lib
$ tree kernel
kernel
├── install.conf
└── install.d
    ├── 50-depmod.install
    └── 90-loaderentry.install
2023-02-02 18:12:12 +02:00
github-actions[bot]
33d4318fcc
Merge staging-next into staging 2023-01-31 00:03:07 +00:00
github-actions[bot]
dd1ff149da
Merge master into staging-next 2023-01-31 00:02:31 +00:00
Alyssa Ross
0da24fa3ba
systemd: disable BPF for ARMv5
ARMv5 does not have hardware floating point, so can't build systemd's
BPF code.
2023-01-30 19:54:13 +00:00
Дамјан Георгиевски
196ce76703 systemd: 252.4 -> 252.5
https://github.com/systemd/systemd-stable/compare/v252.4...v252.5
Commits: 81
Files changed: 103
2023-01-29 21:47:18 +01:00
Adam Joseph
a94114e70a systemd: use non-function pattern for badPlatforms
Closes #212925
2023-01-27 02:21:43 -08:00
github-actions[bot]
feb2240b37
Merge master into staging-next 2023-01-22 18:01:03 +00:00
Adam Joseph
5b66b6b8c2 systemd.meta.badPlatforms: include isStatic predicate 2023-01-22 00:27:19 -08:00
Nick Cao
568d6fca33
systemd: fix tpm2 driver init 2023-01-16 08:26:59 +08:00
github-actions[bot]
4712ed9439
Merge master into staging-next 2023-01-14 00:02:26 +00:00
Adam Joseph
6f6b4a1d41 systemd: default withLibBPF to false if isMips64
libBPF does not compile for mips64 targets using clang (rathern than
gcc) because clang lacks the necessary _MIPS_SZPTR compiler builtin.
Let's allow the rest of systemd to compile.

- The glibc people noticed this problem [way back in
  2011](https://sourceware.org/pipermail/libc-ports/2011-June/001959.html)
  and consider it to be a clang/llvm bug.  I am inclined to agree.

- [clang has the `_MIPS_SZPTR`
  builtin](3af9cb5375/clang/lib/Basic/Targets/Mips.cpp (L185))
  and seems to have had it since before they switched to git.

This may in fact be a nixpkgs bug -- that we're not invoking clang
in a way that tells the frontend to make the mips builtins
available, even if the backend is emitting mips binaries.  Or at
least we aren't tricking systemd's build machinery into doing that.
2023-01-13 20:09:41 +00:00
Alyssa Ross
820f3452f4 pkgsMusl.systemd: fix build by updating patchset 2023-01-13 04:20:32 +00:00
github-actions[bot]
0c98bf3e85
Merge staging-next into staging 2023-01-05 00:02:56 +00:00
sternenseemann
1ee0f4c2aa systemd: fix evaluation in pkgsCross.ghcjs.buildPackages
GHC's js backend depends on systemd via emscripten via closure compiler
via jdk via cups. Before it fails to evaluate, though, since
llvmPackages looks into `targetPackages.stdenv.cc` to determine which
C++ library to use (something that should be rectified in the future).
[Unfortunately], for `pkgsCross.ghcjs`, `stdenv.cc` throws which blows
up evaluating `pkgsCross.buildPackages.llvmPackages.clang`.

This is in principle unnecessary. We want to build
`pkgsCross.ghcjs.buildPackages.haskell.compiler.native-bignum.ghcHEAD`
which depends on `pkgsCross.ghcjs.buildPackages.systemd` which needs
clang and friends only in `nativeBuildInputs`, so
`pkgsCross.ghcjs.buildPackages.buildPackages.llvmPackages.clang`.
Unfortunately, due to the nature of splicing, we first evaluate the
“adjacent” derivation before we can access the spliced derivation we are
actually interested in. If the former
fails (`pkgsCross.ghcjs.buildPackages.llvmPackages.clang`), we can't do
the latter.

The solution is to just not rely on splicing in this case and take
`buildPackages.llvmPackages.clang` directly (relative to
`buildPackages.systemd` in this case!) which avoids the whole problem.

[Unfortunately]: c739c420db (diff-3209527bd27cbc775f579b1e295b0264c850859c7245d526965cec456b8c70a4R61)
2023-01-03 22:19:59 +01:00
Florian Klink
70253b9015
Merge pull request #207119 from gdamjan/bump-systemd
systemd: 252.3 -> 252.4
2022-12-23 16:49:26 +01:00
Florian Klink
6b1a896570
Merge pull request #205121 from alaviss/homed
nixos: systemd-homed support
2022-12-23 13:09:17 +01:00
Дамјан Георгиевски
47de6ecabb systemd: 252.3 -> 252.4
also fixes an security issue with systemd-coredump:
https://www.openwall.com/lists/oss-security/2022/12/21/3
2022-12-21 17:03:30 +01:00
github-actions[bot]
dc7ebb0163
Merge staging-next into staging 2022-12-18 18:01:41 +00:00
figsoda
ec8cb34358 treewide: fix typos 2022-12-17 19:39:44 -05:00
Florian Klink
ed9e8cd687 systemd: 252.1 -> 252.3
Fixes sd-boot on (some?) Intel Macbooks, as reported in
https://github.com/NixOS/nixpkgs/pull/201558#issuecomment-1348823127.

