diff --git a/lib/platforms.nix b/lib/platforms.nix
index 44a56b659c72..067670c6b3e7 100644
--- a/lib/platforms.nix
+++ b/lib/platforms.nix
@@ -7,7 +7,7 @@ rec {
freebsd = ["i686-freebsd" "x86_64-freebsd"];
openbsd = ["i686-openbsd" "x86_64-openbsd"];
netbsd = ["i686-netbsd" "x86_64-netbsd"];
- cygwin = ["i686-cygwin"];
+ cygwin = ["i686-cygwin" "x86_64-cygwin"];
unix = linux ++ darwin ++ freebsd ++ openbsd;
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd;
none = [];
diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml
index 40dc687d03bb..40362fbbb23f 100644
--- a/nixos/doc/manual/configuration/user-mgmt.xml
+++ b/nixos/doc/manual/configuration/user-mgmt.xml
@@ -13,11 +13,10 @@ states that a user account named alice shall exist:
users.extraUsers.alice =
- { createHome = true;
+ { isNormalUser = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "wheel" "networkmanager" ];
- useDefaultShell = true;
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
@@ -58,11 +57,6 @@ users.extraGroups.students.gid = 1000;
As with users, the group ID (gid) is optional and will be assigned
automatically if it’s missing.
-Currently declarative user management is not perfect:
-nixos-rebuild does not know how to realise certain
-configuration changes. This includes removing a user or group, and
-removing group membership from a user.
-
In the imperative style, users and groups are managed by
commands such as useradd,
groupmod and so on. For instance, to create a user
diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl
new file mode 100644
index 000000000000..197b65e27c4b
--- /dev/null
+++ b/nixos/modules/config/update-users-groups.pl
@@ -0,0 +1,239 @@
+use strict;
+use File::Path qw(make_path);
+use File::Slurp;
+use JSON;
+
+make_path("/var/lib/nixos", { mode => 0755 });
+
+
+# Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
+# /etc/login.defs.
+sub allocId {
+ my ($used, $idMin, $idMax, $up, $getid) = @_;
+ my $id = $up ? $idMin : $idMax;
+ while ($id >= $idMin && $id <= $idMax) {
+ if (!$used->{$id} && !defined &$getid($id)) {
+ $used->{$id} = 1;
+ return $id;
+ }
+ $used->{$id} = 1;
+ if ($up) { $id++; } else { $id--; }
+ }
+ die "$0: out of free UIDs or GIDs\n";
+}
+
+my (%gidsUsed, %uidsUsed);
+
+sub allocGid {
+ return allocId(\%gidsUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) });
+}
+
+sub allocUid {
+ my ($isSystemUser) = @_;
+ my ($min, $max, $up) = $isSystemUser ? (400, 499, 0) : (1000, 29999, 1);
+ return allocId(\%uidsUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) });
+}
+
+
+# Read the declared users/groups.
+my $spec = decode_json(read_file($ARGV[0]));
+
+# Don't allocate UIDs/GIDs that are already in use.
+foreach my $g (@{$spec->{groups}}) {
+ $gidsUsed{$g->{gid}} = 1 if defined $g->{gid};
+}
+
+foreach my $u (@{$spec->{groups}}) {
+ $uidsUsed{$u->{u}} = 1 if defined $u->{uid};
+}
+
+# Read the current /etc/group.
+sub parseGroup {
+ chomp;
+ my @f = split(':', $_, -4);
+ my $gid = $f[2] eq "" ? undef : int($f[2]);
+ $gidsUsed{$gid} = 1 if defined $gid;
+ return ($f[0], { name => $f[0], password => $f[1], gid => $gid, members => $f[3] });
+}
+
+my %groupsCur = -f "/etc/group" ? map { parseGroup } read_file("/etc/group") : ();
+
+# Read the current /etc/passwd.
+sub parseUser {
+ chomp;
+ my @f = split(':', $_, -7);
+ my $uid = $f[2] eq "" ? undef : int($f[2]);
+ $uidsUsed{$uid} = 1 if defined $uid;
+ return ($f[0], { name => $f[0], fakePassword => $f[1], uid => $uid,
+ gid => $f[3], description => $f[4], home => $f[5], shell => $f[6] });
+}
+
+my %usersCur = -f "/etc/passwd" ? map { parseUser } read_file("/etc/passwd") : ();
+
+# Read the groups that were created declaratively (i.e. not by groups)
+# in the past. These must be removed if they are no longer in the
+# current spec.
+my $declGroupsFile = "/var/lib/nixos/declarative-groups";
+my %declGroups;
+$declGroups{$_} = 1 foreach split / /, -e $declGroupsFile ? read_file($declGroupsFile) : "";
+
+# Idem for the users.
+my $declUsersFile = "/var/lib/nixos/declarative-users";
+my %declUsers;
+$declUsers{$_} = 1 foreach split / /, -e $declUsersFile ? read_file($declUsersFile) : "";
+
+
+# Generate a new /etc/group containing the declared groups.
+my %groupsOut;
+foreach my $g (@{$spec->{groups}}) {
+ my $name = $g->{name};
+ my $existing = $groupsCur{$name};
+
+ my %members = map { ($_, 1) } @{$g->{members}};
+
+ if (defined $existing) {
+ $g->{gid} = $existing->{gid} if !defined $g->{gid};
+ if ($g->{gid} != $existing->{gid}) {
+ warn "warning: not applying GID change of group ‘$name’\n";
+ $g->{gid} = $existing->{gid};
+ }
+ $g->{password} = $existing->{password}; # do we want this?
+ if ($spec->{mutableUsers}) {
+ # Merge in non-declarative group members.
+ foreach my $uname (split /,/, $existing->{members} // "") {
+ $members{$uname} = 1 if !defined $declUsers{$uname};
+ }
+ }
+ } else {
+ $g->{gid} = allocGid if !defined $g->{gid};
+ $g->{password} = "x";
+ }
+
+ $g->{members} = join ",", sort(keys(%members));
+ $groupsOut{$name} = $g;
+}
+
+# Update the persistent list of declarative groups.
+write_file($declGroupsFile, join(" ", sort(keys %groupsOut)));
+
+# Merge in the existing /etc/group.
+foreach my $name (keys %groupsCur) {
+ my $g = $groupsCur{$name};
+ next if defined $groupsOut{$name};
+ if (!$spec->{mutableUsers} || defined $declGroups{$name}) {
+ print STDERR "removing group ‘$name’\n";
+ } else {
+ $groupsOut{$name} = $g;
+ }
+}
+
+
+# Rewrite /etc/group. FIXME: acquire lock.
+my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
+ (sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
+write_file("/etc/group.tmp", @lines);
+rename("/etc/group.tmp", "/etc/group") or die;
+system("nscd --invalidate group");
+
+# Generate a new /etc/passwd containing the declared users.
+my %usersOut;
+foreach my $u (@{$spec->{users}}) {
+ my $name = $u->{name};
+
+ # Resolve the gid of the user.
+ if ($u->{group} =~ /^[0-9]$/) {
+ $u->{gid} = $u->{group};
+ } elsif (defined $groupsOut{$u->{group}}) {
+ $u->{gid} = $groupsOut{$u->{group}}->{gid} // die;
+ } else {
+ warn "warning: user ‘$name’ has unknown group ‘$u->{group}’\n";
+ $u->{gid} = 65534;
+ }
+
+ my $existing = $usersCur{$name};
+ if (defined $existing) {
+ $u->{uid} = $existing->{uid} if !defined $u->{uid};
+ if ($u->{uid} != $existing->{uid}) {
+ warn "warning: not applying UID change of user ‘$name’\n";
+ $u->{uid} = $existing->{uid};
+ }
+ } else {
+ $u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid};
+
+ # Create a home directory.
+ if ($u->{createHome}) {
+ make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
+ chown $u->{uid}, $u->{gid}, $u->{home};
+ }
+ }
+
+ if (defined $u->{passwordFile}) {
+ if (-e $u->{passwordFile}) {
+ $u->{hashedPassword} = read_file($u->{passwordFile});
+ chomp $u->{hashedPassword};
+ } else {
+ warn "warning: password file ‘$u->{passwordFile}’ does not exist\n";
+ }
+ }
+
+ $u->{fakePassword} = $existing->{fakePassword} // "x";
+ $usersOut{$name} = $u;
+}
+
+# Update the persistent list of declarative users.
+write_file($declUsersFile, join(" ", sort(keys %usersOut)));
+
+# Merge in the existing /etc/passwd.
+foreach my $name (keys %usersCur) {
+ my $u = $usersCur{$name};
+ next if defined $usersOut{$name};
+ if (!$spec->{mutableUsers} || defined $declUsers{$name}) {
+ print STDERR "removing user ‘$name’\n";
+ } else {
+ $usersOut{$name} = $u;
+ }
+}
+
+# Rewrite /etc/passwd. FIXME: acquire lock.
+@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
+ (sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
+write_file("/etc/passwd.tmp", @lines);
+rename("/etc/passwd.tmp", "/etc/passwd") or die;
+system("nscd --invalidate passwd");
+
+
+# Rewrite /etc/shadow to add new accounts or remove dead ones.
+my @shadowNew;
+my %shadowSeen;
+
+foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) {
+ chomp $line;
+ my ($name, $password, @rest) = split(':', $line, -9);
+ my $u = $usersOut{$name};;
+ next if !defined $u;
+ $password = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
+ push @shadowNew, join(":", $name, $password, @rest) . "\n";
+ $shadowSeen{$name} = 1;
+}
+
+foreach my $u (values %usersOut) {
+ next if defined $shadowSeen{$u->{name}};
+ my $password = "!";
+ $password = $u->{hashedPassword} if defined $u->{hashedPassword};
+ # FIXME: set correct value for sp_lstchg.
+ push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n";
+}
+
+write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew);
+rename("/etc/shadow.tmp", "/etc/shadow") or die;
+
+
+# Call chpasswd to apply password. FIXME: generate the hashes directly
+# and merge into the /etc/shadow updating above.
+foreach my $u (@{$spec->{users}}) {
+ if (defined $u->{password}) {
+ my $pid = open(PW, "| chpasswd") or die;
+ print PW "$u->{name}:$u->{password}\n";
+ close PW or die "unable to change password of user ‘$u->{name}’: $?\n";
+ }
+}
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index a55593c2bad8..619f329d74c5 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -7,9 +7,6 @@ let
ids = config.ids;
cfg = config.users;
- nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers;
- nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups;
-
passwordDescription = ''
The options hashedPassword,
password and passwordFile
@@ -55,10 +52,8 @@ let
type = with types; nullOr int;
default = null;
description = ''
- The account UID. If the option
- is false, the UID cannot be null. Otherwise, the UID might be
- null, in which case a free UID is picked on activation (by the
- useradd command).
+ The account UID. If the UID is null, a free UID is picked on
+ activation.
'';
};
@@ -67,8 +62,7 @@ let
default = false;
description = ''
Indicates if the user is a system user or not. This option
- only has an effect if is
- true and is
+ only has an effect if is
, in which case it determines whether
the user's UID is allocated in the range for system users
(below 500) or in the range for normal users (starting at
@@ -76,6 +70,21 @@ let
'';
};
+ isNormalUser = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Indicates whether this is an account for a “real” user. This
+ automatically sets to
+ users, to
+ true, to
+ /home/username,
+ to true,
+ and to
+ false.
+ '';
+ };
+
group = mkOption {
type = types.str;
default = "nogroup";
@@ -182,22 +191,20 @@ let
${passwordDescription}
'';
};
-
- createUser = mkOption {
- type = types.bool;
- default = true;
- description = ''
- Indicates if the user should be created automatically as a local user.
- Set this to false if the user for instance is an LDAP user. NixOS will
- then not modify any of the basic properties for the user account.
- '';
- };
};
- config = {
- name = mkDefault name;
- shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell);
- };
+ config = mkMerge
+ [ { name = mkDefault name;
+ shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell);
+ }
+ (mkIf config.isNormalUser {
+ group = mkDefault "users";
+ createHome = mkDefault true;
+ home = mkDefault "/home/${name}";
+ useDefaultShell = mkDefault true;
+ isSystemUser = mkDefault false;
+ })
+ ];
};
@@ -217,10 +224,8 @@ let
type = with types; nullOr int;
default = null;
description = ''
- The group GID. If the mutableUsers option
- is false, the GID cannot be null. Otherwise, the GID might be
- null, in which case a free GID is picked on activation (by the
- groupadd command).
+ The group GID. If the GID is null, a free GID is picked on
+ activation.
'';
};
@@ -271,97 +276,17 @@ let
};
};
- getGroup = gname:
- let
- groups = mapAttrsToList (n: g: g) (
- filterAttrs (n: g: g.name == gname) cfg.extraGroups
- );
- in
- if length groups == 1 then head groups
- else if groups == [] then throw "Group ${gname} not defined"
- else throw "Group ${gname} has multiple definitions";
-
- getUser = uname:
- let
- users = mapAttrsToList (n: u: u) (
- filterAttrs (n: u: u.name == uname) cfg.extraUsers
- );
- in
- if length users == 1 then head users
- else if users == [] then throw "User ${uname} not defined"
- else throw "User ${uname} has multiple definitions";
-
- mkGroupEntry = gname:
- let
- g = getGroup gname;
- users = mapAttrsToList (n: u: u.name) (
- filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers
- );
- in concatStringsSep ":" [
- g.name "x" (toString g.gid)
- (concatStringsSep "," (users ++ (filter (u: !(elem u users)) g.members)))
- ];
-
- mkPasswdEntry = uname: let u = getUser uname; in
- concatStringsSep ":" [
- u.name "x" (toString u.uid)
- (toString (getGroup u.group).gid)
- u.description u.home u.shell
- ];
-
- filterNull = a: filter (x: hasAttr a x && getAttr a x != null);
-
- sortOn = a: sort (as1: as2: lessThan (getAttr a as1) (getAttr a as2));
-
- groupFile = pkgs.writeText "group" (
- concatStringsSep "\n" (map (g: mkGroupEntry g.name) (
- sortOn "gid" (filterNull "gid" (attrValues cfg.extraGroups))
- ))
- );
-
- passwdFile = pkgs.writeText "passwd" (
- concatStringsSep "\n" (map (u: mkPasswdEntry u.name) (
- sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))
- ))
- );
-
mkSubuidEntry = user: concatStrings (
map (range: "${user.name}:${toString range.startUid}:${toString range.count}\n")
- user.subUidRanges);
+ user.subUidRanges);
- subuidFile = concatStrings (map mkSubuidEntry (
- sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))));
+ subuidFile = concatStrings (map mkSubuidEntry (attrValues cfg.extraUsers));
mkSubgidEntry = user: concatStrings (
map (range: "${user.name}:${toString range.startGid}:${toString range.count}\n")
user.subGidRanges);
- subgidFile = concatStrings (map mkSubgidEntry (
- sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))));
-
- # If mutableUsers is true, this script adds all users/groups defined in
- # users.extra{Users,Groups} to /etc/{passwd,group} iff there isn't any
- # existing user/group with the same name in those files.
- # If mutableUsers is false, the /etc/{passwd,group} files will simply be
- # replaced with the users/groups defined in the NixOS configuration.
- # The merging procedure could certainly be improved, and instead of just
- # keeping the lines as-is from /etc/{passwd,group} they could be combined
- # in some way with the generated content from the NixOS configuration.
- merger = src: pkgs.writeScript "merger" ''
- #!${pkgs.bash}/bin/bash
-
- PATH=${pkgs.gawk}/bin:${pkgs.gnugrep}/bin:$PATH
-
- ${if !cfg.mutableUsers
- then ''cp ${src} $1.tmp''
- else ''awk -F: '{ print "^"$1":.*" }' $1 | egrep -vf - ${src} | cat $1 - > $1.tmp''
- }
-
- # set mtime to +1, otherwise change might go unnoticed (vipw/vigr only looks at mtime)
- touch -m -t $(date -d @$(($(stat -c %Y $1)+1)) +%Y%m%d%H%M.%S) $1.tmp
-
- mv -f $1.tmp $1
- '';
+ subgidFile = concatStrings (map mkSubgidEntry (attrValues cfg.extraUsers));
idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }:
let
@@ -376,6 +301,21 @@ let
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid";
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid";
+ spec = builtins.toFile "users-groups.json" (builtins.toJSON {
+ inherit (cfg) mutableUsers;
+ users = mapAttrsToList (n: u:
+ { inherit (u)
+ name uid group description home shell createHome isSystemUser
+ password passwordFile hashedPassword;
+ }) cfg.extraUsers;
+ groups = mapAttrsToList (n: g:
+ { inherit (g) name gid;
+ members = mapAttrsToList (n: u: u.name) (
+ filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers
+ );
+ }) cfg.extraGroups;
+ });
+
in {
###### interface
@@ -512,67 +452,12 @@ in {
grsecurity.gid = ids.gids.grsecurity;
};
- system.activationScripts.users =
- let
- mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers;
- setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers;
- pwFile = u: if !(isNull u.hashedPassword)
- then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; }
- else if !(isNull u.password)
- then pkgs.runCommand "password-file" { pw = u.password; } ''
- echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out
- '' else u.passwordFile;
- setpw = n: u: ''
- setpw=yes
- ${optionalString cfg.mutableUsers ''
- test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no
- ''}
- if [ "$setpw" == "yes" ]; then
- ${if !(isNull (pwFile u))
- then ''
- echo -n "${u.name}:" | cat - "${pwFile u}" | \
- ${pkgs.shadow}/sbin/chpasswd -e
- ''
- else "passwd -l '${u.name}' &>/dev/null"
- }
- fi
- '';
- mkhome = n: u: ''
- uid="$(id -u ${u.name})"
- gid="$(id -g ${u.name})"
- h="${u.home}"
- test -a "$h" || mkdir -p "$h" || true
- test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true
- test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true
- '';
- groupadd = n: g: ''
- if [ -z "$(getent group "${g.name}")" ]; then
- ${pkgs.shadow}/sbin/groupadd "${g.name}"
- fi
- '';
- useradd = n: u: ''
- if ! id "${u.name}" &>/dev/null; then
- ${pkgs.shadow}/sbin/useradd \
- -g "${u.group}" \
- -G "${concatStringsSep "," u.extraGroups}" \
- -s "${u.shell}" \
- -d "${u.home}" \
- ${optionalString u.isSystemUser "--system"} \
- "${u.name}"
- echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e
- fi
- '';
- in stringAfter [ "etc" ] ''
- touch /etc/group
- touch /etc/passwd
- VISUAL=${merger groupFile} ${pkgs.shadow}/sbin/vigr &>/dev/null
- VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null
- ${pkgs.shadow}/sbin/grpconv
- ${pkgs.shadow}/sbin/pwconv
- ${concatStrings (mapAttrsToList groupadd nonGidGroups)}
- ${concatStrings (mapAttrsToList useradd nonUidUsers)}
- ${concatStrings (mapAttrsToList mkhome mkhomeUsers)}
- ${concatStrings (mapAttrsToList setpw setpwUsers)}
+ system.activationScripts.users = stringAfter [ "etc" ]
+ ''
+ ${pkgs.perl}/bin/perl -w \
+ -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl \
+ -I${pkgs.perlPackages.JSON}/lib/perl5/site_perl \
+ ${./update-users-groups.pl} ${spec}
'';
# for backwards compatibility
@@ -589,13 +474,7 @@ in {
assertions = [
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
- message = "uids and gids must be unique!";
- }
- { assertion = cfg.mutableUsers || (nonUidUsers == {});
- message = "When mutableUsers is false, no uid can be null: ${toString (attrNames nonUidUsers)}";
- }
- { assertion = cfg.mutableUsers || (nonGidGroups == {});
- message = "When mutableUsers is false, no gid can be null";
+ message = "UIDs and GIDs must be unique!";
}
];
diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl
index c6f499b82506..e8f100d64984 100644
--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -525,12 +525,8 @@ $bootLoaderConfig
# Define a user account. Don't forget to set a password with ‘passwd’.
# users.extraUsers.guest = {
- # name = "guest";
- # group = "users";
+ # isNormalUser = true;
# uid = 1000;
- # createHome = true;
- # home = "/home/guest";
- # shell = "/run/current-system/sw/bin/bash";
# };
}
diff --git a/nixos/modules/profiles/demo.nix b/nixos/modules/profiles/demo.nix
index 605cc6aad1de..ef6fd77b5f8d 100644
--- a/nixos/modules/profiles/demo.nix
+++ b/nixos/modules/profiles/demo.nix
@@ -4,12 +4,9 @@
imports = [ ./graphical.nix ];
users.extraUsers.demo =
- { description = "Demo user account";
- group = "users";
+ { isNormalUser = true;
+ description = "Demo user account";
extraGroups = [ "wheel" ];
- home = "/home/demo";
- createHome = true;
- useDefaultShell = true;
password = "demo";
uid = 1000;
};
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index d62340f2c798..35455f17779f 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -174,6 +174,11 @@ in
# Clean up existing machined registration and interfaces.
machinectl terminate "$INSTANCE" 2> /dev/null || true
+ if [ "$PRIVATE_NETWORK" = 1 ]; then
+ ip link del dev "ve-$INSTANCE" 2> /dev/null || true
+ fi
+
+
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
fi
@@ -240,6 +245,12 @@ in
ip route add $LOCAL_ADDRESS dev $ifaceHost
fi
fi
+
+ # This blocks until the container-startup-done service
+ # writes something to this pipe. FIXME: it also hangs
+ # until the start timeout expires if systemd-nspawn exits.
