diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 221e90b6f38f..86a3875e2c67 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -1076,7 +1076,7 @@ in boot.initrd.systemd = { contents."/etc/crypttab".source = stage1Crypttab; - extraBin.systemd-cryptsetup = "${config.boot.initrd.systemd.package}/lib/systemd/systemd-cryptsetup"; + extraBin.systemd-cryptsetup = "${config.boot.initrd.systemd.package}/bin/systemd-cryptsetup"; additionalUpstreamUnits = [ "cryptsetup-pre.target" @@ -1084,7 +1084,7 @@ in "remote-cryptsetup.target" ]; storePaths = [ - "${config.boot.initrd.systemd.package}/lib/systemd/systemd-cryptsetup" + "${config.boot.initrd.systemd.package}/bin/systemd-cryptsetup" "${config.boot.initrd.systemd.package}/lib/systemd/system-generators/systemd-cryptsetup-generator" ]; diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index 4ae07944afc3..26cc016869b3 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -70,6 +70,7 @@ let "systemd-tmpfiles-setup.service" "timers.target" "umount.target" + "systemd-bsod.service" ] ++ cfg.additionalUpstreamUnits; upstreamWants = [ @@ -424,6 +425,7 @@ in { storePaths = [ # systemd tooling + "${cfg.package}/lib/systemd/systemd-executor" "${cfg.package}/lib/systemd/systemd-fsck" "${cfg.package}/lib/systemd/systemd-hibernate-resume" "${cfg.package}/lib/systemd/systemd-journald" @@ -433,6 +435,7 @@ in { "${cfg.package}/lib/systemd/systemd-shutdown" "${cfg.package}/lib/systemd/systemd-sulogin-shell" "${cfg.package}/lib/systemd/systemd-sysctl" + "${cfg.package}/lib/systemd/systemd-bsod" # generators "${cfg.package}/lib/systemd/system-generators/systemd-debug-generator" diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index 104a9dad959a..b08026278edb 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -13,10 +13,10 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index c0defc31de..8f80235731 100644 +index 0d68f31d36..6b52f7ed4b 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in -@@ -20,10 +20,6 @@ SUBSYSTEM=="block", TAG+="systemd" +@@ -22,10 +22,6 @@ SUBSYSTEM=="block", TAG+="systemd" SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end" SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index dda8524c498d..8507bb583c8a 100644 --- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -14,10 +14,10 @@ Original-Author: Eelco Dolstra 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c -index 4ffec25c75..b99031c54e 100644 +index 55e76b6e16..015a608035 100644 --- a/src/shared/fstab-util.c +++ b/src/shared/fstab-util.c -@@ -43,6 +43,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { +@@ -66,6 +66,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { /* Don't bother with the OS data itself */ if (PATH_IN_SET(mount, "/", @@ -27,7 +27,7 @@ index 4ffec25c75..b99031c54e 100644 "/etc")) return true; diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 1586c2e214..fcae95f824 100644 +index 1a9b99d761..04ef9af1ea 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c @@ -170,8 +170,10 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) { diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index 2d86d1e6957a..535ca3d86457 100644 --- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index e170958fc5..898a674631 100644 +index 38196ef3d6..57d1750b00 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5648,6 +5648,7 @@ static int run(int argc, char *argv[]) { +@@ -5602,6 +5602,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index e170958fc5..898a674631 100644 _cleanup_free_ char *p = NULL; if (arg_pivot_root_new) -@@ -5662,6 +5663,7 @@ static int run(int argc, char *argv[]) { +@@ -5618,6 +5619,7 @@ static int run(int argc, char *argv[]) { "Directory %s doesn't look like it has an OS tree (/usr/ directory is missing). Refusing.", arg_directory); goto finish; } diff --git a/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch index c905a4d812af..d2232765f71d 100644 --- a/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch +++ b/pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch @@ -11,12 +11,12 @@ Also, remove /usr and /lib as these don't exist on NixOS. Original-Author: Eelco Dolstra --- - src/basic/path-lookup.c | 17 ++--------------- + src/basic/path-lookup.c | 18 ++---------------- src/core/systemd.pc.in | 8 ++++---- - 2 files changed, 6 insertions(+), 19 deletions(-) + 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 7d158a8295..f9bd62b631 100644 +index 4e3d59fc56..0d18b9a2d0 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c @@ -92,11 +92,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { @@ -31,7 +31,7 @@ index 7d158a8295..f9bd62b631 100644 NULL }; -@@ -617,15 +613,13 @@ int lookup_paths_init( +@@ -613,16 +609,13 @@ int lookup_paths_init( persistent_config, SYSTEM_CONFIG_UNIT_DIR, "/etc/systemd/system", @@ -44,11 +44,12 @@ index 7d158a8295..f9bd62b631 100644 - "/usr/local/lib/systemd/system", SYSTEM_DATA_UNIT_DIR, - "/usr/lib/systemd/system", +- /* To be used ONLY for images which might be legacy split-usr */ - STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), STRV_IFNOTNULL(generator_late)); break; -@@ -641,14 +635,11 @@ int lookup_paths_init( +@@ -638,14 +631,11 @@ int lookup_paths_init( persistent_config, USER_CONFIG_UNIT_DIR, "/etc/systemd/user", @@ -64,7 +65,7 @@ index 7d158a8295..f9bd62b631 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -808,7 +799,6 @@ char **generator_binary_paths(RuntimeScope scope) { +@@ -805,7 +795,6 @@ char **generator_binary_paths(RuntimeScope scope) { case RUNTIME_SCOPE_SYSTEM: add = strv_new("/run/systemd/system-generators", "/etc/systemd/system-generators", @@ -72,7 +73,7 @@ index 7d158a8295..f9bd62b631 100644 SYSTEM_GENERATOR_DIR); break; -@@ -816,7 +806,6 @@ char **generator_binary_paths(RuntimeScope scope) { +@@ -813,7 +802,6 @@ char **generator_binary_paths(RuntimeScope scope) { case RUNTIME_SCOPE_USER: add = strv_new("/run/systemd/user-generators", "/etc/systemd/user-generators", @@ -80,7 +81,7 @@ index 7d158a8295..f9bd62b631 100644 USER_GENERATOR_DIR); break; -@@ -855,14 +844,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) { +@@ -852,14 +840,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) { case RUNTIME_SCOPE_SYSTEM: add = strv_new("/run/systemd/system-environment-generators", "/etc/systemd/system-environment-generators", @@ -96,10 +97,10 @@ index 7d158a8295..f9bd62b631 100644 break; diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index 693433b34b..5932a21b5b 100644 +index f3b85b0190..8ae544b495 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in -@@ -38,10 +38,10 @@ systemdsystemconfdir=${systemd_system_conf_dir} +@@ -43,10 +43,10 @@ systemdsystemconfdir=${systemd_system_conf_dir} systemd_user_conf_dir=${sysconfdir}/systemd/user systemduserconfdir=${systemd_user_conf_dir} @@ -111,8 +112,8 @@ index 693433b34b..5932a21b5b 100644 +systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/user:${systemduserunitdir} systemduserunitpath=${systemd_user_unit_path} - systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators -@@ -50,10 +50,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir} + systemd_system_generator_dir=${prefix}/lib/systemd/system-generators +@@ -55,10 +55,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir} systemd_user_generator_dir=${prefix}/lib/systemd/user-generators systemdusergeneratordir=${systemd_user_generator_dir} @@ -124,4 +125,4 @@ index 693433b34b..5932a21b5b 100644 +systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:${systemd_user_generator_dir} systemdusergeneratorpath=${systemd_user_generator_path} - systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep + systemd_sleep_dir=${prefix}/lib/systemd/system-sleep diff --git a/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch index 0a80d5ac4e83..a0bcc6afaa12 100644 --- a/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -13,10 +13,10 @@ in containers. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 22ec6e79b1..771e8e7f16 100644 +index e61ebee253..22cc5cc843 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -1559,7 +1559,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { +@@ -1562,7 +1562,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { if (!unit_is_bound_by_inactive(u, &culprit)) continue; diff --git a/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch index abc6c24dbf51..b350e36bc5c2 100644 --- a/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -11,7 +11,7 @@ Subject: [PATCH] hostnamed, localed, timedated: disable methods that change 3 files changed, 25 insertions(+) diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index 9ef45f8e75..99b1ec2e36 100644 +index e1d53f2395..a224e6dadc 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -1053,6 +1053,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ @@ -35,7 +35,7 @@ index 9ef45f8e75..99b1ec2e36 100644 context_read_machine_info(c); diff --git a/src/locale/localed.c b/src/locale/localed.c -index f544a73580..ce00c262cc 100644 +index 5d96237fae..9af35cd29c 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -229,6 +229,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er @@ -69,10 +69,10 @@ index f544a73580..ce00c262cc 100644 r = x11_context_verify_and_warn(&in, LOG_ERR, error); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index ad1d492d6b..331af34505 100644 +index c7be30f563..50f8aa8675 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -665,6 +665,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * +@@ -659,6 +659,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * if (r < 0) return r; @@ -83,7 +83,7 @@ index ad1d492d6b..331af34505 100644 if (!timezone_is_valid(z, LOG_DEBUG)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); -@@ -743,6 +747,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error +@@ -737,6 +741,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error if (r < 0) return r; @@ -93,7 +93,7 @@ index ad1d492d6b..331af34505 100644 if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -923,6 +930,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -917,6 +924,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; diff --git a/pkgs/os-specific/linux/systemd/0008-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch similarity index 86% rename from pkgs/os-specific/linux/systemd/0008-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch rename to pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index 3150d97be2e1..30178675f7f9 100644 --- a/pkgs/os-specific/linux/systemd/0008-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -35,10 +35,10 @@ index e486474c44..5f373d0723 100644 Etc/UTC. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 1db630003a..31744c3e68 100644 +index f9014dc560..3ee0363369 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c -@@ -1350,7 +1350,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { +@@ -1412,7 +1412,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { assert(ret); @@ -47,7 +47,7 @@ index 1db630003a..31744c3e68 100644 if (!f) return -errno; -@@ -1391,7 +1391,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { +@@ -1453,7 +1453,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { assert(ret); @@ -56,7 +56,7 @@ index 1db630003a..31744c3e68 100644 if (!f) return -errno; -@@ -1503,7 +1503,7 @@ int verify_timezone(const char *name, int log_level) { +@@ -1565,7 +1565,7 @@ int verify_timezone(const char *name, int log_level) { if (p - name >= PATH_MAX) return -ENAMETOOLONG; @@ -65,7 +65,7 @@ index 1db630003a..31744c3e68 100644 fd = open(t, O_RDONLY|O_CLOEXEC); if (fd < 0) -@@ -1563,7 +1563,7 @@ int get_timezone(char **ret) { +@@ -1625,7 +1625,7 @@ int get_timezone(char **ret) { if (r < 0) return r; /* returns EINVAL if not a symlink */ @@ -75,10 +75,10 @@ index 1db630003a..31744c3e68 100644 return -EINVAL; diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index 1956ab3b13..9ef356f8af 100644 +index f77a5f6266..63bac85b29 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c -@@ -630,7 +630,7 @@ static int process_timezone(int rfd) { +@@ -632,7 +632,7 @@ static int process_timezone(int rfd) { if (isempty(arg_timezone)) return 0; @@ -88,10 +88,10 @@ index 1956ab3b13..9ef356f8af 100644 r = symlinkat_atomic_full(e, pfd, f, /* make_relative= */ false); if (r < 0) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 898a674631..c41a416e04 100644 +index e48ebe8342..41796f3358 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -1924,8 +1924,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid +@@ -1845,8 +1845,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid static const char *timezone_from_path(const char *path) { return PATH_STARTSWITH_SET( path, @@ -103,10 +103,10 @@ index 898a674631..c41a416e04 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 331af34505..722c4b5b4f 100644 +index 50f8aa8675..aff156ab42 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -282,7 +282,7 @@ static int context_read_data(Context *c) { +@@ -276,7 +276,7 @@ static int context_read_data(Context *c) { r = get_timezone(&t); if (r == -EINVAL) @@ -115,7 +115,7 @@ index 331af34505..722c4b5b4f 100644 else if (r < 0) log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); -@@ -306,7 +306,7 @@ static int context_write_data_timezone(Context *c) { +@@ -300,7 +300,7 @@ static int context_write_data_timezone(Context *c) { if (isempty(c->zone) || streq(c->zone, "UTC")) { @@ -124,7 +124,7 @@ index 331af34505..722c4b5b4f 100644 if (unlink("/etc/localtime") < 0 && errno != ENOENT) return -errno; -@@ -314,9 +314,9 @@ static int context_write_data_timezone(Context *c) { +@@ -308,9 +308,9 @@ static int context_write_data_timezone(Context *c) { return 0; } diff --git a/pkgs/os-specific/linux/systemd/0007-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0007-Fix-hwdb-paths.patch deleted file mode 100644 index 7777ba7e4259..000000000000 --- a/pkgs/os-specific/linux/systemd/0007-Fix-hwdb-paths.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Nikolay Amiantov -Date: Thu, 7 Jul 2016 02:47:13 +0300 -Subject: [PATCH] Fix hwdb paths - -Patch by vcunat. ---- - src/libsystemd/sd-hwdb/hwdb-internal.h | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/src/libsystemd/sd-hwdb/hwdb-internal.h b/src/libsystemd/sd-hwdb/hwdb-internal.h -index 5302679a62..39e59a527f 100644 ---- a/src/libsystemd/sd-hwdb/hwdb-internal.h -+++ b/src/libsystemd/sd-hwdb/hwdb-internal.h -@@ -83,8 +83,4 @@ struct trie_value_entry2_f { - } _packed_; - - #define hwdb_bin_paths \ -- "/etc/systemd/hwdb/hwdb.bin\0" \ -- "/etc/udev/hwdb.bin\0" \ -- "/usr/lib/systemd/hwdb/hwdb.bin\0" \ -- _CONF_PATHS_SPLIT_USR_NULSTR("systemd/hwdb/hwdb.bin") \ -- UDEVLIBEXECDIR "/hwdb.bin\0" -+ "/etc/udev/hwdb.bin\0" diff --git a/pkgs/os-specific/linux/systemd/0009-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0008-localectl-use-etc-X11-xkb-for-list-x11.patch similarity index 95% rename from pkgs/os-specific/linux/systemd/0009-localectl-use-etc-X11-xkb-for-list-x11.patch rename to pkgs/os-specific/linux/systemd/0008-localectl-use-etc-X11-xkb-for-list-x11.patch index c0f6afd7fc7b..fe0dca1863dd 100644 --- a/pkgs/os-specific/linux/systemd/0009-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/pkgs/os-specific/linux/systemd/0008-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -10,7 +10,7 @@ NixOS has an option to link the xkb data files to /etc/X11, but not to 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/localectl.c b/src/locale/localectl.c -index d8db9d9d22..4601bb5431 100644 +index 32354027f1..1d231f1afc 100644 --- a/src/locale/localectl.c +++ b/src/locale/localectl.c @@ -297,7 +297,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { diff --git a/pkgs/os-specific/linux/systemd/0011-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch similarity index 77% rename from pkgs/os-specific/linux/systemd/0011-add-rootprefix-to-lookup-dir-paths.patch rename to pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch index fa201126ae27..15fe403c28fc 100644 --- a/pkgs/os-specific/linux/systemd/0011-add-rootprefix-to-lookup-dir-paths.patch +++ b/pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch @@ -12,16 +12,16 @@ files that I might have missed. 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/basic/constants.h b/src/basic/constants.h -index 3f96786da9..6e8fb40c08 100644 +index 6bb5f3c281..678d13737d 100644 --- a/src/basic/constants.h +++ b/src/basic/constants.h -@@ -74,13 +74,15 @@ +@@ -65,13 +65,15 @@ + "/etc/" n "\0" \ "/run/" n "\0" \ "/usr/local/lib/" n "\0" \ - "/usr/lib/" n "\0" \ -- _CONF_PATHS_SPLIT_USR_NULSTR(n) -+ _CONF_PATHS_SPLIT_USR_NULSTR(n) \ -+ ROOTPREFIX "/lib/" n "\0" +- "/usr/lib/" n "\0" ++ "/usr/lib/" n "\0" \ ++ PREFIX "/lib/" n "\0" #define CONF_PATHS_USR(n) \ "/etc/" n, \ @@ -29,7 +29,7 @@ index 3f96786da9..6e8fb40c08 100644 "/usr/local/lib/" n, \ - "/usr/lib/" n + "/usr/lib/" n, \ -+ ROOTPREFIX "/lib/" n ++ PREFIX "/lib/" n #define CONF_PATHS(n) \ - CONF_PATHS_USR(n) \ + CONF_PATHS_USR(n) diff --git a/pkgs/os-specific/linux/systemd/0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch deleted file mode 100644 index b8f97308acfb..000000000000 --- a/pkgs/os-specific/linux/systemd/0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Franz Pletz -Date: Sun, 11 Feb 2018 04:37:44 +0100 -Subject: [PATCH] build: don't create statedir and don't