-
-
Notifications
You must be signed in to change notification settings - Fork 13.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd: 253.5 -> 254.3 #243242
systemd: 253.5 -> 254.3 #243242
Conversation
pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please reflow the patches with the process described right above the patches =
line:
This does also take care of some tiny details like not adding the git version pointers to the patches.
44dd3e5
to
156fd7a
Compare
349212c
to
14a4c85
Compare
TODO:
|
We will also need to mention in the changelog that |
These changes are also required: diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix
index 3f40a5b2dfa0..7476a4f9040a 100644
--- a/nixos/modules/system/boot/systemd/initrd.nix
+++ b/nixos/modules/system/boot/systemd/initrd.nix
@@ -57,7 +57,6 @@ let
"systemd-ask-password-console.service"
"systemd-fsck@.service"
"systemd-halt.service"
- "systemd-hibernate-resume@.service"
"systemd-journald-audit.socket"
"systemd-journald-dev-log.socket"
"systemd-journald.service"
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 19226904e0e0..6ca73349ccb4 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -28515,6 +28515,7 @@ with pkgs;
withTpm2Tss = false;
withUserDb = false;
withUkify = false;
+ withBootloader = false;
};
systemdStage1 = systemdMinimal.override {
pname = "systemd-stage-1"; |
0f1870a
to
1402699
Compare
6801949
to
57365d2
Compare
@@ -371,7 +368,7 @@ stdenv.mkDerivation (finalAttrs: { | |||
# when cross-compiling. | |||
+ '' | |||
shopt -s extglob | |||
patchShebangs tools test src/!(rpm|kernel-install|ukify) src/kernel-install/test-kernel-install.sh | |||
patchShebangs tools test src/!(rpm|ukify) src/kernel-install/test-kernel-install.sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What was the reason for this change? It broke cross compilation (because these scripts end up with a build bash shebang), and isn't mentioned in the commit message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My bad for not making this explicit. But for all I know, kernel-install
is not a script anymore. It was rewritten in C. What am I missing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am seeing
error: build of '/nix/store/llnwcn2bgri0m9cn58h8ym6wj42s1jyv-systemd-minimal-aarch64-unknown-linux-gnu-254.3.drv' on 'ssh://build01-x86-newtype' failed: output '/nix/store/7p5kh7smhwni9pwihs3r4mnzm5sxr022-systemd-minimal-aarch64-unknown-linux-gnu-254.3' is not allowed to refer to the following paths:
/nix/store/vqvj60h076bhqj6977caz0pfxs6543nb-bash-5.2-p15
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could it be related to this: #252874 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this line just needs to be put back as it was before since the .install scripts get installed, as Alyssa mentioned, and need to use the host bash, not the build bash (which when excluded here like it was before, is what will automatically happen)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll open a PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @alyssais for the ping and sorry for the random drop
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(and thank you @nikstur for fast turnaround in an ICE)
systemd on staging-next is broken on native armv7l-linux https://hydra.armv7l.xyz/build/17881/nixlog/2
Bisected this issue to fe6e299 |
Cross to riscv64 is broken for the same reason:
|
Is this an upstream error or something that we have messed up? |
I think it's an upstream issue. Likely related: systemd/systemd#26641 |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/breaking-changes-announcement-for-unstable/17574/33 |
Arch Linux ARM builds |
The root cause of this bug appears to be that gcc doesn't support the In systemd, they noticed something wasn't quite right with Notably though, they don't pass This raises several questions about how this should be fixed:
|
It looks like In fact, someone submitted a patch to gcc to add |
@@ -146,17 +149,21 @@ assert withCoredump -> withCompression; | |||
assert withHomed -> withCryptsetup; | |||
assert withHomed -> withPam; | |||
assert withUkify -> withEfi; | |||
assert withRepart -> withCryptsetup; | |||
assert withBootloader -> withEfi; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This breaks cross compilation for powerpc:
> nix-build --arg crossSystem '{ config = "powerpc64le-unknown-linux-gnu"; }' -A systemd
error:
… while evaluating a branch condition
at /home/sascha/git/nixpkgs/lib/customisation.nix:86:7:
85| in
86| if builtins.isAttrs result then
| ^
87| result // {
… while calling the 'isAttrs' builtin
at /home/sascha/git/nixpkgs/lib/customisation.nix:86:10:
85| in
86| if builtins.isAttrs result then
| ^
87| result // {
error: assertion '(withBootloader -> withEfi)' failed
at /home/sascha/git/nixpkgs/pkgs/os-specific/linux/systemd/default.nix:153:1:
152| assert withRepart -> withCryptsetup;
153| assert withBootloader -> withEfi;
| ^
154| # passwdqc is not packaged in nixpkgs yet, if you want to fix this, please submit a PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is stdenv.hostPlatform.isEfi
