From 853018124668d83bc17815da52d0e68b1a163eb7 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Fri, 1 Jul 2016 03:51:01 +0300
Subject: [PATCH 01/44] kbd: add system-wise search paths for NixOS

---
 pkgs/os-specific/linux/kbd/default.nix        | 17 ++--
 pkgs/os-specific/linux/kbd/search-paths.patch | 77 +++++++++++++++++++
 2 files changed, 87 insertions(+), 7 deletions(-)
 create mode 100644 pkgs/os-specific/linux/kbd/search-paths.patch

diff --git a/pkgs/os-specific/linux/kbd/default.nix b/pkgs/os-specific/linux/kbd/default.nix
index fddaa84a824..39da6d2a557 100644
--- a/pkgs/os-specific/linux/kbd/default.nix
+++ b/pkgs/os-specific/linux/kbd/default.nix
@@ -1,7 +1,8 @@
-{ stdenv, fetchurl, autoreconfHook, gzip, bzip2, pkgconfig, check, pam }:
+{ stdenv, fetchurl, autoreconfHook, gzip, bzip2, pkgconfig, flex, check, pam }:
 
 stdenv.mkDerivation rec {
-  name = "kbd-2.0.3";
+  name = "kbd-${version}";
+  version = "2.0.3";
 
   src = fetchurl {
     url = "mirror://kernel/linux/utils/kbd/${name}.tar.xz";
@@ -26,7 +27,7 @@ stdenv.mkDerivation rec {
     "--disable-nls"
   ];
 
-  patches = [ ./console-fix.patch ];
+  patches = [ ./console-fix.patch ./search-paths.patch ];
 
   postPatch =
     ''
@@ -49,13 +50,15 @@ stdenv.mkDerivation rec {
       ''}
     '';
 
-  buildInputs = [ autoreconfHook pkgconfig check pam ];
+  buildInputs = [ check pam ];
+  nativeBuildInputs = [ autoreconfHook pkgconfig flex ];
 
-  makeFlags = "setowner= ";
+  makeFlags = [ "setowner=" ];
 
-  meta = {
+  meta = with stdenv.lib; {
     homepage = ftp://ftp.altlinux.org/pub/people/legion/kbd/;
     description = "Linux keyboard utilities and keyboard maps";
-    platforms = stdenv.lib.platforms.linux;
+    platforms = platforms.linux;
+    licenses = licenses.gpl2Plus;
   };
 }
diff --git a/pkgs/os-specific/linux/kbd/search-paths.patch b/pkgs/os-specific/linux/kbd/search-paths.patch
new file mode 100644
index 00000000000..66a56041481
--- /dev/null
+++ b/pkgs/os-specific/linux/kbd/search-paths.patch
@@ -0,0 +1,77 @@
+diff -ru3 kbd-2.0.3-old/src/libkeymap/analyze.l kbd-2.0.3/src/libkeymap/analyze.l
+--- kbd-2.0.3-old/src/libkeymap/analyze.l	2016-07-03 02:31:28.258958092 +0300
++++ kbd-2.0.3/src/libkeymap/analyze.l	2016-07-03 02:44:53.042592223 +0300
+@@ -99,6 +99,9 @@
+ static const char *const include_dirpath0[] = { "", 0 };
+ static const char *const include_dirpath1[] = { "", "../include/", "../../include/", 0 };
+ static const char *const include_dirpath3[] = {
++	"/etc/kbd/" KEYMAPDIR "/include/",
++	"/etc/kbd/" KEYMAPDIR "/i386/include/",
++	"/etc/kbd/" KEYMAPDIR "/mac/include/",
+ 	DATADIR "/" KEYMAPDIR "/include/",
+ 	DATADIR "/" KEYMAPDIR "/i386/include/",
+ 	DATADIR "/" KEYMAPDIR "/mac/include/", 0
+diff -ru3 kbd-2.0.3-old/src/loadkeys.c kbd-2.0.3/src/loadkeys.c
+--- kbd-2.0.3-old/src/loadkeys.c	2016-07-03 02:31:28.260958091 +0300
++++ kbd-2.0.3/src/loadkeys.c	2016-07-03 02:34:34.123871103 +0300
+@@ -26,7 +26,7 @@
+ #include "keymap.h"
+ 
+ static const char *progname = NULL;
+-static const char *const dirpath1[] = { "", DATADIR "/" KEYMAPDIR "/**", KERNDIR "/", 0 };
++static const char *const dirpath1[] = { "", "/etc/kbd/" KEYMAPDIR "/**", DATADIR "/" KEYMAPDIR "/**", 0 };
+ static const char *const suffixes[] = { "", ".kmap", ".map", 0 };
+ 
+ static void __attribute__ ((noreturn))
+diff -ru3 kbd-2.0.3-old/src/loadunimap.c kbd-2.0.3/src/loadunimap.c
+--- kbd-2.0.3-old/src/loadunimap.c	2016-07-03 02:31:28.259958091 +0300
++++ kbd-2.0.3/src/loadunimap.c	2016-07-03 02:33:06.803911971 +0300
+@@ -28,7 +28,7 @@
+ extern char *progname;
+ extern int force;
+ 
+-static const char *const unidirpath[] = { "", DATADIR "/" UNIMAPDIR "/", 0 };
++static const char *const unidirpath[] = { "", "/etc/kbd/" UNIMAPDIR "/", DATADIR "/" UNIMAPDIR "/", 0 };
+ static const char *const unisuffixes[] = { "", ".uni", ".sfm", 0 };
+ 
+ #ifdef MAIN
+diff -ru3 kbd-2.0.3-old/src/mapscrn.c kbd-2.0.3/src/mapscrn.c
+--- kbd-2.0.3-old/src/mapscrn.c	2016-07-03 02:31:28.260958091 +0300
++++ kbd-2.0.3/src/mapscrn.c	2016-07-03 02:33:21.119905270 +0300
+@@ -25,7 +25,7 @@
+ static int ctoi (char *);
+ 
+ /* search for the map file in these directories (with trailing /) */
+-static const char *const mapdirpath[] = { "", DATADIR "/" TRANSDIR "/", 0 };
++static const char *const mapdirpath[] = { "", "/etc/kbd/" TRANSDIR "/", DATADIR "/" TRANSDIR "/", 0 };
+ static const char *const mapsuffixes[] = { "", ".trans", "_to_uni.trans", ".acm", 0 };
+ 
+ #ifdef MAIN
+diff -ru3 kbd-2.0.3-old/src/resizecons.c kbd-2.0.3/src/resizecons.c
+--- kbd-2.0.3-old/src/resizecons.c	2016-07-03 02:31:28.260958091 +0300
++++ kbd-2.0.3/src/resizecons.c	2016-07-03 02:33:32.253900060 +0300
+@@ -100,7 +100,7 @@
+ static void vga_set_cursor(int, int);
+ static void vga_set_verticaldisplayend_lowbyte(int);
+ 
+-const char *const dirpath[] = { "", DATADIR "/" VIDEOMODEDIR "/", 0};
++const char *const dirpath[] = { "", "/etc/kbd/" VIDEOMODEDIR "/", DATADIR "/" VIDEOMODEDIR "/", 0};
+ const char *const suffixes[] = { "", 0 };
+ 
+ int
+diff -ru3 kbd-2.0.3-old/src/setfont.c kbd-2.0.3/src/setfont.c
+--- kbd-2.0.3-old/src/setfont.c	2016-07-03 02:31:28.260958091 +0300
++++ kbd-2.0.3/src/setfont.c	2016-07-03 02:33:54.315889734 +0300
+@@ -51,10 +51,10 @@
+ int debug = 0;
+ 
+ /* search for the font in these directories (with trailing /) */
+-const char *const fontdirpath[] = { "", DATADIR "/" FONTDIR "/", 0 };
++const char *const fontdirpath[] = { "", "/etc/kbd/" FONTDIR "/", DATADIR "/" FONTDIR "/", 0 };
+ const char *const fontsuffixes[] = { "", ".psfu", ".psf", ".cp", ".fnt", 0 };
+ /* hide partial fonts a bit - loading a single one is a bad idea */
+-const char *const partfontdirpath[] = { "", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 };
++const char *const partfontdirpath[] = { "", "/etc/kbd/" FONTDIR "/" PARTIALDIR "/", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 };
+ const char *const partfontsuffixes[] = { "", 0 };
+ 
+ static inline int

From 489bbf0609f3a7fda0bf0ba89b7d7a1dc902e2eb Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Sun, 3 Jul 2016 03:28:29 +0300
Subject: [PATCH 02/44] kbd service: drop a comment now when we do restart
 vconsole setup

---
 nixos/modules/tasks/kbd.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
index 02721bb3bea..c1087ce4783 100644
--- a/nixos/modules/tasks/kbd.nix
+++ b/nixos/modules/tasks/kbd.nix
@@ -52,8 +52,7 @@ in
       environment.systemPackages = [ pkgs.kbd ];
 
       # Let systemd-vconsole-setup.service do the work of setting up the
-      # virtual consoles.  FIXME: trigger a restart of
-      # systemd-vconsole-setup.service if /etc/vconsole.conf changes.
+      # virtual consoles.
       environment.etc = [ {
         target = "vconsole.conf";
         source = vconsoleConf;

From 6c11d9dd55b7dab91fe54ab17f739df74f9b4b2c Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Sun, 3 Jul 2016 03:29:21 +0300
Subject: [PATCH 03/44] kbd service: add system-wise console resources

---
 nixos/modules/config/i18n.nix |  9 +++++++++
 nixos/modules/tasks/kbd.nix   | 15 ++++++++++-----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix
index b20fac6ad3e..2dc0df85e5f 100644
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@@ -41,6 +41,15 @@ in
         '';
       };
 
+      consolePackages = mkOption {
+        type = types.listOf types.package;
+        default = [];
+        description = ''
+	  List of additional packages that provide console fonts, keymaps and
+          other resources.
+        '';
+      };
+
       consoleFont = mkOption {
         type = types.str;
         default = "Lat2-Terminus16";
diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
index c1087ce4783..dd89804d43a 100644
--- a/nixos/modules/tasks/kbd.nix
+++ b/nixos/modules/tasks/kbd.nix
@@ -13,6 +13,12 @@ let
     ${colors}
   '';
 
+  kbdEnv = pkgs.buildEnv {
+    name = "kbd-env";
+    paths = [ pkgs.kbd ] ++ config.i18n.consolePackages;
+    pathsToLink = [ "/share/consolefonts" "/share/consoletrans" "/share/keymaps" "/share/unimaps" ];
+  };
+
   setVconsole = !config.boot.isContainer;
 in
 
@@ -53,10 +59,9 @@ in
 
       # Let systemd-vconsole-setup.service do the work of setting up the
       # virtual consoles.
-      environment.etc = [ {
-        target = "vconsole.conf";
-        source = vconsoleConf;
-      } ];
+      environment.etc."vconsole.conf".source = vconsoleConf;
+      # Provide kbd with additional packages.
+      environment.etc."kbd".source = "${kbdEnv}/share";
 
       # This is identical to the systemd-vconsole-setup.service unit
       # shipped with systemd, except that it uses /dev/tty1 instead of
@@ -66,7 +71,7 @@ in
         { wantedBy = [ "multi-user.target" ];
           before = [ "display-manager.service" ];
           after = [ "systemd-udev-settle.service" ];
-          restartTriggers = [ vconsoleConf ];
+          restartTriggers = [ vconsoleConf kbdEnv ];
         };
     })
   ];

From c89843b604129de19a97643af4aef0f410fce3cf Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Fri, 1 Jul 2016 03:51:24 +0300
Subject: [PATCH 04/44] kbd: split keymaps into kbdKeymaps

---
 nixos/modules/config/i18n.nix          |  2 +-
 pkgs/os-specific/linux/kbd/default.nix | 18 +------------
 pkgs/os-specific/linux/kbd/keymaps.nix | 35 ++++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix        |  2 ++
 4 files changed, 39 insertions(+), 18 deletions(-)
 create mode 100644 pkgs/os-specific/linux/kbd/keymaps.nix

diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix
index 2dc0df85e5f..e341931aacc 100644
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@@ -43,7 +43,7 @@ in
 
       consolePackages = mkOption {
         type = types.listOf types.package;
-        default = [];
+        default = with pkgs.kbdKeymaps; [ dvp neo ];
         description = ''
 	  List of additional packages that provide console fonts, keymaps and
           other resources.
diff --git a/pkgs/os-specific/linux/kbd/default.nix b/pkgs/os-specific/linux/kbd/default.nix
index 39da6d2a557..a3f21b51b06 100644
--- a/pkgs/os-specific/linux/kbd/default.nix
+++ b/pkgs/os-specific/linux/kbd/default.nix
@@ -9,18 +9,6 @@ stdenv.mkDerivation rec {
     sha256 = "0ppv953gn2zylcagr4z6zg5y2x93dxrml29plypg6xgbq3hrv2bs";
   };
 
-  /* Get the dvorak programmer keymap (present in X but not in kbd) */
-  dvpSrc = fetchurl {
-    url = "http://kaufmann.no/downloads/linux/dvp-1_2_1.map.gz";
-    sha256 = "0e859211cfe16a18a3b9cbf2ca3e280a23a79b4e40b60d8d01d0fde7336b6d50";
-  };
-
-  neoSrc = fetchurl {
-    name = "neo.map";
-    url = "https://svn.neo-layout.org/linux/console/neo.map?r=2455";
-    sha256 = "1wlgp09wq84hml60hi4ls6d4zna7vhycyg40iipyh1279i91hsx7";
-  };
-
   configureFlags = [
     "--enable-optional-progs"
     "--enable-libkeymap"
@@ -31,13 +19,9 @@ stdenv.mkDerivation rec {
 
   postPatch =
     ''
-      mkdir -p data/keymaps/i386/neo
-      cat "$neoSrc" > data/keymaps/i386/neo/neo.map
+      # Add Neo keymap subdirectory
       sed -i -e 's,^KEYMAPSUBDIRS *= *,&i386/neo ,' data/Makefile.am
 
