diff --git a/nixos/doc/manual/configuration.xml b/nixos/doc/manual/configuration.xml
index 1dff9d2f21e5..0ffee826dc49 100644
--- a/nixos/doc/manual/configuration.xml
+++ b/nixos/doc/manual/configuration.xml
@@ -935,7 +935,7 @@ environment.systemPackages = [ (import ./my-hello.nix) ];
where my-hello.nix contains:
-with <nixpkgs> {}; # bring all of Nixpkgs into scope
+with import <nixpkgs> {}; # bring all of Nixpkgs into scope
stdenv.mkDerivation rec {
name = "hello-2.8";
diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix
index e082b174454e..0fa00637a93a 100644
--- a/nixos/lib/eval-config.nix
+++ b/nixos/lib/eval-config.nix
@@ -58,7 +58,7 @@ rec {
inherit system extraArgs modules prefix;
# For efficiency, leave out most NixOS modules; they don't
# define nixpkgs.config, so it's pointless to evaluate them.
- baseModules = [ ../modules/misc/nixpkgs.nix ];
+ baseModules = [ ../modules/misc/nixpkgs.nix ../modules/config/no-x-libs.nix ];
pkgs = import ./nixpkgs.nix { system = system_; config = {}; };
check = false;
}).config.nixpkgs;
diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm
index 99810f87750d..e2bd3393d872 100644
--- a/nixos/lib/test-driver/Machine.pm
+++ b/nixos/lib/test-driver/Machine.pm
@@ -495,7 +495,7 @@ sub waitForX {
my ($self, $regexp) = @_;
$self->nest("waiting for the X11 server", sub {
retry sub {
- my ($status, $out) = $self->execute("journalctl -bu systemd-logind | grep Linked");
+ my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
return 0 if $status != 0;
($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
return 1 if $status == 0;
diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix
index 092828fed0d8..f8c35b440d12 100644
--- a/nixos/modules/config/gnu.nix
+++ b/nixos/modules/config/gnu.nix
@@ -36,7 +36,7 @@ with lib;
# GNU lsh.
services.openssh.enable = false;
services.lshd.enable = true;
- services.xserver.startOpenSSHAgent = false;
+ programs.ssh.startAgent = false;
services.xserver.startGnuPGAgent = true;
# TODO: GNU dico.
diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix
index dd5e0ae25509..8182b8ae8081 100644
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@@ -76,7 +76,12 @@ in
environment.systemPackages = [ glibcLocales ];
- environment.variables.LANG = config.i18n.defaultLocale;
+ environment.variables =
+ { LANG = config.i18n.defaultLocale;
+ LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
+ };
+
+ systemd.globalEnvironment.LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
# ‘/etc/locale.conf’ is used by systemd.
environment.etc = singleton
diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix
index 4b791c109d7a..f91dbb4cc281 100644
--- a/nixos/modules/config/no-x-libs.nix
+++ b/nixos/modules/config/no-x-libs.nix
@@ -1,3 +1,6 @@
+# This module gets rid of all dependencies on X11 client libraries
+# (including fontconfig).
+
{ config, lib, pkgs, ... }:
with lib;
@@ -8,18 +11,22 @@ with lib;
type = types.bool;
default = false;
description = ''
- Switch off the options in the default configuration that require X libraries.
- Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts,
- fonts.enableFontConfig
+ Switch off the options in the default configuration that
+ require X11 libraries. This includes client-side font
+ configuration and SSH forwarding of X11 authentication
+ in. Thus, you probably do not want to enable this option if
+ you want to run X11 programs on this machine via SSH.
'';
};
};
config = mkIf config.environment.noXlibs {
programs.ssh.setXAuthLocation = false;
- fonts = {
- enableCoreFonts = false;
- enableFontConfig = false;
- };
+ security.pam.services.su.forwardXAuth = lib.mkForce false;
+
+ fonts.enableFontConfig = false;
+
+ nixpkgs.config.packageOverrides = pkgs:
+ { dbus = pkgs.dbus.override { useX11 = false; }; };
};
}
diff --git a/nixos/modules/config/power-management.nix b/nixos/modules/config/power-management.nix
index 4984c0cd826d..17f3ed00b9be 100644
--- a/nixos/modules/config/power-management.nix
+++ b/nixos/modules/config/power-management.nix
@@ -65,11 +65,7 @@ in
config = mkIf cfg.enable {
- boot.kernelModules =
- [ "acpi_cpufreq" "powernow-k8" "cpufreq_performance" "cpufreq_powersave" "cpufreq_ondemand"
- "cpufreq_conservative"
- ];
-
+ # FIXME: Implement powersave governor for sandy bridge or later Intel CPUs
powerManagement.cpuFreqGovernor = mkDefault "ondemand";
powerManagement.scsiLinkPolicy = mkDefault "min_power";
diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix
index b4cd22caa79d..542360219193 100644
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@@ -45,19 +45,8 @@ in
) config.boot.kernel.sysctl);
systemd.services.systemd-sysctl =
- { description = "Apply Kernel Variables";
- before = [ "sysinit.target" "shutdown.target" ];
- wantedBy = [ "sysinit.target" "multi-user.target" ];
+ { wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
- unitConfig = {
- DefaultDependencies = false; # needed to prevent a cycle
- ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers
- };
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl";
- };
};
# Enable hardlink and symlink restrictions. See
diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh
index 2d137dd52add..d7b749573fa9 100644
--- a/nixos/modules/installer/tools/nixos-rebuild.sh
+++ b/nixos/modules/installer/tools/nixos-rebuild.sh
@@ -1,5 +1,7 @@
#! @shell@
+if [ -x "@shell@" ]; then export SHELL="@shell@"; fi;
+
set -e
showSyntax() {
diff --git a/nixos/modules/profiles/minimal.nix b/nixos/modules/profiles/minimal.nix
index 821b9f93465a..5067622aaf16 100644
--- a/nixos/modules/profiles/minimal.nix
+++ b/nixos/modules/profiles/minimal.nix
@@ -1,11 +1,8 @@
# This module defines a small NixOS configuration. It does not
# contain any graphical stuff.
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
{
- # Don't include X libraries.
- programs.ssh.setXAuthLocation = false;
- fonts.enableFontConfig = false;
- fonts.enableCoreFonts = false;
+ environment.noXlibs = true;
}
diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix
index 831c04f1ad86..aa9aec078342 100644
--- a/nixos/modules/programs/environment.nix
+++ b/nixos/modules/programs/environment.nix
@@ -17,8 +17,7 @@ in
config = {
environment.variables =
- { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
- LOCATE_PATH = "/var/cache/locatedb";
+ { LOCATE_PATH = "/var/cache/locatedb";
NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
NIX_PATH =
[ "/nix/var/nix/profiles/per-user/root/channels/nixos"
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index 27db667e4402..fdb9dfd4b8c2 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -47,7 +47,20 @@ in
for help.
'';
};
+
+ startAgent = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether to start the OpenSSH agent when you log in. The OpenSSH agent
+ remembers private keys for you so that you don't have to type in
+ passphrases every time you make an SSH connection. Use
+ ssh-add to add a key to the agent.
+ '';
+ };
+
};
+
};
config = {
@@ -71,5 +84,28 @@ in
target = "ssh/ssh_config";
}
];
+
+ # FIXME: this should really be socket-activated for über-awesomeness.
+ systemd.user.services.ssh-agent =
+ { enable = cfg.startAgent;
+ description = "SSH Agent";
+ wantedBy = [ "default.target" ];
+ serviceConfig =
+ { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
+ ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent";
+ StandardOutput = "null";
+ Type = "forking";
+ Restart = "on-failure";
+ SuccessExitStatus = "0 2";
+ };
+ };
+
+ environment.extraInit = optionalString cfg.startAgent
+ ''
+ if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
+ export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent"
+ fi
+ '';
+
};
}
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index aa3cefdcad14..0a67aeb81e56 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -17,7 +17,7 @@ let
inherit from to;
name = "Obsolete name";
use = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
- define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
+ define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
};
# abort if deprecated option is used
@@ -25,7 +25,7 @@ let
inherit from to;
name = "Deprecated name";
use = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
- define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
+ define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
};
showOption = concatStringsSep ".";
@@ -103,6 +103,7 @@ in zipModules ([]
++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ]
++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]
++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]
+++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ]
# KDE
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 0d205ce07e56..6a5eb4c720f8 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -187,6 +187,8 @@ let
# Session management.
session required pam_unix.so
+ ${optionalString cfg.setLoginUid
+ "session required pam_loginuid.so"}
${optionalString cfg.updateWtmp
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
${optionalString config.users.ldap.enable
@@ -197,8 +199,6 @@ let
"session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.startSession
"session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
- ${optionalString cfg.setLoginUid
- "session required pam_loginuid.so"}
${optionalString cfg.forwardXAuth
"session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
${optionalString (cfg.limits != [])
diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix
index 054d39c47853..5933cdc0cec3 100644
--- a/nixos/modules/security/polkit.nix
+++ b/nixos/modules/security/polkit.nix
@@ -63,6 +63,9 @@ in
systemd.packages = [ pkgs.polkit ];
+ systemd.services.polkit.restartTriggers = [ config.system.path ];
+ systemd.services.polkit.unitConfig.X-StopIfChanged = false;
+
# The polkit daemon reads action/rule files
environment.pathsToLink = [ "/share/polkit-1" ];
diff --git a/nixos/modules/security/setuid-wrapper.c b/nixos/modules/security/setuid-wrapper.c
index 007ffbc34fe9..ffd0b65b7629 100644
--- a/nixos/modules/security/setuid-wrapper.c
+++ b/nixos/modules/security/setuid-wrapper.c
@@ -30,8 +30,8 @@ int main(int argc, char * * argv)
creating hard link `X' from some other location, along with a
false `X.real' file, to allow arbitrary programs from being
executed setuid. */
- assert ((strncmp(self, wrapperDir, sizeof(wrapperDir)) == 0) &&
- (self[strlen(wrapperDir)] == '/'));
+ assert ((strncmp(self, wrapperDir, strlen(wrapperDir)) == 0) &&
+ (self[strlen(wrapperDir)] == '/'));
/* Make *really* *really* sure that we were executed as `self',
and not, say, as some other setuid program. That is, our
@@ -42,12 +42,12 @@ int main(int argc, char * * argv)
assert (lstat(self, &st) != -1);
//printf("%d %d\n", st.st_uid, st.st_gid);
-
+
assert ((st.st_mode & S_ISUID) == 0 ||
- (st.st_uid == geteuid()));
+ (st.st_uid == geteuid()));
assert ((st.st_mode & S_ISGID) == 0 ||
- st.st_gid == getegid());
+ st.st_gid == getegid());
/* And, of course, we shouldn't be writable. */
assert (!(st.st_mode & (S_IWGRP | S_IWOTH)));
@@ -69,13 +69,13 @@ int main(int argc, char * * argv)
real[len] = 0;
close(fdSelf);
-
+
//printf("real = %s, len = %d\n", real, len);
execve(real, argv, environ);
fprintf(stderr, "%s: cannot run `%s': %s\n",
argv[0], real, strerror(errno));
-
+
exit(1);
}
diff --git a/nixos/modules/security/setuid-wrappers.nix b/nixos/modules/security/setuid-wrappers.nix
index 109e61df79e6..4cdc1023baab 100644
--- a/nixos/modules/security/setuid-wrappers.nix
+++ b/nixos/modules/security/setuid-wrappers.nix
@@ -9,10 +9,11 @@ let
setuidWrapper = pkgs.stdenv.mkDerivation {
name = "setuid-wrapper";
buildCommand = ''
- ensureDir $out/bin
+ mkdir -p $out/bin
+ cp ${./setuid-wrapper.c} setuid-wrapper.c
gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
- ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
- strip -s $out/bin/setuid-wrapper
+ setuid-wrapper.c -o $out/bin/setuid-wrapper
+ strip -S $out/bin/setuid-wrapper
'';
};
@@ -116,8 +117,7 @@ in
# programs to be wrapped.
SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin
- if test -d ${wrapperDir}; then rm -f ${wrapperDir}/*; fi # */
- mkdir -p ${wrapperDir}
+ rm -f ${wrapperDir}/* # */
${concatMapStrings makeSetuidWrapper setuidPrograms}
'';
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix
index 2960ad913629..ad83cb553e1d 100644
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@@ -215,7 +215,7 @@ in
# Shut down Postgres using SIGINT ("Fast Shutdown mode"). See
# http://www.postgresql.org/docs/current/static/server-shutdown.html
KillSignal = "SIGINT";
- KillMode = "process"; # FIXME: this may cause processes to be left behind in the cgroup even after the final SIGKILL
+ KillMode = "mixed";
# Give Postgres a decent amount of time to clean up after
# receiving systemd's SIGINT.
diff --git a/nixos/modules/services/hardware/80-net-name-slot.rules b/nixos/modules/services/hardware/80-net-name-slot.rules
new file mode 100644
index 000000000000..18547f170a3f
--- /dev/null
+++ b/nixos/modules/services/hardware/80-net-name-slot.rules
@@ -0,0 +1,13 @@
+# Copied from systemd 203.
+ACTION=="remove", GOTO="net_name_slot_end"
+SUBSYSTEM!="net", GOTO="net_name_slot_end"
+NAME!="", GOTO="net_name_slot_end"
+
+IMPORT{cmdline}="net.ifnames"
+ENV{net.ifnames}=="0", GOTO="net_name_slot_end"
+
+NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
+NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
+NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
+
+LABEL="net_name_slot_end"
diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix
index d218aa1e5e16..507752dabcf7 100644
--- a/nixos/modules/services/hardware/udev.nix
+++ b/nixos/modules/services/hardware/udev.nix
@@ -83,8 +83,8 @@ let
grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true
done
- ${optionalString (!config.networking.usePredictableInterfaceNames) ''
- ln -s /dev/null $out/80-net-name-slot.rules
+ ${optionalString config.networking.usePredictableInterfaceNames ''
+ cp ${./80-net-name-slot.rules} $out/80-net-name-slot.rules
''}
# If auto-configuration is disabled, then remove
@@ -243,5 +243,9 @@ in
fi
'';
+ systemd.services.systemd-udevd =
+ { environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
+ };
+
};
}
diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix
index 0f61f20c33c3..f5b641c7378b 100644
--- a/nixos/modules/services/hardware/udisks2.nix
+++ b/nixos/modules/services/hardware/udisks2.nix
@@ -14,7 +14,7 @@ with lib;
enable = mkOption {
type = types.bool;
- default = false;
+ default = true;
description = ''
Whether to enable Udisks, a DBus service that allows
applications to query and manipulate storage devices.
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index 1516736dc2e0..4bfd6268234d 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -275,28 +275,18 @@ in
) cfg.buildMachines;
};
- systemd.sockets."nix-daemon" =
- { description = "Nix Daemon Socket";
- wantedBy = [ "sockets.target" ];
- before = [ "multi-user.target" ];
- unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
- socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket";
- };
+ systemd.packages = [ nix ];
- systemd.services."nix-daemon" =
- { description = "Nix Daemon";
+ systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
- path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ]
+ systemd.services.nix-daemon =
+ { path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
- unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
-
serviceConfig =
- { ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon";
- KillMode = "process";
- Nice = cfg.daemonNiceLevel;
+ { Nice = cfg.daemonNiceLevel;
IOSchedulingPriority = cfg.daemonIONiceLevel;
LimitNOFILE = 4096;
};
@@ -352,8 +342,7 @@ in
/nix/var/nix/profiles \
/nix/var/nix/db \
/nix/var/log/nix/drvs \
- /nix/var/nix/channel-cache \
- /nix/var/nix/chroots
+ /nix/var/nix/channel-cache
mkdir -m 1777 -p \
/nix/var/nix/gcroots/per-user \
/nix/var/nix/profiles/per-user \
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix
index 8c3f651e434e..35a3cfff8406 100644
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@@ -4,7 +4,7 @@ with lib;
let
- dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd_without_udev;
+ dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; };
# Don't start dhcpcd on explicitly configured interfaces or on
# interfaces that are part of a bridge.
@@ -80,6 +80,7 @@ in
options = {
networking.dhcpcd.denyInterfaces = mkOption {
+ type = types.listOf types.str;
default = [];
description = ''
Disable the DHCP client for any interface whose name matches
@@ -90,6 +91,7 @@ in
};
networking.dhcpcd.extraConfig = mkOption {
+ type = types.lines;
default = "";
description = ''
Literal string to append to the config file generated for dhcpcd.
