Merge remote-tracking branch 'origin/staging'

Conflicts: pkgs/applications/version-management/subversion/default.nix
2025-06-13 21:25:30 +03:00 · 2014-09-08 11:42:09 +02:00 · 2014-09-08 11:42:09 +02:00 · 585983bc95
commit 585983bc95
parent ff85b53c5f a71744392b
61 changed files with 3314 additions and 527 deletions
--- a/lib/platforms.nix
+++ b/lib/platforms.nix
@ -7,7 +7,7 @@ rec {
  freebsd = ["i686-freebsd" "x86_64-freebsd"];
  openbsd = ["i686-openbsd" "x86_64-openbsd"];
  netbsd = ["i686-netbsd" "x86_64-netbsd"];
-  cygwin = ["i686-cygwin"];
+  cygwin = ["i686-cygwin" "x86_64-cygwin"];
  unix = linux ++ darwin ++ freebsd ++ openbsd;
  all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd;
  none = [];
--- a/nixos/doc/manual/configuration/user-mgmt.xml
+++ b/nixos/doc/manual/configuration/user-mgmt.xml
@ -13,11 +13,10 @@ states that a user account named <literal>alice</literal> shall exist:
 <programlisting>
 users.extraUsers.alice =
-  { createHome = true;
+  { isNormalUser = true;
    home = "/home/alice";
    description = "Alice Foobar";
    extraGroups = [ "wheel" "networkmanager" ];
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
  };
 </programlisting>
@ -58,11 +57,6 @@ users.extraGroups.students.gid = 1000;
 As with users, the group ID (gid) is optional and will be assigned
 automatically if it’s missing.</para>
 <warning><para>Currently declarative user management is not perfect:
 <command>nixos-rebuild</command> does not know how to realise certain
 configuration changes.  This includes removing a user or group, and
 removing group membership from a user.</para></warning>
 <para>In the imperative style, users and groups are managed by
 commands such as <command>useradd</command>,
 <command>groupmod</command> and so on.  For instance, to create a user
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@ -0,0 +1,239 @@
 use strict;
 use File::Path qw(make_path);
 use File::Slurp;
 use JSON;
 make_path("/var/lib/nixos", { mode => 0755 });
 # Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
 # /etc/login.defs.
 sub allocId {
    my ($used, $idMin, $idMax, $up, $getid) = @_;
    my $id = $up ? $idMin : $idMax;
    while ($id >= $idMin && $id <= $idMax) {
        if (!$used->{$id} && !defined &$getid($id)) {
            $used->{$id} = 1;
            return $id;
        }
        $used->{$id} = 1;
        if ($up) { $id++; } else { $id--; }
    }
    die "$0: out of free UIDs or GIDs\n";
 }
 my (%gidsUsed, %uidsUsed);
 sub allocGid {
    return allocId(\%gidsUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) });
 }
 sub allocUid {
    my ($isSystemUser) = @_;
    my ($min, $max, $up) = $isSystemUser ? (400, 499, 0) : (1000, 29999, 1);
    return allocId(\%uidsUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) });
 }
 # Read the declared users/groups.
 my $spec = decode_json(read_file($ARGV[0]));
 # Don't allocate UIDs/GIDs that are already in use.
 foreach my $g (@{$spec->{groups}}) {
    $gidsUsed{$g->{gid}} = 1 if defined $g->{gid};
 }
 foreach my $u (@{$spec->{groups}}) {
    $uidsUsed{$u->{u}} = 1 if defined $u->{uid};
 }
 # Read the current /etc/group.
 sub parseGroup {
    chomp;
    my @f = split(':', $_, -4);
    my $gid = $f[2] eq "" ? undef : int($f[2]);
    $gidsUsed{$gid} = 1 if defined $gid;
    return ($f[0], { name => $f[0], password => $f[1], gid => $gid, members => $f[3] });
 }
 my %groupsCur = -f "/etc/group" ? map { parseGroup } read_file("/etc/group") : ();
 # Read the current /etc/passwd.
 sub parseUser {
    chomp;
    my @f = split(':', $_, -7);
    my $uid = $f[2] eq "" ? undef : int($f[2]);
    $uidsUsed{$uid} = 1 if defined $uid;
    return ($f[0], { name => $f[0], fakePassword => $f[1], uid => $uid,
        gid => $f[3], description => $f[4], home => $f[5], shell => $f[6] });
 }
 my %usersCur = -f "/etc/passwd" ? map { parseUser } read_file("/etc/passwd") : ();
 # Read the groups that were created declaratively (i.e. not by groups)
 # in the past. These must be removed if they are no longer in the
 # current spec.
 my $declGroupsFile = "/var/lib/nixos/declarative-groups";
 my %declGroups;
 $declGroups{$_} = 1 foreach split / /, -e $declGroupsFile ? read_file($declGroupsFile) : "";
 # Idem for the users.
 my $declUsersFile = "/var/lib/nixos/declarative-users";
 my %declUsers;
 $declUsers{$_} = 1 foreach split / /, -e $declUsersFile ? read_file($declUsersFile) : "";
 # Generate a new /etc/group containing the declared groups.
 my %groupsOut;
 foreach my $g (@{$spec->{groups}}) {
    my $name = $g->{name};
    my $existing = $groupsCur{$name};
    my %members = map { ($_, 1) } @{$g->{members}};
    if (defined $existing) {
        $g->{gid} = $existing->{gid} if !defined $g->{gid};
        if ($g->{gid} != $existing->{gid}) {
            warn "warning: not applying GID change of group ‘$name’\n";
            $g->{gid} = $existing->{gid};
        }
        $g->{password} = $existing->{password}; # do we want this?
        if ($spec->{mutableUsers}) {
            # Merge in non-declarative group members.
            foreach my $uname (split /,/, $existing->{members} // "") {
                $members{$uname} = 1 if !defined $declUsers{$uname};
            }
        }
    } else {
        $g->{gid} = allocGid if !defined $g->{gid};
        $g->{password} = "x";
    }
    $g->{members} = join ",", sort(keys(%members));
    $groupsOut{$name} = $g;
 }
 # Update the persistent list of declarative groups.
 write_file($declGroupsFile, join(" ", sort(keys %groupsOut)));
 # Merge in the existing /etc/group.
 foreach my $name (keys %groupsCur) {
    my $g = $groupsCur{$name};
    next if defined $groupsOut{$name};
    if (!$spec->{mutableUsers} || defined $declGroups{$name}) {
        print STDERR "removing group ‘$name’\n";
    } else {
        $groupsOut{$name} = $g;
    }
 }
 # Rewrite /etc/group. FIXME: acquire lock.
 my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
    (sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
 write_file("/etc/group.tmp", @lines);
 rename("/etc/group.tmp", "/etc/group") or die;
 system("nscd --invalidate group");
 # Generate a new /etc/passwd containing the declared users.
 my %usersOut;
 foreach my $u (@{$spec->{users}}) {
    my $name = $u->{name};
    # Resolve the gid of the user.
    if ($u->{group} =~ /^[0-9]$/) {
        $u->{gid} = $u->{group};
    } elsif (defined $groupsOut{$u->{group}}) {
        $u->{gid} = $groupsOut{$u->{group}}->{gid} // die;
    } else {
        warn "warning: user ‘$name’ has unknown group ‘$u->{group}’\n";
        $u->{gid} = 65534;
    }
    my $existing = $usersCur{$name};
    if (defined $existing) {
        $u->{uid} = $existing->{uid} if !defined $u->{uid};
        if ($u->{uid} != $existing->{uid}) {
            warn "warning: not applying UID change of user ‘$name’\n";
            $u->{uid} = $existing->{uid};
        }
    } else {
        $u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid};
        # Create a home directory.
        if ($u->{createHome}) {
            make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
            chown $u->{uid}, $u->{gid}, $u->{home};
        }
    }
    if (defined $u->{passwordFile}) {
        if (-e $u->{passwordFile}) {
            $u->{hashedPassword} = read_file($u->{passwordFile});
            chomp $u->{hashedPassword};
        } else {
            warn "warning: password file ‘$u->{passwordFile}’ does not exist\n";
        }
    }
    $u->{fakePassword} = $existing->{fakePassword} // "x";
    $usersOut{$name} = $u;
 }
 # Update the persistent list of declarative users.
 write_file($declUsersFile, join(" ", sort(keys %usersOut)));
 # Merge in the existing /etc/passwd.
 foreach my $name (keys %usersCur) {
    my $u = $usersCur{$name};
    next if defined $usersOut{$name};
    if (!$spec->{mutableUsers} || defined $declUsers{$name}) {
        print STDERR "removing user ‘$name’\n";
    } else {
        $usersOut{$name} = $u;
    }
 }
 # Rewrite /etc/passwd. FIXME: acquire lock.
@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
    (sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
 write_file("/etc/passwd.tmp", @lines);
 rename("/etc/passwd.tmp", "/etc/passwd") or die;
 system("nscd --invalidate passwd");
 # Rewrite /etc/shadow to add new accounts or remove dead ones.
 my @shadowNew;
 my %shadowSeen;
 foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) {
    chomp $line;
    my ($name, $password, @rest) = split(':', $line, -9);
    my $u = $usersOut{$name};;
    next if !defined $u;
    $password = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
    push @shadowNew, join(":", $name, $password, @rest) . "\n";
    $shadowSeen{$name} = 1;
 }
 foreach my $u (values %usersOut) {
    next if defined $shadowSeen{$u->{name}};
    my $password = "!";
    $password = $u->{hashedPassword} if defined $u->{hashedPassword};
    # FIXME: set correct value for sp_lstchg.
    push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n";
 }
 write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew);
 rename("/etc/shadow.tmp", "/etc/shadow") or die;
 # Call chpasswd to apply password. FIXME: generate the hashes directly
 # and merge into the /etc/shadow updating above.
 foreach my $u (@{$spec->{users}}) {
    if (defined $u->{password}) {
        my $pid = open(PW, "| chpasswd") or die;
        print PW "$u->{name}:$u->{password}\n";
        close PW or die "unable to change password of user ‘$u->{name}’: $?\n";
    }
 }
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@ -7,9 +7,6 @@ let
  ids = config.ids;
  cfg = config.users;
  nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers;
  nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups;
  passwordDescription = ''
    The options <literal>hashedPassword</literal>,
    <literal>password</literal> and <literal>passwordFile</literal>
@ -55,10 +52,8 @@ let
        type = with types; nullOr int;
        default = null;
        description = ''
-          The account UID. If the <option>mutableUsers</option> option
+          The account UID. If the UID is null, a free UID is picked on
-          is false, the UID cannot be null. Otherwise, the UID might be
+          activation.
          null, in which case a free UID is picked on activation (by the
          useradd command).
        '';
      };
@ -67,8 +62,7 @@ let
        default = false;
        description = ''
          Indicates if the user is a system user or not. This option
-          only has an effect if <option>mutableUsers</option> is
+          only has an effect if <option>uid</option> is
          <literal>true</literal> and <option>uid</option> is
          <option>null</option>, in which case it determines whether
          the user's UID is allocated in the range for system users
          (below 500) or in the range for normal users (starting at
@ -76,6 +70,21 @@ let
        '';
      };
      isNormalUser = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Indicates whether this is an account for a “real” user. This
          automatically sets <option>group</option> to
          <literal>users</literal>, <option>createHome</option> to
          <literal>true</literal>, <option>home</option> to
          <filename>/home/<replaceable>username</replaceable></filename>,
          <option>useDefaultShell</option> to <literal>true</literal>,
          and <option>isSystemUser</option> to
          <literal>false</literal>.
