From e892c918c38678dc65f63c9abfd36c6e3fb8146b Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Mon, 30 Aug 2021 15:10:54 +0200 Subject: [PATCH] systemd: 247.6 -> 249.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This updates systemd to version v249.4 from version v247.6. Besides the many new features that can be found in the upstream repository they also introduced a bunch of cleanup which ended up requiring a few more patches on our side. a) 0022-core-Handle-lookup-paths-being-symlinks.patch: The way symlinked units were handled was changed in such that the last name of a unit file within one of the unit directories (/run/systemd/system, /etc/systemd/system, ...) is used as the name for the unit. Unfortunately that code didn't take into account that the unit directories themselves could already be symlinks and thus caused all our units to be recognized slightly different. There is an upstream PR for this new patch: https://github.com/systemd/systemd/pull/20479 b) The way the APIVFS is setup has been changed in such a way that we now always have /run. This required a few changes to the confinement tests which did assert that they didn't exist. Instead of adding another patch we can just adopt the upstream behavior. An empty /run doesn't seem harmful. As part of this work I refactored the confinement test just a little bit to allow better debugging of test failures. Previously it would just fail at some point and it wasn't obvious which of the many commands failed or what the unexpected string was. This should now be more obvious. c) Again related to the confinement tests the way a file was tested for being accessible was optimized. Previously systemd would in some situations open a file twice during that check. This was reduced to one operation but required the procfs to be mounted in a units namespace. An upstream bug was filed and fixed. We are now carrying the essential patch to fix that issue until it is backported to a new release (likely only version 250). The good part about this story is that upstream systemd now has a test case that looks very similar to one of our confinement tests. Hopefully that will lead to less friction in the long run. https://github.com/systemd/systemd/issues/20514 https://github.com/systemd/systemd/pull/20515 d) Previously we could grep for dlopen( somewhat reliably but now upstream started using a wrapper around dlopen that is most of the time used with linebreaks. This makes using grep not ergonomic anymore. With this bump we are grepping for anything that looks like a dynamic library name (in contrast to a dlopen(3) call) and replace those instead. That seems more robust. Time will tell if this holds. I tried using coccinelle to patch all those call sites using its tooling but unfornately it does stumble upon the _cleanup_ annotations that are very common in the systemd code. e) We now have some machinery for libbpf support in our systemd build. That being said it doesn't actually work as generating some skeletons doesn't work just yet. It fails with the below error message and is disabled by default (in both minimal and the regular build). > FAILED: src/core/bpf/socket_bind/socket-bind.skel.h > /build/source/tools/build-bpf-skel.py --clang_exec /nix/store/x1bi2mkapk1m0zq2g02nr018qyjkdn7a-clang-wrapper-12.0.1/bin/clang --llvm_strip_exec /nix/store/zm0kqan9qc77x219yihmmisi9g3sg8ns-llvm-12.0.1/bin/llvm-strip --bpftool_exec /nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool --arch x86_64 ../src/core/bpf/socket_bind/socket-bind.bpf.c src/core/bpf/socket_bind/socket-bind.skel.h > libbpf: elf: socket_bind_bpf is not a valid eBPF object file > Error: failed to open BPF object file: BPF object format invalid > Traceback (most recent call last): > File "/build/source/tools/build-bpf-skel.py", line 128, in > bpf_build(args) > File "/build/source/tools/build-bpf-skel.py", line 92, in bpf_build > gen_bpf_skeleton(bpftool_exec=args.bpftool_exec, > File "/build/source/tools/build-bpf-skel.py", line 63, in gen_bpf_skeleton > skel = subprocess.check_output(bpftool_args, universal_newlines=True) > File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 424, in check_output > return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, > File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 528, in run > raise CalledProcessError(retcode, process.args, > subprocess.CalledProcessError: Command '['/nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool', 'g', 's', '../src/core/bpf/socket_bind/socket-bind.bpf.o']' returned non-zero exit status 255. > [102/1457] Compiling C object src/journal/libjournal-core.a.p/journald-server.c.oapture output)put)ut) > ninja: build stopped: subcommand failed. f) We do now have support for TPM2 based disk encryption in our systemd build. The actual bits and pieces to make use of that are missing but there are various ongoing efforts in that direction. There is also the story about systemd in our initrd to enable this being used for root volumes. None of this will yet work out of the box but we can start improving on that front. g) FIDO2 support was added systemd and consequently we can now use that. Just with TPM2 there hasn't been any integration work with NixOS and instead this just adds that capability to work on that. Co-Authored-By: Jörg Thalheim --- .../from_md/release-notes/rl-2111.section.xml | 5 + .../manual/release-notes/rl-2111.section.md | 2 + nixos/modules/services/ttys/getty.nix | 8 + nixos/tests/systemd-confinement.nix | 38 ++-- .../libraries/tpm2-tss/default.nix | 10 +- ...ts-for-uninitialised-encrypted-devic.patch | 6 +- ...on-t-try-to-unmount-nix-or-nix-store.patch | 10 +- .../systemd/0003-Fix-NixOS-containers.patch | 10 +- ...004-Look-for-fsck-in-the-right-place.patch | 6 +- ...some-NixOS-specific-unit-directories.patch | 42 ++-- ...f-a-useless-message-in-user-sessions.patch | 30 +-- ...d-timedated-disable-methods-that-cha.patch | 32 +-- .../linux/systemd/0008-Fix-hwdb-paths.patch | 40 ++-- ...e-usr-share-zoneinfo-to-etc-zoneinfo.patch | 55 +++--- ...calectl-use-etc-X11-xkb-for-list-x11.patch | 8 +- ...te-statedir-and-don-t-touch-prefixdi.patch | 12 +- ...-environment-when-calling-generators.patch | 18 +- ...3-add-rootprefix-to-lookup-dir-paths.patch | 4 +- ...-execute-scripts-in-etc-systemd-syst.patch | 6 +- ...ecute-scripts-in-etc-systemd-system-.patch | 8 +- ...s.service-Update-ConditionFileNotEmp.patch | 8 +- ...-placeholder-for-DEFAULT_PATH_NORMAL.patch | 6 +- ...eat-debus-show-CanMultiSession-again.patch | 8 +- ...pkg-config-derive-prefix-from-prefix.patch | 12 +- ...tall_sysconfdir_samples-in-meson-fil.patch | 31 +++ ...stall_sysconfdir_samples-in-meson-fi.patch | 29 +++ ...e-Handle-lookup-paths-being-symlinks.patch | 80 ++++++++ ...executable-work-without-proc-mounted.patch | 29 +++ pkgs/os-specific/linux/systemd/default.nix | 187 +++++++++++------- pkgs/top-level/all-packages.nix | 3 + 30 files changed, 502 insertions(+), 241 deletions(-) create mode 100644 pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch create mode 100644 pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch create mode 100644 pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch create mode 100644 pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index b922f9f120824cb..2fdf16d7dfd7212 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -37,6 +37,11 @@ PostgreSQL now defaults to major version 13. + + + Systemd was updated to version 249 (from 247). + +
