From 9ec52d632302ad6267a83b563de9927f886e1817 Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Thu, 29 May 2014 14:47:07 +0200 Subject: [PATCH 01/61] Fixes to make basic builds on Cygwin work again + additions to support x86_64-cygwin --- lib/platforms.nix | 2 +- pkgs/development/interpreters/perl/5.16/default.nix | 8 +++++++- pkgs/development/libraries/openssl/default.nix | 7 ++++++- pkgs/stdenv/generic/default.nix | 3 ++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/lib/platforms.nix b/lib/platforms.nix index 76df389deac..c1b79d3aceb 100644 --- a/lib/platforms.nix +++ b/lib/platforms.nix @@ -7,7 +7,7 @@ rec { freebsd = ["i686-freebsd" "x86_64-freebsd"]; openbsd = ["i686-openbsd" "x86_64-openbsd"]; netbsd = ["i686-netbsd" "x86_64-netbsd"]; - cygwin = ["i686-cygwin"]; + cygwin = ["i686-cygwin" "x86_64-cygwin"]; unix = linux ++ darwin ++ freebsd ++ openbsd; all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd; none = []; diff --git a/pkgs/development/interpreters/perl/5.16/default.nix b/pkgs/development/interpreters/perl/5.16/default.nix index bbd9e003b2c..b7a27d4f478 100644 --- a/pkgs/development/interpreters/perl/5.16/default.nix +++ b/pkgs/development/interpreters/perl/5.16/default.nix @@ -54,6 +54,12 @@ stdenv.mkDerivation rec { ${optionalString stdenv.isArm '' configureFlagsArray=(-Dldflags="-lm -lrt") ''} + + ${optionalString stdenv.isCygwin '' + cp cygwin/cygwin{,.bak} + echo "#define PERLIO_NOT_STDIO 0" > tmp + cat tmp cygwin/cygwin.c.bak > cygwin/cygwin.c + ''} ''; preBuild = optionalString (!(stdenv ? gcc && stdenv.gcc.nativeTools)) @@ -64,7 +70,7 @@ stdenv.mkDerivation rec { setupHook = ./setup-hook.sh; - doCheck = !stdenv.isDarwin; + doCheck = stdenv.isLinux; # some network-related tests don't work, mostly probably due to our sandboxing testsToSkip = '' diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 7217c876bfd..130ab6b205f 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -60,7 +60,12 @@ stdenv.mkDerivation { else "./config"; configureFlags = "shared --libdir=lib --openssldir=etc/ssl" + - stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"; + stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + + stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") " no-asm"; + + preBuild = stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") '' + sed -i -e "s|-march=i486|-march=x86-64|g" Makefile + ''; makeFlags = "MANDIR=$(out)/share/man"; diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 14da127b9e0..ce0fd3a1dc2 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -127,7 +127,8 @@ let || system == "x86_64-kfreebsd-gnu"; isSunOS = system == "i686-solaris" || system == "x86_64-solaris"; - isCygwin = system == "i686-cygwin"; + isCygwin = system == "i686-cygwin" + || system == "x86_64-cygwin"; isFreeBSD = system == "i686-freebsd" || system == "x86_64-freebsd"; isOpenBSD = system == "i686-openbsd" From 86e18c965f1fd66f72bcadc065e6e5350f11ba0f Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Sat, 31 May 2014 14:25:46 +0200 Subject: [PATCH 02/61] Fix perl compilation --- pkgs/development/interpreters/perl/5.16/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/perl/5.16/default.nix b/pkgs/development/interpreters/perl/5.16/default.nix index b7a27d4f478..403bd91870d 100644 --- a/pkgs/development/interpreters/perl/5.16/default.nix +++ b/pkgs/development/interpreters/perl/5.16/default.nix @@ -56,7 +56,7 @@ stdenv.mkDerivation rec { ''} ${optionalString stdenv.isCygwin '' - cp cygwin/cygwin{,.bak} + cp cygwin/cygwin.c{,.bak} echo "#define PERLIO_NOT_STDIO 0" > tmp cat tmp cygwin/cygwin.c.bak > cygwin/cygwin.c ''} From 38567ddc80bdb2d0b23b3b0f3d6277c514b0a4bb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 12 Aug 2014 03:08:22 +0200 Subject: [PATCH 03/61] systemd: Apply backport fixes In particular, added a few patches that improve systemd-nspawn container behaviour. --- pkgs/os-specific/linux/systemd/fixes.patch | 2341 +++++++++++++++++++- 1 file changed, 2329 insertions(+), 12 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 7410c87e277..70ad195a032 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -1,7 +1,25 @@ diff --git a/Makefile.am b/Makefile.am -index 3d9e5c1..4d43cb4 100644 +index 3d9e5c1..46487f6 100644 --- a/Makefile.am +++ b/Makefile.am +@@ -1095,7 +1095,7 @@ BUILT_SOURCES += \ + + src/shared/errno-list.txt: + $(AM_V_at)$(MKDIR_P) $(dir $@) +- $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+[0-9]/ { print $$2; }' > $@ ++ $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+/ { print $$2; }' > $@ + + src/shared/errno-from-name.gperf: src/shared/errno-list.txt + $(AM_V_at)$(MKDIR_P) $(dir $@) +@@ -1107,7 +1107,7 @@ src/shared/errno-from-name.h: src/shared/errno-from-name.gperf + + src/shared/errno-to-name.h: src/shared/errno-list.txt + $(AM_V_at)$(MKDIR_P) $(dir $@) +- $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@ ++ $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} !/EDEADLOCK/ && !/EWOULDBLOCK/ && !/ENOTSUP/ { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@ + + src/shared/af-list.txt: + $(AM_V_at)$(MKDIR_P) $(dir $@) @@ -1707,7 +1707,9 @@ dist_tmpfiles_DATA += \ endif @@ -13,8 +31,42 @@ index 3d9e5c1..4d43cb4 100644 systemd-tmpfiles-setup.service dist_zshcompletion_DATA += \ +@@ -1961,6 +1963,7 @@ systemd_cgls_SOURCES = \ + src/cgls/cgls.c + + systemd_cgls_LDADD = \ ++ libsystemd-internal.la \ + libsystemd-shared.la + + # ------------------------------------------------------------------------------ +diff --git a/TODO b/TODO +index e2ca1e6..d7efdd5 100644 +--- a/TODO ++++ b/TODO +@@ -1,4 +1,6 @@ + Bugfixes: ++* Should systemctl status \* work on all unit types, not just .service? ++ + * enabling an instance unit creates a pointless link, and + the unit will be started with getty@getty.service: + $ systemctl enable getty@.service +diff --git a/rules/42-usb-hid-pm.rules b/rules/42-usb-hid-pm.rules +index c675b5b..4c300da 100644 +--- a/rules/42-usb-hid-pm.rules ++++ b/rules/42-usb-hid-pm.rules +@@ -12,10 +12,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!= + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" + +-# Catch-all for Avocent HID devices. Keyed off interface in order to only +-# trigger on HID class devices. +-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto" +- + # Dell DRAC 4 + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto" + diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in -index db72373..2fc12ca 100644 +index db72373..2875958 100644 --- a/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in @@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd" @@ -28,11 +80,329 @@ index db72373..2fc12ca 100644 # Ignore raid devices that are not yet assembled and started SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0" +@@ -43,7 +39,7 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys + SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k" + + SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_WANTS}+="bluetooth.target" +-ENV{ID_SMARTCARD_READER}=="*?", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target" ++ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target" + SUBSYSTEM=="sound", KERNEL=="card*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target" + + SUBSYSTEM=="printer", TAG+="systemd", ENV{SYSTEMD_WANTS}+="printer.target" +diff --git a/src/cgls/cgls.c b/src/cgls/cgls.c +index b8e275d..1840594 100644 +--- a/src/cgls/cgls.c ++++ b/src/cgls/cgls.c +@@ -35,6 +35,10 @@ + #include "build.h" + #include "output-mode.h" + #include "fileio.h" ++#include "sd-bus.h" ++#include "bus-util.h" ++#include "bus-error.h" ++#include "unit-name.h" + + static bool arg_no_pager = false; + static bool arg_kernel_threads = false; +@@ -127,6 +131,7 @@ int main(int argc, char *argv[]) { + int r = 0, retval = EXIT_FAILURE; + int output_flags; + char _cleanup_free_ *root = NULL; ++ _cleanup_bus_unref_ sd_bus *bus = NULL; + + log_parse_environment(); + log_open(); +@@ -151,6 +156,12 @@ int main(int argc, char *argv[]) { + arg_all * OUTPUT_SHOW_ALL | + (arg_full > 0) * OUTPUT_FULL_WIDTH; + ++ r = bus_open_transport(BUS_TRANSPORT_LOCAL, NULL, false, &bus); ++ if (r < 0) { ++ log_error("Failed to create bus connection: %s", strerror(-r)); ++ goto finish; ++ } ++ + if (optind < argc) { + int i; + +@@ -189,8 +200,52 @@ int main(int argc, char *argv[]) { + } else { + if (arg_machine) { + char *m; ++ const char *cgroup; ++ _cleanup_free_ char *scope = NULL; ++ _cleanup_free_ char *path = NULL; ++ _cleanup_bus_message_unref_ sd_bus_message *reply = NULL; ++ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; ++ + m = strappenda("/run/systemd/machines/", arg_machine); +- r = parse_env_file(m, NEWLINE, "CGROUP", &root, NULL); ++ r = parse_env_file(m, NEWLINE, "SCOPE", &scope, NULL); ++ if (r < 0) { ++ log_error("Failed to get machine path: %s", strerror(-r)); ++ goto finish; ++ } ++ ++ path = unit_dbus_path_from_name(scope); ++ if (!path) { ++ r = log_oom(); ++ goto finish; ++ } ++ ++ r = sd_bus_get_property( ++ bus, ++ "org.freedesktop.systemd1", ++ path, ++ "org.freedesktop.systemd1.Scope", ++ "ControlGroup", ++ &error, ++ &reply, ++ "s"); ++ ++ if (r < 0) { ++ log_error("Failed to query ControlGroup: %s", bus_error_message(&error, -r)); ++ goto finish; ++ } ++ ++ r = sd_bus_message_read(reply, "s", &cgroup); ++ if (r < 0) { ++ bus_log_parse_error(r); ++ goto finish; ++ } ++ ++ root = strdup(cgroup); ++ if (!root) { ++ r = log_oom(); ++ goto finish; ++ } ++ + } else + r = cg_get_root_path(&root); + if (r < 0) { +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 3dd4c91..4201e1e 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -871,7 +871,7 @@ int manager_setup_cgroup(Manager *m) { + safe_close(m->pin_cgroupfs_fd); + + m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK); +- if (r < 0) { ++ if (m->pin_cgroupfs_fd < 0) { + log_error("Failed to open pin file: %m"); + return -errno; + } +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 775825b..5b1c4e3 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -173,6 +173,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->cpu_accounting = b; ++ u->cgroup_realized_mask &= ~CGROUP_CPUACCT; + unit_write_drop_in_private(u, mode, name, b ? "CPUAccounting=yes" : "CPUAccounting=no"); + } + +@@ -192,6 +193,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->cpu_shares = ul; ++ u->cgroup_realized_mask &= ~CGROUP_CPU; + unit_write_drop_in_private_format(u, mode, name, "CPUShares=%lu", ul); + } + +@@ -206,6 +208,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->blockio_accounting = b; ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; + unit_write_drop_in_private(u, mode, name, b ? "BlockIOAccounting=yes" : "BlockIOAccounting=no"); + } + +@@ -225,6 +228,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->blockio_weight = ul; ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; + unit_write_drop_in_private_format(u, mode, name, "BlockIOWeight=%lu", ul); + } + +@@ -294,6 +298,8 @@ int bus_cgroup_set_property( + cgroup_context_free_blockio_device_bandwidth(c, a); + } + ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; ++ + f = open_memstream(&buf, &size); + if (!f) + return -ENOMEM; +@@ -375,6 +381,8 @@ int bus_cgroup_set_property( + cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights); + } + ++ u->cgroup_realized_mask &= ~CGROUP_BLKIO; ++ + f = open_memstream(&buf, &size); + if (!f) + return -ENOMEM; +@@ -398,6 +406,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->memory_accounting = b; ++ u->cgroup_realized_mask &= ~CGROUP_MEMORY; + unit_write_drop_in_private(u, mode, name, b ? "MemoryAccounting=yes" : "MemoryAccounting=no"); + } + +@@ -412,6 +421,7 @@ int bus_cgroup_set_property( + + if (mode != UNIT_CHECK) { + c->memory_limit = limit; ++ u->cgroup_realized_mask &= ~CGROUP_MEMORY; + unit_write_drop_in_private_format(u, mode, name, "%s=%" PRIu64, name, limit); + } + +@@ -433,6 +443,7 @@ int bus_cgroup_set_property( + char *buf; + + c->device_policy = p; ++ u->cgroup_realized_mask &= ~CGROUP_DEVICE; + + buf = strappenda("DevicePolicy=", policy); + unit_write_drop_in_private(u, mode, name, buf); +@@ -511,6 +522,8 @@ int bus_cgroup_set_property( + cgroup_context_free_device_allow(c, c->device_allow); + } + ++ u->cgroup_realized_mask &= ~CGROUP_DEVICE; ++ + f = open_memstream(&buf, &size); + if (!f) + return -ENOMEM; +diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c +index 13b3d0d..37d4154 100644 +--- a/src/core/dbus-execute.c ++++ b/src/core/dbus-execute.c +@@ -842,7 +842,7 @@ int bus_exec_context_set_transient_property( + strv_free(c->environment); + c->environment = e; + +- joined = strv_join(c->environment, " "); ++ joined = strv_join_quoted(c->environment); + if (!joined) + return -ENOMEM; + +diff --git a/src/core/job.c b/src/core/job.c +index 35a9de6..dc4f441 100644 +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -1060,6 +1060,9 @@ int job_coldplug(Job *j) { + if (r < 0) + return r; + ++ if (j->state == JOB_WAITING) ++ job_add_to_run_queue(j); ++ + if (j->begin_usec == 0 || j->unit->job_timeout == 0) + return 0; + +diff --git a/src/core/killall.c b/src/core/killall.c +index 57ed41c..eab48f7 100644 +--- a/src/core/killall.c ++++ b/src/core/killall.c +@@ -168,7 +168,7 @@ static int killall(int sig, Set *pids, bool send_sighup) { + continue; + + if (sig == SIGKILL) { +- _cleanup_free_ char *s; ++ _cleanup_free_ char *s = NULL; + + get_process_comm(pid, &s); + log_notice("Sending SIGKILL to PID "PID_FMT" (%s).", pid, strna(s)); +diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c +index d459afe..2a58e48 100644 +--- a/src/core/machine-id-setup.c ++++ b/src/core/machine-id-setup.c +@@ -93,32 +93,9 @@ static int generate(char id[34], const char *root) { + } + } + +- /* If that didn't work, see if we are running in qemu/kvm and a +- * machine ID was passed in via -uuid on the qemu/kvm command +- * line */ +- +- r = detect_vm(&vm_id); +- if (r > 0 && streq(vm_id, "kvm")) { +- char uuid[37]; +- +- fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); +- if (fd >= 0) { +- k = loop_read(fd, uuid, 36, false); +- safe_close(fd); +- +- if (k >= 36) { +- r = shorten_uuid(id, uuid); +- if (r >= 0) { +- log_info("Initializing machine ID from KVM UUID."); +- return 0; +- } +- } +- } +- } +- +- /* If that didn't work either, see if we are running in a +- * container, and a machine ID was passed in via +- * $container_uuid the way libvirt/LXC does it */ ++ /* If that didn't work, see if we are running in a container, ++ * and a machine ID was passed in via $container_uuid the way ++ * libvirt/LXC does it */ + r = detect_container(NULL); + if (r > 0) { + _cleanup_free_ char *e = NULL; +@@ -133,6 +110,30 @@ static int generate(char id[34], const char *root) { + } + } + } ++ ++ } else { ++ /* If we are not running in a container, see if we are ++ * running in qemu/kvm and a machine ID was passed in ++ * via -uuid on the qemu/kvm command line */ ++ ++ r = detect_vm(&vm_id); ++ if (r > 0 && streq(vm_id, "kvm")) { ++ char uuid[37]; ++ ++ fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); ++ if (fd >= 0) { ++ k = loop_read(fd, uuid, 36, false); ++ safe_close(fd); ++ ++ if (k >= 36) { ++ r = shorten_uuid(id, uuid); ++ if (r >= 0) { ++ log_info("Initializing machine ID from KVM UUID."); ++ return 0; ++ } ++ } ++ } ++ } + } + + /* If that didn't work, generate a random machine id */ diff --git a/src/core/main.c b/src/core/main.c -index 41605ee..8517369 100644 +index 41605ee..c65701d 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -1883,7 +1883,7 @@ finish: +@@ -1840,6 +1840,7 @@ finish: + if (reexecute) { + const char **args; + unsigned i, args_size; ++ sigset_t ss; + + /* Close and disarm the watchdog, so that the new + * instance can reinitialize it, but doesn't get +@@ -1883,7 +1884,7 @@ finish: char_array_0(sfd); i = 0; @@ -41,6 +411,83 @@ index 41605ee..8517369 100644 if (switch_root_dir) args[i++] = "--switched-root"; args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; +@@ -1923,6 +1924,13 @@ finish: + args[i++] = NULL; + assert(i <= args_size); + ++ /* reenable any blocked signals, especially important ++ * if we switch from initial ramdisk to init=... */ ++ reset_all_signal_handlers(); ++ ++ assert_se(sigemptyset(&ss) == 0); ++ assert_se(sigprocmask(SIG_SETMASK, &ss, NULL) == 0); ++ + if (switch_root_init) { + args[0] = switch_root_init; + execv(args[0], (char* const*) args); +diff --git a/src/core/manager.c b/src/core/manager.c +index 224106c..7342095 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -422,7 +422,7 @@ int manager_new(SystemdRunningAs running_as, Manager **_m) { + return -ENOMEM; + + #ifdef ENABLE_EFI +- if (detect_container(NULL) <= 0) ++ if (running_as == SYSTEMD_SYSTEM && detect_container(NULL) <= 0) + boot_timestamps(&m->userspace_timestamp, &m->firmware_timestamp, &m->loader_timestamp); + #endif + +@@ -2129,9 +2129,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) { + if (u->id != t) + continue; + +- if (!unit_can_serialize(u)) +- continue; +- + /* Start marker */ + fputs(u->id, f); + fputc('\n', f); +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 9f15211..e41cf5b 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -42,6 +42,7 @@ + #include "mkdir.h" + #include "dev-setup.h" + #include "def.h" ++#include "label.h" + + typedef enum MountMode { + /* This is ordered by priority! */ +@@ -68,6 +69,7 @@ static int append_mounts(BindMount **p, char **strv, MountMode mode) { + STRV_FOREACH(i, strv) { + + (*p)->ignore = false; ++ (*p)->done = false; + + if ((mode == INACCESSIBLE || mode == READONLY || mode == READWRITE) && (*i)[0] == '-') { + (*p)->ignore = true; +@@ -217,7 +219,10 @@ static int mount_dev(BindMount *m) { + goto fail; + } + ++ label_context_set(d, st.st_mode); + r = mknod(dn, st.st_mode, st.st_rdev); ++ label_context_clear(); ++ + if (r < 0) { + r = -errno; + goto fail; +@@ -350,7 +355,7 @@ int setup_namespace( + private_dev; + + if (n > 0) { +- m = mounts = (BindMount *) alloca(n * sizeof(BindMount)); ++ m = mounts = (BindMount *) alloca0(n * sizeof(BindMount)); + r = append_mounts(&m, read_write_dirs, READWRITE); + if (r < 0) + return r; diff --git a/src/core/service.c b/src/core/service.c index ae3695a..6b3aa45 100644 --- a/src/core/service.c @@ -58,7 +505,7 @@ index ae3695a..6b3aa45 100644 log_error_unit(UNIT(s)->id, "%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->id); return -EINVAL; diff --git a/src/core/socket.c b/src/core/socket.c -index 7c18a2b..eba67d5 100644 +index 7c18a2b..1a560a6 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) { @@ -96,6 +543,115 @@ index 7c18a2b..eba67d5 100644 break; } +@@ -1242,6 +1251,8 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { + NULL, + s->exec_runtime, + &pid); ++ if (r < 0) ++ goto fail; + + strv_free(argv); + if (r < 0) +@@ -1497,6 +1508,12 @@ static void socket_enter_running(Socket *s, int cfd) { + } + + if (!pending) { ++ if (!UNIT_ISSET(s->service)) { ++ log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id); ++ r = -ENOENT; ++ goto fail; ++ } ++ + r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL); + if (r < 0) + goto fail; +diff --git a/src/core/timer.c b/src/core/timer.c +index 6c85304..720b8af 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -111,6 +111,23 @@ static int timer_add_default_dependencies(Timer *t) { + return unit_add_two_dependencies_by_name(UNIT(t), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true); + } + ++static void update_stampfile(Timer *t, usec_t timestamp) { ++ _cleanup_close_ int fd = -1; ++ ++ mkdir_parents_label(t->stamp_path, 0755); ++ ++ /* Update the file atime + mtime, if we can */ ++ fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); ++ if (fd >= 0) { ++ struct timespec ts[2]; ++ ++ timespec_store(&ts[0], timestamp); ++ ts[1] = ts[0]; ++ ++ futimens(fd, ts); ++ } ++} ++ + static int timer_setup_persistent(Timer *t) { + int r; + +@@ -131,7 +148,7 @@ static int timer_setup_persistent(Timer *t) { + + e = getenv("XDG_DATA_HOME"); + if (e) +- t->stamp_path = strjoin(e, "/systemd/timers/", UNIT(t)->id, NULL); ++ t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id, NULL); + else { + + _cleanup_free_ char *h = NULL; +@@ -496,22 +513,8 @@ static void timer_enter_running(Timer *t) { + + dual_timestamp_get(&t->last_trigger); + +- if (t->stamp_path) { +- _cleanup_close_ int fd = -1; +- +- mkdir_parents_label(t->stamp_path, 0755); +- +- /* Update the file atime + mtime, if we can */ +- fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); +- if (fd >= 0) { +- struct timespec ts[2]; +- +- timespec_store(&ts[0], t->last_trigger.realtime); +- ts[1] = ts[0]; +- +- futimens(fd, ts); +- } +- } ++ if (t->stamp_path) ++ update_stampfile(t, t->last_trigger.realtime); + + timer_set_state(t, TIMER_RUNNING); + return; +@@ -539,6 +542,11 @@ static int timer_start(Unit *u) { + + if (stat(t->stamp_path, &st) >= 0) + t->last_trigger.realtime = timespec_load(&st.st_atim); ++ else if (errno == ENOENT) ++ /* The timer has never run before, ++ * make sure a stamp file exists. ++ */ ++ update_stampfile(t, now(CLOCK_REALTIME)); + } + + t->result = TIMER_SUCCESS; +diff --git a/src/core/transaction.c b/src/core/transaction.c +index d00f427..2befc32 100644 +--- a/src/core/transaction.c ++++ b/src/core/transaction.c +@@ -378,7 +378,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi + "Found dependency on %s/%s", + k->unit->id, job_type_to_string(k->type)); + +- if (!delete && ++ if (!delete && hashmap_get(tr->jobs, k->unit) && + !unit_matters_to_anchor(k->unit, k)) { + /* Ok, we can drop this one, so let's + * do so. */ diff --git a/src/core/umount.c b/src/core/umount.c index d1258f0..0311812 100644 --- a/src/core/umount.c @@ -109,6 +665,195 @@ index d1258f0..0311812 100644 #ifndef HAVE_SPLIT_USR || path_equal(m->path, "/usr") #endif +diff --git a/src/core/unit.c b/src/core/unit.c +index 153b79b..ed52694 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2287,25 +2287,25 @@ bool unit_can_serialize(Unit *u) { + } + + int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) { +- ExecRuntime *rt; + int r; + + assert(u); + assert(f); + assert(fds); + +- if (!unit_can_serialize(u)) +- return 0; +- +- r = UNIT_VTABLE(u)->serialize(u, f, fds); +- if (r < 0) +- return r; ++ if (unit_can_serialize(u)) { ++ ExecRuntime *rt; + +- rt = unit_get_exec_runtime(u); +- if (rt) { +- r = exec_runtime_serialize(rt, u, f, fds); ++ r = UNIT_VTABLE(u)->serialize(u, f, fds); + if (r < 0) + return r; ++ ++ rt = unit_get_exec_runtime(u); ++ if (rt) { ++ r = exec_runtime_serialize(rt, u, f, fds); ++ if (r < 0) ++ return r; ++ } + } + + dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp); +@@ -2367,17 +2367,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) { + } + + int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { +- size_t offset; + ExecRuntime **rt = NULL; ++ size_t offset; + int r; + + assert(u); + assert(f); + assert(fds); + +- if (!unit_can_serialize(u)) +- return 0; +- + offset = UNIT_VTABLE(u)->exec_runtime_offset; + if (offset > 0) + rt = (ExecRuntime**) ((uint8_t*) u + offset); +@@ -2487,24 +2484,34 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { + if (!s) + return -ENOMEM; + +- free(u->cgroup_path); +- u->cgroup_path = s; ++ if (u->cgroup_path) { ++ void *p; + ++ p = hashmap_remove(u->manager->cgroup_unit, u->cgroup_path); ++ log_info("Removing cgroup_path %s from hashmap (%p)", ++ u->cgroup_path, p); ++ free(u->cgroup_path); ++ } ++ ++ u->cgroup_path = s; + assert(hashmap_put(u->manager->cgroup_unit, s, u) == 1); ++ + continue; + } + +- if (rt) { +- r = exec_runtime_deserialize_item(rt, u, l, v, fds); ++ if (unit_can_serialize(u)) { ++ if (rt) { ++ r = exec_runtime_deserialize_item(rt, u, l, v, fds); ++ if (r < 0) ++ return r; ++ if (r > 0) ++ continue; ++ } ++ ++ r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); + if (r < 0) + return r; +- if (r > 0) +- continue; + } +- +- r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); +- if (r < 0) +- return r; + } + } + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 75d56dd..be8fb2f 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -29,6 +29,7 @@ + #include "mkdir.h" + #include "strv.h" + #include "fileio.h" ++#include "path-util.h" + + static const char *arg_dest = "/tmp"; + static bool arg_enabled = true; +@@ -144,16 +145,19 @@ static int create_disk( + if (!uu) + return log_oom(); + +- if (is_device_path(uu)) { +- _cleanup_free_ char *dd; ++ if (!path_equal(uu, "/dev/null")) { + +- dd = unit_name_from_path(uu, ".device"); +- if (!dd) +- return log_oom(); ++ if (is_device_path(uu)) { ++ _cleanup_free_ char *dd; + +- fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); +- } else +- fprintf(f, "RequiresMountsFor=%s\n", password); ++ dd = unit_name_from_path(uu, ".device"); ++ if (!dd) ++ return log_oom(); ++ ++ fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); ++ } else ++ fprintf(f, "RequiresMountsFor=%s\n", password); ++ } + } + } + +@@ -287,7 +291,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { + } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) { + + free(arg_keyfile); +- arg_keyfile = strdup(key); ++ arg_keyfile = strdup(value); + if (!arg_keyfile) + return log_oom(); + +diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c +index 9b9074c..ad6c76c 100644 +--- a/src/cryptsetup/cryptsetup.c ++++ b/src/cryptsetup/cryptsetup.c +@@ -88,6 +88,13 @@ static int parse_one_option(const char *option) { + return 0; + } + ++ if (arg_key_size % 8) { ++ log_error("size= not a multiple of 8, ignoring."); ++ return 0; ++ } ++ ++ arg_key_size /= 8; ++ + } else if (startswith(option, "key-slot=")) { + + arg_type = CRYPT_LUKS1; +@@ -404,7 +411,7 @@ static int attach_luks_or_plain(struct crypt_device *cd, + /* for CRYPT_PLAIN limit reads + * from keyfile to key length, and + * ignore keyfile-size */ +- arg_keyfile_size = arg_key_size / 8; ++ arg_keyfile_size = arg_key_size; + + /* In contrast to what the name + * crypt_setup() might suggest this +@@ -567,7 +574,7 @@ int main(int argc, char *argv[]) { + else + until = 0; + +- arg_key_size = (arg_key_size > 0 ? arg_key_size : 256); ++ arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); + + if (key_file) { + struct stat st; diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c index 18f2aca..2a2b1ea 100644 --- a/src/fsck/fsck.c @@ -131,11 +876,598 @@ index 18f2aca..2a2b1ea 100644 cmdline[i++] = "-a"; cmdline[i++] = "-T"; cmdline[i++] = "-l"; +diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c +index 6a4aa2c..700e90a 100644 +--- a/src/getty-generator/getty-generator.c ++++ b/src/getty-generator/getty-generator.c +@@ -72,7 +72,7 @@ static int add_serial_getty(const char *tty) { + + log_debug("Automatically adding serial getty for /dev/%s.", tty); + +- n = unit_name_replace_instance("serial-getty@.service", tty); ++ n = unit_name_from_path_instance("serial-getty", tty, ".service"); + if (!n) + return log_oom(); + +@@ -86,7 +86,7 @@ static int add_container_getty(const char *tty) { + + log_debug("Automatically adding container getty for /dev/pts/%s.", tty); + +- n = unit_name_replace_instance("container-getty@.service", tty); ++ n = unit_name_from_path_instance("container-getty", tty, ".service"); + if (!n) + return log_oom(); + +diff --git a/src/journal/catalog.c b/src/journal/catalog.c +index 3ed0b7e..02dedc4 100644 +--- a/src/journal/catalog.c ++++ b/src/journal/catalog.c +@@ -103,7 +103,7 @@ static int finish_item( + const char *payload) { + + ssize_t offset; +- CatalogItem *i; ++ _cleanup_free_ CatalogItem *i = NULL; + int r; + + assert(h); +@@ -126,13 +126,14 @@ static int finish_item( + i->offset = htole64((uint64_t) offset); + + r = hashmap_put(h, i, i); +- if (r == EEXIST) { ++ if (r == -EEXIST) { + log_warning("Duplicate entry for " SD_ID128_FORMAT_STR ".