+ read x < $root/var/lib/startup-done
+ rm -f $root/var/lib/startup-done
'';
preStop =
diff --git a/nixos/tests/common/user-account.nix b/nixos/tests/common/user-account.nix
index 0239a3c4d08a..aa3a0b82bcde 100644
--- a/nixos/tests/common/user-account.nix
+++ b/nixos/tests/common/user-account.nix
@@ -1,11 +1,9 @@
{ pkgs, ... }:
{ users.extraUsers = pkgs.lib.singleton
- { name = "alice";
+ { isNormalUser = true;
+ name = "alice";
description = "Alice Foobar";
- home = "/home/alice";
- createHome = true;
- useDefaultShell = true;
password = "foobar";
uid = 1000;
};
diff --git a/pkgs/applications/editors/ed/default.nix b/pkgs/applications/editors/ed/default.nix
index 0c764fcf8f86..bccd7754efbd 100644
--- a/pkgs/applications/editors/ed/default.nix
+++ b/pkgs/applications/editors/ed/default.nix
@@ -1,11 +1,14 @@
{ fetchurl, stdenv }:
stdenv.mkDerivation rec {
- name = "ed-1.9";
+ name = "ed-1.10";
src = fetchurl {
- url = "mirror://gnu/ed/${name}.tar.gz";
- sha256 = "122syihsx2hwzj75mkf5a9ssiky2xby748kp4cc00wzhmp7p5cym";
+ # gnu only provides *.lz tarball, which is unfriendly for stdenv bootstrapping
+ #url = "mirror://gnu/ed/${name}.tar.gz";
+ url = "http://pkgs.fedoraproject.org/repo/extras/ed/${name}.tar.bz2"
+ + "/38204d4c690a17a989e802ba01b45e98/${name}.tar.bz2";
+ sha256 = "16qvshl8470f3znjfrrci3lzllqkzc6disk5kygzsg9hh4f6wysq";
};
/* FIXME: Tests currently fail on Darwin:
diff --git a/pkgs/applications/networking/instant-messengers/twinkle/default.nix b/pkgs/applications/networking/instant-messengers/twinkle/default.nix
index 2e6b904c134e..c7f33c1f5805 100644
--- a/pkgs/applications/networking/instant-messengers/twinkle/default.nix
+++ b/pkgs/applications/networking/instant-messengers/twinkle/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
NIX_CFLAGS_LINK = "-Wl,--as-needed -lboost_regex -lasound -lzrtpcpp -lspeex -lspeexdsp";
- enableParallelBuilding = true;
+ #enableParallelBuilding = true; # fatal error: messageform.h: No such file or directory
meta = with stdenv.lib; {
homepage = http://www.twinklephone.com/;
diff --git a/pkgs/applications/networking/newsreaders/liferea/default.nix b/pkgs/applications/networking/newsreaders/liferea/default.nix
index e38d5188dc2f..a5216b2902a6 100644
--- a/pkgs/applications/networking/newsreaders/liferea/default.nix
+++ b/pkgs/applications/networking/newsreaders/liferea/default.nix
@@ -33,7 +33,6 @@ stdenv.mkDerivation rec {
for f in "$out"/bin/*; do
wrapProgram "$f" \
--prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \
- --prefix LD_LIBRARY_PATH : "${gnome3.libgnome_keyring}/lib" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
--prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules:${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gtk}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
diff --git a/pkgs/applications/virtualization/virt-manager/default.nix b/pkgs/applications/virtualization/virt-manager/default.nix
index e451ff79a945..d4d680f05fa2 100644
--- a/pkgs/applications/virtualization/virt-manager/default.nix
+++ b/pkgs/applications/virtualization/virt-manager/default.nix
@@ -51,7 +51,6 @@ buildPythonPackage rec {
--prefix GI_TYPELIB_PATH : $GI_TYPELIB_PATH \
--prefix GIO_EXTRA_MODULES : "${dconf}/lib/gio/modules" \
--prefix GSETTINGS_SCHEMA_DIR : $out/share/glib-2.0/schemas \
- --prefix LD_LIBRARY_PATH : ${gtk3}/lib/:${libvirt-glib}/lib/:${vte}/lib:${gtkvnc}/lib${optionalString spiceSupport ":${spice_gtk}/lib"} \
--prefix XDG_DATA_DIRS : "$out/share:${gsettings_desktop_schemas}/share:${gtk3}/share:$GSETTINGS_SCHEMAS_PATH:\$XDG_DATA_DIRS"
done
diff --git a/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh b/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh
index c53fd44207d0..2ad7783a442c 100644
--- a/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh
+++ b/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh
@@ -77,7 +77,6 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE"; then
n=$((n + 1))
done
params=("${rest[@]}")
- NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE --sysroot=/var/empty"
fi
diff --git a/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix
index 84a77e5a024a..6b9a69c738dc 100644
--- a/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix
+++ b/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix
@@ -25,7 +25,6 @@ stdenv.mkDerivation rec {
wrapProgram "$out/bin/gedit" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
- --prefix LD_LIBRARY_PATH : "${gnome3.libpeas}/lib:${gnome3.gtksourceview}/lib" \
--prefix XDG_DATA_DIRS : "${gnome3.gtksourceview}/share:${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
'';
diff --git a/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix
index b393bb439316..a8c84d6a7698 100644
--- a/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix
+++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix
@@ -28,17 +28,11 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
- preFixup =
- let
- libPath = stdenv.lib.makeLibraryPath
- [ evince gtk3 gnome3.tracker gnome3.gnome_online_accounts ];
- in
- ''
+ preFixup = ''
substituteInPlace $out/bin/gnome-documents --replace gapplication "${glib}/bin/gapplication"
wrapProgram "$out/bin/gnome-documents" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
- --prefix LD_LIBRARY_PATH ":" "${libPath}" \
--prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
--run "if [ -z \"\$XDG_CACHE_DIR\" ]; then XDG_CACHE_DIR=\$HOME/.cache; fi; if [ -w \"\$XDG_CACHE_DIR/..\" ]; then mkdir -p \"\$XDG_CACHE_DIR/gnome-documents\"; fi"
rm $out/share/icons/hicolor/icon-theme.cache
diff --git a/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix b/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix
index b8d2bbc79efd..31d521e8c302 100644
--- a/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix
+++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix
@@ -24,19 +24,11 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
- preFixup =
- let
- libPath = stdenv.lib.makeLibraryPath
- [ glib gtk3 libnotify tracker gnome3.grilo cairo
- gst_all_1.gstreamer gst_all_1.gst-plugins-base
- gst_all_1.gst-plugins-good gst_all_1.gst-plugins-bad ];
- in
- ''
+ preFixup = ''
wrapProgram "$out/bin/gnome-music" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
- --prefix LD_LIBRARY_PATH : "${libPath}" \
--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0" \
--prefix GRL_PLUGIN_PATH : "${gnome3.grilo-plugins}/lib/grilo-0.2" \
--prefix PYTHONPATH : "$PYTHONPATH"
diff --git a/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix b/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix
index dbb19f77d21e..6f6816efa5bd 100644
--- a/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix
+++ b/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix
@@ -35,7 +35,6 @@ stdenv.mkDerivation rec {
wrapProgram "$out/bin/gnome-shell" \
--prefix PATH : "${unzip}/bin" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
- --prefix LD_LIBRARY_PATH : "${accountsservice}/lib:${ibus}/lib:${gdm}/lib" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "${gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
diff --git a/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix b/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix
index e424ab3635ad..26e9144349f2 100644
--- a/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix
+++ b/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix
@@ -30,7 +30,6 @@ stdenv.mkDerivation rec {
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
- --prefix LD_LIBRARY_PATH ":" "${libsoup}/lib:${gnome3.gnome_desktop}/lib:${libnotify}/lib:${gtk3}/lib:${atk}/lib" \
--prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)"
'';
diff --git a/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix b/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix
index 56a5f18544f7..c303ccdf51e2 100644
--- a/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix
+++ b/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix
@@ -30,8 +30,7 @@ stdenv.mkDerivation rec {
for i in $out/libexec/gpaste/*; do
wrapProgram $i \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
- --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
- --prefix LD_LIBRARY_PATH : "${libPath}"
+ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH"
done
'';
diff --git a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
index 396adf9ba752..1698abfd00f7 100644
--- a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
+++ b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
@@ -4,7 +4,7 @@
, automoc4, soprano, qca2, attica, enchant, libdbusmenu_qt, grantlee
, docbook_xml_dtd_42, docbook_xsl, polkit_qt_1, acl, attr, libXtst
, udev, herqq, phonon, libjpeg, xz, ilmbase, libxslt
-, pkgconfig
+, pkgconfig, fetchpatch
}:
kde {
@@ -28,7 +28,15 @@ kde {
# There are a few hardcoded paths.
# Split plugins from libs?
- patches = [ ../files/polkit-install.patch ];
+ patches = [
+ ../files/polkit-install.patch
+ (fetchpatch {
+ name = "CVE-2014-5033.patch";
+ url = "http://quickgit.kde.org/?p=kdelibs.git"
+ + "&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23";
+ sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73";
+ })
+ ];
cmakeFlags = [
"-DDOCBOOKXML_CURRENTDTD_DIR=${docbook_xml_dtd_42}/xml/dtd/docbook"
diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix
index 7101d4e585e6..7166d325b31c 100644
--- a/pkgs/development/compilers/gcc/4.8/default.nix
+++ b/pkgs/development/compilers/gcc/4.8/default.nix
@@ -13,7 +13,7 @@
, perl ? null # optional, for texi2pod (then pod2man); required for Java
, gmp, mpfr, mpc, gettext, which
, libelf # optional, for link-time optimizations (LTO)
-, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
+, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
, zlib ? null, boehmgc ? null
, zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null
, libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null
@@ -59,14 +59,12 @@ let version = "4.8.3";
# Whether building a cross-compiler for GNU/Hurd.
crossGNU = cross != null && cross.config == "i586-pc-gnu";
- /* gccinstall.info says that "parallel make is currently not supported since
- collisions in profile collecting may occur".
- */
- enableParallelBuilding = !profiledCompiler;
+ enableParallelBuilding = true;
patches = []
++ optional enableParallelBuilding ./parallel-bconfig.patch
++ optional (cross != null) ./libstdc++-target.patch
+ ++ optional noSysDirs ./no-sys-dirs.patch
# The GNAT Makefiles did not pay attention to CFLAGS_FOR_TARGET for its
# target libraries and tools.
++ optional langAda ./gnat-cflags.patch
@@ -278,7 +276,6 @@ stdenv.mkDerivation ({
++ (optional javaAwtGtk pkgconfig);
buildInputs = [ gmp mpfr mpc libelf ]
- ++ (optional (ppl != null) ppl)
++ (optional (cloog != null) cloog)
++ (optional (isl != null) isl)
++ (optional (zlib != null) zlib)
@@ -295,15 +292,7 @@ stdenv.mkDerivation ({
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lm -ldl";
- preConfigure = ''
- configureFlagsArray=(
- ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic)
- "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"}
- ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS)
- "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\"
- \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""}
- );
- '' + stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) ''
+ preConfigure = stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) ''
export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g`
export LDFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $LDFLAGS_FOR_TARGET"
export CXXFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $CXXFLAGS_FOR_TARGET"
@@ -331,7 +320,6 @@ stdenv.mkDerivation ({
${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"}
${if enableShared then "" else "--disable-shared"}
${if enablePlugin then "--enable-plugin" else "--disable-plugin"}
- ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""}
${optionalString (isl != null) "--with-isl=${isl}"}
${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"}
${if langJava then
@@ -414,7 +402,6 @@ stdenv.mkDerivation ({
configureFlags = ''
${if enableMultilib then "" else "--disable-multilib"}
${if enableShared then "" else "--disable-shared"}
- ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""}
${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""}
${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""}
${if javaAwtGtk then "--enable-java-awt=gtk" else ""}
@@ -523,7 +510,6 @@ stdenv.mkDerivation ({
maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ];
- # Volunteers needed for the {Cyg,Dar}win ports of *PPL.
# gnatboot is not available out of linux platforms, so we disable the darwin build
# for the gnat (ada compiler).
platforms =
diff --git a/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch b/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch
new file mode 100644
index 000000000000..36df51904acf
--- /dev/null
+++ b/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch
@@ -0,0 +1,28 @@
+diff -ru -x '*~' gcc-4.8.3-orig/gcc/cppdefault.c gcc-4.8.3/gcc/cppdefault.c
+--- gcc-4.8.3-orig/gcc/cppdefault.c 2013-01-10 21:38:27.000000000 +0100
++++ gcc-4.8.3/gcc/cppdefault.c 2014-08-18 16:20:32.893944536 +0200
+@@ -35,6 +35,8 @@
+ # undef CROSS_INCLUDE_DIR
+ #endif
+
++#undef LOCAL_INCLUDE_DIR
++
+ const struct default_include cpp_include_defaults[]
+ #ifdef INCLUDE_DEFAULTS
+ = INCLUDE_DEFAULTS;
+diff -ru -x '*~' gcc-4.8.3-orig/gcc/gcc.c gcc-4.8.3/gcc/gcc.c
+--- gcc-4.8.3-orig/gcc/gcc.c 2014-03-23 12:30:57.000000000 +0100
++++ gcc-4.8.3/gcc/gcc.c 2014-08-18 13:19:32.689201690 +0200
+@@ -1162,10 +1162,10 @@
+ /* Default prefixes to attach to command names. */
+
+ #ifndef STANDARD_STARTFILE_PREFIX_1
+-#define STANDARD_STARTFILE_PREFIX_1 "/lib/"
++#define STANDARD_STARTFILE_PREFIX_1 ""
+ #endif
+ #ifndef STANDARD_STARTFILE_PREFIX_2
+-#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/"
++#define STANDARD_STARTFILE_PREFIX_2 ""
+ #endif
+
+ #ifdef CROSS_DIRECTORY_STRUCTURE /* Don't use these prefixes for a cross compiler. */
diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix
index 8b185d00bcc0..d38040a48b38 100644
--- a/pkgs/development/compilers/gcc/4.9/default.nix
+++ b/pkgs/development/compilers/gcc/4.9/default.nix
@@ -11,7 +11,7 @@
, perl ? null # optional, for texi2pod (then pod2man); required for Java
, gmp, mpfr, mpc, gettext, which
, libelf # optional, for link-time optimizations (LTO)
-, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
+, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
, zlib ? null, boehmgc ? null
, zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null
, libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null
@@ -57,10 +57,7 @@ let version = "4.9.1";
# Whether building a cross-compiler for GNU/Hurd.
crossGNU = cross != null && cross.config == "i586-pc-gnu";
- /* gccinstall.info says that "parallel make is currently not supported since
- collisions in profile collecting may occur".
- */
- enableParallelBuilding = !profiledCompiler;
+ enableParallelBuilding = true;
patches = [ ]
++ optional enableParallelBuilding ./parallel-bconfig.patch
@@ -276,7 +273,6 @@ stdenv.mkDerivation ({
++ (optional javaAwtGtk pkgconfig);
buildInputs = [ gmp mpfr mpc libelf ]
- ++ (optional (ppl != null) ppl)
++ (optional (cloog != null) cloog)
++ (optional (isl != null) isl)
++ (optional (zlib != null) zlib)
@@ -294,13 +290,6 @@ stdenv.mkDerivation ({
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isSunOS "-lm -ldl";
preConfigure = ''
- configureFlagsArray=(
- ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic)
- "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"}
- ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS)
- "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\"
- \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""}
- );
${stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit)
''
export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g`
@@ -322,7 +311,6 @@ stdenv.mkDerivation ({
${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"}
${if enableShared then "" else "--disable-shared"}
${if enablePlugin then "--enable-plugin" else "--disable-plugin"}
- ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""}
${optionalString (isl != null) "--with-isl=${isl}"}
${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"}
${if langJava then
@@ -403,7 +391,6 @@ stdenv.mkDerivation ({
configureFlags = ''
${if enableMultilib then "" else "--disable-multilib"}
${if enableShared then "" else "--disable-shared"}
- ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""}
${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""}
${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""}
${if javaAwtGtk then "--enable-java-awt=gtk" else ""}
@@ -510,7 +497,6 @@ stdenv.mkDerivation ({
maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ];
- # Volunteers needed for the {Cyg,Dar}win ports of *PPL.
# gnatboot is not available out of linux platforms, so we disable the darwin build
# for the gnat (ada compiler).
platforms =
diff --git a/pkgs/development/compilers/orc/default.nix b/pkgs/development/compilers/orc/default.nix
index 7dfbe218bb7c..ca5eadc8a649 100644
--- a/pkgs/development/compilers/orc/default.nix
+++ b/pkgs/development/compilers/orc/default.nix
@@ -1,14 +1,14 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
- name = "orc-0.4.19";
+ name = "orc-0.4.21";
src = fetchurl {
- url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.gz";
- sha256 = "17mmgwll2waz44m908lcxc5fd6n44yysh7p4pdw33hr138r507z2";
+ url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.xz";
+ sha256 = "187wrnq0ficwjj4y3yqci5fxcdkiazfs6k5js26k5b26hipzmham";
};
- doCheck = true;
+ doCheck = stdenv.is64bit; # see https://bugzilla.gnome.org/show_bug.cgi?id=728129#c7
meta = {
description = "The Oil Runtime Compiler";
diff --git a/pkgs/development/interpreters/perl/5.16/default.nix b/pkgs/development/interpreters/perl/5.16/default.nix
index 600884db5e67..c1a5374c92ea 100644
--- a/pkgs/development/interpreters/perl/5.16/default.nix
+++ b/pkgs/development/interpreters/perl/5.16/default.nix
@@ -54,6 +54,12 @@ stdenv.mkDerivation rec {
${optionalString stdenv.isArm ''
configureFlagsArray=(-Dldflags="-lm -lrt")
''}
+
+ ${optionalString stdenv.isCygwin ''
+ cp cygwin/cygwin.c{,.bak}
+ echo "#define PERLIO_NOT_STDIO 0" > tmp
+ cat tmp cygwin/cygwin.c.bak > cygwin/cygwin.c
+ ''}
'';
preBuild = optionalString (!(stdenv ? gcc && stdenv.gcc.nativeTools))
diff --git a/pkgs/development/libraries/cloog/default.nix b/pkgs/development/libraries/cloog/default.nix
index 7ea7e597d409..926da22b2802 100644
--- a/pkgs/development/libraries/cloog/default.nix
+++ b/pkgs/development/libraries/cloog/default.nix
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-isl=system" ];
+ enableParallelBuilding = true;
+
doCheck = true;
meta = {
diff --git a/pkgs/development/libraries/glew/default.nix b/pkgs/development/libraries/glew/default.nix
index 9ec88799d0dd..5127311e7c91 100644
--- a/pkgs/development/libraries/glew/default.nix
+++ b/pkgs/development/libraries/glew/default.nix
@@ -3,11 +3,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
- name = "glew-1.10.0";
+ name = "glew-1.11.0";
src = fetchurl {
url = "mirror://sourceforge/glew/${name}.tgz";
- sha256 = "01zki46dr5khzlyywr3cg615bcal32dazfazkf360s1znqh17i4r";
+ sha256 = "1mhkllxz49l1x680dmzrv2i82qjrq017sykah3xc90f2d8qcxfv9";
};
nativeBuildInputs = [ x11 libXmu libXi ];
@@ -42,9 +42,11 @@ stdenv.mkDerivation rec {
] ++ optional (stdenv.cross.libc == "msvcrt") "SYSTEM=mingw"
++ optional (stdenv.cross.libc == "libSystem") "SYSTEM=darwin";
- meta = {
+ meta = with stdenv.lib; {
description = "An OpenGL extension loading library for C(++)";
homepage = http://glew.sourceforge.net/;
- license = ["BSD" "GLX" "SGI-B" "GPL2"]; # License description copied from gentoo-1.4.0
+ license = licenses.free; # different files under different licenses
+ #["BSD" "GLX" "SGI-B" "GPL2"]
+ platforms = platforms.mesaPlatforms;
};
}
diff --git a/pkgs/development/libraries/glibc/2.19/common.nix b/pkgs/development/libraries/glibc/2.19/common.nix
index cd1ba747d7c6..a828148c3d5f 100644
--- a/pkgs/development/libraries/glibc/2.19/common.nix
+++ b/pkgs/development/libraries/glibc/2.19/common.nix
@@ -60,6 +60,7 @@ stdenv.mkDerivation ({
./fix-math.patch
./cve-2014-0475.patch
+ ./cve-2014-5119.patch
];
postPatch = ''
diff --git a/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch b/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch
new file mode 100644
index 000000000000..cbae03425eb9
--- /dev/null
+++ b/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch
@@ -0,0 +1,206 @@
+http://anonscm.debian.org/viewvc/pkg-glibc/glibc-package/trunk/debian/patches/any/cvs-CVE-2014-5119.diff?revision=6248&view=co
+
+commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8
+Author: Florian Weimer
+Date: Tue Aug 26 19:38:59 2014 +0200
+
+ __gconv_translit_find: Disable function [BZ #17187]
+
+ This functionality has never worked correctly, and the implementation
+ contained a security vulnerability (CVE-2014-5119).
+
+2014-08-26 Florian Weimer
+
+ [BZ #17187]
+ * iconv/gconv_trans.c (struct known_trans, search_tree, lock,
+ trans_compare, open_translit, __gconv_translit_find):
+ Remove module loading code.
+
+--- a/iconv/gconv_trans.c
++++ b/iconv/gconv_trans.c
+@@ -238,181 +238,12 @@ __gconv_transliterate (struct __gconv_step *step,
+ return __GCONV_ILLEGAL_INPUT;
+ }
+
+-
+-/* Structure to represent results of found (or not) transliteration
+- modules. */
+-struct known_trans
+-{
+- /* This structure must remain the first member. */
+- struct trans_struct info;
+-
+- char *fname;
+- void *handle;
+- int open_count;
+-};
+-
+-
+-/* Tree with results of previous calls to __gconv_translit_find. */
+-static void *search_tree;
+-
+-/* We modify global data. */
+-__libc_lock_define_initialized (static, lock);
+-
+-
+-/* Compare two transliteration entries. */
+-static int
+-trans_compare (const void *p1, const void *p2)
+-{
+- const struct known_trans *s1 = (const struct known_trans *) p1;
+- const struct known_trans *s2 = (const struct known_trans *) p2;
+-
+- return strcmp (s1->info.name, s2->info.name);
+-}
+-
+-
+-/* Open (maybe reopen) the module named in the struct. Get the function
+- and data structure pointers we need. */
+-static int
+-open_translit (struct known_trans *trans)
+-{
+- __gconv_trans_query_fct queryfct;
+-
+- trans->handle = __libc_dlopen (trans->fname);
+- if (trans->handle == NULL)
+- /* Not available. */
+- return 1;
+-
+- /* Find the required symbol. */
+- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context");
+- if (queryfct == NULL)
+- {
+- /* We cannot live with that. */
+- close_and_out:
+- __libc_dlclose (trans->handle);
+- trans->handle = NULL;
+- return 1;
+- }
+-
+- /* Get the context. */
+- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames)
+- != 0)
+- goto close_and_out;
+-
+- /* Of course we also have to have the actual function. */
+- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans");
+- if (trans->info.trans_fct == NULL)
+- goto close_and_out;
+-
+- /* Now the optional functions. */
+- trans->info.trans_init_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_init");
+- trans->info.trans_context_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_context");
+- trans->info.trans_end_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_end");
+-
+- trans->open_count = 1;
+-
+- return 0;
+-}
+-
+-
+ int
+ internal_function
+ __gconv_translit_find (struct trans_struct *trans)
+ {
+- struct known_trans **found;
+- const struct path_elem *runp;
+- int res = 1;
+-
+- /* We have to have a name. */
+- assert (trans->name != NULL);
+-
+- /* Acquire the lock. */
+- __libc_lock_lock (lock);
+-
+- /* See whether we know this module already. */
+- found = __tfind (trans, &search_tree, trans_compare);
+- if (found != NULL)
+- {
+- /* Is this module available? */
+- if ((*found)->handle != NULL)
+- {
+- /* Maybe we have to reopen the file. */
+- if ((*found)->handle != (void *) -1)
+- /* The object is not unloaded. */
+- res = 0;
+- else if (open_translit (*found) == 0)
+- {
+- /* Copy the data. */
+- *trans = (*found)->info;
+- (*found)->open_count++;
+- res = 0;
+- }
+- }
+- }
+- else
+- {
+- size_t name_len = strlen (trans->name) + 1;
+- int need_so = 0;
+- struct known_trans *newp;
+-
+- /* We have to continue looking for the module. */
+- if (__gconv_path_elem == NULL)
+- __gconv_get_path ();
+-
+- /* See whether we have to append .so. */
+- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0)
+- need_so = 1;
+-
+- /* Create a new entry. */
+- newp = (struct known_trans *) malloc (sizeof (struct known_trans)
+- + (__gconv_max_path_elem_len
+- + name_len + 3)
+- + name_len);
+- if (newp != NULL)
+- {
+- char *cp;
+-
+- /* Clear the struct. */
+- memset (newp, '\0', sizeof (struct known_trans));
+-
+- /* Store a copy of the module name. */
+- newp->info.name = cp = (char *) (newp + 1);
+- cp = __mempcpy (cp, trans->name, name_len);
+-
+- newp->fname = cp;
+-
+- /* Search in all the directories. */
+- for (runp = __gconv_path_elem; runp->name != NULL; ++runp)
+- {
+- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name),
+- trans->name, name_len);
+- if (need_so)
+- memcpy (cp, ".so", sizeof (".so"));
+-
+- if (open_translit (newp) == 0)
+- {
+- /* We found a module. */
+- res = 0;
+- break;
+- }
+- }
+-
+- if (res)
+- newp->fname = NULL;
+-
+- /* In any case we'll add the entry to our search tree. */
+- if (__tsearch (newp, &search_tree, trans_compare) == NULL)
+- {
+- /* Yickes, this should not happen. Unload the object. */
+- res = 1;
+- /* XXX unload here. */
+- }
+- }
+- }
+-
+- __libc_lock_unlock (lock);
+-
+- return res;
++ /* Transliteration module loading has been removed because it never
++ worked as intended and suffered from a security vulnerability.