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index c7e5afb7d0af5c2..e00c4f94465c209 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -13,6 +13,8 @@ In addition to numerous new and upgraded packages, this release has the followin - PostgreSQL now defaults to major version 13. +- Systemd was updated to version 249 (from 247). + ## New Services {#sec-release-21.11-new-services} - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances). diff --git a/nixos/modules/services/ttys/getty.nix b/nixos/modules/services/ttys/getty.nix index 7cf2ff87da2628f..eb966c37ce7fe81 100644 --- a/nixos/modules/services/ttys/getty.nix +++ b/nixos/modules/services/ttys/getty.nix @@ -131,6 +131,14 @@ in restartIfChanged = false; }; + systemd.services."autovt@" = + { serviceConfig.ExecStart = [ + "" # override upstream default with an empty ExecStart + (gettyCmd "--noclear %I $TERM") + ]; + restartIfChanged = false; + }; + systemd.services."container-getty@" = { serviceConfig.ExecStart = [ "" # override upstream default with an empty ExecStart diff --git a/nixos/tests/systemd-confinement.nix b/nixos/tests/systemd-confinement.nix index e6a308f46d27d0c..8fafb11e1e8cd1f 100644 --- a/nixos/tests/systemd-confinement.nix +++ b/nixos/tests/systemd-confinement.nix @@ -44,30 +44,26 @@ import ./make-test-python.nix { { config.confinement.mode = "chroot-only"; testScript = '' with subtest("chroot-only confinement"): - machine.succeed( - 'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix', - 'test "$(chroot-exec id -u)" = 0', - "chroot-exec chown 65534 /bin", - ) + paths = machine.succeed('chroot-exec ls -1 / | paste -sd,').strip() + assert_eq(paths, "bin,nix,run") + uid = machine.succeed('chroot-exec id -u').strip() + assert_eq(uid, "0") + machine.succeed("chroot-exec chown 65534 /bin") ''; } { testScript = '' with subtest("full confinement with APIVFS"): - machine.fail( - "chroot-exec ls -l /etc", - "chroot-exec ls -l /run", - "chroot-exec chown 65534 /bin", - ) - machine.succeed( - 'test "$(chroot-exec id -u)" = 0', - "chroot-exec chown 0 /bin", - ) + machine.fail("chroot-exec ls -l /etc") + machine.fail("chroot-exec chown 65534 /bin") + assert_eq(machine.succeed('chroot-exec id -u').strip(), "0") + machine.succeed("chroot-exec chown 0 /bin") ''; } { config.serviceConfig.BindReadOnlyPaths = [ "/etc" ]; testScript = '' with subtest("check existence of bind-mounted /etc"): - machine.succeed('test -n "$(chroot-exec cat /etc/passwd)"') + passwd = machine.succeed('chroot-exec cat /etc/passwd').strip() + assert len(passwd) > 0, "/etc/passwd must not be empty" ''; } { config.serviceConfig.User = "chroot-testuser"; @@ -75,7 +71,8 @@ import ./make-test-python.nix { testScript = '' with subtest("check if User/Group really runs as non-root"): machine.succeed("chroot-exec ls -l /dev") - machine.succeed('test "$(chroot-exec id -u)" != 0') + uid = machine.succeed('chroot-exec id -u').strip() + assert uid != "0", "UID of chroot-testuser shouldn't be 0" machine.fail("chroot-exec touch /bin/test") ''; } @@ -88,10 +85,8 @@ import ./make-test-python.nix { testScript = '' with subtest("check if symlinks are properly bind-mounted"): machine.fail("chroot-exec test -e /etc") - machine.succeed( - "chroot-exec cat ${symlink} >&2", - 'test "$(chroot-exec cat ${symlink})" = "got me"', - ) + text = machine.succeed('chroot-exec cat ${symlink}').strip() + assert_eq(text, "got me") ''; }) { config.serviceConfig.User = "chroot-testuser"; @@ -158,6 +153,9 @@ import ./make-test-python.nix { }; testScript = { nodes, ... }: '' + def assert_eq(a, b): + assert a == b, f"{a} != {b}" + machine.wait_for_unit("multi-user.target") '' + nodes.machine.config.__testSteps; } diff --git a/pkgs/development/libraries/tpm2-tss/default.nix b/pkgs/development/libraries/tpm2-tss/default.nix index a272cf8b93400ab..1d7f5078ce3699a 100644 --- a/pkgs/development/libraries/tpm2-tss/default.nix +++ b/pkgs/development/libraries/tpm2-tss/default.nix @@ -3,6 +3,14 @@ , openssl, json_c, curl, libgcrypt , cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which }: +let + # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss, + # tpm2-tss tests depend on procps, procps depends on systemd by default). This + # needs to be conditional based on isLinux because procps for other systems + # might not support the withSystemd option. + procpsWithoutSystemd = procps.override { withSystemd = false; }; + procps_pkg = if stdenv.isLinux then procpsWithoutSystemd else procps; +in stdenv.mkDerivation rec { pname = "tpm2-tss"; @@ -20,7 +28,7 @@ stdenv.mkDerivation rec { ]; buildInputs = [ openssl json_c curl libgcrypt ]; checkInputs = [ - cmocka uthash ibm-sw-tpm2 iproute2 procps which + cmocka uthash ibm-sw-tpm2 iproute2 procps_pkg which ]; preAutoreconf = "./bootstrap"; diff --git a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch index ac2d00181602f79..8a1cdc1da847be7 100644 --- a/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch +++ b/pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch @@ -1,4 +1,4 @@ -From 2f4a5e9c9ef1cd57662e8bd4c24e1029a00d55b5 Mon Sep 17 00:00:00 2001 +From 57e31a2d4a5d5bd7a9e1cd8a0d8bc6a00624ad68 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 8 Jan 2013 15:46:30 +0100 Subject: [PATCH 01/19] Start device units for uninitialised encrypted devices @@ -13,7 +13,7 @@ unit. (However, this ignores the fsck unit, so it's not perfect...) 1 file changed, 4 deletions(-) diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in -index 7c22eefdb7..e3a55e00b5 100644 +index 25b8a590a6..d18999ea87 100644 --- a/rules.d/99-systemd.rules.in +++ b/rules.d/99-systemd.rules.in @@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd" @@ -28,5 +28,5 @@ index 7c22eefdb7..e3a55e00b5 100644 SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root" SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks" -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch index f54430f764e4e2f..129e0825d9fe364 100644 --- a/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch +++ b/pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch @@ -1,4 +1,4 @@ -From 4e96b2e074c4a4f4ce900409872ce2f86704ee5b Mon Sep 17 00:00:00 2001 +From 43465a392b47238a32f8719f603ed9e2c9bb0363 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 12 Apr 2013 13:16:57 +0200 Subject: [PATCH 02/19] Don't try to unmount /nix or /nix/store @@ -12,7 +12,7 @@ https://github.com/NixOS/nixos/issues/126 2 files changed, 4 insertions(+) diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c -index 292b97cd69..791b8e6b7e 100644 +index f683f05981..5a04c2c2a6 100644 --- a/src/shared/fstab-util.c +++ b/src/shared/fstab-util.c @@ -40,6 +40,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) { @@ -25,10 +25,10 @@ index 292b97cd69..791b8e6b7e 100644 "/etc")) return true; diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index 3a72a13e1a..541320dc9d 100644 +index c2a26242c0..9936398f32 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c -@@ -500,6 +500,8 @@ static int delete_md(MountPoint *m) { +@@ -496,6 +496,8 @@ static int delete_md(MountPoint *m) { static bool nonunmountable_path(const char *path) { return path_equal(path, "/") @@ -38,5 +38,5 @@ index 3a72a13e1a..541320dc9d 100644 || path_equal(path, "/usr") #endif -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch index 37caffb97d7665e..91fdebc7ad38fce 100644 --- a/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch +++ b/pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch @@ -1,4 +1,4 @@ -From 3d1b2e56a6ed6cc86a64f6f89765a2900e576402 Mon Sep 17 00:00:00 2001 +From a99666d3d7012c2162fdacf84a57fc0b848fd957 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 10:59:28 +0200 Subject: [PATCH 03/19] Fix NixOS containers @@ -10,10 +10,10 @@ container, so checking early whether it exists will fail. 1 file changed, 2 insertions(+) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 7515380fcd..14f8a82eb8 100644 +index 04685fecba..0e5ece5f91 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -5323,6 +5323,7 @@ static int run(int argc, char *argv[]) { +@@ -5590,6 +5590,7 @@ static int run(int argc, char *argv[]) { goto finish; } } else { @@ -21,7 +21,7 @@ index 7515380fcd..14f8a82eb8 100644 const char *p, *q; if (arg_pivot_root_new) -@@ -5337,6 +5338,7 @@ static int run(int argc, char *argv[]) { +@@ -5604,6 +5605,7 @@ static int run(int argc, char *argv[]) { r = -EINVAL; goto finish; } @@ -30,5 +30,5 @@ index 7515380fcd..14f8a82eb8 100644 } else { -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch index 2f14a9d6a7e8f22..bdd205dd29e8dc8 100644 --- a/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch +++ b/pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch @@ -1,4 +1,4 @@ -From 3a721cf70e952e933ef5374006bbb11a3a0ad36a Mon Sep 17 00:00:00 2001 +From 3f0780b25bdbe4156a2f761c90083bbba5f4d473 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 1 May 2014 14:10:10 +0200 Subject: [PATCH 04/19] Look for fsck in the right place @@ -8,7 +8,7 @@ Subject: [PATCH 04/19] Look for fsck in the right place 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c -index 510689f3b7..25cab5acae 100644 +index cd7adfaeb9..68cebdd158 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c @@ -368,7 +368,7 @@ static int run(int argc, char *argv[]) { @@ -21,5 +21,5 @@ index 510689f3b7..25cab5acae 100644 cmdline[i++] = "-T"; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch index 0acccacd613507d..8680d147ad17f21 100644 --- a/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch +++ b/pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch @@ -1,4 +1,4 @@ -From 8b7f881cf22e98e907506f4c403b9e304e332bf9 Mon Sep 17 00:00:00 2001 +From 82698c6a5142e710c302f9c38367ed00d8ec94ba Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 19 Dec 2014 14:46:17 +0100 Subject: [PATCH 05/19] Add some NixOS-specific unit directories @@ -10,14 +10,14 @@ units provided by packages installed into the default profile via Also, remove /usr and /lib as these don't exist on NixOS. --- src/basic/path-lookup.c | 17 ++--------------- - src/core/systemd.pc.in | 5 +++-- - 2 files changed, 5 insertions(+), 17 deletions(-) + src/core/systemd.pc.in | 8 ++++---- + 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 96b82170d0..bf66bd6b77 100644 +index 05eb17d66c..1cd141d012 100644 --- a/src/basic/path-lookup.c +++ b/src/basic/path-lookup.c -@@ -94,11 +94,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { +@@ -91,11 +91,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) { } static const char* const user_data_unit_paths[] = { @@ -29,7 +29,7 @@ index 96b82170d0..bf66bd6b77 100644 NULL }; -@@ -616,15 +612,13 @@ int lookup_paths_init( +@@ -613,15 +609,13 @@ int lookup_paths_init( persistent_config, SYSTEM_CONFIG_UNIT_DIR, "/etc/systemd/system", @@ -40,13 +40,13 @@ index 96b82170d0..bf66bd6b77 100644 STRV_IFNOTNULL(runtime_attached), STRV_IFNOTNULL(generator), - "/usr/local/lib/systemd/system", - SYSTEM_DATA_UNIT_PATH, + SYSTEM_DATA_UNIT_DIR, - "/usr/lib/systemd/system", - STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL), STRV_IFNOTNULL(generator_late)); break; -@@ -640,14 +634,11 @@ int lookup_paths_init( +@@ -637,14 +631,11 @@ int lookup_paths_init( persistent_config, USER_CONFIG_UNIT_DIR, "/etc/systemd/user", @@ -62,7 +62,7 @@ index 96b82170d0..bf66bd6b77 100644 STRV_IFNOTNULL(generator_late)); break; -@@ -797,7 +788,6 @@ char **generator_binary_paths(UnitFileScope scope) { +@@ -794,7 +785,6 @@ char **generator_binary_paths(UnitFileScope scope) { case UNIT_FILE_SYSTEM: add = strv_new("/run/systemd/system-generators", "/etc/systemd/system-generators", @@ -70,7 +70,7 @@ index 96b82170d0..bf66bd6b77 100644 SYSTEM_GENERATOR_DIR); break; -@@ -805,7 +795,6 @@ char **generator_binary_paths(UnitFileScope scope) { +@@ -802,7 +792,6 @@ char **generator_binary_paths(UnitFileScope scope) { case UNIT_FILE_USER: add = strv_new("/run/systemd/user-generators", "/etc/systemd/user-generators", @@ -78,7 +78,7 @@ index 96b82170d0..bf66bd6b77 100644 USER_GENERATOR_DIR); break; -@@ -844,12 +833,10 @@ char **env_generator_binary_paths(bool is_system) { +@@ -841,12 +830,10 @@ char **env_generator_binary_paths(bool is_system) { if (is_system) add = strv_new("/run/systemd/system-environment-generators", "/etc/systemd/system-environment-generators", @@ -92,10 +92,10 @@ index 96b82170d0..bf66bd6b77 100644 if (!add) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index b5cc8f94a5..a701cd05f8 100644 +index fc0f8c34fa..ded74ce50a 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in -@@ -38,10 +38,11 @@ systemdsystemconfdir=${systemd_system_conf_dir} +@@ -38,10 +38,10 @@ systemdsystemconfdir=${systemd_system_conf_dir} systemd_user_conf_dir=${sysconfdir}/systemd/user systemduserconfdir=${systemd_user_conf_dir} @@ -105,10 +105,22 @@ index b5cc8f94a5..a701cd05f8 100644 -systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemd_user_unit_dir}:/usr/lib/systemd/user:/usr/share/systemd/user +systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/user:${systemduserunitdir} -+ systemduserunitpath=${systemd_user_unit_path} systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators +@@ -50,10 +50,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir} + systemd_user_generator_dir=${prefix}/lib/systemd/user-generators + systemdusergeneratordir=${systemd_user_generator_dir} + +-systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir} ++systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:${systemd_system_generator_dir} + systemdsystemgeneratorpath=${systemd_system_generator_path} + +-systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:/usr/local/lib/systemd/user-generators:${systemd_user_generator_dir} ++systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:${systemd_user_generator_dir} + systemdusergeneratorpath=${systemd_user_generator_path} + + systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch index bda27ac1762f3a5..f6fa5833518ca6f 100644 --- a/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch +++ b/pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch @@ -1,4 +1,4 @@ -From 7a6529ee27028860b93bc539e8bbf3f2374d712f Mon Sep 17 00:00:00 2001 +From e2a8db60ebfb1e0477ce989f6c3d4a95f2e08120 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 11 May 2015 15:39:38 +0200 Subject: [PATCH 06/19] Get rid of a useless message in user sessions @@ -9,23 +9,23 @@ Namely lots of variants of in containers. --- - src/core/unit.c | 3 ++- + src/core/manager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/src/core/unit.c b/src/core/unit.c -index 45a417a090..8af3cb08d6 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2163,7 +2163,8 @@ static void unit_check_binds_to(Unit *u) { - } +diff --git a/src/core/manager.c b/src/core/manager.c +index 8884437347..e23d47b4a4 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1375,7 +1375,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) { + if (!unit_is_bound_by_inactive(u, &culprit)) + continue; - assert(other); -- log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); -+ if (u->type != UNIT_MOUNT || detect_container() <= 0) -+ log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id); +- log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id); ++ if (u->type != UNIT_MOUNT || detect_container() <= 0) ++ log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id); - /* A unit we need to run is gone. Sniff. Let's stop this. */ - r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL); + /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the + * service being unnecessary after a while. */ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch index d51e1c0f56686dc..17c53e2e5180305 100644 --- a/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch +++ b/pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch @@ -1,4 +1,4 @@ -From 5580303956ca7d8eb431d23c2af0030c9cc0e6e9 Mon Sep 17 00:00:00 2001 +From 56ae06b48c6852071dfc57c1203c04f07309d757 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Dec 2015 14:26:36 +0100 Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that @@ -11,10 +11,10 @@ Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that 3 files changed, 25 insertions(+) diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index a1794bdab1..77134731e1 100644 +index 36702f2fb0..669257ea2f 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c -@@ -643,6 +643,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ +@@ -797,6 +797,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ if (r < 0) return r; @@ -24,7 +24,7 @@ index a1794bdab1..77134731e1 100644 name = empty_to_null(name); context_read_etc_hostname(c); -@@ -702,6 +705,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess +@@ -860,6 +863,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess if (r < 0) return r; @@ -35,20 +35,20 @@ index a1794bdab1..77134731e1 100644 context_read_machine_info(c); diff --git a/src/locale/localed.c b/src/locale/localed.c -index 736dacdee9..53e0ee935e 100644 +index df0eb030d4..d026eae97e 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c -@@ -317,6 +317,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er +@@ -360,6 +360,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er if (r < 0) return r; + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, -+ "Changing system settings via systemd is not supported on NixOS."); ++ "Changing system settings via systemd is not supported on NixOS."); + + use_localegen = locale_gen_check_available(); + /* If single locale without variable name is provided, then we assume it is LANG=. */ - if (strv_length(l) == 1 && !strchr(l[0], '=')) { - if (!locale_is_valid(l[0])) -@@ -432,6 +435,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro +@@ -485,6 +488,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro if (r < 0) return r; @@ -58,7 +58,7 @@ index 736dacdee9..53e0ee935e 100644 keymap = empty_to_null(keymap); keymap_toggle = empty_to_null(keymap_toggle); -@@ -606,6 +612,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err +@@ -665,6 +671,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err if (r < 0) return r; @@ -69,10 +69,10 @@ index 736dacdee9..53e0ee935e 100644 model = empty_to_null(model); variant = empty_to_null(variant); diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index 76fe04900d..e87c4c8919 100644 +index 66b454269d..0a8fe25d0f 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -646,6 +646,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * +@@ -668,6 +668,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * if (r < 0) return r; @@ -83,7 +83,7 @@ index 76fe04900d..e87c4c8919 100644 if (!timezone_is_valid(z, LOG_DEBUG)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); -@@ -725,6 +729,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error +@@ -747,6 +751,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error if (r < 0) return r; @@ -93,7 +93,7 @@ index 76fe04900d..e87c4c8919 100644 if (lrtc == c->local_rtc && !fix_system) return sd_bus_reply_method_return(m, NULL); -@@ -907,6 +914,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error +@@ -930,6 +937,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error if (r < 0) return r; @@ -104,5 +104,5 @@ index 76fe04900d..e87c4c8919 100644 if (r < 0) return r; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch index 2b1c02b233c7d20..f272ef23dc016a7 100644 --- a/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch +++ b/pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch @@ -1,32 +1,28 @@ -From 874698425f6d68fc0d662cb17c7c29e0af3e8c25 Mon Sep 17 00:00:00 2001 +From b783b2da164482f26ac5e6e347dc41930c072ea5 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 7 Jul 2016 02:47:13 +0300 Subject: [PATCH 08/19] Fix hwdb paths Patch by vcunat. --- - src/libsystemd/sd-hwdb/sd-hwdb.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) + src/libsystemd/sd-hwdb/hwdb-internal.h | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) -diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c -index cb3c77ce96..7b8c80071f 100644 ---- a/src/libsystemd/sd-hwdb/sd-hwdb.c -+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c -@@ -297,13 +297,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) { - } +diff --git a/src/libsystemd/sd-hwdb/hwdb-internal.h b/src/libsystemd/sd-hwdb/hwdb-internal.h +index 5ddc2211e6..ee621eec46 100644 +--- a/src/libsystemd/sd-hwdb/hwdb-internal.h ++++ b/src/libsystemd/sd-hwdb/hwdb-internal.h +@@ -82,8 +82,5 @@ struct trie_value_entry2_f { + } _packed_; - static const char hwdb_bin_paths[] = -- "/etc/systemd/hwdb/hwdb.bin\0" - "/etc/udev/hwdb.bin\0" -- "/usr/lib/systemd/hwdb/hwdb.bin\0" --#if HAVE_SPLIT_USR -- "/lib/systemd/hwdb/hwdb.bin\0" --#endif -- UDEVLIBEXECDIR "/hwdb.bin\0"; -+ ; - - _public_ int sd_hwdb_new(sd_hwdb **ret) { - _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; + #define hwdb_bin_paths \ +- "/etc/systemd/hwdb/hwdb.bin\0" \ +- "/etc/udev/hwdb.bin\0" \ +- "/usr/lib/systemd/hwdb/hwdb.bin\0" \ +- _CONF_PATHS_SPLIT_USR_NULSTR("systemd/hwdb/hwdb.bin") \ +- UDEVLIBEXECDIR "/hwdb.bin\0" ++ "/etc/udev/hwdb.bin\0" ++ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch index a1e8ec963c7153c..791e47065d6f6d5 100644 --- a/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch +++ b/pkgs/os-specific/linux/systemd/0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch @@ -1,4 +1,4 @@ -From 367d0dad3d1853048569e315931cb8a27e16a098 Mon Sep 17 00:00:00 2001 +From e24c05ef8cfe48c4f0ebdb92e8147ae2151e4c87 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 11 Oct 2016 13:12:08 +0300 Subject: [PATCH 09/19] Change /usr/share/zoneinfo to /etc/zoneinfo @@ -6,11 +6,11 @@ Subject: [PATCH 09/19] Change /usr/share/zoneinfo to /etc/zoneinfo NixOS uses this path. --- man/localtime.xml | 4 ++-- - src/basic/time-util.c | 6 +++--- + src/basic/time-util.c | 8 ++++---- src/firstboot/firstboot.c | 2 +- src/nspawn/nspawn.c | 4 ++-- src/timedate/timedated.c | 8 ++++---- - 5 files changed, 12 insertions(+), 12 deletions(-) + 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/man/localtime.xml b/man/localtime.xml index e486474c44..5f373d0723 100644 @@ -35,28 +35,37 @@ index e486474c44..5f373d0723 100644 Etc/UTC. The resulting link should lead to the corresponding binary diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 5318d6378d..04069dc27b 100644 +index 5d162e8ffe..1bec83e555 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c -@@ -1277,7 +1277,7 @@ int get_timezones(char ***ret) { - n_allocated = 2; - n_zones = 1; +@@ -1269,7 +1269,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) { + + assert(ret); - f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); + f = fopen("/etc/zoneinfo/zone1970.tab", "re"); - if (f) { - for (;;) { - _cleanup_free_ char *line = NULL; -@@ -1372,7 +1372,7 @@ bool timezone_is_valid(const char *name, int log_level) { + if (!f) + return -errno; + +@@ -1308,7 +1308,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) { + _cleanup_strv_free_ char **zones = NULL; + int r; + +- f = fopen("/usr/share/zoneinfo/tzdata.zi", "re"); ++ f = fopen("/etc/zoneinfo/tzdata.zi", "re"); + if (!f) + return -errno; + +@@ -1421,7 +1421,7 @@ int verify_timezone(const char *name, int log_level) { if (p - name >= PATH_MAX) - return false; + return -ENAMETOOLONG; - t = strjoina("/usr/share/zoneinfo/", name); + t = strjoina("/etc/zoneinfo/", name); fd = open(t, O_RDONLY|O_CLOEXEC); - if (fd < 0) { -@@ -1470,7 +1470,7 @@ int get_timezone(char **ret) { + if (fd < 0) +@@ -1512,7 +1512,7 @@ int get_timezone(char **ret) { if (r < 0) return r; /* returns EINVAL if not a symlink */ @@ -66,10 +75,10 @@ index 5318d6378d..04069dc27b 100644 return -EINVAL; diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c -index 742b43f9fc..f2cb121816 100644 +index 2cb4f80d5d..ebeaeac52f 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c -@@ -459,7 +459,7 @@ static int process_timezone(void) { +@@ -491,7 +491,7 @@ static int process_timezone(void) { if (isempty(arg_timezone)) return 0; @@ -79,10 +88,10 @@ index 742b43f9fc..f2cb121816 100644 (void) mkdir_parents(etc_localtime, 0755); if (symlink(e, etc_localtime) < 0) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 14f8a82eb8..8632dadec6 100644 +index 0e5ece5f91..cc46435472 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c -@@ -1810,8 +1810,8 @@ static int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t u +@@ -1887,8 +1887,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid static const char *timezone_from_path(const char *path) { return PATH_STARTSWITH_SET( path, @@ -94,10 +103,10 @@ index 14f8a82eb8..8632dadec6 100644 static bool etc_writable(void) { diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c -index e87c4c8919..964a40ba81 100644 +index 0a8fe25d0f..2f02b9a520 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c -@@ -269,7 +269,7 @@ static int