From d2ee6e6a247094d91f3e94954ec0fa799aac6e1c Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Tue, 18 Mar 2014 02:33:31 -0500 Subject: [PATCH 01/94] stage 1: Remove scsi_wait_scan as it is not supported after kernel 3.7 --- nixos/modules/system/boot/stage-1-init.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index d0f4576f8112..216937a619b1 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -139,8 +139,6 @@ mkdir -p /dev/.mdadm systemd-udevd --daemon udevadm trigger --action=add udevadm settle || true -modprobe scsi_wait_scan || true -udevadm settle || true # Load boot-time keymap before any LVM/LUKS initialization From 0fc9f65ff28abda378e8c7967804e3cf05351ba7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 15 Apr 2014 16:50:29 +0200 Subject: [PATCH 02/94] linux-headers-2.6.28: Remove, no longer used --- .../linux/kernel-headers/2.6.28.nix | 61 ------------------- pkgs/top-level/all-packages.nix | 16 ++--- 2 files changed, 6 insertions(+), 71 deletions(-) delete mode 100644 pkgs/os-specific/linux/kernel-headers/2.6.28.nix diff --git a/pkgs/os-specific/linux/kernel-headers/2.6.28.nix b/pkgs/os-specific/linux/kernel-headers/2.6.28.nix deleted file mode 100644 index 1ba03010f8ab..000000000000 --- a/pkgs/os-specific/linux/kernel-headers/2.6.28.nix +++ /dev/null @@ -1,61 +0,0 @@ -{stdenv, fetchurl, perl, cross ? null}: - -assert cross == null -> stdenv.isLinux; - -let version = "2.6.28.5"; in - -stdenv.mkDerivation { - name = "linux-headers-${version}"; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v2.6/linux-${version}.tar.bz2"; - sha256 = "0hifjh75sinifr5138v22zwbpqln6lhn65k8b57a1dyzlqca7cl9"; - }; - - targetConfig = if cross != null then cross.config else null; - - platform = - if cross != null then cross.arch else - if stdenv.system == "i686-linux" then "i386" else - if stdenv.system == "x86_64-linux" then "x86_64" else - if stdenv.system == "powerpc-linux" then "powerpc" else - if stdenv.isArm then "arm" else - if stdenv.system == "mips64el-linux" then "mips" else - abort "don't know what the kernel include directory is called for this platform"; - - buildInputs = [perl]; - - extraIncludeDirs = - if cross != null then - (if cross.arch == "powerpc" then ["ppc"] else []) - else if stdenv.system == "powerpc-linux" then ["ppc"] else []; - - patchPhase = '' - patch --verbose -p1 < "${./unifdef-getline.patch}" - sed -i '/scsi/d' include/Kbuild - sed -i 's|/ %/: prepare scripts FORCE|%/: prepare scripts FORCE|' Makefile - ''; - - buildPhase = '' - if test -n "$targetConfig"; then - export ARCH=$platform - fi - make mrproper headers_check - ''; - - installPhase = '' - make INSTALL_HDR_PATH=$out headers_install - - # Some builds (e.g. KVM) want a kernel.release. - mkdir -p $out/include/config - echo "${version}-default" > $out/include/config/kernel.release - ''; - - # !!! hacky - fixupPhase = '' - ln -s asm $out/include/asm-$platform - if test "$platform" = "i386" -o "$platform" = "x86_64"; then - ln -s asm $out/include/asm-x86 - fi - ''; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 743d699ee876..f5977e400f4a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6874,23 +6874,21 @@ let libnl = callPackage ../os-specific/linux/libnl { }; libnl_3_2_19 = callPackage ../os-specific/linux/libnl/3.2.19.nix { }; - linuxHeaders = linuxHeaders37; - linuxConsoleTools = callPackage ../os-specific/linux/consoletools { }; - linuxHeaders26 = callPackage ../os-specific/linux/kernel-headers/2.6.32.nix { }; + linuxHeaders = linuxHeaders37; - linuxHeaders37 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { }; + linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix { + inherit stdenv fetchurl perl; + cross = assert crossSystem != null; crossSystem; + }); linuxHeaders26Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.6.32.nix { inherit stdenv fetchurl perl; cross = assert crossSystem != null; crossSystem; }); - linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix { - inherit stdenv fetchurl perl; - cross = assert crossSystem != null; crossSystem; - }); + linuxHeaders37 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { }; # We can choose: linuxHeadersCrossChooser = ver : if ver == "2.4" then linuxHeaders24Cross @@ -6900,8 +6898,6 @@ let linuxHeadersCross = assert crossSystem != null; linuxHeadersCrossChooser crossSystem.platform.kernelMajor; - linuxHeaders_2_6_28 = callPackage ../os-specific/linux/kernel-headers/2.6.28.nix { }; - kernelPatches = callPackage ../os-specific/linux/kernel/patches.nix { }; linux_3_2 = makeOverridable (import ../os-specific/linux/kernel/linux-3.2.nix) { From a37edbbb636d0332592fa8c70e78496c988b49d1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 15 Apr 2014 16:59:19 +0200 Subject: [PATCH 03/94] linux-headers: Add 3.14 --- .../os-specific/linux/kernel-headers/3.14.nix | 71 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 6 +- 2 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 pkgs/os-specific/linux/kernel-headers/3.14.nix diff --git a/pkgs/os-specific/linux/kernel-headers/3.14.nix b/pkgs/os-specific/linux/kernel-headers/3.14.nix new file mode 100644 index 000000000000..d9d0ce7e3b3d --- /dev/null +++ b/pkgs/os-specific/linux/kernel-headers/3.14.nix @@ -0,0 +1,71 @@ +{ stdenv, fetchurl, perl, cross ? null }: + +assert cross == null -> stdenv.isLinux; + +let + + version = "3.14.1"; + + kernelHeadersBaseConfig = + if cross == null + then stdenv.platform.kernelHeadersBaseConfig + else cross.platform.kernelHeadersBaseConfig; + +in + +stdenv.mkDerivation { + name = "linux-headers-${version}"; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; + sha256 = "1njm8gvlj7cq0m1051yxszl4f63383a7sv1na13hkqkv36kipgqx"; + }; + + targetConfig = if cross != null then cross.config else null; + + platform = + if cross != null then cross.platform.kernelArch else + if stdenv.system == "i686-linux" then "i386" else + if stdenv.system == "x86_64-linux" then "x86_64" else + if stdenv.system == "powerpc-linux" then "powerpc" else + if stdenv.isArm then "arm" else + if stdenv.platform ? kernelArch then stdenv.platform.kernelArch else + abort "don't know what the kernel include directory is called for this platform"; + + buildInputs = [perl]; + + extraIncludeDirs = + if cross != null then + (if cross.arch == "powerpc" then ["ppc"] else []) + else if stdenv.system == "powerpc-linux" then ["ppc"] else []; + + buildPhase = '' + if test -n "$targetConfig"; then + export ARCH=$platform + fi + make ${kernelHeadersBaseConfig} SHELL=bash + make mrproper headers_check SHELL=bash + ''; + + installPhase = '' + make INSTALL_HDR_PATH=$out headers_install + + # Some builds (e.g. KVM) want a kernel.release. + mkdir -p $out/include/config + echo "${version}-default" > $out/include/config/kernel.release + ''; + + # !!! hacky + fixupPhase = '' + ln -s asm $out/include/asm-$platform + if test "$platform" = "i386" -o "$platform" = "x86_64"; then + ln -s asm $out/include/asm-x86 + fi + ''; + + meta = with stdenv.lib; { + description = "Header files and scripts for Linux kernel"; + license = licenses.gpl2; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f5977e400f4a..9c37e0009deb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6876,7 +6876,7 @@ let linuxConsoleTools = callPackage ../os-specific/linux/consoletools { }; - linuxHeaders = linuxHeaders37; + linuxHeaders = linuxHeaders_3_7; linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix { inherit stdenv fetchurl perl; @@ -6888,7 +6888,9 @@ let cross = assert crossSystem != null; crossSystem; }); - linuxHeaders37 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { }; + linuxHeaders_3_7 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { }; + + linuxHeaders_3_14 = callPackage ../os-specific/linux/kernel-headers/3.14.nix { }; # We can choose: linuxHeadersCrossChooser = ver : if ver == "2.4" then linuxHeaders24Cross From 07cb7451d95a290a44c5b00d192c87333960b87f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 15 Apr 2014 18:02:07 +0200 Subject: [PATCH 04/94] lvm2: Update to 2.02.106 --- pkgs/os-specific/linux/lvm2/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/lvm2/default.nix b/pkgs/os-specific/linux/lvm2/default.nix index bd748dadf616..9e2b0c900794 100644 --- a/pkgs/os-specific/linux/lvm2/default.nix +++ b/pkgs/os-specific/linux/lvm2/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, pkgconfig, udev, utillinux, coreutils }: let - v = "2.02.104"; + v = "2.02.106"; in stdenv.mkDerivation { @@ -9,7 +9,7 @@ stdenv.mkDerivation { src = fetchurl { url = "ftp://sources.redhat.com/pub/lvm2/releases/LVM2.${v}.tgz"; - sha256 = "1xa7hvp8bsx96nncgksxrqxaqcgipfmmpr8aysayb8aisyjvas0d"; + sha256 = "0nr833bl0q4zq52drjxmmpf7bs6kqxwa5kahwwxm9411khkxz0vc"; }; configureFlags = @@ -29,6 +29,8 @@ stdenv.mkDerivation { sed -i /DEFAULT_PROFILE_DIR/d conf/Makefile.in ''; + enableParallelBuilding = true; + #patches = [ ./purity.patch ]; # To prevent make install from failing. From e8eea659a09d7688145188537716dc751554ece4 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 15 Apr 2014 23:43:39 +0200 Subject: [PATCH 05/94] Don't enable LVM2 in containers It's a somewhat pointless dependency. --- nixos/modules/tasks/lvm.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/modules/tasks/lvm.nix b/nixos/modules/tasks/lvm.nix index 0e0272388c76..d56a8a2f63a8 100644 --- a/nixos/modules/tasks/lvm.nix +++ b/nixos/modules/tasks/lvm.nix @@ -1,10 +1,12 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +with lib; { ###### implementation - config = { + config = mkIf (!config.boot.isContainer) { environment.systemPackages = [ pkgs.lvm2 ]; From ee9c068b0cd82422ad95c20446d66b5d98869f8b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 00:59:26 +0200 Subject: [PATCH 06/94] systemd: Update to 212 Note that systemd no longer depends on dbus, so we're rid of the cyclic dependency problem between systemd and dbus. This commit incorporates from wkennington's systemd branch (203dcff45002a63f6be75c65f1017021318cc839, 1f842558a95947261ece66f707bfa24faf5a9d88). --- nixos/modules/system/boot/systemd.nix | 53 +- pkgs/development/libraries/dbus/default.nix | 23 +- pkgs/os-specific/linux/systemd/default.nix | 51 +- .../systemd/fix_console_in_containers.patch | 14 - pkgs/os-specific/linux/systemd/fixes.patch | 717 ++---------------- .../linux/systemd/libc-bug-accept4-arm.patch | 81 -- pkgs/top-level/all-packages.nix | 4 +- 7 files changed, 126 insertions(+), 817 deletions(-) delete mode 100644 pkgs/os-specific/linux/systemd/fix_console_in_containers.patch delete mode 100644 pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 3582694a1811..7d5283489184 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -41,6 +41,7 @@ let "sigpwr.target" "timers.target" "paths.target" + "rpcbind.target" # Rescue mode. "rescue.target" @@ -91,10 +92,14 @@ let "swap.target" "dev-hugepages.mount" "dev-mqueue.mount" + "proc-sys-fs-binfmt_misc.mount" "sys-fs-fuse-connections.mount" "sys-kernel-config.mount" "sys-kernel-debug.mount" + # Maintaining state across reboots. + "systemd-random-seed.service" + # Hibernate / suspend. "hibernate.target" "suspend.target" @@ -119,12 +124,21 @@ let "final.target" "kexec.target" "systemd-kexec.service" + "systemd-update-utmp.service" # Password entry. "systemd-ask-password-console.path" "systemd-ask-password-console.service" "systemd-ask-password-wall.path" "systemd-ask-password-wall.service" + + # Slices / containers. + "slices.target" + "-.slice" + "system.slice" + "user.slice" + "machine.slice" + "systemd-machined.service" ] ++ optionals cfg.enableEmergencyMode [ @@ -143,7 +157,6 @@ let "sockets.target.wants" "local-fs.target.wants" "multi-user.target.wants" - "shutdown.target.wants" "timers.target.wants" ]; @@ -708,43 +721,5 @@ in }) (filterAttrs (name: service: service.startAt != "") cfg.services); - # FIXME: These are borrowed from upstream systemd. - systemd.services."systemd-update-utmp" = - { description = "Update UTMP about System Reboot/Shutdown"; - wantedBy = [ "sysinit.target" ]; - after = [ "systemd-remount-fs.service" ]; - before = [ "sysinit.target" "shutdown.target" ]; - conflicts = [ "shutdown.target" ]; - unitConfig = { - DefaultDependencies = false; - RequiresMountsFor = "/var/log"; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${systemd}/lib/systemd/systemd-update-utmp reboot"; - ExecStop = "${systemd}/lib/systemd/systemd-update-utmp shutdown"; - }; - restartIfChanged = false; - }; - - systemd.services."systemd-random-seed" = - { description = "Load/Save Random Seed"; - wantedBy = [ "sysinit.target" "multi-user.target" ]; - after = [ "systemd-remount-fs.service" ]; - before = [ "sysinit.target" "shutdown.target" ]; - conflicts = [ "shutdown.target" ]; - unitConfig = { - DefaultDependencies = false; - RequiresMountsFor = "/var/lib"; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${systemd}/lib/systemd/systemd-random-seed load"; - ExecStop = "${systemd}/lib/systemd/systemd-random-seed save"; - }; - }; - }; } diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix index 11ad2014663a..ff1c9f76cd07 100644 --- a/pkgs/development/libraries/dbus/default.nix +++ b/pkgs/development/libraries/dbus/default.nix @@ -67,14 +67,12 @@ let } merge ]); - libs = dbus_drv "libs" "dbus" ({ + libs = dbus_drv "libs" "dbus" { # Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11 # (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands. NIX_CFLAGS_COMPILE = "-DDBUS_ENABLE_X11_AUTOLAUNCH=1"; - } // stdenv.lib.optionalAttrs (systemdOrEmpty != []) { - buildInputs = [ systemd.headers ]; - patches = [ ./systemd.patch ]; # bypass systemd detection - }); + buildInputs = [ systemdOrEmpty ]; + }; attrs = rec { @@ -83,14 +81,13 @@ let # This package has been split because most applications only need dbus.lib # which serves as an interface to a *system-wide* daemon, # see e.g. http://en.wikipedia.org/wiki/D-Bus#Architecture . - # Also some circular dependencies get split by this (like with systemd). inherit libs; tools = dbus_drv "tools" "tools" { configureFlags = [ "--with-dbus-daemondir=${daemon}/bin" ]; - buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon dbus_glib ]; - NIX_CFLAGS_LINK = + buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon ]; + NIX_CFLAGS_LINK = stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed " + "-ldbus-1"; @@ -102,16 +99,6 @@ let buildInputs = systemdOrEmpty; }; - # Some of the tests don't work yet; in fact, @vcunat tried several packages - # containing dbus testing, and all of them have some test failure. - tests = dbus_drv "tests" "test" { - preBuild = makeInternalLib; - buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs tools daemon dbus_glib python ]; - NIX_CFLAGS_LINK = - stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed " - + "-ldbus-1"; - }; - docs = dbus_drv "docs" "doc" { postInstall = ''rm -r "$out/lib"''; }; diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 0afaf7b03703..e48c875d6f92 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod , xz, pam, acl, cryptsetup, libuuid, m4, utillinux , glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl -, kexectools, libmicrohttpd +, kexectools, libmicrohttpd, linuxHeaders , python ? null, pythonSupport ? false }: @@ -10,26 +10,24 @@ assert stdenv.isLinux; assert pythonSupport -> python != null; stdenv.mkDerivation rec { - version = "203"; + version = "212"; name = "systemd-${version}"; src = fetchurl { url = "http://www.freedesktop.org/software/systemd/${name}.tar.xz"; - sha256 = "07gvn3rpski8sh1nz16npjf2bvj0spsjdwc5px9685g2pi6kxcb1"; + sha256 = "1hpjcc42svrs06q3isjm3m5aphgkpfdylmvpnif71zh46ys0cab5"; }; patches = [ # These are all changes between upstream and - # https://github.com/edolstra/systemd/tree/nixos-v203. + # https://github.com/edolstra/systemd/tree/nixos-v212. ./fixes.patch - ./fix_console_in_containers.patch - ] - ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch; + ]; buildInputs = - [ pkgconfig intltool gperf libcap dbus.libs kmod xz pam acl + [ pkgconfig intltool gperf libcap kmod xz pam acl /* cryptsetup */ libuuid m4 glib libxslt libgcrypt docbook_xsl - libmicrohttpd + libmicrohttpd linuxHeaders ] ++ stdenv.lib.optional pythonSupport python; configureFlags = @@ -45,15 +43,18 @@ stdenv.mkDerivation rec { "--with-dbussessionservicedir=$(out)/share/dbus-1/services" "--with-firmware-path=/root/test-firmware:/run/current-system/firmware" "--with-tty-gid=3" # tty in NixOS has gid 3 + "--disable-networkd" # enable/use eventually + "--enable-compat-libs" # get rid of this eventually ]; preConfigure = '' # FIXME: patch this in systemd properly (and send upstream). # FIXME: use sulogin from util-linux once updated. - for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c; do + for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c; do test -e $i substituteInPlace $i \ + --replace /usr/bin/getent ${stdenv.glibc}/bin/getent \ --replace /bin/mount ${utillinux}/bin/mount \ --replace /bin/umount ${utillinux}/bin/umount \ --replace /sbin/swapon ${utillinux}/sbin/swapon \ @@ -69,6 +70,10 @@ stdenv.mkDerivation rec { --replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/ ''; + # This is needed because systemd uses the gold linker, which doesn't + # yet have the wrapper script to add rpath flags automatically. + NIX_LDFLAGS = "-rpath ${pam}/lib -rpath ${libcap}/lib -rpath ${acl}/lib"; + PYTHON_BINARY = "${coreutils}/bin/env python"; # don't want a build time dependency on Python NIX_CFLAGS_COMPILE = @@ -77,10 +82,6 @@ stdenv.mkDerivation rec { "-UPOLKIT_AGENT_BINARY_PATH" "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\"" "-fno-stack-protector" - # Work around our kernel headers being too old. FIXME: remove - # this after the next stdenv update. - "-DFS_NOCOW_FL=0x00800000" - # Set the release_agent on /sys/fs/cgroup/systemd to the # currently running systemd (/run/current-system/systemd) so # that we don't use an obsolete/garbage-collected release agent. @@ -94,7 +95,12 @@ stdenv.mkDerivation rec { # /var is mounted. makeFlags = "hwdb_bin=/var/lib/udev/hwdb.bin"; - installFlags = "localstatedir=$(TMPDIR)/var sysconfdir=$(out)/etc sysvinitdir=$(TMPDIR)/etc/init.d"; + installFlags = + [ "localstatedir=$(TMPDIR)/var" + "sysconfdir=$(out)/etc" + "sysvinitdir=$(TMPDIR)/etc/init.d" + "pamconfdir=$(out)/etc/pam.d" + ]; # Get rid of configuration-specific data. postInstall = @@ -103,6 +109,8 @@ stdenv.mkDerivation rec { mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example mv $out/lib/systemd/{system,user} $out/example/systemd + rm -rf $out/etc/systemd/system + # Install SysV compatibility commands. mkdir -p $out/sbin ln -s $out/lib/systemd/systemd $out/sbin/telinit @@ -128,19 +136,6 @@ stdenv.mkDerivation rec { # runtime; otherwise we can't and we need to reboot. passthru.interfaceVersion = 2; - passthru.headers = stdenv.mkDerivation { - name = "systemd-headers-${version}"; - inherit src; - - phases = [ "unpackPhase" "installPhase" ]; - - # some are needed by dbus.libs, which is needed for systemd :-) - installPhase = '' - mkdir -p "$out/include/systemd" - mv src/systemd/*.h "$out/include/systemd" - ''; - }; - meta = { homepage = "http://www.freedesktop.org/wiki/Software/systemd"; description = "A system and service manager for Linux"; diff --git a/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch b/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch deleted file mode 100644 index 005c00282020..000000000000 --- a/pkgs/os-specific/linux/systemd/fix_console_in_containers.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -ruN systemd-203/units/getty@.service.m4 systemd-203-patched/units/getty@.service.m4 ---- systemd-203/units/getty@.service.m4 2013-01-07 22:50:49.083315575 +0100 -+++ systemd-203-patched/units/getty@.service.m4 2014-03-18 09:54:40.002476232 +0100 -@@ -23,7 +23,9 @@ - # On systems without virtual consoles, don't start any getty. (Note - # that serial gettys are covered by serial-getty@.service, not this - # unit --ConditionPathExists=/dev/tty0 -+ConditionPathExists=|/dev/tty0 -+ConditionVirtualization=|lxc -+ConditionVirtualization=|lxc-libvirt - - [Service] - # the VT is cleared by TTYVTDisallocate diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 0ad420cd35cc..5ef248dc75d9 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -1,144 +1,23 @@ -diff --git a/man/systemd.special.xml b/man/systemd.special.xml -index 7164b1e..29401eb 100644 ---- a/man/systemd.special.xml -+++ b/man/systemd.special.xml -@@ -381,7 +381,7 @@ - this unit during - installation. This is best - configured via -- WantedBy=multi-uer.target -+ WantedBy=multi-user.target - in the unit's - [Install] - section. -diff --git a/rules/80-net-name-slot.rules b/rules/80-net-name-slot.rules -index 15b5bc4..c5f1b38 100644 ---- a/rules/80-net-name-slot.rules -+++ b/rules/80-net-name-slot.rules -@@ -1,6 +1,6 @@ - # do not edit this file, it will be overwritten on update - --ACTION=="remove", GOTO="net_name_slot_end" -+ACTION!="add", GOTO="net_name_slot_end" - SUBSYSTEM!="net", GOTO="net_name_slot_end" - NAME!="", GOTO="net_name_slot_end" - diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in -index d17bdd9..040b10e 100644 +index db72373..2fc12ca 100644 --- a/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in @@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd" - SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd" - SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" + SUBSYSTEM=="block", KERNEL!