        '';
      };
      group = mkOption {
        type = types.str;
        default = "nogroup";
@ -182,22 +191,20 @@ let
          ${passwordDescription}
        '';
      };
      createUser = mkOption {
        type = types.bool;
        default = true;
        description = ''
          Indicates if the user should be created automatically as a local user.
          Set this to false if the user for instance is an LDAP user. NixOS will
          then not modify any of the basic properties for the user account.
        '';
      };
    };
-    config = {
+    config = mkMerge
-      name = mkDefault name;
+      [ { name = mkDefault name;
-      shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell);
+          shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell);
-    };
+        }
        (mkIf config.isNormalUser {
          group = mkDefault "users";
          createHome = mkDefault true;
          home = mkDefault "/home/${name}";
          useDefaultShell = mkDefault true;
          isSystemUser = mkDefault false;
        })
      ];
  };
@ -217,10 +224,8 @@ let
        type = with types; nullOr int;
        default = null;
        description = ''
-          The group GID. If the <literal>mutableUsers</literal> option
+          The group GID. If the GID is null, a free GID is picked on
-          is false, the GID cannot be null. Otherwise, the GID might be
+          activation.
          null, in which case a free GID is picked on activation (by the
          groupadd command).
        '';
      };
@ -271,97 +276,17 @@ let
    };
  };
  getGroup = gname:
    let
      groups = mapAttrsToList (n: g: g) (
        filterAttrs (n: g: g.name == gname) cfg.extraGroups
      );
    in
      if length groups == 1 then head groups
      else if groups == [] then throw "Group ${gname} not defined"
      else throw "Group ${gname} has multiple definitions";
  getUser = uname:
    let
      users = mapAttrsToList (n: u: u) (
        filterAttrs (n: u: u.name == uname) cfg.extraUsers
      );
    in
      if length users == 1 then head users
      else if users == [] then throw "User ${uname} not defined"
      else throw "User ${uname} has multiple definitions";
  mkGroupEntry = gname:
    let
      g = getGroup gname;
      users = mapAttrsToList (n: u: u.name) (
        filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers
      );
    in concatStringsSep ":" [
      g.name "x" (toString g.gid)
      (concatStringsSep "," (users ++ (filter (u: !(elem u users)) g.members)))
    ];
  mkPasswdEntry = uname: let u = getUser uname; in
    concatStringsSep ":" [
      u.name "x" (toString u.uid)
      (toString (getGroup u.group).gid)
      u.description u.home u.shell
    ];
  filterNull = a: filter (x: hasAttr a x && getAttr a x != null);
  sortOn = a: sort (as1: as2: lessThan (getAttr a as1) (getAttr a as2));
  groupFile = pkgs.writeText "group" (
    concatStringsSep "\n" (map (g: mkGroupEntry g.name) (
      sortOn "gid" (filterNull "gid" (attrValues cfg.extraGroups))
    ))
  );
  passwdFile = pkgs.writeText "passwd" (
    concatStringsSep "\n" (map (u: mkPasswdEntry u.name) (
      sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))
    ))
  );
  mkSubuidEntry = user: concatStrings (
    map (range: "${user.name}:${toString range.startUid}:${toString range.count}\n")
-        user.subUidRanges);
+      user.subUidRanges);
-  subuidFile = concatStrings (map mkSubuidEntry (
+  subuidFile = concatStrings (map mkSubuidEntry (attrValues cfg.extraUsers));
    sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))));
  mkSubgidEntry = user: concatStrings (
    map (range: "${user.name}:${toString range.startGid}:${toString range.count}\n")
        user.subGidRanges);
-  subgidFile = concatStrings (map mkSubgidEntry (
+  subgidFile = concatStrings (map mkSubgidEntry (attrValues cfg.extraUsers));
    sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))));
  # If mutableUsers is true, this script adds all users/groups defined in
  # users.extra{Users,Groups} to /etc/{passwd,group} iff there isn't any
  # existing user/group with the same name in those files.
  # If mutableUsers is false, the /etc/{passwd,group} files will simply be
  # replaced with the users/groups defined in the NixOS configuration.
  # The merging procedure could certainly be improved, and instead of just
  # keeping the lines as-is from /etc/{passwd,group} they could be combined
  # in some way with the generated content from the NixOS configuration.
  merger = src: pkgs.writeScript "merger" ''
    #!${pkgs.bash}/bin/bash
    PATH=${pkgs.gawk}/bin:${pkgs.gnugrep}/bin:$PATH
    ${if !cfg.mutableUsers
      then ''cp ${src} $1.tmp''
      else ''awk -F: '{ print "^"$1":.*" }' $1 | egrep -vf - ${src} | cat $1 - > $1.tmp''
    }
    # set mtime to +1, otherwise change might go unnoticed (vipw/vigr only looks at mtime)
    touch -m -t $(date -d @$(($(stat -c %Y $1)+1)) +%Y%m%d%H%M.%S) $1.tmp
    mv -f $1.tmp $1
  '';
  idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }:
    let
@ -376,6 +301,21 @@ let
  uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid";
  gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid";
  spec = builtins.toFile "users-groups.json" (builtins.toJSON {
    inherit (cfg) mutableUsers;
    users = mapAttrsToList (n: u:
      { inherit (u)
          name uid group description home shell createHome isSystemUser
          password passwordFile hashedPassword;
      }) cfg.extraUsers;
    groups = mapAttrsToList (n: g:
      { inherit (g) name gid;
        members = mapAttrsToList (n: u: u.name) (
          filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers
        );
      }) cfg.extraGroups;
  });
 in {
  ###### interface
@ -512,67 +452,12 @@ in {
      grsecurity.gid = ids.gids.grsecurity;
    };
-    system.activationScripts.users =
+    system.activationScripts.users = stringAfter [ "etc" ]
-      let
+      ''
-        mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers;
+        ${pkgs.perl}/bin/perl -w \
-        setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers;
+          -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl \
-        pwFile = u: if !(isNull u.hashedPassword)
+          -I${pkgs.perlPackages.JSON}/lib/perl5/site_perl \
-          then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; }
+          ${./update-users-groups.pl} ${spec}
          else if !(isNull u.password)
          then pkgs.runCommand "password-file" { pw = u.password; } ''
            echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out
          '' else u.passwordFile;
        setpw = n: u: ''
          setpw=yes
          ${optionalString cfg.mutableUsers ''
            test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no
          ''}
          if [ "$setpw" == "yes" ]; then
            ${if !(isNull (pwFile u))
              then ''
                echo -n "${u.name}:" | cat - "${pwFile u}" | \
                  ${pkgs.shadow}/sbin/chpasswd -e
              ''
              else "passwd -l '${u.name}' &>/dev/null"
            }
          fi
        '';
        mkhome = n: u: ''
          uid="$(id -u ${u.name})"
          gid="$(id -g ${u.name})"
          h="${u.home}"
          test -a "$h" || mkdir -p "$h" || true
          test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true
          test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true
        '';
        groupadd = n: g: ''
          if [ -z "$(getent group "${g.name}")" ]; then
            ${pkgs.shadow}/sbin/groupadd "${g.name}"
          fi
        '';
        useradd = n: u: ''
          if ! id "${u.name}" &>/dev/null; then
            ${pkgs.shadow}/sbin/useradd \
              -g "${u.group}" \
              -G "${concatStringsSep "," u.extraGroups}" \
              -s "${u.shell}" \
              -d "${u.home}" \
              ${optionalString u.isSystemUser "--system"} \
              "${u.name}"
            echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e
          fi
        '';
      in stringAfter [ "etc" ] ''
        touch /etc/group
        touch /etc/passwd
        VISUAL=${merger groupFile} ${pkgs.shadow}/sbin/vigr &>/dev/null
        VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null
        ${pkgs.shadow}/sbin/grpconv
        ${pkgs.shadow}/sbin/pwconv
        ${concatStrings (mapAttrsToList groupadd nonGidGroups)}
        ${concatStrings (mapAttrsToList useradd nonUidUsers)}
        ${concatStrings (mapAttrsToList mkhome mkhomeUsers)}
        ${concatStrings (mapAttrsToList setpw setpwUsers)}
      '';
    # for backwards compatibility
@ -589,13 +474,7 @@ in {
    assertions = [
      { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
-        message = "uids and gids must be unique!";
+        message = "UIDs and GIDs must be unique!";
      }
      { assertion = cfg.mutableUsers || (nonUidUsers == {});
        message = "When mutableUsers is false, no uid can be null: ${toString (attrNames nonUidUsers)}";
      }
      { assertion = cfg.mutableUsers || (nonGidGroups == {});
        message = "When mutableUsers is false, no gid can be null";
      }
    ];
--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@ -525,12 +525,8 @@ $bootLoaderConfig
  # Define a user account. Don't forget to set a password with ‘passwd’.
  # users.extraUsers.guest = {
-  #   name = "guest";
+  #   isNormalUser = true;
  #   group = "users";
  #   uid = 1000;
  #   createHome = true;
  #   home = "/home/guest";
  #   shell = "/run/current-system/sw/bin/bash";
  # };
 }
--- a/nixos/modules/profiles/demo.nix
+++ b/nixos/modules/profiles/demo.nix
@ -4,12 +4,9 @@
  imports = [ ./graphical.nix ];
  users.extraUsers.demo =
-    { description = "Demo user account";
+    { isNormalUser = true;
-      group = "users";
+      description = "Demo user account";
      extraGroups = [ "wheel" ];
      home = "/home/demo";
      createHome = true;
      useDefaultShell = true;
      password = "demo";
      uid = 1000;
    };
