alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge branch 'staging'

Browse source 
Includes security fixes in gd and libarchive.
This commit is contained in:
Vladimír Čunát 2016-07-14 15:51:28 +02:00
parent ab9515092b d9aafc885f
commit 1b5ac05845
52 changed files with 738 additions and 606 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

153
nixos/modules/config/fonts/fontconfig-ultimate.nix
View file

@ -3,6 +3,84 @@
with lib;
let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>";
cfg = config.fonts.fontconfig.ultimate;
fontconfigUltimateConf = pkgs.writeText "ultimate-conf" ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
${optionalString (!cfg.allowBitmaps) ''
<!-- Reject bitmap fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="scalable"><bool>false</bool></patelt>
</pattern>
</rejectfont>
</selectfont>
''}
${optionalString cfg.allowType1 ''
<!-- Reject Type 1 fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="fontformat">
<string>Type 1</string>
</patelt>
</pattern>
</rejectfont>
</selectfont>
''}
<!-- Use embedded bitmaps in fonts like Calibri? -->
<match target="font">
<edit name="embeddedbitmap" mode="assign">
${fcBool cfg.useEmbeddedBitmaps}
</edit>
</match>
<!-- Force autohint always -->
<match target="font">
<edit name="force_autohint" mode="assign">
${fcBool cfg.forceAutohint}
</edit>
</match>
<!-- Render some monospace TTF fonts as bitmaps -->
<match target="pattern">
<edit name="bitmap_monospace" mode="assign">
${fcBool cfg.renderMonoTTFAsBitmap}
</edit>
</match>
</fontconfig>
'';
confPkg =
let version = pkgs.fontconfig.configVersion;
in pkgs.runCommand "font-ultimate-conf" {} ''
mkdir -p $out/etc/fonts/{,${version}/}conf.d/
cp ${fontconfigUltimateConf} \
$out/etc/fonts/conf.d/52-fontconfig-ultimate.conf
cp ${fontconfigUltimateConf} \
$out/etc/fonts/${version}/conf.d/52-fontconfig-ultimate.conf
${optionalString (cfg.substitutions != "none") ''
cp ${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${cfg.substitutions}/*.conf \
$out/etc/fonts/conf.d/
cp ${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${cfg.substitutions}/*.conf \
$out/etc/fonts/${version}/conf.d/
''}
ln -s ${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d/*.conf \
$out/etc/fonts/conf.d/
ln -s ${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d/*.conf \
$out/etc/fonts/${version}/conf.d/
'';
in
{
@ -115,78 +193,11 @@ in
};
config =
let ultimate = config.fonts.fontconfig.ultimate;
fontconfigUltimateConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
${optionalString (!ultimate.allowBitmaps) ''
<!-- Reject bitmap fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="scalable"><bool>false</bool></patelt>
</pattern>
</rejectfont>
</selectfont>
''}
${optionalString ultimate.allowType1 ''
<!-- Reject Type 1 fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="fontformat">
<string>Type 1</string>
</patelt>
</pattern>
</rejectfont>
</selectfont>
''}
<!-- Use embedded bitmaps in fonts like Calibri? -->
<match target="font">
<edit name="embeddedbitmap" mode="assign">
${fcBool ultimate.useEmbeddedBitmaps}
</edit>
</match>
<!-- Force autohint always -->
<match target="font">
<edit name="force_autohint" mode="assign">
${fcBool ultimate.forceAutohint}
</edit>
</match>
<!-- Render some monospace TTF fonts as bitmaps -->
<match target="pattern">
<edit name="bitmap_monospace" mode="assign">
${fcBool ultimate.renderMonoTTFAsBitmap}
</edit>
</match>
${optionalString (ultimate.substitutions != "none") ''
<!-- Type 1 font substitutions -->
<include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/presets/${ultimate.substitutions}</include>
''}
<include ignore_missing="yes">${pkgs.fontconfig-ultimate.confd}/etc/fonts/conf.d</include>
</fontconfig>
'';
in mkIf (config.fonts.fontconfig.enable && ultimate.enable) {
environment.etc."fonts/conf.d/52-fontconfig-ultimate.conf" = {
text = fontconfigUltimateConf;
};
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/52-fontconfig-ultimate.conf" = {
text = fontconfigUltimateConf;
};
environment.variables = ultimate.rendering;
fonts.fontconfig.confPkgs = [ confPkg ];
environment.variables = cfg.rendering;
};

262
nixos/modules/config/fonts/fontconfig.nix
View file

@ -2,6 +2,121 @@
with lib;
let cfg = config.fonts.fontconfig;
fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
renderConf = pkgs.writeText "render-conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default rendering settings -->
<match target="font">
<edit mode="assign" name="hinting">
${fcBool cfg.hinting.enable}
</edit>
<edit mode="assign" name="autohint">
${fcBool cfg.hinting.autohint}
</edit>
<edit mode="assign" name="hintstyle">
<const>hint${cfg.hinting.style}</const>
</edit>
<edit mode="assign" name="antialias">
${fcBool cfg.antialias}
</edit>
<edit mode="assign" name="rgba">
<const>${cfg.subpixel.rgba}</const>
</edit>
<edit mode="assign" name="lcdfilter">
<const>lcd${cfg.subpixel.lcdfilter}</const>
</edit>
</match>
${optionalString (cfg.dpi != 0) ''
<match target="pattern">
<edit name="dpi" mode="assign">
<double>${toString cfg.dpi}</double>
</edit>
</match>
''}
</fontconfig>
'';
genericAliasConf =
let genDefault = fonts: name:
optionalString (fonts != []) ''
<alias>
<family>${name}</family>
<prefer>
${concatStringsSep ""
(map (font: ''
<family>${font}</family>
'') fonts)}
</prefer>
</alias>
'';
in
pkgs.writeText "generic-alias-conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default fonts -->
${genDefault cfg.defaultFonts.sansSerif "sans-serif"}
${genDefault cfg.defaultFonts.serif "serif"}
${genDefault cfg.defaultFonts.monospace "monospace"}
</fontconfig>
'';
cacheConf = let
cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
in
pkgs.writeText "cache-conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
<!-- Pre-generated font caches -->
<cachedir>${cache pkgs.fontconfig}</cachedir>
${optionalString (pkgs.stdenv.isx86_64 && cfg.cache32Bit) ''
<cachedir>${cache pkgs.pkgsi686Linux.fontconfig}</cachedir>
''}
</fontconfig>
'';
userConf = pkgs.writeText "user-conf" ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
<include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
</fontconfig>
'';
fontsConf = pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
confPkg =
let version = pkgs.fontconfig.configVersion;
in pkgs.runCommand "fontconfig-conf" {} ''
mkdir -p $out/etc/fonts/{,${version}/}conf.d
ln -s ${fontsConf} $out/etc/fonts/fonts.conf
ln -s ${pkgs.fontconfig.out}/etc/fonts/fonts.conf $out/etc/fonts/${version}/fonts.conf
ln -s ${pkgs.fontconfig.out}/etc/fonts/conf.d/* $out/etc/fonts/${version}/conf.d/
ln -s ${renderConf} $out/etc/fonts/conf.d/10-nixos-rendering.conf
ln -s ${genericAliasConf} $out/etc/fonts/conf.d/60-nixos-generic-alias.conf
ln -s ${cacheConf} $out/etc/fonts/${version}/conf.d/00-nixos.conf
ln -s ${renderConf} $out/etc/fonts/${version}/conf.d/10-nixos-rendering.conf
ln -s ${genericAliasConf} $out/etc/fonts/${version}/conf.d/30-nixos-generic-alias.conf
${optionalString cfg.includeUserConf
"ln -s ${userConf} $out/etc/fonts/${version}/conf.d/99-user.conf"}
'';
in
{
options = {
@ -21,6 +136,15 @@ with lib;
'';
};
confPkgs = mkOption {
internal = true;
type = with types; listOf path;
default = [ ];
description = ''
Fontconfig configuration packages.
'';
};
antialias = mkOption {
type = types.bool;
default = true;
@ -143,135 +267,17 @@ with lib;
};
config =
let fontconfig = config.fonts.fontconfig;
fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
renderConf = ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
config = mkIf cfg.enable {
fonts.fontconfig.confPkgs = [ confPkg ];
<!-- Default rendering settings -->
<match target="font">
<edit mode="assign" name="hinting">
${fcBool fontconfig.hinting.enable}
</edit>
<edit mode="assign" name="autohint">
${fcBool fontconfig.hinting.autohint}
</edit>
<edit mode="assign" name="hintstyle">
<const>hint${fontconfig.hinting.style}</const>
</edit>
<edit mode="assign" name="antialias">
${fcBool fontconfig.antialias}
</edit>
<edit mode="assign" name="rgba">
<const>${fontconfig.subpixel.rgba}</const>
</edit>
<edit mode="assign" name="lcdfilter">
<const>lcd${fontconfig.subpixel.lcdfilter}</const>
</edit>
</match>
environment.etc.fonts.source =
let fontConf = pkgs.symlinkJoin {
name = "fontconfig-etc";
paths = cfg.confPkgs;
};
in "${fontConf}/etc/fonts/";
${optionalString (fontconfig.dpi != 0) ''
<match target="pattern">
<edit name="dpi" mode="assign">
<double>${toString fontconfig.dpi}</double>
</edit>
</match>
''}
</fontconfig>
'';
genericAliasConf = ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default fonts -->
${optionalString (fontconfig.defaultFonts.sansSerif != []) ''
<alias>
<family>sans-serif</family>
<prefer>
${concatStringsSep "\n"
(map (font: "<family>${font}</family>")
fontconfig.defaultFonts.sansSerif)}
</prefer>
</alias>
''}
${optionalString (fontconfig.defaultFonts.serif != []) ''
<alias>
<family>serif</family>
<prefer>
${concatStringsSep "\n"
(map (font: "<family>${font}</family>")
fontconfig.defaultFonts.serif)}
</prefer>
</alias>
''}
${optionalString (fontconfig.defaultFonts.monospace != []) ''
<alias>
<family>monospace</family>
<prefer>
${concatStringsSep "\n"
(map (font: "<family>${font}</family>")
fontconfig.defaultFonts.monospace)}
</prefer>
</alias>
''}
</fontconfig>
'';
in mkIf fontconfig.enable {
# Fontconfig 2.10 backward compatibility
# Bring in the default (upstream) fontconfig configuration, only for fontconfig 2.10
environment.etc."fonts/fonts.conf".source =
pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
environment.etc."fonts/conf.d/10-nixos-rendering.conf".text = renderConf;
environment.etc."fonts/conf.d/60-nixos-generic-alias.conf".text = genericAliasConf;
# Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig.
# Otherwise specify only font directories.
environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source =
"${pkgs.fontconfig.out}/etc/fonts/fonts.conf";
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
let
cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
in ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
<!-- Pre-generated font caches -->
<cachedir>${cache pkgs.fontconfig}</cachedir>
${optionalString (pkgs.stdenv.isx86_64 && config.fonts.fontconfig.cache32Bit) ''
<cachedir>${cache pkgs.pkgsi686Linux.fontconfig}</cachedir>
''}
</fontconfig>
'';
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/10-nixos-rendering.conf".text = renderConf;
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/60-nixos-generic-alias.conf".text = genericAliasConf;
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/99-user.conf" = {
enable = fontconfig.includeUserConf;
text = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
<include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
</fontconfig>
'';
};
environment.systemPackages = [ pkgs.fontconfig ];
};
environment.systemPackages = [ pkgs.fontconfig ];
};
}