-      # Add the dvp keyboard in the dvorak folder
-      ${gzip}/bin/gzip -c -d ${dvpSrc} > data/keymaps/i386/dvorak/dvp.map
-
       # Fix the path to gzip/bzip2.
       substituteInPlace src/libkeymap/findfile.c \
         --replace gzip ${gzip}/bin/gzip \
diff --git a/pkgs/os-specific/linux/kbd/keymaps.nix b/pkgs/os-specific/linux/kbd/keymaps.nix
new file mode 100644
index 00000000000..ecb7045ed27
--- /dev/null
+++ b/pkgs/os-specific/linux/kbd/keymaps.nix
@@ -0,0 +1,35 @@
+{ stdenv, lib, fetchurl, gzip }:
+
+{
+  dvp = stdenv.mkDerivation rec {
+    name = "dvp-${version}";
+    version = "1.2.1";
+
+    src = fetchurl {
+      url = "http://kaufmann.no/downloads/linux/dvp-${lib.replaceStrings ["."] ["_"] version}.map.gz";
+      sha256 = "0e859211cfe16a18a3b9cbf2ca3e280a23a79b4e40b60d8d01d0fde7336b6d50";
+    };
+
+    nativeBuildInputs = [ gzip ];
+
+    buildCommand = ''
+      mkdir -p $out/share/keymaps/i386/dvorak
+      gzip -c -d $src > $out/share/keymaps/i386/dvorak/dvp.map
+    '';
+  };
+
+  neo = stdenv.mkDerivation rec {
+    name = "neo-${version}";
+    version = "2476";
+
+    src = fetchurl {
+      name = "neo.map";
+      url = "https://svn.neo-layout.org/linux/console/neo.map?r=${version}";
+      sha256 = "19mfrd31vzpsjiwc7pshxm0b0sz5dd17xrz6k079cy4im1vf0r4g";
+    };
+
+    buildCommand = ''
+      install -D $src $out/share/keymaps/i386/neo/neo.map
+    '';
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b2cbe0fd03f..3394dde88a4 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10723,6 +10723,8 @@ in
 
   kbd = callPackage ../os-specific/linux/kbd { };
 
+  kbdKeymaps = callPackage ../os-specific/linux/kbd/keymaps.nix { };
+
   kbdlight = callPackage ../os-specific/linux/kbdlight { };
 
   kmscon = callPackage ../os-specific/linux/kmscon { };

From 1ac6f1fe259346ea1d058436ab80c8c47703e101 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 7 Jul 2016 02:50:30 +0300
Subject: [PATCH 05/44] systemd: update fork revision

---
 pkgs/os-specific/linux/systemd/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 0ba6c431c9f..640e3db2a55 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
   src = fetchFromGitHub {
     owner = "NixOS";
     repo = "systemd";
-    rev = "4ccee551f2ba8383c8b9bd06590a3cd1dfdf690f";
-    sha256 = "1i4my5z7f8g5bykv1vxyw1az66s087lfqrck79kdm4hgvb4lsk6y";
+    rev = "81d5aaac06b43fd72f5ab02734a17cbfb55d1f5b";
+    sha256 = "1ig7jwmvaa1r4qlngjpnvvvvxhmzbxr171d257q4ryf87l93g1an";
   };
 
   patches = [ ./hwdb-location.diff ];

From 8bbfba48c47f22e6e91becc6fcd90a8f48940ec9 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 7 Jul 2016 02:51:03 +0300
Subject: [PATCH 06/44] systemd: move hwdb patch to the fork itself

---
 pkgs/os-specific/linux/systemd/default.nix    |  2 --
 .../linux/systemd/hwdb-location.diff          | 19 -------------------
 2 files changed, 21 deletions(-)
 delete mode 100644 pkgs/os-specific/linux/systemd/hwdb-location.diff

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 640e3db2a55..e3a49e68dd3 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -20,8 +20,6 @@ stdenv.mkDerivation rec {
     sha256 = "1ig7jwmvaa1r4qlngjpnvvvvxhmzbxr171d257q4ryf87l93g1an";
   };
 
-  patches = [ ./hwdb-location.diff ];
-
   /* gave up for now!
   outputs = [ "out" "libudev" "doc" ]; # maybe: "dev"
   # note: there are many references to ${systemd}/...
diff --git a/pkgs/os-specific/linux/systemd/hwdb-location.diff b/pkgs/os-specific/linux/systemd/hwdb-location.diff
deleted file mode 100644
index 31e7a027f50..00000000000
--- a/pkgs/os-specific/linux/systemd/hwdb-location.diff
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c
-index 06c9831..e74825c 100644
---- a/src/libsystemd/sd-hwdb/sd-hwdb.c
-+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c
-@@ -268,13 +268,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) {
- }
- 
- static const char hwdb_bin_paths[] =
--        "/etc/systemd/hwdb/hwdb.bin\0"
-         "/etc/udev/hwdb.bin\0"
--        "/usr/lib/systemd/hwdb/hwdb.bin\0"
--#ifdef HAVE_SPLIT_USR
--        "/lib/systemd/hwdb/hwdb.bin\0"
--#endif
--        UDEVLIBEXECDIR "/hwdb.bin\0";
-+        ;
- 
- _public_ int sd_hwdb_new(sd_hwdb **ret) {
-         _cleanup_hwdb_unref_ sd_hwdb *hwdb = NULL;

From 00e67f0df000268a0bd5cefb81f4c32068a33420 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 7 Jul 2016 02:51:20 +0300
Subject: [PATCH 07/44] systemd: use plymouth from system path

---
 pkgs/os-specific/linux/systemd/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index e3a49e68dd3..05cef1ffd50 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -97,7 +97,8 @@ stdenv.mkDerivation rec {
           --replace /bin/echo ${coreutils}/bin/echo \
           --replace /bin/cat ${coreutils}/bin/cat \
           --replace /sbin/sulogin ${utillinux.bin}/sbin/sulogin \
-          --replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck
+          --replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck \
+          --replace /bin/plymouth /run/current-system/sw/bin/plymouth # To avoid dependency
       done
 
       substituteInPlace src/journal/catalog.c \

From da97ba359e5aac17c2a3eab5fd787b169d72dd05 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Fri, 8 Jul 2016 18:32:17 +0300
Subject: [PATCH 08/44] busybox: set default keymap path

---
 pkgs/os-specific/linux/busybox/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix
index fa6591701a6..b04f7855fef 100644
--- a/pkgs/os-specific/linux/busybox/default.nix
+++ b/pkgs/os-specific/linux/busybox/default.nix
@@ -56,6 +56,9 @@ stdenv.mkDerivation rec {
     CONFIG_FEATURE_MOUNT_CIFS n
     CONFIG_FEATURE_MOUNT_HELPERS y
 
+    # Set paths for console fonts.
+    CONFIG_DEFAULT_SETFONT_DIR "/etc/kbd"
+
     ${extraConfig}
     $extraCrossConfig
     EOF

From 5622226d5b3043d5a6239b4c4f28e64fdbbaaba2 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Sun, 3 Jul 2016 03:28:29 +0300
Subject: [PATCH 09/44] kbd service: drop a comment now when we do restart
 vconsole setup

---
 nixos/modules/tasks/kbd.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
index 02721bb3bea..c1087ce4783 100644
--- a/nixos/modules/tasks/kbd.nix
+++ b/nixos/modules/tasks/kbd.nix
@@ -52,8 +52,7 @@ in
       environment.systemPackages = [ pkgs.kbd ];
 
       # Let systemd-vconsole-setup.service do the work of setting up the
-      # virtual consoles.  FIXME: trigger a restart of
-      # systemd-vconsole-setup.service if /etc/vconsole.conf changes.
+      # virtual consoles.
       environment.etc = [ {
         target = "vconsole.conf";
         source = vconsoleConf;

From 803b1eedd65337e18c54d413f4bbbcbcba772e53 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Sun, 3 Jul 2016 03:29:21 +0300
Subject: [PATCH 10/44] kbd service: add system-wise console resources

---
 nixos/modules/config/i18n.nix |  9 +++++++++
 nixos/modules/tasks/kbd.nix   | 15 ++++++++++-----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix
index b20fac6ad3e..2dc0df85e5f 100644
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@@ -41,6 +41,15 @@ in
         '';
       };
 
+      consolePackages = mkOption {
+        type = types.listOf types.package;
+        default = [];
+        description = ''
+	  List of additional packages that provide console fonts, keymaps and
+          other resources.
+        '';
+      };
+
       consoleFont = mkOption {
         type = types.str;
         default = "Lat2-Terminus16";
diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
index c1087ce4783..dd89804d43a 100644
--- a/nixos/modules/tasks/kbd.nix
+++ b/nixos/modules/tasks/kbd.nix
@@ -13,6 +13,12 @@ let
     ${colors}
   '';
 
+  kbdEnv = pkgs.buildEnv {
+    name = "kbd-env";
+    paths = [ pkgs.kbd ] ++ config.i18n.consolePackages;
+    pathsToLink = [ "/share/consolefonts" "/share/consoletrans" "/share/keymaps" "/share/unimaps" ];
+  };
+
   setVconsole = !config.boot.isContainer;
 in
 
@@ -53,10 +59,9 @@ in
 
       # Let systemd-vconsole-setup.service do the work of setting up the
       # virtual consoles.
-      environment.etc = [ {
-        target = "vconsole.conf";
-        source = vconsoleConf;
-      } ];
+      environment.etc."vconsole.conf".source = vconsoleConf;
+      # Provide kbd with additional packages.
+      environment.etc."kbd".source = "${kbdEnv}/share";
 
       # This is identical to the systemd-vconsole-setup.service unit
       # shipped with systemd, except that it uses /dev/tty1 instead of
@@ -66,7 +71,7 @@ in
         { wantedBy = [ "multi-user.target" ];
           before = [ "display-manager.service" ];
           after = [ "systemd-udev-settle.service" ];
-          restartTriggers = [ vconsoleConf ];
+          restartTriggers = [ vconsoleConf kbdEnv ];
         };
     })
   ];

From 9e48baa716f17385b4850377f11e16c33d75cac1 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Fri, 8 Jul 2016 20:01:42 +0300
Subject: [PATCH 11/44] kbd service: add support for early loading of fonts and
 keymaps

---
 nixos/modules/tasks/kbd.nix | 100 +++++++++++++++++++++++++++---------
 1 file changed, 75 insertions(+), 25 deletions(-)

diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
index dd89804d43a..5a49b09d635 100644
--- a/nixos/modules/tasks/kbd.nix
+++ b/nixos/modules/tasks/kbd.nix
@@ -5,20 +5,33 @@ with lib;
 let
 
   makeColor = n: value: "COLOR_${toString n}=${value}";
+  makeColorCS =
+    let positions = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "A" "B" "C" "D" "E" "F" ];
+    in n: value: "\033]P${elemAt position n}${value}";
   colors = concatImapStringsSep "\n" makeColor config.i18n.consoleColors;
 
-  vconsoleConf = pkgs.writeText "vconsole.conf" ''
-    KEYMAP=${config.i18n.consoleKeyMap}
-    FONT=${config.i18n.consoleFont}
-    ${colors}
-  '';
-
   kbdEnv = pkgs.buildEnv {
     name = "kbd-env";
     paths = [ pkgs.kbd ] ++ config.i18n.consolePackages;
     pathsToLink = [ "/share/consolefonts" "/share/consoletrans" "/share/keymaps" "/share/unimaps" ];
   };
 
+  isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale);
+
+  optimizedKeymap = pkgs.runCommand "keymap" {
+    nativeBuildInputs = [ pkgs.kbd ];
+  } ''
+    cd ${kbdEnv}/share/keymaps
+    loadkeys -b ${optionalString isUnicode "-u"} "${config.i18n.consoleKeyMap}" > $out
+  '';
+
+  # Sadly, systemd-vconsole-setup doesn't support binary keymaps.
+  vconsoleConf = pkgs.writeText "vconsole.conf" ''
+    KEYMAP=${config.i18n.consoleKeyMap}
+    FONT=${config.i18n.consoleFont}
+    ${colors}
+  '';
+
   setVconsole = !config.boot.isContainer;
 in
 
@@ -44,36 +57,73 @@ in
       '';
     };
 
+    boot.earlyVconsoleSetup = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Enable setting font and keymap as early as possible (in initrd).
+      '';
+    };
+
   };
 
 
   ###### implementation
 
   config = mkMerge [
-    (mkIf (!setVconsole) {
+    (mkIf (!setVconsole || (setVconsole && config.boot.earlyVconsoleSetup)) {
       systemd.services."systemd-vconsole-setup".enable = false;
     })
 
-    (mkIf setVconsole {
-      environment.systemPackages = [ pkgs.kbd ];
+    (mkIf setVconsole (mkMerge [
+      { environment.systemPackages = [ pkgs.kbd ];
 
-      # Let systemd-vconsole-setup.service do the work of setting up the
-      # virtual consoles.
-      environment.etc."vconsole.conf".source = vconsoleConf;
-      # Provide kbd with additional packages.
-      environment.etc."kbd".source = "${kbdEnv}/share";
+        # Let systemd-vconsole-setup.service do the work of setting up the
+        # virtual consoles.
+        environment.etc."vconsole.conf".source = vconsoleConf;
+      }
 
-      # This is identical to the systemd-vconsole-setup.service unit
-      # shipped with systemd, except that it uses /dev/tty1 instead of
-      # /dev/tty0 to prevent putting the X server in non-raw mode, and
-      # it has a restart trigger.
-      systemd.services."systemd-vconsole-setup" =
-        { wantedBy = [ "multi-user.target" ];
-          before = [ "display-manager.service" ];
-          after = [ "systemd-udev-settle.service" ];
-          restartTriggers = [ vconsoleConf kbdEnv ];
-        };
-    })
+      (mkIf (!config.boot.earlyVconsoleSetup) {
+        # This is identical to the systemd-vconsole-setup.service unit
+        # shipped with systemd, except that it uses /dev/tty1 instead of
+        # /dev/tty0 to prevent putting the X server in non-raw mode, and
+        # it has a restart trigger.
+        systemd.services."systemd-vconsole-setup" =
+          { wantedBy = [ "sysinit.target" ];
+            before = [ "display-manager.service" ];
+            after = [ "systemd-udev-settle.service" ];
+            restartTriggers = [ vconsoleConf ];
+          };
+      })
+
+      (mkIf config.boot.earlyVconsoleSetup {
+        boot.initrd.extraUtilsCommands = ''
+          mkdir -p $out/share/consolefonts
+          ${if substring 0 1 config.i18n.consoleFont == "/" then ''
+            font="${config.i18n.consoleFont}"
+          '' else ''
+            font="$(echo ${kbdEnv}/share/consolefonts/${config.i18n.consoleFont}.*)"
+          ''}
+          if [[ $font == *.gz ]]; then
+            gzip -cd $font > $out/share/consolefonts/font.psf
+          else
+            cp -L $font $out/share/consolefonts/font.psf
+          fi
+        '';
+
+        boot.initrd.preLVMCommands = mkBefore ''
+          kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
+          printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
+          loadkmap < ${optimizedKeymap}
+
+          setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
+
+          ${concatImapStringsSep "\n" (n: color: ''
+            printf "${makeColorCS n color}" >> /dev/console
+          '') config.i18n.consoleColors}
+        '';
+      })
+    ]))
   ];
 