context_read_data(Context *c) { +@@ -279,7 +279,7 @@ static int context_read_data(Context *c) { r = get_timezone(&t); if (r == -EINVAL) @@ -106,7 +115,7 @@ index e87c4c8919..964a40ba81 100644 else if (r < 0) log_warning_errno(r, "Failed to get target of /etc/localtime: %m"); -@@ -293,7 +293,7 @@ static int context_write_data_timezone(Context *c) { +@@ -303,7 +303,7 @@ static int context_write_data_timezone(Context *c) { if (isempty(c->zone) || streq(c->zone, "UTC")) { @@ -115,7 +124,7 @@ index e87c4c8919..964a40ba81 100644 if (unlink("/etc/localtime") < 0 && errno != ENOENT) return -errno; -@@ -301,9 +301,9 @@ static int context_write_data_timezone(Context *c) { +@@ -311,9 +311,9 @@ static int context_write_data_timezone(Context *c) { return 0; } @@ -128,5 +137,5 @@ index e87c4c8919..964a40ba81 100644 return -ENOMEM; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch index 334156495fcfa0d..d9b048113862fa1 100644 --- a/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch +++ b/pkgs/os-specific/linux/systemd/0010-localectl-use-etc-X11-xkb-for-list-x11.patch @@ -1,4 +1,4 @@ -From bf285fe7e12bd22f95c14bcefbb5008888c32bfa Mon Sep 17 00:00:00 2001 +From 09f6ca91b4131637038686dafd57b5da642c100e Mon Sep 17 00:00:00 2001 From: Imuli Date: Wed, 19 Oct 2016 08:46:47 -0400 Subject: [PATCH 10/19] localectl: use /etc/X11/xkb for list-x11-* @@ -10,10 +10,10 @@ NixOS has an option to link the xkb data files to /etc/X11, but not to 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/localectl.c b/src/locale/localectl.c -index 7d2e887660..91c5139eed 100644 +index 548ac8eb2c..5e372f1566 100644 --- a/src/locale/localectl.c +++ b/src/locale/localectl.c -@@ -277,7 +277,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { +@@ -280,7 +280,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) { } state = NONE, look_for; int r; @@ -23,5 +23,5 @@ index 7d2e887660..91c5139eed 100644 return log_error_errno(errno, "Failed to open keyboard mapping list. %m"); -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch index 902018ee4b91afa..f88b802b2988a3e 100644 --- a/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch +++ b/pkgs/os-specific/linux/systemd/0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch @@ -1,4 +1,4 @@ -From 293b19c5fdbda1b4ee579a7e8ba12f024a6f34c9 Mon Sep 17 00:00:00 2001 +From d5716cd93fdaad16b590a581f39d95954f40748e Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Sun, 11 Feb 2018 04:37:44 +0100 Subject: [PATCH 11/19] build: don't create statedir and don't touch prefixdir @@ -8,11 +8,11 @@ Subject: [PATCH 11/19] build: don't create statedir and don't touch prefixdir 1 file changed, 3 deletions(-) diff --git a/meson.build b/meson.build -index 580964c3fa..f99d4f3ab5 100644 +index 738879eb21..453ee4b1c0 100644 --- a/meson.build +++ b/meson.build -@@ -3518,9 +3518,6 @@ install_data('LICENSE.GPL2', - 'src/libsystemd/sd-bus/GVARIANT-SERIALIZATION', +@@ -3538,9 +3538,6 @@ install_data('LICENSE.GPL2', + 'docs/GVARIANT-SERIALIZATION.md', install_dir : docdir) -meson.add_install_script('sh', '-c', mkdir_p.format(systemdstatedir)) @@ -20,7 +20,7 @@ index 580964c3fa..f99d4f3ab5 100644 - ############################################################ - check_help = find_program('tools/check-help.sh') + # Ensure that changes to the docs/ directory do not break the -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch b/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch index 05fce10e8568aeb..f5a6fde26b1fb96 100644 --- a/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch +++ b/pkgs/os-specific/linux/systemd/0012-inherit-systemd-environment-when-calling-generators.patch @@ -1,4 +1,4 @@ -From 63777e7f690b67952bf4571f8e09e5d8e769d3c0 Mon Sep 17 00:00:00 2001 +From 40a5df71e7af5feefacae9fc95bf94e72c6c12f4 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Fri, 2 Nov 2018 21:15:42 +0100 Subject: [PATCH 12/19] inherit systemd environment when calling generators. @@ -12,19 +12,20 @@ tries to gather environments with that they call "environment-generators" and then seems to pass that on to all the other executables that are being called from managers. --- - src/core/manager.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) + src/core/manager.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 6858950107..07a599ede7 100644 +index e23d47b4a4..1047aadebc 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -4142,9 +4142,14 @@ static int manager_run_generators(Manager *m) { +@@ -4145,10 +4145,15 @@ static int manager_run_generators(Manager *m) { argv[4] = NULL; RUN_WITH_UMASK(0022) - (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, NULL, NULL, -- (char**) argv, m->transient_environment, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); +- (char**) argv, m->transient_environment, +- EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID); - + (void) execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC, + // On NixOS we must propagate PATH to generators so they are @@ -33,10 +34,11 @@ index 6858950107..07a599ede7 100644 + // function (envp) is set to NULL. This propagates systemd's + // environment (e.g. PATH) that was setup + // before calling systemd from stage-2-init.sh. -+ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); ++ NULL, NULL, (char**) argv, /* NixOS: use inherited env */ NULL, ++ EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID); r = 0; finish: -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch b/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch index b9bab2d387e9063..da6aa2627ff821b 100644 --- a/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch +++ b/pkgs/os-specific/linux/systemd/0013-add-rootprefix-to-lookup-dir-paths.patch @@ -1,4 +1,4 @@ -From 561dc3b864d96753b5dc448e6e1a80460d5f0bc4 Mon Sep 17 00:00:00 2001 +From fe3aff271cf127c1484533237fe0a024e07ae7bc Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Thu, 9 May 2019 11:15:22 +0200 Subject: [PATCH 13/19] add rootprefix to lookup dir paths @@ -34,5 +34,5 @@ index 2e60abb4f1..732ec51d36 100644 #define CONF_PATHS(n) \ CONF_PATHS_USR(n) \ -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch b/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch index c737b61e749a0d0..1ed19358a1515ba 100644 --- a/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch +++ b/pkgs/os-specific/linux/systemd/0014-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch @@ -1,4 +1,4 @@ -From 8f619304804b02f4e9d7a340ca90359f96adc6e8 Mon Sep 17 00:00:00 2001 +From 31732478745f7a200004fb8ec013f54dbc536f2e Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 25 Jul 2019 20:45:55 +0300 Subject: [PATCH 14/19] systemd-shutdown: execute scripts in @@ -10,7 +10,7 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 0d07865542..26d974ef73 100644 +index a98cfc4d8a..b0b34edda7 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c @@ -312,7 +312,7 @@ int main(int argc, char *argv[]) { @@ -23,5 +23,5 @@ index 0d07865542..26d974ef73 100644 /* The log target defaults to console, but the original systemd process will pass its log target in through a * command line argument, which will override this default. Also, ensure we'll never log to the journal or -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch b/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch index 3059216f7c58057..2777de09fadb5fe 100644 --- a/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch +++ b/pkgs/os-specific/linux/systemd/0015-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch @@ -1,4 +1,4 @@ -From 577b11afe38fc185d785ca8f125f518a4eb21a00 Mon Sep 17 00:00:00 2001 +From 3f2277b86f39cb55936ae11c2365feb283b547cb Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 25 Jul 2019 20:46:58 +0300 Subject: [PATCH 15/19] systemd-sleep: execute scripts in @@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable. 1 file changed, 1 insertion(+) diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c -index 39ab554290..880ac7ccb0 100644 +index a3aeb24633..0ed6a34d79 100644 --- a/src/sleep/sleep.c +++ b/src/sleep/sleep.c -@@ -178,6 +178,7 @@ static int execute(char **modes, char **states) { +@@ -182,6 +182,7 @@ static int execute( }; static const char* const dirs[] = { SYSTEM_SLEEP_PATH, @@ -22,5 +22,5 @@ index 39ab554290..880ac7ccb0 100644 }; -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch b/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch index ad19d910e1e7ddc..6ef53e95d02341f 100644 --- a/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch +++ b/pkgs/os-specific/linux/systemd/0016-kmod-static-nodes.service-Update-ConditionFileNotEmp.patch @@ -1,4 +1,4 @@ -From ba19f629c1806ca2d2ab58154e45bce4ae4a3f0c Mon Sep 17 00:00:00 2001 +From 330490aa8a44206bc03205654680913ab01408a1 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 7 Mar 2020 22:40:27 +0100 Subject: [PATCH 16/19] kmod-static-nodes.service: Update ConditionFileNotEmpty @@ -10,10 +10,10 @@ On NixOS, kernel modules of the currently booted systems are located at 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in -index f4170d6a99..9a6a591bea 100644 +index 777e82d16b..b6abc2bba0 100644 --- a/units/kmod-static-nodes.service.in +++ b/units/kmod-static-nodes.service.in -@@ -12,7 +12,7 @@ Description=Create list of static device nodes for the current kernel +@@ -12,7 +12,7 @@ Description=Create List of Static Device Nodes DefaultDependencies=no Before=sysinit.target systemd-tmpfiles-setup-dev.service ConditionCapability=CAP_SYS_MODULE @@ -23,5 +23,5 @@ index f4170d6a99..9a6a591bea 100644 [Service] Type=oneshot -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch b/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch index 585a0aa112e3241..775c8e098479429 100644 --- a/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch +++ b/pkgs/os-specific/linux/systemd/0017-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch @@ -1,4 +1,4 @@ -From c639f311bd27c2bff62a22c34bc92613aaf77587 Mon Sep 17 00:00:00 2001 +From 216018be7b422586b937dae8fd83f51989479a41 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 8 Mar 2020 01:05:54 +0100 Subject: [PATCH 17/19] path-util.h: add placeholder for DEFAULT_PATH_NORMAL @@ -10,7 +10,7 @@ systemd itself uses extensively. 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/basic/path-util.h b/src/basic/path-util.h -index d613709f0b..5cced4c115 100644 +index 26e7362d1f..a8f8a863ec 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -24,11 +24,11 @@ @@ -29,5 +29,5 @@ index d613709f0b..5cced4c115 100644 #if HAVE_SPLIT_USR # define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch b/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch index f634e74e663af81..21d466b02bb8e36 100644 --- a/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch +++ b/pkgs/os-specific/linux/systemd/0018-logind-seat-debus-show-CanMultiSession-again.patch @@ -1,4 +1,4 @@ -From ebb37f81c28aaa80acd9187a7d77dcb3cb3828db Mon Sep 17 00:00:00 2001 +From beb594ff3bceb95598ffa8ec47c31bacb2449473 Mon Sep 17 00:00:00 2001 From: Thomas Tuegel Date: Mon, 26 Oct 2020 21:21:38 +0100 Subject: [PATCH 18/19] logind-seat-debus: show CanMultiSession again @@ -9,10 +9,10 @@ Fixes the "switch user" function in Plasma < 5.20. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c -index a60ed2d3c2..69b6271075 100644 +index cceb3b1d2d..94b4723bb9 100644 --- a/src/login/logind-seat-dbus.c +++ b/src/login/logind-seat-dbus.c -@@ -450,7 +450,7 @@ static const sd_bus_vtable seat_vtable[] = { +@@ -419,7 +419,7 @@ static const sd_bus_vtable seat_vtable[] = { SD_BUS_PROPERTY("Id", "s", NULL, offsetof(Seat, id), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ActiveSession", "(so)", property_get_active_session, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), @@ -22,5 +22,5 @@ index a60ed2d3c2..69b6271075 100644 SD_BUS_PROPERTY("CanGraphical", "b", property_get_can_graphical, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("Sessions", "a(so)", property_get_sessions, 0, 0), -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch b/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch index 2d93cdef9a344d6..da071603557afaa 100644 --- a/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch +++ b/pkgs/os-specific/linux/systemd/0019-pkg-config-derive-prefix-from-prefix.patch @@ -1,4 +1,4 @@ -From 5439a516995f9fd57fc91c2cdd016bb18f31aadf Mon Sep 17 00:00:00 2001 +From 2e7477dc29095141a0556ded11f0ee370d82bfbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Dec 2020 08:34:19 +0100 Subject: [PATCH 19/19] pkg-config: derive prefix from --prefix @@ -16,7 +16,7 @@ Co-Authored-By: Florian Klink 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in -index a701cd05f8..85d6911bdf 100644 +index ded74ce50a..0262f53154 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in @@ -11,7 +11,7 @@ @@ -24,10 +24,10 @@ index a701cd05f8..85d6911bdf 100644 # shall have underscores. -prefix=/usr -+prefix=@prefix@ - root_prefix=@rootprefix_noslash@ ++prefix={{PREFIX}} + root_prefix={{ROOTPREFIX_NOSLASH}} rootprefix=${root_prefix} - sysconf_dir=@sysconfdir@ + sysconf_dir={{SYSCONF_DIR}} -- -2.30.1 +2.32.0 diff --git a/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch b/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch new file mode 100644 index 000000000000000..4567c2fa3164adb --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch @@ -0,0 +1,31 @@ +From 1a2d24d210c9329e8b900fdb01576c57374581d8 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Mon, 26 Jul 2021 16:57:43 +0200 +Subject: [PATCH 20/20] core: respect install_sysconfdir_samples in meson file + +The refactoring done in e11a25cadbe caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicated whether or not the +sample files should be installed. +--- + src/core/meson.build | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/meson.build b/src/core/meson.build +index f0d2c6f642..4ff7e00e36 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -187,6 +187,10 @@ foreach item : in_files + file = item[0] + dir = item[1] + ++ if not install_sysconfdir_samples and dir == pkgsysconfdir ++ continue ++ endif ++ + custom_target( + file, + input : file + '.in', +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch b/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch new file mode 100644 index 000000000000000..b048249e0519812 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch @@ -0,0 +1,29 @@ +From 189ba3af8b21cfc53527453907e800a2917b1bfd Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Mon, 26 Jul 2021 17:20:34 +0200 +Subject: [PATCH] login: respect install_sysconfdir_samples in meson file + +The refactoring done in c900d89faa0 caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicates whether or not the +sample files should be installed. +--- + src/login/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/meson.build b/src/login/meson.build +index 8c20e6be65..b637adc9a2 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -67,7 +67,7 @@ pam_systemd_c = files('pam_systemd.c') + + enable_logind = conf.get('ENABLE_LOGIND') == 1 + in_files = [ +- ['logind.conf', pkgsysconfdir, enable_logind], ++ ['logind.conf', pkgsysconfdir, enable_logind and install_sysconfdir_samples], + ['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1], + ['71-seat.rules', udevrulesdir, enable_logind], + ['73-seat-late.rules', udevrulesdir, enable_logind], +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch b/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch new file mode 100644 index 000000000000000..c7d022b1ffde7c2 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0022-core-Handle-lookup-paths-being-symlinks.patch @@ -0,0 +1,80 @@ +From 5f17b65d30480e489e135b403a072b38535b2911 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Wed, 18 Aug 2021 19:10:08 +0200 +Subject: [PATCH] core: handle lookup paths being symlinks + +With a recent change paths leaving the statically known lookup paths +would be treated differently then those that remained within those. That +was done (AFAIK) to consistently handle alias names. Unfortunately that +means that on some distributions, especially those where /etc/ consists +mostly of symlinks, would trigger that new detection for every