9
nixos/modules/config/i18n.nix
View file

@ -41,6 +41,15 @@ in
'';
};
consolePackages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
description = ''
List of additional packages that provide console fonts, keymaps and
other resources.
'';
};
consoleFont = mkOption {
type = types.str;
default = "Lat2-Terminus16";

1
nixos/modules/module-list.nix
View file

@ -525,6 +525,7 @@
./system/boot/luksroot.nix
./system/boot/modprobe.nix
./system/boot/networkd.nix
./system/boot/plymouth.nix
./system/boot/resolved.nix
./system/boot/shutdown.nix
./system/boot/stage-1.nix

3
nixos/modules/system/boot/initrd-ssh.nix
View file

@ -100,9 +100,6 @@ in
'';
boot.initrd.network.postCommands = ''
mkdir /dev/pts
mount -t devpts devpts /dev/pts
echo '${cfg.shell}' > /etc/shells
echo 'root:x:0:0:root:/root:${cfg.shell}' > /etc/passwd
echo 'passwd: files' > /etc/nsswitch.conf

26
nixos/modules/system/boot/luksroot.nix
View file

@ -36,7 +36,7 @@ let
${optionalString (header != null) "--header=${header}"} \
${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \
> /.luksopen_args
cryptsetup-askpass
get_password "Enter LUKS Passphrase" cryptsetup-askpass
rm /.luksopen_args
}
@ -78,9 +78,7 @@ let
for try in $(seq 3); do
${optionalString yubikey.twoFactor ''
echo -n "Enter two-factor passphrase: "
read -s k_user
echo
k_user="$(get_password "Enter two-factor passphrase" cat)"
''}
if [ ! -z "$k_user" ]; then
@ -463,6 +461,26 @@ in
''}
'';
boot.initrd.preDeviceCommands = ''
get_password() {
local ret
local reply
local tty_stat
tty_stat="$(stty -g)"
stty -echo
for i in `seq 1 3`; do
echo -n "$1: "
read reply
echo "$reply" | "$2"
if [ "$?" = "0" ]; then
break
fi
done
stty "$tty_stat"
}
'';
boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM);
boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM);

129
nixos/modules/system/boot/plymouth.nix Normal file
View file

@ -0,0 +1,129 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (pkgs) plymouth;
cfg = config.boot.plymouth;
themesEnv = pkgs.buildEnv {
name = "plymouth-themes";
paths = [ plymouth ] ++ cfg.themePackages;
};
configFile = pkgs.writeText "plymouthd.conf" ''
[Daemon]
ShowDelay=0
Theme=${cfg.theme}
'';
in
{
options = {
boot.plymouth = {
enable = mkEnableOption "Plymouth boot splash screen";
themePackages = mkOption {
default = [];
type = types.listOf types.package;
description = ''
Extra theme packages for plymouth.
'';
};
theme = mkOption {
default = "fade-in";
type = types.str;
description = ''
Splash screen theme.
'';
};
logo = mkOption {
type = types.path;
default = pkgs.fetchurl {
url = "https://nixos.org/logo/nixos-hires.png";
sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
};
description = ''
Logo which is displayed on the splash screen.
'';
};
};
};
config = mkIf cfg.enable {
boot.kernelParams = [ "splash" ];
# To be discoverable by systemd.
environment.systemPackages = [ plymouth ];
environment.etc."plymouth/plymouthd.conf".source = configFile;
environment.etc."plymouth/plymouthd.defaults".source = "${plymouth}/share/plymouth/plymouth.defaults";
environment.etc."plymouth/logo.png".source = cfg.logo;
environment.etc."plymouth/themes".source = "${themesEnv}/share/plymouth/themes";
# XXX: Needed because we supply a different set of plugins in initrd.
environment.etc."plymouth/plugins".source = "${plymouth}/lib/plymouth";
systemd.packages = [ plymouth ];
systemd.services.plymouth-kexec.wantedBy = [ "kexec.target" ];
systemd.services.plymouth-halt.wantedBy = [ "halt.target" ];
systemd.services.plymouth-quit = {
wantedBy = [ "multi-user.target" ];
after = [ "display-manager.service" "multi-user.target" ];
};
systemd.services.plymouth-poweroff.wantedBy = [ "poweroff.target" ];
systemd.services.plymouth-reboot.wantedBy = [ "reboot.target" ];
systemd.services.plymouth-read-write.wantedBy = [ "sysinit.target" ];
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.plymouth}/bin/plymouthd
copy_bin_and_libs ${pkgs.plymouth}/bin/plymouth
moduleName="$(sed -n 's,ModuleName *= *,,p' ${themesEnv}/share/plymouth/themes/${cfg.theme}/${cfg.theme}.plymouth)"
mkdir -p $out/lib/plymouth/renderers
cp ${plymouth}/lib/plymouth/{text,details,$moduleName}.so $out/lib/plymouth
cp ${plymouth}/lib/plymouth/renderers/{drm,frame-buffer}.so $out/lib/plymouth/renderers
mkdir -p $out/share/plymouth/themes
cp ${plymouth}/share/plymouth/plymouthd.defaults $out/share/plymouth
cp -r ${themesEnv}/share/plymouth/themes/{text,details,${cfg.theme}} $out/share/plymouth/themes
cp ${cfg.logo} $out/share/plymouth/logo.png
'';
boot.initrd.extraUtilsCommandsTest = ''
$out/bin/plymouthd --help >/dev/null
$out/bin/plymouth --help >/dev/null
'';
boot.initrd.extraUdevRulesCommands = ''
cp ${config.systemd.package}/lib/udev/rules.d/{70-uaccess,71-seat}.rules $out
sed -i '/loginctl/d' $out/71-seat.rules
'';
boot.initrd.preLVMCommands = mkAfter ''
mkdir -p /etc/plymouth
ln -s ${configFile} /etc/plymouth/plymouthd.conf
ln -s $extraUtils/share/plymouth/plymouthd.defaults /etc/plymouth/plymouthd.defaults
ln -s $extraUtils/share/plymouth/logo.png /etc/plymouth/logo.png
ln -s $extraUtils/share/plymouth/themes /etc/plymouth/themes
ln -s $extraUtils/lib/plymouth /etc/plymouth/plugins
plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session
plymouth --show-splash
'';
};
}