@@ -107,6 +109,7 @@ in
{ description = "DHCP Client";
wantedBy = [ "network.target" ];
+ after = [ "systemd-udev-settle.service" ]; # FIXME
# Stopping dhcpcd during a reconfiguration is undesirable
# because it brings down the network interfaces configured by
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index c2941e122614..42914bfe5d62 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -18,8 +18,6 @@
*/
-
-
{ config, lib, pkgs, ... }:
with lib;
@@ -266,14 +264,23 @@ in
message = "This kernel does not support disabling conntrack helpers"; }
];
- jobs.firewall =
+ systemd.services.firewall =
{ description = "Firewall";
- startOn = "started network-interfaces";
+ wantedBy = [ "network.target" ];
+ after = [ "network-interfaces.target" "systemd-modules-load.service" ];
path = [ pkgs.iptables ];
- preStart =
+ # FIXME: this module may also try to load kernel modules, but
+ # containers don't have CAP_SYS_MODULE. So the host system had
+ # better have all necessary modules already loaded.
+ unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+
+ serviceConfig.Type = "oneshot";
+ serviceConfig.RemainAfterExit = true;
+
+ script =
''
${helpers}
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 5bc140ca242a..b66ccb87120c 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -258,7 +258,6 @@ in
path = [ pkgs.openssh pkgs.gawk ];
environment.LD_LIBRARY_PATH = nssModulesPath;
- environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
preStart =
''
diff --git a/nixos/modules/services/ttys/agetty.nix b/nixos/modules/services/ttys/agetty.nix
index 442774af2512..df21ebbd9743 100644
--- a/nixos/modules/services/ttys/agetty.nix
+++ b/nixos/modules/services/ttys/agetty.nix
@@ -49,22 +49,20 @@ with lib;
config = {
systemd.services."getty@" =
- { baseUnit = pkgs.runCommand "getty.service" {}
- ''
- sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/getty@.service > $out
- '';
- serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400";
+ { serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM";
restartIfChanged = false;
};
systemd.services."serial-getty@" =
- { baseUnit = pkgs.runCommand "serial-getty.service" {}
- ''
- sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/serial-getty@.service > $out
- '';
- serviceConfig.ExecStart =
+ { serviceConfig.ExecStart =
let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed);
- in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds}";
+ in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds} $TERM";
+ restartIfChanged = false;
+ };
+
+ systemd.services."container-getty@" =
+ { unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits.
+ serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud pts/%I 115200,38400,9600 $TERM";
restartIfChanged = false;
};
diff --git a/nixos/modules/services/ttys/gpm.nix b/nixos/modules/services/ttys/gpm.nix
index 12fe4e2f84f1..03b0f39824d0 100644
--- a/nixos/modules/services/ttys/gpm.nix
+++ b/nixos/modules/services/ttys/gpm.nix
@@ -40,12 +40,15 @@ in
config = mkIf cfg.enable {
- jobs.gpm =
- { description = "General purpose mouse";
+ systemd.services.gpm =
+ { description = "Console Mouse Daemon";
- startOn = "started udev";
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "getty.target" ];
- exec = "${pkgs.gpm}/sbin/gpm -m /dev/input/mice -t ${cfg.protocol} -D &>/dev/null";
+ serviceConfig.ExecStart = "@${pkgs.gpm}/sbin/gpm gpm -m /dev/input/mice -t ${cfg.protocol}";
+ serviceConfig.Type = "forking";
+ serviceConfig.PIDFile = "/run/gpm.pid";
};
};
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix
index eced13444de2..75ec6671d156 100644
--- a/nixos/modules/services/web-servers/apache-httpd/default.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -450,7 +450,7 @@ in
extraModules = mkOption {
type = types.listOf types.unspecified;
default = [];
- example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${php}/modules/libphp5.so"; } ]'';
+ example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${pkgs.php}/modules/libphp5.so"; } ]'';
description = ''
Additional Apache modules to be used. These can be
specified as a string in the case of modules distributed
diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix
index c70dbf3b911d..26b0612671c4 100644
--- a/nixos/modules/services/x11/desktop-managers/kde4.nix
+++ b/nixos/modules/services/x11/desktop-managers/kde4.nix
@@ -159,7 +159,7 @@ in
# Enable helpful DBus services.
services.udisks.enable = ! wantsUdisks2;
- services.udisks2.enable = wantsUdisks2;
+ services.udisks2.enable = true;
services.upower.enable = config.powerManagement.enable;
security.pam.services.kde = { allowNullPassword = true; };
diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix
index 2deff602982b..3bf18bd58c84 100644
--- a/nixos/modules/services/x11/display-managers/default.nix
+++ b/nixos/modules/services/x11/display-managers/default.nix
@@ -51,17 +51,6 @@ let
''}
- ${optionalString cfg.startOpenSSHAgent ''
- if test -z "$SSH_AUTH_SOCK"; then
- # Restart this script as a child of the SSH agent. (It is
- # also possible to start the agent as a child that prints
- # the required environment variabled on stdout, but in
- # that mode ssh-agent is not terminated when we log out.)
- export SSH_ASKPASS=${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass
- exec ${pkgs.openssh}/bin/ssh-agent "$0" "$sessionType"
- fi
- ''}
-
${optionalString cfg.startGnuPGAgent ''
if test -z "$SSH_AUTH_SOCK"; then
# Restart this script as a child of the GnuPG agent.
diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix
index 1f02bfd6ef37..65f93b544996 100644
--- a/nixos/modules/services/x11/xserver.nix
+++ b/nixos/modules/services/x11/xserver.nix
@@ -201,17 +201,6 @@ in
'';
};
- startOpenSSHAgent = mkOption {
- type = types.bool;
- default = true;
- description = ''
- Whether to start the OpenSSH agent when you log in. The OpenSSH agent
- remembers private keys for you so that you don't have to type in
- passphrases every time you make an SSH connection. Use
- ssh-add to add a key to the agent.
- '';
- };
-
startGnuPGAgent = mkOption {
type = types.bool;
default = false;
@@ -400,11 +389,11 @@ in
hardware.opengl.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ];
assertions =
- [ { assertion = !(cfg.startOpenSSHAgent && cfg.startGnuPGAgent);
+ [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent);
message =
''
- The OpenSSH agent and GnuPG agent cannot be started both.
- Choose between `startOpenSSHAgent' and `startGnuPGAgent'.
+ The OpenSSH agent and GnuPG agent cannot be started both. Please
+ choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’.
'';
}
{ assertion = config.security.polkit.enable;
diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl
index fd2b5b7950d5..4cea0c5910c4 100644
--- a/nixos/modules/system/activation/switch-to-configuration.pl
+++ b/nixos/modules/system/activation/switch-to-configuration.pl
@@ -65,12 +65,12 @@ $SIG{PIPE} = "IGNORE";
sub getActiveUnits {
# FIXME: use D-Bus or whatever to query this, since parsing the
# output of list-units is likely to break.
- my $lines = `@systemd@/bin/systemctl list-units --full`;
+ my $lines = `LANG= @systemd@/bin/systemctl list-units --full`;
my $res = {};
foreach my $line (split '\n', $lines) {
chomp $line;
last if $line eq "";
- $line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next;
+ $line =~ /^\*?\s*(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next;
next if $1 eq "UNIT";
$res->{$1} = { load => $2, state => $3, substate => $4 };
}
@@ -96,18 +96,19 @@ sub parseFstab {
sub parseUnit {
my ($filename) = @_;
- parseKeyValues(read_file($filename));
+ my $info = {};
+ parseKeyValues($info, read_file($filename));
+ parseKeyValues($info, read_file("${filename}.d/overrides.conf")) if -f "${filename}.d/overrides.conf";
+ return $info;
}
sub parseKeyValues {
- my @lines = @_;
- my $info = {};
+ my $info = shift;
foreach my $line (@_) {
# FIXME: not quite correct.
$line =~ /^([^=]+)=(.*)$/ or next;
$info->{$1} = $2;
}
- return $info;
}
sub boolIsTrue {
@@ -115,6 +116,14 @@ sub boolIsTrue {
return $s eq "yes" || $s eq "true";
}
+# As a fingerprint for determining whether a unit has changed, we use
+# its absolute path. If it has an override file, we append *its*
+# absolute path as well.
+sub fingerprintUnit {
+ my ($s) = @_;
+ return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : "");
+}
+
# Stop all services that no longer exist or have changed in the new
# configuration.
my (@unitsToStop, @unitsToSkip);
@@ -166,7 +175,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
}
}
- elsif (abs_path($prevUnitFile) ne abs_path($newUnitFile)) {
+ elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) {
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") {
# Do nothing. These cannot be restarted directly.
} elsif ($unit =~ /\.mount$/) {
@@ -354,7 +363,8 @@ while (my ($unit, $state) = each %{$activeNew}) {
elsif ($state->{state} eq "auto-restart") {
# A unit in auto-restart state is a failure *if* it previously failed to start
my $lines = `@systemd@/bin/systemctl show '$unit'`;
- my $info = parseKeyValues(split "\n", $lines);
+ my $info = {};
+ parseKeyValues($info, split("\n", $lines));
if ($info->{ExecMainStatus} ne '0') {
push @failed, $unit;
diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix
index a4a0d14df6ab..7cdaecce198e 100644
--- a/nixos/modules/system/activation/top-level.nix
+++ b/nixos/modules/system/activation/top-level.nix
@@ -68,6 +68,7 @@ let
echo -n "$configurationName" > $out/configuration-name
echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version
echo -n "$nixosVersion" > $out/nixos-version
+ echo -n "$system" > $out/system
mkdir $out/fine-tune
childCount=0
diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix
index cff7c08579f4..b81bcf20f439 100644
--- a/nixos/modules/system/boot/kernel.nix
+++ b/nixos/modules/system/boot/kernel.nix
@@ -218,37 +218,26 @@ in
# Create /etc/modules-load.d/nixos.conf, which is read by
# systemd-modules-load.service to load required kernel modules.
- # FIXME: ensure that systemd-modules-load.service is restarted if
- # this file changes.
environment.etc = singleton
{ target = "modules-load.d/nixos.conf";
source = kernelModulesConf;
};
- # Sigh. This overrides systemd's systemd-modules-load.service
- # just so we can set a restart trigger. Also make
- # multi-user.target pull it in so that it gets started if it
- # failed earlier.
systemd.services."systemd-modules-load" =
- { description = "Load Kernel Modules";
- wantedBy = [ "sysinit.target" "multi-user.target" ];
- before = [ "sysinit.target" "shutdown.target" ];
- conflicts = [ "shutdown.target" ];
- unitConfig =
- { DefaultDependencies = false;
- ConditionCapability = "CAP_SYS_MODULE";
- };
+ { wantedBy = [ "multi-user.target" ];
+ restartTriggers = [ kernelModulesConf ];
+ environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
serviceConfig =
- { Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${config.systemd.package}/lib/systemd/systemd-modules-load";
- # Ignore failed module loads. Typically some of the
+ { # Ignore failed module loads. Typically some of the
# modules in ‘boot.kernelModules’ are "nice to have but
# not required" (e.g. acpi-cpufreq), so we don't want to
# barf on those.
SuccessExitStatus = "0 1";
};
- restartTriggers = [ kernelModulesConf ];
+ };
+
+ systemd.services.kmod-static-nodes =
+ { environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
};
lib.kernelConfig = {
diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh
index d0f4576f8112..216937a619b1 100644
--- a/nixos/modules/system/boot/stage-1-init.sh
+++ b/nixos/modules/system/boot/stage-1-init.sh
@@ -139,8 +139,6 @@ mkdir -p /dev/.mdadm
systemd-udevd --daemon
udevadm trigger --action=add
udevadm settle || true
-modprobe scsi_wait_scan || true
-udevadm settle || true
# Load boot-time keymap before any LVM/LUKS initialization
diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix
index f69e6cfe54c6..c38d33c45d6e 100644
--- a/nixos/modules/system/boot/stage-1.nix
+++ b/nixos/modules/system/boot/stage-1.nix
@@ -74,7 +74,7 @@ let
cp -v ${pkgs.lvm2}/sbin/dmsetup $out/bin/dmsetup
cp -v ${pkgs.lvm2}/sbin/lvm $out/bin/lvm
cp -v ${pkgs.lvm2}/lib/libdevmapper.so.*.* $out/lib
- cp -v ${pkgs.systemd}/lib/libsystemd-daemon.so.* $out/lib
+ cp -v ${pkgs.systemd}/lib/libsystemd.so.* $out/lib
# Add RAID mdadm tool.
cp -v ${pkgs.mdadm}/sbin/mdadm $out/bin/mdadm
diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
index ee042992b178..a64c6cdfa191 100644
--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -82,7 +82,7 @@ done
# More special file systems, initialise required directories.
mkdir -m 0755 /dev/shm
-mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" tmpfs /dev/shm
+mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" none /dev/shm
mkdir -m 0755 -p /dev/pts
[ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # UML doesn't have USB by default
mkdir -m 01777 -p /tmp
@@ -96,28 +96,14 @@ mkdir -m 0755 -p /etc/nixos
# Miscellaneous boot time cleanup.
rm -rf /var/run /var/lock
-rm -f /etc/resolv.conf
-touch /etc/resolv.conf
rm -f /etc/{group,passwd,shadow}.lock
if test -n "@cleanTmpDir@"; then
echo -n "cleaning \`/tmp'..."
find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
echo " done"
-else
- # Get rid of ICE locks...
- rm -rf /tmp/.ICE-unix
fi
-# ... and ensure that it's owned by root.
-mkdir -m 1777 /tmp/.ICE-unix
-
-# This is a good time to clean up /nix/var/nix/chroots. Doing an `rm
-# -rf' on it isn't safe in general because it can contain bind mounts
-# to /nix/store and other places. But after rebooting these are all
-# gone, of course.
-rm -rf /nix/var/nix/chroots # recreated in activate-configuration.sh
-
# Also get rid of temporary GC roots.
rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots
@@ -155,6 +141,20 @@ if test -n "$resumeDevice"; then
fi
+# Use /etc/resolv.conf supplied by systemd-nspawn, if applicable.
+if [ -n "@useHostResolvConf@" -a -e /etc/resolv.conf ]; then
+ cat /etc/resolv.conf | resolvconf -m 1000 -a host
+else
+ touch /etc/resolv.conf
+fi
+
+
+# Create /var/setuid-wrappers as a tmpfs.
+rm -rf /var/setuid-wrappers
+mkdir -m 0755 -p /var/setuid-wrappers
+mount -t tmpfs -o "mode=0755" none /var/setuid-wrappers
+
+
# Run the script that performs all configuration activation that does
# not have to be done at boot time.
echo "running activation script..."
diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix
index 2616c8649d55..f53c3b8b8e70 100644
--- a/nixos/modules/system/boot/stage-2.nix
+++ b/nixos/modules/system/boot/stage-2.nix
@@ -19,11 +19,13 @@ let
isExecutable = true;
inherit (config.boot) devShmSize runSize cleanTmpDir;
inherit (config.nix) readOnlyStore;
+ inherit (config.networking) useHostResolvConf;
ttyGid = config.ids.gids.tty;
path =
[ pkgs.coreutils
pkgs.utillinux
pkgs.sysvtools
+ pkgs.openresolv
] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
++ optional config.nix.readOnlyStore readonlyMountpoint;
postBootCommands = pkgs.writeText "local-cmds"
@@ -79,6 +81,7 @@ in
'';
};
+ # FIXME: should replace this with something that uses systemd-tmpfiles.
cleanTmpDir = mkOption {
type = types.bool;
default = false;
diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix
index 20ea0ba874d6..a6183c47eb1b 100644
--- a/nixos/modules/system/boot/systemd-unit-options.nix
+++ b/nixos/modules/system/boot/systemd-unit-options.nix
@@ -28,7 +28,7 @@ let
in rec {
- unitOptions = {
+ sharedOptions = {
enable = mkOption {
default = true;
@@ -41,12 +41,37 @@ in rec {
'';
};
- baseUnit = mkOption {
- type = types.nullOr types.path;
- default = null;
- description = "Path to an upstream unit file on which the NixOS unit configuration will be based.";
+ requiredBy = mkOption {
+ default = [];
+ type = types.listOf types.string;
+ description = "Units that require (i.e. depend on and need to go down with) this unit.";
};
+ wantedBy = mkOption {
+ default = [];
+ type = types.listOf types.string;
+ description = "Units that want (i.e. depend on) this unit.";
+ };
+
+ };
+
+ concreteUnitOptions = sharedOptions // {
+
+ text = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = "Text of this systemd unit.";
+ };
+
+ unit = mkOption {
+ internal = true;
+ description = "The generated unit.";
+ };
+
+ };
+
+ commonUnitOptions = sharedOptions // {
+
description = mkOption {
default = "";
type = types.str;
@@ -115,18 +140,6 @@ in rec {
'';
};
- requiredBy = mkOption {
- default = [];
- type = types.listOf types.str;
- description = "Units that require (i.e. depend on and need to go down with) this unit.";
- };
-
- wantedBy = mkOption {
- default = [];
- type = types.listOf types.str;
- description = "Units that want (i.e. depend on) this unit.";
- };
-
unitConfig = mkOption {
default = {};
example = { RequiresMountsFor = "/data"; };
@@ -152,7 +165,7 @@ in rec {
};
- serviceOptions = unitOptions // {
+ serviceOptions = commonUnitOptions // {
environment = mkOption {
default = {};
@@ -286,7 +299,7 @@ in rec {
};
- socketOptions = unitOptions // {
+ socketOptions = commonUnitOptions // {
listenStreams = mkOption {
default = [];
@@ -313,7 +326,7 @@ in rec {
};
- timerOptions = unitOptions // {
+ timerOptions = commonUnitOptions // {
timerConfig = mkOption {
default = {};
@@ -332,7 +345,7 @@ in rec {
};
- pathOptions = unitOptions // {
+ pathOptions = commonUnitOptions // {
pathConfig = mkOption {
default = {};
@@ -349,7 +362,7 @@ in rec {
};
- mountOptions = unitOptions // {
+ mountOptions = commonUnitOptions // {
what = mkOption {
example = "/dev/sda1";
@@ -393,7 +406,7 @@ in rec {
};
};
- automountOptions = unitOptions // {
+ automountOptions = commonUnitOptions // {
where = mkOption {
example = "/mnt";
@@ -417,4 +430,6 @@ in rec {
};
};
+ targetOptions = commonUnitOptions;
+
}
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 3582694a1811..6c6adab66e7c 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -24,14 +24,13 @@ let
ln -s /dev/null $out/${name}
'';
- upstreamUnits =
+ upstreamSystemUnits =
[ # Targets.