++ Consequently, this function always fails. */
++ return 1;
+ }
diff --git a/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch b/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch
new file mode 100644
index 000000000000..04bcc42a032f
--- /dev/null
+++ b/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch
@@ -0,0 +1,25 @@
+--- ./giscanner/utils.py.orig 2014-08-14 22:05:05.055334080 +0200
++++ ./giscanner/utils.py 2014-08-14 22:05:24.687497334 +0200
+@@ -110,17 +110,11 @@
+ if dlname is None:
+ return None
+
+- # Darwin uses absolute paths where possible; since the libtool files never
+- # contain absolute paths, use the libdir field
+- if platform.system() == 'Darwin':
+- dlbasename = os.path.basename(dlname)
+- libdir = _extract_libdir_field(la_file)
+- if libdir is None:
+- return dlbasename
+- return libdir + '/' + dlbasename
+- # From the comments in extract_libtool(), older libtools had
+- # a path rather than the raw dlname
+- return os.path.basename(dlname)
++ dlbasename = os.path.basename(dlname)
++ libdir = _extract_libdir_field(la_file)
++ if libdir is None:
++ return dlbasename
++ return libdir + '/' + dlbasename
+
+
+ def extract_libtool(la_file):
diff --git a/pkgs/development/libraries/gobject-introspection/default.nix b/pkgs/development/libraries/gobject-introspection/default.nix
index 7686fb308383..4b7ec1f41163 100644
--- a/pkgs/development/libraries/gobject-introspection/default.nix
+++ b/pkgs/development/libraries/gobject-introspection/default.nix
@@ -29,6 +29,8 @@ stdenv.mkDerivation rec {
setupHook = ./setup-hook.sh;
+ patches = [ ./absolute_shlib_path.patch ];
+
meta = with stdenv.lib; {
description = "A middleware layer between C libraries and language bindings";
homepage = http://live.gnome.org/GObjectIntrospection;
diff --git a/pkgs/development/libraries/gstreamer/bad/default.nix b/pkgs/development/libraries/gstreamer/bad/default.nix
index d86e450477dc..a02af7f0cd75 100644
--- a/pkgs/development/libraries/gstreamer/bad/default.nix
+++ b/pkgs/development/libraries/gstreamer/bad/default.nix
@@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, python, gst-plugins-base, orc
, faacSupport ? false, faac ? null
, faad2, libass, libkate, libmms
-, libmodplug, mpeg2dec, mpg123
+, libmodplug, mpeg2dec, mpg123
, openjpeg, libopus, librsvg
, wildmidi, fluidsynth, libvdpau, wayland
, libwebp, xvidcore, gnutls
@@ -10,7 +10,7 @@
assert faacSupport -> faac != null;
stdenv.mkDerivation rec {
- name = "gst-plugins-bad-1.4.0";
+ name = "gst-plugins-bad-1.4.1";
meta = with stdenv.lib; {
description = "Gstreamer Bad Plugins";
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-bad/${name}.tar.xz";
- sha256 = "1y821785rvr6s79cmdll66hg6h740qa2n036xid20nvjyxabfb7z";
+ sha256 = "0268db2faaf0bb22e5b709a11633abbca4f3d289b1f513bb262d0bf3f53e19ae";
};
nativeBuildInputs = [ pkgconfig python ];
diff --git a/pkgs/development/libraries/gstreamer/base/default.nix b/pkgs/development/libraries/gstreamer/base/default.nix
index 9ae5f194fa22..3b9e94f4c658 100644
--- a/pkgs/development/libraries/gstreamer/base/default.nix
+++ b/pkgs/development/libraries/gstreamer/base/default.nix
@@ -4,7 +4,7 @@
}:
stdenv.mkDerivation rec {
- name = "gst-plugins-base-1.4.0";
+ name = "gst-plugins-base-1.4.1";
meta = {
description = "Base plugins and helper libraries";
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-base/${name}.tar.xz";
- sha256 = "07jcs08hjyban0amls5s0g6i4a1hwiir1llwpqzlwkmnhfwx9bjx";
+ sha256 = "aea9e25be6691bd3cc0785d005b2b5d70ce313a2c897901680a3f7e7cab5a499";
};
nativeBuildInputs = [
diff --git a/pkgs/development/libraries/gstreamer/core/default.nix b/pkgs/development/libraries/gstreamer/core/default.nix
index a99c0f14ecc3..8e9a2b87a017 100644
--- a/pkgs/development/libraries/gstreamer/core/default.nix
+++ b/pkgs/development/libraries/gstreamer/core/default.nix
@@ -1,9 +1,9 @@
{ stdenv, fetchurl, pkgconfig, perl, bison, flex, python, gobjectIntrospection
-, glib
+, glib
}:
stdenv.mkDerivation rec {
- name = "gstreamer-1.4.0";
+ name = "gstreamer-1.4.1";
meta = {
description = "Open source multimedia framework";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gstreamer/${name}.tar.xz";
- sha256 = "15f68pn2b47x543ih7hj59czgzl4af14j15bgjq8ky145gf9zhr3";
+ sha256 = "5638f75003282135815c0077d491da11e9a884ad91d4ba6ab3cc78bae0fb452e";
};
nativeBuildInputs = [
diff --git a/pkgs/development/libraries/gstreamer/good/default.nix b/pkgs/development/libraries/gstreamer/good/default.nix
index 69ffa81cb25b..176814c5ecd1 100644
--- a/pkgs/development/libraries/gstreamer/good/default.nix
+++ b/pkgs/development/libraries/gstreamer/good/default.nix
@@ -7,7 +7,7 @@
}:
stdenv.mkDerivation rec {
- name = "gst-plugins-good-1.4.0";
+ name = "gst-plugins-good-1.4.1";
meta = with stdenv.lib; {
description = "Gstreamer Good Plugins";
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-good/${name}.tar.xz";
- sha256 = "11965w4zr0jvrsnw33rbcc8d20dlh368rz0x16d2iypzhxwjx9j8";
+ sha256 = "8559d4270065b30ed5c49b826e1b7a3a2bd5ee9a340ae745a2ae3f9718e4c637";
};
nativeBuildInputs = [ pkgconfig python ];
diff --git a/pkgs/development/libraries/gstreamer/libav/default.nix b/pkgs/development/libraries/gstreamer/libav/default.nix
index ee4b3c392ddb..e25492c1d13b 100644
--- a/pkgs/development/libraries/gstreamer/libav/default.nix
+++ b/pkgs/development/libraries/gstreamer/libav/default.nix
@@ -6,7 +6,7 @@
assert withSystemLibav -> libav != null;
stdenv.mkDerivation rec {
- name = "gst-libav-1.4.0";
+ name = "gst-libav-1.4.1";
meta = {
homepage = "http://gstreamer.freedesktop.org";
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-libav/${name}.tar.xz";
- sha256 = "1073p7xdpr3pwyx37fnldfni908apnq3k9fbqmxf5wk3g1jplb68";
+ sha256 = "fc125521187fa84f3210269a0eecc51f8a856802f1ca4bb251f118dab90c5a9d";
};
configureFlags = stdenv.lib.optionalString withSystemLibav
diff --git a/pkgs/development/libraries/gstreamer/ugly/default.nix b/pkgs/development/libraries/gstreamer/ugly/default.nix
index da37280af99e..6a80514e8a1c 100644
--- a/pkgs/development/libraries/gstreamer/ugly/default.nix
+++ b/pkgs/development/libraries/gstreamer/ugly/default.nix
@@ -5,7 +5,7 @@
}:
stdenv.mkDerivation rec {
- name = "gst-plugins-ugly-1.4.0";
+ name = "gst-plugins-ugly-1.4.1";
meta = with stdenv.lib; {
description = "Gstreamer Ugly Plugins";
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz";
- sha256 = "0kblc5f4n0mh2sw8dhf7c9dg3wzm7a0p7pqpcff7n6ixy5hbn52k";
+ sha256 = "25440435ac4ed795d213f2420a0e7355e4a2e2e76d1f9d020b2073f815e8b071";
};
nativeBuildInputs = [ pkgconfig python ];
diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix
index 8340660e3923..45cdc5be02b1 100644
--- a/pkgs/development/libraries/harfbuzz/default.nix
+++ b/pkgs/development/libraries/harfbuzz/default.nix
@@ -8,11 +8,11 @@
# (icu is a ~30 MB dependency, the rest is very small in comparison)
stdenv.mkDerivation rec {
- name = "harfbuzz-0.9.33";
+ name = "harfbuzz-0.9.35";
src = fetchurl {
url = "http://www.freedesktop.org/software/harfbuzz/release/${name}.tar.bz2";
- sha256 = "1iql2ghlndqgx9q6p098xf253rjz5rnrv5qniwgd1b5q0jzwa4yk";
+ sha256 = "1v86596994bnb9hx7laykhw4ipixqz9ckwzyyqf340pmlsmsi88a";
};
configureFlags = [
diff --git a/pkgs/development/libraries/isl/0.12.2.nix b/pkgs/development/libraries/isl/0.12.2.nix
index f1da2c064092..67620881bca6 100644
--- a/pkgs/development/libraries/isl/0.12.2.nix
+++ b/pkgs/development/libraries/isl/0.12.2.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
buildInputs = [ gmp ];
+ enableParallelBuilding = true;
+
meta = {
homepage = http://www.kotnet.org/~skimo/isl/;
license = stdenv.lib.licenses.lgpl21;
diff --git a/pkgs/development/libraries/isl/default.nix b/pkgs/development/libraries/isl/default.nix
index 7e08c8afe6f6..931ee831b734 100644
--- a/pkgs/development/libraries/isl/default.nix
+++ b/pkgs/development/libraries/isl/default.nix
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
buildInputs = [ gmp ];
patches = [ ./fix-gcc-build.diff ];
+ enableParallelBuilding = true;
+
meta = {
homepage = http://www.kotnet.org/~skimo/isl/;
license = stdenv.lib.licenses.lgpl21;
diff --git a/pkgs/development/libraries/libav/default.nix b/pkgs/development/libraries/libav/default.nix
index 2f9e1786473e..264868e4a973 100644
--- a/pkgs/development/libraries/libav/default.nix
+++ b/pkgs/development/libraries/libav/default.nix
@@ -28,7 +28,7 @@ let
result = {
libav_0_8 = libavFun "0.8.13" "1fr3rzykrlm1cla0csm9hqa3gcqp19hf5rgn70nyb9w92r67v685";
libav_9 = libavFun "9.16" "18378gdgzqsxaacc9vl7ligwndbdvy95wbn50hs8xvdqn1rn916a";
- libav_10 = libavFun "10.3" "1fq83rc5534fjqjlhkw5i9k54dmyqn2pgvyillm6pws8rkn9yb5r";
+ libav_10 = libavFun "10.4" "1zzvjfdlv9swhq7dzvli1pk8cn02q1076ax9m3cx9ipilbg21639";
};
libavFun = version : sha256 : stdenv.mkDerivation rec {
diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix
index 1f04ae8fca54..3f8622535dbf 100644
--- a/pkgs/development/libraries/libpng/default.nix
+++ b/pkgs/development/libraries/libpng/default.nix
@@ -3,11 +3,11 @@
assert zlib != null;
let
- version = "1.6.12";
- sha256 = "0pkcirbfzhqqsm3hr2alxprw5n22a836qk4df1jnns6jk79gcby3";
+ version = "1.6.13";
+ sha256 = "09g631h1f1xvrdiy36mh1034r9w46damp9jcg7nm507wlmacxj6r";
patch_src = fetchurl {
url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz";
- sha256 = "0r2vmsc4cvxisjr7jqw2vjf66isb2fhs4nnssz3l3jgdangj8wz0";
+ sha256 = "017pnxp3zhhlh6mg2yqn5xrb6dcxc5p3dp1kr46p8xx052i0hzqb";
};
whenPatched = stdenv.lib.optionalString apngSupport;
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index bbad10898bf4..54fd8d3810e3 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -24,7 +24,7 @@ else
*/
let
- version = "10.2.5";
+ version = "10.2.6";
# this is the default search path for DRI drivers
driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32";
in
@@ -35,7 +35,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "ftp://ftp.freedesktop.org/pub/mesa/${version}/MesaLib-${version}.tar.bz2";
- sha256 = "039is15p8pkhf8m0yiyb72zybl63xb9ckqzcg3xwi8zlyw5ryidl";
+ sha256 = "01n8ib190s12m8hiiyi4wfm9jhkbqjd769npjwvf965smp918cqr";
};
prePatch = "patchShebangs .";
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 8c88df984f05..c972635c9c72 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -60,7 +60,12 @@ stdenv.mkDerivation {
else "./config";
configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
- stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
+ stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" +
+ stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") " no-asm";
+
+ preBuild = stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") ''
+ sed -i -e "s|-march=i486|-march=x86-64|g" Makefile
+ '';
makeFlags = "MANDIR=$(out)/share/man";
diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix
index 4cf6bd44dd3b..930d7b86f063 100644
--- a/pkgs/development/libraries/pcre/default.nix
+++ b/pkgs/development/libraries/pcre/default.nix
@@ -5,11 +5,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
- name = "pcre-8.34";
+ name = "pcre-8.35";
src = fetchurl {
url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2";
- sha256 = "0gsqmsp0q0n3q0ba32gkjvgcsdy6nwidqa7sbxkbw817zzhkl15n";
+ sha256 = "0nw66r92dr24vy9k4lw17bkv8x5nlzn6wx9hq4y2dvzgig3w2qd9";
};
# The compiler on Darwin crashes with an internal error while building the
diff --git a/pkgs/development/libraries/readline/readline4.nix b/pkgs/development/libraries/readline/readline4.nix
deleted file mode 100644
index d9dcdc9f048f..000000000000
--- a/pkgs/development/libraries/readline/readline4.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ stdenv, fetchurl, ncurses }:
-
-stdenv.mkDerivation {
- name = "readline-4.3";
- src = fetchurl {
- url = mirror://gnu/readline/readline-4.3.tar.gz;
- md5 = "f86f7cb717ab321fe15f1bbcb058c11e";
- };
- propagatedBuildInputs = [ncurses];
-}
diff --git a/pkgs/development/libraries/readline/readline5.nix b/pkgs/development/libraries/readline/readline5.nix
index c208d5b9fe6b..ad9860d855ef 100644
--- a/pkgs/development/libraries/readline/readline5.nix
+++ b/pkgs/development/libraries/readline/readline5.nix
@@ -2,13 +2,14 @@
stdenv.mkDerivation {
name = "readline-5.2";
-
+
src = fetchurl {
url = mirror://gnu/readline/readline-5.2.tar.gz;
sha256 = "0icz4hqqq8mlkwrpczyaha94kns0am9z0mh3a2913kg2msb8vs0j";
};
-
+
propagatedBuildInputs = [ncurses];
-
+
patches = stdenv.lib.optional stdenv.isDarwin ./shobj-darwin.patch;
}
+
diff --git a/pkgs/development/libraries/readline/readline6.3.nix b/pkgs/development/libraries/readline/readline6.3.nix
index 17299e5f10d8..04db1ffd4469 100644
--- a/pkgs/development/libraries/readline/readline6.3.nix
+++ b/pkgs/development/libraries/readline/readline6.3.nix
@@ -1,11 +1,13 @@
-{ fetchurl, stdenv, ncurses }:
+{ fetchzip, stdenv, ncurses }:
stdenv.mkDerivation (rec {
- name = "readline-6.3";
+ name = "readline-6.3p08";
- src = fetchurl {
- url = "mirror://gnu/readline/${name}.tar.gz";
- sha256 = "0hzxr9jxqqx5sxsv9vmlxdnvlr9vi4ih1avjb869hbs6p5qn1fjn";
+ src = fetchzip {
+ #url = "mirror://gnu/readline/${name}.tar.gz";
+ url = "http://git.savannah.gnu.org/cgit/readline.git/snapshot/"
+ + "readline-a73b98f779b388a5d0624e02e8bb187246e3e396.tar.gz";
+ sha256 = "19ji3wrv4fs79fd0nkacjy9q94pvy2cm66yb3aqysahg0cbrz5l1";
};
propagatedBuildInputs = [ncurses];
@@ -17,7 +19,7 @@ stdenv.mkDerivation (rec {
./no-arch_only-6.3.patch
];
- meta = {
+ meta = with stdenv.lib; {
description = "Library for interactive line editing";
longDescription = ''
@@ -37,9 +39,11 @@ stdenv.mkDerivation (rec {
homepage = http://savannah.gnu.org/projects/readline/;
- license = stdenv.lib.licenses.gpl3Plus;
+ license = licenses.gpl3Plus;
- maintainers = [ stdenv.lib.maintainers.ludo ];
+ maintainers = [ maintainers.ludo ];
+
+ platforms = platforms.unix;
};
}
diff --git a/pkgs/development/libraries/serf/default.nix b/pkgs/development/libraries/serf/default.nix
index 873f59dba3ab..1e8eec6ae452 100644
--- a/pkgs/development/libraries/serf/default.nix
+++ b/pkgs/development/libraries/serf/default.nix
@@ -1,8 +1,7 @@
{ stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, krb5, pkgconfig }:
stdenv.mkDerivation rec {
- version = "1.3.7";
- name = "serf-${version}";
+ name = "serf-1.3.7";
src = fetchurl {
url = "http://serf.googlecode.com/svn/src_releases/${name}.tar.bz2";
@@ -28,11 +27,8 @@ stdenv.mkDerivation rec {
meta = {
description = "HTTP client library based on APR";
- license = stdenv.lib.licenses.asl20 ;
+ license = stdenv.lib.licenses.asl20;
maintainers = [stdenv.lib.maintainers.raskin];
hydraPlatforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
- inherit version;
- downloadPage = "http://serf.googlecode.com/svn/src_releases/";
- updateWalker = true;
};
}
diff --git a/pkgs/development/tools/misc/d-feet/default.nix b/pkgs/development/tools/misc/d-feet/default.nix
index 852c1b742195..df5fdbfab5a3 100644
--- a/pkgs/development/tools/misc/d-feet/default.nix
+++ b/pkgs/development/tools/misc/d-feet/default.nix
@@ -26,7 +26,6 @@ stdenv.mkDerivation rec {
wrapProgram $out/bin/d-feet \
--prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
- --prefix LD_LIBRARY_PATH : "${gtk3}/lib:${atk}/lib:${libwnck3}/lib" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$out/share"
rm $out/share/icons/hicolor/icon-theme.cache
diff --git a/pkgs/development/tools/misc/swig/default.nix b/pkgs/development/tools/misc/swig/default.nix
index 66d6b65453ea..c4fcd3158457 100644
--- a/pkgs/development/tools/misc/swig/default.nix
+++ b/pkgs/development/tools/misc/swig/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
# 'make check' uses boost and tcl
buildInputs = stdenv.lib.optionals doCheck [ boost tcl ];
- configureFlags = stdenv.lib.optionalString stdenv.isDarwin "--disable-ccache";
+ configureFlags = "--disable-ccache";
meta = {
description = "Interface compiler that connects C/C++ code to higher-level languages";
diff --git a/pkgs/games/spring/default.nix b/pkgs/games/spring/default.nix
index 539be06bf7fa..69387f0cfd3a 100644
--- a/pkgs/games/spring/default.nix
+++ b/pkgs/games/spring/default.nix
@@ -28,6 +28,8 @@ stdenv.mkDerivation rec {
# reported upstream http://springrts.com/mantis/view.php?id=4305
#enableParallelBuilding = true; # occasionally missing generated files on Hydra
+ NIX_CFLAGS_COMPILE = "-fpermissive"; # GL header minor incompatibility
+
postInstall = ''
wrapProgram "$out/bin/spring" \
--prefix LD_LIBRARY_PATH : "${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib::${systemd}/lib"
diff --git a/pkgs/games/warzone2100/default.nix b/pkgs/games/warzone2100/default.nix
index 284d420fe7f2..248b58a4e1a5 100644
--- a/pkgs/games/warzone2100/default.nix
+++ b/pkgs/games/warzone2100/default.nix
@@ -28,9 +28,13 @@ stdenv.mkDerivation rec {
--replace "which %s" "${which}/bin/which %s"
'';
configureFlags = "--with-backend=qt --with-distributor=NixOS";
+
+ NIX_CFLAGS_COMPILE = "-fpermissive"; # GL header minor incompatibility
+
postInstall = []
++ stdenv.lib.optional withVideos "cp ${sequences_src} $out/share/warzone2100/sequences.wz";
- meta = {
+
+ meta = with stdenv.lib; {
description = "A free RTS game, originally developed by Pumpkin Studios";
longDescription = ''
Warzone 2100 is an open source real-time strategy and real-time tactics
@@ -44,8 +48,8 @@ stdenv.mkDerivation rec {
variety of possible units and tactics.