6
nixos/modules/system/boot/stage-1-init.sh
View file

@ -3,6 +3,7 @@
targetRoot=/mnt-root
console=tty1
extraUtils="@extraUtils@"
export LD_LIBRARY_PATH=@extraUtils@/lib
export PATH=@extraUtils@/bin
ln -s @extraUtils@/bin /bin
@ -13,6 +14,9 @@ export LVM_SUPPRESS_FD_WARNINGS=true
fail() {
if [ -n "$panicOnFail" ]; then exit 1; fi
# If we have a splash screen started, quit it.
command -v plymouth >/dev/null 2>&1 && plymouth quit
# If starting stage 2 failed, allow the user to repair the problem
# in an interactive shell.
cat <<EOF
@ -70,6 +74,8 @@ mount -t sysfs sysfs /sys
mount -t devtmpfs -o "size=@devSize@" devtmpfs /dev
mkdir -p /run
mount -t tmpfs -o "mode=0755,size=@runSize@" tmpfs /run
mkdir /dev/pts
mount -t devpts devpts /dev/pts
# Log the script output to /dev/kmsg or /run/log/stage-1-init.log.
mkdir -p /tmp

26
nixos/modules/system/boot/stage-1.nix
View file

@ -81,9 +81,9 @@ let
# Copy ld manually since it isn't detected correctly
cp -pv ${pkgs.glibc.out}/lib/ld*.so.? $out/lib
# Copy all of the needed libraries for the binaries
for BIN in $(find $out/{bin,sbin} -type f); do
echo "Copying libs for bin $BIN"
# Copy all of the needed libraries
find $out/bin $out/lib -type f | while read BIN; do
echo "Copying libs for executable $BIN"
LDD="$(ldd $BIN)" || continue
LIBS="$(echo "$LDD" | awk '{print $3}' | sed '/^$/d')"
for LIB in $LIBS; do
@ -104,13 +104,17 @@ let
stripDirs "lib bin" "-s"
# Run patchelf to make the programs refer to the copied libraries.
for i in $out/bin/* $out/lib/*; do if ! test -L $i; then nuke-refs -e $out $i; fi; done
find $out/bin $out/lib -type f | while read i; do
if ! test -L $i; then
nuke-refs -e $out $i
fi
done
for i in $out/bin/*; do
if ! test -L $i; then
echo "patching $i..."
patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true
fi
find $out/bin -type f | while read i; do
if ! test -L $i; then
echo "patching $i..."
patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true
fi
done
# Make sure that the patchelf'ed binaries still work.
@ -138,6 +142,7 @@ let
udevRules = pkgs.stdenv.mkDerivation {
name = "udev-rules";
allowedReferences = [ extraUtils ];
buildCommand = ''
mkdir -p $out
@ -160,7 +165,8 @@ let
--replace /sbin/mdadm ${extraUtils}/bin/mdadm \
--replace /bin/sh ${extraUtils}/bin/sh \
--replace /usr/bin/readlink ${extraUtils}/bin/readlink \
--replace /usr/bin/basename ${extraUtils}/bin/basename
--replace /usr/bin/basename ${extraUtils}/bin/basename \
--replace ${udev}/bin/udevadm ${extraUtils}/bin/udevadm
done
# Work around a bug in QEMU, which doesn't implement the "READ

98
nixos/modules/tasks/kbd.nix
View file

@ -5,14 +5,33 @@ with lib;
let
makeColor = n: value: "COLOR_${toString n}=${value}";
makeColorCS =
let positions = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "A" "B" "C" "D" "E" "F" ];
in n: value: "\033]P${elemAt position n}${value}";
colors = concatImapStringsSep "\n" makeColor config.i18n.consoleColors;
isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale);
optimizedKeymap = pkgs.runCommand "keymap" {
nativeBuildInputs = [ pkgs.kbd ];
} ''
cd ${kbdEnv}/share/keymaps
loadkeys -b ${optionalString isUnicode "-u"} "${config.i18n.consoleKeyMap}" > $out
'';
# Sadly, systemd-vconsole-setup doesn't support binary keymaps.
vconsoleConf = pkgs.writeText "vconsole.conf" ''
KEYMAP=${config.i18n.consoleKeyMap}
FONT=${config.i18n.consoleFont}
${colors}
'';
kbdEnv = pkgs.buildEnv {
name = "kbd-env";
paths = [ pkgs.kbd ] ++ config.i18n.consolePackages;
pathsToLink = [ "/share/consolefonts" "/share/consoletrans" "/share/keymaps" "/share/unimaps" ];
};
setVconsole = !config.boot.isContainer;
in
@ -38,38 +57,75 @@ in
'';
};
boot.earlyVconsoleSetup = mkOption {
default = false;
type = types.bool;
description = ''
Enable setting font and keymap as early as possible (in initrd).
'';
};
};
###### implementation
config = mkMerge [
(mkIf (!setVconsole) {
(mkIf (!setVconsole || (setVconsole && config.boot.earlyVconsoleSetup)) {
systemd.services."systemd-vconsole-setup".enable = false;
})
(mkIf setVconsole {
environment.systemPackages = [ pkgs.kbd ];
(mkIf setVconsole (mkMerge [
{ environment.systemPackages = [ pkgs.kbd ];
# Let systemd-vconsole-setup.service do the work of setting up the
# virtual consoles. FIXME: trigger a restart of
# systemd-vconsole-setup.service if /etc/vconsole.conf changes.
environment.etc = [ {
target = "vconsole.conf";
source = vconsoleConf;
} ];
# Let systemd-vconsole-setup.service do the work of setting up the
# virtual consoles.
environment.etc."vconsole.conf".source = vconsoleConf;
# Provide kbd with additional packages.
environment.etc."kbd".source = "${kbdEnv}/share";
}
# This is identical to the systemd-vconsole-setup.service unit
# shipped with systemd, except that it uses /dev/tty1 instead of
# /dev/tty0 to prevent putting the X server in non-raw mode, and
# it has a restart trigger.
systemd.services."systemd-vconsole-setup" =
{ wantedBy = [ "multi-user.target" ];
before = [ "display-manager.service" ];
after = [ "systemd-udev-settle.service" ];
restartTriggers = [ vconsoleConf ];
};
})
(mkIf (!config.boot.earlyVconsoleSetup) {
# This is identical to the systemd-vconsole-setup.service unit
# shipped with systemd, except that it uses /dev/tty1 instead of
# /dev/tty0 to prevent putting the X server in non-raw mode, and
# it has a restart trigger.
systemd.services."systemd-vconsole-setup" =
{ wantedBy = [ "sysinit.target" ];
before = [ "display-manager.service" ];
after = [ "systemd-udev-settle.service" ];
restartTriggers = [ vconsoleConf kbdEnv ];
};
})
(mkIf config.boot.earlyVconsoleSetup {
boot.initrd.extraUtilsCommands = ''
mkdir -p $out/share/consolefonts
${if substring 0 1 config.i18n.consoleFont == "/" then ''
font="${config.i18n.consoleFont}"
'' else ''
font="$(echo ${kbdEnv}/share/consolefonts/${config.i18n.consoleFont}.*)"
''}
if [[ $font == *.gz ]]; then
gzip -cd $font > $out/share/consolefonts/font.psf
else
cp -L $font $out/share/consolefonts/font.psf
fi
'';
boot.initrd.preLVMCommands = mkBefore ''
kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
loadkmap < ${optimizedKeymap}
setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
${concatImapStringsSep "\n" (n: color: ''
printf "${makeColorCS n color}" >> /dev/console
'') config.i18n.consoleColors}
'';
})
]))
];
}

18
pkgs/build-support/buildenv/builder.pl
View file

@ -31,9 +31,23 @@ sub isInPathsToLink {
my %symlinks;
# Add all pathsToLink and all parent directories.
#
# For "/a/b/c" that will include
# [ "", "/a", "/a/b", "/a/b/c" ]
#
# That ensures the whole directory tree needed by pathsToLink is
# created as directories and not symlinks.
$symlinks{""} = ["", 0];
for my $p (@pathsToLink) {
$p = "" if $p eq "/";
$symlinks{$p} = ["", 0];
my @parts = split '/', $p;
my $cur = "";
for my $x (@parts) {
$cur = $cur . "/$x";
$cur = "" if $cur eq "/";
$symlinks{$cur} = ["", 0];
}
}
sub findFiles;

3
pkgs/build-support/setup-hooks/patch-shebangs.sh
View file

@ -46,7 +46,8 @@ patchShebangs() {
args="$arg0 $args"
fi
newInterpreterLine="$newPath $args"
# Strip trailing whitespace introduced when no arguments are present
newInterpreterLine="$(echo "$newPath $args" | sed 's/[[:space:]]*$//')"
if [ -n "$oldPath" -a "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ]; then
if [ -n "$newPath" -a "$newPath" != "$oldPath" ]; then

5
pkgs/desktops/gnome-3/3.18/core/gdm/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, pkgconfig, glib, itstool, libxml2, xorg, dbus
, intltool, accountsservice, libX11, gnome3, systemd, gnome_session, autoreconfHook
, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection }:
, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection, plymouth }:
stdenv.mkDerivation rec {
inherit (import ./src.nix fetchurl) name src;
@ -13,12 +13,13 @@ stdenv.mkDerivation rec {
configureFlags = [ "--sysconfdir=/etc"
"--localstatedir=/var"
"--with-systemd=yes"
"--with-plymouth=yes"
"--with-systemdsystemunitdir=$(out)/etc/systemd/system" ];
buildInputs = [ pkgconfig glib itstool libxml2 intltool autoreconfHook
accountsservice gnome3.dconf systemd
gobjectIntrospection libX11 gtk
libcanberra_gtk3 pam libtool ];
libcanberra_gtk3 pam libtool plymouth ];
#enableParallelBuilding = true; # problems compiling