"basic.target"
"sysinit.target"
"sockets.target"
"graphical.target"
"multi-user.target"
- "getty.target"
"network.target"
"network-online.target"
"nss-lookup.target"
@@ -41,6 +40,7 @@ let
"sigpwr.target"
"timers.target"
"paths.target"
+ "rpcbind.target"
# Rescue mode.
"rescue.target"
@@ -53,6 +53,13 @@ let
"systemd-udev-settle.service"
"systemd-udev-trigger.service"
+ # Consoles.
+ "getty.target"
+ "getty@.service"
+ "serial-getty@.service"
+ "container-getty@.service"
+ "systemd-vconsole-setup.service"
+
# Hardware (started by udev when a relevant device is plugged in).
"sound.target"
"bluetooth.target"
@@ -65,12 +72,15 @@ let
#"systemd-vconsole-setup.service"
"systemd-user-sessions.service"
"dbus-org.freedesktop.login1.service"
+ "dbus-org.freedesktop.machine1.service"
"user@.service"
# Journal.
"systemd-journald.socket"
"systemd-journald.service"
"systemd-journal-flush.service"
+ "systemd-journal-gatewayd.socket"
+ "systemd-journal-gatewayd.service"
"syslog.socket"
# SysV init compatibility.
@@ -78,7 +88,8 @@ let
"systemd-initctl.service"
# Kernel module loading.
- #"systemd-modules-load.service"
+ "systemd-modules-load.service"
+ "kmod-static-nodes.service"
# Filesystems.
"systemd-fsck@.service"
@@ -91,10 +102,16 @@ let
"swap.target"
"dev-hugepages.mount"
"dev-mqueue.mount"
+ "proc-sys-fs-binfmt_misc.mount"
"sys-fs-fuse-connections.mount"
"sys-kernel-config.mount"
"sys-kernel-debug.mount"
+ # Maintaining state across reboots.
+ "systemd-random-seed.service"
+ "systemd-backlight@.service"
+ "systemd-rfkill@.service"
+
# Hibernate / suspend.
"hibernate.target"
"suspend.target"
@@ -119,34 +136,57 @@ let
"final.target"
"kexec.target"
"systemd-kexec.service"
+ "systemd-update-utmp.service"
# Password entry.
"systemd-ask-password-console.path"
"systemd-ask-password-console.service"
"systemd-ask-password-wall.path"
"systemd-ask-password-wall.service"
+
+ # Slices / containers.
+ "slices.target"
+ "-.slice"
+ "system.slice"
+ "user.slice"
+ "machine.slice"
+ "systemd-machined.service"
+
+ # Temporary file creation / cleanup.
+ "systemd-tmpfiles-clean.service"
+ "systemd-tmpfiles-clean.timer"
+ "systemd-tmpfiles-setup.service"
+ "systemd-tmpfiles-setup-dev.service"
+
+ # Misc.
+ "systemd-sysctl.service"
]
++ optionals cfg.enableEmergencyMode [
"emergency.target"
"emergency.service"
- ]
-
- ++ optionals config.services.journald.enableHttpGateway [
- "systemd-journal-gatewayd.socket"
- "systemd-journal-gatewayd.service"
];
- upstreamWants =
+ upstreamSystemWants =
[ #"basic.target.wants"
"sysinit.target.wants"
"sockets.target.wants"
"local-fs.target.wants"
"multi-user.target.wants"
- "shutdown.target.wants"
"timers.target.wants"
];
+ upstreamUserUnits =
+ [ "basic.target"
+ "default.target"
+ "exit.target"
+ "paths.target"
+ "shutdown.target"
+ "sockets.target"
+ "systemd-exit.service"
+ "timers.target"
+ ];
+
makeJobScript = name: text:
let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${name}"; inherit text; };
in "${x}/bin/${name}";
@@ -178,7 +218,7 @@ let
serviceConfig = { name, config, ... }: {
config = mkMerge
- [ (mkIf (config.baseUnit == null) { # Default path for systemd services. Should be quite minimal.
+ [ { # Default path for systemd services. Should be quite minimal.
path =
[ pkgs.coreutils
pkgs.findutils
@@ -187,7 +227,7 @@ let
systemd
];
environment.PATH = config.path;
- })
+ }
(mkIf (config.preStart != "")
{ serviceConfig.ExecStartPre = makeJobScript "${name}-pre-start" ''
#! ${pkgs.stdenv.shell} -e
@@ -255,10 +295,7 @@ let
(if isList value then value else [value]))
as));
- commonUnitText = def:
- optionalString (def.baseUnit != null) ''
- .include ${def.baseUnit}
- '' + ''
+ commonUnitText = def: ''
[Unit]
${attrsToSection def.unitConfig}
'';
@@ -335,63 +372,91 @@ let
'';
};
- units = pkgs.runCommand "units" { preferLocalBuild = true; }
- ''
+ generateUnits = type: units: upstreamUnits: upstreamWants:
+ pkgs.runCommand "${type}-units" { preferLocalBuild = true; } ''
mkdir -p $out
+
+ # Copy the upstream systemd units we're interested in.
for i in ${toString upstreamUnits}; do
- fn=${systemd}/example/systemd/system/$i
+ fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
if [ -L $fn ]; then
- cp -pd $fn $out/
+ target="$(readlink "$fn")"
+ if [ ''${target:0:3} = ../ ]; then
+ ln -s "$(readlink -f "$fn")" $out/
+ else
+ cp -pd $fn $out/
+ fi
else
ln -s $fn $out/
fi
done
+ # Copy .wants links, but only those that point to units that
+ # we're interested in.
for i in ${toString upstreamWants}; do
- fn=${systemd}/example/systemd/system/$i
+ fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
x=$out/$(basename $fn)
mkdir $x
for i in $fn/*; do
y=$x/$(basename $i)
cp -pd $i $y
- if ! [ -e $y ]; then rm -v $y; fi
+ if ! [ -e $y ]; then rm $y; fi
done
done
- for i in ${toString (mapAttrsToList (n: v: v.unit) cfg.units)}; do
- ln -fs $i/* $out/
- done
-
+ # Symlink all units provided listed in systemd.packages.
for i in ${toString cfg.packages}; do
- ln -s $i/etc/systemd/system/* $out/
+ files=$(echo $i/etc/systemd/${type}/* $i/lib/systemd/${type}/*)
+ if [ -n "$files" ]; then
+ ln -s $files $out/
+ fi
done
+ # Symlink all units defined by systemd.units. If these are also
+ # provided by systemd or systemd.packages, then add them as
+ # .d/overrides.conf, which makes them extend the
+ # upstream unit.
+ for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
+ fn=$(basename $i/*)
+ if [ -e $out/$fn ]; then
+ if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
+ ln -sfn /dev/null $out/$fn
+ else
+ mkdir $out/$fn.d
+ ln -s $i/$fn $out/$fn.d/overrides.conf
+ fi
+ else
+ ln -fs $i/$fn $out/
+ fi
+ done
+
+ # Created .wants and .requires symlinks from the wantedBy and
+ # requiredBy options.
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.wants'
ln -sfn '../${name}' $out/'${name2}.wants'/
- '') unit.wantedBy) cfg.units)}
+ '') unit.wantedBy) units)}
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.requires'
ln -sfn '../${name}' $out/'${name2}.requires'/
- '') unit.requiredBy) cfg.units)}
+ '') unit.requiredBy) units)}
- ln -s ${cfg.defaultUnit} $out/default.target
+ ${optionalString (type == "system") ''
+ # Stupid misc. symlinks.
+ ln -s ${cfg.defaultUnit} $out/default.target
- ln -s rescue.target $out/kbrequest.target
+ ln -s rescue.target $out/kbrequest.target
- mkdir -p $out/getty.target.wants/
- ln -s ../autovt@tty1.service $out/getty.target.wants/
+ mkdir -p $out/getty.target.wants/
+ ln -s ../autovt@tty1.service $out/getty.target.wants/
- ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \
- ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/
-
- ${ optionalString config.services.journald.enableHttpGateway ''
- ln -s ../systemd-journal-gatewayd.service $out/multi-user-target.wants/
+ ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \
+ ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/
''}
''; # */
@@ -414,37 +479,7 @@ in
default = {};
type = types.attrsOf types.optionSet;
options = { name, config, ... }:
- { options = {
- text = mkOption {
- type = types.nullOr types.str;
- default = null;
- description = "Text of this systemd unit.";
- };
- enable = mkOption {
- default = true;
- type = types.bool;
- description = ''
- If set to false, this unit will be a symlink to
- /dev/null. This is primarily useful to prevent specific
- template instances (e.g. serial-getty@ttyS0)
- from being started.
- '';
- };
- requiredBy = mkOption {
- default = [];
- type = types.listOf types.string;
- description = "Units that require (i.e. depend on and need to go down with) this unit.";
- };
- wantedBy = mkOption {
- default = [];
- type = types.listOf types.string;
- description = "Units that want (i.e. depend on) this unit.";
- };
- unit = mkOption {
- internal = true;
- description = "The generated unit.";
- };
- };
+ { options = concreteUnitOptions;
config = {
unit = mkDefault (makeUnit name config);
};
@@ -460,7 +495,7 @@ in
systemd.targets = mkOption {
default = {};
type = types.attrsOf types.optionSet;
- options = [ unitOptions unitConfig ];
+ options = [ targetOptions unitConfig ];
description = "Definition of systemd target units.";
};
@@ -583,7 +618,7 @@ in
default = false;
type = types.bool;
description = ''
- Enable journal http gateway
+ Whether to enable the HTTP gateway to the journal.
'';
};
@@ -610,6 +645,41 @@ in
'';
};
+ systemd.tmpfiles.rules = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ example = [ "d /tmp 1777 root root 10d" ];
+ description = ''
+ Rules for creating and cleaning up temporary files
+ automatically. See
+ tmpfiles.d5
+ for the exact format. You should not use this option to create
+ files required by systemd services, since there is no
+ guarantee that systemd-tmpfiles runs when
+ the system is reconfigured using
+ nixos-rebuild.
+ '';
+ };
+
+ systemd.user.units = mkOption {
+ description = "Definition of systemd per-user units.";
+ default = {};
+ type = types.attrsOf types.optionSet;
+ options = { name, config, ... }:
+ { options = concreteUnitOptions;
+ config = {
+ unit = mkDefault (makeUnit name config);
+ };
+ };
+ };
+
+ systemd.user.services = mkOption {
+ default = {};
+ type = types.attrsOf types.optionSet;
+ options = [ serviceOptions unitConfig serviceConfig ];
+ description = "Definition of systemd per-user service units.";
+ };
+
};
@@ -617,11 +687,20 @@ in
config = {
- system.build.units = units;
+ assertions = mapAttrsToList (name: service: {
+ assertion = service.serviceConfig.Type or "" == "oneshot" -> service.serviceConfig.Restart or "no" == "no";
+ message = "${name}: Type=oneshot services must have Restart=no";
+ }) cfg.services;
+
+ system.build.units = cfg.units;
environment.systemPackages = [ systemd ];
- environment.etc."systemd/system".source = units;
+ environment.etc."systemd/system".source =
+ generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants;
+
+ environment.etc."systemd/user".source =
+ generateUnits "user" cfg.user.units upstreamUserUnits [];
environment.etc."systemd/system.conf".text =
''
@@ -685,6 +764,9 @@ in
(v: let n = escapeSystemdPath v.where;
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);
+ systemd.user.units =
+ mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services;
+
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [
"CGROUPS" "AUTOFS4_FS" "DEVTMPFS"
];
@@ -708,43 +790,25 @@ in
})
(filterAttrs (name: service: service.startAt != "") cfg.services);
- # FIXME: These are borrowed from upstream systemd.
- systemd.services."systemd-update-utmp" =
- { description = "Update UTMP about System Reboot/Shutdown";
- wantedBy = [ "sysinit.target" ];
- after = [ "systemd-remount-fs.service" ];
- before = [ "sysinit.target" "shutdown.target" ];
- conflicts = [ "shutdown.target" ];
- unitConfig = {
- DefaultDependencies = false;
- RequiresMountsFor = "/var/log";
- };
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${systemd}/lib/systemd/systemd-update-utmp reboot";
- ExecStop = "${systemd}/lib/systemd/systemd-update-utmp shutdown";
- };
- restartIfChanged = false;
+ systemd.sockets.systemd-journal-gatewayd.wantedBy =
+ optional config.services.journald.enableHttpGateway "sockets.target";
+
+ # Provide the systemd-user PAM service, required to run systemd
+ # user instances.
+ security.pam.services.systemd-user =
+ { # Ensure that pam_systemd gets included. This is special-cased
+ # in systemd to provide XDG_RUNTIME_DIR.
+ startSession = true;
};
- systemd.services."systemd-random-seed" =
- { description = "Load/Save Random Seed";
- wantedBy = [ "sysinit.target" "multi-user.target" ];
- after = [ "systemd-remount-fs.service" ];
- before = [ "sysinit.target" "shutdown.target" ];
- conflicts = [ "shutdown.target" ];
- unitConfig = {
- DefaultDependencies = false;
- RequiresMountsFor = "/var/lib";
- };
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${systemd}/lib/systemd/systemd-random-seed load";
- ExecStop = "${systemd}/lib/systemd/systemd-random-seed save";
- };
- };
+ environment.etc."tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf";
+
+ environment.etc."tmpfiles.d/nixos.conf".text =
+ ''
+ # This file is created automatically and should not be modified.
+ # Please change the option ‘systemd.tmpfiles.rules’ instead.