%s, ignoring.", + SD_ID128_FORMAT_VAL(id), language ? language : "C"); +- free(i); + return 0; +- } ++ } else if (r < 0) ++ return r; + ++ i = NULL; + return 0; + } + +@@ -383,8 +384,8 @@ error: + int catalog_update(const char* database, const char* root, const char* const* dirs) { + _cleanup_strv_free_ char **files = NULL; + char **f; +- Hashmap *h; + struct strbuf *sb = NULL; ++ _cleanup_hashmap_free_free_ Hashmap *h = NULL; + _cleanup_free_ CatalogItem *items = NULL; + CatalogItem *i; + Iterator j; +@@ -406,13 +407,17 @@ int catalog_update(const char* database, const char* root, const char* const* di + } + + STRV_FOREACH(f, files) { +- log_debug("reading file '%s'", *f); +- catalog_import_file(h, sb, *f); ++ log_debug("Reading file '%s'", *f); ++ r = catalog_import_file(h, sb, *f); ++ if (r < 0) { ++ log_error("Failed to import file '%s': %s.", ++ *f, strerror(-r)); ++ goto finish; ++ } + } + + if (hashmap_size(h) <= 0) { + log_info("No items in catalog."); +- r = 0; + goto finish; + } else + log_debug("Found %u items in catalog.", hashmap_size(h)); +@@ -443,11 +448,7 @@ int catalog_update(const char* database, const char* root, const char* const* di + log_debug("%s: wrote %u items, with %zu bytes of strings, %ld total size.", + database, n, sb->len, r); + +- r = 0; +- + finish: +- if (h) +- hashmap_free_free(h); + if (sb) + strbuf_cleanup(sb); + +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index f2f1f35..fd9d2a8 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -274,12 +274,6 @@ static int journal_file_verify_header(JournalFile *f) { + !VALID64(le64toh(f->header->entry_array_offset))) + return -ENODATA; + +- if (le64toh(f->header->data_hash_table_offset) < le64toh(f->header->header_size) || +- le64toh(f->header->field_hash_table_offset) < le64toh(f->header->header_size) || +- le64toh(f->header->tail_object_offset) < le64toh(f->header->header_size) || +- le64toh(f->header->entry_array_offset) < le64toh(f->header->header_size)) +- return -ENODATA; +- + if (f->writable) { + uint8_t state; + sd_id128_t machine_id; +diff --git a/src/journal/journal-remote-parse.c b/src/journal/journal-remote-parse.c +index 142de0e..239ff38 100644 +--- a/src/journal/journal-remote-parse.c ++++ b/src/journal/journal-remote-parse.c +@@ -40,7 +40,7 @@ void source_free(RemoteSource *source) { + + static int get_line(RemoteSource *source, char **line, size_t *size) { + ssize_t n, remain; +- char *c; ++ char *c = NULL; + char *newbuf = NULL; + size_t newsize = 0; + +@@ -49,7 +49,9 @@ static int get_line(RemoteSource *source, char **line, size_t *size) { + assert(source->filled <= source->size); + assert(source->buf == NULL || source->size > 0); + +- c = memchr(source->buf, '\n', source->filled); ++ if (source->buf) ++ c = memchr(source->buf, '\n', source->filled); ++ + if (c != NULL) + goto docopy; + +diff --git a/src/journal/journald-kmsg.c b/src/journal/journald-kmsg.c +index 35948ea..48725e4 100644 +--- a/src/journal/journald-kmsg.c ++++ b/src/journal/journald-kmsg.c +@@ -152,7 +152,7 @@ static void dev_kmsg_record(Server *s, char *p, size_t l) { + /* Did we lose any? */ + if (serial > *s->kernel_seqnum) + server_driver_message(s, SD_MESSAGE_JOURNAL_MISSED, "Missed %"PRIu64" kernel messages", +- serial - *s->kernel_seqnum - 1); ++ serial - *s->kernel_seqnum); + + /* Make sure we never read this one again. Note that + * we always store the next message serial we expect +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 6da81e7..b6f8e7e 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -67,6 +67,7 @@ + #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE) + #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC) + #define DEFAULT_RATE_LIMIT_BURST 1000 ++#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH + + #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC) + +@@ -1473,6 +1474,8 @@ int server_init(Server *s) { + s->forward_to_syslog = true; + s->forward_to_wall = true; + ++ s->max_file_usec = DEFAULT_MAX_FILE_USEC; ++ + s->max_level_store = LOG_DEBUG; + s->max_level_syslog = LOG_DEBUG; + s->max_level_kmsg = LOG_NOTICE; +diff --git a/src/journal/microhttpd-util.c b/src/journal/microhttpd-util.c +index f693e0f..9a8d5c6 100644 +--- a/src/journal/microhttpd-util.c ++++ b/src/journal/microhttpd-util.c +@@ -129,7 +129,7 @@ void log_func_gnutls(int level, const char *message) { + if (0 <= level && level < (int) ELEMENTSOF(log_level_map)) + ourlevel = log_level_map[level]; + else +- level = LOG_DEBUG; ++ ourlevel = LOG_DEBUG; + + log_meta(ourlevel, NULL, 0, NULL, "gnutls: %s", message); + } +diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c +index b087a8b..967ab67 100644 +--- a/src/journal/test-catalog.c ++++ b/src/journal/test-catalog.c +@@ -157,7 +157,8 @@ int main(int argc, char *argv[]) { + + setlocale(LC_ALL, "de_DE.UTF-8"); + +- log_set_max_level(LOG_DEBUG); ++ log_parse_environment(); ++ log_open(); + + test_catalog_file_lang(); + +diff --git a/src/libudev/libudev-monitor.c b/src/libudev/libudev-monitor.c +index ba1b04d..85b1e40 100644 +--- a/src/libudev/libudev-monitor.c ++++ b/src/libudev/libudev-monitor.c +@@ -108,15 +108,13 @@ static struct udev_monitor *udev_monitor_new(struct udev *udev) + + /* we consider udev running when /dev is on devtmpfs */ + static bool udev_has_devtmpfs(struct udev *udev) { +- struct file_handle *h; ++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, }; + int mount_id; + _cleanup_fclose_ FILE *f = NULL; + char line[LINE_MAX], *e; + int r; + +- h = alloca(MAX_HANDLE_SZ); +- h->handle_bytes = MAX_HANDLE_SZ; +- r = name_to_handle_at(AT_FDCWD, "/dev", h, &mount_id, 0); ++ r = name_to_handle_at(AT_FDCWD, "/dev", &h.handle, &mount_id, 0); + if (r < 0) + return false; + +diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules +index e1cf897..57f619d 100644 +--- a/src/login/70-uaccess.rules ++++ b/src/login/70-uaccess.rules +@@ -12,7 +12,7 @@ ENV{MAJOR}=="", GOTO="uaccess_end" + SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess" + + # Digicams with proprietary protocol +-ENV{ID_GPHOTO2}=="*?", TAG+="uaccess" ++ENV{ID_GPHOTO2}=="?*", TAG+="uaccess" + + # SCSI and USB scanners + ENV{libsane_matched}=="yes", TAG+="uaccess" +@@ -49,13 +49,13 @@ SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess" + SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess" + + # smart-card readers +-ENV{ID_SMARTCARD_READER}=="*?", TAG+="uaccess" ++ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess" + + # (USB) authentication devices +-ENV{ID_SECURITY_TOKEN}=="*?", TAG+="uaccess" ++ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess" + + # PDA devices +-ENV{ID_PDA}=="*?", TAG+="uaccess" ++ENV{ID_PDA}=="?*", TAG+="uaccess" + + # Programmable remote control + ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" +@@ -64,10 +64,10 @@ ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" + SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess" + + # color measurement devices +-ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="uaccess" ++ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess" + + # DDC/CI device, usually high-end monitors such as the DreamColor +-ENV{DDC_DEVICE}=="*?", TAG+="uaccess" ++ENV{DDC_DEVICE}=="?*", TAG+="uaccess" + + # media player raw devices (for user-mode drivers, Android SDK, etc.) + SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" +diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c +index dc86f0f..4bbeb64 100644 +--- a/src/login/logind-acl.c ++++ b/src/login/logind-acl.c +@@ -279,7 +279,9 @@ int devnode_acl_all(struct udev *udev, + + log_debug("Fixing up ACLs at %s for seat %s", n, seat); + k = devnode_acl(n, flush, del, old_uid, add, new_uid); +- if (k < 0) ++ if (k == -ENOENT) ++ log_debug("Device %s disappeared while setting ACLs", n); ++ else if (k < 0) + r = k; + } + +diff --git a/src/login/logind-action.c b/src/login/logind-action.c +index 1928f43..d69c7ad 100644 +--- a/src/login/logind-action.c ++++ b/src/login/logind-action.c +@@ -79,14 +79,12 @@ int manager_handle_action( + return 0; + } + +- /* If we have more than one or no displays connected, +- * don't react to lid closing. The no display case we +- * treat like this under the assumption that there is +- * no modern drm driver available. */ ++ /* If we have more than one display connected, ++ * don't react to lid closing. */ + n = manager_count_displays(m); + if (n < 0) + log_warning("Display counting failed: %s", strerror(-n)); +- else if (n != 1) { ++ else if (n > 1) { + log_debug("Ignoring lid switch request, %i displays connected.", n); + return 0; + } +diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c +index 3f5efdc..1ee6ced 100644 +--- a/src/login/logind-seat.c ++++ b/src/login/logind-seat.c +@@ -275,8 +275,13 @@ int seat_switch_to(Seat *s, unsigned int num) { + if (!num) + return -EINVAL; + +- if (num >= s->position_count || !s->positions[num]) ++ if (num >= s->position_count || !s->positions[num]) { ++ /* allow switching to unused VTs to trigger auto-activate */ ++ if (seat_has_vts(s) && num < 64) ++ return chvt(num); ++ + return -EINVAL; ++ } + + return session_activate(s->positions[num]); + } +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 4ca6b5d..02a780d 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -213,7 +213,6 @@ int session_save(Session *s) { + + if (s->scope) + fprintf(f, "SCOPE=%s\n", s->scope); +- + if (s->scope_job) + fprintf(f, "SCOPE_JOB=%s\n", s->scope_job); + +@@ -229,17 +228,54 @@ int session_save(Session *s) { + if (s->display) + fprintf(f, "DISPLAY=%s\n", s->display); + +- if (s->remote_host) +- fprintf(f, "REMOTE_HOST=%s\n", s->remote_host); ++ if (s->remote_host) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(s->remote_host); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "REMOTE_HOST=%s\n", escaped); ++ } ++ ++ if (s->remote_user) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(s->remote_user); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "REMOTE_USER=%s\n", escaped); ++ } ++ ++ if (s->service) { ++ _cleanup_free_ char *escaped; + +- if (s->remote_user) +- fprintf(f, "REMOTE_USER=%s\n", s->remote_user); ++ escaped = cescape(s->service); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "SERVICE=%s\n", escaped); ++ } + +- if (s->service) +- fprintf(f, "SERVICE=%s\n", s->service); ++ if (s->desktop) { ++ _cleanup_free_ char *escaped; + +- if (s->desktop) +- fprintf(f, "DESKTOP=%s\n", s->desktop); ++ ++ escaped = cescape(s->desktop); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "DESKTOP=%s\n", escaped); ++ } + + if (s->seat && seat_has_vts(s->seat)) + fprintf(f, "VTNR=%u\n", s->vtnr); +@@ -972,6 +1008,10 @@ void session_mute_vt(Session *s) { + if (vt < 0) + return; + ++ r = fchown(vt, s->user->uid, -1); ++ if (r < 0) ++ goto error; ++ + r = ioctl(vt, KDSKBMODE, K_OFF); + if (r < 0) + goto error; +@@ -1026,6 +1066,8 @@ void session_restore_vt(Session *s) { + mode.mode = VT_AUTO; + ioctl(vt, VT_SETMODE, &mode); + ++ fchown(vt, 0, -1); ++ + s->vtfd = safe_close(s->vtfd); + } + +diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in +index b96d32d..b8e90f1 100644 +--- a/src/login/org.freedesktop.login1.policy.in ++++ b/src/login/org.freedesktop.login1.policy.in +@@ -254,7 +254,7 @@ + + auth_admin_keep + auth_admin_keep +- auth_admin_keep ++ yes + + org.freedesktop.login1.hibernate + +diff --git a/src/login/pam-module.c b/src/login/pam-module.c +index 9873dd5..1259457 100644 +--- a/src/login/pam-module.c ++++ b/src/login/pam-module.c +@@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( + } + + if (session_fd >= 0) { +- session_fd = dup(session_fd); ++ session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3); + if (session_fd < 0) { + pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m"); + return PAM_SESSION_ERR; +diff --git a/src/machine/machine.c b/src/machine/machine.c +index 9a5cc9a..de701ad 100644 +--- a/src/machine/machine.c ++++ b/src/machine/machine.c +@@ -123,17 +123,42 @@ int machine_save(Machine *m) { + "NAME=%s\n", + m->name); + +- if (m->unit) +- fprintf(f, "SCOPE=%s\n", m->unit); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */ ++ if (m->unit) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(m->unit); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ fprintf(f, "SCOPE=%s\n", escaped); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */ ++ } + + if (m->scope_job) + fprintf(f, "SCOPE_JOB=%s\n", m->scope_job); + +- if (m->service) +- fprintf(f, "SERVICE=%s\n", m->service); ++ if (m->service) { ++ _cleanup_free_ char *escaped; + +- if (m->root_directory) +- fprintf(f, "ROOT=%s\n", m->root_directory); ++ escaped = cescape(m->service); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ fprintf(f, "SERVICE=%s\n", escaped); ++ } ++ ++ if (m->root_directory) { ++ _cleanup_free_ char *escaped; ++ ++ escaped = cescape(m->root_directory); ++ if (!escaped) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ fprintf(f, "ROOT=%s\n", escaped); ++ } + + if (!sd_id128_equal(m->id, SD_ID128_NULL)) + fprintf(f, "ID=" SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->id)); +@@ -330,16 +355,18 @@ static int machine_stop_scope(Machine *m) { + if (!m->unit) + return 0; + +- r = manager_stop_unit(m->manager, m->unit, &error, &job); +- if (r < 0) { +- log_error("Failed to stop machine scope: %s", bus_error_message(&error, r)); +- return r; ++ if (!m->registered) { ++ r = manager_stop_unit(m->manager, m->unit, &error, &job); ++ if (r < 0) { ++ log_error("Failed to stop machine scope: %s", bus_error_message(&error, r)); ++ return r; ++ } + } + + free(m->scope_job); + m->scope_job = job; + +- return r; ++ return 0; + } + + int machine_stop(Machine *m) { +@@ -415,6 +442,8 @@ int machine_kill(Machine *m, KillWho who, int signo) { + + if (kill(m->leader, signo) < 0) + return -errno; ++ ++ return 0; + } + + /* Otherwise make PID 1 do it for us, for the entire cgroup */ +diff --git a/src/machine/machine.h b/src/machine/machine.h +index f4aefc5..de3536d 100644 +--- a/src/machine/machine.h ++++ b/src/machine/machine.h +@@ -72,6 +72,7 @@ struct Machine { + + bool in_gc_queue:1; + bool started:1; ++ bool registered:1; + + sd_bus_message *create_message; + +diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c +index 9473105..154a335 100644 +--- a/src/machine/machined-dbus.c ++++ b/src/machine/machined-dbus.c +@@ -241,6 +241,7 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m + m->leader = leader; + m->class = c; + m->id = id; ++ m->registered = true; + + if (!isempty(service)) { + m->service = strdup(service); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 9a9ed9d..9e46e18 100644 +index 9a9ed9d..4efa5b7 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) { +@@ -769,6 +769,15 @@ static int setup_resolv_conf(const char *dest) { + return 0; + } + ++static char* id128_format_as_uuid(sd_id128_t id, char s[37]) { ++ ++ snprintf(s, 37, ++ "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", ++ SD_ID128_FORMAT_VAL(id)); ++ ++ return s; ++} ++ + static int setup_boot_id(const char *dest) { + _cleanup_free_ char *from = NULL, *to = NULL; + sd_id128_t rnd = {}; +@@ -794,10 +803,7 @@ static int setup_boot_id(const char *dest) { + return r; + } + +- snprintf(as_uuid, sizeof(as_uuid), +- "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", +- SD_ID128_FORMAT_VAL(rnd)); +- char_array_0(as_uuid); ++ id128_format_as_uuid(rnd, as_uuid); + + r = write_string_file(from, as_uuid); + if (r < 0) { +@@ -2378,7 +2384,7 @@ static int change_uid_gid(char **_home) { + _cleanup_fclose_ FILE *f = NULL; + _cleanup_close_ int fd = -1; + unsigned n_uids = 0; +- size_t sz, l; ++ size_t sz = 0, l; + uid_t uid; + gid_t gid; + pid_t pid; +@@ -2667,6 +2673,7 @@ int main(int argc, char *argv[]) { goto finish; } } else { @@ -143,7 +1475,7 @@ index 9a9ed9d..9e46e18 100644 const char *p; p = strappenda(arg_directory, -@@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) { +@@ -2676,6 +2683,7 @@ int main(int argc, char *argv[]) { goto finish; } @@ -151,6 +1483,28 @@ index 9a9ed9d..9e46e18 100644 } } else { char template[] = "/tmp/nspawn-root-XXXXXX"; +@@ -2966,7 +2974,9 @@ int main(int argc, char *argv[]) { + } + + if (!sd_id128_equal(arg_uuid, SD_ID128_NULL)) { +- if (asprintf((char**)(envp + n_env++), "container_uuid=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(arg_uuid)) < 0) { ++ char as_uuid[37]; ++ ++ if (asprintf((char**)(envp + n_env++), "container_uuid=%s", id128_format_as_uuid(arg_uuid, as_uuid)) < 0) { + log_oom(); + goto child_fail; + } +@@ -3136,6 +3146,10 @@ int main(int argc, char *argv[]) { + + if (!arg_quiet) + log_info("Container %s is being rebooted.", arg_machine); ++ if (getenv("EXIT_ON_REBOOT") != 0) { ++ r = 10; ++ break; ++ } + continue; + } else if (status.si_code == CLD_KILLED || + status.si_code == CLD_DUMPED) { diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c index d61ecdf..228a3a4 100644 --- a/src/nss-myhostname/netlink.c @@ -166,6 +1520,88 @@ index d61ecdf..228a3a4 100644 if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED) continue; +diff --git a/src/python-systemd/_reader.c b/src/python-systemd/_reader.c +index 059b904..9a19a10 100644 +--- a/src/python-systemd/_reader.c ++++ b/src/python-systemd/_reader.c +@@ -902,7 +902,6 @@ static PyObject* get_catalog(PyObject *self, PyObject *args) { + sd_id128_t id; + _cleanup_free_ char *msg = NULL; + +- assert(!self); + assert(args); + + if (!PyArg_ParseTuple(args, "z:get_catalog", &id_)) +diff --git a/src/python-systemd/journal.py b/src/python-systemd/journal.py +index 9c7e004..dd1f229 100644 +--- a/src/python-systemd/journal.py ++++ b/src/python-systemd/journal.py +@@ -293,7 +293,7 @@ class Reader(_Reader): + monotonic = monotonic.totalseconds() + monotonic = int(monotonic * 1000000) + if isinstance(bootid, _uuid.UUID): +- bootid = bootid.get_hex() ++ bootid = bootid.hex + return super(Reader, self).seek_monotonic(monotonic, bootid) + + def log_level(self, level): +@@ -314,7 +314,7 @@ class Reader(_Reader): + Equivalent to add_match(MESSAGE_ID=`messageid`). + """ + if isinstance(messageid, _uuid.UUID): +- messageid = messageid.get_hex() ++ messageid = messageid.hex + self.add_match(MESSAGE_ID=messageid) + + def this_boot(self, bootid=None): +@@ -346,7 +346,7 @@ class Reader(_Reader): + + def get_catalog(mid): + if isinstance(mid, _uuid.UUID): +- mid = mid.get_hex() ++ mid = mid.hex + return _get_catalog(mid) + + def _make_line(field, value): +diff --git a/src/readahead/readahead-common.c b/src/readahead/readahead-common.c +index 5ffa88b..49679fc 100644 +--- a/src/readahead/readahead-common.c ++++ b/src/readahead/readahead-common.c +@@ -75,7 +75,7 @@ int fs_on_ssd(const char *p) { + if (major(st.st_dev) == 0) { + _cleanup_fclose_ FILE *f = NULL; + int mount_id; +- struct file_handle *h; ++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, }; + + /* Might be btrfs, which exposes "ssd" as mount flag if it is on ssd. + * +@@ -83,9 +83,7 @@ int fs_on_ssd(const char *p) { + * and then lookup the mount ID in mountinfo to find + * the mount options. */ + +- h = alloca(MAX_HANDLE_SZ); +- h->handle_bytes = MAX_HANDLE_SZ; +- r = name_to_handle_at(AT_FDCWD, p, h, &mount_id, AT_SYMLINK_FOLLOW); ++ r = name_to_handle_at(AT_FDCWD, p, &h.handle, &mount_id, AT_SYMLINK_FOLLOW); + if (r < 0) + return false; + +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index d27b1b7..905a2e1 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -336,8 +336,8 @@ int config_parse(const char *unit, + if (!f) { + f = ours = fopen(filename, "re"); + if (!f) { +- log_error("Failed to open configuration file '%s': %m", filename); +- return -errno; ++ log_full(errno == ENOENT ? LOG_DEBUG : LOG_ERR, "Failed to open configuration file '%s': %m", filename); ++ return errno == ENOENT ? 0 : -errno; + } + } + diff --git a/src/shared/generator.c b/src/shared/generator.c index 6110303..e679cb1 100644 --- a/src/shared/generator.c @@ -179,10 +1615,359 @@ index 6110303..e679cb1 100644 r = access(checker, X_OK); if (r < 0) { log_warning("Checking was requested for %s, but %s cannot be used: %m", what, checker); +diff --git a/src/shared/install.c b/src/shared/install.c +index 7409046..4517c9c 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -560,7 +560,7 @@ int unit_file_mask( + unsigned *n_changes) { + + char **i; +- _cleanup_free_ char *prefix; ++ _cleanup_free_ char *prefix = NULL; + int r; + + assert(scope >= 0); +diff --git a/src/shared/log.c b/src/shared/log.c +index a4b3b68..890a9fa 100644 +--- a/src/shared/log.c ++++ b/src/shared/log.c +@@ -878,6 +878,9 @@ void log_parse_environment(void) { + if (l == 5 && startswith(w, "debug")) { + log_set_max_level(LOG_DEBUG); + break; ++ } else if (l == 5 && startswith(w, "quiet")) { ++ log_set_max_level(LOG_WARNING); ++ break; + } + } + } +diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c +index 9d14933..b0b66f6 100644 +--- a/src/shared/logs-show.c ++++ b/src/shared/logs-show.c +@@ -547,7 +547,9 @@ static int output_export( + startswith(data, "_BOOT_ID=")) + continue; + +- if (!utf8_is_printable(data, length)) { ++ if (utf8_is_printable_newline(data, length, false)) ++ fwrite(data, length, 1, f); ++ else { + const char *c; + uint64_t le64; + +@@ -562,8 +564,7 @@ static int output_export( + le64 = htole64(length - (c - (const char*) data) - 1); + fwrite(&le64, sizeof(le64), 1, f); + fwrite(c + 1, length - (c - (const char*) data) - 1, 1, f); +- } else +- fwrite(data, length, 1, f); ++ } + + fputc('\n', f); + } +diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c +index 6c167b4..d0e71f2 100644 +--- a/src/shared/unit-name.c ++++ b/src/shared/unit-name.c +@@ -332,7 +332,7 @@ char *unit_name_path_unescape(const char *f) { + } + + bool unit_name_is_template(const char *n) { +- const char *p; ++ const char *p, *e; + + assert(n); + +@@ -340,11 +340,15 @@ bool unit_name_is_template(const char *n) { + if (!p) + return false; + +- return p[1] == '.'; ++ e = strrchr(p+1, '.'); ++ if (!e) ++ return false; ++ ++ return e == p + 1; + } + + bool unit_name_is_instance(const char *n) { +- const char *p; ++ const char *p, *e; + + assert(n); + +@@ -352,7 +356,11 @@ bool unit_name_is_instance(const char *n) { + if (!p) + return false; + +- return p[1] != '.'; ++ e = strrchr(p+1, '.'); ++ if (!e) ++ return false; ++ ++ return e > p + 1; + } + + char *unit_name_replace_instance(const char *f, const char *i) { +diff --git a/src/shared/utf8.c b/src/shared/utf8.c +index 0b524d8..c559c13 100644 +--- a/src/shared/utf8.c ++++ b/src/shared/utf8.c +@@ -136,7 +136,7 @@ int utf8_encoded_to_unichar(const char *str) { + return unichar; + } + +-bool utf8_is_printable(const char* str, size_t length) { ++bool utf8_is_printable_newline(const char* str, size_t length, bool newline) { + const uint8_t *p; + + assert(str); +@@ -145,7 +145,8 @@ bool utf8_is_printable(const char* str, size_t length) { + int encoded_len = utf8_encoded_valid_unichar((const char *)p); + int val = utf8_encoded_to_unichar((const char*)p); + +- if (encoded_len < 0 || val < 0 || is_unicode_control(val)) ++ if (encoded_len < 0 || val < 0 || is_unicode_control(val) || ++ (!newline && val == '\n')) + return false; + + length -= encoded_len; +diff --git a/src/shared/utf8.h b/src/shared/utf8.h +index c0eb73a..c087995 100644 +--- a/src/shared/utf8.h ++++ b/src/shared/utf8.h +@@ -31,7 +31,10 @@ const char *utf8_is_valid(const char *s) _pure_; + char *ascii_is_valid(const char *s) _pure_; + char *utf8_escape_invalid(const char *s); + +-bool utf8_is_printable(const char* str, size_t length) _pure_; ++bool utf8_is_printable_newline(const char* str, size_t length, bool newline) _pure_; ++_pure_ static inline bool utf8_is_printable(const char* str, size_t length) { ++ return utf8_is_printable_newline(str, length, true); ++} + + char *utf16_to_utf8(const void *s, size_t length); + +diff --git a/src/shared/util.c b/src/shared/util.c +index ffe6624..2a2b2b2 100644 +--- a/src/shared/util.c ++++ b/src/shared/util.c +@@ -166,19 +166,19 @@ int close_nointr(int fd) { + + assert(fd >= 0); + r = close(fd); +- +- /* Just ignore EINTR; a retry loop is the wrong +- * thing to do on Linux. +- * +- * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html +- * https://bugzilla.gnome.org/show_bug.cgi?id=682819 +- * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR +- * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain +- */ +- if (_unlikely_(r < 0 && errno == EINTR)) +- return 0; +- else if (r >= 0) ++ if (r >= 0) + return r; ++ else if (errno == EINTR) ++ /* ++ * Just ignore EINTR; a retry loop is the wrong ++ * thing to do on Linux. ++ * ++ * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html ++ * https://bugzilla.gnome.org/show_bug.cgi?id=682819 ++ * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR ++ * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain ++ */ ++ return 0; + else + return -errno; + } +@@ -195,7 +195,13 @@ int safe_close(int fd) { + + if (fd >= 0) { + PROTECT_ERRNO; +- assert_se(close_nointr(fd) == 0); ++ ++ /* The kernel might return pretty much any error code ++ * via