touch prefixdir - ---- - meson.build | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 395eca1943..082cd748bb 100644 ---- a/meson.build -+++ b/meson.build -@@ -4707,9 +4707,6 @@ install_data('LICENSE.GPL2', - install_subdir('LICENSES', - install_dir : docdir) - --meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) --meson.add_install_script('sh', '-c', 'touch $DESTDIR@0@'.format(prefixdir)) -- - ############################################################ - - # Ensure that changes to the docs/ directory do not break the diff --git a/pkgs/os-specific/linux/systemd/0012-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch similarity index 89% rename from pkgs/os-specific/linux/systemd/0012-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch rename to pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index fde1e2b276c5..6f0b81a32aa7 100644 --- a/pkgs/os-specific/linux/systemd/0012-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 8395bb429d..14fbc85bb4 100644 +index b976b7d8cf..b1c02df6fd 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c -@@ -334,6 +334,7 @@ static void init_watchdog(void) { +@@ -336,6 +336,7 @@ static void init_watchdog(void) { int main(int argc, char *argv[]) { static const char* const dirs[] = { SYSTEM_SHUTDOWN_PATH, diff --git a/pkgs/os-specific/linux/systemd/0013-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch similarity index 89% rename from pkgs/os-specific/linux/systemd/0013-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch rename to pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index d91150cfc490..a5ed574afa24 100644 --- a/pkgs/os-specific/linux/systemd/0013-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -9,10 +9,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index de1f6c7ec1..d0cdebd80a 100644 +index 21af3e9e52..6d096e3c78 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -224,6 +224,7 @@ static int execute( +@@ -215,6 +215,7 @@ static int execute( }; static const char* const dirs[] = { SYSTEM_SLEEP_PATH, diff --git a/pkgs/os-specific/linux/systemd/0014-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch similarity index 53% rename from pkgs/os-specific/linux/systemd/0014-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch rename to pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index 13dec1070ffc..55e556288c08 100644 --- a/pkgs/os-specific/linux/systemd/0014-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -10,21 +10,19 @@ systemd itself uses extensively. 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index 97175bee11..3839704901 100644 +index 6d943e967f..d4380aa7e3 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h -@@ -25,11 +25,11 @@ +@@ -25,9 +25,9 @@ # define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x) #endif --#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") --#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") -+#define DEFAULT_PATH_NORMAL "@defaultPathNormal@" -+#define DEFAULT_PATH_NORMAL_NULSTR "@defaultPathNormal@\0" - #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/") - #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/") +-#define DEFAULT_PATH PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/") +-#define DEFAULT_PATH_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/") -#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/") -+#define DEFAULT_PATH_COMPAT DEFAULT_PATH_NORMAL ++#define DEFAULT_PATH "@defaultPathNormal@" ++#define DEFAULT_PATH_NULSTR "@defaultPathNormal@\0" ++#define DEFAULT_PATH_COMPAT DEFAULT_PATH - #if HAVE_SPLIT_USR - # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR + #ifndef DEFAULT_USER_PATH + # define DEFAULT_USER_PATH DEFAULT_PATH diff --git a/pkgs/os-specific/linux/systemd/0016-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch similarity index 94% rename from pkgs/os-specific/linux/systemd/0016-inherit-systemd-environment-when-calling-generators.patch rename to pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch index d6640c87454a..8bccf5539058 100644 --- a/pkgs/os-specific/linux/systemd/0016-inherit-systemd-environment-when-calling-generators.patch +++ b/pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch @@ -16,10 +16,10 @@ executables that are being called from managers. 1 file changed, 8 insertions(+) diff --git a/src/core/manager.c b/src/core/manager.c -index 771e8e7f16..acf3ead8d7 100644 +index 22cc5cc843..5dc7d4504f 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -3899,9 +3899,17 @@ static int build_generator_environment(Manager *m, char ***ret) { +@@ -3914,9 +3914,17 @@ static int build_generator_environment(Manager *m, char ***ret) { * adjust generated units to that. Let's pass down some bits of information that are easy for us to * determine (but a bit harder for generator scripts to determine), as environment variables. */ diff --git a/pkgs/os-specific/linux/systemd/0017-core-don-t-taint-on-unmerged-usr.patch b/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch similarity index 82% rename from pkgs/os-specific/linux/systemd/0017-core-don-t-taint-on-unmerged-usr.patch rename to pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch index 73b237a29602..8b862918500e 100644 --- a/pkgs/os-specific/linux/systemd/0017-core-don-t-taint-on-unmerged-usr.patch +++ b/pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch @@ -13,21 +13,20 @@ so showing the taint isn't really helpful. See also: https://github.com/systemd/systemd/issues/24191 --- - src/core/manager.c | 4 ---- - 1 file changed, 4 deletions(-) + src/core/manager.c | 3 --- + 1 file changed, 3 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index acf3ead8d7..bdbab16829 100644 +index 5dc7d4504f..6208c9aa31 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -4754,10 +4754,6 @@ char* manager_taint_string(const Manager *m) { - if (m->taint_usr) - stage[n++] = "split-usr"; +@@ -4800,9 +4800,6 @@ char* manager_taint_string(const Manager *m) { + const char* stage[12] = {}; + size_t n = 0; - _cleanup_free_ char *usrbin = NULL; - if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin")) - stage[n++] = "unmerged-usr"; -- + if (access("/proc/cgroups", F_OK) < 0) stage[n++] = "cgroups-missing"; - diff --git a/pkgs/os-specific/linux/systemd/0015-pkg-config-derive-prefix-from-prefix.patch b/pkgs/os-specific/linux/systemd/0015-pkg-config-derive-prefix-from-prefix.patch deleted file mode 100644 index 3fbfd7f10ab4..000000000000 --- a/pkgs/os-specific/linux/systemd/0015-pkg-config-derive-prefix-from-prefix.