'';
homepage = http://wz2100.net;
- license = [ "GPLv2+" ];
- maintainers = with stdenv.lib.maintainers; [ astsmtl ];
- platforms = with stdenv.lib.platforms; linux;
+ license = licenses.gpl2Plus;
+ maintainers = [ maintainers.astsmtl ];
+ platforms = platforms.linux;
};
}
diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch
index 7410c87e277e..72cf0e92bb84 100644
--- a/pkgs/os-specific/linux/systemd/fixes.patch
+++ b/pkgs/os-specific/linux/systemd/fixes.patch
@@ -1,7 +1,25 @@
diff --git a/Makefile.am b/Makefile.am
-index 3d9e5c1..4d43cb4 100644
+index 3d9e5c1..46487f6 100644
--- a/Makefile.am
+++ b/Makefile.am
+@@ -1095,7 +1095,7 @@ BUILT_SOURCES += \
+
+ src/shared/errno-list.txt:
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
+- $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+[0-9]/ { print $$2; }' > $@
++ $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include errno.h - < /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+/ { print $$2; }' > $@
+
+ src/shared/errno-from-name.gperf: src/shared/errno-list.txt
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
+@@ -1107,7 +1107,7 @@ src/shared/errno-from-name.h: src/shared/errno-from-name.gperf
+
+ src/shared/errno-to-name.h: src/shared/errno-list.txt
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
+- $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@
++ $(AM_V_GEN)$(AWK) 'BEGIN{ print "static const char* const errno_names[] = { "} !/EDEADLOCK/ && !/EWOULDBLOCK/ && !/ENOTSUP/ { printf "[%s] = \"%s\",\n", $$1, $$1 } END{print "};"}' < $< > $@
+
+ src/shared/af-list.txt:
+ $(AM_V_at)$(MKDIR_P) $(dir $@)
@@ -1707,7 +1707,9 @@ dist_tmpfiles_DATA += \
endif
@@ -13,8 +31,42 @@ index 3d9e5c1..4d43cb4 100644
systemd-tmpfiles-setup.service
dist_zshcompletion_DATA += \
+@@ -1961,6 +1963,7 @@ systemd_cgls_SOURCES = \
+ src/cgls/cgls.c
+
+ systemd_cgls_LDADD = \
++ libsystemd-internal.la \
+ libsystemd-shared.la
+
+ # ------------------------------------------------------------------------------
+diff --git a/TODO b/TODO
+index e2ca1e6..d7efdd5 100644
+--- a/TODO
++++ b/TODO
+@@ -1,4 +1,6 @@
+ Bugfixes:
++* Should systemctl status \* work on all unit types, not just .service?
++
+ * enabling an instance unit creates a pointless link, and
+ the unit will be started with getty@getty.service:
+ $ systemctl enable getty@.service
+diff --git a/rules/42-usb-hid-pm.rules b/rules/42-usb-hid-pm.rules
+index c675b5b..4c300da 100644
+--- a/rules/42-usb-hid-pm.rules
++++ b/rules/42-usb-hid-pm.rules
+@@ -12,10 +12,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!=
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
+
+-# Catch-all for Avocent HID devices. Keyed off interface in order to only
+-# trigger on HID class devices.
+-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto"
+-
+ # Dell DRAC 4
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto"
+
diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
-index db72373..2fc12ca 100644
+index db72373..2875958 100644
--- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in
@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
@@ -28,11 +80,329 @@ index db72373..2fc12ca 100644
# Ignore raid devices that are not yet assembled and started
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
+@@ -43,7 +39,7 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys
+ SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k"
+
+ SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_WANTS}+="bluetooth.target"
+-ENV{ID_SMARTCARD_READER}=="*?", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target"
++ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target"
+ SUBSYSTEM=="sound", KERNEL=="card*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target"
+
+ SUBSYSTEM=="printer", TAG+="systemd", ENV{SYSTEMD_WANTS}+="printer.target"
+diff --git a/src/cgls/cgls.c b/src/cgls/cgls.c
+index b8e275d..1840594 100644
+--- a/src/cgls/cgls.c
++++ b/src/cgls/cgls.c
+@@ -35,6 +35,10 @@
+ #include "build.h"
+ #include "output-mode.h"
+ #include "fileio.h"
++#include "sd-bus.h"
++#include "bus-util.h"
++#include "bus-error.h"
++#include "unit-name.h"
+
+ static bool arg_no_pager = false;
+ static bool arg_kernel_threads = false;
+@@ -127,6 +131,7 @@ int main(int argc, char *argv[]) {
+ int r = 0, retval = EXIT_FAILURE;
+ int output_flags;
+ char _cleanup_free_ *root = NULL;
++ _cleanup_bus_unref_ sd_bus *bus = NULL;
+
+ log_parse_environment();
+ log_open();
+@@ -151,6 +156,12 @@ int main(int argc, char *argv[]) {
+ arg_all * OUTPUT_SHOW_ALL |
+ (arg_full > 0) * OUTPUT_FULL_WIDTH;
+
++ r = bus_open_transport(BUS_TRANSPORT_LOCAL, NULL, false, &bus);
++ if (r < 0) {
++ log_error("Failed to create bus connection: %s", strerror(-r));
++ goto finish;
++ }
++
+ if (optind < argc) {
+ int i;
+
+@@ -189,8 +200,52 @@ int main(int argc, char *argv[]) {
+ } else {
+ if (arg_machine) {
+ char *m;
++ const char *cgroup;
++ _cleanup_free_ char *scope = NULL;
++ _cleanup_free_ char *path = NULL;
++ _cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
++ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
++
+ m = strappenda("/run/systemd/machines/", arg_machine);
+- r = parse_env_file(m, NEWLINE, "CGROUP", &root, NULL);
++ r = parse_env_file(m, NEWLINE, "SCOPE", &scope, NULL);
++ if (r < 0) {
++ log_error("Failed to get machine path: %s", strerror(-r));
++ goto finish;
++ }
++
++ path = unit_dbus_path_from_name(scope);
++ if (!path) {
++ r = log_oom();
++ goto finish;
++ }
++
++ r = sd_bus_get_property(
++ bus,
++ "org.freedesktop.systemd1",
++ path,
++ "org.freedesktop.systemd1.Scope",
++ "ControlGroup",
++ &error,
++ &reply,
++ "s");
++
++ if (r < 0) {
++ log_error("Failed to query ControlGroup: %s", bus_error_message(&error, -r));
++ goto finish;
++ }
++
++ r = sd_bus_message_read(reply, "s", &cgroup);
++ if (r < 0) {
++ bus_log_parse_error(r);
++ goto finish;
++ }
++
++ root = strdup(cgroup);
++ if (!root) {
++ r = log_oom();
++ goto finish;
++ }
++
+ } else
+ r = cg_get_root_path(&root);
+ if (r < 0) {
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index 3dd4c91..4201e1e 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -871,7 +871,7 @@ int manager_setup_cgroup(Manager *m) {
+ safe_close(m->pin_cgroupfs_fd);
+
+ m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK);
+- if (r < 0) {
++ if (m->pin_cgroupfs_fd < 0) {
+ log_error("Failed to open pin file: %m");
+ return -errno;
+ }
+diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
+index 775825b..5b1c4e3 100644
+--- a/src/core/dbus-cgroup.c
++++ b/src/core/dbus-cgroup.c
+@@ -173,6 +173,7 @@ int bus_cgroup_set_property(
+
+ if (mode != UNIT_CHECK) {
+ c->cpu_accounting = b;
++ u->cgroup_realized_mask &= ~CGROUP_CPUACCT;
+ unit_write_drop_in_private(u, mode, name, b ? "CPUAccounting=yes" : "CPUAccounting=no");
+ }
+
+@@ -192,6 +193,7 @@ int bus_cgroup_set_property(
+
+ if (mode != UNIT_CHECK) {
+ c->cpu_shares = ul;
++ u->cgroup_realized_mask &= ~CGROUP_CPU;
+ unit_write_drop_in_private_format(u, mode, name, "CPUShares=%lu", ul);
+ }
+
+@@ -206,6 +208,7 @@ int bus_cgroup_set_property(
+
+ if (mode != UNIT_CHECK) {
+ c->blockio_accounting = b;
++ u->cgroup_realized_mask &= ~CGROUP_BLKIO;
+ unit_write_drop_in_private(u, mode, name, b ? "BlockIOAccounting=yes" : "BlockIOAccounting=no");
+ }
+
+@@ -225,6 +228,7 @@ int bus_cgroup_set_property(
+
+ if (mode != UNIT_CHECK) {
+ c->blockio_weight = ul;
++ u->cgroup_realized_mask &= ~CGROUP_BLKIO;
+ unit_write_drop_in_private_format(u, mode, name, "BlockIOWeight=%lu", ul);
+ }
+
+@@ -294,6 +298,8 @@ int bus_cgroup_set_property(
+ cgroup_context_free_blockio_device_bandwidth(c, a);
+ }
+
++ u->cgroup_realized_mask &= ~CGROUP_BLKIO;
++
+ f = open_memstream(&buf, &size);
+ if (!f)
+ return -ENOMEM;
+@@ -375,6 +381,8 @@ int bus_cgroup_set_property(
+ cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
+ }
+
++ u->cgroup_realized_mask &= ~CGROUP_BLKIO;
++
+ f = open_memstream(&buf, &size);
+ if (!f)
+ return -ENOMEM;
+@@ -398,6 +406,7 @@ int bus_cgroup_set_property(
+
+ if (mode != UNIT_CHECK) {
+ c->memory_accounting = b;
++ u->cgroup_realized_mask &= ~CGROUP_MEMORY;
+ unit_write_drop_in_private(u, mode, name, b ? "MemoryAccounting=yes" : "MemoryAccounting=no");
+ }
+
+@@ -412,6 +421,7 @@ int bus_cgroup_set_property(
+
+ if (mode != UNIT_CHECK) {
+ c->memory_limit = limit;
++ u->cgroup_realized_mask &= ~CGROUP_MEMORY;
+ unit_write_drop_in_private_format(u, mode, name, "%s=%" PRIu64, name, limit);
+ }
+
+@@ -433,6 +443,7 @@ int bus_cgroup_set_property(
+ char *buf;
+
+ c->device_policy = p;
++ u->cgroup_realized_mask &= ~CGROUP_DEVICE;
+
+ buf = strappenda("DevicePolicy=", policy);
+ unit_write_drop_in_private(u, mode, name, buf);
+@@ -511,6 +522,8 @@ int bus_cgroup_set_property(
+ cgroup_context_free_device_allow(c, c->device_allow);
+ }
+
++ u->cgroup_realized_mask &= ~CGROUP_DEVICE;
++
+ f = open_memstream(&buf, &size);
+ if (!f)
+ return -ENOMEM;
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 13b3d0d..37d4154 100644
+--- a/src/core/dbus-execute.c
++++ b/src/core/dbus-execute.c
+@@ -842,7 +842,7 @@ int bus_exec_context_set_transient_property(
+ strv_free(c->environment);
+ c->environment = e;
+
+- joined = strv_join(c->environment, " ");
++ joined = strv_join_quoted(c->environment);
+ if (!joined)
+ return -ENOMEM;
+
+diff --git a/src/core/job.c b/src/core/job.c
+index 35a9de6..dc4f441 100644
+--- a/src/core/job.c
++++ b/src/core/job.c
+@@ -1060,6 +1060,9 @@ int job_coldplug(Job *j) {
+ if (r < 0)
+ return r;
+
++ if (j->state == JOB_WAITING)
++ job_add_to_run_queue(j);
++
+ if (j->begin_usec == 0 || j->unit->job_timeout == 0)
+ return 0;
+
+diff --git a/src/core/killall.c b/src/core/killall.c
+index 57ed41c..eab48f7 100644
+--- a/src/core/killall.c
++++ b/src/core/killall.c
+@@ -168,7 +168,7 @@ static int killall(int sig, Set *pids, bool send_sighup) {
+ continue;
+
+ if (sig == SIGKILL) {
+- _cleanup_free_ char *s;
++ _cleanup_free_ char *s = NULL;
+
+ get_process_comm(pid, &s);
+ log_notice("Sending SIGKILL to PID "PID_FMT" (%s).", pid, strna(s));
+diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
+index d459afe..2a58e48 100644
+--- a/src/core/machine-id-setup.c
++++ b/src/core/machine-id-setup.c
+@@ -93,32 +93,9 @@ static int generate(char id[34], const char *root) {
+ }
+ }
+
+- /* If that didn't work, see if we are running in qemu/kvm and a
+- * machine ID was passed in via -uuid on the qemu/kvm command
+- * line */
+-
+- r = detect_vm(&vm_id);
+- if (r > 0 && streq(vm_id, "kvm")) {
+- char uuid[37];
+-
+- fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
+- if (fd >= 0) {
+- k = loop_read(fd, uuid, 36, false);
+- safe_close(fd);
+-
+- if (k >= 36) {
+- r = shorten_uuid(id, uuid);
+- if (r >= 0) {
+- log_info("Initializing machine ID from KVM UUID.");
+- return 0;
+- }
+- }
+- }
+- }
+-
+- /* If that didn't work either, see if we are running in a
+- * container, and a machine ID was passed in via
+- * $container_uuid the way libvirt/LXC does it */
++ /* If that didn't work, see if we are running in a container,
++ * and a machine ID was passed in via $container_uuid the way
++ * libvirt/LXC does it */
+ r = detect_container(NULL);
+ if (r > 0) {
+ _cleanup_free_ char *e = NULL;
+@@ -133,6 +110,30 @@ static int generate(char id[34], const char *root) {
+ }
+ }
+ }
++
++ } else {
++ /* If we are not running in a container, see if we are
++ * running in qemu/kvm and a machine ID was passed in
++ * via -uuid on the qemu/kvm command line */
++
++ r = detect_vm(&vm_id);
++ if (r > 0 && streq(vm_id, "kvm")) {
++ char uuid[37];
++
++ fd = open("/sys/class/dmi/id/product_uuid", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
++ if (fd >= 0) {
++ k = loop_read(fd, uuid, 36, false);
++ safe_close(fd);
++
++ if (k >= 36) {
++ r = shorten_uuid(id, uuid);
++ if (r >= 0) {
++ log_info("Initializing machine ID from KVM UUID.");
++ return 0;
++ }
++ }
++ }
++ }
+ }
+
+ /* If that didn't work, generate a random machine id */
diff --git a/src/core/main.c b/src/core/main.c
-index 41605ee..8517369 100644
+index 41605ee..c65701d 100644
--- a/src/core/main.c
+++ b/src/core/main.c
-@@ -1883,7 +1883,7 @@ finish:
+@@ -1840,6 +1840,7 @@ finish:
+ if (reexecute) {
+ const char **args;
+ unsigned i, args_size;
++ sigset_t ss;
+
+ /* Close and disarm the watchdog, so that the new
+ * instance can reinitialize it, but doesn't get
+@@ -1883,7 +1884,7 @@ finish:
char_array_0(sfd);
i = 0;
@@ -41,6 +411,83 @@ index 41605ee..8517369 100644
if (switch_root_dir)
args[i++] = "--switched-root";
args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
+@@ -1923,6 +1924,13 @@ finish:
+ args[i++] = NULL;
+ assert(i <= args_size);
+
++ /* reenable any blocked signals, especially important
++ * if we switch from initial ramdisk to init=... */
++ reset_all_signal_handlers();
++
++ assert_se(sigemptyset(&ss) == 0);
++ assert_se(sigprocmask(SIG_SETMASK, &ss, NULL) == 0);
++
+ if (switch_root_init) {
+ args[0] = switch_root_init;
+ execv(args[0], (char* const*) args);
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 224106c..7342095 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -422,7 +422,7 @@ int manager_new(SystemdRunningAs running_as, Manager **_m) {
+ return -ENOMEM;
+
+ #ifdef ENABLE_EFI
+- if (detect_container(NULL) <= 0)
++ if (running_as == SYSTEMD_SYSTEM && detect_container(NULL) <= 0)
+ boot_timestamps(&m->userspace_timestamp, &m->firmware_timestamp, &m->loader_timestamp);
+ #endif
+
+@@ -2129,9 +2129,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
+ if (u->id != t)
+ continue;
+
+- if (!unit_can_serialize(u))
+- continue;
+-
+ /* Start marker */
+ fputs(u->id, f);
+ fputc('\n', f);
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index 9f15211..e41cf5b 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -42,6 +42,7 @@
+ #include "mkdir.h"
+ #include "dev-setup.h"
+ #include "def.h"
++#include "label.h"
+
+ typedef enum MountMode {
+ /* This is ordered by priority! */
+@@ -68,6 +69,7 @@ static int append_mounts(BindMount **p, char **strv, MountMode mode) {
+ STRV_FOREACH(i, strv) {
+
+ (*p)->ignore = false;
++ (*p)->done = false;
+
+ if ((mode == INACCESSIBLE || mode == READONLY || mode == READWRITE) && (*i)[0] == '-') {
+ (*p)->ignore = true;
+@@ -217,7 +219,10 @@ static int mount_dev(BindMount *m) {
+ goto fail;
+ }
+
++ label_context_set(d, st.st_mode);
+ r = mknod(dn, st.st_mode, st.st_rdev);
++ label_context_clear();
++
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+@@ -350,7 +355,7 @@ int setup_namespace(
+ private_dev;
+
+ if (n > 0) {
+- m = mounts = (BindMount *) alloca(n * sizeof(BindMount));
++ m = mounts = (BindMount *) alloca0(n * sizeof(BindMount));
+ r = append_mounts(&m, read_write_dirs, READWRITE);
+ if (r < 0)
+ return r;
diff --git a/src/core/service.c b/src/core/service.c
index ae3695a..6b3aa45 100644
--- a/src/core/service.c
@@ -58,7 +505,7 @@ index ae3695a..6b3aa45 100644
log_error_unit(UNIT(s)->id, "%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->id);
return -EINVAL;
diff --git a/src/core/socket.c b/src/core/socket.c
-index 7c18a2b..eba67d5 100644
+index 7c18a2b..1a560a6 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
@@ -96,6 +543,115 @@ index 7c18a2b..eba67d5 100644
break;
}
+@@ -1242,6 +1251,8 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ NULL,
+ s->exec_runtime,
+ &pid);
++ if (r < 0)
++ goto fail;
+
+ strv_free(argv);
+ if (r < 0)
+@@ -1497,6 +1508,12 @@ static void socket_enter_running(Socket *s, int cfd) {
+ }
+
+ if (!pending) {
++ if (!UNIT_ISSET(s->service)) {
++ log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
++ r = -ENOENT;
++ goto fail;
++ }
++
+ r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
+ if (r < 0)
+ goto fail;
+diff --git a/src/core/timer.c b/src/core/timer.c
+index 6c85304..720b8af 100644
+--- a/src/core/timer.c
++++ b/src/core/timer.c
+@@ -111,6 +111,23 @@ static int timer_add_default_dependencies(Timer *t) {
+ return unit_add_two_dependencies_by_name(UNIT(t), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
+ }
+
++static void update_stampfile(Timer *t, usec_t timestamp) {
++ _cleanup_close_ int fd = -1;
++
++ mkdir_parents_label(t->stamp_path, 0755);
++
++ /* Update the file atime + mtime, if we can */
++ fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);
++ if (fd >= 0) {
++ struct timespec ts[2];
++
++ timespec_store(&ts[0], timestamp);
++ ts[1] = ts[0];
++
++ futimens(fd, ts);
++ }
++}
++
+ static int timer_setup_persistent(Timer *t) {
+ int r;
+
+@@ -131,7 +148,7 @@ static int timer_setup_persistent(Timer *t) {
+
+ e = getenv("XDG_DATA_HOME");
+ if (e)
+- t->stamp_path = strjoin(e, "/systemd/timers/", UNIT(t)->id, NULL);
++ t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id, NULL);
+ else {
+
+ _cleanup_free_ char *h = NULL;
+@@ -496,22 +513,8 @@ static void timer_enter_running(Timer *t) {
+
+ dual_timestamp_get(&t->last_trigger);
+
+- if (t->stamp_path) {
+- _cleanup_close_ int fd = -1;
+-
+- mkdir_parents_label(t->stamp_path, 0755);
+-
+- /* Update the file atime + mtime, if we can */
+- fd = open(t->stamp_path, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);
+- if (fd >= 0) {
+- struct timespec ts[2];
+-
+- timespec_store(&ts[0], t->last_trigger.realtime);
+- ts[1] = ts[0];
+-
+- futimens(fd, ts);
+- }
+- }
++ if (t->stamp_path)
++ update_stampfile(t, t->last_trigger.realtime);
+
+ timer_set_state(t, TIMER_RUNNING);
+ return;
+@@ -539,6 +542,11 @@ static int timer_start(Unit *u) {
+
+ if (stat(t->stamp_path, &st) >= 0)
+ t->last_trigger.realtime = timespec_load(&st.st_atim);
++ else if (errno == ENOENT)
++ /* The timer has never run before,
++ * make sure a stamp file exists.