5
pkgs/desktops/gnome-3/3.20/core/gdm/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, pkgconfig, glib, itstool, libxml2, xorg, dbus
, intltool, accountsservice, libX11, gnome3, systemd, gnome_session, autoreconfHook
, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection }:
, gtk, libcanberra_gtk3, pam, libtool, gobjectIntrospection, plymouth }:
stdenv.mkDerivation rec {
inherit (import ./src.nix fetchurl) name src;
@ -13,12 +13,13 @@ stdenv.mkDerivation rec {
configureFlags = [ "--sysconfdir=/etc"
"--localstatedir=/var"
"--with-systemd=yes"
"--with-plymouth=yes"
"--with-systemdsystemunitdir=$(out)/etc/systemd/system" ];
buildInputs = [ pkgconfig glib itstool libxml2 intltool autoreconfHook
accountsservice gnome3.dconf systemd
gobjectIntrospection libX11 gtk
libcanberra_gtk3 pam libtool ];
libcanberra_gtk3 pam libtool plymouth ];
#enableParallelBuilding = true; # problems compiling

4
pkgs/development/compilers/orc/default.nix
View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
name = "orc-0.4.24";
name = "orc-0.4.25";
src = fetchurl {
url = "http://gstreamer.freedesktop.org/src/orc/${name}.tar.xz";
sha256 = "16ykgdrgxr6pfpy931p979cs68klvwmk3ii1k0a00wr4nn9x931k";
sha256 = "1lak3hyvvb0w9avzmf0a8vayb7vqhj4m709q1czlhvgjb15dbcf1";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/at-spi2-core/default.nix
View file

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
versionMajor = "2.20";
versionMinor = "1";
versionMinor = "2";
moduleName = "at-spi2-core";
name = "${moduleName}-${versionMajor}.${versionMinor}";
src = fetchurl {
url = "mirror://gnome/sources/${moduleName}/${versionMajor}/${name}.tar.xz";
sha256 = "6ed858e781f5aa9a9662b3beb5ef82f733dac040afc8255d85dffd2097f16900";
sha256 = "88a4de9d43139f13cca531b47b901bc1b56e0ab06ba899126644abd4ac16a143";
};
outputs = [ "dev" "out" ];

7
pkgs/development/libraries/ffmpeg/3.0.nix
View file

@ -1,7 +0,0 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix (args // rec {
version = "${branch}.2";
branch = "3.0";
sha256 = "0dpx15001ha9p8h8vfg1lm9pggbc96kmb546hz88wdac5xycgqrh";
})

7
pkgs/development/libraries/ffmpeg/3.1.nix Normal file
View file

@ -0,0 +1,7 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix (args // rec {
version = "${branch}.1";
branch = "3.1";
sha256 = "1d5knh87cgnla5zawy56gkrpb48qhyiq7i0pm8z9hyx3j05abg55";
})

1
pkgs/development/libraries/fontconfig/default.nix
View file

@ -68,7 +68,6 @@ stdenv.mkDerivation rec {
cd "$out/etc/fonts"
rm conf.d/{50-user,51-local}.conf
"${libxslt.bin}/bin/xsltproc" --stringparam fontDirectories "${fontbhttf}" \
--stringparam fontconfig "$out" \
--stringparam fontconfigConfigVersion "${configVersion}" \
--path $out/share/xml/fontconfig \
${./make-fonts-conf.xsl} $out/etc/fonts/fonts.conf \

2
pkgs/development/libraries/fontconfig/make-fonts-conf.xsl
View file

@ -28,8 +28,6 @@
<!-- /var/cache/fontconfig is useful for non-nixos systems -->
<cachedir>/var/cache/fontconfig</cachedir>
<!-- fontconfig distribution conf.d -->
<include><xsl:value-of select="$fontconfig" />/etc/fonts/conf.d</include>
<!-- versioned system-wide config -->
<include ignore_missing="yes">/etc/fonts/<xsl:value-of select="$fontconfigConfigVersion" />/conf.d</include>

4
pkgs/development/libraries/gd/default.nix
View file

@ -12,11 +12,11 @@
stdenv.mkDerivation rec {
name = "gd-${version}";
version = "2.2.1";
version = "2.2.2";
src = fetchurl {
url = "https://github.com/libgd/libgd/releases/download/${name}/libgd-${version}.tar.xz";
sha256 = "0xmrqka1ggqgml84xbmkw1y0r0lg7qn657v5b1my8pry92p651vh";
sha256 = "1311g5mva2xlzqv3rjqjc4jjkn5lzls4skvr395h633zw1n7b7s8";
};
nativeBuildInputs = [ pkgconfig ];

6
pkgs/development/libraries/gettext/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "gettext-${version}";
version = "0.19.7";
version = "0.19.8";
src = fetchurl {
url = "mirror://gnu/gettext/${name}.tar.gz";
sha256 = "0gy2b2aydj8r0sapadnjw8cmb8j2rynj28d5qs1mfa800njd51jk";
sha256 = "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x";
};
patches = [ ./absolute-paths.diff ];
@ -78,7 +78,7 @@ stdenv.mkDerivation rec {
homepage = http://www.gnu.org/software/gettext/;
maintainers = with lib.maintainers; [ zimbatm ];
maintainers = with lib.maintainers; [ zimbatm vrthra ];
platforms = lib.platforms.all;
};
}

6
pkgs/development/libraries/gmp/6.x.nix
View file

@ -3,11 +3,11 @@
with { inherit (stdenv.lib) optional optionalString; };
let self = stdenv.mkDerivation rec {
name = "gmp-6.1.0";
name = "gmp-6.1.1";
src = fetchurl { # we need to use bz2, others aren't in bootstrapping stdenv
urls = [ "mirror://gnu/gmp/${name}.tar.bz2" "ftp://ftp.gmplib.org/pub/${name}/${name}.tar.bz2" ];
sha256 = "1s3kddydvngqrpc6i1vbz39raya2jdcl042wi0ksbszgjjllk129";
sha256 = "1mpzprdzkgfpdc1v2lf4dxlxps4x8bvmzvd8n1ri6gw9y9jrh458";
};
#outputs TODO: split $cxx due to libstdc++ dependency; maybe port to gmp5;
@ -73,7 +73,7 @@ let self = stdenv.mkDerivation rec {
'';
platforms = platforms.all;
maintainers = [ maintainers.peti ];
maintainers = [ maintainers.peti maintainers.vrthra ];
};
};
in self

4
pkgs/development/libraries/gstreamer/bad/default.nix
View file

@ -14,7 +14,7 @@ let
inherit (stdenv.lib) optional optionalString;
in
stdenv.mkDerivation rec {
name = "gst-plugins-bad-1.8.1";
name = "gst-plugins-bad-1.8.2";
meta = with stdenv.lib; {
description = "Gstreamer Bad Plugins";
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-bad/${name}.tar.xz";
sha256 = "1xa0r98vf0sxw6s90yysvfpzs9yl07xxdci0lv2c0kvkcgrmig8b";
sha256 = "d7995317530c8773ec088f94d9320909d41da61996b801ebacce9a56af493f97";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/gstreamer/base/default.nix
View file

@ -4,7 +4,7 @@
}:
stdenv.mkDerivation rec {
name = "gst-plugins-base-1.8.1";
name = "gst-plugins-base-1.8.2";
meta = {
description = "Base plugins and helper libraries";
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-base/${name}.tar.xz";
sha256 = "0vxd5w7r1jqp37cw5lhyc6vj2h6z8y9v3xarwd2c6rfjbjcdxa8m";
sha256 = "9d7109c8fb0a5dec8edb17b0053c59a46aba7ddf48dc48ea822ebbbd4339d38d";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/gstreamer/core/default.nix
View file

@ -3,7 +3,7 @@
}:
stdenv.mkDerivation rec {
name = "gstreamer-1.8.1";
name = "gstreamer-1.8.2";
meta = {
description = "Open source multimedia framework";
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gstreamer/${name}.tar.xz";
sha256 = "01ribrzc4x9xlv6ci66w2svpqxywjc129m6f2xy9gp82jgxj4dss";
sha256 = "9dbebe079c2ab2004ef7f2649fa317cabea1feb4fb5605c24d40744b90918341";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/gstreamer/ges/default.nix
View file

@ -3,7 +3,7 @@
}:
stdenv.mkDerivation rec {
name = "gstreamer-editing-services-1.8.1";
name = "gstreamer-editing-services-1.8.2";
meta = with stdenv.lib; {
description = "Library for creation of audio/video non-linear editors";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gstreamer-editing-services/${name}.tar.xz";
sha256 = "082h6r2kymgb78x6av5mxaszxlqnvr6afq935ackh914vb1anyw9";
sha256 = "a1d57ff9461407cca1f6e7a9f31a5bdb73f73f33c488a3e3318b27e10a4332ae";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/gstreamer/good/default.nix
View file

