From d9b1256f9328e43aacf741ca5b8887ffbe578a21 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Wed, 4 Sep 2019 01:35:49 +0200
Subject: [PATCH 1/4] systemd: 242 -> 243

---
 pkgs/os-specific/linux/systemd/default.nix | 24 ++++++++++------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 48f91521418..6f26a6b649f 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -18,28 +18,19 @@
 let
   pythonLxmlEnv = buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]);
 
-in stdenv.mkDerivation rec {
+in stdenv.mkDerivation {
+  version = "243";
   pname = "systemd";
-  # To whoever updates this to 239: check the todo on line 173.
-  version = "242";
 
   # When updating, use https://github.com/systemd/systemd-stable tree, not the development one!
   # Also fresh patches should be cherry-picked from that tree to our current one.
   src = fetchFromGitHub {
     owner = "NixOS";
     repo = "systemd";
-    rev = "5fb35fbc783516e2014115c3488134a2afb8494c";
-    sha256 = "0pyjvzzh8nnxv4z58n82lz1mjnzv44sylcjgkvw8sp35vx1ryxfh";
+    rev = "7019836a26ebdc1ba20c03d06dbb3a613833bd0f";
+    sha256 = "0ywaq5jfy177k4q5hwr43v66sz62l1bqhgyxs2vk9m1d5kvrjwk6";
   };
 
-  patches = [
-    (fetchpatch {
-      name = "CVE-2019-15718.patch";
-      url = https://github.com/systemd/systemd/pull/13457/commits/35e528018f315798d3bffcb592b32a0d8f5162bd.patch;
-      sha256 = "0m0ypnnllx4r6a2qy1586as15i2qrzxwi1sqdp14rzdwajz1rvnv";
-    })
-  ];
-
   outputs = [ "out" "lib" "man" "dev" ];
 
   nativeBuildInputs =
@@ -112,6 +103,13 @@ in stdenv.mkDerivation rec {
     "-Dsulogin-path=${utillinux}/bin/sulogin"
     "-Dmount-path=${utillinux}/bin/mount"
     "-Dumount-path=${utillinux}/bin/umount"
+    "-Dcreate-log-dirs=false"
+    # Upstream uses cgroupsv2 by default. To support docker and other
+    # container managers we still need v1.
+    "-Ddefault-hierarchy=hybrid"
+    # Upstream defaulted to disable manpages since they optimize for the much
+    # more frequent development builds
+    "-Dman=true"
   ];
 
   preConfigure = ''

From 2b605e96c289b5f43fc31f3c177d6622a2767142 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Wed, 4 Sep 2019 16:20:19 +0200
Subject: [PATCH 2/4] nixos/networkd: continue supporting 99-main with wildcard
 interface match

With systemd version 243 network units with empty match block will
generate warnigs. The reasoning seems to be that the intended behaviour
is hard to infere. Being explicit about really meaning any interface is
the reasonable thing here.

We want to get rid of this mechanism in the long run but as long as we
do not have a replacement we should stick with it and keep it in
reasonable good shape.
---
 nixos/modules/tasks/network-interfaces-systemd.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/tasks/network-interfaces-systemd.nix b/nixos/modules/tasks/network-interfaces-systemd.nix
index f5a593211ef..34e27066715 100644
--- a/nixos/modules/tasks/network-interfaces-systemd.nix
+++ b/nixos/modules/tasks/network-interfaces-systemd.nix
@@ -72,7 +72,15 @@ in
           };
       in mkMerge [ {
         enable = true;
-        networks."99-main" = genericNetwork mkDefault;
+        networks."99-main" = (genericNetwork mkDefault) // {
+          # We keep the "broken" behaviour of applying this to all interfaces.
+          # In general we want to get rid of this workaround but there hasn't
+          # been any work on that.
+          # See the following issues for details:
+          # - https://github.com/NixOS/nixpkgs/issues/18962
+          # - https://github.com/NixOS/nixpkgs/issues/61629
+          matchConfig = mkDefault { Name = "*"; };
+        };
       }
       (mkMerge (forEach interfaces (i: {
         netdevs = mkIf i.virtual ({

From f59b4cb8d545d3bb1bd954f9e3267cb7ebec3557 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Sat, 7 Sep 2019 01:33:33 +0200
Subject: [PATCH 3/4] nixos/tests/login: fix the seat test by loading sound
 drivers

It turned out that /dev/snd/* always exists even if there are no sound
drivers loaded at all. Loading `snd` and `snd_timer` fixes that
situation. It is probably fair to assume someone that wants to use sound
also enables that in the NixOS configuration.
---
 nixos/tests/login.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix
index 9844ad492e8..2a7c063d303 100644
--- a/nixos/tests/login.nix
+++ b/nixos/tests/login.nix
@@ -9,6 +9,7 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }:
   machine =
     { pkgs, lib, ... }:
     { boot.kernelPackages = lib.mkIf latestKernel pkgs.linuxPackages_latest;
+      sound.enable = true; # needed for the factl test, /dev/snd/* exists without them but udev doesn't care then
     };
 
   testScript =

From 9c06aae94ad42aba50c7ff3c503ddcb362f4a80e Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Sat, 7 Sep 2019 16:55:01 +0200
Subject: [PATCH 4/4] systemd: add myself as maintainer

---
 pkgs/os-specific/linux/systemd/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 6f26a6b649f..90b33e183ce 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -231,6 +231,6 @@ in stdenv.mkDerivation {
     license = licenses.lgpl21Plus;
     platforms = platforms.linux;
     priority = 10;
-    maintainers = [ maintainers.eelco ];
+    maintainers = with maintainers; [ eelco andir ];
   };
 }