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@ -174,6 +174,11 @@ in
            # Clean up existing machined registration and interfaces.
            machinectl terminate "$INSTANCE" 2> /dev/null || true
            if [ "$PRIVATE_NETWORK" = 1 ]; then
              ip link del dev "ve-$INSTANCE" 2> /dev/null || true
            fi
            if [ "$PRIVATE_NETWORK" = 1 ]; then
              ip link del dev "ve-$INSTANCE" 2> /dev/null || true
            fi
@ -240,6 +245,12 @@ in
                ip route add $LOCAL_ADDRESS dev $ifaceHost
              fi
            fi
            # This blocks until the container-startup-done service
            # writes something to this pipe.  FIXME: it also hangs
            # until the start timeout expires if systemd-nspawn exits.
            read x < $root/var/lib/startup-done
            rm -f $root/var/lib/startup-done
          '';
        preStop =
--- a/nixos/tests/common/user-account.nix
+++ b/nixos/tests/common/user-account.nix
@ -1,11 +1,9 @@
 { pkgs, ... }:
 { users.extraUsers = pkgs.lib.singleton
-    { name = "alice";
+    { isNormalUser = true;
      name = "alice";
      description = "Alice Foobar";
      home = "/home/alice";
      createHome = true;
      useDefaultShell = true;
      password = "foobar";
      uid = 1000;
    };
--- a/pkgs/applications/editors/ed/default.nix
+++ b/pkgs/applications/editors/ed/default.nix
@ -1,11 +1,14 @@
 { fetchurl, stdenv }:
 stdenv.mkDerivation rec {
-  name = "ed-1.9";
+  name = "ed-1.10";
  src = fetchurl {
-    url = "mirror://gnu/ed/${name}.tar.gz";
+    # gnu only provides *.lz tarball, which is unfriendly for stdenv bootstrapping
-    sha256 = "122syihsx2hwzj75mkf5a9ssiky2xby748kp4cc00wzhmp7p5cym";
+    #url = "mirror://gnu/ed/${name}.tar.gz";
    url = "http://pkgs.fedoraproject.org/repo/extras/ed/${name}.tar.bz2"
      + "/38204d4c690a17a989e802ba01b45e98/${name}.tar.bz2";
    sha256 = "16qvshl8470f3znjfrrci3lzllqkzc6disk5kygzsg9hh4f6wysq";
  };
  /* FIXME: Tests currently fail on Darwin:
--- a/pkgs/applications/networking/instant-messengers/twinkle/default.nix
+++ b/pkgs/applications/networking/instant-messengers/twinkle/default.nix
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
  NIX_CFLAGS_LINK = "-Wl,--as-needed -lboost_regex -lasound -lzrtpcpp -lspeex -lspeexdsp";
-  enableParallelBuilding = true;
+  #enableParallelBuilding = true; # fatal error: messageform.h: No such file or directory
  meta = with stdenv.lib; {
    homepage = http://www.twinklephone.com/;
--- a/pkgs/applications/networking/newsreaders/liferea/default.nix
+++ b/pkgs/applications/networking/newsreaders/liferea/default.nix
@ -33,7 +33,6 @@ stdenv.mkDerivation rec {
    for f in "$out"/bin/*; do
      wrapProgram "$f" \
        --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \
        --prefix LD_LIBRARY_PATH : "${gnome3.libgnome_keyring}/lib" \
        --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
        --prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules:${glib_networking}/lib/gio/modules" \
        --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gtk}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
--- a/pkgs/applications/virtualization/virt-manager/default.nix
+++ b/pkgs/applications/virtualization/virt-manager/default.nix
@ -51,7 +51,6 @@ buildPythonPackage rec {
            --prefix GI_TYPELIB_PATH : $GI_TYPELIB_PATH \
            --prefix GIO_EXTRA_MODULES : "${dconf}/lib/gio/modules" \
            --prefix GSETTINGS_SCHEMA_DIR : $out/share/glib-2.0/schemas \
            --prefix LD_LIBRARY_PATH : ${gtk3}/lib/:${libvirt-glib}/lib/:${vte}/lib:${gtkvnc}/lib${optionalString spiceSupport ":${spice_gtk}/lib"} \
            --prefix XDG_DATA_DIRS : "$out/share:${gsettings_desktop_schemas}/share:${gtk3}/share:$GSETTINGS_SCHEMAS_PATH:\$XDG_DATA_DIRS"
    done
--- a/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh
+++ b/pkgs/build-support/gcc-wrapper/gcc-wrapper.sh
@ -77,7 +77,6 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE"; then
        n=$((n + 1))
    done
    params=("${rest[@]}")
    NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE --sysroot=/var/empty"
 fi
--- a/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix
+++ b/pkgs/desktops/gnome-3/3.10/apps/gedit/default.nix
@ -25,7 +25,6 @@ stdenv.mkDerivation rec {
    wrapProgram "$out/bin/gedit" \
      --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
      --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
      --prefix LD_LIBRARY_PATH : "${gnome3.libpeas}/lib:${gnome3.gtksourceview}/lib" \
      --prefix XDG_DATA_DIRS : "${gnome3.gtksourceview}/share:${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
  '';
--- a/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix
+++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-documents/default.nix
@ -28,17 +28,11 @@ stdenv.mkDerivation rec {
  enableParallelBuilding = true;
-  preFixup =
+  preFixup = ''
    let
      libPath = stdenv.lib.makeLibraryPath
        [ evince gtk3 gnome3.tracker gnome3.gnome_online_accounts ];
    in
    ''
    substituteInPlace $out/bin/gnome-documents --replace gapplication "${glib}/bin/gapplication"
    wrapProgram "$out/bin/gnome-documents" \
      --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
      --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
      --prefix LD_LIBRARY_PATH ":" "${libPath}" \
      --prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
      --run "if [ -z \"\$XDG_CACHE_DIR\" ]; then XDG_CACHE_DIR=\$HOME/.cache; fi; if [ -w \"\$XDG_CACHE_DIR/..\" ]; then mkdir -p \"\$XDG_CACHE_DIR/gnome-documents\"; fi"
    rm $out/share/icons/hicolor/icon-theme.cache
--- a/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix
+++ b/pkgs/desktops/gnome-3/3.10/apps/gnome-music/default.nix
@ -24,19 +24,11 @@ stdenv.mkDerivation rec {
  enableParallelBuilding = true;
-  preFixup =
+  preFixup = ''
    let
      libPath = stdenv.lib.makeLibraryPath
        [ glib gtk3 libnotify tracker gnome3.grilo cairo
          gst_all_1.gstreamer gst_all_1.gst-plugins-base
          gst_all_1.gst-plugins-good gst_all_1.gst-plugins-bad ];
    in
    ''
    wrapProgram "$out/bin/gnome-music" \
      --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
      --prefix XDG_DATA_DIRS : "${gnome3.gnome_themes_standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
      --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
      --prefix LD_LIBRARY_PATH : "${libPath}" \
      --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0" \
      --prefix GRL_PLUGIN_PATH : "${gnome3.grilo-plugins}/lib/grilo-0.2" \
      --prefix PYTHONPATH : "$PYTHONPATH"
--- a/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix
+++ b/pkgs/desktops/gnome-3/3.12/core/gnome-shell/default.nix
@ -35,7 +35,6 @@ stdenv.mkDerivation rec {
    wrapProgram "$out/bin/gnome-shell" \
      --prefix PATH : "${unzip}/bin" \
      --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
      --prefix LD_LIBRARY_PATH : "${accountsservice}/lib:${ibus}/lib:${gdm}/lib" \
      --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
      --prefix XDG_DATA_DIRS : "${gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
--- a/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix
+++ b/pkgs/desktops/gnome-3/3.12/misc/gnome-tweak-tool/default.nix
@ -30,7 +30,6 @@ stdenv.mkDerivation rec {
      --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
      --prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
      --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
      --prefix LD_LIBRARY_PATH ":" "${libsoup}/lib:${gnome3.gnome_desktop}/lib:${libnotify}/lib:${gtk3}/lib:${atk}/lib" \
      --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)"
  '';
--- a/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix
+++ b/pkgs/desktops/gnome-3/3.12/misc/gpaste/default.nix
@ -30,8 +30,7 @@ stdenv.mkDerivation rec {
      for i in $out/libexec/gpaste/*; do
        wrapProgram $i \
          --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
-          --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
+          --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH"
          --prefix LD_LIBRARY_PATH : "${libPath}"
      done
    '';
--- a/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
+++ b/pkgs/desktops/kde-4.12/kdelibs/kdelibs.nix
@ -4,7 +4,7 @@
 , automoc4, soprano, qca2, attica, enchant, libdbusmenu_qt, grantlee
 , docbook_xml_dtd_42, docbook_xsl, polkit_qt_1, acl, attr, libXtst
 , udev, herqq, phonon, libjpeg, xz, ilmbase, libxslt
-, pkgconfig
+, pkgconfig, fetchpatch
 }:
 kde {
@ -28,7 +28,15 @@ kde {
  # There are a few hardcoded paths.
  # Split plugins from libs?
-  patches = [ ../files/polkit-install.patch ];
+  patches = [
    ../files/polkit-install.patch
    (fetchpatch {
      name = "CVE-2014-5033.patch";
      url = "http://quickgit.kde.org/?p=kdelibs.git"
        + "&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23";
      sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73";
    })
  ];
  cmakeFlags = [
    "-DDOCBOOKXML_CURRENTDTD_DIR=${docbook_xml_dtd_42}/xml/dtd/docbook"
--- a/pkgs/development/compilers/gcc/4.8/default.nix
+++ b/pkgs/development/compilers/gcc/4.8/default.nix
@ -13,7 +13,7 @@
 , perl ? null # optional, for texi2pod (then pod2man); required for Java
 , gmp, mpfr, mpc, gettext, which
 , libelf                      # optional, for link-time optimizations (LTO)
-, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
+, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
 , zlib ? null, boehmgc ? null
 , zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null
 , libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null
@ -59,14 +59,12 @@ let version = "4.8.3";
    # Whether building a cross-compiler for GNU/Hurd.
    crossGNU = cross != null && cross.config == "i586-pc-gnu";
-  /* gccinstall.info says that "parallel make is currently not supported since
+    enableParallelBuilding = true;
     collisions in profile collecting may occur".
  */
    enableParallelBuilding = !profiledCompiler;
    patches = []
      ++ optional enableParallelBuilding ./parallel-bconfig.patch
      ++ optional (cross != null) ./libstdc++-target.patch
      ++ optional noSysDirs ./no-sys-dirs.patch
      # The GNAT Makefiles did not pay attention to CFLAGS_FOR_TARGET for its
      # target libraries and tools.
      ++ optional langAda ./gnat-cflags.patch
@ -278,7 +276,6 @@ stdenv.mkDerivation ({
    ++ (optional javaAwtGtk pkgconfig);
  buildInputs = [ gmp mpfr mpc libelf ]
    ++ (optional (ppl != null) ppl)
    ++ (optional (cloog != null) cloog)
    ++ (optional (isl != null) isl)
    ++ (optional (zlib != null) zlib)
@ -295,15 +292,7 @@ stdenv.mkDerivation ({
  NIX_LDFLAGS = stdenv.lib.optionalString  stdenv.isSunOS "-lm -ldl";
-  preConfigure = ''
+  preConfigure = stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) ''
    configureFlagsArray=(
      ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic)
        "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"}
      ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS)
        "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\"
         \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""}
    );
  '' + stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit) ''
    export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g`
    export LDFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $LDFLAGS_FOR_TARGET"
    export CXXFLAGS_FOR_TARGET="-Wl,-rpath,$prefix/lib/amd64 $CXXFLAGS_FOR_TARGET"
@ -331,7 +320,6 @@ stdenv.mkDerivation ({
    ${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"}
    ${if enableShared then "" else "--disable-shared"}
    ${if enablePlugin then "--enable-plugin" else "--disable-plugin"}
    ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""}
    ${optionalString (isl != null) "--with-isl=${isl}"}
    ${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"}
    ${if langJava then
@ -414,7 +402,6 @@ stdenv.mkDerivation ({
    configureFlags = ''
      ${if enableMultilib then "" else "--disable-multilib"}
      ${if enableShared then "" else "--disable-shared"}
      ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""}
      ${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""}
      ${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""}
      ${if javaAwtGtk then "--enable-java-awt=gtk" else ""}
@ -523,7 +510,6 @@ stdenv.mkDerivation ({
    maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ];
    # Volunteers needed for the {Cyg,Dar}win ports of *PPL.
    # gnatboot is not available out of linux platforms, so we disable the darwin build
    # for the gnat (ada compiler).
    platforms =
--- a/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch
+++ b/pkgs/development/compilers/gcc/4.8/no-sys-dirs.patch
@ -0,0 +1,28 @@
 diff -ru -x '*~' gcc-4.8.3-orig/gcc/cppdefault.c gcc-4.8.3/gcc/cppdefault.c
 --- gcc-4.8.3-orig/gcc/cppdefault.c	2013-01-10 21:38:27.000000000 +0100
 +++ gcc-4.8.3/gcc/cppdefault.c	2014-08-18 16:20:32.893944536 +0200
@@ -35,6 +35,8 @@
 # undef CROSS_INCLUDE_DIR
 #endif
 +#undef LOCAL_INCLUDE_DIR
 +
 const struct default_include cpp_include_defaults[]
 #ifdef INCLUDE_DEFAULTS
 = INCLUDE_DEFAULTS;
 diff -ru -x '*~' gcc-4.8.3-orig/gcc/gcc.c gcc-4.8.3/gcc/gcc.c
 --- gcc-4.8.3-orig/gcc/gcc.c	2014-03-23 12:30:57.000000000 +0100
 +++ gcc-4.8.3/gcc/gcc.c	2014-08-18 13:19:32.689201690 +0200
@@ -1162,10 +1162,10 @@
 /* Default prefixes to attach to command names.  */
 #ifndef STANDARD_STARTFILE_PREFIX_1
 -#define STANDARD_STARTFILE_PREFIX_1 "/lib/"
 +#define STANDARD_STARTFILE_PREFIX_1 ""
 #endif
 #ifndef STANDARD_STARTFILE_PREFIX_2
 -#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/"
 +#define STANDARD_STARTFILE_PREFIX_2 ""
 #endif
 #ifdef CROSS_DIRECTORY_STRUCTURE  /* Don't use these prefixes for a cross compiler.  */
--- a/pkgs/development/compilers/gcc/4.9/default.nix
+++ b/pkgs/development/compilers/gcc/4.9/default.nix
@ -11,7 +11,7 @@
 , perl ? null # optional, for texi2pod (then pod2man); required for Java
 , gmp, mpfr, mpc, gettext, which
 , libelf                      # optional, for link-time optimizations (LTO)
-, ppl ? null, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
+, cloog ? null, isl ? null # optional, for the Graphite optimization framework.