@ -10,7 +10,7 @@ let
inherit (stdenv.lib) optionals optionalString;
in
stdenv.mkDerivation rec {
name = "gst-plugins-good-1.8.1";
name = "gst-plugins-good-1.8.2";
meta = with stdenv.lib; {
description = "Gstreamer Good Plugins";
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-good/${name}.tar.xz";
sha256 = "0wh9mpz3zj7vbdi3xn9gjncqal86kgxn9pdg5vl98y6n45wy20r1";
sha256 = "8d7549118a3b7a009ece6bb38a05b66709c551d32d2adfd89eded4d1d7a23944";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/gstreamer/libav/default.nix
View file

@ -9,7 +9,7 @@
assert withSystemLibav -> libav != null;
stdenv.mkDerivation rec {
name = "gst-libav-1.8.1";
name = "gst-libav-1.8.2";
meta = {
homepage = "http://gstreamer.freedesktop.org";
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-libav/${name}.tar.xz";
sha256 = "0cw9nc0079vmdp5r8hrrmglb1bzvsxy298j6yg25l6skqc493924";
sha256 = "b5f3c7a27b39b5f5c2f0bfd546b0c655020faf6b38d27b64b346c43e5ebf687a";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/gstreamer/ugly/default.nix
View file

@ -5,7 +5,7 @@
}:
stdenv.mkDerivation rec {
name = "gst-plugins-ugly-1.8.1";
name = "gst-plugins-ugly-1.8.2";
meta = with stdenv.lib; {
description = "Gstreamer Ugly Plugins";
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz";
sha256 = "1kj6jijhwdknv362mcnhjm7zbcbhs0i2m3pvsdz7w3g67fd6lrcf";
sha256 = "9c5b33a2a98fc1d6d6c99a1b536b1fb2de45f53cc8bf8ab85a8b8141fed1a8ac";
};
outputs = [ "dev" "out" ];

4
pkgs/development/libraries/gstreamer/validate/default.nix
View file

@ -3,7 +3,7 @@
}:
stdenv.mkDerivation rec {
name = "gst-validate-1.8.1";
name = "gst-validate-1.8.2";
meta = {
description = "Integration testing infrastructure for the GStreamer framework";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "${meta.homepage}/src/gst-validate/${name}.tar.xz";
sha256 = "1gycl6bbrf9ryis6wdinv4zi7552lz9izw4ram8xr8nc2k00icm9";
sha256 = "33c5b585c5ca1659fe6c09fdf02e45d8132c0d386b405bf527b14ab481a0bafe";
};
outputs = [ "dev" "out" ];

30
pkgs/development/libraries/libarchive/CVE-2013-0211.patch
View file

@ -1,30 +0,0 @@
From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Fri, 22 Mar 2013 23:48:41 -0700
Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a
certain common programming error (passing -1 to write) from leading to other
problems deeper in the library.
---
libarchive/archive_write.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
index eede5e0..be85621 100644
--- a/libarchive/archive_write.c
+++ b/libarchive/archive_write.c
@@ -673,8 +673,13 @@ static ssize_t
_archive_write_data(struct archive *_a, const void *buff, size_t s)
{
struct archive_write *a = (struct archive_write *)_a;
+ const size_t max_write = INT_MAX;
+
archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
ARCHIVE_STATE_DATA, "archive_write_data");
+ /* In particular, this catches attempts to pass negative values. */
+ if (s > max_write)
+ s = max_write;
archive_clear_error(&a->archive);
return ((a->format_write_data)(a, buff, s));
}

143
pkgs/development/libraries/libarchive/CVE-2015-1197.patch
View file

@ -1,143 +0,0 @@
From 59357157706d47c365b2227739e17daba3607526 Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Sun, 1 Mar 2015 12:07:45 +0100
Subject: [PATCH] Add ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS option
This fixes a directory traversal in the cpio tool.
---
cpio/bsdcpio.1 | 3 ++-
cpio/cpio.c | 2 ++
libarchive/archive.h | 2 ++
libarchive/archive_write_disk.3 | 3 +++
libarchive/archive_write_disk_posix.c | 14 +++++++++++---
libarchive/test/test_write_disk_secure.c | 23 +++++++++++++++++++++++
6 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/cpio/bsdcpio.1 b/cpio/bsdcpio.1
index f966aa0..e52546e 100644
--- a/cpio/bsdcpio.1
+++ b/cpio/bsdcpio.1
@@ -156,7 +156,8 @@ See above for description.
.It Fl Fl insecure
(i and p mode only)
Disable security checks during extraction or copying.
-This allows extraction via symbolic links and path names containing
+This allows extraction via symbolic links, absolute paths,
+and path names containing
.Sq ..
in the name.
.It Fl J , Fl Fl xz
diff --git a/cpio/cpio.c b/cpio/cpio.c
index 0acde11..b267e9b 100644
--- a/cpio/cpio.c
+++ b/cpio/cpio.c
@@ -171,6 +171,7 @@ main(int argc, char *argv[])
cpio->extract_flags |= ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER;
cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_SYMLINKS;
cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+ cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
cpio->extract_flags |= ARCHIVE_EXTRACT_PERM;
cpio->extract_flags |= ARCHIVE_EXTRACT_FFLAGS;
cpio->extract_flags |= ARCHIVE_EXTRACT_ACL;
@@ -256,6 +257,7 @@ main(int argc, char *argv[])
case OPTION_INSECURE:
cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_SYMLINKS;
cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+ cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
break;
case 'L': /* GNU cpio */
cpio->option_follow_links = 1;
diff --git a/libarchive/archive.h b/libarchive/archive.h
index 1f0fc38..ef635ac 100644
--- a/libarchive/archive.h
+++ b/libarchive/archive.h
@@ -649,6 +649,8 @@ __LA_DECL int archive_read_set_passphrase_callback(struct archive *,
/* Default: Do not use HFS+ compression if it was not compressed. */
/* This has no effect except on Mac OS v10.6 or later. */
#define ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED (0x8000)
+/* Default: Do not reject entries with absolute paths */
+#define ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (0x10000)
__LA_DECL int archive_read_extract(struct archive *, struct archive_entry *,
int flags);
diff --git a/libarchive/archive_write_disk.3 b/libarchive/archive_write_disk.3
index fa925cc..a2e7afa 100644
--- a/libarchive/archive_write_disk.3
+++ b/libarchive/archive_write_disk.3
@@ -177,6 +177,9 @@ The default is to not refuse such paths.
Note that paths ending in
.Pa ..
always cause an error, regardless of this flag.
+.It Cm ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
+Refuse to extract an absolute path.
+The default is to not refuse such paths.
.It Cm ARCHIVE_EXTRACT_SPARSE
Scan data for blocks of NUL bytes and try to recreate them with holes.
This results in sparse files, independent of whether the archive format
diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
index ab3bdac..c1290eb 100644
--- a/libarchive/archive_write_disk_posix.c
+++ b/libarchive/archive_write_disk_posix.c
@@ -2509,8 +2509,9 @@ cleanup_pathname_win(struct archive_write_disk *a)
/*
* Canonicalize the pathname. In particular, this strips duplicate
* '/' characters, '.' elements, and trailing '/'. It also raises an
- * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
- * set) any '..' in the path.
+ * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
+ * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
+ * is set) if the path is absolute.
*/
static int
cleanup_pathname(struct archive_write_disk *a)
@@ -2529,8 +2530,15 @@ cleanup_pathname(struct archive_write_disk *a)
cleanup_pathname_win(a);
#endif
/* Skip leading '/'. */
- if (*src == '/')
+ if (*src == '/') {
+ if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ "Path is absolute");
+ return (ARCHIVE_FAILED);
+ }
+
separator = *src++;
+ }
/* Scan the pathname one element at a time. */
for (;;) {
diff --git a/libarchive/test/test_write_disk_secure.c b/libarchive/test/test_write_disk_secure.c
index 31c5bfd..2c94206 100644
--- a/libarchive/test/test_write_disk_secure.c
+++ b/libarchive/test/test_write_disk_secure.c
@@ -178,6 +178,29 @@ DEFINE_TEST(test_write_disk_secure)
assert(S_ISDIR(st.st_mode));
archive_entry_free(ae);
+ /*
+ * Without security checks, we should be able to
+ * extract an absolute path.
+ */
+ assert((ae = archive_entry_new()) != NULL);
+ archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+ archive_entry_set_mode(ae, S_IFREG | 0777);
+ assert(0 == archive_write_header(a, ae));
+ assert(0 == archive_write_finish_entry(a));
+ assertFileExists("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+ assert(0 == unlink("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp"));
+
+ /* But with security checks enabled, this should fail. */
+ assert(archive_entry_clear(ae) != NULL);
+ archive_entry_copy_pathname(ae, "/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+ archive_entry_set_mode(ae, S_IFREG | 0777);
+ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS);
+ failure("Extracting an absolute path should fail here.");
+ assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
+ archive_entry_free(ae);
+ assert(0 == archive_write_finish_entry(a));
+ assertFileNotExists("/tmp/libarchive_test-test_write_disk_secure-absolute_path.tmp");
+
assertEqualInt(ARCHIVE_OK, archive_write_free(a));
/* Test the entries on disk. */