Full log:

```
13de548fca network: manage addresses in the way the kernel does
fcc174cbdd import: wire up SYSTEMD_IMPORT_BTRFS_{SUBVOL,QUOTA} to importd
6cb0724a06 machine-pool: simplify return values from setup_machine_directory()
1c9e7fc8f2 boot: Only do full driver initialization in VMs
79b97ec652 boot: improve support for qemu (helpers only)
87add68b39 boot: Make sure all partitions drivers are connected
989f0c52e1 boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices
b89be71bf4 network: unset Link.ndisc_configured only when a new address or route is requested
fc4f804b07 network: fix indentation
fc60072926 dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + DISSECT_IMAGE_OPEN_PARTITION_DEVICES
1267b35273 fuzz: shorten filename of testcase
7fc478f751 resolve: optimize conversion of TXT fields to json
772e89452e hexdecoct: fix NULL pointer dereferences in hexmem()
002fc46688 hexdecoct: add missing NULL check
be1088b7a0 test: add tests for base64_append()
acb0414a1f hexdecoct: several cleanups for base64_append()
9410eb20eb cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED
1c8abb343a man: mention that DefaultRouteOnDevice= create the IPv4 default route
6c869ad3bd selinux: accept the fact that getxyzcon() can return success and NULL
0fdeb7c640 oomd: print dry run output at INFO level
4119d25e62 journald: prevent segfault on empty attr/current
6fdf196f99 core: use correct scope of looking up units
6d7b0dacc6 test-network: add test for bond mac address config
6405eba4b6 network: Fix set bond device MAC address failed
dbc59253ec test-fs-util: Add relative path chase_symlinks() tests
6e99f9c8fb chase-symlink: when converting directory O_PATH fd to real fd, don't bother with /proc/
bc6fc812fd test: add basic tests for octescape()
2ea5de7881 escape: fix wrong octescape of bad character
8999727a82 network: drop REMOVING flag when a netlink message is sent to kernel
a064abff76 dissect: show color in log output
278a97708b log: Switch logging to runtime when FS becomes read-only
44984e15bb resolve: format zero-length RDATA according to rfc3597
d59009dc1d manager: do not append '\n' when writing sysctl settings
2a66b4c894 test: check if we can use SHA1 MD for signing before using it
d0b80bf81e dissect-image: log expected UUID for /var
b0b97848e8 bootspec: fix null-dereference-read
0ba8e9ecff virt: Support detection of LMHS SRE guests
787b2c32f3 terminal-util: Set OPOST when setting ONLCR
c7bf13b2d9 units: change Requires=systemd-networkd.service → BindsTo= one more time
e3d9376692 core/device: verify device syspath on switching root
9523f85b2e core/device: also serialize/deserialize device syspath
10b3ce781b core/device: update comment
2505010178 sd-netlink: fix segfault
4b885f3591 test: Add tests for systemd-cgtop args parsing
b97c1c427c cgtop: Do not rewrite -P or -k options
6cbf72a8d9 logind: Properly unescape names of lingering users
01a39e96b5 units: Use BindsTo=systemd-networkd in systemd-networkd-wait-online.service
b0c39ffc54 resolved: remove inappropriate assert()
e0521346ec stub: Detect empty LoadOptions when run from EFI shell
7ca40a8b08  stub: Fix cmdline handling
b39f2ab98f boot: Use xstr8_to_16 for path conversion
6387a74d2c boot: Use xstr8_to_16
ff7469af96 boot: Add xstrn8_to_16
475c130003 core: update audit messages
c74bc2cd49 dissect: fix fsck
ce55eb4ebd process-util: add new FORK_CLOEXEC_OFF flag for disabling O_CLOEXEC on remaining fds
36c3c4172d fd-util: add new fd_cloexec_many() helper
57b4329b38 fd-util: make fd_in_set() (and thus close_all_fds()) handle invalidated fds in the array
12c41564cd tmpfiles: log at info level when some allowed failures occur
77f524dda0 find-esp: include device sysname in the log message
8d23210a2e find-esp: downgrade and ignore error on retrieving PART_ENTRY_SCHEME when searching
eea92b179d sd-bus: Use goto finish instead of return in bus_add_match_full
0916514b8c strv: Make sure strv_make_nulstr() always returns a valid nulstr
2ddd7b5def bootctl: rework how we handle referenced but absent EFI boot entries
2daecc7179 bootctl: downgrade log message when firmware reports non-existent or invalid boot entry
9a7186e92a bootctl: make boot entry id logged in hex
62f58d94f8 dissect-image: do not try to close invalid fd
c1dd021d16 boot: Silence driver reconnect errors
a09a41c2f7 meson: install test-kernel-install only when -Dkernel-install=true
9b6f12262f udev: make sure auto-root logic also works in UKIs booted from XBOOTLDR
d5e3625a61 repart: respect --discard=no also for block devices
79f161ac65 portable: add a few more useful debug log messages
bcd42b3c88 oomd: fix unreachable test case in test-oomd-util
2bdf5b0382 oomd: always allow root-owned cgroups to set ManagedOOMPreference
da01d83ab4 network: wifi: try to reconfigure when connected
595dd9b2b9 resolved: Fix OpenSSL error messages
2ecb8fc841 basic/strv: check printf arguments to strv_extendf()
81e2c87a47 manager: fix format strings for trigger metadata
d337ac02d6 resolved: when configuring 127.0.0.1 as per-interface DNS server, contact it via "lo" always
813d52dbf8 resolved: use right conditionalization when setting unicast ifindex on UDP sockets
2b52748d45 nspawn: allow sched_rr_get_interval_time64 through seccomp filter
5c34bc9bc3 boot/measure: fix oom check
f68be4fd79 fuzz: fuzz-compress: fix copy-and-paste error: buf -> buf2 (#25431)
132f0ec7de Handle MACHINE_ID=uninitialized
25fcbdae7e shared/tpm2-util: Fix "Error: Esys invalid ESAPI handle (40000001)" warning
6189505d79 boot: Correctly handle @saved default patterns
148b2d8ad3 Revert "journal: Make sd_journal_previous/next() return 0 at HEAD/TAIL"
d34ea410f4 Fix reading /etc/machine-id in kernel-install (#25388)
7b99f68f1c systemctl: do not show unit properties with --all
f791ecd0c5 ac-power: check battery existence and status
c2620a6bdb pid1: skip cleanup if root is not tmpfs/ramfs
83a772aae2 Revert "initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs"
4d11c9b3cd networkd-ipv4acd.c: Use net/if.h for getting IFF_LOOPBACK definition
aff1caf3fd boot: Replace firmware security hooks directly
f9d9a68ecc boot: Rework security arch override
c6d7b4014c boot: Manually convert filepaths if needed
c8c5b79fb6 boot: Do not require a loaded image path
5894d4bd79 boot: Fix memory leak
5c0b918c02 boot: Fix error message
542dbc623e tpm2: add some extra validation of device string before using it
b3228085ba tpm2-util: force default TCTI to be "device" with parameter "/dev/tpmrm0"
31c2abd305 Create CNAME
2ec3187d6c test: compile test-utmp.c only if UTMP is enabled
````
`
2022-12-13 17:21:47 +00:00
Leorize
05420f34cf nixos: add systemd-homed support
As a start, it's not very configurable, but works pretty well.
2022-12-09 12:10:51 -06:00
Yureka
ee89367a3d
pkgsMusl.systemd: fix build (#204221) 2022-12-08 13:25:52 +01:00
Will Fancher
6925777fe4 systemd: 251.8 -> 252.1 2022-11-16 23:38:25 -05:00
Jörg Thalheim
f74e68b70a systemd: configure as release build
Without this we enable some assertions and checks that we don't want in
production code:

09cd639a59/docs/HACKING.md (developer-and-release-modes)