 , zlib ? null, boehmgc ? null
 , zip ? null, unzip ? null, pkgconfig ? null, gtk ? null, libart_lgpl ? null
 , libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null
@ -57,10 +57,7 @@ let version = "4.9.1";
    # Whether building a cross-compiler for GNU/Hurd.
    crossGNU = cross != null && cross.config == "i586-pc-gnu";
-  /* gccinstall.info says that "parallel make is currently not supported since
+    enableParallelBuilding = true;
     collisions in profile collecting may occur".
  */
    enableParallelBuilding = !profiledCompiler;
    patches = [ ]
      ++ optional enableParallelBuilding ./parallel-bconfig.patch
@ -276,7 +273,6 @@ stdenv.mkDerivation ({
    ++ (optional javaAwtGtk pkgconfig);
  buildInputs = [ gmp mpfr mpc libelf ]
    ++ (optional (ppl != null) ppl)
    ++ (optional (cloog != null) cloog)
    ++ (optional (isl != null) isl)
    ++ (optional (zlib != null) zlib)
@ -294,13 +290,6 @@ stdenv.mkDerivation ({
  NIX_LDFLAGS = stdenv.lib.optionalString  stdenv.isSunOS "-lm -ldl";
  preConfigure = ''
    configureFlagsArray=(
      ${stdenv.lib.optionalString (ppl != null && ppl ? dontDisableStatic && ppl.dontDisableStatic)
        "'--with-host-libstdcxx=-lstdc++ -lgcc_s'"}
      ${stdenv.lib.optionalString (ppl != null && stdenv.isSunOS)
        "\"--with-host-libstdcxx=-Wl,-rpath,\$prefix/lib/amd64 -lstdc++\"
         \"--with-boot-ldflags=-L../prev-x86_64-pc-solaris2.11/libstdc++-v3/src/.libs\""}
    );
    ${stdenv.lib.optionalString (stdenv.isSunOS && stdenv.is64bit)
      ''
        export NIX_LDFLAGS=`echo $NIX_LDFLAGS | sed -e s~$prefix/lib~$prefix/lib/amd64~g`
@ -322,7 +311,6 @@ stdenv.mkDerivation ({
    ${if enableMultilib then "--disable-libquadmath" else "--disable-multilib"}
    ${if enableShared then "" else "--disable-shared"}
    ${if enablePlugin then "--enable-plugin" else "--disable-plugin"}
    ${if ppl != null then "--with-ppl=${ppl} --disable-ppl-version-check" else ""}
    ${optionalString (isl != null) "--with-isl=${isl}"}
    ${optionalString (cloog != null) "--with-cloog=${cloog} --disable-cloog-version-check --enable-cloog-backend=isl"}
    ${if langJava then
@ -403,7 +391,6 @@ stdenv.mkDerivation ({
    configureFlags = ''
      ${if enableMultilib then "" else "--disable-multilib"}
      ${if enableShared then "" else "--disable-shared"}
      ${if ppl != null then "--with-ppl=${ppl.crossDrv}" else ""}
      ${if cloog != null then "--with-cloog=${cloog.crossDrv} --enable-cloog-backend=isl" else ""}
      ${if langJava then "--with-ecj-jar=${javaEcj.crossDrv}" else ""}
      ${if javaAwtGtk then "--enable-java-awt=gtk" else ""}
@ -510,7 +497,6 @@ stdenv.mkDerivation ({
    maintainers = with stdenv.lib.maintainers; [ ludo viric shlevy simons ];
    # Volunteers needed for the {Cyg,Dar}win ports of *PPL.
    # gnatboot is not available out of linux platforms, so we disable the darwin build
    # for the gnat (ada compiler).
    platforms =
--- a/pkgs/development/compilers/orc/default.nix
+++ b/pkgs/development/compilers/orc/default.nix
@ -1,14 +1,14 @@
 { stdenv, fetchurl }:
 stdenv.mkDerivation rec {
-  name = "orc-0.4.19";
+  name = "orc-0.4.21";
  src = fetchurl {
-    url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.gz";
+    url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.xz";
-    sha256 = "17mmgwll2waz44m908lcxc5fd6n44yysh7p4pdw33hr138r507z2";
+    sha256 = "187wrnq0ficwjj4y3yqci5fxcdkiazfs6k5js26k5b26hipzmham";
  };
-  doCheck = true;
+  doCheck = stdenv.is64bit; # see https://bugzilla.gnome.org/show_bug.cgi?id=728129#c7
  meta = {
    description = "The Oil Runtime Compiler";
--- a/pkgs/development/interpreters/perl/5.16/default.nix
+++ b/pkgs/development/interpreters/perl/5.16/default.nix
@ -54,6 +54,12 @@ stdenv.mkDerivation rec {
      ${optionalString stdenv.isArm ''
        configureFlagsArray=(-Dldflags="-lm -lrt")
      ''}
      ${optionalString stdenv.isCygwin ''
        cp cygwin/cygwin.c{,.bak}
        echo "#define PERLIO_NOT_STDIO 0" > tmp
        cat tmp cygwin/cygwin.c.bak > cygwin/cygwin.c
      ''}
    '';
  preBuild = optionalString (!(stdenv ? gcc && stdenv.gcc.nativeTools))
--- a/pkgs/development/libraries/cloog/default.nix
+++ b/pkgs/development/libraries/cloog/default.nix
@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
  configureFlags = [ "--with-isl=system" ];
  enableParallelBuilding = true;
  doCheck = true;
  meta = {
--- a/pkgs/development/libraries/glew/default.nix
+++ b/pkgs/development/libraries/glew/default.nix
@ -3,11 +3,11 @@
 with stdenv.lib;
 stdenv.mkDerivation rec {
-  name = "glew-1.10.0";
+  name = "glew-1.11.0";
  src = fetchurl {
    url = "mirror://sourceforge/glew/${name}.tgz";
-    sha256 = "01zki46dr5khzlyywr3cg615bcal32dazfazkf360s1znqh17i4r";
+    sha256 = "1mhkllxz49l1x680dmzrv2i82qjrq017sykah3xc90f2d8qcxfv9";
  };
  nativeBuildInputs = [ x11 libXmu libXi ];
@ -42,9 +42,11 @@ stdenv.mkDerivation rec {
  ] ++ optional (stdenv.cross.libc == "msvcrt") "SYSTEM=mingw"
    ++ optional (stdenv.cross.libc == "libSystem") "SYSTEM=darwin";
-  meta = {
+  meta = with stdenv.lib; {
    description = "An OpenGL extension loading library for C(++)";
    homepage = http://glew.sourceforge.net/;
-    license = ["BSD" "GLX" "SGI-B" "GPL2"]; # License description copied from gentoo-1.4.0 
+    license = licenses.free; # different files under different licenses
      #["BSD" "GLX" "SGI-B" "GPL2"]
    platforms = platforms.mesaPlatforms;
  };
 }
--- a/pkgs/development/libraries/glibc/2.19/common.nix
+++ b/pkgs/development/libraries/glibc/2.19/common.nix
@ -60,6 +60,7 @@ stdenv.mkDerivation ({
      ./fix-math.patch
      ./cve-2014-0475.patch
      ./cve-2014-5119.patch
    ];
  postPatch = ''
--- a/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch
+++ b/pkgs/development/libraries/glibc/2.19/cve-2014-5119.patch
@ -0,0 +1,206 @@
 http://anonscm.debian.org/viewvc/pkg-glibc/glibc-package/trunk/debian/patches/any/cvs-CVE-2014-5119.diff?revision=6248&view=co
 commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8
 Author: Florian Weimer <fweimer@redhat.com>
 Date:   Tue Aug 26 19:38:59 2014 +0200
    __gconv_translit_find: Disable function [BZ #17187]
    This functionality has never worked correctly, and the implementation
    contained a security vulnerability (CVE-2014-5119).
 2014-08-26  Florian Weimer  <fweimer@redhat.com>
 	[BZ #17187]
 	* iconv/gconv_trans.c (struct known_trans, search_tree, lock,
 	trans_compare, open_translit, __gconv_translit_find):
 	Remove module loading code.