="ram*", TAG+="systemd" + SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" -# Ignore encrypted devices with no identified superblock on it, since -# we are probably still calling mke2fs or mkswap on it. --SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" +-SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" - # Ignore raid devices that are not yet assembled and started SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0" -diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c -index 82b02bb..7df9d01 100644 ---- a/src/core/cgroup-semantics.c -+++ b/src/core/cgroup-semantics.c -@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) { - } - - static const CGroupSemantics semantics[] = { -- { "cpu", "cpu.shares", "CPUShare", false, parse_cpu_shares, NULL, NULL }, -+ { "cpu", "cpu.shares", "CPUShares", false, parse_cpu_shares, NULL, NULL }, - { "memory", "memory.soft_limit_in_bytes", "MemorySoftLimit", false, parse_memory_limit, NULL, NULL }, - { "memory", "memory.limit_in_bytes", "MemoryLimit", false, parse_memory_limit, NULL, NULL }, - { "devices", "devices.allow", "DeviceAllow", true, parse_device, map_device, NULL }, -diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h -index 91d70e5..698102f 100644 ---- a/src/core/dbus-execute.h -+++ b/src/core/dbus-execute.h -@@ -63,7 +63,7 @@ - " \n" \ - " \n" \ - " \n" \ -- " \n" \ -+ " \n" \ - " \n" \ - " \n" \ - " \n" \ -diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 56b02a1..2b6d799 100644 ---- a/src/core/dbus-manager.c -+++ b/src/core/dbus-manager.c -@@ -1550,7 +1550,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection, - _cleanup_strv_free_ char **l = NULL; - char **e = NULL; - -- SELINUX_ACCESS_CHECK(connection, message, "reboot"); -+ SELINUX_ACCESS_CHECK(connection, message, "reload"); - - r = bus_parse_strv(message, &l); - if (r == -ENOMEM) -@@ -1577,7 +1577,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection, - _cleanup_strv_free_ char **l = NULL; - char **e = NULL; - -- SELINUX_ACCESS_CHECK(connection, message, "reboot"); -+ SELINUX_ACCESS_CHECK(connection, message, "reload"); - - r = bus_parse_strv(message, &l); - if (r == -ENOMEM) -@@ -1605,7 +1605,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection, - char **f = NULL; - DBusMessageIter iter; - -- SELINUX_ACCESS_CHECK(connection, message, "reboot"); -+ SELINUX_ACCESS_CHECK(connection, message, "reload"); - - if (!dbus_message_iter_init(message, &iter)) - goto oom; -diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c -index 2e99fba..e72749a 100644 ---- a/src/core/dbus-swap.c -+++ b/src/core/dbus-swap.c -@@ -93,6 +93,7 @@ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_swap_append_swap_result, swap_result, - static const BusProperty bus_swap_properties[] = { - { "What", bus_property_append_string, "s", offsetof(Swap, what), true }, - { "Priority", bus_swap_append_priority, "i", 0 }, -+ { "TimeoutUSec",bus_property_append_usec, "t", offsetof(Swap, timeout_usec)}, - BUS_EXEC_COMMAND_PROPERTY("ExecActivate", offsetof(Swap, exec_command[SWAP_EXEC_ACTIVATE]), false), - BUS_EXEC_COMMAND_PROPERTY("ExecDeactivate", offsetof(Swap, exec_command[SWAP_EXEC_DEACTIVATE]), false), - { "ControlPID", bus_property_append_pid, "u", offsetof(Swap, control_pid) }, diff --git a/src/core/main.c b/src/core/main.c -index 7fc06be..101ce79 100644 +index 41605ee..8517369 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -1590,14 +1590,14 @@ int main(int argc, char *argv[]) { - log_error("Failed to adjust timer slack: %m"); - - if (arg_capability_bounding_set_drop) { -- r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true); -+ r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop); - if (r < 0) { -- log_error("Failed to drop capability bounding set: %s", strerror(-r)); -+ log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r)); - goto finish; - } -- r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop); -+ r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true); - if (r < 0) { -- log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r)); -+ log_error("Failed to drop capability bounding set: %s", strerror(-r)); - goto finish; - } - } -@@ -1650,6 +1650,7 @@ int main(int argc, char *argv[]) { - /* This will close all file descriptors that were opened, but - * not claimed by any unit. */ - fdset_free(fds); -+ fds = NULL; - - if (serialization) { - fclose(serialization); -@@ -1857,7 +1858,7 @@ finish: +@@ -1883,7 +1883,7 @@ finish: char_array_0(sfd); i = 0; @@ -147,69 +26,11 @@ index 7fc06be..101ce79 100644 if (switch_root_dir) args[i++] = "--switched-root"; args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; -diff --git a/src/core/manager.c b/src/core/manager.c -index c7f8f20..0508628 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) { - - case SIGINT: - if (m->running_as == SYSTEMD_SYSTEM) { -- manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE); -+ manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY); - break; - } - -diff --git a/src/core/service.c b/src/core/service.c -index 3617c24..4d0e2ad 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -2642,6 +2642,9 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) { - if (s->exec_context.var_tmp_dir) - unit_serialize_item(u, f, "var-tmp-dir", s->exec_context.var_tmp_dir); - -+ if (s->forbid_restart) -+ unit_serialize_item(u, f, "forbid-restart", yes_no(s->forbid_restart)); -+ - return 0; - } - -@@ -2776,6 +2779,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value, - return log_oom(); - - s->exec_context.var_tmp_dir = t; -+ } else if (streq(key, "forbid-restart")) { -+ int b; -+ -+ b = parse_boolean(value); -+ if (b < 0) -+ log_debug_unit(u->id, "Failed to parse forbid-restart value %s", value); -+ else -+ s->forbid_restart = b; - } else - log_debug_unit(u->id, "Unknown serialization key '%s'", key); - -diff --git a/src/core/snapshot.c b/src/core/snapshot.c -index a63eccd..a6807eb 100644 ---- a/src/core/snapshot.c -+++ b/src/core/snapshot.c -@@ -217,8 +217,10 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn - if (asprintf(&n, "snapshot-%u.snapshot", ++ m->n_snapshots) < 0) - return -ENOMEM; - -- if (!manager_get_unit(m, n)) -+ if (!manager_get_unit(m, n)) { -+ name = n; - break; -+ } - - free(n); - } diff --git a/src/core/umount.c b/src/core/umount.c -index 1e95ad7..9f0e471 100644 +index d1258f0..0311812 100644 --- a/src/core/umount.c +++ b/src/core/umount.c -@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e +@@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e * anyway, since we are running from it. They have * already been remounted ro. */ if (path_equal(m->path, "/") @@ -218,285 +39,11 @@ index 1e95ad7..9f0e471 100644 #ifndef HAVE_SPLIT_USR || path_equal(m->path, "/usr") #endif -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index 81b7708..edd0b40 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -111,6 +111,7 @@ static int create_disk( - "Conflicts=umount.target\n" - "DefaultDependencies=no\n" - "BindsTo=dev-mapper-%i.device\n" -+ "IgnoreOnIsolate=true\n" - "After=systemd-readahead-collect.service systemd-readahead-replay.service\n", - f); - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index c17299f..6b3e67e 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -351,7 +351,7 @@ static int add_mount( - - if (automount && !path_equal(where, "/")) { - automount_name = unit_name_from_path(where, ".automount"); -- if (!name) -+ if (!automount_name) - return log_oom(); - - automount_unit = strjoin(arg_dest, "/", automount_name, NULL); -@@ -596,9 +596,9 @@ static int parse_proc_cmdline(void) { - } else if (startswith(word, "rd.fstab=")) { - - if (in_initrd()) { -- r = parse_boolean(word + 6); -+ r = parse_boolean(word + 9); - if (r < 0) -- log_warning("Failed to parse fstab switch %s. Ignoring.", word + 6); -+ log_warning("Failed to parse fstab switch %s. Ignoring.", word + 9); - else - arg_enabled = r; - } -diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c -index 38499a6..bb80905 100644 ---- a/src/journal/journal-file.c -+++ b/src/journal/journal-file.c -@@ -907,6 +907,8 @@ static int journal_file_append_field( - - osize = offsetof(Object, field.payload) + size; - r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p); -+ if (r < 0) -+ return r; - - o->field.hash = htole64(hash); - memcpy(o->field.payload, field, size); -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index 88163c0..e09ba4c 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -333,8 +333,10 @@ void server_rotate(Server *s) { - if (r < 0) - if (f) - log_error("Failed to rotate %s: %s", f->path, strerror(-r)); -- else -+ else { - log_error("Failed to create user journal: %s", strerror(-r)); -+ hashmap_remove(s->user_journals, k); -+ } - else { - hashmap_replace(s->user_journals, k, f); - server_fix_perms(s, f, PTR_TO_UINT32(k)); -@@ -975,7 +977,8 @@ int process_event(Server *s, struct epoll_event *ev) { - ssize_t n; - - if (ev->events != EPOLLIN) { -- log_error("Got invalid event from epoll."); -+ log_error("Got invalid event from epoll for %s: %"PRIx32, -+ "signal fd", ev->events); - return -EIO; - } - -@@ -1024,8 +1027,12 @@ int process_event(Server *s, struct epoll_event *ev) { - } else if (ev->data.fd == s->dev_kmsg_fd) { - int r; - -- if (ev->events != EPOLLIN) { -- log_error("Got invalid event from epoll."); -+ if (ev->events & EPOLLERR) -+ log_warning("/dev/kmsg buffer overrun, some messages lost."); -+ -+ if (!(ev->events & EPOLLIN)) { -+ log_error("Got invalid event from epoll for %s: %"PRIx32, -+ "/dev/kmsg", ev->events); - return -EIO; - } - -@@ -1039,7 +1046,9 @@ int process_event(Server *s, struct epoll_event *ev) { - ev->data.fd == s->syslog_fd) { - - if (ev->events != EPOLLIN) { -- log_error("Got invalid event from epoll."); -+ log_error("Got invalid event from epoll for %s: %"PRIx32, -+ ev->data.fd == s->native_fd ? "native fd" : "syslog fd", -+ ev->events); - return -EIO; - } - -@@ -1140,12 +1149,7 @@ int process_event(Server *s, struct epoll_event *ev) { - char *e; - - if (n > 0 && n_fds == 0) { -- e = memchr(s->buffer, '\n', n); -- if (e) -- *e = 0; -- else -- s->buffer[n] = 0; -- -+ s->buffer[n] = 0; - server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len); - } else if (n_fds > 0) - log_warning("Got file descriptors via syslog socket. Ignoring."); -@@ -1167,7 +1171,8 @@ int process_event(Server *s, struct epoll_event *ev) { - } else if (ev->data.fd == s->stdout_fd) { - - if (ev->events != EPOLLIN) { -- log_error("Got invalid event from epoll."); -+ log_error("Got invalid event from epoll for %s: %"PRIx32, -+ "stdout fd", ev->events); - return -EIO; - } - -@@ -1178,6 +1183,8 @@ int process_event(Server *s, struct epoll_event *ev) { - StdoutStream *stream; - - if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) { -+ log_error("Got invalid event from epoll for %s: %"PRIx32, -+ "stdout stream", ev->events); - log_error("Got invalid event from epoll."); - return -EIO; - } -diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c -index 54bf114..bd197d0 100644 ---- a/src/journal/mmap-cache.c -+++ b/src/journal/mmap-cache.c -@@ -308,9 +308,13 @@ static void mmap_cache_free(MMapCache *m) { - while ((c = hashmap_first(m->contexts))) - context_free(c); - -+ hashmap_free(m->contexts); -+ - while ((f = hashmap_first(m->fds))) - fd_free(f); - -+ hashmap_free(m->fds); -+ - while (m->unused) - window_free(m->unused); - -diff --git a/src/libsystemd-bus/bus-internal.c b/src/libsystemd-bus/bus-internal.c -index 0e66f3d..cac948e 100644 ---- a/src/libsystemd-bus/bus-internal.c -+++ b/src/libsystemd-bus/bus-internal.c -@@ -63,7 +63,7 @@ bool object_path_is_valid(const char *p) { - - bool interface_name_is_valid(const char *p) { - const char *q; -- bool dot, found_dot; -+ bool dot, found_dot = false; - - if (isempty(p)) - return false; -@@ -103,7 +103,7 @@ bool interface_name_is_valid(const char *p) { - - bool service_name_is_valid(const char *p) { - const char *q; -- bool dot, found_dot, unique; -+ bool dot, found_dot = false, unique; - - if (isempty(p)) - return false; -diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c -index 7d6d848..b0eb2f1 100644 ---- a/src/libsystemd-bus/sd-bus.c -+++ b/src/libsystemd-bus/sd-bus.c -@@ -1088,11 +1088,11 @@ static int dispatch_rqueue(sd_bus *bus, sd_bus_message **m) { - if (r == 0) - return ret; - -- r = 1; -+ ret = 1; - } while (!z); - - *m = z; -- return 1; -+ return ret; - } - - int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) { -diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c -index 5ccaabd..100c1fb 100644 ---- a/src/libudev/libudev-enumerate.c -+++ b/src/libudev/libudev-enumerate.c -@@ -299,7 +299,7 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume - /* skip to be delayed devices, and move the to - * the point where the prefix changes. We can - * only move one item at a time. */ -- if (!move_later) { -+ if (move_later == -1) { - move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath); - - if (move_later_prefix > 0) { -@@ -718,6 +718,8 @@ static bool match_subsystem(struct udev_enumerate *udev_enumerate, const char *s - { - struct udev_list_entry *list_entry; - -+ subsystem = subsystem ? : ""; -+ - udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_enumerate->subsystem_nomatch_list)) { - if (fnmatch(udev_list_entry_get_name(list_entry), subsystem, 0) == 0) - return false; -@@ -826,23 +828,27 @@ nomatch: - static int parent_add_child(struct udev_enumerate *enumerate, const char *path) - { - struct udev_device *dev; -+ int r = 0; - - dev = udev_device_new_from_syspath(enumerate->udev, path); - if (dev == NULL) - return -ENODEV; - - if (!match_subsystem(enumerate, udev_device_get_subsystem(dev))) -- return 0; -+ goto nomatch; - if (!match_sysname(enumerate, udev_device_get_sysname(dev))) -- return 0; -+ goto nomatch; - if (!match_property(enumerate, dev)) -- return 0; -+ goto nomatch; - if (!match_sysattr(enumerate, dev)) -- return 0; -+ goto nomatch; - - syspath_add(enumerate, udev_device_get_syspath(dev)); -+ r = 1; -+ -+nomatch: - udev_device_unref(dev); -- return 1; -+ return r; - } - - static int parent_crawl_children(struct udev_enumerate *enumerate, const char *path, int maxdepth) -diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym -index 8e09430..1e6f885 100644 ---- a/src/libudev/libudev.sym -+++ b/src/libudev/libudev.sym -@@ -109,5 +109,6 @@ global: - } LIBUDEV_189; - - LIBUDEV_199 { -+global: - udev_device_set_sysattr_value; - } LIBUDEV_196; -diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c -index 7b19ee0..49ee420 100644 ---- a/src/modules-load/modules-load.c -+++ b/src/modules-load/modules-load.c -@@ -302,8 +302,8 @@ int main(int argc, char *argv[]) { - - STRV_FOREACH(i, arg_proc_cmdline_modules) { - k = load_module(ctx, *i); -- if (k < 0) -- r = EXIT_FAILURE; -+ if (k < 0 && r == 0) -+ r = k; - } - - r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs); diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c -index b1ef912..4f2ab5c 100644 +index d61ecdf..228a3a4 100644 --- a/src/nss-myhostname/netlink.c +++ b/src/nss-myhostname/netlink.c -@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) { +@@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) { ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE) continue; @@ -507,174 +54,21 @@ index b1ef912..4f2ab5c 100644 if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED) continue; -diff --git a/src/shared/efivars.c b/src/shared/efivars.c -index 8d004ba..99340c9 100644 ---- a/src/shared/efivars.c -+++ b/src/shared/efivars.c -@@ -383,7 +383,8 @@ int efi_get_boot_options(uint16_t **options) { - list[count ++] = id; - } - -- qsort(list, count, sizeof(uint16_t), cmp_uint16); -+ if (list) -+ qsort(list, count, sizeof(uint16_t), cmp_uint16); - - *options = list; - return count; -diff --git a/src/shared/env-util.c b/src/shared/env-util.c -index 6a52fb9..598222c 100644 ---- a/src/shared/env-util.c -+++ b/src/shared/env-util.c -@@ -406,7 +406,9 @@ char **strv_env_clean_log(char **e, const char *message) { - e[k++] = *p; - } - -- e[k] = NULL; -+ if (e) -+ e[k] = NULL; -+ - return e; - } - -diff --git a/src/shared/log.c b/src/shared/log.c -index 27317f7..8f4995a 100644 ---- a/src/shared/log.c -+++ b/src/shared/log.c -@@ -115,16 +115,20 @@ void log_close_syslog(void) { - - static int create_log_socket(int type) { - int fd; -+ struct timeval tv; - -- /* All output to the syslog/journal fds we do asynchronously, -- * and if the buffers are full we just drop the messages */ -- -- fd = socket(AF_UNIX, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); -+ fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0); - if (fd < 0) - return -errno; - - fd_inc_sndbuf(fd, SNDBUF_SIZE); - -+ /* We need a blocking fd here since we'd otherwise lose -+ messages way too early. However, let's not hang forever in the -+ unlikely case of a deadlock. */ -+ timeval_store(&tv, 1*USEC_PER_MINUTE); -+ setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); -+ - return fd; - } - -diff --git a/src/shared/polkit.c b/src/shared/polkit.c -index cea7074..1c5e9e3 100644 ---- a/src/shared/polkit.c -+++ b/src/shared/polkit.c -@@ -38,12 +38,8 @@ int verify_polkit( - - #ifdef ENABLE_POLKIT - DBusMessage *m = NULL, *reply = NULL; -- const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = ""; -+ const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = ""; - uint32_t flags = interactive ? 1 : 0; -- pid_t pid_raw; -- uint32_t pid_u32; -- unsigned long long starttime_raw; -- uint64_t starttime_u64; - DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant; - int r; - dbus_bool_t authorized = FALSE, challenge = FALSE; -@@ -68,14 +64,6 @@ int verify_polkit( - - #ifdef ENABLE_POLKIT - -- pid_raw = bus_get_unix_process_id(c, sender, error); -- if (pid_raw == 0) -- return -EINVAL; -- -- r = get_starttime_of_pid(pid_raw, &starttime_raw); -- if (r < 0) -- return r; -- - m = dbus_message_new_method_call( - "org.freedesktop.PolicyKit1", - "/org/freedesktop/PolicyKit1/Authority", -@@ -86,22 +74,13 @@ int verify_polkit( - - dbus_message_iter_init_append(m, &iter_msg); - -- pid_u32 = (uint32_t) pid_raw; -- starttime_u64 = (uint64_t) starttime_raw; -- - if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) || -- !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) || -+ !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) || - !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) || - !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) || -- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) || -- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) || -- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) || -- !dbus_message_iter_close_container(&iter_dict, &iter_variant) || -- !dbus_message_iter_close_container(&iter_array, &iter_dict) || -- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) || -- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) || -- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) || -- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) || -+ !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) || -+ !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) || -+ !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) || - !dbus_message_iter_close_container(&iter_dict, &iter_variant) || - !dbus_message_iter_close_container(&iter_array, &iter_dict) || - !dbus_message_iter_close_container(&iter_struct, &iter_array) || diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 3cca861..f6052dd 100644 +index 0887bc3..6b502ce 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c -@@ -1482,7 +1482,7 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me - - } else if (dbus_message_is_signal(message, "org.freedesktop.systemd1.Manager", "JobRemoved")) { - uint32_t id; -- const char *path, *result, *unit; -+ const char *path, *result, *unit, *r; - - if (dbus_message_get_args(message, &error, - DBUS_TYPE_UINT32, &id, -@@ -1491,7 +1491,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me - DBUS_TYPE_STRING, &result, - DBUS_TYPE_INVALID)) { - -- free(set_remove(d->set, (char*) path)); -+ r = set_remove(d->set, (char*) path); -+ if (!r) -+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -+ -+ free(r); - - if (!isempty(result)) - d->result = strdup(result); -@@ -1511,7 +1515,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me - /* Compatibility with older systemd versions < - * 183 during upgrades. This should be dropped - * one day. */ -- free(set_remove(d->set, (char*) path)); -+ r = set_remove(d->set, (char*) path); -+ if (!r) -+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -+ -+ free(r); - - if (*result) - d->result = strdup(result); -@@ -1867,7 +1875,7 @@ static int start_unit_one( - return log_oom(); +@@ -2561,7 +2561,7 @@ static int start_unit_one( + log_debug("Adding %s to the set", p); r = set_consume(s, p); -- if (r < 0) { -+ if (r < 0 && r != -EEXIST) { - log_error("Failed to add path to set."); - return r; - } +- if (r < 0) ++ if (r < 0 && r != -EEXIST) + return log_oom(); + } + diff --git a/units/emergency.service.in b/units/emergency.service.in -index 442f0e0..6b7eafd 100644 +index 94c090f..0d20640 100644 --- a/units/emergency.service.in +++ b/units/emergency.service.in @@ -15,7 +15,6 @@ Before=shutdown.target @@ -685,30 +79,45 @@ index 442f0e0..6b7eafd 100644 ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.' ExecStart=-/sbin/sulogin ExecStopPost=@SYSTEMCTL@ --fail --no-block default +diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 +index aa853b8..f76cde0 100644 +--- a/units/getty@.service.m4 ++++ b/units/getty@.service.m4 +@@ -23,7 +23,9 @@ IgnoreOnIsolate=yes + # On systems without virtual consoles, don't start any getty. Note + # that serial gettys are covered by serial-getty@.service, not this + # unit. +-ConditionPathExists=/dev/tty0 ++ConditionPathExists=|/dev/tty0 ++ConditionVirtualization=|lxc ++ConditionVirtualization=|lxc-libvirt + + [Service] + # the VT is cleared by TTYVTDisallocate diff --git a/units/local-fs.target b/units/local-fs.target -index 18c3d74..a09054c 100644 +index ae3cedc..0e36840 100644 --- a/units/local-fs.target +++ b/units/local-fs.target -@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7) - After=local-fs-pre.target +@@ -13,3 +13,5 @@ DefaultDependencies=no + Conflicts=shutdown.target OnFailure=emergency.target - OnFailureIsolate=no + OnFailureJobMode=replace-irreversibly + +X-StopOnReconfiguration=yes diff --git a/units/remote-fs.target b/units/remote-fs.target -index 09213e8..47b4cf5 100644 +index 43ffa5c..156a681 100644 --- a/units/remote-fs.target +++ b/units/remote-fs.target -@@ -10,5 +10,7 @@ Description=Remote File Systems - Documentation=man:systemd.special(7) - After=remote-fs-pre.target +@@ -12,5 +12,7 @@ After=remote-fs-pre.target + DefaultDependencies=no + Conflicts=shutdown.target +X-StopOnReconfiguration=yes + [Install] WantedBy=multi-user.target diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in -index 269797a..2c640f4 100644 +index 552ef89..af3915f 100644 --- a/units/rescue.service.m4.in +++ b/units/rescue.service.m4.in @@ -16,7 +16,6 @@ Before=shutdown.target @@ -731,11 +140,20 @@ index 8f4fb8f..e0f0147 100644 -After=local-fs.target swap.target emergency.service emergency.target +After=emergency.service emergency.target RefuseManualStart=yes +diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in +index e945d87..77728f2 100644 +--- a/units/systemd-backlight@.service.in ++++ b/units/systemd-backlight@.service.in +@@ -19,3 +19,4 @@ Type=oneshot + RemainAfterExit=yes + ExecStart=@rootlibexecdir@/systemd-backlight load %i + ExecStop=@rootlibexecdir@/systemd-backlight save %i ++X-RestartIfChanged=false diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index ab2e50c..9563a7d 100644 +index de93879..c9a49f3 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in -@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C +@@ -25,3 +25,8 @@ WatchdogSec=1min # Increase the default a bit in order to allow many simultaneous # services being run since we keep one fd open per service. LimitNOFILE=16384 @@ -744,6 +162,33 @@ index ab2e50c..9563a7d 100644 +# journald