single +unit in /etc/systemd/system. The reason for that is that the units +directory itself is already a symlink. +--- + src/basic/unit-file.c | 33 +++++++++++++++++++++++++++++++-- + 1 file changed, 31 insertions(+), 2 deletions(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 884a0674a9..3ae2a115d0 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -254,6 +254,7 @@ int unit_file_build_name_map( + + _cleanup_hashmap_free_ Hashmap *ids = NULL, *names = NULL; + _cleanup_set_free_free_ Set *paths = NULL; ++ _cleanup_strv_free_ char **expanded_search_paths = NULL; + uint64_t timestamp_hash; + char **dir; + int r; +@@ -273,6 +274,34 @@ int unit_file_build_name_map( + return log_oom(); + } + ++ /* Go over all our search paths, chase their symlinks and store the ++ * result in the expanded_search_paths list. ++ * ++ * This is important for cases where any of the unit directories itself ++ * are symlinks into other directories and would therefore cause all of ++ * the unit files to be recognized as linked units. ++ * ++ * This is important for distributions such as NixOS where most paths ++ * in /etc/ are symlinks to some other location on the filesystem (e.g. ++ * into /nix/store/). ++ */ ++ STRV_FOREACH(dir, (char**) lp->search_path) { ++ _cleanup_free_ char *resolved_dir = NULL; ++ r = strv_extend(&expanded_search_paths, *dir); ++ if (r < 0) ++ return log_oom(); ++ ++ r = chase_symlinks(*dir, NULL, 0, &resolved_dir, NULL); ++ if (r < 0) { ++ if (r != -ENOENT) ++ log_warning_errno(r, "Failed to resolve symlink %s, ignoring: %m", *dir); ++ continue; ++ } ++ ++ if (strv_consume(&expanded_search_paths, TAKE_PTR(resolved_dir)) < 0) ++ return log_oom(); ++ } ++ + STRV_FOREACH(dir, (char**) lp->search_path) { + struct dirent *de; + _cleanup_closedir_ DIR *d = NULL; +@@ -351,11 +380,11 @@ int unit_file_build_name_map( + continue; + } + +- /* Check if the symlink goes outside of our search path. ++ /* Check if the symlink goes outside of our (expanded) search path. + * If yes, it's a linked unit file or mask, and we don't care about the target name. + * Let's just store the link source directly. + * If not, let's verify that it's a good symlink. */ +- char *tail = path_startswith_strv(simplified, lp->search_path); ++ char *tail = path_startswith_strv(simplified, expanded_search_paths); + if (!tail) { + log_debug("%s: linked unit file: %s → %s", + __func__, filename, simplified); +-- +2.32.0 + diff --git a/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch b/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch new file mode 100644 index 000000000000000..026d0278797e083 --- /dev/null +++ b/pkgs/os-specific/linux/systemd/0023-path-util-make-find_executable-work-without-proc-mounted.patch @@ -0,0 +1,29 @@ +From 93413acd3ef3a637a0f31a1d133b103e1dc81fd6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 23 Aug 2021 06:16:48 +0900 +Subject: [PATCH] path-util: make find_executable() work without /proc mounted + +Follow-up for 888f65ace6296ed61285d31db846babf1c11885e. + +Hopefully fixes #20514. +--- + src/basic/path-util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/basic/path-util.c b/src/basic/path-util.c +index d11f254a9f6a..a21981616b59 100644 +--- a/src/basic/path-util.c ++++ b/src/basic/path-util.c +@@ -630,7 +630,11 @@ static int check_x_access(const char *path, int *ret_fd) { + return r; + + r = access_fd(fd, X_OK); +- if (r < 0) ++ if (r == -ENOSYS) { ++ /* /proc is not mounted. Fallback to access(). */ ++ if (access(path, X_OK) < 0) ++ return -errno; ++ } else if (r < 0) + return r; + + if (ret_fd) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index a33bb3c1a1d6dd0..5ff994d53041df1 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -40,6 +40,7 @@ , gnupg , zlib , xz +, tpm2-tss , libuuid , libapparmor , intltool @@ -58,6 +59,12 @@ , bashInteractive , libmicrohttpd + # the (optional) BPF feature requires bpftool, libbpf, clang and llmv-strip to be avilable during build time. + # Only libbpf should be a runtime dependency. +, bpftools +, libbpf +, llvmPackages + , withAnalyze ? true , withApparmor ? true , withCompression ? true # adds bzip2, lz4 and xz @@ -65,10 +72,12 @@ , withCryptsetup ? true , withDocumentation ? true , withEfi ? stdenv.hostPlatform.isEfi +, withFido2 ? true , withHomed ? false , withHostnamed ? true , withHwdb ? true , withImportd ? true +, withLibBPF ? false # currently fails while generating BPF objects , withLocaled ? true , withLogind ? true , withMachined ? true @@ -83,6 +92,7 @@ , withShellCompletions ? true , withTimedated ? true , withTimesyncd ? true +, withTpm2Tss ? true , withUserDb ? true , libfido2 , p11-kit @@ -108,12 +118,11 @@ assert withCoredump -> withCompression; assert withHomed -> withCryptsetup; -assert withCryptsetup -> -(cryptsetup != null); +assert withCryptsetup -> (cryptsetup != null); let wantCurl = withRemote || withImportd; - version = "247.6"; + version = "249.4"; in stdenv.mkDerivation { inherit version pname; @@ -124,7 +133,7 @@ stdenv.mkDerivation { owner = "systemd"; repo = "systemd-stable"; rev = "v${version}"; - sha256 = "sha256-7XYEq3Qw25suwjbtPzx9lVPHUu9ZY/1bADXl2wQbkJc="; + sha256 = "0pqi9gbk9kgwvd0idf13ybxz7s4h5przn01bwj6fna44jr0wy41c"; }; # If these need to be regenerated, `git am path/to/00*.patch` them into a @@ -152,18 +161,26 @@ stdenv.mkDerivation { ./0018-logind-seat-debus-show-CanMultiSession-again.patch ./0019-pkg-config-derive-prefix-from-prefix.patch - # Fix -Werror=format. - (fetchpatch { - url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch"; - sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add"; - }) - - # Fix CVE-2021-33910, disclosed 2021-07-20 - (fetchpatch { - name = "CVE-2021-33910.patch"; - url = "https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9.patch"; - sha256 = "1g1lk95igaadg67kah9bpi4zsc01rg398sd1247ghjsvl5hxn4v4"; - }) + # In v249 a bunch of meson files had been touched as part of the migration to + # jinja2 for templating. Unfortunately some of those files lost the `install_sysconfdir_samples` check. + # The following two patches are part of a PR that was filed to fix those cases. + # https://github.com/systemd/systemd/pull/20303 + ./0020-core-respect-install_sysconfdir_samples-in-meson-fil.patch + ./0021-login-respect-install_sysconfdir_samples-in-meson-fi.patch + + # In v248 or v249 we started to get in trouble due to our /etc/systemd/sytem being + # a symlink and thus being treated differently by systemd. With the below + # patch we mitigate that effect by special casing all our root unit dirs + # if they are symlinks. This does exactly what we need (AFAICT). + ./0022-core-Handle-lookup-paths-being-symlinks.patch + + # The way files are being tested for being executable changed in v248/v249 + # which caused our confinement setup to fail as we do not mount /proc by + # default. + # The issue has been reported upstream and this patch carries the upstream + # fix for the same. Upstream now has a test for this scenario. + # https://github.com/systemd/systemd/issues/20514 + ./0023-path-util-make-find_executable-work-without-proc-mounted.patch ]; postPatch = '' @@ -177,14 +194,14 @@ stdenv.mkDerivation { "find_program('${stdenv.cc.bintools.targetPrefix}objcopy'" '' + ( let - # The folllowing dlopen patches ensure that all the features that are - # implemented via dlopen(3) are available (or explicitly deactivated) by - # pointing dlopen to the absolute store path instead of relying on the - # linkers runtime lookup code. + # The folllowing patches references to dynamic libraries to ensure that + # all the features that are implemented via dlopen(3) are available (or + # explicitly deactivated) by pointing dlopen to the absolute store path + # instead of relying on the linkers runtime lookup code. # - # All of the dlopen calls have to be handled. When new ones are introduced - # by upstream (or one of our patches) they must be explicitly declared, - # otherwise the build will fail. + # All of the shared library references have to be handled. When new ones + # are introduced by upstream (or one of our patches) they must be + # explicitly declared, otherwise the build will fail. # # As of systemd version 247 we've seen a few errors like `libpcre2.