 --- a/iconv/gconv_trans.c
 +++ b/iconv/gconv_trans.c
@@ -238,181 +238,12 @@ __gconv_transliterate (struct __gconv_step *step,
   return __GCONV_ILLEGAL_INPUT;
 }
 -
 -/* Structure to represent results of found (or not) transliteration
 -   modules.  */
 -struct known_trans
 -{
 -  /* This structure must remain the first member.  */
 -  struct trans_struct info;
 -
 -  char *fname;
 -  void *handle;
 -  int open_count;
 -};
 -
 -
 -/* Tree with results of previous calls to __gconv_translit_find.  */
 -static void *search_tree;
 -
 -/* We modify global data.   */
 -__libc_lock_define_initialized (static, lock);
 -
 -
 -/* Compare two transliteration entries.  */
 -static int
 -trans_compare (const void *p1, const void *p2)
 -{
 -  const struct known_trans *s1 = (const struct known_trans *) p1;
 -  const struct known_trans *s2 = (const struct known_trans *) p2;
 -
 -  return strcmp (s1->info.name, s2->info.name);
 -}
 -
 -
 -/* Open (maybe reopen) the module named in the struct.  Get the function
 -   and data structure pointers we need.  */
 -static int
 -open_translit (struct known_trans *trans)
 -{
 -  __gconv_trans_query_fct queryfct;
 -
 -  trans->handle = __libc_dlopen (trans->fname);
 -  if (trans->handle == NULL)
 -    /* Not available.  */
 -    return 1;
 -
 -  /* Find the required symbol.  */
 -  queryfct = __libc_dlsym (trans->handle, "gconv_trans_context");
 -  if (queryfct == NULL)
 -    {
 -      /* We cannot live with that.  */
 -    close_and_out:
 -      __libc_dlclose (trans->handle);
 -      trans->handle = NULL;
 -      return 1;
 -    }
 -
 -  /* Get the context.  */
 -  if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames)
 -      != 0)
 -    goto close_and_out;
 -
 -  /* Of course we also have to have the actual function.  */
 -  trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans");
 -  if (trans->info.trans_fct == NULL)
 -    goto close_and_out;
 -
 -  /* Now the optional functions.  */
 -  trans->info.trans_init_fct =
 -    __libc_dlsym (trans->handle, "gconv_trans_init");
 -  trans->info.trans_context_fct =
 -    __libc_dlsym (trans->handle, "gconv_trans_context");
 -  trans->info.trans_end_fct =
 -    __libc_dlsym (trans->handle, "gconv_trans_end");
 -
 -  trans->open_count = 1;
 -
 -  return 0;
 -}
 -
 -
 int
 internal_function
 __gconv_translit_find (struct trans_struct *trans)
 {
 -  struct known_trans **found;
 -  const struct path_elem *runp;
 -  int res = 1;
 -
 -  /* We have to have a name.  */
 -  assert (trans->name != NULL);
 -
 -  /* Acquire the lock.  */
 -  __libc_lock_lock (lock);
 -
 -  /* See whether we know this module already.  */
 -  found = __tfind (trans, &search_tree, trans_compare);
 -  if (found != NULL)
 -    {
 -      /* Is this module available?  */
 -      if ((*found)->handle != NULL)
 -	{
 -	  /* Maybe we have to reopen the file.  */
 -	  if ((*found)->handle != (void *) -1)
 -	    /* The object is not unloaded.  */
 -	    res = 0;
 -	  else if (open_translit (*found) == 0)
 -	    {
 -	      /* Copy the data.  */
 -	      *trans = (*found)->info;
 -	      (*found)->open_count++;
 -	      res = 0;
 -	    }
 -	}
 -    }
 -  else
 -    {
 -      size_t name_len = strlen (trans->name) + 1;
 -      int need_so = 0;
 -      struct known_trans *newp;
 -
 -      /* We have to continue looking for the module.  */
 -      if (__gconv_path_elem == NULL)
 -	__gconv_get_path ();
 -
 -      /* See whether we have to append .so.  */
 -      if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0)
 -	need_so = 1;
 -
 -      /* Create a new entry.  */
 -      newp = (struct known_trans *) malloc (sizeof (struct known_trans)
 -					    + (__gconv_max_path_elem_len
 -					       + name_len + 3)
 -					    + name_len);
 -      if (newp != NULL)
 -	{
 -	  char *cp;
 -
 -	  /* Clear the struct.  */
 -	  memset (newp, '\0', sizeof (struct known_trans));
 -
 -	  /* Store a copy of the module name.  */
 -	  newp->info.name = cp = (char *) (newp + 1);
 -	  cp = __mempcpy (cp, trans->name, name_len);
 -
 -	  newp->fname = cp;
 -
 -	  /* Search in all the directories.  */
 -	  for (runp = __gconv_path_elem; runp->name != NULL; ++runp)
 -	    {
 -	      cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name),
 -			      trans->name, name_len);
 -	      if (need_so)
 -		memcpy (cp, ".so", sizeof (".so"));
 -
 -	      if (open_translit (newp) == 0)
 -		{
 -		  /* We found a module.  */
 -		  res = 0;
 -		  break;
 -		}
 -	    }
 -
 -	  if (res)
 -	    newp->fname = NULL;
 -
 -	  /* In any case we'll add the entry to our search tree.  */
 -	  if (__tsearch (newp, &search_tree, trans_compare) == NULL)
 -	    {
 -	      /* Yickes, this should not happen.  Unload the object.  */
 -	      res = 1;
 -	      /* XXX unload here.  */
 -	    }
 -	}
 -    }
 -
 -  __libc_lock_unlock (lock);
 -
 -  return res;
 +  /* Transliteration module loading has been removed because it never
 +     worked as intended and suffered from a security vulnerability.
 +     Consequently, this function always fails.  */
 +  return 1;
 }
--- a/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch
+++ b/pkgs/development/libraries/gobject-introspection/absolute_shlib_path.patch
@ -0,0 +1,25 @@
 --- ./giscanner/utils.py.orig	2014-08-14 22:05:05.055334080 +0200
 +++ ./giscanner/utils.py	2014-08-14 22:05:24.687497334 +0200
@@ -110,17 +110,11 @@
     if dlname is None:
         return None
 -    # Darwin uses absolute paths where possible; since the libtool files never
 -    # contain absolute paths, use the libdir field
 -    if platform.system() == 'Darwin':
 -        dlbasename = os.path.basename(dlname)
 -        libdir = _extract_libdir_field(la_file)
 -        if libdir is None:
 -            return dlbasename
 -        return libdir + '/' + dlbasename
 -    # From the comments in extract_libtool(), older libtools had
 -    # a path rather than the raw dlname
 -    return os.path.basename(dlname)
 +    dlbasename = os.path.basename(dlname)
 +    libdir = _extract_libdir_field(la_file)
 +    if libdir is None:
 +        return dlbasename
 +    return libdir + '/' + dlbasename
 def extract_libtool(la_file):
--- a/pkgs/development/libraries/gobject-introspection/default.nix
+++ b/pkgs/development/libraries/gobject-introspection/default.nix
@ -29,6 +29,8 @@ stdenv.mkDerivation rec {
  setupHook = ./setup-hook.sh;
  patches = [ ./absolute_shlib_path.patch ];
  meta = with stdenv.lib; {
    description = "A middleware layer between C libraries and language bindings";
    homepage    = http://live.gnome.org/GObjectIntrospection;
--- a/pkgs/development/libraries/gstreamer/bad/default.nix
+++ b/pkgs/development/libraries/gstreamer/bad/default.nix
@ -10,7 +10,7 @@
 assert faacSupport -> faac != null;
 stdenv.mkDerivation rec {
-  name = "gst-plugins-bad-1.4.0";
+  name = "gst-plugins-bad-1.4.1";
  meta = with stdenv.lib; {
    description = "Gstreamer Bad Plugins";
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
  src = fetchurl {
    url = "${meta.homepage}/src/gst-plugins-bad/${name}.tar.xz";
-    sha256 = "1y821785rvr6s79cmdll66hg6h740qa2n036xid20nvjyxabfb7z";
+    sha256 = "0268db2faaf0bb22e5b709a11633abbca4f3d289b1f513bb262d0bf3f53e19ae";
  };
  nativeBuildInputs = [ pkgconfig python ];
--- a/pkgs/development/libraries/gstreamer/base/default.nix
+++ b/pkgs/development/libraries/gstreamer/base/default.nix
@ -4,7 +4,7 @@
 }:
 stdenv.mkDerivation rec {
-  name = "gst-plugins-base-1.4.0";
+  name = "gst-plugins-base-1.4.1";
  meta = {
    description = "Base plugins and helper libraries";
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
  src = fetchurl {
    url = "${meta.homepage}/src/gst-plugins-base/${name}.tar.xz";
-    sha256 = "07jcs08hjyban0amls5s0g6i4a1hwiir1llwpqzlwkmnhfwx9bjx";
+    sha256 = "aea9e25be6691bd3cc0785d005b2b5d70ce313a2c897901680a3f7e7cab5a499";
  };
  nativeBuildInputs = [
--- a/pkgs/development/libraries/gstreamer/core/default.nix
+++ b/pkgs/development/libraries/gstreamer/core/default.nix
@ -3,7 +3,7 @@
 }:
 stdenv.mkDerivation rec {
-  name = "gstreamer-1.4.0";
+  name = "gstreamer-1.4.1";
  meta = {
    description = "Open source multimedia framework";
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
  src = fetchurl {
    url = "${meta.homepage}/src/gstreamer/${name}.tar.xz";
-    sha256 = "15f68pn2b47x543ih7hj59czgzl4af14j15bgjq8ky145gf9zhr3";
+    sha256 = "5638f75003282135815c0077d491da11e9a884ad91d4ba6ab3cc78bae0fb452e";
  };
  nativeBuildInputs = [
--- a/pkgs/development/libraries/gstreamer/good/default.nix
+++ b/pkgs/development/libraries/gstreamer/good/default.nix
@ -7,7 +7,7 @@
 }:
 stdenv.mkDerivation rec {
-  name = "gst-plugins-good-1.4.0";
+  name = "gst-plugins-good-1.4.1";
  meta = with stdenv.lib; {
    description = "Gstreamer Good Plugins";
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
  src = fetchurl {
    url = "${meta.homepage}/src/gst-plugins-good/${name}.tar.xz";
-    sha256 = "11965w4zr0jvrsnw33rbcc8d20dlh368rz0x16d2iypzhxwjx9j8";
+    sha256 = "8559d4270065b30ed5c49b826e1b7a3a2bd5ee9a340ae745a2ae3f9718e4c637";
  };
  nativeBuildInputs = [ pkgconfig python ];
--- a/pkgs/development/libraries/gstreamer/libav/default.nix
+++ b/pkgs/development/libraries/gstreamer/libav/default.nix
@ -6,7 +6,7 @@
 assert withSystemLibav -> libav != null;
 stdenv.mkDerivation rec {
-  name = "gst-libav-1.4.0";
+  name = "gst-libav-1.4.1";
  meta = {
    homepage = "http://gstreamer.freedesktop.org";
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
  src = fetchurl {
    url = "${meta.homepage}/src/gst-libav/${name}.tar.xz";
-    sha256 = "1073p7xdpr3pwyx37fnldfni908apnq3k9fbqmxf5wk3g1jplb68";
+    sha256 = "fc125521187fa84f3210269a0eecc51f8a856802f1ca4bb251f118dab90c5a9d";