 }

From ff3e7d2b4bebca772d22c7d75bc91204c0cf6316 Mon Sep 17 00:00:00 2001
From: Cireo <reid.price@gmail.com>
Date: Thu, 7 Jul 2016 13:35:08 -0700
Subject: [PATCH 12/44] patchShebangs: strip trailing whitespace

Prior to this commit, trailing whitespace would be introduced when
modifying '#!' lines with no arguments.  For example (whitespace added):

    /nix/store/.../foo: interpreter directive changed
        from "/bin/bash"
          to "/nix/store/...-bash-4.3-p42/bin/bash  "

    /nix/store/.../bar: interpreter directive changed
        from "/bin/baz wef"
          to "/nix/store/...-baz wef "

We add a sed command to strip trailing whitespace, so the above commands
would drop the two spaces after "bash", or the one space after "baz wef".

abbradar: fixed commit title

Closes #16785.
---
 pkgs/build-support/setup-hooks/patch-shebangs.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh
index 38660718d0e..f3ecfdd96e8 100644
--- a/pkgs/build-support/setup-hooks/patch-shebangs.sh
+++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh
@@ -46,7 +46,8 @@ patchShebangs() {
             args="$arg0 $args"
         fi
 
-        newInterpreterLine="$newPath $args"
+        # Strip trailing whitespace introduced when no arguments are present
+        newInterpreterLine=$(echo "$newPath $args" | sed 's/[[:space:]]*$//')
 
         if [ -n "$oldPath" -a "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ]; then
             if [ -n "$newPath" -a "$newPath" != "$oldPath" ]; then

From d43bde5f2ba0c26f62449e14ccd847d507a31711 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Sat, 9 Jul 2016 03:05:11 +0300
Subject: [PATCH 13/44] patchShebangs: quote variable assignment

---
 pkgs/build-support/setup-hooks/patch-shebangs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh
index f3ecfdd96e8..4317a5f4dad 100644
--- a/pkgs/build-support/setup-hooks/patch-shebangs.sh
+++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh
@@ -47,7 +47,7 @@ patchShebangs() {
         fi
 
         # Strip trailing whitespace introduced when no arguments are present
-        newInterpreterLine=$(echo "$newPath $args" | sed 's/[[:space:]]*$//')
+        newInterpreterLine="$(echo "$newPath $args" | sed 's/[[:space:]]*$//')"
 
         if [ -n "$oldPath" -a "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ]; then
             if [ -n "$newPath" -a "$newPath" != "$oldPath" ]; then

From 4e09623b6f110088d987717460e818af4a2e1bc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sun, 3 Jul 2016 17:05:20 +0200
Subject: [PATCH 14/44] libjpeg(-turbo): 1.4.2 -> 1.5.0

---
 pkgs/development/libraries/libjpeg-turbo/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix
index c326e630bd0..7d8de0b40af 100644
--- a/pkgs/development/libraries/libjpeg-turbo/default.nix
+++ b/pkgs/development/libraries/libjpeg-turbo/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, nasm }:
 
 stdenv.mkDerivation rec {
-  name = "libjpeg-turbo-1.4.2";
+  name = "libjpeg-turbo-1.5.0";
 
   src = fetchurl {
     url = "mirror://sourceforge/libjpeg-turbo/${name}.tar.gz";
-    sha256 = "0gi349hp1x7mb98s4mf66sb2xay2kjjxj9ihrriw0yiy0k9va6sj";
+    sha256 = "0pq3lav976d6a1d16yyqrj1b4gmhk1ca4zar6zp00avxlqqpqfcz";
   };
 
   patches =

From cd04b8360551a0d3c9fa163e91fb7de0c2a19e83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 11:43:25 +0200
Subject: [PATCH 15/44] ffmpeg_3: 3.0.2 -> 3.1.1

---
 pkgs/development/libraries/ffmpeg/3.0.nix | 7 -------
 pkgs/development/libraries/ffmpeg/3.1.nix | 7 +++++++
 pkgs/top-level/all-packages.nix           | 4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)
 delete mode 100644 pkgs/development/libraries/ffmpeg/3.0.nix
 create mode 100644 pkgs/development/libraries/ffmpeg/3.1.nix

diff --git a/pkgs/development/libraries/ffmpeg/3.0.nix b/pkgs/development/libraries/ffmpeg/3.0.nix
deleted file mode 100644
index 14c29f36bed..00000000000
--- a/pkgs/development/libraries/ffmpeg/3.0.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ callPackage, ... } @ args:
-
-callPackage ./generic.nix (args // rec {
-  version = "${branch}.2";
-  branch = "3.0";
-  sha256 = "0dpx15001ha9p8h8vfg1lm9pggbc96kmb546hz88wdac5xycgqrh";
-})
diff --git a/pkgs/development/libraries/ffmpeg/3.1.nix b/pkgs/development/libraries/ffmpeg/3.1.nix
new file mode 100644
index 00000000000..25892e18684
--- /dev/null
+++ b/pkgs/development/libraries/ffmpeg/3.1.nix
@@ -0,0 +1,7 @@
+{ callPackage, ... } @ args:
+
+callPackage ./generic.nix (args // rec {
+  version = "${branch}.1";
+  branch = "3.1";
+  sha256 = "1d5knh87cgnla5zawy56gkrpb48qhyiq7i0pm8z9hyx3j05abg55";
+})
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index f42e835303e..5fe1ee58b90 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7059,14 +7059,14 @@ in
   ffmpeg_2_8 = callPackage ../development/libraries/ffmpeg/2.8.nix {
     inherit (darwin.apple_sdk.frameworks) Cocoa;
   };
-  ffmpeg_3_0 = callPackage ../development/libraries/ffmpeg/3.0.nix {
+  ffmpeg_3_1 = callPackage ../development/libraries/ffmpeg/3.1.nix {
     inherit (darwin.apple_sdk.frameworks) Cocoa;
   };
   # Aliases
   ffmpeg_0 = self.ffmpeg_0_10;
   ffmpeg_1 = self.ffmpeg_1_2;
   ffmpeg_2 = self.ffmpeg_2_8;
-  ffmpeg_3 = self.ffmpeg_3_0;
+  ffmpeg_3 = self.ffmpeg_3_1;
   ffmpeg = self.ffmpeg_3;
 
   ffmpeg-full = callPackage ../development/libraries/ffmpeg-full {

From cf5ebca53ea194778f5cc1beff3db621804c0d3a Mon Sep 17 00:00:00 2001
From: Rahul Gopinath <rahul@gopinath.org>
Date: Mon, 4 Jul 2016 01:13:08 -0700
Subject: [PATCH 16/44] texinfo: 6.0 -> 6.1

---
 pkgs/development/tools/misc/texinfo/{6.0.nix => 6.1.nix} | 5 +++--
 pkgs/top-level/all-packages.nix                          | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)
 rename pkgs/development/tools/misc/texinfo/{6.0.nix => 6.1.nix} (92%)

diff --git a/pkgs/development/tools/misc/texinfo/6.0.nix b/pkgs/development/tools/misc/texinfo/6.1.nix
similarity index 92%
rename from pkgs/development/tools/misc/texinfo/6.0.nix
rename to pkgs/development/tools/misc/texinfo/6.1.nix
index 507ca22cd1a..f19ccb35508 100644
--- a/pkgs/development/tools/misc/texinfo/6.0.nix
+++ b/pkgs/development/tools/misc/texinfo/6.1.nix
@@ -3,11 +3,11 @@
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  name = "texinfo-6.0";
+  name = "texinfo-6.1";
 
   src = fetchurl {
     url = "mirror://gnu/texinfo/${name}.tar.xz";
-    sha256 = "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi";
+    sha256 = "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c";
   };
 
   buildInputs = [ perl xz ]
@@ -30,6 +30,7 @@ stdenv.mkDerivation rec {
     description = "The GNU documentation system";
     license = licenses.gpl3Plus;
     platforms = platforms.all;
+    maintainers = [ maintainers.vrthra ];
 
     longDescription = ''
       Texinfo is the official documentation format of the GNU project.
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5fe1ee58b90..3040750d6da 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6625,7 +6625,7 @@ in
   texinfo413 = callPackage ../development/tools/misc/texinfo/4.13a.nix { };
   texinfo4 = texinfo413;
   texinfo5 = callPackage ../development/tools/misc/texinfo/5.2.nix { };
-  texinfo6 = callPackage ../development/tools/misc/texinfo/6.0.nix { };
+  texinfo6 = callPackage ../development/tools/misc/texinfo/6.1.nix { };
   texinfo = texinfo6;
   texinfoInteractive = appendToName "interactive" (
     texinfo.override { interactive = true; }

From 2dca0444fa055d734b7404ab2e08ebed7c1e37ce Mon Sep 17 00:00:00 2001
From: Rahul Gopinath <rahul@gopinath.org>
Date: Mon, 4 Jul 2016 09:43:09 -0700
Subject: [PATCH 17/44] gettext: 0.19.7 -> 0.19.8

---
 pkgs/development/libraries/gettext/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix
index 63eb086b0fb..bf65e694753 100644
--- a/pkgs/development/libraries/gettext/default.nix
+++ b/pkgs/development/libraries/gettext/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "gettext-${version}";
-  version = "0.19.7";
+  version = "0.19.8";
 
   src = fetchurl {
     url = "mirror://gnu/gettext/${name}.tar.gz";
-    sha256 = "0gy2b2aydj8r0sapadnjw8cmb8j2rynj28d5qs1mfa800njd51jk";
+    sha256 = "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x";
   };
   patches = [ ./absolute-paths.diff ];
 
@@ -78,7 +78,7 @@ stdenv.mkDerivation rec {
 
     homepage = http://www.gnu.org/software/gettext/;
 
-    maintainers = with lib.maintainers; [ zimbatm ];
+    maintainers = with lib.maintainers; [ zimbatm vrthra ];
     platforms = lib.platforms.all;
   };
 }

From 70ef8a10eb80243e17b4c2b3f996285aefecd82d Mon Sep 17 00:00:00 2001
From: Rahul Gopinath <rahul@gopinath.org>
Date: Wed, 6 Jul 2016 20:22:15 -0700
Subject: [PATCH 18/44] gmp: 6.1.0 -> 6.1.1

---
 pkgs/development/libraries/gmp/6.x.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/gmp/6.x.nix b/pkgs/development/libraries/gmp/6.x.nix
index d17ac5b8760..32009406a73 100644
--- a/pkgs/development/libraries/gmp/6.x.nix
+++ b/pkgs/development/libraries/gmp/6.x.nix
@@ -3,11 +3,11 @@
 with { inherit (stdenv.lib) optional optionalString; };
 
 let self = stdenv.mkDerivation rec {
-  name = "gmp-6.1.0";
+  name = "gmp-6.1.1";
 
   src = fetchurl { # we need to use bz2, others aren't in bootstrapping stdenv
     urls = [ "mirror://gnu/gmp/${name}.tar.bz2" "ftp://ftp.gmplib.org/pub/${name}/${name}.tar.bz2" ];
-    sha256 = "1s3kddydvngqrpc6i1vbz39raya2jdcl042wi0ksbszgjjllk129";
+    sha256 = "1mpzprdzkgfpdc1v2lf4dxlxps4x8bvmzvd8n1ri6gw9y9jrh458";
   };
 
   #outputs TODO: split $cxx due to libstdc++ dependency; maybe port to gmp5;
@@ -73,7 +73,7 @@ let self = stdenv.mkDerivation rec {
       '';
 
     platforms = platforms.all;
-    maintainers = [ maintainers.peti ];
+    maintainers = [ maintainers.peti maintainers.vrthra ];
   };
 };
   in self

From b7c134358d738db7f8ff862219ad48d53ce4b62a Mon Sep 17 00:00:00 2001
From: Daiderd Jordan <daiderd@gmail.com>
Date: Tue, 5 Jul 2016 20:51:24 +0200
Subject: [PATCH 19/44] coreutils: use symlinks instead of shell wrapper

---
 pkgs/tools/misc/coreutils/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix
index 4ed43a18988..ea9ee271ebf 100644
--- a/pkgs/tools/misc/coreutils/default.nix
+++ b/pkgs/tools/misc/coreutils/default.nix
@@ -3,7 +3,7 @@
 , selinuxSupport? false, libselinux ? null, libsepol ? null
 , autoconf, automake114x, texinfo
 , withPrefix ? false
-, singleBinary ? true # you can also pass "symlinks", for example
+, singleBinary ? "symlinks" # you can also pass "shebangs" or false
 }:
 
 assert aclSupport -> acl != null;

From 9d3228f99d653747715c82f0d78fb39e5575bfc0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 16:45:36 +0200
Subject: [PATCH 20/44] gnumake42: bugfix 4.2 -> 4.2.1

---
 pkgs/development/tools/build-managers/gnumake/4.2/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/build-managers/gnumake/4.2/default.nix b/pkgs/development/tools/build-managers/gnumake/4.2/default.nix
index edb3f841069..323f33d7d6c 100644
--- a/pkgs/development/tools/build-managers/gnumake/4.2/default.nix
+++ b/pkgs/development/tools/build-managers/gnumake/4.2/default.nix
@@ -3,14 +3,14 @@
 assert guileSupport -> ( pkgconfig != null && guile != null );
 
 let
-  version = "4.2";
+  version = "4.2.1";
 in
 stdenv.mkDerivation {
   name = "gnumake-${version}";
 
   src = fetchurl {
     url = "mirror://gnu/make/make-${version}.tar.bz2";
-    sha256 = "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f";
+    sha256 = "12f5zzyq2w56g95nni65hc0g5p7154033y2f3qmjvd016szn5qnn";
   };
 
   patchFlags = "-p0";

From f622ba281a274ce8c39acfdf2a496e09d430f38e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 16:46:15 +0200
Subject: [PATCH 21/44] gnumake default: 4.1.* -> 4.2.*

---
 pkgs/top-level/all-packages.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 4d01845ed4b..7cb2a01ba0b 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6323,7 +6323,7 @@ in
   gnumake40 = callPackage ../development/tools/build-managers/gnumake/4.0 { };
   gnumake41 = callPackage ../development/tools/build-managers/gnumake/4.1 { };
   gnumake42 = callPackage ../development/tools/build-managers/gnumake/4.2 { };
-  gnumake = self.gnumake41;
+  gnumake = self.gnumake42;
 
   gob2 = callPackage ../development/tools/misc/gob2 { };
 