Fixes https://github.com/NixOS/nixpkgs/issues/201058
2022-11-14 13:08:49 +01:00
Florian Klink
4940c0094f systemd: 251.7 -> 251.8
```
git log --oneline v251.7..v251.8
ae8b249af4 test: fstab-generator: adjust PATH for fsck
03514a9f64 man: add note that network-generator is not a generator
8c8a423821 condition: Check that subsystem is enabled in ConditionSecurity=tpm2
9243b88b55 test: wait for loop device to be removed
f5c2be99bc test: wait for the lodev to get properly initialized
8cfe979030 test: disable LSan in the ASan env wrapper
db00a62be8 test: introduce a simple environment file for test service
fd082f335e test: lower the # of mpath devices to 16
d17a45340b test: make TEST-64 a bit more ASan friendly
a51cc9e578 test: don't wrap binaries built with ASan
e176dca593 test: drop all LD_PRELOAD-related ASan workarounds
9fba4cdf61 test: set $ASAN_RT_PATH along with $LD_PRELOAD to the ASan runtime DSO
4fbf69fd1b semaphore: remove the Semaphore repositories recursively
6258394c1e test: wrap `ls` and `stat` to make it work w/ sanitizers in specific cases
db14b371df test: create an ASan wrapper for `getent` and `su`
1027d3d633 test: always wrap useradd/userdel when running w/ ASan
65ab7b0950 Revert "Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size."
f994276068 test: make TEST-63 more reliable on slower machines
68b4f10f82 test: use PBKDF2 with capped iterations instead of Argon2
1f32ec761c hashmap: use assert_se() to make clang happy
94a25aa6d5 coredump: drop an unused variable
5f09fa4d5e network: drop an unused variable
a29ddb989b machine: drop an unused variable
9a71cd3bf6 sd-journal: drop an unused variable
ae0537f18f ci: reenable validation of GH Actions files
6e92f64ca4 ci: temporarily disable validation of GH Action files
6cd1b11d02 cryptsetup: fix build with -Db_ndebug=true
0ab5e9fe98 test: wrap binaries using systemd DSOs when running w/ ASan
6d4ae5a7cd test: make the virt detection quiet
024ee3def9 test: check for other hypervisors as well
520be40734 test-mountpoint-util: support running on a mount namespace with another mount on /proc
2cd4aed358 test-mountpoint-util: use log_info()
c7b66dbe2a test-mountpoint-util: fix NULL arg to %s
4e49c726ad test: drop redundant log message
b57ef0c672 build(deps): bump meson from 0.63.2 to 0.63.3 in /.github/workflows
8c80564405 build(deps): bump ninja from 1.10.2.3 to 1.10.2.4 in /.github/workflows
70e90da84b build(deps): bump meson from 0.63.1 to 0.63.2 in /.github/workflows
489c00dee5 build(deps): bump meson from 0.63.0 to 0.63.1 in /.github/workflows
08e85ad43d build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows
b0619c9c55 build(deps): bump meson from 0.62.0 to 0.62.2 in /.github/workflows
d982169592 build(deps): bump systemd/mkosi
9d4af5fea1 mkosi: libbpf0 -> libbpf1
3abf9f08f1 mkosi: Switch to Fedora 37
18f9fbab08 mkosi: update to latest commit
5403b727a7 mkosi: Use SourceFileTransfer=mount
9744c04ffd mkosi: Drop kernel-modules-extra from Fedora config
ab2f7a9b9e mkosi: install fdisk for test-loop-block
17acdca99d mkosi: Set ExtraSearchPaths=build/ by default
420e782904 mkosi: update to latest commit
43ef15c752 mkosi: add back packages removed from OpenSUSE build
9a94aa1d88 mkosi: disable isc-dhcp-server again
d1785c462f mkosi: Ensure we build all features/components in mkosi
6712396da3 meson: Downgrade efi-ld warning
66309ee674 ci: Add mold to build tests
86c25ca937 ci: build with clang-15; drop clang-12
28457b030e mkosi: Drop workarounds
abecb21561 mkosi: Update to latest commit
d9eaf39930 mkosi: Update to latest commit
619b36b22c mkosi: Don't use InstallDirectory by default
cdf3fd312a mkosi: Use mkosi.output/ as output directory by default
b8a746e89b mkosi: Add package libfdisk to Ubuntu dependencies (#24211)
0e518f3639 ci: set a timeout for each mkosi stage
5e79cf977c mkosi: Update to latest
edef8edf0b mkosi: Update to latest commit
a0402d3ab6 mkosi: Update to latest commit
081168fa19 mkosi: Build against Fedora rawhide as well
a38a0504ec mkosi: Remove usage of deprecated option names/sections
47404f1802 mkosi: Changes to allow booting with sanitizers in mkosi
db1281e12e mkosi: Update Ubuntu config to 22.04
ca8dc691fe mkosi: Install xxd in images
f12a6945c6 ci: limit which env variables we pass through `sudo`
7e24ac6d77 mkosi: update to latest main
a46ba01e79 mkosi: Update to latest release
7ef1d71895 mkosi: Pull in fix that solves action mirror issue
d3d90ae66b mkosi: Update CI to mkosi 13
9bf797be2c ci: build systemd with clang with -Dmode=release --optimization=2
9e88b3a5e1 ci: bump gcc in the "build test" workflow
dcbc64db61 ci: prefer the distro llvm version if available
ccd81889d4 ci: bump GH Actions to Ubuntu Jammy where applicable
b8fbf21526 kernel-install/90-loaderentry: do not add multiple systemd.machine_id options
fe5e692bfc tests: minor simplification in test-execute
a94fe70bbe tests: make test-execute pass on openSUSE
4a65c1674b firstboot: fix segfault when --locale-messages= is passed without --locale=
c3b22515b9 test: introduce sanity coverage for auxiliary utils
c61e4377d7 udev: add safe guard for setting by-id symlink
2f4fdaaecc udev: drop redundant call of usb_id and assignment of ID_USB_INTERFACE_NUM
491924940f udev: first set properties based on usb subsystem
293c006789 test: further extend systemctl's sanity coverage
f48e6576a2 test: add a couple of sanity tests for systemctl
3d5e379808 test: rename TEST-26-SETENV to TEST-26-SYSTEMCTL
a34afc4197 namespace: Add hidepid/subset support check
2ac138a5b6 coverage: Mark _coverage__exit as noreturn
9952c228a9 parse_hwdb: allow negative value for EVDEV_ABS_ properties
7b6fa1d3e6 test: add a couple of sanity tests for journalctl
cf21555d6d sd-device-monitor: dynamically allocate receive buffer
ee42e84968 man: use the correct 'Markers' property name for marking units
45090f3418 core: fix memleak in GetUnitFileLinks method
7eefd2fbb7 network: forcibly reconfigure all interfaces after sleep
66fa6110ba resolved: fix typo in feature level table
2f8f1d9e4a network: skip to reassign master ifindex if already set
d94f197818 resolved: fix copypasta in resolved varlink API
b61fcaca1b udev: always create device symlinks for USB disks
6fc2f387af man: Add documentation for AssertCredential= (#25178)
c339e8d71b man: document reboot --poweroff exception
91b8491e97 network: allow 0 for table number
3f94f03389 network: Table= also accepts table name
bdd84e82e5 analyze: add --image= + --root= to --help text
23d66a03de meson: Fix build with --optimization=plain
98a45608c4 manager: allow transient units to have drop-ins
228cd82d2c manager: reformat boolean expression in unit_is_pristine()
````
2022-11-11 19:33:55 +00:00
Dominique Martinet
844a08cc06 systemd: 251.5 -> 251.7
systemd 251.6 added support for libbpf 1.0.0, so use new libbpf version.
2022-11-05 11:09:47 +09:00
rnhmjoj
926ad2fffc systemd: mark that libbpf requires clang ≥ 10 2022-10-16 20:01:37 +02:00
Yureka
53d33caa8c systemd: disable portabled on musl 2022-10-14 19:34:07 +02:00
Florian Klink
3ff0a8f840
Merge pull request #189676 from zhaofengli/cryptenroll
systemd: Fix systemd-{cryptenroll,cryptsetup} TPM2 and FIDO2 support (attempt #3)
2022-10-12 00:56:04 +02:00
Franz Pletz
f6011b26e4
systemd: fix build with libxcrypt 2022-10-09 18:09:40 +02:00
Zhaofeng Li
570824e102 systemd: Wrap in LUKS2 tokens
Update pkgs/os-specific/linux/systemd/default.nix

Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2022-10-05 08:22:14 -06:00
Florian Klink
72911a27bb
Merge pull request #193502 from phaer/systemd-portabled
Support systemd-portabled
2022-10-04 21:39:39 +02:00
oxalica
5a8e48c968 systemd: don't taint on unmerged /usr
Discussion: https://github.com/systemd/systemd/issues/24191#issuecomment-1209350080
2022-10-05 00:15:00 +08:00
Florian Klink
0247a5b6da systemd: 251.4 -> 251.5
Changes:

```
654ae8c1e4 base-filesystem.c: add trailing zero byte for s390x entry
e4a19eef33 basic/missing_loop.h: fix missing lo_flags LO_FLAGS_DIRECT_IO
24238be484 mount-util: fix error code
1b1ad8c79f udev: certainly restart event for previously locked device
7dacfb3fb4 stub: Use EfiLoaderCode for kernel memory
eaeaf4f6ef network: do not silently stop to process configuration on activation failure
bb803856bc bus: use inline trace argument for ANONYMOUS auth
6349062326 Fix ObjectManager interface emitted for non-manager objects
c90ab07fa0 test-bus-objects: Test interfaces added/removed signal interfaces
e32fe1b457 Fix GetManagedObjects returning ObjectManager interface for non-manager objects
efd8e39f4a test-bus-objects: Test GetManagedObjects interfaces are correct
344efd022a coredump: when parsing json, optionally copy the string first
de08edca17 systemctl: color ignored exit status in yellow, not red
1531a496e3 manager: make clear internal Dump() logic is debugging only.
c4fd38f7d2 man: document the Dump() calls of the PID 1 D-Bus interface, and what they are
140fee4627 resolve: do not cache mDNS goodbye packet
1a2d93a770 kbd-model-map: correct variants for cz-qwerty to include comma
9d1ebb2247 resolve: persist DNSOverTLS configuration in state file
3137ac6ef5 udev: support by-path devlink for multipath nvme block devices
c948091cc5 run: make --working-directory= work for --scope too
7bb204620d kbd-model-map: add a mapping for switched czech qwerty/us
e5157050d1 test: add more test cases for mkdir_p_safe() and mkdir_p_root()
b3a9f7b5cb mkdir: chase_symlinks_and_stat() does not return 0
0bfdc91807 units: make sure that initrd-switch-root.service pulls in .target
45fb64c54b units: add dependency ordering for emergency.service conflicts
6535813084 units: add ordering dependencies on initrd-switch-root.target
09c90224f1 units/systemd-network-generator.service: add forgotten ordering for shutdown
1dd723a3b8 units: reorder/split unit dependency blocks
054cad0097 man: explicitly document that "reboot -f" is different from "systemctl reboot -f"
c5b0ae86b1 watchdog: use /dev/watchdog0 only if it exists
ac805eac15 journalctl: respect --quiet flag during file concistency verification
c1d729795d xdg-autostart-service: expand tilde in Exec lines
35c5f5d688 unit: drop ProtectClock=yes from systemd-udevd.service
175ba30cf6 busctl: Fix warning about invaild introspection data
6c7b91372d udev/rules,hwdb: filter out mostly meaningless default strings
8b89e677e9 units: prolong the stop timeout for homed
202a79e7c5 homed: don't wait indefinitely for workers on exit
44660d2e12 man: fix static bridge example
e0dde8a14f log: don't attempt to duplicate closed fd
254b77e73c condition: fix device-tree firmware path
96da39ddb1 udev-util: minor cleanups for on_ac_power()
3345520512 docs: fix incorrect env var name for credentials directory
49f9fa87b2 shell-completion: drop unused $mode
1e29d934de oomd: fix off-by-one when dumping kill candidates
b00cb050c8 on-ac-power: ignore devices with scope==Device
9886011356 on-ac-power: rework logic
1fc74d251e sd-device: add helper to read a unsigned int attribute
6d4c138534 shared/udev-util: say "ignoring device", not "ignoring"
cd2fad2300 virt: Support detection of Apple Virtualization.framework guests
6e47e75c86 virt: align tables
951e99231e check-os-release.py compatible with Python < 3.8
d572a74163 core/mount: adjust deserialized state based on /proc/self/mountinfo
2e372afc35 Allow uneven length BootXXXX variables
8ad143e684 gpt: fix native uuids for s390x
2bb9a0a29b udev: fix inversed inequality for timeout of retrying event
cf67d5ed1b bash-completion: add systemd-sysext support
ada437cfb1 sysext: add missing COMMAND to the help output and man synopsis
58bc1e8e04 hostname: make chassis type actually obtained from ACPI when nothing from DMI
4ffde70981 booctl: do not say uuids differ if one of the uuids is unset
5219a99ccb bash-completion: autocomplete cgroup names in systemd-cgtop
9f2f391153 sysusers: add fsync for passwd (#24324)
c966377c51 dhcp6: do not append ORO option when no option requested
97474b03e7 dhcp6: gracefully handle NoBinding error
c67a388aef udev/cdrom_id: check last track info
52c631b02e firstboot: fix can't overwrite timezone
f279a6f4d1 cryptenroll: fix memory leak
66b060225d sd-device-enumerator: drop noisy log messages
6e1acfe818 sd-device-monitor: actually refuse to send invalid devices
81339c45e8 sd-device-monitor: fix inversed condition
1760559918 resolvctl: only remove protocol after last dot when mangling ifname for resolvconf
a3348ba748 oom: drop invalid %m in the log message
b3dd66f32b meson: Test correct efi linker for supported args
f9d936b865 sysusers: properly process user entries with an explicit GID
ec5a46ca34 sysusers: only check whether the requested GID is available
037b1a8acc dhcp: fix potential buffer overflow
ed2955f8fe udev-util: assume system is running on AC power when no battery found
37b54927d3 Fix issue with system time set back (#24131)
4fdca1ab9e shared/generator: Ensure growfs unit runs after repart
32f9d70f8b manager: optionally, do a full preset on first boot
```
2022-10-03 13:56:23 +02:00
Florian Klink
20c2a3a9d5 systemd: nixpkgs-fmt 2022-10-03 13:09:29 +02:00
phaer
fcd5087046 systemd: build with portabled by default. 2022-09-30 14:53:50 +02:00
github-actions[bot]
2f49e0bb89
Merge master into staging-next 2022-09-20 18:01:23 +00:00
Sandro
95d3c49389
Merge pull request #175406 from SuperSandro2000/systemd-null 2022-09-20 17:09:26 +02:00
Yuka
2444caed5a
systemd: set withTpm2Tss and withUserDb to true on musl (#191030)
When we initially applied the openembedded patchset to make systemd
build with musl, these options had to be disabled for it to work.
Now they seem to work fine, so re-enabling.
2022-09-13 16:03:35 +02:00
Yureka
4817865887 systemd: add withUtmp flag and inherit in passthru
The NixOS systemd module has to include some upstream unit files
depending on if the systemd package was built with utmp support.
This makes it possible for the NixOS systemd module to detect if the
systemd package was built with utmp support.
2022-09-13 10:32:35 +02:00
Nick Cao
767c3e5fa9
systemd: fix cross compilation with libbpf enabled 2022-08-25 22:18:06 +08:00
Florian Klink
4a641f7ac3
Merge pull request #187714 from veehaitch/systemd-bpf-framework
systemd: enable `BPF_FRAMEWORK` by default (`withLibBPF=true`)
2022-08-21 16:59:14 +02:00
Vincent Haupert
ca0120a4bc systemd: enable BPF_FRAMEWORK by default (withLibBPF=true)
So far, we have been building Systemd without `BPF_FRAMEWORK`. As a
result, some Systemd features like `RestrictNetworkInterfaces=` cannot
work. To make things worse, Systemd doesn't even complain when using a
feature which requires `+BPF_FRAMEWORK`; yet, the option has no effect:

    # systemctl --version | grep -o "\-BPF_FRAMEWORK"
    -BPF_FRAMEWORK
    # systemd-run -t -p RestrictNetworkInterfaces="lo" ping -c 1 8.8.8.8

This commit enables `BPF_FRAMEWORK` by default. This is in line with
other distros (e.g., Fedora). Also note that BPF does not support stack
protector: https://lkml.org/lkml/2020/2/21/1000. To that end, I added a
small `CFLAGS` patch to the BPF building to keep using stack protector
as a default.

I also added an appropriate NixOS test.
2022-08-21 12:22:16 +02:00
Janne Heß
a8c50530fc
systemd: Enable oomd by default
This is only in the big systemd, not the minimal one
2022-08-15 10:13:04 +02:00
Sergei Trofimovich
7659f31d69 systemd: 251.3 -> 251.4
Notable change is binutils-2.39 support.

Changes: https://github.com/systemd/systemd-stable/compare/v251.3...v251.4
2022-08-11 09:33:22 +01:00
github-actions[bot]
50de8aa60e
Merge master into staging-next 2022-07-29 18:01:27 +00:00
Alyssa Ross
4a487f4c33
pkgsMusl.systemd: fix build with latest oe patches 2022-07-29 16:06:16 +00:00
Florian Klink
ad29dc19c1
Merge pull request #182436 from K900/systemd-initrd-fixes
nixos/systemd: make sure all the device nodes are created in stage1
2022-07-22 15:06:59 +07:00
K900
c9183d3738 nixos/systemd: make sure all the device nodes are created in stage1
The ConditionFileNotEmpty override patch wasn't correct for stage1, which
does have the modules in /lib. So, remove the patch and set
the right path with overrides in the final system.

Also, make sure systemd-tmpfiles-setup-dev is pulled in to create
all the necessary symlinks.
2022-07-22 10:01:21 +03:00
Artturin
229ecd4bbc systemd: update substituteInPlace to restore cross
systemd-aarch64-unknown-linux-gnu> src/boot/efi/meson.build:433:8: ERROR: Program 'objcopy' not found or not executable
2022-07-21 05:00:18 +03:00
Jörg Thalheim
a14d1a2e7e systemd: 250.4 -> 251.3 2022-07-18 14:17:05 +02:00
Sandro Jäckel
0aed504d4a
systemd: remove unused null checks 2022-05-30 05:49:19 +02:00
Martin Weinelt
1923b68bda Merge remote-tracking branch 'origin/staging-next' into staging 2022-05-23 17:35:37 +02:00
Florian Klink
2403723108
Merge pull request #172652 from klemensn/systemd-optional-system-units
nixos/systemd: Package only built component units
2022-05-23 11:35:01 +02:00
Ben Wolsieffer
5e2009d894 systemd: fix build platform shebang reference
patchShebangs was writing a build platform bash shebang to
systemd-update-helper, which ends up in the output. To fix this, this patch
restricts patchShebangs to only run on certain directories.

Also, remove a comment stating that patchShebangs will no longer be necessary
after the next systemd release. This is not the case because /usr/bin/env
doesn't exist within the sandbox and will still need to be patched.
2022-05-21 16:13:48 -04:00
Klemens Nanni
cbcc746f8f nixos/systemd: Package only built component units
Account for all `with*` options causing their respective unit files to
not be built, just like the current code `withCryptsetup` already does.

This fixes build errors like the following:
```
missing /nix/store/5fafsfms64fn3ywv274ky7arhm9yq2if-systemd-250.4/example/systemd/system/systemd-importd.service
error: builder for '/nix/store/67rdli5q5akzwmqgf8q0a1yp76jgr0px-system-units.drv' failed with exit code 1
```

Found by using a customised systemd package as follows:
```
systemd.package = pkgs.systemd-small;

nixpkgs.config.packageOverrides = pkgs: {

  "systemd-small" = pkgs.systemd.override {
    withImportd = false;
    withMachined = false;
    ...
  };

};
```
2022-05-16 16:52:25 +02:00
06kellyjac
eeff6c4933 systemd: fix reproducibility of dbus interface xml
systemd's `--bus-introspect` was generating nondeterministic xml which
is saved into our build outputs
2022-05-12 10:11:22 +01:00
Janne Heß
509e2b499e
systemd: Remove accidential sysinit re-add
0423158e10 re-introduced a previously
removed mv call.
2022-05-05 14:55:40 -07:00
github-actions[bot]
da11317d1c
Merge staging-next into staging 2022-04-27 06:01:39 +00:00
Guillaume Girol
71ca66602b systemd: mark as broken for static builds 2022-04-24 23:20:48 +02:00
Sergei Trofimovich
77a189e066 systemd: disable EFI stripping
In Issue #169693 we found out that systemd-bootaa64.efi does not have
required `#### LoaderInfo: systemd-boot 250.4 ####` marking.

It is destroyed by `nixpkgs`'s `_doStrip` hook (part of `fixupOutputHooks`).
It makes sense as PE32+ is a bit different from ELF where `.sdmagic` section
is inserted.

The change avoids stripping EFI files altogether by moving them out
of default strip directories of _doStrip for the time while `fixupPhase`
is running.