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= -Date: Sun, 6 Dec 2020 08:34:19 +0100 -Subject: [PATCH] pkg-config: derive prefix from --prefix - -Point prefix to the one configured, instead of `/usr` `systemd` has limited -support for making the pkgconfig prefix overridable, and interpolates those -values later down. - -So we only need to patch this one value to get the correct paths. -See systemd/systemd@bc4e6e27922a2873985ab9367d79fb099f70b505 for details. - -Co-Authored-By: Florian Klink ---- - src/core/systemd.pc.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index 5932a21b5b..20bf8e316d 100644 ---- a/src/core/systemd.pc.in -+++ b/src/core/systemd.pc.in -@@ -11,7 +11,7 @@ - # considered deprecated (though there is no plan to remove them). New names - # shall have underscores. - --prefix=/usr -+prefix={{PREFIX}} - root_prefix={{ROOTPREFIX_NOSLASH}} - rootprefix=${root_prefix} - sysconf_dir={{SYSCONF_DIR}} diff --git a/pkgs/os-specific/linux/systemd/0018-tpm2_context_init-fix-driver-name-checking.patch b/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch similarity index 91% rename from pkgs/os-specific/linux/systemd/0018-tpm2_context_init-fix-driver-name-checking.patch rename to pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch index 6de01a0ae802..768f57e1335b 100644 --- a/pkgs/os-specific/linux/systemd/0018-tpm2_context_init-fix-driver-name-checking.patch +++ b/pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch @@ -27,15 +27,15 @@ filename_is_valid with path_is_valid. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c -index ae8a8bc073..c284b244f8 100644 +index 5e07b88a89..8dd7315009 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c -@@ -582,7 +582,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) { +@@ -654,7 +654,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) { fn = strjoina("libtss2-tcti-", driver, ".so.0"); /* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */ - if (!filename_is_valid(fn)) + if (!path_is_valid(fn)) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver); + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver); context->tcti_dl = dlopen(fn, RTLD_NOW); diff --git a/pkgs/os-specific/linux/systemd/0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch b/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch similarity index 95% rename from pkgs/os-specific/linux/systemd/0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch rename to pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch index dd9af6738c4e..96cd420221e5 100644 --- a/pkgs/os-specific/linux/systemd/0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch +++ b/pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch @@ -30,10 +30,10 @@ are written into `$XDG_CONFIG_HOME/systemd/user`. 1 file changed, 3 insertions(+) diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c -index e3f25d52d5..81c9c6f6b7 100644 +index 367afa20f7..5777154d01 100644 --- a/src/systemctl/systemctl-edit.c +++ b/src/systemctl/systemctl-edit.c -@@ -323,6 +323,9 @@ int verb_edit(int argc, char *argv[], void *userdata) { +@@ -322,6 +322,9 @@ int verb_edit(int argc, char *argv[], void *userdata) { sd_bus *bus; int r; diff --git a/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch b/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch new file mode 100644 index 000000000000..fd38aa9a2850 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch @@ -0,0 +1,21 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: nikstur +Date: Mon, 6 Nov 2023 22:51:38 +0100 +Subject: [PATCH] meson.build: do not create systemdstatedir + +--- + meson.build | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 7419e2b0b0..c82a527976 100644 +--- a/meson.build ++++ b/meson.build +@@ -2497,7 +2497,6 @@ install_data('LICENSE.GPL2', + install_subdir('LICENSES', + install_dir : docdir) + +-install_emptydir(systemdstatedir) + + ############################################################ + diff --git a/pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch b/pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch similarity index 100% rename from pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch rename to pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c05e9d2046dc..a87858ff2027 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -65,6 +65,8 @@ , libmicrohttpd , libfido2 , p11-kit +, libpwquality +, qrencode # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to be available during build time. # Only libbpf should be a runtime dependency. @@ -99,6 +101,7 @@ , withHostnamed ? true , withHwdb ? true , withImportd ? !stdenv.hostPlatform.isMusl +, withIptables ? true , withKmod ? true , withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0" && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6") # assumes hard floats @@ -117,10 +120,11 @@ , withNss ? !stdenv.hostPlatform.isMusl , withOomd ? true , withPam ? true -, withPasswordQuality ? false +, withPasswordQuality ? true , withPCRE2 ? true , withPolkit ? true , withPortabled ? !stdenv.hostPlatform.isMusl +, withQrencode ? true , withRemote ? !stdenv.hostPlatform.isMusl , withResolved ? true , withShellCompletions ? true @@ -132,6 +136,7 @@ , withUkify ? false # adds python to closure which is too much by default , withUserDb ? true , withUtmp ? !stdenv.hostPlatform.isMusl +, withVmspawn ? true # tests assume too much system access for them to be feasible for us right now , withTests ? false # build only libudev and libsystemd @@ -154,19 +159,17 @@ assert withHomed -> withPam; assert withUkify -> (withEfi && withBootloader); assert withRepart -> withCryptsetup; assert withBootloader -> withEfi; -# passwdqc is not packaged in nixpkgs yet, if you want to fix this, please submit a PR. -assert !withPasswordQuality; let wantCurl = withRemote || withImportd; wantGcrypt = withResolved || withImportd; - version = "254.6"; + version = "255.2"; # Bump this variable on every (major) version change. See below (in the meson options list) for why. # command: # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \ # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime' - releaseTimestamp = "1690536449"; + releaseTimestamp = "1701895110"; in stdenv.mkDerivation (finalAttrs: { inherit pname version; @@ -177,7 +180,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - hash = "sha256-Ku24ecDeQt0t7A8/adR3Jm47QZ19+wdMPyJRzCxU4uU="; + hash = "sha256-8SfJY/pcH4yrDeJi0GfIUpetTbpMwyswvSu+RSfgqfY="; }; # On major changes, or when otherwise required, you *must* reformat the patches, @@ -192,21 +195,19 @@ stdenv.mkDerivation (finalAttrs: { ./0004-Add-some-NixOS-specific-unit-directories.patch ./0005-Get-rid-of-a-useless-message-in-user-sessions.patch ./0006-hostnamed-localed-timedated-disable-methods-that-cha.patch - ./0007-Fix-hwdb-paths.patch - ./0008-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch - ./0009-localectl-use-etc-X11-xkb-for-list-x11.patch - ./0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch - ./0011-add-rootprefix-to-lookup-dir-paths.patch - ./0012-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch - ./0013-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch - ./0014-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch - ./0015-pkg-config-derive-prefix-from-prefix.patch - ./0016-inherit-systemd-environment-when-calling-generators.patch - ./0017-core-don-t-taint-on-unmerged-usr.patch - ./0018-tpm2_context_init-fix-driver-name-checking.patch - ./0019-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch + ./0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch + ./0008-localectl-use-etc-X11-xkb-for-list-x11.patch + ./0009-add-rootprefix-to-lookup-dir-paths.patch + ./0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch + ./0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch + ./0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch + ./0013-inherit-systemd-environment-when-calling-generators.patch + ./0014-core-don-t-taint-on-unmerged-usr.patch + ./0015-tpm2_context_init-fix-driver-name-checking.patch + ./0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch + ./0017-meson.build-do-not-create-systemdstatedir.patch ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [ - ./0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch + ./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ( let oe-core = fetchzip { @@ -290,14 +291,17 @@ stdenv.mkDerivation (finalAttrs: { { name = "libbpf.so.1"; pkg = opt withLibBPF libbpf; } { name = "libbpf.so.0"; pkg = null; } - # We did never provide support for libxkbcommon & qrencode + # We did never provide support for libxkbcommon { name = "libxkbcommon.so.0"; pkg = null; } - { name = "libqrencode.so.4"; pkg = null; } + + # qrencode + { name = "libqrencode.so.4"; pkg = opt withQrencode qrencode; } { name = "libqrencode.so.3"; pkg = null; } - # We did not provide libpwquality before so it is safe to disable it for - # now. - { name = "libpwquality.so.1"; pkg = null; } + # Password quality + # We currently do not package passwdqc, only libpwquality. + { name = "libpwquality.so.1"; pkg = opt withPasswordQuality libpwquality; } + { name = "libpasswdqc.so.1"; pkg = null; } # Only include cryptsetup if it is enabled. We might not be able to # provide it during "bootstrap" in e.g. the minimal systemd build as @@ -329,8 +333,7 @@ stdenv.mkDerivation (finalAttrs: { # Support for PKCS#11 in systemd-cryptsetup, systemd-cryptenroll and systemd-homed { name = "libp11-kit.so.0"; pkg = opt (withHomed || withCryptsetup) p11-kit; } - # Password quality support - { name = "libpasswdqc.so.1"; pkg = opt withPasswordQuality null; } + { name = "libip4tc.so.2"; pkg = opt withIptables iptables; } ]; patchDlOpen = dl: @@ -425,14 +428,14 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional withApparmor libapparmor ++ lib.optional withAudit audit ++ lib.optional wantCurl (lib.getDev curl) - ++ lib.optionals withCompression [ bzip2 lz4 xz zstd ] + ++ lib.optionals withCompression [ zlib bzip2 lz4 xz zstd ] ++ lib.optional withCoredump elfutils ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev) ++ lib.optional withKexectools kexec-tools ++ lib.optional withKmod kmod ++ lib.optional withLibidn2 libidn2 ++ lib.optional withLibseccomp libseccomp - ++ lib.optional withNetworkd iptables + ++ lib.optional withIptables iptables ++ lib.optional withPam pam ++ lib.optional withPCRE2 pcre2 ++ lib.optional withSelinux libselinux @@ -442,132 +445,167 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optionals withLibBPF [ libbpf ] ++ lib.optional withTpm2Tss tpm2-tss ++ lib.optional withUkify (python3Packages.python.withPackages (ps: with ps; [ pefile ])) + ++ lib.optionals withPasswordQuality [ libpwquality ] + ++ lib.optionals withQrencode [ qrencode ] ; mesonBuildType = "release"; mesonFlags = [ - "-Dversion-tag=${version}" + # Options + # We bump this variable on every (major) version change to ensure # that we have known-good value for a timestamp that is in the (not so distant) past. # This serves as a lower bound for valid system timestamps during startup. Systemd will # reset the system timestamp if this date is +- 15 years from the system time. # See the systemd v250 release notes for further details: # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266 - "-Dtime-epoch=${releaseTimestamp}" - - "-Dmode=release" - "-Ddbuspolicydir=${placeholder "out"}/share/dbus-1/system.d" - "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" - "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" - "-Dpam=${lib.boolToString withPam}" - "-Dpamconfdir=${placeholder "out"}/etc/pam.d" - "-Drootprefix=${placeholder "out"}" - "-Dpkgconfiglibdir=${placeholder "dev"}/lib/pkgconfig" - "-Dpkgconfigdatadir=${placeholder "dev"}/share/pkgconfig" - "-Dloadkeys-path=${kbd}/bin/loadkeys" - "-Dsetfont-path=${kbd}/bin/setfont" - "-Dtty-gid=3" # tty in NixOS has gid 3 - "-Ddebug-shell=${bashInteractive}/bin/bash" - "-Dglib=${lib.boolToString withTests}" - # while we do not run tests we should also not build them. Removes about 600 targets - "-Dtests=false" - "-Dacl=${lib.boolToString withAcl}" - "-Danalyze=${lib.boolToString withAnalyze}" - "-Daudit=${lib.boolToString withAudit}" - "-Dgcrypt=${lib.boolToString wantGcrypt}" - "-Dimportd=${lib.boolToString withImportd}" - "-Dlz4=${lib.boolToString withCompression}" - "-Dhomed=${lib.boolToString withHomed}" - "-Dlogind=${lib.boolToString withLogind}" - "-Dlocaled=${lib.boolToString withLocaled}" - "-Dhostnamed=${lib.boolToString withHostnamed}" - "-Dmachined=${lib.boolToString withMachined}" - "-Dnetworkd=${lib.boolToString withNetworkd}" - "-Doomd=${lib.boolToString withOomd}" - "-Dpolkit=${lib.boolToString withPolkit}" - "-Dlibcryptsetup=${lib.boolToString withCryptsetup}" - "-Dportabled=${lib.boolToString withPortabled}" - "-Dhwdb=${lib.boolToString withHwdb}" - "-Dremote=${lib.boolToString withRemote}" - "-Dtimedated=${lib.boolToString withTimedated}" - "-Dtimesyncd=${lib.boolToString withTimesyncd}" - "-Duserdb=${lib.boolToString withUserDb}" - "-Dcoredump=${lib.boolToString withCoredump}" - "-Dfirstboot=false" - "-Dresolve=${lib.boolToString withResolved}" - "-Dsplit-usr=false" - "-Dlibcurl=${lib.boolToString wantCurl}" - "-Dlibidn=false" - "-Dlibidn2=${lib.boolToString withLibidn2}" - "-Dfirstboot=${lib.boolToString withFirstboot}" - "-Dsysusers=${lib.boolToString withSysusers}" - "-Drepart=${lib.boolToString withRepart}" - "-Dsysupdate=${lib.boolToString withSysupdate}" - "-Dquotacheck=false" - "-Dldconfig=false" - "-Dsmack=true" - "-Db_pie=true" - "-Dinstall-sysconfdir=false" - "-Dsbat-distro=nixos" - "-Dsbat-distro-summary=NixOS" - "-Dsbat-distro-url=https://nixos.org/" - "-Dsbat-distro-pkgname=${pname}" - "-Dsbat-distro-version=${version}" - /* - As of now, systemd doesn't allow runtime configuration of these values. So - the settings in /etc/login.defs have no effect on it. Many people think this - should be supported however, see - - https://github.com/systemd/systemd/issues/3855 - - https://github.com/systemd/systemd/issues/4850 - - https://github.com/systemd/systemd/issues/9769 - - https://github.com/systemd/systemd/issues/9843 - - https://github.com/systemd/systemd/issues/10184 - */ - "-Dsystem-uid-max=999" - "-Dsystem-gid-max=999" - - "-Dsysvinit-path=" - "-Dsysvrcnd-path=" - - "-Dsulogin-path=${util-linux.login}/bin/sulogin" - "-Dnologin-path=${util-linux.login}/bin/nologin" - "-Dmount-path=${lib.getOutput "mount" util-linux}/bin/mount" - "-Dumount-path=${lib.getOutput "mount" util-linux}/bin/umount" - "-Dcreate-log-dirs=false" + (lib.mesonOption "time-epoch" releaseTimestamp) + (lib.mesonOption "version-tag" version) + (lib.mesonOption "mode" "release") + (lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3 + (lib.mesonOption "debug-shell" "${bashInteractive}/bin/bash") + (lib.mesonOption "pamconfdir" "${placeholder "out"}/etc/pam.d") # Use cgroupsv2. This is already the upstream default, but better be explicit. - "-Ddefault-hierarchy=unified" - # Upstream defaulted to disable manpages since they optimize for the much - # more frequent development builds - "-Dman=true" + (lib.mesonOption "default-hierarchy" "unified") + (lib.mesonOption "kmod-path" "${kmod}/bin/kmod") - "-Defi=${lib.boolToString withEfi}" - "-Dbootloader=${lib.boolToString withBootloader}" + # D-Bus + (lib.mesonOption "dbuspolicydir" "${placeholder "out"}/share/dbus-1/system.d") + (lib.mesonOption "dbussessionservicedir" "${placeholder "out"}/share/dbus-1/services") + (lib.mesonOption "dbussystemservicedir" "${placeholder "out"}/share/dbus-1/system-services") + + # pkgconfig + (lib.mesonOption "pkgconfiglibdir" "${placeholder "dev"}/lib/pkgconfig") + (lib.mesonOption "pkgconfigdatadir" "${placeholder "dev"}/share/pkgconfig") + + # Keyboard + (lib.mesonOption "loadkeys-path" "${kbd}/bin/loadkeys") + (lib.mesonOption "setfont-path" "${kbd}/bin/setfont") + + # SBAT + (lib.mesonOption "sbat-distro" "nixos") + (lib.mesonOption "sbat-distro-summary" "NixOS") + (lib.mesonOption "sbat-distro-url" "https://nixos.org/") + (lib.mesonOption "sbat-distro-pkgname" pname) + (lib.mesonOption "sbat-distro-version" version) + + # Users + (lib.mesonOption "system-uid-max" "999") + (lib.mesonOption "system-gid-max" "999") + + # SysVinit + (lib.mesonOption "sysvinit-path" "") + (lib.mesonOption "sysvrcnd-path" "") + + # Login + (lib.mesonOption "sulogin-path" "${util-linux.login}/bin/sulogin") + (lib.mesonOption "nologin-path" "${util-linux.login}/bin/nologin") + + # Mount + (lib.mesonOption "mount-path" "${lib.getOutput "mount" util-linux}/bin/mount") + (lib.mesonOption "umount-path" "${lib.getOutput "mount" util-linux}/bin/umount") + + + # Features + + # Tests + (lib.mesonBool "tests" withTests) + (lib.mesonEnable "glib" withTests) + (lib.mesonEnable "dbus" withTests) + + # Compression + (lib.mesonEnable "bzip2" withCompression) + (lib.mesonEnable "lz4" withCompression) + (lib.mesonEnable "xz" withCompression) + (lib.mesonEnable "zstd" withCompression) + (lib.mesonEnable "zlib" withCompression) + + # NSS + (lib.mesonEnable "nss-mymachines" withNss) + (lib.mesonEnable "nss-resolve" withNss) + (lib.mesonBool "nss-myhostname" withNss) + (lib.mesonBool "nss-systemd" withNss) + + # Cryptsetup + (lib.mesonEnable "libcryptsetup" withCryptsetup) + (lib.mesonEnable "libcryptsetup-plugins" withCryptsetup) + (lib.mesonEnable "p11kit" (withHomed || withCryptsetup)) + + # FIDO2 + (lib.mesonEnable "libfido2" withFido2) + (lib.mesonEnable "openssl" withFido2) + + # Password Quality + (lib.mesonEnable "pwquality" withPasswordQuality) + (lib.mesonEnable "passwdqc" false) + + # Remote + (lib.mesonEnable "remote" withRemote) + (lib.mesonEnable "microhttpd" withRemote) + + (lib.mesonEnable "pam" withPam) + (lib.mesonEnable "acl" withAcl) + (lib.mesonEnable "audit" withAudit) + (lib.mesonEnable "apparmor" withApparmor) + (lib.mesonEnable "gcrypt" wantGcrypt) + (lib.mesonEnable "importd" withImportd) + (lib.mesonEnable "homed" withHomed) + (lib.mesonEnable "polkit" withPolkit) + (lib.mesonEnable "elfutils" withCoredump) + (lib.mesonEnable "libcurl" wantCurl) + (lib.mesonEnable "libidn" false) + (lib.mesonEnable "libidn2" withLibidn2) + (lib.mesonEnable "libiptc" withIptables) + (lib.mesonEnable "repart" withRepart) + (lib.mesonEnable "sysupdate" withSysupdate) + (lib.mesonEnable "selinux" withSelinux) + (lib.mesonEnable "tpm2" withTpm2Tss) + (lib.mesonEnable "pcre2" withPCRE2) + (lib.mesonEnable "bpf-framework" withLibBPF) + (lib.mesonEnable "bootloader" withBootloader) + (lib.mesonEnable "ukify" withUkify) + (lib.mesonEnable "kmod" withKmod) + (lib.mesonEnable "qrencode" withQrencode) + (lib.mesonEnable "vmspawn" withVmspawn) + (lib.mesonEnable "xenctrl" false) + (lib.mesonEnable "gnutls" false) + (lib.mesonEnable "xkbcommon" false) + (lib.mesonEnable "man" true) + + (lib.mesonBool "analyze" withAnalyze) + (lib.mesonBool "logind" withLogind) + (lib.mesonBool "localed" withLocaled) + (lib.mesonBool "hostnamed" withHostnamed) + (lib.mesonBool "machined" withMachined) + (lib.mesonBool "networkd" withNetworkd) + (lib.mesonBool "oomd" withOomd) + (lib.mesonBool "portabled" withPortabled) + (lib.mesonBool "hwdb" withHwdb) + (lib.mesonBool "timedated" withTimedated) + (lib.mesonBool "timesyncd" withTimesyncd) + (lib.mesonBool "userdb" withUserDb) + (lib.mesonBool "coredump" withCoredump) + (lib.mesonBool "firstboot" withFirstboot) + (lib.mesonBool "resolve" withResolved) + (lib.mesonBool "sysusers" withSysusers) + (lib.mesonBool "efi" withEfi) + (lib.mesonBool "utmp" withUtmp) + (lib.mesonBool "log-trace" withLogTrace) + (lib.mesonBool "quotacheck" false) + (lib.mesonBool "ldconfig" false) + (lib.mesonBool "install-sysconfdir" false) + (lib.mesonBool "create-log-dirs" false) + (lib.mesonBool "smack" true) + (lib.mesonBool "b_pie" true) - "-Dukify=${lib.boolToString withUkify}" ] ++ lib.optionals (withShellCompletions == false) [ - "-Dbashcompletiondir=no" - "-Dzshcompletiondir=no" - ] ++ lib.optionals (!withNss) [ - "-Dnss-myhostname=false" - "-Dnss-mymachines=false" - "-Dnss-resolve=false" - "-Dnss-systemd=false" - ] ++ lib.optionals withLibBPF [ - "-Dbpf-framework=true" - ] ++ lib.optionals withTpm2Tss [ - "-Dtpm2=true" - ] ++ lib.optionals (!withUtmp) [ - "-Dutmp=false" + (lib.mesonOption "bashcompletiondir" "no") + (lib.mesonOption "zshcompletiondir" "no") ] ++ lib.optionals stdenv.hostPlatform.isMusl [ - "-Dgshadow=false" - "-Didn=false" - ] ++ lib.optionals withKmod [ - "-Dkmod=true" - "-Dkmod-path=${kmod}/bin/kmod" - ] ++ lib.optionals withLogTrace [ - "-Dlog-trace=true" + (lib.mesonBool "gshadow" false) + (lib.mesonBool "idn" false) ]; preConfigure = let @@ -744,7 +782,7 @@ stdenv.mkDerivation (finalAttrs: { # Wrap in the correct path for LUKS2 tokens. postFixup = lib.optionalString withCryptsetup '' - for f in lib/systemd/systemd-cryptsetup bin/systemd-cryptenroll; do + for f in bin/systemd-cryptsetup bin/systemd-cryptenroll; do # This needs to be in LD_LIBRARY_PATH because rpath on a binary is not propagated to libraries using dlopen, in this case `libcryptsetup.so` wrapProgram $out/$f --prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib/cryptsetup done @@ -754,7 +792,7 @@ stdenv.mkDerivation (finalAttrs: { # To cross compile a derivation that builds a UKI with ukify, we need to wrap # ukify with the correct binutils. When wrapping, no splicing happens so we # have to explicitly pull binutils from targetPackages. - wrapProgram $out/lib/systemd/ukify --prefix PATH : ${lib.makeBinPath [ targetPackages.stdenv.cc.bintools ] }:${placeholder "out"}/lib/systemd + wrapProgram $out/bin/ukify --prefix PATH : ${lib.makeBinPath [ targetPackages.stdenv.cc.bintools ] }:${placeholder "out"}/lib/systemd ''; disallowedReferences = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 13561c4ebe2a..339c5cba9001 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -28721,6 +28721,7 @@ with pkgs; withHomed = false; withHwdb = false; withImportd = false; + withIptables = false; withLibBPF = false; withLibidn2 = false; withLocaled = false; @@ -28744,6 +28745,9 @@ with pkgs; withUserDb = false; withUkify = false; withBootloader = false; + withPasswordQuality = false; + withVmspawn = false; + withQrencode = false; }; systemdLibs = systemdMinimal.override { pname = "systemd-minimal-libs";