+ ${concatStringsSep "\n" cfg.tmpfiles.rules}
+ '';
};
}
diff --git a/nixos/modules/system/upstart/upstart.nix b/nixos/modules/system/upstart/upstart.nix
index 1ad4885edf58..5c0461304072 100644
--- a/nixos/modules/system/upstart/upstart.nix
+++ b/nixos/modules/system/upstart/upstart.nix
@@ -93,7 +93,7 @@ let
if job.daemonType == "fork" || job.daemonType == "daemon" then { Type = "forking"; GuessMainPID = true; } else
if job.daemonType == "none" then { } else
throw "invalid daemon type `${job.daemonType}'")
- // optionalAttrs (!job.task && job.respawn)
+ // optionalAttrs (!job.task && !(job.script == "" && job.exec == "") && job.respawn)
{ Restart = "always"; }
// optionalAttrs job.task
{ Type = "oneshot"; RemainAfterExit = false; };
diff --git a/nixos/modules/tasks/cpu-freq.nix b/nixos/modules/tasks/cpu-freq.nix
index 3df9b58c524c..eb1dfe5f6be2 100644
--- a/nixos/modules/tasks/cpu-freq.nix
+++ b/nixos/modules/tasks/cpu-freq.nix
@@ -2,6 +2,11 @@
with lib;
+let
+ cpupower = config.boot.kernelPackages.cpupower;
+ cfg = config.powerManagement;
+in
+
{
###### interface
@@ -23,31 +28,28 @@ with lib;
###### implementation
- config = mkIf (config.powerManagement.cpuFreqGovernor != null) {
+ config = mkIf (!config.boot.isContainer && config.powerManagement.cpuFreqGovernor != null) {
- environment.systemPackages = [ pkgs.cpufrequtils ];
+ boot.kernelModules = [ "acpi-cpufreq" "speedstep-lib" "pcc-cpufreq"
+ "cpufreq_${cfg.cpuFreqGovernor}"
+ ];
- jobs.cpufreq =
- { description = "CPU Frequency Governor Setup";
+ environment.systemPackages = [ cpupower ];
- after = [ "systemd-modules-load.service" ];
- wantedBy = [ "multi-user.target" ];
-
- unitConfig.ConditionPathIsReadWrite = "/sys/devices/";
-
- path = [ pkgs.cpufrequtils ];
-
- preStart = ''
- for i in $(seq 0 $(($(nproc) - 1))); do
- for gov in $(cpufreq-info -c $i -g); do
- if [ "$gov" = ${config.powerManagement.cpuFreqGovernor} ]; then
- echo "<6>setting governor on CPU $i to ‘$gov’"
- cpufreq-set -c $i -g $gov
- fi
- done
- done
- '';
+ systemd.services.cpufreq = {
+ description = "CPU Frequency Governor Setup";
+ after = [ "systemd-modules-load.service" ];
+ wantedBy = [ "multi-user.target" ];
+ path = [ cpupower ];
+ script = ''
+ cpupower frequency-set -g ${cfg.cpuFreqGovernor}
+ '';
+ unitConfig.ConditionVirtualization = false;
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = "yes";
};
- };
+ };
+ };
}
diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
index df4737305da6..03c42404e5d5 100644
--- a/nixos/modules/tasks/kbd.nix
+++ b/nixos/modules/tasks/kbd.nix
@@ -52,19 +52,7 @@ in
# /dev/tty0 to prevent putting the X server in non-raw mode, and
# it has a restart trigger.
systemd.services."systemd-vconsole-setup" =
- { description = "Setup Virtual Console";
- wantedBy = [ "sysinit.target" "multi-user.target" ];
- before = [ "sysinit.target" "shutdown.target" ];
- conflicts = [ "shutdown.target" ];
- unitConfig =
- { DefaultDependencies = "no";
- ConditionPathExists = "/dev/tty1";
- };
- serviceConfig =
- { Type = "oneshot";
- RemainAfterExit = true;
- ExecStart = "${config.systemd.package}/lib/systemd/systemd-vconsole-setup /dev/tty1";
- };
+ { wantedBy = [ "multi-user.target" ];
restartTriggers = [ vconsoleConf ];
};
diff --git a/nixos/modules/tasks/lvm.nix b/nixos/modules/tasks/lvm.nix
index 0e0272388c76..d56a8a2f63a8 100644
--- a/nixos/modules/tasks/lvm.nix
+++ b/nixos/modules/tasks/lvm.nix
@@ -1,10 +1,12 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;
{
###### implementation
- config = {
+ config = mkIf (!config.boot.isContainer) {
environment.systemPackages = [ pkgs.lvm2 ];
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index a33b571d4371..9cc8b154324f 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -191,6 +191,15 @@ in
'';
};
+ networking.useHostResolvConf = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ In containers, whether to use the
+ resolv.conf supplied by the host.
+ '';
+ };
+
networking.localCommands = mkOption {
default = "";
example = "text=anything; echo You can put $text here.";
diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix
index 7b4e5a8cac06..9100a433cd63 100644
--- a/nixos/modules/testing/test-instrumentation.nix
+++ b/nixos/modules/testing/test-instrumentation.nix
@@ -86,6 +86,8 @@ let kernel = config.boot.kernelPackages.kernel; in
(isEnabled "VIRTIO_CONSOLE")
];
+ networking.usePredictableInterfaceNames = false;
+
};
}
diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix
index da80e44f2c31..195a8056bf82 100644
--- a/nixos/modules/virtualisation/container-config.nix
+++ b/nixos/modules/virtualisation/container-config.nix
@@ -6,34 +6,18 @@ with lib;
config = mkIf config.boot.isContainer {
- # Provide a login prompt on /var/lib/login.socket. On the host,
- # you can connect to it by running ‘socat
- # unix:/var/lib/login.socket -,echo=0,raw’.
- systemd.sockets.login =
- { description = "Login Socket";
- wantedBy = [ "sockets.target" ];
- socketConfig =
- { ListenStream = "/var/lib/login.socket";
- SocketMode = "0666";
- Accept = true;
- };
- };
+ # Disable some features that are not useful in a container.
+ sound.enable = mkDefault false;
+ services.udisks2.enable = mkDefault false;
- systemd.services."login@" =
- { description = "Login %i";
- environment.TERM = "linux";
- serviceConfig =
- { Type = "simple";
- StandardInput = "socket";
- ExecStart = "${pkgs.socat}/bin/socat -t0 - exec:${pkgs.shadow}/bin/login,pty,setsid,setpgid,stderr,ctty";
- TimeoutStopSec = 1; # FIXME
- };
- restartIfChanged = false;
- };
+ networking.useHostResolvConf = true;
- # Also provide a root login prompt on /var/lib/root-login.socket
- # that doesn't ask for a password. This socket can only be used by
- # root on the host.
+ # Shut up warnings about not having a boot loader.
+ system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
+
+ # Provide a root login prompt on /var/lib/root-login.socket that
+ # doesn't ask for a password. This socket can only be used by root
+ # on the host.
systemd.sockets.root-login =
{ description = "Root Login Socket";
wantedBy = [ "sockets.target" ];
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 065c4dc50d23..4fca872d72eb 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -176,7 +176,6 @@ in
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
- SYSTEM_PATH=/nix/var/nix/profiles/system
if [ -f "/etc/containers/$INSTANCE.conf" ]; then
. "/etc/containers/$INSTANCE.conf"
fi
@@ -212,14 +211,22 @@ in
extraFlags="--capability=CAP_NET_ADMIN"
fi
+ # If the host is 64-bit and the container is 32-bit, add a
+ # --personality flag.
+ ${optionalString (config.nixpkgs.system == "x86_64-linux") ''
+ if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
+ extraFlags+=" --personality=x86"
+ fi
+ ''}
+
exec $runInNetNs ${config.systemd.package}/bin/systemd-nspawn \
- -M "$INSTANCE" -D "/var/lib/containers/$INSTANCE" $extraFlags \
+ -M "$INSTANCE" -D "$root" $extraFlags \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
- "$SYSTEM_PATH/init"
+ "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
'';
postStart =
@@ -233,20 +240,7 @@ in
preStop =
''
- pid="$(cat /sys/fs/cgroup/systemd/machine/$INSTANCE.nspawn/system/tasks 2> /dev/null)"
- if [ -n "$pid" ]; then
- # Send the RTMIN+3 signal, which causes the container
- # systemd to start halt.target.
- echo "killing container systemd, PID = $pid"
- kill -RTMIN+3 $pid
- # Wait for the container to exit. We can't let systemd
- # do this because it will send a signal to the entire
- # cgroup.
- for ((n = 0; n < 180; n++)); do
- if ! kill -0 $pid 2> /dev/null; then break; fi
- sleep 1
- done
- fi
+ machinectl poweroff "$INSTANCE"
'';
restartIfChanged = false;
diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl
index f04b2b3e74e2..2fd41a340962 100644
--- a/nixos/modules/virtualisation/nixos-container.pl
+++ b/nixos/modules/virtualisation/nixos-container.pl
@@ -203,7 +203,7 @@ elsif ($action eq "update") {
}
elsif ($action eq "login") {
- exec($socat, "unix:$root/var/lib/login.socket", "-,echo=0,raw");
+ exec("machinectl", "login", "--", $containerName);
}
elsif ($action eq "root-login") {
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix
index 7662427854e5..6605b94439bc 100644
--- a/nixos/modules/virtualisation/qemu-vm.nix
+++ b/nixos/modules/virtualisation/qemu-vm.nix
@@ -399,6 +399,11 @@ in
# Wireless won't work in the VM.
networking.wireless.enable = mkVMOverride false;
+ # Speed up booting by not waiting for ARP.
+ networking.dhcpcd.extraConfig = "noarp";
+
+ networking.usePredictableInterfaceNames = false;
+
system.requiredKernelConfig = with config.lib.kernelConfig;
[ (isEnabled "VIRTIO_BLK")
(isEnabled "VIRTIO_PCI")
diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix
index 741ab62bbc03..32f523750004 100644
--- a/nixos/release-combined.nix
+++ b/nixos/release-combined.nix
@@ -61,6 +61,7 @@ in rec {
(all nixos.tests.printing)
(all nixos.tests.proxy)
(all nixos.tests.udisks)
+ (all nixos.tests.udisks2)
(all nixos.tests.xfce)
nixpkgs.tarball
diff --git a/nixos/release.nix b/nixos/release.nix
index 45c37570c1ba..4a10ff39ed0c 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -245,6 +245,7 @@ in rec {
tests.simple = callTest tests/simple.nix {};
tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks = callTest tests/udisks.nix {};
+ tests.udisks2 = callTest tests/udisks2.nix {};
tests.xfce = callTest tests/xfce.nix {};
}
diff --git a/nixos/tests/containers.nix b/nixos/tests/containers.nix
index 9580f18189a2..8ad9cd6e0d79 100644
--- a/nixos/tests/containers.nix
+++ b/nixos/tests/containers.nix
@@ -25,7 +25,7 @@ import ./make-test.nix {
testScript =
''
- $machine->succeed("nixos-container list") =~ /webserver/;
+ $machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
@@ -65,7 +65,7 @@ import ./make-test.nix {
$machine->succeed("nixos-container start $id1");
# Execute commands via the root shell.
- $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/;
+ $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die;
$machine->succeed("nixos-container set-root-password $id1 foobar");
# Destroy the containers.
diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix
index 0a7d25c37aca..44c53c231c81 100644
--- a/nixos/tests/login.nix
+++ b/nixos/tests/login.nix
@@ -9,7 +9,8 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }:
testScript =
''
- $machine->waitForUnit("default.target");
+ $machine->waitForUnit('multi-user.target');
+ $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty1'");
$machine->screenshot("postboot");
subtest "create user", sub {
@@ -19,9 +20,11 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }:
# Check whether switching VTs works.
subtest "virtual console switching", sub {
+ $machine->fail("pgrep -f 'agetty.*tty2'");
$machine->sendKeys("alt-f2");
$machine->waitUntilSucceeds("[ \$(fgconsole) = 2 ]");
$machine->waitForUnit('getty@tty2.service');
+ $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty2'");
};
# Log in as alice on a virtual console.
diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix
index 0f57b9f61261..363be2cbb357 100644
--- a/nixos/tests/misc.nix
+++ b/nixos/tests/misc.nix
@@ -8,6 +8,7 @@ import ./make-test.nix {
[ { device = "/root/swapfile"; size = 128; } ];
environment.variables.EDITOR = pkgs.lib.mkOverride 0 "emacs";
services.nixosManual.enable = pkgs.lib.mkOverride 0 true;
+ systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ];
};
testScript =
@@ -63,6 +64,22 @@ import ./make-test.nix {
$machine->succeed('[ "`hostname`" = machine ]');
$machine->succeed('[ "`hostname -s`" = machine ]');
};
+
+ # Test whether systemd-udevd automatically loads modules for our hardware.
+ subtest "udev-auto-load", sub {
+ $machine->waitForUnit('systemd-udev-settle.service');
+ $machine->succeed('lsmod | grep psmouse');
+ };
+
+ # Test whether systemd-tmpfiles-clean works.
+ subtest "tmpfiles", sub {
+ $machine->succeed('touch /tmp/foo');
+ $machine->succeed('systemctl start systemd-tmpfiles-clean');
+ $machine->succeed('[ -e /tmp/foo ]');
+ $machine->succeed('date -s "@$(($(date +%s) + 1000000))"'); # move into the future
+ $machine->succeed('systemctl start systemd-tmpfiles-clean');
+ $machine->fail('[ -e /tmp/foo ]');
+ };
'';
}
diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix
index 9ef28dcfcd4d..9b96e3d7b20c 100644
--- a/nixos/tests/printing.nix
+++ b/nixos/tests/printing.nix
@@ -31,7 +31,9 @@ import ./make-test.nix ({pkgs, ... }: {
# Make sure that cups is up on both sides.
$server->waitForUnit("cupsd.service");
+ $server->waitForUnit("network.target");
$client->waitForUnit("cupsd.service");
+ $client->waitForUnit("network.target");
$client->succeed("lpstat -r") =~ /scheduler is running/ or die;
$client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die;
$client->succeed("curl --fail http://localhost:631/");
diff --git a/nixos/tests/udisks.nix b/nixos/tests/udisks.nix
index 2354c3106618..b7f2e2c00315 100644
--- a/nixos/tests/udisks.nix
+++ b/nixos/tests/udisks.nix
@@ -40,7 +40,7 @@ in
# Mount the stick as a non-root user and do some stuff with it.
$machine->succeed("su - alice -c 'udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1'");
$machine->succeed("su - alice -c 'udisks --mount /dev/sda1'");
- $machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/;
+ $machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/ or die;
$machine->succeed("su - alice -c 'echo foo > /media/USBSTICK/bar.txt'");
# Unmounting the stick should make the mountpoint disappear.
diff --git a/nixos/tests/udisks2.nix b/nixos/tests/udisks2.nix
new file mode 100644
index 000000000000..e0c57d7c34d6
--- /dev/null
+++ b/nixos/tests/udisks2.nix
@@ -0,0 +1,56 @@
+import ./make-test.nix ({ pkgs, ... }:
+
+let
+
+ stick = pkgs.fetchurl {
+ url = http://nixos.org/~eelco/nix/udisks-test.img.xz;
+ sha256 = "0was1xgjkjad91nipzclaz5biv3m4b2nk029ga6nk7iklwi19l8b";
+ };
+
+in
+
+{
+
+ machine =
+ { config, pkgs, ... }:
+ { services.udisks2.enable = true;
+ imports = [ ./common/user-account.nix ];
+
+ security.polkit.extraConfig =
+ ''
+ polkit.addRule(function(action, subject) {
+ if (subject.user == "alice") return "yes";
+ });
+ '';
+ };
+
+ testScript =
+ ''
+ my $stick = $machine->stateDir . "/usbstick.img";
+ system("xz -d < ${stick} > $stick") == 0 or die;
+
+ $machine->succeed("udisksctl info -b /dev/vda >&2");
+ $machine->fail("udisksctl info -b /dev/sda1");
+
+ # Attach a USB stick and wait for it to show up.
+ $machine->sendMonitorCommand("usb_add disk:$stick");
+ $machine->waitUntilSucceeds("udisksctl info -b /dev/sda1");
+ $machine->succeed("udisksctl info -b /dev/sda1 | grep 'IdLabel:.*USBSTICK'");
+
+ # Mount the stick as a non-root user and do some stuff with it.
+ $machine->succeed("su - alice -c 'udisksctl info -b /dev/sda1'");
+ $machine->succeed("su - alice -c 'udisksctl mount -b /dev/sda1'");
+ $machine->succeed("su - alice -c 'cat /run/media/alice/USBSTICK/test.txt'") =~ /Hello World/ or die;
+ $machine->succeed("su - alice -c 'echo foo > /run/media/alice/USBSTICK/bar.txt'");
+
+ # Unmounting the stick should make the mountpoint disappear.
+ $machine->succeed("su - alice -c 'udisksctl unmount -b /dev/sda1'");
+ $machine->fail("[ -d /run/media/alice/USBSTICK ]");
+
+ # Remove the USB stick.
+ $machine->sendMonitorCommand("usb_del 0.3"); # FIXME
+ $machine->waitUntilFails("udisksctl info -b /dev/sda1");
+ $machine->fail("[ -e /dev/sda ]");
+ '';
+
+})
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index 11ad2014663a..ff1c9f76cd07 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -67,14 +67,12 @@ let
} merge ]);
- libs = dbus_drv "libs" "dbus" ({
+ libs = dbus_drv "libs" "dbus" {
# Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
# (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
NIX_CFLAGS_COMPILE = "-DDBUS_ENABLE_X11_AUTOLAUNCH=1";
- } // stdenv.lib.optionalAttrs (systemdOrEmpty != []) {
- buildInputs = [ systemd.headers ];
- patches = [ ./systemd.patch ]; # bypass systemd detection
- });
+ buildInputs = [ systemdOrEmpty ];
+ };
attrs = rec {
@@ -83,14 +81,13 @@ let
# This package has been split because most applications only need dbus.lib
# which serves as an interface to a *system-wide* daemon,
# see e.g. http://en.wikipedia.org/wiki/D-Bus#Architecture .
- # Also some circular dependencies get split by this (like with systemd).
inherit libs;
tools = dbus_drv "tools" "tools" {
configureFlags = [ "--with-dbus-daemondir=${daemon}/bin" ];
- buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon dbus_glib ];
- NIX_CFLAGS_LINK =
+ buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon ];
+ NIX_CFLAGS_LINK =
stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
+ "-ldbus-1";
@@ -102,16 +99,6 @@ let
buildInputs = systemdOrEmpty;
};
- # Some of the tests don't work yet; in fact, @vcunat tried several packages
- # containing dbus testing, and all of them have some test failure.