Closes: https://github.com/NixOS/nixpkgs/issues/169693
2022-04-23 18:54:48 +01:00
Janne Heß
adab6ce552
nixos/systemd-stage-1: Minor fixups
- Fix the name of the env
- Add the correct kmod to the initrd
- Add `less` to make journalctl usable
- Fix SYSTEMD_SULOGIN_FORCe for rescue.target
- Add some missing binaries
2022-04-11 11:13:01 +01:00
github-actions[bot]
c46200d454
Merge master into staging-next 2022-04-03 18:01:07 +00:00
Alyssa Ross
39eee39fd9
pkgsMusl.systemd: fix build for 250.4 2022-03-27 14:13:18 +00:00
Sergei Trofimovich
35e2c61dfd systemd: 250.3 -> 250.4
Among other things fixes build failure on linux-headers-5.17:

    ../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers:

    Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC
    Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC
2022-03-23 08:44:15 +00:00
Will Fancher
2d4ebf1259 initrd: Optional systemd-based initrd 2022-03-22 21:28:43 -04:00
Alyssa Ross
b8734c50e2 pkgsMusl.systemdMinimal: fix build
Use latest patches from OpenEmbedded.  pkgsMusl.systemd doesn't build
yet because pkgsMusl.libnetfilter_conntrack is currently broken.
2022-03-14 12:21:51 +00:00
Florian Klink
57230883fb
Merge pull request #162949 from alyssais/systemd-typos
systemd: fix a whole bunch of typos
2022-03-06 19:59:42 +01:00
Alyssa Ross
a0bfc8e7c1 systemd: update patchShebangs comment
We can't remove this yet even though we're on 250.3, because some more
crept in and weren't fixed in time for the release.
2022-03-06 10:12:19 -08:00
Alyssa Ross
479b1cb510
systemd: fix a whole bunch of typos 2022-03-06 00:58:59 +00:00
Florian Klink
f5c243d6c2 systemd: drop -Defi-ld=gold
As reported in
https://github.com/NixOS/nixpkgs/pull/156096#pullrequestreview-900986176,
this fails to build on EFI enabled RISC-V because the requested EFI
linker (efi-ld=gold) is unsupported. According to Wikipedia gold only
supports x86, x86-64, ARM, PowerPC, TileGX.

Removing this option alltogether will cause meson to figure out the
default linker by itself.
2022-03-05 21:28:08 +01:00
Jörg Thalheim
f592c5a7c4 systemd: do not patch test files
We do not run them, so it is unnecessary work.
2022-03-05 21:27:45 +01:00
Andreas Rammhold
49267a99d2 systemd: add the release timestamp into the build
This helps systemd during runtime to make decisions about the sanity of
the system clock. See the references news article for more details on
the matter.
2022-03-05 21:27:45 +01:00
Andreas Rammhold
e6280a6397 systemd: introduce withTests flag
This allows us to make test-only dependencies optional in builds that
aren't running tests (sadly all of our builds).
2022-03-05 21:27:45 +01:00
Andreas Rammhold
0c852e1fa6 systemd: remove unused lvm2 input 2022-03-05 21:27:45 +01:00
Andreas Rammhold
3ceeae830d systemdMinimal: don't set {libfido2,p11-kit,libgcrypt} to null
We don't have to do that as we already set all the feature flags to
null. Setting individual libraries to null instead of disabling their
feature flag will lead with bad example that will cause each of the
features to be disabled with multiple flags in the systemdMinimal
variant.

If a dependency is pulled in via another feature we should disable that
rather than setting it to null. Overriding a given package should be the
last resort.
2022-03-05 21:27:45 +01:00
Andreas Rammhold
3869ce784e systemd: 249.7 -> 250.3 2022-03-05 21:27:44 +01:00
Andreas Rammhold
0423158e10 systemd: reformat code with nixpkgs-fmt 2022-03-05 21:26:05 +01:00
Jörg Thalheim
b63e6649a6
systemd: add myself as maintainer, drop eelco 2022-02-09 18:50:27 +01:00
Guillaume Girol
0d5c5e46da
Merge pull request #157053 from lheckemann/systemd-optional-cryptsetup
nixos/systemd: only use cryptsetup units if systemd was built with it
2022-01-30 16:04:17 +00:00
Linus Heckemann
4b27d4f9f8 nixos/systemd: only use cryptsetup units if systemd was built with it 2022-01-30 12:00:37 +01:00
github-actions[bot]
b74b591fbe
Merge master into staging-next 2022-01-20 00:01:46 +00:00
Andreas Rammhold
31e5b8dc21
Remove myself from maintainers
I don't have time and energy to deal with all of this anymore.
2022-01-20 00:24:52 +01:00
Josh Hoffer
e7da4b5f40 systemd: removed unknown meson options 2022-01-11 12:51:09 +00:00
github-actions[bot]
75e029e297
Merge staging-next into staging 2021-12-14 00:02:27 +00:00
github-actions[bot]
420df1e082
Merge master into staging-next 2021-12-14 00:01:45 +00:00
Janne Heß
dac4f986ad
systemd: Add switchTest to passthru 2021-12-09 12:39:30 +01:00
ajs124
e2f009e5a2 systemd: reference upstream discussion for 0019-core-handle-lookup-paths-being-symlinks.patch 2021-12-07 09:10:09 +00:00
Arian van Putten
d4e4d27dff systemd: move systemd-tmpfiles-setup-dev.service back to early boot
It was originally moved because of nixops autoLuks feature which
has been unsupported for a while.

See:
* https://github.com/NixOS/nixpkgs/issues/62211
* https://github.com/NixOS/nixops/pull/1156#issuecomment-605339705

systemd-tmpfiles-setup-dev.service needs to run very  early (even before
udev runs) because udev rules assume static device nodes already exist
even before udev is started. If these static device nodes do not exist;
systemd might have trouble mounting filesystems that require static
device nodes (like loopfs and btrfs).
2021-12-06 14:40:07 +00:00
ajs124
32e30e84f6 systemd: align kmod-static-nodes.service with kmod paths 2021-12-06 14:39:41 +00:00
ajs124
84a769c071 systemd: 249.5 -> 249.7 2021-12-06 14:39:16 +00:00
Florian Klink
f4c450e862
Merge pull request #146573 from SuperSandro2000/systemd-coredump-zstd
Systemd coredump zstd, enable elfutils support for stack traces in coredump
2021-11-28 23:03:19 +01:00
Sandro Jäckel
9c9dffbf7a
systemd: enable elfutils support for stack traces in coredump 2021-11-19 02:55:14 +01:00
Sandro Jäckel
78d93d3698
systemd: enable zstd compression support 2021-11-19 02:54:49 +01:00
Anund
d216b21513 systemd: fix systemd-boot keyboard handling lockup
In v248 compiler weirdness and refactoring lead to the bootloader
erroring out handling keyboard input on some systems.
See https://github.com/systemd/systemd/issues/19191

This should be redundant in v249.6 when it officially gets tagged in
systemd-stable.