16
pkgs/development/libraries/libarchive/default.nix
View file

@ -2,22 +2,14 @@
, sharutils }:
stdenv.mkDerivation rec {
name = "libarchive-3.1.2";
name = "libarchive-${version}";
version = "3.2.1";
src = fetchurl {
urls = [
"http://pkgs.fedoraproject.org/repo/pkgs/libarchive/libarchive-3.1.2.tar.gz/efad5a503f66329bb9d2f4308b5de98a/${name}.tar.gz"
"${meta.homepage}/downloads/${name}.tar.gz"
];
sha256 = "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb";
url = "${meta.homepage}/downloads/${name}.tar.gz";
sha256 = "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj";
};
patches = [
./CVE-2013-0211.patch # https://github.com/libarchive/libarchive/commit/22531545
./CVE-2015-1197.patch # https://github.com/NixOS/nixpkgs/issues/6799
# ^ it's CVE-2015-2304 specific to libarchive
];
buildInputs = [ sharutils libxml2 zlib bzip2 openssl xz lzo ] ++
stdenv.lib.optionals stdenv.isLinux [ e2fsprogs attr acl ];

6
pkgs/development/libraries/libgphoto2/default.nix
View file

@ -8,6 +8,12 @@ stdenv.mkDerivation rec {
sha256 = "1wjf79ipqwb5phfjjwf15rwgigakylnfqaj4crs5qnds6ba6i1ld";
};
patches = [(fetchurl {
url = "https://anonscm.debian.org/cgit/pkg-phototools/libgphoto2.git/plain"
+ "/debian/patches/libjpeg_turbo_1.5.0_fix.patch?id=8ce79a2a02d";
sha256 = "114iyhk6idxz2jhnzpf1glqm6d0x0y8cqfpqxz9i96q9j7x3wwin";
})];
nativeBuildInputs = [ pkgconfig gettext ];
buildInputs = [ libtool libjpeg libusb1 ];

4
pkgs/development/libraries/libjpeg-turbo/default.nix
View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl, nasm }:
stdenv.mkDerivation rec {
name = "libjpeg-turbo-1.4.2";
name = "libjpeg-turbo-1.5.0";
src = fetchurl {
url = "mirror://sourceforge/libjpeg-turbo/${name}.tar.gz";
sha256 = "0gi349hp1x7mb98s4mf66sb2xay2kjjxj9ihrriw0yiy0k9va6sj";
sha256 = "0pq3lav976d6a1d16yyqrj1b4gmhk1ca4zar6zp00avxlqqpqfcz";
};
patches =

11
pkgs/development/libraries/libpng/default.nix
View file

@ -3,11 +3,11 @@
assert zlib != null;
let
version = "1.6.21";
sha256 = "10r0xqasm8fi0dx95bpca63ab4myb8g600ypyndj2r4jxd4ii3vc";
version = "1.6.23";
sha256 = "1wb2j8sba6g2h4vmv4pwsp93q74qw4gyqqs4b7vfjmpcv9xix4kd";
patch_src = fetchurl {
url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz";
sha256 = "0wwcc52yzjaxvpfkicz20j7yzpy02hpnsm4jjlvw74gy4qjhx9vd";
sha256 = "1lvsn1kmarzpn269zgykjfmxq16zrdhpd1a75nzgclx97436x408";
};
whenPatched = stdenv.lib.optionalString apngSupport;
@ -21,17 +21,14 @@ in stdenv.mkDerivation rec {
postPatch = whenPatched "gunzip < ${patch_src} | patch -Np1";
outputs = [ "dev" "out" "man" ];
outputBin = "dev";
propagatedBuildInputs = [ zlib ];
preConfigure = "export bin=$dev";
# it's hard to cross-run tests and some check programs didn't compile anyway
makeFlags = stdenv.lib.optional (!doCheck) "check_PROGRAMS=";
doCheck = ! stdenv ? cross;
postInstall = ''mv "$out/bin" "$dev/bin"'';
passthru = { inherit zlib; };
meta = with stdenv.lib; {

22
pkgs/development/libraries/ncurses/default.nix
View file

@ -1,24 +1,27 @@
{ lib, stdenv, fetchurl
{ lib, stdenv, fetchurl, pkgconfig
, mouseSupport ? false
, unicode ? true
, gpm
# Extra Options
, abiVersion ? "5"
}:
let
inherit (stdenv) isDarwin;
abiVersion = if isDarwin then "5" else "6";
version = if isDarwin then "5.9" else "6.0";
sha256 = if isDarwin
then "0fsn7xis81za62afan0vvm38bvgzg5wfmv1m86flqcj0nj7jjilh"
else "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm";
in
stdenv.mkDerivation rec {
name = "ncurses-5.9";
name = "ncurses-${version}";
src = fetchurl {
url = "mirror://gnu/ncurses/${name}.tar.gz";
sha256 = "0fsn7xis81za62afan0vvm38bvgzg5wfmv1m86flqcj0nj7jjilh";
inherit sha256;
};
# gcc-5.patch should be removed after 5.9
patches = [ ./clang.patch ./gcc-5.patch ];
patches = [ ./clang.patch ];
outputs = [ "dev" "out" "man" ];
setOutputFlags = false; # some aren't supported
@ -33,6 +36,7 @@ stdenv.mkDerivation rec {
# Only the C compiler, and explicitly not C++ compiler needs this flag on solaris:
CFLAGS = lib.optionalString stdenv.isSunOS "-D_XOPEN_SOURCE_EXTENDED";
nativeBuildInputs = [ pkgconfig ];
buildInputs = lib.optional (mouseSupport && stdenv.isLinux) gpm;
preConfigure = ''

46
pkgs/development/libraries/ncurses/gcc-5.patch
View file

@ -1,46 +0,0 @@
https://bugs.gentoo.org/545114
extracted from the upstream change (which had many unrelated commits in one)
From 97bb4678dc03e753290b39bbff30ba2825df9517 Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Sun, 7 Dec 2014 03:10:09 +0000
Subject: [PATCH] ncurses 5.9 - patch 20141206
+ modify MKlib_gen.sh to work around change in development version of
gcc introduced here:
https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02185.html
https://gcc.gnu.org/ml/gcc-patches/2014-07/msg00236.html
(reports by Marcus Shawcroft, Maohui Lei).
diff --git a/ncurses/base/MKlib_gen.sh b/ncurses/base/MKlib_gen.sh
index d8cc3c9..b91398c 100755
--- a/ncurses/base/MKlib_gen.sh
+++ b/ncurses/base/MKlib_gen.sh
@@ -474,11 +474,22 @@ sed -n -f $ED1 \
-e 's/gen_$//' \
-e 's/ / /g' >>$TMP
+cat >$ED1 <<EOF
+s/ / /g
+s/^ //
+s/ $//
+s/P_NCURSES_BOOL/NCURSES_BOOL/g
+EOF
+
+# A patch discussed here:
+# https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02185.html
+# introduces spurious #line markers. Work around that by ignoring the system's
+# attempt to define "bool" and using our own symbol here.
+sed -e 's/bool/P_NCURSES_BOOL/g' $TMP > $ED2
+cat $ED2 >$TMP
+
$preprocessor $TMP 2>/dev/null \
-| sed \
- -e 's/ / /g' \
- -e 's/^ //' \
- -e 's/_Bool/NCURSES_BOOL/g' \
+| sed -f $ED1 \
| $AWK -f $AW2 \
| sed -f $ED3 \
| sed \

6
pkgs/development/libraries/sqlite/default.nix
View file

@ -3,11 +3,11 @@
assert interactive -> readline != null && ncurses != null;
stdenv.mkDerivation {
name = "sqlite-3.12.2";
name = "sqlite-3.13.0";
src = fetchurl {
url = "http://sqlite.org/2016/sqlite-autoconf-3120200.tar.gz";
sha1 = "b43c2e7238e54c50b95fbbd85c48792f4f39af8c";
url = "http://sqlite.org/2016/sqlite-autoconf-3130000.tar.gz";
sha256 = "0sq88jbwsk48i41f7m7rkw9xvijq011nsbs7pl49s31inck70yg2";
};
outputs = [ "dev" "out" "bin" ];

4
pkgs/development/tools/build-managers/gnumake/4.2/default.nix
View file

@ -3,14 +3,14 @@
assert guileSupport -> ( pkgconfig != null && guile != null );
let
version = "4.2";
version = "4.2.1";
in
stdenv.mkDerivation {
name = "gnumake-${version}";
src = fetchurl {
url = "mirror://gnu/make/make-${version}.tar.bz2";
sha256 = "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f";
sha256 = "12f5zzyq2w56g95nni65hc0g5p7154033y2f3qmjvd016szn5qnn";
};
patchFlags = "-p0";

5
pkgs/development/tools/misc/texinfo/6.0.nix → pkgs/development/tools/misc/texinfo/6.1.nix
View file

@ -3,11 +3,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
name = "texinfo-6.0";
name = "texinfo-6.1";
src = fetchurl {
url = "mirror://gnu/texinfo/${name}.tar.xz";
sha256 = "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi";
sha256 = "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c";
};
buildInputs = [ perl xz ]
@ -30,6 +30,7 @@ stdenv.mkDerivation rec {
description = "The GNU documentation system";
license = licenses.gpl3Plus;
platforms = platforms.all;
maintainers = [ maintainers.vrthra ];
longDescription = ''
Texinfo is the official documentation format of the GNU project.