to stop logging (see +# https://bugs.freedesktop.org/show_bug.cgi?id=56043). +X-RestartIfChanged=no +diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in +index 1879b2f..9b895b9 100644 +--- a/units/systemd-random-seed.service.in ++++ b/units/systemd-random-seed.service.in +@@ -19,3 +19,4 @@ Type=oneshot + RemainAfterExit=yes + ExecStart=@rootlibexecdir@/systemd-random-seed load + ExecStop=@rootlibexecdir@/systemd-random-seed save ++X-RestartIfChanged=false +diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill@.service.in +index 9d264a2..c505535 100644 +--- a/units/systemd-rfkill@.service.in ++++ b/units/systemd-rfkill@.service.in +@@ -19,3 +19,4 @@ Type=oneshot + RemainAfterExit=yes + ExecStart=@rootlibexecdir@/systemd-rfkill load %I + ExecStop=@rootlibexecdir@/systemd-rfkill save %I ++X-RestartIfChanged=false +diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in +index da7dda7..4cc550d 100644 +--- a/units/systemd-update-utmp.service.in ++++ b/units/systemd-update-utmp.service.in +@@ -19,3 +19,4 @@ Type=oneshot + RemainAfterExit=yes + ExecStart=@rootlibexecdir@/systemd-update-utmp reboot + ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown ++X-RestartIfChanged=false diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in index 0869e73..b6ed958 100644 --- a/units/systemd-user-sessions.service.in diff --git a/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch b/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch deleted file mode 100644 index 7cde2260189a..000000000000 --- a/pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch +++ /dev/null @@ -1,81 +0,0 @@ -Based on a patch for udev in -nixpkgs(upstart)/pkgs/os-specific/linux/udev/pre-accept4-kernel.patch - -It was taken from: -https://github.com/archlinuxarm/PKGBUILDs/blob/master/core/udev-oxnas/pre-accept4-kernel.patch - -Basically, ARM implemented accept4() only in 2.6.36. Nixpkgs now uses -linux headers from 2.6.35. And the particular nixpkgs glibc version had a bug, -not checking about 2.6.36 for accept4 on arm. - -diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c -index 7b88f74..a9f7b62 100644 ---- a/src/journal/journald-stream.c -+++ b/src/journal/journald-stream.c -@@ -347,10 +347,12 @@ int stdout_stream_new(Server *s) { - int fd, r; - socklen_t len; - struct epoll_event ev; -+ int flgs; - - assert(s); - -- fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC); -+ //fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC); -+ fd = accept(s->stdout_fd, NULL, NULL); - if (fd < 0) { - if (errno == EAGAIN) - return 0; -@@ -359,6 +361,11 @@ int stdout_stream_new(Server *s) { - return -errno; - } - -+ // Since we don't have accept4 -+ flgs = fcntl(fd, F_GETFL, NULL); -+ if(flgs >= 0) fcntl(fd, F_SETFL, flgs | O_NONBLOCK); -+ fcntl(fd, F_SETFD, FD_CLOEXEC); -+ - if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) { - log_warning("Too many stdout streams, refusing connection."); - close_nointr_nofail(fd); -diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c -index a235912..c05e4b4 100644 ---- a/src/udev/udev-ctrl.c -+++ b/src/udev/udev-ctrl.c -@@ -15,6 +15,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -181,6 +182,7 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl) - struct ucred ucred; - socklen_t slen; - const int on = 1; -+ int flgs; - - conn = calloc(1, sizeof(struct udev_ctrl_connection)); - if (conn == NULL) -@@ -188,13 +190,19 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl) - conn->refcount = 1; - conn->uctrl = uctrl; - -- conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK); -+ //conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK); -+ conn->sock = accept(uctrl->sock, NULL, NULL); - if (conn->sock < 0) { - if (errno != EINTR) - log_error("unable to receive ctrl connection: %m\n"); - goto err; - } - -+ // Since we don't have accept4 -+ flgs = fcntl(conn->sock, F_GETFL, NULL); -+ if(flgs >= 0) fcntl(conn->sock, F_SETFL, flgs | O_NONBLOCK); -+ fcntl(conn->sock, F_SETFD, FD_CLOEXEC); -+ - /* check peer credential of connection */ - slen = sizeof(ucred); - if (getsockopt(conn->sock, SOL_SOCKET, SO_PEERCRED, &ucred, &slen) < 0) { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9c37e0009deb..f86cff13ad82 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7263,7 +7263,9 @@ let sysstat = callPackage ../os-specific/linux/sysstat { }; - systemd = callPackage ../os-specific/linux/systemd { }; + systemd = callPackage ../os-specific/linux/systemd { + linuxHeaders = linuxHeaders_3_14; + }; systemtap = callPackage ../development/tools/profiling/systemtap { inherit (gnome) libglademm; From 6ff2521974681c406d36bb5f631261a8b6b8e3dc Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 10 Apr 2014 10:16:30 -0500 Subject: [PATCH 07/94] upstart: Oneshot rules should always have Restart=no --- nixos/modules/system/upstart/upstart.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/system/upstart/upstart.nix b/nixos/modules/system/upstart/upstart.nix index 1ad4885edf58..5c0461304072 100644 --- a/nixos/modules/system/upstart/upstart.nix +++ b/nixos/modules/system/upstart/upstart.nix @@ -93,7 +93,7 @@ let if job.daemonType == "fork" || job.daemonType == "daemon" then { Type = "forking"; GuessMainPID = true; } else if job.daemonType == "none" then { } else throw "invalid daemon type `${job.daemonType}'") - // optionalAttrs (!job.task && job.respawn) + // optionalAttrs (!job.task && !(job.script == "" && job.exec == "") && job.respawn) { Restart = "always"; } // optionalAttrs job.task { Type = "oneshot"; RemainAfterExit = false; }; From eda854d50f6515e4a5e61a846a18a1f0efaa7886 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Wed, 9 Apr 2014 23:55:17 -0500 Subject: [PATCH 08/94] systemd: Add an assertion to guarantee oneshot units do not have restart set This prevents insidious errors once systemd begins handling the unit. If the unit is loaded at boot, any errors of this nature are logged to the console before the journal service is running. This makes it very hard to diagnose the issue. Therefore, this assertion helps guarantee the mistake is not made. --- nixos/modules/system/boot/systemd.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 7d5283489184..4705ceb8086a 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -630,6 +630,12 @@ in config = { + assertions = mapAttrsToList (name: service: { + assertion = !hasAttr "Type" service.serviceConfig || service.serviceConfig.Type != "oneshot" + || !hasAttr "Restart" service.serviceConfig || service.serviceConfig.Restart == "no"; + message = "${name}: Type=oneshot services must have Restart=no"; + }) cfg.services; + system.build.units = units; environment.systemPackages = [ systemd ]; From 2fc520d699a853089cba5fb7c733db0c3789dc7b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 01:08:14 +0200 Subject: [PATCH 09/94] Simplify assertion --- nixos/modules/system/boot/systemd.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 4705ceb8086a..1e4963c7ca6f 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -631,8 +631,7 @@ in config = { assertions = mapAttrsToList (name: service: { - assertion = !hasAttr "Type" service.serviceConfig || service.serviceConfig.Type != "oneshot" - || !hasAttr "Restart" service.serviceConfig || service.serviceConfig.Restart == "no"; + assertion = service.serviceConfig.Type or "" == "oneshot" -> service.serviceConfig.Restart or "no" == "no"; message = "${name}: Type=oneshot services must have Restart=no"; }) cfg.services; From 171a58bcd68e59d8df461cce133cacb67b488bb2 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Mon, 17 Mar 2014 17:33:39 -0500 Subject: [PATCH 10/94] cpupower: Add package to replace cpufrequtils --- pkgs/os-specific/linux/cpupower/default.nix | 42 +++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 44 insertions(+) create mode 100644 pkgs/os-specific/linux/cpupower/default.nix diff --git a/pkgs/os-specific/linux/cpupower/default.nix b/pkgs/os-specific/linux/cpupower/default.nix new file mode 100644 index 000000000000..bf6e8c36f3df --- /dev/null +++ b/pkgs/os-specific/linux/cpupower/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchurl, kernel, coreutils, pciutils, gettext }: + +stdenv.mkDerivation { + name = "cpupower-${kernel.version}"; + + src = kernel.src; + + buildInputs = [ coreutils pciutils gettext ]; + + configurePhase = '' + cd tools/power/cpupower + sed -i 's,/bin/true,${coreutils}/bin/true,' Makefile + sed -i 's,/bin/pwd,${coreutils}/bin/pwd,' Makefile + sed -i 's,/usr/bin/install,${coreutils}/bin/install,' Makefile + ''; + + buildPhase = '' + make + ''; + + installPhase = '' + make \ + bindir="$out/bin" \ + sbindir="$out/sbin" \ + mandir="$out/share/man" \ + includedir="$out/include" \ + libdir="$out/lib" \ + localedir="$out/share/locale" \ + docdir="$out/share/doc/cpupower" \ + confdir="$out/etc" \ + install install-man + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Tool to examine and tune power saving features."; + homepage = https://www.kernel.org.org/; + license = licenses.gpl2; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f86cff13ad82..e542389bdbb5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7008,6 +7008,8 @@ let cryptodev = callPackage ../os-specific/linux/cryptodev { }; + cpupower = callPackage ../os-specific/linux/cpupower { }; + e1000e = callPackage ../os-specific/linux/e1000e {}; v4l2loopback = callPackage ../os-specific/linux/v4l2loopback { }; From dd209e901cfbac8e68949b4871d6aece935b6215 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Mon, 17 Mar 2014 18:07:46 -0500 Subject: [PATCH 11/94] cpu-freq: Use cpupower instead of cpufrequtils Additionally, put the powersave utility in charge of loading the cpufrequency modules based on the governor specified in the configuration. --- nixos/modules/config/power-management.nix | 6 +--- nixos/modules/tasks/cpu-freq.nix | 43 ++++++++++++----------- 2 files changed, 23 insertions(+), 26 deletions(-) diff --git a/nixos/modules/config/power-management.nix b/nixos/modules/config/power-management.nix index 4984c0cd826d..17f3ed00b9be 100644 --- a/nixos/modules/config/power-management.nix +++ b/nixos/modules/config/power-management.nix @@ -65,11 +65,7 @@ in config = mkIf cfg.enable { - boot.kernelModules = - [ "acpi_cpufreq" "powernow-k8" "cpufreq_performance" "cpufreq_powersave" "cpufreq_ondemand" - "cpufreq_conservative" - ]; - + # FIXME: Implement powersave governor for sandy bridge or later Intel CPUs powerManagement.cpuFreqGovernor = mkDefault "ondemand"; powerManagement.scsiLinkPolicy = mkDefault "min_power"; diff --git a/nixos/modules/tasks/cpu-freq.nix b/nixos/modules/tasks/cpu-freq.nix index 3df9b58c524c..02f269f28f9d 100644 --- a/nixos/modules/tasks/cpu-freq.nix +++ b/nixos/modules/tasks/cpu-freq.nix @@ -2,6 +2,11 @@ with lib; +let + cpupower = config.boot.kernelPackages.cpupower; + cfg = config.powerManagement; +in + { ###### interface @@ -25,29 +30,25 @@ with lib; config = mkIf (config.powerManagement.cpuFreqGovernor != null) { - environment.systemPackages = [ pkgs.cpufrequtils ]; + boot.kernelModules = [ "acpi-cpufreq" "speedstep-lib" "pcc-cpufreq" + "cpufreq_${cfg.cpuFreqGovernor}" + ]; - jobs.cpufreq = - { description = "CPU Frequency Governor Setup"; + environment.systemPackages = [ cpupower ]; - after = [ "systemd-modules-load.service" ]; - wantedBy = [ "multi-user.target" ]; - - unitConfig.ConditionPathIsReadWrite = "/sys/devices/"; - - path = [ pkgs.cpufrequtils ]; - - preStart = '' - for i in $(seq 0 $(($(nproc) - 1))); do - for gov in $(cpufreq-info -c $i -g); do - if [ "$gov" = ${config.powerManagement.cpuFreqGovernor} ]; then - echo "<6>setting governor on CPU $i to ‘$gov’" - cpufreq-set -c $i -g $gov - fi - done - done - ''; + systemd.services.cpufreq = { + description = "CPU Frequency Governor Setup"; + after = [ "systemd-modules-load.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ cpupower ]; + script = '' + cpupower frequency-set -g ${cfg.cpuFreqGovernor} + ''; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; }; - }; + }; + }; } From 60a84019b40337b6ef2b4cf7487baa4edcf5593c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 01:11:32 +0200 Subject: [PATCH 12/94] Don't make containers depend on cpupower --- nixos/modules/tasks/cpu-freq.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/tasks/cpu-freq.nix b/nixos/modules/tasks/cpu-freq.nix index 02f269f28f9d..edce562b0054 100644 --- a/nixos/modules/tasks/cpu-freq.nix +++ b/nixos/modules/tasks/cpu-freq.nix @@ -28,7 +28,7 @@ in ###### implementation - config = mkIf (config.powerManagement.cpuFreqGovernor != null) { + config = mkIf (!config.boot.isContainer && config.powerManagement.cpuFreqGovernor != null) { boot.kernelModules = [ "acpi-cpufreq" "speedstep-lib" "pcc-cpufreq" "cpufreq_${cfg.cpuFreqGovernor}" From ab989f525bf0b8dbe402924f931d3063dc0b8ca5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 01:44:43 +0200 Subject: [PATCH 13/94] Drop ALSA dependency in containers --- nixos/modules/virtualisation/container-config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index da80e44f2c31..ae06fcb41e38 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -6,6 +6,8 @@ with lib; config = mkIf config.boot.isContainer { + sound.enable = mkDefault false; + # Provide a login prompt on /var/lib/login.socket. On the host, # you can connect to it by running ‘socat # unix:/var/lib/login.socket -,echo=0,raw’. From 85e9ad1b2f4a789272f115d2a8ffe31ed3338ea8 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 14 Mar 2014 23:54:13 -0500 Subject: [PATCH 14/94] stage1: Systemd libraries were renamed --- nixos/modules/system/boot/stage-1.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index f69e6cfe54c6..c38d33c45d6e 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -74,7 +74,7 @@ let cp -v ${pkgs.lvm2}/sbin/dmsetup $out/bin/dmsetup cp -v ${pkgs.lvm2}/sbin/lvm $out/bin/lvm cp -v ${pkgs.lvm2}/lib/libdevmapper.so.*.* $out/lib - cp -v ${pkgs.systemd}/lib/libsystemd-daemon.so.* $out/lib + cp -v ${pkgs.systemd}/lib/libsystemd.so.* $out/lib # Add RAID mdadm tool. cp -v ${pkgs.mdadm}/sbin/mdadm $out/bin/mdadm From 8b7d73abba46e11d9df5e673f1afe37b87bbe22e Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 10:36:16 +0200 Subject: [PATCH 15/94] Don't run the cpufreq service in VMs --- nixos/modules/tasks/cpu-freq.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/tasks/cpu-freq.nix b/nixos/modules/tasks/cpu-freq.nix index edce562b0054..eb1dfe5f6be2 100644 --- a/nixos/modules/tasks/cpu-freq.nix +++ b/nixos/modules/tasks/cpu-freq.nix @@ -44,6 +44,7 @@ in script = '' cpupower frequency-set -g ${cfg.cpuFreqGovernor} ''; + unitConfig.ConditionVirtualization = false; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; From 566a5c33e86bfd2956867c8184728825e58817e5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 10:43:33 +0200 Subject: [PATCH 16/94] Set MODULE_DIR in systemd-load-modules.service --- nixos/modules/system/boot/kernel.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index cff7c08579f4..a90d1f7c2aa4 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -249,6 +249,7 @@ in SuccessExitStatus = "0 1"; }; restartTriggers = [ kernelModulesConf ]; + environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; }; lib.kernelConfig = { From e8af68d2dcc064be54a2f0906b52e2b951b1756f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 10:48:14 +0200 Subject: [PATCH 17/94] Make machinectl work --- nixos/modules/system/boot/systemd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 1e4963c7ca6f..30cff8c8ab2d 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -66,6 +66,7 @@ let #"systemd-vconsole-setup.service" "systemd-user-sessions.service" "dbus-org.freedesktop.login1.service" + "dbus-org.freedesktop.machine1.service" "user@.service" # Journal. From 0ac322c7a0502c98a8ebdcf34a1ee8e820537dcd Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 11:34:34 +0200 Subject: [PATCH 18/94] systemd-nspawn: Fix starting NixOS containers --- pkgs/os-specific/linux/systemd/fixes.patch | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 5ef248dc75d9..298a6247ccb5 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -39,6 +39,26 @@ index d1258f0..0311812 100644 #ifndef HAVE_SPLIT_USR || path_equal(m->path, "/usr") #endif +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 9a9ed9d..9e46e18 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) { + goto finish; + } + } else { ++#if 0 + const char *p; + + p = strappenda(arg_directory, +@@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) { + goto finish; + + } ++#endif + } + } else { + char template[] = "/tmp/nspawn-root-XXXXXX"; diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c index d61ecdf..228a3a4 100644 --- a/src/nss-myhostname/netlink.c From 19d4e40dfc1f9b426df168c47d1ca82be1af96b9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 15:25:37 +0200 Subject: [PATCH 19/94] systemd: Build on i686-linux --- pkgs/os-specific/linux/systemd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index e48c875d6f92..262fde749843 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -72,7 +72,7 @@ stdenv.mkDerivation rec { # This is needed because systemd uses the gold linker, which doesn't # yet have the wrapper script to add rpath flags automatically. - NIX_LDFLAGS = "-rpath ${pam}/lib -rpath ${libcap}/lib -rpath ${acl}/lib"; + NIX_LDFLAGS = "-rpath ${pam}/lib -rpath ${libcap}/lib -rpath ${acl}/lib -rpath ${stdenv.gcc.gcc}/lib"; PYTHON_BINARY = "${coreutils}/bin/env python"; # don't want a build time dependency on Python From c382ad1e17c3b11374a1c1d72f6623e163d01b11 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 16:09:32 +0200 Subject: [PATCH 20/94] Fix tests Doing a =~ regexp check doesn't do anything in itself... --- nixos/tests/containers.nix | 4 ++-- nixos/tests/udisks.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/tests/containers.nix b/nixos/tests/containers.nix index 9580f18189a2..8ad9cd6e0d79 100644 --- a/nixos/tests/containers.nix +++ b/nixos/tests/containers.nix @@ -25,7 +25,7 @@ import ./make-test.nix { testScript = '' - $machine->succeed("nixos-container list") =~ /webserver/; + $machine->succeed("nixos-container list") =~ /webserver/ or die; # Start the webserver container. $machine->succeed("nixos-container start webserver"); @@ -65,7 +65,7 @@ import ./make-test.nix { $machine->succeed("nixos-container start $id1"); # Execute commands via the root shell. - $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/; + $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die; $machine->succeed("nixos-container set-root-password $id1 foobar"); # Destroy the containers. diff --git a/nixos/tests/udisks.nix b/nixos/tests/udisks.nix index 2354c3106618..b7f2e2c00315 100644 --- a/nixos/tests/udisks.nix +++ b/nixos/tests/udisks.nix @@ -40,7 +40,7 @@ in # Mount the stick as a non-root user and do some stuff with it. $machine->succeed("su - alice -c 'udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1'"); $machine->succeed("su - alice -c 'udisks --mount /dev/sda1'"); - $machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/; + $machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/ or die; $machine->succeed("su - alice -c 'echo foo > /media/USBSTICK/bar.txt'"); # Unmounting the stick should make the mountpoint disappear. From c81565f6cf7e0763d17b8513bc5183b778ae699b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 16:10:11 +0200 Subject: [PATCH 21/94] Remove hack for using upstream getty units Also, enable the container-getty@ unit so that "machinectl login" works. --- nixos/modules/services/ttys/agetty.nix | 21 ++++++----- pkgs/os-specific/linux/systemd/fixes.patch | 44 +++++++++++++++++++++- 2 files changed, 53 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/ttys/agetty.nix b/nixos/modules/services/ttys/agetty.nix index 442774af2512..c4571ef856f4 100644 --- a/nixos/modules/services/ttys/agetty.nix +++ b/nixos/modules/services/ttys/agetty.nix @@ -49,22 +49,23 @@ with lib; config = { systemd.services."getty@" = - { baseUnit = pkgs.runCommand "getty.service" {} - '' - sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/getty@.service > $out - ''; - serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400"; + { baseUnit = "${config.systemd.package}/example/systemd/system/getty@.service"; + serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM"; restartIfChanged = false; }; systemd.services."serial-getty@" = - { baseUnit = pkgs.runCommand "serial-getty.service" {} - '' - sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/serial-getty@.service > $out - ''; + { baseUnit = "${config.systemd.package}/example/systemd/system/serial-getty@.service"; serviceConfig.ExecStart = let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed); - in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds}"; + in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds} $TERM"; + restartIfChanged = false; + }; + + systemd.services."container-getty@" = + { baseUnit = "${config.systemd.package}/example/systemd/system/container-getty@.service"; + unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits. + serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud pts/%I 115200,38400,9600 $TERM"; restartIfChanged = false; }; diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 298a6247ccb5..4e9e71765aef 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -87,6 +87,30 @@ index 0887bc3..6b502ce 100644 return log_oom(); } +diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in +index 8ac51a4..cae9fb5 100644 +--- a/units/console-getty.service.m4.in ++++ b/units/console-getty.service.m4.in +@@ -15,7 +15,6 @@ After=rc-local.service + Before=getty.target + + [Service] +-ExecStart=-/sbin/agetty --noclear --keep-baud console 115200,38400,9600 $TERM + Type=idle + Restart=always + RestartSec=0 +diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in +index 4f7794b..bad2a9a 100644 +--- a/units/container-getty@.service.m4.in ++++ b/units/container-getty@.service.m4.in +@@ -16,7 +16,6 @@ Before=getty.target + IgnoreOnIsolate=yes + + [Service] +-ExecStart=-/sbin/agetty --noclear --keep-baud pts/%I 115200,38400,9600 $TERM + Type=idle + Restart=always + RestartSec=0 diff --git a/units/emergency.service.in b/units/emergency.service.in index 94c090f..0d20640 100644 --- a/units/emergency.service.in @@ -100,10 +124,10 @@ index 94c090f..0d20640 100644 ExecStart=-/sbin/sulogin ExecStopPost=@SYSTEMCTL@ --fail --no-block default diff --git a/units/getty@.service.m4 b/units/getty@.service.m4 -index aa853b8..f76cde0 100644 +index aa853b8..8bcc647 100644 --- a/units/getty@.service.m4 +++ b/units/getty@.service.m4 -@@ -23,7 +23,9 @@ IgnoreOnIsolate=yes +@@ -23,11 +23,12 @@ IgnoreOnIsolate=yes # On systems without virtual consoles, don't start any getty. Note # that serial gettys are covered by serial-getty@.service, not this # unit. @@ -114,6 +138,10 @@ index aa853b8..f76cde0 100644 [Service] # the VT is cleared by TTYVTDisallocate +-ExecStart=-/sbin/agetty --noclear %I $TERM + Type=idle + Restart=always + RestartSec=0 diff --git a/units/local-fs.target b/units/local-fs.target index ae3cedc..0e36840 100644 --- a/units/local-fs.target @@ -148,6 +176,18 @@ index 552ef89..af3915f 100644 ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.' ExecStart=-/sbin/sulogin ExecStopPost=-@SYSTEMCTL@ --fail --no-block default +diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4 +index 4ac51e7..86a3b59 100644 +--- a/units/serial-getty@.service.m4 ++++ b/units/serial-getty@.service.m4 +@@ -22,7 +22,6 @@ Before=getty.target + IgnoreOnIsolate=yes + + [Service] +-ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM + Type=idle + Restart=always + RestartSec=0 diff --git a/units/sysinit.target b/units/sysinit.target index 8f4fb8f..e0f0147 100644 --- a/units/sysinit.target From 7438b95437ae7dbf359fa86224057d74112807f3 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 16:29:38 +0200 Subject: [PATCH 22/94] util-linux: Update to 2.24.1 --- pkgs/os-specific/linux/util-linux/default.nix | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index ec43ee1e64f4..cdc384f3ee8c 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,13 +1,11 @@ { stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam }: -let - ver = "2.24"; -in + stdenv.mkDerivation rec { - name = "util-linux-${ver}"; + name = "util-linux-2.24.1"; src = fetchurl { - url = "http://www.kernel.org/pub/linux/utils/util-linux/v${ver}/${name}.tar.bz2"; - sha256 = "1nfnymj03rdcxjb677a9qq1zirppr8csh32cb85qm23x5xndi6v3"; + url = "http://www.kernel.org/pub/linux/utils/util-linux/v2.24/${name}.tar.xz"; + sha256 = "0444xhfm9525v3aagyfbp38mp7xsw2fn9zg4ya713c7s5hivcpl3"; }; crossAttrs = { @@ -19,8 +17,6 @@ stdenv.mkDerivation rec { # (/sbin/mount.