++ */
++ update_stampfile(t, now(CLOCK_REALTIME));
+ }
+
+ t->result = TIMER_SUCCESS;
+diff --git a/src/core/transaction.c b/src/core/transaction.c
+index d00f427..2befc32 100644
+--- a/src/core/transaction.c
++++ b/src/core/transaction.c
+@@ -378,7 +378,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi
+ "Found dependency on %s/%s",
+ k->unit->id, job_type_to_string(k->type));
+
+- if (!delete &&
++ if (!delete && hashmap_get(tr->jobs, k->unit) &&
+ !unit_matters_to_anchor(k->unit, k)) {
+ /* Ok, we can drop this one, so let's
+ * do so. */
diff --git a/src/core/umount.c b/src/core/umount.c
index d1258f0..0311812 100644
--- a/src/core/umount.c
@@ -109,6 +665,195 @@ index d1258f0..0311812 100644
#ifndef HAVE_SPLIT_USR
|| path_equal(m->path, "/usr")
#endif
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 153b79b..ed52694 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -2287,25 +2287,25 @@ bool unit_can_serialize(Unit *u) {
+ }
+
+ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
+- ExecRuntime *rt;
+ int r;
+
+ assert(u);
+ assert(f);
+ assert(fds);
+
+- if (!unit_can_serialize(u))
+- return 0;
+-
+- r = UNIT_VTABLE(u)->serialize(u, f, fds);
+- if (r < 0)
+- return r;
++ if (unit_can_serialize(u)) {
++ ExecRuntime *rt;
+
+- rt = unit_get_exec_runtime(u);
+- if (rt) {
+- r = exec_runtime_serialize(rt, u, f, fds);
++ r = UNIT_VTABLE(u)->serialize(u, f, fds);
+ if (r < 0)
+ return r;
++
++ rt = unit_get_exec_runtime(u);
++ if (rt) {
++ r = exec_runtime_serialize(rt, u, f, fds);
++ if (r < 0)
++ return r;
++ }
+ }
+
+ dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
+@@ -2367,17 +2367,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) {
+ }
+
+ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
+- size_t offset;
+ ExecRuntime **rt = NULL;
++ size_t offset;
+ int r;
+
+ assert(u);
+ assert(f);
+ assert(fds);
+
+- if (!unit_can_serialize(u))
+- return 0;
+-
+ offset = UNIT_VTABLE(u)->exec_runtime_offset;
+ if (offset > 0)
+ rt = (ExecRuntime**) ((uint8_t*) u + offset);
+@@ -2487,24 +2484,34 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
+ if (!s)
+ return -ENOMEM;
+
+- free(u->cgroup_path);
+- u->cgroup_path = s;
++ if (u->cgroup_path) {
++ void *p;
+
++ p = hashmap_remove(u->manager->cgroup_unit, u->cgroup_path);
++ log_info("Removing cgroup_path %s from hashmap (%p)",
++ u->cgroup_path, p);
++ free(u->cgroup_path);
++ }
++
++ u->cgroup_path = s;
+ assert(hashmap_put(u->manager->cgroup_unit, s, u) == 1);
++
+ continue;
+ }
+
+- if (rt) {
+- r = exec_runtime_deserialize_item(rt, u, l, v, fds);
++ if (unit_can_serialize(u)) {
++ if (rt) {
++ r = exec_runtime_deserialize_item(rt, u, l, v, fds);
++ if (r < 0)
++ return r;
++ if (r > 0)
++ continue;
++ }
++
++ r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
+ if (r < 0)
+ return r;
+- if (r > 0)
+- continue;
+ }
+-
+- r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
+- if (r < 0)
+- return r;
+ }
+ }
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 75d56dd..be8fb2f 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -29,6 +29,7 @@
+ #include "mkdir.h"
+ #include "strv.h"
+ #include "fileio.h"
++#include "path-util.h"
+
+ static const char *arg_dest = "/tmp";
+ static bool arg_enabled = true;
+@@ -144,16 +145,19 @@ static int create_disk(
+ if (!uu)
+ return log_oom();
+
+- if (is_device_path(uu)) {
+- _cleanup_free_ char *dd;
++ if (!path_equal(uu, "/dev/null")) {
+
+- dd = unit_name_from_path(uu, ".device");
+- if (!dd)
+- return log_oom();
++ if (is_device_path(uu)) {
++ _cleanup_free_ char *dd;
+
+- fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
+- } else
+- fprintf(f, "RequiresMountsFor=%s\n", password);
++ dd = unit_name_from_path(uu, ".device");
++ if (!dd)
++ return log_oom();
++
++ fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
++ } else
++ fprintf(f, "RequiresMountsFor=%s\n", password);
++ }
+ }
+ }
+
+@@ -287,7 +291,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
+ } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
+
+ free(arg_keyfile);
+- arg_keyfile = strdup(key);
++ arg_keyfile = strdup(value);
+ if (!arg_keyfile)
+ return log_oom();
+
+diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
+index 9b9074c..ad6c76c 100644
+--- a/src/cryptsetup/cryptsetup.c
++++ b/src/cryptsetup/cryptsetup.c
+@@ -88,6 +88,13 @@ static int parse_one_option(const char *option) {
+ return 0;
+ }
+
++ if (arg_key_size % 8) {
++ log_error("size= not a multiple of 8, ignoring.");
++ return 0;
++ }
++
++ arg_key_size /= 8;
++
+ } else if (startswith(option, "key-slot=")) {
+
+ arg_type = CRYPT_LUKS1;
+@@ -404,7 +411,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
+ /* for CRYPT_PLAIN limit reads
+ * from keyfile to key length, and
+ * ignore keyfile-size */
+- arg_keyfile_size = arg_key_size / 8;
++ arg_keyfile_size = arg_key_size;
+
+ /* In contrast to what the name
+ * crypt_setup() might suggest this
+@@ -567,7 +574,7 @@ int main(int argc, char *argv[]) {
+ else
+ until = 0;
+
+- arg_key_size = (arg_key_size > 0 ? arg_key_size : 256);
++ arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
+
+ if (key_file) {
+ struct stat st;
diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
index 18f2aca..2a2b1ea 100644
--- a/src/fsck/fsck.c
@@ -131,11 +876,715 @@ index 18f2aca..2a2b1ea 100644
cmdline[i++] = "-a";
cmdline[i++] = "-T";
cmdline[i++] = "-l";
+diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c
+index 6a4aa2c..700e90a 100644
+--- a/src/getty-generator/getty-generator.c
++++ b/src/getty-generator/getty-generator.c
+@@ -72,7 +72,7 @@ static int add_serial_getty(const char *tty) {
+
+ log_debug("Automatically adding serial getty for /dev/%s.", tty);
+
+- n = unit_name_replace_instance("serial-getty@.service", tty);
++ n = unit_name_from_path_instance("serial-getty", tty, ".service");
+ if (!n)
+ return log_oom();
+
+@@ -86,7 +86,7 @@ static int add_container_getty(const char *tty) {
+
+ log_debug("Automatically adding container getty for /dev/pts/%s.", tty);
+
+- n = unit_name_replace_instance("container-getty@.service", tty);
++ n = unit_name_from_path_instance("container-getty", tty, ".service");
+ if (!n)
+ return log_oom();
+
+diff --git a/src/journal/catalog.c b/src/journal/catalog.c
+index 3ed0b7e..02dedc4 100644
+--- a/src/journal/catalog.c
++++ b/src/journal/catalog.c
+@@ -103,7 +103,7 @@ static int finish_item(
+ const char *payload) {
+
+ ssize_t offset;
+- CatalogItem *i;
++ _cleanup_free_ CatalogItem *i = NULL;
+ int r;
+
+ assert(h);
+@@ -126,13 +126,14 @@ static int finish_item(
+ i->offset = htole64((uint64_t) offset);
+
+ r = hashmap_put(h, i, i);
+- if (r == EEXIST) {
++ if (r == -EEXIST) {
+ log_warning("Duplicate entry for " SD_ID128_FORMAT_STR ".%s, ignoring.",
+ SD_ID128_FORMAT_VAL(id), language ? language : "C");
+- free(i);
+ return 0;
+- }
++ } else if (r < 0)
++ return r;
+
++ i = NULL;
+ return 0;
+ }
+
+@@ -383,8 +384,8 @@ error:
+ int catalog_update(const char* database, const char* root, const char* const* dirs) {
+ _cleanup_strv_free_ char **files = NULL;
+ char **f;
+- Hashmap *h;
+ struct strbuf *sb = NULL;
++ _cleanup_hashmap_free_free_ Hashmap *h = NULL;
+ _cleanup_free_ CatalogItem *items = NULL;
+ CatalogItem *i;
+ Iterator j;
+@@ -406,13 +407,17 @@ int catalog_update(const char* database, const char* root, const char* const* di
+ }
+
+ STRV_FOREACH(f, files) {
+- log_debug("reading file '%s'", *f);
+- catalog_import_file(h, sb, *f);
++ log_debug("Reading file '%s'", *f);
++ r = catalog_import_file(h, sb, *f);
++ if (r < 0) {
++ log_error("Failed to import file '%s': %s.",
++ *f, strerror(-r));
++ goto finish;
++ }
+ }
+
+ if (hashmap_size(h) <= 0) {
+ log_info("No items in catalog.");
+- r = 0;
+ goto finish;
+ } else
+ log_debug("Found %u items in catalog.", hashmap_size(h));
+@@ -443,11 +448,7 @@ int catalog_update(const char* database, const char* root, const char* const* di
+ log_debug("%s: wrote %u items, with %zu bytes of strings, %ld total size.",
+ database, n, sb->len, r);
+
+- r = 0;
+-
+ finish:
+- if (h)
+- hashmap_free_free(h);
+ if (sb)
+ strbuf_cleanup(sb);
+
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index f2f1f35..fd9d2a8 100644
+--- a/src/journal/journal-file.c
++++ b/src/journal/journal-file.c
+@@ -274,12 +274,6 @@ static int journal_file_verify_header(JournalFile *f) {
+ !VALID64(le64toh(f->header->entry_array_offset)))
+ return -ENODATA;
+
+- if (le64toh(f->header->data_hash_table_offset) < le64toh(f->header->header_size) ||
+- le64toh(f->header->field_hash_table_offset) < le64toh(f->header->header_size) ||
+- le64toh(f->header->tail_object_offset) < le64toh(f->header->header_size) ||
+- le64toh(f->header->entry_array_offset) < le64toh(f->header->header_size))
+- return -ENODATA;
+-
+ if (f->writable) {
+ uint8_t state;
+ sd_id128_t machine_id;
+diff --git a/src/journal/journal-remote-parse.c b/src/journal/journal-remote-parse.c
+index 142de0e..239ff38 100644
+--- a/src/journal/journal-remote-parse.c
++++ b/src/journal/journal-remote-parse.c
+@@ -40,7 +40,7 @@ void source_free(RemoteSource *source) {
+
+ static int get_line(RemoteSource *source, char **line, size_t *size) {
+ ssize_t n, remain;
+- char *c;
++ char *c = NULL;
+ char *newbuf = NULL;
+ size_t newsize = 0;
+
+@@ -49,7 +49,9 @@ static int get_line(RemoteSource *source, char **line, size_t *size) {
+ assert(source->filled <= source->size);
+ assert(source->buf == NULL || source->size > 0);
+
+- c = memchr(source->buf, '\n', source->filled);
++ if (source->buf)
++ c = memchr(source->buf, '\n', source->filled);
++
+ if (c != NULL)
+ goto docopy;
+
+diff --git a/src/journal/journald-kmsg.c b/src/journal/journald-kmsg.c
+index 35948ea..48725e4 100644
+--- a/src/journal/journald-kmsg.c
++++ b/src/journal/journald-kmsg.c
+@@ -152,7 +152,7 @@ static void dev_kmsg_record(Server *s, char *p, size_t l) {
+ /* Did we lose any? */
+ if (serial > *s->kernel_seqnum)
+ server_driver_message(s, SD_MESSAGE_JOURNAL_MISSED, "Missed %"PRIu64" kernel messages",
+- serial - *s->kernel_seqnum - 1);
++ serial - *s->kernel_seqnum);
+
+ /* Make sure we never read this one again. Note that
+ * we always store the next message serial we expect
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 6da81e7..b6f8e7e 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -67,6 +67,7 @@
+ #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
+ #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
+ #define DEFAULT_RATE_LIMIT_BURST 1000
++#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
+
+ #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
+
+@@ -1473,6 +1474,8 @@ int server_init(Server *s) {
+ s->forward_to_syslog = true;
+ s->forward_to_wall = true;
+
++ s->max_file_usec = DEFAULT_MAX_FILE_USEC;
++
+ s->max_level_store = LOG_DEBUG;
+ s->max_level_syslog = LOG_DEBUG;
+ s->max_level_kmsg = LOG_NOTICE;
+diff --git a/src/journal/microhttpd-util.c b/src/journal/microhttpd-util.c
+index f693e0f..9a8d5c6 100644
+--- a/src/journal/microhttpd-util.c
++++ b/src/journal/microhttpd-util.c
+@@ -129,7 +129,7 @@ void log_func_gnutls(int level, const char *message) {
+ if (0 <= level && level < (int) ELEMENTSOF(log_level_map))
+ ourlevel = log_level_map[level];
+ else
+- level = LOG_DEBUG;
++ ourlevel = LOG_DEBUG;
+
+ log_meta(ourlevel, NULL, 0, NULL, "gnutls: %s", message);
+ }
+diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c
+index b087a8b..967ab67 100644
+--- a/src/journal/test-catalog.c
++++ b/src/journal/test-catalog.c
+@@ -157,7 +157,8 @@ int main(int argc, char *argv[]) {
+
+ setlocale(LC_ALL, "de_DE.UTF-8");
+
+- log_set_max_level(LOG_DEBUG);
++ log_parse_environment();
++ log_open();
+
+ test_catalog_file_lang();
+
+diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
+index 84a8ffa..e79b318 100644
+--- a/src/libsystemd/sd-rtnl/rtnl-message.c
++++ b/src/libsystemd/sd-rtnl/rtnl-message.c
+@@ -335,24 +335,28 @@ int sd_rtnl_message_link_get_flags(sd_rtnl_message *m, unsigned *flags) {
+ /* If successful the updated message will be correctly aligned, if
+ unsuccessful the old message is untouched. */
+ static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data, size_t data_length) {
+- uint32_t rta_length, message_length;
++ uint32_t rta_length;
++ size_t message_length, padding_length;
+ struct nlmsghdr *new_hdr;
+ struct rtattr *rta;
+ char *padding;
+ unsigned i;
++ int offset;
+
+ assert(m);
+ assert(m->hdr);
+ assert(!m->sealed);
+ assert(NLMSG_ALIGN(m->hdr->nlmsg_len) == m->hdr->nlmsg_len);
+- assert(!data || data_length > 0);
+- assert(data || m->n_containers < RTNL_CONTAINER_DEPTH);
++ assert(!data || data_length);
++
++ /* get offset of the new attribute */
++ offset = m->hdr->nlmsg_len;
+
+ /* get the size of the new rta attribute (with padding at the end) */
+ rta_length = RTA_LENGTH(data_length);
+
+ /* get the new message size (with padding at the end) */
+- message_length = m->hdr->nlmsg_len + RTA_ALIGN(rta_length);
++ message_length = offset + RTA_ALIGN(rta_length);
+
+ /* realloc to fit the new attribute */
+ new_hdr = realloc(m->hdr, message_length);
+@@ -361,32 +365,35 @@ static int add_rtattr(sd_rtnl_message *m, unsigned short type, const void *data,
+ m->hdr = new_hdr;
+
+ /* get pointer to the attribute we are about to add */
+- rta = (struct rtattr *) ((uint8_t *) m->hdr + m->hdr->nlmsg_len);
++ rta = (struct rtattr *) ((uint8_t *) m->hdr + offset);
+
+ /* if we are inside containers, extend them */
+ for (i = 0; i < m->n_containers; i++)
+- GET_CONTAINER(m, i)->rta_len += message_length - m->hdr->nlmsg_len;
++ GET_CONTAINER(m, i)->rta_len += message_length - offset;
+
+ /* fill in the attribute */
+ rta->rta_type = type;
+ rta->rta_len = rta_length;
+- if (!data) {
+- /* this is the start of a new container */
+- m->container_offsets[m->n_containers ++] = m->hdr->nlmsg_len;
+- } else {
++ if (data)
+ /* we don't deal with the case where the user lies about the type
+ * and gives us too little data (so don't do that)
+- */
++ */
+ padding = mempcpy(RTA_DATA(rta), data, data_length);
+- /* make sure also the padding at the end of the message is initialized */
+- memzero(padding,
+- (uint8_t *) m->hdr + message_length - (uint8_t *) padding);
++ else {
++ /* if no data was passed, make sure we still initialize the padding
++ note that we can have data_length > 0 (used by some containers) */
++ padding = RTA_DATA(rta);
++ data_length = 0;
+ }
+
++ /* make sure also the padding at the end of the message is initialized */
++ padding_length = (uint8_t*)m->hdr + message_length - (uint8_t*)padding;
++ memzero(padding, padding_length);
++
+ /* update message size */
+ m->hdr->nlmsg_len = message_length;
+
+- return 0;
++ return offset;
+ }
+
+ int sd_rtnl_message_append_string(sd_rtnl_message *m, unsigned short type, const char *data) {
+@@ -761,22 +768,29 @@ int sd_rtnl_message_open_container(sd_rtnl_message *m, unsigned short type) {
+
+ assert_return(m, -EINVAL);
+ assert_return(!m->sealed, -EPERM);
++ assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -ERANGE);
+
+ sd_rtnl_message_get_type(m, &rtm_type);
+
++ int r = -ENOTSUP;
++
+ if (rtnl_message_type_is_link(rtm_type)) {
+
+ if ((type == IFLA_LINKINFO && m->n_containers == 0) ||
+ (type == IFLA_INFO_DATA && m->n_containers == 1 &&
+ GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO))
+- return add_rtattr(m, type, NULL, 0);
++ r = add_rtattr(m, type, NULL, 0);
+ else if (type == VETH_INFO_PEER && m->n_containers == 2 &&
+ GET_CONTAINER(m, 1)->rta_type == IFLA_INFO_DATA &&
+ GET_CONTAINER(m, 0)->rta_type == IFLA_LINKINFO)
+- return add_rtattr(m, type, NULL, sizeof(struct ifinfomsg));
++ r= add_rtattr(m, type, NULL, sizeof(struct ifinfomsg));
+ }
+
+- return -ENOTSUP;
++ if (r < 0) return r;
++
++ m->container_offsets[m->n_containers ++] = r;
++
++ return 0;
+ }
+
+ int sd_rtnl_message_close_container(sd_rtnl_message *m) {
+diff --git a/src/libudev/libudev-monitor.c b/src/libudev/libudev-monitor.c
+index ba1b04d..85b1e40 100644
+--- a/src/libudev/libudev-monitor.c
++++ b/src/libudev/libudev-monitor.c
+@@ -108,15 +108,13 @@ static struct udev_monitor *udev_monitor_new(struct udev *udev)
+
+ /* we consider udev running when /dev is on devtmpfs */
+ static bool udev_has_devtmpfs(struct udev *udev) {
+- struct file_handle *h;
++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, };
+ int mount_id;
+ _cleanup_fclose_ FILE *f = NULL;
+ char line[LINE_MAX], *e;
+ int r;
+
+- h = alloca(MAX_HANDLE_SZ);
+- h->handle_bytes = MAX_HANDLE_SZ;
+- r = name_to_handle_at(AT_FDCWD, "/dev", h, &mount_id, 0);
++ r = name_to_handle_at(AT_FDCWD, "/dev", &h.handle, &mount_id, 0);
+ if (r < 0)
+ return false;
+
+diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules
+index e1cf897..57f619d 100644
+--- a/src/login/70-uaccess.rules
++++ b/src/login/70-uaccess.rules
+@@ -12,7 +12,7 @@ ENV{MAJOR}=="", GOTO="uaccess_end"
+ SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess"
+
+ # Digicams with proprietary protocol
+-ENV{ID_GPHOTO2}=="*?", TAG+="uaccess"
++ENV{ID_GPHOTO2}=="?*", TAG+="uaccess"
+
+ # SCSI and USB scanners
+ ENV{libsane_matched}=="yes", TAG+="uaccess"
+@@ -49,13 +49,13 @@ SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess"
+ SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"
+
+ # smart-card readers
+-ENV{ID_SMARTCARD_READER}=="*?", TAG+="uaccess"
++ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess"
+
+ # (USB) authentication devices
+-ENV{ID_SECURITY_TOKEN}=="*?", TAG+="uaccess"
++ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess"
+
+ # PDA devices
+-ENV{ID_PDA}=="*?", TAG+="uaccess"
++ENV{ID_PDA}=="?*", TAG+="uaccess"
+
+ # Programmable remote control
+ ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess"
+@@ -64,10 +64,10 @@ ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess"
+ SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess"
+
+ # color measurement devices
+-ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="uaccess"
++ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess"
+
+ # DDC/CI device, usually high-end monitors such as the DreamColor
+-ENV{DDC_DEVICE}=="*?", TAG+="uaccess"
++ENV{DDC_DEVICE}=="?*", TAG+="uaccess"
+
+ # media player raw devices (for user-mode drivers, Android SDK, etc.)
+ SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"
+diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
+index dc86f0f..4bbeb64 100644
+--- a/src/login/logind-acl.c
++++ b/src/login/logind-acl.c
+@@ -279,7 +279,9 @@ int devnode_acl_all(struct udev *udev,
+
+ log_debug("Fixing up ACLs at %s for seat %s", n, seat);
+ k = devnode_acl(n, flush, del, old_uid, add, new_uid);
+- if (k < 0)
++ if (k == -ENOENT)
++ log_debug("Device %s disappeared while setting ACLs", n);
++ else if (k < 0)
+ r = k;
+ }
+
+diff --git a/src/login/logind-action.c b/src/login/logind-action.c
+index 1928f43..d69c7ad 100644
+--- a/src/login/logind-action.c
++++ b/src/login/logind-action.c
+@@ -79,14 +79,12 @@ int manager_handle_action(
+ return 0;
+ }
+
+- /* If we have more than one or no displays connected,
+- * don't react to lid closing. The no display case we
+- * treat like this under the assumption that there is
+- * no modern drm driver available. */
++ /* If we have more than one display connected,
++ * don't react to lid closing. */
+ n = manager_count_displays(m);
+ if (n < 0)
+ log_warning("Display counting failed: %s", strerror(-n));
+- else if (n != 1) {
++ else if (n > 1) {
+ log_debug("Ignoring lid switch request, %i displays connected.", n);
+ return 0;
+ }
+diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
+index 3f5efdc..1ee6ced 100644
+--- a/src/login/logind-seat.c
++++ b/src/login/logind-seat.c
+@@ -275,8 +275,13 @@ int seat_switch_to(Seat *s, unsigned int num) {
+ if (!num)
+ return -EINVAL;
+
+- if (num >= s->position_count || !s->positions[num])
++ if (num >= s->position_count || !s->positions[num]) {
++ /* allow switching to unused VTs to trigger auto-activate */
++ if (seat_has_vts(s) && num < 64)
++ return chvt(num);
++
+ return -EINVAL;
++ }
+
+ return session_activate(s->positions[num]);
+ }
+diff --git a/src/login/logind-session.c b/src/login/logind-session.c
+index 4ca6b5d..02a780d 100644
+--- a/src/login/logind-session.c
++++ b/src/login/logind-session.c
+@@ -213,7 +213,6 @@ int session_save(Session *s) {
+
+ if (s->scope)
+ fprintf(f, "SCOPE=%s\n", s->scope);
+-
+ if (s->scope_job)
+ fprintf(f, "SCOPE_JOB=%s\n", s->scope_job);
+
+@@ -229,17 +228,54 @@ int session_save(Session *s) {
+ if (s->display)
+ fprintf(f, "DISPLAY=%s\n", s->display);
+
+- if (s->remote_host)
+- fprintf(f, "REMOTE_HOST=%s\n", s->remote_host);
++ if (s->remote_host) {
++ _cleanup_free_ char *escaped;
++
++ escaped = cescape(s->remote_host);
++ if (!escaped) {
++ r = -ENOMEM;
++ goto finish;
++ }
++
++ fprintf(f, "REMOTE_HOST=%s\n", escaped);
++ }
++
++ if (s->remote_user) {
++ _cleanup_free_ char *escaped;
++
++ escaped = cescape(s->remote_user);
++ if (!escaped) {
++ r = -ENOMEM;
++ goto finish;
++ }
++
++ fprintf(f, "REMOTE_USER=%s\n", escaped);
++ }
++
++ if (s->service) {
++ _cleanup_free_ char *escaped;
+
+- if (s->remote_user)
+- fprintf(f, "REMOTE_USER=%s\n", s->remote_user);
++ escaped = cescape(s->service);
++ if (!escaped) {
++ r = -ENOMEM;
++ goto finish;
++ }
++
++ fprintf(f, "SERVICE=%s\n", escaped);
++ }
+
+- if (s->service)
+- fprintf(f, "SERVICE=%s\n", s->service);
++ if (s->desktop) {
++ _cleanup_free_ char *escaped;
+
+- if (s->desktop)
+- fprintf(f, "DESKTOP=%s\n", s->desktop);
++
++ escaped = cescape(s->desktop);
++ if (!escaped) {
++ r = -ENOMEM;
++ goto finish;
++ }
++
++ fprintf(f, "DESKTOP=%s\n", escaped);
++ }
+
+ if (s->seat && seat_has_vts(s->seat))
+ fprintf(f, "VTNR=%u\n", s->vtnr);
+@@ -972,6 +1008,10 @@ void session_mute_vt(Session *s) {
+ if (vt < 0)
+ return;
+
++ r = fchown(vt, s->user->uid, -1);
++ if (r < 0)
++ goto error;
++
+ r = ioctl(vt, KDSKBMODE, K_OFF);
+ if (r < 0)
+ goto error;
+@@ -1026,6 +1066,8 @@ void session_restore_vt(Session *s) {
+ mode.mode = VT_AUTO;
+ ioctl(vt, VT_SETMODE, &mode);
+
++ fchown(vt, 0, -1);
++
+ s->vtfd = safe_close(s->vtfd);
+ }
+
+diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in
+index b96d32d..b8e90f1 100644
+--- a/src/login/org.freedesktop.login1.policy.in
++++ b/src/login/org.freedesktop.login1.policy.in
+@@ -254,7 +254,7 @@
+
+ auth_admin_keep
+ auth_admin_keep
+- auth_admin_keep
++ yes
+
+ org.freedesktop.login1.hibernate
+
+diff --git a/src/login/pam-module.c b/src/login/pam-module.c
+index 9873dd5..1259457 100644
+--- a/src/login/pam-module.c
++++ b/src/login/pam-module.c
+@@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
+ }
+
+ if (session_fd >= 0) {
+- session_fd = dup(session_fd);
++ session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3);
+ if (session_fd < 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
+ return PAM_SESSION_ERR;
+diff --git a/src/machine/machine.c b/src/machine/machine.c
+index 9a5cc9a..de701ad 100644
+--- a/src/machine/machine.c
++++ b/src/machine/machine.c
+@@ -123,17 +123,42 @@ int machine_save(Machine *m) {
+ "NAME=%s\n",
+ m->name);
+
+- if (m->unit)
+- fprintf(f, "SCOPE=%s\n", m->unit); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */
++ if (m->unit) {
++ _cleanup_free_ char *escaped;
++
++ escaped = cescape(m->unit);
++ if (!escaped) {
++ r = -ENOMEM;
++ goto finish;
++ }
++
++ fprintf(f, "SCOPE=%s\n", escaped); /* We continue to call this "SCOPE=" because it is internal only, and we want to stay compatible with old files */
++ }
+
+ if (m->scope_job)
+ fprintf(f, "SCOPE_JOB=%s\n", m->scope_job);
+
+- if (m->service)
+- fprintf(f, "SERVICE=%s\n", m->service);
++ if (m->service) {
++ _cleanup_free_ char *escaped;
+
+- if (m->root_directory)
+- fprintf(f, "ROOT=%s\n", m->root_directory);
++ escaped = cescape(m->service);
++ if (!escaped) {
++ r = -ENOMEM;
++ goto finish;
++ }
++ fprintf(f, "SERVICE=%s\n", escaped);
++ }
++
++ if (m->root_directory) {
++ _cleanup_free_ char *escaped;
++
++ escaped = cescape(m->root_directory);
++ if (!escaped) {
++ r = -ENOMEM;
++ goto finish;
++ }
++ fprintf(f, "ROOT=%s\n", escaped);
++ }
+
+ if (!sd_id128_equal(m->id, SD_ID128_NULL))
+ fprintf(f, "ID=" SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->id));
+@@ -330,16 +355,18 @@ static int machine_stop_scope(Machine *m) {
+ if (!m->unit)
+ return 0;
+
+- r = manager_stop_unit(m->manager, m->unit, &error, &job);
+- if (r < 0) {
+- log_error("Failed to stop machine scope: %s", bus_error_message(&error, r));
+- return r;
++ if (!m->registered) {
++ r = manager_stop_unit(m->manager, m->unit, &error, &job);
++ if (r < 0) {
++ log_error("Failed to stop machine scope: %s", bus_error_message(&error, r));
++ return r;
++ }
+ }
+
+ free(m->scope_job);
+ m->scope_job = job;
+
+- return r;
++ return 0;
+ }
+
+ int machine_stop(Machine *m) {
+@@ -415,6 +442,8 @@ int machine_kill(Machine *m, KillWho who, int signo) {
+
+ if (kill(m->leader, signo) < 0)
+ return -errno;
++
++ return 0;
+ }
+
+ /* Otherwise make PID 1 do it for us, for the entire cgroup */
+diff --git a/src/machine/machine.h b/src/machine/machine.h
+index f4aefc5..de3536d 100644
+--- a/src/machine/machine.h
++++ b/src/machine/machine.h
+@@ -72,6 +72,7 @@ struct Machine {
+
+ bool in_gc_queue:1;
+ bool started:1;
++ bool registered:1;
+
+ sd_bus_message *create_message;
+
+diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
+index 9473105..154a335 100644
+--- a/src/machine/machined-dbus.c
++++ b/src/machine/machined-dbus.c
+@@ -241,6 +241,7 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m
+ m->leader = leader;
+ m->class = c;
+ m->id = id;
++ m->registered = true;
+
+ if (!isempty(service)) {
+ m->service = strdup(service);
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 9a9ed9d..9e46e18 100644
+index 9a9ed9d..c3e6d23 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
-@@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) {
+@@ -769,6 +769,15 @@ static int setup_resolv_conf(const char *dest) {
+ return 0;
+ }
+
++static char* id128_format_as_uuid(sd_id128_t id, char s[37]) {
++
++ snprintf(s, 37,
++ "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
++ SD_ID128_FORMAT_VAL(id));
++
++ return s;
++}
++
+ static int setup_boot_id(const char *dest) {
+ _cleanup_free_ char *from = NULL, *to = NULL;
+ sd_id128_t rnd = {};
+@@ -794,10 +803,7 @@ static int setup_boot_id(const char *dest) {
+ return r;
+ }
+
+- snprintf(as_uuid, sizeof(as_uuid),
+- "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+- SD_ID128_FORMAT_VAL(rnd));
+- char_array_0(as_uuid);
++ id128_format_as_uuid(rnd, as_uuid);
+
+ r = write_string_file(from, as_uuid);
+ if (r < 0) {
+@@ -2378,7 +2384,7 @@ static int change_uid_gid(char **_home) {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_close_ int fd = -1;
+ unsigned n_uids = 0;
+- size_t sz, l;
++ size_t sz = 0, l;
+ uid_t uid;
+ gid_t gid;
+ pid_t pid;
+@@ -2667,6 +2673,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
} else {
@@ -143,7 +1592,7 @@ index 9a9ed9d..9e46e18 100644
const char *p;
p = strappenda(arg_directory,
-@@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) {
+@@ -2676,6 +2683,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
@@ -151,6 +1600,46 @@ index 9a9ed9d..9e46e18 100644
}
} else {
char template[] = "/tmp/nspawn-root-XXXXXX";
+@@ -2748,8 +2756,6 @@ int main(int argc, char *argv[]) {
+ goto finish;
+ }
+
+- sd_notify(0, "READY=1");
+-
+ assert_se(sigemptyset(&mask) == 0);
+ sigset_add_many(&mask, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1);
+ assert_se(sigprocmask(SIG_BLOCK, &mask, NULL) == 0);
+@@ -2966,7 +2972,9 @@ int main(int argc, char *argv[]) {
+ }
+
+ if (!sd_id128_equal(arg_uuid, SD_ID128_NULL)) {
+- if (asprintf((char**)(envp + n_env++), "container_uuid=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(arg_uuid)) < 0) {
++ char as_uuid[37];
++
++ if (asprintf((char**)(envp + n_env++), "container_uuid=%s", id128_format_as_uuid(arg_uuid, as_uuid)) < 0) {
+ log_oom();
+ goto child_fail;
+ }
+@@ -3086,6 +3094,8 @@ int main(int argc, char *argv[]) {
+ if (r < 0)
+ goto finish;
+
++ sd_notify(0, "READY=1");
++
+ /* Notify the child that the parent is ready with all
+ * its setup, and thtat the child can now hand over
+ * control to the code to run inside the container. */
+@@ -3136,6 +3146,10 @@ int main(int argc, char *argv[]) {
+
+ if (!arg_quiet)
+ log_info("Container %s is being rebooted.", arg_machine);
++ if (getenv("EXIT_ON_REBOOT") != 0) {
++ r = 10;
++ break;
++ }
+ continue;
+ } else if (status.si_code == CLD_KILLED ||
+ status.si_code == CLD_DUMPED) {
diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
index d61ecdf..228a3a4 100644
--- a/src/nss-myhostname/netlink.c
@@ -166,6 +1655,88 @@ index d61ecdf..228a3a4 100644
if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
continue;
+diff --git a/src/python-systemd/_reader.c b/src/python-systemd/_reader.c
+index 059b904..9a19a10 100644
+--- a/src/python-systemd/_reader.c
++++ b/src/python-systemd/_reader.c
+@@ -902,7 +902,6 @@ static PyObject* get_catalog(PyObject *self, PyObject *args) {
+ sd_id128_t id;
+ _cleanup_free_ char *msg = NULL;
+
+- assert(!self);
+ assert(args);
+
+ if (!PyArg_ParseTuple(args, "z:get_catalog", &id_))
+diff --git a/src/python-systemd/journal.py b/src/python-systemd/journal.py
+index 9c7e004..dd1f229 100644
+--- a/src/python-systemd/journal.py
++++ b/src/python-systemd/journal.py
+@@ -293,7 +293,7 @@ class Reader(_Reader):
+ monotonic = monotonic.totalseconds()
+ monotonic = int(monotonic * 1000000)
+ if isinstance(bootid, _uuid.UUID):
+- bootid = bootid.get_hex()
++ bootid = bootid.hex
+ return super(Reader, self).seek_monotonic(monotonic, bootid)
+
+ def log_level(self, level):
+@@ -314,7 +314,7 @@ class Reader(_Reader):
+ Equivalent to add_match(MESSAGE_ID=`messageid`).
+ """
+ if isinstance(messageid, _uuid.UUID):
+- messageid = messageid.get_hex()
++ messageid = messageid.hex
+ self.add_match(MESSAGE_ID=messageid)
+
+ def this_boot(self, bootid=None):
+@@ -346,7 +346,7 @@ class Reader(_Reader):
+
+ def get_catalog(mid):
+ if isinstance(mid, _uuid.UUID):
+- mid = mid.get_hex()
++ mid = mid.hex
+ return _get_catalog(mid)
+
+ def _make_line(field, value):
+diff --git a/src/readahead/readahead-common.c b/src/readahead/readahead-common.c
+index 5ffa88b..49679fc 100644
+--- a/src/readahead/readahead-common.c
++++ b/src/readahead/readahead-common.c
+@@ -75,7 +75,7 @@ int fs_on_ssd(const char *p) {
+ if (major(st.st_dev) == 0) {
+ _cleanup_fclose_ FILE *f = NULL;
+ int mount_id;
+- struct file_handle *h;
++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ, };
+
+ /* Might be btrfs, which exposes "ssd" as mount flag if it is on ssd.
+ *
+@@ -83,9 +83,7 @@ int fs_on_ssd(const char *p) {
+ * and then lookup the mount ID in mountinfo to find
+ * the mount options. */
+
+- h = alloca(MAX_HANDLE_SZ);
+- h->handle_bytes = MAX_HANDLE_SZ;
+- r = name_to_handle_at(AT_FDCWD, p, h, &mount_id, AT_SYMLINK_FOLLOW);
++ r = name_to_handle_at(AT_FDCWD, p, &h.handle, &mount_id, AT_SYMLINK_FOLLOW);
+ if (r < 0)
+ return false;
+
+diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
+index d27b1b7..905a2e1 100644
+--- a/src/shared/conf-parser.c
++++ b/src/shared/conf-parser.c
+@@ -336,8 +336,8 @@ int config_parse(const char *unit,
+ if (!f) {
+ f = ours = fopen(filename, "re");
+ if (!f) {
+- log_error("Failed to open configuration file '%s': %m", filename);
+- return -errno;
++ log_full(errno == ENOENT ? LOG_DEBUG : LOG_ERR, "Failed to open configuration file '%s': %m", filename);
++ return errno == ENOENT ? 0 : -errno;
+ }
+ }
+
diff --git a/src/shared/generator.c b/src/shared/generator.c
index 6110303..e679cb1 100644
--- a/src/shared/generator.c
@@ -179,10 +1750,359 @@ index 6110303..e679cb1 100644
r = access(checker, X_OK);
if (r < 0) {
log_warning("Checking was requested for %s, but %s cannot be used: %m", what, checker);
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 7409046..4517c9c 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -560,7 +560,7 @@ int unit_file_mask(
+ unsigned *n_changes) {
+
+ char **i;
+- _cleanup_free_ char *prefix;
++ _cleanup_free_ char *prefix = NULL;
+ int r;
+
+ assert(scope >= 0);
+diff --git a/src/shared/log.c b/src/shared/log.c
+index a4b3b68..890a9fa 100644
+--- a/src/shared/log.c
++++ b/src/shared/log.c
+@@ -878,6 +878,9 @@ void log_parse_environment(void) {
+ if (l == 5 && startswith(w, "debug")) {
+ log_set_max_level(LOG_DEBUG);
+ break;
++ } else if (l == 5 && startswith(w, "quiet")) {
++ log_set_max_level(LOG_WARNING);
++ break;
+ }
+ }
+ }
+diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
+index 9d14933..b0b66f6 100644
+--- a/src/shared/logs-show.c
++++ b/src/shared/logs-show.c
+@@ -547,7 +547,9 @@ static int output_export(
+ startswith(data, "_BOOT_ID="))
+ continue;
+
+- if (!utf8_is_printable(data, length)) {
++ if (utf8_is_printable_newline(data, length, false))
++ fwrite(data, length, 1, f);
++ else {
+ const char *c;
+ uint64_t le64;
+
+@@ -562,8 +564,7 @@ static int output_export(
+ le64 = htole64(length - (c - (const char*) data) - 1);
+ fwrite(&le64, sizeof(le64), 1, f);
+ fwrite(c + 1, length - (c - (const char*) data) - 1, 1, f);
+- } else
+- fwrite(data, length, 1, f);
++ }
+
+ fputc('\n', f);
+ }
+diff --git a/src/shared/unit-name.c b/src/shared/unit-name.c
+index 6c167b4..d0e71f2 100644
+--- a/src/shared/unit-name.c
++++ b/src/shared/unit-name.c
+@@ -332,7 +332,7 @@ char *unit_name_path_unescape(const char *f) {
+ }
+
+ bool unit_name_is_template(const char *n) {
+- const char *p;
++ const char *p, *e;
+
+ assert(n);
+
+@@ -340,11 +340,15 @@ bool unit_name_is_template(const char *n) {
+ if (!p)
+ return false;
+
+- return p[1] == '.';
++ e = strrchr(p+1, '.');
++ if (!e)
++ return false;
++
++ return e == p + 1;
+ }
+
+ bool unit_name_is_instance(const char *n) {
+- const char *p;
++ const char *p, *e;
+
+ assert(n);
+
+@@ -352,7 +356,11 @@ bool unit_name_is_instance(const char *n) {
+ if (!p)
+ return false;
+
+- return p[1] != '.';
++ e = strrchr(p+1, '.');
++ if (!e)
++ return false;
++
++ return e > p + 1;
+ }
+
+ char *unit_name_replace_instance(const char *f, const char *i) {
+diff --git a/src/shared/utf8.c b/src/shared/utf8.c
+index 0b524d8..c559c13 100644
+--- a/src/shared/utf8.c
++++ b/src/shared/utf8.c
+@@ -136,7 +136,7 @@ int utf8_encoded_to_unichar(const char *str) {
+ return unichar;
+ }
+
+-bool utf8_is_printable(const char* str, size_t length) {
++bool utf8_is_printable_newline(const char* str, size_t length, bool newline) {
+ const uint8_t *p;
+
+ assert(str);
+@@ -145,7 +145,8 @@ bool utf8_is_printable(const char* str, size_t length) {
+ int encoded_len = utf8_encoded_valid_unichar((const char *)p);
+ int val = utf8_encoded_to_unichar((const char*)p);
+
+- if (encoded_len < 0 || val < 0 || is_unicode_control(val))
++ if (encoded_len < 0 || val < 0 || is_unicode_control(val) ||
++ (!newline && val == '\n'))
+ return false;
+
+ length -= encoded_len;
+diff --git a/src/shared/utf8.h b/src/shared/utf8.h
+index c0eb73a..c087995 100644
+--- a/src/shared/utf8.h
++++ b/src/shared/utf8.h
+@@ -31,7 +31,10 @@ const char *utf8_is_valid(const char *s) _pure_;
+ char *ascii_is_valid(const char *s) _pure_;
+ char *utf8_escape_invalid(const char *s);
+
+-bool utf8_is_printable(const char* str, size_t length) _pure_;
++bool utf8_is_printable_newline(const char* str, size_t length, bool newline) _pure_;
++_pure_ static inline bool utf8_is_printable(const char* str, size_t length) {
++ return utf8_is_printable_newline(str, length, true);
++}
+
+ char *utf16_to_utf8(const void *s, size_t length);
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index ffe6624..2a2b2b2 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -166,19 +166,19 @@ int close_nointr(int fd) {
+
+ assert(fd >= 0);
+ r = close(fd);
+-
+- /* Just ignore EINTR; a retry loop is the wrong
+- * thing to do on Linux.
+- *
+- * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html
+- * https://bugzilla.gnome.org/show_bug.cgi?id=682819
+- * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR
+- * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain
+- */
+- if (_unlikely_(r < 0 && errno == EINTR))
+- return 0;
+- else if (r >= 0)
++ if (r >= 0)
+ return r;
++ else if (errno == EINTR)
++ /*
++ * Just ignore EINTR; a retry loop is the wrong
++ * thing to do on Linux.