close(), but the fd will be closed anyway. The ++ * only condition we want to check for here is whether ++ * the fd was invalid at all... */ ++ ++ assert_se(close_nointr(fd) != -EBADF); + } + + return -1; +@@ -1365,7 +1371,7 @@ bool ignore_file(const char *filename) { + assert(filename); + + if (endswith(filename, "~")) +- return false; ++ return true; + + return ignore_file_allow_backup(filename); + } +@@ -1495,6 +1501,7 @@ bool fstype_is_network(const char *fstype) { + static const char table[] = + "cifs\0" + "smbfs\0" ++ "sshfs\0" + "ncpfs\0" + "ncp\0" + "nfs\0" +@@ -1581,8 +1588,9 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { + if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) + return -ETIMEDOUT; + ++ errno = 0; + if (!fgets(line, sizeof(line), f)) +- return -EIO; ++ return errno ? -errno : -EIO; + + truncate_nl(line); + +@@ -5327,6 +5335,9 @@ bool string_is_safe(const char *p) { + if (*t > 0 && *t < ' ') + return false; + ++ if (*t == 127) ++ return false; ++ + if (strchr("\\\"\'", *t)) + return false; + } +@@ -5343,10 +5354,14 @@ bool string_has_cc(const char *p) { + + assert(p); + +- for (t = p; *t; t++) ++ for (t = p; *t; t++) { + if (*t > 0 && *t < ' ' && *t != '\t') + return true; + ++ if (*t == 127) ++ return true; ++ } ++ + return false; + } + +@@ -6391,3 +6406,19 @@ void hexdump(FILE *f, const void *p, size_t s) { + s -= 16; + } + } ++ ++int update_reboot_param_file(const char *param) ++{ ++ int r = 0; ++ ++ if (param) { ++ ++ r = write_string_file(REBOOT_PARAM_FILE, param); ++ if (r < 0) ++ log_error("Failed to write reboot param to " ++ REBOOT_PARAM_FILE": %s", strerror(-r)); ++ } else ++ unlink(REBOOT_PARAM_FILE); ++ ++ return r; ++} +diff --git a/src/shared/util.h b/src/shared/util.h +index 90464c9..122ac91 100644 +--- a/src/shared/util.h ++++ b/src/shared/util.h +@@ -22,6 +22,7 @@ + ***/ + + #include ++#include + #include + #include + #include +@@ -922,3 +923,10 @@ uint64_t physical_memory(void); + char* mount_test_option(const char *haystack, const char *needle); + + void hexdump(FILE *f, const void *p, size_t s); ++ ++union file_handle_union { ++ struct file_handle handle; ++ char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ]; ++}; ++ ++int update_reboot_param_file(const char *param); +diff --git a/src/shared/virt.c b/src/shared/virt.c +index ec2ddcf..f03e790 100644 +--- a/src/shared/virt.c ++++ b/src/shared/virt.c +@@ -149,7 +149,7 @@ static int detect_vm_dmi(const char **_id) { + + /* Returns a short identifier for the various VM implementations */ + int detect_vm(const char **id) { +- _cleanup_free_ char *hvtype = NULL, *cpuinfo_contents = NULL; ++ _cleanup_free_ char *domcap = NULL, *cpuinfo_contents = NULL; + static thread_local int cached_found = -1; + static thread_local const char *cached_id = NULL; + const char *_id = NULL; +@@ -163,17 +163,37 @@ int detect_vm(const char **id) { + return cached_found; + } + +- /* Try high-level hypervisor sysfs file first: ++ /* Try xen capabilities file first, if not found try high-level hypervisor sysfs file: + * +- * https://bugs.freedesktop.org/show_bug.cgi?id=61491 */ +- r = read_one_line_file("/sys/hypervisor/type", &hvtype); ++ * https://bugs.freedesktop.org/show_bug.cgi?id=77271 */ ++ r = read_one_line_file("/proc/xen/capabilities", &domcap); + if (r >= 0) { +- if (streq(hvtype, "xen")) { ++ char *cap, *i = domcap; ++ ++ while ((cap = strsep(&i, ","))) ++ if (streq(cap, "control_d")) ++ break; ++ ++ if (!i) { + _id = "xen"; + r = 1; +- goto finish; + } +- } else if (r != -ENOENT) ++ ++ goto finish; ++ ++ } else if (r == -ENOENT) { ++ _cleanup_free_ char *hvtype = NULL; ++ ++ r = read_one_line_file("/sys/hypervisor/type", &hvtype); ++ if (r >= 0) { ++ if (streq(hvtype, "xen")) { ++ _id = "xen"; ++ r = 1; ++ goto finish; ++ } ++ } else if (r != -ENOENT) ++ return r; ++ } else + return r; + + /* this will set _id to "other" and return 0 for unknown hypervisors */ diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 0887bc3..6b502ce 100644 +index 0887bc3..d02ee2b 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c +@@ -461,7 +461,7 @@ static int output_units_list(const UnitInfo *unit_infos, unsigned c) { + } + + if (circle_len > 0) +- printf("%s%s%s", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle); ++ printf("%s%s%s ", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle); + + printf("%s%-*s%s %s%-*s%s %s%-*s %-*s%s %-*s", + on_active, id_len, id, off_active, @@ -2561,7 +2561,7 @@ static int start_unit_one( log_debug("Adding %s to the set", p); @@ -192,6 +1977,523 @@ index 0887bc3..6b502ce 100644 return log_oom(); } +@@ -4240,7 +4240,7 @@ static int show_all( + _cleanup_free_ UnitInfo *unit_infos = NULL; + const UnitInfo *u; + unsigned c; +- int r; ++ int r, ret = 0; + + r = get_unit_list(bus, NULL, NULL, &unit_infos, 0, &reply); + if (r < 0) +@@ -4262,9 +4262,11 @@ static int show_all( + r = show_one(verb, bus, p, show_properties, new_line, ellipsized); + if (r < 0) + return r; ++ else if (r > 0 && ret == 0) ++ ret = r; + } + +- return 0; ++ return ret; + } + + static int show_system_status(sd_bus *bus) { +@@ -4386,7 +4388,12 @@ static int show(sd_bus *bus, char **args) { + } + } + +- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized); ++ r = show_one(args[0], bus, unit, show_properties, ++ &new_line, &ellipsized); ++ if (r < 0) ++ return r; ++ else if (r > 0 && ret == 0) ++ ret = r; + } + + if (!strv_isempty(patterns)) { +@@ -4403,7 +4410,12 @@ static int show(sd_bus *bus, char **args) { + if (!unit) + return log_oom(); + +- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized); ++ r = show_one(args[0], bus, unit, show_properties, ++ &new_line, &ellipsized); ++ if (r < 0) ++ return r; ++ else if (r > 0 && ret == 0) ++ ret = r; + } + } + } +@@ -5403,15 +5415,15 @@ static int systemctl_help(void) { + " otherwise restart if active\n" + " isolate NAME Start one unit and stop all others\n" + " kill NAME... Send signal to processes of a unit\n" +- " is-active NAME... Check whether units are active\n" +- " is-failed NAME... Check whether units are failed\n" +- " status [NAME...|PID...] Show runtime status of one or more units\n" +- " show [NAME...|JOB...] Show properties of one or more\n" ++ " is-active PATTERN... Check whether units are active\n" ++ " is-failed PATTERN... Check whether units are failed\n" ++ " status [PATTERN...|PID...] Show runtime status of one or more units\n" ++ " show [PATTERN...|JOB...] Show properties of one or more\n" + " units/jobs or the manager\n" +- " cat NAME... Show files and drop-ins of one or more units\n" ++ " cat PATTERN... Show files and drop-ins of one or more units\n" + " set-property NAME ASSIGNMENT... Sets one or more properties of a unit\n" +- " help NAME...|PID... Show manual for one or more units\n" +- " reset-failed [NAME...] Reset failed state for all, one, or more\n" ++ " help PATTERN...|PID... Show manual for one or more units\n" ++ " reset-failed [PATTERN...] Reset failed state for all, one, or more\n" + " units\n" + " list-dependencies [NAME] Recursively show units which are required\n" + " or wanted by this unit or by which this\n" +@@ -5973,13 +5985,10 @@ static int halt_parse_argv(int argc, char *argv[]) { + } + } + +- if (arg_action == ACTION_REBOOT && argc == optind + 1) { +- r = write_string_file(REBOOT_PARAM_FILE, argv[optind]); +- if (r < 0) { +- log_error("Failed to write reboot param to " +- REBOOT_PARAM_FILE": %s", strerror(-r)); ++ if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) { ++ r = update_reboot_param_file(argc == optind + 1 ? argv[optind] : NULL); ++ if (r < 0) + return r; +- } + } else if (optind < argc) { + log_error("Too many arguments."); + return -EINVAL; +diff --git a/src/test/test-udev.c b/src/test/test-udev.c +index b064744..b057cc8 100644 +--- a/src/test/test-udev.c ++++ b/src/test/test-udev.c +@@ -155,9 +155,8 @@ int main(int argc, char *argv[]) { + } + } + +- err = udev_event_execute_rules(event, rules, &sigmask_orig); +- if (err == 0) +- udev_event_execute_run(event, NULL); ++ udev_event_execute_rules(event, rules, &sigmask_orig); ++ udev_event_execute_run(event, NULL); + out: + if (event != NULL && event->fd_signal >= 0) + close(event->fd_signal); +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 33e7cbc..04b472d 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -217,19 +217,16 @@ static bool unix_socket_alive(const char *fn) { + } + + static int dir_is_mount_point(DIR *d, const char *subdir) { +- struct file_handle *h; ++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ }; + int mount_id_parent, mount_id; + int r_p, r; + +- h = alloca(MAX_HANDLE_SZ); +- +- h->handle_bytes = MAX_HANDLE_SZ; +- r_p = name_to_handle_at(dirfd(d), ".", h, &mount_id_parent, 0); ++ r_p = name_to_handle_at(dirfd(d), ".", &h.handle, &mount_id_parent, 0); + if (r_p < 0) + r_p = -errno; + +- h->handle_bytes = MAX_HANDLE_SZ; +- r = name_to_handle_at(dirfd(d), subdir, h, &mount_id, 0); ++ h.handle.handle_bytes = MAX_HANDLE_SZ; ++ r = name_to_handle_at(dirfd(d), subdir, &h.handle, &mount_id, 0); + if (r < 0) + r = -errno; + +diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c +index 1d067af..3203474 100644 +--- a/src/tty-ask-password-agent/tty-ask-password-agent.c ++++ b/src/tty-ask-password-agent/tty-ask-password-agent.c +@@ -432,7 +432,7 @@ static int wall_tty_block(void) { + + r = get_ctty_devnr(0, &devnr); + if (r < 0) +- return -r; ++ return r; + + if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0) + return -ENOMEM; +diff --git a/src/udev/accelerometer/accelerometer.c b/src/udev/accelerometer/accelerometer.c +index 925d38d..32adf27 100644 +--- a/src/udev/accelerometer/accelerometer.c ++++ b/src/udev/accelerometer/accelerometer.c +@@ -180,7 +180,7 @@ get_prev_orientation(struct udev_device *dev) + return string_to_orientation(value); + } + +-#define SET_AXIS(axis, code_) if (ev[i].code == code_) { if (got_##axis == 0) { axis = ev[i].value; got_##axis = true; } } ++#define READ_AXIS(axis, var) { memzero(&abs_info, sizeof(abs_info)); r = ioctl(fd, EVIOCGABS(axis), &abs_info); if (r < 0) return; var = abs_info.value; } + + /* accelerometers */ + static void test_orientation(struct udev *udev, +@@ -189,10 +189,9 @@ static void test_orientation(struct udev *udev, + { + OrientationUp old, new; + _cleanup_close_ int fd = -1; +- struct input_event ev[64]; +- bool got_syn = false; +- bool got_x = false, got_y = false, got_z = false; ++ struct input_absinfo abs_info; + int x = 0, y = 0, z = 0; ++ int r; + char text[64]; + + old = get_prev_orientation(dev); +@@ -201,30 +200,10 @@ static void test_orientation(struct udev *udev, + if (fd < 0) + return; + +- while (1) { +- int i, r; +- +- r = read(fd, ev, sizeof(struct input_event) * 64); +- +- if (r < (int) sizeof(struct input_event)) +- return; +- +- for (i = 0; i < r / (int) sizeof(struct input_event); i++) { +- if (got_syn) { +- if (ev[i].type == EV_ABS) { +- SET_AXIS(x, ABS_X); +- SET_AXIS(y, ABS_Y); +- SET_AXIS(z, ABS_Z); +- } +- } +- if (ev[i].type == EV_SYN && ev[i].code == SYN_REPORT) +- got_syn = true; +- if (got_x && got_y && got_z) +- goto read_dev; +- } +- } ++ READ_AXIS(ABS_X, x); ++ READ_AXIS(ABS_Y, y); ++ READ_AXIS(ABS_Z, z); + +-read_dev: + new = orientation_calc(old, x, y, z); + snprintf(text, sizeof(text), + "ID_INPUT_ACCELEROMETER_ORIENTATION=%s", orientation_to_string(new)); +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index 5bb6b02..b31ad80 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -184,7 +184,7 @@ failure: + } + + static bool enable_name_policy(void) { +- _cleanup_free_ char *line; ++ _cleanup_free_ char *line = NULL; + char *w, *state; + int r; + size_t l; +@@ -391,7 +391,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev + case MACPOLICY_PERSISTENT: + if (!mac_is_permanent(device)) { + r = get_mac(device, false, &generated_mac); +- if (r < 0) ++ if (r == -ENOENT) ++ break; ++ else if (r < 0) + return r; + mac = &generated_mac; + } +@@ -399,7 +401,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev + case MACPOLICY_RANDOM: + if (!mac_is_random(device)) { + r = get_mac(device, true, &generated_mac); +- if (r < 0) ++ if (r == -ENOENT) ++ break; ++ else if (r < 0) + return r; + mac = &generated_mac; + } +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index 5998be2..5213a4a 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -771,18 +771,17 @@ static int rename_netif(struct udev_event *event) + log_error("error changing net interface name %s to %s: %s", + oldname, name, strerror(-r)); + else +- print_kmsg("renamed network interface %s to %s", oldname, name); ++ print_kmsg("renamed network interface %s to %s\n", oldname, name); + + return r; + } + +-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask) ++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask) + { + struct udev_device *dev = event->dev; +- int err = 0; + + if (udev_device_get_subsystem(dev) == NULL) +- return -1; ++ return; + + if (streq(udev_device_get_action(dev), "remove")) { + udev_device_read_db(dev, NULL); +@@ -816,9 +815,10 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, + event->name != NULL && !streq(event->name, udev_device_get_sysname(dev))) { + char syspath[UTIL_PATH_SIZE]; + char *pos; ++ int r; + +- err = rename_netif(event); +- if (err == 0) { ++ r = rename_netif(event); ++ if (r >= 0) { + log_debug("renamed netif to '%s'", event->name); + + /* remember old name */ +@@ -881,7 +881,6 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, + udev_device_unref(event->dev_db); + event->dev_db = NULL; + } +- return err; + } + + void udev_event_execute_run(struct udev_event *event, const sigset_t *sigmask) +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index 2630264..17f47f2 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -2555,10 +2555,15 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules) + struct stat stats; + + /* we assure, that the permissions tokens are sorted before the static token */ ++ + if (mode == 0 && uid == 0 && gid == 0 && tags == NULL) + goto next; + + strscpyl(device_node, sizeof(device_node), "/dev/", rules_str(rules, cur->key.value_off), NULL); ++ if (stat(device_node, &stats) != 0) ++ break; ++ if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode)) ++ break; + + /* export the tags to a directory as symlinks, allowing otherwise dead nodes to be tagged */ + if (tags) { +@@ -2588,11 +2593,6 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules) + if (mode == 0 && uid == 0 && gid == 0) + break; + +- if (stat(device_node, &stats) != 0) +- break; +- if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode)) +- break; +- + if (mode == 0) { + if (gid > 0) + mode = 0660; +diff --git a/src/udev/udev.h b/src/udev/udev.h +index 936adfb..62538bc 100644 +--- a/src/udev/udev.h ++++ b/src/udev/udev.h +@@ -84,7 +84,7 @@ int udev_event_apply_subsys_kernel(struct udev_event *event, const char *string, + int udev_event_spawn(struct udev_event *event, + const char *cmd, char **envp, const sigset_t *sigmask, + char *result, size_t ressize); +-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset); ++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset); + void udev_event_execute_run(struct udev_event *event, const sigset_t *sigset); + int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]); + +diff --git a/src/udev/udevadm-test.c b/src/udev/udevadm-test.c +index 6cd311b..6a2f548 100644 +--- a/src/udev/udevadm-test.c ++++ b/src/udev/udevadm-test.c +@@ -43,7 +43,6 @@ static int adm_test(struct udev *udev, int argc, char *argv[]) + _cleanup_udev_device_unref_ struct udev_device *dev = NULL; + _cleanup_udev_event_unref_ struct udev_event *event = NULL; + sigset_t mask, sigmask_orig; +- int err; + int rc = 0, c; + + static const struct option options[] = { +@@ -139,18 +138,16 @@ static int adm_test(struct udev *udev, int argc, char *argv[]) + goto out; + } + +- err = udev_event_execute_rules(event, rules, &sigmask_orig); ++ udev_event_execute_rules(event, rules, &sigmask_orig); + + udev_list_entry_foreach(entry, udev_device_get_properties_list_entry(dev)) + printf("%s=%s\n", udev_list_entry_get_name(entry), udev_list_entry_get_value(entry)); + +- if (err == 0) { +- udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) { +- char program[UTIL_PATH_SIZE]; ++ udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) { ++ char program[UTIL_PATH_SIZE]; + +- udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program)); +- printf("run: '%s'\n", program); +- } ++ udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program)); ++ printf("run: '%s'\n", program); + } + out: + if (event != NULL && event->fd_signal >= 0) +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index f21c227..93afca1 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -288,10 +288,9 @@ static void worker_new(struct event *event) + udev_event->exec_delay = exec_delay; + + /* apply rules, create node, symlinks */ +- err = udev_event_execute_rules(udev_event, rules, &sigmask_orig); ++ udev_event_execute_rules(udev_event, rules, &sigmask_orig); + +- if (err == 0) +- udev_event_execute_run(udev_event, &sigmask_orig); ++ udev_event_execute_run(udev_event, &sigmask_orig); + + /* apply/restore inotify watch */ + if (err == 0 && udev_event->inotify_watch) { +diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c +index 0f2b706..645b1e6 100644 +--- a/src/vconsole/vconsole-setup.c ++++ b/src/vconsole/vconsole-setup.c +@@ -180,6 +180,10 @@ static int font_load(const char *vc, const char *font, const char *map, const ch + */ + static void font_copy_to_all_vcs(int fd) { + struct vt_stat vcs = {}; ++ unsigned char map8[E_TABSZ]; ++ unsigned short map16[E_TABSZ]; ++ struct unimapdesc unimapd; ++ struct unipair unipairs[USHRT_MAX]; + int i, r; + + /* get active, and 16 bit mask of used VT numbers */ +@@ -209,17 +213,35 @@ static void font_copy_to_all_vcs(int fd) { + cfo.op = KD_FONT_OP_COPY; + cfo.height = vcs.v_active-1; /* tty1 == index 0 */ + ioctl(vcfd, KDFONTOP, &cfo); ++ ++ /* copy map of 8bit chars */ ++ if (ioctl(fd, GIO_SCRNMAP, map8) >= 0) ++ ioctl(vcfd, PIO_SCRNMAP, map8); ++ ++ /* copy map of 8bit chars -> 16bit Unicode values */ ++ if (ioctl(fd, GIO_UNISCRNMAP, map16) >= 0) ++ ioctl(vcfd, PIO_UNISCRNMAP, map16); ++ ++ /* copy unicode translation table */ ++ /* unimapd is a ushort count and a pointer to an ++ array of struct unipair { ushort, ushort } */ ++ unimapd.entries = unipairs; ++ unimapd.entry_ct = USHRT_MAX; ++ if (ioctl(fd, GIO_UNIMAP, &unimapd) >= 0) { ++ struct unimapinit adv = { 0, 0, 0 }; ++ ++ ioctl(vcfd, PIO_UNIMAPCLR, &adv); ++ ioctl(vcfd, PIO_UNIMAP, &unimapd); ++ } + } + } + + int main(int argc, char **argv) { + const char *vc; +- char *vc_keymap = NULL; +- char *vc_keymap_toggle = NULL; +- char *vc_font = NULL; +- char *vc_font_map = NULL; +- char *vc_font_unimap = NULL; +- int fd = -1; ++ _cleanup_free_ char ++ *vc_keymap = NULL, *vc_keymap_toggle = NULL, ++ *vc_font = NULL, *vc_font_map = NULL, *vc_font_unimap = NULL; ++ _cleanup_close_ int fd = -1; + bool utf8; + pid_t font_pid = 0, keymap_pid = 0; + bool font_copy = false; +@@ -241,12 +263,12 @@ int main(int argc, char **argv) { + fd = open_terminal(vc, O_RDWR|O_CLOEXEC); + if (fd < 0) { + log_error("Failed to open %s: %m", vc); +- goto finish; ++ return EXIT_FAILURE; + } + + if (!is_vconsole(fd)) { + log_error("Device %s is not a virtual console.", vc); +- goto finish; ++ return EXIT_FAILURE; + } + + utf8 = is_locale_utf8(); +@@ -281,27 +303,27 @@ int main(int argc, char **argv) { + else + disable_utf8(fd); + +- r = EXIT_FAILURE; +- if (keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid) >= 0 && +- font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0) +- r = EXIT_SUCCESS; +- +-finish: +- if (keymap_pid > 0) +- wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid); ++ r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid); ++ if (r < 0) { ++ log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r)); ++ return EXIT_FAILURE; ++ } + +- if (font_pid > 0) { ++ if (font_pid > 0) + wait_for_terminate_and_warn(KBD_SETFONT, font_pid); +- if (font_copy) +- font_copy_to_all_vcs(fd); ++ ++ r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid); ++ if (r < 0) { ++ log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r)); ++ return EXIT_FAILURE; + } + +- free(vc_keymap); +- free(vc_font); +- free(vc_font_map); +- free(vc_font_unimap); ++ if (keymap_pid > 0) ++ wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid); + +- safe_close(fd); ++ /* Only copy the font when we started setfont successfully */ ++ if (font_copy && font_pid > 0) ++ font_copy_to_all_vcs(fd); + +- return r; ++ return EXIT_SUCCESS; + } +diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf +index 7c6d6b9..c470045 100644 +--- a/tmpfiles.d/systemd.conf ++++ b/tmpfiles.d/systemd.conf +@@ -23,6 +23,6 @@ d /run/systemd/machines 0755 root root - + d /run/systemd/shutdown 0755 root root - + + m /var/log/journal 2755 root systemd-journal - - +-m /var/log/journal/%m 2755 root systemd-journal - - ++Z /var/log/journal/%m 2755 root systemd-journal - - + m /run/log/journal 2755 root systemd-journal - - +-m /run/log/journal/%m 2755 root systemd-journal - - ++Z /run/log/journal/%m 2755 root systemd-journal - - diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in index 8ac51a4..cae9fb5 100644 --- a/units/console-getty.service.m4.in @@ -294,17 +2596,20 @@ index 552ef89..af3915f 100644 ExecStart=-/sbin/sulogin ExecStopPost=-@SYSTEMCTL@ --fail --no-block default diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4 -index 4ac51e7..86a3b59 100644 +index 4ac51e7..96daa5c 100644 --- a/units/serial-getty@.service.m4 +++ b/units/serial-getty@.service.m4 -@@ -22,7 +22,6 @@ Before=getty.target +@@ -22,10 +22,8 @@ Before=getty.target IgnoreOnIsolate=yes [Service] -ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM Type=idle Restart=always - RestartSec=0 +-RestartSec=0 + UtmpIdentifier=%I + TTYPath=/dev/%I + TTYReset=yes diff --git a/units/sysinit.target b/units/sysinit.target index 8f4fb8f..e0f0147 100644 --- a/units/sysinit.target @@ -354,6 +2659,18 @@ index de93879..c9a49f3 100644 +# journald to stop logging (see +# https://bugs.freedesktop.org/show_bug.cgi?id=56043). +X-RestartIfChanged=no +diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in +index ff36e90..e373628 100644 +--- a/units/systemd-nspawn@.service.in ++++ b/units/systemd-nspawn@.service.in +@@ -11,6 +11,7 @@ Documentation=man:systemd-nspawn(1) + + [Service] + ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i ++KillMode=mixed + Type=notify + + [Install] diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in index 1879b2f..9b895b9 100644 --- a/units/systemd-random-seed.service.in From 04ec038e892139ba9df3e5a435e8a7b0db2ca805 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 12 Aug 2014 02:33:30 +0200 Subject: [PATCH 04/61] Containers: Fix reboot and poweroff Previously "machinectl reboot/poweroff" brutally killed the container, as did "systemctl stop/restart". And reboot didn't actually work. Now everything is fine. --- nixos/modules/virtualisation/containers.nix | 39 +++++++++++++++------ 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index d0d04d9a1e5..9d1817b82f5 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -168,6 +168,9 @@ in preStart = '' + # Clean up existing machined registration. + machinectl terminate "$INSTANCE" 2> /dev/null || true + mkdir -p -m 0755 $root/var/lib # Create a named pipe to get a signal when the container @@ -203,6 +206,7 @@ in fi ''} + EXIT_ON_REBOOT=1 \ exec ${config.systemd.package}/bin/systemd-nspawn \ --keep-unit \ -M "$INSTANCE" -D "$root" $extraFlags \ @@ -240,23 +244,38 @@ in preStop = '' - machinectl poweroff "$INSTANCE" + machinectl poweroff "$INSTANCE" || true ''; restartIfChanged = false; #reloadIfChanged = true; # FIXME - serviceConfig.ExecReload = pkgs.writeScript "reload-container" - '' - #! ${pkgs.stdenv.shell} -e - SYSTEM_PATH=/nix/var/nix/profiles/system - echo $SYSTEM_PATH/bin/switch-to-configuration test | \ - ${pkgs.socat}/bin/socat unix:$root/var/lib/run-command.socket - - ''; + serviceConfig = { + ExecReload = pkgs.writeScript "reload-container" + '' + #! ${pkgs.stdenv.shell} -e + SYSTEM_PATH=/nix/var/nix/profiles/system + echo $SYSTEM_PATH/bin/switch-to-configuration test | \ + ${pkgs.socat}/bin/socat unix:$root/var/lib/run-command.socket - + ''; - serviceConfig.SyslogIdentifier = "container %i"; + SyslogIdentifier = "container %i"; - serviceConfig.EnvironmentFile = "-/etc/containers/%i.conf"; + EnvironmentFile = "-/etc/containers/%i.conf"; + + # Note that on reboot, systemd-nspawn returns 10, so this + # unit will be restarted. On poweroff, it returns 0, so the + # unit won't be restarted. + Restart = "on-failure"; + + # Hack: we don't want to kill systemd-nspawn, since we call + # "machinectl poweroff" in preStop to shut down the + # container cleanly. But systemd requires sending a signal + # (at least if we want remaining processes to be killed + # after the timeout). So send an ignored signal. + KillMode = "mixed"; + KillSignal = "WINCH"; + }; }; # Generate a configuration file in /etc/containers for each From b99af5579ef3c132acade1f2f4e420ca3bb51abd Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 12 Aug 2014 02:51:20 +0200 Subject: [PATCH 05/61] Containers: Don't remount / --- nixos/modules/system/boot/stage-2-init.sh | 4 +++- nixos/modules/virtualisation/container-config.nix | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index fcefdfa88a3..6fff776f858 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -29,7 +29,9 @@ setPath "@path@" # Normally, stage 1 mounts the root filesystem read/writable. # However, in some environments, stage 2 is executed directly, and the # root is read-only. So make it writable here. -mount -n -o remount,rw none / +if [ "$container" != systemd-nspawn ]; then + mount -n -o remount,rw none / +fi # Likewise, stage 1 mounts /proc, /dev and /sys, so if we don't have a diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index b81f97f2b4e..84e3aa28352 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -89,6 +89,8 @@ with lib; restartIfChanged = false; }; + systemd.services.systemd-remount-fs.enable = false; + }; } From 878b738333fe76cf942f0d3a07068b7387f91d7d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 12 Aug 2014 03:05:27 +0200 Subject: [PATCH 06/61] Containers: Clean up veth interfaces --- nixos/modules/virtualisation/containers.