… not # found` when using e.g. --grep with journalctl. Those errors should @@ -203,32 +220,45 @@ stdenv.mkDerivation { # path location). # # To get a list of dynamically loaded libraries issue something like - # `grep -ri 'dlopen("lib' $src` and update the below list. - dlopenLibs = [ - # We did never provide support for libxkbcommon & qrencode - { name = "libxkbcommon.so.0"; pkg = null; } - { name = "libqrencode.so.4"; pkg = null; } - - # We did not provide libpwquality before so it is safe to disable it for - # now. - { name = "libpwquality.so.1"; pkg = null; } - - # Only include cryptsetup if it is enabled. We might not be able to - # provide it during "bootstrap" in e.g. the minimal systemd build as - # cryptsetup has udev (aka systemd) in it's dependencies. - { name = "libcryptsetup.so.12"; pkg = if withCryptsetup then cryptsetup else null; } - - # We are using libidn2 so we only provide that and ignore the others. - # Systemd does this decision during configure time and uses ifdef's to - # enable specific branches. We can safely ignore (nuke) the libidn "v1" - # libraries. - { name = "libidn2.so.0"; pkg = libidn2; } - { name = "libidn.so.12"; pkg = null; } - { name = "libidn.so.11"; pkg = null; } - - # journalctl --grep requires libpcre so lets provide it - { name = "libpcre2-8.so.0"; pkg = pcre2; } - ]; + # `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list. + dlopenLibs = + let + opt = condition: pkg: if condition then pkg else null; + in + [ + # bpf compilation support + { name = "libbpf.so.0"; pkg = opt withLibBPF libbpf; } + + # We did never provide support for libxkbcommon & qrencode + { name = "libxkbcommon.so.0"; pkg = null; } + { name = "libqrencode.so.4"; pkg = null; } + + # We did not provide libpwquality before so it is safe to disable it for + # now. + { name = "libpwquality.so.1"; pkg = null; } + + # Only include cryptsetup if it is enabled. We might not be able to + # provide it during "bootstrap" in e.g. the minimal systemd build as + # cryptsetup has udev (aka systemd) in it's dependencies. + { name = "libcryptsetup.so.12"; pkg = opt withCryptsetup cryptsetup; } + + # We are using libidn2 so we only provide that and ignore the others. + # Systemd does this decision during configure time and uses ifdef's to + # enable specific branches. We can safely ignore (nuke) the libidn "v1" + # libraries. + { name = "libidn2.so.0"; pkg = libidn2; } + { name = "libidn.so.12"; pkg = null; } + { name = "libidn.so.11"; pkg = null; } + + # journalctl --grep requires libpcre so lets provide it + { name = "libpcre2-8.so.0"; pkg = pcre2; } + + # Support for TPM2 in systemd-cryptsetup, systemd-repart and systemd-cryptenroll + { name = "libtss2-esys.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libtss2-rc.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libtss2-mu.so.0"; pkg = opt withTpm2Tss tpm2-tss; } + { name = "libfido2.so.1"; pkg = opt withFido2 libfido2; } + ]; patchDlOpen = dl: let @@ -236,9 +266,9 @@ stdenv.mkDerivation { in if dl.pkg == null then '' # remove the dependency on the library by replacing it with an invalid path - for file in $(grep -lr 'dlopen("${dl.name}"' src); do + for file in $(grep -lr '"${dl.name}"' src); do echo "patching dlopen(\"${dl.name}\", …) in $file to an invalid store path ("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}")…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' + substituteInPlace "$file" --replace '"${dl.name}"' '"/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented/${dl.name}"' done '' else '' # ensure that the library we provide actually exists @@ -247,22 +277,29 @@ stdenv.mkDerivation { exit 1 fi # make the path to the dependency explicit - for file in $(grep -lr 'dlopen("${dl.name}"' src); do + for file in $(grep -lr '"${dl.name}"' src); do echo "patching dlopen(\"${dl.name}\", …) in $file to ${library}…" - substituteInPlace "$file" --replace 'dlopen("${dl.name}"' 'dlopen("${library}"' + substituteInPlace "$file" --replace '"${dl.name}"' '"${library}"' done + ''; in # patch all the dlopen calls to contain absolute paths to the libraries lib.concatMapStringsSep "\n" patchDlOpen dlopenLibs ) - # finally ensure that there are no left-over dlopen calls that we didn't handle + # finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle + '' - if grep -qr 'dlopen("[^/]' src; then - echo "Found unhandled dlopen calls: " - grep -r 'dlopen("[^/]' src + if grep -qr '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src; then + echo "Found unhandled dynamic library calls: " + grep -r '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"' src exit 1 fi + '' + # Finally patch shebangs that might need patching. + # Should no longer be necessary with v250. + # https://github.com/systemd/systemd/pull/19638 + + '' + patchShebangs . ''; outputs = [ "out" "man" "dev" ]; @@ -286,8 +323,14 @@ stdenv.mkDerivation { docbook_xsl docbook_xml_dtd_42 docbook_xml_dtd_45 - (buildPackages.python3Packages.python.withPackages (ps: with ps; [ python3Packages.lxml ])) - ]; + (buildPackages.python3Packages.python.withPackages (ps: with ps; [ lxml jinja2 ])) + ] + ++ lib.optional withLibBPF [ + bpftools + llvmPackages.clang + llvmPackages.libllvm + ] + ; buildInputs = [ @@ -315,12 +358,15 @@ stdenv.mkDerivation { ++ lib.optional withResolved libgpgerror ++ lib.optional withSelinux libselinux ++ lib.optional withRemote libmicrohttpd - ++ lib.optionals withHomed [ p11-kit libfido2 ] + ++ lib.optionals withHomed [ p11-kit ] + ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ] + ++ lib.optionals withLibBPF [ libbpf ] ; #dontAddPrefix = true; mesonFlags = [ + # "-Dversion-tag=${version}" FIXME: add this on the next rebuild "-Ddbuspolicydir=${placeholder "out"}/share/dbus-1/system.d" "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services" "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services" @@ -368,14 +414,14 @@ stdenv.mkDerivation { "-Db_pie=true" "-Dinstall-sysconfdir=false" /* - As of now, systemd doesn't allow runtime configuration of these values. So - the settings in /etc/login.defs have no effect on it. Many people think this - should be supported however, see - - https://github.com/systemd/systemd/issues/3855 - - https://github.com/systemd/systemd/issues/4850 - - https://github.com/systemd/systemd/issues/9769 - - https://github.com/systemd/systemd/issues/9843 - - https://github.com/systemd/systemd/issues/10184 + As of now, systemd doesn't allow runtime configuration of these values. So + the settings in /etc/login.defs have no effect on it. Many people think this + should be supported however, see + - https://github.com/systemd/systemd/issues/3855 + - https://github.com/systemd/systemd/issues/4850 + - https://github.com/systemd/systemd/issues/9769 + - https://github.com/systemd/systemd/issues/9843 + - https://github.com/systemd/systemd/issues/10184 */ "-Dsystem-uid-max=999" "-Dsystem-gid-max=999" @@ -411,6 +457,8 @@ stdenv.mkDerivation { "-Dnss-mymachines=false" "-Dnss-resolve=false" "-Dnss-systemd=false" + ] ++ lib.optionals withLibBPF [ + "-Dbpf-framework=true" ]; preConfigure = '' @@ -459,7 +507,8 @@ stdenv.mkDerivation { --replace '"tar"' '"${gnutar}/bin/tar"' done - substituteInPlace src/journal/catalog.c \ + + substituteInPlace src/libsystemd/sd-journal/catalog.c \ --replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/ ''; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 16abc141d983b7d..1f56f5b25a6363f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22146,9 +22146,11 @@ with pkgs; withCryptsetup = false; withDocumentation = false; withEfi = false; + withFido2 = false; withHostnamed = false; withHwdb = false; withImportd = false; + withLibBPF = false; withLocaled = false; withLogind = false; withMachined = false; @@ -22162,6 +22164,7 @@ with pkgs; withShellCompletions = false; withTimedated = false; withTimesyncd = false; + withTpm2Tss = false; withUserDb = false; glib = null; libgcrypt = null;