++ *
++ * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html
++ * https://bugzilla.gnome.org/show_bug.cgi?id=682819
++ * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR
++ * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain
++ */
++ return 0;
+ else
+ return -errno;
+ }
+@@ -195,7 +195,13 @@ int safe_close(int fd) {
+
+ if (fd >= 0) {
+ PROTECT_ERRNO;
+- assert_se(close_nointr(fd) == 0);
++
++ /* The kernel might return pretty much any error code
++ * via close(), but the fd will be closed anyway. The
++ * only condition we want to check for here is whether
++ * the fd was invalid at all... */
++
++ assert_se(close_nointr(fd) != -EBADF);
+ }
+
+ return -1;
+@@ -1365,7 +1371,7 @@ bool ignore_file(const char *filename) {
+ assert(filename);
+
+ if (endswith(filename, "~"))
+- return false;
++ return true;
+
+ return ignore_file_allow_backup(filename);
+ }
+@@ -1495,6 +1501,7 @@ bool fstype_is_network(const char *fstype) {
+ static const char table[] =
+ "cifs\0"
+ "smbfs\0"
++ "sshfs\0"
+ "ncpfs\0"
+ "ncp\0"
+ "nfs\0"
+@@ -1581,8 +1588,9 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
+ if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0)
+ return -ETIMEDOUT;
+
++ errno = 0;
+ if (!fgets(line, sizeof(line), f))
+- return -EIO;
++ return errno ? -errno : -EIO;
+
+ truncate_nl(line);
+
+@@ -5327,6 +5335,9 @@ bool string_is_safe(const char *p) {
+ if (*t > 0 && *t < ' ')
+ return false;
+
++ if (*t == 127)
++ return false;
++
+ if (strchr("\\\"\'", *t))
+ return false;
+ }
+@@ -5343,10 +5354,14 @@ bool string_has_cc(const char *p) {
+
+ assert(p);
+
+- for (t = p; *t; t++)
++ for (t = p; *t; t++) {
+ if (*t > 0 && *t < ' ' && *t != '\t')
+ return true;
+
++ if (*t == 127)
++ return true;
++ }
++
+ return false;
+ }
+
+@@ -6391,3 +6406,19 @@ void hexdump(FILE *f, const void *p, size_t s) {
+ s -= 16;
+ }
+ }
++
++int update_reboot_param_file(const char *param)
++{
++ int r = 0;
++
++ if (param) {
++
++ r = write_string_file(REBOOT_PARAM_FILE, param);
++ if (r < 0)
++ log_error("Failed to write reboot param to "
++ REBOOT_PARAM_FILE": %s", strerror(-r));
++ } else
++ unlink(REBOOT_PARAM_FILE);
++
++ return r;
++}
+diff --git a/src/shared/util.h b/src/shared/util.h
+index 90464c9..122ac91 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -22,6 +22,7 @@
+ ***/
+
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -922,3 +923,10 @@ uint64_t physical_memory(void);
+ char* mount_test_option(const char *haystack, const char *needle);
+
+ void hexdump(FILE *f, const void *p, size_t s);
++
++union file_handle_union {
++ struct file_handle handle;
++ char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ];
++};
++
++int update_reboot_param_file(const char *param);
+diff --git a/src/shared/virt.c b/src/shared/virt.c
+index ec2ddcf..f03e790 100644
+--- a/src/shared/virt.c
++++ b/src/shared/virt.c
+@@ -149,7 +149,7 @@ static int detect_vm_dmi(const char **_id) {
+
+ /* Returns a short identifier for the various VM implementations */
+ int detect_vm(const char **id) {
+- _cleanup_free_ char *hvtype = NULL, *cpuinfo_contents = NULL;
++ _cleanup_free_ char *domcap = NULL, *cpuinfo_contents = NULL;
+ static thread_local int cached_found = -1;
+ static thread_local const char *cached_id = NULL;
+ const char *_id = NULL;
+@@ -163,17 +163,37 @@ int detect_vm(const char **id) {
+ return cached_found;
+ }
+
+- /* Try high-level hypervisor sysfs file first:
++ /* Try xen capabilities file first, if not found try high-level hypervisor sysfs file:
+ *
+- * https://bugs.freedesktop.org/show_bug.cgi?id=61491 */
+- r = read_one_line_file("/sys/hypervisor/type", &hvtype);
++ * https://bugs.freedesktop.org/show_bug.cgi?id=77271 */
++ r = read_one_line_file("/proc/xen/capabilities", &domcap);
+ if (r >= 0) {
+- if (streq(hvtype, "xen")) {
++ char *cap, *i = domcap;
++
++ while ((cap = strsep(&i, ",")))
++ if (streq(cap, "control_d"))
++ break;
++
++ if (!i) {
+ _id = "xen";
+ r = 1;
+- goto finish;
+ }
+- } else if (r != -ENOENT)
++
++ goto finish;
++
++ } else if (r == -ENOENT) {
++ _cleanup_free_ char *hvtype = NULL;
++
++ r = read_one_line_file("/sys/hypervisor/type", &hvtype);
++ if (r >= 0) {
++ if (streq(hvtype, "xen")) {
++ _id = "xen";
++ r = 1;
++ goto finish;
++ }
++ } else if (r != -ENOENT)
++ return r;
++ } else
+ return r;
+
+ /* this will set _id to "other" and return 0 for unknown hypervisors */
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
-index 0887bc3..6b502ce 100644
+index 0887bc3..d02ee2b 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
+@@ -461,7 +461,7 @@ static int output_units_list(const UnitInfo *unit_infos, unsigned c) {
+ }
+
+ if (circle_len > 0)
+- printf("%s%s%s", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle);
++ printf("%s%s%s ", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle);
+
+ printf("%s%-*s%s %s%-*s%s %s%-*s %-*s%s %-*s",
+ on_active, id_len, id, off_active,
@@ -2561,7 +2561,7 @@ static int start_unit_one(
log_debug("Adding %s to the set", p);
@@ -192,6 +2112,523 @@ index 0887bc3..6b502ce 100644
return log_oom();
}
+@@ -4240,7 +4240,7 @@ static int show_all(
+ _cleanup_free_ UnitInfo *unit_infos = NULL;
+ const UnitInfo *u;
+ unsigned c;
+- int r;
++ int r, ret = 0;
+
+ r = get_unit_list(bus, NULL, NULL, &unit_infos, 0, &reply);
+ if (r < 0)
+@@ -4262,9 +4262,11 @@ static int show_all(
+ r = show_one(verb, bus, p, show_properties, new_line, ellipsized);
+ if (r < 0)
+ return r;
++ else if (r > 0 && ret == 0)
++ ret = r;
+ }
+
+- return 0;
++ return ret;
+ }
+
+ static int show_system_status(sd_bus *bus) {
+@@ -4386,7 +4388,12 @@ static int show(sd_bus *bus, char **args) {
+ }
+ }
+
+- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized);
++ r = show_one(args[0], bus, unit, show_properties,
++ &new_line, &ellipsized);
++ if (r < 0)
++ return r;
++ else if (r > 0 && ret == 0)
++ ret = r;
+ }
+
+ if (!strv_isempty(patterns)) {
+@@ -4403,7 +4410,12 @@ static int show(sd_bus *bus, char **args) {
+ if (!unit)
+ return log_oom();
+
+- show_one(args[0], bus, unit, show_properties, &new_line, &ellipsized);
++ r = show_one(args[0], bus, unit, show_properties,
++ &new_line, &ellipsized);
++ if (r < 0)
++ return r;
++ else if (r > 0 && ret == 0)
++ ret = r;
+ }
+ }
+ }
+@@ -5403,15 +5415,15 @@ static int systemctl_help(void) {
+ " otherwise restart if active\n"
+ " isolate NAME Start one unit and stop all others\n"
+ " kill NAME... Send signal to processes of a unit\n"
+- " is-active NAME... Check whether units are active\n"
+- " is-failed NAME... Check whether units are failed\n"
+- " status [NAME...|PID...] Show runtime status of one or more units\n"
+- " show [NAME...|JOB...] Show properties of one or more\n"
++ " is-active PATTERN... Check whether units are active\n"
++ " is-failed PATTERN... Check whether units are failed\n"
++ " status [PATTERN...|PID...] Show runtime status of one or more units\n"
++ " show [PATTERN...|JOB...] Show properties of one or more\n"
+ " units/jobs or the manager\n"
+- " cat NAME... Show files and drop-ins of one or more units\n"
++ " cat PATTERN... Show files and drop-ins of one or more units\n"
+ " set-property NAME ASSIGNMENT... Sets one or more properties of a unit\n"
+- " help NAME...|PID... Show manual for one or more units\n"
+- " reset-failed [NAME...] Reset failed state for all, one, or more\n"
++ " help PATTERN...|PID... Show manual for one or more units\n"
++ " reset-failed [PATTERN...] Reset failed state for all, one, or more\n"
+ " units\n"
+ " list-dependencies [NAME] Recursively show units which are required\n"
+ " or wanted by this unit or by which this\n"
+@@ -5973,13 +5985,10 @@ static int halt_parse_argv(int argc, char *argv[]) {
+ }
+ }
+
+- if (arg_action == ACTION_REBOOT && argc == optind + 1) {
+- r = write_string_file(REBOOT_PARAM_FILE, argv[optind]);
+- if (r < 0) {
+- log_error("Failed to write reboot param to "
+- REBOOT_PARAM_FILE": %s", strerror(-r));
++ if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) {
++ r = update_reboot_param_file(argc == optind + 1 ? argv[optind] : NULL);
++ if (r < 0)
+ return r;
+- }
+ } else if (optind < argc) {
+ log_error("Too many arguments.");
+ return -EINVAL;
+diff --git a/src/test/test-udev.c b/src/test/test-udev.c
+index b064744..b057cc8 100644
+--- a/src/test/test-udev.c
++++ b/src/test/test-udev.c
+@@ -155,9 +155,8 @@ int main(int argc, char *argv[]) {
+ }
+ }
+
+- err = udev_event_execute_rules(event, rules, &sigmask_orig);
+- if (err == 0)
+- udev_event_execute_run(event, NULL);
++ udev_event_execute_rules(event, rules, &sigmask_orig);
++ udev_event_execute_run(event, NULL);
+ out:
+ if (event != NULL && event->fd_signal >= 0)
+ close(event->fd_signal);
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 33e7cbc..04b472d 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -217,19 +217,16 @@ static bool unix_socket_alive(const char *fn) {
+ }
+
+ static int dir_is_mount_point(DIR *d, const char *subdir) {
+- struct file_handle *h;
++ union file_handle_union h = { .handle.handle_bytes = MAX_HANDLE_SZ };
+ int mount_id_parent, mount_id;
+ int r_p, r;
+
+- h = alloca(MAX_HANDLE_SZ);
+-
+- h->handle_bytes = MAX_HANDLE_SZ;
+- r_p = name_to_handle_at(dirfd(d), ".", h, &mount_id_parent, 0);
++ r_p = name_to_handle_at(dirfd(d), ".", &h.handle, &mount_id_parent, 0);
+ if (r_p < 0)
+ r_p = -errno;
+
+- h->handle_bytes = MAX_HANDLE_SZ;
+- r = name_to_handle_at(dirfd(d), subdir, h, &mount_id, 0);
++ h.handle.handle_bytes = MAX_HANDLE_SZ;
++ r = name_to_handle_at(dirfd(d), subdir, &h.handle, &mount_id, 0);
+ if (r < 0)
+ r = -errno;
+
+diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
+index 1d067af..3203474 100644
+--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
++++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
+@@ -432,7 +432,7 @@ static int wall_tty_block(void) {
+
+ r = get_ctty_devnr(0, &devnr);
+ if (r < 0)
+- return -r;
++ return r;
+
+ if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0)
+ return -ENOMEM;
+diff --git a/src/udev/accelerometer/accelerometer.c b/src/udev/accelerometer/accelerometer.c
+index 925d38d..32adf27 100644
+--- a/src/udev/accelerometer/accelerometer.c
++++ b/src/udev/accelerometer/accelerometer.c
+@@ -180,7 +180,7 @@ get_prev_orientation(struct udev_device *dev)
+ return string_to_orientation(value);
+ }
+
+-#define SET_AXIS(axis, code_) if (ev[i].code == code_) { if (got_##axis == 0) { axis = ev[i].value; got_##axis = true; } }
++#define READ_AXIS(axis, var) { memzero(&abs_info, sizeof(abs_info)); r = ioctl(fd, EVIOCGABS(axis), &abs_info); if (r < 0) return; var = abs_info.value; }
+
+ /* accelerometers */
+ static void test_orientation(struct udev *udev,
+@@ -189,10 +189,9 @@ static void test_orientation(struct udev *udev,
+ {
+ OrientationUp old, new;
+ _cleanup_close_ int fd = -1;
+- struct input_event ev[64];
+- bool got_syn = false;
+- bool got_x = false, got_y = false, got_z = false;
++ struct input_absinfo abs_info;
+ int x = 0, y = 0, z = 0;
++ int r;
+ char text[64];
+
+ old = get_prev_orientation(dev);
+@@ -201,30 +200,10 @@ static void test_orientation(struct udev *udev,
+ if (fd < 0)
+ return;
+
+- while (1) {
+- int i, r;
+-
+- r = read(fd, ev, sizeof(struct input_event) * 64);
+-
+- if (r < (int) sizeof(struct input_event))
+- return;
+-
+- for (i = 0; i < r / (int) sizeof(struct input_event); i++) {
+- if (got_syn) {
+- if (ev[i].type == EV_ABS) {
+- SET_AXIS(x, ABS_X);
+- SET_AXIS(y, ABS_Y);
+- SET_AXIS(z, ABS_Z);
+- }
+- }
+- if (ev[i].type == EV_SYN && ev[i].code == SYN_REPORT)
+- got_syn = true;
+- if (got_x && got_y && got_z)
+- goto read_dev;
+- }
+- }
++ READ_AXIS(ABS_X, x);
++ READ_AXIS(ABS_Y, y);
++ READ_AXIS(ABS_Z, z);
+
+-read_dev:
+ new = orientation_calc(old, x, y, z);
+ snprintf(text, sizeof(text),
+ "ID_INPUT_ACCELEROMETER_ORIENTATION=%s", orientation_to_string(new));
+diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
+index 5bb6b02..b31ad80 100644
+--- a/src/udev/net/link-config.c
++++ b/src/udev/net/link-config.c
+@@ -184,7 +184,7 @@ failure:
+ }
+
+ static bool enable_name_policy(void) {
+- _cleanup_free_ char *line;
++ _cleanup_free_ char *line = NULL;
+ char *w, *state;
+ int r;
+ size_t l;
+@@ -391,7 +391,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev
+ case MACPOLICY_PERSISTENT:
+ if (!mac_is_permanent(device)) {
+ r = get_mac(device, false, &generated_mac);
+- if (r < 0)
++ if (r == -ENOENT)
++ break;
++ else if (r < 0)
+ return r;
+ mac = &generated_mac;
+ }
+@@ -399,7 +401,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, struct udev_dev
+ case MACPOLICY_RANDOM:
+ if (!mac_is_random(device)) {
+ r = get_mac(device, true, &generated_mac);
+- if (r < 0)
++ if (r == -ENOENT)
++ break;
++ else if (r < 0)
+ return r;
+ mac = &generated_mac;
+ }
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index 5998be2..5213a4a 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -771,18 +771,17 @@ static int rename_netif(struct udev_event *event)
+ log_error("error changing net interface name %s to %s: %s",
+ oldname, name, strerror(-r));
+ else
+- print_kmsg("renamed network interface %s to %s", oldname, name);
++ print_kmsg("renamed network interface %s to %s\n", oldname, name);
+
+ return r;
+ }
+
+-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask)
++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigmask)
+ {
+ struct udev_device *dev = event->dev;
+- int err = 0;
+
+ if (udev_device_get_subsystem(dev) == NULL)
+- return -1;
++ return;
+
+ if (streq(udev_device_get_action(dev), "remove")) {
+ udev_device_read_db(dev, NULL);
+@@ -816,9 +815,10 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules,
+ event->name != NULL && !streq(event->name, udev_device_get_sysname(dev))) {
+ char syspath[UTIL_PATH_SIZE];
+ char *pos;
++ int r;
+
+- err = rename_netif(event);
+- if (err == 0) {
++ r = rename_netif(event);
++ if (r >= 0) {
+ log_debug("renamed netif to '%s'", event->name);
+
+ /* remember old name */
+@@ -881,7 +881,6 @@ int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules,
+ udev_device_unref(event->dev_db);
+ event->dev_db = NULL;
+ }
+- return err;
+ }
+
+ void udev_event_execute_run(struct udev_event *event, const sigset_t *sigmask)
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 2630264..17f47f2 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -2555,10 +2555,15 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules)
+ struct stat stats;
+
+ /* we assure, that the permissions tokens are sorted before the static token */
++
+ if (mode == 0 && uid == 0 && gid == 0 && tags == NULL)
+ goto next;
+
+ strscpyl(device_node, sizeof(device_node), "/dev/", rules_str(rules, cur->key.value_off), NULL);
++ if (stat(device_node, &stats) != 0)
++ break;
++ if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode))
++ break;
+
+ /* export the tags to a directory as symlinks, allowing otherwise dead nodes to be tagged */
+ if (tags) {
+@@ -2588,11 +2593,6 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules)
+ if (mode == 0 && uid == 0 && gid == 0)
+ break;
+
+- if (stat(device_node, &stats) != 0)
+- break;
+- if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode))
+- break;
+-
+ if (mode == 0) {
+ if (gid > 0)
+ mode = 0660;
+diff --git a/src/udev/udev.h b/src/udev/udev.h
+index 936adfb..62538bc 100644
+--- a/src/udev/udev.h
++++ b/src/udev/udev.h
+@@ -84,7 +84,7 @@ int udev_event_apply_subsys_kernel(struct udev_event *event, const char *string,
+ int udev_event_spawn(struct udev_event *event,
+ const char *cmd, char **envp, const sigset_t *sigmask,
+ char *result, size_t ressize);
+-int udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset);
++void udev_event_execute_rules(struct udev_event *event, struct udev_rules *rules, const sigset_t *sigset);
+ void udev_event_execute_run(struct udev_event *event, const sigset_t *sigset);
+ int udev_build_argv(struct udev *udev, char *cmd, int *argc, char *argv[]);
+
+diff --git a/src/udev/udevadm-test.c b/src/udev/udevadm-test.c
+index 6cd311b..6a2f548 100644
+--- a/src/udev/udevadm-test.c
++++ b/src/udev/udevadm-test.c
+@@ -43,7 +43,6 @@ static int adm_test(struct udev *udev, int argc, char *argv[])
+ _cleanup_udev_device_unref_ struct udev_device *dev = NULL;
+ _cleanup_udev_event_unref_ struct udev_event *event = NULL;
+ sigset_t mask, sigmask_orig;
+- int err;
+ int rc = 0, c;
+
+ static const struct option options[] = {
+@@ -139,18 +138,16 @@ static int adm_test(struct udev *udev, int argc, char *argv[])
+ goto out;
+ }
+
+- err = udev_event_execute_rules(event, rules, &sigmask_orig);
++ udev_event_execute_rules(event, rules, &sigmask_orig);
+
+ udev_list_entry_foreach(entry, udev_device_get_properties_list_entry(dev))
+ printf("%s=%s\n", udev_list_entry_get_name(entry), udev_list_entry_get_value(entry));
+
+- if (err == 0) {
+- udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) {
+- char program[UTIL_PATH_SIZE];
++ udev_list_entry_foreach(entry, udev_list_get_entry(&event->run_list)) {
++ char program[UTIL_PATH_SIZE];
+
+- udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program));
+- printf("run: '%s'\n", program);
+- }
++ udev_event_apply_format(event, udev_list_entry_get_name(entry), program, sizeof(program));
++ printf("run: '%s'\n", program);
+ }
+ out:
+ if (event != NULL && event->fd_signal >= 0)
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index f21c227..93afca1 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -288,10 +288,9 @@ static void worker_new(struct event *event)
+ udev_event->exec_delay = exec_delay;
+
+ /* apply rules, create node, symlinks */
+- err = udev_event_execute_rules(udev_event, rules, &sigmask_orig);
++ udev_event_execute_rules(udev_event, rules, &sigmask_orig);
+
+- if (err == 0)
+- udev_event_execute_run(udev_event, &sigmask_orig);
++ udev_event_execute_run(udev_event, &sigmask_orig);
+
+ /* apply/restore inotify watch */
+ if (err == 0 && udev_event->inotify_watch) {
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index 0f2b706..645b1e6 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -180,6 +180,10 @@ static int font_load(const char *vc, const char *font, const char *map, const ch
+ */
+ static void font_copy_to_all_vcs(int fd) {
+ struct vt_stat vcs = {};
++ unsigned char map8[E_TABSZ];
++ unsigned short map16[E_TABSZ];
++ struct unimapdesc unimapd;
++ struct unipair unipairs[USHRT_MAX];
+ int i, r;
+
+ /* get active, and 16 bit mask of used VT numbers */
+@@ -209,17 +213,35 @@ static void font_copy_to_all_vcs(int fd) {
+ cfo.op = KD_FONT_OP_COPY;
+ cfo.height = vcs.v_active-1; /* tty1 == index 0 */
+ ioctl(vcfd, KDFONTOP, &cfo);
++
++ /* copy map of 8bit chars */
++ if (ioctl(fd, GIO_SCRNMAP, map8) >= 0)
++ ioctl(vcfd, PIO_SCRNMAP, map8);
++
++ /* copy map of 8bit chars -> 16bit Unicode values */
++ if (ioctl(fd, GIO_UNISCRNMAP, map16) >= 0)
++ ioctl(vcfd, PIO_UNISCRNMAP, map16);
++
++ /* copy unicode translation table */
++ /* unimapd is a ushort count and a pointer to an
++ array of struct unipair { ushort, ushort } */
++ unimapd.entries = unipairs;
++ unimapd.entry_ct = USHRT_MAX;
++ if (ioctl(fd, GIO_UNIMAP, &unimapd) >= 0) {
++ struct unimapinit adv = { 0, 0, 0 };
++
++ ioctl(vcfd, PIO_UNIMAPCLR, &adv);
++ ioctl(vcfd, PIO_UNIMAP, &unimapd);
++ }
+ }
+ }
+
+ int main(int argc, char **argv) {
+ const char *vc;
+- char *vc_keymap = NULL;
+- char *vc_keymap_toggle = NULL;
+- char *vc_font = NULL;
+- char *vc_font_map = NULL;
+- char *vc_font_unimap = NULL;
+- int fd = -1;
++ _cleanup_free_ char
++ *vc_keymap = NULL, *vc_keymap_toggle = NULL,
++ *vc_font = NULL, *vc_font_map = NULL, *vc_font_unimap = NULL;
++ _cleanup_close_ int fd = -1;
+ bool utf8;
+ pid_t font_pid = 0, keymap_pid = 0;
+ bool font_copy = false;
+@@ -241,12 +263,12 @@ int main(int argc, char **argv) {
+ fd = open_terminal(vc, O_RDWR|O_CLOEXEC);
+ if (fd < 0) {
+ log_error("Failed to open %s: %m", vc);
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ if (!is_vconsole(fd)) {
+ log_error("Device %s is not a virtual console.", vc);
+- goto finish;
++ return EXIT_FAILURE;
+ }
+
+ utf8 = is_locale_utf8();
+@@ -281,27 +303,27 @@ int main(int argc, char **argv) {
+ else
+ disable_utf8(fd);
+
+- r = EXIT_FAILURE;
+- if (keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid) >= 0 &&
+- font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0)
+- r = EXIT_SUCCESS;
+-
+-finish:
+- if (keymap_pid > 0)
+- wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
++ r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid);
++ if (r < 0) {
++ log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r));
++ return EXIT_FAILURE;
++ }
+
+- if (font_pid > 0) {
++ if (font_pid > 0)
+ wait_for_terminate_and_warn(KBD_SETFONT, font_pid);
+- if (font_copy)
+- font_copy_to_all_vcs(fd);
++
++ r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid);
++ if (r < 0) {
++ log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r));
++ return EXIT_FAILURE;
+ }
+
+- free(vc_keymap);
+- free(vc_font);
+- free(vc_font_map);
+- free(vc_font_unimap);
++ if (keymap_pid > 0)
++ wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
+
+- safe_close(fd);
++ /* Only copy the font when we started setfont successfully */
++ if (font_copy && font_pid > 0)
++ font_copy_to_all_vcs(fd);
+
+- return r;
++ return EXIT_SUCCESS;
+ }
+diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
+index 7c6d6b9..c470045 100644
+--- a/tmpfiles.d/systemd.conf
++++ b/tmpfiles.d/systemd.conf
+@@ -23,6 +23,6 @@ d /run/systemd/machines 0755 root root -
+ d /run/systemd/shutdown 0755 root root -
+
+ m /var/log/journal 2755 root systemd-journal - -
+-m /var/log/journal/%m 2755 root systemd-journal - -