3
pkgs/os-specific/linux/busybox/default.nix
View file

@ -56,6 +56,9 @@ stdenv.mkDerivation rec {
CONFIG_FEATURE_MOUNT_CIFS n
CONFIG_FEATURE_MOUNT_HELPERS y
# Set paths for console fonts.
CONFIG_DEFAULT_SETFONT_DIR "/etc/kbd"
${extraConfig}
$extraCrossConfig
EOF

35
pkgs/os-specific/linux/kbd/default.nix
View file

@ -1,42 +1,27 @@
{ stdenv, fetchurl, autoreconfHook, gzip, bzip2, pkgconfig, check, pam }:
{ stdenv, fetchurl, autoreconfHook, gzip, bzip2, pkgconfig, flex, check, pam }:
stdenv.mkDerivation rec {
name = "kbd-2.0.3";
name = "kbd-${version}";
version = "2.0.3";
src = fetchurl {
url = "mirror://kernel/linux/utils/kbd/${name}.tar.xz";
sha256 = "0ppv953gn2zylcagr4z6zg5y2x93dxrml29plypg6xgbq3hrv2bs";
};
/* Get the dvorak programmer keymap (present in X but not in kbd) */
dvpSrc = fetchurl {
url = "http://kaufmann.no/downloads/linux/dvp-1_2_1.map.gz";
sha256 = "0e859211cfe16a18a3b9cbf2ca3e280a23a79b4e40b60d8d01d0fde7336b6d50";
};
neoSrc = fetchurl {
name = "neo.map";
url = "https://svn.neo-layout.org/linux/console/neo.map?r=2455";
sha256 = "1wlgp09wq84hml60hi4ls6d4zna7vhycyg40iipyh1279i91hsx7";
};
configureFlags = [
"--enable-optional-progs"
"--enable-libkeymap"
"--disable-nls"
];
patches = [ ./console-fix.patch ];
patches = [ ./console-fix.patch ./search-paths.patch ];
postPatch =
''
mkdir -p data/keymaps/i386/neo
cat "$neoSrc" > data/keymaps/i386/neo/neo.map
# Add Neo keymap subdirectory
sed -i -e 's,^KEYMAPSUBDIRS *= *,&i386/neo ,' data/Makefile.am
# Add the dvp keyboard in the dvorak folder
${gzip}/bin/gzip -c -d ${dvpSrc} > data/keymaps/i386/dvorak/dvp.map
# Fix the path to gzip/bzip2.
substituteInPlace src/libkeymap/findfile.c \
--replace gzip ${gzip}/bin/gzip \
@ -49,13 +34,15 @@ stdenv.mkDerivation rec {
''}
'';
buildInputs = [ autoreconfHook pkgconfig check pam ];
buildInputs = [ check pam ];
nativeBuildInputs = [ autoreconfHook pkgconfig flex ];
makeFlags = "setowner= ";
makeFlags = [ "setowner=" ];
meta = {
meta = with stdenv.lib; {
homepage = ftp://ftp.altlinux.org/pub/people/legion/kbd/;
description = "Linux keyboard utilities and keyboard maps";
platforms = stdenv.lib.platforms.linux;
platforms = platforms.linux;
licenses = licenses.gpl2Plus;
};
}

35
pkgs/os-specific/linux/kbd/keymaps.nix Normal file
View file

@ -0,0 +1,35 @@
{ stdenv, lib, fetchurl, gzip }:
{
dvp = stdenv.mkDerivation rec {
name = "dvp-${version}";
version = "1.2.1";
src = fetchurl {
url = "http://kaufmann.no/downloads/linux/dvp-${lib.replaceStrings ["."] ["_"] version}.map.gz";
sha256 = "0e859211cfe16a18a3b9cbf2ca3e280a23a79b4e40b60d8d01d0fde7336b6d50";
};
nativeBuildInputs = [ gzip ];
buildCommand = ''
mkdir -p $out/share/keymaps/i386/dvorak
gzip -c -d $src > $out/share/keymaps/i386/dvorak/dvp.map
'';
};
neo = stdenv.mkDerivation rec {
name = "neo-${version}";
version = "2476";
src = fetchurl {
name = "neo.map";
url = "https://svn.neo-layout.org/linux/console/neo.map?r=${version}";
sha256 = "19mfrd31vzpsjiwc7pshxm0b0sz5dd17xrz6k079cy4im1vf0r4g";
};
buildCommand = ''
install -D $src $out/share/keymaps/i386/neo/neo.map
'';
};
}

77
pkgs/os-specific/linux/kbd/search-paths.patch Normal file
View file

@ -0,0 +1,77 @@
diff -ru3 kbd-2.0.3-old/src/libkeymap/analyze.l kbd-2.0.3/src/libkeymap/analyze.l
--- kbd-2.0.3-old/src/libkeymap/analyze.l 2016-07-03 02:31:28.258958092 +0300
+++ kbd-2.0.3/src/libkeymap/analyze.l 2016-07-03 02:44:53.042592223 +0300
@@ -99,6 +99,9 @@
static const char *const include_dirpath0[] = { "", 0 };
static const char *const include_dirpath1[] = { "", "../include/", "../../include/", 0 };
static const char *const include_dirpath3[] = {
+ "/etc/kbd/" KEYMAPDIR "/include/",
+ "/etc/kbd/" KEYMAPDIR "/i386/include/",
+ "/etc/kbd/" KEYMAPDIR "/mac/include/",
DATADIR "/" KEYMAPDIR "/include/",
DATADIR "/" KEYMAPDIR "/i386/include/",
DATADIR "/" KEYMAPDIR "/mac/include/", 0
diff -ru3 kbd-2.0.3-old/src/loadkeys.c kbd-2.0.3/src/loadkeys.c
--- kbd-2.0.3-old/src/loadkeys.c 2016-07-03 02:31:28.260958091 +0300
+++ kbd-2.0.3/src/loadkeys.c 2016-07-03 02:34:34.123871103 +0300
@@ -26,7 +26,7 @@
#include "keymap.h"
static const char *progname = NULL;
-static const char *const dirpath1[] = { "", DATADIR "/" KEYMAPDIR "/**", KERNDIR "/", 0 };
+static const char *const dirpath1[] = { "", "/etc/kbd/" KEYMAPDIR "/**", DATADIR "/" KEYMAPDIR "/**", 0 };
static const char *const suffixes[] = { "", ".kmap", ".map", 0 };
static void __attribute__ ((noreturn))
diff -ru3 kbd-2.0.3-old/src/loadunimap.c kbd-2.0.3/src/loadunimap.c
--- kbd-2.0.3-old/src/loadunimap.c 2016-07-03 02:31:28.259958091 +0300
+++ kbd-2.0.3/src/loadunimap.c 2016-07-03 02:33:06.803911971 +0300
@@ -28,7 +28,7 @@
extern char *progname;
extern int force;
-static const char *const unidirpath[] = { "", DATADIR "/" UNIMAPDIR "/", 0 };
+static const char *const unidirpath[] = { "", "/etc/kbd/" UNIMAPDIR "/", DATADIR "/" UNIMAPDIR "/", 0 };
static const char *const unisuffixes[] = { "", ".uni", ".sfm", 0 };
#ifdef MAIN
diff -ru3 kbd-2.0.3-old/src/mapscrn.c kbd-2.0.3/src/mapscrn.c
--- kbd-2.0.3-old/src/mapscrn.c 2016-07-03 02:31:28.260958091 +0300
+++ kbd-2.0.3/src/mapscrn.c 2016-07-03 02:33:21.119905270 +0300
@@ -25,7 +25,7 @@
static int ctoi (char *);
/* search for the map file in these directories (with trailing /) */
-static const char *const mapdirpath[] = { "", DATADIR "/" TRANSDIR "/", 0 };
+static const char *const mapdirpath[] = { "", "/etc/kbd/" TRANSDIR "/", DATADIR "/" TRANSDIR "/", 0 };
static const char *const mapsuffixes[] = { "", ".trans", "_to_uni.trans", ".acm", 0 };
#ifdef MAIN
diff -ru3 kbd-2.0.3-old/src/resizecons.c kbd-2.0.3/src/resizecons.c
--- kbd-2.0.3-old/src/resizecons.c 2016-07-03 02:31:28.260958091 +0300
+++ kbd-2.0.3/src/resizecons.c 2016-07-03 02:33:32.253900060 +0300
@@ -100,7 +100,7 @@
static void vga_set_cursor(int, int);
static void vga_set_verticaldisplayend_lowbyte(int);
-const char *const dirpath[] = { "", DATADIR "/" VIDEOMODEDIR "/", 0};
+const char *const dirpath[] = { "", "/etc/kbd/" VIDEOMODEDIR "/", DATADIR "/" VIDEOMODEDIR "/", 0};
const char *const suffixes[] = { "", 0 };
int
diff -ru3 kbd-2.0.3-old/src/setfont.c kbd-2.0.3/src/setfont.c
--- kbd-2.0.3-old/src/setfont.c 2016-07-03 02:31:28.260958091 +0300
+++ kbd-2.0.3/src/setfont.c 2016-07-03 02:33:54.315889734 +0300
@@ -51,10 +51,10 @@
int debug = 0;
/* search for the font in these directories (with trailing /) */
-const char *const fontdirpath[] = { "", DATADIR "/" FONTDIR "/", 0 };
+const char *const fontdirpath[] = { "", "/etc/kbd/" FONTDIR "/", DATADIR "/" FONTDIR "/", 0 };
const char *const fontsuffixes[] = { "", ".psfu", ".psf", ".cp", ".fnt", 0 };
/* hide partial fonts a bit - loading a single one is a bad idea */
-const char *const partfontdirpath[] = { "", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 };
+const char *const partfontdirpath[] = { "", "/etc/kbd/" FONTDIR "/" PARTIALDIR "/", DATADIR "/" FONTDIR "/" PARTIALDIR "/", 0 };
const char *const partfontsuffixes[] = { "", 0 };
static inline int