  };
  configureFlags = stdenv.lib.optionalString withSystemLibav
--- a/pkgs/development/libraries/gstreamer/ugly/default.nix
+++ b/pkgs/development/libraries/gstreamer/ugly/default.nix
@ -5,7 +5,7 @@
 }:
 stdenv.mkDerivation rec {
-  name = "gst-plugins-ugly-1.4.0";
+  name = "gst-plugins-ugly-1.4.1";
  meta = with stdenv.lib; {
    description = "Gstreamer Ugly Plugins";
@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
  src = fetchurl {
    url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz";
-    sha256 = "0kblc5f4n0mh2sw8dhf7c9dg3wzm7a0p7pqpcff7n6ixy5hbn52k";
+    sha256 = "25440435ac4ed795d213f2420a0e7355e4a2e2e76d1f9d020b2073f815e8b071";
  };
  nativeBuildInputs = [ pkgconfig python ];
--- a/pkgs/development/libraries/harfbuzz/default.nix
+++ b/pkgs/development/libraries/harfbuzz/default.nix
@ -8,11 +8,11 @@
 # (icu is a ~30 MB dependency, the rest is very small in comparison)
 stdenv.mkDerivation rec {
-  name = "harfbuzz-0.9.33";
+  name = "harfbuzz-0.9.35";
  src = fetchurl {
    url = "http://www.freedesktop.org/software/harfbuzz/release/${name}.tar.bz2";
-    sha256 = "1iql2ghlndqgx9q6p098xf253rjz5rnrv5qniwgd1b5q0jzwa4yk";
+    sha256 = "1v86596994bnb9hx7laykhw4ipixqz9ckwzyyqf340pmlsmsi88a";
  };
  configureFlags = [
--- a/pkgs/development/libraries/isl/0.12.2.nix
+++ b/pkgs/development/libraries/isl/0.12.2.nix
@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
  buildInputs = [ gmp ];
  enableParallelBuilding = true;
  meta = {
    homepage = http://www.kotnet.org/~skimo/isl/;
    license = stdenv.lib.licenses.lgpl21;
--- a/pkgs/development/libraries/isl/default.nix
+++ b/pkgs/development/libraries/isl/default.nix
@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
  buildInputs = [ gmp ];
  patches = [ ./fix-gcc-build.diff ];
  enableParallelBuilding = true;
  meta = {
    homepage = http://www.kotnet.org/~skimo/isl/;
    license = stdenv.lib.licenses.lgpl21;
--- a/pkgs/development/libraries/libav/default.nix
+++ b/pkgs/development/libraries/libav/default.nix
@ -28,7 +28,7 @@ let
  result = {
    libav_0_8 = libavFun "0.8.13" "1fr3rzykrlm1cla0csm9hqa3gcqp19hf5rgn70nyb9w92r67v685";
    libav_9   = libavFun   "9.16" "18378gdgzqsxaacc9vl7ligwndbdvy95wbn50hs8xvdqn1rn916a";
-    libav_10  = libavFun  "10.3"  "1fq83rc5534fjqjlhkw5i9k54dmyqn2pgvyillm6pws8rkn9yb5r";
+    libav_10  = libavFun  "10.4"  "1zzvjfdlv9swhq7dzvli1pk8cn02q1076ax9m3cx9ipilbg21639";
  };
  libavFun = version : sha256 : stdenv.mkDerivation rec {
--- a/pkgs/development/libraries/libpng/default.nix
+++ b/pkgs/development/libraries/libpng/default.nix
@ -3,11 +3,11 @@
 assert zlib != null;
 let
-  version = "1.6.12";
+  version = "1.6.13";
-  sha256 = "0pkcirbfzhqqsm3hr2alxprw5n22a836qk4df1jnns6jk79gcby3";
+  sha256 = "09g631h1f1xvrdiy36mh1034r9w46damp9jcg7nm507wlmacxj6r";
  patch_src = fetchurl {
    url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz";
-    sha256 = "0r2vmsc4cvxisjr7jqw2vjf66isb2fhs4nnssz3l3jgdangj8wz0";
+    sha256 = "017pnxp3zhhlh6mg2yqn5xrb6dcxc5p3dp1kr46p8xx052i0hzqb";
  };
  whenPatched = stdenv.lib.optionalString apngSupport;
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@ -24,7 +24,7 @@ else
 */
 let
-  version = "10.2.5";
+  version = "10.2.6";
  # this is the default search path for DRI drivers
  driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32";
 in
@ -35,7 +35,7 @@ stdenv.mkDerivation {
  src =  fetchurl {
    url = "ftp://ftp.freedesktop.org/pub/mesa/${version}/MesaLib-${version}.tar.bz2";
-    sha256 = "039is15p8pkhf8m0yiyb72zybl63xb9ckqzcg3xwi8zlyw5ryidl";
+    sha256 = "01n8ib190s12m8hiiyi4wfm9jhkbqjd769npjwvf965smp918cqr";
  };
  prePatch = "patchShebangs .";
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@ -60,7 +60,12 @@ stdenv.mkDerivation {
    else "./config";
  configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
-    stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
+    stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" +
    stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") " no-asm";
  preBuild = stdenv.lib.optionalString (stdenv.system == "x86_64-cygwin") ''
    sed -i -e "s|-march=i486|-march=x86-64|g" Makefile
  '';
  makeFlags = "MANDIR=$(out)/share/man";
--- a/pkgs/development/libraries/pcre/default.nix
+++ b/pkgs/development/libraries/pcre/default.nix
@ -5,11 +5,11 @@
 with stdenv.lib;
 stdenv.mkDerivation rec {
-  name = "pcre-8.34";
+  name = "pcre-8.35";
  src = fetchurl {
    url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2";
-    sha256 = "0gsqmsp0q0n3q0ba32gkjvgcsdy6nwidqa7sbxkbw817zzhkl15n";
+    sha256 = "0nw66r92dr24vy9k4lw17bkv8x5nlzn6wx9hq4y2dvzgig3w2qd9";
  };
  # The compiler on Darwin crashes with an internal error while building the
--- a/pkgs/development/libraries/readline/readline4.nix
+++ b/pkgs/development/libraries/readline/readline4.nix
@ -1,10 +0,0 @@
 { stdenv, fetchurl, ncurses }:
 stdenv.mkDerivation {
  name = "readline-4.3";
  src = fetchurl {
    url = mirror://gnu/readline/readline-4.3.tar.gz;
    md5 = "f86f7cb717ab321fe15f1bbcb058c11e";
  };
  propagatedBuildInputs = [ncurses];
 }
--- a/pkgs/development/libraries/readline/readline5.nix
+++ b/pkgs/development/libraries/readline/readline5.nix
@ -12,3 +12,4 @@ stdenv.mkDerivation {
  patches = stdenv.lib.optional stdenv.isDarwin ./shobj-darwin.patch;
 }
--- a/pkgs/development/libraries/readline/readline6.3.nix
+++ b/pkgs/development/libraries/readline/readline6.3.nix
@ -1,11 +1,13 @@
-{ fetchurl, stdenv, ncurses }:
+{ fetchzip, stdenv, ncurses }:
 stdenv.mkDerivation (rec {
-  name = "readline-6.3";
+  name = "readline-6.3p08";
-  src = fetchurl {
+  src = fetchzip {
-    url = "mirror://gnu/readline/${name}.tar.gz";
+    #url = "mirror://gnu/readline/${name}.tar.gz";
-    sha256 = "0hzxr9jxqqx5sxsv9vmlxdnvlr9vi4ih1avjb869hbs6p5qn1fjn";
+    url = "http://git.savannah.gnu.org/cgit/readline.git/snapshot/"
      + "readline-a73b98f779b388a5d0624e02e8bb187246e3e396.tar.gz";
    sha256 = "19ji3wrv4fs79fd0nkacjy9q94pvy2cm66yb3aqysahg0cbrz5l1";
  };
  propagatedBuildInputs = [ncurses];
@ -17,7 +19,7 @@ stdenv.mkDerivation (rec {
      ./no-arch_only-6.3.patch
    ];
-  meta = {
+  meta = with stdenv.lib; {
    description = "Library for interactive line editing";
    longDescription = ''
@ -37,9 +39,11 @@ stdenv.mkDerivation (rec {
    homepage = http://savannah.gnu.org/projects/readline/;
-    license = stdenv.lib.licenses.gpl3Plus;
+    license = licenses.gpl3Plus;
-    maintainers = [ stdenv.lib.maintainers.ludo ];
+    maintainers = [ maintainers.ludo ];
    platforms = platforms.unix;
  };
 }
--- a/pkgs/development/libraries/serf/default.nix
+++ b/pkgs/development/libraries/serf/default.nix
@ -1,8 +1,7 @@
 { stdenv, fetchurl, apr, scons, openssl, aprutil, zlib, krb5, pkgconfig }:
 stdenv.mkDerivation rec {
-  version = "1.3.7";
+  name = "serf-1.3.7";
  name = "serf-${version}";
  src = fetchurl {
    url = "http://serf.googlecode.com/svn/src_releases/${name}.tar.bz2";
@ -28,11 +27,8 @@ stdenv.mkDerivation rec {
  meta = {
    description = "HTTP client library based on APR";
-    license = stdenv.lib.licenses.asl20 ;
+    license = stdenv.lib.licenses.asl20;
    maintainers = [stdenv.lib.maintainers.raskin];
    hydraPlatforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
    inherit version;
    downloadPage = "http://serf.googlecode.com/svn/src_releases/";
    updateWalker = true;
  };
 }
--- a/pkgs/development/tools/misc/d-feet/default.nix
+++ b/pkgs/development/tools/misc/d-feet/default.nix
@ -26,7 +26,6 @@ stdenv.mkDerivation rec {
      wrapProgram $out/bin/d-feet \
        --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \
        --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
        --prefix LD_LIBRARY_PATH : "${gtk3}/lib:${atk}/lib:${libwnck3}/lib" \
        --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$out/share"
      rm $out/share/icons/hicolor/icon-theme.cache
--- a/pkgs/development/tools/misc/swig/default.nix
+++ b/pkgs/development/tools/misc/swig/default.nix
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
  # 'make check' uses boost and tcl
  buildInputs = stdenv.lib.optionals doCheck [ boost tcl ];
-  configureFlags = stdenv.lib.optionalString stdenv.isDarwin "--disable-ccache";
+  configureFlags = "--disable-ccache";
  meta = {
    description = "Interface compiler that connects C/C++ code to higher-level languages";
--- a/pkgs/games/spring/default.nix
+++ b/pkgs/games/spring/default.nix
@ -28,6 +28,8 @@ stdenv.mkDerivation rec {
  # reported upstream http://springrts.com/mantis/view.php?id=4305
  #enableParallelBuilding = true; # occasionally missing generated files on Hydra
  NIX_CFLAGS_COMPILE = "-fpermissive"; # GL header minor incompatibility
  postInstall = ''
    wrapProgram "$out/bin/spring" \
      --prefix LD_LIBRARY_PATH : "${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib::${systemd}/lib"
--- a/pkgs/games/warzone2100/default.nix
+++ b/pkgs/games/warzone2100/default.nix
@ -28,9 +28,13 @@ stdenv.mkDerivation rec {
                      --replace "which %s" "${which}/bin/which %s"
  '';
  configureFlags = "--with-backend=qt --with-distributor=NixOS";
  NIX_CFLAGS_COMPILE = "-fpermissive"; # GL header minor incompatibility
  postInstall = []
    ++ stdenv.lib.optional withVideos "cp ${sequences_src} $out/share/warzone2100/sequences.wz";
-  meta = {
+
  meta = with stdenv.lib; {
    description = "A free RTS game, originally developed by Pumpkin Studios";
    longDescription = ''
        Warzone 2100 is an open source real-time strategy and real-time tactics
@ -44,8 +48,8 @@ stdenv.mkDerivation rec {
      variety of possible units and tactics. 