From 1e53d4a7776acbf61f42c094c103652c8068ad64 Mon Sep 17 00:00:00 2001
From: Eric Sagnes <eric.sagnes@gmail.com>
Date: Tue, 5 Jul 2016 23:45:04 +0900
Subject: [PATCH 22/44] fontconfig: fix etc priority

---
 .../config/fonts/fontconfig-ultimate.nix      | 153 +++++-----
 nixos/modules/config/fonts/fontconfig.nix     | 262 +++++++++---------
 .../libraries/fontconfig/default.nix          |   1 -
 .../libraries/fontconfig/make-fonts-conf.xsl  |   2 -
 4 files changed, 216 insertions(+), 202 deletions(-)

diff --git a/nixos/modules/config/fonts/fontconfig-ultimate.nix b/nixos/modules/config/fonts/fontconfig-ultimate.nix
index 02568f9de51..47d7cc5924d 100644
--- a/nixos/modules/config/fonts/fontconfig-ultimate.nix
+++ b/nixos/modules/config/fonts/fontconfig-ultimate.nix
@@ -3,6 +3,84 @@
 with lib;
 
 let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>";
+    cfg = config.fonts.fontconfig.ultimate;
+    fontconfigUltimateConf = pkgs.writeText "ultimate-conf" ''
+      <?xml version="1.0"?>
+      <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+      <fontconfig>
+
+        ${optionalString (!cfg.allowBitmaps) ''
+        <!-- Reject bitmap fonts -->
+        <selectfont>
+          <rejectfont>
+            <pattern>
+              <patelt name="scalable"><bool>false</bool></patelt>
+            </pattern>
+          </rejectfont>
+        </selectfont>
+        ''}
+
+        ${optionalString cfg.allowType1 ''
+        <!-- Reject Type 1 fonts -->
+        <selectfont>
+          <rejectfont>
+            <pattern>
+              <patelt name="fontformat">
+                <string>Type 1</string>
+              </patelt>
+            </pattern>
+          </rejectfont>
+        </selectfont>
+        ''}
+
+        <!-- Use embedded bitmaps in fonts like Calibri? -->
+        <match target="font">
+          <edit name="embeddedbitmap" mode="assign">
+            ${fcBool cfg.useEmbeddedBitmaps}
+          </edit>
+        </match>
+
+        <!-- Force autohint always -->
+        <match target="font">
+          <edit name="force_autohint" mode="assign">
+            ${fcBool cfg.forceAutohint}
+          </edit>
+        </match>
+
+        <!-- Render some monospace TTF fonts as bitmaps -->
+        <match target="pattern">
+          <edit name="bitmap_monospace" mode="assign">
+            ${fcBool cfg.renderMonoTTFAsBitmap}
+          </edit>
+        </match>
+
+      </fontconfig>
+    '';
+    confPkg = 
+      let version = pkgs.fontconfig.configVersion;
+      in pkgs.runCommand "font-ultimate-conf" {} ''
+      mkdir -p $out/etc/fonts/{,${version}/}conf.d/
+
+      cp ${fontconfigUltimateConf} \
+        $out/etc/fonts/conf.d/52-fontconfig-ultimate.conf
+
+      cp ${fontconfigUltimateConf} \
+        $out/etc/fonts/${version}/conf.d/52-fontconfig-ultimate.conf
+
+      ${optionalString (cfg.substitutions != "none") ''
+      cp ${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${cfg.substitutions}/*.conf \
+        $out/etc/fonts/conf.d/
+      cp ${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${cfg.substitutions}/*.conf \
+        $out/etc/fonts/${version}/conf.d/
+      ''}
+
+      ln -s ${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d/*.conf \
+        $out/etc/fonts/conf.d/
+
+      ln -s ${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d/*.conf \
+        $out/etc/fonts/${version}/conf.d/
+    '';
+
 in
 {
 
@@ -115,78 +193,11 @@ in
   };
 
 
-  config =
-    let ultimate = config.fonts.fontconfig.ultimate;
-        fontconfigUltimateConf = ''
-          <?xml version="1.0"?>
-          <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
-          <fontconfig>
+  config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
 
-            ${optionalString (!ultimate.allowBitmaps) ''
-            <!-- Reject bitmap fonts -->
-            <selectfont>
-              <rejectfont>
-                <pattern>
-                  <patelt name="scalable"><bool>false</bool></patelt>
-                </pattern>
-              </rejectfont>
-            </selectfont>
-            ''}
-
-            ${optionalString ultimate.allowType1 ''
-            <!-- Reject Type 1 fonts -->
-            <selectfont>
-              <rejectfont>
-                <pattern>
-                  <patelt name="fontformat">
-                    <string>Type 1</string>
-                  </patelt>
-                </pattern>
-              </rejectfont>
-            </selectfont>
-            ''}
-
-            <!-- Use embedded bitmaps in fonts like Calibri? -->
-            <match target="font">
-              <edit name="embeddedbitmap" mode="assign">
-                ${fcBool ultimate.useEmbeddedBitmaps}
-              </edit>
-            </match>
-
-            <!-- Force autohint always -->
-            <match target="font">
-              <edit name="force_autohint" mode="assign">
-                ${fcBool ultimate.forceAutohint}
-              </edit>
-            </match>
-
-            <!-- Render some monospace TTF fonts as bitmaps -->
-            <match target="pattern">
-              <edit name="bitmap_monospace" mode="assign">
-                ${fcBool ultimate.renderMonoTTFAsBitmap}
-              </edit>
-            </match>
-
-            ${optionalString (ultimate.substitutions != "none") ''
-            <!-- Type 1 font substitutions -->
-            <include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${ultimate.substitutions}</include>
-            ''}
-
-            <include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d</include>
-
-          </fontconfig>
-        '';
-    in mkIf (config.fonts.fontconfig.enable && ultimate.enable) {
-
-      environment.etc."fonts/conf.d/52-fontconfig-ultimate.conf" = {
-        text = fontconfigUltimateConf;
-      };
-
-      environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/52-fontconfig-ultimate.conf" = {
-        text = fontconfigUltimateConf;
-      };
-
-      environment.variables = ultimate.rendering;
+      fonts.fontconfig.confPkgs = [ confPkg ];
+      
+      environment.variables = cfg.rendering;
 
     };
 
diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix
index 1eaebe4b2bb..fcf5add4519 100644
--- a/nixos/modules/config/fonts/fontconfig.nix
+++ b/nixos/modules/config/fonts/fontconfig.nix
@@ -2,6 +2,121 @@
 
 with lib;
 
+let cfg = config.fonts.fontconfig;
+    fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
+    renderConf = pkgs.writeText "render-conf" ''
+      <?xml version='1.0'?>
+      <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
+      <fontconfig>
+
+        <!-- Default rendering settings -->
+        <match target="font">
+          <edit mode="assign" name="hinting">
+            ${fcBool cfg.hinting.enable}
+          </edit>
+          <edit mode="assign" name="autohint">
+            ${fcBool cfg.hinting.autohint}
+          </edit>
+          <edit mode="assign" name="hintstyle">
+            <const>hint${cfg.hinting.style}</const>
+          </edit>
+          <edit mode="assign" name="antialias">
+            ${fcBool cfg.antialias}
+          </edit>
+          <edit mode="assign" name="rgba">
+            <const>${cfg.subpixel.rgba}</const>
+          </edit>
+          <edit mode="assign" name="lcdfilter">
+            <const>lcd${cfg.subpixel.lcdfilter}</const>
+          </edit>
+        </match>
+
+        ${optionalString (cfg.dpi != 0) ''
+        <match target="pattern">
+          <edit name="dpi" mode="assign">
+            <double>${toString cfg.dpi}</double>
+          </edit>
+        </match>
+        ''}
+
+      </fontconfig>
+    '';
+    genericAliasConf = 
+      let genDefault = fonts: name:
+        optionalString (fonts != []) ''
+          <alias>
+            <family>${name}</family>
+            <prefer>
+            ${concatStringsSep ""
+            (map (font: ''
+              <family>${font}</family>
+            '') fonts)}
+            </prefer>
+          </alias>
+        '';
+      in
+      pkgs.writeText "generic-alias-conf" ''
+      <?xml version='1.0'?>
+      <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
+      <fontconfig>
+
+        <!-- Default fonts -->
+        ${genDefault cfg.defaultFonts.sansSerif "sans-serif"}
+
+        ${genDefault cfg.defaultFonts.serif     "serif"}
+
+        ${genDefault cfg.defaultFonts.monospace "monospace"}
+
+      </fontconfig>
+    '';
+    cacheConf = let
+      cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
+    in
+    pkgs.writeText "cache-conf" ''
+      <?xml version='1.0'?>
+      <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
+      <fontconfig>
+        <!-- Font directories -->
+        ${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
+        <!-- Pre-generated font caches -->
+        <cachedir>${cache pkgs.fontconfig}</cachedir>
+        ${optionalString (pkgs.stdenv.isx86_64 && cfg.cache32Bit) ''
+          <cachedir>${cache pkgs.pkgsi686Linux.fontconfig}</cachedir>
+        ''}
+      </fontconfig>
+    '';
+    userConf = pkgs.writeText "user-conf" ''
+      <?xml version="1.0"?>
+      <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+      <fontconfig>
+        <include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
+        <include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
+      </fontconfig>
+    '';
+    fontsConf = pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
+    confPkg = 
+      let version = pkgs.fontconfig.configVersion;
+      in pkgs.runCommand "fontconfig-conf" {} ''
+      mkdir -p $out/etc/fonts/{,${version}/}conf.d
+
+      ln -s ${fontsConf}        $out/etc/fonts/fonts.conf
+
+      ln -s ${pkgs.fontconfig.out}/etc/fonts/fonts.conf $out/etc/fonts/${version}/fonts.conf
+      ln -s ${pkgs.fontconfig.out}/etc/fonts/conf.d/*   $out/etc/fonts/${version}/conf.d/
+
+      ln -s ${renderConf}       $out/etc/fonts/conf.d/10-nixos-rendering.conf
+      ln -s ${genericAliasConf} $out/etc/fonts/conf.d/60-nixos-generic-alias.conf
+
+      ln -s ${cacheConf}        $out/etc/fonts/${version}/conf.d/00-nixos.conf
+
+      ln -s ${renderConf}       $out/etc/fonts/${version}/conf.d/10-nixos-rendering.conf
+      ln -s ${genericAliasConf} $out/etc/fonts/${version}/conf.d/30-nixos-generic-alias.conf
+
+      ${optionalString cfg.includeUserConf
+      "ln -s ${userConf}        $out/etc/fonts/${version}/conf.d/99-user.conf"}
+      
+    '';
+in
 {
 
   options = {
@@ -21,6 +136,15 @@ with lib;
           '';
         };
 
+        confPkgs = mkOption {
+          internal = true;
+          type     = with types; listOf path;
+          default  = [ ];
+          description = ''
+            Fontconfig configuration packages.
+          '';
+        };
+
         antialias = mkOption {
           type = types.bool;
           default = true;
@@ -143,135 +267,17 @@ with lib;
 
   };
 
-  config =
-    let fontconfig = config.fonts.fontconfig;
-        fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
-        renderConf = ''
-          <?xml version='1.0'?>
-          <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
-          <fontconfig>
+  config = mkIf cfg.enable {
+    fonts.fontconfig.confPkgs = [ confPkg ];
 
-            <!-- Default rendering settings -->
-            <match target="font">
-              <edit mode="assign" name="hinting">
-                ${fcBool fontconfig.hinting.enable}
-              </edit>
-              <edit mode="assign" name="autohint">
-                ${fcBool fontconfig.hinting.autohint}
-              </edit>
-              <edit mode="assign" name="hintstyle">
-                <const>hint${fontconfig.hinting.style}</const>
-              </edit>
-              <edit mode="assign" name="antialias">
-                ${fcBool fontconfig.antialias}
-              </edit>
-              <edit mode="assign" name="rgba">
-                <const>${fontconfig.subpixel.rgba}</const>
-              </edit>
-              <edit mode="assign" name="lcdfilter">
-                <const>lcd${fontconfig.subpixel.lcdfilter}</const>
-              </edit>
-            </match>
+    environment.etc.fonts.source = 
+      let fontConf = pkgs.symlinkJoin {
+            name  = "fontconfig-etc";
+            paths = cfg.confPkgs;
+          };
+      in "${fontConf}/etc/fonts/";
 
-            ${optionalString (fontconfig.dpi != 0) ''
-            <match target="pattern">
-              <edit name="dpi" mode="assign">
-                <double>${toString fontconfig.dpi}</double>
-              </edit>
-            </match>
-            ''}
-
-          </fontconfig>
-        '';
-        genericAliasConf = ''
-          <?xml version='1.0'?>
-          <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
-          <fontconfig>
-
-            <!-- Default fonts -->
-            ${optionalString (fontconfig.defaultFonts.sansSerif != []) ''
-            <alias>
-              <family>sans-serif</family>
-              <prefer>
-                ${concatStringsSep "\n"
-                  (map (font: "<family>${font}</family>")
-                    fontconfig.defaultFonts.sansSerif)}
-              </prefer>
-            </alias>
-            ''}
-            ${optionalString (fontconfig.defaultFonts.serif != []) ''
-            <alias>
-              <family>serif</family>
-              <prefer>
-                ${concatStringsSep "\n"
-                  (map (font: "<family>${font}</family>")
-                    fontconfig.defaultFonts.serif)}
-              </prefer>
-            </alias>
-            ''}
-            ${optionalString (fontconfig.defaultFonts.monospace != []) ''
-            <alias>
-              <family>monospace</family>
-              <prefer>
-                ${concatStringsSep "\n"
-                  (map (font: "<family>${font}</family>")
-                    fontconfig.defaultFonts.monospace)}
-              </prefer>
-            </alias>
-            ''}
-
-          </fontconfig>
-        '';
-    in mkIf fontconfig.enable {
-
-      # Fontconfig 2.10 backward compatibility
-
-      # Bring in the default (upstream) fontconfig configuration, only for fontconfig 2.10
-      environment.etc."fonts/fonts.conf".source =
-        pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
-
-      environment.etc."fonts/conf.d/10-nixos-rendering.conf".text = renderConf;
-      environment.etc."fonts/conf.d/60-nixos-generic-alias.conf".text = genericAliasConf;
-
-      # Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig.
-      # Otherwise specify only font directories.
-      environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source =
-        "${pkgs.fontconfig.out}/etc/fonts/fonts.conf";
-
-      environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
-        let
-          cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
-        in ''
-          <?xml version='1.0'?>
-          <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
-          <fontconfig>
-            <!-- Font directories -->
-            ${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
-            <!-- Pre-generated font caches -->
-            <cachedir>${cache pkgs.fontconfig}</cachedir>
-            ${optionalString (pkgs.stdenv.isx86_64 && config.fonts.fontconfig.cache32Bit) ''
-              <cachedir>${cache pkgs.pkgsi686Linux.fontconfig}</cachedir>
-            ''}
-          </fontconfig>
-        '';
-
-      environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/10-nixos-rendering.conf".text = renderConf;
-      environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/60-nixos-generic-alias.conf".text = genericAliasConf;
-
-      environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/99-user.conf" = {
-        enable = fontconfig.includeUserConf;
-        text = ''
-          <?xml version="1.0"?>
-          <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
-          <fontconfig>
-            <include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
-            <include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
-          </fontconfig>
-        '';
-      };
-
-      environment.systemPackages = [ pkgs.fontconfig ];
-
-    };
+    environment.systemPackages = [ pkgs.fontconfig ];
+  };
 