*) through an environment variable, but that's # somewhat risky because we have to consider that mount can setuid # root... - # --enable-libmount-mount fixes the behaviour being /etc/mtab a symlink to /proc/monunts - # http://pl.digipedia.org/usenet/thread/19513/1924/ configureFlags = '' --enable-write --enable-last From c21ef8481075e345da7c534d969d8d4c3c2a0838 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 16:44:05 +0200 Subject: [PATCH 23/94] linux-pam: Update to 1.1.8 --- pkgs/os-specific/linux/pam/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 43300425c004..afc125556fe2 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, flex, cracklib }: stdenv.mkDerivation rec { - name = "linux-pam-1.1.6"; + name = "linux-pam-1.1.8"; src = fetchurl { - url = https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.6.tar.bz2; - sha256 = "1hlz2kqvbjisvwyicdincq7nz897b9rrafyzccwzqiqg53b8gf5s"; + url = http://www.linux-pam.org/library/Linux-PAM-1.1.8.tar.bz2; + sha256 = "0m8ygb40l1c13nsd4hkj1yh4p1ldawhhg8pyjqj9w5kd4cxg5cf4"; }; nativeBuildInputs = [ flex ]; From c13d582c782536718c7d62a10c2f83f19f0ce22e Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 16:44:27 +0200 Subject: [PATCH 24/94] Make dbus overridable --- pkgs/top-level/all-packages.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e542389bdbb5..144651fe2eb0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4182,10 +4182,11 @@ let dbus_glib = callPackage ../development/libraries/dbus-glib { }; dbus_java = callPackage ../development/libraries/java/dbus-java { }; dbus_python = callPackage ../development/python-modules/dbus { }; + # Should we deprecate these? Currently there are many references. - dbus_tools = dbus.tools; - dbus_libs = dbus.libs; - dbus_daemon = dbus.daemon; + dbus_tools = pkgs.dbus.tools; + dbus_libs = pkgs.dbus.libs; + dbus_daemon = pkgs.dbus.daemon; dhex = callPackage ../applications/editors/dhex { }; From 150d3b00951a2f0f1f65a22602422c2e75616c1f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 16:58:06 +0200 Subject: [PATCH 25/94] no-x-libs.nix: Disable su xauth forwarding, and X11 dependency in dbus --- nixos/lib/eval-config.nix | 2 +- nixos/modules/config/no-x-libs.nix | 21 ++++++++++++++------- nixos/modules/profiles/minimal.nix | 7 ++----- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix index e082b174454e..0fa00637a93a 100644 --- a/nixos/lib/eval-config.nix +++ b/nixos/lib/eval-config.nix @@ -58,7 +58,7 @@ rec { inherit system extraArgs modules prefix; # For efficiency, leave out most NixOS modules; they don't # define nixpkgs.config, so it's pointless to evaluate them. - baseModules = [ ../modules/misc/nixpkgs.nix ]; + baseModules = [ ../modules/misc/nixpkgs.nix ../modules/config/no-x-libs.nix ]; pkgs = import ./nixpkgs.nix { system = system_; config = {}; }; check = false; }).config.nixpkgs; diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 4b791c109d7a..f91dbb4cc281 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -1,3 +1,6 @@ +# This module gets rid of all dependencies on X11 client libraries +# (including fontconfig). + { config, lib, pkgs, ... }: with lib; @@ -8,18 +11,22 @@ with lib; type = types.bool; default = false; description = '' - Switch off the options in the default configuration that require X libraries. - Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts, - fonts.enableFontConfig + Switch off the options in the default configuration that + require X11 libraries. This includes client-side font + configuration and SSH forwarding of X11 authentication + in. Thus, you probably do not want to enable this option if + you want to run X11 programs on this machine via SSH. ''; }; }; config = mkIf config.environment.noXlibs { programs.ssh.setXAuthLocation = false; - fonts = { - enableCoreFonts = false; - enableFontConfig = false; - }; + security.pam.services.su.forwardXAuth = lib.mkForce false; + + fonts.enableFontConfig = false; + + nixpkgs.config.packageOverrides = pkgs: + { dbus = pkgs.dbus.override { useX11 = false; }; }; }; } diff --git a/nixos/modules/profiles/minimal.nix b/nixos/modules/profiles/minimal.nix index 821b9f93465a..5067622aaf16 100644 --- a/nixos/modules/profiles/minimal.nix +++ b/nixos/modules/profiles/minimal.nix @@ -1,11 +1,8 @@ # This module defines a small NixOS configuration. It does not # contain any graphical stuff. -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { - # Don't include X libraries. - programs.ssh.setXAuthLocation = false; - fonts.enableFontConfig = false; - fonts.enableCoreFonts = false; + environment.noXlibs = true; } From 2503e7e0c897409c41d0bffcc46e40ea1826a539 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 16 Apr 2014 18:15:48 +0200 Subject: [PATCH 26/94] systemd: Apply patch to make container logins work again --- pkgs/os-specific/linux/systemd/fixes.patch | 39 ++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 4e9e71765aef..493a9d266d7a 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -26,6 +26,45 @@ index 41605ee..8517369 100644 if (switch_root_dir) args[i++] = "--switched-root"; args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; +diff --git a/src/core/socket.c b/src/core/socket.c +index 7c18a2b..eba67d5 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) { + int k; + + k = getpeercred(fd, &ucred); +- if (k < 0) ++ if (k == -ENODATA) { ++ /* This handles the case where somebody is ++ * connecting from another pid/uid namespace ++ * (e.g. from outside of our container). */ ++ if (asprintf(&r, ++ "%u-unknown", ++ nr) < 0) ++ return -ENOMEM; ++ } ++ else if (k < 0) + return k; +- +- if (asprintf(&r, +- "%u-%lu-%lu", +- nr, +- (unsigned long) ucred.pid, +- (unsigned long) ucred.uid) < 0) +- return -ENOMEM; +- ++ else { ++ if (asprintf(&r, ++ "%u-%lu-%lu", ++ nr, ++ (unsigned long) ucred.pid, ++ (unsigned long) ucred.uid) < 0) ++ return -ENOMEM; ++ } + break; + } + diff --git a/src/core/umount.c b/src/core/umount.c index d1258f0..0311812 100644 --- a/src/core/umount.c From eeb32fd82b1b30b3af16375de8dd8fc2918d43de Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 10:53:08 +0200 Subject: [PATCH 27/94] Hopefully fix random failure in cups test http://hydra.nixos.org/build/10372895 --- nixos/tests/printing.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix index 9ef28dcfcd4d..9b96e3d7b20c 100644 --- a/nixos/tests/printing.nix +++ b/nixos/tests/printing.nix @@ -31,7 +31,9 @@ import ./make-test.nix ({pkgs, ... }: { # Make sure that cups is up on both sides. $server->waitForUnit("cupsd.service"); + $server->waitForUnit("network.target"); $client->waitForUnit("cupsd.service"); + $client->waitForUnit("network.target"); $client->succeed("lpstat -r") =~ /scheduler is running/ or die; $client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die; $client->succeed("curl --fail http://localhost:631/"); From f0a9703f7784e4759a6704606346920c78a9095d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 10:56:10 +0200 Subject: [PATCH 28/94] journalctl no longer parses the flag "-bu" --- nixos/lib/test-driver/Machine.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm index 99810f87750d..6d3ffa173593 100644 --- a/nixos/lib/test-driver/Machine.pm +++ b/nixos/lib/test-driver/Machine.pm @@ -495,7 +495,7 @@ sub waitForX { my ($self, $regexp) = @_; $self->nest("waiting for the X11 server", sub { retry sub { - my ($status, $out) = $self->execute("journalctl -bu systemd-logind | grep Linked"); + my ($status, $out) = $self->execute("journalctl -b -u systemd-logind | grep Linked"); return 0 if $status != 0; ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1"); return 1 if $status == 0; From 5378da25a027f73bbbb25e1d111499f3b7dba2e8 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 11:35:18 +0200 Subject: [PATCH 29/94] Apply pam_loginuid before pam_systemd As recommended by the pam_systemd manpage. --- nixos/modules/security/pam.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 0d205ce07e56..6a5eb4c720f8 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -187,6 +187,8 @@ let # Session management. session required pam_unix.so + ${optionalString cfg.setLoginUid + "session required pam_loginuid.so"} ${optionalString cfg.updateWtmp "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"} ${optionalString config.users.ldap.enable @@ -197,8 +199,6 @@ let "session optional ${pkgs.otpw}/lib/security/pam_otpw.so"} ${optionalString cfg.startSession "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"} - ${optionalString cfg.setLoginUid - "session required pam_loginuid.so"} ${optionalString cfg.forwardXAuth "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"} ${optionalString (cfg.limits != []) From 89155dbc01e899a08151e50c01e82ad469c5ad59 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 12:03:04 +0200 Subject: [PATCH 30/94] systemd: Enable user systemd instances --- nixos/modules/system/boot/systemd.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 30cff8c8ab2d..a35c3224db2a 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -727,5 +727,17 @@ in }) (filterAttrs (name: service: service.startAt != "") cfg.services); + # Provide the systemd-user PAM service, required to run systemd + # user instances. + security.pam.services.systemd-user = + { # Ensure that pam_systemd gets included. This is special-cased + # in systemd to provide XDG_RUNTIME_DIR. + startSession = true; + }; + + # Provide systemd user units. FIXME: Should make this definable, + # just like the system units. + environment.etc."systemd/user".source = "${systemd}/example/systemd/user"; + }; } From 518f710547b92c3f3a5ef7fdf55be1e8cb66bea1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 12:22:24 +0200 Subject: [PATCH 31/94] Fix module loading in systemd-udevd --- nixos/modules/services/hardware/udev.nix | 5 +++++ nixos/modules/system/boot/systemd.nix | 2 +- nixos/tests/misc.nix | 6 ++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index d218aa1e5e16..875de55b6c6d 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -243,5 +243,10 @@ in fi ''; + systemd.services.systemd-udevd = + { baseUnit = "${config.systemd.package}/example/systemd/system/systemd-udevd.service"; + environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; + }; + }; } diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index a35c3224db2a..36d273564083 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -50,7 +50,7 @@ let # Udev. "systemd-udevd-control.socket" "systemd-udevd-kernel.socket" - "systemd-udevd.service" + #"systemd-udevd.service" "systemd-udev-settle.service" "systemd-udev-trigger.service" diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 0f57b9f61261..76298f1abd47 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -63,6 +63,12 @@ import ./make-test.nix { $machine->succeed('[ "`hostname`" = machine ]'); $machine->succeed('[ "`hostname -s`" = machine ]'); }; + + # Test whether systemd-udevd automatically loads modules for our hardware. + subtest "udev-auto-load", sub { + $machine->waitForUnit('systemd-udev-settle.service'); + $machine->succeed('lsmod | grep psmouse'); + }; ''; } From 317a81ada216fa6e97ba60a313bd4f7ba6b6d890 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 13:23:06 +0200 Subject: [PATCH 32/94] Enable systemd-tmpfiles --- nixos/modules/system/boot/systemd.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 36d273564083..f70efeca4b9f 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -140,6 +140,11 @@ let "user.slice" "machine.slice" "systemd-machined.service" + + # Temporary file creation / cleanup. + "systemd-tmpfiles-clean.service" + "systemd-tmpfiles-setup.service" + "systemd-tmpfiles-setup-dev.service" ] ++ optionals cfg.enableEmergencyMode [ @@ -739,5 +744,7 @@ in # just like the system units. environment.etc."systemd/user".source = "${systemd}/example/systemd/user"; + environment.etc."tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; + }; } From 51a1e0a4a9515134bcb7801cd55b43192485786a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 13:46:48 +0200 Subject: [PATCH 33/94] kmod: Update to 17 --- pkgs/os-specific/linux/kmod/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kmod/default.nix b/pkgs/os-specific/linux/kmod/default.nix index 378e1a87d07a..380b4a35f1c2 100644 --- a/pkgs/os-specific/linux/kmod/default.nix +++ b/pkgs/os-specific/linux/kmod/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, xz, zlib, pkgconfig, libxslt }: stdenv.mkDerivation rec { - name = "kmod-16"; + name = "kmod-17"; src = fetchurl { url = "mirror://kernel/linux/utils/kernel/kmod/${name}.tar.xz"; - sha256 = "63412efab37c70459ccef167556965c93fd4f56af5986cd3750542a684c613c5"; + sha256 = "1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv"; }; # Disable xz/zlib support to prevent needing them in the initrd. From 9594421617b912f3996fd9f9ad94405762e49bbc Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 13:52:30 +0200 Subject: [PATCH 34/94] =?UTF-8?q?kmod:=20Respect=20$MODULE=5FDIR=20in=20?= =?UTF-8?q?=E2=80=98kmod=20static-nodes=E2=80=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/os-specific/linux/kmod/module-dir.patch | 46 +++++++++++++++++--- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kmod/module-dir.patch b/pkgs/os-specific/linux/kmod/module-dir.patch index 95d08da45804..0c4ab4bd4c44 100644 --- a/pkgs/os-specific/linux/kmod/module-dir.patch +++ b/pkgs/os-specific/linux/kmod/module-dir.patch @@ -1,7 +1,7 @@ -diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c ---- kmod-7-orig/libkmod/libkmod.c 2012-03-15 08:19:16.750010226 -0400 -+++ kmod-7/libkmod/libkmod.c 2012-04-04 15:21:29.532074313 -0400 -@@ -200,7 +200,7 @@ +diff -ru -x '*~' kmod-17-orig/libkmod/libkmod.c kmod-17/libkmod/libkmod.c +--- kmod-17-orig/libkmod/libkmod.c 2014-04-01 12:40:37.161940089 +0200 ++++ kmod-17/libkmod/libkmod.c 2014-04-17 13:47:15.871441987 +0200 +@@ -201,7 +201,7 @@ static char *get_kernel_release(const char *dirname) { struct utsname u; @@ -10,7 +10,7 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c if (dirname != NULL) return path_make_absolute_cwd(dirname); -@@ -208,7 +208,10 @@ +@@ -209,7 +209,10 @@ if (uname(&u) < 0) return NULL; @@ -22,3 +22,39 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c return NULL; return p; +diff -ru -x '*~' kmod-17-orig/tools/static-nodes.c kmod-17/tools/static-nodes.c +--- kmod-17-orig/tools/static-nodes.c 2013-12-17 22:05:42.159047316 +0100 ++++ kmod-17/tools/static-nodes.c 2014-04-17 13:51:17.945974320 +0200 +@@ -159,6 +159,7 @@ + FILE *in = NULL, *out = NULL; + const struct static_nodes_format *format = &static_nodes_format_human; + int r, ret = EXIT_SUCCESS; ++ char *dirname_prefix; + + for (;;) { + int c, idx = 0, valid; +@@ -211,16 +212,19 @@ + goto finish; + } + +- snprintf(modules, sizeof(modules), "/lib/modules/%s/modules.devname", kernel.release); ++ if ((dirname_prefix = getenv("MODULE_DIR")) == NULL) ++ dirname_prefix = "/lib/modules"; ++ ++ snprintf(modules, sizeof(modules), "%s/%s/modules.devname", dirname_prefix, kernel.release); + in = fopen(modules, "re"); + if (in == NULL) { + if (errno == ENOENT) { +- fprintf(stderr, "Warning: /lib/modules/%s/modules.devname not found - ignoring\n", +- kernel.release); ++ fprintf(stderr, "Warning: %s/%s/modules.devname not found - ignoring\n", ++ dirname_prefix, kernel.release); + ret = EXIT_SUCCESS; + } else { +- fprintf(stderr, "Error: could not open /lib/modules/%s/modules.devname - %m\n", +- kernel.release); ++ fprintf(stderr, "Error: could not open %s/%s/modules.devname - %m\n", ++ dirname_prefix, kernel.release); + ret = EXIT_FAILURE; + } + goto finish; From 7ea51b1c6c390591afd21eb58f6a3fb0de9806e9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 14:35:05 +0200 Subject: [PATCH 35/94] Enable kmod-static-nodes.service This creates static device nodes such as /dev/fuse or /dev/snd/seq. The kernel modules for these devices will be loaded on demand when the device node is opened. --- nixos/modules/system/boot/kernel.nix | 6 ++++++ pkgs/os-specific/linux/systemd/fixes.patch | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index a90d1f7c2aa4..2e036fafae60 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -147,6 +147,12 @@ in config = mkIf (!config.boot.isContainer) { + systemd.services.kmod-static-nodes = + { wantedBy = [ "sysinit.target" ]; + baseUnit = "${config.systemd.package}/example/systemd/system/kmod-static-nodes.service"; + environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; + }; + system.build = { inherit kernel; }; system.modulesTree = [ kernel ] ++ config.boot.extraModulePackages; diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 493a9d266d7a..c33d05da55a6 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -181,6 +181,18 @@ index aa853b8..8bcc647 100644 Type=idle Restart=always RestartSec=0 +diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in +index 368f980..d0c1bd2 100644 +--- a/units/kmod-static-nodes.service.in ++++ b/units/kmod-static-nodes.service.in +@@ -10,7 +10,6 @@ Description=Create list of required static device nodes for the current kernel + DefaultDependencies=no + Before=sysinit.target systemd-tmpfiles-setup-dev.service + ConditionCapability=CAP_MKNOD +-ConditionPathExists=/lib/modules/%v/modules.devname + + [Service] + Type=oneshot diff --git a/units/local-fs.target b/units/local-fs.target index ae3cedc..0e36840 100644 --- a/units/local-fs.target From d17af6b9a8bde0823d62c329506ce151a698b902 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 14:53:48 +0200 Subject: [PATCH 36/94] dhcpcd: Update to 6.3.2 --- pkgs/tools/networking/dhcpcd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix index 758e3fd79805..d247dbe38aa6 100644 --- a/pkgs/tools/networking/dhcpcd/default.nix +++ b/pkgs/tools/networking/dhcpcd/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, pkgconfig, udev }: stdenv.mkDerivation rec { - name = "dhcpcd-6.2.1"; + name = "dhcpcd-6.3.2"; src = fetchurl { url = "http://roy.marples.name/downloads/dhcpcd/${name}.tar.bz2"; - sha256 = "1gs23zwhzml2aam4j6rdncaqfv3z5n1ifx6lq4b8ccifqa87gbga"; + sha256 = "1v2m5wdr6x5cz6i0n1y63am9dhj5j7ylrk717scjgwwjdbq1x75n"; }; patches = [ ./lxc_ro_promote_secondaries.patch ]; From c1e638abb67d51320907c1245992bea4a8694c83 Mon Sep 17 00:00:00 2001 From: Mathijs Kwik Date: Thu, 17 Apr 2014 15:20:39 +0200 Subject: [PATCH 37/94] systemd: oneshot units should be allowed to restart on failure/abort --- nixos/modules/system/boot/systemd.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index f70efeca4b9f..5f07d6482b7f 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -637,7 +637,8 @@ in config = { assertions = mapAttrsToList (name: service: { - assertion = service.serviceConfig.Type or "" == "oneshot" -> service.serviceConfig.Restart or "no" == "no"; + assertion = service.serviceConfig.Type or "" == "oneshot" -> + builtins.elem (service.serviceConfig.Restart or "no") ["no" "on-failure" "on-abort"]; message = "${name}: Type=oneshot services must have Restart=no"; }) cfg.services; From bb9304e2806f316ce201d05416b3c4db975b62b3 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 15:25:10 +0200 Subject: [PATCH 38/94] Remove creation of /tmp/.ICE-unix This is now done by tmpfiles. --- nixos/modules/system/boot/stage-2-init.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index ee042992b178..6657897750eb 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -104,14 +104,8 @@ if test -n "@cleanTmpDir@"; then echo -n "cleaning \`/tmp'..." find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system echo " done" -else - # Get rid of ICE locks... - rm -rf /tmp/.ICE-unix fi -# ... and ensure that it's owned by root. -mkdir -m 1777 /tmp/.ICE-unix - # This is a good time to clean up /nix/var/nix/chroots. Doing an `rm # -rf' on it isn't safe in general because it can contain bind mounts # to /nix/store and other places. But after rebooting these are all From 560a1103adf3834698c73cc98a5b70ec6aa3bbcc Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 16:10:48 +0200 Subject: [PATCH 39/94] =?UTF-8?q?Add=20option=20=E2=80=98systemd.tmpfiles.?