    '';
    homepage = http://wz2100.net;
-    license = [ "GPLv2+" ];
+    license = licenses.gpl2Plus;
-    maintainers = with stdenv.lib.maintainers; [ astsmtl ];
+    maintainers = [ maintainers.astsmtl ];
-    platforms = with stdenv.lib.platforms; linux;
+    platforms = platforms.linux;
  };
 }
--- a/pkgs/os-specific/linux/systemd/fixes.patch
+++ b/pkgs/os-specific/linux/systemd/fixes.patch
--- a/pkgs/servers/x11/xorg/default.nix
+++ b/pkgs/servers/x11/xorg/default.nix
@ -915,11 +915,11 @@ let
  }) // {inherit ;};
  libxcb = (mkDerivation "libxcb" {
-    name = "libxcb-1.10";
+    name = "libxcb-1.11";
    builder = ./builder.sh;
    src = fetchurl {
-      url = http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2;
+      url = http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2;
-      sha256 = "1dfmyb1zjx6n0zhr4y40mc1crlmj3bfjjhmn0f30ip9nnq2spncq";
+      sha256 = "1xqgc81krx14f2c8yl5chzg5g2l26mhm2rwffy8dx7jv0iq5sqq3";
    };
    buildInputs = [pkgconfig libxslt libpthreadstubs python libXau xcbproto libXdmcp ];
  }) // {inherit libxslt libpthreadstubs python libXau xcbproto libXdmcp ;};
@ -1175,11 +1175,11 @@ let
  }) // {inherit ;};
  xcbproto = (mkDerivation "xcbproto" {
-    name = "xcb-proto-1.10";
+    name = "xcb-proto-1.11";
    builder = ./builder.sh;
    src = fetchurl {
-      url = http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2;
+      url = http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2;
-      sha256 = "01dgp802i4ic9wkmpa7g1wm50pp547d3b96jjz2hnxavhpfhvx3y";
+      sha256 = "0bp3f53l9fy5x3mn1rkj1g81aiyzl90wacwvqdgy831aa3kfxb5l";
    };
    buildInputs = [pkgconfig python ];
  }) // {inherit python ;};
@ -1405,11 +1405,11 @@ let
  }) // {inherit inputproto xorgserver xproto ;};
  xf86inputmouse = (mkDerivation "xf86inputmouse" {
-    name = "xf86-input-mouse-1.9.0";
+    name = "xf86-input-mouse-1.9.1";
    builder = ./builder.sh;
    src = fetchurl {
-      url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2;
+      url = mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2;
-      sha256 = "12344w0cxac1ld54qqwynxwazbmmpvqh1mzcskmfkmakmr5iwq2x";
+      sha256 = "1kn5kx3qyn9qqvd6s24a2l1wfgck2pgfvzl90xpl024wfxsx719l";
    };
    buildInputs = [pkgconfig inputproto xorgserver xproto ];
  }) // {inherit inputproto xorgserver xproto ;};
@ -1515,11 +1515,11 @@ let
  }) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xorgserver xproto ;};
  xf86videogeode = (mkDerivation "xf86videogeode" {
-    name = "xf86-video-geode-2.11.15";
+    name = "xf86-video-geode-2.11.16";
    builder = ./builder.sh;
    src = fetchurl {
-      url = mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2;
+      url = mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2;
-      sha256 = "1w4ghr2a41kaw4g9na8ws5fjbmy8zkbxpxa21vmqc8mkjzb3pnq0";
+      sha256 = "19y13xl7yfrgyis92rmxi0ld95ajgr5il0n9j1dridwzw9aizz1q";
    };
    buildInputs = [pkgconfig fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ];
  }) // {inherit fontsproto libpciaccess randrproto renderproto videoproto xextproto xorgserver xproto ;};
@ -2035,11 +2035,11 @@ let
  }) // {inherit ;};
  xrandr = (mkDerivation "xrandr" {
-    name = "xrandr-1.4.2";
+    name = "xrandr-1.4.3";
    builder = ./builder.sh;
    src = fetchurl {
-      url = mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2;
+      url = mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2;
-      sha256 = "1g4hnj53wknsjwiqivyy3jl4qw7jwrpncz7d5p2z29zq5zlnxrxj";
+      sha256 = "06xy0kr6ih7ilrwl6b5g6ay75vm2j4lxnv1d5xlj6sdqhqsaqm3i";
    };
    buildInputs = [pkgconfig libX11 xproto libXrandr libXrender ];
  }) // {inherit libX11 xproto libXrandr libXrender ;};
--- a/pkgs/servers/x11/xorg/extra.list
+++ b/pkgs/servers/x11/xorg/extra.list
@ -1,6 +1,6 @@
 http://xcb.freedesktop.org/dist/libpthread-stubs-0.3.tar.bz2
-http://xcb.freedesktop.org/dist/libxcb-1.10.tar.bz2
+http://xcb.freedesktop.org/dist/libxcb-1.11.tar.bz2
-http://xcb.freedesktop.org/dist/xcb-proto-1.10.tar.bz2
+http://xcb.freedesktop.org/dist/xcb-proto-1.11.tar.bz2
 http://xcb.freedesktop.org/dist/xcb-util-0.3.9.tar.bz2
 http://xcb.freedesktop.org/dist/xcb-util-image-0.3.9.tar.bz2
 http://xcb.freedesktop.org/dist/xcb-util-keysyms-0.3.9.tar.bz2
--- a/pkgs/servers/x11/xorg/tarballs-7.7.list
+++ b/pkgs/servers/x11/xorg/tarballs-7.7.list
@ -118,7 +118,7 @@ mirror://xorg/X11R7.7/src/everything/xf86driproto-2.1.1.tar.bz2
 mirror://xorg/individual/driver/xf86-input-evdev-2.8.4.tar.bz2
 mirror://xorg/individual/driver/xf86-input-joystick-1.6.2.tar.bz2
 mirror://xorg/individual/driver/xf86-input-keyboard-1.8.0.tar.bz2
-mirror://xorg/individual/driver/xf86-input-mouse-1.9.0.tar.bz2
+mirror://xorg/individual/driver/xf86-input-mouse-1.9.1.tar.bz2
 mirror://xorg/individual/driver/xf86-input-synaptics-1.7.6.tar.bz2
 mirror://xorg/individual/driver/xf86-input-vmmouse-13.0.0.tar.bz2
 mirror://xorg/individual/driver/xf86-input-void-1.4.0.tar.bz2
@ -130,7 +130,7 @@ mirror://xorg/individual/driver/xf86-video-nouveau-1.0.10.tar.bz2
 mirror://xorg/individual/driver/xf86-video-cirrus-1.5.2.tar.bz2
 mirror://xorg/individual/driver/xf86-video-dummy-0.3.7.tar.bz2
 mirror://xorg/individual/driver/xf86-video-fbdev-0.4.4.tar.bz2
-mirror://xorg/individual/driver/xf86-video-geode-2.11.15.tar.bz2
+mirror://xorg/individual/driver/xf86-video-geode-2.11.16.tar.bz2
 mirror://xorg/individual/driver/xf86-video-glide-1.2.2.tar.bz2
 mirror://xorg/individual/driver/xf86-video-glint-1.2.8.tar.bz2
 mirror://xorg/individual/driver/xf86-video-i128-1.3.6.tar.bz2
@ -176,7 +176,7 @@ mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2
 mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2
 mirror://xorg/individual/app/xprop-1.2.2.tar.bz2
 mirror://xorg/individual/proto/xproto-7.0.26.tar.bz2
-mirror://xorg/individual/app/xrandr-1.4.2.tar.bz2
+mirror://xorg/individual/app/xrandr-1.4.3.tar.bz2
 mirror://xorg/individual/app/xrdb-1.1.0.tar.bz2
 mirror://xorg/individual/app/xrefresh-1.0.5.tar.bz2
 mirror://xorg/individual/app/xset-1.2.3.tar.bz2
--- a/pkgs/stdenv/generic/default.nix
+++ b/pkgs/stdenv/generic/default.nix
@ -154,7 +154,8 @@ let
             || system == "x86_64-kfreebsd-gnu";
      isSunOS = system == "i686-solaris"
             || system == "x86_64-solaris";
-      isCygwin = system == "i686-cygwin";
+      isCygwin = system == "i686-cygwin"
              || system == "x86_64-cygwin";
      isFreeBSD = system == "i686-freebsd"
              || system == "x86_64-freebsd";
      isOpenBSD = system == "i686-openbsd"
--- a/pkgs/stdenv/linux/default.nix
+++ b/pkgs/stdenv/linux/default.nix
@ -35,8 +35,8 @@ rec {
  # The bootstrap process proceeds in several steps.
-  # 1) Create a standard environment by downloading pre-built binaries
+  # Create a standard environment by downloading pre-built binaries of
-  # of coreutils, GCC, etc.
+  # coreutils, GCC, etc.
  # Download and unpack the bootstrap tools (coreutils, GCC, Glibc, ...).
@ -66,137 +66,136 @@ rec {
  };
  # This function builds the various standard environments used during
  # the bootstrap.
  stdenvBootFun =
    {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? [], fetchurl}:
    import ../generic {
      inherit system config;
      name = "stdenv-linux-boot";
      preHook =
        ''
          # Don't patch #!/interpreter because it leads to retained
          # dependencies on the bootstrapTools in the final stdenv.
          dontPatchShebangs=1
          ${commonPreHook}
        '';
      shell = "${bootstrapTools}/bin/sh";
      initialPath = [bootstrapTools] ++ extraPath;
      fetchurlBoot = fetchurl;
      inherit gcc;
      # Having the proper 'platform' in all the stdenvs allows getting proper
      # linuxHeaders for example.
      extraAttrs = extraAttrs // { inherit platform; };
      overrides = pkgs: (overrides pkgs) // {
        inherit fetchurl;
      };
    };
  # Build a dummy stdenv with no GCC or working fetchurl.  This is
  # because we need a stdenv to build the GCC wrapper and fetchurl.
  stdenvLinuxBoot0 = stdenvBootFun {
    gcc = "/no-such-path";
    fetchurl = null;
  };
  fetchurl = import ../../build-support/fetchurl {
    stdenv = stdenvLinuxBoot0;
    curl = bootstrapTools;
  };
  # The Glibc include directory cannot have the same prefix as the GCC
  # include directory, since GCC gets confused otherwise (it will
  # search the Glibc headers before the GCC headers).  So create a
  # dummy Glibc.
  bootstrapGlibc = stdenvLinuxBoot0.mkDerivation {
    name = "bootstrap-glibc";
    buildCommand = ''
      mkdir -p $out
      ln -s ${bootstrapTools}/lib $out/lib
      ln -s ${bootstrapTools}/include-glibc $out/include
    '';
  };
  # A helper function to call gcc-wrapper.
  wrapGCC =
-    { gcc ? bootstrapTools, libc, binutils, coreutils, shell ? "", name ? "bootstrap-gcc-wrapper" }:
+    { gcc, libc, binutils, coreutils, name }:
    lib.makeOverridable (import ../../build-support/gcc-wrapper) {
      nativeTools = false;
      nativeLibc = false;
-      inherit gcc binutils coreutils libc shell name;
+      inherit gcc binutils coreutils libc name;
-      stdenv = stdenvLinuxBoot0;
+      stdenv = stage0.stdenv;
    };
  # This function builds the various standard environments used during
  # the bootstrap.  In all stages, we build an stdenv and the package
  # set that can be built with that stdenv.
  stageFun =
    {gcc, extraAttrs ? {}, overrides ? (pkgs: {}), extraPath ? []}:
    let
      thisStdenv = import ../generic {
        inherit system config;
        name = "stdenv-linux-boot";
        preHook =
          ''
            # Don't patch #!/interpreter because it leads to retained
            # dependencies on the bootstrapTools in the final stdenv.
            dontPatchShebangs=1
            ${commonPreHook}
          '';
        shell = "${bootstrapTools}/bin/sh";
        initialPath = [bootstrapTools] ++ extraPath;
        fetchurlBoot = import ../../build-support/fetchurl {
          stdenv = stage0.stdenv;
          curl = bootstrapTools;
        };
        inherit gcc;
        # Having the proper 'platform' in all the stdenvs allows getting proper
        # linuxHeaders for example.
        extraAttrs = extraAttrs // { inherit platform; };
        overrides = pkgs: (overrides pkgs) // { fetchurl = thisStdenv.fetchurlBoot; };
      };
      thisPkgs = allPackages {
        inherit system platform;
        bootStdenv = thisStdenv;
      };
    in { stdenv = thisStdenv; pkgs = thisPkgs; };
  # Build a dummy stdenv with no GCC or working fetchurl.  This is
  # because we need a stdenv to build the GCC wrapper and fetchurl.
  stage0 = stageFun {
    gcc = "/no-such-path";
    overrides = pkgs: {
      # The Glibc include directory cannot have the same prefix as the
      # GCC include directory, since GCC gets confused otherwise (it
      # will search the Glibc headers before the GCC headers).  So
      # create a dummy Glibc here, which will be used in the stdenv of
      # stage1.
      glibc = stage0.stdenv.mkDerivation {
        name = "bootstrap-glibc";
        buildCommand = ''
          mkdir -p $out
          ln -s ${bootstrapTools}/lib $out/lib
          ln -s ${bootstrapTools}/include-glibc $out/include
        '';
      };
    };
  };
  # Create the first "real" standard environment.  This one consists
  # of bootstrap tools only, and a minimal Glibc to keep the GCC
  # configure script happy.
-  stdenvLinuxBoot1 = stdenvBootFun {
+  #
  # For clarity, we only use the previous stage when specifying these
  # stages.  So stageN should only ever have references for stage{N-1}.
  #
  # If we ever need to use a package from more than one stage back, we
  # simply re-export those packages in the middle stage(s) using the
  # overrides attribute and the inherit syntax.
  stage1 = stageFun {
    gcc = wrapGCC {
-      libc = bootstrapGlibc;
+      gcc = bootstrapTools;
      libc = stage0.pkgs.glibc;
      binutils = bootstrapTools;
      coreutils = bootstrapTools;
      name = "bootstrap-gcc-wrapper";
    };
    # Rebuild binutils to use from stage2 onwards.
    overrides = pkgs: {
      binutils = pkgs.binutils.override { gold = false; };
      inherit (stage0.pkgs) glibc;
    };
    inherit fetchurl;
  };
-  # 2) These are the packages that we can build with the first
+  # 2nd stdenv that contains our own rebuilt binutils and is used for
-  #    stdenv.  We only need binutils, because recent Glibcs
+  # compiling our own Glibc.