- tests = dbus_drv "tests" "test" {
- preBuild = makeInternalLib;
- buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs tools daemon dbus_glib python ];
- NIX_CFLAGS_LINK =
- stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
- + "-ldbus-1";
- };
-
docs = dbus_drv "docs" "doc" {
postInstall = ''rm -r "$out/lib"'';
};
diff --git a/pkgs/os-specific/linux/cpupower/default.nix b/pkgs/os-specific/linux/cpupower/default.nix
new file mode 100644
index 000000000000..bf6e8c36f3df
--- /dev/null
+++ b/pkgs/os-specific/linux/cpupower/default.nix
@@ -0,0 +1,42 @@
+{ stdenv, fetchurl, kernel, coreutils, pciutils, gettext }:
+
+stdenv.mkDerivation {
+ name = "cpupower-${kernel.version}";
+
+ src = kernel.src;
+
+ buildInputs = [ coreutils pciutils gettext ];
+
+ configurePhase = ''
+ cd tools/power/cpupower
+ sed -i 's,/bin/true,${coreutils}/bin/true,' Makefile
+ sed -i 's,/bin/pwd,${coreutils}/bin/pwd,' Makefile
+ sed -i 's,/usr/bin/install,${coreutils}/bin/install,' Makefile
+ '';
+
+ buildPhase = ''
+ make
+ '';
+
+ installPhase = ''
+ make \
+ bindir="$out/bin" \
+ sbindir="$out/sbin" \
+ mandir="$out/share/man" \
+ includedir="$out/include" \
+ libdir="$out/lib" \
+ localedir="$out/share/locale" \
+ docdir="$out/share/doc/cpupower" \
+ confdir="$out/etc" \
+ install install-man
+ '';
+
+ enableParallelBuilding = true;
+
+ meta = with stdenv.lib; {
+ description = "Tool to examine and tune power saving features.";
+ homepage = https://www.kernel.org.org/;
+ license = licenses.gpl2;
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
index f5efc565753c..5afa2cbe4ebf 100644
--- a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
+++ b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
@@ -6,26 +6,27 @@
{ stdenv, fetchurl, dpkg }:
let
- version = "0.40";
+ version = "0.41";
packages = [
- { name = "adi"; sha256 = "0wwks9ff4n772435s57z1fjrffi4xl9nxnfn3v7xfcwdjb395d88"; }
- { name = "atheros"; sha256 = "1gj7hfnyclzgyq06scynaclnfajhs6lw5i51j1w1hikv4yh20djz"; }
- { name = "bnx2"; sha256 = "15qjj0sfjin5cbkpby29r5czn11xyiyyc4fmhwlqvgfgrnbp0aqk"; }
- { name = "bnx2x"; sha256 = "08nvbln94ff47b2q0avxj1aa2wx4qih8sq8knbq54lp46kjf3k0h"; }
- { name = "brcm80211"; sha256 = "1ndsw3s6xkr1n39nf9ig1xhnaglx5qvvvm8rh6ah41v644lzha79"; }
- { name = "intelwimax"; sha256 = "1qwxmykh90v92asn4ivq0fak761hs7hd2zmz1dpkjidwsycrfyqn"; }
- { name = "ipw2x00"; sha256 = "0a2nb17b5n3k1b6y4dbi5i8k1fm19ba2abq2jh2hjjmyyl3y388m"; }
- { name = "ivtv"; sha256 = "1239gsjq16f4kd1yn77iq3ar8ndx3pzd16kpqafr1h2y0zwh452r"; }
- { name = "iwlwifi"; sha256 = "03kmh5szd02pkbm1nlyz99fr2njhg88wiv73f1fz485m9rvgga43"; }
- { name = "libertas"; sha256 = "0qjziwmwqbp83hxrjw7x3ralxg4ib9y23bcbn1g8yb5b6m84ca6b"; }
- { name = "linux"; sha256 = "0ypidsrrfx4kvbfisdpgx2fzbil7g2jixgqhnv960iy5l348amrl"; }
- { name = "linux-nonfree"; sha256 = "0p9ql3cdxljflh48r6z40kpyisbzp3s3g1qjb9f64n6cppllwjfr"; }
- { name = "myricom"; sha256 = "12spfaq7z2bb93cy15zldlic1wx2v6h9sn7ny09nkzy4m26zds4q"; }
- { name = "netxen"; sha256 = "03gmda16bdqw8a4x8x11ph41ksjh48hxydv0f0z3gi3czgbh7sn3"; }
- { name = "qlogic"; sha256 = "1ah8rrwzi44p1l4q8qkql18djmn5kihsiinpy204xklm1csf3vs1"; }
- { name = "ralink"; sha256 = "005549jk0wnyfnb247awv2wncsx5is05m1hdwcd33iq0dlbmm39b"; }
- { name = "realtek"; sha256 = "1ai1klzrql8qxmb7945xiqlkfkyz8admrpb10b3r4ixvclkrvfi2"; }
+ { name = "adi"; sha256 = "19dm96djp34g6l84g9shwbmqbmfd15c24frcy1zh5nz8x12phgm4"; }
+ { name = "atheros"; sha256 = "0vrdyxiq7nx89h6ykdrs8s3l9frn3hmcfb9vsz68i12975y8ib5n"; }
+ { name = "bnx2"; sha256 = "12l3l54q69n1ky8lp7bmzscfqysabjrgmswwj57ryc6l82s7081y"; }
+ { name = "bnx2x"; sha256 = "10m9p479dq2ylpj5mw6d5vyfh9hybmh5xgs5sxma065v7r3c3v31"; }
+ { name = "brcm80211"; sha256 = "0l2lg5pshb1kb829hfq9w791scwa8biikrfzsx9wvlvkyxfdh187"; }
+ { name = "intelwimax"; sha256 = "13jqm8ik0mm8vnsskbbp63idpjqazzp2x4gaq7786jg5yj3zh1cf"; }
+ { name = "ipw2x00"; sha256 = "1hvxrzqbc75phxdbmqfh7ky36m0qna2pncwxpfdircy9i6fx7ipy"; }
+ { name = "ivtv"; sha256 = "0ckw1ynzfqnkwlmwpzfbdfx4s6bsl4nwp097g8khaavqxk94n88v"; }
+ { name = "iwlwifi"; sha256 = "1djazi2qsi5z6q0izirprxgfpg8vh55skab2nijyfl66drlcha72"; }
+ { name = "libertas"; sha256 = "1yj9dd9pwd98gknx5mvblfcbr6k347xzi8l6bk0pr4570j8ss8y3"; }
+ { name = "linux"; sha256 = "0vc4cbrq73y5hibx5k3gbfqaqxvaa3g8rv9kzwks2zl3hdxm6xaq"; }
+ { name = "linux-nonfree"; sha256 = "05vv8yq7kix5cw9s4agz4vgya6i3ff88jp3rxln1ssznhvzrjzx9"; }
+ { name = "myricom"; sha256 = "1idfvdfw7z4jbbjyq40hd2bpllvw7jz0ah7k3iwljxp8l2lf2nmf"; }
+ { name = "netxen"; sha256 = "0fdgllv8i7j9qbk5hi14zvw6fcn4nd1isr1486d8fv7nf2bf1mxx"; }
+ { name = "qlogic"; sha256 = "12w1qnqhs24am2psdfmv0ligczzxh9crllmp7r4y3vqghyvwax7i"; }
+ { name = "ralink"; sha256 = "1ryplg9shi7nam79zd86z7a0qzp0f9m7q89nq989z57qiysbrra4"; }
+ { name = "realtek"; sha256 = "1l867724qrw7nwksdv4k0hkz7nrjjs9vq2s3937wyaa0r2r66mg6"; }
+ { name = "ti-connectivity"; sha256 = "00cl9gyxa7795a57zwcvl26kxfl4qzppi4z8ksg5friv3db8sm1p"; }
];
fetchPackage =
diff --git a/pkgs/os-specific/linux/kernel-headers/2.6.28.nix b/pkgs/os-specific/linux/kernel-headers/3.14.nix
similarity index 59%
rename from pkgs/os-specific/linux/kernel-headers/2.6.28.nix
rename to pkgs/os-specific/linux/kernel-headers/3.14.nix
index 1ba03010f8ab..d9d0ce7e3b3d 100644
--- a/pkgs/os-specific/linux/kernel-headers/2.6.28.nix
+++ b/pkgs/os-specific/linux/kernel-headers/3.14.nix
@@ -1,46 +1,50 @@
-{stdenv, fetchurl, perl, cross ? null}:
+{ stdenv, fetchurl, perl, cross ? null }:
assert cross == null -> stdenv.isLinux;
-let version = "2.6.28.5"; in
+let
+
+ version = "3.14.1";
+
+ kernelHeadersBaseConfig =
+ if cross == null
+ then stdenv.platform.kernelHeadersBaseConfig
+ else cross.platform.kernelHeadersBaseConfig;
+
+in
stdenv.mkDerivation {
name = "linux-headers-${version}";
src = fetchurl {
- url = "mirror://kernel/linux/kernel/v2.6/linux-${version}.tar.bz2";
- sha256 = "0hifjh75sinifr5138v22zwbpqln6lhn65k8b57a1dyzlqca7cl9";
+ url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
+ sha256 = "1njm8gvlj7cq0m1051yxszl4f63383a7sv1na13hkqkv36kipgqx";
};
targetConfig = if cross != null then cross.config else null;
platform =
- if cross != null then cross.arch else
+ if cross != null then cross.platform.kernelArch else
if stdenv.system == "i686-linux" then "i386" else
if stdenv.system == "x86_64-linux" then "x86_64" else
if stdenv.system == "powerpc-linux" then "powerpc" else
if stdenv.isArm then "arm" else
- if stdenv.system == "mips64el-linux" then "mips" else
+ if stdenv.platform ? kernelArch then stdenv.platform.kernelArch else
abort "don't know what the kernel include directory is called for this platform";
buildInputs = [perl];
extraIncludeDirs =
if cross != null then
- (if cross.arch == "powerpc" then ["ppc"] else [])
+ (if cross.arch == "powerpc" then ["ppc"] else [])
else if stdenv.system == "powerpc-linux" then ["ppc"] else [];
- patchPhase = ''
- patch --verbose -p1 < "${./unifdef-getline.patch}"
- sed -i '/scsi/d' include/Kbuild
- sed -i 's|/ %/: prepare scripts FORCE|%/: prepare scripts FORCE|' Makefile
- '';
-
buildPhase = ''
if test -n "$targetConfig"; then
export ARCH=$platform
fi
- make mrproper headers_check
+ make ${kernelHeadersBaseConfig} SHELL=bash
+ make mrproper headers_check SHELL=bash
'';
installPhase = ''
@@ -58,4 +62,10 @@ stdenv.mkDerivation {
ln -s asm $out/include/asm-x86
fi
'';
+
+ meta = with stdenv.lib; {
+ description = "Header files and scripts for Linux kernel";
+ license = licenses.gpl2;
+ platforms = platforms.linux;
+ };
}
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index 15473ea257c5..db654fc0505c 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -114,6 +114,7 @@ with stdenv.lib;
VGA_SWITCHEROO y
# Sound.
+ SND_DYNAMIC_MINORS y
SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode
SND_HDA_INPUT_BEEP y # Support digital beep via input layer
SND_USB_CAIAQ_INPUT y
diff --git a/pkgs/os-specific/linux/kmod/default.nix b/pkgs/os-specific/linux/kmod/default.nix
index 378e1a87d07a..380b4a35f1c2 100644
--- a/pkgs/os-specific/linux/kmod/default.nix
+++ b/pkgs/os-specific/linux/kmod/default.nix
@@ -1,11 +1,11 @@
{ stdenv, fetchurl, xz, zlib, pkgconfig, libxslt }:
stdenv.mkDerivation rec {
- name = "kmod-16";
+ name = "kmod-17";
src = fetchurl {
url = "mirror://kernel/linux/utils/kernel/kmod/${name}.tar.xz";
- sha256 = "63412efab37c70459ccef167556965c93fd4f56af5986cd3750542a684c613c5";
+ sha256 = "1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv";
};
# Disable xz/zlib support to prevent needing them in the initrd.
diff --git a/pkgs/os-specific/linux/kmod/module-dir.patch b/pkgs/os-specific/linux/kmod/module-dir.patch
index 95d08da45804..0c4ab4bd4c44 100644
--- a/pkgs/os-specific/linux/kmod/module-dir.patch
+++ b/pkgs/os-specific/linux/kmod/module-dir.patch
@@ -1,7 +1,7 @@
-diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
---- kmod-7-orig/libkmod/libkmod.c 2012-03-15 08:19:16.750010226 -0400
-+++ kmod-7/libkmod/libkmod.c 2012-04-04 15:21:29.532074313 -0400
-@@ -200,7 +200,7 @@
+diff -ru -x '*~' kmod-17-orig/libkmod/libkmod.c kmod-17/libkmod/libkmod.c
+--- kmod-17-orig/libkmod/libkmod.c 2014-04-01 12:40:37.161940089 +0200
++++ kmod-17/libkmod/libkmod.c 2014-04-17 13:47:15.871441987 +0200
+@@ -201,7 +201,7 @@
static char *get_kernel_release(const char *dirname)
{
struct utsname u;
@@ -10,7 +10,7 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
if (dirname != NULL)
return path_make_absolute_cwd(dirname);
-@@ -208,7 +208,10 @@
+@@ -209,7 +209,10 @@
if (uname(&u) < 0)
return NULL;
@@ -22,3 +22,39 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
return NULL;
return p;
+diff -ru -x '*~' kmod-17-orig/tools/static-nodes.c kmod-17/tools/static-nodes.c
+--- kmod-17-orig/tools/static-nodes.c 2013-12-17 22:05:42.159047316 +0100
++++ kmod-17/tools/static-nodes.c 2014-04-17 13:51:17.945974320 +0200
+@@ -159,6 +159,7 @@
+ FILE *in = NULL, *out = NULL;
+ const struct static_nodes_format *format = &static_nodes_format_human;
+ int r, ret = EXIT_SUCCESS;
++ char *dirname_prefix;
+
+ for (;;) {
+ int c, idx = 0, valid;
+@@ -211,16 +212,19 @@
+ goto finish;
+ }
+
+- snprintf(modules, sizeof(modules), "/lib/modules/%s/modules.devname", kernel.release);
++ if ((dirname_prefix = getenv("MODULE_DIR")) == NULL)
++ dirname_prefix = "/lib/modules";
++
++ snprintf(modules, sizeof(modules), "%s/%s/modules.devname", dirname_prefix, kernel.release);
+ in = fopen(modules, "re");
+ if (in == NULL) {
+ if (errno == ENOENT) {
+- fprintf(stderr, "Warning: /lib/modules/%s/modules.devname not found - ignoring\n",
+- kernel.release);
++ fprintf(stderr, "Warning: %s/%s/modules.devname not found - ignoring\n",
++ dirname_prefix, kernel.release);
+ ret = EXIT_SUCCESS;
+ } else {
+- fprintf(stderr, "Error: could not open /lib/modules/%s/modules.devname - %m\n",
+- kernel.release);
++ fprintf(stderr, "Error: could not open %s/%s/modules.devname - %m\n",
++ dirname_prefix, kernel.release);
+ ret = EXIT_FAILURE;
+ }
+ goto finish;
diff --git a/pkgs/os-specific/linux/lvm2/default.nix b/pkgs/os-specific/linux/lvm2/default.nix
index bd748dadf616..9e2b0c900794 100644
--- a/pkgs/os-specific/linux/lvm2/default.nix
+++ b/pkgs/os-specific/linux/lvm2/default.nix
@@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, udev, utillinux, coreutils }:
let
- v = "2.02.104";
+ v = "2.02.106";
in
stdenv.mkDerivation {
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "ftp://sources.redhat.com/pub/lvm2/releases/LVM2.${v}.tgz";
- sha256 = "1xa7hvp8bsx96nncgksxrqxaqcgipfmmpr8aysayb8aisyjvas0d";
+ sha256 = "0nr833bl0q4zq52drjxmmpf7bs6kqxwa5kahwwxm9411khkxz0vc";
};
configureFlags =
@@ -29,6 +29,8 @@ stdenv.mkDerivation {
sed -i /DEFAULT_PROFILE_DIR/d conf/Makefile.in
'';
+ enableParallelBuilding = true;
+
#patches = [ ./purity.patch ];