Closes https://github.com/NixOS/nixpkgs/issues/143847
2021-11-05 18:09:50 +11:00
Yureka
6ac494fefb systemd: add musl patches
Fixes build of pkgsMusl.systemdMinimal (and pkgsMusl.systemd if combined with
other fixes).
These patches are applied conditionally on purpose: They are not checked to
be properly guarded. They should not block future systemd upgrades.
Also see the original RFC section around musl systemd:
https://github.com/NixOS/rfcs/blob/master/rfcs/0023-musl-libc.md#systemd
2021-10-20 11:38:57 +02:00
Alyssa Ross
28e55bce8c
systemd: 249.4 -> 249.5
Some of Andi's patches have been upstreamed, so we don't need to apply
them ourselves any more.
2021-10-18 13:23:41 +00:00
Florian Klink
6b1bac2a23 systemd: fix typo in comment 2021-10-18 13:15:55 +02:00
Thomas Tuegel
1c95c92c59
systemd: regenerate patch list according to instructions 2021-10-16 08:49:53 -05:00
Thomas Tuegel
deffa7350d
systemd: remove compatibility patch for legacy Plasma 2021-10-16 08:44:35 -05:00
github-actions[bot]
b4569f7a81
Merge staging-next into staging 2021-10-08 00:02:10 +00:00
Ryan Burns
41574158a0 libgpg-error: rename from libgpgerror
Matches pname and upstream project name
2021-10-06 18:23:43 -07:00
Yurii Matsiuk
73ac07a127
systemd: add missing TPM2 build dependencies 2021-10-01 21:16:33 +02:00
Rick van Schijndel
eabd03a551 systemd: fix cross-compilation
Instead of patching the ld path, it's now specified as meson option
2021-09-18 06:37:20 +02:00
Andreas Rammhold
64556974b6
systemd: 247.6 -> 249.4
This updates systemd to version v249.4 from version v247.6.

Besides the many new features that can be found in the upstream
repository they also introduced a bunch of cleanup which ended up
requiring a few more patches on our side.

a) 0022-core-Handle-lookup-paths-being-symlinks.patch:
  The way symlinked units were handled was changed in such that the last
  name of a unit file within one of the unit directories
  (/run/systemd/system, /etc/systemd/system, ...) is used as the name
  for the unit. Unfortunately that code didn't take into account that
  the unit directories themselves could already be symlinks and thus
  caused all our units to be recognized slightly different.

  There is an upstream PR for this new patch:
    https://github.com/systemd/systemd/pull/20479

b) The way the APIVFS is setup has been changed in such a way that we
   now always have /run. This required a few changes to the
   confinement tests which did assert that they didn't exist. Instead of
   adding another patch we can just adopt the upstream behavior. An
   empty /run doesn't seem harmful.

   As part of this work I refactored the confinement test just a little
   bit to allow better debugging of test failures. Previously it would
   just fail at some point and it wasn't obvious which of the many
   commands failed or what the unexpected string was. This should now be
   more obvious.

c) Again related to the confinement tests the way a file was tested for
   being accessible was optimized. Previously systemd would in some
   situations open a file twice during that check. This was reduced to
   one operation but required the procfs to be mounted in a units
   namespace.

   An upstream bug was filed and fixed. We are now carrying the
   essential patch to fix that issue until it is backported to a new
   release (likely only version 250). The good part about this story is
   that upstream systemd now has a test case that looks very similar to
   one of our confinement tests. Hopefully that will lead to less
   friction in the long run.

   https://github.com/systemd/systemd/issues/20514
   https://github.com/systemd/systemd/pull/20515

d) Previously we could grep for dlopen( somewhat reliably but now
   upstream started using a wrapper around dlopen that is most of the
   time used with linebreaks. This makes using grep not ergonomic
   anymore.

   With this bump we are grepping for anything that looks like a
   dynamic library name (in contrast to a dlopen(3) call) and replace
   those instead. That seems more robust. Time will tell if this holds.

   I tried using coccinelle to patch all those call sites using its
   tooling but unfornately it does stumble upon the _cleanup_
   annotations that are very common in the systemd code.

e) We now have some machinery for libbpf support in our systemd build.
   That being said it doesn't actually work as generating some skeletons
   doesn't work just yet. It fails with the below error message and is
   disabled by default (in both minimal and the regular build).

   > FAILED: src/core/bpf/socket_bind/socket-bind.skel.h
   > /build/source/tools/build-bpf-skel.py --clang_exec /nix/store/x1bi2mkapk1m0zq2g02nr018qyjkdn7a-clang-wrapper-12.0.1/bin/clang --llvm_strip_exec /nix/store/zm0kqan9qc77x219yihmmisi9g3sg8ns-llvm-12.0.1/bin/llvm-strip --bpftool_exec /nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool --arch x86_64 ../src/core/bpf/socket_bind/socket-bind.bpf.c src/core/bpf/socket_bind/socket-bind.skel.h
   > libbpf: elf: socket_bind_bpf is not a valid eBPF object file
   > Error: failed to open BPF object file: BPF object format invalid
   > Traceback (most recent call last):
   >   File "/build/source/tools/build-bpf-skel.py", line 128, in <module>
   >     bpf_build(args)
   >   File "/build/source/tools/build-bpf-skel.py", line 92, in bpf_build
   >     gen_bpf_skeleton(bpftool_exec=args.bpftool_exec,
   >   File "/build/source/tools/build-bpf-skel.py", line 63, in gen_bpf_skeleton
   >     skel = subprocess.check_output(bpftool_args, universal_newlines=True)
   >   File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 424, in check_output
   >     return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
   >   File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 528, in run
   >     raise CalledProcessError(retcode, process.args,
   > subprocess.CalledProcessError: Command '['/nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool', 'g', 's', '../src/core/bpf/socket_bind/socket-bind.bpf.o']' returned non-zero exit status 255.
   > [102/1457] Compiling C object src/journal/libjournal-core.a.p/journald-server.c.oapture output)put)ut)
   > ninja: build stopped: subcommand failed.

  f) We do now have support for TPM2 based disk encryption in our
     systemd build. The actual bits and pieces to make use of that are
     missing but there are various ongoing efforts in that direction.
     There is also the story about systemd in our initrd to enable this
     being used for root volumes. None of this will yet work out of the
     box but we can start improving on that front.

  g) FIDO2 support was added systemd and consequently we can now use
     that. Just with TPM2 there hasn't been any integration work with
     NixOS and instead this just adds that capability to work on that.