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 9d1817b82f5..a7256148f08 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -168,9 +168,13 @@ in preStart = '' - # Clean up existing machined registration. + # Clean up existing machined registration and interfaces. machinectl terminate "$INSTANCE" 2> /dev/null || true + if [ "$PRIVATE_NETWORK" = 1 ]; then + ip link del dev "ve-$INSTANCE" 2> /dev/null || true + fi + mkdir -p -m 0755 $root/var/lib # Create a named pipe to get a signal when the container From ab402dc1a49579785c690238ed4fce72dd707b30 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 13 Aug 2014 00:47:24 +0200 Subject: [PATCH 07/61] systemd: Apply a patch that improves systemd-nspawn startup notification Systemd-nspawn now sends startup notification *after* it has forked the container init process and performed initialisation (such as creating veth network interfaces). --- pkgs/os-specific/linux/systemd/fixes.patch | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 70ad195a032..566d80bfba9 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -1427,7 +1427,7 @@ index 9473105..154a335 100644 if (!isempty(service)) { m->service = strdup(service); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 9a9ed9d..4efa5b7 100644 +index 9a9ed9d..c3e6d23 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -769,6 +769,15 @@ static int setup_resolv_conf(const char *dest) { @@ -1483,7 +1483,16 @@ index 9a9ed9d..4efa5b7 100644 } } else { char template[] = "/tmp/nspawn-root-XXXXXX"; -@@ -2966,7 +2974,9 @@ int main(int argc, char *argv[]) { +@@ -2748,8 +2756,6 @@ int main(int argc, char *argv[]) { + goto finish; + } + +- sd_notify(0, "READY=1"); +- + assert_se(sigemptyset(&mask) == 0); + sigset_add_many(&mask, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1); + assert_se(sigprocmask(SIG_BLOCK, &mask, NULL) == 0); +@@ -2966,7 +2972,9 @@ int main(int argc, char *argv[]) { } if (!sd_id128_equal(arg_uuid, SD_ID128_NULL)) { @@ -1494,6 +1503,15 @@ index 9a9ed9d..4efa5b7 100644 log_oom(); goto child_fail; } +@@ -3086,6 +3094,8 @@ int main(int argc, char *argv[]) { + if (r < 0) + goto finish; + ++ sd_notify(0, "READY=1"); ++ + /* Notify the child that the parent is ready with all + * its setup, and thtat the child can now hand over + * control to the code to run inside the container. */ @@ -3136,6 +3146,10 @@ int main(int argc, char *argv[]) { if (!arg_quiet) From 330fadb7060074bd5c38e5dcefc394abaf8d6a09 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 13 Aug 2014 00:45:36 +0200 Subject: [PATCH 08/61] Containers: Use systemd-nspawn startup notification This prevents the container unit startup from hanging until timeout if systemd-nspawn fails. --- nixos/modules/virtualisation/containers.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index a7256148f08..6933fbaa9ee 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -228,12 +228,6 @@ in postStart = '' - # This blocks until the container-startup-done service - # writes something to this pipe. FIXME: it also hangs - # until the start timeout expires if systemd-nspawn exits. - read x < $root/var/lib/startup-done - rm -f $root/var/lib/startup-done - if [ "$PRIVATE_NETWORK" = 1 ]; then ifaceHost=ve-$INSTANCE ip link set dev $ifaceHost up @@ -244,6 +238,12 @@ in ip route add $LOCAL_ADDRESS dev $ifaceHost fi fi + + # This blocks until the container-startup-done service + # writes something to this pipe. FIXME: it also hangs + # until the start timeout expires if systemd-nspawn exits. + read x < $root/var/lib/startup-done + rm -f $root/var/lib/startup-done ''; preStop = @@ -267,6 +267,8 @@ in EnvironmentFile = "-/etc/containers/%i.conf"; + Type = "notify"; + # Note that on reboot, systemd-nspawn returns 10, so this # unit will be restarted. On poweroff, it returns 0, so the # unit won't be restarted. From f199e115d2d9acf2bee330c325a0fe19cf9d8235 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Wed, 13 Aug 2014 21:50:18 +0200 Subject: [PATCH 09/61] Enable parallel building for GCC. Even if using profiledbootstrap. This was unsafe before 4.8, and then the documentation was not fixed on time. The documentation got fixed here: https://github.com/gcc-mirror/gcc/commit/c763997f340ec1fab37ad538b57afdad4f4bf747 But the actual code was already fixed here: https://github.com/gcc-mirror/gcc/commit/5d2fca09d543d4b42b99fe20f412efb78cc50ec3 So this is safe both for GCC 4.8 and GCC 4.9. --- pkgs/development/compilers/gcc/4.8/default.nix | 5 +---- pkgs/development/compilers/gcc/4.9/default.nix | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 2fb8f9d73b5..7b73559ba9c 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -59,10 +59,7 @@ let version = "4.8.3"; # Whether building a cross-compiler for GNU/Hurd. crossGNU = cross != null && cross.config == "i586-pc-gnu"; - /* gccinstall.info says that "parallel make is currently not supported since - collisions in profile collecting may occur". - */ - enableParallelBuilding = !profiledCompiler; + enableParallelBuilding = true; patches = [] ++ optional enableParallelBuilding ./parallel-bconfig.patch diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index 8b185d00bcc..f61e6b4445a 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -57,10 +57,7 @@ let version = "4.9.1"; # Whether building a cross-compiler for GNU/Hurd. crossGNU = cross != null && cross.config == "i586-pc-gnu"; - /* gccinstall.info says that "parallel make is currently not supported since - collisions in profile collecting may occur". - */ - enableParallelBuilding = !profiledCompiler; + enableParallelBuilding = true; patches = [ ] ++ optional enableParallelBuilding ./parallel-bconfig.patch From 59291fdbf4e26a2b09a1d39a0582a874d78d6797 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Thu, 14 Aug 2014 00:20:15 +0200 Subject: [PATCH 10/61] Get rid of bootstrap-tools dependency from xz (and therefore stdenv) 0769fc5b77eb76c6a794187f173c48f912fc837c broke this by setting CONFIG_SHELL. --- pkgs/tools/compression/xz/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index b644f46dff8..e1d7c26fa43 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -10,6 +10,9 @@ stdenv.mkDerivation rec { doCheck = true; + # In stdenv-linux, prevent a dependency on bootstrap-tools. + preHook = "unset CONFIG_SHELL"; + meta = { homepage = http://tukaani.org/xz/; description = "XZ, general-purpose data compression software, successor of LZMA"; From 36bef2b26731a9580260fd24d18c90dbecd5eb22 Mon Sep 17 00:00:00 2001 From: Luca Bruno Date: Thu, 14 Aug 2014 22:59:24 +0200 Subject: [PATCH 11/61] gobject-introspection: refer to shlibs with absolute paths in typelibs After this, LD_LIBRARY_PATH should not be required anymore. The patch has been applied only for .la files, so there may be some other cases missing. --- .../newsreaders/liferea/default.nix | 1 - .../virtualization/virt-manager/default.nix | 1 - .../gnome-3/3.10/apps/gedit/default.nix | 1 - .../3.10/apps/gnome-documents/default.nix | 8 +----- .../gnome-3/3.10/apps/gnome-music/default.nix | 10 +------- .../gnome-3/3.12/core/gnome-shell/default.nix | 1 - .../3.12/misc/gnome-tweak-tool/default.nix | 1 - .../gnome-3/3.12/misc/gpaste/default.nix | 3 +-- .../absolute_shlib_path.patch | 25 +++++++++++++++++++ .../gobject-introspection/default.nix | 2 ++ .../development/tools/misc/d-feet/default.nix | 1 - 11 files changed, 30 insertions(+), 24 deletions(-) create mode 100644 pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch diff --git a/pkgs/applications/networking/newsreaders/liferea/default.nix b/pkgs/applications/networking/newsreaders/liferea/default.nix index e38d5188dc2..a5216b2902a 100644 --- a/pkgs/applications/networking/newsreaders/liferea/default.nix +++ b/pkgs/applications/networking/newsreaders/liferea/default.nix @@ -33,7 +33,6 @@ stdenv.mkDerivation rec { for f in "$out"/bin/*; do wrapProgram "$f" \ --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \ - --prefix LD_LIBRARY_PATH : "${gnome3.libgnome_keyring}/lib" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ --prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules:${glib_networking}/lib/gio/modules" \ --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gtk}/share:$out/share:$GSETTINGS_SCHEMAS_PATH" diff --git a/pkgs/applications/virtualization/virt-manager/default.nix b/pkgs/applications/virtualization/virt-manager/default.nix index 9df6967704a..08d53d83eed 100644 --- a/pkgs/applications/virtualization/virt-manager/default.nix +++ b/pkgs/applications/virtualization/virt-manager/default.nix @@ -51,7 +51,6 @@ buildPythonPackage rec { --prefix GI_TYPELIB_PATH : $GI_TYPELIB_PATH \ --prefix GIO_EXTRA_MODULES : "${dconf}/lib/gio/modules" \ --prefix GSETTINGS_SCHEMA_DIR : $out/share/glib-2.0/schemas \ - --prefix LD_LIBRARY_PATH : ${gtk3}/lib/:${libvirt-glib}/lib/:${vte}/lib:${gtkvnc}/lib${optionalString spiceSupport ":${spice_gtk}/lib"} \ --prefix XDG_DATA_DIRS : "$out/share:${gsettings_desktop_schemas}/share:${gtk3}/share:$GSETTINGS_SCHEMAS_PATH:\$XDG_DATA_DIRS" done diff --git a/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix index 84a77e5a024..6b9a69c738d 100644 --- a/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix +++ b/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix @@ -25,7 +25,6 @@ stdenv.mkDerivation rec { wrapProgram "$out/bin/gedit" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${gnome3.libpeas}/lib:${gnome3.gtksourceview}/lib" \ --prefix XDG_DATA_DIRS : "${gnome3.gtksourceview}/share:${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" ''; diff --git a/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix index b393bb43931..a8c84d6a769 100644 --- a/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix +++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix @@ -28,17 +28,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - preFixup = - let - libPath = stdenv.lib.makeLibraryPath - [ evince gtk3 gnome3.tracker gnome3.gnome_online_accounts ]; - in - '' + preFixup = '' substituteInPlace $out/bin/gnome-documents --replace gapplication "${glib}/bin/gapplication" wrapProgram "$out/bin/gnome-documents" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH ":" "${libPath}" \ --prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \ --run "if [ -z \"\$XDG_CACHE_DIR\" ]; then XDG_CACHE_DIR=\$HOME/.cache; fi; if [ -w \"\$XDG_CACHE_DIR/..\" ]; then mkdir -p \"\$XDG_CACHE_DIR/gnome-documents\"; fi" rm $out/share/icons/hicolor/icon-theme.cache diff --git a/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix index b8d2bbc79ef..31d521e8c30 100644 --- a/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix +++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix @@ -24,19 +24,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - preFixup = - let - libPath = stdenv.lib.makeLibraryPath - [ glib gtk3 libnotify tracker gnome3.grilo cairo - gst_all_1.gstreamer gst_all_1.gst-plugins-base - gst_all_1.gst-plugins-good gst_all_1.gst-plugins-bad ]; - in - '' + preFixup = '' wrapProgram "$out/bin/gnome-music" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${libPath}" \ --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0" \ --prefix GRL_PLUGIN_PATH : "${gnome3.grilo-plugins}/lib/grilo-0.2" \ --prefix PYTHONPATH : "$PYTHONPATH" diff --git a/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix b/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix index dbb19f77d21..6f6816efa5b 100644 --- a/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix +++ b/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix @@ -35,7 +35,6 @@ stdenv.mkDerivation rec { wrapProgram "$out/bin/gnome-shell" \ --prefix PATH : "${unzip}/bin" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${accountsservice}/lib:${ibus}/lib:${gdm}/lib" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix XDG_DATA_DIRS : "${gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" diff --git a/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix b/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix index 2eccb9a32cf..1a48d6529a2 100644 --- a/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix +++ b/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix @@ -30,7 +30,6 @@ stdenv.mkDerivation rec { --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH ":" "${libsoup}/lib:${gnome3.gnome_desktop}/lib:${libnotify}/lib:${gtk3}/lib:${atk}/lib" \ --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)" ''; diff --git a/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix b/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix index 56a5f18544f..c303ccdf51e 100644 --- a/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix +++ b/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix @@ -30,8 +30,7 @@ stdenv.mkDerivation rec { for i in $out/libexec/gpaste/*; do wrapProgram $i \ --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ - --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${libPath}" + --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" done ''; diff --git a/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch b/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch new file mode 100644 index 00000000000..04bcc42a032 --- /dev/null +++ b/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch @@ -0,0 +1,25 @@ +--- ./giscanner/utils.py.orig 2014-08-14 22:05:05.055334080 +0200 ++++ ./giscanner/utils.py 2014-08-14 22:05:24.687497334 +0200 +@@ -110,17 +110,11 @@ + if dlname is None: + return None + +- # Darwin uses absolute paths where possible; since the libtool files never +- # contain absolute paths, use the libdir field +- if platform.system() == 'Darwin': +- dlbasename = os.path.basename(dlname) +- libdir = _extract_libdir_field(la_file) +- if libdir is None: +- return dlbasename +- return libdir + '/' + dlbasename +- # From the comments in extract_libtool(), older libtools had +- # a path rather than the raw dlname +- return os.path.basename(dlname) ++ dlbasename = os.path.basename(dlname) ++ libdir = _extract_libdir_field(la_file) ++ if libdir is None: ++ return dlbasename ++ return libdir + '/' + dlbasename + + + def extract_libtool(la_file): diff --git a/pkgs/development/libraries/gobject-introspection/default.nix b/pkgs/development/libraries/gobject-introspection/default.nix index 7686fb30838..4b7ec1f4116 100644 --- a/pkgs/development/libraries/gobject-introspection/default.nix +++ b/pkgs/development/libraries/gobject-introspection/default.nix @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { setupHook = ./setup-hook.sh; + patches = [ ./absolute_shlib_path.patch ]; + meta = with stdenv.lib; { description = "A middleware layer between C libraries and language bindings"; homepage = http://live.gnome.org/GObjectIntrospection; diff --git a/pkgs/development/tools/misc/d-feet/default.nix b/pkgs/development/tools/misc/d-feet/default.nix index 852c1b74219..df5fdbfab5a 100644 --- a/pkgs/development/tools/misc/d-feet/default.nix +++ b/pkgs/development/tools/misc/d-feet/default.nix @@ -26,7 +26,6 @@ stdenv.mkDerivation rec { wrapProgram $out/bin/d-feet \ --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ - --prefix LD_LIBRARY_PATH : "${gtk3}/lib:${atk}/lib:${libwnck3}/lib" \ --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$out/share" rm $out/share/icons/hicolor/icon-theme.cache From 1a75958be52f5c2f062ace0935c1a2d43c8f7f55 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 15 Aug 2014 01:33:20 +0200 Subject: [PATCH 12/61] Unify mutableUsers = { true, false } MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With mutableUsers = true, we now ensure that all users and groups that were created declaratively, are updated or removed appropriately. Thus, adding a user to users.extraUsers and then removing it now causes the acoount to be removed from /etc/passwd. Thus user/group management is fully congruent except that users and groups that were created imperatively (via useradd/groupadd) are not touched. We distinguish between declarative and imperative users/groups by tracking the former in /var/lib/nixos/declarative-{groups,users}. With mutableUsers = false, you are now no longer required to specify UIDs/GIDs for all users. The handling of mutableUsers = true/false is the same code path; the only difference is that the "false" mode ignores the existing contents of /etc/{passwd,group}. The attribute ‘createUser’ is gone. It doesn't really make sense to specify users that shouldn't be created. --- nixos/doc/manual/configuration.xml | 5 - nixos/modules/config/update-users-groups.pl | 239 ++++++++++++++++++++ nixos/modules/config/users-groups.nix | 196 +++------------- 3 files changed, 266 insertions(+), 174 deletions(-) create mode 100644 nixos/modules/config/update-users-groups.pl diff --git a/nixos/doc/manual/configuration.xml b/nixos/doc/manual/configuration.xml index 051f0fb8c1e..ce7ccf6cc5e 100644 --- a/nixos/doc/manual/configuration.xml +++ b/nixos/doc/manual/configuration.xml @@ -1072,11 +1072,6 @@ users.extraGroups.students.gid = 1000; As with users, the group ID (gid) is optional and will be assigned automatically if it’s missing. -Currently declarative user management is not perfect: -nixos-rebuild does not know how to realise certain -configuration changes. This includes removing a user or group, and -removing group membership from a user. - In the imperative style, users and groups are managed by commands such as useradd, groupmod and so on. For instance, to create a user diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl new file mode 100644 index 00000000000..2b9bfb764a8 --- /dev/null +++ b/nixos/modules/config/update-users-groups.pl @@ -0,0 +1,239 @@ +use strict; +use File::Path qw(make_path); +use File::Slurp; +use JSON; + +make_path("/var/lib/nixos", { mode => 0755 }); + + +# Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in +# /etc/login.defs. +sub allocId { + my ($used, $idMin, $idMax, $up, $getid) = @_; + my $id = $up ? $idMin : $idMax; + while ($id >= $idMin && $id <= $idMax) { + if (!$used->{$id} && !defined &$getid($id)) { + $used->{$id} = 1; + return $id; + } + $used->{$id} = 1; + if ($up) { $id++; } else { $id--; } + } + die "$0: out of free UIDs or GIDs\n"; +} + +my (%gidsUsed, %uidsUsed); + +sub allocGid { + return allocId(\%gidsUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) }); +} + +sub allocUid { + my ($isSystemUser) = @_; + my ($min, $max, $up) = $isSystemUser ? (400, 499, 0) : (1000, 29999, 1); + return allocId(\%uidsUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) }); +} + + +# Read the declared users/groups. +my $spec = decode_json(read_file($ARGV[0])); + +# Don't allocate UIDs/GIDs that are already in use. +foreach my $g (@{$spec->{groups}}) { + $gidsUsed{$g->{gid}} = 1 if defined $g->{gid}; +} + +foreach my $u (@{$spec->{groups}}) { + $uidsUsed{$u->{u}} = 1 if defined $u->{uid}; +} + +# Read the current /etc/group. +sub parseGroup { + chomp; + my @f = split(':', $_, -4); + my $gid = $f[2] eq "" ? undef : int($f[2]); + $gidsUsed{$gid} = 1 if defined $gid; + return ($f[0], { name => $f[0], password => $f[1], gid => $gid, members => $f[3] }); +} + +my %groupsCur = -f "/etc/group" ? map { parseGroup } read_file("/etc/group") : (); + +# Read the current /etc/passwd. +sub parseUser { + chomp; + my @f = split(':', $_, -7); + my $uid = $f[2] eq "" ? undef : int($f[2]); + $uidsUsed{$uid} = 1 if defined $uid; + return ($f[0], { name => $f[0], fakePassword => $f[1], uid => $uid, + gid => $f[3], description => $f[4], home => $f[5], shell => $f[6] }); +} + +my %usersCur = -f "/etc/passwd" ? map { parseUser } read_file("/etc/passwd") : (); + +# Read the groups that were created declaratively (i.e. not by groups) +# in the past. These must be removed if they are no longer in the +# current spec. +my $declGroupsFile = "/var/lib/nixos/declarative-groups"; +my %declGroups; +$declGroups{$_} = 1 foreach split / /, -e $declGroupsFile ? read_file($declGroupsFile) : ""; + +# Idem for the users. +my $declUsersFile = "/var/lib/nixos/declarative-users"; +my %declUsers; +$declUsers{$_} = 1 foreach split / /, -e $declUsersFile ? read_file($declUsersFile) : ""; + + +# Generate a new /etc/group containing the declared groups. +my %groupsOut; +foreach my $g (@{$spec->{groups}}) { + my $name = $g->{name}; + my $existing = $groupsCur{$name}; + + my %members = map { ($_, 1) } @{$g->{members}}; + + if (defined $existing) { + $g->{gid} = $existing->{gid} if !defined $g->{gid}; + if ($g->{gid} != $existing->{gid}) { + warn "warning: not applying GID change of group ‘$name’\n"; + $g->{gid} = $existing->{gid}; + } + $g->{password} = $existing->{password}; # do we want this? + if ($spec->{mutableUsers}) { + # Merge in non-declarative group members. + foreach my $uname (split /,/, $existing->{members} // "") { + $members{$uname} = 1 if !defined $declUsers{$uname}; + } + } + } else { + $g->{gid} = allocGid if !defined $g->{gid}; + $g->{password} = "x"; + } + + $g->{members} = join ",", sort(keys(%members)); + $groupsOut{$name} = $g; +} + +# Update the persistent list of declarative groups. +write_file($declGroupsFile, join(" ", sort(keys %groupsOut))); + +# Merge in the existing /etc/group. +foreach my $name (keys %groupsCur) { + my $g = $groupsCur{$name}; + next if defined $groupsOut{$name}; + if (!$spec->{mutableUsers} || defined $declGroups{$name}) { + print STDERR "removing group ‘$name’\n"; + } else { + $groupsOut{$name} = $g; + } +} + + +# Rewrite /etc/group. FIXME: acquire lock. +my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" } + (sort { $a->{gid} <=> $b->{gid} } values(%groupsOut)); +write_file("/etc/group.tmp", @lines); +rename("/etc/group.tmp", "/etc/group") or die; +system("nscd --invalidate group"); + +# Generate a new /etc/passwd containing the declared users. +my %usersOut; +foreach my $u (@{$spec->{users}}) { + my $name = $u->{name}; + + # Resolve the gid of the user. + if ($u->{group} =~ /^[0-9]$/) { + $u->{gid} = $u->{group}; + } elsif (defined $groupsOut{$u->{group}}) { + $u->{gid} = $groupsOut{$u->{group}}->{gid} // die; + } else { + warn "warning: user ‘$name’ has unknown group ‘$u->{group}’\n"; + $u->{gid} = 65534; + } + + my $existing = $usersCur{$name}; + if (defined $existing) { + $u->{uid} = $existing->{uid} if !defined $u->{uid}; + if ($u->{uid} != $existing->{uid}) { + warn "warning: not applying UID change of user ‘$name’\n"; + $u->{uid} = $existing->{uid}; + } + } else { + $u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid}; + + # Create a home directory. + if ($u->{createHome}) { + make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; + chown $u->{uid}, $u->{gid}, $u->{home}; + } + } + + if (defined $u->{passwordFile}) { + if (-e $u->{passwordFile}) { + $u->{hashedPassword} = read_file($u->{passwordFile}); + chomp $u->{hashedPassword}; + } else { + warn "warning: password file ‘$u->{passwordFile}’ does not exist\n"; + } + } + + $u->{fakePassword} = $existing->{fakePassword} // "x"; + $usersOut{$name} = $u; +} + +# Update the persistent list of declarative users. +write_file($declUsersFile, join(" ", sort(keys %usersOut))); + +# Merge in the existing /etc/passwd. +foreach my $name (keys %usersCur) { + my $u = $usersCur{$name}; + next if defined $usersOut{$name}; + if (!$spec->{mutableUsers} || defined $declUsers{$name}) { + print STDERR "removing user ‘$name’\n"; + } else { + $usersOut{$name} = $u; + } +} + +# Rewrite /etc/passwd. FIXME: acquire lock. +@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" } + (sort { $a->{uid} <=> $b->{uid} } (values %usersOut)); +write_file("/etc/passwd.tmp", @lines); +rename("/etc/passwd.tmp", "/etc/passwd") or die; +system("nscd --invalidate passwd"); + + +# Rewrite /etc/shadow to add new accounts or remove dead ones. +my @shadowNew; +my %shadowSeen; + +foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) { + chomp $line; + my ($name, $password, @rest) = split(':', $line, -9); + my $u = $usersOut{$name};; + next if !defined $u; + $password = $u->{hashedPassword} if $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME + push @shadowNew, join(":", $name, $password, @rest) . "\n"; + $shadowSeen{$name} = 1; +} + +foreach my $u (values %usersOut) { + next if defined $shadowSeen{$u->{name}}; + my $password = "!"; + $password = $u->{hashedPassword} if $u->{hashedPassword}; + # FIXME: set correct value for sp_lstchg. + push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n"; +} + +write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew); +rename("/etc/shadow.tmp", "/etc/shadow") or die; + + +# Call chpasswd to apply password. FIXME: generate the hashes directly +# and merge into the /etc/shadow updating above. +foreach my $u (@{$spec->{users}}) { + if (defined $u->{password}) { + my $pid = open(PW, "| chpasswd") or die; + print PW "$u->{name}:$u->{password}\n"; + close PW or die "unable to change password of user ‘$u->{name}’: $?\n"; + } +} diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 5de81a77342..75d1b6f7ff4 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -7,9 +7,6 @@ let ids = config.ids; cfg = config.users; - nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers; - nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups; - passwordDescription = '' The options hashedPassword, password and passwordFile @@ -55,10 +52,8 @@ let type = with types; nullOr int; default = null; description = '' - The account UID. If the option - is false, the UID cannot be null. Otherwise, the UID might be - null, in which case a free UID is picked on activation (by the - useradd command). + The account UID. If the UID is null, a free UID is picked on + activation. ''; }; @@ -67,8 +62,7 @@ let default = false; description = '' Indicates if the user is a system user or not. This option - only has an effect if is - true and is + only has an effect if is , in which case it determines whether the user's UID is allocated in the range for system users (below 500) or in the range for normal users (starting at @@ -152,16 +146,6 @@ let ${passwordDescription} ''; }; - - createUser = mkOption { - type = types.bool; - default = true; - description = '' - Indicates if the user should be created automatically as a local user. - Set this to false if the user for instance is an LDAP user. NixOS will - then not modify any of the basic properties for the user account. - ''; - }; }; config = { @@ -187,10 +171,8 @@ let type = with types; nullOr int; default = null; description = '' - The group GID. If the mutableUsers option - is false, the GID cannot be null. Otherwise, the GID might be - null, in which case a free GID is picked on activation (by the - groupadd command). + The group GID. If the GID is null, a free GID is picked on + activation. ''; }; @@ -211,84 +193,6 @@ let }; - getGroup = gname: - let - groups = mapAttrsToList (n: g: g) ( - filterAttrs (n: g: g.name == gname) cfg.extraGroups - ); - in - if length groups == 1 then head groups - else if groups == [] then throw "Group ${gname} not defined" - else throw "Group ${gname} has multiple definitions"; - - getUser = uname: - let - users = mapAttrsToList (n: u: u) ( - filterAttrs (n: u: u.name == uname) cfg.extraUsers - ); - in - if length users == 1 then head users - else if users == [] then throw "User ${uname} not defined" - else throw "User ${uname} has multiple definitions"; - - mkGroupEntry = gname: - let - g = getGroup gname; - users = mapAttrsToList (n: u: u.name) ( - filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers - ); - in concatStringsSep ":" [ - g.name "x" (toString g.gid) - (concatStringsSep "," (users ++ (filter (u: !