40
pkgs/os-specific/linux/plymouth/default.nix
View file

@ -1,27 +1,32 @@
{ stdenv, fetchurl, autoreconfHook, cairo, docbook_xsl, gtk
, libdrm, libpng, libxslt, makeWrapper, pango, pkgconfig, udev
{ stdenv, fetchurl, autoreconfHook, pkgconfig, libxslt, docbook_xsl
, gtk3, udev, systemd
}:
stdenv.mkDerivation rec {
name = "plymouth-${version}";
version = "0.9.0";
version = "0.9.2";
src = fetchurl {
url = "http://www.freedesktop.org/software/plymouth/releases/${name}.tar.bz2";
sha256 = "0kfdwv179brg390ma003pmdqfvqlbybqiyp9fxrxx0wa19sjxqnk";
sha256 = "0zympsgy5bbfl2ag5nc1jxlshpx8r1s1yyjisanpx76g88hfh31g";
};
buildInputs = [
autoreconfHook cairo docbook_xsl gtk libdrm libpng
libxslt makeWrapper pango pkgconfig udev
nativeBuildInputs = [
autoreconfHook pkgconfig libxslt docbook_xsl
];
prePatch = ''
sed -e "s#\$(\$PKG_CONFIG --variable=systemdsystemunitdir systemd)#$out/etc/systemd/system#g" \
-i configure.ac
'';
buildInputs = [
gtk3 udev systemd
];
postPatch = ''
sed -i \
-e "s#\$(\$PKG_CONFIG --variable=systemdsystemunitdir systemd)#$out/etc/systemd/system#g" \
-e "s#plymouthplugindir=.*#plymouthplugindir=/etc/plymouth/plugins/#" \
-e "s#plymouththemedir=.*#plymouththemedir=/etc/plymouth/themes#" \
-e "s#plymouthpolicydir=.*#plymouthpolicydir=/etc/plymouth/#" \
configure.ac
configureFlags="
--prefix=$out
--bindir=$out/bin
@ -29,15 +34,24 @@ stdenv.mkDerivation rec {
--exec-prefix=$out
--libdir=$out/lib
--libexecdir=$out/lib
--sysconfdir=$out/etc
--sysconfdir=/etc
--localstatedir=/var
--with-log-viewer
--with-logo=/etc/plymouth/logo.png
--with-background-color=0x000000
--with-background-start-color-stop=0x000000
--with-background-end-color-stop=0x000000
--with-release-file=/etc/os-release
--without-system-root-install
--without-rhgb-compat-link
--enable-tracing
--enable-systemd-integration
--enable-pango
--enable-gdm-transition
--enable-gtk"
installFlags="
plymouthd_defaultsdir=$out/share/plymouth
plymouthd_confdir=$out/etc/plymouth"
'';
meta = with stdenv.lib; {

9
pkgs/os-specific/linux/systemd/default.nix
View file

@ -16,12 +16,10 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "NixOS";
repo = "systemd";
rev = "4ccee551f2ba8383c8b9bd06590a3cd1dfdf690f";
sha256 = "1i4my5z7f8g5bykv1vxyw1az66s087lfqrck79kdm4hgvb4lsk6y";
rev = "81d5aaac06b43fd72f5ab02734a17cbfb55d1f5b";
sha256 = "1ig7jwmvaa1r4qlngjpnvvvvxhmzbxr171d257q4ryf87l93g1an";
};
patches = [ ./hwdb-location.diff ];
/* gave up for now!
outputs = [ "out" "libudev" "doc" ]; # maybe: "dev"
# note: there are many references to ${systemd}/...
@ -99,7 +97,8 @@ stdenv.mkDerivation rec {
--replace /bin/echo ${coreutils}/bin/echo \
--replace /bin/cat ${coreutils}/bin/cat \
--replace /sbin/sulogin ${utillinux.bin}/sbin/sulogin \
--replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck
--replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck \
--replace /bin/plymouth /run/current-system/sw/bin/plymouth # To avoid dependency
done
substituteInPlace src/journal/catalog.c \

19
pkgs/os-specific/linux/systemd/hwdb-location.diff
View file

@ -1,19 +0,0 @@
diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c
index 06c9831..e74825c 100644
--- a/src/libsystemd/sd-hwdb/sd-hwdb.c
+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c
@@ -268,13 +268,8 @@ static int trie_search_f(sd_hwdb *hwdb, const char *search) {
}
static const char hwdb_bin_paths[] =
- "/etc/systemd/hwdb/hwdb.bin\0"
"/etc/udev/hwdb.bin\0"
- "/usr/lib/systemd/hwdb/hwdb.bin\0"
-#ifdef HAVE_SPLIT_USR
- "/lib/systemd/hwdb/hwdb.bin\0"
-#endif
- UDEVLIBEXECDIR "/hwdb.bin\0";
+ ;
_public_ int sd_hwdb_new(sd_hwdb **ret) {
_cleanup_hwdb_unref_ sd_hwdb *hwdb = NULL;

4
pkgs/os-specific/linux/v4l-utils/default.nix
View file

@ -16,11 +16,11 @@ let
in
stdenv.mkDerivation rec {
name = "v4l-utils-1.6.3";
name = "v4l-utils-1.10.1";
src = fetchurl {
url = "http://linuxtv.org/downloads/v4l-utils/${name}.tar.bz2";
sha256 = "0k46z5gqjzg702m2vs4sv6sxynq1sj14m0pgwvl2gkgg3dfbyjhn";
sha256 = "1h1nhg5cmmzlbipak526nk4bm6d0yb217mll75f3rpg7kz1cqiv1";
};
outputs = [ "dev" "out" ];

2
pkgs/tools/misc/coreutils/default.nix
View file

@ -3,7 +3,7 @@
, selinuxSupport? false, libselinux ? null, libsepol ? null
, autoconf, automake114x, texinfo
, withPrefix ? false
, singleBinary ? true # you can also pass "symlinks", for example
, singleBinary ? "symlinks" # you can also pass "shebangs" or false
}:
assert aclSupport -> acl != null;

10
pkgs/top-level/all-packages.nix
View file

@ -6342,7 +6342,7 @@ in
gnumake40 = callPackage ../development/tools/build-managers/gnumake/4.0 { };
gnumake41 = callPackage ../development/tools/build-managers/gnumake/4.1 { };
gnumake42 = callPackage ../development/tools/build-managers/gnumake/4.2 { };
gnumake = self.gnumake41;
gnumake = self.gnumake42;
gob2 = callPackage ../development/tools/misc/gob2 { };
@ -6646,7 +6646,7 @@ in
texinfo413 = callPackage ../development/tools/misc/texinfo/4.13a.nix { };
texinfo4 = texinfo413;
texinfo5 = callPackage ../development/tools/misc/texinfo/5.2.nix { };
texinfo6 = callPackage ../development/tools/misc/texinfo/6.0.nix { };
texinfo6 = callPackage ../development/tools/misc/texinfo/6.1.nix { };
texinfo = texinfo6;
texinfoInteractive = appendToName "interactive" (
texinfo.override { interactive = true; }
@ -7084,14 +7084,14 @@ in
ffmpeg_2_8 = callPackage ../development/libraries/ffmpeg/2.8.nix {
inherit (darwin.apple_sdk.frameworks) Cocoa;
};
ffmpeg_3_0 = callPackage ../development/libraries/ffmpeg/3.0.nix {
ffmpeg_3_1 = callPackage ../development/libraries/ffmpeg/3.1.nix {
inherit (darwin.apple_sdk.frameworks) Cocoa;
};
# Aliases
ffmpeg_0 = self.ffmpeg_0_10;
ffmpeg_1 = self.ffmpeg_1_2;
ffmpeg_2 = self.ffmpeg_2_8;
ffmpeg_3 = self.ffmpeg_3_0;
ffmpeg_3 = self.ffmpeg_3_1;
ffmpeg = self.ffmpeg_3;
ffmpeg-full = callPackage ../development/libraries/ffmpeg-full {
@ -10839,6 +10839,8 @@ in
kbd = callPackage ../os-specific/linux/kbd { };
kbdKeymaps = callPackage ../os-specific/linux/kbd/keymaps.nix { };
kbdlight = callPackage ../os-specific/linux/kbdlight { };
kmscon = callPackage ../os-specific/linux/kmscon { };