 }
diff --git a/pkgs/development/libraries/fontconfig/default.nix b/pkgs/development/libraries/fontconfig/default.nix
index 6acf1ebce29..f18ea5948f1 100644
--- a/pkgs/development/libraries/fontconfig/default.nix
+++ b/pkgs/development/libraries/fontconfig/default.nix
@@ -68,7 +68,6 @@ stdenv.mkDerivation rec {
     cd "$out/etc/fonts"
     rm conf.d/{50-user,51-local}.conf
     "${libxslt.bin}/bin/xsltproc" --stringparam fontDirectories "${fontbhttf}" \
-      --stringparam fontconfig "$out" \
       --stringparam fontconfigConfigVersion "${configVersion}" \
       --path $out/share/xml/fontconfig \
       ${./make-fonts-conf.xsl} $out/etc/fonts/fonts.conf \
diff --git a/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl b/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl
index b59fcd0187b..dddbbe9e516 100644
--- a/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl
+++ b/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl
@@ -28,8 +28,6 @@
       <!-- /var/cache/fontconfig is useful for non-nixos systems -->
       <cachedir>/var/cache/fontconfig</cachedir>
 
-      <!-- fontconfig distribution conf.d -->
-      <include><xsl:value-of select="$fontconfig" />/etc/fonts/conf.d</include>
       <!-- versioned system-wide config -->
       <include ignore_missing="yes">/etc/fonts/<xsl:value-of select="$fontconfigConfigVersion" />/conf.d</include>
 

From 1eb4e1ab73f0dd6394ddaf85e5f001356e031f3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 15:40:39 +0200
Subject: [PATCH 23/44] orc: bug-fix 0.4.24 -> 0.4.25

---
 pkgs/development/compilers/orc/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/compilers/orc/default.nix b/pkgs/development/compilers/orc/default.nix
index 1488736a480..057b51ce80c 100644
--- a/pkgs/development/compilers/orc/default.nix
+++ b/pkgs/development/compilers/orc/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "orc-0.4.24";
+  name = "orc-0.4.25";
 
   src = fetchurl {
     url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.xz";
-    sha256 = "16ykgdrgxr6pfpy931p979cs68klvwmk3ii1k0a00wr4nn9x931k";
+    sha256 = "1lak3hyvvb0w9avzmf0a8vayb7vqhj4m709q1czlhvgjb15dbcf1";
   };
 
   outputs = [ "dev" "out" ];

From b993903ce8f1958bae3617666ddeb4d683434ece Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 15:42:08 +0200
Subject: [PATCH 24/44] libpng: 1.6.21 -> 1.6.23

---
 pkgs/development/libraries/libpng/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix
index 71b7b2e18ef..c1614a277e9 100644
--- a/pkgs/development/libraries/libpng/default.nix
+++ b/pkgs/development/libraries/libpng/default.nix
@@ -3,11 +3,11 @@
 assert zlib != null;
 
 let
-  version = "1.6.21";
-  sha256 = "10r0xqasm8fi0dx95bpca63ab4myb8g600ypyndj2r4jxd4ii3vc";
+  version = "1.6.23";
+  sha256 = "1wb2j8sba6g2h4vmv4pwsp93q74qw4gyqqs4b7vfjmpcv9xix4kd";
   patch_src = fetchurl {
     url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz";
-    sha256 = "0wwcc52yzjaxvpfkicz20j7yzpy02hpnsm4jjlvw74gy4qjhx9vd";
+    sha256 = "1lvsn1kmarzpn269zgykjfmxq16zrdhpd1a75nzgclx97436x408";
   };
   whenPatched = stdenv.lib.optionalString apngSupport;
 

From ae154ae8ef45a23239c9bd1bdf5c787013d35d01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 15:42:42 +0200
Subject: [PATCH 25/44] libpng: improve multi-output handling

---
 pkgs/development/libraries/libpng/default.nix | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix
index c1614a277e9..9c4a1b13e01 100644
--- a/pkgs/development/libraries/libpng/default.nix
+++ b/pkgs/development/libraries/libpng/default.nix
@@ -21,17 +21,14 @@ in stdenv.mkDerivation rec {
   postPatch = whenPatched "gunzip < ${patch_src} | patch -Np1";
 
   outputs = [ "dev" "out" "man" ];
+  outputBin = "dev";
 
   propagatedBuildInputs = [ zlib ];
 
-  preConfigure = "export bin=$dev";
-
   # it's hard to cross-run tests and some check programs didn't compile anyway
   makeFlags = stdenv.lib.optional (!doCheck) "check_PROGRAMS=";
   doCheck = ! stdenv ? cross;
 
-  postInstall = ''mv "$out/bin" "$dev/bin"'';
-
   passthru = { inherit zlib; };
 
   meta = with stdenv.lib; {

From d2dab39bfa34ce23910b502ea0e2c77d02898a5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 16:26:42 +0200
Subject: [PATCH 26/44] ncurses: 5.9 -> 6.0

Upstream claims it's API-compatible with 5.*
It no longer installed *.pc until I passed pkgconfig executable;
without those things were breaking, even our library symlinking.
---
 .../development/libraries/ncurses/default.nix | 12 ++---
 .../development/libraries/ncurses/gcc-5.patch | 46 -------------------
 2 files changed, 6 insertions(+), 52 deletions(-)
 delete mode 100644 pkgs/development/libraries/ncurses/gcc-5.patch

diff --git a/pkgs/development/libraries/ncurses/default.nix b/pkgs/development/libraries/ncurses/default.nix
index edd26360596..83864751409 100644
--- a/pkgs/development/libraries/ncurses/default.nix
+++ b/pkgs/development/libraries/ncurses/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl
+{ lib, stdenv, fetchurl, pkgconfig
 
 , mouseSupport ? false
 , unicode ? true
@@ -6,19 +6,18 @@
 , gpm
 
 # Extra Options
-, abiVersion ? "5"
+, abiVersion ? "6"
 }:
 
 stdenv.mkDerivation rec {
-  name = "ncurses-5.9";
+  name = "ncurses-6.0";
 
   src = fetchurl {
     url = "mirror://gnu/ncurses/${name}.tar.gz";
-    sha256 = "0fsn7xis81za62afan0vvm38bvgzg5wfmv1m86flqcj0nj7jjilh";
+    sha256 = "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm";
   };
 
-  # gcc-5.patch should be removed after 5.9
-  patches = [ ./clang.patch ./gcc-5.patch ];
+  patches = [ ./clang.patch ];
 
   outputs = [ "dev" "out" "man" ];
   setOutputFlags = false; # some aren't supported
@@ -33,6 +32,7 @@ stdenv.mkDerivation rec {
   # Only the C compiler, and explicitly not C++ compiler needs this flag on solaris:
   CFLAGS = lib.optionalString stdenv.isSunOS "-D_XOPEN_SOURCE_EXTENDED";
 
+  nativeBuildInputs = [ pkgconfig ];
   buildInputs = lib.optional (mouseSupport && stdenv.isLinux) gpm;
 
   preConfigure = ''
diff --git a/pkgs/development/libraries/ncurses/gcc-5.patch b/pkgs/development/libraries/ncurses/gcc-5.patch
deleted file mode 100644
index 2448229b88e..00000000000
--- a/pkgs/development/libraries/ncurses/gcc-5.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://bugs.gentoo.org/545114
-
-extracted from the upstream change (which had many unrelated commits in one)
-
-From 97bb4678dc03e753290b39bbff30ba2825df9517 Mon Sep 17 00:00:00 2001
-From: "Thomas E. Dickey" <dickey@invisible-island.net>
-Date: Sun, 7 Dec 2014 03:10:09 +0000
-Subject: [PATCH] ncurses 5.9 - patch 20141206
-
-+ modify MKlib_gen.sh to work around change in development version of
-  gcc introduced here:
-	  https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02185.html
-	  https://gcc.gnu.org/ml/gcc-patches/2014-07/msg00236.html
-  (reports by Marcus Shawcroft, Maohui Lei).
-
-diff --git a/ncurses/base/MKlib_gen.sh b/ncurses/base/MKlib_gen.sh
-index d8cc3c9..b91398c 100755
---- a/ncurses/base/MKlib_gen.sh
-+++ b/ncurses/base/MKlib_gen.sh
-@@ -474,11 +474,22 @@ sed -n -f $ED1 \
- 	-e 's/gen_$//' \
- 	-e 's/  / /g' >>$TMP
- 
-+cat >$ED1 <<EOF
-+s/  / /g
-+s/^ //
-+s/ $//
-+s/P_NCURSES_BOOL/NCURSES_BOOL/g
-+EOF
-+
-+# A patch discussed here:
-+#	https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02185.html
-+# introduces spurious #line markers.  Work around that by ignoring the system's
-+# attempt to define "bool" and using our own symbol here.
-+sed -e 's/bool/P_NCURSES_BOOL/g' $TMP > $ED2
-+cat $ED2 >$TMP
-+
- $preprocessor $TMP 2>/dev/null \
--| sed \
--	-e 's/  / /g' \
--	-e 's/^ //' \
--	-e 's/_Bool/NCURSES_BOOL/g' \
-+| sed -f $ED1 \
- | $AWK -f $AW2 \
- | sed -f $ED3 \
- | sed \

From b7c59b7e16befc7851b40ae5cc6b4427567b0ef4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 16:28:16 +0200
Subject: [PATCH 27/44] at-spi2-core: bugfix 2.20.1 -> 2.20.2

---
 pkgs/development/libraries/at-spi2-core/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix
index e3c558057c8..20e18747e67 100644
--- a/pkgs/development/libraries/at-spi2-core/default.nix
+++ b/pkgs/development/libraries/at-spi2-core/default.nix
@@ -3,13 +3,13 @@
 
 stdenv.mkDerivation rec {
   versionMajor = "2.20";
-  versionMinor = "1";
+  versionMinor = "2";
   moduleName   = "at-spi2-core";
   name = "${moduleName}-${versionMajor}.${versionMinor}";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${moduleName}/${versionMajor}/${name}.tar.xz";
-    sha256 = "6ed858e781f5aa9a9662b3beb5ef82f733dac040afc8255d85dffd2097f16900";
+    sha256 = "88a4de9d43139f13cca531b47b901bc1b56e0ab06ba899126644abd4ac16a143";
   };
 
   outputs = [ "dev" "out" ];

From b1a07467d2fdf785e1ef10cd43e2f6c7d07c247a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 17:17:38 +0200
Subject: [PATCH 28/44] gd: security 2.2.1 -> 2.2.2

CVE-2015-8874, CVE-2016-5767
---
 pkgs/development/libraries/gd/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix
index 7f7e000d16e..f4386a22ffa 100644
--- a/pkgs/development/libraries/gd/default.nix
+++ b/pkgs/development/libraries/gd/default.nix
@@ -12,11 +12,11 @@
 
 stdenv.mkDerivation rec {
   name = "gd-${version}";
-  version = "2.2.1";
+  version = "2.2.2";
 
   src = fetchurl {
     url = "https://github.com/libgd/libgd/releases/download/${name}/libgd-${version}.tar.xz";
-    sha256 = "0xmrqka1ggqgml84xbmkw1y0r0lg7qn657v5b1my8pry92p651vh";
+    sha256 = "1311g5mva2xlzqv3rjqjc4jjkn5lzls4skvr395h633zw1n7b7s8";
   };
 
   nativeBuildInputs = [ pkgconfig ];

From 6f07fdf469ecef24b0ce0cdbb75b2c454da8018b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 18:44:44 +0200
Subject: [PATCH 29/44] v4l-utils: 1.6.3 -> 1.10.1

This fixes build after libjpeg(-turbo) update.
/cc maintainers: @codypoel, @viric.
---
 pkgs/os-specific/linux/v4l-utils/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/v4l-utils/default.nix b/pkgs/os-specific/linux/v4l-utils/default.nix
index 476f3ffcac6..dbb3e60c335 100644
--- a/pkgs/os-specific/linux/v4l-utils/default.nix
+++ b/pkgs/os-specific/linux/v4l-utils/default.nix
@@ -16,11 +16,11 @@ let
 in
 
 stdenv.mkDerivation rec {
-  name = "v4l-utils-1.6.3";
+  name = "v4l-utils-1.10.1";
 
   src = fetchurl {
     url = "http://linuxtv.org/downloads/v4l-utils/${name}.tar.bz2";
-    sha256 = "0k46z5gqjzg702m2vs4sv6sxynq1sj14m0pgwvl2gkgg3dfbyjhn";
+    sha256 = "1h1nhg5cmmzlbipak526nk4bm6d0yb217mll75f3rpg7kz1cqiv1";
   };
 
   outputs = [ "dev" "out" ];

From 310bdf6ecfd432b6bd1c6b24367661ff76e2f960 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 19:18:05 +0200
Subject: [PATCH 30/44] libgphoto2: fix build with updated libjpeg(-turbo)

... via a patch from Debian.
---
 pkgs/development/libraries/libgphoto2/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/development/libraries/libgphoto2/default.nix b/pkgs/development/libraries/libgphoto2/default.nix
index 55129a94476..af8c1a8f1a2 100644
--- a/pkgs/development/libraries/libgphoto2/default.nix
+++ b/pkgs/development/libraries/libgphoto2/default.nix
@@ -8,6 +8,12 @@ stdenv.mkDerivation rec {
     sha256 = "1wjf79ipqwb5phfjjwf15rwgigakylnfqaj4crs5qnds6ba6i1ld";
   };
 