(elem u users)) g.members))) - ]; - - mkPasswdEntry = uname: let u = getUser uname; in - concatStringsSep ":" [ - u.name "x" (toString u.uid) - (toString (getGroup u.group).gid) - u.description u.home u.shell - ]; - - sortOn = a: sort (as1: as2: lessThan (getAttr a as1) (getAttr a as2)); - - groupFile = pkgs.writeText "group" ( - concatStringsSep "\n" (map (g: mkGroupEntry g.name) ( - let f = g: g.gid != null; in - sortOn "gid" (filter f (attrValues cfg.extraGroups)) - )) - ); - - passwdFile = pkgs.writeText "passwd" ( - concatStringsSep "\n" (map (u: mkPasswdEntry u.name) ( - let f = u: u.createUser && (u.uid != null); in - sortOn "uid" (filter f (attrValues cfg.extraUsers)) - )) - ); - - # If mutableUsers is true, this script adds all users/groups defined in - # users.extra{Users,Groups} to /etc/{passwd,group} iff there isn't any - # existing user/group with the same name in those files. - # If mutableUsers is false, the /etc/{passwd,group} files will simply be - # replaced with the users/groups defined in the NixOS configuration. - # The merging procedure could certainly be improved, and instead of just - # keeping the lines as-is from /etc/{passwd,group} they could be combined - # in some way with the generated content from the NixOS configuration. - merger = src: pkgs.writeScript "merger" '' - #!${pkgs.bash}/bin/bash - - PATH=${pkgs.gawk}/bin:${pkgs.gnugrep}/bin:$PATH - - ${if !cfg.mutableUsers - then ''cp ${src} $1.tmp'' - else ''awk -F: '{ print "^"$1":.*" }' $1 | egrep -vf - ${src} | cat $1 - > $1.tmp'' - } - - # set mtime to +1, otherwise change might go unnoticed (vipw/vigr only looks at mtime) - touch -m -t $(date -d @$(($(stat -c %Y $1)+1)) +%Y%m%d%H%M.%S) $1.tmp - - mv -f $1.tmp $1 - ''; - idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }: let id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set)); @@ -302,6 +206,21 @@ let uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid"; gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid"; + spec = builtins.toFile "users-groups.json" (builtins.toJSON { + inherit (cfg) mutableUsers; + users = mapAttrsToList (n: u: + { inherit (u) + name uid group description home shell createHome isSystemUser + password passwordFile hashedPassword; + }) cfg.extraUsers; + groups = mapAttrsToList (n: g: + { inherit (g) name gid; + members = mapAttrsToList (n: u: u.name) ( + filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers + ); + }) cfg.extraGroups; + }); + in { ###### interface @@ -438,67 +357,12 @@ in { grsecurity.gid = ids.gids.grsecurity; }; - system.activationScripts.users = - let - mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers; - setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers; - pwFile = u: if !(isNull u.hashedPassword) - then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; } - else if !(isNull u.password) - then pkgs.runCommand "password-file" { pw = u.password; } '' - echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out - '' else u.passwordFile; - setpw = n: u: '' - setpw=yes - ${optionalString cfg.mutableUsers '' - test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no - ''} - if [ "$setpw" == "yes" ]; then - ${if !(isNull (pwFile u)) - then '' - echo -n "${u.name}:" | cat - "${pwFile u}" | \ - ${pkgs.shadow}/sbin/chpasswd -e - '' - else "passwd -l '${u.name}' &>/dev/null" - } - fi - ''; - mkhome = n: u: '' - uid="$(id -u ${u.name})" - gid="$(id -g ${u.name})" - h="${u.home}" - test -a "$h" || mkdir -p "$h" || true - test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true - test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true - ''; - groupadd = n: g: '' - if [ -z "$(getent group "${g.name}")" ]; then - ${pkgs.shadow}/sbin/groupadd "${g.name}" - fi - ''; - useradd = n: u: '' - if ! id "${u.name}" &>/dev/null; then - ${pkgs.shadow}/sbin/useradd \ - -g "${u.group}" \ - -G "${concatStringsSep "," u.extraGroups}" \ - -s "${u.shell}" \ - -d "${u.home}" \ - ${optionalString u.isSystemUser "--system"} \ - "${u.name}" - echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e - fi - ''; - in stringAfter [ "etc" ] '' - touch /etc/group - touch /etc/passwd - VISUAL=${merger groupFile} ${pkgs.shadow}/sbin/vigr &>/dev/null - VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null - ${pkgs.shadow}/sbin/grpconv - ${pkgs.shadow}/sbin/pwconv - ${concatStrings (mapAttrsToList groupadd nonGidGroups)} - ${concatStrings (mapAttrsToList useradd nonUidUsers)} - ${concatStrings (mapAttrsToList mkhome mkhomeUsers)} - ${concatStrings (mapAttrsToList setpw setpwUsers)} + system.activationScripts.users = stringAfter [ "etc" ] + '' + ${pkgs.perl}/bin/perl -w \ + -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl \ + -I${pkgs.perlPackages.JSON}/lib/perl5/site_perl \ + ${./update-users-groups.pl} ${spec} ''; # for backwards compatibility @@ -506,13 +370,7 @@ in { assertions = [ { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); - message = "uids and gids must be unique!"; - } - { assertion = cfg.mutableUsers || (nonUidUsers == {}); - message = "When mutableUsers is false, no uid can be null: ${toString (attrNames nonUidUsers)}"; - } - { assertion = cfg.mutableUsers || (nonGidGroups == {}); - message = "When mutableUsers is false, no gid can be null"; + message = "UIDs and GIDs must be unique!"; } ]; From a323d146b7be3bc066b4ec74db72888ea32792fb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 15 Aug 2014 02:07:43 +0200 Subject: [PATCH 13/61] Add user attribute isNormalUser This is shorthand for setting group, createHome, home, useDefaultShell and isSystemUser. --- nixos/doc/manual/configuration.xml | 4 +-- nixos/modules/config/users-groups.nix | 31 ++++++++++++++++--- .../installer/tools/nixos-generate-config.pl | 6 +--- nixos/modules/profiles/demo.nix | 7 ++--- nixos/tests/common/user-account.nix | 6 ++-- 5 files changed, 33 insertions(+), 21 deletions(-) diff --git a/nixos/doc/manual/configuration.xml b/nixos/doc/manual/configuration.xml index ce7ccf6cc5e..110d1a00eeb 100644 --- a/nixos/doc/manual/configuration.xml +++ b/nixos/doc/manual/configuration.xml @@ -1033,11 +1033,9 @@ states that a user account named alice shall exist: users.extraUsers.alice = - { createHome = true; - home = "/home/alice"; + { isNormalUser = true; description = "Alice Foobar"; extraGroups = [ "wheel" "networkmanager" ]; - useDefaultShell = true; openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; }; diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 75d1b6f7ff4..f32138a814d 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -70,6 +70,21 @@ let ''; }; + isNormalUser = mkOption { + type = types.bool; + default = false; + description = '' + Indicates whether this is an account for a “real” user. This + automatically sets to + users, to + true, to + /home/username, + to true, + and to + false. + ''; + }; + group = mkOption { type = types.str; default = "nogroup"; @@ -148,10 +163,18 @@ let }; }; - config = { - name = mkDefault name; - shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell); - }; + config = mkMerge + [ { name = mkDefault name; + shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell); + } + (mkIf config.isNormalUser { + group = mkDefault "users"; + createHome = mkDefault true; + home = mkDefault "/home/${name}"; + useDefaultShell = mkDefault true; + isSystemUser = mkDefault false; + }) + ]; }; diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 66a8152a3a6..c507f7f979f 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -490,12 +490,8 @@ $bootLoaderConfig # Define a user account. Don't forget to set a password with ‘passwd’. # users.extraUsers.guest = { - # name = "guest"; - # group = "users"; + # isNormalUser = true; # uid = 1000; - # createHome = true; - # home = "/home/guest"; - # shell = "/run/current-system/sw/bin/bash"; # }; } diff --git a/nixos/modules/profiles/demo.nix b/nixos/modules/profiles/demo.nix index 605cc6aad1d..ef6fd77b5f8 100644 --- a/nixos/modules/profiles/demo.nix +++ b/nixos/modules/profiles/demo.nix @@ -4,12 +4,9 @@ imports = [ ./graphical.nix ]; users.extraUsers.demo = - { description = "Demo user account"; - group = "users"; + { isNormalUser = true; + description = "Demo user account"; extraGroups = [ "wheel" ]; - home = "/home/demo"; - createHome = true; - useDefaultShell = true; password = "demo"; uid = 1000; }; diff --git a/nixos/tests/common/user-account.nix b/nixos/tests/common/user-account.nix index 0239a3c4d08..aa3a0b82bcd 100644 --- a/nixos/tests/common/user-account.nix +++ b/nixos/tests/common/user-account.nix @@ -1,11 +1,9 @@ { pkgs, ... }: { users.extraUsers = pkgs.lib.singleton - { name = "alice"; + { isNormalUser = true; + name = "alice"; description = "Alice Foobar"; - home = "/home/alice"; - createHome = true; - useDefaultShell = true; password = "foobar"; uid = 1000; }; From 97d6afafaaf5e8db7182cf65cae982c50be2c2e9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 15 Aug 2014 04:07:45 +0200 Subject: [PATCH 14/61] systemd: Fix uninitialised memory issue in veth setup This caused containers to randomly fail, in particular if the machine name was 8 characters. --- pkgs/os-specific/linux/systemd/fixes.patch | 117 +++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 566d80bfba9..72cf0e92bb8 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -1074,6 +1074,123 @@ index b087a8b..967ab67 100644 test_catalog_file_lang(); +diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c +index 84a8ffa..e79b318 100644 +--- a/src/libsystemd/sd-rtnl/rtnl-message.c ++++ b/src/libsystemd/sd-rtnl/rtnl-message.c +@@ -335,24 +335,28 @@ int sd_rtnl_message_link_get_flags(sd_rtnl_message *m, unsigned *flags) { + /* If successful the updated message will be correctly aligned, if + unsuccessful the old message is untouched. */ + static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data, size_t data_length) { +- uint32_t rta_length, message_length; ++ uint32_t rta_length; ++ size_t message_length, padding_length; + struct nlmsghdr *new_hdr; + struct rtattr *rta; + char *padding; + unsigned i; ++ int offset; + + assert(m); + assert(m->hdr); + assert(!m->sealed); + assert(NLMSG_ALIGN(m->hdr->nlmsg_len) == m->hdr->nlmsg_len); +- assert(!data || data_length > 0); +- assert(data || m->n_containers < RTNL_CONTAINER_DEPTH); ++ assert(!data || data_length); ++ ++ /* get offset of the new attribute */ ++ offset = m->hdr->nlmsg_len; + + /* get the size of the new rta attribute (with padding at the end) */ + rta_length = RTA_LENGTH(data_length); + + /* get the new message size (with padding at the end) */ +- message_length = m->hdr->nlmsg_len + RTA_ALIGN(rta_length); ++ message_length = offset + RTA_ALIGN(rta_length); + + /* realloc to fit the new attribute */ + new_hdr = realloc(m->hdr, message_length); +@@ -361,32 +365,35 @@ static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data, + m->hdr = new_hdr; + + /* get pointer to the attribute we are about to add */ +- rta = (struct rtattr *) ((uint8_t *) m->hdr + m->hdr->nlmsg_len); ++ rta = (struct rtattr *) ((uint8_t *) m->hdr + offset); + + /* if we are inside containers, extend them */ + for (i = 0; i < m->n_containers; i++) +- GET_CONTAINER(m, i)->rta_len += message_length - m->hdr->nlmsg_len; ++ GET_CONTAINER(m, i)->rta_len += message_length - offset; + + /* fill in the attribute */ + rta->rta_type = type; + rta->rta_len = rta_length; +- if (!data) { +- /* this is the start of a new container */ +- m->container_offsets[m->n_containers ++] = m->hdr->nlmsg_len; +- } else { ++ if (data) + /* we don't deal with the case where the user lies about the type + * and gives us too little data (so don't do that) +- */ ++ */ + padding = mempcpy(RTA_DATA(rta), data, data_length); +- /* make sure also the padding at the end of the message is initialized */ +- memzero(padding, +- (uint8_t *) m->hdr + message_length - (uint8_t *) padding); ++ else { ++ /* if no data was passed, make sure we still initialize the padding ++ note that we can have data_length > 0 (used by some containers) */ ++ padding = RTA_DATA(rta); ++ data_length = 0; + } + ++ /* make sure also the padding at the end of the message is initialized */ ++ padding_length = (uint8_t*)m->hdr + message_length - (uint8_t*)padding; ++ memzero(padding, padding_length); ++ + /* update message size */ + m->hdr->nlmsg_len = message_length; + +- return 0; ++ return offset; + } + + int sd_rtnl_message_append_string(sd_rtnl_message *m, unsigned short type, const char *data) { +@@ -761,22 +768,29 @@ int sd_rtnl_message_open_container(sd_rtnl_message *m, unsigned short type) { + + assert_return(m, -EINVAL); + assert_return(!m->sealed, -EPERM); ++ assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -ERANGE); + + sd_rtnl_message_get_type(m, &rtm_type); + ++ int r = -ENOTSUP; ++ + if (rtnl_message_type_is_link(rtm_type)) { + + if ((type == IFLA_LINKINFO && m->n_containers == 0) || + (type == IFLA_INFO_DATA && m->n_containers == 1 && + GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO)) +- return add_rtattr(m, type, NULL, 0); ++ r = add_rtattr(m, type, NULL, 0); + else if (type == VETH_INFO_PEER && m->n_containers == 2 && + GET_CONTAINER(m, 1)->rta_type == IFLA_INFO_DATA && + GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO) +- return add_rtattr(m, type, NULL, sizeof(struct ifinfomsg)); ++ r= add_rtattr(m, type, NULL, sizeof(struct ifinfomsg)); + } + +- return -ENOTSUP; ++ if (r < 0) return r; ++ ++ m->container_offsets[m->n_containers ++] = r; ++ ++ return 0; + } + + int sd_rtnl_message_close_container(sd_rtnl_message *m) { diff --git a/src/libudev/libudev-monitor.c b/src/libudev/libudev-monitor.c index ba1b04d..85b1e40 100644 --- a/src/libudev/libudev-monitor.c From 315e58762dbb763e3ff4620cc06e9d1701495ff6 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 17 Aug 2014 16:04:47 +0200 Subject: [PATCH 15/61] perl: Disable tests It appears that these got re-enabled accidentally in d1ed0f44cd154926e761cedee1cee72e55345807. http://hydra.nixos.org/build/13369824 --- pkgs/development/interpreters/perl/5.16/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/perl/5.16/default.nix b/pkgs/development/interpreters/perl/5.16/default.nix index a01d7b2a86b..c1a5374c92e 100644 --- a/pkgs/development/interpreters/perl/5.16/default.nix +++ b/pkgs/development/interpreters/perl/5.16/default.nix @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { ${optionalString stdenv.isArm '' configureFlagsArray=(-Dldflags="-lm -lrt") ''} - + ${optionalString stdenv.isCygwin '' cp cygwin/cygwin.c{,.bak} echo "#define PERLIO_NOT_STDIO 0" > tmp @@ -70,6 +70,5 @@ stdenv.mkDerivation rec { setupHook = ./setup-hook.sh; - doCheck = stdenv.isLinux; passthru.libPrefix = "lib/perl5/site_perl"; } From 773595540bd3a52476a7c84799e374d086d1c648 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 17 Aug 2014 17:25:12 +0200 Subject: [PATCH 16/61] binutils: Enable sysroot support --- pkgs/development/tools/misc/binutils/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix index 8d8fc5d464e..246a8573fac 100644 --- a/pkgs/development/tools/misc/binutils/default.nix +++ b/pkgs/development/tools/misc/binutils/default.nix @@ -59,6 +59,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-shared" "--enable-deterministic-archives" ] + ++ optional noSysDirs "--with-sysroot=/var/empty" ++ optional (stdenv.system == "mips64el-linux") "--enable-fix-loongson2f-nop" ++ optional (cross != null) "--target=${cross.config}" ++ optionals gold [ "--enable-gold" "--enable-plugins" ] From 6dc5db3850a2ef5d01e871ec36f1d31457fc64da Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Aug 2014 16:32:00 +0200 Subject: [PATCH 17/61] Fix setting an empty password --- nixos/modules/config/update-users-groups.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index 2b9bfb764a8..197b65e27c4 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -211,7 +211,7 @@ foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) { my ($name, $password, @rest) = split(':', $line, -9); my $u = $usersOut{$name};; next if !defined $u; - $password = $u->{hashedPassword} if $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME + $password = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME push @shadowNew, join(":", $name, $password, @rest) . "\n"; $shadowSeen{$name} = 1; } @@ -219,7 +219,7 @@ foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) { foreach my $u (values %usersOut) { next if defined $shadowSeen{$u->{name}}; my $password = "!"; - $password = $u->{hashedPassword} if $u->{hashedPassword}; + $password = $u->{hashedPassword} if defined $u->{hashedPassword}; # FIXME: set correct value for sp_lstchg. push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n"; } From a0c60b76ec258ea158bebaea53d6d39055cdf857 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 18 Aug 2014 17:18:50 +0200 Subject: [PATCH 18/61] gcc: Revive the no-sys-dirs patch For now, we don't NATIVE_SYSTEM_HEADER_DIR because it breaks the build. However, it points to Glibc in the Nix store (not /usr/include) so it's kind of okay. --- pkgs/build-support/gcc-wrapper/gcc-wrapper.sh | 1 - pkgs/build-support/gcc-wrapper/ld-wrapper.sh | 3 -- .../development/compilers/gcc/4.8/default.nix | 1 + .../compilers/gcc/4.8/no-sys-dirs.patch | 28 +++++++++++++++++++ 4 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch diff --git a/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh b/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh index c53fd44207d..2ad7783a442 100644 --- a/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh +++ b/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh @@ -77,7 +77,6 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE"; then n=$((n + 1)) done params=("${rest[@]}") - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE --sysroot=/var/empty" fi diff --git a/pkgs/build-support/gcc-wrapper/ld-wrapper.sh b/pkgs/build-support/gcc-wrapper/ld-wrapper.sh index 822c4a03a21..51803e12a4e 100644 --- a/pkgs/build-support/gcc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/gcc-wrapper/ld-wrapper.sh @@ -32,9 +32,6 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE" \ # We cannot skip this; barf. echo "impure path \`$p' used in link" >&2 exit 1 - elif test "${p:0:9}" = "--sysroot"; then - # Our ld is not built with sysroot support (Can we fix that?) - : else rest=("${rest[@]}" "$p") fi diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 7b73559ba9c..7985b445ae0 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -64,6 +64,7 @@ let version = "4.8.3"; patches = [] ++ optional enableParallelBuilding ./parallel-bconfig.patch ++ optional (cross != null) ./libstdc++-target.patch + ++ optional noSysDirs ./no-sys-dirs.patch # The GNAT Makefiles did not pay attention to CFLAGS_FOR_TARGET for its # target libraries and tools. ++ optional langAda ./gnat-cflags.patch diff --git a/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch b/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch new file mode 100644 index 00000000000..36df51904ac --- /dev/null +++ b/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch @@ -0,0 +1,28 @@ +diff -ru -x '*~' gcc-4.8.3-orig/gcc/cppdefault.c gcc-4.8.3/gcc/cppdefault.c +--- gcc-4.8.3-orig/gcc/cppdefault.c 2013-01-10 21:38:27.000000000 +0100 ++++ gcc-4.8.3/gcc/cppdefault.c 2014-08-18 16:20:32.893944536 +0200 +@@ -35,6 +35,8 @@ + # undef CROSS_INCLUDE_DIR + #endif + ++#undef LOCAL_INCLUDE_DIR ++ + const struct default_include cpp_include_defaults[] + #ifdef INCLUDE_DEFAULTS + = INCLUDE_DEFAULTS; +diff -ru -x '*~' gcc-4.8.3-orig/gcc/gcc.c gcc-4.8.3/gcc/gcc.c +--- gcc-4.8.3-orig/gcc/gcc.c 2014-03-23 12:30:57.000000000 +0100 ++++ gcc-4.8.3/gcc/gcc.c 2014-08-18 13:19:32.689201690 +0200 +@@ -1162,10 +1162,10 @@ + /* Default prefixes to attach to command names. */ + + #ifndef STANDARD_STARTFILE_PREFIX_1 +-#define STANDARD_STARTFILE_PREFIX_1 "/lib/" ++#define STANDARD_STARTFILE_PREFIX_1 "" + #endif + #ifndef STANDARD_STARTFILE_PREFIX_2 +-#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/" ++#define STANDARD_STARTFILE_PREFIX_2 "" + #endif + + #ifdef CROSS_DIRECTORY_STRUCTURE /* Don't use these prefixes for a cross compiler. */ From 5c53f22492511d1d8de46ecd8f11fca20f1287fd Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 20 Aug 2014 10:39:03 +0200 Subject: [PATCH 19/61] Revert "binutils: Enable sysroot support" This reverts commit 773595540bd3a52476a7c84799e374d086d1c648. It breaks stuff and we don't need it anymore. http://hydra.nixos.org/build/13517591 --- pkgs/development/tools/misc/binutils/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix index 246a8573fac..8d8fc5d464e 100644 --- a/pkgs/development/tools/misc/binutils/default.nix +++ b/pkgs/development/tools/misc/binutils/default.nix @@ -59,7 +59,6 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-shared" "--enable-deterministic-archives" ] - ++ optional noSysDirs "--with-sysroot=/var/empty" ++ optional (stdenv.system == "mips64el-linux") "--enable-fix-loongson2f-nop" ++ optional (cross != null) "--target=${cross.config}" ++ optionals gold [ "--enable-gold" "--enable-plugins" ] From 91db3f6b4518ca8ebea6cfe38766f72d142ce36b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 12:15:45 +0200 Subject: [PATCH 20/61] kde4: security patch for CVE-2014-5033 --- pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix index 396adf9ba75..1698abfd00f 100644 --- a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix +++ b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix @@ -4,7 +4,7 @@ , automoc4, soprano, qca2, attica, enchant, libdbusmenu_qt, grantlee , docbook_xml_dtd_42, docbook_xsl, polkit_qt_1, acl, attr, libXtst , udev, herqq, phonon, libjpeg, xz, ilmbase, libxslt -, pkgconfig +, pkgconfig, fetchpatch }: kde { @@ -28,7 +28,15 @@ kde { # There are a few hardcoded paths. # Split plugins from libs? - patches = [ ../files/polkit-install.patch ]; + patches = [ + ../files/polkit-install.patch + (fetchpatch { + name = "CVE-2014-5033.patch"; + url = "http://quickgit.kde.org/?p=kdelibs.git" + + "&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23"; + sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73"; + }) + ]; cmakeFlags = [ "-DDOCBOOKXML_CURRENTDTD_DIR=${docbook_xml_dtd_42}/xml/dtd/docbook" From 32f95153a182e010224a62136209b636fc6cbc9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 11:49:14 +0200 Subject: [PATCH 21/61] ffmpeg (_1 and default _2): minor update, incl. security CVE-2014-{5271,5272} --- pkgs/development/libraries/ffmpeg/1.x.nix | 4 ++-- pkgs/development/libraries/ffmpeg/2.x.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/ffmpeg/1.x.nix b/pkgs/development/libraries/ffmpeg/1.x.nix index a0dcf52dcce..e2aa336d5d2 100644 --- a/pkgs/development/libraries/ffmpeg/1.x.nix +++ b/pkgs/development/libraries/ffmpeg/1.x.nix @@ -31,11 +31,11 @@ assert playSupport -> SDL != null; assert freetypeSupport -> freetype != null; stdenv.mkDerivation rec { - name = "ffmpeg-1.2.7"; + name = "ffmpeg-1.2.8"; src = fetchurl { url = "http://www.ffmpeg.org/releases/${name}.tar.bz2"; - sha256 = "13nj5q5ad0kcrid8r5x6x8lqfhk8kms14pmncf6vbdbk6x45k6v6"; + sha256 = "0n9fklr8zqkd60dc5ai161l6k4dbiac5hqy0pi1w82yamc25k6s2"; }; # `--enable-gpl' (as well as the `postproc' and `swscale') mean that diff --git a/pkgs/development/libraries/ffmpeg/2.x.nix b/pkgs/development/libraries/ffmpeg/2.x.nix index 19a4099a8b1..8a25c4812b2 100644 --- a/pkgs/development/libraries/ffmpeg/2.x.nix +++ b/pkgs/development/libraries/ffmpeg/2.x.nix @@ -5,11 +5,11 @@ }: stdenv.mkDerivation rec { - name = "ffmpeg-2.3.2"; + name = "ffmpeg-2.3.3"; src = fetchurl { url = "http://www.ffmpeg.org/releases/${name}.tar.bz2"; - sha256 = "1lpzqjpklmcjzk327pz070m3qz3s1cwg8v90w6r1sdh8491kbqc4"; + sha256 = "0ik4c06anh49r5b0d3rq9if4zl6ysjsa341655kzw22fl880sk5v"; }; subtitleSupport = config.ffmpeg.subtitle or true; From 3775fa9ea22401b69219b9a46aa60f51b45a10db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 11:52:07 +0200 Subject: [PATCH 22/61] subversion+serf: security update to fix CVE-2014-3504 Thanks to nixpkgs monitor again. --- pkgs/applications/version-management/subversion/default.nix | 4 ++-- pkgs/development/libraries/serf/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/version-management/subversion/default.nix b/pkgs/applications/version-management/subversion/default.nix index 7526bb5f043..6e3d2f3d4d5 100644 --- a/pkgs/applications/version-management/subversion/default.nix +++ b/pkgs/applications/version-management/subversion/default.nix @@ -17,13 +17,13 @@ assert javahlBindings -> jdk != null && perl != null; stdenv.mkDerivation rec { - version = "1.8.9"; + version = "1.8.10"; name = "subversion-${version}"; src = fetchurl { url = "mirror://apache/subversion/${name}.tar.bz2"; - sha1 = "424ee12708f39a126efd905886666083dcc4eeaf"; + sha1 = "d6896d94bb53c1b4c6e9c5bb1a5c466477b19b2b"; }; buildInputs = [ zlib apr aprutil sqlite ] diff --git a/pkgs/development/libraries/serf/default.nix b/pkgs/development/libraries/serf/default.nix index 409b5db0104..f0fedba5ac1 100644 --- a/pkgs/development/libraries/serf/default.nix +++ b/pkgs/development/libraries/serf/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, krb5, pkgconfig }: stdenv.mkDerivation rec { - name = "serf-1.3.6"; + name = "serf-1.3.7"; src = fetchurl { url = "http://serf.googlecode.com/svn/src_releases/${name}.tar.bz2"; - sha256 = "1wk3cplazs8jznjc9ylpd63rrk9k2y05xa7zqx7psycr0gmpnqya"; + sha1 = "db9ae339dba10a2b47f9bdacf30a58fd8e36683a"; }; buildInputs = [ apr scons openssl aprutil zlib krb5 pkgconfig ]; From 2b75fe851b7e20ed05912be9e28963b2fb2d12ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 10:50:52 +0200 Subject: [PATCH 23/61] readline-6.3: update, including security fixes Close #3706 CVE-2014-2524 (likely not affecting any our program anyway). --- .../libraries/readline/readline6.3.nix | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/pkgs/development/libraries/readline/readline6.3.nix b/pkgs/development/libraries/readline/readline6.3.nix index 9f5c9f7b581..356c2c055bd 100644 --- a/pkgs/development/libraries/readline/readline6.3.nix +++ b/pkgs/development/libraries/readline/readline6.3.nix @@ -1,11 +1,13 @@ -{ fetchurl, stdenv, ncurses }: +{ fetchzip, stdenv, ncurses }: stdenv.mkDerivation (rec { - name = "readline-6.3"; + name = "readline-6.3p08"; - src = fetchurl { - url = "mirror://gnu/readline/${name}.tar.gz"; - sha256 = "0hzxr9jxqqx5sxsv9vmlxdnvlr9vi4ih1avjb869hbs6p5qn1fjn"; + src = fetchzip { + #url = "mirror://gnu/readline/${name}.tar.gz"; + url = "http://git.savannah.gnu.org/cgit/readline.git/snapshot/" + + "readline-a73b98f779b388a5d0624e02e8bb187246e3e396.tar.gz"; + sha256 = "19ji3wrv4fs79fd0nkacjy9q94pvy2cm66yb3aqysahg0cbrz5l1"; }; propagatedBuildInputs = [ncurses]; @@ -17,7 +19,7 @@ stdenv.mkDerivation (rec { ./no-arch_only-6.3.patch ]; - meta = { + meta = with stdenv.lib; { description = "GNU Readline, a library for interactive line editing"; longDescription = '' @@ -37,9 +39,11 @@ stdenv.mkDerivation (rec { homepage = http://savannah.gnu.org/projects/readline/; - license = stdenv.lib.licenses.gpl3Plus; + license = licenses.gpl3Plus; - maintainers = [ stdenv.lib.maintainers.ludo ]; + maintainers = [ maintainers.ludo ]; + + platforms = platforms.unix; }; } From 50b65a7f8e097fffb6c561b806caaaa33473e939 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 14:17:05 +0200 Subject: [PATCH 24/61] readline: use 6.3 by default I found no build regressions with the most common dependents. It's possible that older readline branches may be vulnerable, although the last one announced seemed not to affect regular packages. --- pkgs/top-level/all-packages.