= =?UTF-8?q?rules=E2=80=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows specifying rules for systemd-tmpfiles. Also, enable systemd-tmpfiles-clean.timer so that stuff is cleaned up automatically 15 minutes after boot and every day, *if* you have the appropriate cleanup rules (which we don't have by default). --- nixos/modules/system/boot/stage-2.nix | 1 + nixos/modules/system/boot/systemd.nix | 24 ++++++++++++++++++++++++ nixos/tests/misc.nix | 11 +++++++++++ 3 files changed, 36 insertions(+) diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix index 2616c8649d55..f2a177fbdbc1 100644 --- a/nixos/modules/system/boot/stage-2.nix +++ b/nixos/modules/system/boot/stage-2.nix @@ -79,6 +79,7 @@ in ''; }; + # FIXME: should replace this with something that uses systemd-tmpfiles. cleanTmpDir = mkOption { type = types.bool; default = false; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 5f07d6482b7f..5d144a3642bc 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -143,6 +143,7 @@ let # Temporary file creation / cleanup. "systemd-tmpfiles-clean.service" + "systemd-tmpfiles-clean.timer" "systemd-tmpfiles-setup.service" "systemd-tmpfiles-setup-dev.service" ] @@ -629,6 +630,22 @@ in ''; }; + systemd.tmpfiles.rules = mkOption { + type = types.listOf types.str; + default = []; + example = [ "d /tmp 1777 root root 10d" ]; + description = '' + Rules for creating and cleaning up temporary files + automatically. See + tmpfiles.d5 + for the exact format. You should not use this option to create + files required by systemd services, since there is no + guarantee that systemd-tmpfiles runs when + the system is reconfigured using + nixos-rebuild. + ''; + }; + }; @@ -747,5 +764,12 @@ in environment.etc."tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; + environment.etc."tmpfiles.d/nixos.conf".text = + '' + # This file is created automatically and should not be modified. + # Please change the option ‘systemd.tmpfiles.rules’ instead. + ${concatStringsSep "\n" cfg.tmpfiles.rules} + ''; + }; } diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 76298f1abd47..363be2cbb357 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -8,6 +8,7 @@ import ./make-test.nix { [ { device = "/root/swapfile"; size = 128; } ]; environment.variables.EDITOR = pkgs.lib.mkOverride 0 "emacs"; services.nixosManual.enable = pkgs.lib.mkOverride 0 true; + systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ]; }; testScript = @@ -69,6 +70,16 @@ import ./make-test.nix { $machine->waitForUnit('systemd-udev-settle.service'); $machine->succeed('lsmod | grep psmouse'); }; + + # Test whether systemd-tmpfiles-clean works. + subtest "tmpfiles", sub { + $machine->succeed('touch /tmp/foo'); + $machine->succeed('systemctl start systemd-tmpfiles-clean'); + $machine->succeed('[ -e /tmp/foo ]'); + $machine->succeed('date -s "@$(($(date +%s) + 1000000))"'); # move into the future + $machine->succeed('systemctl start systemd-tmpfiles-clean'); + $machine->fail('[ -e /tmp/foo ]'); + }; ''; } From bfda72c2f95b39c2dfa95680dd2b186ba01420d8 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 17:07:03 +0200 Subject: [PATCH 40/94] Fix waitForX --- nixos/lib/test-driver/Machine.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm index 6d3ffa173593..e2bd3393d872 100644 --- a/nixos/lib/test-driver/Machine.pm +++ b/nixos/lib/test-driver/Machine.pm @@ -495,7 +495,7 @@ sub waitForX { my ($self, $regexp) = @_; $self->nest("waiting for the X11 server", sub { retry sub { - my ($status, $out) = $self->execute("journalctl -b -u systemd-logind | grep Linked"); + my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'"); return 0 if $status != 0; ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1"); return 1 if $status == 0; From 8dcf76480c34520997816d1bf4cfd68c6280ebbd Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 18:10:20 +0200 Subject: [PATCH 41/94] firewall: Order after systemd-modules-load.service This ensures that connection tracking modules are loaded on time. --- nixos/modules/services/networking/firewall.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index c2941e122614..e604ba23b87f 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -273,6 +273,8 @@ in path = [ pkgs.iptables ]; + after = [ "systemd-modules-load.service" ]; + preStart = '' ${helpers} From 179acfb664ed06519ac515eada7bbef677cbee87 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 18:52:31 +0200 Subject: [PATCH 42/94] Allow upstream systemd units to be extended If you define a unit, and either systemd or a package in systemd.packages already provides that unit, then we now generate a file /etc/systemd/system/.d/overrides.conf. This makes it possible to use upstream units, while allowing them to be customised from the NixOS configuration. For instance, the module nix-daemon.nix now uses the units provided by the Nix package. And all unit definitions that duplicated upstream systemd units are finally gone. This makes the baseUnit option unnecessary, so I've removed it. --- nixos/modules/config/sysctl.nix | 13 +--- nixos/modules/services/hardware/udev.nix | 3 +- nixos/modules/services/misc/nix-daemon.nix | 20 ++---- nixos/modules/services/ttys/agetty.nix | 9 +-- .../activation/switch-to-configuration.pl | 10 ++- nixos/modules/system/boot/kernel.nix | 33 +++------- .../system/boot/systemd-unit-options.nix | 6 -- nixos/modules/system/boot/systemd.nix | 61 ++++++++++++++----- nixos/modules/tasks/kbd.nix | 14 +---- 9 files changed, 72 insertions(+), 97 deletions(-) diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index b4cd22caa79d..542360219193 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -45,19 +45,8 @@ in ) config.boot.kernel.sysctl); systemd.services.systemd-sysctl = - { description = "Apply Kernel Variables"; - before = [ "sysinit.target" "shutdown.target" ]; - wantedBy = [ "sysinit.target" "multi-user.target" ]; + { wantedBy = [ "multi-user.target" ]; restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ]; - unitConfig = { - DefaultDependencies = false; # needed to prevent a cycle - ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl"; - }; }; # Enable hardlink and symlink restrictions. See diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 875de55b6c6d..169a2e884147 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -244,8 +244,7 @@ in ''; systemd.services.systemd-udevd = - { baseUnit = "${config.systemd.package}/example/systemd/system/systemd-udevd.service"; - environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; + { environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; }; }; diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 1516736dc2e0..e6528777c325 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -275,28 +275,16 @@ in ) cfg.buildMachines; }; - systemd.sockets."nix-daemon" = - { description = "Nix Daemon Socket"; - wantedBy = [ "sockets.target" ]; - before = [ "multi-user.target" ]; - unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/"; - socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket"; - }; + systemd.packages = [ nix ]; - systemd.services."nix-daemon" = - { description = "Nix Daemon"; - - path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ] + systemd.services.nix-daemon = + { path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ] ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; }; - unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/"; - serviceConfig = - { ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon"; - KillMode = "process"; - Nice = cfg.daemonNiceLevel; + { Nice = cfg.daemonNiceLevel; IOSchedulingPriority = cfg.daemonIONiceLevel; LimitNOFILE = 4096; }; diff --git a/nixos/modules/services/ttys/agetty.nix b/nixos/modules/services/ttys/agetty.nix index c4571ef856f4..df21ebbd9743 100644 --- a/nixos/modules/services/ttys/agetty.nix +++ b/nixos/modules/services/ttys/agetty.nix @@ -49,22 +49,19 @@ with lib; config = { systemd.services."getty@" = - { baseUnit = "${config.systemd.package}/example/systemd/system/getty@.service"; - serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM"; + { serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM"; restartIfChanged = false; }; systemd.services."serial-getty@" = - { baseUnit = "${config.systemd.package}/example/systemd/system/serial-getty@.service"; - serviceConfig.ExecStart = + { serviceConfig.ExecStart = let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed); in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds} $TERM"; restartIfChanged = false; }; systemd.services."container-getty@" = - { baseUnit = "${config.systemd.package}/example/systemd/system/container-getty@.service"; - unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits. + { unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits. serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud pts/%I 115200,38400,9600 $TERM"; restartIfChanged = false; }; diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index fd2b5b7950d5..13bd0b60f820 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -115,6 +115,14 @@ sub boolIsTrue { return $s eq "yes" || $s eq "true"; } +# As a fingerprint for determining whether a unit has changed, we use +# its absolute path. If it has an override file, we append *its* +# absolute path as well. +sub fingerprintUnit { + my ($s) = @_; + return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : ""); +} + # Stop all services that no longer exist or have changed in the new # configuration. my (@unitsToStop, @unitsToSkip); @@ -166,7 +174,7 @@ while (my ($unit, $state) = each %{$activePrev}) { } } - elsif (abs_path($prevUnitFile) ne abs_path($newUnitFile)) { + elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) { if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") { # Do nothing. These cannot be restarted directly. } elsif ($unit =~ /\.mount$/) { diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index 2e036fafae60..5e5b2abbb9ca 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -147,12 +147,6 @@ in config = mkIf (!config.boot.isContainer) { - systemd.services.kmod-static-nodes = - { wantedBy = [ "sysinit.target" ]; - baseUnit = "${config.systemd.package}/example/systemd/system/kmod-static-nodes.service"; - environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; - }; - system.build = { inherit kernel; }; system.modulesTree = [ kernel ] ++ config.boot.extraModulePackages; @@ -224,37 +218,26 @@ in # Create /etc/modules-load.d/nixos.conf, which is read by # systemd-modules-load.service to load required kernel modules. - # FIXME: ensure that systemd-modules-load.service is restarted if - # this file changes. environment.etc = singleton { target = "modules-load.d/nixos.conf"; source = kernelModulesConf; }; - # Sigh. This overrides systemd's systemd-modules-load.service - # just so we can set a restart trigger. Also make - # multi-user.target pull it in so that it gets started if it - # failed earlier. systemd.services."systemd-modules-load" = - { description = "Load Kernel Modules"; - wantedBy = [ "sysinit.target" "multi-user.target" ]; - before = [ "sysinit.target" "shutdown.target" ]; - conflicts = [ "shutdown.target" ]; - unitConfig = - { DefaultDependencies = false; - ConditionCapability = "CAP_SYS_MODULE"; - }; + { wantedBy = [ "multi-user.target" ]; + restartTriggers = [ kernelModulesConf ]; + environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; serviceConfig = - { Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${config.systemd.package}/lib/systemd/systemd-modules-load"; - # Ignore failed module loads. Typically some of the + { # Ignore failed module loads. Typically some of the # modules in ‘boot.kernelModules’ are "nice to have but # not required" (e.g. acpi-cpufreq), so we don't want to # barf on those. SuccessExitStatus = "0 1"; }; - restartTriggers = [ kernelModulesConf ]; + }; + + systemd.services.kmod-static-nodes = + { wantedBy = [ "sysinit.target" ]; environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; }; diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix index 20ea0ba874d6..a16263b390d7 100644 --- a/nixos/modules/system/boot/systemd-unit-options.nix +++ b/nixos/modules/system/boot/systemd-unit-options.nix @@ -41,12 +41,6 @@ in rec { ''; }; - baseUnit = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to an upstream unit file on which the NixOS unit configuration will be based."; - }; - description = mkOption { default = ""; type = types.str; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 5d144a3642bc..ee809a8ec44e 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -31,7 +31,6 @@ let "sockets.target" "graphical.target" "multi-user.target" - "getty.target" "network.target" "network-online.target" "nss-lookup.target" @@ -50,10 +49,17 @@ let # Udev. "systemd-udevd-control.socket" "systemd-udevd-kernel.socket" - #"systemd-udevd.service" + "systemd-udevd.service" "systemd-udev-settle.service" "systemd-udev-trigger.service" + # Consoles. + "getty.target" + "getty@.service" + "serial-getty@.service" + "container-getty@.service" + "systemd-vconsole-setup.service" + # Hardware (started by udev when a relevant device is plugged in). "sound.target" "bluetooth.target" @@ -80,7 +86,8 @@ let "systemd-initctl.service" # Kernel module loading. - #"systemd-modules-load.service" + "systemd-modules-load.service" + "kmod-static-nodes.service" # Filesystems. "systemd-fsck@.service" @@ -146,6 +153,9 @@ let "systemd-tmpfiles-clean.timer" "systemd-tmpfiles-setup.service" "systemd-tmpfiles-setup-dev.service" + + # Misc. + "systemd-sysctl.service" ] ++ optionals cfg.enableEmergencyMode [ @@ -198,7 +208,7 @@ let serviceConfig = { name, config, ... }: { config = mkMerge - [ (mkIf (config.baseUnit == null) { # Default path for systemd services. Should be quite minimal. + [ { # Default path for systemd services. Should be quite minimal. path = [ pkgs.coreutils pkgs.findutils @@ -207,7 +217,7 @@ let systemd ]; environment.PATH = config.path; - }) + } (mkIf (config.preStart != "") { serviceConfig.ExecStartPre = makeJobScript "${name}-pre-start" '' #! ${pkgs.stdenv.shell} -e @@ -275,10 +285,7 @@ let (if isList value then value else [value])) as)); - commonUnitText = def: - optionalString (def.baseUnit != null) '' - .include ${def.baseUnit} - '' + '' + commonUnitText = def: '' [Unit] ${attrsToSection def.unitConfig} ''; @@ -358,6 +365,8 @@ let units = pkgs.runCommand "units" { preferLocalBuild = true; } '' mkdir -p $out + + # Copy the upstream systemd units we're interested in. for i in ${toString upstreamUnits}; do fn=${systemd}/example/systemd/system/$i if ! [ -e $fn ]; then echo "missing $fn"; false; fi @@ -368,6 +377,8 @@ let fi done + # Copy .wants links, but only those that point to units that + # we're interested in. for i in ${toString upstreamWants}; do fn=${systemd}/example/systemd/system/$i if ! [ -e $fn ]; then echo "missing $fn"; false; fi @@ -376,18 +387,35 @@ let for i in $fn/*; do y=$x/$(basename $i) cp -pd $i $y - if ! [ -e $y ]; then rm -v $y; fi + if ! [ -e $y ]; then rm $y; fi done done - for i in ${toString (mapAttrsToList (n: v: v.unit) cfg.units)}; do - ln -fs $i/* $out/ - done - + # Symlink all units provided listed in systemd.packages. for i in ${toString cfg.packages}; do - ln -s $i/etc/systemd/system/* $out/ + ln -s $i/etc/systemd/system/* $i/lib/systemd/system/* $out/ done + # Symlink all units defined by systemd.units. If these are also + # provided by systemd or systemd.packages, then add them as + # .d/overrides.conf, which makes them extend the + # upstream unit. + for i in ${toString (mapAttrsToList (n: v: v.unit) cfg.units)}; do + fn=$(basename $i/*) + if [ -e $out/$fn ]; then + if [ "$(readlink -f $i/$fn)" = /dev/null ]; then + ln -sfn /dev/null $out/$fn + else + mkdir $out/$fn.d + ln -s $i/$fn $out/$fn.d/overrides.conf + fi + else + ln -fs $i/$fn $out/ + fi + done + + # Created .wants and .requires symlinks from the wantedBy and + # requiredBy options. ${concatStrings (mapAttrsToList (name: unit: concatMapStrings (name2: '' mkdir -p $out/'${name2}.wants' @@ -400,6 +428,7 @@ let ln -sfn '../${name}' $out/'${name2}.requires'/ '') unit.requiredBy) cfg.units)} + # Stupid misc. symlinks. ln -s ${cfg.defaultUnit} $out/default.target ln -s rescue.target $out/kbrequest.target @@ -411,7 +440,7 @@ let ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/ ${ optionalString config.services.journald.enableHttpGateway '' - ln -s ../systemd-journal-gatewayd.service $out/multi-user-target.wants/ + ln -s ../systemd-journal-gatewayd.service $out/multi-user-target.wants/ ''} ''; # */ diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix index df4737305da6..03c42404e5d5 100644 --- a/nixos/modules/tasks/kbd.nix +++ b/nixos/modules/tasks/kbd.nix @@ -52,19 +52,7 @@ in # /dev/tty0 to prevent putting the X server in non-raw mode, and # it has a restart trigger. systemd.services."systemd-vconsole-setup" = - { description = "Setup Virtual Console"; - wantedBy = [ "sysinit.target" "multi-user.target" ]; - before = [ "sysinit.target" "shutdown.target" ]; - conflicts = [ "shutdown.target" ]; - unitConfig = - { DefaultDependencies = "no"; - ConditionPathExists = "/dev/tty1"; - }; - serviceConfig = - { Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${config.systemd.package}/lib/systemd/systemd-vconsole-setup /dev/tty1"; - }; + { wantedBy = [ "multi-user.target" ]; restartTriggers = [ vconsoleConf ]; }; From 2ad6933a22fd0f834f4abf1766f56c797c26991c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 19:05:29 +0200 Subject: [PATCH 43/94] Remove special handling of systemd-journal-gatewayd --- nixos/modules/system/boot/systemd.nix | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index ee809a8ec44e..d37cb80748d2 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -79,6 +79,8 @@ let "systemd-journald.socket" "systemd-journald.service" "systemd-journal-flush.service" + "systemd-journal-gatewayd.socket" + "systemd-journal-gatewayd.service" "syslog.socket" # SysV init compatibility. @@ -161,11 +163,6 @@ let ++ optionals cfg.enableEmergencyMode [ "emergency.target" "emergency.service" - ] - - ++ optionals config.services.journald.enableHttpGateway [ - "systemd-journal-gatewayd.socket" - "systemd-journal-gatewayd.service" ]; upstreamWants = @@ -438,10 +435,6 @@ let ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \ ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/ - - ${ optionalString config.services.journald.enableHttpGateway '' - ln -s ../systemd-journal-gatewayd.service $out/multi-user-target.wants/ - ''} ''; # */ in @@ -632,7 +625,7 @@ in default = false; type = types.bool; description = '' - Enable journal http gateway + Whether to enable the HTTP gateway to the journal. ''; }; @@ -779,6 +772,9 @@ in }) (filterAttrs (name: service: service.startAt != "") cfg.services); + systemd.sockets.systemd-journal-gatewayd.wantedBy = + optional config.services.journald.enableHttpGateway "sockets.target"; + # Provide the systemd-user PAM service, required to run systemd # user instances. security.pam.services.systemd-user = From 073351a5cfdcf844e05f3ce0e03df686769a7c43 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Apr 2014 23:35:05 +0200 Subject: [PATCH 44/94] Refactor unit option declarations This gets rid of some duplication. --- .../system/boot/systemd-unit-options.nix | 59 +++++++++++++------ nixos/modules/system/boot/systemd.nix | 34 +---------- 2 files changed, 42 insertions(+), 51 deletions(-) diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix index a16263b390d7..a6183c47eb1b 100644 --- a/nixos/modules/system/boot/systemd-unit-options.nix +++ b/nixos/modules/system/boot/systemd-unit-options.nix @@ -28,7 +28,7 @@ let in rec { - unitOptions = { + sharedOptions = { enable = mkOption { default = true; @@ -41,6 +41,37 @@ in rec { ''; }; + requiredBy = mkOption { + default = []; + type = types.listOf types.string; + description = "Units that require (i.e. depend on and need to go down with) this unit."; + }; + + wantedBy = mkOption { + default = []; + type = types.listOf types.string; + description = "Units that want (i.e. depend on) this unit."; + }; + + }; + + concreteUnitOptions = sharedOptions // { + + text = mkOption { + type = types.nullOr types.str; + default = null; + description = "Text of this systemd unit."; + }; + + unit = mkOption { + internal = true; + description = "The generated unit."; + }; + + }; + + commonUnitOptions = sharedOptions // { + description = mkOption { default = ""; type = types.str; @@ -109,18 +140,6 @@ in rec { ''; }; - requiredBy = mkOption { - default = []; - type = types.listOf types.str; - description = "Units that require (i.e. depend on and need to go down with) this unit."; - }; - - wantedBy = mkOption { - default = []; - type = types.listOf types.str; - description = "Units that want (i.e. depend on) this unit."; - }; - unitConfig = mkOption { default = {}; example = { RequiresMountsFor = "/data"; }; @@ -146,7 +165,7 @@ in rec { }; - serviceOptions = unitOptions // { + serviceOptions = commonUnitOptions // { environment = mkOption { default = {}; @@ -280,7 +299,7 @@ in rec { }; - socketOptions = unitOptions // { + socketOptions = commonUnitOptions // { listenStreams = mkOption { default = []; @@ -307,7 +326,7 @@ in rec { }; - timerOptions = unitOptions // { + timerOptions = commonUnitOptions // { timerConfig = mkOption { default = {}; @@ -326,7 +345,7 @@ in rec { }; - pathOptions = unitOptions // { + pathOptions = commonUnitOptions // { pathConfig = mkOption { default = {}; @@ -343,7 +362,7 @@ in rec { }; - mountOptions = unitOptions // { + mountOptions = commonUnitOptions // { what = mkOption { example = "/dev/sda1"; @@ -387,7 +406,7 @@ in rec { }; }; - automountOptions = unitOptions // { + automountOptions = commonUnitOptions // { where = mkOption { example = "/mnt"; @@ -411,4 +430,6 @@ in rec { }; }; + targetOptions = commonUnitOptions; + } diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index d37cb80748d2..08ed482ef43a 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -456,37 +456,7 @@ in default = {}; type = types.attrsOf types.optionSet; options = { name, config, ... }: - { options = { - text = mkOption { - type = types.nullOr types.str; - default = null; - description = "Text of this systemd unit."; - }; - enable = mkOption { - default = true; - type = types.bool; - description = '' - If set to false, this unit will be a symlink to - /dev/null. This is primarily useful to prevent specific - template instances (e.g. serial-getty@ttyS0) - from being started. - ''; - }; - requiredBy = mkOption { - default = []; - type = types.listOf types.string; - description = "Units that require (i.e. depend on and need to go down with) this unit."; - }; - wantedBy = mkOption { - default = []; - type = types.listOf types.string; - description = "Units that want (i.e. depend on) this unit."; - }; - unit = mkOption { - internal = true; - description = "The generated unit."; - }; - }; + { options = concreteUnitOptions; config = { unit = mkDefault (makeUnit name config); }; @@ -502,7 +472,7 @@ in systemd.targets = mkOption { default = {}; type = types.attrsOf types.optionSet; - options = [ unitOptions unitConfig ]; + options = [ targetOptions unitConfig ]; description = "Definition of systemd target units."; }; From e34a1589fe1e2cd37a4d47a0dbf6c5791719e0f1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 00:38:40 +0200 Subject: [PATCH 45/94] Add support for user units MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With ‘systemd.user.units’ and ‘systemd.user.services’, you can specify units used by per-user systemd instances. For example, systemd.user.services.foo = { description = "foo"; wantedBy = [ "default.target" ]; serviceConfig.ExecStart = "${pkgs.foo}/bin/foo"; }; declares a unit ‘foo.service’ that gets started automatically when the user systemd instance starts, and is stopped when the user systemd instance stops. Note that there is at most one systemd instance per user: it's created when a user logs in and there is no systemd instance for that user yet, and it's removed when the user fully logs out (i.e. has no sessions anymore). So if you're simultaneously logged in via X11 and a virtual console, you get only one copy of foo. --- nixos/modules/system/boot/systemd.nix | 83 +++++++++++++++++++-------- 1 file changed, 60 insertions(+), 23 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 08ed482ef43a..db253a0c5827 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -24,7 +24,7 @@ let ln -s /dev/null $out/${name} ''; - upstreamUnits = + upstreamSystemUnits = [ # Targets. "basic.target" "sysinit.target" @@ -165,7 +165,7 @@ let "emergency.service" ]; - upstreamWants = + upstreamSystemWants = [ #"basic.target.wants" "sysinit.target.wants" "sockets.target.wants" @@ -174,6 +174,17 @@ let "timers.target.wants" ]; + upstreamUserUnits = + [ "basic.target" + "default.target" + "exit.target" + "paths.target" + "shutdown.target" + "sockets.target" + "systemd-exit.service" + "timers.target" + ]; + makeJobScript = name: text: let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${name}"; inherit text; }; in "${x}/bin/${name}"; @@ -359,13 +370,13 @@ let ''; }; - units = pkgs.runCommand "units" { preferLocalBuild = true; } - '' + generateUnits = type: units: upstreamUnits: upstreamWants: + pkgs.runCommand "${type}-units" { preferLocalBuild = true; } '' mkdir -p $out # Copy the upstream systemd units we're interested in. for i in ${toString upstreamUnits}; do - fn=${systemd}/example/systemd/system/$i + fn=${systemd}/example/systemd/${type}/$i if ! [ -e $fn ]; then echo "missing $fn"; false; fi if [ -L $fn ]; then cp -pd $fn $out/ @@ -377,7 +388,7 @@ let # Copy .wants links, but only those that point to units that # we're interested in. for i in ${toString upstreamWants}; do - fn=${systemd}/example/systemd/system/$i + fn=${systemd}/example/systemd/${type}/$i if ! [ -e $fn ]; then echo "missing $fn"; false; fi x=$out/$(basename $fn) mkdir $x @@ -390,14 +401,16 @@ let # Symlink all units provided listed in systemd.packages. for i in ${toString cfg.packages}; do - ln -s $i/etc/systemd/system/* $i/lib/systemd/system/* $out/ + if [ -n "$(echo $i/etc/systemd/${type}/*)" ]; then + ln -s $i/etc/systemd/${type}/* $i/lib/systemd/${type}/* $out/ + fi done # Symlink all units defined by systemd.units. If these are also # provided by systemd or systemd.packages, then add them as # .d/overrides.conf, which makes them extend the # upstream unit. - for i in ${toString (mapAttrsToList (n: v: v.unit) cfg.units)}; do + for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do fn=$(basename $i/*) if [ -e $out/$fn ]; then if [ "$(readlink -f $i/$fn)" = /dev/null ]; then @@ -417,24 +430,26 @@ let concatMapStrings (name2: '' mkdir -p $out/'${name2}.wants' ln -sfn '../${name}' $out/'${name2}.wants'/ - '') unit.wantedBy) cfg.units)} + '') unit.wantedBy) units)} ${concatStrings (mapAttrsToList (name: unit: concatMapStrings (name2: '' mkdir -p $out/'${name2}.requires' ln -sfn '../${name}' $out/'${name2}.requires'/ - '') unit.requiredBy) cfg.units)} + '') unit.requiredBy) units)} - # Stupid misc. symlinks. - ln -s ${cfg.defaultUnit} $out/default.target + ${optionalString (type == "system") '' + # Stupid misc. symlinks. + ln -s ${cfg.defaultUnit} $out/default.target - ln -s rescue.target $out/kbrequest.target + ln -s rescue.target $out/kbrequest.target - mkdir -p $out/getty.target.wants/ - ln -s ../autovt@tty1.service $out/getty.target.wants/ + mkdir -p $out/getty.target.wants/ + ln -s ../autovt@tty1.service $out/getty.target.wants/ - ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \ - ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/ + ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \ + ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/ + ''} ''; # */ in @@ -638,6 +653,25 @@ in ''; }; + systemd.user.units = mkOption { + description = "Definition of systemd per-user units."; + default = {}; + type = types.attrsOf types.optionSet; + options = { name, config, ... }: + { options = concreteUnitOptions; + config = { + unit = mkDefault (makeUnit name config); + }; + }; + }; + + systemd.user.services = mkOption { + default = {}; + type = types.attrsOf types.optionSet; + options = [ serviceOptions unitConfig serviceConfig ]; + description = "Definition of systemd per-user service units."; + }; + }; @@ -651,11 +685,15 @@ in message = "${name}: Type=oneshot services must have Restart=no"; }) cfg.services; - system.build.units = units; + system.build.units = cfg.units; environment.systemPackages = [ systemd ]; - environment.etc."systemd/system".source = units; + environment.etc."systemd/system".source = + generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants; + + environment.etc."systemd/user".source = + generateUnits "user" cfg.user.units upstreamUserUnits []; environment.etc."systemd/system.conf".text = '' @@ -719,6 +757,9 @@ in (v: let n = escapeSystemdPath v.where; in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts); + systemd.user.units = + mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services; + system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [ "CGROUPS" "AUTOFS4_FS" "DEVTMPFS" ]; @@ -753,10 +794,6 @@ in startSession = true; }; - # Provide systemd user units. FIXME: Should make this definable, - # just like the system units. - environment.etc."systemd/user".source = "${systemd}/example/systemd/user"; - environment.etc."tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; environment.etc."tmpfiles.d/nixos.conf".text = From ffedee6ed523864dd5f871ffd85e3c2099d579a2 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 00:45:26 +0200 Subject: [PATCH 46/94] Start ssh-agent as a user unit This has some advantages: * You get ssh-agent regardless of how you logged in. Previously it was only started for X11 sessions. * All sessions of a user share the same agent. So if you added a key on tty1, it will also be available on tty2. * Systemd will restart ssh-agent if it dies. * $SSH_AUTH_SOCK now points to the /run/user/ directory, which is more secure than /tmp. For bonus points, we should patch ssh-agent to support socket-based activation... --- nixos/modules/config/gnu.nix | 2 +- nixos/modules/programs/ssh.nix | 33 +++++++++++++++++++ nixos/modules/rename.nix | 1 + .../services/x11/display-managers/default.nix | 11 ------- nixos/modules/services/x11/xserver.nix | 17 ++-------- 5 files changed, 38 insertions(+), 26 deletions(-) diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix index 092828fed0d8..f8c35b440d12 100644 --- a/nixos/modules/config/gnu.nix +++ b/nixos/modules/config/gnu.nix @@ -36,7 +36,7 @@ with lib; # GNU lsh. services.openssh.enable = false; services.lshd.enable = true; - services.xserver.startOpenSSHAgent = false; + programs.ssh.startAgent = false; services.xserver.startGnuPGAgent = true; # TODO: GNU dico. diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 27db667e4402..005c77d255cb 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -47,7 +47,20 @@ in for help. ''; }; + + startAgent = mkOption { + type = types.bool; + default = true; + description = '' + Whether to start the OpenSSH agent when you log in. The OpenSSH agent + remembers private keys for you so that you don't have to type in + passphrases every time you make an SSH connection. Use + ssh-add to add a key to the agent. + ''; + }; + }; + }; config = { @@ -71,5 +84,25 @@ in target = "ssh/ssh_config"; } ]; + + # FIXME: this should really be socket-activated for über-awesomeness. + systemd.user.services.ssh-agent = + { enable = cfg.startAgent; + description = "SSH Agent"; + wantedBy = [ "default.target" ]; + serviceConfig = + { ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent"; + Type = "forking"; + Restart = "on-failure"; + }; + }; + + environment.extraInit = optionalString cfg.startAgent + '' + if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then + export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent" + fi + ''; + }; } diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index aa3cefdcad14..1128b9c0da8d 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -103,6 +103,7 @@ in zipModules ([] ++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ] ++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ] ++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ] +++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ] ++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ] # KDE diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 2deff602982b..3bf18bd58c84 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -51,17 +51,6 @@ let ''} - ${optionalString cfg.startOpenSSHAgent '' - if test -z "$SSH_AUTH_SOCK"; then - # Restart this script as a child of the SSH agent. (It is - # also possible to start the agent as a child that prints - # the required environment variabled on stdout, but in - # that mode ssh-agent is not terminated when we log out.) - export SSH_ASKPASS=${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass - exec ${pkgs.openssh}/bin/ssh-agent "$0" "$sessionType" - fi - ''} - ${optionalString cfg.startGnuPGAgent '' if test -z "$SSH_AUTH_SOCK"; then # Restart this script as a child of the GnuPG agent. diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 1f02bfd6ef37..65f93b544996 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -201,17 +201,6 @@ in ''; }; - startOpenSSHAgent = mkOption { - type = types.bool; - default = true; - description = '' - Whether to start the OpenSSH agent when you log in. The OpenSSH agent - remembers private keys for you so that you don't have to type in - passphrases every time you make an SSH connection. Use - ssh-add to add a key to the agent. - ''; - }; - startGnuPGAgent = mkOption { type = types.bool; default = false; @@ -400,11 +389,11 @@ in hardware.opengl.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ]; assertions = - [ { assertion = !(cfg.startOpenSSHAgent && cfg.startGnuPGAgent); + [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent); message = '' - The OpenSSH agent and GnuPG agent cannot be started both. - Choose between `startOpenSSHAgent' and `startGnuPGAgent'. + The OpenSSH agent and GnuPG agent cannot be started both. Please + choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’. ''; } { assertion = config.security.polkit.enable; From 9f65e82b59fde4f7d12c144832e0ff13f8399a40 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 01:22:38 +0200 Subject: [PATCH 47/94] Make the login test a bit more robust http://hydra.nixos.org/build/10397037 --- nixos/tests/login.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix index 0a7d25c37aca..44c53c231c81 100644 --- a/nixos/tests/login.nix +++ b/nixos/tests/login.nix @@ -9,7 +9,8 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }: testScript = '' - $machine->waitForUnit("default.target"); + $machine->waitForUnit('multi-user.target'); + $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty1'"); $machine->screenshot("postboot"); subtest "create user", sub { @@ -19,9 +20,11 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }: # Check whether switching VTs works. subtest "virtual console switching", sub { + $machine->fail("pgrep -f 'agetty.*tty2'"); $machine->sendKeys("alt-f2"); $machine->waitUntilSucceeds("[ \$(fgconsole) = 2 ]"); $machine->waitForUnit('getty@tty2.service'); + $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty2'"); }; # Log in as alice on a virtual console. From 12f06ae4997c5b5ac123454ba1a86c0a294504a2 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 01:36:43 +0200 Subject: [PATCH 48/94] Doh --- nixos/modules/system/boot/systemd.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index db253a0c5827..5bdb8bdac0b5 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -401,8 +401,10 @@ let # Symlink all units provided listed in systemd.packages. for i in ${toString cfg.packages}; do - if [ -n "$(echo $i/etc/systemd/${type}/*)" ]; then - ln -s $i/etc/systemd/${type}/* $i/lib/systemd/${type}/* $out/ + files=$(echo $i/etc/systemd/${type}/* $i/lib/systemd/${type}/*) + echo $i: $files + if [ -n "$files" ]; then + ln -s $files $out/ fi done From 64b968f81f6ef611826aeda4a1982830e5e3986c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 02:31:10 +0200 Subject: [PATCH 49/94] Remove debug line --- nixos/modules/system/boot/systemd.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 5bdb8bdac0b5..20748f9c3eb5 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -402,7 +402,6 @@ let # Symlink all units provided listed in systemd.packages. for i in ${toString cfg.packages}; do files=$(echo $i/etc/systemd/${type}/* $i/lib/systemd/${type}/*) - echo $i: $files if [ -n "$files" ]; then ln -s $files $out/ fi From f7d28f7cd65bb0321880158073915b76836b91a2 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 02:40:01 +0200 Subject: [PATCH 50/94] Slight test speedup Don't do a pointless ARP check in dhcpcd. --- nixos/modules/services/networking/dhcpcd.nix | 2 ++ nixos/modules/virtualisation/qemu-vm.nix | 3 +++ 2 files changed, 5 insertions(+) diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 8c3f651e434e..349ad27b41c4 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -80,6 +80,7 @@ in options = { networking.dhcpcd.denyInterfaces = mkOption { + type = types.listOf types.str; default = []; description = '' Disable the DHCP client for any interface whose name matches @@ -90,6 +91,7 @@ in }; networking.dhcpcd.extraConfig = mkOption { + type = types.lines; default = ""; description = '' Literal string to append to the config file generated for dhcpcd. diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 7662427854e5..3152a2274182 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -399,6 +399,9 @@ in # Wireless won't work in the VM. networking.wireless.enable = mkVMOverride false; + # Speed up booting by not waiting for ARP. + networking.dhcpcd.extraConfig = "noarp"; + system.requiredKernelConfig = with config.lib.kernelConfig; [ (isEnabled "VIRTIO_BLK") (isEnabled "VIRTIO_PCI") From d43b536ab65baec218fe6ed513f6e0aa2bf6b3ab Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 02:43:00 +0200 Subject: [PATCH 51/94] Work around apparent dhcpcd bug --- nixos/modules/services/networking/dhcpcd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 349ad27b41c4..920c4d173e4e 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -109,6 +109,7 @@ in { description = "DHCP Client"; wantedBy = [ "network.target" ]; + after = [ "systemd-udev-settle.service" ]; # FIXME # Stopping dhcpcd during a reconfiguration is undesirable # because it brings down the network interfaces configured by From 9bb40b7a5b05c61bceb200e770a58fc3250ce23a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 14:47:02 +0200 Subject: [PATCH 52/94] Pull in nix-daemon.socket This led to the container test failing, which made no sense whatsoever, until I realized nix-daemon.socket creates the socket directory as a side effect, which systemd-nspawn then bind-mounts. http://hydra.nixos.org/build/10397575 --- nixos/modules/services/misc/nix-daemon.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index e6528777c325..09a874481dc6 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -277,6 +277,8 @@ in systemd.packages = [ nix ]; + systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; + systemd.services.nix-daemon = { path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ] ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; From 359935a1ef8e4e76832a7db412521d31538e5dba Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 14:48:04 +0200 Subject: [PATCH 53/94] kmod-static-nodes: Drop superfluous wantedBy --- nixos/modules/system/boot/kernel.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index 5e5b2abbb9ca..b81bcf20f439 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -237,8 +237,7 @@ in }; systemd.services.kmod-static-nodes = - { wantedBy = [ "sysinit.target" ]; - environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; + { environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules"; }; lib.kernelConfig = { From 4c764479a6905c8f29fb0363dd63c76da8d35cb0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 14:59:59 +0200 Subject: [PATCH 54/94] Remove redundant space --- nixos/modules/rename.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 1128b9c0da8d..0a67aeb81e56 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -17,7 +17,7 @@ let inherit from to; name = "Obsolete name"; use = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x; - define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x; + define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x; }; # abort if deprecated option is used @@ -25,7 +25,7 @@ let inherit from to; name = "Deprecated name"; use = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'."; - define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'."; + define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'."; }; showOption = concatStringsSep "."; From 890d0cc3a507e10f9f402805d1b5c43997ce603a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 15:34:10 +0200 Subject: [PATCH 55/94] firmware-linux-nonfree: Update to 0.41 --- .../firmware-linux-nonfree/default.nix | 37 ++++++++++--------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix index f5efc565753c..5afa2cbe4ebf 100644 --- a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix +++ b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix @@ -6,26 +6,27 @@ { stdenv, fetchurl, dpkg }: let - version = "0.40"; + version = "0.41"; packages = [ - { name = "adi"; sha256 = "0wwks9ff4n772435s57z1fjrffi4xl9nxnfn3v7xfcwdjb395d88"; } - { name = "atheros"; sha256 = "1gj7hfnyclzgyq06scynaclnfajhs6lw5i51j1w1hikv4yh20djz"; } - { name = "bnx2"; sha256 = "15qjj0sfjin5cbkpby29r5czn11xyiyyc4fmhwlqvgfgrnbp0aqk"; } - { name = "bnx2x"; sha256 = "08nvbln94ff47b2q0avxj1aa2wx4qih8sq8knbq54lp46kjf3k0h"; } - { name = "brcm80211"; sha256 = "1ndsw3s6xkr1n39nf9ig1xhnaglx5qvvvm8rh6ah41v644lzha79"; } - { name = "intelwimax"; sha256 = "1qwxmykh90v92asn4ivq0fak761hs7hd2zmz1dpkjidwsycrfyqn"; } - { name = "ipw2x00"; sha256 = "0a2nb17b5n3k1b6y4dbi5i8k1fm19ba2abq2jh2hjjmyyl3y388m"; } - { name = "ivtv"; sha256 = "1239gsjq16f4kd1yn77iq3ar8ndx3pzd16kpqafr1h2y0zwh452r"; } - { name = "iwlwifi"; sha256 = "03kmh5szd02pkbm1nlyz99fr2njhg88wiv73f1fz485m9rvgga43"; } - { name = "libertas"; sha256 = "0qjziwmwqbp83hxrjw7x3ralxg4ib9y23bcbn1g8yb5b6m84ca6b"; } - { name = "linux"; sha256 = "0ypidsrrfx4kvbfisdpgx2fzbil7g2jixgqhnv960iy5l348amrl"; } - { name = "linux-nonfree"; sha256 = "0p9ql3cdxljflh48r6z40kpyisbzp3s3g1qjb9f64n6cppllwjfr"; } - { name = "myricom"; sha256 = "12spfaq7z2bb93cy15zldlic1wx2v6h9sn7ny09nkzy4m26zds4q"; } - { name = "netxen"; sha256 = "03gmda16bdqw8a4x8x11ph41ksjh48hxydv0f0z3gi3czgbh7sn3"; } - { name = "qlogic"; sha256 = "1ah8rrwzi44p1l4q8qkql18djmn5kihsiinpy204xklm1csf3vs1"; } - { name = "ralink"; sha256 = "005549jk0wnyfnb247awv2wncsx5is05m1hdwcd33iq0dlbmm39b"; } - { name = "realtek"; sha256 = "1ai1klzrql8qxmb7945xiqlkfkyz8admrpb10b3r4ixvclkrvfi2"; } + { name = "adi"; sha256 = "19dm96djp34g6l84g9shwbmqbmfd15c24frcy1zh5nz8x12phgm4"; } + { name = "atheros"; sha256 = "0vrdyxiq7nx89h6ykdrs8s3l9frn3hmcfb9vsz68i12975y8ib5n"; } + { name = "bnx2"; sha256 = "12l3l54q69n1ky8lp7bmzscfqysabjrgmswwj57ryc6l82s7081y"; } + { name = "bnx2x"; sha256 = "10m9p479dq2ylpj5mw6d5vyfh9hybmh5xgs5sxma065v7r3c3v31"; } + { name = "brcm80211"; sha256 = "0l2lg5pshb1kb829hfq9w791scwa8biikrfzsx9wvlvkyxfdh187"; } + { name = "intelwimax"; sha256 = "13jqm8ik0mm8vnsskbbp63idpjqazzp2x4gaq7786jg5yj3zh1cf"; } + { name = "ipw2x00"; sha256 = "1hvxrzqbc75phxdbmqfh7ky36m0qna2pncwxpfdircy9i6fx7ipy"; } + { name = "ivtv"; sha256 = "0ckw1ynzfqnkwlmwpzfbdfx4s6bsl4nwp097g8khaavqxk94n88v"; } + { name = "iwlwifi"; sha256 = "1djazi2qsi5z6q0izirprxgfpg8vh55skab2nijyfl66drlcha72"; } + { name = "libertas"; sha256 = "1yj9dd9pwd98gknx5mvblfcbr6k347xzi8l6bk0pr4570j8ss8y3"; } + { name = "linux"; sha256 = "0vc4cbrq73y5hibx5k3gbfqaqxvaa3g8rv9kzwks2zl3hdxm6xaq"; } + { name = "linux-nonfree"; sha256 = "05vv8yq7kix5cw9s4agz4vgya6i3ff88jp3rxln1ssznhvzrjzx9"; } + { name = "myricom"; sha256 = "1idfvdfw7z4jbbjyq40hd2bpllvw7jz0ah7k3iwljxp8l2lf2nmf"; } + { name = "netxen"; sha256 = "0fdgllv8i7j9qbk5hi14zvw6fcn4nd1isr1486d8fv7nf2bf1mxx"; } + { name = "qlogic"; sha256 = "12w1qnqhs24am2psdfmv0ligczzxh9crllmp7r4y3vqghyvwax7i"; } + { name = "ralink"; sha256 = "1ryplg9shi7nam79zd86z7a0qzp0f9m7q89nq989z57qiysbrra4"; } + { name = "realtek"; sha256 = "1l867724qrw7nwksdv4k0hkz7nrjjs9vq2s3937wyaa0r2r66mg6"; } + { name = "ti-connectivity"; sha256 = "00cl9gyxa7795a57zwcvl26kxfl4qzppi4z8ksg5friv3db8sm1p"; } ]; fetchPackage = From da774bced5ed308c0393d7bb2c542fc84278b4bf Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 15:36:06 +0200 Subject: [PATCH 56/94] Remove dhcpcd_without_udev attribute --- nixos/modules/services/networking/dhcpcd.nix | 2 +- pkgs/top-level/all-packages.nix | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 920c4d173e4e..35a3cfff8406 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -4,7 +4,7 @@ with lib; let - dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd_without_udev; + dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; }; # Don't start dhcpcd on explicitly configured interfaces or on # interfaces that are part of a bridge. diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 144651fe2eb0..0d81df6c31d5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -827,8 +827,6 @@ let dhcpcd = callPackage ../tools/networking/dhcpcd { }; - dhcpcd_without_udev = callPackage ../tools/networking/dhcpcd { udev = null; }; - diffstat = callPackage ../tools/text/diffstat { }; diffutils = callPackage ../tools/text/diffutils { }; From 5c62d3d26b07bb78ec92aec69e99dbee542f5e9d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 16:05:20 +0200 Subject: [PATCH 57/94] nixos-rebuild: Handle $SHELL not being bash --- nixos/modules/installer/tools/nixos-rebuild.