+  patches = [(fetchurl {
+    url = "https://anonscm.debian.org/cgit/pkg-phototools/libgphoto2.git/plain"
+      + "/debian/patches/libjpeg_turbo_1.5.0_fix.patch?id=8ce79a2a02d";
+    sha256 = "114iyhk6idxz2jhnzpf1glqm6d0x0y8cqfpqxz9i96q9j7x3wwin";
+  })];
+
   nativeBuildInputs = [ pkgconfig gettext ];
   buildInputs = [ libtool libjpeg libusb1 ];
 

From 9f629280c631be9a861b71e1a924907756d4ec0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 9 Jul 2016 19:19:41 +0200
Subject: [PATCH 31/44] gst-*: maintenance 1.8.1 -> 1.8.2

For now I left *-vaapi out, as the jump would be larger,
simple update isn't enough, and it's unreferenced in nixpkgs.
---
 pkgs/development/libraries/gstreamer/bad/default.nix      | 4 ++--
 pkgs/development/libraries/gstreamer/base/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/core/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/ges/default.nix      | 4 ++--
 pkgs/development/libraries/gstreamer/good/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/libav/default.nix    | 4 ++--
 pkgs/development/libraries/gstreamer/ugly/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/validate/default.nix | 4 ++--
 8 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/pkgs/development/libraries/gstreamer/bad/default.nix b/pkgs/development/libraries/gstreamer/bad/default.nix
index d907450babb..ffe21d43792 100644
--- a/pkgs/development/libraries/gstreamer/bad/default.nix
+++ b/pkgs/development/libraries/gstreamer/bad/default.nix
@@ -14,7 +14,7 @@ let
   inherit (stdenv.lib) optional optionalString;
 in
 stdenv.mkDerivation rec {
-  name = "gst-plugins-bad-1.8.1";
+  name = "gst-plugins-bad-1.8.2";
 
   meta = with stdenv.lib; {
     description = "Gstreamer Bad Plugins";
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-bad/${name}.tar.xz";
-    sha256 = "1xa0r98vf0sxw6s90yysvfpzs9yl07xxdci0lv2c0kvkcgrmig8b";
+    sha256 = "d7995317530c8773ec088f94d9320909d41da61996b801ebacce9a56af493f97";
   };
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/gstreamer/base/default.nix b/pkgs/development/libraries/gstreamer/base/default.nix
index ddb7f9957dc..76f2662ec43 100644
--- a/pkgs/development/libraries/gstreamer/base/default.nix
+++ b/pkgs/development/libraries/gstreamer/base/default.nix
@@ -4,7 +4,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gst-plugins-base-1.8.1";
+  name = "gst-plugins-base-1.8.2";
 
   meta = {
     description = "Base plugins and helper libraries";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-base/${name}.tar.xz";
-    sha256 = "0vxd5w7r1jqp37cw5lhyc6vj2h6z8y9v3xarwd2c6rfjbjcdxa8m";
+    sha256 = "9d7109c8fb0a5dec8edb17b0053c59a46aba7ddf48dc48ea822ebbbd4339d38d";
   };
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/gstreamer/core/default.nix b/pkgs/development/libraries/gstreamer/core/default.nix
index 95d89b411c5..43aec752054 100644
--- a/pkgs/development/libraries/gstreamer/core/default.nix
+++ b/pkgs/development/libraries/gstreamer/core/default.nix
@@ -3,7 +3,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gstreamer-1.8.1";
+  name = "gstreamer-1.8.2";
 
   meta = {
     description = "Open source multimedia framework";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gstreamer/${name}.tar.xz";
-    sha256 = "01ribrzc4x9xlv6ci66w2svpqxywjc129m6f2xy9gp82jgxj4dss";
+    sha256 = "9dbebe079c2ab2004ef7f2649fa317cabea1feb4fb5605c24d40744b90918341";
   };
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/gstreamer/ges/default.nix b/pkgs/development/libraries/gstreamer/ges/default.nix
index fd1dd6724c3..836bcb6ce66 100644
--- a/pkgs/development/libraries/gstreamer/ges/default.nix
+++ b/pkgs/development/libraries/gstreamer/ges/default.nix
@@ -3,7 +3,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gstreamer-editing-services-1.8.1";
+  name = "gstreamer-editing-services-1.8.2";
 
   meta = with stdenv.lib; {
     description = "Library for creation of audio/video non-linear editors";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gstreamer-editing-services/${name}.tar.xz";
-    sha256 = "082h6r2kymgb78x6av5mxaszxlqnvr6afq935ackh914vb1anyw9";
+    sha256 = "a1d57ff9461407cca1f6e7a9f31a5bdb73f73f33c488a3e3318b27e10a4332ae";
   };
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/gstreamer/good/default.nix b/pkgs/development/libraries/gstreamer/good/default.nix
index c1846cad23c..1bd80cfa1c7 100644
--- a/pkgs/development/libraries/gstreamer/good/default.nix
+++ b/pkgs/development/libraries/gstreamer/good/default.nix
@@ -10,7 +10,7 @@ let
   inherit (stdenv.lib) optionals optionalString;
 in
 stdenv.mkDerivation rec {
-  name = "gst-plugins-good-1.8.1";
+  name = "gst-plugins-good-1.8.2";
 
   meta = with stdenv.lib; {
     description = "Gstreamer Good Plugins";
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-good/${name}.tar.xz";
-    sha256 = "0wh9mpz3zj7vbdi3xn9gjncqal86kgxn9pdg5vl98y6n45wy20r1";
+    sha256 = "8d7549118a3b7a009ece6bb38a05b66709c551d32d2adfd89eded4d1d7a23944";
   };
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/gstreamer/libav/default.nix b/pkgs/development/libraries/gstreamer/libav/default.nix
index 82d64ae691f..312a8a1d394 100644
--- a/pkgs/development/libraries/gstreamer/libav/default.nix
+++ b/pkgs/development/libraries/gstreamer/libav/default.nix
@@ -9,7 +9,7 @@
 assert withSystemLibav -> libav != null;
 
 stdenv.mkDerivation rec {
-  name = "gst-libav-1.8.1";
+  name = "gst-libav-1.8.2";
 
   meta = {
     homepage = "http://gstreamer.freedesktop.org";
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-libav/${name}.tar.xz";
-    sha256 = "0cw9nc0079vmdp5r8hrrmglb1bzvsxy298j6yg25l6skqc493924";
+    sha256 = "b5f3c7a27b39b5f5c2f0bfd546b0c655020faf6b38d27b64b346c43e5ebf687a";
   };
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/gstreamer/ugly/default.nix b/pkgs/development/libraries/gstreamer/ugly/default.nix
index bfb6b831962..65490c7db24 100644
--- a/pkgs/development/libraries/gstreamer/ugly/default.nix
+++ b/pkgs/development/libraries/gstreamer/ugly/default.nix
@@ -5,7 +5,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gst-plugins-ugly-1.8.1";
+  name = "gst-plugins-ugly-1.8.2";
 
   meta = with stdenv.lib; {
     description = "Gstreamer Ugly Plugins";
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz";
-    sha256 = "1kj6jijhwdknv362mcnhjm7zbcbhs0i2m3pvsdz7w3g67fd6lrcf";
+    sha256 = "9c5b33a2a98fc1d6d6c99a1b536b1fb2de45f53cc8bf8ab85a8b8141fed1a8ac";
   };
 
   outputs = [ "dev" "out" ];
diff --git a/pkgs/development/libraries/gstreamer/validate/default.nix b/pkgs/development/libraries/gstreamer/validate/default.nix
index 47a401b9011..a837a94eac7 100644
--- a/pkgs/development/libraries/gstreamer/validate/default.nix
+++ b/pkgs/development/libraries/gstreamer/validate/default.nix
@@ -3,7 +3,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gst-validate-1.8.1";
+  name = "gst-validate-1.8.2";
 
   meta = {
     description = "Integration testing infrastructure for the GStreamer framework";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-validate/${name}.tar.xz";
-    sha256 = "1gycl6bbrf9ryis6wdinv4zi7552lz9izw4ram8xr8nc2k00icm9";
+    sha256 = "33c5b585c5ca1659fe6c09fdf02e45d8132c0d386b405bf527b14ab481a0bafe";
   };
 
   outputs = [ "dev" "out" ];

From 844748a9c9ce7a12c9bf71aebd74f9e85919f4ca Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Sun, 10 Jul 2016 00:26:41 +0200
Subject: [PATCH 32/44] libarchive: 3.1.2 -> 3.2.1 (security)

Fixes at least:

  * CVE-2016-4300
  * CVE-2016-4302
  * CVE-2016-4809
  * CVE-2016-5844
---
 .../libraries/libarchive/CVE-2013-0211.patch  |  30 ----
 .../libraries/libarchive/CVE-2015-1197.patch  | 143 ------------------
 .../libraries/libarchive/default.nix          |  16 +-
 3 files changed, 4 insertions(+), 185 deletions(-)
 delete mode 100644 pkgs/development/libraries/libarchive/CVE-2013-0211.patch
 delete mode 100644 pkgs/development/libraries/libarchive/CVE-2015-1197.patch

diff --git a/pkgs/development/libraries/libarchive/CVE-2013-0211.patch b/pkgs/development/libraries/libarchive/CVE-2013-0211.patch
deleted file mode 100644
index 5b1a9831063..00000000000
--- a/pkgs/development/libraries/libarchive/CVE-2013-0211.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Fri, 22 Mar 2013 23:48:41 -0700
-Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a
- certain common programming error (passing -1 to write) from leading to other
- problems deeper in the library.
-
----
- libarchive/archive_write.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
-index eede5e0..be85621 100644
---- a/libarchive/archive_write.c
-+++ b/libarchive/archive_write.c
-@@ -673,8 +673,13 @@ static ssize_t
- _archive_write_data(struct archive *_a, const void *buff, size_t s)
- {
- 	struct archive_write *a = (struct archive_write *)_a;
-+	const size_t max_write = INT_MAX;
-+
- 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
- 	    ARCHIVE_STATE_DATA, "archive_write_data");
-+	/* In particular, this catches attempts to pass negative values. */
-+	if (s > max_write)
-+		s = max_write;
- 	archive_clear_error(&a->archive);
- 	return ((a->format_write_data)(a, buff, s));
- }
-
diff --git a/pkgs/development/libraries/libarchive/CVE-2015-1197.patch b/pkgs/development/libraries/libarchive/CVE-2015-1197.patch
deleted file mode 100644
index cb7be5f18cd..00000000000
--- a/pkgs/development/libraries/libarchive/CVE-2015-1197.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-From 59357157706d47c365b2227739e17daba3607526 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Sun, 1 Mar 2015 12:07:45 +0100
-Subject: [PATCH] Add ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS option
-
-This fixes a directory traversal in the cpio tool.
----
- cpio/bsdcpio.1                           |  3 ++-
- cpio/cpio.c                              |  2 ++
- libarchive/archive.h                     |  2 ++
- libarchive/archive_write_disk.3          |  3 +++
- libarchive/archive_write_disk_posix.c    | 14 +++++++++++---
- libarchive/test/test_write_disk_secure.c | 23 +++++++++++++++++++++++
- 6 files changed, 43 insertions(+), 4 deletions(-)
-
-diff --git a/cpio/bsdcpio.1 b/cpio/bsdcpio.1
-index f966aa0..e52546e 100644
---- a/cpio/bsdcpio.1
-+++ b/cpio/bsdcpio.1
-@@ -156,7 +156,8 @@ See above for description.
- .It Fl Fl insecure
- (i and p mode only)
- Disable security checks during extraction or copying.
--This allows extraction via symbolic links and path names containing
-+This allows extraction via symbolic links, absolute paths,
-+and path names containing
- .Sq ..
- in the name.
- .It Fl J , Fl Fl xz
-diff --git a/cpio/cpio.c b/cpio/cpio.c
-index 0acde11..b267e9b 100644
---- a/cpio/cpio.c
-+++ b/cpio/cpio.c
-@@ -171,6 +171,7 @@ main(int argc, char *argv[])
- 	cpio->extract_flags |= ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER;
- 	cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS;
- 	cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
-+	cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
- 	cpio->extract_flags |= ARCHIVE_EXTRACT_PERM;
- 	cpio->extract_flags |= ARCHIVE_EXTRACT_FFLAGS;
- 	cpio->extract_flags |= ARCHIVE_EXTRACT_ACL;
-@@ -256,6 +257,7 @@ main(int argc, char *argv[])
- 		case OPTION_INSECURE:
- 			cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_SYMLINKS;
- 			cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT;
-+			cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
- 			break;
- 		case 'L': /* GNU cpio */
- 			cpio->option_follow_links = 1;
-diff --git a/libarchive/archive.h b/libarchive/archive.h
-index 1f0fc38..ef635ac 100644
---- a/libarchive/archive.h
-+++ b/libarchive/archive.h
-@@ -649,6 +649,8 @@ __LA_DECL int archive_read_set_passphrase_callback(struct archive *,
- /* Default: Do not use HFS+ compression if it was not compressed. */
- /* This has no effect except on Mac OS v10.6 or later. */
- #define	ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED	(0x8000)
-+/* Default: Do not reject entries with absolute paths */
-+#define ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (0x10000)
- 
- __LA_DECL int archive_read_extract(struct archive *, struct archive_entry *,
- 		     int flags);
-diff --git a/libarchive/archive_write_disk.3 b/libarchive/archive_write_disk.3
-index fa925cc..a2e7afa 100644
---- a/libarchive/archive_write_disk.3
-+++ b/libarchive/archive_write_disk.3
-@@ -177,6 +177,9 @@ The default is to not refuse such paths.
- Note that paths ending in
- .Pa ..
- always cause an error, regardless of this flag.
-+.It Cm ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
-+Refuse to extract an absolute path.
-+The default is to not refuse such paths.
- .It Cm ARCHIVE_EXTRACT_SPARSE
- Scan data for blocks of NUL bytes and try to recreate them with holes.
- This results in sparse files, independent of whether the archive format
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index ab3bdac..c1290eb 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -2509,8 +2509,9 @@ cleanup_pathname_win(struct archive_write_disk *a)
- /*
-  * Canonicalize the pathname.  In particular, this strips duplicate
-  * '/' characters, '.' elements, and trailing '/'.  It also raises an
-- * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
-- * set) any '..' in the path.
-+ * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
-+ * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
-+ * is set) if the path is absolute.
-  */
- static int
- cleanup_pathname(struct archive_write_disk *a)
-@@ -2529,8 +2530,15 @@ cleanup_pathname(struct archive_write_disk *a)
- 	cleanup_pathname_win(a);
- #endif
- 	/* Skip leading '/'. */
--	if (*src == '/')
-+	if (*src == '/') {
-+		if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-+			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-+			                  "Path is absolute");
-+			return (ARCHIVE_FAILED);
-+		}
-+
- 		separator = *src++;
-+	}
- 
- 	/* Scan the pathname one element at a time. */
- 	for (;;) {
-diff --git a/libarchive/test/test_write_disk_secure.c b/libarchive/test/test_write_disk_secure.c
-index 31c5bfd..2c94206 100644
---- a/libarchive/test/test_write_disk_secure.c
-+++ b/libarchive/test/test_write_disk_secure.c
-@@ -178,6 +178,29 @@ DEFINE_TEST(test_write_disk_secure)
- 	assert(S_ISDIR(st.st_mode));
- 	archive_entry_free(ae);
- 
-+	/*
-+	 * Without security checks, we should be able to
-+	 * extract an absolute path.
-+	 */
-+	assert((ae = archive_entry_new()) != NULL);
-+	archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
-+	archive_entry_set_mode(ae, S_IFREG | 0777);
-+	assert(0 == archive_write_header(a, ae));
-+	assert(0 == archive_write_finish_entry(a));
-+	assertFileExists("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
-+	assert(0 == unlink("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp"));
-+
-+	/* But with security checks enabled, this should fail. */
-+	assert(archive_entry_clear(ae) != NULL);
-+	archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
-+	archive_entry_set_mode(ae, S_IFREG | 0777);
-+	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS);
-+	failure("Extracting an absolute path should fail here.");
-+	assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
-+	archive_entry_free(ae);
-+	assert(0 == archive_write_finish_entry(a));
-+	assertFileNotExists("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
-+
- 	assertEqualInt(ARCHIVE_OK, archive_write_free(a));
- 
- 	/* Test the entries on disk. */
diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix
index 55ff770f4bd..0c5f900dd41 100644
--- a/pkgs/development/libraries/libarchive/default.nix
+++ b/pkgs/development/libraries/libarchive/default.nix
@@ -2,22 +2,14 @@
 , sharutils }:
 