Co-Authored-By: Jörg Thalheim <joerg@thalheim.io>
2021-09-12 23:45:49 +02:00
Alyssa Ross
071a7a4583
Merge remote-tracking branch 'nixpkgs/master' into staging-next 2021-09-03 18:23:45 +00:00
Graham Christensen
3677d4bc22 kexec-tools: rename from kexectools to match the project name 2021-09-03 10:17:21 -04:00
Sandro Jäckel
b6ac1dedf5 systemd: remove patchelf, coreutils from nativeBuildInputs as it is part of the stdenv 2021-07-26 13:18:38 +02:00
Sandro Jäckel
444292aae8 systemd: push version further down, use rec 2021-07-26 13:16:51 +02:00
Florian Klink
c5f0c9273b systemd: nixpkgs-fmt 2021-07-26 13:16:50 +02:00
Janne Heß
b361dcf0bd
systemd: Patch CVE-2021-33910 2021-07-20 15:27:15 +02:00
Alyssa Ross
24e4a4e40f systemd: don't manually enableParallelBuilding
This is automatic for Meson builds.
2021-05-12 11:57:35 +00:00
github-actions[bot]
e21fb16f9a
Merge master into staging-next 2021-05-08 06:20:05 +00:00
Silvan Mosberger
08d94fd2b0
Merge pull request #114374 from oxalica/lib/platform-support-check
lib.meta: introduce `availableOn` to check package availability on given platform
2021-05-08 03:54:36 +02:00
Alyssa Ross
a7dd5ca90f systemd: fix build 2021-04-30 14:06:53 +00:00
oxalica
354d262db8
lib.meta: introduce availableOn 2021-04-02 19:20:23 +08:00
Jörg Thalheim
1c3a4dbc0d systemd: 247.3 -> 247.6 2021-04-01 13:03:28 +02:00
Graham Christensen
e7d9750b5c
systemd: correct path to modprobe@.service
The unit hard-codes a path to modprobe which is obviously invalid.
2021-03-09 12:38:54 -05:00
Florian Klink
e373b423c7 systemd: drop /etc/systemd-mutable
This has only been used by Dysnomia, which has been removed from Nixpkgs
in https://github.com/NixOS/nixpkgs/pull/110799 after being broken for
more than a year.

If Dysnomia comes back, it can probably just use
/nix/var/nix/profiles/default/lib/systemd/system, or set its own systemd
flavour looking in that location via the `systemd.package`.
2021-02-12 12:53:20 +01:00
Florian Klink
2a19c18a74 systemd: add note about nixpkgs-fmt 2021-02-03 20:25:52 +01:00
Florian Klink
f61a3bf8e8 systemd: nixpkgs-fmt
This was recently introduced, and apparently not nixpkgs-fmt'ed.

While there's no global consensus on nixpkgs-fmt'ing everything,
indenting this by 2 more spaces won't hurt.
2021-02-03 18:56:07 +01:00
Florian Klink
49cb525712 systemd: 247.2 -> 247.3 2021-02-03 18:56:06 +01:00
Jonathan Ringer
9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of #109595

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Andreas Rammhold
494ed4d6ee
systemd: patch runtime dlopen calls
This ensures that all the features that are implemented via dlopen(3)
are available (or explicitly deactivated) by pointing dlopen to the
absolute store path instead of relying on the linkers runtime lookup
code.

All of the dlopen calls have to be handled. When new ones are introduced
by upstream (or one of our patches) those must be explicitly declared,
otherwise the build will fail.

As of systemd version 247 we've seen a few errors like `libpcre2.… not
found` when using e.g. --grep with journalctl. Those errors should
become less unexpected now.

There are generally two classes of dlopen calls. Those that we want to
support and those that should be deactivated / unsupported. This change
enforces that we handle all dlopen calls explicitly. Meaning: There is
not a single dlopen call in the code source tree that we did not
explicitly handle.

In order to do this I introduced a list of attributes that maps from
shared object name to the package that contains them. The package can be
null meaning the reference should be nuked and the shared object will
never be loadable during runtime (because it points at an invalid store
path location).
2021-01-03 11:50:01 +01:00
Florian Klink
91b8237b48 systemd: 247.1 -> 247.2
Contains the following fixes:

 - 937118a5b2 journalctl: don't skip the entries that have the same seqnum
 - e017ac6a26 sd-bus: use SOCK_CLOEXEC on one more socket
 - db31432861 resolved: create stub-resolv.conf symlink with correct security label
 - f2ec15e2e5 efi: Only use arm flags if supported
 - cd43eee770 core: detect_container() may return negative errno
 - 04be042a1f meson: Fix reallocarray check
 - 5e906f483b network: do not assume address ready callback is always set to static addresses
 - 2ad7a2a96a network: drop assertions to check link state in netlink callback handlers
 - f375c8cbb5 network: do not reconfigure interface when the link gains carrier but udev not initialized it yet
 - 5d4909decf veritysetup: also place udev socket dep
 - 57ddb74245 cryptsetup: Fix crypto device missing issue after bootup
 - d3c224d441 network: fix SIGABRT related to unreachable route with DHCP6
 - c91648cc83 network: revert previous changes to address_compare_func()
 - d8b5d8c8c3 udev: Fix sound.target dependency
 - 669107ae68 meson: specify correct libqrencode version in meson dep
 - c07dc6cedc udev: link_update() should fail if the entry in symlink dir couldn't have been created
 - 367006c806 man: document that automount units are privileged
 - 5129808141 logind: fix closing of button input devices
 - 37f06c91ef Update logind-button.c
 - 9e9fda0a2d async: add trivial cleanup wrapper for asynchronous_close()
 - 4a2ca1ca4a Silence cgroups v1 read-only filesystem warning
 - ed1f8f4ba2 manager: Fix HW watchdog when systemd starts before driver loaded
 - 383a747164 cgroup: Also set blkio.bfq.weight
 - 48d41091ac nss-resolve: varlink_call() set error_id only when r >= 0
 - 56daba2deb missing: Define several syscall numbers for Alpha arch
 - f2a4b96276 Don't assume /run/systemd exists when creating unit-root
 - 553530fdc7 mkosi: Add findutils to Fedora config
 - e42990dfe3 mkosi: Add rpm to Fedora BuildPackages as it's needed by pkg-config
 - 6bacd1d971 mkosi: Replace iptables-dev with libiptc-dev in debian config
 - f1fc515c21 dissect: don't declare unused variables on archs that have no GPT discovery
 - 30d0c3f58c resolved: synthesize NODATA instead of NXDOMAIN if gateway exists, but of other protocol
 - 538ebbd7f3 local-addresses: make returning accumulated list optional
 - 228a22bb63 resolved: improve log message when we use TCP a bit
 - aa31dd9128 network: ignore broadcast address for /31 or /32 addresses
 - 85607cc094 network: fix verification for broadcast address
 - dc6ad6482a network: do not set broadcast if prefixlen is 31 or 32
 - 39ee319c75 stub: don't ever respond to datagrams coming in on non-localhost addreses, on the stub
 - cbea0e5a83 resolved: never allow _gateway lookups to go to the network
 - c4df66816b resolved: lower SERVFAIL cache timeout from 30s to 10s
 - b5e39c20d9 dns-domain: try IDN2003 rules if IDN2008 doesn't work
 - 2c354cedd2 virt: Properly detect nested UML inside another hypervisor
 - 10f2cfb715 resolved: properly check per-link NTA list
 - a8437c07e4 meson: use '_' as separator in fuzz test names
 - 81ef7623c8 man: mention that --key= is about *secret* keys
 - 4ef70ecefc meson: check that cxx variable is set before using it
2020-12-17 07:29:04 +01:00
Charlotte Van Petegem
9b1aa17909
systemd: 247 -> 247.1 2020-12-13 16:35:01 +01:00
Jörg Thalheim
97b412d4a6 systemd: fix pc files
upstream decided to make this non-configurable... Lets' revert to the
version before.
2020-12-11 08:37:42 +01:00