# To prevent make install from failing.
diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix
index 74863496a0f7..2eb5c7e480a2 100644
--- a/pkgs/os-specific/linux/nvidia-x11/default.nix
+++ b/pkgs/os-specific/linux/nvidia-x11/default.nix
@@ -12,7 +12,7 @@ assert (!libsOnly) -> kernel != null;
let
- versionNumber = "331.49";
+ versionNumber = "331.67";
in
@@ -27,12 +27,12 @@ stdenv.mkDerivation {
if stdenv.system == "i686-linux" then
fetchurl {
url = "http://us.download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}.run";
- sha256 = "00d7bq8cfxk52qd4y226fz8m9m3mjq45fbgr3q7k08jyy9qmswmn";
+ sha256 = "1imc66yxnm01i58xwqrwqc612h0rhdz8x170hqr2pjyk99bllsv9";
}
else if stdenv.system == "x86_64-linux" then
fetchurl {
url = "http://us.download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}-no-compat32.run";
- sha256 = "0q3lvl1lypi33i847nqz4k3161ackh2n9kgyjn6v2c480f405hfk";
+ sha256 = "0qxd4jd25ymcr6w97f71kfn549x6wgg4g3vixd3sqlczknn85f47";
}
else throw "nvidia-x11 does not support platform ${stdenv.system}";
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
index 43300425c004..afc125556fe2 100644
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@@ -1,11 +1,11 @@
{ stdenv, fetchurl, flex, cracklib }:
stdenv.mkDerivation rec {
- name = "linux-pam-1.1.6";
+ name = "linux-pam-1.1.8";
src = fetchurl {
- url = https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.6.tar.bz2;
- sha256 = "1hlz2kqvbjisvwyicdincq7nz897b9rrafyzccwzqiqg53b8gf5s";
+ url = http://www.linux-pam.org/library/Linux-PAM-1.1.8.tar.bz2;
+ sha256 = "0m8ygb40l1c13nsd4hkj1yh4p1ldawhhg8pyjqj9w5kd4cxg5cf4";
};
nativeBuildInputs = [ flex ];
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 0afaf7b03703..262fde749843 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod
, xz, pam, acl, cryptsetup, libuuid, m4, utillinux
, glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl
-, kexectools, libmicrohttpd
+, kexectools, libmicrohttpd, linuxHeaders
, python ? null, pythonSupport ? false
}:
@@ -10,26 +10,24 @@ assert stdenv.isLinux;
assert pythonSupport -> python != null;
stdenv.mkDerivation rec {
- version = "203";
+ version = "212";
name = "systemd-${version}";
src = fetchurl {
url = "http://www.freedesktop.org/software/systemd/${name}.tar.xz";
- sha256 = "07gvn3rpski8sh1nz16npjf2bvj0spsjdwc5px9685g2pi6kxcb1";
+ sha256 = "1hpjcc42svrs06q3isjm3m5aphgkpfdylmvpnif71zh46ys0cab5";
};
patches =
[ # These are all changes between upstream and
- # https://github.com/edolstra/systemd/tree/nixos-v203.
+ # https://github.com/edolstra/systemd/tree/nixos-v212.
./fixes.patch
- ./fix_console_in_containers.patch
- ]
- ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;
+ ];
buildInputs =
- [ pkgconfig intltool gperf libcap dbus.libs kmod xz pam acl
+ [ pkgconfig intltool gperf libcap kmod xz pam acl
/* cryptsetup */ libuuid m4 glib libxslt libgcrypt docbook_xsl
- libmicrohttpd
+ libmicrohttpd linuxHeaders
] ++ stdenv.lib.optional pythonSupport python;
configureFlags =
@@ -45,15 +43,18 @@ stdenv.mkDerivation rec {
"--with-dbussessionservicedir=$(out)/share/dbus-1/services"
"--with-firmware-path=/root/test-firmware:/run/current-system/firmware"
"--with-tty-gid=3" # tty in NixOS has gid 3
+ "--disable-networkd" # enable/use eventually
+ "--enable-compat-libs" # get rid of this eventually
];
preConfigure =
''
# FIXME: patch this in systemd properly (and send upstream).
# FIXME: use sulogin from util-linux once updated.
- for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c; do
+ for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c; do
test -e $i
substituteInPlace $i \
+ --replace /usr/bin/getent ${stdenv.glibc}/bin/getent \
--replace /bin/mount ${utillinux}/bin/mount \
--replace /bin/umount ${utillinux}/bin/umount \
--replace /sbin/swapon ${utillinux}/sbin/swapon \
@@ -69,6 +70,10 @@ stdenv.mkDerivation rec {
--replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/
'';
+ # This is needed because systemd uses the gold linker, which doesn't
+ # yet have the wrapper script to add rpath flags automatically.
+ NIX_LDFLAGS = "-rpath ${pam}/lib -rpath ${libcap}/lib -rpath ${acl}/lib -rpath ${stdenv.gcc.gcc}/lib";
+
PYTHON_BINARY = "${coreutils}/bin/env python"; # don't want a build time dependency on Python
NIX_CFLAGS_COMPILE =
@@ -77,10 +82,6 @@ stdenv.mkDerivation rec {
"-UPOLKIT_AGENT_BINARY_PATH" "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\""
"-fno-stack-protector"
- # Work around our kernel headers being too old. FIXME: remove
- # this after the next stdenv update.
- "-DFS_NOCOW_FL=0x00800000"
-
# Set the release_agent on /sys/fs/cgroup/systemd to the
# currently running systemd (/run/current-system/systemd) so
# that we don't use an obsolete/garbage-collected release agent.
@@ -94,7 +95,12 @@ stdenv.mkDerivation rec {
# /var is mounted.
makeFlags = "hwdb_bin=/var/lib/udev/hwdb.bin";
- installFlags = "localstatedir=$(TMPDIR)/var sysconfdir=$(out)/etc sysvinitdir=$(TMPDIR)/etc/init.d";
+ installFlags =
+ [ "localstatedir=$(TMPDIR)/var"
+ "sysconfdir=$(out)/etc"
+ "sysvinitdir=$(TMPDIR)/etc/init.d"
+ "pamconfdir=$(out)/etc/pam.d"
+ ];
# Get rid of configuration-specific data.
postInstall =
@@ -103,6 +109,8 @@ stdenv.mkDerivation rec {
mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example
mv $out/lib/systemd/{system,user} $out/example/systemd
+ rm -rf $out/etc/systemd/system
+
# Install SysV compatibility commands.
mkdir -p $out/sbin
ln -s $out/lib/systemd/systemd $out/sbin/telinit
@@ -128,19 +136,6 @@ stdenv.mkDerivation rec {
# runtime; otherwise we can't and we need to reboot.
passthru.interfaceVersion = 2;
- passthru.headers = stdenv.mkDerivation {
- name = "systemd-headers-${version}";
- inherit src;
-
- phases = [ "unpackPhase" "installPhase" ];
-
- # some are needed by dbus.libs, which is needed for systemd :-)
- installPhase = ''
- mkdir -p "$out/include/systemd"
- mv src/systemd/*.h "$out/include/systemd"
- '';
- };
-
meta = {
homepage = "http://www.freedesktop.org/wiki/Software/systemd";
description = "A system and service manager for Linux";
diff --git a/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch b/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch
deleted file mode 100644
index 005c00282020..000000000000
--- a/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -ruN systemd-203/units/getty@.service.m4 systemd-203-patched/units/getty@.service.m4
---- systemd-203/units/getty@.service.m4 2013-01-07 22:50:49.083315575 +0100
-+++ systemd-203-patched/units/getty@.service.m4 2014-03-18 09:54:40.002476232 +0100
-@@ -23,7 +23,9 @@
- # On systems without virtual consoles, don't start any getty. (Note
- # that serial gettys are covered by serial-getty@.service, not this
- # unit
--ConditionPathExists=/dev/tty0
-+ConditionPathExists=|/dev/tty0
-+ConditionVirtualization=|lxc
-+ConditionVirtualization=|lxc-libvirt
-
- [Service]
- # the VT is cleared by TTYVTDisallocate
diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch
index 0ad420cd35cc..c33d05da55a6 100644
--- a/pkgs/os-specific/linux/systemd/fixes.patch
+++ b/pkgs/os-specific/linux/systemd/fixes.patch
@@ -1,144 +1,23 @@
-diff --git a/man/systemd.special.xml b/man/systemd.special.xml
-index 7164b1e..29401eb 100644
---- a/man/systemd.special.xml
-+++ b/man/systemd.special.xml
-@@ -381,7 +381,7 @@
- this unit during
- installation. This is best
- configured via
-- WantedBy=multi-uer.target
-+ WantedBy=multi-user.target
- in the unit's
- [Install]
- section.
-diff --git a/rules/80-net-name-slot.rules b/rules/80-net-name-slot.rules
-index 15b5bc4..c5f1b38 100644
---- a/rules/80-net-name-slot.rules
-+++ b/rules/80-net-name-slot.rules
-@@ -1,6 +1,6 @@
- # do not edit this file, it will be overwritten on update
-
--ACTION=="remove", GOTO="net_name_slot_end"
-+ACTION!="add", GOTO="net_name_slot_end"
- SUBSYSTEM!="net", GOTO="net_name_slot_end"
- NAME!="", GOTO="net_name_slot_end"
-
diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
-index d17bdd9..040b10e 100644
+index db72373..2fc12ca 100644
--- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in
@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
+ SUBSYSTEM=="block", KERNEL!="ram*", TAG+="systemd"
+ SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
-# Ignore encrypted devices with no identified superblock on it, since
-# we are probably still calling mke2fs or mkswap on it.
--SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
+-SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-
# Ignore raid devices that are not yet assembled and started
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
-diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
-index 82b02bb..7df9d01 100644
---- a/src/core/cgroup-semantics.c
-+++ b/src/core/cgroup-semantics.c
-@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
- }
-
- static const CGroupSemantics semantics[] = {
-- { "cpu", "cpu.shares", "CPUShare", false, parse_cpu_shares, NULL, NULL },
-+ { "cpu", "cpu.shares", "CPUShares", false, parse_cpu_shares, NULL, NULL },
- { "memory", "memory.soft_limit_in_bytes", "MemorySoftLimit", false, parse_memory_limit, NULL, NULL },
- { "memory", "memory.limit_in_bytes", "MemoryLimit", false, parse_memory_limit, NULL, NULL },
- { "devices", "devices.allow", "DeviceAllow", true, parse_device, map_device, NULL },
-diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h
-index 91d70e5..698102f 100644
---- a/src/core/dbus-execute.h
-+++ b/src/core/dbus-execute.h
-@@ -63,7 +63,7 @@
- " \n" \
- " \n" \
- " \n" \
-- " \n" \
-+ " \n" \
- " \n" \
- " \n" \
- " \n" \
-diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
-index 56b02a1..2b6d799 100644
---- a/src/core/dbus-manager.c
-+++ b/src/core/dbus-manager.c
-@@ -1550,7 +1550,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
- _cleanup_strv_free_ char **l = NULL;
- char **e = NULL;
-
-- SELINUX_ACCESS_CHECK(connection, message, "reboot");
-+ SELINUX_ACCESS_CHECK(connection, message, "reload");
-
- r = bus_parse_strv(message, &l);
- if (r == -ENOMEM)
-@@ -1577,7 +1577,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
- _cleanup_strv_free_ char **l = NULL;
- char **e = NULL;
-
-- SELINUX_ACCESS_CHECK(connection, message, "reboot");
-+ SELINUX_ACCESS_CHECK(connection, message, "reload");
-
- r = bus_parse_strv(message, &l);
- if (r == -ENOMEM)
-@@ -1605,7 +1605,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
- char **f = NULL;
- DBusMessageIter iter;
-
-- SELINUX_ACCESS_CHECK(connection, message, "reboot");
-+ SELINUX_ACCESS_CHECK(connection, message, "reload");
-
- if (!dbus_message_iter_init(message, &iter))
- goto oom;
-diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
-index 2e99fba..e72749a 100644
---- a/src/core/dbus-swap.c
-+++ b/src/core/dbus-swap.c
-@@ -93,6 +93,7 @@ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_swap_append_swap_result, swap_result,
- static const BusProperty bus_swap_properties[] = {
- { "What", bus_property_append_string, "s", offsetof(Swap, what), true },
- { "Priority", bus_swap_append_priority, "i", 0 },
-+ { "TimeoutUSec",bus_property_append_usec, "t", offsetof(Swap, timeout_usec)},
- BUS_EXEC_COMMAND_PROPERTY("ExecActivate", offsetof(Swap, exec_command[SWAP_EXEC_ACTIVATE]), false),
- BUS_EXEC_COMMAND_PROPERTY("ExecDeactivate", offsetof(Swap, exec_command[SWAP_EXEC_DEACTIVATE]), false),
- { "ControlPID", bus_property_append_pid, "u", offsetof(Swap, control_pid) },
diff --git a/src/core/main.c b/src/core/main.c
-index 7fc06be..101ce79 100644
+index 41605ee..8517369 100644
--- a/src/core/main.c
+++ b/src/core/main.c
-@@ -1590,14 +1590,14 @@ int main(int argc, char *argv[]) {
- log_error("Failed to adjust timer slack: %m");
-
- if (arg_capability_bounding_set_drop) {
-- r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
-+ r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
- if (r < 0) {
-- log_error("Failed to drop capability bounding set: %s", strerror(-r));
-+ log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
- goto finish;
- }
-- r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
-+ r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
- if (r < 0) {
-- log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
-+ log_error("Failed to drop capability bounding set: %s", strerror(-r));
- goto finish;
- }
- }
-@@ -1650,6 +1650,7 @@ int main(int argc, char *argv[]) {
- /* This will close all file descriptors that were opened, but
- * not claimed by any unit. */
- fdset_free(fds);
-+ fds = NULL;
-
- if (serialization) {
- fclose(serialization);
-@@ -1857,7 +1858,7 @@ finish:
+@@ -1883,7 +1883,7 @@ finish:
char_array_0(sfd);
i = 0;
@@ -147,69 +26,50 @@ index 7fc06be..101ce79 100644
if (switch_root_dir)
args[i++] = "--switched-root";
args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
-diff --git a/src/core/manager.c b/src/core/manager.c
-index c7f8f20..0508628 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) {
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 7c18a2b..eba67d5 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
+ int k;
- case SIGINT:
- if (m->running_as == SYSTEMD_SYSTEM) {
-- manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE);
-+ manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
- break;
- }
+ k = getpeercred(fd, &ucred);
+- if (k < 0)
++ if (k == -ENODATA) {
++ /* This handles the case where somebody is
++ * connecting from another pid/uid namespace
++ * (e.g. from outside of our container). */
++ if (asprintf(&r,
++ "%u-unknown",
++ nr) < 0)
++ return -ENOMEM;
++ }
++ else if (k < 0)
+ return k;
+-
+- if (asprintf(&r,
+- "%u-%lu-%lu",
+- nr,
+- (unsigned long) ucred.pid,
+- (unsigned long) ucred.uid) < 0)
+- return -ENOMEM;
+-
++ else {
++ if (asprintf(&r,
++ "%u-%lu-%lu",
++ nr,
++ (unsigned long) ucred.pid,
++ (unsigned long) ucred.uid) < 0)
++ return -ENOMEM;
++ }
+ break;
+ }
-diff --git a/src/core/service.c b/src/core/service.c
-index 3617c24..4d0e2ad 100644
---- a/src/core/service.c
-+++ b/src/core/service.c
-@@ -2642,6 +2642,9 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
- if (s->exec_context.var_tmp_dir)
- unit_serialize_item(u, f, "var-tmp-dir", s->exec_context.var_tmp_dir);
-
-+ if (s->forbid_restart)
-+ unit_serialize_item(u, f, "forbid-restart", yes_no(s->forbid_restart));
-+
- return 0;
- }
-
-@@ -2776,6 +2779,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
- return log_oom();
-
- s->exec_context.var_tmp_dir = t;
-+ } else if (streq(key, "forbid-restart")) {
-+ int b;
-+
-+ b = parse_boolean(value);
-+ if (b < 0)
-+ log_debug_unit(u->id, "Failed to parse forbid-restart value %s", value);
-+ else
-+ s->forbid_restart = b;
- } else
- log_debug_unit(u->id, "Unknown serialization key '%s'", key);
-
-diff --git a/src/core/snapshot.c b/src/core/snapshot.c
-index a63eccd..a6807eb 100644
---- a/src/core/snapshot.c
-+++ b/src/core/snapshot.c
-@@ -217,8 +217,10 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn
- if (asprintf(&n, "snapshot-%u.snapshot", ++ m->n_snapshots) < 0)
- return -ENOMEM;
-
-- if (!manager_get_unit(m, n))
-+ if (!manager_get_unit(m, n)) {
-+ name = n;
- break;
-+ }
-
- free(n);
- }
diff --git a/src/core/umount.c b/src/core/umount.c
-index 1e95ad7..9f0e471 100644
+index d1258f0..0311812 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
-@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
+@@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
* anyway, since we are running from it. They have
* already been remounted ro. */
if (path_equal(m->path, "/")
@@ -218,285 +78,31 @@ index 1e95ad7..9f0e471 100644
#ifndef HAVE_SPLIT_USR
|| path_equal(m->path, "/usr")
#endif
-diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
-index 81b7708..edd0b40 100644
---- a/src/cryptsetup/cryptsetup-generator.c
-+++ b/src/cryptsetup/cryptsetup-generator.c
-@@ -111,6 +111,7 @@ static int create_disk(
- "Conflicts=umount.target\n"
- "DefaultDependencies=no\n"
- "BindsTo=dev-mapper-%i.device\n"
-+ "IgnoreOnIsolate=true\n"
- "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
- f);
-
-diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
-index c17299f..6b3e67e 100644
---- a/src/fstab-generator/fstab-generator.c
-+++ b/src/fstab-generator/fstab-generator.c
-@@ -351,7 +351,7 @@ static int add_mount(
-
- if (automount && !path_equal(where, "/")) {
- automount_name = unit_name_from_path(where, ".automount");
-- if (!name)
-+ if (!automount_name)
- return log_oom();
-
- automount_unit = strjoin(arg_dest, "/", automount_name, NULL);
-@@ -596,9 +596,9 @@ static int parse_proc_cmdline(void) {
- } else if (startswith(word, "rd.fstab=")) {
-
- if (in_initrd()) {
-- r = parse_boolean(word + 6);
-+ r = parse_boolean(word + 9);
- if (r < 0)
-- log_warning("Failed to parse fstab switch %s. Ignoring.", word + 6);
-+ log_warning("Failed to parse fstab switch %s. Ignoring.", word + 9);
- else
- arg_enabled = r;
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index 9a9ed9d..9e46e18 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) {
+ goto finish;
}
-diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
-index 38499a6..bb80905 100644
---- a/src/journal/journal-file.c
-+++ b/src/journal/journal-file.c
-@@ -907,6 +907,8 @@ static int journal_file_append_field(
+ } else {
++#if 0
+ const char *p;
- osize = offsetof(Object, field.payload) + size;
- r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p);
-+ if (r < 0)
-+ return r;
+ p = strappenda(arg_directory,
+@@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) {
+ goto finish;
- o->field.hash = htole64(hash);
- memcpy(o->field.payload, field, size);
-diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
-index 88163c0..e09ba4c 100644
---- a/src/journal/journald-server.c
-+++ b/src/journal/journald-server.c
-@@ -333,8 +333,10 @@ void server_rotate(Server *s) {
- if (r < 0)
- if (f)
- log_error("Failed to rotate %s: %s", f->path, strerror(-r));
-- else
-+ else {
- log_error("Failed to create user journal: %s", strerror(-r));
-+ hashmap_remove(s->user_journals, k);
-+ }
- else {
- hashmap_replace(s->user_journals, k, f);
- server_fix_perms(s, f, PTR_TO_UINT32(k));
-@@ -975,7 +977,8 @@ int process_event(Server *s, struct epoll_event *ev) {
- ssize_t n;
-
- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "signal fd", ev->events);
- return -EIO;
+ }
++#endif
}
-
-@@ -1024,8 +1027,12 @@ int process_event(Server *s, struct epoll_event *ev) {
- } else if (ev->data.fd == s->dev_kmsg_fd) {
- int r;
-
-- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ if (ev->events & EPOLLERR)
-+ log_warning("/dev/kmsg buffer overrun, some messages lost.");
-+
-+ if (!(ev->events & EPOLLIN)) {
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "/dev/kmsg", ev->events);
- return -EIO;
- }
-
-@@ -1039,7 +1046,9 @@ int process_event(Server *s, struct epoll_event *ev) {
- ev->data.fd == s->syslog_fd) {
-
- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ ev->data.fd == s->native_fd ? "native fd" : "syslog fd",
-+ ev->events);
- return -EIO;
- }
-
-@@ -1140,12 +1149,7 @@ int process_event(Server *s, struct epoll_event *ev) {
- char *e;
-
- if (n > 0 && n_fds == 0) {
-- e = memchr(s->buffer, '\n', n);
-- if (e)
-- *e = 0;
-- else
-- s->buffer[n] = 0;
--
-+ s->buffer[n] = 0;
- server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
- } else if (n_fds > 0)
- log_warning("Got file descriptors via syslog socket. Ignoring.");
-@@ -1167,7 +1171,8 @@ int process_event(Server *s, struct epoll_event *ev) {
- } else if (ev->data.fd == s->stdout_fd) {
-
- if (ev->events != EPOLLIN) {
-- log_error("Got invalid event from epoll.");
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "stdout fd", ev->events);
- return -EIO;
- }
-
-@@ -1178,6 +1183,8 @@ int process_event(Server *s, struct epoll_event *ev) {
- StdoutStream *stream;
-
- if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
-+ log_error("Got invalid event from epoll for %s: %"PRIx32,
-+ "stdout stream", ev->events);
- log_error("Got invalid event from epoll.");
- return -EIO;
- }
-diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
-index 54bf114..bd197d0 100644
---- a/src/journal/mmap-cache.c
-+++ b/src/journal/mmap-cache.c
-@@ -308,9 +308,13 @@ static void mmap_cache_free(MMapCache *m) {
- while ((c = hashmap_first(m->contexts)))
- context_free(c);
-
-+ hashmap_free(m->contexts);
-+
- while ((f = hashmap_first(m->fds)))
- fd_free(f);
-
-+ hashmap_free(m->fds);
-+
- while (m->unused)
- window_free(m->unused);
-
-diff --git a/src/libsystemd-bus/bus-internal.c b/src/libsystemd-bus/bus-internal.c
-index 0e66f3d..cac948e 100644
---- a/src/libsystemd-bus/bus-internal.c
-+++ b/src/libsystemd-bus/bus-internal.c
-@@ -63,7 +63,7 @@ bool object_path_is_valid(const char *p) {
-
- bool interface_name_is_valid(const char *p) {
- const char *q;
-- bool dot, found_dot;
-+ bool dot, found_dot = false;
-
- if (isempty(p))
- return false;
-@@ -103,7 +103,7 @@ bool interface_name_is_valid(const char *p) {
-
- bool service_name_is_valid(const char *p) {
- const char *q;
-- bool dot, found_dot, unique;
-+ bool dot, found_dot = false, unique;
-
- if (isempty(p))
- return false;
-diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
-index 7d6d848..b0eb2f1 100644
---- a/src/libsystemd-bus/sd-bus.c
-+++ b/src/libsystemd-bus/sd-bus.c
-@@ -1088,11 +1088,11 @@ static int dispatch_rqueue(sd_bus *bus, sd_bus_message **m) {
- if (r == 0)
- return ret;
-
-- r = 1;
-+ ret = 1;
- } while (!z);
-
- *m = z;
-- return 1;
-+ return ret;
- }
-
- int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
-diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
-index 5ccaabd..100c1fb 100644
---- a/src/libudev/libudev-enumerate.c
-+++ b/src/libudev/libudev-enumerate.c
-@@ -299,7 +299,7 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
- /* skip to be delayed devices, and move the to
- * the point where the prefix changes. We can
- * only move one item at a time. */
-- if (!move_later) {
-+ if (move_later == -1) {
- move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
-
- if (move_later_prefix > 0) {
-@@ -718,6 +718,8 @@ static bool match_subsystem(struct udev_enumerate *udev_enumerate, const char *s
- {
- struct udev_list_entry *list_entry;
-
-+ subsystem = subsystem ? : "";
-+
- udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_enumerate->subsystem_nomatch_list)) {
- if (fnmatch(udev_list_entry_get_name(list_entry), subsystem, 0) == 0)
- return false;
-@@ -826,23 +828,27 @@ nomatch:
- static int parent_add_child(struct udev_enumerate *enumerate, const char *path)
- {
- struct udev_device *dev;
-+ int r = 0;
-
- dev = udev_device_new_from_syspath(enumerate->udev, path);
- if (dev == NULL)
- return -ENODEV;
-
- if (!match_subsystem(enumerate, udev_device_get_subsystem(dev)))
-- return 0;
-+ goto nomatch;
- if (!match_sysname(enumerate, udev_device_get_sysname(dev)))
-- return 0;
-+ goto nomatch;
- if (!match_property(enumerate, dev))
-- return 0;
-+ goto nomatch;
- if (!match_sysattr(enumerate, dev))
-- return 0;
-+ goto nomatch;
-
- syspath_add(enumerate, udev_device_get_syspath(dev));
-+ r = 1;
-+
-+nomatch:
- udev_device_unref(dev);
-- return 1;
-+ return r;
- }
-
- static int parent_crawl_children(struct udev_enumerate *enumerate, const char *path, int maxdepth)
-diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym
-index 8e09430..1e6f885 100644
---- a/src/libudev/libudev.sym
-+++ b/src/libudev/libudev.sym
-@@ -109,5 +109,6 @@ global:
- } LIBUDEV_189;
-
- LIBUDEV_199 {
-+global:
- udev_device_set_sysattr_value;
- } LIBUDEV_196;
-diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
-index 7b19ee0..49ee420 100644
---- a/src/modules-load/modules-load.c
-+++ b/src/modules-load/modules-load.c
-@@ -302,8 +302,8 @@ int main(int argc, char *argv[]) {
-
- STRV_FOREACH(i, arg_proc_cmdline_modules) {
- k = load_module(ctx, *i);
-- if (k < 0)
-- r = EXIT_FAILURE;
-+ if (k < 0 && r == 0)
-+ r = k;
- }
-
- r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
+ } else {
+ char template[] = "/tmp/nspawn-root-XXXXXX";
diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
-index b1ef912..4f2ab5c 100644
+index d61ecdf..228a3a4 100644
--- a/src/nss-myhostname/netlink.c
+++ b/src/nss-myhostname/netlink.c
-@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
+@@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
continue;
@@ -507,174 +113,45 @@ index b1ef912..4f2ab5c 100644
if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
continue;
-diff --git a/src/shared/efivars.c b/src/shared/efivars.c
-index 8d004ba..99340c9 100644
---- a/src/shared/efivars.c
-+++ b/src/shared/efivars.c
-@@ -383,7 +383,8 @@ int efi_get_boot_options(uint16_t **options) {
- list[count ++] = id;
- }
-
-- qsort(list, count, sizeof(uint16_t), cmp_uint16);
-+ if (list)
-+ qsort(list, count, sizeof(uint16_t), cmp_uint16);
-
- *options = list;
- return count;
-diff --git a/src/shared/env-util.c b/src/shared/env-util.c
-index 6a52fb9..598222c 100644
---- a/src/shared/env-util.c
-+++ b/src/shared/env-util.c
-@@ -406,7 +406,9 @@ char **strv_env_clean_log(char **e, const char *message) {
- e[k++] = *p;
- }
-
-- e[k] = NULL;
-+ if (e)
-+ e[k] = NULL;
-+
- return e;
- }
-
-diff --git a/src/shared/log.c b/src/shared/log.c
-index 27317f7..8f4995a 100644
---- a/src/shared/log.c
-+++ b/src/shared/log.c
-@@ -115,16 +115,20 @@ void log_close_syslog(void) {
-
- static int create_log_socket(int type) {
- int fd;
-+ struct timeval tv;
-
-- /* All output to the syslog/journal fds we do asynchronously,
-- * and if the buffers are full we just drop the messages */
--
-- fd = socket(AF_UNIX, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
-+ fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
- if (fd < 0)
- return -errno;
-
- fd_inc_sndbuf(fd, SNDBUF_SIZE);
-
-+ /* We need a blocking fd here since we'd otherwise lose
-+ messages way too early. However, let's not hang forever in the
-+ unlikely case of a deadlock. */
-+ timeval_store(&tv, 1*USEC_PER_MINUTE);
-+ setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
-+
- return fd;
- }
-
-diff --git a/src/shared/polkit.c b/src/shared/polkit.c
-index cea7074..1c5e9e3 100644
---- a/src/shared/polkit.c
-+++ b/src/shared/polkit.c
-@@ -38,12 +38,8 @@ int verify_polkit(
-
- #ifdef ENABLE_POLKIT
- DBusMessage *m = NULL, *reply = NULL;
-- const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
-+ const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
- uint32_t flags = interactive ? 1 : 0;
-- pid_t pid_raw;
-- uint32_t pid_u32;
-- unsigned long long starttime_raw;
-- uint64_t starttime_u64;
- DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
- int r;
- dbus_bool_t authorized = FALSE, challenge = FALSE;
-@@ -68,14 +64,6 @@ int verify_polkit(
-
- #ifdef ENABLE_POLKIT
-
-- pid_raw = bus_get_unix_process_id(c, sender, error);
-- if (pid_raw == 0)
-- return -EINVAL;
--
-- r = get_starttime_of_pid(pid_raw, &starttime_raw);
-- if (r < 0)
-- return r;
--
- m = dbus_message_new_method_call(
- "org.freedesktop.PolicyKit1",
- "/org/freedesktop/PolicyKit1/Authority",
-@@ -86,22 +74,13 @@ int verify_polkit(
-
- dbus_message_iter_init_append(m, &iter_msg);
-
-- pid_u32 = (uint32_t) pid_raw;
-- starttime_u64 = (uint64_t) starttime_raw;
--
- if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
-- !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
-+ !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
- !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
-- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
-- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
-- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
-- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
-- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
-- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
-- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
-- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
-- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
-+ !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
-+ !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
-+ !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
- !dbus_message_iter_close_container(&iter_struct, &iter_array) ||
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
-index 3cca861..f6052dd 100644
+index 0887bc3..6b502ce 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
-@@ -1482,7 +1482,7 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
-
- } else if (dbus_message_is_signal(message, "org.freedesktop.systemd1.Manager", "JobRemoved")) {
- uint32_t id;
-- const char *path, *result, *unit;
-+ const char *path, *result, *unit, *r;
-
- if (dbus_message_get_args(message, &error,
- DBUS_TYPE_UINT32, &id,
-@@ -1491,7 +1491,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
- DBUS_TYPE_STRING, &result,
- DBUS_TYPE_INVALID)) {
-
-- free(set_remove(d->set, (char*) path));
-+ r = set_remove(d->set, (char*) path);
-+ if (!r)
-+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-+
-+ free(r);
-
- if (!isempty(result))
- d->result = strdup(result);
-@@ -1511,7 +1515,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
- /* Compatibility with older systemd versions <
- * 183 during upgrades. This should be dropped
- * one day. */
-- free(set_remove(d->set, (char*) path));
-+ r = set_remove(d->set, (char*) path);
-+ if (!r)
-+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-+
-+ free(r);
-
- if (*result)
- d->result = strdup(result);
-@@ -1867,7 +1875,7 @@ static int start_unit_one(
- return log_oom();
+@@ -2561,7 +2561,7 @@ static int start_unit_one(
+ log_debug("Adding %s to the set", p);
r = set_consume(s, p);
-- if (r < 0) {
-+ if (r < 0 && r != -EEXIST) {
- log_error("Failed to add path to set.");
- return r;
- }
+- if (r < 0)
++ if (r < 0 && r != -EEXIST)
+ return log_oom();
+ }
+
+diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in
+index 8ac51a4..cae9fb5 100644
+--- a/units/console-getty.service.m4.in
++++ b/units/console-getty.service.m4.in
+@@ -15,7 +15,6 @@ After=rc-local.service
+ Before=getty.target
+
+ [Service]
+-ExecStart=-/sbin/agetty --noclear --keep-baud console 115200,38400,9600 $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
+diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in
+index 4f7794b..bad2a9a 100644
+--- a/units/container-getty@.service.m4.in
++++ b/units/container-getty@.service.m4.in
+@@ -16,7 +16,6 @@ Before=getty.target
+ IgnoreOnIsolate=yes
+
+ [Service]
+-ExecStart=-/sbin/agetty --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
diff --git a/units/emergency.service.in b/units/emergency.service.in
-index 442f0e0..6b7eafd 100644
+index 94c090f..0d20640 100644
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@@ -15,7 +15,6 @@ Before=shutdown.target
@@ -685,30 +162,61 @@ index 442f0e0..6b7eafd 100644
ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
ExecStart=-/sbin/sulogin
ExecStopPost=@SYSTEMCTL@ --fail --no-block default
+diff --git a/units/getty@.service.m4 b/units/getty@.service.m4
+index aa853b8..8bcc647 100644
+--- a/units/getty@.service.m4
++++ b/units/getty@.service.m4
+@@ -23,11 +23,12 @@ IgnoreOnIsolate=yes
+ # On systems without virtual consoles, don't start any getty. Note
+ # that serial gettys are covered by serial-getty@.service, not this
+ # unit.