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f2c8b83ada5..8a0a02d9c38 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2537,7 +2537,6 @@ let bashInteractive = appendToName "interactive" (callPackage ../shells/bash { interactive = true; - readline = readline63; # Includes many vi mode fixes }); bashCompletion = callPackage ../shells/bash-completion { }; @@ -3526,7 +3525,6 @@ let suitesparse = null; openjdk = null; gnuplot = null; - readline = readline63; }; octaveFull = (lowPrio (callPackage ../development/interpreters/octave { fltk = fltk13; @@ -4199,7 +4197,6 @@ let gdb = callPackage ../development/tools/misc/gdb { hurd = gnu.hurdCross; - readline = readline63; inherit (gnu) mig; }; @@ -6060,13 +6057,14 @@ let raul = callPackage ../development/libraries/audio/raul { }; - readline = readline6; # 6.2 works, 6.3 breaks python, parted + readline = readline6; + readline6 = readline63; readline4 = callPackage ../development/libraries/readline/readline4.nix { }; readline5 = callPackage ../development/libraries/readline/readline5.nix { }; - readline6 = callPackage ../development/libraries/readline/readline6.nix { }; + readline62 = callPackage ../development/libraries/readline/readline6.nix { }; readline63 = callPackage ../development/libraries/readline/readline6.3.nix { }; From 30fef8a3cffbc1586b448f227f8ebfa745bd1e95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 14:28:33 +0200 Subject: [PATCH 25/61] readline: remove unused old versions 4 and 5 ...including an unused patch. --- pkgs/development/libraries/readline/readline4.nix | 10 ---------- pkgs/development/libraries/readline/readline5.nix | 14 -------------- .../libraries/readline/shobj-darwin.patch | 11 ----------- pkgs/top-level/all-packages.nix | 4 ---- 4 files changed, 39 deletions(-) delete mode 100644 pkgs/development/libraries/readline/readline4.nix delete mode 100644 pkgs/development/libraries/readline/readline5.nix delete mode 100644 pkgs/development/libraries/readline/shobj-darwin.patch diff --git a/pkgs/development/libraries/readline/readline4.nix b/pkgs/development/libraries/readline/readline4.nix deleted file mode 100644 index d9dcdc9f048..00000000000 --- a/pkgs/development/libraries/readline/readline4.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ stdenv, fetchurl, ncurses }: - -stdenv.mkDerivation { - name = "readline-4.3"; - src = fetchurl { - url = mirror://gnu/readline/readline-4.3.tar.gz; - md5 = "f86f7cb717ab321fe15f1bbcb058c11e"; - }; - propagatedBuildInputs = [ncurses]; -} diff --git a/pkgs/development/libraries/readline/readline5.nix b/pkgs/development/libraries/readline/readline5.nix deleted file mode 100644 index c208d5b9fe6..00000000000 --- a/pkgs/development/libraries/readline/readline5.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ stdenv, fetchurl, ncurses }: - -stdenv.mkDerivation { - name = "readline-5.2"; - - src = fetchurl { - url = mirror://gnu/readline/readline-5.2.tar.gz; - sha256 = "0icz4hqqq8mlkwrpczyaha94kns0am9z0mh3a2913kg2msb8vs0j"; - }; - - propagatedBuildInputs = [ncurses]; - - patches = stdenv.lib.optional stdenv.isDarwin ./shobj-darwin.patch; -} diff --git a/pkgs/development/libraries/readline/shobj-darwin.patch b/pkgs/development/libraries/readline/shobj-darwin.patch deleted file mode 100644 index a9199ca3e89..00000000000 --- a/pkgs/development/libraries/readline/shobj-darwin.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/support/shobj-conf.orig 2006-04-11 06:15:43.000000000 -0700 -+++ b/support/shobj-conf 2007-11-08 01:15:43.000000000 -0800 -@@ -171,7 +171,7 @@ - SHLIB_LIBSUFF='dylib' - - case "${host_os}" in -- darwin[78]*) SHOBJ_LDFLAGS='' -+ darwin[789]*) SHOBJ_LDFLAGS='' - SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v' - ;; - *) SHOBJ_LDFLAGS='-dynamic' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8a0a02d9c38..02f99c1f969 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6060,10 +6060,6 @@ let readline = readline6; readline6 = readline63; - readline4 = callPackage ../development/libraries/readline/readline4.nix { }; - - readline5 = callPackage ../development/libraries/readline/readline5.nix { }; - readline62 = callPackage ../development/libraries/readline/readline6.nix { }; readline63 = callPackage ../development/libraries/readline/readline6.3.nix { }; From ead8f2ba0abba57cc6def5a14fe52a6b191ed57d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 11:23:23 +0200 Subject: [PATCH 26/61] mesa: bugfix update --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index bbad10898bf..54fd8d3810e 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -24,7 +24,7 @@ else */ let - version = "10.2.5"; + version = "10.2.6"; # this is the default search path for DRI drivers driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32"; in @@ -35,7 +35,7 @@ stdenv.mkDerivation { src = fetchurl { url = "ftp://ftp.freedesktop.org/pub/mesa/${version}/MesaLib-${version}.tar.bz2"; - sha256 = "039is15p8pkhf8m0yiyb72zybl63xb9ckqzcg3xwi8zlyw5ryidl"; + sha256 = "01n8ib190s12m8hiiyi4wfm9jhkbqjd769npjwvf965smp918cqr"; }; prePatch = "patchShebangs ."; From 315b8ec8f69384b2ef29f00aee9ef50613f368f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 14:10:22 +0200 Subject: [PATCH 27/61] orc: bugfix updates --- pkgs/development/compilers/orc/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/compilers/orc/default.nix b/pkgs/development/compilers/orc/default.nix index 7dfbe218bb7..2ce3e89e897 100644 --- a/pkgs/development/compilers/orc/default.nix +++ b/pkgs/development/compilers/orc/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - name = "orc-0.4.19"; + name = "orc-0.4.21"; src = fetchurl { - url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.gz"; - sha256 = "17mmgwll2waz44m908lcxc5fd6n44yysh7p4pdw33hr138r507z2"; + url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.xz"; + sha256 = "187wrnq0ficwjj4y3yqci5fxcdkiazfs6k5js26k5b26hipzmham"; }; doCheck = true; From c31c79f0dd82e9bf751dad16997388460a048dbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 11:23:42 +0200 Subject: [PATCH 28/61] xorg.xcb (lib+proto): update (seems mainly bug fixes) --- pkgs/servers/x11/xorg/default.nix | 12 ++++++------ pkgs/servers/x11/xorg/extra.list | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 6945d6559fb..8d00e8e5a49 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -915,11 +915,11 @@ let }) // {inherit ;}; libxcb = (mkDerivation "libxcb" { - name = "libxcb-1.10"; + name = "libxcb-1.11"; builder = ./builder.sh; src = fetchurl { - url = http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2; - sha256 = "1dfmyb1zjx6n0zhr4y40mc1crlmj3bfjjhmn0f30ip9nnq2spncq"; + url = http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2; + sha256 = "1xqgc81krx14f2c8yl5chzg5g2l26mhm2rwffy8dx7jv0iq5sqq3"; }; buildInputs = [pkgconfig libxslt libpthreadstubs python libXau xcbproto libXdmcp ]; }) // {inherit libxslt libpthreadstubs python libXau xcbproto libXdmcp ;}; @@ -1175,11 +1175,11 @@ let }) // {inherit ;}; xcbproto = (mkDerivation "xcbproto" { - name = "xcb-proto-1.10"; + name = "xcb-proto-1.11"; builder = ./builder.sh; src = fetchurl { - url = http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2; - sha256 = "01dgp802i4ic9wkmpa7g1wm50pp547d3b96jjz2hnxavhpfhvx3y"; + url = http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2; + sha256 = "0bp3f53l9fy5x3mn1rkj1g81aiyzl90wacwvqdgy831aa3kfxb5l"; }; buildInputs = [pkgconfig python ]; }) // {inherit python ;}; diff --git a/pkgs/servers/x11/xorg/extra.list b/pkgs/servers/x11/xorg/extra.list index 2d105241c2d..84795ed980b 100644 --- a/pkgs/servers/x11/xorg/extra.list +++ b/pkgs/servers/x11/xorg/extra.list @@ -1,6 +1,6 @@ http://xcb.freedesktop.org/dist/libpthread-stubs-0.3.tar.bz2 -http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2 -http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2 +http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2 +http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2 http://xcb.freedesktop.org/dist/xcb-util-0.3.9.tar.bz2 http://xcb.freedesktop.org/dist/xcb-util-image-0.3.9.tar.bz2 http://xcb.freedesktop.org/dist/xcb-util-keysyms-0.3.9.tar.bz2 From acf8919844a0bda2f8641028d17b6064557407c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 11:26:28 +0200 Subject: [PATCH 29/61] xorg.xrandr: minor bugfix update --- pkgs/servers/x11/xorg/default.nix | 6 +++--- pkgs/servers/x11/xorg/tarballs-7.7.list | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 8d00e8e5a49..d2978f59ec5 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -2025,11 +2025,11 @@ let }) // {inherit ;}; xrandr = (mkDerivation "xrandr" { - name = "xrandr-1.4.2"; + name = "xrandr-1.4.3"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2; - sha256 = "1g4hnj53wknsjwiqivyy3jl4qw7jwrpncz7d5p2z29zq5zlnxrxj"; + url = mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2; + sha256 = "06xy0kr6ih7ilrwl6b5g6ay75vm2j4lxnv1d5xlj6sdqhqsaqm3i"; }; buildInputs = [pkgconfig libX11 xproto libXrandr libXrender ]; }) // {inherit libX11 xproto libXrandr libXrender ;}; diff --git a/pkgs/servers/x11/xorg/tarballs-7.7.list b/pkgs/servers/x11/xorg/tarballs-7.7.list index 417d12ddadc..98386e3ff99 100644 --- a/pkgs/servers/x11/xorg/tarballs-7.7.list +++ b/pkgs/servers/x11/xorg/tarballs-7.7.list @@ -175,7 +175,7 @@ mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2 mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2 mirror://xorg/individual/app/xprop-1.2.2.tar.bz2 mirror://xorg/individual/proto/xproto-7.0.26.tar.bz2 -mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2 +mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2 mirror://xorg/individual/app/xrdb-1.1.0.tar.bz2 mirror://xorg/individual/app/xrefresh-1.0.5.tar.bz2 mirror://xorg/individual/app/xset-1.2.3.tar.bz2 From 59e3e060765f8c8e477bebbbca87969bf84618ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 11:46:25 +0200 Subject: [PATCH 30/61] xorg: update probably unused modules --- pkgs/servers/x11/xorg/default.nix | 12 ++++++------ pkgs/servers/x11/xorg/tarballs-7.7.list | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index d2978f59ec5..d64507ac3ba 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -1405,11 +1405,11 @@ let }) // {inherit inputproto xorgserver xproto ;}; xf86inputmouse = (mkDerivation "xf86inputmouse" { - name = "xf86-input-mouse-1.9.0"; + name = "xf86-input-mouse-1.9.1"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2; - sha256 = "12344w0cxac1ld54qqwynxwazbmmpvqh1mzcskmfkmakmr5iwq2x"; + url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2; + sha256 = "1kn5kx3qyn9qqvd6s24a2l1wfgck2pgfvzl90xpl024wfxsx719l"; }; buildInputs = [pkgconfig inputproto xorgserver xproto ]; }) // {inherit inputproto xorgserver xproto ;}; @@ -1515,11 +1515,11 @@ let }) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xorgserver xproto ;}; xf86videogeode = (mkDerivation "xf86videogeode" { - name = "xf86-video-geode-2.11.15"; + name = "xf86-video-geode-2.11.16"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2; - sha256 = "1w4ghr2a41kaw4g9na8ws5fjbmy8zkbxpxa21vmqc8mkjzb3pnq0"; + url = mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2; + sha256 = "19y13xl7yfrgyis92rmxi0ld95ajgr5il0n9j1dridwzw9aizz1q"; }; buildInputs = [pkgconfig fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ]; }) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ;}; diff --git a/pkgs/servers/x11/xorg/tarballs-7.7.list b/pkgs/servers/x11/xorg/tarballs-7.7.list index 98386e3ff99..d606f7daaa5 100644 --- a/pkgs/servers/x11/xorg/tarballs-7.7.list +++ b/pkgs/servers/x11/xorg/tarballs-7.7.list @@ -118,7 +118,7 @@ mirror://xorg/X11R7.7/src/everything/xf86driproto-2.1.1.tar.bz2 mirror://xorg/individual/driver/xf86-input-evdev-2.8.4.tar.bz2 mirror://xorg/individual/driver/xf86-input-joystick-1.6.2.tar.bz2 mirror://xorg/individual/driver/xf86-input-keyboard-1.8.0.tar.bz2 -mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2 +mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2 mirror://xorg/individual/driver/xf86-input-synaptics-1.7.6.tar.bz2 mirror://xorg/individual/driver/xf86-input-vmmouse-13.0.0.tar.bz2 mirror://xorg/individual/driver/xf86-input-void-1.4.0.tar.bz2 @@ -130,7 +130,7 @@ mirror://xorg/individual/driver/xf86-video-nouveau-1.0.10.tar.bz2 mirror://xorg/individual/driver/xf86-video-cirrus-1.5.2.tar.bz2 mirror://xorg/individual/driver/xf86-video-dummy-0.3.7.tar.bz2 mirror://xorg/individual/driver/xf86-video-fbdev-0.4.4.tar.bz2 -mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2 +mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2 mirror://xorg/individual/driver/xf86-video-glide-1.2.2.tar.bz2 mirror://xorg/individual/driver/xf86-video-glint-1.2.8.tar.bz2 mirror://xorg/individual/driver/xf86-video-i128-1.3.6.tar.bz2 From 084626deecaffcaa017af07eaab00682eff5d6f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 21 Aug 2014 21:15:32 +0200 Subject: [PATCH 31/61] glew: update, and tweak meta --- pkgs/development/libraries/glew/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/glew/default.nix b/pkgs/development/libraries/glew/default.nix index 9ec88799d0d..5127311e7c9 100644 --- a/pkgs/development/libraries/glew/default.nix +++ b/pkgs/development/libraries/glew/default.nix @@ -3,11 +3,11 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "glew-1.10.0"; + name = "glew-1.11.0"; src = fetchurl { url = "mirror://sourceforge/glew/${name}.tgz"; - sha256 = "01zki46dr5khzlyywr3cg615bcal32dazfazkf360s1znqh17i4r"; + sha256 = "1mhkllxz49l1x680dmzrv2i82qjrq017sykah3xc90f2d8qcxfv9"; }; nativeBuildInputs = [ x11 libXmu libXi ]; @@ -42,9 +42,11 @@ stdenv.mkDerivation rec { ] ++ optional (stdenv.cross.libc == "msvcrt") "SYSTEM=mingw" ++ optional (stdenv.cross.libc == "libSystem") "SYSTEM=darwin"; - meta = { + meta = with stdenv.lib; { description = "An OpenGL extension loading library for C(++)"; homepage = http://glew.sourceforge.net/; - license = ["BSD" "GLX" "SGI-B" "GPL2"]; # License description copied from gentoo-1.4.0 + license = licenses.free; # different files under different licenses + #["BSD" "GLX" "SGI-B" "GPL2"] + platforms = platforms.mesaPlatforms; }; } From 0df6ccb4b61892954dc222f0c34a3b3b7f52bc24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 23 Aug 2014 11:41:41 +0200 Subject: [PATCH 32/61] orc: disable tests on i686 The failing test doesn't even work in the commit that introduced it. --- pkgs/development/compilers/orc/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/orc/default.nix b/pkgs/development/compilers/orc/default.nix index 2ce3e89e897..ca5eadc8a64 100644 --- a/pkgs/development/compilers/orc/default.nix +++ b/pkgs/development/compilers/orc/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "187wrnq0ficwjj4y3yqci5fxcdkiazfs6k5js26k5b26hipzmham"; }; - doCheck = true; + doCheck = stdenv.is64bit; # see https://bugzilla.gnome.org/show_bug.cgi?id=728129#c7 meta = { description = "The Oil Runtime Compiler"; From 8a445f923710ff1a4885c268a16cb931e3b639f0 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Sat, 23 Aug 2014 20:34:01 +0200 Subject: [PATCH 33/61] Refactor fetchurl handling in stdenvLinux All the different stages of stdenv had the fetchurl inherited anyways, so make this generic in stdenvBootFun. This commit doesn't change the outhash (or drvhash) of the stdenv. --- pkgs/stdenv/linux/default.nix | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 23cccf223f4..71b23a396d9 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -46,7 +46,7 @@ rec { builder = bootstrapFiles.sh; args = - if system == "armv5tel-linux" || system == "armv6l-linux" + if system == "armv5tel-linux" || system == "armv6l-linux" || system == "armv7l-linux" then [ ./scripts/unpack-bootstrap-tools-arm.sh ] else [ ./scripts/unpack-bootstrap-tools.sh ]; @@ -69,9 +69,9 @@ rec { # This function builds the various standard environments used during # the bootstrap. stdenvBootFun = - {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? [], fetchurl}: + {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? []}: - import ../generic { + let thisStdenv = import ../generic { inherit system config; name = "stdenv-linux-boot"; preHook = @@ -83,27 +83,22 @@ rec { ''; shell = "${bootstrapTools}/bin/sh"; initialPath = [bootstrapTools] ++ extraPath; - fetchurlBoot = fetchurl; + fetchurlBoot = import ../../build-support/fetchurl { + stdenv = stdenvLinuxBoot0; + curl = bootstrapTools; + }; inherit gcc; # Having the proper 'platform' in all the stdenvs allows getting proper # linuxHeaders for example. extraAttrs = extraAttrs // { inherit platform; }; - overrides = pkgs: (overrides pkgs) // { - inherit fetchurl; - }; + overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; }; }; + in thisStdenv; # Build a dummy stdenv with no GCC or working fetchurl. This is # because we need a stdenv to build the GCC wrapper and fetchurl. stdenvLinuxBoot0 = stdenvBootFun { gcc = "/no-such-path"; - fetchurl = null; - }; - - - fetchurl = import ../../build-support/fetchurl { - stdenv = stdenvLinuxBoot0; - curl = bootstrapTools; }; @@ -142,7 +137,6 @@ rec { binutils = bootstrapTools; coreutils = bootstrapTools; }; - inherit fetchurl; }; @@ -168,7 +162,6 @@ rec { overrides = pkgs: { inherit (stdenvLinuxBoot1Pkgs) perl; }; - inherit fetchurl; }; @@ -211,7 +204,6 @@ rec { glibc = stdenvLinuxGlibc; # Required by gcc47 build }; extraPath = [ stdenvLinuxBoot1Pkgs.paxctl ]; - inherit fetchurl; }; @@ -238,7 +230,6 @@ rec { inherit (stdenvLinuxBoot1Pkgs) perl; inherit (stdenvLinuxBoot3Pkgs) gettext gnum4 gmp; }; - inherit fetchurl; }; @@ -281,7 +272,7 @@ rec { shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash"; - fetchurlBoot = fetchurl; + fetchurlBoot = stdenvLinuxBoot0.fetchurlBoot; extraAttrs = { inherit (stdenvLinuxBoot3Pkgs) glibc; From 142970b9eb1925d67b4b9b41d060533fe249f2ec Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Sat, 23 Aug 2014 20:45:32 +0200 Subject: [PATCH 34/61] Refactor wrapGCC in stdenvLinux Don't use default parameter values, to make the callsites more readable and for easier debuggability/changability. Also reordered the callsites' parameter ordering for consistency. In the final stdenv don't repeat the name of the shell. This commit doesn't change the outhash (or drvhash) of the stdenv. --- pkgs/stdenv/linux/default.nix | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 71b23a396d9..d2c36b9dc0d 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -118,12 +118,12 @@ rec { # A helper function to call gcc-wrapper. wrapGCC = - { gcc ? bootstrapTools, libc, binutils, coreutils, shell ? "", name ? "bootstrap-gcc-wrapper" }: + { gcc, libc, binutils, coreutils, name }: lib.makeOverridable (import ../../build-support/gcc-wrapper) { nativeTools = false; nativeLibc = false; - inherit gcc binutils coreutils libc shell name; + inherit gcc binutils coreutils libc name; stdenv = stdenvLinuxBoot0; }; @@ -133,9 +133,11 @@ rec { # configure script happy. stdenvLinuxBoot1 = stdenvBootFun { gcc = wrapGCC { + gcc = bootstrapTools; libc = bootstrapGlibc; binutils = bootstrapTools; coreutils = bootstrapTools; + name = "bootstrap-gcc-wrapper"; }; }; @@ -155,9 +157,11 @@ rec { # 3) 2nd stdenv that we will use to build only Glibc. stdenvLinuxBoot2 = stdenvBootFun { gcc = wrapGCC { + gcc = bootstrapTools; libc = bootstrapGlibc; binutils = binutils1; coreutils = bootstrapTools; + name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { inherit (stdenvLinuxBoot1Pkgs) perl; @@ -183,9 +187,11 @@ rec { # binutils and rest of the bootstrap tools, including GCC. stdenvLinuxBoot3 = stdenvBootFun { gcc = wrapGCC { + gcc = bootstrapTools; + libc = stdenvLinuxGlibc; binutils = binutils1; coreutils = bootstrapTools; - libc = stdenvLinuxGlibc; + name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { glibc = stdenvLinuxGlibc; @@ -219,10 +225,10 @@ rec { # (e.g. coreutils) are still from the bootstrap tools. stdenvLinuxBoot4 = stdenvBootFun { gcc = wrapGCC rec { + gcc = stdenvLinuxBoot3Pkgs.gcc.gcc; + libc = stdenvLinuxGlibc; binutils = binutils1; coreutils = bootstrapTools; - libc = stdenvLinuxGlibc; - gcc = stdenvLinuxBoot3Pkgs.gcc.gcc; name = ""; }; extraPath = [ stdenvLinuxBoot3Pkgs.xz ]; @@ -262,16 +268,15 @@ rec { ((import ../common-path.nix) {pkgs = stdenvLinuxBoot4Pkgs;}) ++ [stdenvLinuxBoot4Pkgs.patchelf stdenvLinuxBoot4Pkgs.paxctl ]; - gcc = wrapGCC rec { - inherit (stdenvLinuxBoot4Pkgs) binutils coreutils; - libc = stdenvLinuxGlibc; - gcc = stdenvLinuxBoot4.gcc.gcc; - shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash"; - name = ""; - }; - shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash"; + gcc = (wrapGCC rec { + gcc = stdenvLinuxBoot4.gcc.gcc; + libc = stdenvLinuxGlibc; + inherit (stdenvLinuxBoot4Pkgs) binutils coreutils; + name = ""; + }).override { inherit shell; }; + fetchurlBoot = stdenvLinuxBoot0.fetchurlBoot; extraAttrs = { From 350022247a0b59abf42228d1d3fbb4222974b130 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Sat, 23 Aug 2014 21:26:37 +0200 Subject: [PATCH 35/61] Refactor stage handling in stdenvLinux Make stages explicit and generalize the pattern of having an stdenv and a pkgs collection for all stages to a common stage generating function called stageFun. Rewrite all stage handling with this new function. This commit doesn't change the outhash (or drvhash) of the stdenv. --- pkgs/stdenv/linux/default.nix | 187 +++++++++++++++------------------- 1 file changed, 80 insertions(+), 107 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index d2c36b9dc0d..6c910c284a5 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -35,8 +35,8 @@ rec { # The bootstrap process proceeds in several steps. - # 1) Create a standard environment by downloading pre-built binaries - # of coreutils, GCC, etc. + # Create a standard environment by downloading pre-built binaries of + # coreutils, GCC, etc. # Download and unpack the bootstrap tools (coreutils, GCC, Glibc, ...). @@ -67,11 +67,13 @@ rec { # This function builds the various standard environments used during - # the bootstrap. - stdenvBootFun = + # the bootstrap. In all stages, we build an stdenv and the package + # set that can be built with that stdenv. + stageFun = {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? []}: - let thisStdenv = import ../generic { + let + thisStdenv = import ../generic { inherit system config; name = "stdenv-linux-boot"; preHook = @@ -84,7 +86,7 @@ rec { shell = "${bootstrapTools}/bin/sh"; initialPath = [bootstrapTools] ++ extraPath; fetchurlBoot = import ../../build-support/fetchurl { - stdenv = stdenvLinuxBoot0; + stdenv = stage0.stdenv; curl = bootstrapTools; }; inherit gcc; @@ -93,26 +95,32 @@ rec { extraAttrs = extraAttrs // { inherit platform; }; overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; }; }; - in thisStdenv; + thisPkgs = allPackages { + inherit system platform; + bootStdenv = thisStdenv; + }; + in { stdenv = thisStdenv; pkgs = thisPkgs; }; # Build a dummy stdenv with no GCC or working fetchurl. This is # because we need a stdenv to build the GCC wrapper and fetchurl. - stdenvLinuxBoot0 = stdenvBootFun { + stage0 = stageFun { gcc = "/no-such-path"; - }; - - # The Glibc include directory cannot have the same prefix as the GCC - # include directory, since GCC gets confused otherwise (it will - # search the Glibc headers before the GCC headers). So create a - # dummy Glibc. - bootstrapGlibc = stdenvLinuxBoot0.mkDerivation { - name = "bootstrap-glibc"; - buildCommand = '' - mkdir -p $out - ln -s ${bootstrapTools}/lib $out/lib - ln -s ${bootstrapTools}/include-glibc $out/include - ''; + overrides = pkgs: { + # The Glibc include directory cannot have the same prefix as the + # GCC include directory, since GCC gets confused otherwise (it + # will search the Glibc headers before the GCC headers). So + # create a dummy Glibc here, which will be used in the stdenv of + # stage1. + glibc = stage0.stdenv.mkDerivation { + name = "bootstrap-glibc"; + buildCommand = '' + mkdir -p $out + ln -s ${bootstrapTools}/lib $out/lib + ln -s ${bootstrapTools}/include-glibc $out/include + ''; + }; + }; }; @@ -124,78 +132,58 @@ rec { nativeTools = false; nativeLibc = false; inherit gcc binutils coreutils libc name; - stdenv = stdenvLinuxBoot0; + stdenv = stage0.stdenv; }; # Create the first "real" standard environment. This one consists # of bootstrap tools only, and a minimal Glibc to keep the GCC # configure script happy. - stdenvLinuxBoot1 = stdenvBootFun { + stage1 = stageFun { gcc = wrapGCC { gcc = bootstrapTools; - libc = bootstrapGlibc; + libc = stage0.pkgs.glibc; binutils = bootstrapTools; coreutils = bootstrapTools; name = "bootstrap-gcc-wrapper"; }; + # Rebuild binutils to use from stage2 onwards. + overrides = pkgs: { + binutils = pkgs.binutils.override { gold = false; }; + }; }; - # 2) These are the packages that we can build with the first - # stdenv. We only need binutils, because recent Glibcs - # require recent Binutils, and those in bootstrap-tools may - # be too old. - stdenvLinuxBoot1Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot1; - }; - - binutils1 = stdenvLinuxBoot1Pkgs.binutils.override { gold = false; }; - - - # 3) 2nd stdenv that we will use to build only Glibc. - stdenvLinuxBoot2 = stdenvBootFun { + # 2nd stdenv that contains our own rebuilt binutils and is used for + # compiling our own Glibc. + stage2 = stageFun { gcc = wrapGCC { gcc = bootstrapTools; - libc = bootstrapGlibc; - binutils = binutils1; + libc = stage0.pkgs.glibc; + binutils = stage1.pkgs.binutils; coreutils = bootstrapTools; name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { - inherit (stdenvLinuxBoot1Pkgs) perl; + inherit (stage1.pkgs) perl; + # This also contains the full, dynamically linked, final Glibc. }; }; - # 4) These are the packages that we can build with the 2nd - # stdenv. - stdenvLinuxBoot2Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot2; - }; - - - # 5) Build Glibc with the bootstrap tools. The result is the full, - # dynamically linked, final Glibc. - stdenvLinuxGlibc = stdenvLinuxBoot2Pkgs.glibc; - - - # 6) Construct a third stdenv identical to the 2nd, except that this - # one uses the Glibc built in step 5. It still uses the recent - # binutils and rest of the bootstrap tools, including GCC. - stdenvLinuxBoot3 = stdenvBootFun { + # Construct a third stdenv identical to the 2nd, except that this + # one uses the rebuilt Glibc from stage2. It still uses the recent + # binutils and rest of the bootstrap tools, including GCC. + stage3 = stageFun { gcc = wrapGCC { gcc = bootstrapTools; - libc = stdenvLinuxGlibc; - binutils = binutils1; + libc = stage2.pkgs.glibc; + binutils = stage1.pkgs.binutils; coreutils = bootstrapTools; name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { - glibc = stdenvLinuxGlibc; - inherit (stdenvLinuxBoot1Pkgs) perl; + inherit (stage2.pkgs) glibc perl; # Link GCC statically against GMP etc. This makes sense because # these builds of the libraries are only used by GCC, so it # reduces the size of the stdenv closure. @@ -207,52 +195,37 @@ rec { ppl = pkgs.ppl.override { stdenv = pkgs.makeStaticLibraries pkgs.stdenv; }; }; extraAttrs = { - glibc = stdenvLinuxGlibc; # Required by gcc47 build + glibc = stage2.pkgs.glibc; # Required by gcc47 build }; - extraPath = [ stdenvLinuxBoot1Pkgs.paxctl ]; + extraPath = [ stage1.pkgs.paxctl ]; }; - # 7) The packages that can be built using the third stdenv. - stdenvLinuxBoot3Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot3; - }; - - - # 8) Construct a fourth stdenv identical to the second, except that - # this one uses the new GCC from step 7. The other tools - # (e.g. coreutils) are still from the bootstrap tools. - stdenvLinuxBoot4 = stdenvBootFun { - gcc = wrapGCC rec { - gcc = stdenvLinuxBoot3Pkgs.gcc.gcc; - libc = stdenvLinuxGlibc; - binutils = binutils1; + # Construct a fourth stdenv that uses the new GCC. But coreutils is + # still from the bootstrap tools. + stage4 = stageFun { + gcc = wrapGCC { + gcc = stage3.pkgs.gcc.gcc; + libc = stage2.pkgs.glibc; + binutils = stage1.pkgs.binutils; coreutils = bootstrapTools; name = ""; }; - extraPath = [ stdenvLinuxBoot3Pkgs.xz ]; + extraPath = [ stage3.pkgs.xz ]; overrides = pkgs: { - inherit (stdenvLinuxBoot1Pkgs) perl; - inherit (stdenvLinuxBoot3Pkgs) gettext gnum4 gmp; + inherit (stage1.pkgs) perl; + inherit (stage3.pkgs) gettext gnum4 gmp glibc; }; }; - # 9) The packages that can be built using the fourth stdenv. - stdenvLinuxBoot4Pkgs = allPackages { - inherit system platform; - bootStdenv = stdenvLinuxBoot4; - }; - - - # 10) Construct the final stdenv. It uses the Glibc and GCC, and - # adds in a new binutils that doesn't depend on bootstrap-tools, - # as well as dynamically linked versions of all other tools. + # Construct the final stdenv. It uses the Glibc and GCC, and adds + # in a new binutils that doesn't depend on bootstrap-tools, as well + # as dynamically linked versions of all other tools. # - # When updating stdenvLinux, make sure that the result has no - # dependency (`nix-store -qR') on bootstrapTools or the - # first binutils built. + # When updating stdenvLinux, make sure that the result has no + # dependency (`nix-store -qR') on bootstrapTools or the first + # binutils built. stdenvLinux = import ../generic rec { inherit system config; @@ -265,31 +238,31 @@ rec { ''; initialPath = - ((import ../common-path.nix) {pkgs = stdenvLinuxBoot4Pkgs;}) - ++ [stdenvLinuxBoot4Pkgs.patchelf stdenvLinuxBoot4Pkgs.paxctl ]; + ((import ../common-path.nix) {pkgs = stage4.pkgs;}) + ++ [stage4.pkgs.patchelf stage4.pkgs.paxctl ]; - shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash"; + shell = stage4.pkgs.bash + "/bin/bash"; gcc = (wrapGCC rec { - gcc = stdenvLinuxBoot4.gcc.gcc; - libc = stdenvLinuxGlibc; - inherit (stdenvLinuxBoot4Pkgs) binutils coreutils; + gcc = stage4.stdenv.gcc.gcc; + libc = stage4.pkgs.glibc; + inherit (stage4.pkgs) binutils coreutils; name = ""; }).override { inherit shell; }; - fetchurlBoot = stdenvLinuxBoot0.fetchurlBoot; + fetchurlBoot = stage4.stdenv.fetchurl; extraAttrs = { - inherit (stdenvLinuxBoot3Pkgs) glibc; + inherit (stage4.pkgs) glibc; inherit platform bootstrapTools; - shellPackage = stdenvLinuxBoot4Pkgs.bash; + shellPackage = stage4.pkgs.bash; }; overrides = pkgs: { inherit gcc; - inherit (stdenvLinuxBoot3Pkgs) glibc; - inherit (stdenvLinuxBoot4Pkgs) binutils; - inherit (stdenvLinuxBoot4Pkgs) + inherit (stage3.pkgs) glibc; + inherit (stage4.pkgs) binutils; + inherit (stage4.pkgs) gzip bzip2 xz bash coreutils diffutils findutils gawk gnumake gnused gnutar gnugrep gnupatch patchelf attr acl paxctl; From 49e5837780b9811f5cb9f36979a3a3b737b2d94f Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Sun, 24 Aug 2014 15:47:10 +0200 Subject: [PATCH 36/61] Move wrapGCC helper up This commit doesn't change the outhash (or drvhash) of the stdenv. --- pkgs/stdenv/linux/default.nix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 6c910c284a5..2d96869f23e 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -66,6 +66,18 @@ rec { }; + # A helper function to call gcc-wrapper. + wrapGCC = + { gcc, libc, binutils, coreutils, name }: + + lib.makeOverridable (import ../../build-support/gcc-wrapper) { + nativeTools = false; + nativeLibc = false; + inherit gcc binutils coreutils libc name; + stdenv = stage0.stdenv; + }; + + # This function builds the various standard environments used during # the bootstrap. In all stages, we build an stdenv and the package # set that can be built with that stdenv. @@ -101,6 +113,7 @@ rec { }; in { stdenv = thisStdenv; pkgs = thisPkgs; }; + # Build a dummy stdenv with no GCC or working fetchurl. This is # because we need a stdenv to build the GCC wrapper and fetchurl. stage0 = stageFun { @@ -124,18 +137,6 @@ rec { }; - # A helper function to call gcc-wrapper. - wrapGCC = - { gcc, libc, binutils, coreutils, name }: - - lib.makeOverridable (import ../../build-support/gcc-wrapper) { - nativeTools = false; - nativeLibc = false; - inherit gcc binutils coreutils libc name; - stdenv = stage0.stdenv; - }; - - # Create the first "real" standard environment. This one consists # of bootstrap tools only, and a minimal Glibc to keep the GCC # configure script happy. From ea65229f70fe75ebc8440d69575a9b8f2e573da0 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Sun, 24 Aug 2014 15:55:14 +0200 Subject: [PATCH 37/61] Refactor stages to only ever refer to the previous stage This commit doesn't change the outhash (or drvhash) of the stdenv. --- pkgs/stdenv/linux/default.nix | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 2d96869f23e..6d54228978f 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -140,6 +140,13 @@ rec { # Create the first "real" standard environment. This one consists # of bootstrap tools only, and a minimal Glibc to keep the GCC # configure script happy. + # + # For clarity, we only use the previous stage when specifying these + # stages. So stageN should only ever have references for stage{N-1}. + # + # If we ever need to use a package from more than one stage back, we + # simply re-export those packages in the middle stage(s) using the + # overrides attribute and the inherit syntax. stage1 = stageFun { gcc = wrapGCC { gcc = bootstrapTools; @@ -151,6 +158,7 @@ rec { # Rebuild binutils to use from stage2 onwards. overrides = pkgs: { binutils = pkgs.binutils.override { gold = false; }; + inherit (stage0.pkgs) glibc; }; }; @@ -160,13 +168,13 @@ rec { stage2 = stageFun { gcc = wrapGCC { gcc = bootstrapTools; - libc = stage0.pkgs.glibc; + libc = stage1.pkgs.glibc; binutils = stage1.pkgs.binutils; coreutils = bootstrapTools; name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { - inherit (stage1.pkgs) perl; + inherit (stage1.pkgs) perl binutils paxctl; # This also contains the full, dynamically linked, final Glibc. }; }; @@ -179,12 +187,12 @@ rec { gcc = wrapGCC { gcc = bootstrapTools; libc = stage2.pkgs.glibc; - binutils = stage1.pkgs.binutils; + binutils = stage2.pkgs.binutils; coreutils = bootstrapTools; name = "bootstrap-gcc-wrapper"; }; overrides = pkgs: { - inherit (stage2.pkgs) glibc perl; + inherit (stage2.pkgs) binutils glibc perl; # Link GCC statically against GMP etc. This makes sense because # these builds of the libraries are only used by GCC, so it # reduces the size of the stdenv closure. @@ -198,7 +206,7 @@ rec { extraAttrs = { glibc = stage2.pkgs.glibc; # Required by gcc47 build }; - extraPath = [ stage1.pkgs.paxctl ]; + extraPath = [ stage2.pkgs.paxctl ]; }; @@ -207,15 +215,14 @@ rec { stage4 = stageFun { gcc = wrapGCC { gcc = stage3.pkgs.gcc.gcc; - libc = stage2.pkgs.glibc; - binutils = stage1.pkgs.binutils; + libc = stage3.pkgs.glibc; + binutils = stage3.pkgs.binutils; coreutils = bootstrapTools; name = ""; }; extraPath = [ stage3.pkgs.xz ]; overrides = pkgs: { - inherit (stage1.pkgs) perl; - inherit (stage3.pkgs) gettext gnum4 gmp glibc; + inherit (stage3.pkgs) gettext gnum4 gmp perl glibc; }; }; @@ -261,11 +268,9 @@ rec { overrides = pkgs: { inherit gcc; - inherit (stage3.pkgs) glibc; - inherit (stage4.pkgs) binutils; inherit (stage4.pkgs) - gzip bzip2 xz bash coreutils diffutils findutils gawk - gnumake gnused gnutar gnugrep gnupatch patchelf + gzip bzip2 xz bash binutils coreutils diffutils findutils gawk + glibc gnumake gnused gnutar gnugrep gnupatch patchelf attr acl paxctl; }; }; From 27d39849355d1a39f8538d09c52e04f8f87510ea Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 24 Aug 2014 18:08:23 +0200 Subject: [PATCH 38/61] Indentation --- pkgs/stdenv/linux/default.nix | 53 ++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 6d54228978f..80bc982267b 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -85,32 +85,35 @@ rec { {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? []}: let - thisStdenv = import ../generic { - inherit system config; - name = "stdenv-linux-boot"; - preHook = - '' - # Don't patch #!/interpreter because it leads to retained - # dependencies on the bootstrapTools in the final stdenv. - dontPatchShebangs=1 - ${commonPreHook} - ''; - shell = "${bootstrapTools}/bin/sh"; - initialPath = [bootstrapTools] ++ extraPath; - fetchurlBoot = import ../../build-support/fetchurl { - stdenv = stage0.stdenv; - curl = bootstrapTools; + + thisStdenv = import ../generic { + inherit system config; + name = "stdenv-linux-boot"; + preHook = + '' + # Don't patch #!/interpreter because it leads to retained + # dependencies on the bootstrapTools in the final stdenv. + dontPatchShebangs=1 + ${commonPreHook} + ''; + shell = "${bootstrapTools}/bin/sh"; + initialPath = [bootstrapTools] ++ extraPath; + fetchurlBoot = import ../../build-support/fetchurl { + stdenv = stage0.stdenv; + curl = bootstrapTools; + }; + inherit gcc; + # Having the proper 'platform' in all the stdenvs allows getting proper + # linuxHeaders for example. + extraAttrs = extraAttrs // { inherit platform; }; + overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; }; }; - inherit gcc; - # Having the proper 'platform' in all the stdenvs allows getting proper - # linuxHeaders for example. - extraAttrs = extraAttrs // { inherit platform; }; - overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; }; - }; - thisPkgs = allPackages { - inherit system platform; - bootStdenv = thisStdenv; - }; + + thisPkgs = allPackages { + inherit system platform; + bootStdenv = thisStdenv; + }; + in { stdenv = thisStdenv; pkgs = thisPkgs; }; From f5d648e27d1b31c91740d536a88e7d2c251aaf79 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 25 Aug 2014 09:35:06 +0200 Subject: [PATCH 39/61] Fix evaluation --- pkgs/stdenv/linux/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 80bc982267b..1daebd9dd36 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -261,7 +261,7 @@ rec { name = ""; }).override { inherit shell; }; - fetchurlBoot = stage4.stdenv.fetchurl; + inherit (stage4.stdenv) fetchurlBoot; extraAttrs = { inherit (stage4.pkgs) glibc; From 1f2b636ff62ed6df735c6ee187f495c6371d9283 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Mon, 25 Aug 2014 21:16:38 +0200 Subject: [PATCH 40/61] Fix zlib handling in stdenvLinux Previously stdenv depended on two different zlibs and there was a third one in the top-level package set for other purposes. This commit merges all this zlibs to one. --- pkgs/stdenv/linux/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 1daebd9dd36..6f8b42c2266 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -225,7 +225,11 @@ rec { }; extraPath = [ stage3.pkgs.xz ]; overrides = pkgs: { - inherit (stage3.pkgs) gettext gnum4 gmp perl glibc; + # Zlib has to be inherited and not rebuilt in this stage, + # because gcc (since JAR support) already depends on zlib, and + # then if we already have a zlib we want to use that for the + # other purposes (binutils and top-level pkgs) too. + inherit (stage3.pkgs) gettext gnum4 gmp perl glibc zlib; }; }; @@ -274,7 +278,7 @@ rec { inherit (stage4.pkgs) gzip bzip2 xz bash binutils coreutils diffutils findutils gawk glibc gnumake gnused gnutar gnugrep gnupatch patchelf - attr acl paxctl; + attr acl paxctl zlib; }; }; From cefe9fac459b7d51dd7b080bd16d24c24735d9f6 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Thu, 28 Aug 2014 18:33:51 +0200 Subject: [PATCH 41/61] Enable parallel building for cloog and isl Since these are GCC dependencies, this speeds up building the stdenv closure. --- pkgs/development/libraries/cloog/default.nix | 2 ++ pkgs/development/libraries/isl/0.12.2.nix | 2 ++ pkgs/development/libraries/isl/default.nix | 2 ++ 3 files changed, 6 insertions(+) diff --git a/pkgs/development/libraries/cloog/default.nix b/pkgs/development/libraries/cloog/default.nix index da4501285e1..242af84eb90 100644 --- a/pkgs/development/libraries/cloog/default.nix +++ b/pkgs/development/libraries/cloog/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-isl=system" ]; + enableParallelBuilding = true; + doCheck = true; meta = { diff --git a/pkgs/development/libraries/isl/0.12.2.nix b/pkgs/development/libraries/isl/0.12.2.nix index f1da2c06409..67620881bca 100644 --- a/pkgs/development/libraries/isl/0.12.2.nix +++ b/pkgs/development/libraries/isl/0.12.2.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [ gmp ]; + enableParallelBuilding = true; + meta = { homepage = http://www.kotnet.org/~skimo/isl/; license = stdenv.lib.licenses.lgpl21; diff --git a/pkgs/development/libraries/isl/default.nix b/pkgs/development/libraries/isl/default.nix index 7e08c8afe6f..931ee831b73 100644 --- a/pkgs/development/libraries/isl/default.nix +++ b/pkgs/development/libraries/isl/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { buildInputs = [ gmp ]; patches = [ ./fix-gcc-build.diff ]; + enableParallelBuilding = true; + meta = { homepage = http://www.kotnet.org/~skimo/isl/; license = stdenv.lib.licenses.lgpl21; From dd3f3bdcc28282e6d235ff16d7173ee9ea81d7b0 Mon Sep 17 00:00:00 2001 From: Gergely Risko Date: Thu, 28 Aug 2014 18:03:22 +0200 Subject: [PATCH 42/61] GCC >= 4.8 doesn't depend on ppl --- pkgs/development/compilers/gcc/4.8/default.nix | 16 ++-------------- pkgs/development/compilers/gcc/4.9/default.nix | 13 +------------ 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 7985b445ae0..f56ee003f50 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -13,7 +13,7 @@ , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, mpc, gettext, which , libelf # optional, for link-time optimizations (LTO) -, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework. +, cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null , libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null @@ -276,7 +276,6 @@ stdenv.mkDerivation ({ ++ (optional javaAwtGtk pkgconfig); buildInputs = [ gmp mpfr mpc libelf ] - ++ (optional (ppl != null) ppl) ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -293,15 +292,7 @@ stdenv.mkDerivation ({ NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lm -ldl"; - preConfigure = '' - configureFlagsArray=( - ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic) - "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"} - ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS) - "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\" - \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""} - ); - '' + stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) '' + preConfigure = stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) '' export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g` export LDFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $LDFLAGS_FOR_TARGET" export CXXFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $CXXFLAGS_FOR_TARGET" @@ -329,7 +320,6 @@ stdenv.mkDerivation ({ ${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} ${if enablePlugin then "--enable-plugin" else "--disable-plugin"} - ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""} ${optionalString (isl != null) "--with-isl=${isl}"} ${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"} ${if langJava then @@ -412,7 +402,6 @@ stdenv.mkDerivation ({ configureFlags = '' ${if enableMultilib then "" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} - ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""} ${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""} ${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""} ${if javaAwtGtk then "--enable-java-awt=gtk" else ""} @@ -521,7 +510,6 @@ stdenv.mkDerivation ({ maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ]; - # Volunteers needed for the {Cyg,Dar}win ports of *PPL. # gnatboot is not available out of linux platforms, so we disable the darwin build # for the gnat (ada compiler). platforms = diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index f61e6b4445a..d38040a48b3 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -11,7 +11,7 @@ , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, mpc, gettext, which , libelf # optional, for link-time optimizations (LTO) -, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework. +, cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null , libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null @@ -273,7 +273,6 @@ stdenv.mkDerivation ({ ++ (optional javaAwtGtk pkgconfig); buildInputs = [ gmp mpfr mpc libelf ] - ++ (optional (ppl != null) ppl) ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -291,13 +290,6 @@ stdenv.mkDerivation ({ NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lm -ldl"; preConfigure = '' - configureFlagsArray=( - ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic) - "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"} - ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS) - "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\" - \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""} - ); ${stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) '' export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g` @@ -319,7 +311,6 @@ stdenv.mkDerivation ({ ${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} ${if enablePlugin then "--enable-plugin" else "--disable-plugin"} - ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""} ${optionalString (isl != null) "--with-isl=${isl}"} ${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"} ${if langJava then @@ -400,7 +391,6 @@ stdenv.mkDerivation ({ configureFlags = '' ${if enableMultilib then "" else "--disable-multilib"} ${if enableShared then "" else "--disable-shared"} - ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""} ${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""} ${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""} ${if javaAwtGtk then "--enable-java-awt=gtk" else ""} @@ -507,7 +497,6 @@ stdenv.mkDerivation ({ maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ]; - # Volunteers needed for the {Cyg,Dar}win ports of *PPL. # gnatboot is not available out of linux platforms, so we disable the darwin build # for the gnat (ada compiler). platforms = From 60902b97fe4a96d370bc0c5e3690fa45da77d78d Mon Sep 17 00:00:00 2001 From: Mateusz Kowalczyk Date: Fri, 29 Aug 2014 11:40:46 +0100 Subject: [PATCH 43/61] ed: update to 1.10 (close #3852) --- pkgs/applications/editors/ed/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkgs/applications/editors/ed/default.nix b/pkgs/applications/editors/ed/default.nix index d3e9a4c4679..b1b9616eaab 100644 --- a/pkgs/applications/editors/ed/default.nix +++ b/pkgs/applications/editors/ed/default.nix @@ -1,11 +1,12 @@ -{ fetchurl, stdenv }: +{ fetchurl, stdenv, lzip }: stdenv.mkDerivation rec { - name = "ed-1.9"; + version = "1.10"; + name = "ed-${version}"; src = fetchurl { - url = "mirror://gnu/ed/${name}.tar.gz"; - sha256 = "122syihsx2hwzj75mkf5a9ssiky2xby748kp4cc00wzhmp7p5cym"; + url = "mirror://gnu/ed/${name}.tar.lz"; + sha256 = "16kycdm5fcvpdr41hxb2da8da6jzs9dqznsg5552z6rh28n0jh4m"; }; /* FIXME: Tests currently fail on Darwin: @@ -23,6 +24,8 @@ stdenv.mkDerivation rec { compileFlags = [ "CC=${stdenv.cross.config}-gcc" ]; }; + buildInputs = [ lzip ]; + meta = { description = "GNU ed, an implementation of the standard Unix editor"; @@ -38,9 +41,7 @@ stdenv.mkDerivation rec { ''; license = stdenv.lib.licenses.gpl3Plus; - homepage = http://www.gnu.org/software/ed/; - - maintainers = [ ]; + maintainers = with stdenv.lib.maintainers; [ fuuzetsu ]; }; } From a283bec71cec60c2b9c84ea9af320fc8df0dfd5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Aug 2014 09:44:07 +0200 Subject: [PATCH 44/61] glibc: fix CVE-2014-5119 by Debian patch --- .../libraries/glibc/2.19/common.nix | 1 + .../libraries/glibc/2.19/cve-2014-5119.patch | 206 ++++++++++++++++++ 2 files changed, 207 insertions(+) create mode 100644 pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch diff --git a/pkgs/development/libraries/glibc/2.19/common.nix b/pkgs/development/libraries/glibc/2.19/common.nix index cd1ba747d7c..a828148c3d5 100644 --- a/pkgs/development/libraries/glibc/2.19/common.nix +++ b/pkgs/development/libraries/glibc/2.19/common.nix @@ -60,6 +60,7 @@ stdenv.mkDerivation ({ ./fix-math.patch ./cve-2014-0475.patch + ./cve-2014-5119.patch ]; postPatch = '' diff --git a/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch b/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch new file mode 100644 index 00000000000..cbae03425eb --- /dev/null +++ b/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch @@ -0,0 +1,206 @@ +http://anonscm.debian.org/viewvc/pkg-glibc/glibc-package/trunk/debian/patches/any/cvs-CVE-2014-5119.diff?revision=6248&view=co + +commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 +Author: Florian Weimer +Date: Tue Aug 26 19:38:59 2014 +0200 + + __gconv_translit_find: Disable function [BZ #17187] + + This functionality has never worked correctly, and the implementation + contained a security vulnerability (CVE-2014-5119). + +2014-08-26 Florian Weimer + + [BZ #17187] + * iconv/gconv_trans.c (struct known_trans, search_tree, lock, + trans_compare, open_translit, __gconv_translit_find): + Remove module loading code. + +--- a/iconv/gconv_trans.c ++++ b/iconv/gconv_trans.c +@@ -238,181 +238,12 @@ __gconv_transliterate (struct __gconv_step *step, + return __GCONV_ILLEGAL_INPUT; + } + +- +-/* Structure to represent results of found (or not) transliteration +- modules. */ +-struct known_trans +-{ +- /* This structure must remain the first member. */ +- struct trans_struct info; +- +- char *fname; +- void *handle; +- int open_count; +-}; +- +- +-/* Tree with results of previous calls to __gconv_translit_find. */ +-static void *search_tree; +- +-/* We modify global data. */ +-__libc_lock_define_initialized (static, lock); +- +- +-/* Compare two transliteration entries. */ +-static int +-trans_compare (const void *p1, const void *p2) +-{ +- const struct known_trans *s1 = (const struct known_trans *) p1; +- const struct known_trans *s2 = (const struct known_trans *) p2; +- +- return strcmp (s1->info.name, s2->info.name); +-} +- +- +-/* Open (maybe reopen) the module named in the struct. Get the function +- and data structure pointers we need. */ +-static int +-open_translit (struct known_trans *trans) +-{ +- __gconv_trans_query_fct queryfct; +- +- trans->handle = __libc_dlopen (trans->fname); +- if (trans->handle == NULL) +- /* Not available. */ +- return 1; +- +- /* Find the required symbol. */ +- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context"); +- if (queryfct == NULL) +- { +- /* We cannot live with that. */ +- close_and_out: +- __libc_dlclose (trans->handle); +- trans->handle = NULL; +- return 1; +- } +- +- /* Get the context. */ +- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames) +- != 0) +- goto close_and_out; +- +- /* Of course we also have to have the actual function. */ +- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans"); +- if (trans->info.trans_fct == NULL) +- goto close_and_out; +- +- /* Now the optional functions. */ +- trans->info.trans_init_fct = +- __libc_dlsym (trans->handle, "gconv_trans_init"); +- trans->info.trans_context_fct = +- __libc_dlsym (trans->handle, "gconv_trans_context"); +- trans->info.trans_end_fct = +- __libc_dlsym (trans->handle, "gconv_trans_end"); +- +- trans->open_count = 1; +- +- return 0; +-} +- +- + int + internal_function + __gconv_translit_find (struct trans_struct *trans) + { +- struct known_trans **found; +- const struct path_elem *runp; +- int res = 1; +- +- /* We have to have a name. */ +- assert (trans->name != NULL); +- +- /* Acquire the lock. */ +- __libc_lock_lock (lock); +- +- /* See whether we know this module already. */ +- found = __tfind (trans, &search_tree, trans_compare); +- if (found != NULL) +- { +- /* Is this module available? */ +- if ((*found)->handle != NULL) +- { +- /* Maybe we have to reopen the file. */ +- if ((*found)->handle != (void *) -1) +- /* The object is not unloaded. */ +- res = 0; +- else if (open_translit (*found) == 0) +- { +- /* Copy the data. */ +- *trans = (*found)->info; +- (*found)->open_count++; +- res = 0; +- } +- } +- } +- else +- { +- size_t name_len = strlen (trans->name) + 1; +- int need_so = 0; +- struct known_trans *newp; +- +- /* We have to continue looking for the module. */ +- if (__gconv_path_elem == NULL) +- __gconv_get_path (); +- +- /* See whether we have to append .so. */ +- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0) +- need_so = 1; +- +- /* Create a new entry. */ +- newp = (struct known_trans *) malloc (sizeof (struct known_trans) +- + (__gconv_max_path_elem_len +- + name_len + 3) +- + name_len); +- if (newp != NULL) +- { +- char *cp; +- +- /* Clear the struct. */ +- memset (newp, '\0', sizeof (struct known_trans)); +- +- /* Store a copy of the module name. */ +- newp->info.name = cp = (char *) (newp + 1); +- cp = __mempcpy (cp, trans->name, name_len); +- +- newp->fname = cp; +- +- /* Search in all the directories. */ +- for (runp = __gconv_path_elem; runp->name != NULL; ++runp) +- { +- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name), +- trans->name, name_len); +- if (need_so) +- memcpy (cp, ".so", sizeof (".so")); +- +- if (open_translit (newp) == 0) +- { +- /* We found a module. */ +- res = 0; +- break; +- } +- } +- +- if (res) +- newp->fname = NULL; +- +- /* In any case we'll add the entry to our search tree. */ +- if (__tsearch (newp, &search_tree, trans_compare) == NULL) +- { +- /* Yickes, this should not happen. Unload the object. */ +- res = 1; +- /* XXX unload here. */ +- } +- } +- } +- +- __libc_lock_unlock (lock); +- +- return res; ++ /* Transliteration module loading has been removed because it never ++ worked as intended and suffered from a security vulnerability. ++ Consequently, this function always fails. */ ++ return 1; + } From fccf486762eb7213a27b4d265ef7eaf2487e7406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Aug 2014 10:17:40 +0200 Subject: [PATCH 45/61] libav: maintenance+security update CVE-2013-{0848,3672,3674,7020} and CVE-2014-{2098,2263} --- pkgs/development/libraries/libav/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libav/default.nix b/pkgs/development/libraries/libav/default.nix index 2f9e1786473..264868e4a97 100644 --- a/pkgs/development/libraries/libav/default.nix +++ b/pkgs/development/libraries/libav/default.nix @@ -28,7 +28,7 @@ let result = { libav_0_8 = libavFun "0.8.13" "1fr3rzykrlm1cla0csm9hqa3gcqp19hf5rgn70nyb9w92r67v685"; libav_9 = libavFun "9.16" "18378gdgzqsxaacc9vl7ligwndbdvy95wbn50hs8xvdqn1rn916a"; - libav_10 = libavFun "10.3" "1fq83rc5534fjqjlhkw5i9k54dmyqn2pgvyillm6pws8rkn9yb5r"; + libav_10 = libavFun "10.4" "1zzvjfdlv9swhq7dzvli1pk8cn02q1076ax9m3cx9ipilbg21639"; }; libavFun = version : sha256 : stdenv.mkDerivation rec { From 20aacf89a3d197bee10cc8e2d672a8e33f73d296 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Aug 2014 10:25:16 +0200 Subject: [PATCH 46/61] libpng: code-cleanup update --- pkgs/development/libraries/libpng/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix index 1f04ae8fca5..3f8622535db 100644 --- a/pkgs/development/libraries/libpng/default.nix +++ b/pkgs/development/libraries/libpng/default.nix @@ -3,11 +3,11 @@ assert zlib != null; let - version = "1.6.12"; - sha256 = "0pkcirbfzhqqsm3hr2alxprw5n22a836qk4df1jnns6jk79gcby3"; + version = "1.6.13"; + sha256 = "09g631h1f1xvrdiy36mh1034r9w46damp9jcg7nm507wlmacxj6r"; patch_src = fetchurl { url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz"; - sha256 = "0r2vmsc4cvxisjr7jqw2vjf66isb2fhs4nnssz3l3jgdangj8wz0"; + sha256 = "017pnxp3zhhlh6mg2yqn5xrb6dcxc5p3dp1kr46p8xx052i0hzqb"; }; whenPatched = stdenv.lib.optionalString apngSupport; From aa3248c62e55e329ebbc271dcd1dc3a72635a4e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Aug 2014 10:47:22 +0200 Subject: [PATCH 47/61] harfbuzz: small update --- pkgs/development/libraries/harfbuzz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix index 8340660e392..45cdc5be02b 100644 --- a/pkgs/development/libraries/harfbuzz/default.nix +++ b/pkgs/development/libraries/harfbuzz/default.nix @@ -8,11 +8,11 @@ # (icu is a ~30 MB dependency, the rest is very small in comparison) stdenv.mkDerivation rec { - name = "harfbuzz-0.9.33"; + name = "harfbuzz-0.9.35"; src = fetchurl { url = "http://www.freedesktop.org/software/harfbuzz/release/${name}.tar.bz2"; - sha256 = "1iql2ghlndqgx9q6p098xf253rjz5rnrv5qniwgd1b5q0jzwa4yk"; + sha256 = "1v86596994bnb9hx7laykhw4ipixqz9ckwzyyqf340pmlsmsi88a"; }; configureFlags = [ From 01c0be6ece84ff168a33feef08f1f69d1ce91ad7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Aug 2014 11:23:50 +0200 Subject: [PATCH 48/61] gstreamer-1: bugfix-only update of all components 1.4.0 -> 1.4.1 --- pkgs/development/libraries/gstreamer/bad/default.nix | 6 +++--- pkgs/development/libraries/gstreamer/base/default.nix | 4 ++-- pkgs/development/libraries/gstreamer/core/default.nix | 6 +++--- pkgs/development/libraries/gstreamer/good/default.nix | 4 ++-- pkgs/development/libraries/gstreamer/libav/default.nix | 4 ++-- pkgs/development/libraries/gstreamer/ugly/default.nix | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/pkgs/development/libraries/gstreamer/bad/default.nix b/pkgs/development/libraries/gstreamer/bad/default.nix index d86e450477d..a02af7f0cd7 100644 --- a/pkgs/development/libraries/gstreamer/bad/default.nix +++ b/pkgs/development/libraries/gstreamer/bad/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, pkgconfig, python, gst-plugins-base, orc , faacSupport ? false, faac ? null , faad2, libass, libkate, libmms -, libmodplug, mpeg2dec, mpg123 +, libmodplug, mpeg2dec, mpg123 , openjpeg, libopus, librsvg , wildmidi, fluidsynth, libvdpau, wayland , libwebp, xvidcore, gnutls @@ -10,7 +10,7 @@ assert faacSupport -> faac != null; stdenv.mkDerivation rec { - name = "gst-plugins-bad-1.4.0"; + name = "gst-plugins-bad-1.4.1"; meta = with stdenv.lib; { description = "Gstreamer Bad Plugins"; @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}/src/gst-plugins-bad/${name}.tar.xz"; - sha256 = "1y821785rvr6s79cmdll66hg6h740qa2n036xid20nvjyxabfb7z"; + sha256 = "0268db2faaf0bb22e5b709a11633abbca4f3d289b1f513bb262d0bf3f53e19ae"; }; nativeBuildInputs = [ pkgconfig python ]; diff --git a/pkgs/development/libraries/gstreamer/base/default.nix b/pkgs/development/libraries/gstreamer/base/default.nix index 9ae5f194fa2..3b9e94f4c65 100644 --- a/pkgs/development/libraries/gstreamer/base/default.nix +++ b/pkgs/development/libraries/gstreamer/base/default.nix @@ -4,7 +4,7 @@ }: stdenv.mkDerivation rec { - name = "gst-plugins-base-1.4.0"; + name = "gst-plugins-base-1.4.1"; meta = { description = "Base plugins and helper libraries"; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}/src/gst-plugins-base/${name}.tar.xz"; - sha256 = "07jcs08hjyban0amls5s0g6i4a1hwiir1llwpqzlwkmnhfwx9bjx"; + sha256 = "aea9e25be6691bd3cc0785d005b2b5d70ce313a2c897901680a3f7e7cab5a499"; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/gstreamer/core/default.nix b/pkgs/development/libraries/gstreamer/core/default.nix index a99c0f14ecc..8e9a2b87a01 100644 --- a/pkgs/development/libraries/gstreamer/core/default.nix +++ b/pkgs/development/libraries/gstreamer/core/default.nix @@ -1,9 +1,9 @@ { stdenv, fetchurl, pkgconfig, perl, bison, flex, python, gobjectIntrospection -, glib +, glib }: stdenv.mkDerivation rec { - name = "gstreamer-1.4.0"; + name = "gstreamer-1.4.1"; meta = { description = "Open source multimedia framework"; @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}/src/gstreamer/${name}.tar.xz"; - sha256 = "15f68pn2b47x543ih7hj59czgzl4af14j15bgjq8ky145gf9zhr3"; + sha256 = "5638f75003282135815c0077d491da11e9a884ad91d4ba6ab3cc78bae0fb452e"; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/gstreamer/good/default.nix b/pkgs/development/libraries/gstreamer/good/default.nix index 69ffa81cb25..176814c5ecd 100644 --- a/pkgs/development/libraries/gstreamer/good/default.nix +++ b/pkgs/development/libraries/gstreamer/good/default.nix @@ -7,7 +7,7 @@ }: stdenv.mkDerivation rec { - name = "gst-plugins-good-1.4.0"; + name = "gst-plugins-good-1.4.1"; meta = with stdenv.lib; { description = "Gstreamer Good Plugins"; @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}/src/gst-plugins-good/${name}.tar.xz"; - sha256 = "11965w4zr0jvrsnw33rbcc8d20dlh368rz0x16d2iypzhxwjx9j8"; + sha256 = "8559d4270065b30ed5c49b826e1b7a3a2bd5ee9a340ae745a2ae3f9718e4c637"; }; nativeBuildInputs = [ pkgconfig python ]; diff --git a/pkgs/development/libraries/gstreamer/libav/default.nix b/pkgs/development/libraries/gstreamer/libav/default.nix index ee4b3c392dd..e25492c1d13 100644 --- a/pkgs/development/libraries/gstreamer/libav/default.nix +++ b/pkgs/development/libraries/gstreamer/libav/default.nix @@ -6,7 +6,7 @@ assert withSystemLibav -> libav != null; stdenv.mkDerivation rec { - name = "gst-libav-1.4.0"; + name = "gst-libav-1.4.1"; meta = { homepage = "http://gstreamer.freedesktop.org"; @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}/src/gst-libav/${name}.tar.xz"; - sha256 = "1073p7xdpr3pwyx37fnldfni908apnq3k9fbqmxf5wk3g1jplb68"; + sha256 = "fc125521187fa84f3210269a0eecc51f8a856802f1ca4bb251f118dab90c5a9d"; }; configureFlags = stdenv.lib.optionalString withSystemLibav diff --git a/pkgs/development/libraries/gstreamer/ugly/default.nix b/pkgs/development/libraries/gstreamer/ugly/default.nix index da37280af99..6a80514e8a1 100644 --- a/pkgs/development/libraries/gstreamer/ugly/default.nix +++ b/pkgs/development/libraries/gstreamer/ugly/default.nix @@ -5,7 +5,7 @@ }: stdenv.mkDerivation rec { - name = "gst-plugins-ugly-1.4.0"; + name = "gst-plugins-ugly-1.4.1"; meta = with stdenv.lib; { description = "Gstreamer Ugly Plugins"; @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz"; - sha256 = "0kblc5f4n0mh2sw8dhf7c9dg3wzm7a0p7pqpcff7n6ixy5hbn52k"; + sha256 = "25440435ac4ed795d213f2420a0e7355e4a2e2e76d1f9d020b2073f815e8b071"; }; nativeBuildInputs = [ pkgconfig python ]; From fcafdd27616b91049c506441802b9cfe970388d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Aug 2014 13:28:44 +0200 Subject: [PATCH 49/61] stdenv/setup.sh: unbreak *.lz sources on darwin --- pkgs/stdenv/generic/setup.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index c3b9033b49a..94a73680e3e 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -450,6 +450,10 @@ unpackFile() { # Don't rely on tar knowing about .xz. xz -d < $curSrc | tar xf - ;; + *.tar.lz ) + # Don't rely on tar knowing about .lz. + lzip -d < $curSrc | tar xf - + ;; *.tar | *.tar.* | *.tgz | *.tbz2) # GNU tar can automatically select the decompression method # (info "(tar) gzip"). From 74b808a66f2ce58f8edaca4e08b14f9c28e9a9e7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 30 Aug 2014 22:41:01 +0200 Subject: [PATCH 50/61] Revert "ed: update to 1.10 (close #3852)" This reverts commit 60902b97fe4a96d370bc0c5e3690fa45da77d78d. It breaks building on Darwin: http://hydra.nixos.org/build/13832410 It also adds a gratuitous dependency to the stdenv bootstrap. --- pkgs/applications/editors/ed/default.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pkgs/applications/editors/ed/default.nix b/pkgs/applications/editors/ed/default.nix index ea8b2b27987..0c764fcf8f8 100644 --- a/pkgs/applications/editors/ed/default.nix +++ b/pkgs/applications/editors/ed/default.nix @@ -1,12 +1,11 @@ -{ fetchurl, stdenv, lzip }: +{ fetchurl, stdenv }: stdenv.mkDerivation rec { - version = "1.10"; - name = "ed-${version}"; + name = "ed-1.9"; src = fetchurl { - url = "mirror://gnu/ed/${name}.tar.lz"; - sha256 = "16kycdm5fcvpdr41hxb2da8da6jzs9dqznsg5552z6rh28n0jh4m"; + url = "mirror://gnu/ed/${name}.tar.gz"; + sha256 = "122syihsx2hwzj75mkf5a9ssiky2xby748kp4cc00wzhmp7p5cym"; }; /* FIXME: Tests currently fail on Darwin: @@ -24,8 +23,6 @@ stdenv.mkDerivation rec { compileFlags = [ "CC=${stdenv.cross.config}-gcc" ]; }; - buildInputs = [ lzip ]; - meta = { description = "An implementation of the standard Unix editor"; @@ -41,7 +38,9 @@ stdenv.mkDerivation rec { ''; license = stdenv.lib.licenses.gpl3Plus; + homepage = http://www.gnu.org/software/ed/; - maintainers = with stdenv.lib.maintainers; [ fuuzetsu ]; + + maintainers = [ ]; }; } From 3360fa1afb15bc82e49885d511de5e26b12a092d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 30 Aug 2014 22:41:56 +0200 Subject: [PATCH 51/61] Revert "stdenv/setup.sh: unbreak *.lz sources on darwin" This reverts commit fcafdd27616b91049c506441802b9cfe970388d4. We're trying to modularise stdenv, not add more ad-hoc compression support. --- pkgs/stdenv/generic/setup.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 94a73680e3e..c3b9033b49a 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -450,10 +450,6 @@ unpackFile() { # Don't rely on tar knowing about .xz. xz -d < $curSrc | tar xf - ;; - *.tar.lz ) - # Don't rely on tar knowing about .lz. - lzip -d < $curSrc | tar xf - - ;; *.tar | *.tar.* | *.tgz | *.tbz2) # GNU tar can automatically select the decompression method # (info "(tar) gzip"). From acba6b4da25e4b92e2422036104ad2040bef1acd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 30 Aug 2014 22:52:27 +0200 Subject: [PATCH 52/61] ed: update to 1.10, working around *.lz problem --- pkgs/applications/editors/ed/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/editors/ed/default.nix b/pkgs/applications/editors/ed/default.nix index 0c764fcf8f8..bccd7754efb 100644 --- a/pkgs/applications/editors/ed/default.nix +++ b/pkgs/applications/editors/ed/default.nix @@ -1,11 +1,14 @@ { fetchurl, stdenv }: stdenv.mkDerivation rec { - name = "ed-1.9"; + name = "ed-1.10"; src = fetchurl { - url = "mirror://gnu/ed/${name}.tar.gz"; - sha256 = "122syihsx2hwzj75mkf5a9ssiky2xby748kp4cc00wzhmp7p5cym"; + # gnu only provides *.lz tarball, which is unfriendly for stdenv bootstrapping + #url = "mirror://gnu/ed/${name}.tar.gz"; + url = "http://pkgs.fedoraproject.org/repo/extras/ed/${name}.tar.bz2" + + "/38204d4c690a17a989e802ba01b45e98/${name}.tar.bz2"; + sha256 = "16qvshl8470f3znjfrrci3lzllqkzc6disk5kygzsg9hh4f6wysq"; }; /* FIXME: Tests currently fail on Darwin: From b2887c0b5ea3943a8dd5d99ddba6123428c8bfde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 1 Sep 2014 11:33:48 +0200 Subject: [PATCH 53/61] readline5: recover, as it was still used Partial revert of 30fef8a3cffbc1. I probably confused that with unused readline62. --- pkgs/development/libraries/readline/readline5.nix | 15 +++++++++++++++ .../libraries/readline/shobj-darwin.patch | 11 +++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 3 files changed, 28 insertions(+) create mode 100644 pkgs/development/libraries/readline/readline5.nix create mode 100644 pkgs/development/libraries/readline/shobj-darwin.patch diff --git a/pkgs/development/libraries/readline/readline5.nix b/pkgs/development/libraries/readline/readline5.nix new file mode 100644 index 00000000000..ad9860d855e --- /dev/null +++ b/pkgs/development/libraries/readline/readline5.nix @@ -0,0 +1,15 @@ +{ stdenv, fetchurl, ncurses }: + +stdenv.mkDerivation { + name = "readline-5.2"; + + src = fetchurl { + url = mirror://gnu/readline/readline-5.2.tar.gz; + sha256 = "0icz4hqqq8mlkwrpczyaha94kns0am9z0mh3a2913kg2msb8vs0j"; + }; + + propagatedBuildInputs = [ncurses]; + + patches = stdenv.lib.optional stdenv.isDarwin ./shobj-darwin.patch; +} + diff --git a/pkgs/development/libraries/readline/shobj-darwin.patch b/pkgs/development/libraries/readline/shobj-darwin.patch new file mode 100644 index 00000000000..a9199ca3e89 --- /dev/null +++ b/pkgs/development/libraries/readline/shobj-darwin.patch @@ -0,0 +1,11 @@ +--- a/support/shobj-conf.orig 2006-04-11 06:15:43.000000000 -0700 ++++ b/support/shobj-conf 2007-11-08 01:15:43.000000000 -0800 +@@ -171,7 +171,7 @@ + SHLIB_LIBSUFF='dylib' + + case "${host_os}" in +- darwin[78]*) SHOBJ_LDFLAGS='' ++ darwin[789]*) SHOBJ_LDFLAGS='' + SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v' + ;; + *) SHOBJ_LDFLAGS='-dynamic' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 48a4f8b1ba9..7d89e4b4292 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6104,6 +6104,8 @@ let readline = readline6; readline6 = readline63; + readline5 = callPackage ../development/libraries/readline/readline5.nix { }; + readline62 = callPackage ../development/libraries/readline/readline6.nix { }; readline63 = callPackage ../development/libraries/readline/readline6.3.nix { }; From 6329b7ae600105227bf13498a23ce328a98554c0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 2 Sep 2014 12:44:44 +0200 Subject: [PATCH 54/61] Drop unnecessary attributes --- pkgs/development/libraries/serf/default.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/serf/default.nix b/pkgs/development/libraries/serf/default.nix index 873f59dba3a..1e8eec6ae45 100644 --- a/pkgs/development/libraries/serf/default.nix +++ b/pkgs/development/libraries/serf/default.nix @@ -1,8 +1,7 @@ { stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, krb5, pkgconfig }: stdenv.mkDerivation rec { - version = "1.3.7"; - name = "serf-${version}"; + name = "serf-1.3.7"; src = fetchurl { url = "http://serf.googlecode.com/svn/src_releases/${name}.tar.bz2"; @@ -28,11 +27,8 @@ stdenv.mkDerivation rec { meta = { description = "HTTP client library based on APR"; - license = stdenv.lib.licenses.asl20 ; + license = stdenv.lib.licenses.asl20; maintainers = [stdenv.lib.maintainers.raskin]; hydraPlatforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; - inherit version; - downloadPage = "http://serf.googlecode.com/svn/src_releases/"; - updateWalker = true; }; } From 9d64b445b61f71b13f9803cf0313ebd77dda4499 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 2 Sep 2014 13:07:49 +0200 Subject: [PATCH 55/61] swig: Disable ccache stuff http://hydra.nixos.org/build/13936297 --- pkgs/development/tools/misc/swig/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/misc/swig/default.nix b/pkgs/development/tools/misc/swig/default.nix index 66d6b65453e..c4fcd315845 100644 --- a/pkgs/development/tools/misc/swig/default.nix +++ b/pkgs/development/tools/misc/swig/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { # 'make check' uses boost and tcl buildInputs = stdenv.lib.optionals doCheck [ boost tcl ]; - configureFlags = stdenv.lib.optionalString stdenv.isDarwin "--disable-ccache"; + configureFlags = "--disable-ccache"; meta = { description = "Interface compiler that connects C/C++ code to higher-level languages"; From 715943a6fbaf025bcadd6dcee5f6007c4da15ab7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 2 Sep 2014 13:18:03 +0200 Subject: [PATCH 56/61] ld-wrapper: Put back the --sysroot filter We still need this because some clang-based packages depend on it. (The sysroot filtering was originally done by clang-wrapper's ld-wrapper, but we merged the ld-wrappers in a4f9b9c8b5ec9ef106671ffdf93e0059835d0ec1.) http://hydra.nixos.org/build/13906922 --- pkgs/build-support/gcc-wrapper/ld-wrapper.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/build-support/gcc-wrapper/ld-wrapper.sh b/pkgs/build-support/gcc-wrapper/ld-wrapper.sh index 51803e12a4e..822c4a03a21 100644 --- a/pkgs/build-support/gcc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/gcc-wrapper/ld-wrapper.sh @@ -32,6 +32,9 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE" \ # We cannot skip this; barf. echo "impure path \`$p' used in link" >&2 exit 1 + elif test "${p:0:9}" = "--sysroot"; then + # Our ld is not built with sysroot support (Can we fix that?) + : else rest=("${rest[@]}" "$p") fi From 6734f37ec6b7d263374f0a6ef9a1cdeab68be1d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 2 Sep 2014 21:52:34 +0200 Subject: [PATCH 57/61] twinkle: disable parallel building, as it was failing http://hydra.nixos.org/build/13919809 --- .../networking/instant-messengers/twinkle/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/instant-messengers/twinkle/default.nix b/pkgs/applications/networking/instant-messengers/twinkle/default.nix index 2e6b904c134..c7f33c1f580 100644 --- a/pkgs/applications/networking/instant-messengers/twinkle/default.nix +++ b/pkgs/applications/networking/instant-messengers/twinkle/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { NIX_CFLAGS_LINK = "-Wl,--as-needed -lboost_regex -lasound -lzrtpcpp -lspeex -lspeexdsp"; - enableParallelBuilding = true; + #enableParallelBuilding = true; # fatal error: messageform.h: No such file or directory meta = with stdenv.lib; { homepage = http://www.twinklephone.com/; From 4a2b6a63b61890aab22a6cf6e4dbafb5be814957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 4 Sep 2014 21:02:14 +0200 Subject: [PATCH 58/61] spring, warzone2100: work around build problems I guess there was a slight API change in the last mesa update. --- pkgs/games/spring/default.nix | 2 ++ pkgs/games/warzone2100/default.nix | 3 +++ 2 files changed, 5 insertions(+) diff --git a/pkgs/games/spring/default.nix b/pkgs/games/spring/default.nix index 539be06bf7f..69387f0cfd3 100644 --- a/pkgs/games/spring/default.nix +++ b/pkgs/games/spring/default.nix @@ -28,6 +28,8 @@ stdenv.mkDerivation rec { # reported upstream http://springrts.com/mantis/view.php?id=4305 #enableParallelBuilding = true; # occasionally missing generated files on Hydra + NIX_CFLAGS_COMPILE = "-fpermissive"; # GL header minor incompatibility + postInstall = '' wrapProgram "$out/bin/spring" \ --prefix LD_LIBRARY_PATH : "${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib::${systemd}/lib" diff --git a/pkgs/games/warzone2100/default.nix b/pkgs/games/warzone2100/default.nix index 284d420fe7f..0db90e95cc9 100644 --- a/pkgs/games/warzone2100/default.nix +++ b/pkgs/games/warzone2100/default.nix @@ -28,6 +28,9 @@ stdenv.mkDerivation rec { --replace "which %s" "${which}/bin/which %s" ''; configureFlags = "--with-backend=qt --with-distributor=NixOS"; + + NIX_CFLAGS_COMPILE = "-fpermissive"; # GL header minor incompatibility + postInstall = [] ++ stdenv.lib.optional withVideos "cp ${sequences_src} $out/share/warzone2100/sequences.wz"; meta = { From c4a35d8cf9548344cedf259363eef4332fd2e072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 4 Sep 2014 21:04:11 +0200 Subject: [PATCH 59/61] warzone2100: fix meta --- pkgs/games/warzone2100/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/games/warzone2100/default.nix b/pkgs/games/warzone2100/default.nix index 0db90e95cc9..248b58a4e1a 100644 --- a/pkgs/games/warzone2100/default.nix +++ b/pkgs/games/warzone2100/default.nix @@ -33,7 +33,8 @@ stdenv.mkDerivation rec { postInstall = [] ++ stdenv.lib.optional withVideos "cp ${sequences_src} $out/share/warzone2100/sequences.wz"; - meta = { + + meta = with stdenv.lib; { description = "A free RTS game, originally developed by Pumpkin Studios"; longDescription = '' Warzone 2100 is an open source real-time strategy and real-time tactics @@ -47,8 +48,8 @@ stdenv.mkDerivation rec { variety of possible units and tactics. ''; homepage = http://wz2100.net; - license = [ "GPLv2+" ]; - maintainers = with stdenv.lib.maintainers; [ astsmtl ]; - platforms = with stdenv.lib.platforms; linux; + license = licenses.gpl2Plus; + maintainers = [ maintainers.astsmtl ]; + platforms = platforms.linux; }; } From 20be024d1bae622409fa56844b2f8799bbf29bb0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 5 Sep 2014 17:40:09 +0200 Subject: [PATCH 60/61] Fix subuid/subgid generation I don't think we need to filter users with an unset uid, because mkSubuidEntry/mkSubgidEntry don't references the uid. --- nixos/modules/config/users-groups.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index d172ddb6bca..619f329d74c 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -276,23 +276,17 @@ let }; }; - filterNull = a: filter (x: hasAttr a x && getAttr a x != null); - - sortOn "gid" (filterNull "gid" (attrValues cfg.extraGroups)) - sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers)) mkSubuidEntry = user: concatStrings ( map (range: "${user.name}:${toString range.startUid}:${toString range.count}\n") - user.subUidRanges); + user.subUidRanges); - subuidFile = concatStrings (map mkSubuidEntry ( - sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers)))); + subuidFile = concatStrings (map mkSubuidEntry (attrValues cfg.extraUsers)); mkSubgidEntry = user: concatStrings ( map (range: "${user.name}:${toString range.startGid}:${toString range.count}\n") user.subGidRanges); - subgidFile = concatStrings (map mkSubgidEntry ( - sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers)))); + subgidFile = concatStrings (map mkSubgidEntry (attrValues cfg.extraUsers)); idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }: let From a71744392b6964e624d3ae968bee660731b7d271 Mon Sep 17 00:00:00 2001 From: Nixpkgs Monitor Date: Sat, 6 Sep 2014 20:10:37 +0200 Subject: [PATCH 61/61] pcre: update from 8.34 to 8.35 --- pkgs/development/libraries/pcre/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix index 4cf6bd44dd3..930d7b86f06 100644 --- a/pkgs/development/libraries/pcre/default.nix +++ b/pkgs/development/libraries/pcre/default.nix @@ -5,11 +5,11 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "pcre-8.34"; + name = "pcre-8.35"; src = fetchurl { url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2"; - sha256 = "0gsqmsp0q0n3q0ba32gkjvgcsdy6nwidqa7sbxkbw817zzhkl15n"; + sha256 = "0nw66r92dr24vy9k4lw17bkv8x5nlzn6wx9hq4y2dvzgig3w2qd9"; }; # The compiler on Darwin crashes with an internal error while building the