 stdenv.mkDerivation rec {
-  name = "libarchive-3.1.2";
+  name = "libarchive-${version}";
+  version = "3.2.1";
 
   src = fetchurl {
-    urls = [
-      "http://pkgs.fedoraproject.org/repo/pkgs/libarchive/libarchive-3.1.2.tar.gz/efad5a503f66329bb9d2f4308b5de98a/${name}.tar.gz"
-      "${meta.homepage}/downloads/${name}.tar.gz"
-    ];
-    sha256 = "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb";
+    url = "${meta.homepage}/downloads/${name}.tar.gz";
+    sha256 = "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj";
   };
 
-  patches = [
-    ./CVE-2013-0211.patch # https://github.com/libarchive/libarchive/commit/22531545
-    ./CVE-2015-1197.patch # https://github.com/NixOS/nixpkgs/issues/6799
-      # ^ it's CVE-2015-2304 specific to libarchive
-  ];
-
   buildInputs = [ sharutils libxml2 zlib bzip2 openssl xz lzo ] ++
     stdenv.lib.optionals stdenv.isLinux [ e2fsprogs attr acl ];
 

From ba2eec97b5022848fffeb8c85303b7afe4690e82 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Sun, 10 Jul 2016 01:22:49 +0200
Subject: [PATCH 33/44] sqlite: 3.12.2 -> 3.13.0

---
 pkgs/development/libraries/sqlite/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix
index 6dded64e0f5..1e59745b34a 100644
--- a/pkgs/development/libraries/sqlite/default.nix
+++ b/pkgs/development/libraries/sqlite/default.nix
@@ -3,11 +3,11 @@
 assert interactive -> readline != null && ncurses != null;
 
 stdenv.mkDerivation {
-  name = "sqlite-3.12.2";
+  name = "sqlite-3.13.0";
 
   src = fetchurl {
-    url = "http://sqlite.org/2016/sqlite-autoconf-3120200.tar.gz";
-    sha1 = "b43c2e7238e54c50b95fbbd85c48792f4f39af8c";
+    url = "http://sqlite.org/2016/sqlite-autoconf-3130000.tar.gz";
+    sha256 = "0sq88jbwsk48i41f7m7rkw9xvijq011nsbs7pl49s31inck70yg2";
   };
 
   outputs = [ "dev" "out" "bin" ];

From 6e21246dc471a01fe8e8107292b5067234d20595 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 6 Jul 2016 22:53:25 +0300
Subject: [PATCH 34/44] plymouth: 0.9.0 -> 0.9.2

Use system-wide directories for various resources.
---
 pkgs/os-specific/linux/plymouth/default.nix | 40 ++++++++++++++-------
 1 file changed, 27 insertions(+), 13 deletions(-)

diff --git a/pkgs/os-specific/linux/plymouth/default.nix b/pkgs/os-specific/linux/plymouth/default.nix
index 00d330ca955..b1b1a4649ba 100644
--- a/pkgs/os-specific/linux/plymouth/default.nix
+++ b/pkgs/os-specific/linux/plymouth/default.nix
@@ -1,27 +1,32 @@
-{ stdenv, fetchurl, autoreconfHook, cairo, docbook_xsl, gtk
-, libdrm, libpng, libxslt, makeWrapper, pango, pkgconfig, udev
+{ stdenv, fetchurl, autoreconfHook, pkgconfig, libxslt, docbook_xsl
+, gtk3, udev, systemd
 }:
 
 stdenv.mkDerivation rec {
   name = "plymouth-${version}";
-  version = "0.9.0";
+  version = "0.9.2";
 
   src = fetchurl {
     url = "http://www.freedesktop.org/software/plymouth/releases/${name}.tar.bz2";
-    sha256 = "0kfdwv179brg390ma003pmdqfvqlbybqiyp9fxrxx0wa19sjxqnk";
+    sha256 = "0zympsgy5bbfl2ag5nc1jxlshpx8r1s1yyjisanpx76g88hfh31g";
   };
 
-  buildInputs = [
-    autoreconfHook cairo docbook_xsl gtk libdrm libpng
-    libxslt makeWrapper pango pkgconfig udev
+  nativeBuildInputs = [
+    autoreconfHook pkgconfig libxslt docbook_xsl
   ];
 
-  prePatch = ''
-    sed -e "s#\$(\$PKG_CONFIG --variable=systemdsystemunitdir systemd)#$out/etc/systemd/system#g" \
-      -i configure.ac
-  '';
+  buildInputs = [
+    gtk3 udev systemd
+  ];
 
   postPatch = ''
+    sed -i \
+      -e "s#\$(\$PKG_CONFIG --variable=systemdsystemunitdir systemd)#$out/etc/systemd/system#g" \
+      -e "s#plymouthplugindir=.*#plymouthplugindir=/etc/plymouth/plugins/#" \
+      -e "s#plymouththemedir=.*#plymouththemedir=/etc/plymouth/themes#" \
+      -e "s#plymouthpolicydir=.*#plymouthpolicydir=/etc/plymouth/#" \
+      configure.ac
+
     configureFlags="
       --prefix=$out
       --bindir=$out/bin
@@ -29,15 +34,24 @@ stdenv.mkDerivation rec {
       --exec-prefix=$out
       --libdir=$out/lib
       --libexecdir=$out/lib
-      --sysconfdir=$out/etc
+      --sysconfdir=/etc
       --localstatedir=/var
-      --with-log-viewer
+      --with-logo=/etc/plymouth/logo.png
+      --with-background-color=0x000000
+      --with-background-start-color-stop=0x000000
+      --with-background-end-color-stop=0x000000
+      --with-release-file=/etc/os-release
       --without-system-root-install
       --without-rhgb-compat-link
       --enable-tracing
       --enable-systemd-integration
       --enable-pango
+      --enable-gdm-transition
       --enable-gtk"
+
+    installFlags="
+      plymouthd_defaultsdir=$out/share/plymouth
+      plymouthd_confdir=$out/etc/plymouth"
   '';
 
   meta = with stdenv.lib; {

From 90ad879753c476154e65667f8dec12cf5a6c89d4 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 6 Jul 2016 22:54:08 +0300
Subject: [PATCH 35/44] nixos stage-1: unconditionally mount /dev/pts

---
 nixos/modules/system/boot/initrd-ssh.nix  | 3 ---
 nixos/modules/system/boot/stage-1-init.sh | 2 ++
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix
index 3e2805a8c34..d0a4ce51148 100644
--- a/nixos/modules/system/boot/initrd-ssh.nix
+++ b/nixos/modules/system/boot/initrd-ssh.nix
@@ -100,9 +100,6 @@ in
     '';
 
     boot.initrd.network.postCommands = ''
-      mkdir /dev/pts
-      mount -t devpts devpts /dev/pts
-
       echo '${cfg.shell}' > /etc/shells
       echo 'root:x:0:0:root:/root:${cfg.shell}' > /etc/passwd
       echo 'passwd: files' > /etc/nsswitch.conf
diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh
index 9bffcd31b9b..055ad2e3e84 100644
--- a/nixos/modules/system/boot/stage-1-init.sh
+++ b/nixos/modules/system/boot/stage-1-init.sh
@@ -70,6 +70,8 @@ mount -t sysfs sysfs /sys
 mount -t devtmpfs -o "size=@devSize@" devtmpfs /dev
 mkdir -p /run
 mount -t tmpfs -o "mode=0755,size=@runSize@" tmpfs /run
+mkdir /dev/pts
+mount -t devpts devpts /dev/pts
 
 # Log the script output to /dev/kmsg or /run/log/stage-1-init.log.
 mkdir -p /tmp

From bd0ab027c1c83eb7c26ed50bcf0d77da0c31a1d8 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 6 Jul 2016 22:56:21 +0300
Subject: [PATCH 36/44] nixos stage-1: recursively process binaries and
 libraries

---
 nixos/modules/system/boot/stage-1.nix | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix
index 5e6554324ca..d031b8a2751 100644
--- a/nixos/modules/system/boot/stage-1.nix
+++ b/nixos/modules/system/boot/stage-1.nix
@@ -81,9 +81,9 @@ let
       # Copy ld manually since it isn't detected correctly
       cp -pv ${pkgs.glibc.out}/lib/ld*.so.? $out/lib
 
-      # Copy all of the needed libraries for the binaries
-      for BIN in $(find $out/{bin,sbin} -type f); do
-        echo "Copying libs for bin $BIN"
+      # Copy all of the needed libraries
+      find $out/bin $out/lib -type f | while read BIN; do
+        echo "Copying libs for executable $BIN"
         LDD="$(ldd $BIN)" || continue
         LIBS="$(echo "$LDD" | awk '{print $3}' | sed '/^$/d')"
         for LIB in $LIBS; do
@@ -104,13 +104,17 @@ let
       stripDirs "lib bin" "-s"
 
       # Run patchelf to make the programs refer to the copied libraries.
-      for i in $out/bin/* $out/lib/*; do if ! test -L $i; then nuke-refs -e $out $i; fi; done
+      find $out/bin $out/lib -type f | while read i; do
+        if ! test -L $i; then
+          nuke-refs -e $out $i
+        fi
+      done
 
-      for i in $out/bin/*; do
-          if ! test -L $i; then
-              echo "patching $i..."
-              patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true
-          fi
+      find $out/bin -type f | while read i; do
+        if ! test -L $i; then
+          echo "patching $i..."
+          patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true
+        fi
       done
 
       # Make sure that the patchelf'ed binaries still work.

From e02b5ace0b70341647ac464c1b19c2da14068147 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 6 Jul 2016 22:56:43 +0300
Subject: [PATCH 37/44] nixos stage-1: guard udevRules from extra references

---
 nixos/modules/system/boot/stage-1.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix
index d031b8a2751..54c3a50c2e6 100644
--- a/nixos/modules/system/boot/stage-1.nix
+++ b/nixos/modules/system/boot/stage-1.nix
@@ -142,6 +142,7 @@ let
 
   udevRules = pkgs.stdenv.mkDerivation {
     name = "udev-rules";
+    allowedReferences = [ extraUtils ];
     buildCommand = ''
       mkdir -p $out
 

From 3508918da2e9e18640aa12214a54940f9aa70f49 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 6 Jul 2016 22:56:59 +0300
Subject: [PATCH 38/44] nixos stage-1: replace udevadm in udevRules

---
 nixos/modules/system/boot/stage-1.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix
index 54c3a50c2e6..56a9c38b8f2 100644
--- a/nixos/modules/system/boot/stage-1.nix
+++ b/nixos/modules/system/boot/stage-1.nix
@@ -165,7 +165,8 @@ let
             --replace /sbin/mdadm ${extraUtils}/bin/mdadm \
             --replace /bin/sh ${extraUtils}/bin/sh \
             --replace /usr/bin/readlink ${extraUtils}/bin/readlink \
-            --replace /usr/bin/basename ${extraUtils}/bin/basename
+            --replace /usr/bin/basename ${extraUtils}/bin/basename \
+            --replace ${udev}/bin/udevadm ${extraUtils}/bin/udevadm
       done
 
       # Work around a bug in QEMU, which doesn't implement the "READ

From d3e3e643cbcaf423f9595abd0e791cda51dfdc07 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 6 Jul 2016 22:57:14 +0300
Subject: [PATCH 39/44] nixos stage-1: set extraUtils variable

---
 nixos/modules/system/boot/stage-1-init.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh
index 055ad2e3e84..d4277ebd80c 100644
--- a/nixos/modules/system/boot/stage-1-init.sh
+++ b/nixos/modules/system/boot/stage-1-init.sh
@@ -3,6 +3,7 @@
 targetRoot=/mnt-root
 console=tty1
 
+extraUtils="@extraUtils@"
 export LD_LIBRARY_PATH=@extraUtils@/lib
 export PATH=@extraUtils@/bin
 ln -s @extraUtils@/bin /bin

From a2d4235fe13292c7dce2e71963d0ed0f9c204436 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 6 Jul 2016 23:00:44 +0300
Subject: [PATCH 40/44] plymouth service: init