+-ConditionPathExists=/dev/tty0
++ConditionPathExists=|/dev/tty0
++ConditionVirtualization=|lxc
++ConditionVirtualization=|lxc-libvirt
+
+ [Service]
+ # the VT is cleared by TTYVTDisallocate
+-ExecStart=-/sbin/agetty --noclear %I $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
+diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
+index 368f980..d0c1bd2 100644
+--- a/units/kmod-static-nodes.service.in
++++ b/units/kmod-static-nodes.service.in
+@@ -10,7 +10,6 @@ Description=Create list of required static device nodes for the current kernel
+ DefaultDependencies=no
+ Before=sysinit.target systemd-tmpfiles-setup-dev.service
+ ConditionCapability=CAP_MKNOD
+-ConditionPathExists=/lib/modules/%v/modules.devname
+
+ [Service]
+ Type=oneshot
diff --git a/units/local-fs.target b/units/local-fs.target
-index 18c3d74..a09054c 100644
+index ae3cedc..0e36840 100644
--- a/units/local-fs.target
+++ b/units/local-fs.target
-@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7)
- After=local-fs-pre.target
+@@ -13,3 +13,5 @@ DefaultDependencies=no
+ Conflicts=shutdown.target
OnFailure=emergency.target
- OnFailureIsolate=no
+ OnFailureJobMode=replace-irreversibly
+
+X-StopOnReconfiguration=yes
diff --git a/units/remote-fs.target b/units/remote-fs.target
-index 09213e8..47b4cf5 100644
+index 43ffa5c..156a681 100644
--- a/units/remote-fs.target
+++ b/units/remote-fs.target
-@@ -10,5 +10,7 @@ Description=Remote File Systems
- Documentation=man:systemd.special(7)
- After=remote-fs-pre.target
+@@ -12,5 +12,7 @@ After=remote-fs-pre.target
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+X-StopOnReconfiguration=yes
+
[Install]
WantedBy=multi-user.target
diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
-index 269797a..2c640f4 100644
+index 552ef89..af3915f 100644
--- a/units/rescue.service.m4.in
+++ b/units/rescue.service.m4.in
@@ -16,7 +16,6 @@ Before=shutdown.target
@@ -719,6 +227,18 @@ index 269797a..2c640f4 100644
ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
ExecStart=-/sbin/sulogin
ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
+diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
+index 4ac51e7..86a3b59 100644
+--- a/units/serial-getty@.service.m4
++++ b/units/serial-getty@.service.m4
+@@ -22,7 +22,6 @@ Before=getty.target
+ IgnoreOnIsolate=yes
+
+ [Service]
+-ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
+ Type=idle
+ Restart=always
+ RestartSec=0
diff --git a/units/sysinit.target b/units/sysinit.target
index 8f4fb8f..e0f0147 100644
--- a/units/sysinit.target
@@ -731,11 +251,20 @@ index 8f4fb8f..e0f0147 100644
-After=local-fs.target swap.target emergency.service emergency.target
+After=emergency.service emergency.target
RefuseManualStart=yes
+diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in
+index e945d87..77728f2 100644
+--- a/units/systemd-backlight@.service.in
++++ b/units/systemd-backlight@.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-backlight load %i
+ ExecStop=@rootlibexecdir@/systemd-backlight save %i
++X-RestartIfChanged=false
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
-index ab2e50c..9563a7d 100644
+index de93879..c9a49f3 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
-@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
+@@ -25,3 +25,8 @@ WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous
# services being run since we keep one fd open per service.
LimitNOFILE=16384
@@ -744,6 +273,33 @@ index ab2e50c..9563a7d 100644
+# journald to stop logging (see
+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
+X-RestartIfChanged=no
+diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in
+index 1879b2f..9b895b9 100644
+--- a/units/systemd-random-seed.service.in
++++ b/units/systemd-random-seed.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-random-seed load
+ ExecStop=@rootlibexecdir@/systemd-random-seed save
++X-RestartIfChanged=false
+diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill@.service.in
+index 9d264a2..c505535 100644
+--- a/units/systemd-rfkill@.service.in
++++ b/units/systemd-rfkill@.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-rfkill load %I
+ ExecStop=@rootlibexecdir@/systemd-rfkill save %I
++X-RestartIfChanged=false
+diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in
+index da7dda7..4cc550d 100644
+--- a/units/systemd-update-utmp.service.in
++++ b/units/systemd-update-utmp.service.in
+@@ -19,3 +19,4 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-update-utmp reboot
+ ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown
++X-RestartIfChanged=false
diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
index 0869e73..b6ed958 100644
--- a/units/systemd-user-sessions.service.in
diff --git a/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch b/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch
deleted file mode 100644
index 7cde2260189a..000000000000
--- a/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Based on a patch for udev in
-nixpkgs(upstart)/pkgs/os-specific/linux/udev/pre-accept4-kernel.patch
-
-It was taken from:
-https://github.com/archlinuxarm/PKGBUILDs/blob/master/core/udev-oxnas/pre-accept4-kernel.patch
-
-Basically, ARM implemented accept4() only in 2.6.36. Nixpkgs now uses
-linux headers from 2.6.35. And the particular nixpkgs glibc version had a bug,
-not checking about 2.6.36 for accept4 on arm.
-
-diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
-index 7b88f74..a9f7b62 100644
---- a/src/journal/journald-stream.c
-+++ b/src/journal/journald-stream.c
-@@ -347,10 +347,12 @@ int stdout_stream_new(Server *s) {
- int fd, r;
- socklen_t len;
- struct epoll_event ev;
-+ int flgs;
-
- assert(s);
-
-- fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
-+ //fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
-+ fd = accept(s->stdout_fd, NULL, NULL);
- if (fd < 0) {
- if (errno == EAGAIN)
- return 0;
-@@ -359,6 +361,11 @@ int stdout_stream_new(Server *s) {
- return -errno;
- }
-
-+ // Since we don't have accept4
-+ flgs = fcntl(fd, F_GETFL, NULL);
-+ if(flgs >= 0) fcntl(fd, F_SETFL, flgs | O_NONBLOCK);
-+ fcntl(fd, F_SETFD, FD_CLOEXEC);
-+
- if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
- log_warning("Too many stdout streams, refusing connection.");
- close_nointr_nofail(fd);
-diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
-index a235912..c05e4b4 100644
---- a/src/udev/udev-ctrl.c
-+++ b/src/udev/udev-ctrl.c
-@@ -15,6 +15,7 @@
- #include
- #include
- #include
-+#include
- #include
- #include
- #include
-@@ -181,6 +182,7 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
- struct ucred ucred;
- socklen_t slen;
- const int on = 1;
-+ int flgs;
-
- conn = calloc(1, sizeof(struct udev_ctrl_connection));
- if (conn == NULL)
-@@ -188,13 +190,19 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
- conn->refcount = 1;
- conn->uctrl = uctrl;
-
-- conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
-+ //conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
-+ conn->sock = accept(uctrl->sock, NULL, NULL);
- if (conn->sock < 0) {
- if (errno != EINTR)
- log_error("unable to receive ctrl connection: %m\n");
- goto err;
- }
-
-+ // Since we don't have accept4
-+ flgs = fcntl(conn->sock, F_GETFL, NULL);
-+ if(flgs >= 0) fcntl(conn->sock, F_SETFL, flgs | O_NONBLOCK);
-+ fcntl(conn->sock, F_SETFD, FD_CLOEXEC);
-+
- /* check peer credential of connection */
- slen = sizeof(ucred);
- if (getsockopt(conn->sock, SOL_SOCKET, SO_PEERCRED, &ucred, &slen) < 0) {
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix
index ec43ee1e64f4..cdc384f3ee8c 100644
--- a/pkgs/os-specific/linux/util-linux/default.nix
+++ b/pkgs/os-specific/linux/util-linux/default.nix
@@ -1,13 +1,11 @@
{ stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam }:
-let
- ver = "2.24";
-in
+
stdenv.mkDerivation rec {
- name = "util-linux-${ver}";
+ name = "util-linux-2.24.1";
src = fetchurl {
- url = "http://www.kernel.org/pub/linux/utils/util-linux/v${ver}/${name}.tar.bz2";
- sha256 = "1nfnymj03rdcxjb677a9qq1zirppr8csh32cb85qm23x5xndi6v3";
+ url = "http://www.kernel.org/pub/linux/utils/util-linux/v2.24/${name}.tar.xz";
+ sha256 = "0444xhfm9525v3aagyfbp38mp7xsw2fn9zg4ya713c7s5hivcpl3";
};
crossAttrs = {
@@ -19,8 +17,6 @@ stdenv.mkDerivation rec {
# (/sbin/mount.*) through an environment variable, but that's
# somewhat risky because we have to consider that mount can setuid
# root...
- # --enable-libmount-mount fixes the behaviour being /etc/mtab a symlink to /proc/monunts
- # http://pl.digipedia.org/usenet/thread/19513/1924/
configureFlags = ''
--enable-write
--enable-last
diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix
index 0ec14c8d62cd..c341cd691501 100644
--- a/pkgs/servers/x11/xorg/default.nix
+++ b/pkgs/servers/x11/xorg/default.nix
@@ -1960,11 +1960,11 @@ let
})) // {inherit ;};
xorgserver = (stdenv.mkDerivation ((if overrides ? xorgserver then overrides.xorgserver else x: x) {
- name = "xorg-server-1.14.5";
+ name = "xorg-server-1.14.6";
builder = ./builder.sh;
src = fetchurl {
- url = mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2;
- sha256 = "1lb1fkscy7nwnabfj0d2shvxga16i047g11if18plj0n2jzhc3wd";
+ url = mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2;
+ sha256 = "0c57vp1z0p38dj5gfipkmlw6bvbz1mrr0sb3sbghdxxdyq4kzcz8";
};
buildInputs = [pkgconfig renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ];
})) // {inherit renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ;};
diff --git a/pkgs/servers/x11/xorg/tarballs-7.7.list b/pkgs/servers/x11/xorg/tarballs-7.7.list
index a3faf2569264..74aa31ea9356 100644
--- a/pkgs/servers/x11/xorg/tarballs-7.7.list
+++ b/pkgs/servers/x11/xorg/tarballs-7.7.list
@@ -170,7 +170,7 @@ mirror://xorg/X11R7.7/src/everything/xlsatoms-1.1.1.tar.bz2
mirror://xorg/individual/app/xlsclients-1.1.3.tar.bz2
mirror://xorg/individual/app/xmodmap-1.0.8.tar.bz2
mirror://xorg/X11R7.7/src/everything/xorg-docs-1.7.tar.bz2
-mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2
+mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2
mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2
mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2
mirror://xorg/individual/app/xprop-1.2.2.tar.bz2
diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix
index 4ee9251f4bb8..b0031178bbd4 100644
--- a/pkgs/stdenv/generic/default.nix
+++ b/pkgs/stdenv/generic/default.nix
@@ -58,16 +58,14 @@ let
pos' = if pos != null then "‘" + pos.file + ":" + toString pos.line + "’" else "«unknown-file»";
in
if !allowUnfree && (let l = lib.lists.toList attrs.meta.license or []; in lib.lists.elem "unfree" l || lib.lists.elem "unfree-redistributable" l) then
- throw ''package ‘${attrs.name}’ in ${pos'} has an unfree license, refusing to evaluate.
- You can set
- { nixpkgs.config.allowUnfree = true; }
- in configuration.nix to override this.
- If you use Nix standalone, you can add
- { config.allowUnfree = true; }
- to ~/.nixpkgs/config.nix or pass
- --arg config '{ allowUnfree = true; }'
- on the command line.
- ''
+ throw ''
+ Package ‘${attrs.name}’ in ${pos'} has an unfree license, refusing to evaluate. You can set
+ { nixpkgs.config.allowUnfree = true; }
+ in configuration.nix to override this. If you use Nix standalone, you can add
+ { config.allowUnfree = true; }
+ to ~/.nixpkgs/config.nix or pass
+ --arg config '{ allowUnfree = true; }'
+ on the command line.''
else if !allowBroken && attrs.meta.broken or false then
throw "you can't use package ‘${attrs.name}’ in ${pos'} because it has been marked as broken"
else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem result.system attrs.meta.platforms then
diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix
index 758e3fd79805..d247dbe38aa6 100644
--- a/pkgs/tools/networking/dhcpcd/default.nix
+++ b/pkgs/tools/networking/dhcpcd/default.nix
@@ -1,11 +1,11 @@
{ stdenv, fetchurl, pkgconfig, udev }:
stdenv.mkDerivation rec {
- name = "dhcpcd-6.2.1";
+ name = "dhcpcd-6.3.2";
src = fetchurl {
url = "http://roy.marples.name/downloads/dhcpcd/${name}.tar.bz2";
- sha256 = "1gs23zwhzml2aam4j6rdncaqfv3z5n1ifx6lq4b8ccifqa87gbga";
+ sha256 = "1v2m5wdr6x5cz6i0n1y63am9dhj5j7ylrk717scjgwwjdbq1x75n";
};
patches = [ ./lxc_ro_promote_secondaries.patch ];
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5d1961996155..1dd605840966 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -829,8 +829,6 @@ let
dhcpcd = callPackage ../tools/networking/dhcpcd { };
- dhcpcd_without_udev = callPackage ../tools/networking/dhcpcd { udev = null; };
-
diffstat = callPackage ../tools/text/diffstat { };
diffutils = callPackage ../tools/text/diffutils { };
@@ -4192,10 +4190,11 @@ let
dbus_glib = callPackage ../development/libraries/dbus-glib { };
dbus_java = callPackage ../development/libraries/java/dbus-java { };
dbus_python = callPackage ../development/python-modules/dbus { };
+
# Should we deprecate these? Currently there are many references.
- dbus_tools = dbus.tools;
- dbus_libs = dbus.libs;
- dbus_daemon = dbus.daemon;
+ dbus_tools = pkgs.dbus.tools;
+ dbus_libs = pkgs.dbus.libs;
+ dbus_daemon = pkgs.dbus.daemon;
dhex = callPackage ../applications/editors/dhex { };
@@ -6869,23 +6868,23 @@ let
libnl = callPackage ../os-specific/linux/libnl { };
libnl_3_2_19 = callPackage ../os-specific/linux/libnl/3.2.19.nix { };
- linuxHeaders = linuxHeaders37;
-
linuxConsoleTools = callPackage ../os-specific/linux/consoletools { };
- linuxHeaders26 = callPackage ../os-specific/linux/kernel-headers/2.6.32.nix { };
+ linuxHeaders = linuxHeaders_3_7;
- linuxHeaders37 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { };
+ linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix {
+ inherit stdenv fetchurl perl;
+ cross = assert crossSystem != null; crossSystem;
+ });
linuxHeaders26Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.6.32.nix {
inherit stdenv fetchurl perl;
cross = assert crossSystem != null; crossSystem;
});
- linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix {
- inherit stdenv fetchurl perl;
- cross = assert crossSystem != null; crossSystem;
- });
+ linuxHeaders_3_7 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { };
+
+ linuxHeaders_3_14 = callPackage ../os-specific/linux/kernel-headers/3.14.nix { };
# We can choose:
linuxHeadersCrossChooser = ver : if ver == "2.4" then linuxHeaders24Cross
@@ -6895,8 +6894,6 @@ let
linuxHeadersCross = assert crossSystem != null;
linuxHeadersCrossChooser crossSystem.platform.kernelMajor;
- linuxHeaders_2_6_28 = callPackage ../os-specific/linux/kernel-headers/2.6.28.nix { };
-
kernelPatches = callPackage ../os-specific/linux/kernel/patches.nix { };
linux_3_2 = makeOverridable (import ../os-specific/linux/kernel/linux-3.2.nix) {
@@ -7005,6 +7002,8 @@ let
cryptodev = callPackage ../os-specific/linux/cryptodev { };
+ cpupower = callPackage ../os-specific/linux/cpupower { };
+
e1000e = callPackage ../os-specific/linux/e1000e {};
v4l2loopback = callPackage ../os-specific/linux/v4l2loopback { };
@@ -7262,7 +7261,9 @@ let
sysstat = callPackage ../os-specific/linux/sysstat { };
- systemd = callPackage ../os-specific/linux/systemd { };
+ systemd = callPackage ../os-specific/linux/systemd {
+ linuxHeaders = linuxHeaders_3_14;
+ };
systemtap = callPackage ../development/tools/profiling/systemtap {
inherit (gnome) libglademm;