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh index 2d137dd52add..d7b749573fa9 100644 --- a/nixos/modules/installer/tools/nixos-rebuild.sh +++ b/nixos/modules/installer/tools/nixos-rebuild.sh @@ -1,5 +1,7 @@ #! @shell@ +if [ -x "@shell@" ]; then export SHELL="@shell@"; fi; + set -e showSyntax() { From 21573af9fb0b53806703c44b46d813b0c5d6efa5 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 16:40:27 +0200 Subject: [PATCH 58/94] Containers: Use /etc/resolv.conf supplied by the host This used to work with systemd-nspawn 203, because it bind-mounted /etc/resolv.conf (so openresolv couldn't overwrite it). Now it's just copied, so we need some special handling. --- nixos/modules/system/boot/stage-2-init.sh | 8 ++++++-- nixos/modules/system/boot/stage-2.nix | 2 ++ nixos/modules/tasks/network-interfaces.nix | 9 +++++++++ nixos/modules/virtualisation/container-config.nix | 2 ++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 6657897750eb..62e08bb9ece5 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -96,8 +96,6 @@ mkdir -m 0755 -p /etc/nixos # Miscellaneous boot time cleanup. rm -rf /var/run /var/lock -rm -f /etc/resolv.conf -touch /etc/resolv.conf rm -f /etc/{group,passwd,shadow}.lock if test -n "@cleanTmpDir@"; then @@ -149,6 +147,12 @@ if test -n "$resumeDevice"; then fi +# Use /etc/resolv.conf supplied by systemd-nspawn, if applicable. +if [ -n "@useHostResolvConf@" -a -e /etc/resolv.conf ]; then + cat /etc/resolv.conf | resolvconf -m 1000 -a host +fi + + # Run the script that performs all configuration activation that does # not have to be done at boot time. echo "running activation script..." diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix index f2a177fbdbc1..f53c3b8b8e70 100644 --- a/nixos/modules/system/boot/stage-2.nix +++ b/nixos/modules/system/boot/stage-2.nix @@ -19,11 +19,13 @@ let isExecutable = true; inherit (config.boot) devShmSize runSize cleanTmpDir; inherit (config.nix) readOnlyStore; + inherit (config.networking) useHostResolvConf; ttyGid = config.ids.gids.tty; path = [ pkgs.coreutils pkgs.utillinux pkgs.sysvtools + pkgs.openresolv ] ++ (optional config.boot.cleanTmpDir pkgs.findutils) ++ optional config.nix.readOnlyStore readonlyMountpoint; postBootCommands = pkgs.writeText "local-cmds" diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index a33b571d4371..9cc8b154324f 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -191,6 +191,15 @@ in ''; }; + networking.useHostResolvConf = mkOption { + type = types.bool; + default = false; + description = '' + In containers, whether to use the + resolv.conf supplied by the host. + ''; + }; + networking.localCommands = mkOption { default = ""; example = "text=anything; echo You can put $text here."; diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index ae06fcb41e38..46dcdbd77128 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -8,6 +8,8 @@ with lib; sound.enable = mkDefault false; + networking.useHostResolvConf = true; + # Provide a login prompt on /var/lib/login.socket. On the host, # you can connect to it by running ‘socat # unix:/var/lib/login.socket -,echo=0,raw’. From c13cede19d7ad1088e3eda358eb57890ef59bec7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 16:50:37 +0200 Subject: [PATCH 59/94] Remove long-obsolete /nix/var/nix/chroots directory --- nixos/modules/services/misc/nix-daemon.nix | 3 +-- nixos/modules/system/boot/stage-2-init.sh | 6 ------ 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 09a874481dc6..4bfd6268234d 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -342,8 +342,7 @@ in /nix/var/nix/profiles \ /nix/var/nix/db \ /nix/var/log/nix/drvs \ - /nix/var/nix/channel-cache \ - /nix/var/nix/chroots + /nix/var/nix/channel-cache mkdir -m 1777 -p \ /nix/var/nix/gcroots/per-user \ /nix/var/nix/profiles/per-user \ diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 62e08bb9ece5..cee9db091c14 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -104,12 +104,6 @@ if test -n "@cleanTmpDir@"; then echo " done" fi -# This is a good time to clean up /nix/var/nix/chroots. Doing an `rm -# -rf' on it isn't safe in general because it can contain bind mounts -# to /nix/store and other places. But after rebooting these are all -# gone, of course. -rm -rf /nix/var/nix/chroots # recreated in activate-configuration.sh - # Also get rid of temporary GC roots. rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots From dd49094a25057211d77a3dc4d075a749db748139 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 16:56:20 +0200 Subject: [PATCH 60/94] Put /nix/var/nix/{temproots,userpool} on a tmpfs --- nixos/modules/services/misc/nix-daemon.nix | 9 ++++++--- nixos/modules/system/boot/stage-2-init.sh | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 4bfd6268234d..171fd08f1e1d 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -336,13 +336,13 @@ in # Nix initialisation. mkdir -m 0755 -p \ /nix/var/nix/gcroots \ - /nix/var/nix/temproots \ /nix/var/nix/manifests \ - /nix/var/nix/userpool \ /nix/var/nix/profiles \ /nix/var/nix/db \ /nix/var/log/nix/drvs \ - /nix/var/nix/channel-cache + /nix/var/nix/channel-cache \ + /run/nix/temproots \ + /run/nix/userpool mkdir -m 1777 -p \ /nix/var/nix/gcroots/per-user \ /nix/var/nix/profiles/per-user \ @@ -350,6 +350,9 @@ in ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/ ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/ + + [ -d /nix/var/nix/temproots ] || ln -sfn /run/nix/temproots /nix/var/nix/temproots + [ -d /nix/var/nix/userpool ] || ln -sfn /run/nix/userpool /nix/var/nix/userpool ''; }; diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index cee9db091c14..5be38725ab72 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -106,7 +106,7 @@ fi # Also get rid of temporary GC roots. -rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots +rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots /nix/var/nix/userpool # Create a tmpfs on /run to hold runtime state for programs such as From f9423208c2a2cf039d626515937d2c5f76fcfe05 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 17:00:11 +0200 Subject: [PATCH 61/94] Containers: Don't warn about not having a boot loader --- nixos/modules/virtualisation/container-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index 46dcdbd77128..35f8a03f1923 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -10,6 +10,9 @@ with lib; networking.useHostResolvConf = true; + # Shut up warnings about not having a boot loader. + system.build.installBootLoader = "${pkgs.coreutils}/bin/true"; + # Provide a login prompt on /var/lib/login.socket. On the host, # you can connect to it by running ‘socat # unix:/var/lib/login.socket -,echo=0,raw’. From 16bba2db2ef9fd42a5f1f3517bdd33c217fe3c26 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 17:11:59 +0200 Subject: [PATCH 62/94] Use "machinectl poweroff" to shut down containers --- nixos/modules/virtualisation/containers.nix | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 065c4dc50d23..4ce113f10ee8 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -233,20 +233,7 @@ in preStop = '' - pid="$(cat /sys/fs/cgroup/systemd/machine/$INSTANCE.nspawn/system/tasks 2> /dev/null)" - if [ -n "$pid" ]; then - # Send the RTMIN+3 signal, which causes the container - # systemd to start halt.target. - echo "killing container systemd, PID = $pid" - kill -RTMIN+3 $pid - # Wait for the container to exit. We can't let systemd - # do this because it will send a signal to the entire - # cgroup. - for ((n = 0; n < 180; n++)); do - if ! kill -0 $pid 2> /dev/null; then break; fi - sleep 1 - done - fi + machinectl poweroff "$INSTANCE" ''; restartIfChanged = false; From fec3bc85a686bce8b1c9405b88ff3fbc7dd69344 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 17:32:24 +0200 Subject: [PATCH 63/94] postgresql: Use systemd's new "mixed" kill mode "Mixed" mode sends the initial SIGINT only to the main process, but sends the SIGKILL after the time-out expires to the entire cgroup. --- nixos/modules/services/databases/postgresql.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 2960ad913629..ad83cb553e1d 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -215,7 +215,7 @@ in # Shut down Postgres using SIGINT ("Fast Shutdown mode"). See # http://www.postgresql.org/docs/current/static/server-shutdown.html KillSignal = "SIGINT"; - KillMode = "process"; # FIXME: this may cause processes to be left behind in the cgroup even after the final SIGKILL + KillMode = "mixed"; # Give Postgres a decent amount of time to clean up after # receiving systemd's SIGINT. From 85fdaed9debd63624729d34cdc9ba4d8aa8cb689 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 17:37:47 +0200 Subject: [PATCH 64/94] ssh-agent: Tweaks --- nixos/modules/programs/ssh.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 005c77d255cb..fdb9dfd4b8c2 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -91,9 +91,12 @@ in description = "SSH Agent"; wantedBy = [ "default.target" ]; serviceConfig = - { ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent"; + { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent"; + ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent"; + StandardOutput = "null"; Type = "forking"; Restart = "on-failure"; + SuccessExitStatus = "0 2"; }; }; From 1e540af43bce0e23d72b338f5c8359e73ae49f38 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 17:38:06 +0200 Subject: [PATCH 65/94] Fix broken upstream user unit symlinks --- nixos/modules/system/boot/systemd.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 20748f9c3eb5..f5d73ba665e9 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -379,7 +379,12 @@ let fn=${systemd}/example/systemd/${type}/$i if ! [ -e $fn ]; then echo "missing $fn"; false; fi if [ -L $fn ]; then - cp -pd $fn $out/ + target="$(readlink "$fn")" + if [ ''${target:0:3} = ../ ]; then + ln -s "$(readlink -f "$fn")" $out/ + else + cp -pd $fn $out/ + fi else ln -s $fn $out/ fi From 48d90cf3b67d01dd7812ed62dfb916905e34e13a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 18:37:07 +0200 Subject: [PATCH 66/94] Revert "Put /nix/var/nix/{temproots,userpool} on a tmpfs" This reverts commit dd49094a25057211d77a3dc4d075a749db748139. Nix barfs if /nix/var/nix/temproots is a symlink :-( --- nixos/modules/services/misc/nix-daemon.nix | 9 +++------ nixos/modules/system/boot/stage-2-init.sh | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 171fd08f1e1d..4bfd6268234d 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -336,13 +336,13 @@ in # Nix initialisation. mkdir -m 0755 -p \ /nix/var/nix/gcroots \ + /nix/var/nix/temproots \ /nix/var/nix/manifests \ + /nix/var/nix/userpool \ /nix/var/nix/profiles \ /nix/var/nix/db \ /nix/var/log/nix/drvs \ - /nix/var/nix/channel-cache \ - /run/nix/temproots \ - /run/nix/userpool + /nix/var/nix/channel-cache mkdir -m 1777 -p \ /nix/var/nix/gcroots/per-user \ /nix/var/nix/profiles/per-user \ @@ -350,9 +350,6 @@ in ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/ ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/ - - [ -d /nix/var/nix/temproots ] || ln -sfn /run/nix/temproots /nix/var/nix/temproots - [ -d /nix/var/nix/userpool ] || ln -sfn /run/nix/userpool /nix/var/nix/userpool ''; }; diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 5be38725ab72..cee9db091c14 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -106,7 +106,7 @@ fi # Also get rid of temporary GC roots. -rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots /nix/var/nix/userpool +rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots # Create a tmpfs on /run to hold runtime state for programs such as From 02b936189cb9cc5c2e33eae686bd95ccb2995196 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 18:45:20 +0200 Subject: [PATCH 67/94] Improve gpm service --- nixos/modules/services/ttys/gpm.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/ttys/gpm.nix b/nixos/modules/services/ttys/gpm.nix index 12fe4e2f84f1..eda062494288 100644 --- a/nixos/modules/services/ttys/gpm.nix +++ b/nixos/modules/services/ttys/gpm.nix @@ -40,12 +40,15 @@ in config = mkIf cfg.enable { - jobs.gpm = - { description = "General purpose mouse"; + systemd.services.gpm = + { description = "Console Mouse Daemon"; - startOn = "started udev"; + wantedBy = [ "multi-user.target" ]; + after = [ "systemd-udev-settle.service" ]; - exec = "${pkgs.gpm}/sbin/gpm -m /dev/input/mice -t ${cfg.protocol} -D &>/dev/null"; + serviceConfig.ExecStart = "@${pkgs.gpm}/sbin/gpm gpm -m /dev/input/mice -t ${cfg.protocol}"; + serviceConfig.Type = "forking"; + serviceConfig.PIDFile = "/run/gpm.pid"; }; }; From 313c38d5f1aeda1b065ba9b15380918ebd771c99 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 18:45:46 +0200 Subject: [PATCH 68/94] switch-to-configuration: Handle systemctl output change --- nixos/modules/system/activation/switch-to-configuration.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index 13bd0b60f820..f8c1ab12ebfa 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -65,12 +65,12 @@ $SIG{PIPE} = "IGNORE"; sub getActiveUnits { # FIXME: use D-Bus or whatever to query this, since parsing the # output of list-units is likely to break. - my $lines = `@systemd@/bin/systemctl list-units --full`; + my $lines = `LANG= @systemd@/bin/systemctl list-units --full`; my $res = {}; foreach my $line (split '\n', $lines) { chomp $line; last if $line eq ""; - $line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next; + $line =~ /^\*?\s*(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next; next if $1 eq "UNIT"; $res->{$1} = { load => $2, state => $3, substate => $4 }; } From 465d6ff5722cf1c9b7e58793ed50c5bc750c5098 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 19:03:50 +0200 Subject: [PATCH 69/94] Set $LOCALE_ARCHIVE in all systemd units This variable used to be inherited implicitly from the stage-2 script, but systemd now clears the environment. So we need to set it explicitly. --- nixos/modules/config/i18n.nix | 7 ++++++- nixos/modules/programs/environment.nix | 3 +-- nixos/modules/services/networking/ssh/sshd.nix | 1 - 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix index dd5e0ae25509..8182b8ae8081 100644 --- a/nixos/modules/config/i18n.nix +++ b/nixos/modules/config/i18n.nix @@ -76,7 +76,12 @@ in environment.systemPackages = [ glibcLocales ]; - environment.variables.LANG = config.i18n.defaultLocale; + environment.variables = + { LANG = config.i18n.defaultLocale; + LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; + }; + + systemd.globalEnvironment.LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive"; # ‘/etc/locale.conf’ is used by systemd. environment.etc = singleton diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 831c04f1ad86..aa9aec078342 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -17,8 +17,7 @@ in config = { environment.variables = - { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; - LOCATE_PATH = "/var/cache/locatedb"; + { LOCATE_PATH = "/var/cache/locatedb"; NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix"; NIX_PATH = [ "/nix/var/nix/profiles/per-user/root/channels/nixos" diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 5bc140ca242a..b66ccb87120c 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -258,7 +258,6 @@ in path = [ pkgs.openssh pkgs.gawk ]; environment.LD_LIBRARY_PATH = nssModulesPath; - environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; preStart = '' From 232a9caa9680db0d084504a43c334e2e583a8cd9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 19:34:45 +0200 Subject: [PATCH 70/94] Fix predictable network interface naming In current systemd, this has been moved to systemd-network, which we're not using yet. So revive the old udev rules from systemd 203. --- .../services/hardware/80-net-name-slot.rules | 13 +++++++++++++ nixos/modules/services/hardware/udev.nix | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 nixos/modules/services/hardware/80-net-name-slot.rules diff --git a/nixos/modules/services/hardware/80-net-name-slot.rules b/nixos/modules/services/hardware/80-net-name-slot.rules new file mode 100644 index 000000000000..18547f170a3f --- /dev/null +++ b/nixos/modules/services/hardware/80-net-name-slot.rules @@ -0,0 +1,13 @@ +# Copied from systemd 203. +ACTION=="remove", GOTO="net_name_slot_end" +SUBSYSTEM!="net", GOTO="net_name_slot_end" +NAME!="", GOTO="net_name_slot_end" + +IMPORT{cmdline}="net.ifnames" +ENV{net.ifnames}=="0", GOTO="net_name_slot_end" + +NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}" +NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}" +NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}" + +LABEL="net_name_slot_end" diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 169a2e884147..507752dabcf7 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -83,8 +83,8 @@ let grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true done - ${optionalString (!config.networking.usePredictableInterfaceNames) '' - ln -s /dev/null $out/80-net-name-slot.rules + ${optionalString config.networking.usePredictableInterfaceNames '' + cp ${./80-net-name-slot.rules} $out/80-net-name-slot.rules ''} # If auto-configuration is disabled, then remove From febb15f72219e334e07adc094fbeefadf0e2deb9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 19:37:15 +0200 Subject: [PATCH 71/94] systemd: Enable keeping backlight / rfkill state across reboots --- nixos/modules/system/boot/systemd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index f5d73ba665e9..ffa6d76481dc 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -109,6 +109,8 @@ let # Maintaining state across reboots. "systemd-random-seed.service" + "systemd-backlight@.service" + "systemd-rfkill@.service" # Hibernate / suspend. "hibernate.target" From 01216884242c0322efa20fd727ad1b55e8489dff Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 20:23:27 +0200 Subject: [PATCH 72/94] gpm: Better start condition --- nixos/modules/services/ttys/gpm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/ttys/gpm.nix b/nixos/modules/services/ttys/gpm.nix index eda062494288..03b0f39824d0 100644 --- a/nixos/modules/services/ttys/gpm.nix +++ b/nixos/modules/services/ttys/gpm.nix @@ -44,7 +44,7 @@ in { description = "Console Mouse Daemon"; wantedBy = [ "multi-user.target" ]; - after = [ "systemd-udev-settle.service" ]; + requires = [ "getty.target" ]; serviceConfig.ExecStart = "@${pkgs.gpm}/sbin/gpm gpm -m /dev/input/mice -t ${cfg.protocol}"; serviceConfig.Type = "forking"; From 5ee5aa1b909595133280580c9b2f0c32189e8894 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 20:47:31 +0200 Subject: [PATCH 73/94] Make "nixos-container login" an alias of "machinectl login" --- .../virtualisation/container-config.nix | 31 ++----------------- .../modules/virtualisation/nixos-container.pl | 2 +- 2 files changed, 4 insertions(+), 29 deletions(-) diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index 35f8a03f1923..76e4b5612184 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -13,34 +13,9 @@ with lib; # Shut up warnings about not having a boot loader. system.build.installBootLoader = "${pkgs.coreutils}/bin/true"; - # Provide a login prompt on /var/lib/login.socket. On the host, - # you can connect to it by running ‘socat - # unix:/var/lib/login.socket -,echo=0,raw’. - systemd.sockets.login = - { description = "Login Socket"; - wantedBy = [ "sockets.target" ]; - socketConfig = - { ListenStream = "/var/lib/login.socket"; - SocketMode = "0666"; - Accept = true; - }; - }; - - systemd.services."login@" = - { description = "Login %i"; - environment.TERM = "linux"; - serviceConfig = - { Type = "simple"; - StandardInput = "socket"; - ExecStart = "${pkgs.socat}/bin/socat -t0 - exec:${pkgs.shadow}/bin/login,pty,setsid,setpgid,stderr,ctty"; - TimeoutStopSec = 1; # FIXME - }; - restartIfChanged = false; - }; - - # Also provide a root login prompt on /var/lib/root-login.socket - # that doesn't ask for a password. This socket can only be used by - # root on the host. + # Provide a root login prompt on /var/lib/root-login.socket that + # doesn't ask for a password. This socket can only be used by root + # on the host. systemd.sockets.root-login = { description = "Root Login Socket"; wantedBy = [ "sockets.target" ]; diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl index f04b2b3e74e2..2fd41a340962 100644 --- a/nixos/modules/virtualisation/nixos-container.pl +++ b/nixos/modules/virtualisation/nixos-container.pl @@ -203,7 +203,7 @@ elsif ($action eq "update") { } elsif ($action eq "login") { - exec($socat, "unix:$root/var/lib/login.socket", "-,echo=0,raw"); + exec("machinectl", "login", "--", $containerName); } elsif ($action eq "root-login") { From bf841cd892c099ac674184ee31c7352cb62dad0a Mon Sep 17 00:00:00 2001 From: Mathijs Kwik Date: Fri, 18 Apr 2014 21:42:22 +0200 Subject: [PATCH 74/94] Revert "systemd: oneshot units should be allowed to restart on failure/abort" This reverts commit c1e638abb67d51320907c1245992bea4a8694c83. As pointed out by wkennington, upstream disallows all cases as of v207 --- nixos/modules/system/boot/systemd.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index ffa6d76481dc..6c6adab66e7c 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -688,8 +688,7 @@ in config = { assertions = mapAttrsToList (name: service: { - assertion = service.serviceConfig.Type or "" == "oneshot" -> - builtins.elem (service.serviceConfig.Restart or "no") ["no" "on-failure" "on-abort"]; + assertion = service.serviceConfig.Type or "" == "oneshot" -> service.serviceConfig.Restart or "no" == "no"; message = "${name}: Type=oneshot services must have Restart=no"; }) cfg.services; From 5da309fcaa2340943ad17a1bda56d37eaee78a8d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 21:06:34 +0200 Subject: [PATCH 75/94] linux: Enable SND_DYNAMIC_MINORS This is necessary if you get: kernel: Too many HDMI devices kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y --- pkgs/os-specific/linux/kernel/common-config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 5aed09105cc8..7fe6f486a601 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -114,6 +114,7 @@ with stdenv.lib; VGA_SWITCHEROO y # Sound. + SND_DYNAMIC_MINORS y SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode SND_HDA_INPUT_BEEP y # Support digital beep via input layer SND_USB_CAIAQ_INPUT y From 1d6ac39d21a5e666ecf43663a8fd4c4c7a3aeaee Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 21:39:11 +0200 Subject: [PATCH 76/94] Fix indentation --- pkgs/stdenv/generic/default.