++Z /var/log/journal/%m 2755 root systemd-journal - -
+ m /run/log/journal 2755 root systemd-journal - -
+-m /run/log/journal/%m 2755 root systemd-journal - -
++Z /run/log/journal/%m 2755 root systemd-journal - -
diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in
index 8ac51a4..cae9fb5 100644
--- a/units/console-getty.service.m4.in
@@ -294,17 +2731,20 @@ index 552ef89..af3915f 100644
ExecStart=-/sbin/sulogin
ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
-index 4ac51e7..86a3b59 100644
+index 4ac51e7..96daa5c 100644
--- a/units/serial-getty@.service.m4
+++ b/units/serial-getty@.service.m4
-@@ -22,7 +22,6 @@ Before=getty.target
+@@ -22,10 +22,8 @@ Before=getty.target
IgnoreOnIsolate=yes
[Service]
-ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
Type=idle
Restart=always
- RestartSec=0
+-RestartSec=0
+ UtmpIdentifier=%I
+ TTYPath=/dev/%I
+ TTYReset=yes
diff --git a/units/sysinit.target b/units/sysinit.target
index 8f4fb8f..e0f0147 100644
--- a/units/sysinit.target
@@ -354,6 +2794,18 @@ index de93879..c9a49f3 100644
+# journald to stop logging (see
+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
+X-RestartIfChanged=no
+diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
+index ff36e90..e373628 100644
+--- a/units/systemd-nspawn@.service.in
++++ b/units/systemd-nspawn@.service.in
+@@ -11,6 +11,7 @@ Documentation=man:systemd-nspawn(1)
+
+ [Service]
+ ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i
++KillMode=mixed
+ Type=notify
+
+ [Install]
diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in
index 1879b2f..9b895b9 100644
--- a/units/systemd-random-seed.service.in
diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix
index c4dfa983f55f..5dd7c0fa75dd 100644
--- a/pkgs/servers/x11/xorg/default.nix
+++ b/pkgs/servers/x11/xorg/default.nix
@@ -915,11 +915,11 @@ let
}) // {inherit ;};
libxcb = (mkDerivation "libxcb" {
- name = "libxcb-1.10";
+ name = "libxcb-1.11";
builder = ./builder.sh;
src = fetchurl {
- url = http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2;
- sha256 = "1dfmyb1zjx6n0zhr4y40mc1crlmj3bfjjhmn0f30ip9nnq2spncq";
+ url = http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2;
+ sha256 = "1xqgc81krx14f2c8yl5chzg5g2l26mhm2rwffy8dx7jv0iq5sqq3";
};
buildInputs = [pkgconfig libxslt libpthreadstubs python libXau xcbproto libXdmcp ];
}) // {inherit libxslt libpthreadstubs python libXau xcbproto libXdmcp ;};
@@ -1175,11 +1175,11 @@ let
}) // {inherit ;};
xcbproto = (mkDerivation "xcbproto" {
- name = "xcb-proto-1.10";
+ name = "xcb-proto-1.11";
builder = ./builder.sh;
src = fetchurl {
- url = http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2;
- sha256 = "01dgp802i4ic9wkmpa7g1wm50pp547d3b96jjz2hnxavhpfhvx3y";
+ url = http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2;
+ sha256 = "0bp3f53l9fy5x3mn1rkj1g81aiyzl90wacwvqdgy831aa3kfxb5l";
};
buildInputs = [pkgconfig python ];
}) // {inherit python ;};
@@ -1405,11 +1405,11 @@ let
}) // {inherit inputproto xorgserver xproto ;};
xf86inputmouse = (mkDerivation "xf86inputmouse" {
- name = "xf86-input-mouse-1.9.0";
+ name = "xf86-input-mouse-1.9.1";
builder = ./builder.sh;
src = fetchurl {
- url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2;
- sha256 = "12344w0cxac1ld54qqwynxwazbmmpvqh1mzcskmfkmakmr5iwq2x";
+ url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2;
+ sha256 = "1kn5kx3qyn9qqvd6s24a2l1wfgck2pgfvzl90xpl024wfxsx719l";
};
buildInputs = [pkgconfig inputproto xorgserver xproto ];
}) // {inherit inputproto xorgserver xproto ;};
@@ -1515,11 +1515,11 @@ let
}) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xorgserver xproto ;};
xf86videogeode = (mkDerivation "xf86videogeode" {
- name = "xf86-video-geode-2.11.15";
+ name = "xf86-video-geode-2.11.16";
builder = ./builder.sh;
src = fetchurl {
- url = mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2;
- sha256 = "1w4ghr2a41kaw4g9na8ws5fjbmy8zkbxpxa21vmqc8mkjzb3pnq0";
+ url = mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2;
+ sha256 = "19y13xl7yfrgyis92rmxi0ld95ajgr5il0n9j1dridwzw9aizz1q";
};
buildInputs = [pkgconfig fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ];
}) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ;};
@@ -2035,11 +2035,11 @@ let
}) // {inherit ;};
xrandr = (mkDerivation "xrandr" {
- name = "xrandr-1.4.2";
+ name = "xrandr-1.4.3";
builder = ./builder.sh;
src = fetchurl {
- url = mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2;
- sha256 = "1g4hnj53wknsjwiqivyy3jl4qw7jwrpncz7d5p2z29zq5zlnxrxj";
+ url = mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2;
+ sha256 = "06xy0kr6ih7ilrwl6b5g6ay75vm2j4lxnv1d5xlj6sdqhqsaqm3i";
};
buildInputs = [pkgconfig libX11 xproto libXrandr libXrender ];
}) // {inherit libX11 xproto libXrandr libXrender ;};
diff --git a/pkgs/servers/x11/xorg/extra.list b/pkgs/servers/x11/xorg/extra.list
index 2d105241c2d1..84795ed980b3 100644
--- a/pkgs/servers/x11/xorg/extra.list
+++ b/pkgs/servers/x11/xorg/extra.list
@@ -1,6 +1,6 @@
http://xcb.freedesktop.org/dist/libpthread-stubs-0.3.tar.bz2
-http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2
-http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2
+http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2
+http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2
http://xcb.freedesktop.org/dist/xcb-util-0.3.9.tar.bz2
http://xcb.freedesktop.org/dist/xcb-util-image-0.3.9.tar.bz2
http://xcb.freedesktop.org/dist/xcb-util-keysyms-0.3.9.tar.bz2
diff --git a/pkgs/servers/x11/xorg/tarballs-7.7.list b/pkgs/servers/x11/xorg/tarballs-7.7.list
index 93acd927f3bf..1cc028e60d76 100644
--- a/pkgs/servers/x11/xorg/tarballs-7.7.list
+++ b/pkgs/servers/x11/xorg/tarballs-7.7.list
@@ -118,7 +118,7 @@ mirror://xorg/X11R7.7/src/everything/xf86driproto-2.1.1.tar.bz2
mirror://xorg/individual/driver/xf86-input-evdev-2.8.4.tar.bz2
mirror://xorg/individual/driver/xf86-input-joystick-1.6.2.tar.bz2
mirror://xorg/individual/driver/xf86-input-keyboard-1.8.0.tar.bz2
-mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2
+mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2
mirror://xorg/individual/driver/xf86-input-synaptics-1.7.6.tar.bz2
mirror://xorg/individual/driver/xf86-input-vmmouse-13.0.0.tar.bz2
mirror://xorg/individual/driver/xf86-input-void-1.4.0.tar.bz2
@@ -130,7 +130,7 @@ mirror://xorg/individual/driver/xf86-video-nouveau-1.0.10.tar.bz2
mirror://xorg/individual/driver/xf86-video-cirrus-1.5.2.tar.bz2
mirror://xorg/individual/driver/xf86-video-dummy-0.3.7.tar.bz2
mirror://xorg/individual/driver/xf86-video-fbdev-0.4.4.tar.bz2
-mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2
+mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2
mirror://xorg/individual/driver/xf86-video-glide-1.2.2.tar.bz2
mirror://xorg/individual/driver/xf86-video-glint-1.2.8.tar.bz2
mirror://xorg/individual/driver/xf86-video-i128-1.3.6.tar.bz2
@@ -176,7 +176,7 @@ mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2
mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2
mirror://xorg/individual/app/xprop-1.2.2.tar.bz2
mirror://xorg/individual/proto/xproto-7.0.26.tar.bz2
-mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2
+mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2
mirror://xorg/individual/app/xrdb-1.1.0.tar.bz2
mirror://xorg/individual/app/xrefresh-1.0.5.tar.bz2
mirror://xorg/individual/app/xset-1.2.3.tar.bz2
diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix
index 11731c1c1c10..29e4455f7cb3 100644
--- a/pkgs/stdenv/generic/default.nix
+++ b/pkgs/stdenv/generic/default.nix
@@ -154,7 +154,8 @@ let
|| system == "x86_64-kfreebsd-gnu";
isSunOS = system == "i686-solaris"
|| system == "x86_64-solaris";
- isCygwin = system == "i686-cygwin";
+ isCygwin = system == "i686-cygwin"
+ || system == "x86_64-cygwin";
isFreeBSD = system == "i686-freebsd"
|| system == "x86_64-freebsd";
isOpenBSD = system == "i686-openbsd"
diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix
index 23cccf223f4f..6f8b42c2266a 100644
--- a/pkgs/stdenv/linux/default.nix
+++ b/pkgs/stdenv/linux/default.nix
@@ -35,8 +35,8 @@ rec {
# The bootstrap process proceeds in several steps.
- # 1) Create a standard environment by downloading pre-built binaries
- # of coreutils, GCC, etc.
+ # Create a standard environment by downloading pre-built binaries of
+ # coreutils, GCC, etc.
# Download and unpack the bootstrap tools (coreutils, GCC, Glibc, ...).
@@ -46,7 +46,7 @@ rec {
builder = bootstrapFiles.sh;
args =
- if system == "armv5tel-linux" || system == "armv6l-linux"
+ if system == "armv5tel-linux" || system == "armv6l-linux"
|| system == "armv7l-linux"
then [ ./scripts/unpack-bootstrap-tools-arm.sh ]
else [ ./scripts/unpack-bootstrap-tools.sh ];
@@ -66,137 +66,136 @@ rec {
};
- # This function builds the various standard environments used during
- # the bootstrap.
- stdenvBootFun =
- {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? [], fetchurl}:
-
- import ../generic {
- inherit system config;
- name = "stdenv-linux-boot";
- preHook =
- ''
- # Don't patch #!/interpreter because it leads to retained
- # dependencies on the bootstrapTools in the final stdenv.
- dontPatchShebangs=1
- ${commonPreHook}
- '';
- shell = "${bootstrapTools}/bin/sh";
- initialPath = [bootstrapTools] ++ extraPath;
- fetchurlBoot = fetchurl;
- inherit gcc;
- # Having the proper 'platform' in all the stdenvs allows getting proper
- # linuxHeaders for example.
- extraAttrs = extraAttrs // { inherit platform; };
- overrides = pkgs: (overrides pkgs) // {
- inherit fetchurl;
- };
- };
-
- # Build a dummy stdenv with no GCC or working fetchurl. This is
- # because we need a stdenv to build the GCC wrapper and fetchurl.
- stdenvLinuxBoot0 = stdenvBootFun {
- gcc = "/no-such-path";
- fetchurl = null;
- };
-
-
- fetchurl = import ../../build-support/fetchurl {
- stdenv = stdenvLinuxBoot0;
- curl = bootstrapTools;
- };
-
-
- # The Glibc include directory cannot have the same prefix as the GCC
- # include directory, since GCC gets confused otherwise (it will
- # search the Glibc headers before the GCC headers). So create a
- # dummy Glibc.
- bootstrapGlibc = stdenvLinuxBoot0.mkDerivation {
- name = "bootstrap-glibc";
- buildCommand = ''
- mkdir -p $out
- ln -s ${bootstrapTools}/lib $out/lib
- ln -s ${bootstrapTools}/include-glibc $out/include
- '';
- };
-
-
# A helper function to call gcc-wrapper.
wrapGCC =
- { gcc ? bootstrapTools, libc, binutils, coreutils, shell ? "", name ? "bootstrap-gcc-wrapper" }:
+ { gcc, libc, binutils, coreutils, name }:
lib.makeOverridable (import ../../build-support/gcc-wrapper) {
nativeTools = false;
nativeLibc = false;
- inherit gcc binutils coreutils libc shell name;
- stdenv = stdenvLinuxBoot0;
+ inherit gcc binutils coreutils libc name;
+ stdenv = stage0.stdenv;
};
+ # This function builds the various standard environments used during
+ # the bootstrap. In all stages, we build an stdenv and the package
+ # set that can be built with that stdenv.
+ stageFun =
+ {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? []}:
+
+ let
+
+ thisStdenv = import ../generic {
+ inherit system config;
+ name = "stdenv-linux-boot";
+ preHook =
+ ''
+ # Don't patch #!/interpreter because it leads to retained
+ # dependencies on the bootstrapTools in the final stdenv.
+ dontPatchShebangs=1
+ ${commonPreHook}
+ '';
+ shell = "${bootstrapTools}/bin/sh";
+ initialPath = [bootstrapTools] ++ extraPath;
+ fetchurlBoot = import ../../build-support/fetchurl {
+ stdenv = stage0.stdenv;
+ curl = bootstrapTools;
+ };
+ inherit gcc;
+ # Having the proper 'platform' in all the stdenvs allows getting proper
+ # linuxHeaders for example.
+ extraAttrs = extraAttrs // { inherit platform; };
+ overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; };
+ };
+
+ thisPkgs = allPackages {
+ inherit system platform;
+ bootStdenv = thisStdenv;
+ };
+
+ in { stdenv = thisStdenv; pkgs = thisPkgs; };
+
+
+ # Build a dummy stdenv with no GCC or working fetchurl. This is
+ # because we need a stdenv to build the GCC wrapper and fetchurl.
+ stage0 = stageFun {
+ gcc = "/no-such-path";
+
+ overrides = pkgs: {
+ # The Glibc include directory cannot have the same prefix as the
+ # GCC include directory, since GCC gets confused otherwise (it
+ # will search the Glibc headers before the GCC headers). So
+ # create a dummy Glibc here, which will be used in the stdenv of
+ # stage1.
+ glibc = stage0.stdenv.mkDerivation {
+ name = "bootstrap-glibc";
+ buildCommand = ''
+ mkdir -p $out
+ ln -s ${bootstrapTools}/lib $out/lib
+ ln -s ${bootstrapTools}/include-glibc $out/include
+ '';
+ };
+ };
+ };
+
+
# Create the first "real" standard environment. This one consists
# of bootstrap tools only, and a minimal Glibc to keep the GCC
# configure script happy.
- stdenvLinuxBoot1 = stdenvBootFun {
+ #
+ # For clarity, we only use the previous stage when specifying these
+ # stages. So stageN should only ever have references for stage{N-1}.
+ #
+ # If we ever need to use a package from more than one stage back, we
+ # simply re-export those packages in the middle stage(s) using the
+ # overrides attribute and the inherit syntax.
+ stage1 = stageFun {
gcc = wrapGCC {
- libc = bootstrapGlibc;
+ gcc = bootstrapTools;
+ libc = stage0.pkgs.glibc;
binutils = bootstrapTools;
coreutils = bootstrapTools;
+ name = "bootstrap-gcc-wrapper";
+ };
+ # Rebuild binutils to use from stage2 onwards.
+ overrides = pkgs: {
+ binutils = pkgs.binutils.override { gold = false; };
+ inherit (stage0.pkgs) glibc;
};
- inherit fetchurl;
};
- # 2) These are the packages that we can build with the first
- # stdenv. We only need binutils, because recent Glibcs
- # require recent Binutils, and those in bootstrap-tools may
- # be too old.
- stdenvLinuxBoot1Pkgs = allPackages {
- inherit system platform;
- bootStdenv = stdenvLinuxBoot1;
- };
-
- binutils1 = stdenvLinuxBoot1Pkgs.binutils.override { gold = false; };
-
-
- # 3) 2nd stdenv that we will use to build only Glibc.
- stdenvLinuxBoot2 = stdenvBootFun {
+ # 2nd stdenv that contains our own rebuilt binutils and is used for
+ # compiling our own Glibc.
+ stage2 = stageFun {
gcc = wrapGCC {
- libc = bootstrapGlibc;
- binutils = binutils1;
+ gcc = bootstrapTools;
+ libc = stage1.pkgs.glibc;
+ binutils = stage1.pkgs.binutils;
coreutils = bootstrapTools;
+ name = "bootstrap-gcc-wrapper";
};
overrides = pkgs: {
- inherit (stdenvLinuxBoot1Pkgs) perl;
+ inherit (stage1.pkgs) perl binutils paxctl;
+ # This also contains the full, dynamically linked, final Glibc.
};
- inherit fetchurl;
};
- # 4) These are the packages that we can build with the 2nd
- # stdenv.
- stdenvLinuxBoot2Pkgs = allPackages {
- inherit system platform;
- bootStdenv = stdenvLinuxBoot2;
- };
-
-
- # 5) Build Glibc with the bootstrap tools. The result is the full,
- # dynamically linked, final Glibc.
- stdenvLinuxGlibc = stdenvLinuxBoot2Pkgs.glibc;
-
-
- # 6) Construct a third stdenv identical to the 2nd, except that this
- # one uses the Glibc built in step 5. It still uses the recent
- # binutils and rest of the bootstrap tools, including GCC.
- stdenvLinuxBoot3 = stdenvBootFun {
+ # Construct a third stdenv identical to the 2nd, except that this
+ # one uses the rebuilt Glibc from stage2. It still uses the recent
+ # binutils and rest of the bootstrap tools, including GCC.
+ stage3 = stageFun {
gcc = wrapGCC {
- binutils = binutils1;
+ gcc = bootstrapTools;
+ libc = stage2.pkgs.glibc;
+ binutils = stage2.pkgs.binutils;
coreutils = bootstrapTools;
- libc = stdenvLinuxGlibc;
+ name = "bootstrap-gcc-wrapper";
};
overrides = pkgs: {
- glibc = stdenvLinuxGlibc;
- inherit (stdenvLinuxBoot1Pkgs) perl;
+ inherit (stage2.pkgs) binutils glibc perl;
# Link GCC statically against GMP etc. This makes sense because
# these builds of the libraries are only used by GCC, so it
# reduces the size of the stdenv closure.
@@ -208,54 +207,40 @@ rec {
ppl = pkgs.ppl.override { stdenv = pkgs.makeStaticLibraries pkgs.stdenv; };
};
extraAttrs = {
- glibc = stdenvLinuxGlibc; # Required by gcc47 build
+ glibc = stage2.pkgs.glibc; # Required by gcc47 build
};
- extraPath = [ stdenvLinuxBoot1Pkgs.paxctl ];
- inherit fetchurl;
+ extraPath = [ stage2.pkgs.paxctl ];
};
- # 7) The packages that can be built using the third stdenv.
- stdenvLinuxBoot3Pkgs = allPackages {
- inherit system platform;
- bootStdenv = stdenvLinuxBoot3;
- };
-
-
- # 8) Construct a fourth stdenv identical to the second, except that
- # this one uses the new GCC from step 7. The other tools
- # (e.g. coreutils) are still from the bootstrap tools.
- stdenvLinuxBoot4 = stdenvBootFun {
- gcc = wrapGCC rec {
- binutils = binutils1;
+ # Construct a fourth stdenv that uses the new GCC. But coreutils is
+ # still from the bootstrap tools.
+ stage4 = stageFun {
+ gcc = wrapGCC {
+ gcc = stage3.pkgs.gcc.gcc;
+ libc = stage3.pkgs.glibc;
+ binutils = stage3.pkgs.binutils;
coreutils = bootstrapTools;
- libc = stdenvLinuxGlibc;
- gcc = stdenvLinuxBoot3Pkgs.gcc.gcc;
name = "";
};
- extraPath = [ stdenvLinuxBoot3Pkgs.xz ];
+ extraPath = [ stage3.pkgs.xz ];
overrides = pkgs: {
- inherit (stdenvLinuxBoot1Pkgs) perl;
- inherit (stdenvLinuxBoot3Pkgs) gettext gnum4 gmp;
+ # Zlib has to be inherited and not rebuilt in this stage,
+ # because gcc (since JAR support) already depends on zlib, and
+ # then if we already have a zlib we want to use that for the
+ # other purposes (binutils and top-level pkgs) too.
+ inherit (stage3.pkgs) gettext gnum4 gmp perl glibc zlib;
};
- inherit fetchurl;
};
- # 9) The packages that can be built using the fourth stdenv.
- stdenvLinuxBoot4Pkgs = allPackages {
- inherit system platform;
- bootStdenv = stdenvLinuxBoot4;
- };
-
-
- # 10) Construct the final stdenv. It uses the Glibc and GCC, and
- # adds in a new binutils that doesn't depend on bootstrap-tools,
- # as well as dynamically linked versions of all other tools.
+ # Construct the final stdenv. It uses the Glibc and GCC, and adds
+ # in a new binutils that doesn't depend on bootstrap-tools, as well
+ # as dynamically linked versions of all other tools.
#
- # When updating stdenvLinux, make sure that the result has no
- # dependency (`nix-store -qR') on bootstrapTools or the
- # first binutils built.
+ # When updating stdenvLinux, make sure that the result has no
+ # dependency (`nix-store -qR') on bootstrapTools or the first
+ # binutils built.
stdenvLinux = import ../generic rec {
inherit system config;
@@ -268,35 +253,32 @@ rec {
'';
initialPath =
- ((import ../common-path.nix) {pkgs = stdenvLinuxBoot4Pkgs;})
- ++ [stdenvLinuxBoot4Pkgs.patchelf stdenvLinuxBoot4Pkgs.paxctl ];
+ ((import ../common-path.nix) {pkgs = stage4.pkgs;})
+ ++ [stage4.pkgs.patchelf stage4.pkgs.paxctl ];
- gcc = wrapGCC rec {
- inherit (stdenvLinuxBoot4Pkgs) binutils coreutils;
- libc = stdenvLinuxGlibc;
- gcc = stdenvLinuxBoot4.gcc.gcc;
- shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash";
+ shell = stage4.pkgs.bash + "/bin/bash";
+
+ gcc = (wrapGCC rec {
+ gcc = stage4.stdenv.gcc.gcc;
+ libc = stage4.pkgs.glibc;
+ inherit (stage4.pkgs) binutils coreutils;
name = "";
- };
+ }).override { inherit shell; };
- shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash";
-
- fetchurlBoot = fetchurl;
+ inherit (stage4.stdenv) fetchurlBoot;
extraAttrs = {
- inherit (stdenvLinuxBoot3Pkgs) glibc;
+ inherit (stage4.pkgs) glibc;
inherit platform bootstrapTools;
- shellPackage = stdenvLinuxBoot4Pkgs.bash;
+ shellPackage = stage4.pkgs.bash;
};
overrides = pkgs: {
inherit gcc;
- inherit (stdenvLinuxBoot3Pkgs) glibc;
- inherit (stdenvLinuxBoot4Pkgs) binutils;
- inherit (stdenvLinuxBoot4Pkgs)
- gzip bzip2 xz bash coreutils diffutils findutils gawk
- gnumake gnused gnutar gnugrep gnupatch patchelf
- attr acl paxctl;
+ inherit (stage4.pkgs)
+ gzip bzip2 xz bash binutils coreutils diffutils findutils gawk
+ glibc gnumake gnused gnutar gnugrep gnupatch patchelf
+ attr acl paxctl zlib;
};
};
diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix
index b644f46dff86..e1d7c26fa430 100644
--- a/pkgs/tools/compression/xz/default.nix
+++ b/pkgs/tools/compression/xz/default.nix
@@ -10,6 +10,9 @@ stdenv.mkDerivation rec {
doCheck = true;
+ # In stdenv-linux, prevent a dependency on bootstrap-tools.
+ preHook = "unset CONFIG_SHELL";
+
meta = {
homepage = http://tukaani.org/xz/;
description = "XZ, general-purpose data compression software, successor of LZMA";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a798391ccd94..eda61a0c606b 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -2627,7 +2627,6 @@ let
bashInteractive = appendToName "interactive" (callPackage ../shells/bash {
interactive = true;
- readline = readline63; # Includes many vi mode fixes
});
bashCompletion = callPackage ../shells/bash-completion { };
@@ -3684,7 +3683,6 @@ let
suitesparse = null;
openjdk = null;
gnuplot = null;
- readline = readline63;
};
octaveFull = (lowPrio (callPackage ../development/interpreters/octave {
fltk = fltk13;
@@ -4372,7 +4370,6 @@ let
gdb = callPackage ../development/tools/misc/gdb {
guile = null;
hurd = gnu.hurdCross;
- readline = readline63;
inherit (gnu) mig;
};
@@ -6215,13 +6212,12 @@ let
raul = callPackage ../development/libraries/audio/raul { };
- readline = readline6; # 6.2 works, 6.3 breaks python, parted
-
- readline4 = callPackage ../development/libraries/readline/readline4.nix { };
+ readline = readline6;
+ readline6 = readline63;
readline5 = callPackage ../development/libraries/readline/readline5.nix { };
- readline6 = callPackage ../development/libraries/readline/readline6.nix { };
+ readline62 = callPackage ../development/libraries/readline/readline6.nix { };
readline63 = callPackage ../development/libraries/readline/readline6.3.nix { };