true for PowerPC? If not, I think we should disable the bootloader for PowerPC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same problem on armv5tel
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are all the platforms where isEfi
is true:
nixpkgs/lib/systems/inspect.nix
Lines 94 to 100 in 0c19eb6
isEfi = [ | |
{ cpu = { family = "arm"; version = "6"; }; } | |
{ cpu = { family = "arm"; version = "7"; }; } | |
{ cpu = { family = "arm"; version = "8"; }; } | |
{ cpu = { family = "riscv"; }; } | |
{ cpu = { family = "x86"; }; } | |
]; |
It seems like withBootloader
should default to the value of withEfi
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
per lorri's readme: lorri creates an indirect garbage collection root for each .drv in $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it evaluates your project. ... so it doesn't make sense to have ProtectHome enabled for lorri.service. fixes: lorri: ERRO IO error binding to socket: Read-only file system (os error 30) bisecting this error leads to a range of unbuildable commits including 'a31429165204 Merge pull request NixOS#243242 from RaitoBezarius/systemd-254', so it's likely that systemd update changed the behaviour of ProtectHome somehow (though the release notes don't have any obvious culprits).
per lorri's readme: lorri creates an indirect garbage collection root for each .drv in $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it evaluates your project. ... so it doesn't make sense to have ProtectHome enabled for lorri.service. lorri also needs to be able to modify /nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict'; 'full' is the next strongest. fixes: lorri: ERRO IO error binding to socket: Read-only file system (os error 30) bisecting this error leads to a range of unbuildable commits including 'a31429165204 Merge pull request NixOS#243242 from RaitoBezarius/systemd-254', so it's likely that systemd update changed the behaviour of ProtectHome somehow (though the release notes don't have any obvious culprits).
per lorri's readme: lorri creates an indirect garbage collection root for each .drv in $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it evaluates your project. ... so it doesn't make sense to have ProtectHome enabled for lorri.service. lorri also needs to be able to modify /nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict'; 'full' is the next strongest. fixes: lorri: ERRO IO error binding to socket: Read-only file system (os error 30) bisecting this error leads to a range of unbuildable commits including 'a31429165204 Merge pull request NixOS#243242 from RaitoBezarius/systemd-254', so it's likely that systemd update changed the behaviour of ProtectHome somehow (though the release notes don't have any obvious culprits).
per lorri's readme: lorri creates an indirect garbage collection root for each .drv in $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it evaluates your project. ... so it doesn't make sense to have ProtectHome enabled for lorri.service. lorri also needs to be able to modify /nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict'; 'full' is the next strongest. fixes: lorri: ERRO IO error binding to socket: Read-only file system (os error 30) bisecting this error leads to a range of unbuildable commits including 'a31429165204 Merge pull request NixOS#243242 from RaitoBezarius/systemd-254', so it's likely that systemd update changed the behaviour of ProtectHome somehow (though the release notes don't have any obvious culprits).
per lorri's readme: lorri creates an indirect garbage collection root for each .drv in $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it evaluates your project. ... so it doesn't make sense to have ProtectHome enabled for lorri.service. lorri also needs to be able to modify /nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict'; 'full' is the next strongest. fixes: lorri: ERRO IO error binding to socket: Read-only file system (os error 30) bisecting this error leads to a range of unbuildable commits including 'a31429165204 Merge pull request NixOS#243242 from RaitoBezarius/systemd-254', so it's likely that systemd update changed the behaviour of ProtectHome somehow (though the release notes don't have any obvious culprits).
per lorri's readme: lorri creates an indirect garbage collection root for each .drv in $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it evaluates your project. ... so it doesn't make sense to have ProtectHome enabled for lorri.service. lorri also needs to be able to modify /nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict'; 'full' is the next strongest. fixes: lorri: ERRO IO error binding to socket: Read-only file system (os error 30) bisecting this error leads to a range of unbuildable commits including 'a31429165204 Merge pull request NixOS#243242 from RaitoBezarius/systemd-254', so it's likely that systemd update changed the behaviour of ProtectHome somehow (though the release notes don't have any obvious culprits). (cherry picked from commit db64f7f)
Description of changes
pkgsMusl.systemdMinimal
builds, the full one, doesn'tThings done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)