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 4ee9251f4bb8..b0031178bbd4 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -58,16 +58,14 @@ let pos' = if pos != null then "‘" + pos.file + ":" + toString pos.line + "’" else "«unknown-file»"; in if !allowUnfree && (let l = lib.lists.toList attrs.meta.license or []; in lib.lists.elem "unfree" l || lib.lists.elem "unfree-redistributable" l) then - throw ''package ‘${attrs.name}’ in ${pos'} has an unfree license, refusing to evaluate. - You can set - { nixpkgs.config.allowUnfree = true; } - in configuration.nix to override this. - If you use Nix standalone, you can add - { config.allowUnfree = true; } - to ~/.nixpkgs/config.nix or pass - --arg config '{ allowUnfree = true; }' - on the command line. - '' + throw '' + Package ‘${attrs.name}’ in ${pos'} has an unfree license, refusing to evaluate. You can set + { nixpkgs.config.allowUnfree = true; } + in configuration.nix to override this. If you use Nix standalone, you can add + { config.allowUnfree = true; } + to ~/.nixpkgs/config.nix or pass + --arg config '{ allowUnfree = true; }' + on the command line.'' else if !allowBroken && attrs.meta.broken or false then throw "you can't use package ‘${attrs.name}’ in ${pos'} because it has been marked as broken" else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem result.system attrs.meta.platforms then From 1c21456a67a77acba699b7b4d83ac3f4c8418d7f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 21:39:31 +0200 Subject: [PATCH 77/94] xorg-server: Update to 1.14.6 --- pkgs/servers/x11/xorg/default.nix | 6 +++--- pkgs/servers/x11/xorg/tarballs-7.7.list | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 0ec14c8d62cd..c341cd691501 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -1960,11 +1960,11 @@ let })) // {inherit ;}; xorgserver = (stdenv.mkDerivation ((if overrides ? xorgserver then overrides.xorgserver else x: x) { - name = "xorg-server-1.14.5"; + name = "xorg-server-1.14.6"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2; - sha256 = "1lb1fkscy7nwnabfj0d2shvxga16i047g11if18plj0n2jzhc3wd"; + url = mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2; + sha256 = "0c57vp1z0p38dj5gfipkmlw6bvbz1mrr0sb3sbghdxxdyq4kzcz8"; }; buildInputs = [pkgconfig renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ]; })) // {inherit renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ;}; diff --git a/pkgs/servers/x11/xorg/tarballs-7.7.list b/pkgs/servers/x11/xorg/tarballs-7.7.list index a3faf2569264..74aa31ea9356 100644 --- a/pkgs/servers/x11/xorg/tarballs-7.7.list +++ b/pkgs/servers/x11/xorg/tarballs-7.7.list @@ -170,7 +170,7 @@ mirror://xorg/X11R7.7/src/everything/xlsatoms-1.1.1.tar.bz2 mirror://xorg/individual/app/xlsclients-1.1.3.tar.bz2 mirror://xorg/individual/app/xmodmap-1.0.8.tar.bz2 mirror://xorg/X11R7.7/src/everything/xorg-docs-1.7.tar.bz2 -mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2 +mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2 mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2 mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2 mirror://xorg/individual/app/xprop-1.2.2.tar.bz2 From 660d38e838855850528ba74d8a38be8a8dedc15c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 18 Apr 2014 21:41:28 +0200 Subject: [PATCH 78/94] nvidia-x11: Update to 331.67 --- pkgs/os-specific/linux/nvidia-x11/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 74863496a0f7..2eb5c7e480a2 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -12,7 +12,7 @@ assert (!libsOnly) -> kernel != null; let - versionNumber = "331.49"; + versionNumber = "331.67"; in @@ -27,12 +27,12 @@ stdenv.mkDerivation { if stdenv.system == "i686-linux" then fetchurl { url = "http://us.download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}.run"; - sha256 = "00d7bq8cfxk52qd4y226fz8m9m3mjq45fbgr3q7k08jyy9qmswmn"; + sha256 = "1imc66yxnm01i58xwqrwqc612h0rhdz8x170hqr2pjyk99bllsv9"; } else if stdenv.system == "x86_64-linux" then fetchurl { url = "http://us.download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}-no-compat32.run"; - sha256 = "0q3lvl1lypi33i847nqz4k3161ackh2n9kgyjn6v2c480f405hfk"; + sha256 = "0qxd4jd25ymcr6w97f71kfn549x6wgg4g3vixd3sqlczknn85f47"; } else throw "nvidia-x11 does not support platform ${stdenv.system}"; From e7ab051cda36caefee79209be32d3f298ee0e6a4 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 10:13:46 +0200 Subject: [PATCH 79/94] Disable predictable interface names in tests Apparently systemd is now smart enough to figure out predictable names for QEMU network interfaces. But since our tests expect them to be named eth0/eth1..., this is not desirable at the moment. http://hydra.nixos.org/build/10418789 --- nixos/modules/virtualisation/qemu-vm.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 3152a2274182..6605b94439bc 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -402,6 +402,8 @@ in # Speed up booting by not waiting for ARP. networking.dhcpcd.extraConfig = "noarp"; + networking.usePredictableInterfaceNames = false; + system.requiredKernelConfig = with config.lib.kernelConfig; [ (isEnabled "VIRTIO_BLK") (isEnabled "VIRTIO_PCI") From a8aa9f3fd4e6a6e53be4dc8429f4bf876715cda7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 10:53:05 +0200 Subject: [PATCH 80/94] setuid-wrapper.c: Remove tabs --- nixos/modules/security/setuid-wrapper.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nixos/modules/security/setuid-wrapper.c b/nixos/modules/security/setuid-wrapper.c index 007ffbc34fe9..dd1ef51019f3 100644 --- a/nixos/modules/security/setuid-wrapper.c +++ b/nixos/modules/security/setuid-wrapper.c @@ -31,7 +31,7 @@ int main(int argc, char * * argv) false `X.real' file, to allow arbitrary programs from being executed setuid. */ assert ((strncmp(self, wrapperDir, sizeof(wrapperDir)) == 0) && - (self[strlen(wrapperDir)] == '/')); + (self[strlen(wrapperDir)] == '/')); /* Make *really* *really* sure that we were executed as `self', and not, say, as some other setuid program. That is, our @@ -42,12 +42,12 @@ int main(int argc, char * * argv) assert (lstat(self, &st) != -1); //printf("%d %d\n", st.st_uid, st.st_gid); - + assert ((st.st_mode & S_ISUID) == 0 || - (st.st_uid == geteuid())); + (st.st_uid == geteuid())); assert ((st.st_mode & S_ISGID) == 0 || - st.st_gid == getegid()); + st.st_gid == getegid()); /* And, of course, we shouldn't be writable. */ assert (!(st.st_mode & (S_IWGRP | S_IWOTH))); @@ -69,13 +69,13 @@ int main(int argc, char * * argv) real[len] = 0; close(fdSelf); - + //printf("real = %s, len = %d\n", real, len); execve(real, argv, environ); fprintf(stderr, "%s: cannot run `%s': %s\n", argv[0], real, strerror(errno)); - + exit(1); } From b80e6b27c78d5cf4177f8e30b4a3285598d93d59 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 10:53:17 +0200 Subject: [PATCH 81/94] setuid-wrapper: Drop runtime dependency on setuid-wrapper.c --- nixos/modules/security/setuid-wrappers.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/modules/security/setuid-wrappers.nix b/nixos/modules/security/setuid-wrappers.nix index 109e61df79e6..450fed73658b 100644 --- a/nixos/modules/security/setuid-wrappers.nix +++ b/nixos/modules/security/setuid-wrappers.nix @@ -9,10 +9,11 @@ let setuidWrapper = pkgs.stdenv.mkDerivation { name = "setuid-wrapper"; buildCommand = '' - ensureDir $out/bin + mkdir -p $out/bin + cp ${./setuid-wrapper.c} setuid-wrapper.c gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \ - ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper - strip -s $out/bin/setuid-wrapper + setuid-wrapper.c -o $out/bin/setuid-wrapper + strip -S $out/bin/setuid-wrapper ''; }; From fa1a46a01cab1e6c0c594ced17dedf68b0cd39a7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 10:58:30 +0200 Subject: [PATCH 82/94] setuid-wrapper: Fix broken string comparison --- nixos/modules/security/setuid-wrapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/security/setuid-wrapper.c b/nixos/modules/security/setuid-wrapper.c index dd1ef51019f3..ffd0b65b7629 100644 --- a/nixos/modules/security/setuid-wrapper.c +++ b/nixos/modules/security/setuid-wrapper.c @@ -30,7 +30,7 @@ int main(int argc, char * * argv) creating hard link `X' from some other location, along with a false `X.real' file, to allow arbitrary programs from being executed setuid. */ - assert ((strncmp(self, wrapperDir, sizeof(wrapperDir)) == 0) && + assert ((strncmp(self, wrapperDir, strlen(wrapperDir)) == 0) && (self[strlen(wrapperDir)] == '/')); /* Make *really* *really* sure that we were executed as `self', From 2a64b0a91b34f37328e4d6138744eef979314d9a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 12:34:59 +0200 Subject: [PATCH 83/94] Shut up warning about resolv.conf missing --- nixos/modules/system/boot/stage-2-init.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index cee9db091c14..57f85674c5b4 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -144,6 +144,8 @@ fi # Use /etc/resolv.conf supplied by systemd-nspawn, if applicable. if [ -n "@useHostResolvConf@" -a -e /etc/resolv.conf ]; then cat /etc/resolv.conf | resolvconf -m 1000 -a host +else + touch /etc/resolv.conf fi From 9f1c9404da858eb6347493190e40e59c7f81f2c8 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 12:40:09 +0200 Subject: [PATCH 84/94] Put /var/setuid-wrappers on a tmpfs This allows all other filesystems to be mounted without the suid option. --- nixos/modules/security/setuid-wrappers.nix | 3 +-- nixos/modules/system/boot/stage-2-init.sh | 8 +++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/nixos/modules/security/setuid-wrappers.nix b/nixos/modules/security/setuid-wrappers.nix index 450fed73658b..4cdc1023baab 100644 --- a/nixos/modules/security/setuid-wrappers.nix +++ b/nixos/modules/security/setuid-wrappers.nix @@ -117,8 +117,7 @@ in # programs to be wrapped. SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin - if test -d ${wrapperDir}; then rm -f ${wrapperDir}/*; fi # */ - mkdir -p ${wrapperDir} + rm -f ${wrapperDir}/* # */ ${concatMapStrings makeSetuidWrapper setuidPrograms} ''; diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 57f85674c5b4..a64c6cdfa191 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -82,7 +82,7 @@ done # More special file systems, initialise required directories. mkdir -m 0755 /dev/shm -mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" tmpfs /dev/shm +mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" none /dev/shm mkdir -m 0755 -p /dev/pts [ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # UML doesn't have USB by default mkdir -m 01777 -p /tmp @@ -149,6 +149,12 @@ else fi +# Create /var/setuid-wrappers as a tmpfs. +rm -rf /var/setuid-wrappers +mkdir -m 0755 -p /var/setuid-wrappers +mount -t tmpfs -o "mode=0755" none /var/setuid-wrappers + + # Run the script that performs all configuration activation that does # not have to be done at boot time. echo "running activation script..." From b03a2f9e9022f3e56bcf935eaa8d385bd1e5b374 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 13:02:13 +0200 Subject: [PATCH 85/94] Set personality when running a 32-bit container on a 64-bit host --- nixos/modules/system/activation/top-level.nix | 1 + nixos/modules/virtualisation/containers.nix | 13 ++++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index a4a0d14df6ab..7cdaecce198e 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -68,6 +68,7 @@ let echo -n "$configurationName" > $out/configuration-name echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version echo -n "$nixosVersion" > $out/nixos-version + echo -n "$system" > $out/system mkdir $out/fine-tune childCount=0 diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 4ce113f10ee8..4fca872d72eb 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -176,7 +176,6 @@ in "/nix/var/nix/profiles/per-container/$INSTANCE" \ "/nix/var/nix/gcroots/per-container/$INSTANCE" - SYSTEM_PATH=/nix/var/nix/profiles/system if [ -f "/etc/containers/$INSTANCE.conf" ]; then . "/etc/containers/$INSTANCE.conf" fi @@ -212,14 +211,22 @@ in extraFlags="--capability=CAP_NET_ADMIN" fi + # If the host is 64-bit and the container is 32-bit, add a + # --personality flag. + ${optionalString (config.nixpkgs.system == "x86_64-linux") '' + if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then + extraFlags+=" --personality=x86" + fi + ''} + exec $runInNetNs ${config.systemd.package}/bin/systemd-nspawn \ - -M "$INSTANCE" -D "/var/lib/containers/$INSTANCE" $extraFlags \ + -M "$INSTANCE" -D "$root" $extraFlags \ --bind-ro=/nix/store \ --bind-ro=/nix/var/nix/db \ --bind-ro=/nix/var/nix/daemon-socket \ --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \ --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \ - "$SYSTEM_PATH/init" + "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init" ''; postStart = From 82535e0f8fc485db52ff976b9ef7d11096a8dfa3 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 14:28:33 +0200 Subject: [PATCH 86/94] switch-to-configuration: Check overrides.conf for X-* options --- .../system/activation/switch-to-configuration.pl | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index f8c1ab12ebfa..4cea0c5910c4 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -96,18 +96,19 @@ sub parseFstab { sub parseUnit { my ($filename) = @_; - parseKeyValues(read_file($filename)); + my $info = {}; + parseKeyValues($info, read_file($filename)); + parseKeyValues($info, read_file("${filename}.d/overrides.conf")) if -f "${filename}.d/overrides.conf"; + return $info; } sub parseKeyValues { - my @lines = @_; - my $info = {}; + my $info = shift; foreach my $line (@_) { # FIXME: not quite correct. $line =~ /^([^=]+)=(.*)$/ or next; $info->{$1} = $2; } - return $info; } sub boolIsTrue { @@ -362,7 +363,8 @@ while (my ($unit, $state) = each %{$activeNew}) { elsif ($state->{state} eq "auto-restart") { # A unit in auto-restart state is a failure *if* it previously failed to start my $lines = `@systemd@/bin/systemctl show '$unit'`; - my $info = parseKeyValues(split "\n", $lines); + my $info = {}; + parseKeyValues($info, split("\n", $lines)); if ($info->{ExecMainStatus} ne '0') { push @failed, $unit; From fa9ed04997cc07d0782b79ec1929af2ac24e0045 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 14:29:02 +0200 Subject: [PATCH 87/94] Restart polkit if its configuration may have changed --- nixos/modules/security/polkit.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index 054d39c47853..5933cdc0cec3 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -63,6 +63,9 @@ in systemd.packages = [ pkgs.polkit ]; + systemd.services.polkit.restartTriggers = [ config.system.path ]; + systemd.services.polkit.unitConfig.X-StopIfChanged = false; + # The polkit daemon reads action/rule files environment.pathsToLink = [ "/share/polkit-1" ]; From 894e2dfb258bfefb4080c89f94ac6cf253174ec6 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 14:37:05 +0200 Subject: [PATCH 88/94] Add a test for udisks2 --- nixos/release-combined.nix | 1 + nixos/release.nix | 1 + nixos/tests/udisks2.nix | 56 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 nixos/tests/udisks2.nix diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index 741ab62bbc03..32f523750004 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -61,6 +61,7 @@ in rec { (all nixos.tests.printing) (all nixos.tests.proxy) (all nixos.tests.udisks) + (all nixos.tests.udisks2) (all nixos.tests.xfce) nixpkgs.tarball diff --git a/nixos/release.nix b/nixos/release.nix index 45c37570c1ba..4a10ff39ed0c 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -245,6 +245,7 @@ in rec { tests.simple = callTest tests/simple.nix {}; tests.tomcat = callTest tests/tomcat.nix {}; tests.udisks = callTest tests/udisks.nix {}; + tests.udisks2 = callTest tests/udisks2.nix {}; tests.xfce = callTest tests/xfce.nix {}; } diff --git a/nixos/tests/udisks2.nix b/nixos/tests/udisks2.nix new file mode 100644 index 000000000000..e0c57d7c34d6 --- /dev/null +++ b/nixos/tests/udisks2.nix @@ -0,0 +1,56 @@ +import ./make-test.nix ({ pkgs, ... }: + +let + + stick = pkgs.fetchurl { + url = http://nixos.org/~eelco/nix/udisks-test.img.xz; + sha256 = "0was1xgjkjad91nipzclaz5biv3m4b2nk029ga6nk7iklwi19l8b"; + }; + +in + +{ + + machine = + { config, pkgs, ... }: + { services.udisks2.enable = true; + imports = [ ./common/user-account.nix ]; + + security.polkit.extraConfig = + '' + polkit.addRule(function(action, subject) { + if (subject.user == "alice") return "yes"; + }); + ''; + }; + + testScript = + '' + my $stick = $machine->stateDir . "/usbstick.img"; + system("xz -d < ${stick} > $stick") == 0 or die; + + $machine->succeed("udisksctl info -b /dev/vda >&2"); + $machine->fail("udisksctl info -b /dev/sda1"); + + # Attach a USB stick and wait for it to show up. + $machine->sendMonitorCommand("usb_add disk:$stick"); + $machine->waitUntilSucceeds("udisksctl info -b /dev/sda1"); + $machine->succeed("udisksctl info -b /dev/sda1 | grep 'IdLabel:.*USBSTICK'"); + + # Mount the stick as a non-root user and do some stuff with it. + $machine->succeed("su - alice -c 'udisksctl info -b /dev/sda1'"); + $machine->succeed("su - alice -c 'udisksctl mount -b /dev/sda1'"); + $machine->succeed("su - alice -c 'cat /run/media/alice/USBSTICK/test.txt'") =~ /Hello World/ or die; + $machine->succeed("su - alice -c 'echo foo > /run/media/alice/USBSTICK/bar.txt'"); + + # Unmounting the stick should make the mountpoint disappear. + $machine->succeed("su - alice -c 'udisksctl unmount -b /dev/sda1'"); + $machine->fail("[ -d /run/media/alice/USBSTICK ]"); + + # Remove the USB stick. + $machine->sendMonitorCommand("usb_del 0.3"); # FIXME + $machine->waitUntilFails("udisksctl info -b /dev/sda1"); + $machine->fail("[ -e /dev/sda ]"); + ''; + +}) From 18a7ce76fcf80389bc8db2dd3e961a74637b5162 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 14:41:21 +0200 Subject: [PATCH 89/94] Enable udisks2 by default The ability for unprivileged users to mount external media is useful regardless of the desktop environment. Also, since udisks2 is activated on-demand, it doesn't add any overhead if you're not using it. --- nixos/modules/services/hardware/udisks2.nix | 2 +- nixos/modules/virtualisation/container-config.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix index 0f61f20c33c3..f5b641c7378b 100644 --- a/nixos/modules/services/hardware/udisks2.nix +++ b/nixos/modules/services/hardware/udisks2.nix @@ -14,7 +14,7 @@ with lib; enable = mkOption { type = types.bool; - default = false; + default = true; description = '' Whether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices. diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index 76e4b5612184..195a8056bf82 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -6,7 +6,9 @@ with lib; config = mkIf config.boot.isContainer { + # Disable some features that are not useful in a container. sound.enable = mkDefault false; + services.udisks2.enable = mkDefault false; networking.useHostResolvConf = true; From 4fb50f071f18279048bfd67267146aaec379e01d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 22:59:25 +0200 Subject: [PATCH 90/94] Manual: Typo fixes --- nixos/doc/manual/configuration.xml | 2 +- nixos/modules/services/web-servers/apache-httpd/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/doc/manual/configuration.xml b/nixos/doc/manual/configuration.xml index 1dff9d2f21e5..0ffee826dc49 100644 --- a/nixos/doc/manual/configuration.xml +++ b/nixos/doc/manual/configuration.xml @@ -935,7 +935,7 @@ environment.systemPackages = [ (import ./my-hello.nix) ]; where my-hello.nix contains: -with <nixpkgs> {}; # bring all of Nixpkgs into scope +with import <nixpkgs> {}; # bring all of Nixpkgs into scope stdenv.mkDerivation rec { name = "hello-2.8"; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index eced13444de2..75ec6671d156 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -450,7 +450,7 @@ in extraModules = mkOption { type = types.listOf types.unspecified; default = []; - example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${php}/modules/libphp5.so"; } ]''; + example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${pkgs.php}/modules/libphp5.so"; } ]''; description = '' Additional Apache modules to be used. These can be specified as a string in the case of modules distributed From 0a256cc0ee45f3766e68ec29b03a50731ca64ae0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sat, 19 Apr 2014 23:02:59 +0200 Subject: [PATCH 91/94] Firewall: Only start if we have CAP_NET_ADMIN --- nixos/modules/services/networking/firewall.nix | 17 +++++++++++------ pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index e604ba23b87f..42914bfe5d62 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -18,8 +18,6 @@ */ - - { config, lib, pkgs, ... }: with lib; @@ -266,16 +264,23 @@ in message = "This kernel does not support disabling conntrack helpers"; } ]; - jobs.firewall = + systemd.services.firewall = { description = "Firewall"; - startOn = "started network-interfaces"; + wantedBy = [ "network.target" ]; + after = [ "network-interfaces.target" "systemd-modules-load.service" ]; path = [ pkgs.iptables ]; - after = [ "systemd-modules-load.service" ]; + # FIXME: this module may also try to load kernel modules, but + # containers don't have CAP_SYS_MODULE. So the host system had + # better have all necessary modules already loaded. + unitConfig.ConditionCapability = "CAP_NET_ADMIN"; - preStart = + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + + script = '' ${helpers} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0d81df6c31d5..39da338126f0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9927,7 +9927,7 @@ let hsetroot = callPackage ../tools/X11/hsetroot { }; - kde4 = recurseIntoAttrs pkgs.kde411; + kde4 = recurseIntoAttrs pkgs.kde412; kde4_next = recurseIntoAttrs( lib.lowPrioSet pkgs.kde412 ); From 37d5e9c45596c2c12e2982cb1a87389dcaea7c75 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 20 Apr 2014 01:53:11 +0200 Subject: [PATCH 92/94] Temporary fix for installer tests http://hydra.nixos.org/build/10455979 --- nixos/modules/services/x11/desktop-managers/kde4.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix index c70dbf3b911d..26b0612671c4 100644 --- a/nixos/modules/services/x11/desktop-managers/kde4.nix +++ b/nixos/modules/services/x11/desktop-managers/kde4.nix @@ -159,7 +159,7 @@ in # Enable helpful DBus services. services.udisks.enable = ! wantsUdisks2; - services.udisks2.enable = wantsUdisks2; + services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; security.pam.services.kde = { allowNullPassword = true; }; From 2fbb9aba43033ab32157513af85f812cd8c95782 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 20 Apr 2014 01:56:11 +0200 Subject: [PATCH 93/94] Fix the installer test http://hydra.nixos.org/build/10419676 --- nixos/modules/testing/test-instrumentation.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 7b4e5a8cac06..9100a433cd63 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -86,6 +86,8 @@ let kernel = config.boot.kernelPackages.kernel; in (isEnabled "VIRTIO_CONSOLE") ]; + networking.usePredictableInterfaceNames = false; + }; } From a0c0dfb6471506a1c4b98c8b6ec7a31271025573 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Sun, 20 Apr 2014 19:29:53 +0200 Subject: [PATCH 94/94] Revert accidental change --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 39da338126f0..0d81df6c31d5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9927,7 +9927,7 @@ let hsetroot = callPackage ../tools/X11/hsetroot { }; - kde4 = recurseIntoAttrs pkgs.kde412; + kde4 = recurseIntoAttrs pkgs.kde411; kde4_next = recurseIntoAttrs( lib.lowPrioSet pkgs.kde412 );