-  #    require recent Binutils, and those in bootstrap-tools may
+  stage2 = stageFun {
  #    be too old.
  stdenvLinuxBoot1Pkgs = allPackages {
    inherit system platform;
    bootStdenv = stdenvLinuxBoot1;
  };
  binutils1 = stdenvLinuxBoot1Pkgs.binutils.override { gold = false; };
  # 3) 2nd stdenv that we will use to build only Glibc.
  stdenvLinuxBoot2 = stdenvBootFun {
    gcc = wrapGCC {
-      libc = bootstrapGlibc;
+      gcc = bootstrapTools;
-      binutils = binutils1;
+      libc = stage1.pkgs.glibc;
      binutils = stage1.pkgs.binutils;
      coreutils = bootstrapTools;
      name = "bootstrap-gcc-wrapper";
    };
    overrides = pkgs: {
-      inherit (stdenvLinuxBoot1Pkgs) perl;
+      inherit (stage1.pkgs) perl binutils paxctl;
      # This also contains the full, dynamically linked, final Glibc.
    };
    inherit fetchurl;
  };
-  # 4) These are the packages that we can build with the 2nd
+  # Construct a third stdenv identical to the 2nd, except that this
-  #    stdenv.
+  # one uses the rebuilt Glibc from stage2.  It still uses the recent
-  stdenvLinuxBoot2Pkgs = allPackages {
+  # binutils and rest of the bootstrap tools, including GCC.
-    inherit system platform;
+  stage3 = stageFun {
    bootStdenv = stdenvLinuxBoot2;
  };
  # 5) Build Glibc with the bootstrap tools.  The result is the full,
  #    dynamically linked, final Glibc.
  stdenvLinuxGlibc = stdenvLinuxBoot2Pkgs.glibc;
  # 6) Construct a third stdenv identical to the 2nd, except that this
  #    one uses the Glibc built in step 5.  It still uses the recent
  #    binutils and rest of the bootstrap tools, including GCC.
  stdenvLinuxBoot3 = stdenvBootFun {
    gcc = wrapGCC {
-      binutils = binutils1;
+      gcc = bootstrapTools;
      libc = stage2.pkgs.glibc;
      binutils = stage2.pkgs.binutils;
      coreutils = bootstrapTools;
-      libc = stdenvLinuxGlibc;
+      name = "bootstrap-gcc-wrapper";
    };
    overrides = pkgs: {
-      glibc = stdenvLinuxGlibc;
+      inherit (stage2.pkgs) binutils glibc perl;
      inherit (stdenvLinuxBoot1Pkgs) perl;
      # Link GCC statically against GMP etc.  This makes sense because
      # these builds of the libraries are only used by GCC, so it
      # reduces the size of the stdenv closure.
@ -208,54 +207,40 @@ rec {
      ppl = pkgs.ppl.override { stdenv = pkgs.makeStaticLibraries pkgs.stdenv; };
    };
    extraAttrs = {
-      glibc = stdenvLinuxGlibc;   # Required by gcc47 build
+      glibc = stage2.pkgs.glibc;  # Required by gcc47 build
    };
-    extraPath = [ stdenvLinuxBoot1Pkgs.paxctl ];
+    extraPath = [ stage2.pkgs.paxctl ];
    inherit fetchurl;
  };
-  # 7) The packages that can be built using the third stdenv.
+  # Construct a fourth stdenv that uses the new GCC.  But coreutils is
-  stdenvLinuxBoot3Pkgs = allPackages {
+  # still from the bootstrap tools.
-    inherit system platform;
+  stage4 = stageFun {
-    bootStdenv = stdenvLinuxBoot3;
+    gcc = wrapGCC {
-  };
+      gcc = stage3.pkgs.gcc.gcc;
-
+      libc = stage3.pkgs.glibc;
-
+      binutils = stage3.pkgs.binutils;
  # 8) Construct a fourth stdenv identical to the second, except that
  #    this one uses the new GCC from step 7.  The other tools
  #    (e.g. coreutils) are still from the bootstrap tools.
  stdenvLinuxBoot4 = stdenvBootFun {
    gcc = wrapGCC rec {
      binutils = binutils1;
      coreutils = bootstrapTools;
      libc = stdenvLinuxGlibc;
      gcc = stdenvLinuxBoot3Pkgs.gcc.gcc;
      name = "";
    };
-    extraPath = [ stdenvLinuxBoot3Pkgs.xz ];
+    extraPath = [ stage3.pkgs.xz ];
    overrides = pkgs: {
-      inherit (stdenvLinuxBoot1Pkgs) perl;
+      # Zlib has to be inherited and not rebuilt in this stage,
-      inherit (stdenvLinuxBoot3Pkgs) gettext gnum4 gmp;
+      # because gcc (since JAR support) already depends on zlib, and
      # then if we already have a zlib we want to use that for the
      # other purposes (binutils and top-level pkgs) too.
      inherit (stage3.pkgs) gettext gnum4 gmp perl glibc zlib;
    };
    inherit fetchurl;
  };
-  # 9) The packages that can be built using the fourth stdenv.
+  # Construct the final stdenv.  It uses the Glibc and GCC, and adds
-  stdenvLinuxBoot4Pkgs = allPackages {
+  # in a new binutils that doesn't depend on bootstrap-tools, as well
-    inherit system platform;
+  # as dynamically linked versions of all other tools.
    bootStdenv = stdenvLinuxBoot4;
  };
  # 10) Construct the final stdenv.  It uses the Glibc and GCC, and
  #     adds in a new binutils that doesn't depend on bootstrap-tools,
  #     as well as dynamically linked versions of all other tools.
  #
-  #     When updating stdenvLinux, make sure that the result has no
+  # When updating stdenvLinux, make sure that the result has no
-  #     dependency (`nix-store -qR') on bootstrapTools or the
+  # dependency (`nix-store -qR') on bootstrapTools or the first
-  #     first binutils built.
+  # binutils built.
  stdenvLinux = import ../generic rec {
    inherit system config;
@ -268,35 +253,32 @@ rec {
      '';
    initialPath =
-      ((import ../common-path.nix) {pkgs = stdenvLinuxBoot4Pkgs;})
+      ((import ../common-path.nix) {pkgs = stage4.pkgs;})
-      ++ [stdenvLinuxBoot4Pkgs.patchelf stdenvLinuxBoot4Pkgs.paxctl ];
+      ++ [stage4.pkgs.patchelf stage4.pkgs.paxctl ];
-    gcc = wrapGCC rec {
+    shell = stage4.pkgs.bash + "/bin/bash";
-      inherit (stdenvLinuxBoot4Pkgs) binutils coreutils;
+
-      libc = stdenvLinuxGlibc;
+    gcc = (wrapGCC rec {
-      gcc = stdenvLinuxBoot4.gcc.gcc;
+      gcc = stage4.stdenv.gcc.gcc;
-      shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash";
+      libc = stage4.pkgs.glibc;
      inherit (stage4.pkgs) binutils coreutils;
      name = "";
-    };
+    }).override { inherit shell; };
-    shell = stdenvLinuxBoot4Pkgs.bash + "/bin/bash";
+    inherit (stage4.stdenv) fetchurlBoot;
    fetchurlBoot = fetchurl;
    extraAttrs = {
-      inherit (stdenvLinuxBoot3Pkgs) glibc;
+      inherit (stage4.pkgs) glibc;
      inherit platform bootstrapTools;
-      shellPackage = stdenvLinuxBoot4Pkgs.bash;
+      shellPackage = stage4.pkgs.bash;
    };
    overrides = pkgs: {
      inherit gcc;
-      inherit (stdenvLinuxBoot3Pkgs) glibc;
+      inherit (stage4.pkgs)
-      inherit (stdenvLinuxBoot4Pkgs) binutils;
+        gzip bzip2 xz bash binutils coreutils diffutils findutils gawk
-      inherit (stdenvLinuxBoot4Pkgs)
+        glibc gnumake gnused gnutar gnugrep gnupatch patchelf
-        gzip bzip2 xz bash coreutils diffutils findutils gawk
+        attr acl paxctl zlib;
        gnumake gnused gnutar gnugrep gnupatch patchelf
        attr acl paxctl;
    };
  };
--- a/pkgs/tools/compression/xz/default.nix
+++ b/pkgs/tools/compression/xz/default.nix
@ -10,6 +10,9 @@ stdenv.mkDerivation rec {
  doCheck = true;
  # In stdenv-linux, prevent a dependency on bootstrap-tools.
  preHook = "unset CONFIG_SHELL";
  meta = {
    homepage = http://tukaani.org/xz/;
    description = "XZ, general-purpose data compression software, successor of LZMA";
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -2627,7 +2627,6 @@ let
  bashInteractive = appendToName "interactive" (callPackage ../shells/bash {
    interactive = true;
    readline = readline63; # Includes many vi mode fixes
  });
  bashCompletion = callPackage ../shells/bash-completion { };
@ -3684,7 +3683,6 @@ let
    suitesparse = null;
    openjdk = null;
    gnuplot = null;
    readline = readline63;
  };
  octaveFull = (lowPrio (callPackage ../development/interpreters/octave {
    fltk = fltk13;
@ -4372,7 +4370,6 @@ let
  gdb = callPackage ../development/tools/misc/gdb {
    guile = null;
    hurd = gnu.hurdCross;
    readline = readline63;
    inherit (gnu) mig;
  };
@ -6215,13 +6212,12 @@ let
  raul = callPackage ../development/libraries/audio/raul { };
-  readline = readline6; # 6.2 works, 6.3 breaks python, parted
+  readline = readline6;
-
+  readline6 = readline63;
  readline4 = callPackage ../development/libraries/readline/readline4.nix { };
  readline5 = callPackage ../development/libraries/readline/readline5.nix { };
-  readline6 = callPackage ../development/libraries/readline/readline6.nix { };
+  readline62 = callPackage ../development/libraries/readline/readline6.nix { };
  readline63 = callPackage ../development/libraries/readline/readline6.3.nix { };
`@ -12,3 +12,4 @@ stdenv.mkDerivation {`

	`patches = stdenv.lib.optional stdenv.isDarwin ./shobj-darwin.patch;`	`patches = stdenv.lib.optional stdenv.isDarwin ./shobj-darwin.patch;`
	`}`	`}`