---
 nixos/modules/module-list.nix          |   1 +
 nixos/modules/system/boot/plymouth.nix | 129 +++++++++++++++++++++++++
 2 files changed, 130 insertions(+)
 create mode 100644 nixos/modules/system/boot/plymouth.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index be72c0ef29c..33ce19dd652 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -522,6 +522,7 @@
   ./system/boot/luksroot.nix
   ./system/boot/modprobe.nix
   ./system/boot/networkd.nix
+  ./system/boot/plymouth.nix
   ./system/boot/resolved.nix
   ./system/boot/shutdown.nix
   ./system/boot/stage-1.nix
diff --git a/nixos/modules/system/boot/plymouth.nix b/nixos/modules/system/boot/plymouth.nix
new file mode 100644
index 00000000000..82c1032937c
--- /dev/null
+++ b/nixos/modules/system/boot/plymouth.nix
@@ -0,0 +1,129 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  inherit (pkgs) plymouth;
+
+  cfg = config.boot.plymouth;
+
+  themesEnv = pkgs.buildEnv {
+    name = "plymouth-themes";
+    paths = [ plymouth ] ++ cfg.themePackages;
+  };
+
+  configFile = pkgs.writeText "plymouthd.conf" ''
+    [Daemon]
+    ShowDelay=0
+    Theme=${cfg.theme}
+  '';
+
+in
+
+{
+
+  options = {
+
+    boot.plymouth = {
+
+      enable = mkEnableOption "Plymouth boot splash screen";
+
+      themePackages = mkOption {
+        default = [];
+        type = types.listOf types.package;
+        description = ''
+          Extra theme packages for plymouth.
+        '';
+      };
+
+      theme = mkOption {
+        default = "fade-in";
+        type = types.str;
+        description = ''
+          Splash screen theme.
+        '';
+      };
+
+      logo = mkOption {
+        type = types.path;
+        default = pkgs.fetchurl {
+          url = "https://nixos.org/logo/nixos-hires.png";
+          sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
+        };
+        description = ''
+          Logo which is displayed on the splash screen.
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    boot.kernelParams = [ "splash" ];
+
+    # To be discoverable by systemd.
+    environment.systemPackages = [ plymouth ];
+
+    environment.etc."plymouth/plymouthd.conf".source = configFile;
+    environment.etc."plymouth/plymouthd.defaults".source = "${plymouth}/share/plymouth/plymouth.defaults";
+    environment.etc."plymouth/logo.png".source = cfg.logo;
+    environment.etc."plymouth/themes".source = "${themesEnv}/share/plymouth/themes";
+    # XXX: Needed because we supply a different set of plugins in initrd.
+    environment.etc."plymouth/plugins".source = "${plymouth}/lib/plymouth";
+
+    systemd.packages = [ plymouth ];
+
+    systemd.services.plymouth-kexec.wantedBy = [ "kexec.target" ];
+    systemd.services.plymouth-halt.wantedBy = [ "halt.target" ];
+    systemd.services.plymouth-quit = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "display-manager.service" "multi-user.target" ];
+    };
+    systemd.services.plymouth-poweroff.wantedBy = [ "poweroff.target" ];
+    systemd.services.plymouth-reboot.wantedBy = [ "reboot.target" ];
+    systemd.services.plymouth-read-write.wantedBy = [ "sysinit.target" ];
+
+    boot.initrd.extraUtilsCommands = ''
+      copy_bin_and_libs ${pkgs.plymouth}/bin/plymouthd
+      copy_bin_and_libs ${pkgs.plymouth}/bin/plymouth
+
+      moduleName="$(sed -n 's,ModuleName *= *,,p' ${themesEnv}/share/plymouth/themes/${cfg.theme}/${cfg.theme}.plymouth)"
+
+      mkdir -p $out/lib/plymouth/renderers
+      cp ${plymouth}/lib/plymouth/{text,details,$moduleName}.so $out/lib/plymouth
+      cp ${plymouth}/lib/plymouth/renderers/{drm,frame-buffer}.so $out/lib/plymouth/renderers
+
+      mkdir -p $out/share/plymouth/themes
+      cp ${plymouth}/share/plymouth/plymouthd.defaults $out/share/plymouth
+      cp -r ${themesEnv}/share/plymouth/themes/{text,details,${cfg.theme}} $out/share/plymouth/themes
+      cp ${cfg.logo} $out/share/plymouth/logo.png
+    '';
+
+    boot.initrd.extraUtilsCommandsTest = ''
+      $out/bin/plymouthd --help >/dev/null
+      $out/bin/plymouth --help >/dev/null
+    '';
+
+    boot.initrd.extraUdevRulesCommands = ''
+      cp ${config.systemd.package}/lib/udev/rules.d/{70-uaccess,71-seat}.rules $out
+      sed -i '/loginctl/d' $out/71-seat.rules
+    '';
+
+    boot.initrd.preLVMCommands = mkAfter ''
+      mkdir -p /etc/plymouth
+      ln -s ${configFile} /etc/plymouth/plymouthd.conf
+      ln -s $extraUtils/share/plymouth/plymouthd.defaults /etc/plymouth/plymouthd.defaults
+      ln -s $extraUtils/share/plymouth/logo.png /etc/plymouth/logo.png
+      ln -s $extraUtils/share/plymouth/themes /etc/plymouth/themes
+      ln -s $extraUtils/lib/plymouth /etc/plymouth/plugins
+
+      plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session
+      plymouth --show-splash
+    '';
+
+  };
+
+}

From c69c76ca7efecba24aba555c2a03f933997d1fd5 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 7 Jul 2016 00:44:02 +0300
Subject: [PATCH 41/44] nixos stage-1: try to quit plymouth if started on
 failure

---
 nixos/modules/system/boot/luksroot.nix    | 26 +++++++++++++++++++----
 nixos/modules/system/boot/stage-1-init.sh |  3 +++
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix
index 8dad09c8920..15881b6d371 100644
--- a/nixos/modules/system/boot/luksroot.nix
+++ b/nixos/modules/system/boot/luksroot.nix
@@ -36,7 +36,7 @@ let
           ${optionalString (header != null) "--header=${header}"} \
           ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \
           > /.luksopen_args
-        cryptsetup-askpass
+        get_password "Enter LUKS Passphrase" cryptsetup-askpass
         rm /.luksopen_args
     }
 
@@ -78,9 +78,7 @@ let
         for try in $(seq 3); do
 
             ${optionalString yubikey.twoFactor ''
-            echo -n "Enter two-factor passphrase: "
-            read -s k_user
-            echo
+            k_user="$(get_password "Enter two-factor passphrase" cat)"
             ''}
 
             if [ ! -z "$k_user" ]; then
@@ -463,6 +461,26 @@ in
       ''}
     '';
 
+    boot.initrd.preDeviceCommands = ''
+      get_password() {
+        local ret
+        local reply
+        local tty_stat
+
+        tty_stat="$(stty -g)"
+        stty -echo
+        for i in `seq 1 3`; do
+          echo -n "$1: "
+          read reply
+          echo "$reply" | "$2"
+          if [ "$?" = "0" ]; then
+            break
+          fi
+        done
+        stty "$tty_stat"
+      }
+    '';
+
     boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM);
     boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM);
 
diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh
index d4277ebd80c..6b1bf0b3e02 100644
--- a/nixos/modules/system/boot/stage-1-init.sh
+++ b/nixos/modules/system/boot/stage-1-init.sh
@@ -14,6 +14,9 @@ export LVM_SUPPRESS_FD_WARNINGS=true
 fail() {
     if [ -n "$panicOnFail" ]; then exit 1; fi
 
+    # If we have a splash screen started, quit it.
+    command -v plymouth >/dev/null 2>&1 && plymouth quit
+
     # If starting stage 2 failed, allow the user to repair the problem
     # in an interactive shell.
     cat <<EOF

From 246ad0159fb22b40b13e4feb2c64e727e4f0a984 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 7 Jul 2016 02:10:19 +0300
Subject: [PATCH 42/44] gdm: build with plymouth support

---
 pkgs/desktops/gnome-3/3.18/core/gdm/default.nix | 5 +++--
 pkgs/desktops/gnome-3/3.20/core/gdm/default.nix | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkgs/desktops/gnome-3/3.18/core/gdm/default.nix b/pkgs/desktops/gnome-3/3.18/core/gdm/default.nix
index 0d21bf54666..588c6bc639b 100644
--- a/pkgs/desktops/gnome-3/3.18/core/gdm/default.nix
+++ b/pkgs/desktops/gnome-3/3.18/core/gdm/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, pkgconfig, glib, itstool, libxml2, xorg, dbus
 , intltool, accountsservice, libX11, gnome3, systemd, gnome_session, autoreconfHook
-, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection }:
+, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection, plymouth }:
 
 stdenv.mkDerivation rec {
   inherit (import ./src.nix fetchurl) name src;
@@ -13,12 +13,13 @@ stdenv.mkDerivation rec {
   configureFlags = [ "--sysconfdir=/etc"
                      "--localstatedir=/var"
                      "--with-systemd=yes"
+                     "--with-plymouth=yes"
                      "--with-systemdsystemunitdir=$(out)/etc/systemd/system" ];
 
   buildInputs = [ pkgconfig glib itstool libxml2 intltool autoreconfHook
                   accountsservice gnome3.dconf systemd
                   gobjectIntrospection libX11 gtk
-                  libcanberra_gtk3 pam libtool ];
+                  libcanberra_gtk3 pam libtool plymouth ];
 
   #enableParallelBuilding = true; # problems compiling
 
diff --git a/pkgs/desktops/gnome-3/3.20/core/gdm/default.nix b/pkgs/desktops/gnome-3/3.20/core/gdm/default.nix
index 4b951ce5ade..25a44d90a5b 100644
--- a/pkgs/desktops/gnome-3/3.20/core/gdm/default.nix
+++ b/pkgs/desktops/gnome-3/3.20/core/gdm/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, pkgconfig, glib, itstool, libxml2, xorg, dbus
 , intltool, accountsservice, libX11, gnome3, systemd, gnome_session, autoreconfHook
-, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection }:
+, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection, plymouth }:
 
 stdenv.mkDerivation rec {
   inherit (import ./src.nix fetchurl) name src;
@@ -13,12 +13,13 @@ stdenv.mkDerivation rec {
   configureFlags = [ "--sysconfdir=/etc"
                      "--localstatedir=/var"
                      "--with-systemd=yes"
+                     "--with-plymouth=yes"
                      "--with-systemdsystemunitdir=$(out)/etc/systemd/system" ];
 
   buildInputs = [ pkgconfig glib itstool libxml2 intltool autoreconfHook
                   accountsservice gnome3.dconf systemd
                   gobjectIntrospection libX11 gtk
-                  libcanberra_gtk3 pam libtool ];
+                  libcanberra_gtk3 pam libtool plymouth ];
 
   #enableParallelBuilding = true; # problems compiling
 

From f56a319e3ef1518274026d3350dfdca956a7ac1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Tue, 12 Jul 2016 21:58:16 +0200
Subject: [PATCH 43/44] ncurses: revert to 5.9 on Darwin (only)

I don't want to investigate why it won't compile.
http://hydra.nixos.org/build/37537876/nixlog/1/raw
---
 pkgs/development/libraries/ncurses/default.nix | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkgs/development/libraries/ncurses/default.nix b/pkgs/development/libraries/ncurses/default.nix
index 83864751409..7133634f2eb 100644
--- a/pkgs/development/libraries/ncurses/default.nix
+++ b/pkgs/development/libraries/ncurses/default.nix
@@ -4,17 +4,21 @@
 , unicode ? true
 
 , gpm
-
-# Extra Options
-, abiVersion ? "6"
 }:
-
+let
+  inherit (stdenv) isDarwin;
+  abiVersion = if isDarwin then "5" else "6";
+  version = if isDarwin then "5.9" else "6.0";
+  sha256 = if isDarwin
+    then "0fsn7xis81za62afan0vvm38bvgzg5wfmv1m86flqcj0nj7jjilh"
+    else "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm";
+in
 stdenv.mkDerivation rec {
-  name = "ncurses-6.0";
+  name = "ncurses-${version}";
 
   src = fetchurl {
     url = "mirror://gnu/ncurses/${name}.tar.gz";
-    sha256 = "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm";
+    inherit sha256;
   };
 
   patches = [ ./clang.patch ];

From 0172558e8278eda2f08f9fc02ff831538548ced3 Mon Sep 17 00:00:00 2001
From: Alexey Shmalko <rasen.dubi@gmail.com>
Date: Sat, 9 Jul 2016 23:47:15 +0300
Subject: [PATCH 44/44] buildEnv: build the whole tree of directories to
 pathsToLink

This patch fixes #16614 and #16741.

The first issue was caused by the fact that both `/share` and
`/share/fish/vendor_completions.d` end in the `pathsToLink`. The
`pkgs/build-support/buildenv/builder.pl` creates `/share`, then links
`/share/fish` under `/share` and then tries to create the directory
`/share/fish/vendor_completions.d` and fails because it already exists.

The simplest way to reproduce the issue is to build the next Nix
expression:

```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
  name = "buildenv-issue";

  paths = [
    pkgs.fish
    pkgs.vim
  ];

  pathsToLink = [
    "/share"
    "/share/fish/vendor_completions.d"
  ];
}
```

The second issue is more critical and was caused by the fact findFiles
doesn't recurse deep enough. It stops at first unique directory for the
package (e.g., "/share" or even "/") and later the scripts decides it
shouldn't link it as it doesn't match pathsToLink (e.g., "/share/fish"),
so the result is empty.

The test:
```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
  name = "buildenv-issue";

  paths = [
    pkgs.fish
    pkgs.vim
  ];

  pathsToLink = [
    "/share/fish/functions"
  ];
}
```

or

```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
  name = "buildenv-issue";

  paths = [
    pkgs.vim
  ];

  pathsToLink = [
    "/share"
  ];
}
```
---
 pkgs/build-support/buildenv/builder.pl | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/pkgs/build-support/buildenv/builder.pl b/pkgs/build-support/buildenv/builder.pl
index f6cfe52dc31..678f5a3fe9e 100755
--- a/pkgs/build-support/buildenv/builder.pl
+++ b/pkgs/build-support/buildenv/builder.pl
@@ -31,9 +31,23 @@ sub isInPathsToLink {
 
 my %symlinks;
 
+# Add all pathsToLink and all parent directories.
+#
+# For "/a/b/c" that will include
+# [ "", "/a", "/a/b", "/a/b/c" ]
+#
+# That ensures the whole directory tree needed by pathsToLink is
+# created as directories and not symlinks.
+$symlinks{""} = ["", 0];
 for my $p (@pathsToLink) {
-    $p = "" if $p eq "/";
-    $symlinks{$p} = ["", 0];
+    my @parts = split '/', $p;
+
+    my $cur = "";
+    for my $x (@parts) {
+        $cur = $cur . "/$x";
+        $cur = "" if $cur eq "/";
+        $symlinks{$cur} = ["", 0];
+    }
 }
 
 sub findFiles;